cobaltstrike | f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 20:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
Size

6.0MB
MD5

5b87b276f769126557b59471524a7ca5
SHA1

33d8b85b4136e52ae73dc28dc43b55007efeb711
SHA256

f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9
SHA512

f4bf121c3715b1cce2c2f0823e2d1fc15674432a75e985906dcd95126c1643b5e145879df5f13ca48d5c69a6a8777470ad33ceb345baf1bff1e19df81aa9e1b5
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUq:eOl56utgpPF8u/7q

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0009000000012255-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000170f8-12.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001756b-10.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001756e-28.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-34.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d69-42.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000186b7-53.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018f85-57.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-60.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-112.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fd4-172.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fdd-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-102.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-107.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-97.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-83.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-87.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-77.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-73.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-67.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2808-0-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x0009000000012255-3.dat	xmrig
behavioral1/files/0x00080000000170f8-12.dat	xmrig
behavioral1/memory/792-15-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/652-11-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/files/0x000700000001756b-10.dat	xmrig
behavioral1/files/0x000700000001756e-28.dat	xmrig
behavioral1/memory/2116-29-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2332-22-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2808-39-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2508-35-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2904-45-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/files/0x0002000000018334-34.dat	xmrig
behavioral1/memory/652-44-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d69-42.dat	xmrig
behavioral1/memory/2808-40-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/memory/2332-49-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/files/0x00080000000186b7-53.dat	xmrig
behavioral1/files/0x0008000000018f85-57.dat	xmrig
behavioral1/files/0x00050000000195bb-60.dat	xmrig
behavioral1/files/0x00050000000195c7-90.dat	xmrig
behavioral1/files/0x0005000000019761-112.dat	xmrig
behavioral1/files/0x00050000000197fd-117.dat	xmrig
behavioral1/files/0x0005000000019820-122.dat	xmrig
behavioral1/files/0x0005000000019bf5-130.dat	xmrig
behavioral1/files/0x0005000000019d62-157.dat	xmrig
behavioral1/files/0x0005000000019d6d-162.dat	xmrig
behavioral1/files/0x0005000000019fd4-172.dat	xmrig
behavioral1/memory/792-1315-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2332-1314-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/652-1313-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2116-1317-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2508-1318-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/files/0x0005000000019fdd-177.dat	xmrig
behavioral1/files/0x0005000000019e92-167.dat	xmrig
behavioral1/files/0x0005000000019d61-153.dat	xmrig
behavioral1/files/0x0005000000019c3c-147.dat	xmrig
behavioral1/files/0x0005000000019bf9-142.dat	xmrig
behavioral1/files/0x0005000000019bf6-137.dat	xmrig
behavioral1/files/0x000500000001998d-127.dat	xmrig
behavioral1/files/0x0005000000019643-102.dat	xmrig
behavioral1/files/0x000500000001975a-107.dat	xmrig
behavioral1/files/0x000500000001960c-97.dat	xmrig
behavioral1/files/0x00050000000195c5-83.dat	xmrig
behavioral1/files/0x00050000000195c6-87.dat	xmrig
behavioral1/files/0x00050000000195c3-77.dat	xmrig
behavioral1/files/0x00050000000195c1-73.dat	xmrig
behavioral1/files/0x00050000000195bd-67.dat	xmrig
behavioral1/memory/2724-1324-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2808-1331-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2756-1328-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2896-1350-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2904-1352-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2808-1370-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/memory/1388-1368-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/1640-1371-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2724-1376-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2756-1383-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2896-1391-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/1388-1398-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/1668-1394-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/1640-1400-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/1668-1408-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2408-1417-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
652	BNcqYMG.exe
792	qktQJrl.exe
2332	uEqdwbu.exe
2116	FfciPAb.exe
2508	BJwRaEI.exe
2904	XCXSUkt.exe
2724	gcKkamv.exe
2756	gzGyuIj.exe
2896	NCIbMta.exe
1388	wagWqWB.exe
1640	fFWSASW.exe
1668	YHLlFDb.exe
2408	aaHaQlJ.exe
2824	PuDzfCQ.exe
1760	ZMMTHRd.exe
2828	bYHETyf.exe
3068	kblHjlC.exe
2128	wsQlmJW.exe
2600	nkHWbTn.exe
3016	jxouPjE.exe
2336	OAvgJbH.exe
2416	UXUMyXh.exe
2384	RpyoVqQ.exe
632	dinzMZo.exe
1140	RKnyVTP.exe
1920	cPdMWBG.exe
2368	ERXUXkR.exe
1588	voNRRWL.exe
2644	PbZZOph.exe
2364	dPTjexq.exe
2164	tPrnIug.exe
900	ILnLElq.exe
1148	srxqWDV.exe
524	mpbhDaj.exe
1284	couRyfU.exe
1560	NiqvTLi.exe
1028	qAREshP.exe
948	Bxfjncn.exe
1304	pzETgew.exe
2296	FqnrIhE.exe
1508	CwNlwfy.exe
1780	BuPXRXo.exe
592	ywsZmEq.exe
1652	ciZSZgz.exe
2024	BzTNTej.exe
1776	mXWwLeT.exe
1656	YpIPZGZ.exe
1964	eeXRhrS.exe
912	YDteTeQ.exe
432	ebULDpi.exe
1040	ZnqhSfY.exe
672	QOHraFe.exe
1740	sqYyRQm.exe
1984	GAXtXVt.exe
2340	OsnZqLH.exe
876	sneSBQa.exe
2264	eHFESnM.exe
1720	ixUQzdN.exe
1604	nmVSiNZ.exe
3008	zNCdyKY.exe
2512	ZenBAEJ.exe
2876	VAaadhf.exe
2752	SNxiENd.exe
2952	gNkjFtS.exe

Loads dropped DLL 64 IoCs

pid	Process
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2808-0-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/files/0x0009000000012255-3.dat	upx
behavioral1/files/0x00080000000170f8-12.dat	upx
behavioral1/memory/792-15-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/652-11-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/files/0x000700000001756b-10.dat	upx
behavioral1/files/0x000700000001756e-28.dat	upx
behavioral1/memory/2116-29-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2332-22-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2808-39-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2508-35-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2904-45-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/files/0x0002000000018334-34.dat	upx
behavioral1/memory/652-44-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/files/0x0009000000016d69-42.dat	upx
behavioral1/memory/2332-49-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/files/0x00080000000186b7-53.dat	upx
behavioral1/files/0x0008000000018f85-57.dat	upx
behavioral1/files/0x00050000000195bb-60.dat	upx
behavioral1/files/0x00050000000195c7-90.dat	upx
behavioral1/files/0x0005000000019761-112.dat	upx
behavioral1/files/0x00050000000197fd-117.dat	upx
behavioral1/files/0x0005000000019820-122.dat	upx
behavioral1/files/0x0005000000019bf5-130.dat	upx
behavioral1/files/0x0005000000019d62-157.dat	upx
behavioral1/files/0x0005000000019d6d-162.dat	upx
behavioral1/files/0x0005000000019fd4-172.dat	upx
behavioral1/memory/792-1315-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2332-1314-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/652-1313-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2116-1317-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2508-1318-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/files/0x0005000000019fdd-177.dat	upx
behavioral1/files/0x0005000000019e92-167.dat	upx
behavioral1/files/0x0005000000019d61-153.dat	upx
behavioral1/files/0x0005000000019c3c-147.dat	upx
behavioral1/files/0x0005000000019bf9-142.dat	upx
behavioral1/files/0x0005000000019bf6-137.dat	upx
behavioral1/files/0x000500000001998d-127.dat	upx
behavioral1/files/0x0005000000019643-102.dat	upx
behavioral1/files/0x000500000001975a-107.dat	upx
behavioral1/files/0x000500000001960c-97.dat	upx
behavioral1/files/0x00050000000195c5-83.dat	upx
behavioral1/files/0x00050000000195c6-87.dat	upx
behavioral1/files/0x00050000000195c3-77.dat	upx
behavioral1/files/0x00050000000195c1-73.dat	upx
behavioral1/files/0x00050000000195bd-67.dat	upx
behavioral1/memory/2724-1324-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2756-1328-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2896-1350-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2904-1352-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/1388-1368-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/1640-1371-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2724-1376-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2756-1383-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2896-1391-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/1388-1398-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/1668-1394-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/1640-1400-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/1668-1408-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2408-1417-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2824-1435-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\NiqvTLi.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\TLavHfN.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\mfFXCDi.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\OgmCNkB.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\syrcGUq.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\eCwDYVg.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\kUvLFag.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\tyugvij.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\vwXyeHF.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\aWuPlTX.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\oMkQlUK.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\ryJyHKc.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\hWxUTxR.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\cnPwonF.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\oxBELTX.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\ErzMrHM.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\mljYIyL.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\PKEcEbd.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\fwGwuTd.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\KAsdNmK.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\rGnuNXC.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\sZcAEPm.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\tbvmfLY.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\JPhmtnd.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\mOcEHmg.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\VuKUxZo.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\aaGcZqd.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\oJlpytZ.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\PaqNySv.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\yxwwkZF.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\EXiQEEU.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\hlvLZaf.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\JSUHqqc.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\DbnCYbG.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\grjUIIe.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\mlhNbpb.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\vNBPyos.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\VaqDpcm.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\uxOhspg.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\tjKKqiX.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\TFsUbXW.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\maqSOfE.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\icXDfSx.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\LlTvTwT.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\fMgyGqr.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\spAzfsk.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\wHUjHUc.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\CgzTUyo.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\RcbPrjH.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\ymBiGGl.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\BbvpQZt.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\mDypGew.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\fMjhfXv.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\BtsngcD.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\gVkMGLb.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\mgWiIzP.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\ppJpHag.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\BaIOpDT.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\qysTfrs.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\CHbANxP.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\JzrOoOy.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\LyxVwwK.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\toyTmyk.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
File created	C:\Windows\System\WNxksaa.exe	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2808 wrote to memory of 652	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	30
PID 2808 wrote to memory of 652	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	30
PID 2808 wrote to memory of 652	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	30
PID 2808 wrote to memory of 792	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	31
PID 2808 wrote to memory of 792	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	31
PID 2808 wrote to memory of 792	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	31
PID 2808 wrote to memory of 2332	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	32
PID 2808 wrote to memory of 2332	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	32
PID 2808 wrote to memory of 2332	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	32
PID 2808 wrote to memory of 2116	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	33
PID 2808 wrote to memory of 2116	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	33
PID 2808 wrote to memory of 2116	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	33
PID 2808 wrote to memory of 2508	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	34
PID 2808 wrote to memory of 2508	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	34
PID 2808 wrote to memory of 2508	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	34
PID 2808 wrote to memory of 2904	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	35
PID 2808 wrote to memory of 2904	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	35
PID 2808 wrote to memory of 2904	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	35
PID 2808 wrote to memory of 2724	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	36
PID 2808 wrote to memory of 2724	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	36
PID 2808 wrote to memory of 2724	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	36
PID 2808 wrote to memory of 2756	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	37
PID 2808 wrote to memory of 2756	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	37
PID 2808 wrote to memory of 2756	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	37
PID 2808 wrote to memory of 2896	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	38
PID 2808 wrote to memory of 2896	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	38
PID 2808 wrote to memory of 2896	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	38
PID 2808 wrote to memory of 1388	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	39
PID 2808 wrote to memory of 1388	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	39
PID 2808 wrote to memory of 1388	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	39
PID 2808 wrote to memory of 1640	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	40
PID 2808 wrote to memory of 1640	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	40
PID 2808 wrote to memory of 1640	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	40
PID 2808 wrote to memory of 1668	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	41
PID 2808 wrote to memory of 1668	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	41
PID 2808 wrote to memory of 1668	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	41
PID 2808 wrote to memory of 2408	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	42
PID 2808 wrote to memory of 2408	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	42
PID 2808 wrote to memory of 2408	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	42
PID 2808 wrote to memory of 2824	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	43
PID 2808 wrote to memory of 2824	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	43
PID 2808 wrote to memory of 2824	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	43
PID 2808 wrote to memory of 1760	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	44
PID 2808 wrote to memory of 1760	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	44
PID 2808 wrote to memory of 1760	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	44
PID 2808 wrote to memory of 2828	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	45
PID 2808 wrote to memory of 2828	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	45
PID 2808 wrote to memory of 2828	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	45
PID 2808 wrote to memory of 3068	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	46
PID 2808 wrote to memory of 3068	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	46
PID 2808 wrote to memory of 3068	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	46
PID 2808 wrote to memory of 2128	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	47
PID 2808 wrote to memory of 2128	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	47
PID 2808 wrote to memory of 2128	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	47
PID 2808 wrote to memory of 2600	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	48
PID 2808 wrote to memory of 2600	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	48
PID 2808 wrote to memory of 2600	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	48
PID 2808 wrote to memory of 3016	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	49
PID 2808 wrote to memory of 3016	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	49
PID 2808 wrote to memory of 3016	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	49
PID 2808 wrote to memory of 2336	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	50
PID 2808 wrote to memory of 2336	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	50
PID 2808 wrote to memory of 2336	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	50
PID 2808 wrote to memory of 2416	2808	JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe	51

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f631fa4d0707de9faca1a3576e74325213abb3cee6bea7035633b8cda12eb2e9.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2808
- C:\Windows\System\BNcqYMG.exe
  C:\Windows\System\BNcqYMG.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\qktQJrl.exe
  C:\Windows\System\qktQJrl.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\uEqdwbu.exe
  C:\Windows\System\uEqdwbu.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\FfciPAb.exe
  C:\Windows\System\FfciPAb.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\BJwRaEI.exe
  C:\Windows\System\BJwRaEI.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\XCXSUkt.exe
  C:\Windows\System\XCXSUkt.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\gcKkamv.exe
  C:\Windows\System\gcKkamv.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\gzGyuIj.exe
  C:\Windows\System\gzGyuIj.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\NCIbMta.exe
  C:\Windows\System\NCIbMta.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\wagWqWB.exe
  C:\Windows\System\wagWqWB.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\fFWSASW.exe
  C:\Windows\System\fFWSASW.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\YHLlFDb.exe
  C:\Windows\System\YHLlFDb.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\aaHaQlJ.exe
  C:\Windows\System\aaHaQlJ.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\PuDzfCQ.exe
  C:\Windows\System\PuDzfCQ.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\ZMMTHRd.exe
  C:\Windows\System\ZMMTHRd.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\bYHETyf.exe
  C:\Windows\System\bYHETyf.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\kblHjlC.exe
  C:\Windows\System\kblHjlC.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\wsQlmJW.exe
  C:\Windows\System\wsQlmJW.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\nkHWbTn.exe
  C:\Windows\System\nkHWbTn.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\jxouPjE.exe
  C:\Windows\System\jxouPjE.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\OAvgJbH.exe
  C:\Windows\System\OAvgJbH.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\UXUMyXh.exe
  C:\Windows\System\UXUMyXh.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\RpyoVqQ.exe
  C:\Windows\System\RpyoVqQ.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\dinzMZo.exe
  C:\Windows\System\dinzMZo.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\RKnyVTP.exe
  C:\Windows\System\RKnyVTP.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\cPdMWBG.exe
  C:\Windows\System\cPdMWBG.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\ERXUXkR.exe
  C:\Windows\System\ERXUXkR.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\voNRRWL.exe
  C:\Windows\System\voNRRWL.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\PbZZOph.exe
  C:\Windows\System\PbZZOph.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\dPTjexq.exe
  C:\Windows\System\dPTjexq.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\tPrnIug.exe
  C:\Windows\System\tPrnIug.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\ILnLElq.exe
  C:\Windows\System\ILnLElq.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\srxqWDV.exe
  C:\Windows\System\srxqWDV.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\mpbhDaj.exe
  C:\Windows\System\mpbhDaj.exe
  2⤵
  - Executes dropped EXE
  PID:524
- C:\Windows\System\couRyfU.exe
  C:\Windows\System\couRyfU.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\NiqvTLi.exe
  C:\Windows\System\NiqvTLi.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\qAREshP.exe
  C:\Windows\System\qAREshP.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\Bxfjncn.exe
  C:\Windows\System\Bxfjncn.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\pzETgew.exe
  C:\Windows\System\pzETgew.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\FqnrIhE.exe
  C:\Windows\System\FqnrIhE.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\CwNlwfy.exe
  C:\Windows\System\CwNlwfy.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\BuPXRXo.exe
  C:\Windows\System\BuPXRXo.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\ywsZmEq.exe
  C:\Windows\System\ywsZmEq.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\ciZSZgz.exe
  C:\Windows\System\ciZSZgz.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\BzTNTej.exe
  C:\Windows\System\BzTNTej.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\mXWwLeT.exe
  C:\Windows\System\mXWwLeT.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\YpIPZGZ.exe
  C:\Windows\System\YpIPZGZ.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\eeXRhrS.exe
  C:\Windows\System\eeXRhrS.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\YDteTeQ.exe
  C:\Windows\System\YDteTeQ.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\ebULDpi.exe
  C:\Windows\System\ebULDpi.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\ZnqhSfY.exe
  C:\Windows\System\ZnqhSfY.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\QOHraFe.exe
  C:\Windows\System\QOHraFe.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\sqYyRQm.exe
  C:\Windows\System\sqYyRQm.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\GAXtXVt.exe
  C:\Windows\System\GAXtXVt.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\OsnZqLH.exe
  C:\Windows\System\OsnZqLH.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\sneSBQa.exe
  C:\Windows\System\sneSBQa.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\eHFESnM.exe
  C:\Windows\System\eHFESnM.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\ixUQzdN.exe
  C:\Windows\System\ixUQzdN.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\nmVSiNZ.exe
  C:\Windows\System\nmVSiNZ.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\zNCdyKY.exe
  C:\Windows\System\zNCdyKY.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\ZenBAEJ.exe
  C:\Windows\System\ZenBAEJ.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\VAaadhf.exe
  C:\Windows\System\VAaadhf.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\SNxiENd.exe
  C:\Windows\System\SNxiENd.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\gNkjFtS.exe
  C:\Windows\System\gNkjFtS.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\XSFiBnu.exe
  C:\Windows\System\XSFiBnu.exe
  2⤵
  PID:2924
- C:\Windows\System\PvSVpSB.exe
  C:\Windows\System\PvSVpSB.exe
  2⤵
  PID:2804
- C:\Windows\System\oqIKAcL.exe
  C:\Windows\System\oqIKAcL.exe
  2⤵
  PID:2884
- C:\Windows\System\QOwjgqC.exe
  C:\Windows\System\QOwjgqC.exe
  2⤵
  PID:2224
- C:\Windows\System\vrtXzYU.exe
  C:\Windows\System\vrtXzYU.exe
  2⤵
  PID:288
- C:\Windows\System\StSRDdG.exe
  C:\Windows\System\StSRDdG.exe
  2⤵
  PID:540
- C:\Windows\System\etIRyDg.exe
  C:\Windows\System\etIRyDg.exe
  2⤵
  PID:1352
- C:\Windows\System\VlMzXOa.exe
  C:\Windows\System\VlMzXOa.exe
  2⤵
  PID:2356
- C:\Windows\System\iUpQims.exe
  C:\Windows\System\iUpQims.exe
  2⤵
  PID:2576
- C:\Windows\System\dbBmcjX.exe
  C:\Windows\System\dbBmcjX.exe
  2⤵
  PID:2240
- C:\Windows\System\QyaQKGF.exe
  C:\Windows\System\QyaQKGF.exe
  2⤵
  PID:2192
- C:\Windows\System\iFCxqFw.exe
  C:\Windows\System\iFCxqFw.exe
  2⤵
  PID:2400
- C:\Windows\System\idxgZoV.exe
  C:\Windows\System\idxgZoV.exe
  2⤵
  PID:2344
- C:\Windows\System\sZBOWAT.exe
  C:\Windows\System\sZBOWAT.exe
  2⤵
  PID:1848
- C:\Windows\System\gUAQHuD.exe
  C:\Windows\System\gUAQHuD.exe
  2⤵
  PID:2124
- C:\Windows\System\aPZIYdW.exe
  C:\Windows\System\aPZIYdW.exe
  2⤵
  PID:2280
- C:\Windows\System\BKWTSFY.exe
  C:\Windows\System\BKWTSFY.exe
  2⤵
  PID:2404
- C:\Windows\System\SJcPelr.exe
  C:\Windows\System\SJcPelr.exe
  2⤵
  PID:1408
- C:\Windows\System\NqhCOdP.exe
  C:\Windows\System\NqhCOdP.exe
  2⤵
  PID:516
- C:\Windows\System\vmumIJX.exe
  C:\Windows\System\vmumIJX.exe
  2⤵
  PID:1528
- C:\Windows\System\tGQSFAX.exe
  C:\Windows\System\tGQSFAX.exe
  2⤵
  PID:1796
- C:\Windows\System\FfzbLKM.exe
  C:\Windows\System\FfzbLKM.exe
  2⤵
  PID:2476
- C:\Windows\System\zJEHNeV.exe
  C:\Windows\System\zJEHNeV.exe
  2⤵
  PID:2988
- C:\Windows\System\EirNdto.exe
  C:\Windows\System\EirNdto.exe
  2⤵
  PID:2700
- C:\Windows\System\rHxEajB.exe
  C:\Windows\System\rHxEajB.exe
  2⤵
  PID:1360
- C:\Windows\System\cbIWZhf.exe
  C:\Windows\System\cbIWZhf.exe
  2⤵
  PID:1532
- C:\Windows\System\xhSNCxt.exe
  C:\Windows\System\xhSNCxt.exe
  2⤵
  PID:1752
- C:\Windows\System\hgSapnE.exe
  C:\Windows\System\hgSapnE.exe
  2⤵
  PID:1008
- C:\Windows\System\WNxksaa.exe
  C:\Windows\System\WNxksaa.exe
  2⤵
  PID:2484
- C:\Windows\System\mxiYENh.exe
  C:\Windows\System\mxiYENh.exe
  2⤵
  PID:1480
- C:\Windows\System\ksWgZpY.exe
  C:\Windows\System\ksWgZpY.exe
  2⤵
  PID:1104
- C:\Windows\System\ZvGDcmZ.exe
  C:\Windows\System\ZvGDcmZ.exe
  2⤵
  PID:1552
- C:\Windows\System\LpvdGUM.exe
  C:\Windows\System\LpvdGUM.exe
  2⤵
  PID:1628
- C:\Windows\System\tWbiOfr.exe
  C:\Windows\System\tWbiOfr.exe
  2⤵
  PID:872
- C:\Windows\System\cUurubJ.exe
  C:\Windows\System\cUurubJ.exe
  2⤵
  PID:2068
- C:\Windows\System\VuwfePM.exe
  C:\Windows\System\VuwfePM.exe
  2⤵
  PID:1608
- C:\Windows\System\cBSwZGI.exe
  C:\Windows\System\cBSwZGI.exe
  2⤵
  PID:2832
- C:\Windows\System\YEsGwSj.exe
  C:\Windows\System\YEsGwSj.exe
  2⤵
  PID:3000
- C:\Windows\System\ZTKOgXq.exe
  C:\Windows\System\ZTKOgXq.exe
  2⤵
  PID:2872
- C:\Windows\System\cysgEGy.exe
  C:\Windows\System\cysgEGy.exe
  2⤵
  PID:2860
- C:\Windows\System\euhjKLd.exe
  C:\Windows\System\euhjKLd.exe
  2⤵
  PID:2608
- C:\Windows\System\PTsGMBE.exe
  C:\Windows\System\PTsGMBE.exe
  2⤵
  PID:2388
- C:\Windows\System\npYOBRW.exe
  C:\Windows\System\npYOBRW.exe
  2⤵
  PID:2764
- C:\Windows\System\tPwiOqh.exe
  C:\Windows\System\tPwiOqh.exe
  2⤵
  PID:840
- C:\Windows\System\ZBXSDrP.exe
  C:\Windows\System\ZBXSDrP.exe
  2⤵
  PID:3040
- C:\Windows\System\yIcMGne.exe
  C:\Windows\System\yIcMGne.exe
  2⤵
  PID:2648
- C:\Windows\System\kaBSjpR.exe
  C:\Windows\System\kaBSjpR.exe
  2⤵
  PID:1824
- C:\Windows\System\NVZrHef.exe
  C:\Windows\System\NVZrHef.exe
  2⤵
  PID:2840
- C:\Windows\System\mfbucMw.exe
  C:\Windows\System\mfbucMw.exe
  2⤵
  PID:2856
- C:\Windows\System\CafFaVK.exe
  C:\Windows\System\CafFaVK.exe
  2⤵
  PID:2120
- C:\Windows\System\oTHywHD.exe
  C:\Windows\System\oTHywHD.exe
  2⤵
  PID:2292
- C:\Windows\System\FBWaFtg.exe
  C:\Windows\System\FBWaFtg.exe
  2⤵
  PID:1716
- C:\Windows\System\jATWSzA.exe
  C:\Windows\System\jATWSzA.exe
  2⤵
  PID:1804
- C:\Windows\System\VJMMWOf.exe
  C:\Windows\System\VJMMWOf.exe
  2⤵
  PID:2008
- C:\Windows\System\LbVFWmx.exe
  C:\Windows\System\LbVFWmx.exe
  2⤵
  PID:1912
- C:\Windows\System\xVsUyzy.exe
  C:\Windows\System\xVsUyzy.exe
  2⤵
  PID:1728
- C:\Windows\System\yfikrqa.exe
  C:\Windows\System\yfikrqa.exe
  2⤵
  PID:1252
- C:\Windows\System\mlhNbpb.exe
  C:\Windows\System\mlhNbpb.exe
  2⤵
  PID:2020
- C:\Windows\System\cuZdDOb.exe
  C:\Windows\System\cuZdDOb.exe
  2⤵
  PID:328
- C:\Windows\System\gctIuvB.exe
  C:\Windows\System\gctIuvB.exe
  2⤵
  PID:1692
- C:\Windows\System\GOGMlQW.exe
  C:\Windows\System\GOGMlQW.exe
  2⤵
  PID:2916
- C:\Windows\System\NpsEPum.exe
  C:\Windows\System\NpsEPum.exe
  2⤵
  PID:2844
- C:\Windows\System\KgiaIWk.exe
  C:\Windows\System\KgiaIWk.exe
  2⤵
  PID:2740
- C:\Windows\System\tFAlKjO.exe
  C:\Windows\System\tFAlKjO.exe
  2⤵
  PID:2880
- C:\Windows\System\KtZAjxv.exe
  C:\Windows\System\KtZAjxv.exe
  2⤵
  PID:2760
- C:\Windows\System\sydrnip.exe
  C:\Windows\System\sydrnip.exe
  2⤵
  PID:2284
- C:\Windows\System\BQGgzLv.exe
  C:\Windows\System\BQGgzLv.exe
  2⤵
  PID:2688
- C:\Windows\System\cOLrlNT.exe
  C:\Windows\System\cOLrlNT.exe
  2⤵
  PID:888
- C:\Windows\System\hkqRyhn.exe
  C:\Windows\System\hkqRyhn.exe
  2⤵
  PID:2352
- C:\Windows\System\ChJiKBA.exe
  C:\Windows\System\ChJiKBA.exe
  2⤵
  PID:2520
- C:\Windows\System\OwVpvnD.exe
  C:\Windows\System\OwVpvnD.exe
  2⤵
  PID:2680
- C:\Windows\System\SmvsnVo.exe
  C:\Windows\System\SmvsnVo.exe
  2⤵
  PID:1052
- C:\Windows\System\VUhoIGs.exe
  C:\Windows\System\VUhoIGs.exe
  2⤵
  PID:956
- C:\Windows\System\bMugsdl.exe
  C:\Windows\System\bMugsdl.exe
  2⤵
  PID:1092
- C:\Windows\System\GrPzOtu.exe
  C:\Windows\System\GrPzOtu.exe
  2⤵
  PID:2748
- C:\Windows\System\BoQHrHD.exe
  C:\Windows\System\BoQHrHD.exe
  2⤵
  PID:2944
- C:\Windows\System\YZfdhct.exe
  C:\Windows\System\YZfdhct.exe
  2⤵
  PID:1660
- C:\Windows\System\Dhucchn.exe
  C:\Windows\System\Dhucchn.exe
  2⤵
  PID:2736
- C:\Windows\System\BeGjyDP.exe
  C:\Windows\System\BeGjyDP.exe
  2⤵
  PID:964
- C:\Windows\System\mOcEHmg.exe
  C:\Windows\System\mOcEHmg.exe
  2⤵
  PID:2660
- C:\Windows\System\cqBOlmk.exe
  C:\Windows\System\cqBOlmk.exe
  2⤵
  PID:2156
- C:\Windows\System\JOVGgEL.exe
  C:\Windows\System\JOVGgEL.exe
  2⤵
  PID:1328
- C:\Windows\System\qLIzjUG.exe
  C:\Windows\System\qLIzjUG.exe
  2⤵
  PID:820
- C:\Windows\System\JSvQdoQ.exe
  C:\Windows\System\JSvQdoQ.exe
  2⤵
  PID:1980
- C:\Windows\System\ssHkkrW.exe
  C:\Windows\System\ssHkkrW.exe
  2⤵
  PID:1048
- C:\Windows\System\llmuUsh.exe
  C:\Windows\System\llmuUsh.exe
  2⤵
  PID:3080
- C:\Windows\System\nGOwFxH.exe
  C:\Windows\System\nGOwFxH.exe
  2⤵
  PID:3100
- C:\Windows\System\MdooOiH.exe
  C:\Windows\System\MdooOiH.exe
  2⤵
  PID:3120
- C:\Windows\System\ryJyHKc.exe
  C:\Windows\System\ryJyHKc.exe
  2⤵
  PID:3140
- C:\Windows\System\RPpiriG.exe
  C:\Windows\System\RPpiriG.exe
  2⤵
  PID:3160
- C:\Windows\System\RJKWcyl.exe
  C:\Windows\System\RJKWcyl.exe
  2⤵
  PID:3180
- C:\Windows\System\pNFiRIu.exe
  C:\Windows\System\pNFiRIu.exe
  2⤵
  PID:3200
- C:\Windows\System\pieqIxj.exe
  C:\Windows\System\pieqIxj.exe
  2⤵
  PID:3220
- C:\Windows\System\asQreec.exe
  C:\Windows\System\asQreec.exe
  2⤵
  PID:3240
- C:\Windows\System\NoogrHO.exe
  C:\Windows\System\NoogrHO.exe
  2⤵
  PID:3260
- C:\Windows\System\BLnnbke.exe
  C:\Windows\System\BLnnbke.exe
  2⤵
  PID:3280
- C:\Windows\System\kRRDZIj.exe
  C:\Windows\System\kRRDZIj.exe
  2⤵
  PID:3300
- C:\Windows\System\EPccniC.exe
  C:\Windows\System\EPccniC.exe
  2⤵
  PID:3320
- C:\Windows\System\EUoZzZE.exe
  C:\Windows\System\EUoZzZE.exe
  2⤵
  PID:3340
- C:\Windows\System\yeluxLH.exe
  C:\Windows\System\yeluxLH.exe
  2⤵
  PID:3360
- C:\Windows\System\CmEAJdh.exe
  C:\Windows\System\CmEAJdh.exe
  2⤵
  PID:3384
- C:\Windows\System\qKECBhr.exe
  C:\Windows\System\qKECBhr.exe
  2⤵
  PID:3404
- C:\Windows\System\ZYSLxjZ.exe
  C:\Windows\System\ZYSLxjZ.exe
  2⤵
  PID:3424
- C:\Windows\System\PxJaHLA.exe
  C:\Windows\System\PxJaHLA.exe
  2⤵
  PID:3444
- C:\Windows\System\MlIIUDG.exe
  C:\Windows\System\MlIIUDG.exe
  2⤵
  PID:3464
- C:\Windows\System\BfKKszb.exe
  C:\Windows\System\BfKKszb.exe
  2⤵
  PID:3484
- C:\Windows\System\xGyzeIF.exe
  C:\Windows\System\xGyzeIF.exe
  2⤵
  PID:3504
- C:\Windows\System\jgKeovZ.exe
  C:\Windows\System\jgKeovZ.exe
  2⤵
  PID:3524
- C:\Windows\System\YyFseCf.exe
  C:\Windows\System\YyFseCf.exe
  2⤵
  PID:3544
- C:\Windows\System\coFbFsH.exe
  C:\Windows\System\coFbFsH.exe
  2⤵
  PID:3564
- C:\Windows\System\TNpBQLz.exe
  C:\Windows\System\TNpBQLz.exe
  2⤵
  PID:3584
- C:\Windows\System\tgVOvsW.exe
  C:\Windows\System\tgVOvsW.exe
  2⤵
  PID:3604
- C:\Windows\System\vUMgeeC.exe
  C:\Windows\System\vUMgeeC.exe
  2⤵
  PID:3624
- C:\Windows\System\fRKNEea.exe
  C:\Windows\System\fRKNEea.exe
  2⤵
  PID:3644
- C:\Windows\System\oLxjEpS.exe
  C:\Windows\System\oLxjEpS.exe
  2⤵
  PID:3664
- C:\Windows\System\YFRXUBT.exe
  C:\Windows\System\YFRXUBT.exe
  2⤵
  PID:3684
- C:\Windows\System\maqSOfE.exe
  C:\Windows\System\maqSOfE.exe
  2⤵
  PID:3708
- C:\Windows\System\GPEhFiO.exe
  C:\Windows\System\GPEhFiO.exe
  2⤵
  PID:3724
- C:\Windows\System\rKGcGir.exe
  C:\Windows\System\rKGcGir.exe
  2⤵
  PID:3748
- C:\Windows\System\rOkzNjx.exe
  C:\Windows\System\rOkzNjx.exe
  2⤵
  PID:3768
- C:\Windows\System\lIqqARq.exe
  C:\Windows\System\lIqqARq.exe
  2⤵
  PID:3788
- C:\Windows\System\PMCqVHc.exe
  C:\Windows\System\PMCqVHc.exe
  2⤵
  PID:3804
- C:\Windows\System\VuKUxZo.exe
  C:\Windows\System\VuKUxZo.exe
  2⤵
  PID:3828
- C:\Windows\System\TYMdOPE.exe
  C:\Windows\System\TYMdOPE.exe
  2⤵
  PID:3848
- C:\Windows\System\fhuHQNm.exe
  C:\Windows\System\fhuHQNm.exe
  2⤵
  PID:3872
- C:\Windows\System\EOaVRxC.exe
  C:\Windows\System\EOaVRxC.exe
  2⤵
  PID:3892
- C:\Windows\System\AIppzqB.exe
  C:\Windows\System\AIppzqB.exe
  2⤵
  PID:3912
- C:\Windows\System\OUhESFN.exe
  C:\Windows\System\OUhESFN.exe
  2⤵
  PID:3932
- C:\Windows\System\pFMFMnZ.exe
  C:\Windows\System\pFMFMnZ.exe
  2⤵
  PID:3952
- C:\Windows\System\pxYSvDz.exe
  C:\Windows\System\pxYSvDz.exe
  2⤵
  PID:3972
- C:\Windows\System\nxeewIy.exe
  C:\Windows\System\nxeewIy.exe
  2⤵
  PID:3992
- C:\Windows\System\joexSzU.exe
  C:\Windows\System\joexSzU.exe
  2⤵
  PID:4012
- C:\Windows\System\fcFTfBy.exe
  C:\Windows\System\fcFTfBy.exe
  2⤵
  PID:4032
- C:\Windows\System\UjTqxxY.exe
  C:\Windows\System\UjTqxxY.exe
  2⤵
  PID:4052
- C:\Windows\System\AAhLnMT.exe
  C:\Windows\System\AAhLnMT.exe
  2⤵
  PID:4072
- C:\Windows\System\EXaiVBy.exe
  C:\Windows\System\EXaiVBy.exe
  2⤵
  PID:4088
- C:\Windows\System\vCbWyKZ.exe
  C:\Windows\System\vCbWyKZ.exe
  2⤵
  PID:2852
- C:\Windows\System\JEllaEy.exe
  C:\Windows\System\JEllaEy.exe
  2⤵
  PID:2360
- C:\Windows\System\gQmKddX.exe
  C:\Windows\System\gQmKddX.exe
  2⤵
  PID:2632
- C:\Windows\System\nIugtkf.exe
  C:\Windows\System\nIugtkf.exe
  2⤵
  PID:2168
- C:\Windows\System\JfYgCWY.exe
  C:\Windows\System\JfYgCWY.exe
  2⤵
  PID:756
- C:\Windows\System\owHkLeV.exe
  C:\Windows\System\owHkLeV.exe
  2⤵
  PID:3096
- C:\Windows\System\NCMstDf.exe
  C:\Windows\System\NCMstDf.exe
  2⤵
  PID:3132
- C:\Windows\System\iIgdQIJ.exe
  C:\Windows\System\iIgdQIJ.exe
  2⤵
  PID:3188
- C:\Windows\System\CwEUhik.exe
  C:\Windows\System\CwEUhik.exe
  2⤵
  PID:3228
- C:\Windows\System\gqvyZkr.exe
  C:\Windows\System\gqvyZkr.exe
  2⤵
  PID:3256
- C:\Windows\System\cJgBadb.exe
  C:\Windows\System\cJgBadb.exe
  2⤵
  PID:3292
- C:\Windows\System\lnvUCaC.exe
  C:\Windows\System\lnvUCaC.exe
  2⤵
  PID:3336
- C:\Windows\System\TCHuUcM.exe
  C:\Windows\System\TCHuUcM.exe
  2⤵
  PID:3352
- C:\Windows\System\TIHaJKT.exe
  C:\Windows\System\TIHaJKT.exe
  2⤵
  PID:3420
- C:\Windows\System\CgfMEEC.exe
  C:\Windows\System\CgfMEEC.exe
  2⤵
  PID:3452
- C:\Windows\System\bUWroJK.exe
  C:\Windows\System\bUWroJK.exe
  2⤵
  PID:3472
- C:\Windows\System\dOJhwco.exe
  C:\Windows\System\dOJhwco.exe
  2⤵
  PID:3496
- C:\Windows\System\qWTyOBc.exe
  C:\Windows\System\qWTyOBc.exe
  2⤵
  PID:3520
- C:\Windows\System\WhEznCv.exe
  C:\Windows\System\WhEznCv.exe
  2⤵
  PID:3556
- C:\Windows\System\EYLgWYd.exe
  C:\Windows\System\EYLgWYd.exe
  2⤵
  PID:3616
- C:\Windows\System\ImtSCxD.exe
  C:\Windows\System\ImtSCxD.exe
  2⤵
  PID:3660
- C:\Windows\System\rFCpoVM.exe
  C:\Windows\System\rFCpoVM.exe
  2⤵
  PID:3692
- C:\Windows\System\sZmaUhJ.exe
  C:\Windows\System\sZmaUhJ.exe
  2⤵
  PID:3740
- C:\Windows\System\Sikkkfz.exe
  C:\Windows\System\Sikkkfz.exe
  2⤵
  PID:3736
- C:\Windows\System\XOaDAYo.exe
  C:\Windows\System\XOaDAYo.exe
  2⤵
  PID:3760
- C:\Windows\System\nEiniKs.exe
  C:\Windows\System\nEiniKs.exe
  2⤵
  PID:3824
- C:\Windows\System\PXqMjYj.exe
  C:\Windows\System\PXqMjYj.exe
  2⤵
  PID:3868
- C:\Windows\System\iZVzkPX.exe
  C:\Windows\System\iZVzkPX.exe
  2⤵
  PID:3880
- C:\Windows\System\YyzZDZN.exe
  C:\Windows\System\YyzZDZN.exe
  2⤵
  PID:3940
- C:\Windows\System\OgceaiZ.exe
  C:\Windows\System\OgceaiZ.exe
  2⤵
  PID:3924
- C:\Windows\System\qnFXeYh.exe
  C:\Windows\System\qnFXeYh.exe
  2⤵
  PID:4028
- C:\Windows\System\fgzEIbx.exe
  C:\Windows\System\fgzEIbx.exe
  2⤵
  PID:3960
- C:\Windows\System\dRrkPzb.exe
  C:\Windows\System\dRrkPzb.exe
  2⤵
  PID:4004
- C:\Windows\System\eHpGDAB.exe
  C:\Windows\System\eHpGDAB.exe
  2⤵
  PID:1708
- C:\Windows\System\HmZVNBs.exe
  C:\Windows\System\HmZVNBs.exe
  2⤵
  PID:744
- C:\Windows\System\gQPcJAN.exe
  C:\Windows\System\gQPcJAN.exe
  2⤵
  PID:2440
- C:\Windows\System\rSPzGfh.exe
  C:\Windows\System\rSPzGfh.exe
  2⤵
  PID:2640
- C:\Windows\System\gFtFwpR.exe
  C:\Windows\System\gFtFwpR.exe
  2⤵
  PID:3076
- C:\Windows\System\AtYOqJO.exe
  C:\Windows\System\AtYOqJO.exe
  2⤵
  PID:3208
- C:\Windows\System\NmqVWPF.exe
  C:\Windows\System\NmqVWPF.exe
  2⤵
  PID:3276
- C:\Windows\System\NqJlfgR.exe
  C:\Windows\System\NqJlfgR.exe
  2⤵
  PID:3356
- C:\Windows\System\AfPVLBR.exe
  C:\Windows\System\AfPVLBR.exe
  2⤵
  PID:3396
- C:\Windows\System\gyPpepH.exe
  C:\Windows\System\gyPpepH.exe
  2⤵
  PID:3412
- C:\Windows\System\SjrrTBT.exe
  C:\Windows\System\SjrrTBT.exe
  2⤵
  PID:3476
- C:\Windows\System\xLbfjIk.exe
  C:\Windows\System\xLbfjIk.exe
  2⤵
  PID:3580
- C:\Windows\System\Vjnxoiu.exe
  C:\Windows\System\Vjnxoiu.exe
  2⤵
  PID:3620
- C:\Windows\System\NYzGJRO.exe
  C:\Windows\System\NYzGJRO.exe
  2⤵
  PID:3640
- C:\Windows\System\AzJOGdC.exe
  C:\Windows\System\AzJOGdC.exe
  2⤵
  PID:3672
- C:\Windows\System\bLxHdoj.exe
  C:\Windows\System\bLxHdoj.exe
  2⤵
  PID:3680
- C:\Windows\System\wPMJmzw.exe
  C:\Windows\System\wPMJmzw.exe
  2⤵
  PID:3820
- C:\Windows\System\iaIcGVg.exe
  C:\Windows\System\iaIcGVg.exe
  2⤵
  PID:3900
- C:\Windows\System\cOiwHfg.exe
  C:\Windows\System\cOiwHfg.exe
  2⤵
  PID:4020
- C:\Windows\System\UbDDlAJ.exe
  C:\Windows\System\UbDDlAJ.exe
  2⤵
  PID:4060
- C:\Windows\System\YuPALRf.exe
  C:\Windows\System\YuPALRf.exe
  2⤵
  PID:4000
- C:\Windows\System\QygPXha.exe
  C:\Windows\System\QygPXha.exe
  2⤵
  PID:2316
- C:\Windows\System\WUjDgCk.exe
  C:\Windows\System\WUjDgCk.exe
  2⤵
  PID:2912
- C:\Windows\System\lXmpalw.exe
  C:\Windows\System\lXmpalw.exe
  2⤵
  PID:3128
- C:\Windows\System\mzFdBLt.exe
  C:\Windows\System\mzFdBLt.exe
  2⤵
  PID:3216
- C:\Windows\System\tuXCKmM.exe
  C:\Windows\System\tuXCKmM.exe
  2⤵
  PID:3392
- C:\Windows\System\nHrCTEb.exe
  C:\Windows\System\nHrCTEb.exe
  2⤵
  PID:3480
- C:\Windows\System\tIpKCGL.exe
  C:\Windows\System\tIpKCGL.exe
  2⤵
  PID:3552
- C:\Windows\System\hWcZUpY.exe
  C:\Windows\System\hWcZUpY.exe
  2⤵
  PID:3600
- C:\Windows\System\xGMNEbz.exe
  C:\Windows\System\xGMNEbz.exe
  2⤵
  PID:3776
- C:\Windows\System\hkrtkMO.exe
  C:\Windows\System\hkrtkMO.exe
  2⤵
  PID:3844
- C:\Windows\System\fmhOVRQ.exe
  C:\Windows\System\fmhOVRQ.exe
  2⤵
  PID:3928
- C:\Windows\System\mQgweKV.exe
  C:\Windows\System\mQgweKV.exe
  2⤵
  PID:3964
- C:\Windows\System\eYhiNmL.exe
  C:\Windows\System\eYhiNmL.exe
  2⤵
  PID:4080
- C:\Windows\System\XjfrKdE.exe
  C:\Windows\System\XjfrKdE.exe
  2⤵
  PID:3192
- C:\Windows\System\GilieBm.exe
  C:\Windows\System\GilieBm.exe
  2⤵
  PID:3268
- C:\Windows\System\PQSPCiT.exe
  C:\Windows\System\PQSPCiT.exe
  2⤵
  PID:4104
- C:\Windows\System\LjlhBaJ.exe
  C:\Windows\System\LjlhBaJ.exe
  2⤵
  PID:4128
- C:\Windows\System\duqqokd.exe
  C:\Windows\System\duqqokd.exe
  2⤵
  PID:4148
- C:\Windows\System\aPycNpa.exe
  C:\Windows\System\aPycNpa.exe
  2⤵
  PID:4172
- C:\Windows\System\bnmuDZV.exe
  C:\Windows\System\bnmuDZV.exe
  2⤵
  PID:4192
- C:\Windows\System\aiuPscc.exe
  C:\Windows\System\aiuPscc.exe
  2⤵
  PID:4212
- C:\Windows\System\byrUwfQ.exe
  C:\Windows\System\byrUwfQ.exe
  2⤵
  PID:4232
- C:\Windows\System\WjIOzfN.exe
  C:\Windows\System\WjIOzfN.exe
  2⤵
  PID:4252
- C:\Windows\System\oZMuqcB.exe
  C:\Windows\System\oZMuqcB.exe
  2⤵
  PID:4268
- C:\Windows\System\nxHLUHa.exe
  C:\Windows\System\nxHLUHa.exe
  2⤵
  PID:4292
- C:\Windows\System\DnVOEaz.exe
  C:\Windows\System\DnVOEaz.exe
  2⤵
  PID:4312
- C:\Windows\System\lcXkOfK.exe
  C:\Windows\System\lcXkOfK.exe
  2⤵
  PID:4332
- C:\Windows\System\KVSqsyG.exe
  C:\Windows\System\KVSqsyG.exe
  2⤵
  PID:4352
- C:\Windows\System\kIXddrZ.exe
  C:\Windows\System\kIXddrZ.exe
  2⤵
  PID:4372
- C:\Windows\System\EdplmwV.exe
  C:\Windows\System\EdplmwV.exe
  2⤵
  PID:4388
- C:\Windows\System\HbAeaju.exe
  C:\Windows\System\HbAeaju.exe
  2⤵
  PID:4412
- C:\Windows\System\PLOVekK.exe
  C:\Windows\System\PLOVekK.exe
  2⤵
  PID:4432
- C:\Windows\System\mcmTSDh.exe
  C:\Windows\System\mcmTSDh.exe
  2⤵
  PID:4456
- C:\Windows\System\jdjpGwn.exe
  C:\Windows\System\jdjpGwn.exe
  2⤵
  PID:4476
- C:\Windows\System\VBCKwDG.exe
  C:\Windows\System\VBCKwDG.exe
  2⤵
  PID:4496
- C:\Windows\System\WMRnfcC.exe
  C:\Windows\System\WMRnfcC.exe
  2⤵
  PID:4516
- C:\Windows\System\jaukpVZ.exe
  C:\Windows\System\jaukpVZ.exe
  2⤵
  PID:4536
- C:\Windows\System\ghYzsLE.exe
  C:\Windows\System\ghYzsLE.exe
  2⤵
  PID:4552
- C:\Windows\System\qCnOQfQ.exe
  C:\Windows\System\qCnOQfQ.exe
  2⤵
  PID:4576
- C:\Windows\System\vhasUYg.exe
  C:\Windows\System\vhasUYg.exe
  2⤵
  PID:4596
- C:\Windows\System\VwQdnny.exe
  C:\Windows\System\VwQdnny.exe
  2⤵
  PID:4616
- C:\Windows\System\mjPjCAh.exe
  C:\Windows\System\mjPjCAh.exe
  2⤵
  PID:4636
- C:\Windows\System\QYYeVmG.exe
  C:\Windows\System\QYYeVmG.exe
  2⤵
  PID:4656
- C:\Windows\System\kDajBOe.exe
  C:\Windows\System\kDajBOe.exe
  2⤵
  PID:4676
- C:\Windows\System\dWtzDgd.exe
  C:\Windows\System\dWtzDgd.exe
  2⤵
  PID:4696
- C:\Windows\System\vJwBDdf.exe
  C:\Windows\System\vJwBDdf.exe
  2⤵
  PID:4716
- C:\Windows\System\uCTCRVf.exe
  C:\Windows\System\uCTCRVf.exe
  2⤵
  PID:4740
- C:\Windows\System\WkYJDxX.exe
  C:\Windows\System\WkYJDxX.exe
  2⤵
  PID:4760
- C:\Windows\System\KbSBTWL.exe
  C:\Windows\System\KbSBTWL.exe
  2⤵
  PID:4780
- C:\Windows\System\YEopefX.exe
  C:\Windows\System\YEopefX.exe
  2⤵
  PID:4800
- C:\Windows\System\mLxNVmp.exe
  C:\Windows\System\mLxNVmp.exe
  2⤵
  PID:4820
- C:\Windows\System\JNAhRRP.exe
  C:\Windows\System\JNAhRRP.exe
  2⤵
  PID:4840
- C:\Windows\System\vFrorGY.exe
  C:\Windows\System\vFrorGY.exe
  2⤵
  PID:4860
- C:\Windows\System\NzwyrEB.exe
  C:\Windows\System\NzwyrEB.exe
  2⤵
  PID:4880
- C:\Windows\System\UMYNTXf.exe
  C:\Windows\System\UMYNTXf.exe
  2⤵
  PID:4900
- C:\Windows\System\TpRwPVM.exe
  C:\Windows\System\TpRwPVM.exe
  2⤵
  PID:4920
- C:\Windows\System\BzaSRbL.exe
  C:\Windows\System\BzaSRbL.exe
  2⤵
  PID:4940
- C:\Windows\System\OAXrpZr.exe
  C:\Windows\System\OAXrpZr.exe
  2⤵
  PID:4960
- C:\Windows\System\icXDfSx.exe
  C:\Windows\System\icXDfSx.exe
  2⤵
  PID:4980
- C:\Windows\System\BKUcVBb.exe
  C:\Windows\System\BKUcVBb.exe
  2⤵
  PID:5000
- C:\Windows\System\vtskpbH.exe
  C:\Windows\System\vtskpbH.exe
  2⤵
  PID:5024
- C:\Windows\System\vJLPsuk.exe
  C:\Windows\System\vJLPsuk.exe
  2⤵
  PID:5044
- C:\Windows\System\ydVztFg.exe
  C:\Windows\System\ydVztFg.exe
  2⤵
  PID:5064
- C:\Windows\System\DrrSNAx.exe
  C:\Windows\System\DrrSNAx.exe
  2⤵
  PID:5084
- C:\Windows\System\axKjWJp.exe
  C:\Windows\System\axKjWJp.exe
  2⤵
  PID:5104
- C:\Windows\System\TyOLMEt.exe
  C:\Windows\System\TyOLMEt.exe
  2⤵
  PID:3316
- C:\Windows\System\PzMLrDt.exe
  C:\Windows\System\PzMLrDt.exe
  2⤵
  PID:3512
- C:\Windows\System\ntjxVvu.exe
  C:\Windows\System\ntjxVvu.exe
  2⤵
  PID:3704
- C:\Windows\System\LjSWrVZ.exe
  C:\Windows\System\LjSWrVZ.exe
  2⤵
  PID:3904
- C:\Windows\System\KAsdNmK.exe
  C:\Windows\System\KAsdNmK.exe
  2⤵
  PID:4068
- C:\Windows\System\vwCiQEU.exe
  C:\Windows\System\vwCiQEU.exe
  2⤵
  PID:3172
- C:\Windows\System\MLEGQUu.exe
  C:\Windows\System\MLEGQUu.exe
  2⤵
  PID:4112
- C:\Windows\System\PNSkxnJ.exe
  C:\Windows\System\PNSkxnJ.exe
  2⤵
  PID:4136
- C:\Windows\System\ThygqwS.exe
  C:\Windows\System\ThygqwS.exe
  2⤵
  PID:4140
- C:\Windows\System\MDqabRP.exe
  C:\Windows\System\MDqabRP.exe
  2⤵
  PID:4188
- C:\Windows\System\cMRfYcA.exe
  C:\Windows\System\cMRfYcA.exe
  2⤵
  PID:4248
- C:\Windows\System\UgmnXNK.exe
  C:\Windows\System\UgmnXNK.exe
  2⤵
  PID:4284
- C:\Windows\System\FLHlMBC.exe
  C:\Windows\System\FLHlMBC.exe
  2⤵
  PID:4328
- C:\Windows\System\AQLeMSX.exe
  C:\Windows\System\AQLeMSX.exe
  2⤵
  PID:4368
- C:\Windows\System\xZhMBSi.exe
  C:\Windows\System\xZhMBSi.exe
  2⤵
  PID:4396
- C:\Windows\System\bOEMdtk.exe
  C:\Windows\System\bOEMdtk.exe
  2⤵
  PID:4400
- C:\Windows\System\hsgQxJZ.exe
  C:\Windows\System\hsgQxJZ.exe
  2⤵
  PID:4452
- C:\Windows\System\LUwvEJo.exe
  C:\Windows\System\LUwvEJo.exe
  2⤵
  PID:4488
- C:\Windows\System\veyzoZr.exe
  C:\Windows\System\veyzoZr.exe
  2⤵
  PID:4512
- C:\Windows\System\cXsqLQd.exe
  C:\Windows\System\cXsqLQd.exe
  2⤵
  PID:4568
- C:\Windows\System\juNidMc.exe
  C:\Windows\System\juNidMc.exe
  2⤵
  PID:4604
- C:\Windows\System\lLGiwXJ.exe
  C:\Windows\System\lLGiwXJ.exe
  2⤵
  PID:4612
- C:\Windows\System\igAEvhx.exe
  C:\Windows\System\igAEvhx.exe
  2⤵
  PID:4652
- C:\Windows\System\uemhUGz.exe
  C:\Windows\System\uemhUGz.exe
  2⤵
  PID:4672
- C:\Windows\System\mVVrqBT.exe
  C:\Windows\System\mVVrqBT.exe
  2⤵
  PID:4708
- C:\Windows\System\UzVpfNU.exe
  C:\Windows\System\UzVpfNU.exe
  2⤵
  PID:4752
- C:\Windows\System\vfmsAMP.exe
  C:\Windows\System\vfmsAMP.exe
  2⤵
  PID:4796
- C:\Windows\System\BfPYVFF.exe
  C:\Windows\System\BfPYVFF.exe
  2⤵
  PID:4848
- C:\Windows\System\KDRFnrC.exe
  C:\Windows\System\KDRFnrC.exe
  2⤵
  PID:4852
- C:\Windows\System\LfJfNmQ.exe
  C:\Windows\System\LfJfNmQ.exe
  2⤵
  PID:4872
- C:\Windows\System\FzpdQbZ.exe
  C:\Windows\System\FzpdQbZ.exe
  2⤵
  PID:4928
- C:\Windows\System\ZoWTMgW.exe
  C:\Windows\System\ZoWTMgW.exe
  2⤵
  PID:4976
- C:\Windows\System\EMGcDXW.exe
  C:\Windows\System\EMGcDXW.exe
  2⤵
  PID:4988
- C:\Windows\System\MBpIErl.exe
  C:\Windows\System\MBpIErl.exe
  2⤵
  PID:5052
- C:\Windows\System\lHmHiwS.exe
  C:\Windows\System\lHmHiwS.exe
  2⤵
  PID:5056
- C:\Windows\System\rFDgJHx.exe
  C:\Windows\System\rFDgJHx.exe
  2⤵
  PID:5080
- C:\Windows\System\EbHmXuy.exe
  C:\Windows\System\EbHmXuy.exe
  2⤵
  PID:5116
- C:\Windows\System\oOlYmKS.exe
  C:\Windows\System\oOlYmKS.exe
  2⤵
  PID:3920
- C:\Windows\System\DXQYBBM.exe
  C:\Windows\System\DXQYBBM.exe
  2⤵
  PID:3416
- C:\Windows\System\GGOSEnh.exe
  C:\Windows\System\GGOSEnh.exe
  2⤵
  PID:4100
- C:\Windows\System\aBsHTPt.exe
  C:\Windows\System\aBsHTPt.exe
  2⤵
  PID:2800
- C:\Windows\System\JoNGMFq.exe
  C:\Windows\System\JoNGMFq.exe
  2⤵
  PID:4164
- C:\Windows\System\SeLQYFX.exe
  C:\Windows\System\SeLQYFX.exe
  2⤵
  PID:4240
- C:\Windows\System\QeaSWkl.exe
  C:\Windows\System\QeaSWkl.exe
  2⤵
  PID:4264
- C:\Windows\System\kEfMZVp.exe
  C:\Windows\System\kEfMZVp.exe
  2⤵
  PID:4408
- C:\Windows\System\aKsmWRb.exe
  C:\Windows\System\aKsmWRb.exe
  2⤵
  PID:4380
- C:\Windows\System\DMeMCNg.exe
  C:\Windows\System\DMeMCNg.exe
  2⤵
  PID:4424
- C:\Windows\System\HfUQhXw.exe
  C:\Windows\System\HfUQhXw.exe
  2⤵
  PID:4504
- C:\Windows\System\gNvZsNc.exe
  C:\Windows\System\gNvZsNc.exe
  2⤵
  PID:4584
- C:\Windows\System\RcbPrjH.exe
  C:\Windows\System\RcbPrjH.exe
  2⤵
  PID:4632
- C:\Windows\System\TfDvpEo.exe
  C:\Windows\System\TfDvpEo.exe
  2⤵
  PID:4644
- C:\Windows\System\frUnZtL.exe
  C:\Windows\System\frUnZtL.exe
  2⤵
  PID:4748
- C:\Windows\System\awQfWPj.exe
  C:\Windows\System\awQfWPj.exe
  2⤵
  PID:4808
- C:\Windows\System\kNDvRER.exe
  C:\Windows\System\kNDvRER.exe
  2⤵
  PID:4876
- C:\Windows\System\ehTFvcu.exe
  C:\Windows\System\ehTFvcu.exe
  2⤵
  PID:4912
- C:\Windows\System\mzddhSB.exe
  C:\Windows\System\mzddhSB.exe
  2⤵
  PID:4996
- C:\Windows\System\sMdbrKf.exe
  C:\Windows\System\sMdbrKf.exe
  2⤵
  PID:5040
- C:\Windows\System\TettgAI.exe
  C:\Windows\System\TettgAI.exe
  2⤵
  PID:5036
- C:\Windows\System\ecAXdYd.exe
  C:\Windows\System\ecAXdYd.exe
  2⤵
  PID:5112
- C:\Windows\System\UfQNiuZ.exe
  C:\Windows\System\UfQNiuZ.exe
  2⤵
  PID:3764
- C:\Windows\System\hSzjwSK.exe
  C:\Windows\System\hSzjwSK.exe
  2⤵
  PID:3716
- C:\Windows\System\nTgkaDp.exe
  C:\Windows\System\nTgkaDp.exe
  2⤵
  PID:4168
- C:\Windows\System\UCKqnHV.exe
  C:\Windows\System\UCKqnHV.exe
  2⤵
  PID:2792
- C:\Windows\System\nvsmOQE.exe
  C:\Windows\System\nvsmOQE.exe
  2⤵
  PID:4344
- C:\Windows\System\MJjfOXC.exe
  C:\Windows\System\MJjfOXC.exe
  2⤵
  PID:4532
- C:\Windows\System\vsEstkG.exe
  C:\Windows\System\vsEstkG.exe
  2⤵
  PID:4472
- C:\Windows\System\EeihXqa.exe
  C:\Windows\System\EeihXqa.exe
  2⤵
  PID:4544
- C:\Windows\System\pzpiyPB.exe
  C:\Windows\System\pzpiyPB.exe
  2⤵
  PID:4736
- C:\Windows\System\vSYfKvb.exe
  C:\Windows\System\vSYfKvb.exe
  2⤵
  PID:2396
- C:\Windows\System\xkYGLND.exe
  C:\Windows\System\xkYGLND.exe
  2⤵
  PID:4772
- C:\Windows\System\BKbyjfI.exe
  C:\Windows\System\BKbyjfI.exe
  2⤵
  PID:4908
- C:\Windows\System\rOfDqiQ.exe
  C:\Windows\System\rOfDqiQ.exe
  2⤵
  PID:4952
- C:\Windows\System\tBZAKFx.exe
  C:\Windows\System\tBZAKFx.exe
  2⤵
  PID:3540
- C:\Windows\System\sKnASPb.exe
  C:\Windows\System\sKnASPb.exe
  2⤵
  PID:3908
- C:\Windows\System\mvfPspe.exe
  C:\Windows\System\mvfPspe.exe
  2⤵
  PID:2040
- C:\Windows\System\XsfIASQ.exe
  C:\Windows\System\XsfIASQ.exe
  2⤵
  PID:4340
- C:\Windows\System\BoJZyZl.exe
  C:\Windows\System\BoJZyZl.exe
  2⤵
  PID:4440
- C:\Windows\System\xSumcZA.exe
  C:\Windows\System\xSumcZA.exe
  2⤵
  PID:4428
- C:\Windows\System\ElbMdSP.exe
  C:\Windows\System\ElbMdSP.exe
  2⤵
  PID:4564
- C:\Windows\System\leLxNwE.exe
  C:\Windows\System\leLxNwE.exe
  2⤵
  PID:3152
- C:\Windows\System\BtsngcD.exe
  C:\Windows\System\BtsngcD.exe
  2⤵
  PID:5016
- C:\Windows\System\vfAFIYE.exe
  C:\Windows\System\vfAFIYE.exe
  2⤵
  PID:4916
- C:\Windows\System\SqDlHeY.exe
  C:\Windows\System\SqDlHeY.exe
  2⤵
  PID:5100
- C:\Windows\System\qjguRuQ.exe
  C:\Windows\System\qjguRuQ.exe
  2⤵
  PID:4280
- C:\Windows\System\CAHLHxh.exe
  C:\Windows\System\CAHLHxh.exe
  2⤵
  PID:4360
- C:\Windows\System\wYWOTQV.exe
  C:\Windows\System\wYWOTQV.exe
  2⤵
  PID:4300
- C:\Windows\System\aETEBiK.exe
  C:\Windows\System\aETEBiK.exe
  2⤵
  PID:2460
- C:\Windows\System\HycJlkh.exe
  C:\Windows\System\HycJlkh.exe
  2⤵
  PID:5132
- C:\Windows\System\iXvgzMf.exe
  C:\Windows\System\iXvgzMf.exe
  2⤵
  PID:5152
- C:\Windows\System\ElOctGA.exe
  C:\Windows\System\ElOctGA.exe
  2⤵
  PID:5172
- C:\Windows\System\xJfKqED.exe
  C:\Windows\System\xJfKqED.exe
  2⤵
  PID:5188
- C:\Windows\System\ixkQvtt.exe
  C:\Windows\System\ixkQvtt.exe
  2⤵
  PID:5216
- C:\Windows\System\nDZjASp.exe
  C:\Windows\System\nDZjASp.exe
  2⤵
  PID:5292
- C:\Windows\System\rCeQNvt.exe
  C:\Windows\System\rCeQNvt.exe
  2⤵
  PID:5324
- C:\Windows\System\dhcyiyt.exe
  C:\Windows\System\dhcyiyt.exe
  2⤵
  PID:5344
- C:\Windows\System\PCkVGMo.exe
  C:\Windows\System\PCkVGMo.exe
  2⤵
  PID:5364
- C:\Windows\System\heXWGMp.exe
  C:\Windows\System\heXWGMp.exe
  2⤵
  PID:5384
- C:\Windows\System\tXDYcxt.exe
  C:\Windows\System\tXDYcxt.exe
  2⤵
  PID:5400
- C:\Windows\System\EHnvohK.exe
  C:\Windows\System\EHnvohK.exe
  2⤵
  PID:5436
- C:\Windows\System\zjxZfYV.exe
  C:\Windows\System\zjxZfYV.exe
  2⤵
  PID:5456
- C:\Windows\System\KqsvTwe.exe
  C:\Windows\System\KqsvTwe.exe
  2⤵
  PID:5472
- C:\Windows\System\LlTvTwT.exe
  C:\Windows\System\LlTvTwT.exe
  2⤵
  PID:5488
- C:\Windows\System\VOlYLCG.exe
  C:\Windows\System\VOlYLCG.exe
  2⤵
  PID:5520
- C:\Windows\System\SCnqtyM.exe
  C:\Windows\System\SCnqtyM.exe
  2⤵
  PID:5540
- C:\Windows\System\KzJDuzH.exe
  C:\Windows\System\KzJDuzH.exe
  2⤵
  PID:5560
- C:\Windows\System\PtcWOvn.exe
  C:\Windows\System\PtcWOvn.exe
  2⤵
  PID:5584
- C:\Windows\System\RRdCRXT.exe
  C:\Windows\System\RRdCRXT.exe
  2⤵
  PID:5620
- C:\Windows\System\iylyQRJ.exe
  C:\Windows\System\iylyQRJ.exe
  2⤵
  PID:5640
- C:\Windows\System\DYumjxJ.exe
  C:\Windows\System\DYumjxJ.exe
  2⤵
  PID:5660
- C:\Windows\System\aWuPlTX.exe
  C:\Windows\System\aWuPlTX.exe
  2⤵
  PID:5696
- C:\Windows\System\ZOftxgt.exe
  C:\Windows\System\ZOftxgt.exe
  2⤵
  PID:5716
- C:\Windows\System\KEYcXcT.exe
  C:\Windows\System\KEYcXcT.exe
  2⤵
  PID:5740
- C:\Windows\System\xTHOlBM.exe
  C:\Windows\System\xTHOlBM.exe
  2⤵
  PID:5760
- C:\Windows\System\OMFAhXd.exe
  C:\Windows\System\OMFAhXd.exe
  2⤵
  PID:5796
- C:\Windows\System\EUrhXTB.exe
  C:\Windows\System\EUrhXTB.exe
  2⤵
  PID:5820
- C:\Windows\System\ohTnWCe.exe
  C:\Windows\System\ohTnWCe.exe
  2⤵
  PID:5844
- C:\Windows\System\STbzqqX.exe
  C:\Windows\System\STbzqqX.exe
  2⤵
  PID:5860
- C:\Windows\System\fNzWBPC.exe
  C:\Windows\System\fNzWBPC.exe
  2⤵
  PID:5884
- C:\Windows\System\DajxKLy.exe
  C:\Windows\System\DajxKLy.exe
  2⤵
  PID:5908
- C:\Windows\System\DmWyWbM.exe
  C:\Windows\System\DmWyWbM.exe
  2⤵
  PID:5928
- C:\Windows\System\iMWlqRn.exe
  C:\Windows\System\iMWlqRn.exe
  2⤵
  PID:5952
- C:\Windows\System\ruFuWtc.exe
  C:\Windows\System\ruFuWtc.exe
  2⤵
  PID:5976
- C:\Windows\System\XCCHwIj.exe
  C:\Windows\System\XCCHwIj.exe
  2⤵
  PID:5992
- C:\Windows\System\SeyfljS.exe
  C:\Windows\System\SeyfljS.exe
  2⤵
  PID:6044
- C:\Windows\System\IZDnZQB.exe
  C:\Windows\System\IZDnZQB.exe
  2⤵
  PID:6060
- C:\Windows\System\NIIqWDO.exe
  C:\Windows\System\NIIqWDO.exe
  2⤵
  PID:6076
- C:\Windows\System\bfYdxVF.exe
  C:\Windows\System\bfYdxVF.exe
  2⤵
  PID:6092
- C:\Windows\System\tFUbayZ.exe
  C:\Windows\System\tFUbayZ.exe
  2⤵
  PID:6108
- C:\Windows\System\KrUdaMC.exe
  C:\Windows\System\KrUdaMC.exe
  2⤵
  PID:6132
- C:\Windows\System\enMYrQl.exe
  C:\Windows\System\enMYrQl.exe
  2⤵
  PID:4788
- C:\Windows\System\ugCqceh.exe
  C:\Windows\System\ugCqceh.exe
  2⤵
  PID:2160
- C:\Windows\System\nwJDUat.exe
  C:\Windows\System\nwJDUat.exe
  2⤵
  PID:852
- C:\Windows\System\ODLEsbx.exe
  C:\Windows\System\ODLEsbx.exe
  2⤵
  PID:4816
- C:\Windows\System\YPDbZjy.exe
  C:\Windows\System\YPDbZjy.exe
  2⤵
  PID:5168
- C:\Windows\System\kTtRvNE.exe
  C:\Windows\System\kTtRvNE.exe
  2⤵
  PID:2228
- C:\Windows\System\mlokEBx.exe
  C:\Windows\System\mlokEBx.exe
  2⤵
  PID:2664
- C:\Windows\System\foJoUgT.exe
  C:\Windows\System\foJoUgT.exe
  2⤵
  PID:5148
- C:\Windows\System\aaGcZqd.exe
  C:\Windows\System\aaGcZqd.exe
  2⤵
  PID:2276
- C:\Windows\System\xCeLLfk.exe
  C:\Windows\System\xCeLLfk.exe
  2⤵
  PID:2480
- C:\Windows\System\JzmGndB.exe
  C:\Windows\System\JzmGndB.exe
  2⤵
  PID:2184
- C:\Windows\System\DvAtYBh.exe
  C:\Windows\System\DvAtYBh.exe
  2⤵
  PID:5180
- C:\Windows\System\bLXvKhb.exe
  C:\Windows\System\bLXvKhb.exe
  2⤵
  PID:3044
- C:\Windows\System\qaAPMhd.exe
  C:\Windows\System\qaAPMhd.exe
  2⤵
  PID:112
- C:\Windows\System\JMWBBjF.exe
  C:\Windows\System\JMWBBjF.exe
  2⤵
  PID:5224
- C:\Windows\System\eyRayVl.exe
  C:\Windows\System\eyRayVl.exe
  2⤵
  PID:5264
- C:\Windows\System\dHPBcGx.exe
  C:\Windows\System\dHPBcGx.exe
  2⤵
  PID:5308
- C:\Windows\System\pxuzYgD.exe
  C:\Windows\System\pxuzYgD.exe
  2⤵
  PID:5356
- C:\Windows\System\YbtSYpi.exe
  C:\Windows\System\YbtSYpi.exe
  2⤵
  PID:5444
- C:\Windows\System\SAwaUiA.exe
  C:\Windows\System\SAwaUiA.exe
  2⤵
  PID:5424
- C:\Windows\System\wgivgYP.exe
  C:\Windows\System\wgivgYP.exe
  2⤵
  PID:5464
- C:\Windows\System\laNAjmQ.exe
  C:\Windows\System\laNAjmQ.exe
  2⤵
  PID:5320
- C:\Windows\System\eHBghtd.exe
  C:\Windows\System\eHBghtd.exe
  2⤵
  PID:5580
- C:\Windows\System\eVNpVaC.exe
  C:\Windows\System\eVNpVaC.exe
  2⤵
  PID:5516
- C:\Windows\System\PzyXLER.exe
  C:\Windows\System\PzyXLER.exe
  2⤵
  PID:5604
- C:\Windows\System\WbdYSpi.exe
  C:\Windows\System\WbdYSpi.exe
  2⤵
  PID:5668
- C:\Windows\System\IYGMgPE.exe
  C:\Windows\System\IYGMgPE.exe
  2⤵
  PID:5684
- C:\Windows\System\FsQAhdo.exe
  C:\Windows\System\FsQAhdo.exe
  2⤵
  PID:5704
- C:\Windows\System\qONuomN.exe
  C:\Windows\System\qONuomN.exe
  2⤵
  PID:5768
- C:\Windows\System\DwCbdwK.exe
  C:\Windows\System\DwCbdwK.exe
  2⤵
  PID:5752
- C:\Windows\System\ilqaQtv.exe
  C:\Windows\System\ilqaQtv.exe
  2⤵
  PID:5812
- C:\Windows\System\WsxeTiK.exe
  C:\Windows\System\WsxeTiK.exe
  2⤵
  PID:5876
- C:\Windows\System\dTsHAMO.exe
  C:\Windows\System\dTsHAMO.exe
  2⤵
  PID:5924
- C:\Windows\System\QGCNvQo.exe
  C:\Windows\System\QGCNvQo.exe
  2⤵
  PID:5968
- C:\Windows\System\jhEmbdE.exe
  C:\Windows\System\jhEmbdE.exe
  2⤵
  PID:5788
- C:\Windows\System\mfFXCDi.exe
  C:\Windows\System\mfFXCDi.exe
  2⤵
  PID:6016
- C:\Windows\System\ZgnydqY.exe
  C:\Windows\System\ZgnydqY.exe
  2⤵
  PID:5496
- C:\Windows\System\lDhOESA.exe
  C:\Windows\System\lDhOESA.exe
  2⤵
  PID:5504
- C:\Windows\System\ATrtSMl.exe
  C:\Windows\System\ATrtSMl.exe
  2⤵
  PID:5600
- C:\Windows\System\yxwwkZF.exe
  C:\Windows\System\yxwwkZF.exe
  2⤵
  PID:5652
- C:\Windows\System\FwLclOd.exe
  C:\Windows\System\FwLclOd.exe
  2⤵
  PID:6068
- C:\Windows\System\TklhtWh.exe
  C:\Windows\System\TklhtWh.exe
  2⤵
  PID:6140
- C:\Windows\System\YxQywAA.exe
  C:\Windows\System\YxQywAA.exe
  2⤵
  PID:5060
- C:\Windows\System\AqPSFpu.exe
  C:\Windows\System\AqPSFpu.exe
  2⤵
  PID:6120
- C:\Windows\System\VhtIqqq.exe
  C:\Windows\System\VhtIqqq.exe
  2⤵
  PID:2704
- C:\Windows\System\OucFNzD.exe
  C:\Windows\System\OucFNzD.exe
  2⤵
  PID:1496
- C:\Windows\System\QLAgtQm.exe
  C:\Windows\System\QLAgtQm.exe
  2⤵
  PID:5196
- C:\Windows\System\BXgrQHH.exe
  C:\Windows\System\BXgrQHH.exe
  2⤵
  PID:5200
- C:\Windows\System\xtibvwp.exe
  C:\Windows\System\xtibvwp.exe
  2⤵
  PID:5140
- C:\Windows\System\ihgnnZY.exe
  C:\Windows\System\ihgnnZY.exe
  2⤵
  PID:5212
- C:\Windows\System\EXiQEEU.exe
  C:\Windows\System\EXiQEEU.exe
  2⤵
  PID:2112
- C:\Windows\System\MHNaKYM.exe
  C:\Windows\System\MHNaKYM.exe
  2⤵
  PID:5208
- C:\Windows\System\nlYKffG.exe
  C:\Windows\System\nlYKffG.exe
  2⤵
  PID:5232
- C:\Windows\System\LEPAKdG.exe
  C:\Windows\System\LEPAKdG.exe
  2⤵
  PID:5304
- C:\Windows\System\ROneSls.exe
  C:\Windows\System\ROneSls.exe
  2⤵
  PID:5312
- C:\Windows\System\QbvKsVV.exe
  C:\Windows\System\QbvKsVV.exe
  2⤵
  PID:5452
- C:\Windows\System\EUdCUaa.exe
  C:\Windows\System\EUdCUaa.exe
  2⤵
  PID:5480
- C:\Windows\System\EYhANXj.exe
  C:\Windows\System\EYhANXj.exe
  2⤵
  PID:5512
- C:\Windows\System\fMgyGqr.exe
  C:\Windows\System\fMgyGqr.exe
  2⤵
  PID:5552
- C:\Windows\System\ahJRKDW.exe
  C:\Windows\System\ahJRKDW.exe
  2⤵
  PID:5632
- C:\Windows\System\PaOAnta.exe
  C:\Windows\System\PaOAnta.exe
  2⤵
  PID:5712
- C:\Windows\System\oFRjYjr.exe
  C:\Windows\System\oFRjYjr.exe
  2⤵
  PID:5772
- C:\Windows\System\ySXkSwj.exe
  C:\Windows\System\ySXkSwj.exe
  2⤵
  PID:5964
- C:\Windows\System\nUTmkHx.exe
  C:\Windows\System\nUTmkHx.exe
  2⤵
  PID:6020
- C:\Windows\System\KgXeBYh.exe
  C:\Windows\System\KgXeBYh.exe
  2⤵
  PID:5988
- C:\Windows\System\roLgacb.exe
  C:\Windows\System\roLgacb.exe
  2⤵
  PID:5940
- C:\Windows\System\tPrxzyo.exe
  C:\Windows\System\tPrxzyo.exe
  2⤵
  PID:5756
- C:\Windows\System\wURryLw.exe
  C:\Windows\System\wURryLw.exe
  2⤵
  PID:5500
- C:\Windows\System\uaPtoGU.exe
  C:\Windows\System\uaPtoGU.exe
  2⤵
  PID:5688
- C:\Windows\System\dlHOvol.exe
  C:\Windows\System\dlHOvol.exe
  2⤵
  PID:1724
- C:\Windows\System\bVMwNPa.exe
  C:\Windows\System\bVMwNPa.exe
  2⤵
  PID:5904
- C:\Windows\System\dALxkhM.exe
  C:\Windows\System\dALxkhM.exe
  2⤵
  PID:2308
- C:\Windows\System\uwgrnng.exe
  C:\Windows\System\uwgrnng.exe
  2⤵
  PID:884
- C:\Windows\System\TcqYjHM.exe
  C:\Windows\System\TcqYjHM.exe
  2⤵
  PID:1032
- C:\Windows\System\oyitPhZ.exe
  C:\Windows\System\oyitPhZ.exe
  2⤵
  PID:6128
- C:\Windows\System\Tcxqeof.exe
  C:\Windows\System\Tcxqeof.exe
  2⤵
  PID:2676
- C:\Windows\System\dIZceTe.exe
  C:\Windows\System\dIZceTe.exe
  2⤵
  PID:5408
- C:\Windows\System\NEwEMoU.exe
  C:\Windows\System\NEwEMoU.exe
  2⤵
  PID:5432
- C:\Windows\System\LkPQdVP.exe
  C:\Windows\System\LkPQdVP.exe
  2⤵
  PID:5572
- C:\Windows\System\OnSCGHe.exe
  C:\Windows\System\OnSCGHe.exe
  2⤵
  PID:5728
- C:\Windows\System\lReMEgf.exe
  C:\Windows\System\lReMEgf.exe
  2⤵
  PID:5360
- C:\Windows\System\RPRNDMy.exe
  C:\Windows\System\RPRNDMy.exe
  2⤵
  PID:5916
- C:\Windows\System\nyOvOSz.exe
  C:\Windows\System\nyOvOSz.exe
  2⤵
  PID:6036
- C:\Windows\System\JNDIaiT.exe
  C:\Windows\System\JNDIaiT.exe
  2⤵
  PID:6032
- C:\Windows\System\DLENjlp.exe
  C:\Windows\System\DLENjlp.exe
  2⤵
  PID:6116
- C:\Windows\System\ixKSZKs.exe
  C:\Windows\System\ixKSZKs.exe
  2⤵
  PID:5900
- C:\Windows\System\LSpZNvx.exe
  C:\Windows\System\LSpZNvx.exe
  2⤵
  PID:2668
- C:\Windows\System\OWZwyFY.exe
  C:\Windows\System\OWZwyFY.exe
  2⤵
  PID:5288
- C:\Windows\System\jcubdYb.exe
  C:\Windows\System\jcubdYb.exe
  2⤵
  PID:5416
- C:\Windows\System\PYhTQYs.exe
  C:\Windows\System\PYhTQYs.exe
  2⤵
  PID:2076
- C:\Windows\System\hxldmDO.exe
  C:\Windows\System\hxldmDO.exe
  2⤵
  PID:5484
- C:\Windows\System\OImXeDB.exe
  C:\Windows\System\OImXeDB.exe
  2⤵
  PID:1756
- C:\Windows\System\iwptYnc.exe
  C:\Windows\System\iwptYnc.exe
  2⤵
  PID:5944
- C:\Windows\System\HZyafmQ.exe
  C:\Windows\System\HZyafmQ.exe
  2⤵
  PID:5340
- C:\Windows\System\kSnFiFA.exe
  C:\Windows\System\kSnFiFA.exe
  2⤵
  PID:6024
- C:\Windows\System\MdBWftr.exe
  C:\Windows\System\MdBWftr.exe
  2⤵
  PID:5748
- C:\Windows\System\vlAoEix.exe
  C:\Windows\System\vlAoEix.exe
  2⤵
  PID:2672
- C:\Windows\System\wMuPFFe.exe
  C:\Windows\System\wMuPFFe.exe
  2⤵
  PID:2176
- C:\Windows\System\wOIcSFf.exe
  C:\Windows\System\wOIcSFf.exe
  2⤵
  PID:5592
- C:\Windows\System\kaYqahU.exe
  C:\Windows\System\kaYqahU.exe
  2⤵
  PID:5352
- C:\Windows\System\QbwmCPX.exe
  C:\Windows\System\QbwmCPX.exe
  2⤵
  PID:5832
- C:\Windows\System\fevWCSY.exe
  C:\Windows\System\fevWCSY.exe
  2⤵
  PID:6084
- C:\Windows\System\LamSYGf.exe
  C:\Windows\System\LamSYGf.exe
  2⤵
  PID:3436
- C:\Windows\System\OOgdbJp.exe
  C:\Windows\System\OOgdbJp.exe
  2⤵
  PID:5268
- C:\Windows\System\kZhIgnE.exe
  C:\Windows\System\kZhIgnE.exe
  2⤵
  PID:2272
- C:\Windows\System\tyugvij.exe
  C:\Windows\System\tyugvij.exe
  2⤵
  PID:5948
- C:\Windows\System\jbtTyhy.exe
  C:\Windows\System\jbtTyhy.exe
  2⤵
  PID:5536
- C:\Windows\System\PhwFXgE.exe
  C:\Windows\System\PhwFXgE.exe
  2⤵
  PID:2468
- C:\Windows\System\xEhJBfZ.exe
  C:\Windows\System\xEhJBfZ.exe
  2⤵
  PID:6160
- C:\Windows\System\YXAcZqK.exe
  C:\Windows\System\YXAcZqK.exe
  2⤵
  PID:6184
- C:\Windows\System\fkHqbYP.exe
  C:\Windows\System\fkHqbYP.exe
  2⤵
  PID:6208
- C:\Windows\System\xMHmwqx.exe
  C:\Windows\System\xMHmwqx.exe
  2⤵
  PID:6228
- C:\Windows\System\OgmCNkB.exe
  C:\Windows\System\OgmCNkB.exe
  2⤵
  PID:6256
- C:\Windows\System\TFOWJcr.exe
  C:\Windows\System\TFOWJcr.exe
  2⤵
  PID:6276
- C:\Windows\System\cNGddAt.exe
  C:\Windows\System\cNGddAt.exe
  2⤵
  PID:6324
- C:\Windows\System\vtfPSKO.exe
  C:\Windows\System\vtfPSKO.exe
  2⤵
  PID:6348
- C:\Windows\System\WEKqvJl.exe
  C:\Windows\System\WEKqvJl.exe
  2⤵
  PID:6372
- C:\Windows\System\hMyNynU.exe
  C:\Windows\System\hMyNynU.exe
  2⤵
  PID:6392
- C:\Windows\System\ZrfZqSh.exe
  C:\Windows\System\ZrfZqSh.exe
  2⤵
  PID:6408
- C:\Windows\System\WWdpkzi.exe
  C:\Windows\System\WWdpkzi.exe
  2⤵
  PID:6428
- C:\Windows\System\sTkcqzM.exe
  C:\Windows\System\sTkcqzM.exe
  2⤵
  PID:6444
- C:\Windows\System\eBhyJHH.exe
  C:\Windows\System\eBhyJHH.exe
  2⤵
  PID:6464
- C:\Windows\System\ZNAViWb.exe
  C:\Windows\System\ZNAViWb.exe
  2⤵
  PID:6488
- C:\Windows\System\yHHyTlX.exe
  C:\Windows\System\yHHyTlX.exe
  2⤵
  PID:6508
- C:\Windows\System\JKUjHwB.exe
  C:\Windows\System\JKUjHwB.exe
  2⤵
  PID:6528
- C:\Windows\System\sIqzmhZ.exe
  C:\Windows\System\sIqzmhZ.exe
  2⤵
  PID:6544
- C:\Windows\System\xwyOPqy.exe
  C:\Windows\System\xwyOPqy.exe
  2⤵
  PID:6564
- C:\Windows\System\EiHVgQf.exe
  C:\Windows\System\EiHVgQf.exe
  2⤵
  PID:6588
- C:\Windows\System\pChmcwm.exe
  C:\Windows\System\pChmcwm.exe
  2⤵
  PID:6616
- C:\Windows\System\lNqujvB.exe
  C:\Windows\System\lNqujvB.exe
  2⤵
  PID:6632
- C:\Windows\System\buCXIlR.exe
  C:\Windows\System\buCXIlR.exe
  2⤵
  PID:6656
- C:\Windows\System\nIatArw.exe
  C:\Windows\System\nIatArw.exe
  2⤵
  PID:6672
- C:\Windows\System\dwdraXl.exe
  C:\Windows\System\dwdraXl.exe
  2⤵
  PID:6692
- C:\Windows\System\EoTirpn.exe
  C:\Windows\System\EoTirpn.exe
  2⤵
  PID:6712
- C:\Windows\System\qfayjNI.exe
  C:\Windows\System\qfayjNI.exe
  2⤵
  PID:6728
- C:\Windows\System\njRDjMc.exe
  C:\Windows\System\njRDjMc.exe
  2⤵
  PID:6748
- C:\Windows\System\Rgadihv.exe
  C:\Windows\System\Rgadihv.exe
  2⤵
  PID:6776
- C:\Windows\System\WycGSoM.exe
  C:\Windows\System\WycGSoM.exe
  2⤵
  PID:6792
- C:\Windows\System\qQPQeOh.exe
  C:\Windows\System\qQPQeOh.exe
  2⤵
  PID:6816
- C:\Windows\System\RyNrMXh.exe
  C:\Windows\System\RyNrMXh.exe
  2⤵
  PID:6832
- C:\Windows\System\PscDEjr.exe
  C:\Windows\System\PscDEjr.exe
  2⤵
  PID:6856
- C:\Windows\System\HcTYDeA.exe
  C:\Windows\System\HcTYDeA.exe
  2⤵
  PID:6872
- C:\Windows\System\rGnuNXC.exe
  C:\Windows\System\rGnuNXC.exe
  2⤵
  PID:6896
- C:\Windows\System\izJbUXV.exe
  C:\Windows\System\izJbUXV.exe
  2⤵
  PID:6920
- C:\Windows\System\UloVtaO.exe
  C:\Windows\System\UloVtaO.exe
  2⤵
  PID:6936
- C:\Windows\System\hyClsiV.exe
  C:\Windows\System\hyClsiV.exe
  2⤵
  PID:6956
- C:\Windows\System\VKZViRU.exe
  C:\Windows\System\VKZViRU.exe
  2⤵
  PID:6980
- C:\Windows\System\yMuMwpk.exe
  C:\Windows\System\yMuMwpk.exe
  2⤵
  PID:7000
- C:\Windows\System\nzzrkTW.exe
  C:\Windows\System\nzzrkTW.exe
  2⤵
  PID:7020
- C:\Windows\System\gCmCWmE.exe
  C:\Windows\System\gCmCWmE.exe
  2⤵
  PID:7040
- C:\Windows\System\vKNFyYT.exe
  C:\Windows\System\vKNFyYT.exe
  2⤵
  PID:7056
- C:\Windows\System\SbqnhyV.exe
  C:\Windows\System\SbqnhyV.exe
  2⤵
  PID:7076
- C:\Windows\System\WOYDnpm.exe
  C:\Windows\System\WOYDnpm.exe
  2⤵
  PID:7100
- C:\Windows\System\RxCLkxh.exe
  C:\Windows\System\RxCLkxh.exe
  2⤵
  PID:7116
- C:\Windows\System\PjdGGQs.exe
  C:\Windows\System\PjdGGQs.exe
  2⤵
  PID:7132
- C:\Windows\System\JILBHBj.exe
  C:\Windows\System\JILBHBj.exe
  2⤵
  PID:7156
- C:\Windows\System\KDCIXFf.exe
  C:\Windows\System\KDCIXFf.exe
  2⤵
  PID:2908
- C:\Windows\System\xDiPiPT.exe
  C:\Windows\System\xDiPiPT.exe
  2⤵
  PID:6192
- C:\Windows\System\MJcLUVR.exe
  C:\Windows\System\MJcLUVR.exe
  2⤵
  PID:6168
- C:\Windows\System\ZuhjEvK.exe
  C:\Windows\System\ZuhjEvK.exe
  2⤵
  PID:5872
- C:\Windows\System\GYMAIoU.exe
  C:\Windows\System\GYMAIoU.exe
  2⤵
  PID:6264
- C:\Windows\System\fObdhXX.exe
  C:\Windows\System\fObdhXX.exe
  2⤵
  PID:6340
- C:\Windows\System\srZDeWU.exe
  C:\Windows\System\srZDeWU.exe
  2⤵
  PID:6148
- C:\Windows\System\kazLCyS.exe
  C:\Windows\System\kazLCyS.exe
  2⤵
  PID:6368
- C:\Windows\System\vVuLJtG.exe
  C:\Windows\System\vVuLJtG.exe
  2⤵
  PID:6288
- C:\Windows\System\gXGVseI.exe
  C:\Windows\System\gXGVseI.exe
  2⤵
  PID:6436
- C:\Windows\System\VzYlRAO.exe
  C:\Windows\System\VzYlRAO.exe
  2⤵
  PID:6424
- C:\Windows\System\yzVvICd.exe
  C:\Windows\System\yzVvICd.exe
  2⤵
  PID:6220
- C:\Windows\System\RQCPHdZ.exe
  C:\Windows\System\RQCPHdZ.exe
  2⤵
  PID:6520
- C:\Windows\System\EMcYWAU.exe
  C:\Windows\System\EMcYWAU.exe
  2⤵
  PID:6536
- C:\Windows\System\uyyQOcn.exe
  C:\Windows\System\uyyQOcn.exe
  2⤵
  PID:6596
- C:\Windows\System\hnAnlHf.exe
  C:\Windows\System\hnAnlHf.exe
  2⤵
  PID:6576
- C:\Windows\System\hWHgzpC.exe
  C:\Windows\System\hWHgzpC.exe
  2⤵
  PID:6648
- C:\Windows\System\NCmBIkX.exe
  C:\Windows\System\NCmBIkX.exe
  2⤵
  PID:6668
- C:\Windows\System\gWlbeYB.exe
  C:\Windows\System\gWlbeYB.exe
  2⤵
  PID:6724
- C:\Windows\System\CAiNfCr.exe
  C:\Windows\System\CAiNfCr.exe
  2⤵
  PID:6708
- C:\Windows\System\isSuDLT.exe
  C:\Windows\System\isSuDLT.exe
  2⤵
  PID:6768
- C:\Windows\System\tJtGpQQ.exe
  C:\Windows\System\tJtGpQQ.exe
  2⤵
  PID:6788
- C:\Windows\System\hxQvgxR.exe
  C:\Windows\System\hxQvgxR.exe
  2⤵
  PID:6828
- C:\Windows\System\VlDLCXt.exe
  C:\Windows\System\VlDLCXt.exe
  2⤵
  PID:6480
- C:\Windows\System\GnpWGIo.exe
  C:\Windows\System\GnpWGIo.exe
  2⤵
  PID:6892
- C:\Windows\System\hqopeYv.exe
  C:\Windows\System\hqopeYv.exe
  2⤵
  PID:6908
- C:\Windows\System\IKSSPvD.exe
  C:\Windows\System\IKSSPvD.exe
  2⤵
  PID:6948
- C:\Windows\System\gVkMGLb.exe
  C:\Windows\System\gVkMGLb.exe
  2⤵
  PID:7008
- C:\Windows\System\KkmFEXc.exe
  C:\Windows\System\KkmFEXc.exe
  2⤵
  PID:7032
- C:\Windows\System\rKyoucq.exe
  C:\Windows\System\rKyoucq.exe
  2⤵
  PID:7072
- C:\Windows\System\XqRATsp.exe
  C:\Windows\System\XqRATsp.exe
  2⤵
  PID:7092
- C:\Windows\System\EzbxlHt.exe
  C:\Windows\System\EzbxlHt.exe
  2⤵
  PID:7128
- C:\Windows\System\fegPtpz.exe
  C:\Windows\System\fegPtpz.exe
  2⤵
  PID:7148
- C:\Windows\System\FeJetix.exe
  C:\Windows\System\FeJetix.exe
  2⤵
  PID:6240
- C:\Windows\System\SzQIHEq.exe
  C:\Windows\System\SzQIHEq.exe
  2⤵
  PID:6292
- C:\Windows\System\WjXAnKY.exe
  C:\Windows\System\WjXAnKY.exe
  2⤵
  PID:6216
- C:\Windows\System\GmeqKcU.exe
  C:\Windows\System\GmeqKcU.exe
  2⤵
  PID:6472
- C:\Windows\System\XlxZiAp.exe
  C:\Windows\System\XlxZiAp.exe
  2⤵
  PID:6484
- C:\Windows\System\qFumoIW.exe
  C:\Windows\System\qFumoIW.exe
  2⤵
  PID:6252
- C:\Windows\System\EdqRemG.exe
  C:\Windows\System\EdqRemG.exe
  2⤵
  PID:6516
- C:\Windows\System\wqfCCiV.exe
  C:\Windows\System\wqfCCiV.exe
  2⤵
  PID:6560
- C:\Windows\System\SWTNDnv.exe
  C:\Windows\System\SWTNDnv.exe
  2⤵
  PID:6344
- C:\Windows\System\vrYrILI.exe
  C:\Windows\System\vrYrILI.exe
  2⤵
  PID:6612
- C:\Windows\System\ZpVlrQw.exe
  C:\Windows\System\ZpVlrQw.exe
  2⤵
  PID:6720
- C:\Windows\System\hxzumyM.exe
  C:\Windows\System\hxzumyM.exe
  2⤵
  PID:6760
- C:\Windows\System\oECEfja.exe
  C:\Windows\System\oECEfja.exe
  2⤵
  PID:6824
- C:\Windows\System\tbycTqL.exe
  C:\Windows\System\tbycTqL.exe
  2⤵
  PID:6784
- C:\Windows\System\ymBiGGl.exe
  C:\Windows\System\ymBiGGl.exe
  2⤵
  PID:1156
- C:\Windows\System\VtvJxAc.exe
  C:\Windows\System\VtvJxAc.exe
  2⤵
  PID:6916
- C:\Windows\System\LGxrTYx.exe
  C:\Windows\System\LGxrTYx.exe
  2⤵
  PID:6988
- C:\Windows\System\Ohbelgj.exe
  C:\Windows\System\Ohbelgj.exe
  2⤵
  PID:7028
- C:\Windows\System\XDOAoYc.exe
  C:\Windows\System\XDOAoYc.exe
  2⤵
  PID:7068
- C:\Windows\System\QiYdNrT.exe
  C:\Windows\System\QiYdNrT.exe
  2⤵
  PID:7052
- C:\Windows\System\dwIxwaW.exe
  C:\Windows\System\dwIxwaW.exe
  2⤵
  PID:7144
- C:\Windows\System\QUaLIts.exe
  C:\Windows\System\QUaLIts.exe
  2⤵
  PID:6176
- C:\Windows\System\FwdHiJl.exe
  C:\Windows\System\FwdHiJl.exe
  2⤵
  PID:6380
- C:\Windows\System\DiOWMfi.exe
  C:\Windows\System\DiOWMfi.exe
  2⤵
  PID:6384
- C:\Windows\System\JdKRpSZ.exe
  C:\Windows\System\JdKRpSZ.exe
  2⤵
  PID:6556
- C:\Windows\System\kovkWwy.exe
  C:\Windows\System\kovkWwy.exe
  2⤵
  PID:6496
- C:\Windows\System\zgEGiJB.exe
  C:\Windows\System\zgEGiJB.exe
  2⤵
  PID:6652
- C:\Windows\System\vipJVJq.exe
  C:\Windows\System\vipJVJq.exe
  2⤵
  PID:6700
- C:\Windows\System\CqjjqQW.exe
  C:\Windows\System\CqjjqQW.exe
  2⤵
  PID:6840
- C:\Windows\System\BIfEVPE.exe
  C:\Windows\System\BIfEVPE.exe
  2⤵
  PID:6848
- C:\Windows\System\qTTKEqW.exe
  C:\Windows\System\qTTKEqW.exe
  2⤵
  PID:6952
- C:\Windows\System\ONYwEMA.exe
  C:\Windows\System\ONYwEMA.exe
  2⤵
  PID:5420
- C:\Windows\System\azuLhEQ.exe
  C:\Windows\System\azuLhEQ.exe
  2⤵
  PID:6272
- C:\Windows\System\GOnIzUc.exe
  C:\Windows\System\GOnIzUc.exe
  2⤵
  PID:6388
- C:\Windows\System\zzekYaR.exe
  C:\Windows\System\zzekYaR.exe
  2⤵
  PID:6248
- C:\Windows\System\cIKTBRR.exe
  C:\Windows\System\cIKTBRR.exe
  2⤵
  PID:6284
- C:\Windows\System\TElFXLf.exe
  C:\Windows\System\TElFXLf.exe
  2⤵
  PID:6456
- C:\Windows\System\NILWNVs.exe
  C:\Windows\System\NILWNVs.exe
  2⤵
  PID:6680
- C:\Windows\System\XsxLuDe.exe
  C:\Windows\System\XsxLuDe.exe
  2⤵
  PID:6808
- C:\Windows\System\RvVwKkA.exe
  C:\Windows\System\RvVwKkA.exe
  2⤵
  PID:6992
- C:\Windows\System\GVbXyNO.exe
  C:\Windows\System\GVbXyNO.exe
  2⤵
  PID:7124
- C:\Windows\System\huCTbOC.exe
  C:\Windows\System\huCTbOC.exe
  2⤵
  PID:3032
- C:\Windows\System\vTkeEVg.exe
  C:\Windows\System\vTkeEVg.exe
  2⤵
  PID:1492
- C:\Windows\System\dsjNKum.exe
  C:\Windows\System\dsjNKum.exe
  2⤵
  PID:6420
- C:\Windows\System\XSzdwwF.exe
  C:\Windows\System\XSzdwwF.exe
  2⤵
  PID:6812
- C:\Windows\System\hDhiQYv.exe
  C:\Windows\System\hDhiQYv.exe
  2⤵
  PID:7016
- C:\Windows\System\YlXTrxH.exe
  C:\Windows\System\YlXTrxH.exe
  2⤵
  PID:6300
- C:\Windows\System\eARvSxe.exe
  C:\Windows\System\eARvSxe.exe
  2⤵
  PID:6180
- C:\Windows\System\YXstYGl.exe
  C:\Windows\System\YXstYGl.exe
  2⤵
  PID:6888
- C:\Windows\System\QiiuMHM.exe
  C:\Windows\System\QiiuMHM.exe
  2⤵
  PID:6604
- C:\Windows\System\CDjcQJP.exe
  C:\Windows\System\CDjcQJP.exe
  2⤵
  PID:6336
- C:\Windows\System\TSAKKCu.exe
  C:\Windows\System\TSAKKCu.exe
  2⤵
  PID:6628
- C:\Windows\System\jZSGIqd.exe
  C:\Windows\System\jZSGIqd.exe
  2⤵
  PID:7140
- C:\Windows\System\FGztFYw.exe
  C:\Windows\System\FGztFYw.exe
  2⤵
  PID:7184
- C:\Windows\System\ZinRepF.exe
  C:\Windows\System\ZinRepF.exe
  2⤵
  PID:7208
- C:\Windows\System\iGqImJF.exe
  C:\Windows\System\iGqImJF.exe
  2⤵
  PID:7232
- C:\Windows\System\fCpnumf.exe
  C:\Windows\System\fCpnumf.exe
  2⤵
  PID:7248
- C:\Windows\System\ArkygjS.exe
  C:\Windows\System\ArkygjS.exe
  2⤵
  PID:7272
- C:\Windows\System\LLJUWMe.exe
  C:\Windows\System\LLJUWMe.exe
  2⤵
  PID:7288
- C:\Windows\System\SXHUKvh.exe
  C:\Windows\System\SXHUKvh.exe
  2⤵
  PID:7312
- C:\Windows\System\lCEixvk.exe
  C:\Windows\System\lCEixvk.exe
  2⤵
  PID:7328
- C:\Windows\System\VzvVrDD.exe
  C:\Windows\System\VzvVrDD.exe
  2⤵
  PID:7348
- C:\Windows\System\AMznSMZ.exe
  C:\Windows\System\AMznSMZ.exe
  2⤵
  PID:7364
- C:\Windows\System\VWxrxHY.exe
  C:\Windows\System\VWxrxHY.exe
  2⤵
  PID:7388
- C:\Windows\System\sZcAEPm.exe
  C:\Windows\System\sZcAEPm.exe
  2⤵
  PID:7408
- C:\Windows\System\dcJkHJr.exe
  C:\Windows\System\dcJkHJr.exe
  2⤵
  PID:7436
- C:\Windows\System\XPVTTeM.exe
  C:\Windows\System\XPVTTeM.exe
  2⤵
  PID:7452
- C:\Windows\System\dveMEHH.exe
  C:\Windows\System\dveMEHH.exe
  2⤵
  PID:7476
- C:\Windows\System\FsuETnh.exe
  C:\Windows\System\FsuETnh.exe
  2⤵
  PID:7492
- C:\Windows\System\lUzqpKO.exe
  C:\Windows\System\lUzqpKO.exe
  2⤵
  PID:7512
- C:\Windows\System\sjSIcNg.exe
  C:\Windows\System\sjSIcNg.exe
  2⤵
  PID:7528
- C:\Windows\System\HkTxonN.exe
  C:\Windows\System\HkTxonN.exe
  2⤵
  PID:7552
- C:\Windows\System\VAqCjkf.exe
  C:\Windows\System\VAqCjkf.exe
  2⤵
  PID:7568
- C:\Windows\System\aIdPGQc.exe
  C:\Windows\System\aIdPGQc.exe
  2⤵
  PID:7592
- C:\Windows\System\YAuEuVm.exe
  C:\Windows\System\YAuEuVm.exe
  2⤵
  PID:7612
- C:\Windows\System\sIOdNji.exe
  C:\Windows\System\sIOdNji.exe
  2⤵
  PID:7636
- C:\Windows\System\vNBPyos.exe
  C:\Windows\System\vNBPyos.exe
  2⤵
  PID:7652
- C:\Windows\System\AMhQjnV.exe
  C:\Windows\System\AMhQjnV.exe
  2⤵
  PID:7676
- C:\Windows\System\IwPcdMe.exe
  C:\Windows\System\IwPcdMe.exe
  2⤵
  PID:7692
- C:\Windows\System\rgtdTrU.exe
  C:\Windows\System\rgtdTrU.exe
  2⤵
  PID:7720
- C:\Windows\System\xVLsXiD.exe
  C:\Windows\System\xVLsXiD.exe
  2⤵
  PID:7736
- C:\Windows\System\GlFkGpQ.exe
  C:\Windows\System\GlFkGpQ.exe
  2⤵
  PID:7756
- C:\Windows\System\AabNycP.exe
  C:\Windows\System\AabNycP.exe
  2⤵
  PID:7772
- C:\Windows\System\jhAIBoY.exe
  C:\Windows\System\jhAIBoY.exe
  2⤵
  PID:7792
- C:\Windows\System\lFfqFzK.exe
  C:\Windows\System\lFfqFzK.exe
  2⤵
  PID:7808
- C:\Windows\System\WvHCInv.exe
  C:\Windows\System\WvHCInv.exe
  2⤵
  PID:7824
- C:\Windows\System\ueClALw.exe
  C:\Windows\System\ueClALw.exe
  2⤵
  PID:7840
- C:\Windows\System\LUPCFhl.exe
  C:\Windows\System\LUPCFhl.exe
  2⤵
  PID:7856
- C:\Windows\System\spAzfsk.exe
  C:\Windows\System\spAzfsk.exe
  2⤵
  PID:7872
- C:\Windows\System\EjpdjUm.exe
  C:\Windows\System\EjpdjUm.exe
  2⤵
  PID:7888
- C:\Windows\System\noLmldk.exe
  C:\Windows\System\noLmldk.exe
  2⤵
  PID:7904
- C:\Windows\System\ybKmvBg.exe
  C:\Windows\System\ybKmvBg.exe
  2⤵
  PID:7920
- C:\Windows\System\QaWgfMx.exe
  C:\Windows\System\QaWgfMx.exe
  2⤵
  PID:7936
- C:\Windows\System\nAqzuzr.exe
  C:\Windows\System\nAqzuzr.exe
  2⤵
  PID:7952
- C:\Windows\System\hXrlyDy.exe
  C:\Windows\System\hXrlyDy.exe
  2⤵
  PID:7968
- C:\Windows\System\fHgsPpJ.exe
  C:\Windows\System\fHgsPpJ.exe
  2⤵
  PID:7984
- C:\Windows\System\tlMaQFt.exe
  C:\Windows\System\tlMaQFt.exe
  2⤵
  PID:8000
- C:\Windows\System\GkBPFTc.exe
  C:\Windows\System\GkBPFTc.exe
  2⤵
  PID:8016
- C:\Windows\System\IftyJmz.exe
  C:\Windows\System\IftyJmz.exe
  2⤵
  PID:8032
- C:\Windows\System\EfIEdaG.exe
  C:\Windows\System\EfIEdaG.exe
  2⤵
  PID:8048
- C:\Windows\System\jNYUnki.exe
  C:\Windows\System\jNYUnki.exe
  2⤵
  PID:8064
- C:\Windows\System\KIfSiNo.exe
  C:\Windows\System\KIfSiNo.exe
  2⤵
  PID:8080
- C:\Windows\System\MHapSQL.exe
  C:\Windows\System\MHapSQL.exe
  2⤵
  PID:8108
- C:\Windows\System\BgJGRVA.exe
  C:\Windows\System\BgJGRVA.exe
  2⤵
  PID:8128
- C:\Windows\System\fovkwgx.exe
  C:\Windows\System\fovkwgx.exe
  2⤵
  PID:8144
- C:\Windows\System\ElKwFzT.exe
  C:\Windows\System\ElKwFzT.exe
  2⤵
  PID:8160
- C:\Windows\System\vDHVtBi.exe
  C:\Windows\System\vDHVtBi.exe
  2⤵
  PID:8176
- C:\Windows\System\WamxRal.exe
  C:\Windows\System\WamxRal.exe
  2⤵
  PID:7176
- C:\Windows\System\FTXCYyY.exe
  C:\Windows\System\FTXCYyY.exe
  2⤵
  PID:7216
- C:\Windows\System\gFFNsOK.exe
  C:\Windows\System\gFFNsOK.exe
  2⤵
  PID:7224
- C:\Windows\System\SyRCGDd.exe
  C:\Windows\System\SyRCGDd.exe
  2⤵
  PID:7244
- C:\Windows\System\GytSgDm.exe
  C:\Windows\System\GytSgDm.exe
  2⤵
  PID:7308
- C:\Windows\System\JdtfcML.exe
  C:\Windows\System\JdtfcML.exe
  2⤵
  PID:7372
- C:\Windows\System\GfmIXCc.exe
  C:\Windows\System\GfmIXCc.exe
  2⤵
  PID:7320
- C:\Windows\System\PKtIoZj.exe
  C:\Windows\System\PKtIoZj.exe
  2⤵
  PID:7404
- C:\Windows\System\zWxgkNa.exe
  C:\Windows\System\zWxgkNa.exe
  2⤵
  PID:7444
- C:\Windows\System\JMTHoid.exe
  C:\Windows\System\JMTHoid.exe
  2⤵
  PID:7464
- C:\Windows\System\CaWsltf.exe
  C:\Windows\System\CaWsltf.exe
  2⤵
  PID:7504
- C:\Windows\System\sZWWmlG.exe
  C:\Windows\System\sZWWmlG.exe
  2⤵
  PID:7540
- C:\Windows\System\SAbKhgi.exe
  C:\Windows\System\SAbKhgi.exe
  2⤵
  PID:7580
- C:\Windows\System\XntwOuM.exe
  C:\Windows\System\XntwOuM.exe
  2⤵
  PID:7560
- C:\Windows\System\HpqBJrL.exe
  C:\Windows\System\HpqBJrL.exe
  2⤵
  PID:7608
- C:\Windows\System\ZFrIMzl.exe
  C:\Windows\System\ZFrIMzl.exe
  2⤵
  PID:7632
- C:\Windows\System\MDbCEGz.exe
  C:\Windows\System\MDbCEGz.exe
  2⤵
  PID:7664
- C:\Windows\System\DmcyTkR.exe
  C:\Windows\System\DmcyTkR.exe
  2⤵
  PID:7684
- C:\Windows\System\nMWatVw.exe
  C:\Windows\System\nMWatVw.exe
  2⤵
  PID:7708
- C:\Windows\System\yTaYcZC.exe
  C:\Windows\System\yTaYcZC.exe
  2⤵
  PID:7732
- C:\Windows\System\PiOkLjQ.exe
  C:\Windows\System\PiOkLjQ.exe
  2⤵
  PID:7768
- C:\Windows\System\ORisbfQ.exe
  C:\Windows\System\ORisbfQ.exe
  2⤵
  PID:7820
- C:\Windows\System\avlOoNW.exe
  C:\Windows\System\avlOoNW.exe
  2⤵
  PID:7880
- C:\Windows\System\VLQoqjE.exe
  C:\Windows\System\VLQoqjE.exe
  2⤵
  PID:7864
- C:\Windows\System\uuFwfab.exe
  C:\Windows\System\uuFwfab.exe
  2⤵
  PID:7944
- C:\Windows\System\bEkNKzz.exe
  C:\Windows\System\bEkNKzz.exe
  2⤵
  PID:7976
- C:\Windows\System\bGZatFS.exe
  C:\Windows\System\bGZatFS.exe
  2⤵
  PID:8008
- C:\Windows\System\KstOikg.exe
  C:\Windows\System\KstOikg.exe
  2⤵
  PID:8024
- C:\Windows\System\ClAyYhL.exe
  C:\Windows\System\ClAyYhL.exe
  2⤵
  PID:8072
- C:\Windows\System\XFMJrtY.exe
  C:\Windows\System\XFMJrtY.exe
  2⤵
  PID:8104
- C:\Windows\System\brdRAdK.exe
  C:\Windows\System\brdRAdK.exe
  2⤵
  PID:8156
- C:\Windows\System\SlYADVg.exe
  C:\Windows\System\SlYADVg.exe
  2⤵
  PID:8168
- C:\Windows\System\YVZLYTq.exe
  C:\Windows\System\YVZLYTq.exe
  2⤵
  PID:6196
- C:\Windows\System\GiWCfCl.exe
  C:\Windows\System\GiWCfCl.exe
  2⤵
  PID:7264
- C:\Windows\System\baFNIFW.exe
  C:\Windows\System\baFNIFW.exe
  2⤵
  PID:7304
- C:\Windows\System\xrlsvik.exe
  C:\Windows\System\xrlsvik.exe
  2⤵
  PID:7356
- C:\Windows\System\qobdAcH.exe
  C:\Windows\System\qobdAcH.exe
  2⤵
  PID:7428
- C:\Windows\System\RSrYzjy.exe
  C:\Windows\System\RSrYzjy.exe
  2⤵
  PID:7548
- C:\Windows\System\VwrGjpL.exe
  C:\Windows\System\VwrGjpL.exe
  2⤵
  PID:7588
- C:\Windows\System\kRxgqMY.exe
  C:\Windows\System\kRxgqMY.exe
  2⤵
  PID:7600
- C:\Windows\System\nSzFeJb.exe
  C:\Windows\System\nSzFeJb.exe
  2⤵
  PID:7604
- C:\Windows\System\lKXXFNW.exe
  C:\Windows\System\lKXXFNW.exe
  2⤵
  PID:7716
- C:\Windows\System\ppJpHag.exe
  C:\Windows\System\ppJpHag.exe
  2⤵
  PID:7688
- C:\Windows\System\OySWTqo.exe
  C:\Windows\System\OySWTqo.exe
  2⤵
  PID:7804
- C:\Windows\System\HmZCBdn.exe
  C:\Windows\System\HmZCBdn.exe
  2⤵
  PID:7836
- C:\Windows\System\GTGvlbM.exe
  C:\Windows\System\GTGvlbM.exe
  2⤵
  PID:7960
- C:\Windows\System\tVCZQwn.exe
  C:\Windows\System\tVCZQwn.exe
  2⤵
  PID:7964
- C:\Windows\System\sLEbDqe.exe
  C:\Windows\System\sLEbDqe.exe
  2⤵
  PID:8040
- C:\Windows\System\bGWRtEy.exe
  C:\Windows\System\bGWRtEy.exe
  2⤵
  PID:8092
- C:\Windows\System\GmqmxJk.exe
  C:\Windows\System\GmqmxJk.exe
  2⤵
  PID:8124
- C:\Windows\System\RplagRa.exe
  C:\Windows\System\RplagRa.exe
  2⤵
  PID:7788
- C:\Windows\System\ToVjjEr.exe
  C:\Windows\System\ToVjjEr.exe
  2⤵
  PID:7284
- C:\Windows\System\jMoBAQl.exe
  C:\Windows\System\jMoBAQl.exe
  2⤵
  PID:7300
- C:\Windows\System\hdNIbpo.exe
  C:\Windows\System\hdNIbpo.exe
  2⤵
  PID:7344
- C:\Windows\System\BbvpQZt.exe
  C:\Windows\System\BbvpQZt.exe
  2⤵
  PID:7468
- C:\Windows\System\CzEQNsQ.exe
  C:\Windows\System\CzEQNsQ.exe
  2⤵
  PID:7524
- C:\Windows\System\nuhIyqJ.exe
  C:\Windows\System\nuhIyqJ.exe
  2⤵
  PID:7728
- C:\Windows\System\XTZtxHY.exe
  C:\Windows\System\XTZtxHY.exe
  2⤵
  PID:7916
- C:\Windows\System\ucUqUzn.exe
  C:\Windows\System\ucUqUzn.exe
  2⤵
  PID:7816
- C:\Windows\System\OVKOjZG.exe
  C:\Windows\System\OVKOjZG.exe
  2⤵
  PID:8096
- C:\Windows\System\chjoqwM.exe
  C:\Windows\System\chjoqwM.exe
  2⤵
  PID:8152
- C:\Windows\System\mCLDjeV.exe
  C:\Windows\System\mCLDjeV.exe
  2⤵
  PID:7420
- C:\Windows\System\UHeYLLu.exe
  C:\Windows\System\UHeYLLu.exe
  2⤵
  PID:7432
- C:\Windows\System\sHAhljf.exe
  C:\Windows\System\sHAhljf.exe
  2⤵
  PID:7460
- C:\Windows\System\aZAQRXx.exe
  C:\Windows\System\aZAQRXx.exe
  2⤵
  PID:7752
- C:\Windows\System\sssIyVW.exe
  C:\Windows\System\sssIyVW.exe
  2⤵
  PID:8076
- C:\Windows\System\zWWZGVY.exe
  C:\Windows\System\zWWZGVY.exe
  2⤵
  PID:8184
- C:\Windows\System\esPgAJL.exe
  C:\Windows\System\esPgAJL.exe
  2⤵
  PID:7296
- C:\Windows\System\KLGDQOM.exe
  C:\Windows\System\KLGDQOM.exe
  2⤵
  PID:7712
- C:\Windows\System\dJpVgRT.exe
  C:\Windows\System\dJpVgRT.exe
  2⤵
  PID:7648
- C:\Windows\System\luZBBIt.exe
  C:\Windows\System\luZBBIt.exe
  2⤵
  PID:7500
- C:\Windows\System\EpclhSm.exe
  C:\Windows\System\EpclhSm.exe
  2⤵
  PID:7204
- C:\Windows\System\ZXmIXQz.exe
  C:\Windows\System\ZXmIXQz.exe
  2⤵
  PID:8208
- C:\Windows\System\LnahzMc.exe
  C:\Windows\System\LnahzMc.exe
  2⤵
  PID:8228
- C:\Windows\System\zaLEuDE.exe
  C:\Windows\System\zaLEuDE.exe
  2⤵
  PID:8244
- C:\Windows\System\whIuael.exe
  C:\Windows\System\whIuael.exe
  2⤵
  PID:8260
- C:\Windows\System\KmaMCkp.exe
  C:\Windows\System\KmaMCkp.exe
  2⤵
  PID:8276
- C:\Windows\System\JuIIjrT.exe
  C:\Windows\System\JuIIjrT.exe
  2⤵
  PID:8292
- C:\Windows\System\ANOiWTR.exe
  C:\Windows\System\ANOiWTR.exe
  2⤵
  PID:8316
- C:\Windows\System\YnCJkbT.exe
  C:\Windows\System\YnCJkbT.exe
  2⤵
  PID:8332
- C:\Windows\System\wUSjfeS.exe
  C:\Windows\System\wUSjfeS.exe
  2⤵
  PID:8348
- C:\Windows\System\RKsWXbZ.exe
  C:\Windows\System\RKsWXbZ.exe
  2⤵
  PID:8364
- C:\Windows\System\BIznhDM.exe
  C:\Windows\System\BIznhDM.exe
  2⤵
  PID:8380
- C:\Windows\System\zTkPVtz.exe
  C:\Windows\System\zTkPVtz.exe
  2⤵
  PID:8408
- C:\Windows\System\qhRhrJg.exe
  C:\Windows\System\qhRhrJg.exe
  2⤵
  PID:8428
- C:\Windows\System\WPCjmzI.exe
  C:\Windows\System\WPCjmzI.exe
  2⤵
  PID:8452
- C:\Windows\System\tgEkBiN.exe
  C:\Windows\System\tgEkBiN.exe
  2⤵
  PID:8468
- C:\Windows\System\jfVoLCj.exe
  C:\Windows\System\jfVoLCj.exe
  2⤵
  PID:8484
- C:\Windows\System\SrfAiop.exe
  C:\Windows\System\SrfAiop.exe
  2⤵
  PID:8500
- C:\Windows\System\lSTJzhd.exe
  C:\Windows\System\lSTJzhd.exe
  2⤵
  PID:8516
- C:\Windows\System\ugwTvWg.exe
  C:\Windows\System\ugwTvWg.exe
  2⤵
  PID:8532
- C:\Windows\System\emeSZOh.exe
  C:\Windows\System\emeSZOh.exe
  2⤵
  PID:8548
- C:\Windows\System\hCeWaEV.exe
  C:\Windows\System\hCeWaEV.exe
  2⤵
  PID:8564
- C:\Windows\System\rnxUTRX.exe
  C:\Windows\System\rnxUTRX.exe
  2⤵
  PID:8584
- C:\Windows\System\GfceyOp.exe
  C:\Windows\System\GfceyOp.exe
  2⤵
  PID:8604
- C:\Windows\System\lbPwlWY.exe
  C:\Windows\System\lbPwlWY.exe
  2⤵
  PID:8620
- C:\Windows\System\bbTTMoO.exe
  C:\Windows\System\bbTTMoO.exe
  2⤵
  PID:8640
- C:\Windows\System\RjIGiOh.exe
  C:\Windows\System\RjIGiOh.exe
  2⤵
  PID:8656
- C:\Windows\System\erzzHFC.exe
  C:\Windows\System\erzzHFC.exe
  2⤵
  PID:8676
- C:\Windows\System\EYCfiXb.exe
  C:\Windows\System\EYCfiXb.exe
  2⤵
  PID:8696
- C:\Windows\System\cLiVDSR.exe
  C:\Windows\System\cLiVDSR.exe
  2⤵
  PID:8716
- C:\Windows\System\IVrSvIH.exe
  C:\Windows\System\IVrSvIH.exe
  2⤵
  PID:8736
- C:\Windows\System\iLAFPCH.exe
  C:\Windows\System\iLAFPCH.exe
  2⤵
  PID:8752
- C:\Windows\System\hIZPAHk.exe
  C:\Windows\System\hIZPAHk.exe
  2⤵
  PID:8768
- C:\Windows\System\eIehDFX.exe
  C:\Windows\System\eIehDFX.exe
  2⤵
  PID:8784
- C:\Windows\System\pHMlSGI.exe
  C:\Windows\System\pHMlSGI.exe
  2⤵
  PID:8812
- C:\Windows\System\YmptTEK.exe
  C:\Windows\System\YmptTEK.exe
  2⤵
  PID:8828
- C:\Windows\System\LDSdtIl.exe
  C:\Windows\System\LDSdtIl.exe
  2⤵
  PID:8844
- C:\Windows\System\votbLCB.exe
  C:\Windows\System\votbLCB.exe
  2⤵
  PID:8860
- C:\Windows\System\hPvejBp.exe
  C:\Windows\System\hPvejBp.exe
  2⤵
  PID:8876
- C:\Windows\System\JUeXxgF.exe
  C:\Windows\System\JUeXxgF.exe
  2⤵
  PID:8892
- C:\Windows\System\FrxguWg.exe
  C:\Windows\System\FrxguWg.exe
  2⤵
  PID:8908
- C:\Windows\System\fugvUTO.exe
  C:\Windows\System\fugvUTO.exe
  2⤵
  PID:8924
- C:\Windows\System\MhfUmkl.exe
  C:\Windows\System\MhfUmkl.exe
  2⤵
  PID:8940
- C:\Windows\System\HEySJQc.exe
  C:\Windows\System\HEySJQc.exe
  2⤵
  PID:8956
- C:\Windows\System\eAnghUm.exe
  C:\Windows\System\eAnghUm.exe
  2⤵
  PID:8976
- C:\Windows\System\ExKnIBA.exe
  C:\Windows\System\ExKnIBA.exe
  2⤵
  PID:8992
- C:\Windows\System\ASawiBc.exe
  C:\Windows\System\ASawiBc.exe
  2⤵
  PID:9008
- C:\Windows\System\JNvuLvL.exe
  C:\Windows\System\JNvuLvL.exe
  2⤵
  PID:9024
- C:\Windows\System\EjpQrko.exe
  C:\Windows\System\EjpQrko.exe
  2⤵
  PID:9040
- C:\Windows\System\HotLfKd.exe
  C:\Windows\System\HotLfKd.exe
  2⤵
  PID:9056
- C:\Windows\System\wbiCtAe.exe
  C:\Windows\System\wbiCtAe.exe
  2⤵
  PID:9072
- C:\Windows\System\TwtMdCB.exe
  C:\Windows\System\TwtMdCB.exe
  2⤵
  PID:9088
- C:\Windows\System\DzJOrVF.exe
  C:\Windows\System\DzJOrVF.exe
  2⤵
  PID:9104
- C:\Windows\System\ridfNRA.exe
  C:\Windows\System\ridfNRA.exe
  2⤵
  PID:9120
- C:\Windows\System\CRxcZMe.exe
  C:\Windows\System\CRxcZMe.exe
  2⤵
  PID:9136
- C:\Windows\System\iSlGdwx.exe
  C:\Windows\System\iSlGdwx.exe
  2⤵
  PID:9152
- C:\Windows\System\xqxtnLP.exe
  C:\Windows\System\xqxtnLP.exe
  2⤵
  PID:9168
- C:\Windows\System\UOWucSx.exe
  C:\Windows\System\UOWucSx.exe
  2⤵
  PID:9184
- C:\Windows\System\vUSeHZY.exe
  C:\Windows\System\vUSeHZY.exe
  2⤵
  PID:9200
- C:\Windows\System\CjgJTWO.exe
  C:\Windows\System\CjgJTWO.exe
  2⤵
  PID:7192
- C:\Windows\System\MkvUjCj.exe
  C:\Windows\System\MkvUjCj.exe
  2⤵
  PID:8116
- C:\Windows\System\nAcwVbW.exe
  C:\Windows\System\nAcwVbW.exe
  2⤵
  PID:8272
- C:\Windows\System\mmxIIWA.exe
  C:\Windows\System\mmxIIWA.exe
  2⤵
  PID:8288
- C:\Windows\System\DXPkcmo.exe
  C:\Windows\System\DXPkcmo.exe
  2⤵
  PID:8308
- C:\Windows\System\VEEaglX.exe
  C:\Windows\System\VEEaglX.exe
  2⤵
  PID:8312
- C:\Windows\System\waWXKuF.exe
  C:\Windows\System\waWXKuF.exe
  2⤵
  PID:8344
- C:\Windows\System\OGSzMPO.exe
  C:\Windows\System\OGSzMPO.exe
  2⤵
  PID:8360
- C:\Windows\System\oWVgGLV.exe
  C:\Windows\System\oWVgGLV.exe
  2⤵
  PID:8404
- C:\Windows\System\OrddbKs.exe
  C:\Windows\System\OrddbKs.exe
  2⤵
  PID:8424
- C:\Windows\System\foePgWQ.exe
  C:\Windows\System\foePgWQ.exe
  2⤵
  PID:8480
- C:\Windows\System\hqGmTfq.exe
  C:\Windows\System\hqGmTfq.exe
  2⤵
  PID:8444
- C:\Windows\System\fjuOjGP.exe
  C:\Windows\System\fjuOjGP.exe
  2⤵
  PID:8540
- C:\Windows\System\OIhfHdw.exe
  C:\Windows\System\OIhfHdw.exe
  2⤵
  PID:8572
- C:\Windows\System\nkpKhMS.exe
  C:\Windows\System\nkpKhMS.exe
  2⤵
  PID:8580
- C:\Windows\System\HNKSwjh.exe
  C:\Windows\System\HNKSwjh.exe
  2⤵
  PID:8632
- C:\Windows\System\bfIpfcM.exe
  C:\Windows\System\bfIpfcM.exe
  2⤵
  PID:8692
- C:\Windows\System\paVFfai.exe
  C:\Windows\System\paVFfai.exe
  2⤵
  PID:8776
- C:\Windows\System\QUubawC.exe
  C:\Windows\System\QUubawC.exe
  2⤵
  PID:8792
- C:\Windows\System\ETuoiDI.exe
  C:\Windows\System\ETuoiDI.exe
  2⤵
  PID:8760
- C:\Windows\System\LaSoGKC.exe
  C:\Windows\System\LaSoGKC.exe
  2⤵
  PID:8824
- C:\Windows\System\JaiWmjs.exe
  C:\Windows\System\JaiWmjs.exe
  2⤵
  PID:8856
- C:\Windows\System\DpxqZiz.exe
  C:\Windows\System\DpxqZiz.exe
  2⤵
  PID:8920
- C:\Windows\System\zJfXeFG.exe
  C:\Windows\System\zJfXeFG.exe
  2⤵
  PID:8952
- C:\Windows\System\lpwEzIZ.exe
  C:\Windows\System\lpwEzIZ.exe
  2⤵
  PID:9016
- C:\Windows\System\kdrNPoi.exe
  C:\Windows\System\kdrNPoi.exe
  2⤵
  PID:9032
- C:\Windows\System\hWxUTxR.exe
  C:\Windows\System\hWxUTxR.exe
  2⤵
  PID:9084
- C:\Windows\System\pTdxUlD.exe
  C:\Windows\System\pTdxUlD.exe
  2⤵
  PID:9116
- C:\Windows\System\YdDdMGx.exe
  C:\Windows\System\YdDdMGx.exe
  2⤵
  PID:9128
- C:\Windows\System\MonZyUo.exe
  C:\Windows\System\MonZyUo.exe
  2⤵
  PID:9160
- C:\Windows\System\oWtmnDj.exe
  C:\Windows\System\oWtmnDj.exe
  2⤵
  PID:9208
- C:\Windows\System\MzfzMzs.exe
  C:\Windows\System\MzfzMzs.exe
  2⤵
  PID:9192
- C:\Windows\System\ivGFNnV.exe
  C:\Windows\System\ivGFNnV.exe
  2⤵
  PID:8268
- C:\Windows\System\FnuEtFb.exe
  C:\Windows\System\FnuEtFb.exe
  2⤵
  PID:8252
- C:\Windows\System\baWeANf.exe
  C:\Windows\System\baWeANf.exe
  2⤵
  PID:8392
- C:\Windows\System\IJyzcZg.exe
  C:\Windows\System\IJyzcZg.exe
  2⤵
  PID:8420
- C:\Windows\System\hRswQKw.exe
  C:\Windows\System\hRswQKw.exe
  2⤵
  PID:8496
- C:\Windows\System\KWhLpXE.exe
  C:\Windows\System\KWhLpXE.exe
  2⤵
  PID:8596
- C:\Windows\System\PjvYstb.exe
  C:\Windows\System\PjvYstb.exe
  2⤵
  PID:8652
- C:\Windows\System\JPqXake.exe
  C:\Windows\System\JPqXake.exe
  2⤵
  PID:8616
- C:\Windows\System\LkpSqaO.exe
  C:\Windows\System\LkpSqaO.exe
  2⤵
  PID:8820
- C:\Windows\System\qOkCwmv.exe
  C:\Windows\System\qOkCwmv.exe
  2⤵
  PID:8240
- C:\Windows\System\AZlZDER.exe
  C:\Windows\System\AZlZDER.exe
  2⤵
  PID:8376
- C:\Windows\System\ykvwenD.exe
  C:\Windows\System\ykvwenD.exe
  2⤵
  PID:8476
- C:\Windows\System\fERMODA.exe
  C:\Windows\System\fERMODA.exe
  2⤵
  PID:8592
- C:\Windows\System\huTuXzg.exe
  C:\Windows\System\huTuXzg.exe
  2⤵
  PID:8672
- C:\Windows\System\olGkvWK.exe
  C:\Windows\System\olGkvWK.exe
  2⤵
  PID:8636
- C:\Windows\System\OoNzZNW.exe
  C:\Windows\System\OoNzZNW.exe
  2⤵
  PID:8732
- C:\Windows\System\xskuNWw.exe
  C:\Windows\System\xskuNWw.exe
  2⤵
  PID:8888
- C:\Windows\System\UFkTHod.exe
  C:\Windows\System\UFkTHod.exe
  2⤵
  PID:8916
- C:\Windows\System\IWBtRDu.exe
  C:\Windows\System\IWBtRDu.exe
  2⤵
  PID:8984
- C:\Windows\System\JUFrRFY.exe
  C:\Windows\System\JUFrRFY.exe
  2⤵
  PID:9096
- C:\Windows\System\rwvdiRu.exe
  C:\Windows\System\rwvdiRu.exe
  2⤵
  PID:9180
- C:\Windows\System\OKXTvVD.exe
  C:\Windows\System\OKXTvVD.exe
  2⤵
  PID:8236
- C:\Windows\System\NPoczya.exe
  C:\Windows\System\NPoczya.exe
  2⤵
  PID:9064
- C:\Windows\System\YQBAHKe.exe
  C:\Windows\System\YQBAHKe.exe
  2⤵
  PID:8284
- C:\Windows\System\gzQNlXy.exe
  C:\Windows\System\gzQNlXy.exe
  2⤵
  PID:8528
- C:\Windows\System\aAskYot.exe
  C:\Windows\System\aAskYot.exe
  2⤵
  PID:8748
- C:\Windows\System\iatzfHa.exe
  C:\Windows\System\iatzfHa.exe
  2⤵
  PID:8852
- C:\Windows\System\BhbpMSJ.exe
  C:\Windows\System\BhbpMSJ.exe
  2⤵
  PID:8904
- C:\Windows\System\TrPjLAG.exe
  C:\Windows\System\TrPjLAG.exe
  2⤵
  PID:8948
- C:\Windows\System\mxgzHBL.exe
  C:\Windows\System\mxgzHBL.exe
  2⤵
  PID:8200
- C:\Windows\System\YMniYuX.exe
  C:\Windows\System\YMniYuX.exe
  2⤵
  PID:8668
- C:\Windows\System\akadFLN.exe
  C:\Windows\System\akadFLN.exe
  2⤵
  PID:8684
- C:\Windows\System\ljTVdpS.exe
  C:\Windows\System\ljTVdpS.exe
  2⤵
  PID:8868
- C:\Windows\System\YJibOrI.exe
  C:\Windows\System\YJibOrI.exe
  2⤵
  PID:8224
- C:\Windows\System\jsbxhdD.exe
  C:\Windows\System\jsbxhdD.exe
  2⤵
  PID:8512
- C:\Windows\System\hlvLZaf.exe
  C:\Windows\System\hlvLZaf.exe
  2⤵
  PID:8400
- C:\Windows\System\nlheDYn.exe
  C:\Windows\System\nlheDYn.exe
  2⤵
  PID:9228
- C:\Windows\System\WSZwyex.exe
  C:\Windows\System\WSZwyex.exe
  2⤵
  PID:9244
- C:\Windows\System\CnFxhMR.exe
  C:\Windows\System\CnFxhMR.exe
  2⤵
  PID:9260
- C:\Windows\System\oQCKOoo.exe
  C:\Windows\System\oQCKOoo.exe
  2⤵
  PID:9276
- C:\Windows\System\dhJVfNw.exe
  C:\Windows\System\dhJVfNw.exe
  2⤵
  PID:9300
- C:\Windows\System\LHNdPxl.exe
  C:\Windows\System\LHNdPxl.exe
  2⤵
  PID:9316
- C:\Windows\System\jRyzZpO.exe
  C:\Windows\System\jRyzZpO.exe
  2⤵
  PID:9332
- C:\Windows\System\oYcboen.exe
  C:\Windows\System\oYcboen.exe
  2⤵
  PID:9348
- C:\Windows\System\ISAQAxf.exe
  C:\Windows\System\ISAQAxf.exe
  2⤵
  PID:9368
- C:\Windows\System\hpnZTxs.exe
  C:\Windows\System\hpnZTxs.exe
  2⤵
  PID:9384
- C:\Windows\System\vlGQgTH.exe
  C:\Windows\System\vlGQgTH.exe
  2⤵
  PID:9400
- C:\Windows\System\dkdDogH.exe
  C:\Windows\System\dkdDogH.exe
  2⤵
  PID:9416
- C:\Windows\System\Nbrozui.exe
  C:\Windows\System\Nbrozui.exe
  2⤵
  PID:9432
- C:\Windows\System\WZimVxS.exe
  C:\Windows\System\WZimVxS.exe
  2⤵
  PID:9448
- C:\Windows\System\DmPumZE.exe
  C:\Windows\System\DmPumZE.exe
  2⤵
  PID:9464
- C:\Windows\System\EVSMtCt.exe
  C:\Windows\System\EVSMtCt.exe
  2⤵
  PID:9480
- C:\Windows\System\fGfaztM.exe
  C:\Windows\System\fGfaztM.exe
  2⤵
  PID:9504
- C:\Windows\System\HdsEDtl.exe
  C:\Windows\System\HdsEDtl.exe
  2⤵
  PID:9520
- C:\Windows\System\OVeSTMD.exe
  C:\Windows\System\OVeSTMD.exe
  2⤵
  PID:9540
- C:\Windows\System\GbQFoOO.exe
  C:\Windows\System\GbQFoOO.exe
  2⤵
  PID:9556
- C:\Windows\System\VaqDpcm.exe
  C:\Windows\System\VaqDpcm.exe
  2⤵
  PID:9572
- C:\Windows\System\AqbHSSV.exe
  C:\Windows\System\AqbHSSV.exe
  2⤵
  PID:9588
- C:\Windows\System\kytqFoh.exe
  C:\Windows\System\kytqFoh.exe
  2⤵
  PID:9604
- C:\Windows\System\ZkAEBwA.exe
  C:\Windows\System\ZkAEBwA.exe
  2⤵
  PID:9620
- C:\Windows\System\HJofmqW.exe
  C:\Windows\System\HJofmqW.exe
  2⤵
  PID:9636
- C:\Windows\System\yhsSuEX.exe
  C:\Windows\System\yhsSuEX.exe
  2⤵
  PID:9652
- C:\Windows\System\ToVHnnK.exe
  C:\Windows\System\ToVHnnK.exe
  2⤵
  PID:9668
- C:\Windows\System\DzXoTiq.exe
  C:\Windows\System\DzXoTiq.exe
  2⤵
  PID:9684
- C:\Windows\System\xrmgtbD.exe
  C:\Windows\System\xrmgtbD.exe
  2⤵
  PID:10056
- C:\Windows\System\gPdpblB.exe
  C:\Windows\System\gPdpblB.exe
  2⤵
  PID:10104
- C:\Windows\System\pQYoXXr.exe
  C:\Windows\System\pQYoXXr.exe
  2⤵
  PID:10176
- C:\Windows\System\CHsncVH.exe
  C:\Windows\System\CHsncVH.exe
  2⤵
  PID:10200
- C:\Windows\System\SoXtFRW.exe
  C:\Windows\System\SoXtFRW.exe
  2⤵
  PID:10220
- C:\Windows\System\AULbjIK.exe
  C:\Windows\System\AULbjIK.exe
  2⤵
  PID:10236
- C:\Windows\System\WxzVpZd.exe
  C:\Windows\System\WxzVpZd.exe
  2⤵
  PID:8932
- C:\Windows\System\uzqLofj.exe
  C:\Windows\System\uzqLofj.exe
  2⤵
  PID:9236
- C:\Windows\System\eRHziPF.exe
  C:\Windows\System\eRHziPF.exe
  2⤵
  PID:9292
- C:\Windows\System\gbqWSjS.exe
  C:\Windows\System\gbqWSjS.exe
  2⤵
  PID:9308
- C:\Windows\System\AuufxRR.exe
  C:\Windows\System\AuufxRR.exe
  2⤵
  PID:9356
- C:\Windows\System\mnOodha.exe
  C:\Windows\System\mnOodha.exe
  2⤵
  PID:9380
- C:\Windows\System\AazUTRh.exe
  C:\Windows\System\AazUTRh.exe
  2⤵
  PID:9456
- C:\Windows\System\KsjFjlU.exe
  C:\Windows\System\KsjFjlU.exe
  2⤵
  PID:9444
- C:\Windows\System\owETJQs.exe
  C:\Windows\System\owETJQs.exe
  2⤵
  PID:9496
- C:\Windows\System\oHBnaEq.exe
  C:\Windows\System\oHBnaEq.exe
  2⤵
  PID:9536
- C:\Windows\System\wbnLyJw.exe
  C:\Windows\System\wbnLyJw.exe
  2⤵
  PID:9580
- C:\Windows\System\DPENVcu.exe
  C:\Windows\System\DPENVcu.exe
  2⤵
  PID:9628
- C:\Windows\System\JiAgJnn.exe
  C:\Windows\System\JiAgJnn.exe
  2⤵
  PID:9648
- C:\Windows\System\oMkQlUK.exe
  C:\Windows\System\oMkQlUK.exe
  2⤵
  PID:9700
- C:\Windows\System\QsanJuL.exe
  C:\Windows\System\QsanJuL.exe
  2⤵
  PID:9720
- C:\Windows\System\ZBWcJYq.exe
  C:\Windows\System\ZBWcJYq.exe
  2⤵
  PID:9732
- C:\Windows\System\WYecEyp.exe
  C:\Windows\System\WYecEyp.exe
  2⤵
  PID:9760
- C:\Windows\System\FjMqMmi.exe
  C:\Windows\System\FjMqMmi.exe
  2⤵
  PID:9776
- C:\Windows\System\OCgQiam.exe
  C:\Windows\System\OCgQiam.exe
  2⤵
  PID:9792
- C:\Windows\System\YGtNVMz.exe
  C:\Windows\System\YGtNVMz.exe
  2⤵
  PID:9828
- C:\Windows\System\aSFDein.exe
  C:\Windows\System\aSFDein.exe
  2⤵
  PID:9844
- C:\Windows\System\iIMYybQ.exe
  C:\Windows\System\iIMYybQ.exe
  2⤵
  PID:9860
- C:\Windows\System\BaIOpDT.exe
  C:\Windows\System\BaIOpDT.exe
  2⤵
  PID:9880
- C:\Windows\System\frkQlct.exe
  C:\Windows\System\frkQlct.exe
  2⤵
  PID:9900
- C:\Windows\System\uxXpYZT.exe
  C:\Windows\System\uxXpYZT.exe
  2⤵
  PID:9928
- C:\Windows\System\yoKRCbA.exe
  C:\Windows\System\yoKRCbA.exe
  2⤵
  PID:9944
- C:\Windows\System\NPQeutC.exe
  C:\Windows\System\NPQeutC.exe
  2⤵
  PID:9964
- C:\Windows\System\KsJxZLm.exe
  C:\Windows\System\KsJxZLm.exe
  2⤵
  PID:9984
- C:\Windows\System\goLrTqz.exe
  C:\Windows\System\goLrTqz.exe
  2⤵
  PID:10000
- C:\Windows\System\DWoIpGe.exe
  C:\Windows\System\DWoIpGe.exe
  2⤵
  PID:10020
- C:\Windows\System\iZiOeVA.exe
  C:\Windows\System\iZiOeVA.exe
  2⤵
  PID:10024
- C:\Windows\System\zornCFd.exe
  C:\Windows\System\zornCFd.exe
  2⤵
  PID:9696
- C:\Windows\System\vBjKMpx.exe
  C:\Windows\System\vBjKMpx.exe
  2⤵
  PID:10080
- C:\Windows\System\zGAhkGU.exe
  C:\Windows\System\zGAhkGU.exe
  2⤵
  PID:10124
- C:\Windows\System\OHRbvsP.exe
  C:\Windows\System\OHRbvsP.exe
  2⤵
  PID:10136
- C:\Windows\System\qBAVQgf.exe
  C:\Windows\System\qBAVQgf.exe
  2⤵
  PID:10152
- C:\Windows\System\kidgleI.exe
  C:\Windows\System\kidgleI.exe
  2⤵
  PID:10172
- C:\Windows\System\twZbxCo.exe
  C:\Windows\System\twZbxCo.exe
  2⤵
  PID:10212
- C:\Windows\System\HXKlZTQ.exe
  C:\Windows\System\HXKlZTQ.exe
  2⤵
  PID:9164
- C:\Windows\System\cFtoWrM.exe
  C:\Windows\System\cFtoWrM.exe
  2⤵
  PID:9284
- C:\Windows\System\WHTtzNS.exe
  C:\Windows\System\WHTtzNS.exe
  2⤵
  PID:9312
- C:\Windows\System\IuRtaUN.exe
  C:\Windows\System\IuRtaUN.exe
  2⤵
  PID:9340
- C:\Windows\System\YNKHByU.exe
  C:\Windows\System\YNKHByU.exe
  2⤵
  PID:9440
- C:\Windows\System\QbVhzFM.exe
  C:\Windows\System\QbVhzFM.exe
  2⤵
  PID:972
- C:\Windows\System\GYBhFMV.exe
  C:\Windows\System\GYBhFMV.exe
  2⤵
  PID:9564
- C:\Windows\System\GMATwdA.exe
  C:\Windows\System\GMATwdA.exe
  2⤵
  PID:9612
- C:\Windows\System\kHUfgVn.exe
  C:\Windows\System\kHUfgVn.exe
  2⤵
  PID:9712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BJwRaEI.exe

Filesize
6.0MB

MD5
e7e88e0633f2fff47df3297ab0ae435c

SHA1
1d2c95cdf84e65341ba65fbb98cdf10ad2b7ab81

SHA256
af4aaa8b0714f2c9b18f6692f3aceea5162be21c20aa5d0fd0fa53b57512f4ba

SHA512
43cc99301900d40bb79d84b78563b90ba3ba3a1039e1d172a2199fff1155108964dc2f924b49eaea84cc8ebc33aa497d980ceb24679a12554ac36a34614d3e1f

Download Submit
C:\Windows\system\ERXUXkR.exe

Filesize
6.0MB

MD5
a668533dc1eb4a46e3ccb4edfe73eb55

SHA1
02f1ee37fb40f852fae6551a5ca6c5dc63e26e8d

SHA256
80dd70731aa5ec89c027fd49aa87349507f4ed55ae8fa96cf8b4b162e366e291

SHA512
b5ca8957e005f5ee0c896b044de17e17d9579041c53ffc63e915fc2d1164f57742a1f877f75f7346e9f5495d2823429d181bf0668912cc6207488b366719f3f0

Download Submit
C:\Windows\system\FfciPAb.exe

Filesize
6.0MB

MD5
568a9ce3a5bb1c6504c781f236251f3f

SHA1
ba3a77a68200b8befda718047d8a7ec9a4bffe75

SHA256
59ba5112a7d4ca909eb48b9337751f95f949058ba53a463216bfa1651e2c77a3

SHA512
7493f153de26da5af8127a07fc00100757fb4b7816a6d93b237eeea55f8a9583de14d30f920ed783dee64024a09f4f1d798d4224f0e16a7970cf1221a5eafdc1

Download Submit
C:\Windows\system\ILnLElq.exe

Filesize
6.0MB

MD5
052cde1f94c445d162f313c489c76dfb

SHA1
2ee6acb8a4b1aa94849a6aab891f3d9baabdd506

SHA256
6f61df6d1cc499ad4ccffd44293bdfdb038e50e7cf0261476b9f52e30ca77400

SHA512
f57779adcd9b03a18cc6c0b3cab14b0fcc8a5f5335445794d273d69da6e3249da15e5ba315e29f549005b6c28c56a6b7768af50970ede47a0eae99b169b110f2

Download Submit
C:\Windows\system\OAvgJbH.exe

Filesize
6.0MB

MD5
3d68406f1f2965ca45516542ede5407f

SHA1
55da7e024b46d1655398a4df669e50918e34bb5c

SHA256
b5ed92e546f3eb9c6648e4423acd15ffba128d035eaf0ace4000c31a0cb00943

SHA512
1fd5c324f5836081b145c5568180e12cf47dbaf3a335a7ec86926f90edd70413593dafcb55b07d8ab55826360bbc2da1e91573b8bf7baed9cc03a75b5bf282ce

Download Submit
C:\Windows\system\PbZZOph.exe

Filesize
6.0MB

MD5
f9a5d4461e121a71124815e7b67613d7

SHA1
57441ba6bb75b7059250e247f55471e73c1173ce

SHA256
beff853df95f0d14ebef239541fe5f675cb44610bff8793bdf85c43662d1a60a

SHA512
8c51b381bd149c1af84a3be3383ceed21c19f2e58e780e5f4cc08bb64f1eb9fe7290db23931388d8ded7956715daba0d52978518773c9de2ba5dcf01f22c5a28

Download Submit
C:\Windows\system\PuDzfCQ.exe

Filesize
6.0MB

MD5
2eb7a089730c6eb6d5fb45bb393c59ce

SHA1
7d24ee7bc1f594555743063be4c8886d176a2b08

SHA256
5740f172a797c08de385181c101d2d250e2b318a8e4a9881e8b6ed7fbcd0ce56

SHA512
8afb43b75bd1714498ffe9412052fee6c01d1559b0c3f3e3eac5f79ac8e928922253473694ccc5a6c22abf63eb031538ade93ec5894b59730f9b59ba05e12b1b

Download Submit
C:\Windows\system\RKnyVTP.exe

Filesize
6.0MB

MD5
e4bd463991fa4071cfe996d77a41ffd9

SHA1
3090e1fb5e87e55e20435eee2bd109158e680492

SHA256
cb8e070da3d1405d8d3cbd121530cb292cce7dc499b00ee9e99056b91e5aef1c

SHA512
34f9c6dcbf1a358770c4f11d6e3eff5bab45f1ef511eeaf7dccd59b30c886e003bc47673aaf3c0bb5be4f771d8a602d22fe7b06e68cdb01f318d7463342236de

Download Submit
C:\Windows\system\UXUMyXh.exe

Filesize
6.0MB

MD5
1647b9a1564fbf1c68d56c1be2c59200

SHA1
f17ee3cee6c2d9f7a43f9c3933b3f804eed9a094

SHA256
1bf85a6e1a2a38e10dd011f989c2157f46a42102f20c689f0d76c66d56e15185

SHA512
63f1e065c09f90c9ce459aed0239c269fb34124a3a358b7fe066aab8798a60209911bc8645f46d6caecaf0a8db58a3cc283dcc85773983f1332449ab13562efe

Download Submit
C:\Windows\system\XCXSUkt.exe

Filesize
6.0MB

MD5
64674c1d0214ede0a9243a76ab67fb48

SHA1
5e6e1e3af3e3c7b94177a99c0947e3fce77cb235

SHA256
2a48955d7a139df81b5a0615c76879426f6ba7685dad683d22a6c88ca860e890

SHA512
1052e177f9433df23e131737336cefce454e49872bbdf086d49e8215adb9029580a27415304ba0c238e6e5f2b20a2e774b56883320b047a3fb81b93a9272bc04

Download Submit
C:\Windows\system\YHLlFDb.exe

Filesize
6.0MB

MD5
6d302f0a8d61b0b6d71e41ac0a2674fd

SHA1
7cffde87fb9d2b0bc151aaea92a59e454062af00

SHA256
4601b9fb7fcbaaacfda0318e063c6bcce0ecd3b833e6ddcb0fb51fdf27f155eb

SHA512
a1b8c3c0cd55a06f9e3863d5204f1894f4e61702cdafb983cfe6fdc5983dc85462771b2a50887ee009ebe1accd97b19c76e61ffa6fa9d844c40c9313b6099dad

Download Submit
C:\Windows\system\aaHaQlJ.exe

Filesize
6.0MB

MD5
b3f4598ee667d8a1c461e6e84dfeafff

SHA1
7bd5eaf2563402f7f3cfc5c2b47cf36f7eb5f651

SHA256
01a18adb8e27655eea674783a0c37b4cf6cc023122b5b72f606b78a85c494f10

SHA512
18239534ca2aa8f43c5ab8443ee8484a93606817b7c2909b9fed7142b7606605fece84ae13da334bda56bace71b0152e817bdb175b41b7561555fc3eff01922d

Download Submit
C:\Windows\system\bYHETyf.exe

Filesize
6.0MB

MD5
ec76151d8a69d011703bef6d54e10080

SHA1
f8a0acd00f0521879a5ce6ded5ec170ba3bd1a30

SHA256
2211733d9160b95e272c70619dd335493d4319e9ddfa8d0ef5ef0b780bf4ea33

SHA512
19dbe08dd113d2a97454a9c39fee8fb6f23d4944dc5954cf1cbf5635c59177052eb8fa1024b624c5727ebd31b8ba6ad4a856127ef523349ecc71a6a5b175cb7e

Download Submit
C:\Windows\system\cPdMWBG.exe

Filesize
6.0MB

MD5
f7d6a09e5d9ea1f5ce34d60835110d9b

SHA1
35319a22da3567d0af36ed24770926df2be0165c

SHA256
517bc677d77e80c26d44913c29fe8139d7ac3541ea8dbdb6ae9e56faa6b63ce5

SHA512
947f47fc06a43343c46533274619a28185d0669f3febb5911091d6dd046c339f997b5dfdda2193d1c4dc32e61ec819bd7c1b75c82bf82b9e69af459fc3d09803

Download Submit
C:\Windows\system\dPTjexq.exe

Filesize
6.0MB

MD5
fddf4f23afb855b31a9e5fbbdc05366e

SHA1
c6853be04081e378f1dc1d17f370ba19b56cf8bd

SHA256
3fcbdfad04c41bab0740a394af0d00b8f4c1470e4cc68468bbde0295885ea60a

SHA512
15ddc7de20327779b22822068c1be2f21f4b2610a7d353316dd40e594549173321386ded2e627c577222c21af088bdc9eb5afedc836781fcb12f6cd676570f14

Download Submit
C:\Windows\system\dinzMZo.exe

Filesize
6.0MB

MD5
92b8275eac8c7746a7ddf7d51d13381a

SHA1
79dcc099bda6b59b5fc3ed9b73789170cef67d9b

SHA256
fc628ba55694b2e8d40cbb26885749fa5bc17e14ed0880ec3fabfab4137ab9c2

SHA512
70c90ef3156a1ab571e92a1fd7f02e75e1193c580247abafb7ab31e881c288092eb357b578ad0f9deecb3bd0add8b4c21f69dfddc837d50b2ce02fcff086517c

Download Submit
C:\Windows\system\fFWSASW.exe

Filesize
6.0MB

MD5
86b742131b2c793e809706085504d100

SHA1
bc4f9cb5c072e64d5a99a64a8ec53826fee92551

SHA256
b761560df4e25466f11fb1a48b3336fe2894442cb4592e6bf020270540f1853d

SHA512
e1d69eb1807a1990c66a2057aff2e086041dfa1d2155c1818f7d6aa1e8f56161961d137fbb37b47a7f09fe89586bbfc9d0d5a291f261412e540381a589913076

Download Submit
C:\Windows\system\gcKkamv.exe

Filesize
6.0MB

MD5
76a5182194403863c5027ee5b5d517a4

SHA1
a4c12a28257277c683e09c8d15918df79e7625f5

SHA256
5b6b09d0ee258f1c197aab0e18603cdba8c52eb676bf648074665a4fe8fac82d

SHA512
1a22efe39659e2aa30a79616a96fd713abef04278390700237fe6e7137aba5857ae35f1c8897b738ebd762397cf9657f9de565fe2ceb04863bdf961b83b45215

Download Submit
C:\Windows\system\gzGyuIj.exe

Filesize
6.0MB

MD5
ff40c511c093e855e19cef53260bf76e

SHA1
5f0ece2166d4eba83093b382370b73e2da7b08be

SHA256
e20f67b04aba48dd295ee6223edbdb2fa618f04c50dfc93bf2e13e8c570485b1

SHA512
28e50ff0e380be6778c9ab054bfc0dd1e0836f5c1e9e8404c2acc7540c38c089359a1f686092bc05a431576b43bfc325e42ad0fe5a57d3433a8f103ab8266a4c

Download Submit
C:\Windows\system\jxouPjE.exe

Filesize
6.0MB

MD5
77e8e859305e3871bf3244ecfa68fe52

SHA1
0bfa9f0c73c1d5befe0fb3693ac3efaee32bedc4

SHA256
c1a79b4df7358deac54091c9b14358b2325b6f7e439f2038c9bd588818c55a2e

SHA512
358fe5b26fc1400936c4c716bc314c326fa609fdc938c4f34a523f8b13ccd4f9c65ab91af697cda2fe470fc16603f9c5253b5dd2c645a3453c82b3871fe7f87a

Download Submit
C:\Windows\system\kblHjlC.exe

Filesize
6.0MB

MD5
30315f7d65d74b43973c76d633562c50

SHA1
84d7c4b5334913a66a2ebd0429fdffef983296e5

SHA256
42d984d6a2b81c8744d92e2bba6436bf383644a9b3383788020fbf7008c0b65e

SHA512
ca58a5ba61282511a9fc27b967c7c37ccce1c94e4427f176df0b9df10f9eb27bb940adbccbe72bd4e8fc33409253694f308e8e8d0783ff5f4b87b74ce0d0c54d

Download Submit
C:\Windows\system\nkHWbTn.exe

Filesize
6.0MB

MD5
07d97542feaddce9ac4d77d8e81c5d78

SHA1
e48e5b85298623cfcdc430a8131c91cfc04d2dd4

SHA256
cda34f1805a6e53fb5c06395f62ebaffde853746e273e30919122ad928e7d2d0

SHA512
4593439f7633356d6bcd8b00120df1b0c0d6b2cfac72d127d3f8b5b7ffea60ad4aed35396b77cbf4430e693949ef27649e23675d94304dab1b44565f21e9df56

Download Submit
C:\Windows\system\qktQJrl.exe

Filesize
6.0MB

MD5
4c7c700010d8b566c78cd3683bdbfb84

SHA1
ed0bc091b55442da28987f1fc1804b84ba809a9b

SHA256
d530a9408001fda39e5b0bed6f31d3aadaa8b93509f104d85279fc86c05e1f14

SHA512
21bc6d33a7bacd565d7f82b6e32465f9b2a1a335ae3d3d7515595dc52087541331763feb9fa4c25467c965b2df79869447f97c133fc76f4f2a2423f58601a51c

Download Submit
C:\Windows\system\tPrnIug.exe

Filesize
6.0MB

MD5
bac06c93b31deda12eb4fa12ba0e8e3e

SHA1
26d2293f6fa40f606eccf9682e8d187ec67f26af

SHA256
5e30d92f3152678c6cb4625b9689c56a21132777a87cd3e5af89bebd78642ea7

SHA512
32685be6df6008e1ebe7f780531731b2b42168c4d90f3cebc9b875126de41861043e8b499bd601a4136f84390cdb6ca3ab2c73c0fe25df010ec68d570fc8ba33

Download Submit
C:\Windows\system\uEqdwbu.exe

Filesize
6.0MB

MD5
65bc1c1e93e3b9f1569e7a801d012ef5

SHA1
a6542f8d1cc966a8c681904627778cd7a55ce154

SHA256
9f957c02c476154d3ec2f443536c92ebf859750b6f2ccacf539160454284dfbc

SHA512
47e36f59c5318d6dcf915214ca99bfff68920174a470885fe4249a21ad72257da7524702fab0f22f29cb11b4b766b4e74482093ebde81baceda11543ee2a3ee9

Download Submit
C:\Windows\system\voNRRWL.exe

Filesize
6.0MB

MD5
1bfac985fba6e8a03b10f34d2e033916

SHA1
dbfa6d0ca2d5c36591156c027298bd8efed0e8b4

SHA256
4338c7d4cfc878dcb623e5dd6b7bf9ff5ef34d2cbfc878ddbdeb73b96081c907

SHA512
6d704336654c1333f1529fd48195e08910bc0bab20a0aa4a0e74ade16bfdfe3286884cac55dfbe1902da9058b739a0da17527cf151d26d1f2f5b6939184da71e

Download Submit
C:\Windows\system\wagWqWB.exe

Filesize
6.0MB

MD5
a980d60b00b4c14db553971fadcffb42

SHA1
cbf1ce2886044d1b6a276ed871a09265dc9aa03f

SHA256
22cd449c343055d955677a090ce9be416778d3cce965752e128c8db98573b349

SHA512
aab8f96c5c98313aa7f338687e8764e78a6ac70d6b7a69a312ad77580b783a1c839f8b5445a2515a3b290f7eacd8b4e1629ac95453e5def0e9100598ffbda18f

Download Submit
C:\Windows\system\wsQlmJW.exe

Filesize
6.0MB

MD5
ca311de56499f4f88d1f91e8f4a9711a

SHA1
79355529b6da69a8fb1a9c74d3a2575f765eb650

SHA256
944c6099682d23cd4286bb231d5896276a01317a7d34a35b398a85ec2d2547da

SHA512
7b0ae5f34421295c932e46141701a2a2cc8824c1b37628da24f4e1f9044e1d08c8fd4867e80653f97ac0217d84d5652ce01755cfae13223b7af98abc9f8de199

Download Submit
\Windows\system\BNcqYMG.exe

Filesize
6.0MB

MD5
b71991a839fd168c2887292965c357cb

SHA1
6c170faeb0d318f88b518e38d5b7d87791861161

SHA256
d0585041561092db358e271880480d6c753369efec6d945afc4319abea319faa

SHA512
6b15193a1a2c3d484896d526ec19faf9c21fb1af5b68ec2a91630c8dba690eba488063251042e68a57e722bec963b57ee6dc351d0191349f9092753fcf5b453f

Download Submit
\Windows\system\NCIbMta.exe

Filesize
6.0MB

MD5
f75b102a44f02af02468547532360627

SHA1
b52ab0ae13b1e31fc43d882db49bb40a4359e592

SHA256
90705eb7597304b3d8c8044642242ae1a98da3677cb1a6f2214127c59135d612

SHA512
8b5bb12c7392519d9854ff97f3d939284c3a1f6161620d3a0e58ccf1297c45c627753f23e502774fcb4572a695305043117b1860967c9c1e0316c5d9c20a9af6

Download Submit
\Windows\system\RpyoVqQ.exe

Filesize
6.0MB

MD5
b16e26d2682dd9886665c7847e8de4a9

SHA1
3abefd4aec3677a11d6474fe2dd4aa4f26d2cc71

SHA256
6e8b1fa2da836575c67c6b214f9ebc9f01a22b0e3aab10e8624fe5077eddfaf6

SHA512
b5c9eb0bf277cd45ae7a59ddfc25f6dd2e9c8df7ce4431907af11efa46e2d1213a4e0a27db72295697e7874f308e1136796b1bc9b7466349884f48f549cd072c

Download Submit
\Windows\system\ZMMTHRd.exe

Filesize
6.0MB

MD5
d2ae2448fef7072f09a905a47064e2ea

SHA1
79ddd914634496006a0d62d35046764af50c5746

SHA256
87ac2afdf96212d09abbf2a6a2fcbc537c01ae322abe9ddc79e467db695e68c0

SHA512
2ff3bffb5e2bb4db9c7dcc91766ebb0fcd024f1a83211379cad9abd9ae4daef22f290f7d64233943ba290f64625aa52125d13fa768b33eafd6797cecbb066781

Download Submit
memory/652-11-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/652-44-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/652-1313-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/792-1315-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/792-15-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1388-1368-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/1388-1398-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/1640-1371-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/1640-1400-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/1668-1394-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/1668-1408-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2116-1317-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-29-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-1314-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2332-22-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2332-49-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2408-1417-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-1784-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2508-35-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2508-1318-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2724-1376-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2724-1324-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1328-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1383-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2808-25-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-18-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1331-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-46-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1812-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1351-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1790-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1370-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-0-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1374-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-40-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-31-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1798-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1796-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1397-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-43-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2808-39-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1325-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1420-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-16-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2808-6-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1801-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1425-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1418-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1438-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1450-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1778-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1794-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2808-1800-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1803-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-1435-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-1391-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-1350-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-45-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1352-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download