cobaltstrike | 032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
23-12-2024 17:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
Size

6.0MB
MD5

d0be84e1685e872fe7328a9cede1eed8
SHA1

f2d67941b88595b4b3de43d2e6d43602c8b7f174
SHA256

032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577
SHA512

134b769c92eb6d6525e3335c29ba08b70cf142f87037fdf485950fd0626afbb18b73f13ceba743c7576e3905147d7df50003b7a15e424429f78ace1162ac403e
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUf:eOl56utgpPF8u/7f

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0011000000011c2c-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016875-18.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016650-9.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016b47-23.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c66-32.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-76.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019250-153.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a6-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019360-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933f-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019297-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019269-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019246-149.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b4e-139.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c16-143.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a8-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878e-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018744-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-114.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-109.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-103.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-95.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cf5-71.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c88-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-67.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-79.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-63.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017497-52.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd7-46.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2220-0-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/files/0x0011000000011c2c-3.dat	xmrig
behavioral1/files/0x0008000000016875-18.dat	xmrig
behavioral1/memory/2532-22-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016650-9.dat	xmrig
behavioral1/files/0x0009000000016b47-23.dat	xmrig
behavioral1/files/0x0008000000016c66-32.dat	xmrig
behavioral1/memory/1708-28-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2220-65-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2752-43-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/files/0x000600000001749c-76.dat	xmrig
behavioral1/memory/1708-98-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019250-153.dat	xmrig
behavioral1/files/0x00050000000193a6-186.dat	xmrig
behavioral1/memory/2684-886-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2220-885-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2428-658-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2780-657-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2220-656-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2944-544-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2928-334-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/files/0x0005000000019360-183.dat	xmrig
behavioral1/files/0x000500000001933f-179.dat	xmrig
behavioral1/files/0x0005000000019284-169.dat	xmrig
behavioral1/files/0x0005000000019297-173.dat	xmrig
behavioral1/files/0x0005000000019278-164.dat	xmrig
behavioral1/files/0x0005000000019269-159.dat	xmrig
behavioral1/files/0x0005000000019246-149.dat	xmrig
behavioral1/files/0x0006000000018b4e-139.dat	xmrig
behavioral1/files/0x0006000000018c16-143.dat	xmrig
behavioral1/files/0x00050000000187a8-134.dat	xmrig
behavioral1/files/0x000500000001878e-129.dat	xmrig
behavioral1/files/0x0005000000018744-124.dat	xmrig
behavioral1/files/0x0005000000018739-119.dat	xmrig
behavioral1/files/0x0005000000018704-114.dat	xmrig
behavioral1/files/0x00050000000186f4-109.dat	xmrig
behavioral1/memory/2220-105-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000186f1-103.dat	xmrig
behavioral1/memory/2684-97-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/files/0x00050000000186ed-95.dat	xmrig
behavioral1/files/0x0007000000016cf5-71.dat	xmrig
behavioral1/files/0x0007000000016c88-70.dat	xmrig
behavioral1/memory/2428-89-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2780-88-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2220-87-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/files/0x0005000000018686-67.dat	xmrig
behavioral1/memory/2928-59-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2868-86-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2900-85-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2760-84-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/3064-82-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/files/0x00050000000186e7-79.dat	xmrig
behavioral1/memory/2944-66-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x000600000001755b-63.dat	xmrig
behavioral1/memory/2220-55-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/files/0x0006000000017497-52.dat	xmrig
behavioral1/memory/2772-51-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cd7-46.dat	xmrig
behavioral1/memory/3064-17-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2500-8-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2780-3331-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2500-3350-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2428-3355-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2684-3514-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2500	ugtpKeW.exe
3064	prKJENn.exe
2532	MRbWJoT.exe
1708	eAOnBtl.exe
2752	anxnGTr.exe
2772	htrNVkm.exe
2928	VuFLSds.exe
2944	BCWqhfj.exe
2760	VSpfYho.exe
2900	YofaYZB.exe
2868	MAmjLPe.exe
2780	EqSOXsC.exe
2428	LSyxirz.exe
2684	cDUwcLR.exe
892	EKyxfPH.exe
2280	OPBghIt.exe
2376	OcjTSda.exe
2248	XiXdvCD.exe
1880	PWCRUnZ.exe
1528	UGZSKdx.exe
2052	oBHWmwx.exe
1664	mGbkUvv.exe
2456	HpECEoy.exe
1824	ydGMIiH.exe
1132	bXuIzaE.exe
304	OYfcBfr.exe
1920	DeLjkqO.exe
1948	GVcephB.exe
1044	zagQruI.exe
2008	IZdOvTp.exe
968	yxUnzmd.exe
1732	hOKZmqR.exe
1568	IljZhvR.exe
1672	oavXWhG.exe
872	FBykAKl.exe
1660	XgzaOyG.exe
1288	lxxFScv.exe
1340	UAjKiRQ.exe
1680	NdsHOHl.exe
1768	WZSmrLQ.exe
2964	mBQYUNM.exe
1756	tigoJjF.exe
2884	kJFCIRb.exe
2400	yhJZsTk.exe
2548	ltewgUC.exe
712	SrcttlN.exe
2980	zvCTIuG.exe
1016	qHhrBEY.exe
904	uSGpHjg.exe
580	YlrjfRS.exe
2976	TXVcdlh.exe
1616	YVYUprS.exe
1104	mDfzNUE.exe
2316	iBpirkH.exe
1416	WrDrJdO.exe
2476	ohQgdcH.exe
2816	hiaWutU.exe
2844	WZkHwpo.exe
3048	LLdShOU.exe
3000	ScFzVkp.exe
3040	pifRROM.exe
1804	OaAWULS.exe
1632	GCMDhqL.exe
2568	bKSaRhy.exe

Loads dropped DLL 64 IoCs

pid	Process
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2220-0-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/files/0x0011000000011c2c-3.dat	upx
behavioral1/files/0x0008000000016875-18.dat	upx
behavioral1/memory/2532-22-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/files/0x0008000000016650-9.dat	upx
behavioral1/files/0x0009000000016b47-23.dat	upx
behavioral1/files/0x0008000000016c66-32.dat	upx
behavioral1/memory/1708-28-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2752-43-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/files/0x000600000001749c-76.dat	upx
behavioral1/memory/1708-98-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/files/0x0005000000019250-153.dat	upx
behavioral1/files/0x00050000000193a6-186.dat	upx
behavioral1/memory/2684-886-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2428-658-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2780-657-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2944-544-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2928-334-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/files/0x0005000000019360-183.dat	upx
behavioral1/files/0x000500000001933f-179.dat	upx
behavioral1/files/0x0005000000019284-169.dat	upx
behavioral1/files/0x0005000000019297-173.dat	upx
behavioral1/files/0x0005000000019278-164.dat	upx
behavioral1/files/0x0005000000019269-159.dat	upx
behavioral1/files/0x0005000000019246-149.dat	upx
behavioral1/files/0x0006000000018b4e-139.dat	upx
behavioral1/files/0x0006000000018c16-143.dat	upx
behavioral1/files/0x00050000000187a8-134.dat	upx
behavioral1/files/0x000500000001878e-129.dat	upx
behavioral1/files/0x0005000000018744-124.dat	upx
behavioral1/files/0x0005000000018739-119.dat	upx
behavioral1/files/0x0005000000018704-114.dat	upx
behavioral1/files/0x00050000000186f4-109.dat	upx
behavioral1/files/0x00050000000186f1-103.dat	upx
behavioral1/memory/2684-97-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/files/0x00050000000186ed-95.dat	upx
behavioral1/files/0x0007000000016cf5-71.dat	upx
behavioral1/files/0x0007000000016c88-70.dat	upx
behavioral1/memory/2428-89-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2780-88-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/files/0x0005000000018686-67.dat	upx
behavioral1/memory/2928-59-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2868-86-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2900-85-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2760-84-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/3064-82-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/files/0x00050000000186e7-79.dat	upx
behavioral1/memory/2944-66-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/files/0x000600000001755b-63.dat	upx
behavioral1/memory/2220-55-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/files/0x0006000000017497-52.dat	upx
behavioral1/memory/2772-51-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/files/0x0007000000016cd7-46.dat	upx
behavioral1/memory/3064-17-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2500-8-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2780-3331-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2500-3350-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2428-3355-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2684-3514-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2772-3342-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2752-3338-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2532-3330-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2868-3329-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2928-3328-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ZaeSnKn.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\KRwpGLs.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\gErLnAl.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\uvVQQNh.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\NsLLgGl.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\FaIDzXm.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\xmAHPbo.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\DTYVDyb.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\DhbqVYa.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\XYXoGci.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\iSIZIdp.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\TzKyBTO.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\trjMaXq.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\oavXWhG.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\abzXuAd.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\uHhxjBq.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\uFLeBAV.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\YfypOso.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\nHDHhCH.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\dWpDEWp.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\JcniWfZ.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\gOdUSMG.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\QfyDCuF.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\xbuoodB.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\XGueXBD.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\scjHPqC.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\XnhXFqp.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\FpgvJCj.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\rYmgeGl.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\XlXoOHy.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\HZPbRJu.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\nKNaoxz.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\larbWuN.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\xBLllJW.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\emOwBeq.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\QscKFDy.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\ZApzJSi.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\KoFutEN.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\dmYAQgO.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\BIBrAei.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\jNspVJW.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\jrYYjHA.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\yhJZsTk.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\RwxtOnJ.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\rSpuOvQ.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\pEoEvWP.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\wPKPwmE.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\EWYknEy.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\ErNueOW.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\WEGWinm.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\qIkIAgS.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\OfPjVnY.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\OFDClqm.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\RvGBdKS.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\TlOoNnZ.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\FIlWRPL.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\UTRTZLH.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\EUpOkqz.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\mqokqyP.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\OGtpRQg.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\TIwLsYW.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\oDnFPLS.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\CJFLXfG.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
File created	C:\Windows\System\gBmRhhl.exe	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2500	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	31
PID 2220 wrote to memory of 2500	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	31
PID 2220 wrote to memory of 2500	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	31
PID 2220 wrote to memory of 3064	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	32
PID 2220 wrote to memory of 3064	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	32
PID 2220 wrote to memory of 3064	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	32
PID 2220 wrote to memory of 2532	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	33
PID 2220 wrote to memory of 2532	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	33
PID 2220 wrote to memory of 2532	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	33
PID 2220 wrote to memory of 1708	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	34
PID 2220 wrote to memory of 1708	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	34
PID 2220 wrote to memory of 1708	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	34
PID 2220 wrote to memory of 2752	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	35
PID 2220 wrote to memory of 2752	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	35
PID 2220 wrote to memory of 2752	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	35
PID 2220 wrote to memory of 2760	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	36
PID 2220 wrote to memory of 2760	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	36
PID 2220 wrote to memory of 2760	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	36
PID 2220 wrote to memory of 2772	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	37
PID 2220 wrote to memory of 2772	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	37
PID 2220 wrote to memory of 2772	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	37
PID 2220 wrote to memory of 2900	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	38
PID 2220 wrote to memory of 2900	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	38
PID 2220 wrote to memory of 2900	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	38
PID 2220 wrote to memory of 2928	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	39
PID 2220 wrote to memory of 2928	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	39
PID 2220 wrote to memory of 2928	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	39
PID 2220 wrote to memory of 2868	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	40
PID 2220 wrote to memory of 2868	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	40
PID 2220 wrote to memory of 2868	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	40
PID 2220 wrote to memory of 2944	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	41
PID 2220 wrote to memory of 2944	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	41
PID 2220 wrote to memory of 2944	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	41
PID 2220 wrote to memory of 2428	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	42
PID 2220 wrote to memory of 2428	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	42
PID 2220 wrote to memory of 2428	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	42
PID 2220 wrote to memory of 2780	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	43
PID 2220 wrote to memory of 2780	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	43
PID 2220 wrote to memory of 2780	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	43
PID 2220 wrote to memory of 2684	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	44
PID 2220 wrote to memory of 2684	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	44
PID 2220 wrote to memory of 2684	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	44
PID 2220 wrote to memory of 892	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	45
PID 2220 wrote to memory of 892	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	45
PID 2220 wrote to memory of 892	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	45
PID 2220 wrote to memory of 2280	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	46
PID 2220 wrote to memory of 2280	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	46
PID 2220 wrote to memory of 2280	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	46
PID 2220 wrote to memory of 2376	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	47
PID 2220 wrote to memory of 2376	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	47
PID 2220 wrote to memory of 2376	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	47
PID 2220 wrote to memory of 2248	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	48
PID 2220 wrote to memory of 2248	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	48
PID 2220 wrote to memory of 2248	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	48
PID 2220 wrote to memory of 1880	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	49
PID 2220 wrote to memory of 1880	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	49
PID 2220 wrote to memory of 1880	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	49
PID 2220 wrote to memory of 1528	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	50
PID 2220 wrote to memory of 1528	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	50
PID 2220 wrote to memory of 1528	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	50
PID 2220 wrote to memory of 2052	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	51
PID 2220 wrote to memory of 2052	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	51
PID 2220 wrote to memory of 2052	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	51
PID 2220 wrote to memory of 1664	2220	JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_032827474f810ca3f035e6baf4e106f81c6735c040a12b58d6bd1dc333aba577.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\System\ugtpKeW.exe
  C:\Windows\System\ugtpKeW.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\prKJENn.exe
  C:\Windows\System\prKJENn.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\MRbWJoT.exe
  C:\Windows\System\MRbWJoT.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\eAOnBtl.exe
  C:\Windows\System\eAOnBtl.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\anxnGTr.exe
  C:\Windows\System\anxnGTr.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\VSpfYho.exe
  C:\Windows\System\VSpfYho.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\htrNVkm.exe
  C:\Windows\System\htrNVkm.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\YofaYZB.exe
  C:\Windows\System\YofaYZB.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\VuFLSds.exe
  C:\Windows\System\VuFLSds.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\MAmjLPe.exe
  C:\Windows\System\MAmjLPe.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\BCWqhfj.exe
  C:\Windows\System\BCWqhfj.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\LSyxirz.exe
  C:\Windows\System\LSyxirz.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\EqSOXsC.exe
  C:\Windows\System\EqSOXsC.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\cDUwcLR.exe
  C:\Windows\System\cDUwcLR.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\EKyxfPH.exe
  C:\Windows\System\EKyxfPH.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\OPBghIt.exe
  C:\Windows\System\OPBghIt.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\OcjTSda.exe
  C:\Windows\System\OcjTSda.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\XiXdvCD.exe
  C:\Windows\System\XiXdvCD.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\PWCRUnZ.exe
  C:\Windows\System\PWCRUnZ.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\UGZSKdx.exe
  C:\Windows\System\UGZSKdx.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\oBHWmwx.exe
  C:\Windows\System\oBHWmwx.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\mGbkUvv.exe
  C:\Windows\System\mGbkUvv.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\HpECEoy.exe
  C:\Windows\System\HpECEoy.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\ydGMIiH.exe
  C:\Windows\System\ydGMIiH.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\bXuIzaE.exe
  C:\Windows\System\bXuIzaE.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\OYfcBfr.exe
  C:\Windows\System\OYfcBfr.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\DeLjkqO.exe
  C:\Windows\System\DeLjkqO.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\GVcephB.exe
  C:\Windows\System\GVcephB.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\zagQruI.exe
  C:\Windows\System\zagQruI.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\IZdOvTp.exe
  C:\Windows\System\IZdOvTp.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\yxUnzmd.exe
  C:\Windows\System\yxUnzmd.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\hOKZmqR.exe
  C:\Windows\System\hOKZmqR.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\IljZhvR.exe
  C:\Windows\System\IljZhvR.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\oavXWhG.exe
  C:\Windows\System\oavXWhG.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\FBykAKl.exe
  C:\Windows\System\FBykAKl.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\XgzaOyG.exe
  C:\Windows\System\XgzaOyG.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\lxxFScv.exe
  C:\Windows\System\lxxFScv.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\UAjKiRQ.exe
  C:\Windows\System\UAjKiRQ.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\NdsHOHl.exe
  C:\Windows\System\NdsHOHl.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\WZSmrLQ.exe
  C:\Windows\System\WZSmrLQ.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\mBQYUNM.exe
  C:\Windows\System\mBQYUNM.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\tigoJjF.exe
  C:\Windows\System\tigoJjF.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\kJFCIRb.exe
  C:\Windows\System\kJFCIRb.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\yhJZsTk.exe
  C:\Windows\System\yhJZsTk.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\ltewgUC.exe
  C:\Windows\System\ltewgUC.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\SrcttlN.exe
  C:\Windows\System\SrcttlN.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\zvCTIuG.exe
  C:\Windows\System\zvCTIuG.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\qHhrBEY.exe
  C:\Windows\System\qHhrBEY.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\uSGpHjg.exe
  C:\Windows\System\uSGpHjg.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\YlrjfRS.exe
  C:\Windows\System\YlrjfRS.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\TXVcdlh.exe
  C:\Windows\System\TXVcdlh.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\YVYUprS.exe
  C:\Windows\System\YVYUprS.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\mDfzNUE.exe
  C:\Windows\System\mDfzNUE.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\iBpirkH.exe
  C:\Windows\System\iBpirkH.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\WrDrJdO.exe
  C:\Windows\System\WrDrJdO.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\ohQgdcH.exe
  C:\Windows\System\ohQgdcH.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\hiaWutU.exe
  C:\Windows\System\hiaWutU.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\WZkHwpo.exe
  C:\Windows\System\WZkHwpo.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\LLdShOU.exe
  C:\Windows\System\LLdShOU.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\ScFzVkp.exe
  C:\Windows\System\ScFzVkp.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\pifRROM.exe
  C:\Windows\System\pifRROM.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\OaAWULS.exe
  C:\Windows\System\OaAWULS.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\GCMDhqL.exe
  C:\Windows\System\GCMDhqL.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\bKSaRhy.exe
  C:\Windows\System\bKSaRhy.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\WgItYPW.exe
  C:\Windows\System\WgItYPW.exe
  2⤵
  PID:2600
- C:\Windows\System\jDSBElj.exe
  C:\Windows\System\jDSBElj.exe
  2⤵
  PID:1832
- C:\Windows\System\FaIDzXm.exe
  C:\Windows\System\FaIDzXm.exe
  2⤵
  PID:1156
- C:\Windows\System\DjGrStu.exe
  C:\Windows\System\DjGrStu.exe
  2⤵
  PID:1360
- C:\Windows\System\zxXWEYu.exe
  C:\Windows\System\zxXWEYu.exe
  2⤵
  PID:1764
- C:\Windows\System\lJasDUb.exe
  C:\Windows\System\lJasDUb.exe
  2⤵
  PID:1964
- C:\Windows\System\irCudHy.exe
  C:\Windows\System\irCudHy.exe
  2⤵
  PID:1120
- C:\Windows\System\cJeDMHk.exe
  C:\Windows\System\cJeDMHk.exe
  2⤵
  PID:1636
- C:\Windows\System\qwuoWTA.exe
  C:\Windows\System\qwuoWTA.exe
  2⤵
  PID:276
- C:\Windows\System\zSKuwEV.exe
  C:\Windows\System\zSKuwEV.exe
  2⤵
  PID:1696
- C:\Windows\System\ZXVluCF.exe
  C:\Windows\System\ZXVluCF.exe
  2⤵
  PID:1712
- C:\Windows\System\jzNmBUe.exe
  C:\Windows\System\jzNmBUe.exe
  2⤵
  PID:880
- C:\Windows\System\SjBuAYI.exe
  C:\Windows\System\SjBuAYI.exe
  2⤵
  PID:1448
- C:\Windows\System\QvmADms.exe
  C:\Windows\System\QvmADms.exe
  2⤵
  PID:2876
- C:\Windows\System\vBhxvKC.exe
  C:\Windows\System\vBhxvKC.exe
  2⤵
  PID:2756
- C:\Windows\System\qidiGYe.exe
  C:\Windows\System\qidiGYe.exe
  2⤵
  PID:588
- C:\Windows\System\rhxOdNh.exe
  C:\Windows\System\rhxOdNh.exe
  2⤵
  PID:1612
- C:\Windows\System\GVjjgnz.exe
  C:\Windows\System\GVjjgnz.exe
  2⤵
  PID:340
- C:\Windows\System\zoZVFdS.exe
  C:\Windows\System\zoZVFdS.exe
  2⤵
  PID:1328
- C:\Windows\System\QEeylSQ.exe
  C:\Windows\System\QEeylSQ.exe
  2⤵
  PID:2704
- C:\Windows\System\IMQQYun.exe
  C:\Windows\System\IMQQYun.exe
  2⤵
  PID:1740
- C:\Windows\System\GhnrvBT.exe
  C:\Windows\System\GhnrvBT.exe
  2⤵
  PID:1148
- C:\Windows\System\gJmqmQK.exe
  C:\Windows\System\gJmqmQK.exe
  2⤵
  PID:1048
- C:\Windows\System\aQpfNau.exe
  C:\Windows\System\aQpfNau.exe
  2⤵
  PID:2912
- C:\Windows\System\RmXMMUN.exe
  C:\Windows\System\RmXMMUN.exe
  2⤵
  PID:2832
- C:\Windows\System\zKABLWL.exe
  C:\Windows\System\zKABLWL.exe
  2⤵
  PID:2728
- C:\Windows\System\oDnFPLS.exe
  C:\Windows\System\oDnFPLS.exe
  2⤵
  PID:2404
- C:\Windows\System\SfMSamR.exe
  C:\Windows\System\SfMSamR.exe
  2⤵
  PID:844
- C:\Windows\System\BezswQC.exe
  C:\Windows\System\BezswQC.exe
  2⤵
  PID:2284
- C:\Windows\System\xmAHPbo.exe
  C:\Windows\System\xmAHPbo.exe
  2⤵
  PID:1576
- C:\Windows\System\pDalnDH.exe
  C:\Windows\System\pDalnDH.exe
  2⤵
  PID:3084
- C:\Windows\System\kLAbDDl.exe
  C:\Windows\System\kLAbDDl.exe
  2⤵
  PID:3108
- C:\Windows\System\GzPUHAF.exe
  C:\Windows\System\GzPUHAF.exe
  2⤵
  PID:3128
- C:\Windows\System\FOIspWo.exe
  C:\Windows\System\FOIspWo.exe
  2⤵
  PID:3148
- C:\Windows\System\JhJKitq.exe
  C:\Windows\System\JhJKitq.exe
  2⤵
  PID:3168
- C:\Windows\System\uavZped.exe
  C:\Windows\System\uavZped.exe
  2⤵
  PID:3184
- C:\Windows\System\fcOpqnm.exe
  C:\Windows\System\fcOpqnm.exe
  2⤵
  PID:3204
- C:\Windows\System\WGQuEwl.exe
  C:\Windows\System\WGQuEwl.exe
  2⤵
  PID:3224
- C:\Windows\System\tMdFfwA.exe
  C:\Windows\System\tMdFfwA.exe
  2⤵
  PID:3248
- C:\Windows\System\cVLHzCp.exe
  C:\Windows\System\cVLHzCp.exe
  2⤵
  PID:3264
- C:\Windows\System\jHrnwtU.exe
  C:\Windows\System\jHrnwtU.exe
  2⤵
  PID:3284
- C:\Windows\System\dFANcCN.exe
  C:\Windows\System\dFANcCN.exe
  2⤵
  PID:3308
- C:\Windows\System\tDfzyeK.exe
  C:\Windows\System\tDfzyeK.exe
  2⤵
  PID:3324
- C:\Windows\System\lzHDxdi.exe
  C:\Windows\System\lzHDxdi.exe
  2⤵
  PID:3344
- C:\Windows\System\nuuzQcW.exe
  C:\Windows\System\nuuzQcW.exe
  2⤵
  PID:3368
- C:\Windows\System\GfEnZCf.exe
  C:\Windows\System\GfEnZCf.exe
  2⤵
  PID:3384
- C:\Windows\System\sshmuxq.exe
  C:\Windows\System\sshmuxq.exe
  2⤵
  PID:3404
- C:\Windows\System\agkCMut.exe
  C:\Windows\System\agkCMut.exe
  2⤵
  PID:3424
- C:\Windows\System\oNsTwfU.exe
  C:\Windows\System\oNsTwfU.exe
  2⤵
  PID:3452
- C:\Windows\System\ZoHhDgh.exe
  C:\Windows\System\ZoHhDgh.exe
  2⤵
  PID:3472
- C:\Windows\System\Bwdpmzw.exe
  C:\Windows\System\Bwdpmzw.exe
  2⤵
  PID:3488
- C:\Windows\System\tVRYXoW.exe
  C:\Windows\System\tVRYXoW.exe
  2⤵
  PID:3512
- C:\Windows\System\HArndgG.exe
  C:\Windows\System\HArndgG.exe
  2⤵
  PID:3532
- C:\Windows\System\wyBYthT.exe
  C:\Windows\System\wyBYthT.exe
  2⤵
  PID:3552
- C:\Windows\System\TLsowdO.exe
  C:\Windows\System\TLsowdO.exe
  2⤵
  PID:3572
- C:\Windows\System\vBwSSIY.exe
  C:\Windows\System\vBwSSIY.exe
  2⤵
  PID:3592
- C:\Windows\System\yFBLUpP.exe
  C:\Windows\System\yFBLUpP.exe
  2⤵
  PID:3612
- C:\Windows\System\XkImJCt.exe
  C:\Windows\System\XkImJCt.exe
  2⤵
  PID:3632
- C:\Windows\System\lNoRWqY.exe
  C:\Windows\System\lNoRWqY.exe
  2⤵
  PID:3652
- C:\Windows\System\qyDAjKM.exe
  C:\Windows\System\qyDAjKM.exe
  2⤵
  PID:3672
- C:\Windows\System\zSvRmcd.exe
  C:\Windows\System\zSvRmcd.exe
  2⤵
  PID:3688
- C:\Windows\System\PMZsFLR.exe
  C:\Windows\System\PMZsFLR.exe
  2⤵
  PID:3704
- C:\Windows\System\zcCAILH.exe
  C:\Windows\System\zcCAILH.exe
  2⤵
  PID:3736
- C:\Windows\System\coYucYW.exe
  C:\Windows\System\coYucYW.exe
  2⤵
  PID:3752
- C:\Windows\System\qJnvgfQ.exe
  C:\Windows\System\qJnvgfQ.exe
  2⤵
  PID:3776
- C:\Windows\System\bbYyLCY.exe
  C:\Windows\System\bbYyLCY.exe
  2⤵
  PID:3796
- C:\Windows\System\UJoJxvV.exe
  C:\Windows\System\UJoJxvV.exe
  2⤵
  PID:3812
- C:\Windows\System\wYGRlcK.exe
  C:\Windows\System\wYGRlcK.exe
  2⤵
  PID:3832
- C:\Windows\System\tJvomGt.exe
  C:\Windows\System\tJvomGt.exe
  2⤵
  PID:3852
- C:\Windows\System\dtIXzym.exe
  C:\Windows\System\dtIXzym.exe
  2⤵
  PID:3876
- C:\Windows\System\afxlvCY.exe
  C:\Windows\System\afxlvCY.exe
  2⤵
  PID:3896
- C:\Windows\System\lFkhYiz.exe
  C:\Windows\System\lFkhYiz.exe
  2⤵
  PID:3916
- C:\Windows\System\vSIDfFn.exe
  C:\Windows\System\vSIDfFn.exe
  2⤵
  PID:3936
- C:\Windows\System\IjdVhqx.exe
  C:\Windows\System\IjdVhqx.exe
  2⤵
  PID:3952
- C:\Windows\System\GAfFOGh.exe
  C:\Windows\System\GAfFOGh.exe
  2⤵
  PID:3976
- C:\Windows\System\GhZBKwM.exe
  C:\Windows\System\GhZBKwM.exe
  2⤵
  PID:3996
- C:\Windows\System\CXSNrFP.exe
  C:\Windows\System\CXSNrFP.exe
  2⤵
  PID:4016
- C:\Windows\System\wUBADJS.exe
  C:\Windows\System\wUBADJS.exe
  2⤵
  PID:4036
- C:\Windows\System\WkNXkfL.exe
  C:\Windows\System\WkNXkfL.exe
  2⤵
  PID:4056
- C:\Windows\System\LdXXOOE.exe
  C:\Windows\System\LdXXOOE.exe
  2⤵
  PID:4072
- C:\Windows\System\SKHXpQT.exe
  C:\Windows\System\SKHXpQT.exe
  2⤵
  PID:1836
- C:\Windows\System\GgUgMyk.exe
  C:\Windows\System\GgUgMyk.exe
  2⤵
  PID:1728
- C:\Windows\System\BQuCtIz.exe
  C:\Windows\System\BQuCtIz.exe
  2⤵
  PID:1780
- C:\Windows\System\XDsNzaJ.exe
  C:\Windows\System\XDsNzaJ.exe
  2⤵
  PID:620
- C:\Windows\System\abzXuAd.exe
  C:\Windows\System\abzXuAd.exe
  2⤵
  PID:1976
- C:\Windows\System\qZnRAyF.exe
  C:\Windows\System\qZnRAyF.exe
  2⤵
  PID:1724
- C:\Windows\System\emOwBeq.exe
  C:\Windows\System\emOwBeq.exe
  2⤵
  PID:2652
- C:\Windows\System\jDqmuua.exe
  C:\Windows\System\jDqmuua.exe
  2⤵
  PID:1056
- C:\Windows\System\evJLyKg.exe
  C:\Windows\System\evJLyKg.exe
  2⤵
  PID:2536
- C:\Windows\System\hzXKyqY.exe
  C:\Windows\System\hzXKyqY.exe
  2⤵
  PID:3032
- C:\Windows\System\zDZGBJi.exe
  C:\Windows\System\zDZGBJi.exe
  2⤵
  PID:2996
- C:\Windows\System\aixYkpn.exe
  C:\Windows\System\aixYkpn.exe
  2⤵
  PID:648
- C:\Windows\System\ORgVhyR.exe
  C:\Windows\System\ORgVhyR.exe
  2⤵
  PID:2468
- C:\Windows\System\WIDhlZL.exe
  C:\Windows\System\WIDhlZL.exe
  2⤵
  PID:2448
- C:\Windows\System\YvRRsAQ.exe
  C:\Windows\System\YvRRsAQ.exe
  2⤵
  PID:1828
- C:\Windows\System\RDtwrMG.exe
  C:\Windows\System\RDtwrMG.exe
  2⤵
  PID:2244
- C:\Windows\System\APSRJoV.exe
  C:\Windows\System\APSRJoV.exe
  2⤵
  PID:3104
- C:\Windows\System\oefcFMH.exe
  C:\Windows\System\oefcFMH.exe
  2⤵
  PID:3140
- C:\Windows\System\rUecwxD.exe
  C:\Windows\System\rUecwxD.exe
  2⤵
  PID:3120
- C:\Windows\System\hxkbfMW.exe
  C:\Windows\System\hxkbfMW.exe
  2⤵
  PID:3220
- C:\Windows\System\OTiSSMe.exe
  C:\Windows\System\OTiSSMe.exe
  2⤵
  PID:3260
- C:\Windows\System\bEOBTid.exe
  C:\Windows\System\bEOBTid.exe
  2⤵
  PID:3292
- C:\Windows\System\VtaBuYy.exe
  C:\Windows\System\VtaBuYy.exe
  2⤵
  PID:3336
- C:\Windows\System\QoaFDlX.exe
  C:\Windows\System\QoaFDlX.exe
  2⤵
  PID:3320
- C:\Windows\System\XajfykS.exe
  C:\Windows\System\XajfykS.exe
  2⤵
  PID:3364
- C:\Windows\System\XPmCWrh.exe
  C:\Windows\System\XPmCWrh.exe
  2⤵
  PID:3416
- C:\Windows\System\DxsNIsu.exe
  C:\Windows\System\DxsNIsu.exe
  2⤵
  PID:3468
- C:\Windows\System\cZxnDHI.exe
  C:\Windows\System\cZxnDHI.exe
  2⤵
  PID:3448
- C:\Windows\System\eqZvHyf.exe
  C:\Windows\System\eqZvHyf.exe
  2⤵
  PID:3480
- C:\Windows\System\pIZbiiA.exe
  C:\Windows\System\pIZbiiA.exe
  2⤵
  PID:3544
- C:\Windows\System\hehPyKh.exe
  C:\Windows\System\hehPyKh.exe
  2⤵
  PID:3588
- C:\Windows\System\VEliOGL.exe
  C:\Windows\System\VEliOGL.exe
  2⤵
  PID:3628
- C:\Windows\System\SQbKMhT.exe
  C:\Windows\System\SQbKMhT.exe
  2⤵
  PID:3600
- C:\Windows\System\oGSWrXM.exe
  C:\Windows\System\oGSWrXM.exe
  2⤵
  PID:3640
- C:\Windows\System\REcJCvT.exe
  C:\Windows\System\REcJCvT.exe
  2⤵
  PID:3684
- C:\Windows\System\tifODHt.exe
  C:\Windows\System\tifODHt.exe
  2⤵
  PID:3732
- C:\Windows\System\KgaItOF.exe
  C:\Windows\System\KgaItOF.exe
  2⤵
  PID:3792
- C:\Windows\System\tJGNYCK.exe
  C:\Windows\System\tJGNYCK.exe
  2⤵
  PID:3828
- C:\Windows\System\cVmzAZh.exe
  C:\Windows\System\cVmzAZh.exe
  2⤵
  PID:3868
- C:\Windows\System\fbbVSJS.exe
  C:\Windows\System\fbbVSJS.exe
  2⤵
  PID:3844
- C:\Windows\System\AWlXLHa.exe
  C:\Windows\System\AWlXLHa.exe
  2⤵
  PID:3888
- C:\Windows\System\uaflxRm.exe
  C:\Windows\System\uaflxRm.exe
  2⤵
  PID:3932
- C:\Windows\System\VzioKWp.exe
  C:\Windows\System\VzioKWp.exe
  2⤵
  PID:4004
- C:\Windows\System\uexryry.exe
  C:\Windows\System\uexryry.exe
  2⤵
  PID:4044
- C:\Windows\System\WEGWinm.exe
  C:\Windows\System\WEGWinm.exe
  2⤵
  PID:4080
- C:\Windows\System\DraLjPX.exe
  C:\Windows\System\DraLjPX.exe
  2⤵
  PID:1364
- C:\Windows\System\oWdkIjp.exe
  C:\Windows\System\oWdkIjp.exe
  2⤵
  PID:2064
- C:\Windows\System\yisaeUg.exe
  C:\Windows\System\yisaeUg.exe
  2⤵
  PID:884
- C:\Windows\System\NDzgGus.exe
  C:\Windows\System\NDzgGus.exe
  2⤵
  PID:780
- C:\Windows\System\pCFPWBC.exe
  C:\Windows\System\pCFPWBC.exe
  2⤵
  PID:3716
- C:\Windows\System\xsSLCcB.exe
  C:\Windows\System\xsSLCcB.exe
  2⤵
  PID:1516
- C:\Windows\System\FNbSJaw.exe
  C:\Windows\System\FNbSJaw.exe
  2⤵
  PID:2796
- C:\Windows\System\SNLfISZ.exe
  C:\Windows\System\SNLfISZ.exe
  2⤵
  PID:2432
- C:\Windows\System\QGCglAW.exe
  C:\Windows\System\QGCglAW.exe
  2⤵
  PID:2952
- C:\Windows\System\WYlWLLG.exe
  C:\Windows\System\WYlWLLG.exe
  2⤵
  PID:2180
- C:\Windows\System\gYATIbz.exe
  C:\Windows\System\gYATIbz.exe
  2⤵
  PID:3164
- C:\Windows\System\DPqtVdg.exe
  C:\Windows\System\DPqtVdg.exe
  2⤵
  PID:3272
- C:\Windows\System\eDeMxRx.exe
  C:\Windows\System\eDeMxRx.exe
  2⤵
  PID:3200
- C:\Windows\System\lbPsCeV.exe
  C:\Windows\System\lbPsCeV.exe
  2⤵
  PID:3280
- C:\Windows\System\dMySBjZ.exe
  C:\Windows\System\dMySBjZ.exe
  2⤵
  PID:3316
- C:\Windows\System\kfrNrMm.exe
  C:\Windows\System\kfrNrMm.exe
  2⤵
  PID:3444
- C:\Windows\System\jGlFBPq.exe
  C:\Windows\System\jGlFBPq.exe
  2⤵
  PID:3400
- C:\Windows\System\RBhjGUb.exe
  C:\Windows\System\RBhjGUb.exe
  2⤵
  PID:3460
- C:\Windows\System\rKzJzYa.exe
  C:\Windows\System\rKzJzYa.exe
  2⤵
  PID:3608
- C:\Windows\System\ucrxPmj.exe
  C:\Windows\System\ucrxPmj.exe
  2⤵
  PID:3748
- C:\Windows\System\MhRucay.exe
  C:\Windows\System\MhRucay.exe
  2⤵
  PID:3700
- C:\Windows\System\YkuLRgZ.exe
  C:\Windows\System\YkuLRgZ.exe
  2⤵
  PID:3808
- C:\Windows\System\tOqyNht.exe
  C:\Windows\System\tOqyNht.exe
  2⤵
  PID:3768
- C:\Windows\System\CwNOYIA.exe
  C:\Windows\System\CwNOYIA.exe
  2⤵
  PID:3984
- C:\Windows\System\pOBwGCJ.exe
  C:\Windows\System\pOBwGCJ.exe
  2⤵
  PID:3924
- C:\Windows\System\qsehTLw.exe
  C:\Windows\System\qsehTLw.exe
  2⤵
  PID:4008
- C:\Windows\System\yNKBXcq.exe
  C:\Windows\System\yNKBXcq.exe
  2⤵
  PID:4092
- C:\Windows\System\XMDgzqK.exe
  C:\Windows\System\XMDgzqK.exe
  2⤵
  PID:4052
- C:\Windows\System\VmJTQjB.exe
  C:\Windows\System\VmJTQjB.exe
  2⤵
  PID:1736
- C:\Windows\System\TWSYHcD.exe
  C:\Windows\System\TWSYHcD.exe
  2⤵
  PID:4104
- C:\Windows\System\memxxMJ.exe
  C:\Windows\System\memxxMJ.exe
  2⤵
  PID:4128
- C:\Windows\System\cDMSBuo.exe
  C:\Windows\System\cDMSBuo.exe
  2⤵
  PID:4144
- C:\Windows\System\OAiewrM.exe
  C:\Windows\System\OAiewrM.exe
  2⤵
  PID:4168
- C:\Windows\System\HAsUPIw.exe
  C:\Windows\System\HAsUPIw.exe
  2⤵
  PID:4188
- C:\Windows\System\gaomoHP.exe
  C:\Windows\System\gaomoHP.exe
  2⤵
  PID:4212
- C:\Windows\System\RDDMmuL.exe
  C:\Windows\System\RDDMmuL.exe
  2⤵
  PID:4232
- C:\Windows\System\pctVjnH.exe
  C:\Windows\System\pctVjnH.exe
  2⤵
  PID:4252
- C:\Windows\System\OOptpzx.exe
  C:\Windows\System\OOptpzx.exe
  2⤵
  PID:4272
- C:\Windows\System\UBNKOie.exe
  C:\Windows\System\UBNKOie.exe
  2⤵
  PID:4288
- C:\Windows\System\TcZPZfC.exe
  C:\Windows\System\TcZPZfC.exe
  2⤵
  PID:4308
- C:\Windows\System\MgEZwDb.exe
  C:\Windows\System\MgEZwDb.exe
  2⤵
  PID:4324
- C:\Windows\System\teALmLH.exe
  C:\Windows\System\teALmLH.exe
  2⤵
  PID:4344
- C:\Windows\System\GrMnLqJ.exe
  C:\Windows\System\GrMnLqJ.exe
  2⤵
  PID:4368
- C:\Windows\System\XzsFhJi.exe
  C:\Windows\System\XzsFhJi.exe
  2⤵
  PID:4388
- C:\Windows\System\iFezscF.exe
  C:\Windows\System\iFezscF.exe
  2⤵
  PID:4412
- C:\Windows\System\TOILKoa.exe
  C:\Windows\System\TOILKoa.exe
  2⤵
  PID:4428
- C:\Windows\System\zstViHH.exe
  C:\Windows\System\zstViHH.exe
  2⤵
  PID:4448
- C:\Windows\System\WdnTOxc.exe
  C:\Windows\System\WdnTOxc.exe
  2⤵
  PID:4464
- C:\Windows\System\gDrtBSs.exe
  C:\Windows\System\gDrtBSs.exe
  2⤵
  PID:4484
- C:\Windows\System\JJFOPuK.exe
  C:\Windows\System\JJFOPuK.exe
  2⤵
  PID:4504
- C:\Windows\System\xfBOoXy.exe
  C:\Windows\System\xfBOoXy.exe
  2⤵
  PID:4532
- C:\Windows\System\TlOoNnZ.exe
  C:\Windows\System\TlOoNnZ.exe
  2⤵
  PID:4552
- C:\Windows\System\pkcozoY.exe
  C:\Windows\System\pkcozoY.exe
  2⤵
  PID:4572
- C:\Windows\System\nnJqeQL.exe
  C:\Windows\System\nnJqeQL.exe
  2⤵
  PID:4588
- C:\Windows\System\ucxOhKa.exe
  C:\Windows\System\ucxOhKa.exe
  2⤵
  PID:4612
- C:\Windows\System\qbjlIwc.exe
  C:\Windows\System\qbjlIwc.exe
  2⤵
  PID:4632
- C:\Windows\System\ixgsumQ.exe
  C:\Windows\System\ixgsumQ.exe
  2⤵
  PID:4652
- C:\Windows\System\lAEpicK.exe
  C:\Windows\System\lAEpicK.exe
  2⤵
  PID:4672
- C:\Windows\System\NEcYHrd.exe
  C:\Windows\System\NEcYHrd.exe
  2⤵
  PID:4692
- C:\Windows\System\FUaVoVr.exe
  C:\Windows\System\FUaVoVr.exe
  2⤵
  PID:4712
- C:\Windows\System\jHdctln.exe
  C:\Windows\System\jHdctln.exe
  2⤵
  PID:4732
- C:\Windows\System\GzqMVsW.exe
  C:\Windows\System\GzqMVsW.exe
  2⤵
  PID:4748
- C:\Windows\System\WixxXAP.exe
  C:\Windows\System\WixxXAP.exe
  2⤵
  PID:4768
- C:\Windows\System\TibHiHD.exe
  C:\Windows\System\TibHiHD.exe
  2⤵
  PID:4788
- C:\Windows\System\DTYVDyb.exe
  C:\Windows\System\DTYVDyb.exe
  2⤵
  PID:4808
- C:\Windows\System\YWRWeei.exe
  C:\Windows\System\YWRWeei.exe
  2⤵
  PID:4828
- C:\Windows\System\tnCVcxJ.exe
  C:\Windows\System\tnCVcxJ.exe
  2⤵
  PID:4848
- C:\Windows\System\EnIeloA.exe
  C:\Windows\System\EnIeloA.exe
  2⤵
  PID:4868
- C:\Windows\System\AIMoVNA.exe
  C:\Windows\System\AIMoVNA.exe
  2⤵
  PID:4892
- C:\Windows\System\bePcfqJ.exe
  C:\Windows\System\bePcfqJ.exe
  2⤵
  PID:4912
- C:\Windows\System\JsdcTwB.exe
  C:\Windows\System\JsdcTwB.exe
  2⤵
  PID:4936
- C:\Windows\System\QscKFDy.exe
  C:\Windows\System\QscKFDy.exe
  2⤵
  PID:4956
- C:\Windows\System\DVMrlhq.exe
  C:\Windows\System\DVMrlhq.exe
  2⤵
  PID:4976
- C:\Windows\System\ZiNVgQi.exe
  C:\Windows\System\ZiNVgQi.exe
  2⤵
  PID:5000
- C:\Windows\System\lyQFXoQ.exe
  C:\Windows\System\lyQFXoQ.exe
  2⤵
  PID:5024
- C:\Windows\System\TgNIKNI.exe
  C:\Windows\System\TgNIKNI.exe
  2⤵
  PID:5040
- C:\Windows\System\WyCLVtm.exe
  C:\Windows\System\WyCLVtm.exe
  2⤵
  PID:5064
- C:\Windows\System\yOiUBYN.exe
  C:\Windows\System\yOiUBYN.exe
  2⤵
  PID:5084
- C:\Windows\System\DEABmxk.exe
  C:\Windows\System\DEABmxk.exe
  2⤵
  PID:5104
- C:\Windows\System\nRlBOTK.exe
  C:\Windows\System\nRlBOTK.exe
  2⤵
  PID:2516
- C:\Windows\System\CBlwFzB.exe
  C:\Windows\System\CBlwFzB.exe
  2⤵
  PID:1628
- C:\Windows\System\zTyVuAS.exe
  C:\Windows\System\zTyVuAS.exe
  2⤵
  PID:1772
- C:\Windows\System\UfTjvbV.exe
  C:\Windows\System\UfTjvbV.exe
  2⤵
  PID:2924
- C:\Windows\System\pkySjbW.exe
  C:\Windows\System\pkySjbW.exe
  2⤵
  PID:2460
- C:\Windows\System\zGIcLnw.exe
  C:\Windows\System\zGIcLnw.exe
  2⤵
  PID:3332
- C:\Windows\System\YWxEVVf.exe
  C:\Windows\System\YWxEVVf.exe
  2⤵
  PID:3244
- C:\Windows\System\XHRVWDg.exe
  C:\Windows\System\XHRVWDg.exe
  2⤵
  PID:3548
- C:\Windows\System\zRdxVFw.exe
  C:\Windows\System\zRdxVFw.exe
  2⤵
  PID:3464
- C:\Windows\System\wpnSeCY.exe
  C:\Windows\System\wpnSeCY.exe
  2⤵
  PID:3568
- C:\Windows\System\bzSIhgJ.exe
  C:\Windows\System\bzSIhgJ.exe
  2⤵
  PID:3712
- C:\Windows\System\zdhsnnf.exe
  C:\Windows\System\zdhsnnf.exe
  2⤵
  PID:3864
- C:\Windows\System\AWDDslO.exe
  C:\Windows\System\AWDDslO.exe
  2⤵
  PID:3728
- C:\Windows\System\rxOIxqU.exe
  C:\Windows\System\rxOIxqU.exe
  2⤵
  PID:3908
- C:\Windows\System\xEqxoBd.exe
  C:\Windows\System\xEqxoBd.exe
  2⤵
  PID:952
- C:\Windows\System\lPXjzOs.exe
  C:\Windows\System\lPXjzOs.exe
  2⤵
  PID:4116
- C:\Windows\System\IlnuxbM.exe
  C:\Windows\System\IlnuxbM.exe
  2⤵
  PID:4152
- C:\Windows\System\lkiltDE.exe
  C:\Windows\System\lkiltDE.exe
  2⤵
  PID:4136
- C:\Windows\System\pDctgaW.exe
  C:\Windows\System\pDctgaW.exe
  2⤵
  PID:4208
- C:\Windows\System\YdOEsne.exe
  C:\Windows\System\YdOEsne.exe
  2⤵
  PID:4244
- C:\Windows\System\apIGYkb.exe
  C:\Windows\System\apIGYkb.exe
  2⤵
  PID:4228
- C:\Windows\System\CqeGKLc.exe
  C:\Windows\System\CqeGKLc.exe
  2⤵
  PID:4316
- C:\Windows\System\rUfTJZw.exe
  C:\Windows\System\rUfTJZw.exe
  2⤵
  PID:4352
- C:\Windows\System\CKPYHDk.exe
  C:\Windows\System\CKPYHDk.exe
  2⤵
  PID:4340
- C:\Windows\System\GAqkkKz.exe
  C:\Windows\System\GAqkkKz.exe
  2⤵
  PID:4376
- C:\Windows\System\hhTfGAw.exe
  C:\Windows\System\hhTfGAw.exe
  2⤵
  PID:4444
- C:\Windows\System\EVnjoia.exe
  C:\Windows\System\EVnjoia.exe
  2⤵
  PID:3944
- C:\Windows\System\xtwpmFI.exe
  C:\Windows\System\xtwpmFI.exe
  2⤵
  PID:4456
- C:\Windows\System\edxuSLR.exe
  C:\Windows\System\edxuSLR.exe
  2⤵
  PID:4528
- C:\Windows\System\zuCcuHn.exe
  C:\Windows\System\zuCcuHn.exe
  2⤵
  PID:4540
- C:\Windows\System\ouqEfkr.exe
  C:\Windows\System\ouqEfkr.exe
  2⤵
  PID:4600
- C:\Windows\System\xZkFfLC.exe
  C:\Windows\System\xZkFfLC.exe
  2⤵
  PID:4584
- C:\Windows\System\czPbtNj.exe
  C:\Windows\System\czPbtNj.exe
  2⤵
  PID:4628
- C:\Windows\System\rfRJlQe.exe
  C:\Windows\System\rfRJlQe.exe
  2⤵
  PID:4668
- C:\Windows\System\luvjqWm.exe
  C:\Windows\System\luvjqWm.exe
  2⤵
  PID:4704
- C:\Windows\System\fOYxyRd.exe
  C:\Windows\System\fOYxyRd.exe
  2⤵
  PID:4764
- C:\Windows\System\APPYPAV.exe
  C:\Windows\System\APPYPAV.exe
  2⤵
  PID:4780
- C:\Windows\System\fERiaNZ.exe
  C:\Windows\System\fERiaNZ.exe
  2⤵
  PID:4840
- C:\Windows\System\jhBLeGM.exe
  C:\Windows\System\jhBLeGM.exe
  2⤵
  PID:4876
- C:\Windows\System\qIkIAgS.exe
  C:\Windows\System\qIkIAgS.exe
  2⤵
  PID:4880
- C:\Windows\System\tpTSvTM.exe
  C:\Windows\System\tpTSvTM.exe
  2⤵
  PID:4928
- C:\Windows\System\jaWEoVl.exe
  C:\Windows\System\jaWEoVl.exe
  2⤵
  PID:4944
- C:\Windows\System\xTDthjG.exe
  C:\Windows\System\xTDthjG.exe
  2⤵
  PID:4984
- C:\Windows\System\JtQfrjA.exe
  C:\Windows\System\JtQfrjA.exe
  2⤵
  PID:5052
- C:\Windows\System\hDUlfKD.exe
  C:\Windows\System\hDUlfKD.exe
  2⤵
  PID:5036
- C:\Windows\System\ZApzJSi.exe
  C:\Windows\System\ZApzJSi.exe
  2⤵
  PID:5096
- C:\Windows\System\hrBAEHQ.exe
  C:\Windows\System\hrBAEHQ.exe
  2⤵
  PID:5116
- C:\Windows\System\psxsGnq.exe
  C:\Windows\System\psxsGnq.exe
  2⤵
  PID:2604
- C:\Windows\System\KfrkulW.exe
  C:\Windows\System\KfrkulW.exe
  2⤵
  PID:3136
- C:\Windows\System\WwaJBxm.exe
  C:\Windows\System\WwaJBxm.exe
  2⤵
  PID:3380
- C:\Windows\System\UTJtJYh.exe
  C:\Windows\System\UTJtJYh.exe
  2⤵
  PID:3276
- C:\Windows\System\ynHVigE.exe
  C:\Windows\System\ynHVigE.exe
  2⤵
  PID:3192
- C:\Windows\System\PTKDyae.exe
  C:\Windows\System\PTKDyae.exe
  2⤵
  PID:3784
- C:\Windows\System\phfZLOP.exe
  C:\Windows\System\phfZLOP.exe
  2⤵
  PID:3872
- C:\Windows\System\HXGmHNu.exe
  C:\Windows\System\HXGmHNu.exe
  2⤵
  PID:1792
- C:\Windows\System\lAvtHUd.exe
  C:\Windows\System\lAvtHUd.exe
  2⤵
  PID:3968
- C:\Windows\System\rWdeyEv.exe
  C:\Windows\System\rWdeyEv.exe
  2⤵
  PID:4160
- C:\Windows\System\uYoxOEw.exe
  C:\Windows\System\uYoxOEw.exe
  2⤵
  PID:2588
- C:\Windows\System\ZdOyvEY.exe
  C:\Windows\System\ZdOyvEY.exe
  2⤵
  PID:4220
- C:\Windows\System\LTlkGfh.exe
  C:\Windows\System\LTlkGfh.exe
  2⤵
  PID:4360
- C:\Windows\System\WGZOEri.exe
  C:\Windows\System\WGZOEri.exe
  2⤵
  PID:4436
- C:\Windows\System\UMVyovn.exe
  C:\Windows\System\UMVyovn.exe
  2⤵
  PID:4496
- C:\Windows\System\IzkcIHC.exe
  C:\Windows\System\IzkcIHC.exe
  2⤵
  PID:4476
- C:\Windows\System\FZqGYiS.exe
  C:\Windows\System\FZqGYiS.exe
  2⤵
  PID:4480
- C:\Windows\System\krHFgsu.exe
  C:\Windows\System\krHFgsu.exe
  2⤵
  PID:4660
- C:\Windows\System\QZJJmzr.exe
  C:\Windows\System\QZJJmzr.exe
  2⤵
  PID:2540
- C:\Windows\System\NGnpsDL.exe
  C:\Windows\System\NGnpsDL.exe
  2⤵
  PID:4624
- C:\Windows\System\ybwFacl.exe
  C:\Windows\System\ybwFacl.exe
  2⤵
  PID:4728
- C:\Windows\System\jQDVFcU.exe
  C:\Windows\System\jQDVFcU.exe
  2⤵
  PID:4796
- C:\Windows\System\ZaeSnKn.exe
  C:\Windows\System\ZaeSnKn.exe
  2⤵
  PID:4904
- C:\Windows\System\qwaNUMe.exe
  C:\Windows\System\qwaNUMe.exe
  2⤵
  PID:4908
- C:\Windows\System\BBAasoZ.exe
  C:\Windows\System\BBAasoZ.exe
  2⤵
  PID:5048
- C:\Windows\System\KRwpGLs.exe
  C:\Windows\System\KRwpGLs.exe
  2⤵
  PID:5056
- C:\Windows\System\XFVqsse.exe
  C:\Windows\System\XFVqsse.exe
  2⤵
  PID:3360
- C:\Windows\System\TYEopkk.exe
  C:\Windows\System\TYEopkk.exe
  2⤵
  PID:292
- C:\Windows\System\GRCPPvs.exe
  C:\Windows\System\GRCPPvs.exe
  2⤵
  PID:3096
- C:\Windows\System\QSegYTi.exe
  C:\Windows\System\QSegYTi.exe
  2⤵
  PID:3256
- C:\Windows\System\uHhxjBq.exe
  C:\Windows\System\uHhxjBq.exe
  2⤵
  PID:3772
- C:\Windows\System\FpgvJCj.exe
  C:\Windows\System\FpgvJCj.exe
  2⤵
  PID:5132
- C:\Windows\System\MixAWrf.exe
  C:\Windows\System\MixAWrf.exe
  2⤵
  PID:5148
- C:\Windows\System\tNIXdVd.exe
  C:\Windows\System\tNIXdVd.exe
  2⤵
  PID:5164
- C:\Windows\System\BWzeIDe.exe
  C:\Windows\System\BWzeIDe.exe
  2⤵
  PID:5180
- C:\Windows\System\fSxPyAj.exe
  C:\Windows\System\fSxPyAj.exe
  2⤵
  PID:5208
- C:\Windows\System\mPqijsw.exe
  C:\Windows\System\mPqijsw.exe
  2⤵
  PID:5228
- C:\Windows\System\zolBElP.exe
  C:\Windows\System\zolBElP.exe
  2⤵
  PID:5244
- C:\Windows\System\mOasUxF.exe
  C:\Windows\System\mOasUxF.exe
  2⤵
  PID:5264
- C:\Windows\System\eQIxxhX.exe
  C:\Windows\System\eQIxxhX.exe
  2⤵
  PID:5284
- C:\Windows\System\EUpnmjN.exe
  C:\Windows\System\EUpnmjN.exe
  2⤵
  PID:5300
- C:\Windows\System\mgqqfSZ.exe
  C:\Windows\System\mgqqfSZ.exe
  2⤵
  PID:5320
- C:\Windows\System\ifjwSnX.exe
  C:\Windows\System\ifjwSnX.exe
  2⤵
  PID:5336
- C:\Windows\System\nwnhIrQ.exe
  C:\Windows\System\nwnhIrQ.exe
  2⤵
  PID:5356
- C:\Windows\System\OxLEcow.exe
  C:\Windows\System\OxLEcow.exe
  2⤵
  PID:5376
- C:\Windows\System\ewvkdfb.exe
  C:\Windows\System\ewvkdfb.exe
  2⤵
  PID:5392
- C:\Windows\System\WqcJbvx.exe
  C:\Windows\System\WqcJbvx.exe
  2⤵
  PID:5408
- C:\Windows\System\TJjCkug.exe
  C:\Windows\System\TJjCkug.exe
  2⤵
  PID:5432
- C:\Windows\System\XfZDqyf.exe
  C:\Windows\System\XfZDqyf.exe
  2⤵
  PID:5456
- C:\Windows\System\okOvjWl.exe
  C:\Windows\System\okOvjWl.exe
  2⤵
  PID:5472
- C:\Windows\System\pEoEvWP.exe
  C:\Windows\System\pEoEvWP.exe
  2⤵
  PID:5492
- C:\Windows\System\FbwaHgt.exe
  C:\Windows\System\FbwaHgt.exe
  2⤵
  PID:5508
- C:\Windows\System\CjFpUQV.exe
  C:\Windows\System\CjFpUQV.exe
  2⤵
  PID:5532
- C:\Windows\System\gnHGDAc.exe
  C:\Windows\System\gnHGDAc.exe
  2⤵
  PID:5560
- C:\Windows\System\LsANRQW.exe
  C:\Windows\System\LsANRQW.exe
  2⤵
  PID:5580
- C:\Windows\System\sjPMxpR.exe
  C:\Windows\System\sjPMxpR.exe
  2⤵
  PID:5596
- C:\Windows\System\GkIExJt.exe
  C:\Windows\System\GkIExJt.exe
  2⤵
  PID:5616
- C:\Windows\System\AfdYWgB.exe
  C:\Windows\System\AfdYWgB.exe
  2⤵
  PID:5644
- C:\Windows\System\YUVnNbg.exe
  C:\Windows\System\YUVnNbg.exe
  2⤵
  PID:5668
- C:\Windows\System\BUfHmcp.exe
  C:\Windows\System\BUfHmcp.exe
  2⤵
  PID:5684
- C:\Windows\System\igbDvfM.exe
  C:\Windows\System\igbDvfM.exe
  2⤵
  PID:5704
- C:\Windows\System\xnKbHyy.exe
  C:\Windows\System\xnKbHyy.exe
  2⤵
  PID:5728
- C:\Windows\System\hETfAoZ.exe
  C:\Windows\System\hETfAoZ.exe
  2⤵
  PID:5752
- C:\Windows\System\huucbnv.exe
  C:\Windows\System\huucbnv.exe
  2⤵
  PID:5768
- C:\Windows\System\QHRmWKI.exe
  C:\Windows\System\QHRmWKI.exe
  2⤵
  PID:5792
- C:\Windows\System\uLZZZTt.exe
  C:\Windows\System\uLZZZTt.exe
  2⤵
  PID:5812
- C:\Windows\System\ZKJHAao.exe
  C:\Windows\System\ZKJHAao.exe
  2⤵
  PID:5832
- C:\Windows\System\MsCHeKo.exe
  C:\Windows\System\MsCHeKo.exe
  2⤵
  PID:5856
- C:\Windows\System\pzXNXPn.exe
  C:\Windows\System\pzXNXPn.exe
  2⤵
  PID:5876
- C:\Windows\System\NdXRxby.exe
  C:\Windows\System\NdXRxby.exe
  2⤵
  PID:5892
- C:\Windows\System\DhbqVYa.exe
  C:\Windows\System\DhbqVYa.exe
  2⤵
  PID:5912
- C:\Windows\System\EfMpjWv.exe
  C:\Windows\System\EfMpjWv.exe
  2⤵
  PID:5932
- C:\Windows\System\FYmckoD.exe
  C:\Windows\System\FYmckoD.exe
  2⤵
  PID:5956
- C:\Windows\System\gLMtfvB.exe
  C:\Windows\System\gLMtfvB.exe
  2⤵
  PID:5976
- C:\Windows\System\IxkYdvp.exe
  C:\Windows\System\IxkYdvp.exe
  2⤵
  PID:5996
- C:\Windows\System\PmkFLfS.exe
  C:\Windows\System\PmkFLfS.exe
  2⤵
  PID:6012
- C:\Windows\System\aLiqNnT.exe
  C:\Windows\System\aLiqNnT.exe
  2⤵
  PID:6032
- C:\Windows\System\pVRJXJY.exe
  C:\Windows\System\pVRJXJY.exe
  2⤵
  PID:6056
- C:\Windows\System\fGqWHVS.exe
  C:\Windows\System\fGqWHVS.exe
  2⤵
  PID:6076
- C:\Windows\System\kUcIPUQ.exe
  C:\Windows\System\kUcIPUQ.exe
  2⤵
  PID:6092
- C:\Windows\System\jnZxLOe.exe
  C:\Windows\System\jnZxLOe.exe
  2⤵
  PID:6112
- C:\Windows\System\fIHZjmP.exe
  C:\Windows\System\fIHZjmP.exe
  2⤵
  PID:6132
- C:\Windows\System\SCDdpqr.exe
  C:\Windows\System\SCDdpqr.exe
  2⤵
  PID:4032
- C:\Windows\System\KOBLrpn.exe
  C:\Windows\System\KOBLrpn.exe
  2⤵
  PID:3564
- C:\Windows\System\qqRHeCl.exe
  C:\Windows\System\qqRHeCl.exe
  2⤵
  PID:4184
- C:\Windows\System\uWIjwXg.exe
  C:\Windows\System\uWIjwXg.exe
  2⤵
  PID:4400
- C:\Windows\System\ntyJJhn.exe
  C:\Windows\System\ntyJJhn.exe
  2⤵
  PID:4580
- C:\Windows\System\ihBiLAm.exe
  C:\Windows\System\ihBiLAm.exe
  2⤵
  PID:4740
- C:\Windows\System\jsYxINB.exe
  C:\Windows\System\jsYxINB.exe
  2⤵
  PID:4240
- C:\Windows\System\rYmgeGl.exe
  C:\Windows\System\rYmgeGl.exe
  2⤵
  PID:4472
- C:\Windows\System\JJEwDKC.exe
  C:\Windows\System\JJEwDKC.exe
  2⤵
  PID:4520
- C:\Windows\System\CJFLXfG.exe
  C:\Windows\System\CJFLXfG.exe
  2⤵
  PID:4708
- C:\Windows\System\uhfmSsG.exe
  C:\Windows\System\uhfmSsG.exe
  2⤵
  PID:4864
- C:\Windows\System\MTDvBxL.exe
  C:\Windows\System\MTDvBxL.exe
  2⤵
  PID:5076
- C:\Windows\System\TVLzAea.exe
  C:\Windows\System\TVLzAea.exe
  2⤵
  PID:1404
- C:\Windows\System\qGNFKwy.exe
  C:\Windows\System\qGNFKwy.exe
  2⤵
  PID:5144
- C:\Windows\System\XVkLjzI.exe
  C:\Windows\System\XVkLjzI.exe
  2⤵
  PID:4816
- C:\Windows\System\oZIVgAK.exe
  C:\Windows\System\oZIVgAK.exe
  2⤵
  PID:5032
- C:\Windows\System\EEJVUWb.exe
  C:\Windows\System\EEJVUWb.exe
  2⤵
  PID:3508
- C:\Windows\System\MSiQetr.exe
  C:\Windows\System\MSiQetr.exe
  2⤵
  PID:5156
- C:\Windows\System\WjdYmyI.exe
  C:\Windows\System\WjdYmyI.exe
  2⤵
  PID:5256
- C:\Windows\System\fQIbRiU.exe
  C:\Windows\System\fQIbRiU.exe
  2⤵
  PID:5200
- C:\Windows\System\HaEZlvO.exe
  C:\Windows\System\HaEZlvO.exe
  2⤵
  PID:5332
- C:\Windows\System\qwwklmj.exe
  C:\Windows\System\qwwklmj.exe
  2⤵
  PID:5404
- C:\Windows\System\RwxtOnJ.exe
  C:\Windows\System\RwxtOnJ.exe
  2⤵
  PID:5276
- C:\Windows\System\wPIbxQX.exe
  C:\Windows\System\wPIbxQX.exe
  2⤵
  PID:5452
- C:\Windows\System\auXSkiV.exe
  C:\Windows\System\auXSkiV.exe
  2⤵
  PID:5280
- C:\Windows\System\uFLeBAV.exe
  C:\Windows\System\uFLeBAV.exe
  2⤵
  PID:5348
- C:\Windows\System\cpNGvgU.exe
  C:\Windows\System\cpNGvgU.exe
  2⤵
  PID:5520
- C:\Windows\System\VXGteKA.exe
  C:\Windows\System\VXGteKA.exe
  2⤵
  PID:5576
- C:\Windows\System\WtVzUMv.exe
  C:\Windows\System\WtVzUMv.exe
  2⤵
  PID:5604
- C:\Windows\System\kwmMdxa.exe
  C:\Windows\System\kwmMdxa.exe
  2⤵
  PID:5664
- C:\Windows\System\RViDDsH.exe
  C:\Windows\System\RViDDsH.exe
  2⤵
  PID:5556
- C:\Windows\System\VFDTFNJ.exe
  C:\Windows\System\VFDTFNJ.exe
  2⤵
  PID:5696
- C:\Windows\System\PeMlfSH.exe
  C:\Windows\System\PeMlfSH.exe
  2⤵
  PID:5636
- C:\Windows\System\MGfAlqS.exe
  C:\Windows\System\MGfAlqS.exe
  2⤵
  PID:5676
- C:\Windows\System\boNGtBe.exe
  C:\Windows\System\boNGtBe.exe
  2⤵
  PID:5788
- C:\Windows\System\svpqxLJ.exe
  C:\Windows\System\svpqxLJ.exe
  2⤵
  PID:5716
- C:\Windows\System\daSXPUY.exe
  C:\Windows\System\daSXPUY.exe
  2⤵
  PID:5764
- C:\Windows\System\KrUuvJH.exe
  C:\Windows\System\KrUuvJH.exe
  2⤵
  PID:5908
- C:\Windows\System\JOVWnNq.exe
  C:\Windows\System\JOVWnNq.exe
  2⤵
  PID:5944
- C:\Windows\System\uzuxEee.exe
  C:\Windows\System\uzuxEee.exe
  2⤵
  PID:5848
- C:\Windows\System\cQIJTlB.exe
  C:\Windows\System\cQIJTlB.exe
  2⤵
  PID:5920
- C:\Windows\System\kuTStIK.exe
  C:\Windows\System\kuTStIK.exe
  2⤵
  PID:5928
- C:\Windows\System\ZvFuGJo.exe
  C:\Windows\System\ZvFuGJo.exe
  2⤵
  PID:6028
- C:\Windows\System\tMdPFtv.exe
  C:\Windows\System\tMdPFtv.exe
  2⤵
  PID:6044
- C:\Windows\System\rSpuOvQ.exe
  C:\Windows\System\rSpuOvQ.exe
  2⤵
  PID:6108
- C:\Windows\System\XYXoGci.exe
  C:\Windows\System\XYXoGci.exe
  2⤵
  PID:4084
- C:\Windows\System\yzbGILk.exe
  C:\Windows\System\yzbGILk.exe
  2⤵
  PID:4604
- C:\Windows\System\gmOWMzA.exe
  C:\Windows\System\gmOWMzA.exe
  2⤵
  PID:6124
- C:\Windows\System\MRJHiGw.exe
  C:\Windows\System\MRJHiGw.exe
  2⤵
  PID:4204
- C:\Windows\System\rTErdSE.exe
  C:\Windows\System\rTErdSE.exe
  2⤵
  PID:3912
- C:\Windows\System\ZFyuwID.exe
  C:\Windows\System\ZFyuwID.exe
  2⤵
  PID:4884
- C:\Windows\System\PPKqFeh.exe
  C:\Windows\System\PPKqFeh.exe
  2⤵
  PID:5176
- C:\Windows\System\XlXoOHy.exe
  C:\Windows\System\XlXoOHy.exe
  2⤵
  PID:4516
- C:\Windows\System\wmtjXvF.exe
  C:\Windows\System\wmtjXvF.exe
  2⤵
  PID:4964
- C:\Windows\System\YmqQrTk.exe
  C:\Windows\System\YmqQrTk.exe
  2⤵
  PID:3964
- C:\Windows\System\bTqEHTz.exe
  C:\Windows\System\bTqEHTz.exe
  2⤵
  PID:5020
- C:\Windows\System\SiseuZs.exe
  C:\Windows\System\SiseuZs.exe
  2⤵
  PID:5220
- C:\Windows\System\OfCLdda.exe
  C:\Windows\System\OfCLdda.exe
  2⤵
  PID:5328
- C:\Windows\System\ortsDEq.exe
  C:\Windows\System\ortsDEq.exe
  2⤵
  PID:5440
- C:\Windows\System\kqevMOf.exe
  C:\Windows\System\kqevMOf.exe
  2⤵
  PID:5428
- C:\Windows\System\QCmpyhQ.exe
  C:\Windows\System\QCmpyhQ.exe
  2⤵
  PID:5312
- C:\Windows\System\mIDkuRf.exe
  C:\Windows\System\mIDkuRf.exe
  2⤵
  PID:5484
- C:\Windows\System\JCsGFOR.exe
  C:\Windows\System\JCsGFOR.exe
  2⤵
  PID:5548
- C:\Windows\System\jXmdwIN.exe
  C:\Windows\System\jXmdwIN.exe
  2⤵
  PID:5468
- C:\Windows\System\QBBTNpW.exe
  C:\Windows\System\QBBTNpW.exe
  2⤵
  PID:5628
- C:\Windows\System\LPsYxXy.exe
  C:\Windows\System\LPsYxXy.exe
  2⤵
  PID:5780
- C:\Windows\System\owsRtFy.exe
  C:\Windows\System\owsRtFy.exe
  2⤵
  PID:5744
- C:\Windows\System\XNKewiD.exe
  C:\Windows\System\XNKewiD.exe
  2⤵
  PID:5940
- C:\Windows\System\YXtrAhf.exe
  C:\Windows\System\YXtrAhf.exe
  2⤵
  PID:5992
- C:\Windows\System\QdcreIG.exe
  C:\Windows\System\QdcreIG.exe
  2⤵
  PID:5820
- C:\Windows\System\UlhTJRc.exe
  C:\Windows\System\UlhTJRc.exe
  2⤵
  PID:5800
- C:\Windows\System\ZKefyvb.exe
  C:\Windows\System\ZKefyvb.exe
  2⤵
  PID:6100
- C:\Windows\System\LnokEfh.exe
  C:\Windows\System\LnokEfh.exe
  2⤵
  PID:5964
- C:\Windows\System\WMokTRy.exe
  C:\Windows\System\WMokTRy.exe
  2⤵
  PID:6040
- C:\Windows\System\QnFGBqh.exe
  C:\Windows\System\QnFGBqh.exe
  2⤵
  PID:4300
- C:\Windows\System\gAIszuk.exe
  C:\Windows\System\gAIszuk.exe
  2⤵
  PID:4332
- C:\Windows\System\VJgNUEe.exe
  C:\Windows\System\VJgNUEe.exe
  2⤵
  PID:6140
- C:\Windows\System\tWkPmMO.exe
  C:\Windows\System\tWkPmMO.exe
  2⤵
  PID:5216
- C:\Windows\System\JygQyjU.exe
  C:\Windows\System\JygQyjU.exe
  2⤵
  PID:6148
- C:\Windows\System\NDqSfcY.exe
  C:\Windows\System\NDqSfcY.exe
  2⤵
  PID:6168
- C:\Windows\System\Gobimwm.exe
  C:\Windows\System\Gobimwm.exe
  2⤵
  PID:6188
- C:\Windows\System\VAoLHpV.exe
  C:\Windows\System\VAoLHpV.exe
  2⤵
  PID:6204
- C:\Windows\System\rrLuVdI.exe
  C:\Windows\System\rrLuVdI.exe
  2⤵
  PID:6228
- C:\Windows\System\vVHLNJF.exe
  C:\Windows\System\vVHLNJF.exe
  2⤵
  PID:6248
- C:\Windows\System\GlYyrDd.exe
  C:\Windows\System\GlYyrDd.exe
  2⤵
  PID:6268
- C:\Windows\System\IXuqRsf.exe
  C:\Windows\System\IXuqRsf.exe
  2⤵
  PID:6288
- C:\Windows\System\KchpnBL.exe
  C:\Windows\System\KchpnBL.exe
  2⤵
  PID:6308
- C:\Windows\System\slpxHml.exe
  C:\Windows\System\slpxHml.exe
  2⤵
  PID:6328
- C:\Windows\System\iCoLDnu.exe
  C:\Windows\System\iCoLDnu.exe
  2⤵
  PID:6348
- C:\Windows\System\kPHgksU.exe
  C:\Windows\System\kPHgksU.exe
  2⤵
  PID:6368
- C:\Windows\System\AgdRZWt.exe
  C:\Windows\System\AgdRZWt.exe
  2⤵
  PID:6388
- C:\Windows\System\blVsolr.exe
  C:\Windows\System\blVsolr.exe
  2⤵
  PID:6408
- C:\Windows\System\sXoZYKe.exe
  C:\Windows\System\sXoZYKe.exe
  2⤵
  PID:6428
- C:\Windows\System\aFlORdh.exe
  C:\Windows\System\aFlORdh.exe
  2⤵
  PID:6448
- C:\Windows\System\StPSJBl.exe
  C:\Windows\System\StPSJBl.exe
  2⤵
  PID:6468
- C:\Windows\System\ogfHbEN.exe
  C:\Windows\System\ogfHbEN.exe
  2⤵
  PID:6488
- C:\Windows\System\cZAHget.exe
  C:\Windows\System\cZAHget.exe
  2⤵
  PID:6508
- C:\Windows\System\bOSXBvS.exe
  C:\Windows\System\bOSXBvS.exe
  2⤵
  PID:6528
- C:\Windows\System\KkfqlKT.exe
  C:\Windows\System\KkfqlKT.exe
  2⤵
  PID:6548
- C:\Windows\System\sJvVFdi.exe
  C:\Windows\System\sJvVFdi.exe
  2⤵
  PID:6568
- C:\Windows\System\gMSRCpW.exe
  C:\Windows\System\gMSRCpW.exe
  2⤵
  PID:6588
- C:\Windows\System\vHMnqCO.exe
  C:\Windows\System\vHMnqCO.exe
  2⤵
  PID:6612
- C:\Windows\System\MpqLIge.exe
  C:\Windows\System\MpqLIge.exe
  2⤵
  PID:6632
- C:\Windows\System\FjGfGxk.exe
  C:\Windows\System\FjGfGxk.exe
  2⤵
  PID:6652
- C:\Windows\System\HUosLtC.exe
  C:\Windows\System\HUosLtC.exe
  2⤵
  PID:6672
- C:\Windows\System\PSYFRsO.exe
  C:\Windows\System\PSYFRsO.exe
  2⤵
  PID:6692
- C:\Windows\System\uJZCdsF.exe
  C:\Windows\System\uJZCdsF.exe
  2⤵
  PID:6712
- C:\Windows\System\YjEmAvf.exe
  C:\Windows\System\YjEmAvf.exe
  2⤵
  PID:6732
- C:\Windows\System\KoFutEN.exe
  C:\Windows\System\KoFutEN.exe
  2⤵
  PID:6752
- C:\Windows\System\fuNoImS.exe
  C:\Windows\System\fuNoImS.exe
  2⤵
  PID:6772
- C:\Windows\System\IFgssgH.exe
  C:\Windows\System\IFgssgH.exe
  2⤵
  PID:6792
- C:\Windows\System\zQeXLQl.exe
  C:\Windows\System\zQeXLQl.exe
  2⤵
  PID:6812
- C:\Windows\System\SReVEuH.exe
  C:\Windows\System\SReVEuH.exe
  2⤵
  PID:6832
- C:\Windows\System\mAehNmI.exe
  C:\Windows\System\mAehNmI.exe
  2⤵
  PID:6852
- C:\Windows\System\zOfmVNL.exe
  C:\Windows\System\zOfmVNL.exe
  2⤵
  PID:6872
- C:\Windows\System\lXlZPBD.exe
  C:\Windows\System\lXlZPBD.exe
  2⤵
  PID:6892
- C:\Windows\System\dflRTPP.exe
  C:\Windows\System\dflRTPP.exe
  2⤵
  PID:6912
- C:\Windows\System\whNRWmg.exe
  C:\Windows\System\whNRWmg.exe
  2⤵
  PID:6932
- C:\Windows\System\zymPbtY.exe
  C:\Windows\System\zymPbtY.exe
  2⤵
  PID:6952
- C:\Windows\System\rPCwLoO.exe
  C:\Windows\System\rPCwLoO.exe
  2⤵
  PID:6972
- C:\Windows\System\UJemEHy.exe
  C:\Windows\System\UJemEHy.exe
  2⤵
  PID:6992
- C:\Windows\System\AZheNrM.exe
  C:\Windows\System\AZheNrM.exe
  2⤵
  PID:7012
- C:\Windows\System\zWiTVSV.exe
  C:\Windows\System\zWiTVSV.exe
  2⤵
  PID:7032
- C:\Windows\System\uwHzPSK.exe
  C:\Windows\System\uwHzPSK.exe
  2⤵
  PID:7052
- C:\Windows\System\TCRpARk.exe
  C:\Windows\System\TCRpARk.exe
  2⤵
  PID:7072
- C:\Windows\System\ZDoMQjG.exe
  C:\Windows\System\ZDoMQjG.exe
  2⤵
  PID:7092
- C:\Windows\System\KLoishz.exe
  C:\Windows\System\KLoishz.exe
  2⤵
  PID:7112
- C:\Windows\System\pSflGwA.exe
  C:\Windows\System\pSflGwA.exe
  2⤵
  PID:7132
- C:\Windows\System\JtjvzSE.exe
  C:\Windows\System\JtjvzSE.exe
  2⤵
  PID:7152
- C:\Windows\System\MaTqzHr.exe
  C:\Windows\System\MaTqzHr.exe
  2⤵
  PID:4264
- C:\Windows\System\AmmULVc.exe
  C:\Windows\System\AmmULVc.exe
  2⤵
  PID:4804
- C:\Windows\System\hhsTXjd.exe
  C:\Windows\System\hhsTXjd.exe
  2⤵
  PID:5296
- C:\Windows\System\qUTiOzP.exe
  C:\Windows\System\qUTiOzP.exe
  2⤵
  PID:5448
- C:\Windows\System\fEZhcun.exe
  C:\Windows\System\fEZhcun.exe
  2⤵
  PID:4924
- C:\Windows\System\ISSWYzB.exe
  C:\Windows\System\ISSWYzB.exe
  2⤵
  PID:5368
- C:\Windows\System\pvhXukp.exe
  C:\Windows\System\pvhXukp.exe
  2⤵
  PID:5384
- C:\Windows\System\wOUjLjP.exe
  C:\Windows\System\wOUjLjP.exe
  2⤵
  PID:5692
- C:\Windows\System\lYHrsKu.exe
  C:\Windows\System\lYHrsKu.exe
  2⤵
  PID:5748
- C:\Windows\System\jYaJsic.exe
  C:\Windows\System\jYaJsic.exe
  2⤵
  PID:5900
- C:\Windows\System\Djmgjun.exe
  C:\Windows\System\Djmgjun.exe
  2⤵
  PID:5864
- C:\Windows\System\hIfmMjm.exe
  C:\Windows\System\hIfmMjm.exe
  2⤵
  PID:4404
- C:\Windows\System\WIeRada.exe
  C:\Windows\System\WIeRada.exe
  2⤵
  PID:6004
- C:\Windows\System\Twofehi.exe
  C:\Windows\System\Twofehi.exe
  2⤵
  PID:5968
- C:\Windows\System\HZPbRJu.exe
  C:\Windows\System\HZPbRJu.exe
  2⤵
  PID:3948
- C:\Windows\System\gBmRhhl.exe
  C:\Windows\System\gBmRhhl.exe
  2⤵
  PID:4824
- C:\Windows\System\ibWkuZW.exe
  C:\Windows\System\ibWkuZW.exe
  2⤵
  PID:6156
- C:\Windows\System\mGMRMRY.exe
  C:\Windows\System\mGMRMRY.exe
  2⤵
  PID:6180
- C:\Windows\System\awyhRbM.exe
  C:\Windows\System\awyhRbM.exe
  2⤵
  PID:2896
- C:\Windows\System\HjAckIM.exe
  C:\Windows\System\HjAckIM.exe
  2⤵
  PID:6244
- C:\Windows\System\gZSYonM.exe
  C:\Windows\System\gZSYonM.exe
  2⤵
  PID:6276
- C:\Windows\System\yWxHLPE.exe
  C:\Windows\System\yWxHLPE.exe
  2⤵
  PID:6316
- C:\Windows\System\FKZatmt.exe
  C:\Windows\System\FKZatmt.exe
  2⤵
  PID:6344
- C:\Windows\System\tDhKkQB.exe
  C:\Windows\System\tDhKkQB.exe
  2⤵
  PID:6376
- C:\Windows\System\uSZtBjO.exe
  C:\Windows\System\uSZtBjO.exe
  2⤵
  PID:6404
- C:\Windows\System\uzwLyhC.exe
  C:\Windows\System\uzwLyhC.exe
  2⤵
  PID:2688
- C:\Windows\System\NvhhvaU.exe
  C:\Windows\System\NvhhvaU.exe
  2⤵
  PID:6464
- C:\Windows\System\zAijFVC.exe
  C:\Windows\System\zAijFVC.exe
  2⤵
  PID:6504
- C:\Windows\System\KOVMxGh.exe
  C:\Windows\System\KOVMxGh.exe
  2⤵
  PID:6520
- C:\Windows\System\zCiCNxC.exe
  C:\Windows\System\zCiCNxC.exe
  2⤵
  PID:6564
- C:\Windows\System\xbuoodB.exe
  C:\Windows\System\xbuoodB.exe
  2⤵
  PID:6596
- C:\Windows\System\BBRQjta.exe
  C:\Windows\System\BBRQjta.exe
  2⤵
  PID:6628
- C:\Windows\System\untljbw.exe
  C:\Windows\System\untljbw.exe
  2⤵
  PID:6648
- C:\Windows\System\aakKeRh.exe
  C:\Windows\System\aakKeRh.exe
  2⤵
  PID:6680
- C:\Windows\System\XDuhaCA.exe
  C:\Windows\System\XDuhaCA.exe
  2⤵
  PID:6704
- C:\Windows\System\BRRYDnB.exe
  C:\Windows\System\BRRYDnB.exe
  2⤵
  PID:6748
- C:\Windows\System\AJKEkYB.exe
  C:\Windows\System\AJKEkYB.exe
  2⤵
  PID:6760
- C:\Windows\System\mBvRRCd.exe
  C:\Windows\System\mBvRRCd.exe
  2⤵
  PID:6764
- C:\Windows\System\legITRi.exe
  C:\Windows\System\legITRi.exe
  2⤵
  PID:6820
- C:\Windows\System\TWtJccZ.exe
  C:\Windows\System\TWtJccZ.exe
  2⤵
  PID:6860
- C:\Windows\System\OaFdnLJ.exe
  C:\Windows\System\OaFdnLJ.exe
  2⤵
  PID:6888
- C:\Windows\System\MOTVvsL.exe
  C:\Windows\System\MOTVvsL.exe
  2⤵
  PID:2724
- C:\Windows\System\jaIOZNt.exe
  C:\Windows\System\jaIOZNt.exe
  2⤵
  PID:6920
- C:\Windows\System\zFfCjxC.exe
  C:\Windows\System\zFfCjxC.exe
  2⤵
  PID:6968
- C:\Windows\System\MCLMupz.exe
  C:\Windows\System\MCLMupz.exe
  2⤵
  PID:6984
- C:\Windows\System\ifrslsR.exe
  C:\Windows\System\ifrslsR.exe
  2⤵
  PID:7024
- C:\Windows\System\MmhhFuB.exe
  C:\Windows\System\MmhhFuB.exe
  2⤵
  PID:7048
- C:\Windows\System\kHLeoBc.exe
  C:\Windows\System\kHLeoBc.exe
  2⤵
  PID:7100
- C:\Windows\System\YVUxHNm.exe
  C:\Windows\System\YVUxHNm.exe
  2⤵
  PID:7140
- C:\Windows\System\DnyGpQs.exe
  C:\Windows\System\DnyGpQs.exe
  2⤵
  PID:4296
- C:\Windows\System\mARGnPQ.exe
  C:\Windows\System\mARGnPQ.exe
  2⤵
  PID:1052
- C:\Windows\System\UxNHsBg.exe
  C:\Windows\System\UxNHsBg.exe
  2⤵
  PID:5240
- C:\Windows\System\bezklxI.exe
  C:\Windows\System\bezklxI.exe
  2⤵
  PID:5488
- C:\Windows\System\lmvxJyO.exe
  C:\Windows\System\lmvxJyO.exe
  2⤵
  PID:5416
- C:\Windows\System\RhNUebC.exe
  C:\Windows\System\RhNUebC.exe
  2⤵
  PID:5652
- C:\Windows\System\thjIrXe.exe
  C:\Windows\System\thjIrXe.exe
  2⤵
  PID:5840
- C:\Windows\System\FJtkrjZ.exe
  C:\Windows\System\FJtkrjZ.exe
  2⤵
  PID:5868
- C:\Windows\System\vPfmWxF.exe
  C:\Windows\System\vPfmWxF.exe
  2⤵
  PID:4120
- C:\Windows\System\wmGVQxD.exe
  C:\Windows\System\wmGVQxD.exe
  2⤵
  PID:2308
- C:\Windows\System\jhWNeTY.exe
  C:\Windows\System\jhWNeTY.exe
  2⤵
  PID:6160
- C:\Windows\System\ixUsJLO.exe
  C:\Windows\System\ixUsJLO.exe
  2⤵
  PID:4776
- C:\Windows\System\mMBPQqD.exe
  C:\Windows\System\mMBPQqD.exe
  2⤵
  PID:6220
- C:\Windows\System\ElLaLuH.exe
  C:\Windows\System\ElLaLuH.exe
  2⤵
  PID:6300
- C:\Windows\System\SJmcbWs.exe
  C:\Windows\System\SJmcbWs.exe
  2⤵
  PID:2892
- C:\Windows\System\YVDrwDC.exe
  C:\Windows\System\YVDrwDC.exe
  2⤵
  PID:6420
- C:\Windows\System\NKKSBOu.exe
  C:\Windows\System\NKKSBOu.exe
  2⤵
  PID:6380
- C:\Windows\System\WizDqEN.exe
  C:\Windows\System\WizDqEN.exe
  2⤵
  PID:6444
- C:\Windows\System\qNjMziV.exe
  C:\Windows\System\qNjMziV.exe
  2⤵
  PID:6556
- C:\Windows\System\siVuSFV.exe
  C:\Windows\System\siVuSFV.exe
  2⤵
  PID:6620
- C:\Windows\System\xVIYopl.exe
  C:\Windows\System\xVIYopl.exe
  2⤵
  PID:2680
- C:\Windows\System\OfPjVnY.exe
  C:\Windows\System\OfPjVnY.exe
  2⤵
  PID:6740
- C:\Windows\System\ObZHref.exe
  C:\Windows\System\ObZHref.exe
  2⤵
  PID:6780
- C:\Windows\System\HlbJTWn.exe
  C:\Windows\System\HlbJTWn.exe
  2⤵
  PID:6840
- C:\Windows\System\gxOlaGc.exe
  C:\Windows\System\gxOlaGc.exe
  2⤵
  PID:6784
- C:\Windows\System\CXUxJMl.exe
  C:\Windows\System\CXUxJMl.exe
  2⤵
  PID:6864
- C:\Windows\System\nnZUkfH.exe
  C:\Windows\System\nnZUkfH.exe
  2⤵
  PID:6948
- C:\Windows\System\oafgqbL.exe
  C:\Windows\System\oafgqbL.exe
  2⤵
  PID:7008
- C:\Windows\System\RadgUSf.exe
  C:\Windows\System\RadgUSf.exe
  2⤵
  PID:7020
- C:\Windows\System\fOndvAm.exe
  C:\Windows\System\fOndvAm.exe
  2⤵
  PID:7064
- C:\Windows\System\azprOxx.exe
  C:\Windows\System\azprOxx.exe
  2⤵
  PID:7144
- C:\Windows\System\aWlMDbx.exe
  C:\Windows\System\aWlMDbx.exe
  2⤵
  PID:7124
- C:\Windows\System\SRDXCHa.exe
  C:\Windows\System\SRDXCHa.exe
  2⤵
  PID:7164
- C:\Windows\System\NrONcxG.exe
  C:\Windows\System\NrONcxG.exe
  2⤵
  PID:5372
- C:\Windows\System\dUqJwKX.exe
  C:\Windows\System\dUqJwKX.exe
  2⤵
  PID:5504
- C:\Windows\System\hKKjnYe.exe
  C:\Windows\System\hKKjnYe.exe
  2⤵
  PID:5888
- C:\Windows\System\jlOncfn.exe
  C:\Windows\System\jlOncfn.exe
  2⤵
  PID:6064
- C:\Windows\System\QOfIOzR.exe
  C:\Windows\System\QOfIOzR.exe
  2⤵
  PID:4176
- C:\Windows\System\wOQTuIf.exe
  C:\Windows\System\wOQTuIf.exe
  2⤵
  PID:2440
- C:\Windows\System\byuMrxK.exe
  C:\Windows\System\byuMrxK.exe
  2⤵
  PID:6296
- C:\Windows\System\KQqusIk.exe
  C:\Windows\System\KQqusIk.exe
  2⤵
  PID:6384
- C:\Windows\System\XOVsRHd.exe
  C:\Windows\System\XOVsRHd.exe
  2⤵
  PID:6524
- C:\Windows\System\MsKUgOm.exe
  C:\Windows\System\MsKUgOm.exe
  2⤵
  PID:2524
- C:\Windows\System\UJFjEEh.exe
  C:\Windows\System\UJFjEEh.exe
  2⤵
  PID:2676
- C:\Windows\System\DdNdCga.exe
  C:\Windows\System\DdNdCga.exe
  2⤵
  PID:6708
- C:\Windows\System\zEvgBfj.exe
  C:\Windows\System\zEvgBfj.exe
  2⤵
  PID:6728
- C:\Windows\System\iavTfXZ.exe
  C:\Windows\System\iavTfXZ.exe
  2⤵
  PID:6884
- C:\Windows\System\UxBRaSh.exe
  C:\Windows\System\UxBRaSh.exe
  2⤵
  PID:6924
- C:\Windows\System\wokfaIP.exe
  C:\Windows\System\wokfaIP.exe
  2⤵
  PID:2496
- C:\Windows\System\GrJwUGS.exe
  C:\Windows\System\GrJwUGS.exe
  2⤵
  PID:7104
- C:\Windows\System\IBXjtKx.exe
  C:\Windows\System\IBXjtKx.exe
  2⤵
  PID:2464
- C:\Windows\System\UXvqust.exe
  C:\Windows\System\UXvqust.exe
  2⤵
  PID:5352
- C:\Windows\System\MeuqZQm.exe
  C:\Windows\System\MeuqZQm.exe
  2⤵
  PID:7192
- C:\Windows\System\PLpWIGt.exe
  C:\Windows\System\PLpWIGt.exe
  2⤵
  PID:7212
- C:\Windows\System\WBiZHPi.exe
  C:\Windows\System\WBiZHPi.exe
  2⤵
  PID:7236
- C:\Windows\System\woDbPQi.exe
  C:\Windows\System\woDbPQi.exe
  2⤵
  PID:7256
- C:\Windows\System\UCkhBRZ.exe
  C:\Windows\System\UCkhBRZ.exe
  2⤵
  PID:7276
- C:\Windows\System\CvJBclS.exe
  C:\Windows\System\CvJBclS.exe
  2⤵
  PID:7296
- C:\Windows\System\BtgyMoX.exe
  C:\Windows\System\BtgyMoX.exe
  2⤵
  PID:7316
- C:\Windows\System\XmfQHmk.exe
  C:\Windows\System\XmfQHmk.exe
  2⤵
  PID:7336
- C:\Windows\System\XCCGErl.exe
  C:\Windows\System\XCCGErl.exe
  2⤵
  PID:7356
- C:\Windows\System\XGueXBD.exe
  C:\Windows\System\XGueXBD.exe
  2⤵
  PID:7372
- C:\Windows\System\ypkgmSE.exe
  C:\Windows\System\ypkgmSE.exe
  2⤵
  PID:7396
- C:\Windows\System\eXsMTXD.exe
  C:\Windows\System\eXsMTXD.exe
  2⤵
  PID:7420
- C:\Windows\System\wTxbtwi.exe
  C:\Windows\System\wTxbtwi.exe
  2⤵
  PID:7440
- C:\Windows\System\zqilMkf.exe
  C:\Windows\System\zqilMkf.exe
  2⤵
  PID:7460
- C:\Windows\System\ByZUwLy.exe
  C:\Windows\System\ByZUwLy.exe
  2⤵
  PID:7484
- C:\Windows\System\jfPOkik.exe
  C:\Windows\System\jfPOkik.exe
  2⤵
  PID:7504
- C:\Windows\System\XnAAdiv.exe
  C:\Windows\System\XnAAdiv.exe
  2⤵
  PID:7524
- C:\Windows\System\xTajZmi.exe
  C:\Windows\System\xTajZmi.exe
  2⤵
  PID:7544
- C:\Windows\System\GaiYBCy.exe
  C:\Windows\System\GaiYBCy.exe
  2⤵
  PID:7564
- C:\Windows\System\XStoWnV.exe
  C:\Windows\System\XStoWnV.exe
  2⤵
  PID:7584
- C:\Windows\System\RMesnap.exe
  C:\Windows\System\RMesnap.exe
  2⤵
  PID:7604
- C:\Windows\System\amIVKfu.exe
  C:\Windows\System\amIVKfu.exe
  2⤵
  PID:7620
- C:\Windows\System\FOChXeJ.exe
  C:\Windows\System\FOChXeJ.exe
  2⤵
  PID:7644
- C:\Windows\System\QaXEfMO.exe
  C:\Windows\System\QaXEfMO.exe
  2⤵
  PID:7664
- C:\Windows\System\SjKPnbW.exe
  C:\Windows\System\SjKPnbW.exe
  2⤵
  PID:7684
- C:\Windows\System\uySqkoa.exe
  C:\Windows\System\uySqkoa.exe
  2⤵
  PID:7704
- C:\Windows\System\iLSxkOL.exe
  C:\Windows\System\iLSxkOL.exe
  2⤵
  PID:7720
- C:\Windows\System\cGwWxip.exe
  C:\Windows\System\cGwWxip.exe
  2⤵
  PID:7744
- C:\Windows\System\HlNxvMl.exe
  C:\Windows\System\HlNxvMl.exe
  2⤵
  PID:7764
- C:\Windows\System\blLkIgX.exe
  C:\Windows\System\blLkIgX.exe
  2⤵
  PID:7784
- C:\Windows\System\bwmrwBn.exe
  C:\Windows\System\bwmrwBn.exe
  2⤵
  PID:7804
- C:\Windows\System\WYPUfVL.exe
  C:\Windows\System\WYPUfVL.exe
  2⤵
  PID:7820
- C:\Windows\System\RobsGWU.exe
  C:\Windows\System\RobsGWU.exe
  2⤵
  PID:7844
- C:\Windows\System\ZaPHomr.exe
  C:\Windows\System\ZaPHomr.exe
  2⤵
  PID:7864
- C:\Windows\System\Okzmxka.exe
  C:\Windows\System\Okzmxka.exe
  2⤵
  PID:7884
- C:\Windows\System\NXbMTNM.exe
  C:\Windows\System\NXbMTNM.exe
  2⤵
  PID:7904
- C:\Windows\System\boFZAwl.exe
  C:\Windows\System\boFZAwl.exe
  2⤵
  PID:7924
- C:\Windows\System\wlfdVbB.exe
  C:\Windows\System\wlfdVbB.exe
  2⤵
  PID:7944
- C:\Windows\System\CUdysgJ.exe
  C:\Windows\System\CUdysgJ.exe
  2⤵
  PID:7960
- C:\Windows\System\grumZaR.exe
  C:\Windows\System\grumZaR.exe
  2⤵
  PID:7980
- C:\Windows\System\CDGjgPa.exe
  C:\Windows\System\CDGjgPa.exe
  2⤵
  PID:8004
- C:\Windows\System\MmpKprx.exe
  C:\Windows\System\MmpKprx.exe
  2⤵
  PID:8024
- C:\Windows\System\MipWpsx.exe
  C:\Windows\System\MipWpsx.exe
  2⤵
  PID:8044
- C:\Windows\System\SDZdCMH.exe
  C:\Windows\System\SDZdCMH.exe
  2⤵
  PID:8060
- C:\Windows\System\MqMSzRk.exe
  C:\Windows\System\MqMSzRk.exe
  2⤵
  PID:8084
- C:\Windows\System\scjHPqC.exe
  C:\Windows\System\scjHPqC.exe
  2⤵
  PID:8104
- C:\Windows\System\UxevMND.exe
  C:\Windows\System\UxevMND.exe
  2⤵
  PID:8124
- C:\Windows\System\wywSNRA.exe
  C:\Windows\System\wywSNRA.exe
  2⤵
  PID:8144
- C:\Windows\System\bVQGKHN.exe
  C:\Windows\System\bVQGKHN.exe
  2⤵
  PID:8164
- C:\Windows\System\sVcSrFV.exe
  C:\Windows\System\sVcSrFV.exe
  2⤵
  PID:8188
- C:\Windows\System\zdWSnPn.exe
  C:\Windows\System\zdWSnPn.exe
  2⤵
  PID:3004
- C:\Windows\System\AEBtrWt.exe
  C:\Windows\System\AEBtrWt.exe
  2⤵
  PID:6216
- C:\Windows\System\DImdAlf.exe
  C:\Windows\System\DImdAlf.exe
  2⤵
  PID:6336
- C:\Windows\System\kvjlbrg.exe
  C:\Windows\System\kvjlbrg.exe
  2⤵
  PID:6476
- C:\Windows\System\nExXUzf.exe
  C:\Windows\System\nExXUzf.exe
  2⤵
  PID:6516
- C:\Windows\System\HAfFcPZ.exe
  C:\Windows\System\HAfFcPZ.exe
  2⤵
  PID:6604
- C:\Windows\System\bIwelnc.exe
  C:\Windows\System\bIwelnc.exe
  2⤵
  PID:6808
- C:\Windows\System\vNPZCSB.exe
  C:\Windows\System\vNPZCSB.exe
  2⤵
  PID:7088
- C:\Windows\System\nVhchUb.exe
  C:\Windows\System\nVhchUb.exe
  2⤵
  PID:7028
- C:\Windows\System\iUSvrNF.exe
  C:\Windows\System\iUSvrNF.exe
  2⤵
  PID:2664
- C:\Windows\System\rVuHddq.exe
  C:\Windows\System\rVuHddq.exe
  2⤵
  PID:5656
- C:\Windows\System\YkxldyS.exe
  C:\Windows\System\YkxldyS.exe
  2⤵
  PID:7220
- C:\Windows\System\gwTFaHl.exe
  C:\Windows\System\gwTFaHl.exe
  2⤵
  PID:7248
- C:\Windows\System\xoPwrtq.exe
  C:\Windows\System\xoPwrtq.exe
  2⤵
  PID:7312
- C:\Windows\System\GwANeAe.exe
  C:\Windows\System\GwANeAe.exe
  2⤵
  PID:2128
- C:\Windows\System\TExcxgd.exe
  C:\Windows\System\TExcxgd.exe
  2⤵
  PID:7328
- C:\Windows\System\okAOodW.exe
  C:\Windows\System\okAOodW.exe
  2⤵
  PID:7388
- C:\Windows\System\WSWjMlF.exe
  C:\Windows\System\WSWjMlF.exe
  2⤵
  PID:7416
- C:\Windows\System\ptERLjs.exe
  C:\Windows\System\ptERLjs.exe
  2⤵
  PID:7468
- C:\Windows\System\EtGWcth.exe
  C:\Windows\System\EtGWcth.exe
  2⤵
  PID:7512
- C:\Windows\System\dYgKKAN.exe
  C:\Windows\System\dYgKKAN.exe
  2⤵
  PID:7516
- C:\Windows\System\UwFJAni.exe
  C:\Windows\System\UwFJAni.exe
  2⤵
  PID:7540
- C:\Windows\System\wPKPwmE.exe
  C:\Windows\System\wPKPwmE.exe
  2⤵
  PID:7600
- C:\Windows\System\XGtokNR.exe
  C:\Windows\System\XGtokNR.exe
  2⤵
  PID:7640
- C:\Windows\System\btfhynX.exe
  C:\Windows\System\btfhynX.exe
  2⤵
  PID:7652
- C:\Windows\System\AzYgwQu.exe
  C:\Windows\System\AzYgwQu.exe
  2⤵
  PID:7712
- C:\Windows\System\PKmwQxI.exe
  C:\Windows\System\PKmwQxI.exe
  2⤵
  PID:7732
- C:\Windows\System\nVvmXFg.exe
  C:\Windows\System\nVvmXFg.exe
  2⤵
  PID:7756
- C:\Windows\System\jCqCgfQ.exe
  C:\Windows\System\jCqCgfQ.exe
  2⤵
  PID:7776
- C:\Windows\System\YfypOso.exe
  C:\Windows\System\YfypOso.exe
  2⤵
  PID:7840
- C:\Windows\System\BSuhrKC.exe
  C:\Windows\System\BSuhrKC.exe
  2⤵
  PID:7852
- C:\Windows\System\KIDbgTv.exe
  C:\Windows\System\KIDbgTv.exe
  2⤵
  PID:7912
- C:\Windows\System\nAVGQRb.exe
  C:\Windows\System\nAVGQRb.exe
  2⤵
  PID:7896
- C:\Windows\System\XMmWeFn.exe
  C:\Windows\System\XMmWeFn.exe
  2⤵
  PID:7940
- C:\Windows\System\xUvrILa.exe
  C:\Windows\System\xUvrILa.exe
  2⤵
  PID:7972
- C:\Windows\System\DXYjFVR.exe
  C:\Windows\System\DXYjFVR.exe
  2⤵
  PID:8040
- C:\Windows\System\NHslROa.exe
  C:\Windows\System\NHslROa.exe
  2⤵
  PID:8052
- C:\Windows\System\ArIxjev.exe
  C:\Windows\System\ArIxjev.exe
  2⤵
  PID:8092
- C:\Windows\System\iTUVCvb.exe
  C:\Windows\System\iTUVCvb.exe
  2⤵
  PID:8116
- C:\Windows\System\waTvQHq.exe
  C:\Windows\System\waTvQHq.exe
  2⤵
  PID:8136
- C:\Windows\System\bivbvto.exe
  C:\Windows\System\bivbvto.exe
  2⤵
  PID:2920
- C:\Windows\System\UYNvJry.exe
  C:\Windows\System\UYNvJry.exe
  2⤵
  PID:5804
- C:\Windows\System\EgXvIfE.exe
  C:\Windows\System\EgXvIfE.exe
  2⤵
  PID:6544
- C:\Windows\System\rkrQnrx.exe
  C:\Windows\System\rkrQnrx.exe
  2⤵
  PID:6768
- C:\Windows\System\qLQahKd.exe
  C:\Windows\System\qLQahKd.exe
  2⤵
  PID:6608
- C:\Windows\System\SsAukqC.exe
  C:\Windows\System\SsAukqC.exe
  2⤵
  PID:2560
- C:\Windows\System\IZueCOl.exe
  C:\Windows\System\IZueCOl.exe
  2⤵
  PID:7060
- C:\Windows\System\WhyvrXf.exe
  C:\Windows\System\WhyvrXf.exe
  2⤵
  PID:7264
- C:\Windows\System\nKNaoxz.exe
  C:\Windows\System\nKNaoxz.exe
  2⤵
  PID:7304
- C:\Windows\System\zOIhdED.exe
  C:\Windows\System\zOIhdED.exe
  2⤵
  PID:7344
- C:\Windows\System\XbSpyTa.exe
  C:\Windows\System\XbSpyTa.exe
  2⤵
  PID:7352
- C:\Windows\System\yDmLKUo.exe
  C:\Windows\System\yDmLKUo.exe
  2⤵
  PID:7500
- C:\Windows\System\vxJtbDc.exe
  C:\Windows\System\vxJtbDc.exe
  2⤵
  PID:7452
- C:\Windows\System\NoItkmv.exe
  C:\Windows\System\NoItkmv.exe
  2⤵
  PID:7572
- C:\Windows\System\XYYllvR.exe
  C:\Windows\System\XYYllvR.exe
  2⤵
  PID:7672
- C:\Windows\System\zpSwOQe.exe
  C:\Windows\System\zpSwOQe.exe
  2⤵
  PID:7636
- C:\Windows\System\NqtYtjf.exe
  C:\Windows\System\NqtYtjf.exe
  2⤵
  PID:7676
- C:\Windows\System\FlhNVBg.exe
  C:\Windows\System\FlhNVBg.exe
  2⤵
  PID:7780
- C:\Windows\System\EKsEIpS.exe
  C:\Windows\System\EKsEIpS.exe
  2⤵
  PID:7832
- C:\Windows\System\CCsXBCx.exe
  C:\Windows\System\CCsXBCx.exe
  2⤵
  PID:7916
- C:\Windows\System\uUZRoFU.exe
  C:\Windows\System\uUZRoFU.exe
  2⤵
  PID:7988
- C:\Windows\System\odcFbXT.exe
  C:\Windows\System\odcFbXT.exe
  2⤵
  PID:8000
- C:\Windows\System\WaSeKiK.exe
  C:\Windows\System\WaSeKiK.exe
  2⤵
  PID:8068
- C:\Windows\System\WTvUPgj.exe
  C:\Windows\System\WTvUPgj.exe
  2⤵
  PID:8120
- C:\Windows\System\ZmqjUBq.exe
  C:\Windows\System\ZmqjUBq.exe
  2⤵
  PID:8180
- C:\Windows\System\FGUAkSf.exe
  C:\Windows\System\FGUAkSf.exe
  2⤵
  PID:112
- C:\Windows\System\xspANLW.exe
  C:\Windows\System\xspANLW.exe
  2⤵
  PID:6236
- C:\Windows\System\hcYsYit.exe
  C:\Windows\System\hcYsYit.exe
  2⤵
  PID:6848
- C:\Windows\System\nmvdnCF.exe
  C:\Windows\System\nmvdnCF.exe
  2⤵
  PID:7128
- C:\Windows\System\oWjkqXT.exe
  C:\Windows\System\oWjkqXT.exe
  2⤵
  PID:7208
- C:\Windows\System\zYQRSYh.exe
  C:\Windows\System\zYQRSYh.exe
  2⤵
  PID:7348
- C:\Windows\System\VlSluCH.exe
  C:\Windows\System\VlSluCH.exe
  2⤵
  PID:2320
- C:\Windows\System\uIUERAw.exe
  C:\Windows\System\uIUERAw.exe
  2⤵
  PID:7404
- C:\Windows\System\PFUHRCH.exe
  C:\Windows\System\PFUHRCH.exe
  2⤵
  PID:7628
- C:\Windows\System\YyLIwXC.exe
  C:\Windows\System\YyLIwXC.exe
  2⤵
  PID:7656
- C:\Windows\System\DedbjUs.exe
  C:\Windows\System\DedbjUs.exe
  2⤵
  PID:7740
- C:\Windows\System\iCyUXMm.exe
  C:\Windows\System\iCyUXMm.exe
  2⤵
  PID:2492
- C:\Windows\System\EUpOkqz.exe
  C:\Windows\System\EUpOkqz.exe
  2⤵
  PID:7860
- C:\Windows\System\rbMSsQk.exe
  C:\Windows\System\rbMSsQk.exe
  2⤵
  PID:7956
- C:\Windows\System\VkLGaTB.exe
  C:\Windows\System\VkLGaTB.exe
  2⤵
  PID:8112
- C:\Windows\System\iJzymqF.exe
  C:\Windows\System\iJzymqF.exe
  2⤵
  PID:6072
- C:\Windows\System\wWhWfNI.exe
  C:\Windows\System\wWhWfNI.exe
  2⤵
  PID:4384
- C:\Windows\System\EvbpNfX.exe
  C:\Windows\System\EvbpNfX.exe
  2⤵
  PID:6844
- C:\Windows\System\WEYcWkA.exe
  C:\Windows\System\WEYcWkA.exe
  2⤵
  PID:2328
- C:\Windows\System\PbfynRo.exe
  C:\Windows\System\PbfynRo.exe
  2⤵
  PID:7224
- C:\Windows\System\iKXmAqk.exe
  C:\Windows\System\iKXmAqk.exe
  2⤵
  PID:8212
- C:\Windows\System\JdqBazZ.exe
  C:\Windows\System\JdqBazZ.exe
  2⤵
  PID:8232
- C:\Windows\System\dNzqRmk.exe
  C:\Windows\System\dNzqRmk.exe
  2⤵
  PID:8252
- C:\Windows\System\wKakHrM.exe
  C:\Windows\System\wKakHrM.exe
  2⤵
  PID:8272
- C:\Windows\System\FDNbjII.exe
  C:\Windows\System\FDNbjII.exe
  2⤵
  PID:8292
- C:\Windows\System\YwNQzcz.exe
  C:\Windows\System\YwNQzcz.exe
  2⤵
  PID:8308
- C:\Windows\System\fJYungd.exe
  C:\Windows\System\fJYungd.exe
  2⤵
  PID:8324
- C:\Windows\System\IZLEksb.exe
  C:\Windows\System\IZLEksb.exe
  2⤵
  PID:8340
- C:\Windows\System\ftQUsDy.exe
  C:\Windows\System\ftQUsDy.exe
  2⤵
  PID:8356
- C:\Windows\System\yRBhawU.exe
  C:\Windows\System\yRBhawU.exe
  2⤵
  PID:8376
- C:\Windows\System\pgtzycE.exe
  C:\Windows\System\pgtzycE.exe
  2⤵
  PID:8392
- C:\Windows\System\vDVSwzc.exe
  C:\Windows\System\vDVSwzc.exe
  2⤵
  PID:8408
- C:\Windows\System\szfykPM.exe
  C:\Windows\System\szfykPM.exe
  2⤵
  PID:8456
- C:\Windows\System\PTXmsGo.exe
  C:\Windows\System\PTXmsGo.exe
  2⤵
  PID:8472
- C:\Windows\System\fBYIvNy.exe
  C:\Windows\System\fBYIvNy.exe
  2⤵
  PID:8488
- C:\Windows\System\ioWlpDA.exe
  C:\Windows\System\ioWlpDA.exe
  2⤵
  PID:8504
- C:\Windows\System\amwucBN.exe
  C:\Windows\System\amwucBN.exe
  2⤵
  PID:8520
- C:\Windows\System\ycWtMaA.exe
  C:\Windows\System\ycWtMaA.exe
  2⤵
  PID:8536
- C:\Windows\System\pyTcQIj.exe
  C:\Windows\System\pyTcQIj.exe
  2⤵
  PID:8552
- C:\Windows\System\OSkrMnk.exe
  C:\Windows\System\OSkrMnk.exe
  2⤵
  PID:8568
- C:\Windows\System\XvfGSId.exe
  C:\Windows\System\XvfGSId.exe
  2⤵
  PID:8584
- C:\Windows\System\mizatgo.exe
  C:\Windows\System\mizatgo.exe
  2⤵
  PID:8600
- C:\Windows\System\jtMiQRp.exe
  C:\Windows\System\jtMiQRp.exe
  2⤵
  PID:8616
- C:\Windows\System\XZIVCJN.exe
  C:\Windows\System\XZIVCJN.exe
  2⤵
  PID:8636
- C:\Windows\System\AonghlJ.exe
  C:\Windows\System\AonghlJ.exe
  2⤵
  PID:8652
- C:\Windows\System\cPauYCc.exe
  C:\Windows\System\cPauYCc.exe
  2⤵
  PID:8668
- C:\Windows\System\cXrblls.exe
  C:\Windows\System\cXrblls.exe
  2⤵
  PID:8700
- C:\Windows\System\PmodJar.exe
  C:\Windows\System\PmodJar.exe
  2⤵
  PID:8740
- C:\Windows\System\NWCNNBU.exe
  C:\Windows\System\NWCNNBU.exe
  2⤵
  PID:8756
- C:\Windows\System\dhSNzHo.exe
  C:\Windows\System\dhSNzHo.exe
  2⤵
  PID:8772
- C:\Windows\System\gWDXVcR.exe
  C:\Windows\System\gWDXVcR.exe
  2⤵
  PID:8824
- C:\Windows\System\ipWnpWf.exe
  C:\Windows\System\ipWnpWf.exe
  2⤵
  PID:8840
- C:\Windows\System\MPNLiTm.exe
  C:\Windows\System\MPNLiTm.exe
  2⤵
  PID:8856
- C:\Windows\System\HubskaV.exe
  C:\Windows\System\HubskaV.exe
  2⤵
  PID:8872
- C:\Windows\System\MoxKHOb.exe
  C:\Windows\System\MoxKHOb.exe
  2⤵
  PID:8888
- C:\Windows\System\BczITAM.exe
  C:\Windows\System\BczITAM.exe
  2⤵
  PID:8904
- C:\Windows\System\AIeCHNv.exe
  C:\Windows\System\AIeCHNv.exe
  2⤵
  PID:8920
- C:\Windows\System\JOvfJed.exe
  C:\Windows\System\JOvfJed.exe
  2⤵
  PID:8936
- C:\Windows\System\sUCOwcL.exe
  C:\Windows\System\sUCOwcL.exe
  2⤵
  PID:8952
- C:\Windows\System\tfDTDvx.exe
  C:\Windows\System\tfDTDvx.exe
  2⤵
  PID:8968
- C:\Windows\System\eAXYNjv.exe
  C:\Windows\System\eAXYNjv.exe
  2⤵
  PID:8984
- C:\Windows\System\VAJRgYh.exe
  C:\Windows\System\VAJRgYh.exe
  2⤵
  PID:9000
- C:\Windows\System\uZVeDsA.exe
  C:\Windows\System\uZVeDsA.exe
  2⤵
  PID:9016
- C:\Windows\System\XYymgOg.exe
  C:\Windows\System\XYymgOg.exe
  2⤵
  PID:9044
- C:\Windows\System\JaYljVP.exe
  C:\Windows\System\JaYljVP.exe
  2⤵
  PID:9064
- C:\Windows\System\qnOHFLO.exe
  C:\Windows\System\qnOHFLO.exe
  2⤵
  PID:9108
- C:\Windows\System\yPTSOkV.exe
  C:\Windows\System\yPTSOkV.exe
  2⤵
  PID:9132
- C:\Windows\System\xkQXVWj.exe
  C:\Windows\System\xkQXVWj.exe
  2⤵
  PID:9176
- C:\Windows\System\KLvLVJF.exe
  C:\Windows\System\KLvLVJF.exe
  2⤵
  PID:9208
- C:\Windows\System\OiJKARc.exe
  C:\Windows\System\OiJKARc.exe
  2⤵
  PID:7536
- C:\Windows\System\EcDyqLS.exe
  C:\Windows\System\EcDyqLS.exe
  2⤵
  PID:7800
- C:\Windows\System\OJfFCQE.exe
  C:\Windows\System\OJfFCQE.exe
  2⤵
  PID:2380
- C:\Windows\System\EaSlJbw.exe
  C:\Windows\System\EaSlJbw.exe
  2⤵
  PID:8032
- C:\Windows\System\zlmRfKS.exe
  C:\Windows\System\zlmRfKS.exe
  2⤵
  PID:3988
- C:\Windows\System\wVrcWWS.exe
  C:\Windows\System\wVrcWWS.exe
  2⤵
  PID:2988
- C:\Windows\System\dvDfXPE.exe
  C:\Windows\System\dvDfXPE.exe
  2⤵
  PID:8156
- C:\Windows\System\MYCYEBN.exe
  C:\Windows\System\MYCYEBN.exe
  2⤵
  PID:6048
- C:\Windows\System\VcgdorB.exe
  C:\Windows\System\VcgdorB.exe
  2⤵
  PID:7204
- C:\Windows\System\AMkQSEq.exe
  C:\Windows\System\AMkQSEq.exe
  2⤵
  PID:8196
- C:\Windows\System\cQWIaqu.exe
  C:\Windows\System\cQWIaqu.exe
  2⤵
  PID:8228
- C:\Windows\System\xPpTTEJ.exe
  C:\Windows\System\xPpTTEJ.exe
  2⤵
  PID:8248
- C:\Windows\System\RpwRKzb.exe
  C:\Windows\System\RpwRKzb.exe
  2⤵
  PID:8264
- C:\Windows\System\UkiFKNx.exe
  C:\Windows\System\UkiFKNx.exe
  2⤵
  PID:8284
- C:\Windows\System\iIkOTzf.exe
  C:\Windows\System\iIkOTzf.exe
  2⤵
  PID:8320
- C:\Windows\System\GPPuFuj.exe
  C:\Windows\System\GPPuFuj.exe
  2⤵
  PID:8348
- C:\Windows\System\JcniWfZ.exe
  C:\Windows\System\JcniWfZ.exe
  2⤵
  PID:8384
- C:\Windows\System\EysAWcX.exe
  C:\Windows\System\EysAWcX.exe
  2⤵
  PID:8416
- C:\Windows\System\VwRhGSA.exe
  C:\Windows\System\VwRhGSA.exe
  2⤵
  PID:8428
- C:\Windows\System\yRWTXXA.exe
  C:\Windows\System\yRWTXXA.exe
  2⤵
  PID:8452
- C:\Windows\System\eRLBCDy.exe
  C:\Windows\System\eRLBCDy.exe
  2⤵
  PID:4988
- C:\Windows\System\PrTfxHk.exe
  C:\Windows\System\PrTfxHk.exe
  2⤵
  PID:8500
- C:\Windows\System\pHWazWX.exe
  C:\Windows\System\pHWazWX.exe
  2⤵
  PID:8532
- C:\Windows\System\kfxjlDf.exe
  C:\Windows\System\kfxjlDf.exe
  2⤵
  PID:8560
- C:\Windows\System\DOQaaWF.exe
  C:\Windows\System\DOQaaWF.exe
  2⤵
  PID:8592
- C:\Windows\System\BPbgADn.exe
  C:\Windows\System\BPbgADn.exe
  2⤵
  PID:8768
- C:\Windows\System\mclEPzj.exe
  C:\Windows\System\mclEPzj.exe
  2⤵
  PID:8804
- C:\Windows\System\oLyEQAY.exe
  C:\Windows\System\oLyEQAY.exe
  2⤵
  PID:2668
- C:\Windows\System\SmyKkea.exe
  C:\Windows\System\SmyKkea.exe
  2⤵
  PID:8832
- C:\Windows\System\kRgaKVB.exe
  C:\Windows\System\kRgaKVB.exe
  2⤵
  PID:8848
- C:\Windows\System\hnVCWKu.exe
  C:\Windows\System\hnVCWKu.exe
  2⤵
  PID:8852
- C:\Windows\System\BNjSsBv.exe
  C:\Windows\System\BNjSsBv.exe
  2⤵
  PID:8896
- C:\Windows\System\pmBjbIC.exe
  C:\Windows\System\pmBjbIC.exe
  2⤵
  PID:8912
- C:\Windows\System\qNipMax.exe
  C:\Windows\System\qNipMax.exe
  2⤵
  PID:2208
- C:\Windows\System\CoZhKrX.exe
  C:\Windows\System\CoZhKrX.exe
  2⤵
  PID:8944
- C:\Windows\System\KnVHVRb.exe
  C:\Windows\System\KnVHVRb.exe
  2⤵
  PID:8992
- C:\Windows\System\FrKZOGZ.exe
  C:\Windows\System\FrKZOGZ.exe
  2⤵
  PID:2344
- C:\Windows\System\vqhOmDr.exe
  C:\Windows\System\vqhOmDr.exe
  2⤵
  PID:9024
- C:\Windows\System\FyvcSot.exe
  C:\Windows\System\FyvcSot.exe
  2⤵
  PID:1676
- C:\Windows\System\DTVOxkR.exe
  C:\Windows\System\DTVOxkR.exe
  2⤵
  PID:9056
- C:\Windows\System\CCOgbgL.exe
  C:\Windows\System\CCOgbgL.exe
  2⤵
  PID:1184
- C:\Windows\System\gErLnAl.exe
  C:\Windows\System\gErLnAl.exe
  2⤵
  PID:9088
- C:\Windows\System\iuYuECu.exe
  C:\Windows\System\iuYuECu.exe
  2⤵
  PID:2292
- C:\Windows\System\yQcXOeB.exe
  C:\Windows\System\yQcXOeB.exe
  2⤵
  PID:1588
- C:\Windows\System\saMtoUm.exe
  C:\Windows\System\saMtoUm.exe
  2⤵
  PID:9116
- C:\Windows\System\NnjVZUV.exe
  C:\Windows\System\NnjVZUV.exe
  2⤵
  PID:1704
- C:\Windows\System\acLpMTu.exe
  C:\Windows\System\acLpMTu.exe
  2⤵
  PID:1544
- C:\Windows\System\lFkuUNV.exe
  C:\Windows\System\lFkuUNV.exe
  2⤵
  PID:9152
- C:\Windows\System\zpKCowh.exe
  C:\Windows\System\zpKCowh.exe
  2⤵
  PID:1812
- C:\Windows\System\idIIXBE.exe
  C:\Windows\System\idIIXBE.exe
  2⤵
  PID:1384
- C:\Windows\System\eKZeHpf.exe
  C:\Windows\System\eKZeHpf.exe
  2⤵
  PID:1256
- C:\Windows\System\HZEuGgx.exe
  C:\Windows\System\HZEuGgx.exe
  2⤵
  PID:1012
- C:\Windows\System\QYdymLF.exe
  C:\Windows\System\QYdymLF.exe
  2⤵
  PID:7436
- C:\Windows\System\FIlWRPL.exe
  C:\Windows\System\FIlWRPL.exe
  2⤵
  PID:7288
- C:\Windows\System\VEsFGJP.exe
  C:\Windows\System\VEsFGJP.exe
  2⤵
  PID:4024
- C:\Windows\System\SxJzSsH.exe
  C:\Windows\System\SxJzSsH.exe
  2⤵
  PID:8304
- C:\Windows\System\kPVVEdz.exe
  C:\Windows\System\kPVVEdz.exe
  2⤵
  PID:7188
- C:\Windows\System\jZWwTBX.exe
  C:\Windows\System\jZWwTBX.exe
  2⤵
  PID:8424
- C:\Windows\System\JXbAVHh.exe
  C:\Windows\System\JXbAVHh.exe
  2⤵
  PID:8036
- C:\Windows\System\dmYAQgO.exe
  C:\Windows\System\dmYAQgO.exe
  2⤵
  PID:2852
- C:\Windows\System\HkuudPn.exe
  C:\Windows\System\HkuudPn.exe
  2⤵
  PID:8288
- C:\Windows\System\mfaRytg.exe
  C:\Windows\System\mfaRytg.exe
  2⤵
  PID:8436
- C:\Windows\System\NhrRnTa.exe
  C:\Windows\System\NhrRnTa.exe
  2⤵
  PID:8576
- C:\Windows\System\OrIVbQL.exe
  C:\Windows\System\OrIVbQL.exe
  2⤵
  PID:4992
- C:\Windows\System\hRfxktq.exe
  C:\Windows\System\hRfxktq.exe
  2⤵
  PID:8548
- C:\Windows\System\lHLzZpa.exe
  C:\Windows\System\lHLzZpa.exe
  2⤵
  PID:8660
- C:\Windows\System\JzjIduN.exe
  C:\Windows\System\JzjIduN.exe
  2⤵
  PID:8716
- C:\Windows\System\RNxVmer.exe
  C:\Windows\System\RNxVmer.exe
  2⤵
  PID:8732
- C:\Windows\System\LLJiuOL.exe
  C:\Windows\System\LLJiuOL.exe
  2⤵
  PID:8680
- C:\Windows\System\WxkjYne.exe
  C:\Windows\System\WxkjYne.exe
  2⤵
  PID:9192
- C:\Windows\System\OYvHbnG.exe
  C:\Windows\System\OYvHbnG.exe
  2⤵
  PID:8784
- C:\Windows\System\GGZOUlX.exe
  C:\Windows\System\GGZOUlX.exe
  2⤵
  PID:2700
- C:\Windows\System\tVlOKlV.exe
  C:\Windows\System\tVlOKlV.exe
  2⤵
  PID:8836
- C:\Windows\System\EezPBxI.exe
  C:\Windows\System\EezPBxI.exe
  2⤵
  PID:8932
- C:\Windows\System\tjycLpz.exe
  C:\Windows\System\tjycLpz.exe
  2⤵
  PID:2072
- C:\Windows\System\iVmqNrY.exe
  C:\Windows\System\iVmqNrY.exe
  2⤵
  PID:3012
- C:\Windows\System\nZMWOdI.exe
  C:\Windows\System\nZMWOdI.exe
  2⤵
  PID:2708
- C:\Windows\System\BxyIbOQ.exe
  C:\Windows\System\BxyIbOQ.exe
  2⤵
  PID:9008
- C:\Windows\System\bZvXzen.exe
  C:\Windows\System\bZvXzen.exe
  2⤵
  PID:1960
- C:\Windows\System\UTRTZLH.exe
  C:\Windows\System\UTRTZLH.exe
  2⤵
  PID:1748
- C:\Windows\System\ZHJdbfE.exe
  C:\Windows\System\ZHJdbfE.exe
  2⤵
  PID:9080
- C:\Windows\System\yrIaKcL.exe
  C:\Windows\System\yrIaKcL.exe
  2⤵
  PID:2056
- C:\Windows\System\trdIedT.exe
  C:\Windows\System\trdIedT.exe
  2⤵
  PID:9204
- C:\Windows\System\LQsixGk.exe
  C:\Windows\System\LQsixGk.exe
  2⤵
  PID:1784
- C:\Windows\System\epQWNjy.exe
  C:\Windows\System\epQWNjy.exe
  2⤵
  PID:1884
- C:\Windows\System\yNeHIIF.exe
  C:\Windows\System\yNeHIIF.exe
  2⤵
  PID:7976
- C:\Windows\System\xwwpyhn.exe
  C:\Windows\System\xwwpyhn.exe
  2⤵
  PID:9188
- C:\Windows\System\nlIeOJy.exe
  C:\Windows\System\nlIeOJy.exe
  2⤵
  PID:8208
- C:\Windows\System\IAsKQfo.exe
  C:\Windows\System\IAsKQfo.exe
  2⤵
  PID:8372
- C:\Windows\System\MZLIZXp.exe
  C:\Windows\System\MZLIZXp.exe
  2⤵
  PID:8240
- C:\Windows\System\GVCpmbt.exe
  C:\Windows\System\GVCpmbt.exe
  2⤵
  PID:8468
- C:\Windows\System\oUoVaUG.exe
  C:\Windows\System\oUoVaUG.exe
  2⤵
  PID:8544
- C:\Windows\System\vLLpcGt.exe
  C:\Windows\System\vLLpcGt.exe
  2⤵
  PID:1208
- C:\Windows\System\wdaDmgD.exe
  C:\Windows\System\wdaDmgD.exe
  2⤵
  PID:2324
- C:\Windows\System\ddEaalW.exe
  C:\Windows\System\ddEaalW.exe
  2⤵
  PID:8964
- C:\Windows\System\CHYnUea.exe
  C:\Windows\System\CHYnUea.exe
  2⤵
  PID:8336
- C:\Windows\System\EJhEIOw.exe
  C:\Windows\System\EJhEIOw.exe
  2⤵
  PID:8708
- C:\Windows\System\CaLGLAX.exe
  C:\Windows\System\CaLGLAX.exe
  2⤵
  PID:8812
- C:\Windows\System\JaQWeYs.exe
  C:\Windows\System\JaQWeYs.exe
  2⤵
  PID:8648
- C:\Windows\System\EwYPpQc.exe
  C:\Windows\System\EwYPpQc.exe
  2⤵
  PID:8800
- C:\Windows\System\infoCAe.exe
  C:\Windows\System\infoCAe.exe
  2⤵
  PID:8676
- C:\Windows\System\WZDoifo.exe
  C:\Windows\System\WZDoifo.exe
  2⤵
  PID:3060
- C:\Windows\System\FOIbCgp.exe
  C:\Windows\System\FOIbCgp.exe
  2⤵
  PID:2836
- C:\Windows\System\YBCkJxS.exe
  C:\Windows\System\YBCkJxS.exe
  2⤵
  PID:1928
- C:\Windows\System\tCTcDWQ.exe
  C:\Windows\System\tCTcDWQ.exe
  2⤵
  PID:9052
- C:\Windows\System\ljGnscT.exe
  C:\Windows\System\ljGnscT.exe
  2⤵
  PID:9140
- C:\Windows\System\SAwZAQg.exe
  C:\Windows\System\SAwZAQg.exe
  2⤵
  PID:8268
- C:\Windows\System\mmXHJaY.exe
  C:\Windows\System\mmXHJaY.exe
  2⤵
  PID:2828
- C:\Windows\System\FexycKt.exe
  C:\Windows\System\FexycKt.exe
  2⤵
  PID:8696
- C:\Windows\System\WRhhDGs.exe
  C:\Windows\System\WRhhDGs.exe
  2⤵
  PID:1684
- C:\Windows\System\HSSYWQL.exe
  C:\Windows\System\HSSYWQL.exe
  2⤵
  PID:2200
- C:\Windows\System\Xzmlyhl.exe
  C:\Windows\System\Xzmlyhl.exe
  2⤵
  PID:8752
- C:\Windows\System\TSuGfRr.exe
  C:\Windows\System\TSuGfRr.exe
  2⤵
  PID:9104
- C:\Windows\System\GmMyvFX.exe
  C:\Windows\System\GmMyvFX.exe
  2⤵
  PID:8996
- C:\Windows\System\CiXWUdt.exe
  C:\Windows\System\CiXWUdt.exe
  2⤵
  PID:8788
- C:\Windows\System\FKaIrOp.exe
  C:\Windows\System\FKaIrOp.exe
  2⤵
  PID:9124
- C:\Windows\System\VeVhSbN.exe
  C:\Windows\System\VeVhSbN.exe
  2⤵
  PID:9072
- C:\Windows\System\fVAlDcO.exe
  C:\Windows\System\fVAlDcO.exe
  2⤵
  PID:7692
- C:\Windows\System\EhLURVW.exe
  C:\Windows\System\EhLURVW.exe
  2⤵
  PID:9220
- C:\Windows\System\PKxGjeI.exe
  C:\Windows\System\PKxGjeI.exe
  2⤵
  PID:9236
- C:\Windows\System\SwlIdOw.exe
  C:\Windows\System\SwlIdOw.exe
  2⤵
  PID:9252
- C:\Windows\System\eNdnaYy.exe
  C:\Windows\System\eNdnaYy.exe
  2⤵
  PID:9268
- C:\Windows\System\azkgwWw.exe
  C:\Windows\System\azkgwWw.exe
  2⤵
  PID:9312
- C:\Windows\System\RsdmqGQ.exe
  C:\Windows\System\RsdmqGQ.exe
  2⤵
  PID:9328
- C:\Windows\System\Thteock.exe
  C:\Windows\System\Thteock.exe
  2⤵
  PID:9348
- C:\Windows\System\WEBvfxC.exe
  C:\Windows\System\WEBvfxC.exe
  2⤵
  PID:9368
- C:\Windows\System\SZkkBRt.exe
  C:\Windows\System\SZkkBRt.exe
  2⤵
  PID:9384
- C:\Windows\System\ozVUQjO.exe
  C:\Windows\System\ozVUQjO.exe
  2⤵
  PID:9400
- C:\Windows\System\kYxGygr.exe
  C:\Windows\System\kYxGygr.exe
  2⤵
  PID:9420
- C:\Windows\System\TEdVUYr.exe
  C:\Windows\System\TEdVUYr.exe
  2⤵
  PID:9436
- C:\Windows\System\YOMKOsW.exe
  C:\Windows\System\YOMKOsW.exe
  2⤵
  PID:9460
- C:\Windows\System\RcYMuRu.exe
  C:\Windows\System\RcYMuRu.exe
  2⤵
  PID:9476
- C:\Windows\System\FRJrAMZ.exe
  C:\Windows\System\FRJrAMZ.exe
  2⤵
  PID:9512
- C:\Windows\System\TyDFuvg.exe
  C:\Windows\System\TyDFuvg.exe
  2⤵
  PID:9532
- C:\Windows\System\pjSaOIp.exe
  C:\Windows\System\pjSaOIp.exe
  2⤵
  PID:9548
- C:\Windows\System\mXXwEjO.exe
  C:\Windows\System\mXXwEjO.exe
  2⤵
  PID:9564
- C:\Windows\System\tsaiiqL.exe
  C:\Windows\System\tsaiiqL.exe
  2⤵
  PID:9584
- C:\Windows\System\vEFBkka.exe
  C:\Windows\System\vEFBkka.exe
  2⤵
  PID:9600
- C:\Windows\System\zLGiCnd.exe
  C:\Windows\System\zLGiCnd.exe
  2⤵
  PID:9616
- C:\Windows\System\eATyxUH.exe
  C:\Windows\System\eATyxUH.exe
  2⤵
  PID:9640
- C:\Windows\System\LpGmana.exe
  C:\Windows\System\LpGmana.exe
  2⤵
  PID:9664
- C:\Windows\System\djdOSrW.exe
  C:\Windows\System\djdOSrW.exe
  2⤵
  PID:9688
- C:\Windows\System\CNqEnGU.exe
  C:\Windows\System\CNqEnGU.exe
  2⤵
  PID:9708
- C:\Windows\System\zqisotn.exe
  C:\Windows\System\zqisotn.exe
  2⤵
  PID:9728
- C:\Windows\System\JxrBSGN.exe
  C:\Windows\System\JxrBSGN.exe
  2⤵
  PID:9744
- C:\Windows\System\csOgagL.exe
  C:\Windows\System\csOgagL.exe
  2⤵
  PID:9764
- C:\Windows\System\djOtwGM.exe
  C:\Windows\System\djOtwGM.exe
  2⤵
  PID:9780
- C:\Windows\System\vkWflrl.exe
  C:\Windows\System\vkWflrl.exe
  2⤵
  PID:9800
- C:\Windows\System\roITThX.exe
  C:\Windows\System\roITThX.exe
  2⤵
  PID:9816
- C:\Windows\System\Zttgyll.exe
  C:\Windows\System\Zttgyll.exe
  2⤵
  PID:9832
- C:\Windows\System\agArQtc.exe
  C:\Windows\System\agArQtc.exe
  2⤵
  PID:9852
- C:\Windows\System\nFWKjDN.exe
  C:\Windows\System\nFWKjDN.exe
  2⤵
  PID:9872
- C:\Windows\System\EvAwIaK.exe
  C:\Windows\System\EvAwIaK.exe
  2⤵
  PID:9896
- C:\Windows\System\fOGkjQd.exe
  C:\Windows\System\fOGkjQd.exe
  2⤵
  PID:9916
- C:\Windows\System\BAQsMaF.exe
  C:\Windows\System\BAQsMaF.exe
  2⤵
  PID:9932
- C:\Windows\System\jncTpEL.exe
  C:\Windows\System\jncTpEL.exe
  2⤵
  PID:9956
- C:\Windows\System\lDnQrsd.exe
  C:\Windows\System\lDnQrsd.exe
  2⤵
  PID:9976
- C:\Windows\System\ofQiEag.exe
  C:\Windows\System\ofQiEag.exe
  2⤵
  PID:10004
- C:\Windows\System\XnhXFqp.exe
  C:\Windows\System\XnhXFqp.exe
  2⤵
  PID:10028
- C:\Windows\System\pAEQzgh.exe
  C:\Windows\System\pAEQzgh.exe
  2⤵
  PID:10048
- C:\Windows\System\yqCuySo.exe
  C:\Windows\System\yqCuySo.exe
  2⤵
  PID:10064
- C:\Windows\System\nrzHOEy.exe
  C:\Windows\System\nrzHOEy.exe
  2⤵
  PID:10088
- C:\Windows\System\XivlXPU.exe
  C:\Windows\System\XivlXPU.exe
  2⤵
  PID:10104
- C:\Windows\System\WyMUHeM.exe
  C:\Windows\System\WyMUHeM.exe
  2⤵
  PID:10124
- C:\Windows\System\JOfzSIk.exe
  C:\Windows\System\JOfzSIk.exe
  2⤵
  PID:10140
- C:\Windows\System\lRidofw.exe
  C:\Windows\System\lRidofw.exe
  2⤵
  PID:10160
- C:\Windows\System\yFMPRai.exe
  C:\Windows\System\yFMPRai.exe
  2⤵
  PID:10176
- C:\Windows\System\myuiVzf.exe
  C:\Windows\System\myuiVzf.exe
  2⤵
  PID:10192
- C:\Windows\System\DPhTuKv.exe
  C:\Windows\System\DPhTuKv.exe
  2⤵
  PID:10208
- C:\Windows\System\VzkMVym.exe
  C:\Windows\System\VzkMVym.exe
  2⤵
  PID:10224
- C:\Windows\System\YPpzeyk.exe
  C:\Windows\System\YPpzeyk.exe
  2⤵
  PID:9200
- C:\Windows\System\SKiJpth.exe
  C:\Windows\System\SKiJpth.exe
  2⤵
  PID:8140
- C:\Windows\System\EidaYdJ.exe
  C:\Windows\System\EidaYdJ.exe
  2⤵
  PID:9264
- C:\Windows\System\XfjzTse.exe
  C:\Windows\System\XfjzTse.exe
  2⤵
  PID:9248
- C:\Windows\System\jgbinzE.exe
  C:\Windows\System\jgbinzE.exe
  2⤵
  PID:9292
- C:\Windows\System\fMukDqG.exe
  C:\Windows\System\fMukDqG.exe
  2⤵
  PID:9308
- C:\Windows\System\mkXcOlY.exe
  C:\Windows\System\mkXcOlY.exe
  2⤵
  PID:9324
- C:\Windows\System\MJUwTqi.exe
  C:\Windows\System\MJUwTqi.exe
  2⤵
  PID:9360
- C:\Windows\System\VDykrAR.exe
  C:\Windows\System\VDykrAR.exe
  2⤵
  PID:9376
- C:\Windows\System\jRBEmzE.exe
  C:\Windows\System\jRBEmzE.exe
  2⤵
  PID:9416
- C:\Windows\System\rfUVarW.exe
  C:\Windows\System\rfUVarW.exe
  2⤵
  PID:9452
- C:\Windows\System\XUsaLMj.exe
  C:\Windows\System\XUsaLMj.exe
  2⤵
  PID:9504
- C:\Windows\System\glkCLKN.exe
  C:\Windows\System\glkCLKN.exe
  2⤵
  PID:9544
- C:\Windows\System\GKtBbZJ.exe
  C:\Windows\System\GKtBbZJ.exe
  2⤵
  PID:9592
- C:\Windows\System\UdaJXVX.exe
  C:\Windows\System\UdaJXVX.exe
  2⤵
  PID:9612
- C:\Windows\System\bczdhDK.exe
  C:\Windows\System\bczdhDK.exe
  2⤵
  PID:9656
- C:\Windows\System\GcihQlx.exe
  C:\Windows\System\GcihQlx.exe
  2⤵
  PID:9676
- C:\Windows\System\wHjhGqM.exe
  C:\Windows\System\wHjhGqM.exe
  2⤵
  PID:9684
- C:\Windows\System\olihLXS.exe
  C:\Windows\System\olihLXS.exe
  2⤵
  PID:9720
- C:\Windows\System\tKtfSVq.exe
  C:\Windows\System\tKtfSVq.exe
  2⤵
  PID:9756
- C:\Windows\System\AcBjXYh.exe
  C:\Windows\System\AcBjXYh.exe
  2⤵
  PID:9740
- C:\Windows\System\UdUHlwq.exe
  C:\Windows\System\UdUHlwq.exe
  2⤵
  PID:9864
- C:\Windows\System\OFDClqm.exe
  C:\Windows\System\OFDClqm.exe
  2⤵
  PID:9904
- C:\Windows\System\nwiqjVo.exe
  C:\Windows\System\nwiqjVo.exe
  2⤵
  PID:9844
- C:\Windows\System\HSJioVV.exe
  C:\Windows\System\HSJioVV.exe
  2⤵
  PID:9944
- C:\Windows\System\FxwkrfO.exe
  C:\Windows\System\FxwkrfO.exe
  2⤵
  PID:9928
- C:\Windows\System\VWdNtKj.exe
  C:\Windows\System\VWdNtKj.exe
  2⤵
  PID:9884
- C:\Windows\System\sxKcHmt.exe
  C:\Windows\System\sxKcHmt.exe
  2⤵
  PID:10000
- C:\Windows\System\tOPJlWA.exe
  C:\Windows\System\tOPJlWA.exe
  2⤵
  PID:9892
- C:\Windows\System\PMoycJO.exe
  C:\Windows\System\PMoycJO.exe
  2⤵
  PID:10056
- C:\Windows\System\tAInnGE.exe
  C:\Windows\System\tAInnGE.exe
  2⤵
  PID:10132
- C:\Windows\System\HYeMrEl.exe
  C:\Windows\System\HYeMrEl.exe
  2⤵
  PID:8628
- C:\Windows\System\XtbyzNa.exe
  C:\Windows\System\XtbyzNa.exe
  2⤵
  PID:10172
- C:\Windows\System\GYdqGJH.exe
  C:\Windows\System\GYdqGJH.exe
  2⤵
  PID:7552
- C:\Windows\System\tEHeuPM.exe
  C:\Windows\System\tEHeuPM.exe
  2⤵
  PID:9340
- C:\Windows\System\uGaBqyv.exe
  C:\Windows\System\uGaBqyv.exe
  2⤵
  PID:9408
- C:\Windows\System\mnDMeAh.exe
  C:\Windows\System\mnDMeAh.exe
  2⤵
  PID:9576
- C:\Windows\System\MsihLso.exe
  C:\Windows\System\MsihLso.exe
  2⤵
  PID:9652
- C:\Windows\System\cbiIjsp.exe
  C:\Windows\System\cbiIjsp.exe
  2⤵
  PID:9760
- C:\Windows\System\NTHCSSV.exe
  C:\Windows\System\NTHCSSV.exe
  2⤵
  PID:9488
- C:\Windows\System\MtHwUnE.exe
  C:\Windows\System\MtHwUnE.exe
  2⤵
  PID:9556
- C:\Windows\System\TZtGGAK.exe
  C:\Windows\System\TZtGGAK.exe
  2⤵
  PID:9860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BCWqhfj.exe

Filesize
6.0MB

MD5
cd66b7c397d07a480558868dd65dca87

SHA1
8ae82f09ac32a7d05d4f0e5da76831d4c0cf531e

SHA256
705f47f6b45062766bddea98f50abc83202f44bde6736e86507fc5d7eab1d4f0

SHA512
0fe86f1eaac86e52efabb4727ce22430bd8695f9252a634adfcc8ec52a63712c02d336a1cc4d265c3977b48762ec4e071cefd32f8f6eec5c98076aa5cbd37c6c

Download Submit
C:\Windows\system\DeLjkqO.exe

Filesize
6.0MB

MD5
7c4a9836fb7acf99b1328c9dc6c5b25a

SHA1
ee011de661fed397f81418e8e6f20f8a02b6f7ac

SHA256
22c2b73f2df209abdd4f26e30c4d6069d558065c30742deee4679d4a73ec174f

SHA512
d64afecea6ba05ad61d00142ae571c2967b55176e03d0dd770e5cf4cbb94643b4fa5f2a5f77d2f9f959313e0cb020d9bc0e7f35a2baa6a4b40911db8007b8624

Download Submit
C:\Windows\system\EKyxfPH.exe

Filesize
6.0MB

MD5
a13b62f654d12870f4555d9aeb81c231

SHA1
a4b900c73a11ed48261ba129cfabcb03f7426899

SHA256
0b9a676c47f1b9548962a6a3cf604377b16264e506eb78075e53675baea10cbc

SHA512
2555e46e177da38d34ffac72cc88b19c5924403e746ff250db94a79defa5190a5ee7797d5004264691caa34440e1fb8e7bea816d0a72a4340239992624633f7d

Download Submit
C:\Windows\system\EqSOXsC.exe

Filesize
6.0MB

MD5
943fe5f59dca6bbde0f3ba0915cf7ec0

SHA1
05f3b5898c5e96299f0566f2cea8ca36513fd86e

SHA256
ac290f3dec2d770b169a051b9cd4635bdd4c25eaa8fcb29e61d4ceb5d821ae3d

SHA512
2aa638bf16eb09b650c3deb5ddbe5aa8f60f32594ed5954fb6bc560673edc4471d10890f908867ceaa11727419e8798a85828b39f5708ee8a977880bca57725d

Download Submit
C:\Windows\system\GVcephB.exe

Filesize
6.0MB

MD5
75e76f81b6dcd2cb6eb53995fb2ec747

SHA1
b9ce2c7fefd144fbf846423f0d902cd39b3a422d

SHA256
7850c2444aa9b59805a930ba33478a6598108185fe40b1627edf120a4c47b8b9

SHA512
f6ce3fdc57134e662de3c4cb44994e01ecbb5e0fc2f7034e52545680462af3fd220073bdf7ae5475f92d217327dd78ab0bb3d8aa924e4482cd33e72c7fb8d4df

Download Submit
C:\Windows\system\HpECEoy.exe

Filesize
6.0MB

MD5
325a5030b695c6d8527388cc871d13f3

SHA1
3bc7175efc26f1a335054477c4e5c370801fe025

SHA256
ec0f9665c514b5e2f423a6729f41524b99df5c156c628d7b1aff7c760f2f4896

SHA512
ea75155ecb8f2b6229811046a924860d02720ebaaf2d0d07987761f8e45951c7542a8eb7a7298750ed324e0e9a9d9ddcebd359614d70b7295b215814e8d3acf4

Download Submit
C:\Windows\system\IZdOvTp.exe

Filesize
6.0MB

MD5
ef7e65f7f5d6201e006ff002a9058992

SHA1
9532c3ceae359b098033739fd6baf180ee7f6119

SHA256
f426ddfa43d56270e98d48e330a9a1194a7e78943ee138a4c38ce831ad04181b

SHA512
69e34efbf04397a107513a98899b8ea06662220c524308d12f3ddd048fdec3bf0bff84a78179896dcd8d38189d58fbbb29ba152132a9b1a81e88e877e0ec0fa9

Download Submit
C:\Windows\system\MAmjLPe.exe

Filesize
6.0MB

MD5
bb38983faa6e4f29d7f3e98e69f2cef8

SHA1
d68a5a5c6dfc2c5e7914b16e539622f4bdf38856

SHA256
4a3fa10fa21762041e49dbe86942e2da6a184fa1c168691fe09ddb211a76254b

SHA512
308513eddc858bdc5c219e06841f7a0037b896c121e79602b266318d930d0e6d76bd6aeb65e3782d5b0d16f47747c39a24a6854c62cda5c9eb9f571aa3c856ff

Download Submit
C:\Windows\system\MRbWJoT.exe

Filesize
6.0MB

MD5
fdc6e11988b9897acca17ccffdd7f68a

SHA1
a6f086307ef2ad2c5e0505a364dd1fd962fcb3b0

SHA256
84068f00cc4c9b64baf6b3dfba4e00754798f5e304558e29f278e4abeb91f208

SHA512
c45edfff2e48c605bc7e73df5203c836e4c2845a5cf1f0df462e80da02b7527ecaf9e19e3a656e9e744b143be06c5a1d201cd94aab0b3dff641781f339e6b081

Download Submit
C:\Windows\system\OPBghIt.exe

Filesize
6.0MB

MD5
3205da30f80c042c02a16d0ab08c2c2f

SHA1
2306349ac0ecb99b0f35499ec021fc8837219a4f

SHA256
12d9ea95b5bc2a4642f161701af1ec057148f17a8569ca7b713d0b2a58a13843

SHA512
dd5f3009277768a9567fd4aec348130c7a34f695b16ddcb07f819cab72f9034c5abf546451cb85b44101eb115fef2b2d892f341fafe9d9f8241fb9e19c7569f1

Download Submit
C:\Windows\system\OYfcBfr.exe

Filesize
6.0MB

MD5
ce05ae121d54751a4b1cdf119919e71e

SHA1
152827a9627462b2a1b2526242fe584057ee28f6

SHA256
0306e81463738631e6eb3403720ee89f711d9ccdb8d183c857041c60bf73268e

SHA512
529ecc114df0c19f1eb6596c8bedeaa8f0e274d434da45da358167c3e1b9ab02ebbbb5b716ebee13a38abb6c6caa537e1c28fcb957826a9dff8bb060b4f2c1cc

Download Submit
C:\Windows\system\OcjTSda.exe

Filesize
6.0MB

MD5
8e629495f5d4f199a08927ea2b61ccb6

SHA1
6b3f0bbbafd2f5b96cf580a181328b71fe81d6aa

SHA256
435b59a23d7d5c2fc0a83763c87eccb3d9064013e54c8bbdbf35540da58a4640

SHA512
5d0be3b80d8e11475f4a466aaaab8b6bd1ba0ad87f3ebf091bc64096b64944c6b735a44c8e0397f019c808f366ecfbb314bec4391a24039169260d640b82987f

Download Submit
C:\Windows\system\PWCRUnZ.exe

Filesize
6.0MB

MD5
deaba2ca0846d8c0466c4d1801b175f9

SHA1
343f1bb9d911624537f664facf326c14f1d90416

SHA256
253b80369dee125ff9ae6eff7df87aa38e4ce79f0955f684e6400f4959141347

SHA512
06debad0003927f1b7049be0d04ccd4a00fa66b9b0222baef7262a1c76dd5cd6906b0f89b0684b9c0996e4e8853e18fec110715de54a32ed03c22f91703ad395

Download Submit
C:\Windows\system\UGZSKdx.exe

Filesize
6.0MB

MD5
2220cf27131e640cb8a52b6b29a33106

SHA1
fad2b7a0766d64ac4279b57045bf27c8ee400dae

SHA256
59add3e8fa64340964731ea4e9339db5e9a5d2660618a10dd5433e49ce91395f

SHA512
4cf62913226286337617d460683f518da119fe3a68db1077f919a110fbe1a89ee9085fdc7ca395f5f2041d6c9c2dcd837e906b7dec09ebdc43398960c30823eb

Download Submit
C:\Windows\system\VSpfYho.exe

Filesize
6.0MB

MD5
941a3b5e0fccad8f1fad8a33ecf6f41c

SHA1
9dc46d046d6fda04f98d653d894cd245d114c8d6

SHA256
dfd45a4151bd5e700c20cdc27baba46ba641a7db0ebbd384f3b026f4ad5928d0

SHA512
afc846397097145a0cbb72e3aabe9c28f526bcb10dc4cf43988569ee9022cf1516eac9eef244af30fce025b76e50dffc694f3cc1accf5977ea0e055e669bede2

Download Submit
C:\Windows\system\VuFLSds.exe

Filesize
6.0MB

MD5
a9ab5120d76f353fc8018b21be630c50

SHA1
da36eebea54cf0b8b432422d91702b5845caff1d

SHA256
517f8c8af87e017bc806f9859712e1531d2dbefcca65c7229e3b9e6cbba7f19c

SHA512
0a64f9a2871e3dedd9f3c6347c5023f0ce42130129e3e4b582d16792478aaabea7da03b75df43ca4c0a3781d0036dd40be5890e052093bd8619f81bb8f8ff9f6

Download Submit
C:\Windows\system\XiXdvCD.exe

Filesize
6.0MB

MD5
ae141d70b18f0d5d2c27812e50bd0e38

SHA1
7fb3ddc7d866a6e4d8233efec493141cf7ada987

SHA256
1ab5907281f2c80c3518a5c5f8c8ae97639736e99dc4f90a75ca580780a2af4c

SHA512
4bd6bc6b6752179ce11eecb27039926781316946814a726ddc694e9662411e8ed57f683449c34fc71b4b76d225f7b0f69344eca6219477da7b19000fb2400374

Download Submit
C:\Windows\system\YofaYZB.exe

Filesize
6.0MB

MD5
36950c50e0ada8096b21b1915860f626

SHA1
afcd2cd5881f7c836acb81b536cb1d31975f0fab

SHA256
1cbb285957a269a6c67e3f4dc053f1d49b2524b34fc2cf2dc52cb9f73d3f78fc

SHA512
e98b73ec0649b8483a4f95da56a611601a9c52fb3743157dcbf45d1d5380bb3ef2f14e836d9052faf9c6dab575c2315ffed0cd21a089850fffc313a4e5d644c2

Download Submit
C:\Windows\system\anxnGTr.exe

Filesize
6.0MB

MD5
b87425f4265f7ba36ff7973ea8ad51d3

SHA1
148b104c78fab2564500a7d65fd05c8ccdca064d

SHA256
86a4dbe10037eecf9db0c1ded03e0492ef83d2c2241e7ef5e184c3eff3ebccaf

SHA512
0abb9c0d4ddc59fbe37b6565199cca1134e5357dea8fc4a818e36f1985b104488318253b5a37c2c1dc8c450695e99930aaa903ac42f68ed326a0fd893c8df137

Download Submit
C:\Windows\system\bXuIzaE.exe

Filesize
6.0MB

MD5
c9f514a6b83f48dcb7f431b7a67b344c

SHA1
7524f8ab9138e38abb90b8ad1c8abd3bdcd18105

SHA256
df2e3748aec7822458815a5e55accb3f01fcfa7ed057850f7d06023623081463

SHA512
aa5b59efc955c34ef3b0879244c1d3f0cb72d23f2b360a86643d070a8a02bc9c59771bdc9dfbb266eadc88763dde6c325e946c09989cedce9ecf5d8a03e92d1c

Download Submit
C:\Windows\system\cDUwcLR.exe

Filesize
6.0MB

MD5
ca9a5c9dd3b9d7d0ed10ab8e332e4dc1

SHA1
eef2b348ef94021385b2b7ceeca6c645d4074d35

SHA256
1d048ad8776be7f3493ea9c551fb66d86e19f33e639897ead1a38923f6ef1dfa

SHA512
38d2fd483a8f18bc673669869aa466b2b24923a71c6e3f5512a0c059b9789e77717148f0a5c7792cf1b43e255a3a8819002eb5b3b0175beefa8c6ffb03c137b9

Download Submit
C:\Windows\system\htrNVkm.exe

Filesize
6.0MB

MD5
261ce1dedc7af9675b1b987c5ed1e94b

SHA1
6008bac657ad1874a73bbc876c6a922e96ed9abf

SHA256
720c749606f1b3d4216642ce2cefe457ff68db66d13418246f94d7c5c001ab28

SHA512
ebdeca445433b24a01d8c279dac7d9faea22df267dcfebf27cb62cc42430137c98295350d3efbd5674639f89e9739aa8bf41df7e300ff9d6c858a88e3c7aa956

Download Submit
C:\Windows\system\mGbkUvv.exe

Filesize
6.0MB

MD5
10184538d79b15bae2541f65d85d4b50

SHA1
91cdbbb0a9d7d5a116301c329c98e63c7d3cfe2f

SHA256
a315593e1230a78d8154d05603442eae9eb182fc87381d3a37bac91dd0dd6a6d

SHA512
e9db2384ceb0d6ededaf8b3b3d89d784934f7786e75ef4b6d401b0d6c449a5564696e7ad294505c1539d6001c8e8326e5cef04b19a6d0bf8098c88485edd82c5

Download Submit
C:\Windows\system\oBHWmwx.exe

Filesize
6.0MB

MD5
5129f8a9670d7d4a7438f03782e75bb7

SHA1
b5ff29c6a9472a01df5bd3e8c397b167bbce30a1

SHA256
17be7bd4873d2deb9a8be77487bd5af35c9970a2284a90f60fd1e96e0475c4af

SHA512
311f21aea1a54bc0715ec2fa7d8181219698284931fc5014685b58b43f9e6e2018aeb191044164243ad8ed9dfada27e2d2d53270c368b0b8e1235310324a3293

Download Submit
C:\Windows\system\ydGMIiH.exe

Filesize
6.0MB

MD5
f83c34b9981e39f8234979412a281a38

SHA1
f2e1ddb943759e6165d3154fda972834cbe5b57f

SHA256
12da93b67e44560d60576f13116cae4325e77515348f65cdf8edf4204c2a4a2e

SHA512
7daf0d77437eddbf02282b8bd558bb799e3418178a5b3f8381d05955e5de1eb4fbdb5786f95f4e1afa94f670aa0a3a8c91c5c377ce76d4cd89bd71a65818de10

Download Submit
C:\Windows\system\yxUnzmd.exe

Filesize
6.0MB

MD5
e5752fb67038352c439eee941918651c

SHA1
94342c263720e44af78deb63d2b322abd7790c58

SHA256
a2ebcbcabac57c7c7c802e3963f43a2791e3f6f3a3a7f5fce7f78bf4c7ee6ffb

SHA512
d60a48e25b34f20e8ddbb8c19d482e1ddd1a780819ab5a00c1065065a26b29d812c8f45482f4d178d73aa0ec1dc2fa8db57d77a28a7f26be1ef505f289624c87

Download Submit
C:\Windows\system\zagQruI.exe

Filesize
6.0MB

MD5
4c8bfdff430ca1241c7caa442703fb3b

SHA1
ffe8b037375d41366ba213a4dd303a50ab81ba72

SHA256
c397347d6afabe99191829e1bd0f1711333d9bf7be4ebaea04bbc8e30e373bb6

SHA512
7537107b680ebbab2d552c02cfd84bbb0bc9bfe7e1dd33affb0610728a4590ecae7c69da0a0af7437937429c16b9c27fbfaaf8c19dccb3f735f24ee29ce543d2

Download Submit
\Windows\system\LSyxirz.exe

Filesize
6.0MB

MD5
5f71d20d368b978dbed35d787f44b2b2

SHA1
a49e8080ed4f34958a38ce3810654a6852a056ff

SHA256
d9fb14f040a54860e944cdf70710833e6f510adb4e8e63ec6d489fbb24392944

SHA512
02c82c7ea2c125dd8a1ca97e477c66834dd92d2ae83271659b371524dddb14e8db555dd2874e08b6cf8ec432d2bdbe77a5d662fcb335ae77f5f1cf4bd8d47533

Download Submit
\Windows\system\eAOnBtl.exe

Filesize
6.0MB

MD5
9f7a65f0aef9bd8c5b9f8e1a31b665af

SHA1
bed2c1133405e82de131e4bc4e15409c84195609

SHA256
f265e06ed5963cc43474c467e38578f7518e301fefd2023eea88376074e9279b

SHA512
dfbd3efeeabebd5755e18acc45f9d6bd01d964c360acbcc4e11772489c6848f64e57894e565ad4318f87a5cc541230d59e274da2b074a7e109bde7ef8b681dc8

Download Submit
\Windows\system\hOKZmqR.exe

Filesize
6.0MB

MD5
7b64a67db21944d73166bf95da4a175b

SHA1
4ca7445e282e48d5414c8a0bd8ad5078543368c4

SHA256
9a17addbd897a48a983da5fc2e05ae78305b9b168aa76da8966580ea551b89e4

SHA512
498ed38aed04bc556d4919b39334014d7238fdabbb224abf3d83bd786acb8946c469e19d30fb4a80451358b0d4a81eb3e8054ea6f544b609108fede8e4a2904f

Download Submit
\Windows\system\prKJENn.exe

Filesize
6.0MB

MD5
2a852cc4fcf8768e035c0bf528ad406b

SHA1
913493da6712ef2a9f8206f4e16f02a7bac2a4fe

SHA256
65c51d4b145ba081c83084b1f67b5884d81c17aeab57772d832d8f52dac623ed

SHA512
e15ce7427cd8ad49e008235ca0a25211852e365abe8e442697b44391bcee2dd35ca24910a5a21a59f3f827fca3a2d5da8328b92e49a9832f4d0690d2dc9375d1

Download Submit
\Windows\system\ugtpKeW.exe

Filesize
6.0MB

MD5
3c27c2d30e1c9cd95ae0e2c6b5ffca6a

SHA1
3c9d0eb3976c96750c89572b4c91480f402e8477

SHA256
d9349c1adf3beb52e2f493dbc1bb321c16a3446a331c7c9ae00c2dda3622b90a

SHA512
0e82c2cfdbb89df6cebb0b02ffe63ad05685f1c0acde3c4dca1cd15ee7c160f167823ca9633ff5fe2805e6c4fe027e0006994f2fda8984e6c1c8478b0a201168

Download Submit
memory/1708-98-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-28-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-3305-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-54-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-0-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2220-1-0x0000000000180000-0x0000000000190000-memory.dmp

Filesize
64KB

Download
memory/2220-656-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2220-83-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2220-105-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-64-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-27-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-96-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2220-885-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2220-48-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2220-1065-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-20-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-13-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-87-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-53-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-65-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2220-55-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2428-89-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2428-658-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2428-3355-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2500-3350-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2500-8-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2532-3330-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-22-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-3514-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2684-886-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2684-97-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3338-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2752-43-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3327-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2760-84-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2772-3342-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-51-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3331-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-657-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-88-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-86-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2868-3329-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2900-85-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2900-3326-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2928-334-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2928-59-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2928-3328-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2944-66-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2944-3311-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2944-544-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/3064-82-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-17-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-3320-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download