cobaltstrike | e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-12-2024 09:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
Size

6.0MB
MD5

33cee90c61ef1a4fd0a17c05695f5180
SHA1

706844da386c95b93f2f66e94d76a32a71b8970f
SHA256

e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011
SHA512

5c6ca1c0bdfc74c43454a2aa9fec325b0d8cc718048be787735a0a219ffece1406d5639eac1ef57c98a785ce92038f81c4ef53a7f50f2fbf8e580cd009eeea24
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUx:eOl56utgpPF8u/7x

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012281-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019467-8.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019496-10.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194ad-23.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194ef-33.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001963b-41.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001967f-45.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001970b-53.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d3d-77.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a094-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fbc-97.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a322-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a445-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a443-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a441-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a43f-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a377-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09f-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b8-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fda-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dd7-93.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dcb-89.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019438-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-82.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c73-73.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c58-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c56-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c54-62.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000199b9-57.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196c0-49.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019506-38.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194d0-30.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1624-0-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/files/0x000b000000012281-3.dat	xmrig
behavioral1/files/0x0007000000019467-8.dat	xmrig
behavioral1/memory/2336-15-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2484-14-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019496-10.dat	xmrig
behavioral1/memory/2424-22-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/files/0x00060000000194ad-23.dat	xmrig
behavioral1/files/0x00060000000194ef-33.dat	xmrig
behavioral1/files/0x000700000001963b-41.dat	xmrig
behavioral1/files/0x000500000001967f-45.dat	xmrig
behavioral1/files/0x000500000001970b-53.dat	xmrig
behavioral1/files/0x0005000000019d3d-77.dat	xmrig
behavioral1/files/0x000500000001a094-105.dat	xmrig
behavioral1/files/0x0005000000019fbc-97.dat	xmrig
behavioral1/files/0x000500000001a322-117.dat	xmrig
behavioral1/memory/2760-336-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2280-334-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/1624-341-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2556-400-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2728-396-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2484-540-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/1624-539-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/1136-391-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/2788-385-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2676-372-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2564-354-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2688-340-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2824-338-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2140-333-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/1624-544-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2824-1071-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2564-1084-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2140-1065-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a445-137.dat	xmrig
behavioral1/files/0x000500000001a443-133.dat	xmrig
behavioral1/files/0x000500000001a441-130.dat	xmrig
behavioral1/files/0x000500000001a43f-125.dat	xmrig
behavioral1/files/0x000500000001a377-121.dat	xmrig
behavioral1/files/0x000500000001a09f-110.dat	xmrig
behavioral1/files/0x000500000001a0b8-113.dat	xmrig
behavioral1/files/0x0005000000019fda-101.dat	xmrig
behavioral1/files/0x0005000000019dd7-93.dat	xmrig
behavioral1/files/0x0005000000019dcb-89.dat	xmrig
behavioral1/files/0x0008000000019438-85.dat	xmrig
behavioral1/files/0x0005000000019d62-82.dat	xmrig
behavioral1/files/0x0005000000019c73-73.dat	xmrig
behavioral1/files/0x0005000000019c58-69.dat	xmrig
behavioral1/files/0x0005000000019c56-65.dat	xmrig
behavioral1/files/0x0005000000019c54-62.dat	xmrig
behavioral1/files/0x00050000000199b9-57.dat	xmrig
behavioral1/files/0x00050000000196c0-49.dat	xmrig
behavioral1/files/0x0008000000019506-38.dat	xmrig
behavioral1/files/0x00060000000194d0-30.dat	xmrig
behavioral1/memory/2484-3563-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2336-3561-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2424-3640-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/2676-3940-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2140-3942-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2556-3941-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2824-3973-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/1136-3944-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/2760-3945-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2688-3952-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2484	WZZzIyB.exe
2336	ZmyhjRR.exe
2424	OwyORZy.exe
2140	uwdEllT.exe
2280	zPvFZCi.exe
2760	HSvsaiT.exe
2824	ivgjLBh.exe
2688	FTPHrWS.exe
2564	TedoaOy.exe
2676	bQepzEy.exe
2788	FONYFdl.exe
1136	PvoZmEY.exe
2728	BmcDDrE.exe
2556	hHbNRPy.exe
2588	tHiDFyw.exe
2680	GqOmPFu.exe
3048	QLwXNYj.exe
700	jykxJzb.exe
2448	NomBPZK.exe
2864	UlllqLX.exe
2884	VODGSYp.exe
1220	AxtFKil.exe
2628	KxGDofK.exe
2872	KHbmpRU.exe
1996	HelxwQh.exe
1400	KrNWLsr.exe
556	mAHschq.exe
848	lYcdslW.exe
2948	vhtejBL.exe
2016	UsNIPqw.exe
3024	NmoFVan.exe
2152	hKcCxMS.exe
1064	tCFbpjY.exe
1664	hsNpyxG.exe
2196	ELBnMsw.exe
2656	PSajJhW.exe
1604	hWOQAhA.exe
408	jkLsCyG.exe
1900	iisOcXi.exe
3036	fuPYqqt.exe
1192	YwvcjLQ.exe
1204	XmkWvtp.exe
972	KcOyAIT.exe
1316	whYVtrB.exe
1896	KTyCicv.exe
1744	QjcFznZ.exe
1720	pdqFxKW.exe
1208	QGlUbNn.exe
924	LdWtfLI.exe
1768	sThTLnT.exe
2516	eTcwPaj.exe
940	yymnZLi.exe
1684	rkStubP.exe
1884	EWbXYOL.exe
1668	BeeopYd.exe
2192	imZEAqi.exe
1092	AtOqbKa.exe
3020	wAJKATs.exe
1464	RgcCDHr.exe
3012	ufDmeqG.exe
2160	CVBKKSQ.exe
2024	eyybWeQ.exe
2128	VHvNqdj.exe
2880	ixzynQz.exe

Loads dropped DLL 64 IoCs

pid	Process
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1624-0-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/files/0x000b000000012281-3.dat	upx
behavioral1/files/0x0007000000019467-8.dat	upx
behavioral1/memory/2336-15-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2484-14-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x0006000000019496-10.dat	upx
behavioral1/memory/2424-22-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/files/0x00060000000194ad-23.dat	upx
behavioral1/files/0x00060000000194ef-33.dat	upx
behavioral1/files/0x000700000001963b-41.dat	upx
behavioral1/files/0x000500000001967f-45.dat	upx
behavioral1/files/0x000500000001970b-53.dat	upx
behavioral1/files/0x0005000000019d3d-77.dat	upx
behavioral1/files/0x000500000001a094-105.dat	upx
behavioral1/files/0x0005000000019fbc-97.dat	upx
behavioral1/files/0x000500000001a322-117.dat	upx
behavioral1/memory/2760-336-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2280-334-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2556-400-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2728-396-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2484-540-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/1624-539-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/1136-391-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/2788-385-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2676-372-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2564-354-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2688-340-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2824-338-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2140-333-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2824-1071-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2564-1084-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2140-1065-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/files/0x000500000001a445-137.dat	upx
behavioral1/files/0x000500000001a443-133.dat	upx
behavioral1/files/0x000500000001a441-130.dat	upx
behavioral1/files/0x000500000001a43f-125.dat	upx
behavioral1/files/0x000500000001a377-121.dat	upx
behavioral1/files/0x000500000001a09f-110.dat	upx
behavioral1/files/0x000500000001a0b8-113.dat	upx
behavioral1/files/0x0005000000019fda-101.dat	upx
behavioral1/files/0x0005000000019dd7-93.dat	upx
behavioral1/files/0x0005000000019dcb-89.dat	upx
behavioral1/files/0x0008000000019438-85.dat	upx
behavioral1/files/0x0005000000019d62-82.dat	upx
behavioral1/files/0x0005000000019c73-73.dat	upx
behavioral1/files/0x0005000000019c58-69.dat	upx
behavioral1/files/0x0005000000019c56-65.dat	upx
behavioral1/files/0x0005000000019c54-62.dat	upx
behavioral1/files/0x00050000000199b9-57.dat	upx
behavioral1/files/0x00050000000196c0-49.dat	upx
behavioral1/files/0x0008000000019506-38.dat	upx
behavioral1/files/0x00060000000194d0-30.dat	upx
behavioral1/memory/2484-3563-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2336-3561-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2424-3640-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/2676-3940-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2140-3942-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2556-3941-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2824-3973-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/1136-3944-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/2760-3945-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2688-3952-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2788-3951-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2280-3943-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\wXzcWTL.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\SQiIvOb.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\ytKUenp.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\TeWKsnt.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\ULzgoiB.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\lJAwjat.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\adsVtbV.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\UrHTbwx.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\izgFTeY.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\zEYsixp.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\SacCBXW.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\dcvoYVb.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\zyToBZP.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\XmIdsgI.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\JjyEYyV.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\JWBIBtF.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\KDSYuvG.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\HYqmFJf.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\ArRVTfQ.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\wAqOiaT.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\uCbrjOW.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\PbTiTgU.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\SqGhQXW.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\fvlSEhi.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\dGDPeYn.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\bsVBWyv.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\gfbRuiL.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\yCJQTXs.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\rwFjJUR.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\kDEjaEI.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\pVPVTiP.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\zpnwIAA.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\YviUUXK.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\nniJcHL.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\fqzHFdh.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\qFowDIF.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\VhHAhIp.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\pInfAwf.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\vMcYgZC.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\NbNSJCU.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\VODGSYp.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\nawlglF.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\wFvVmmU.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\UeIcoFJ.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\FtmTjVU.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\iCjtkiu.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\HTrrdbG.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\NEawCOA.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\evOwaLi.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\tzNAOlB.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\DxtuHwq.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\tCFbpjY.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\sUroIKA.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\ykdtypi.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\sppCwpr.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\DweTTHH.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\wHSetUq.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\TgsvgYK.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\ikFtqyy.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\MCSJuzk.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\TbYBPLa.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\mfnHrkq.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\PVscSUv.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
File created	C:\Windows\System\XPmfNRi.exe	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1624 wrote to memory of 2484	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	32
PID 1624 wrote to memory of 2484	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	32
PID 1624 wrote to memory of 2484	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	32
PID 1624 wrote to memory of 2336	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	33
PID 1624 wrote to memory of 2336	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	33
PID 1624 wrote to memory of 2336	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	33
PID 1624 wrote to memory of 2424	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	34
PID 1624 wrote to memory of 2424	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	34
PID 1624 wrote to memory of 2424	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	34
PID 1624 wrote to memory of 2140	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	35
PID 1624 wrote to memory of 2140	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	35
PID 1624 wrote to memory of 2140	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	35
PID 1624 wrote to memory of 2280	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	36
PID 1624 wrote to memory of 2280	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	36
PID 1624 wrote to memory of 2280	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	36
PID 1624 wrote to memory of 2760	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	37
PID 1624 wrote to memory of 2760	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	37
PID 1624 wrote to memory of 2760	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	37
PID 1624 wrote to memory of 2824	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	38
PID 1624 wrote to memory of 2824	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	38
PID 1624 wrote to memory of 2824	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	38
PID 1624 wrote to memory of 2688	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	39
PID 1624 wrote to memory of 2688	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	39
PID 1624 wrote to memory of 2688	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	39
PID 1624 wrote to memory of 2564	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	40
PID 1624 wrote to memory of 2564	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	40
PID 1624 wrote to memory of 2564	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	40
PID 1624 wrote to memory of 2676	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	41
PID 1624 wrote to memory of 2676	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	41
PID 1624 wrote to memory of 2676	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	41
PID 1624 wrote to memory of 2788	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	42
PID 1624 wrote to memory of 2788	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	42
PID 1624 wrote to memory of 2788	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	42
PID 1624 wrote to memory of 1136	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	43
PID 1624 wrote to memory of 1136	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	43
PID 1624 wrote to memory of 1136	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	43
PID 1624 wrote to memory of 2728	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	44
PID 1624 wrote to memory of 2728	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	44
PID 1624 wrote to memory of 2728	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	44
PID 1624 wrote to memory of 2556	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	45
PID 1624 wrote to memory of 2556	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	45
PID 1624 wrote to memory of 2556	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	45
PID 1624 wrote to memory of 2588	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	46
PID 1624 wrote to memory of 2588	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	46
PID 1624 wrote to memory of 2588	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	46
PID 1624 wrote to memory of 2680	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	47
PID 1624 wrote to memory of 2680	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	47
PID 1624 wrote to memory of 2680	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	47
PID 1624 wrote to memory of 3048	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	48
PID 1624 wrote to memory of 3048	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	48
PID 1624 wrote to memory of 3048	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	48
PID 1624 wrote to memory of 700	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	49
PID 1624 wrote to memory of 700	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	49
PID 1624 wrote to memory of 700	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	49
PID 1624 wrote to memory of 2448	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	50
PID 1624 wrote to memory of 2448	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	50
PID 1624 wrote to memory of 2448	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	50
PID 1624 wrote to memory of 2864	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	51
PID 1624 wrote to memory of 2864	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	51
PID 1624 wrote to memory of 2864	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	51
PID 1624 wrote to memory of 2884	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	52
PID 1624 wrote to memory of 2884	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	52
PID 1624 wrote to memory of 2884	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	52
PID 1624 wrote to memory of 1220	1624	JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe	53

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e43a72ed3142263b258b52b06fa7688e790bb04580260d40164a27f7b77f5011.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Windows\System\WZZzIyB.exe
  C:\Windows\System\WZZzIyB.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\ZmyhjRR.exe
  C:\Windows\System\ZmyhjRR.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\OwyORZy.exe
  C:\Windows\System\OwyORZy.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\uwdEllT.exe
  C:\Windows\System\uwdEllT.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\zPvFZCi.exe
  C:\Windows\System\zPvFZCi.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\HSvsaiT.exe
  C:\Windows\System\HSvsaiT.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\ivgjLBh.exe
  C:\Windows\System\ivgjLBh.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\FTPHrWS.exe
  C:\Windows\System\FTPHrWS.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\TedoaOy.exe
  C:\Windows\System\TedoaOy.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\bQepzEy.exe
  C:\Windows\System\bQepzEy.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\FONYFdl.exe
  C:\Windows\System\FONYFdl.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\PvoZmEY.exe
  C:\Windows\System\PvoZmEY.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\BmcDDrE.exe
  C:\Windows\System\BmcDDrE.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\hHbNRPy.exe
  C:\Windows\System\hHbNRPy.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\tHiDFyw.exe
  C:\Windows\System\tHiDFyw.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\GqOmPFu.exe
  C:\Windows\System\GqOmPFu.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\QLwXNYj.exe
  C:\Windows\System\QLwXNYj.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\jykxJzb.exe
  C:\Windows\System\jykxJzb.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\NomBPZK.exe
  C:\Windows\System\NomBPZK.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\UlllqLX.exe
  C:\Windows\System\UlllqLX.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\VODGSYp.exe
  C:\Windows\System\VODGSYp.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\AxtFKil.exe
  C:\Windows\System\AxtFKil.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\KxGDofK.exe
  C:\Windows\System\KxGDofK.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\KHbmpRU.exe
  C:\Windows\System\KHbmpRU.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\HelxwQh.exe
  C:\Windows\System\HelxwQh.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\KrNWLsr.exe
  C:\Windows\System\KrNWLsr.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\mAHschq.exe
  C:\Windows\System\mAHschq.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\lYcdslW.exe
  C:\Windows\System\lYcdslW.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\vhtejBL.exe
  C:\Windows\System\vhtejBL.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\UsNIPqw.exe
  C:\Windows\System\UsNIPqw.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\NmoFVan.exe
  C:\Windows\System\NmoFVan.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\hKcCxMS.exe
  C:\Windows\System\hKcCxMS.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\tCFbpjY.exe
  C:\Windows\System\tCFbpjY.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\hsNpyxG.exe
  C:\Windows\System\hsNpyxG.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\ELBnMsw.exe
  C:\Windows\System\ELBnMsw.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\PSajJhW.exe
  C:\Windows\System\PSajJhW.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\hWOQAhA.exe
  C:\Windows\System\hWOQAhA.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\jkLsCyG.exe
  C:\Windows\System\jkLsCyG.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\iisOcXi.exe
  C:\Windows\System\iisOcXi.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\fuPYqqt.exe
  C:\Windows\System\fuPYqqt.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\YwvcjLQ.exe
  C:\Windows\System\YwvcjLQ.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\XmkWvtp.exe
  C:\Windows\System\XmkWvtp.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\KcOyAIT.exe
  C:\Windows\System\KcOyAIT.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\whYVtrB.exe
  C:\Windows\System\whYVtrB.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\KTyCicv.exe
  C:\Windows\System\KTyCicv.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\QjcFznZ.exe
  C:\Windows\System\QjcFznZ.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\pdqFxKW.exe
  C:\Windows\System\pdqFxKW.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\QGlUbNn.exe
  C:\Windows\System\QGlUbNn.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\LdWtfLI.exe
  C:\Windows\System\LdWtfLI.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\sThTLnT.exe
  C:\Windows\System\sThTLnT.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\eTcwPaj.exe
  C:\Windows\System\eTcwPaj.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\yymnZLi.exe
  C:\Windows\System\yymnZLi.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\rkStubP.exe
  C:\Windows\System\rkStubP.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\EWbXYOL.exe
  C:\Windows\System\EWbXYOL.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\BeeopYd.exe
  C:\Windows\System\BeeopYd.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\imZEAqi.exe
  C:\Windows\System\imZEAqi.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\AtOqbKa.exe
  C:\Windows\System\AtOqbKa.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\wAJKATs.exe
  C:\Windows\System\wAJKATs.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\RgcCDHr.exe
  C:\Windows\System\RgcCDHr.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\ufDmeqG.exe
  C:\Windows\System\ufDmeqG.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\CVBKKSQ.exe
  C:\Windows\System\CVBKKSQ.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\eyybWeQ.exe
  C:\Windows\System\eyybWeQ.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\VHvNqdj.exe
  C:\Windows\System\VHvNqdj.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\ixzynQz.exe
  C:\Windows\System\ixzynQz.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\EjCDqDd.exe
  C:\Windows\System\EjCDqDd.exe
  2⤵
  PID:2204
- C:\Windows\System\wtiVNPp.exe
  C:\Windows\System\wtiVNPp.exe
  2⤵
  PID:1076
- C:\Windows\System\GBZDfhz.exe
  C:\Windows\System\GBZDfhz.exe
  2⤵
  PID:1084
- C:\Windows\System\wsNregv.exe
  C:\Windows\System\wsNregv.exe
  2⤵
  PID:1764
- C:\Windows\System\vgKRewL.exe
  C:\Windows\System\vgKRewL.exe
  2⤵
  PID:1812
- C:\Windows\System\bsVBWyv.exe
  C:\Windows\System\bsVBWyv.exe
  2⤵
  PID:2276
- C:\Windows\System\JwEtMoF.exe
  C:\Windows\System\JwEtMoF.exe
  2⤵
  PID:1572
- C:\Windows\System\HnSKUeF.exe
  C:\Windows\System\HnSKUeF.exe
  2⤵
  PID:2080
- C:\Windows\System\OAETmVk.exe
  C:\Windows\System\OAETmVk.exe
  2⤵
  PID:2476
- C:\Windows\System\dBcripV.exe
  C:\Windows\System\dBcripV.exe
  2⤵
  PID:2348
- C:\Windows\System\mUUryxi.exe
  C:\Windows\System\mUUryxi.exe
  2⤵
  PID:2480
- C:\Windows\System\kcLekwT.exe
  C:\Windows\System\kcLekwT.exe
  2⤵
  PID:2700
- C:\Windows\System\kTxkOvs.exe
  C:\Windows\System\kTxkOvs.exe
  2⤵
  PID:2820
- C:\Windows\System\BxOjPsv.exe
  C:\Windows\System\BxOjPsv.exe
  2⤵
  PID:2768
- C:\Windows\System\cjxavUw.exe
  C:\Windows\System\cjxavUw.exe
  2⤵
  PID:2592
- C:\Windows\System\vfqcdBP.exe
  C:\Windows\System\vfqcdBP.exe
  2⤵
  PID:2096
- C:\Windows\System\nTrirhp.exe
  C:\Windows\System\nTrirhp.exe
  2⤵
  PID:2568
- C:\Windows\System\jmyulkb.exe
  C:\Windows\System\jmyulkb.exe
  2⤵
  PID:2636
- C:\Windows\System\sfStSyv.exe
  C:\Windows\System\sfStSyv.exe
  2⤵
  PID:3060
- C:\Windows\System\hdhcuFz.exe
  C:\Windows\System\hdhcuFz.exe
  2⤵
  PID:2388
- C:\Windows\System\JbLCAsQ.exe
  C:\Windows\System\JbLCAsQ.exe
  2⤵
  PID:2900
- C:\Windows\System\pWNovbA.exe
  C:\Windows\System\pWNovbA.exe
  2⤵
  PID:2296
- C:\Windows\System\QxQUfKJ.exe
  C:\Windows\System\QxQUfKJ.exe
  2⤵
  PID:2920
- C:\Windows\System\dMsOAIa.exe
  C:\Windows\System\dMsOAIa.exe
  2⤵
  PID:860
- C:\Windows\System\UzrsasP.exe
  C:\Windows\System\UzrsasP.exe
  2⤵
  PID:2936
- C:\Windows\System\aCOCVca.exe
  C:\Windows\System\aCOCVca.exe
  2⤵
  PID:2364
- C:\Windows\System\RYGxsIC.exe
  C:\Windows\System\RYGxsIC.exe
  2⤵
  PID:2492
- C:\Windows\System\gUPhxHI.exe
  C:\Windows\System\gUPhxHI.exe
  2⤵
  PID:2432
- C:\Windows\System\AnQQfsR.exe
  C:\Windows\System\AnQQfsR.exe
  2⤵
  PID:1060
- C:\Windows\System\SNCWvVA.exe
  C:\Windows\System\SNCWvVA.exe
  2⤵
  PID:1120
- C:\Windows\System\VsKmcdB.exe
  C:\Windows\System\VsKmcdB.exe
  2⤵
  PID:2124
- C:\Windows\System\SSuIsGZ.exe
  C:\Windows\System\SSuIsGZ.exe
  2⤵
  PID:1592
- C:\Windows\System\TpgCGmH.exe
  C:\Windows\System\TpgCGmH.exe
  2⤵
  PID:1056
- C:\Windows\System\IOIVFrb.exe
  C:\Windows\System\IOIVFrb.exe
  2⤵
  PID:1732
- C:\Windows\System\QLfcPFw.exe
  C:\Windows\System\QLfcPFw.exe
  2⤵
  PID:996
- C:\Windows\System\hQQMrzN.exe
  C:\Windows\System\hQQMrzN.exe
  2⤵
  PID:1648
- C:\Windows\System\XIiislb.exe
  C:\Windows\System\XIiislb.exe
  2⤵
  PID:1416
- C:\Windows\System\LpPjCSZ.exe
  C:\Windows\System\LpPjCSZ.exe
  2⤵
  PID:560
- C:\Windows\System\TDfsDef.exe
  C:\Windows\System\TDfsDef.exe
  2⤵
  PID:904
- C:\Windows\System\pqkmBlU.exe
  C:\Windows\System\pqkmBlU.exe
  2⤵
  PID:3224
- C:\Windows\System\hOWIunH.exe
  C:\Windows\System\hOWIunH.exe
  2⤵
  PID:3244
- C:\Windows\System\HobuWAt.exe
  C:\Windows\System\HobuWAt.exe
  2⤵
  PID:3260
- C:\Windows\System\dnSLpWu.exe
  C:\Windows\System\dnSLpWu.exe
  2⤵
  PID:3284
- C:\Windows\System\HGvvyBB.exe
  C:\Windows\System\HGvvyBB.exe
  2⤵
  PID:3300
- C:\Windows\System\OwmWege.exe
  C:\Windows\System\OwmWege.exe
  2⤵
  PID:3324
- C:\Windows\System\apnIoej.exe
  C:\Windows\System\apnIoej.exe
  2⤵
  PID:3340
- C:\Windows\System\APrSYYZ.exe
  C:\Windows\System\APrSYYZ.exe
  2⤵
  PID:3364
- C:\Windows\System\bYOAlMa.exe
  C:\Windows\System\bYOAlMa.exe
  2⤵
  PID:3384
- C:\Windows\System\NTbayYG.exe
  C:\Windows\System\NTbayYG.exe
  2⤵
  PID:3404
- C:\Windows\System\wOSHosr.exe
  C:\Windows\System\wOSHosr.exe
  2⤵
  PID:3420
- C:\Windows\System\xdvcfbM.exe
  C:\Windows\System\xdvcfbM.exe
  2⤵
  PID:3440
- C:\Windows\System\usAYWEU.exe
  C:\Windows\System\usAYWEU.exe
  2⤵
  PID:3460
- C:\Windows\System\BKvzDlz.exe
  C:\Windows\System\BKvzDlz.exe
  2⤵
  PID:3480
- C:\Windows\System\IYJkBqQ.exe
  C:\Windows\System\IYJkBqQ.exe
  2⤵
  PID:3500
- C:\Windows\System\gOZWiFJ.exe
  C:\Windows\System\gOZWiFJ.exe
  2⤵
  PID:3520
- C:\Windows\System\ZiFnVEY.exe
  C:\Windows\System\ZiFnVEY.exe
  2⤵
  PID:3540
- C:\Windows\System\XmIdsgI.exe
  C:\Windows\System\XmIdsgI.exe
  2⤵
  PID:3564
- C:\Windows\System\fbAkNyp.exe
  C:\Windows\System\fbAkNyp.exe
  2⤵
  PID:3584
- C:\Windows\System\OBrIbJB.exe
  C:\Windows\System\OBrIbJB.exe
  2⤵
  PID:3604
- C:\Windows\System\OnNHcVh.exe
  C:\Windows\System\OnNHcVh.exe
  2⤵
  PID:3624
- C:\Windows\System\TbjfTdm.exe
  C:\Windows\System\TbjfTdm.exe
  2⤵
  PID:3644
- C:\Windows\System\FPPZwOp.exe
  C:\Windows\System\FPPZwOp.exe
  2⤵
  PID:3664
- C:\Windows\System\MCSJuzk.exe
  C:\Windows\System\MCSJuzk.exe
  2⤵
  PID:3684
- C:\Windows\System\dVxqFAH.exe
  C:\Windows\System\dVxqFAH.exe
  2⤵
  PID:3704
- C:\Windows\System\pVPVTiP.exe
  C:\Windows\System\pVPVTiP.exe
  2⤵
  PID:3724
- C:\Windows\System\TODIepW.exe
  C:\Windows\System\TODIepW.exe
  2⤵
  PID:3744
- C:\Windows\System\OwfoImc.exe
  C:\Windows\System\OwfoImc.exe
  2⤵
  PID:3764
- C:\Windows\System\xJdbgyQ.exe
  C:\Windows\System\xJdbgyQ.exe
  2⤵
  PID:3784
- C:\Windows\System\ffaJVfj.exe
  C:\Windows\System\ffaJVfj.exe
  2⤵
  PID:3804
- C:\Windows\System\CjPvWBR.exe
  C:\Windows\System\CjPvWBR.exe
  2⤵
  PID:3820
- C:\Windows\System\kVDsecW.exe
  C:\Windows\System\kVDsecW.exe
  2⤵
  PID:3840
- C:\Windows\System\GimgMFI.exe
  C:\Windows\System\GimgMFI.exe
  2⤵
  PID:3864
- C:\Windows\System\UvqcjaE.exe
  C:\Windows\System\UvqcjaE.exe
  2⤵
  PID:3884
- C:\Windows\System\rAoQAKU.exe
  C:\Windows\System\rAoQAKU.exe
  2⤵
  PID:3904
- C:\Windows\System\Dldxngm.exe
  C:\Windows\System\Dldxngm.exe
  2⤵
  PID:3928
- C:\Windows\System\EhqgbvL.exe
  C:\Windows\System\EhqgbvL.exe
  2⤵
  PID:3944
- C:\Windows\System\kHwBvaL.exe
  C:\Windows\System\kHwBvaL.exe
  2⤵
  PID:3964
- C:\Windows\System\onVLREO.exe
  C:\Windows\System\onVLREO.exe
  2⤵
  PID:3984
- C:\Windows\System\tTkKuZR.exe
  C:\Windows\System\tTkKuZR.exe
  2⤵
  PID:4004
- C:\Windows\System\BdoxuVk.exe
  C:\Windows\System\BdoxuVk.exe
  2⤵
  PID:4024
- C:\Windows\System\xTKaKgd.exe
  C:\Windows\System\xTKaKgd.exe
  2⤵
  PID:4044
- C:\Windows\System\kQilXdG.exe
  C:\Windows\System\kQilXdG.exe
  2⤵
  PID:4060
- C:\Windows\System\EhkkGEx.exe
  C:\Windows\System\EhkkGEx.exe
  2⤵
  PID:4080
- C:\Windows\System\FKxgHtR.exe
  C:\Windows\System\FKxgHtR.exe
  2⤵
  PID:3028
- C:\Windows\System\qGthkEm.exe
  C:\Windows\System\qGthkEm.exe
  2⤵
  PID:2036
- C:\Windows\System\pClsJGs.exe
  C:\Windows\System\pClsJGs.exe
  2⤵
  PID:892
- C:\Windows\System\YOmSWEi.exe
  C:\Windows\System\YOmSWEi.exe
  2⤵
  PID:2472
- C:\Windows\System\lgTdCOg.exe
  C:\Windows\System\lgTdCOg.exe
  2⤵
  PID:2488
- C:\Windows\System\QJlreGS.exe
  C:\Windows\System\QJlreGS.exe
  2⤵
  PID:2504
- C:\Windows\System\DvtUydd.exe
  C:\Windows\System\DvtUydd.exe
  2⤵
  PID:2964
- C:\Windows\System\leetfAC.exe
  C:\Windows\System\leetfAC.exe
  2⤵
  PID:2724
- C:\Windows\System\Fctbicg.exe
  C:\Windows\System\Fctbicg.exe
  2⤵
  PID:2952
- C:\Windows\System\BIlZCCD.exe
  C:\Windows\System\BIlZCCD.exe
  2⤵
  PID:1772
- C:\Windows\System\rewxsyP.exe
  C:\Windows\System\rewxsyP.exe
  2⤵
  PID:1516
- C:\Windows\System\bmKgwiA.exe
  C:\Windows\System\bmKgwiA.exe
  2⤵
  PID:2132
- C:\Windows\System\ccROyIz.exe
  C:\Windows\System\ccROyIz.exe
  2⤵
  PID:2200
- C:\Windows\System\Txbytos.exe
  C:\Windows\System\Txbytos.exe
  2⤵
  PID:1588
- C:\Windows\System\HGsbXEf.exe
  C:\Windows\System\HGsbXEf.exe
  2⤵
  PID:2372
- C:\Windows\System\RdDoiZt.exe
  C:\Windows\System\RdDoiZt.exe
  2⤵
  PID:3088
- C:\Windows\System\ZzmTtsR.exe
  C:\Windows\System\ZzmTtsR.exe
  2⤵
  PID:3108
- C:\Windows\System\WRzPfZJ.exe
  C:\Windows\System\WRzPfZJ.exe
  2⤵
  PID:3124
- C:\Windows\System\FVrfGfe.exe
  C:\Windows\System\FVrfGfe.exe
  2⤵
  PID:3156
- C:\Windows\System\DcysvAN.exe
  C:\Windows\System\DcysvAN.exe
  2⤵
  PID:3188
- C:\Windows\System\EUIHOlf.exe
  C:\Windows\System\EUIHOlf.exe
  2⤵
  PID:2112
- C:\Windows\System\olpdKBD.exe
  C:\Windows\System\olpdKBD.exe
  2⤵
  PID:3280
- C:\Windows\System\dRPssTK.exe
  C:\Windows\System\dRPssTK.exe
  2⤵
  PID:3308
- C:\Windows\System\hZsigDc.exe
  C:\Windows\System\hZsigDc.exe
  2⤵
  PID:3348
- C:\Windows\System\HTSCLpC.exe
  C:\Windows\System\HTSCLpC.exe
  2⤵
  PID:3292
- C:\Windows\System\XTcCJLt.exe
  C:\Windows\System\XTcCJLt.exe
  2⤵
  PID:3400
- C:\Windows\System\XHRcRjj.exe
  C:\Windows\System\XHRcRjj.exe
  2⤵
  PID:3372
- C:\Windows\System\EdEJXDN.exe
  C:\Windows\System\EdEJXDN.exe
  2⤵
  PID:3376
- C:\Windows\System\LnhbBqB.exe
  C:\Windows\System\LnhbBqB.exe
  2⤵
  PID:3412
- C:\Windows\System\SVoFhGF.exe
  C:\Windows\System\SVoFhGF.exe
  2⤵
  PID:3452
- C:\Windows\System\FrJicRq.exe
  C:\Windows\System\FrJicRq.exe
  2⤵
  PID:3488
- C:\Windows\System\ZqcehVR.exe
  C:\Windows\System\ZqcehVR.exe
  2⤵
  PID:3528
- C:\Windows\System\ZnBXjfV.exe
  C:\Windows\System\ZnBXjfV.exe
  2⤵
  PID:3592
- C:\Windows\System\QKxAKPX.exe
  C:\Windows\System\QKxAKPX.exe
  2⤵
  PID:3596
- C:\Windows\System\bLDnnUU.exe
  C:\Windows\System\bLDnnUU.exe
  2⤵
  PID:3636
- C:\Windows\System\VXmFIoq.exe
  C:\Windows\System\VXmFIoq.exe
  2⤵
  PID:3680
- C:\Windows\System\SpnGonF.exe
  C:\Windows\System\SpnGonF.exe
  2⤵
  PID:3780
- C:\Windows\System\TApmWfM.exe
  C:\Windows\System\TApmWfM.exe
  2⤵
  PID:3836
- C:\Windows\System\KtHkhZh.exe
  C:\Windows\System\KtHkhZh.exe
  2⤵
  PID:3876
- C:\Windows\System\MowaFaT.exe
  C:\Windows\System\MowaFaT.exe
  2⤵
  PID:3812
- C:\Windows\System\BvzFUbK.exe
  C:\Windows\System\BvzFUbK.exe
  2⤵
  PID:3920
- C:\Windows\System\ZGbAcUE.exe
  C:\Windows\System\ZGbAcUE.exe
  2⤵
  PID:3992
- C:\Windows\System\TxxsDEU.exe
  C:\Windows\System\TxxsDEU.exe
  2⤵
  PID:3900
- C:\Windows\System\NWwJOPy.exe
  C:\Windows\System\NWwJOPy.exe
  2⤵
  PID:4068
- C:\Windows\System\qFaYrpg.exe
  C:\Windows\System\qFaYrpg.exe
  2⤵
  PID:1104
- C:\Windows\System\EzsQSTi.exe
  C:\Windows\System\EzsQSTi.exe
  2⤵
  PID:3940
- C:\Windows\System\nGKmxCS.exe
  C:\Windows\System\nGKmxCS.exe
  2⤵
  PID:4012
- C:\Windows\System\jueTcvw.exe
  C:\Windows\System\jueTcvw.exe
  2⤵
  PID:4056
- C:\Windows\System\ZqAEPeP.exe
  C:\Windows\System\ZqAEPeP.exe
  2⤵
  PID:1656
- C:\Windows\System\IdwoAxf.exe
  C:\Windows\System\IdwoAxf.exe
  2⤵
  PID:2452
- C:\Windows\System\HhkdbKB.exe
  C:\Windows\System\HhkdbKB.exe
  2⤵
  PID:572
- C:\Windows\System\JjyEYyV.exe
  C:\Windows\System\JjyEYyV.exe
  2⤵
  PID:1244
- C:\Windows\System\NUMBbhS.exe
  C:\Windows\System\NUMBbhS.exe
  2⤵
  PID:1180
- C:\Windows\System\NhxFxhZ.exe
  C:\Windows\System\NhxFxhZ.exe
  2⤵
  PID:3208
- C:\Windows\System\nSNpJzy.exe
  C:\Windows\System\nSNpJzy.exe
  2⤵
  PID:3100
- C:\Windows\System\pcveakm.exe
  C:\Windows\System\pcveakm.exe
  2⤵
  PID:3196
- C:\Windows\System\uWNXGVl.exe
  C:\Windows\System\uWNXGVl.exe
  2⤵
  PID:2744
- C:\Windows\System\lJAwjat.exe
  C:\Windows\System\lJAwjat.exe
  2⤵
  PID:2064
- C:\Windows\System\yRbgtmj.exe
  C:\Windows\System\yRbgtmj.exe
  2⤵
  PID:3056
- C:\Windows\System\NPTrlPM.exe
  C:\Windows\System\NPTrlPM.exe
  2⤵
  PID:1808
- C:\Windows\System\HyUyCGk.exe
  C:\Windows\System\HyUyCGk.exe
  2⤵
  PID:2832
- C:\Windows\System\lvdrSWn.exe
  C:\Windows\System\lvdrSWn.exe
  2⤵
  PID:2000
- C:\Windows\System\FHnkkZZ.exe
  C:\Windows\System\FHnkkZZ.exe
  2⤵
  PID:1672
- C:\Windows\System\cgnOqOS.exe
  C:\Windows\System\cgnOqOS.exe
  2⤵
  PID:1312
- C:\Windows\System\LHIRprk.exe
  C:\Windows\System\LHIRprk.exe
  2⤵
  PID:3084
- C:\Windows\System\jjQUTxo.exe
  C:\Windows\System\jjQUTxo.exe
  2⤵
  PID:3120
- C:\Windows\System\TbYBPLa.exe
  C:\Windows\System\TbYBPLa.exe
  2⤵
  PID:3000
- C:\Windows\System\nSkCOsV.exe
  C:\Windows\System\nSkCOsV.exe
  2⤵
  PID:3240
- C:\Windows\System\GmcCWlV.exe
  C:\Windows\System\GmcCWlV.exe
  2⤵
  PID:3516
- C:\Windows\System\yPasyzK.exe
  C:\Windows\System\yPasyzK.exe
  2⤵
  PID:3312
- C:\Windows\System\RyabZvb.exe
  C:\Windows\System\RyabZvb.exe
  2⤵
  PID:2620
- C:\Windows\System\xLgEJrm.exe
  C:\Windows\System\xLgEJrm.exe
  2⤵
  PID:3448
- C:\Windows\System\tkGxPKC.exe
  C:\Windows\System\tkGxPKC.exe
  2⤵
  PID:3204
- C:\Windows\System\nawlglF.exe
  C:\Windows\System\nawlglF.exe
  2⤵
  PID:3496
- C:\Windows\System\ykdtypi.exe
  C:\Windows\System\ykdtypi.exe
  2⤵
  PID:1328
- C:\Windows\System\MYDoMNi.exe
  C:\Windows\System\MYDoMNi.exe
  2⤵
  PID:3572
- C:\Windows\System\CQmifTR.exe
  C:\Windows\System\CQmifTR.exe
  2⤵
  PID:3652
- C:\Windows\System\iFCvPoe.exe
  C:\Windows\System\iFCvPoe.exe
  2⤵
  PID:3800
- C:\Windows\System\MVCdLKH.exe
  C:\Windows\System\MVCdLKH.exe
  2⤵
  PID:3752
- C:\Windows\System\ChVXXOh.exe
  C:\Windows\System\ChVXXOh.exe
  2⤵
  PID:2716
- C:\Windows\System\olTGMvK.exe
  C:\Windows\System\olTGMvK.exe
  2⤵
  PID:3852
- C:\Windows\System\VvivYFC.exe
  C:\Windows\System\VvivYFC.exe
  2⤵
  PID:4040
- C:\Windows\System\OKHRIPt.exe
  C:\Windows\System\OKHRIPt.exe
  2⤵
  PID:3996
- C:\Windows\System\ONFQXnV.exe
  C:\Windows\System\ONFQXnV.exe
  2⤵
  PID:3976
- C:\Windows\System\UYBYidx.exe
  C:\Windows\System\UYBYidx.exe
  2⤵
  PID:1652
- C:\Windows\System\eYrbOVW.exe
  C:\Windows\System\eYrbOVW.exe
  2⤵
  PID:2928
- C:\Windows\System\GLpGAOK.exe
  C:\Windows\System\GLpGAOK.exe
  2⤵
  PID:3892
- C:\Windows\System\JdjdPJZ.exe
  C:\Windows\System\JdjdPJZ.exe
  2⤵
  PID:2932
- C:\Windows\System\zQIdRPN.exe
  C:\Windows\System\zQIdRPN.exe
  2⤵
  PID:1088
- C:\Windows\System\woPxXgH.exe
  C:\Windows\System\woPxXgH.exe
  2⤵
  PID:3168
- C:\Windows\System\GyjNCVo.exe
  C:\Windows\System\GyjNCVo.exe
  2⤵
  PID:3176
- C:\Windows\System\wvQNWRn.exe
  C:\Windows\System\wvQNWRn.exe
  2⤵
  PID:1636
- C:\Windows\System\sppCwpr.exe
  C:\Windows\System\sppCwpr.exe
  2⤵
  PID:2672
- C:\Windows\System\pbIopXl.exe
  C:\Windows\System\pbIopXl.exe
  2⤵
  PID:1352
- C:\Windows\System\nahkWap.exe
  C:\Windows\System\nahkWap.exe
  2⤵
  PID:2552
- C:\Windows\System\qAqUara.exe
  C:\Windows\System\qAqUara.exe
  2⤵
  PID:2260
- C:\Windows\System\vSOTRYv.exe
  C:\Windows\System\vSOTRYv.exe
  2⤵
  PID:2244
- C:\Windows\System\DopEENf.exe
  C:\Windows\System\DopEENf.exe
  2⤵
  PID:2892
- C:\Windows\System\JWoXpos.exe
  C:\Windows\System\JWoXpos.exe
  2⤵
  PID:2308
- C:\Windows\System\tbQFCNd.exe
  C:\Windows\System\tbQFCNd.exe
  2⤵
  PID:1848
- C:\Windows\System\jqWLxpP.exe
  C:\Windows\System\jqWLxpP.exe
  2⤵
  PID:3172
- C:\Windows\System\TiazkJt.exe
  C:\Windows\System\TiazkJt.exe
  2⤵
  PID:3616
- C:\Windows\System\GhlsgFB.exe
  C:\Windows\System\GhlsgFB.exe
  2⤵
  PID:3396
- C:\Windows\System\vhTuScY.exe
  C:\Windows\System\vhTuScY.exe
  2⤵
  PID:3432
- C:\Windows\System\GvYAYuw.exe
  C:\Windows\System\GvYAYuw.exe
  2⤵
  PID:2860
- C:\Windows\System\zQZgPXt.exe
  C:\Windows\System\zQZgPXt.exe
  2⤵
  PID:3548
- C:\Windows\System\oOuBHpB.exe
  C:\Windows\System\oOuBHpB.exe
  2⤵
  PID:3512
- C:\Windows\System\OGCfLRz.exe
  C:\Windows\System\OGCfLRz.exe
  2⤵
  PID:1404
- C:\Windows\System\aKnauFc.exe
  C:\Windows\System\aKnauFc.exe
  2⤵
  PID:3632
- C:\Windows\System\rlkbxmT.exe
  C:\Windows\System\rlkbxmT.exe
  2⤵
  PID:3772
- C:\Windows\System\UrHTbwx.exe
  C:\Windows\System\UrHTbwx.exe
  2⤵
  PID:2960
- C:\Windows\System\FNOWjYL.exe
  C:\Windows\System\FNOWjYL.exe
  2⤵
  PID:3956
- C:\Windows\System\zOrmijD.exe
  C:\Windows\System\zOrmijD.exe
  2⤵
  PID:3936
- C:\Windows\System\RgQKMXq.exe
  C:\Windows\System\RgQKMXq.exe
  2⤵
  PID:3912
- C:\Windows\System\kAytokS.exe
  C:\Windows\System\kAytokS.exe
  2⤵
  PID:4052
- C:\Windows\System\VUAJuna.exe
  C:\Windows\System\VUAJuna.exe
  2⤵
  PID:2836
- C:\Windows\System\BLQhEpY.exe
  C:\Windows\System\BLQhEpY.exe
  2⤵
  PID:3148
- C:\Windows\System\sUroIKA.exe
  C:\Windows\System\sUroIKA.exe
  2⤵
  PID:2252
- C:\Windows\System\zpnwIAA.exe
  C:\Windows\System\zpnwIAA.exe
  2⤵
  PID:2668
- C:\Windows\System\oEsTHbJ.exe
  C:\Windows\System\oEsTHbJ.exe
  2⤵
  PID:3116
- C:\Windows\System\PjPYmAJ.exe
  C:\Windows\System\PjPYmAJ.exe
  2⤵
  PID:2812
- C:\Windows\System\DaaHKrr.exe
  C:\Windows\System\DaaHKrr.exe
  2⤵
  PID:2748
- C:\Windows\System\OoZelZF.exe
  C:\Windows\System\OoZelZF.exe
  2⤵
  PID:1492
- C:\Windows\System\YnBxBAl.exe
  C:\Windows\System\YnBxBAl.exe
  2⤵
  PID:3180
- C:\Windows\System\SUhKIqk.exe
  C:\Windows\System\SUhKIqk.exe
  2⤵
  PID:2736
- C:\Windows\System\gfbRuiL.exe
  C:\Windows\System\gfbRuiL.exe
  2⤵
  PID:3272
- C:\Windows\System\rSSmPSM.exe
  C:\Windows\System\rSSmPSM.exe
  2⤵
  PID:3104
- C:\Windows\System\NiIYsUi.exe
  C:\Windows\System\NiIYsUi.exe
  2⤵
  PID:3828
- C:\Windows\System\cbDDUDd.exe
  C:\Windows\System\cbDDUDd.exe
  2⤵
  PID:3756
- C:\Windows\System\FyVaYJN.exe
  C:\Windows\System\FyVaYJN.exe
  2⤵
  PID:2848
- C:\Windows\System\swjfaya.exe
  C:\Windows\System\swjfaya.exe
  2⤵
  PID:2632
- C:\Windows\System\ICRWfux.exe
  C:\Windows\System\ICRWfux.exe
  2⤵
  PID:3960
- C:\Windows\System\vBOrhgu.exe
  C:\Windows\System\vBOrhgu.exe
  2⤵
  PID:3140
- C:\Windows\System\vBLaKmp.exe
  C:\Windows\System\vBLaKmp.exe
  2⤵
  PID:3896
- C:\Windows\System\DbIQXId.exe
  C:\Windows\System\DbIQXId.exe
  2⤵
  PID:2524
- C:\Windows\System\SRwCFjp.exe
  C:\Windows\System\SRwCFjp.exe
  2⤵
  PID:1176
- C:\Windows\System\LkQllTB.exe
  C:\Windows\System\LkQllTB.exe
  2⤵
  PID:2544
- C:\Windows\System\KHNUthy.exe
  C:\Windows\System\KHNUthy.exe
  2⤵
  PID:1816
- C:\Windows\System\sJmSIuw.exe
  C:\Windows\System\sJmSIuw.exe
  2⤵
  PID:3436
- C:\Windows\System\nCrYduB.exe
  C:\Windows\System\nCrYduB.exe
  2⤵
  PID:3232
- C:\Windows\System\hWdxFND.exe
  C:\Windows\System\hWdxFND.exe
  2⤵
  PID:3132
- C:\Windows\System\zBoBrjm.exe
  C:\Windows\System\zBoBrjm.exe
  2⤵
  PID:2804
- C:\Windows\System\ltmmTwi.exe
  C:\Windows\System\ltmmTwi.exe
  2⤵
  PID:1264
- C:\Windows\System\EIdhHzo.exe
  C:\Windows\System\EIdhHzo.exe
  2⤵
  PID:3532
- C:\Windows\System\mUgHAPp.exe
  C:\Windows\System\mUgHAPp.exe
  2⤵
  PID:3872
- C:\Windows\System\xMqjMyv.exe
  C:\Windows\System\xMqjMyv.exe
  2⤵
  PID:3740
- C:\Windows\System\tHCTVlp.exe
  C:\Windows\System\tHCTVlp.exe
  2⤵
  PID:3096
- C:\Windows\System\HfzWgBa.exe
  C:\Windows\System\HfzWgBa.exe
  2⤵
  PID:1892
- C:\Windows\System\sHXkwln.exe
  C:\Windows\System\sHXkwln.exe
  2⤵
  PID:3672
- C:\Windows\System\KnZjHEt.exe
  C:\Windows\System\KnZjHEt.exe
  2⤵
  PID:2120
- C:\Windows\System\ooEbDVV.exe
  C:\Windows\System\ooEbDVV.exe
  2⤵
  PID:1644
- C:\Windows\System\yHUPkfq.exe
  C:\Windows\System\yHUPkfq.exe
  2⤵
  PID:3952
- C:\Windows\System\VpiyDXu.exe
  C:\Windows\System\VpiyDXu.exe
  2⤵
  PID:2236
- C:\Windows\System\CDMQDAJ.exe
  C:\Windows\System\CDMQDAJ.exe
  2⤵
  PID:3220
- C:\Windows\System\vclwcOr.exe
  C:\Windows\System\vclwcOr.exe
  2⤵
  PID:2616
- C:\Windows\System\edIVylG.exe
  C:\Windows\System\edIVylG.exe
  2⤵
  PID:2584
- C:\Windows\System\FBXbynU.exe
  C:\Windows\System\FBXbynU.exe
  2⤵
  PID:4100
- C:\Windows\System\zhEFBeT.exe
  C:\Windows\System\zhEFBeT.exe
  2⤵
  PID:4116
- C:\Windows\System\ZjLmjXH.exe
  C:\Windows\System\ZjLmjXH.exe
  2⤵
  PID:4132
- C:\Windows\System\LVuZVlD.exe
  C:\Windows\System\LVuZVlD.exe
  2⤵
  PID:4148
- C:\Windows\System\HkHgcYu.exe
  C:\Windows\System\HkHgcYu.exe
  2⤵
  PID:4164
- C:\Windows\System\rFncJIq.exe
  C:\Windows\System\rFncJIq.exe
  2⤵
  PID:4180
- C:\Windows\System\dZxLgin.exe
  C:\Windows\System\dZxLgin.exe
  2⤵
  PID:4196
- C:\Windows\System\cDNaNsS.exe
  C:\Windows\System\cDNaNsS.exe
  2⤵
  PID:4212
- C:\Windows\System\sgzXaMI.exe
  C:\Windows\System\sgzXaMI.exe
  2⤵
  PID:4228
- C:\Windows\System\FgjCvxh.exe
  C:\Windows\System\FgjCvxh.exe
  2⤵
  PID:4244
- C:\Windows\System\KUjqqkh.exe
  C:\Windows\System\KUjqqkh.exe
  2⤵
  PID:4260
- C:\Windows\System\GlXGZCW.exe
  C:\Windows\System\GlXGZCW.exe
  2⤵
  PID:4276
- C:\Windows\System\uzZkAww.exe
  C:\Windows\System\uzZkAww.exe
  2⤵
  PID:4292
- C:\Windows\System\WkEHNaq.exe
  C:\Windows\System\WkEHNaq.exe
  2⤵
  PID:4308
- C:\Windows\System\DweTTHH.exe
  C:\Windows\System\DweTTHH.exe
  2⤵
  PID:4324
- C:\Windows\System\wDgCAiM.exe
  C:\Windows\System\wDgCAiM.exe
  2⤵
  PID:4340
- C:\Windows\System\MFLvUWD.exe
  C:\Windows\System\MFLvUWD.exe
  2⤵
  PID:4356
- C:\Windows\System\rPEExva.exe
  C:\Windows\System\rPEExva.exe
  2⤵
  PID:4372
- C:\Windows\System\lvVsXyV.exe
  C:\Windows\System\lvVsXyV.exe
  2⤵
  PID:4388
- C:\Windows\System\PCkIwBf.exe
  C:\Windows\System\PCkIwBf.exe
  2⤵
  PID:4404
- C:\Windows\System\gTKNOzN.exe
  C:\Windows\System\gTKNOzN.exe
  2⤵
  PID:4420
- C:\Windows\System\IqZHgmh.exe
  C:\Windows\System\IqZHgmh.exe
  2⤵
  PID:4436
- C:\Windows\System\rbuiLVV.exe
  C:\Windows\System\rbuiLVV.exe
  2⤵
  PID:4452
- C:\Windows\System\DiGMhyY.exe
  C:\Windows\System\DiGMhyY.exe
  2⤵
  PID:4468
- C:\Windows\System\OgagIly.exe
  C:\Windows\System\OgagIly.exe
  2⤵
  PID:4484
- C:\Windows\System\SDUUbqx.exe
  C:\Windows\System\SDUUbqx.exe
  2⤵
  PID:4500
- C:\Windows\System\LvILrte.exe
  C:\Windows\System\LvILrte.exe
  2⤵
  PID:4516
- C:\Windows\System\LfJyIPk.exe
  C:\Windows\System\LfJyIPk.exe
  2⤵
  PID:4532
- C:\Windows\System\SQxZvpu.exe
  C:\Windows\System\SQxZvpu.exe
  2⤵
  PID:4548
- C:\Windows\System\BwmEozl.exe
  C:\Windows\System\BwmEozl.exe
  2⤵
  PID:4568
- C:\Windows\System\RfnZxnl.exe
  C:\Windows\System\RfnZxnl.exe
  2⤵
  PID:4584
- C:\Windows\System\ufGBCXb.exe
  C:\Windows\System\ufGBCXb.exe
  2⤵
  PID:4600
- C:\Windows\System\NZkBpvv.exe
  C:\Windows\System\NZkBpvv.exe
  2⤵
  PID:4616
- C:\Windows\System\FTNAXbg.exe
  C:\Windows\System\FTNAXbg.exe
  2⤵
  PID:4632
- C:\Windows\System\pGfbdPa.exe
  C:\Windows\System\pGfbdPa.exe
  2⤵
  PID:4648
- C:\Windows\System\bGPgVyz.exe
  C:\Windows\System\bGPgVyz.exe
  2⤵
  PID:4664
- C:\Windows\System\PwqLvln.exe
  C:\Windows\System\PwqLvln.exe
  2⤵
  PID:4680
- C:\Windows\System\DPEysOi.exe
  C:\Windows\System\DPEysOi.exe
  2⤵
  PID:4696
- C:\Windows\System\XtyLFMn.exe
  C:\Windows\System\XtyLFMn.exe
  2⤵
  PID:4712
- C:\Windows\System\YviUUXK.exe
  C:\Windows\System\YviUUXK.exe
  2⤵
  PID:4728
- C:\Windows\System\BjyvrrL.exe
  C:\Windows\System\BjyvrrL.exe
  2⤵
  PID:4744
- C:\Windows\System\ObnVwWN.exe
  C:\Windows\System\ObnVwWN.exe
  2⤵
  PID:4760
- C:\Windows\System\tCAcIde.exe
  C:\Windows\System\tCAcIde.exe
  2⤵
  PID:4776
- C:\Windows\System\jNVXYzA.exe
  C:\Windows\System\jNVXYzA.exe
  2⤵
  PID:4792
- C:\Windows\System\QkcyAuW.exe
  C:\Windows\System\QkcyAuW.exe
  2⤵
  PID:4808
- C:\Windows\System\dmPrIUa.exe
  C:\Windows\System\dmPrIUa.exe
  2⤵
  PID:4824
- C:\Windows\System\JbyQiKT.exe
  C:\Windows\System\JbyQiKT.exe
  2⤵
  PID:4840
- C:\Windows\System\FYmaPhB.exe
  C:\Windows\System\FYmaPhB.exe
  2⤵
  PID:4856
- C:\Windows\System\hXlIPEU.exe
  C:\Windows\System\hXlIPEU.exe
  2⤵
  PID:4872
- C:\Windows\System\nKdhjHL.exe
  C:\Windows\System\nKdhjHL.exe
  2⤵
  PID:4888
- C:\Windows\System\KQXSEKp.exe
  C:\Windows\System\KQXSEKp.exe
  2⤵
  PID:4904
- C:\Windows\System\LESGWQn.exe
  C:\Windows\System\LESGWQn.exe
  2⤵
  PID:4928
- C:\Windows\System\CTlZkWO.exe
  C:\Windows\System\CTlZkWO.exe
  2⤵
  PID:4948
- C:\Windows\System\izgFTeY.exe
  C:\Windows\System\izgFTeY.exe
  2⤵
  PID:4968
- C:\Windows\System\kYkLQBC.exe
  C:\Windows\System\kYkLQBC.exe
  2⤵
  PID:4988
- C:\Windows\System\mApRSFK.exe
  C:\Windows\System\mApRSFK.exe
  2⤵
  PID:5004
- C:\Windows\System\JfEOyZF.exe
  C:\Windows\System\JfEOyZF.exe
  2⤵
  PID:5020
- C:\Windows\System\GSanEob.exe
  C:\Windows\System\GSanEob.exe
  2⤵
  PID:5040
- C:\Windows\System\rfhXkst.exe
  C:\Windows\System\rfhXkst.exe
  2⤵
  PID:5060
- C:\Windows\System\XbXIXRb.exe
  C:\Windows\System\XbXIXRb.exe
  2⤵
  PID:5080
- C:\Windows\System\qWkluyk.exe
  C:\Windows\System\qWkluyk.exe
  2⤵
  PID:5096
- C:\Windows\System\YIKJpoH.exe
  C:\Windows\System\YIKJpoH.exe
  2⤵
  PID:5112
- C:\Windows\System\zPqXLNI.exe
  C:\Windows\System\zPqXLNI.exe
  2⤵
  PID:3380
- C:\Windows\System\DIUHPOD.exe
  C:\Windows\System\DIUHPOD.exe
  2⤵
  PID:4140
- C:\Windows\System\LTLDaCS.exe
  C:\Windows\System\LTLDaCS.exe
  2⤵
  PID:4160
- C:\Windows\System\IYInXPP.exe
  C:\Windows\System\IYInXPP.exe
  2⤵
  PID:4172
- C:\Windows\System\TufXKMJ.exe
  C:\Windows\System\TufXKMJ.exe
  2⤵
  PID:4224
- C:\Windows\System\lkjFXrL.exe
  C:\Windows\System\lkjFXrL.exe
  2⤵
  PID:4272
- C:\Windows\System\WTcOHpv.exe
  C:\Windows\System\WTcOHpv.exe
  2⤵
  PID:4336
- C:\Windows\System\wfnCcSZ.exe
  C:\Windows\System\wfnCcSZ.exe
  2⤵
  PID:4352
- C:\Windows\System\kwuBwfb.exe
  C:\Windows\System\kwuBwfb.exe
  2⤵
  PID:4444
- C:\Windows\System\lIacxWN.exe
  C:\Windows\System\lIacxWN.exe
  2⤵
  PID:4460
- C:\Windows\System\qpCHsvY.exe
  C:\Windows\System\qpCHsvY.exe
  2⤵
  PID:4524
- C:\Windows\System\mmvFPvV.exe
  C:\Windows\System\mmvFPvV.exe
  2⤵
  PID:4448
- C:\Windows\System\cgAASTo.exe
  C:\Windows\System\cgAASTo.exe
  2⤵
  PID:4544
- C:\Windows\System\xqdhgHi.exe
  C:\Windows\System\xqdhgHi.exe
  2⤵
  PID:4596
- C:\Windows\System\wHSetUq.exe
  C:\Windows\System\wHSetUq.exe
  2⤵
  PID:4612
- C:\Windows\System\uCBZFKT.exe
  C:\Windows\System\uCBZFKT.exe
  2⤵
  PID:4692
- C:\Windows\System\ZmmCorT.exe
  C:\Windows\System\ZmmCorT.exe
  2⤵
  PID:4784
- C:\Windows\System\CTuWeko.exe
  C:\Windows\System\CTuWeko.exe
  2⤵
  PID:4852
- C:\Windows\System\KfwEhby.exe
  C:\Windows\System\KfwEhby.exe
  2⤵
  PID:4868
- C:\Windows\System\DJPGRza.exe
  C:\Windows\System\DJPGRza.exe
  2⤵
  PID:4736
- C:\Windows\System\DliPOpY.exe
  C:\Windows\System\DliPOpY.exe
  2⤵
  PID:4772
- C:\Windows\System\mWMlMai.exe
  C:\Windows\System\mWMlMai.exe
  2⤵
  PID:4916
- C:\Windows\System\YQxVqNd.exe
  C:\Windows\System\YQxVqNd.exe
  2⤵
  PID:5000
- C:\Windows\System\ryETyUc.exe
  C:\Windows\System\ryETyUc.exe
  2⤵
  PID:5108
- C:\Windows\System\EKbVVIV.exe
  C:\Windows\System\EKbVVIV.exe
  2⤵
  PID:5048
- C:\Windows\System\YfEPtLg.exe
  C:\Windows\System\YfEPtLg.exe
  2⤵
  PID:4188
- C:\Windows\System\bgRaaBM.exe
  C:\Windows\System\bgRaaBM.exe
  2⤵
  PID:4128
- C:\Windows\System\ayZJWrH.exe
  C:\Windows\System\ayZJWrH.exe
  2⤵
  PID:3712
- C:\Windows\System\tTKozLL.exe
  C:\Windows\System\tTKozLL.exe
  2⤵
  PID:4236
- C:\Windows\System\zYBZWrb.exe
  C:\Windows\System\zYBZWrb.exe
  2⤵
  PID:4368
- C:\Windows\System\YhvggNG.exe
  C:\Windows\System\YhvggNG.exe
  2⤵
  PID:4320
- C:\Windows\System\rAXRMvy.exe
  C:\Windows\System\rAXRMvy.exe
  2⤵
  PID:4428
- C:\Windows\System\rRIhOHS.exe
  C:\Windows\System\rRIhOHS.exe
  2⤵
  PID:4384
- C:\Windows\System\iwQRLkn.exe
  C:\Windows\System\iwQRLkn.exe
  2⤵
  PID:4592
- C:\Windows\System\dsAvloL.exe
  C:\Windows\System\dsAvloL.exe
  2⤵
  PID:4752
- C:\Windows\System\hrGVNrm.exe
  C:\Windows\System\hrGVNrm.exe
  2⤵
  PID:4832
- C:\Windows\System\gQOgKZo.exe
  C:\Windows\System\gQOgKZo.exe
  2⤵
  PID:5092
- C:\Windows\System\RAvUAIi.exe
  C:\Windows\System\RAvUAIi.exe
  2⤵
  PID:4124
- C:\Windows\System\qRMIiej.exe
  C:\Windows\System\qRMIiej.exe
  2⤵
  PID:4560
- C:\Windows\System\izMmnin.exe
  C:\Windows\System\izMmnin.exe
  2⤵
  PID:4556
- C:\Windows\System\JKontfa.exe
  C:\Windows\System\JKontfa.exe
  2⤵
  PID:4672
- C:\Windows\System\bbLjHZq.exe
  C:\Windows\System\bbLjHZq.exe
  2⤵
  PID:4704
- C:\Windows\System\MjXuTCP.exe
  C:\Windows\System\MjXuTCP.exe
  2⤵
  PID:4804
- C:\Windows\System\EBnCVVO.exe
  C:\Windows\System\EBnCVVO.exe
  2⤵
  PID:4304
- C:\Windows\System\FYlDvLf.exe
  C:\Windows\System\FYlDvLf.exe
  2⤵
  PID:4284
- C:\Windows\System\NonvRbD.exe
  C:\Windows\System\NonvRbD.exe
  2⤵
  PID:4252
- C:\Windows\System\UUJQwjg.exe
  C:\Windows\System\UUJQwjg.exe
  2⤵
  PID:4528
- C:\Windows\System\xzqEpXT.exe
  C:\Windows\System\xzqEpXT.exe
  2⤵
  PID:4540
- C:\Windows\System\sVuzWPg.exe
  C:\Windows\System\sVuzWPg.exe
  2⤵
  PID:4676
- C:\Windows\System\SbmMJyQ.exe
  C:\Windows\System\SbmMJyQ.exe
  2⤵
  PID:884
- C:\Windows\System\lxHeXbR.exe
  C:\Windows\System\lxHeXbR.exe
  2⤵
  PID:4912
- C:\Windows\System\iCjtkiu.exe
  C:\Windows\System\iCjtkiu.exe
  2⤵
  PID:4940
- C:\Windows\System\kxKFBtE.exe
  C:\Windows\System\kxKFBtE.exe
  2⤵
  PID:5012
- C:\Windows\System\CvUvfWi.exe
  C:\Windows\System\CvUvfWi.exe
  2⤵
  PID:4864
- C:\Windows\System\tKNnRPJ.exe
  C:\Windows\System\tKNnRPJ.exe
  2⤵
  PID:5076
- C:\Windows\System\bIcTEbV.exe
  C:\Windows\System\bIcTEbV.exe
  2⤵
  PID:4756
- C:\Windows\System\cFqQHPG.exe
  C:\Windows\System\cFqQHPG.exe
  2⤵
  PID:4660
- C:\Windows\System\MivZMne.exe
  C:\Windows\System\MivZMne.exe
  2⤵
  PID:5124
- C:\Windows\System\HqREhBK.exe
  C:\Windows\System\HqREhBK.exe
  2⤵
  PID:5140
- C:\Windows\System\DZfwmiy.exe
  C:\Windows\System\DZfwmiy.exe
  2⤵
  PID:5156
- C:\Windows\System\fgMqYEE.exe
  C:\Windows\System\fgMqYEE.exe
  2⤵
  PID:5176
- C:\Windows\System\xpLIBjM.exe
  C:\Windows\System\xpLIBjM.exe
  2⤵
  PID:5192
- C:\Windows\System\NEawCOA.exe
  C:\Windows\System\NEawCOA.exe
  2⤵
  PID:5208
- C:\Windows\System\PcuNPkU.exe
  C:\Windows\System\PcuNPkU.exe
  2⤵
  PID:5224
- C:\Windows\System\OefEDuW.exe
  C:\Windows\System\OefEDuW.exe
  2⤵
  PID:5240
- C:\Windows\System\qKHKxqO.exe
  C:\Windows\System\qKHKxqO.exe
  2⤵
  PID:5256
- C:\Windows\System\prcTJFm.exe
  C:\Windows\System\prcTJFm.exe
  2⤵
  PID:5272
- C:\Windows\System\IurOVmN.exe
  C:\Windows\System\IurOVmN.exe
  2⤵
  PID:5288
- C:\Windows\System\LsovhVH.exe
  C:\Windows\System\LsovhVH.exe
  2⤵
  PID:5304
- C:\Windows\System\HCKNcVq.exe
  C:\Windows\System\HCKNcVq.exe
  2⤵
  PID:5320
- C:\Windows\System\bzotDxC.exe
  C:\Windows\System\bzotDxC.exe
  2⤵
  PID:5336
- C:\Windows\System\ZnkoWVX.exe
  C:\Windows\System\ZnkoWVX.exe
  2⤵
  PID:5352
- C:\Windows\System\lLmwABs.exe
  C:\Windows\System\lLmwABs.exe
  2⤵
  PID:5368
- C:\Windows\System\hFiEJBB.exe
  C:\Windows\System\hFiEJBB.exe
  2⤵
  PID:5384
- C:\Windows\System\BwaqSSA.exe
  C:\Windows\System\BwaqSSA.exe
  2⤵
  PID:5404
- C:\Windows\System\lQrCzTk.exe
  C:\Windows\System\lQrCzTk.exe
  2⤵
  PID:5420
- C:\Windows\System\piiBcjH.exe
  C:\Windows\System\piiBcjH.exe
  2⤵
  PID:5476
- C:\Windows\System\GqcjgNz.exe
  C:\Windows\System\GqcjgNz.exe
  2⤵
  PID:5516
- C:\Windows\System\ZHecTSd.exe
  C:\Windows\System\ZHecTSd.exe
  2⤵
  PID:5532
- C:\Windows\System\qGHCMxz.exe
  C:\Windows\System\qGHCMxz.exe
  2⤵
  PID:5556
- C:\Windows\System\KMSROOt.exe
  C:\Windows\System\KMSROOt.exe
  2⤵
  PID:5572
- C:\Windows\System\iwfINwN.exe
  C:\Windows\System\iwfINwN.exe
  2⤵
  PID:5592
- C:\Windows\System\UePrpMZ.exe
  C:\Windows\System\UePrpMZ.exe
  2⤵
  PID:5608
- C:\Windows\System\xoriqMM.exe
  C:\Windows\System\xoriqMM.exe
  2⤵
  PID:5624
- C:\Windows\System\ehjqIzO.exe
  C:\Windows\System\ehjqIzO.exe
  2⤵
  PID:5640
- C:\Windows\System\KICxSPM.exe
  C:\Windows\System\KICxSPM.exe
  2⤵
  PID:5680
- C:\Windows\System\eVPjXta.exe
  C:\Windows\System\eVPjXta.exe
  2⤵
  PID:5720
- C:\Windows\System\WosWafu.exe
  C:\Windows\System\WosWafu.exe
  2⤵
  PID:5736
- C:\Windows\System\gVTANBP.exe
  C:\Windows\System\gVTANBP.exe
  2⤵
  PID:5752
- C:\Windows\System\QFpcuSF.exe
  C:\Windows\System\QFpcuSF.exe
  2⤵
  PID:5768
- C:\Windows\System\NJpAjlh.exe
  C:\Windows\System\NJpAjlh.exe
  2⤵
  PID:5784
- C:\Windows\System\Vmyjvnr.exe
  C:\Windows\System\Vmyjvnr.exe
  2⤵
  PID:5800
- C:\Windows\System\GRFJLEk.exe
  C:\Windows\System\GRFJLEk.exe
  2⤵
  PID:5816
- C:\Windows\System\zIKSQvp.exe
  C:\Windows\System\zIKSQvp.exe
  2⤵
  PID:5832
- C:\Windows\System\JnEMuOu.exe
  C:\Windows\System\JnEMuOu.exe
  2⤵
  PID:5848
- C:\Windows\System\fXKRSUH.exe
  C:\Windows\System\fXKRSUH.exe
  2⤵
  PID:5864
- C:\Windows\System\LoUSQxB.exe
  C:\Windows\System\LoUSQxB.exe
  2⤵
  PID:5880
- C:\Windows\System\AQdzhDc.exe
  C:\Windows\System\AQdzhDc.exe
  2⤵
  PID:5900
- C:\Windows\System\aZaEDpl.exe
  C:\Windows\System\aZaEDpl.exe
  2⤵
  PID:5916
- C:\Windows\System\QgDuzhf.exe
  C:\Windows\System\QgDuzhf.exe
  2⤵
  PID:5932
- C:\Windows\System\ExKnuyB.exe
  C:\Windows\System\ExKnuyB.exe
  2⤵
  PID:5948
- C:\Windows\System\kgNnqfK.exe
  C:\Windows\System\kgNnqfK.exe
  2⤵
  PID:5964
- C:\Windows\System\KjypXhp.exe
  C:\Windows\System\KjypXhp.exe
  2⤵
  PID:5980
- C:\Windows\System\aQWhorX.exe
  C:\Windows\System\aQWhorX.exe
  2⤵
  PID:5996
- C:\Windows\System\GHGhyti.exe
  C:\Windows\System\GHGhyti.exe
  2⤵
  PID:6012
- C:\Windows\System\wEzDJKj.exe
  C:\Windows\System\wEzDJKj.exe
  2⤵
  PID:6028
- C:\Windows\System\bBexuxT.exe
  C:\Windows\System\bBexuxT.exe
  2⤵
  PID:6044
- C:\Windows\System\xbDjoeq.exe
  C:\Windows\System\xbDjoeq.exe
  2⤵
  PID:6060
- C:\Windows\System\lzIOlEc.exe
  C:\Windows\System\lzIOlEc.exe
  2⤵
  PID:6076
- C:\Windows\System\TFYLhbV.exe
  C:\Windows\System\TFYLhbV.exe
  2⤵
  PID:6092
- C:\Windows\System\apFfsmE.exe
  C:\Windows\System\apFfsmE.exe
  2⤵
  PID:6108
- C:\Windows\System\ROLZqPP.exe
  C:\Windows\System\ROLZqPP.exe
  2⤵
  PID:6124
- C:\Windows\System\evOwaLi.exe
  C:\Windows\System\evOwaLi.exe
  2⤵
  PID:6140
- C:\Windows\System\RhlEYmX.exe
  C:\Windows\System\RhlEYmX.exe
  2⤵
  PID:4508
- C:\Windows\System\yubnOiS.exe
  C:\Windows\System\yubnOiS.exe
  2⤵
  PID:5036
- C:\Windows\System\rfAfBCf.exe
  C:\Windows\System\rfAfBCf.exe
  2⤵
  PID:4316
- C:\Windows\System\bomDwnq.exe
  C:\Windows\System\bomDwnq.exe
  2⤵
  PID:5136
- C:\Windows\System\mUNaKLx.exe
  C:\Windows\System\mUNaKLx.exe
  2⤵
  PID:5168
- C:\Windows\System\iihgKGd.exe
  C:\Windows\System\iihgKGd.exe
  2⤵
  PID:5216
- C:\Windows\System\FPhMYAB.exe
  C:\Windows\System\FPhMYAB.exe
  2⤵
  PID:5236
- C:\Windows\System\MuMmrXi.exe
  C:\Windows\System\MuMmrXi.exe
  2⤵
  PID:5268
- C:\Windows\System\NEYzTvB.exe
  C:\Windows\System\NEYzTvB.exe
  2⤵
  PID:5332
- C:\Windows\System\RypNEZD.exe
  C:\Windows\System\RypNEZD.exe
  2⤵
  PID:5316
- C:\Windows\System\gQArRDn.exe
  C:\Windows\System\gQArRDn.exe
  2⤵
  PID:5380
- C:\Windows\System\LDtoLou.exe
  C:\Windows\System\LDtoLou.exe
  2⤵
  PID:5412
- C:\Windows\System\gJJLuVo.exe
  C:\Windows\System\gJJLuVo.exe
  2⤵
  PID:5436
- C:\Windows\System\vtroKFB.exe
  C:\Windows\System\vtroKFB.exe
  2⤵
  PID:5492
- C:\Windows\System\HhEZDlJ.exe
  C:\Windows\System\HhEZDlJ.exe
  2⤵
  PID:5460
- C:\Windows\System\oVASPpi.exe
  C:\Windows\System\oVASPpi.exe
  2⤵
  PID:5472
- C:\Windows\System\cNCijoO.exe
  C:\Windows\System\cNCijoO.exe
  2⤵
  PID:5508
- C:\Windows\System\cJjBiEz.exe
  C:\Windows\System\cJjBiEz.exe
  2⤵
  PID:5544
- C:\Windows\System\GBSKnLo.exe
  C:\Windows\System\GBSKnLo.exe
  2⤵
  PID:5580
- C:\Windows\System\HrPVlHs.exe
  C:\Windows\System\HrPVlHs.exe
  2⤵
  PID:328
- C:\Windows\System\ilDDXYq.exe
  C:\Windows\System\ilDDXYq.exe
  2⤵
  PID:5620
- C:\Windows\System\HucBwGX.exe
  C:\Windows\System\HucBwGX.exe
  2⤵
  PID:5604
- C:\Windows\System\XeeMrUB.exe
  C:\Windows\System\XeeMrUB.exe
  2⤵
  PID:4960
- C:\Windows\System\BSyZNGo.exe
  C:\Windows\System\BSyZNGo.exe
  2⤵
  PID:4192
- C:\Windows\System\QuiwqrX.exe
  C:\Windows\System\QuiwqrX.exe
  2⤵
  PID:4204
- C:\Windows\System\BWgXaWA.exe
  C:\Windows\System\BWgXaWA.exe
  2⤵
  PID:5672
- C:\Windows\System\kKjosBA.exe
  C:\Windows\System\kKjosBA.exe
  2⤵
  PID:5700
- C:\Windows\System\wjGlOfl.exe
  C:\Windows\System\wjGlOfl.exe
  2⤵
  PID:5716
- C:\Windows\System\bIiogYL.exe
  C:\Windows\System\bIiogYL.exe
  2⤵
  PID:5760
- C:\Windows\System\xcOAGOe.exe
  C:\Windows\System\xcOAGOe.exe
  2⤵
  PID:5656
- C:\Windows\System\LUTeyNm.exe
  C:\Windows\System\LUTeyNm.exe
  2⤵
  PID:5748
- C:\Windows\System\VCGDknw.exe
  C:\Windows\System\VCGDknw.exe
  2⤵
  PID:5744
- C:\Windows\System\UobuYnD.exe
  C:\Windows\System\UobuYnD.exe
  2⤵
  PID:5892
- C:\Windows\System\AsrNDJA.exe
  C:\Windows\System\AsrNDJA.exe
  2⤵
  PID:5808
- C:\Windows\System\JSlisYw.exe
  C:\Windows\System\JSlisYw.exe
  2⤵
  PID:5928
- C:\Windows\System\VbiYghY.exe
  C:\Windows\System\VbiYghY.exe
  2⤵
  PID:5912
- C:\Windows\System\iztoDVH.exe
  C:\Windows\System\iztoDVH.exe
  2⤵
  PID:5988
- C:\Windows\System\rvcphXd.exe
  C:\Windows\System\rvcphXd.exe
  2⤵
  PID:5976
- C:\Windows\System\qwCxtqg.exe
  C:\Windows\System\qwCxtqg.exe
  2⤵
  PID:6056
- C:\Windows\System\TwPVJRr.exe
  C:\Windows\System\TwPVJRr.exe
  2⤵
  PID:6120
- C:\Windows\System\mTmqjnM.exe
  C:\Windows\System\mTmqjnM.exe
  2⤵
  PID:6072
- C:\Windows\System\YRUIThB.exe
  C:\Windows\System\YRUIThB.exe
  2⤵
  PID:6136
- C:\Windows\System\ftnGMgY.exe
  C:\Windows\System\ftnGMgY.exe
  2⤵
  PID:4580
- C:\Windows\System\FdaRsKM.exe
  C:\Windows\System\FdaRsKM.exe
  2⤵
  PID:6132
- C:\Windows\System\oxQfEPv.exe
  C:\Windows\System\oxQfEPv.exe
  2⤵
  PID:5248
- C:\Windows\System\YYhNpmV.exe
  C:\Windows\System\YYhNpmV.exe
  2⤵
  PID:5280
- C:\Windows\System\HwLAoQo.exe
  C:\Windows\System\HwLAoQo.exe
  2⤵
  PID:5376
- C:\Windows\System\mvRcfOO.exe
  C:\Windows\System\mvRcfOO.exe
  2⤵
  PID:5500
- C:\Windows\System\GpZRfcr.exe
  C:\Windows\System\GpZRfcr.exe
  2⤵
  PID:5400
- C:\Windows\System\kBWcsCE.exe
  C:\Windows\System\kBWcsCE.exe
  2⤵
  PID:5440
- C:\Windows\System\ZsMlhOt.exe
  C:\Windows\System\ZsMlhOt.exe
  2⤵
  PID:5552
- C:\Windows\System\gPzyYsO.exe
  C:\Windows\System\gPzyYsO.exe
  2⤵
  PID:5524
- C:\Windows\System\XPQNbBx.exe
  C:\Windows\System\XPQNbBx.exe
  2⤵
  PID:4920
- C:\Windows\System\OwoEXJE.exe
  C:\Windows\System\OwoEXJE.exe
  2⤵
  PID:5600
- C:\Windows\System\eIJQogX.exe
  C:\Windows\System\eIJQogX.exe
  2⤵
  PID:4984
- C:\Windows\System\iYQkrdA.exe
  C:\Windows\System\iYQkrdA.exe
  2⤵
  PID:5696
- C:\Windows\System\UFbokYV.exe
  C:\Windows\System\UFbokYV.exe
  2⤵
  PID:5712
- C:\Windows\System\PmzSrEj.exe
  C:\Windows\System\PmzSrEj.exe
  2⤵
  PID:5828
- C:\Windows\System\NpuZbyP.exe
  C:\Windows\System\NpuZbyP.exe
  2⤵
  PID:5844
- C:\Windows\System\RJlfeCw.exe
  C:\Windows\System\RJlfeCw.exe
  2⤵
  PID:5860
- C:\Windows\System\LoCtIjH.exe
  C:\Windows\System\LoCtIjH.exe
  2⤵
  PID:5944
- C:\Windows\System\TNFPpTG.exe
  C:\Windows\System\TNFPpTG.exe
  2⤵
  PID:4432
- C:\Windows\System\GPKhFKS.exe
  C:\Windows\System\GPKhFKS.exe
  2⤵
  PID:5200
- C:\Windows\System\qRJyKJz.exe
  C:\Windows\System\qRJyKJz.exe
  2⤵
  PID:872
- C:\Windows\System\rcHtYAx.exe
  C:\Windows\System\rcHtYAx.exe
  2⤵
  PID:6104
- C:\Windows\System\sBczUdC.exe
  C:\Windows\System\sBczUdC.exe
  2⤵
  PID:5300
- C:\Windows\System\ffUaHRN.exe
  C:\Windows\System\ffUaHRN.exe
  2⤵
  PID:5468
- C:\Windows\System\bZMkVuE.exe
  C:\Windows\System\bZMkVuE.exe
  2⤵
  PID:5504
- C:\Windows\System\muTVxYT.exe
  C:\Windows\System\muTVxYT.exe
  2⤵
  PID:5028
- C:\Windows\System\CVUREge.exe
  C:\Windows\System\CVUREge.exe
  2⤵
  PID:5780
- C:\Windows\System\zEYsixp.exe
  C:\Windows\System\zEYsixp.exe
  2⤵
  PID:5540
- C:\Windows\System\ycKtbid.exe
  C:\Windows\System\ycKtbid.exe
  2⤵
  PID:5668
- C:\Windows\System\hCkBeVg.exe
  C:\Windows\System\hCkBeVg.exe
  2⤵
  PID:4936
- C:\Windows\System\QlqZxtb.exe
  C:\Windows\System\QlqZxtb.exe
  2⤵
  PID:5132
- C:\Windows\System\zMQPUyN.exe
  C:\Windows\System\zMQPUyN.exe
  2⤵
  PID:6100
- C:\Windows\System\AoXmAXM.exe
  C:\Windows\System\AoXmAXM.exe
  2⤵
  PID:5364
- C:\Windows\System\vLMGang.exe
  C:\Windows\System\vLMGang.exe
  2⤵
  PID:5940
- C:\Windows\System\oTbevmA.exe
  C:\Windows\System\oTbevmA.exe
  2⤵
  PID:5812
- C:\Windows\System\jNLbRmJ.exe
  C:\Windows\System\jNLbRmJ.exe
  2⤵
  PID:5632
- C:\Windows\System\wwoVvPE.exe
  C:\Windows\System\wwoVvPE.exe
  2⤵
  PID:6148
- C:\Windows\System\loowmNg.exe
  C:\Windows\System\loowmNg.exe
  2⤵
  PID:6164
- C:\Windows\System\sFIvbHf.exe
  C:\Windows\System\sFIvbHf.exe
  2⤵
  PID:6180
- C:\Windows\System\iPpnSmN.exe
  C:\Windows\System\iPpnSmN.exe
  2⤵
  PID:6196
- C:\Windows\System\DhzANkN.exe
  C:\Windows\System\DhzANkN.exe
  2⤵
  PID:6216
- C:\Windows\System\qapQhqI.exe
  C:\Windows\System\qapQhqI.exe
  2⤵
  PID:6232
- C:\Windows\System\GdvyFap.exe
  C:\Windows\System\GdvyFap.exe
  2⤵
  PID:6248
- C:\Windows\System\mvGQWTH.exe
  C:\Windows\System\mvGQWTH.exe
  2⤵
  PID:6264
- C:\Windows\System\wdNqrVx.exe
  C:\Windows\System\wdNqrVx.exe
  2⤵
  PID:6280
- C:\Windows\System\pXqeYyy.exe
  C:\Windows\System\pXqeYyy.exe
  2⤵
  PID:6296
- C:\Windows\System\BdMIxJX.exe
  C:\Windows\System\BdMIxJX.exe
  2⤵
  PID:6312
- C:\Windows\System\IVabZBO.exe
  C:\Windows\System\IVabZBO.exe
  2⤵
  PID:6328
- C:\Windows\System\ymDgRWw.exe
  C:\Windows\System\ymDgRWw.exe
  2⤵
  PID:6344
- C:\Windows\System\cQcEKeO.exe
  C:\Windows\System\cQcEKeO.exe
  2⤵
  PID:6360
- C:\Windows\System\zFWBBxh.exe
  C:\Windows\System\zFWBBxh.exe
  2⤵
  PID:6380
- C:\Windows\System\AQZKWEu.exe
  C:\Windows\System\AQZKWEu.exe
  2⤵
  PID:6396
- C:\Windows\System\rQlNjel.exe
  C:\Windows\System\rQlNjel.exe
  2⤵
  PID:6412
- C:\Windows\System\SNYiMog.exe
  C:\Windows\System\SNYiMog.exe
  2⤵
  PID:6428
- C:\Windows\System\wIlDEKK.exe
  C:\Windows\System\wIlDEKK.exe
  2⤵
  PID:6444
- C:\Windows\System\BlorKZJ.exe
  C:\Windows\System\BlorKZJ.exe
  2⤵
  PID:6460
- C:\Windows\System\NbzUvQe.exe
  C:\Windows\System\NbzUvQe.exe
  2⤵
  PID:6476
- C:\Windows\System\XhmiHyc.exe
  C:\Windows\System\XhmiHyc.exe
  2⤵
  PID:6492
- C:\Windows\System\CwlxQUt.exe
  C:\Windows\System\CwlxQUt.exe
  2⤵
  PID:6508
- C:\Windows\System\jrCGLlu.exe
  C:\Windows\System\jrCGLlu.exe
  2⤵
  PID:6528
- C:\Windows\System\QMaGemg.exe
  C:\Windows\System\QMaGemg.exe
  2⤵
  PID:6560
- C:\Windows\System\ztTtVCB.exe
  C:\Windows\System\ztTtVCB.exe
  2⤵
  PID:6580
- C:\Windows\System\jfccJFt.exe
  C:\Windows\System\jfccJFt.exe
  2⤵
  PID:6604
- C:\Windows\System\fQrWBYo.exe
  C:\Windows\System\fQrWBYo.exe
  2⤵
  PID:6620
- C:\Windows\System\sjZEhMg.exe
  C:\Windows\System\sjZEhMg.exe
  2⤵
  PID:6636
- C:\Windows\System\GYEPDkd.exe
  C:\Windows\System\GYEPDkd.exe
  2⤵
  PID:6652
- C:\Windows\System\qeVvMcI.exe
  C:\Windows\System\qeVvMcI.exe
  2⤵
  PID:6672
- C:\Windows\System\PShiIhc.exe
  C:\Windows\System\PShiIhc.exe
  2⤵
  PID:6688
- C:\Windows\System\THhQWQo.exe
  C:\Windows\System\THhQWQo.exe
  2⤵
  PID:6704
- C:\Windows\System\ddGxmDw.exe
  C:\Windows\System\ddGxmDw.exe
  2⤵
  PID:6720
- C:\Windows\System\GWgbjXS.exe
  C:\Windows\System\GWgbjXS.exe
  2⤵
  PID:6736
- C:\Windows\System\lZQUVYY.exe
  C:\Windows\System\lZQUVYY.exe
  2⤵
  PID:6752
- C:\Windows\System\dYDnIhL.exe
  C:\Windows\System\dYDnIhL.exe
  2⤵
  PID:6768
- C:\Windows\System\HLRiikE.exe
  C:\Windows\System\HLRiikE.exe
  2⤵
  PID:6784
- C:\Windows\System\EBBwFMF.exe
  C:\Windows\System\EBBwFMF.exe
  2⤵
  PID:6800
- C:\Windows\System\PqqVGRe.exe
  C:\Windows\System\PqqVGRe.exe
  2⤵
  PID:6816
- C:\Windows\System\sCBwJnI.exe
  C:\Windows\System\sCBwJnI.exe
  2⤵
  PID:6832
- C:\Windows\System\CKKSExZ.exe
  C:\Windows\System\CKKSExZ.exe
  2⤵
  PID:6848
- C:\Windows\System\PYWifkS.exe
  C:\Windows\System\PYWifkS.exe
  2⤵
  PID:6864
- C:\Windows\System\DABhLHN.exe
  C:\Windows\System\DABhLHN.exe
  2⤵
  PID:6880
- C:\Windows\System\bBTURcc.exe
  C:\Windows\System\bBTURcc.exe
  2⤵
  PID:6896
- C:\Windows\System\vYpzpkk.exe
  C:\Windows\System\vYpzpkk.exe
  2⤵
  PID:6912
- C:\Windows\System\zaQxmXx.exe
  C:\Windows\System\zaQxmXx.exe
  2⤵
  PID:6928
- C:\Windows\System\UOncmKF.exe
  C:\Windows\System\UOncmKF.exe
  2⤵
  PID:6944
- C:\Windows\System\yjoUfpc.exe
  C:\Windows\System\yjoUfpc.exe
  2⤵
  PID:6960
- C:\Windows\System\UXpDMLM.exe
  C:\Windows\System\UXpDMLM.exe
  2⤵
  PID:6976
- C:\Windows\System\CpbiUIS.exe
  C:\Windows\System\CpbiUIS.exe
  2⤵
  PID:6992
- C:\Windows\System\uQUeNCt.exe
  C:\Windows\System\uQUeNCt.exe
  2⤵
  PID:7008
- C:\Windows\System\bsIsqIu.exe
  C:\Windows\System\bsIsqIu.exe
  2⤵
  PID:7024
- C:\Windows\System\MryDaeM.exe
  C:\Windows\System\MryDaeM.exe
  2⤵
  PID:7040
- C:\Windows\System\NwzLDjO.exe
  C:\Windows\System\NwzLDjO.exe
  2⤵
  PID:7056
- C:\Windows\System\ifUzceo.exe
  C:\Windows\System\ifUzceo.exe
  2⤵
  PID:7072
- C:\Windows\System\KxTFAyZ.exe
  C:\Windows\System\KxTFAyZ.exe
  2⤵
  PID:7088
- C:\Windows\System\zkJYyhO.exe
  C:\Windows\System\zkJYyhO.exe
  2⤵
  PID:7104
- C:\Windows\System\QqVhxuD.exe
  C:\Windows\System\QqVhxuD.exe
  2⤵
  PID:7120
- C:\Windows\System\YLcgYjF.exe
  C:\Windows\System\YLcgYjF.exe
  2⤵
  PID:7136
- C:\Windows\System\pvqecHy.exe
  C:\Windows\System\pvqecHy.exe
  2⤵
  PID:7160
- C:\Windows\System\bwdjkNH.exe
  C:\Windows\System\bwdjkNH.exe
  2⤵
  PID:5252
- C:\Windows\System\flAtgVF.exe
  C:\Windows\System\flAtgVF.exe
  2⤵
  PID:6040
- C:\Windows\System\QTslPCl.exe
  C:\Windows\System\QTslPCl.exe
  2⤵
  PID:5652
- C:\Windows\System\nvMdleb.exe
  C:\Windows\System\nvMdleb.exe
  2⤵
  PID:6188
- C:\Windows\System\cmqGlXb.exe
  C:\Windows\System\cmqGlXb.exe
  2⤵
  PID:6256
- C:\Windows\System\QEqIJGv.exe
  C:\Windows\System\QEqIJGv.exe
  2⤵
  PID:6204
- C:\Windows\System\dOXBGXP.exe
  C:\Windows\System\dOXBGXP.exe
  2⤵
  PID:6336
- C:\Windows\System\BJhlKuR.exe
  C:\Windows\System\BJhlKuR.exe
  2⤵
  PID:6356
- C:\Windows\System\OiJhmxL.exe
  C:\Windows\System\OiJhmxL.exe
  2⤵
  PID:6276
- C:\Windows\System\nFCJPsQ.exe
  C:\Windows\System\nFCJPsQ.exe
  2⤵
  PID:6376
- C:\Windows\System\RuoDQWc.exe
  C:\Windows\System\RuoDQWc.exe
  2⤵
  PID:6404
- C:\Windows\System\ZhgwxSD.exe
  C:\Windows\System\ZhgwxSD.exe
  2⤵
  PID:6440
- C:\Windows\System\hUdpqUD.exe
  C:\Windows\System\hUdpqUD.exe
  2⤵
  PID:6516
- C:\Windows\System\ROJwyBC.exe
  C:\Windows\System\ROJwyBC.exe
  2⤵
  PID:6504
- C:\Windows\System\cPZTzfF.exe
  C:\Windows\System\cPZTzfF.exe
  2⤵
  PID:6540
- C:\Windows\System\CurToqd.exe
  C:\Windows\System\CurToqd.exe
  2⤵
  PID:6544
- C:\Windows\System\yaJPHom.exe
  C:\Windows\System\yaJPHom.exe
  2⤵
  PID:6612
- C:\Windows\System\wJJLQZl.exe
  C:\Windows\System\wJJLQZl.exe
  2⤵
  PID:6596
- C:\Windows\System\yucItgF.exe
  C:\Windows\System\yucItgF.exe
  2⤵
  PID:6548
- C:\Windows\System\TekQnrM.exe
  C:\Windows\System\TekQnrM.exe
  2⤵
  PID:6680
- C:\Windows\System\SacCBXW.exe
  C:\Windows\System\SacCBXW.exe
  2⤵
  PID:6744
- C:\Windows\System\YyVsrHb.exe
  C:\Windows\System\YyVsrHb.exe
  2⤵
  PID:6696
- C:\Windows\System\mIGmxxs.exe
  C:\Windows\System\mIGmxxs.exe
  2⤵
  PID:6808
- C:\Windows\System\FdqAtrL.exe
  C:\Windows\System\FdqAtrL.exe
  2⤵
  PID:6844
- C:\Windows\System\khMglQO.exe
  C:\Windows\System\khMglQO.exe
  2⤵
  PID:6728
- C:\Windows\System\UGuejir.exe
  C:\Windows\System\UGuejir.exe
  2⤵
  PID:6904
- C:\Windows\System\orrPgYr.exe
  C:\Windows\System\orrPgYr.exe
  2⤵
  PID:6892
- C:\Windows\System\cTdRnaf.exe
  C:\Windows\System\cTdRnaf.exe
  2⤵
  PID:6920
- C:\Windows\System\CPPZXDP.exe
  C:\Windows\System\CPPZXDP.exe
  2⤵
  PID:7004
- C:\Windows\System\jrhDGah.exe
  C:\Windows\System\jrhDGah.exe
  2⤵
  PID:7068
- C:\Windows\System\uIKATCM.exe
  C:\Windows\System\uIKATCM.exe
  2⤵
  PID:7016
- C:\Windows\System\YDaWYaf.exe
  C:\Windows\System\YDaWYaf.exe
  2⤵
  PID:7084
- C:\Windows\System\MGySMYy.exe
  C:\Windows\System\MGySMYy.exe
  2⤵
  PID:7128
- C:\Windows\System\HoaqgUG.exe
  C:\Windows\System\HoaqgUG.exe
  2⤵
  PID:6160
- C:\Windows\System\sPwEeaE.exe
  C:\Windows\System\sPwEeaE.exe
  2⤵
  PID:6176
- C:\Windows\System\bakQRxo.exe
  C:\Windows\System\bakQRxo.exe
  2⤵
  PID:6424
- C:\Windows\System\MONyCkq.exe
  C:\Windows\System\MONyCkq.exe
  2⤵
  PID:6576
- C:\Windows\System\AevmBMn.exe
  C:\Windows\System\AevmBMn.exe
  2⤵
  PID:6500
- C:\Windows\System\PuEtBMl.exe
  C:\Windows\System\PuEtBMl.exe
  2⤵
  PID:6592
- C:\Windows\System\SbkMTLr.exe
  C:\Windows\System\SbkMTLr.exe
  2⤵
  PID:6780
- C:\Windows\System\YiIOgOq.exe
  C:\Windows\System\YiIOgOq.exe
  2⤵
  PID:6712
- C:\Windows\System\ALqFLxX.exe
  C:\Windows\System\ALqFLxX.exe
  2⤵
  PID:6792
- C:\Windows\System\UqpNXiB.exe
  C:\Windows\System\UqpNXiB.exe
  2⤵
  PID:7064
- C:\Windows\System\ETOxnvu.exe
  C:\Windows\System\ETOxnvu.exe
  2⤵
  PID:6908
- C:\Windows\System\HjVqRQT.exe
  C:\Windows\System\HjVqRQT.exe
  2⤵
  PID:7000
- C:\Windows\System\kgFKGzV.exe
  C:\Windows\System\kgFKGzV.exe
  2⤵
  PID:7100
- C:\Windows\System\LXQOzqF.exe
  C:\Windows\System\LXQOzqF.exe
  2⤵
  PID:6876
- C:\Windows\System\VHnAbin.exe
  C:\Windows\System\VHnAbin.exe
  2⤵
  PID:6324
- C:\Windows\System\HkrAlsC.exe
  C:\Windows\System\HkrAlsC.exe
  2⤵
  PID:6208
- C:\Windows\System\hXzjQES.exe
  C:\Windows\System\hXzjQES.exe
  2⤵
  PID:6116
- C:\Windows\System\PQZiOec.exe
  C:\Windows\System\PQZiOec.exe
  2⤵
  PID:6572
- C:\Windows\System\PtjAlLD.exe
  C:\Windows\System\PtjAlLD.exe
  2⤵
  PID:6556
- C:\Windows\System\fqzHFdh.exe
  C:\Windows\System\fqzHFdh.exe
  2⤵
  PID:6648
- C:\Windows\System\xsLoyji.exe
  C:\Windows\System\xsLoyji.exe
  2⤵
  PID:6664
- C:\Windows\System\vRoDQBH.exe
  C:\Windows\System\vRoDQBH.exe
  2⤵
  PID:6796
- C:\Windows\System\TSRwdbX.exe
  C:\Windows\System\TSRwdbX.exe
  2⤵
  PID:6372
- C:\Windows\System\BLLANUJ.exe
  C:\Windows\System\BLLANUJ.exe
  2⤵
  PID:6888
- C:\Windows\System\qgWmila.exe
  C:\Windows\System\qgWmila.exe
  2⤵
  PID:4880
- C:\Windows\System\aduJrrT.exe
  C:\Windows\System\aduJrrT.exe
  2⤵
  PID:6524
- C:\Windows\System\SHsuyZj.exe
  C:\Windows\System\SHsuyZj.exe
  2⤵
  PID:6484
- C:\Windows\System\keNJDMx.exe
  C:\Windows\System\keNJDMx.exe
  2⤵
  PID:5264
- C:\Windows\System\gllvTaf.exe
  C:\Windows\System\gllvTaf.exe
  2⤵
  PID:6776
- C:\Windows\System\VvviIey.exe
  C:\Windows\System\VvviIey.exe
  2⤵
  PID:6840
- C:\Windows\System\XoQiuPk.exe
  C:\Windows\System\XoQiuPk.exe
  2⤵
  PID:7180
- C:\Windows\System\QewQgoq.exe
  C:\Windows\System\QewQgoq.exe
  2⤵
  PID:7200
- C:\Windows\System\RyroqOr.exe
  C:\Windows\System\RyroqOr.exe
  2⤵
  PID:7220
- C:\Windows\System\ZHKmCXF.exe
  C:\Windows\System\ZHKmCXF.exe
  2⤵
  PID:7240
- C:\Windows\System\UPreTgT.exe
  C:\Windows\System\UPreTgT.exe
  2⤵
  PID:7256
- C:\Windows\System\adsVtbV.exe
  C:\Windows\System\adsVtbV.exe
  2⤵
  PID:7272
- C:\Windows\System\FoiQzta.exe
  C:\Windows\System\FoiQzta.exe
  2⤵
  PID:7292
- C:\Windows\System\LhsEinv.exe
  C:\Windows\System\LhsEinv.exe
  2⤵
  PID:7308
- C:\Windows\System\WzVJLwd.exe
  C:\Windows\System\WzVJLwd.exe
  2⤵
  PID:7332
- C:\Windows\System\XbXBJox.exe
  C:\Windows\System\XbXBJox.exe
  2⤵
  PID:7352
- C:\Windows\System\jYFdhQS.exe
  C:\Windows\System\jYFdhQS.exe
  2⤵
  PID:7368
- C:\Windows\System\hLIZwZp.exe
  C:\Windows\System\hLIZwZp.exe
  2⤵
  PID:7384
- C:\Windows\System\dcvoYVb.exe
  C:\Windows\System\dcvoYVb.exe
  2⤵
  PID:7400
- C:\Windows\System\vlUpRku.exe
  C:\Windows\System\vlUpRku.exe
  2⤵
  PID:7416
- C:\Windows\System\rCocOYV.exe
  C:\Windows\System\rCocOYV.exe
  2⤵
  PID:7432
- C:\Windows\System\xufMeoK.exe
  C:\Windows\System\xufMeoK.exe
  2⤵
  PID:7468
- C:\Windows\System\ulfENqf.exe
  C:\Windows\System\ulfENqf.exe
  2⤵
  PID:7500
- C:\Windows\System\lOvxmbI.exe
  C:\Windows\System\lOvxmbI.exe
  2⤵
  PID:7516
- C:\Windows\System\LyQiBsT.exe
  C:\Windows\System\LyQiBsT.exe
  2⤵
  PID:7532
- C:\Windows\System\FXVmnsb.exe
  C:\Windows\System\FXVmnsb.exe
  2⤵
  PID:7548
- C:\Windows\System\uoWVbOI.exe
  C:\Windows\System\uoWVbOI.exe
  2⤵
  PID:7564
- C:\Windows\System\oPjsKYd.exe
  C:\Windows\System\oPjsKYd.exe
  2⤵
  PID:7580
- C:\Windows\System\xeaPlsh.exe
  C:\Windows\System\xeaPlsh.exe
  2⤵
  PID:7596
- C:\Windows\System\jPPCYbQ.exe
  C:\Windows\System\jPPCYbQ.exe
  2⤵
  PID:7612
- C:\Windows\System\iOCLVJp.exe
  C:\Windows\System\iOCLVJp.exe
  2⤵
  PID:7628
- C:\Windows\System\PHEseiD.exe
  C:\Windows\System\PHEseiD.exe
  2⤵
  PID:7644
- C:\Windows\System\wXzcWTL.exe
  C:\Windows\System\wXzcWTL.exe
  2⤵
  PID:7660
- C:\Windows\System\OJmTrDg.exe
  C:\Windows\System\OJmTrDg.exe
  2⤵
  PID:7676
- C:\Windows\System\XnjJpLw.exe
  C:\Windows\System\XnjJpLw.exe
  2⤵
  PID:7724
- C:\Windows\System\sBbuGbv.exe
  C:\Windows\System\sBbuGbv.exe
  2⤵
  PID:7764
- C:\Windows\System\nVMxerV.exe
  C:\Windows\System\nVMxerV.exe
  2⤵
  PID:7784
- C:\Windows\System\wAqOiaT.exe
  C:\Windows\System\wAqOiaT.exe
  2⤵
  PID:7800
- C:\Windows\System\UWIzmgj.exe
  C:\Windows\System\UWIzmgj.exe
  2⤵
  PID:7816
- C:\Windows\System\nOCgoxT.exe
  C:\Windows\System\nOCgoxT.exe
  2⤵
  PID:7832
- C:\Windows\System\SRJnoml.exe
  C:\Windows\System\SRJnoml.exe
  2⤵
  PID:7848
- C:\Windows\System\GieMjjs.exe
  C:\Windows\System\GieMjjs.exe
  2⤵
  PID:7864
- C:\Windows\System\uBoWKrp.exe
  C:\Windows\System\uBoWKrp.exe
  2⤵
  PID:7880
- C:\Windows\System\tLxsOsy.exe
  C:\Windows\System\tLxsOsy.exe
  2⤵
  PID:7896
- C:\Windows\System\AXvvmms.exe
  C:\Windows\System\AXvvmms.exe
  2⤵
  PID:7916
- C:\Windows\System\lrIDeTQ.exe
  C:\Windows\System\lrIDeTQ.exe
  2⤵
  PID:7940
- C:\Windows\System\BIWURBL.exe
  C:\Windows\System\BIWURBL.exe
  2⤵
  PID:7956
- C:\Windows\System\hOdRppI.exe
  C:\Windows\System\hOdRppI.exe
  2⤵
  PID:7972
- C:\Windows\System\wVuDycQ.exe
  C:\Windows\System\wVuDycQ.exe
  2⤵
  PID:7988
- C:\Windows\System\uAJFvnU.exe
  C:\Windows\System\uAJFvnU.exe
  2⤵
  PID:8004
- C:\Windows\System\kFmbitR.exe
  C:\Windows\System\kFmbitR.exe
  2⤵
  PID:8020
- C:\Windows\System\HUUWKxK.exe
  C:\Windows\System\HUUWKxK.exe
  2⤵
  PID:8036
- C:\Windows\System\uvnRjLf.exe
  C:\Windows\System\uvnRjLf.exe
  2⤵
  PID:8052
- C:\Windows\System\CpOvgYz.exe
  C:\Windows\System\CpOvgYz.exe
  2⤵
  PID:8068
- C:\Windows\System\bzsDHYv.exe
  C:\Windows\System\bzsDHYv.exe
  2⤵
  PID:8084
- C:\Windows\System\oJFwsFG.exe
  C:\Windows\System\oJFwsFG.exe
  2⤵
  PID:8100
- C:\Windows\System\GECLPkp.exe
  C:\Windows\System\GECLPkp.exe
  2⤵
  PID:8116
- C:\Windows\System\ZgJrVCz.exe
  C:\Windows\System\ZgJrVCz.exe
  2⤵
  PID:8132
- C:\Windows\System\wsRlYjc.exe
  C:\Windows\System\wsRlYjc.exe
  2⤵
  PID:8148
- C:\Windows\System\lhAPjFr.exe
  C:\Windows\System\lhAPjFr.exe
  2⤵
  PID:8164
- C:\Windows\System\sadWMXp.exe
  C:\Windows\System\sadWMXp.exe
  2⤵
  PID:8180
- C:\Windows\System\DmjhIaO.exe
  C:\Windows\System\DmjhIaO.exe
  2⤵
  PID:6352
- C:\Windows\System\hRwLySQ.exe
  C:\Windows\System\hRwLySQ.exe
  2⤵
  PID:7196
- C:\Windows\System\IQCsPmu.exe
  C:\Windows\System\IQCsPmu.exe
  2⤵
  PID:7080
- C:\Windows\System\ugwfWYp.exe
  C:\Windows\System\ugwfWYp.exe
  2⤵
  PID:6244
- C:\Windows\System\WBOvKQG.exe
  C:\Windows\System\WBOvKQG.exe
  2⤵
  PID:7052
- C:\Windows\System\UoIdAZq.exe
  C:\Windows\System\UoIdAZq.exe
  2⤵
  PID:7236
- C:\Windows\System\TgsvgYK.exe
  C:\Windows\System\TgsvgYK.exe
  2⤵
  PID:7264
- C:\Windows\System\NubZsHL.exe
  C:\Windows\System\NubZsHL.exe
  2⤵
  PID:7376
- C:\Windows\System\UPSFprd.exe
  C:\Windows\System\UPSFprd.exe
  2⤵
  PID:7348
- C:\Windows\System\qYXhzzx.exe
  C:\Windows\System\qYXhzzx.exe
  2⤵
  PID:7316
- C:\Windows\System\NzIoQWk.exe
  C:\Windows\System\NzIoQWk.exe
  2⤵
  PID:7396
- C:\Windows\System\JIbtlNP.exe
  C:\Windows\System\JIbtlNP.exe
  2⤵
  PID:7444
- C:\Windows\System\TlPWlEM.exe
  C:\Windows\System\TlPWlEM.exe
  2⤵
  PID:7464
- C:\Windows\System\UmCkZsm.exe
  C:\Windows\System\UmCkZsm.exe
  2⤵
  PID:7496
- C:\Windows\System\astOCCz.exe
  C:\Windows\System\astOCCz.exe
  2⤵
  PID:7524
- C:\Windows\System\PvfTHNB.exe
  C:\Windows\System\PvfTHNB.exe
  2⤵
  PID:7512
- C:\Windows\System\QoGBTwZ.exe
  C:\Windows\System\QoGBTwZ.exe
  2⤵
  PID:7608
- C:\Windows\System\JfuMOuZ.exe
  C:\Windows\System\JfuMOuZ.exe
  2⤵
  PID:7588
- C:\Windows\System\lPucHbT.exe
  C:\Windows\System\lPucHbT.exe
  2⤵
  PID:7640
- C:\Windows\System\qoreZal.exe
  C:\Windows\System\qoreZal.exe
  2⤵
  PID:7672
- C:\Windows\System\VWRSrAm.exe
  C:\Windows\System\VWRSrAm.exe
  2⤵
  PID:7744
- C:\Windows\System\MspNHGl.exe
  C:\Windows\System\MspNHGl.exe
  2⤵
  PID:7760
- C:\Windows\System\siGGMCu.exe
  C:\Windows\System\siGGMCu.exe
  2⤵
  PID:7692
- C:\Windows\System\tQEaoIP.exe
  C:\Windows\System\tQEaoIP.exe
  2⤵
  PID:7712
- C:\Windows\System\WVxvxfo.exe
  C:\Windows\System\WVxvxfo.exe
  2⤵
  PID:7792
- C:\Windows\System\HSmRBjs.exe
  C:\Windows\System\HSmRBjs.exe
  2⤵
  PID:7824
- C:\Windows\System\cQSLYez.exe
  C:\Windows\System\cQSLYez.exe
  2⤵
  PID:7840
- C:\Windows\System\yjWqyca.exe
  C:\Windows\System\yjWqyca.exe
  2⤵
  PID:7888
- C:\Windows\System\Yywnboq.exe
  C:\Windows\System\Yywnboq.exe
  2⤵
  PID:7876
- C:\Windows\System\ALISEDS.exe
  C:\Windows\System\ALISEDS.exe
  2⤵
  PID:7904
- C:\Windows\System\BcePMfq.exe
  C:\Windows\System\BcePMfq.exe
  2⤵
  PID:7912
- C:\Windows\System\HYdmiCO.exe
  C:\Windows\System\HYdmiCO.exe
  2⤵
  PID:8028
- C:\Windows\System\WyNywka.exe
  C:\Windows\System\WyNywka.exe
  2⤵
  PID:8064
- C:\Windows\System\QIkSgIV.exe
  C:\Windows\System\QIkSgIV.exe
  2⤵
  PID:8092
- C:\Windows\System\JomkeEU.exe
  C:\Windows\System\JomkeEU.exe
  2⤵
  PID:8188
- C:\Windows\System\odrzmhI.exe
  C:\Windows\System\odrzmhI.exe
  2⤵
  PID:6988
- C:\Windows\System\BGaaAuY.exe
  C:\Windows\System\BGaaAuY.exe
  2⤵
  PID:6240
- C:\Windows\System\gLyGAfu.exe
  C:\Windows\System\gLyGAfu.exe
  2⤵
  PID:7208
- C:\Windows\System\NsKgSAV.exe
  C:\Windows\System\NsKgSAV.exe
  2⤵
  PID:7232
- C:\Windows\System\IltqYXk.exe
  C:\Windows\System\IltqYXk.exe
  2⤵
  PID:7248
- C:\Windows\System\YwxCmIH.exe
  C:\Windows\System\YwxCmIH.exe
  2⤵
  PID:7324
- C:\Windows\System\dugLKie.exe
  C:\Windows\System\dugLKie.exe
  2⤵
  PID:7428
- C:\Windows\System\PDvSLdr.exe
  C:\Windows\System\PDvSLdr.exe
  2⤵
  PID:7448
- C:\Windows\System\IIRYBGS.exe
  C:\Windows\System\IIRYBGS.exe
  2⤵
  PID:7488
- C:\Windows\System\pjpoPID.exe
  C:\Windows\System\pjpoPID.exe
  2⤵
  PID:7508
- C:\Windows\System\LVLxCww.exe
  C:\Windows\System\LVLxCww.exe
  2⤵
  PID:7604
- C:\Windows\System\BYkTjRE.exe
  C:\Windows\System\BYkTjRE.exe
  2⤵
  PID:7668
- C:\Windows\System\cnNwtzx.exe
  C:\Windows\System\cnNwtzx.exe
  2⤵
  PID:7756
- C:\Windows\System\kkvuXkR.exe
  C:\Windows\System\kkvuXkR.exe
  2⤵
  PID:7704
- C:\Windows\System\jLGDOjb.exe
  C:\Windows\System\jLGDOjb.exe
  2⤵
  PID:7812
- C:\Windows\System\LVTEUku.exe
  C:\Windows\System\LVTEUku.exe
  2⤵
  PID:7932
- C:\Windows\System\yiyPNSR.exe
  C:\Windows\System\yiyPNSR.exe
  2⤵
  PID:7968
- C:\Windows\System\JwvUtte.exe
  C:\Windows\System\JwvUtte.exe
  2⤵
  PID:8012
- C:\Windows\System\CTyCKBx.exe
  C:\Windows\System\CTyCKBx.exe
  2⤵
  PID:8000
- C:\Windows\System\hyKQcYz.exe
  C:\Windows\System\hyKQcYz.exe
  2⤵
  PID:8108
- C:\Windows\System\wcCLzXl.exe
  C:\Windows\System\wcCLzXl.exe
  2⤵
  PID:8160
- C:\Windows\System\sccOegC.exe
  C:\Windows\System\sccOegC.exe
  2⤵
  PID:7144
- C:\Windows\System\mxztOiB.exe
  C:\Windows\System\mxztOiB.exe
  2⤵
  PID:8236
- C:\Windows\System\akmrBJv.exe
  C:\Windows\System\akmrBJv.exe
  2⤵
  PID:8256
- C:\Windows\System\ilQnKWZ.exe
  C:\Windows\System\ilQnKWZ.exe
  2⤵
  PID:8272
- C:\Windows\System\NxuMnWt.exe
  C:\Windows\System\NxuMnWt.exe
  2⤵
  PID:8760
- C:\Windows\System\rOfvjxj.exe
  C:\Windows\System\rOfvjxj.exe
  2⤵
  PID:8812
- C:\Windows\System\JIRopgP.exe
  C:\Windows\System\JIRopgP.exe
  2⤵
  PID:8832
- C:\Windows\System\xlxOYKE.exe
  C:\Windows\System\xlxOYKE.exe
  2⤵
  PID:8852
- C:\Windows\System\hzrdpJn.exe
  C:\Windows\System\hzrdpJn.exe
  2⤵
  PID:8872
- C:\Windows\System\rThsuZM.exe
  C:\Windows\System\rThsuZM.exe
  2⤵
  PID:8888
- C:\Windows\System\XvfDIUr.exe
  C:\Windows\System\XvfDIUr.exe
  2⤵
  PID:8904
- C:\Windows\System\ZAGorKF.exe
  C:\Windows\System\ZAGorKF.exe
  2⤵
  PID:8920
- C:\Windows\System\vuPjXiI.exe
  C:\Windows\System\vuPjXiI.exe
  2⤵
  PID:8936
- C:\Windows\System\UywAjMH.exe
  C:\Windows\System\UywAjMH.exe
  2⤵
  PID:8956
- C:\Windows\System\xPTOSfd.exe
  C:\Windows\System\xPTOSfd.exe
  2⤵
  PID:8972
- C:\Windows\System\WqvpfIl.exe
  C:\Windows\System\WqvpfIl.exe
  2⤵
  PID:8988
- C:\Windows\System\pzBpPaS.exe
  C:\Windows\System\pzBpPaS.exe
  2⤵
  PID:9004
- C:\Windows\System\NujXnIR.exe
  C:\Windows\System\NujXnIR.exe
  2⤵
  PID:9020
- C:\Windows\System\vSCuVJr.exe
  C:\Windows\System\vSCuVJr.exe
  2⤵
  PID:9036
- C:\Windows\System\BLGbdSp.exe
  C:\Windows\System\BLGbdSp.exe
  2⤵
  PID:9052
- C:\Windows\System\SpURuWb.exe
  C:\Windows\System\SpURuWb.exe
  2⤵
  PID:9068
- C:\Windows\System\vitQZhi.exe
  C:\Windows\System\vitQZhi.exe
  2⤵
  PID:9088
- C:\Windows\System\dwOwfLc.exe
  C:\Windows\System\dwOwfLc.exe
  2⤵
  PID:9120
- C:\Windows\System\FYWWdhA.exe
  C:\Windows\System\FYWWdhA.exe
  2⤵
  PID:9164
- C:\Windows\System\jLbPhEo.exe
  C:\Windows\System\jLbPhEo.exe
  2⤵
  PID:9184
- C:\Windows\System\MRZPkEk.exe
  C:\Windows\System\MRZPkEk.exe
  2⤵
  PID:8300
- C:\Windows\System\XFfqwes.exe
  C:\Windows\System\XFfqwes.exe
  2⤵
  PID:8328
- C:\Windows\System\jAJbczh.exe
  C:\Windows\System\jAJbczh.exe
  2⤵
  PID:8640
- C:\Windows\System\qLsCNwa.exe
  C:\Windows\System\qLsCNwa.exe
  2⤵
  PID:8656
- C:\Windows\System\JQbvrGB.exe
  C:\Windows\System\JQbvrGB.exe
  2⤵
  PID:8672
- C:\Windows\System\MkwoAbw.exe
  C:\Windows\System\MkwoAbw.exe
  2⤵
  PID:8700
- C:\Windows\System\nUufqQx.exe
  C:\Windows\System\nUufqQx.exe
  2⤵
  PID:8724
- C:\Windows\System\BUjqNnR.exe
  C:\Windows\System\BUjqNnR.exe
  2⤵
  PID:8740
- C:\Windows\System\MqNAfTo.exe
  C:\Windows\System\MqNAfTo.exe
  2⤵
  PID:8820
- C:\Windows\System\wxoEgYR.exe
  C:\Windows\System\wxoEgYR.exe
  2⤵
  PID:8864
- C:\Windows\System\SYMHnTP.exe
  C:\Windows\System\SYMHnTP.exe
  2⤵
  PID:8928
- C:\Windows\System\IGUGNob.exe
  C:\Windows\System\IGUGNob.exe
  2⤵
  PID:8772
- C:\Windows\System\wOxFlmR.exe
  C:\Windows\System\wOxFlmR.exe
  2⤵
  PID:8848
- C:\Windows\System\BNtDSQV.exe
  C:\Windows\System\BNtDSQV.exe
  2⤵
  PID:8916
- C:\Windows\System\xYFUZUy.exe
  C:\Windows\System\xYFUZUy.exe
  2⤵
  PID:8792
- C:\Windows\System\UhFoJaO.exe
  C:\Windows\System\UhFoJaO.exe
  2⤵
  PID:8808
- C:\Windows\System\eFbLtjR.exe
  C:\Windows\System\eFbLtjR.exe
  2⤵
  PID:9028
- C:\Windows\System\xWdXIOQ.exe
  C:\Windows\System\xWdXIOQ.exe
  2⤵
  PID:9096
- C:\Windows\System\GzjnnOL.exe
  C:\Windows\System\GzjnnOL.exe
  2⤵
  PID:9080
- C:\Windows\System\wVFQlig.exe
  C:\Windows\System\wVFQlig.exe
  2⤵
  PID:9180
- C:\Windows\System\gvXczty.exe
  C:\Windows\System\gvXczty.exe
  2⤵
  PID:8204
- C:\Windows\System\seZzGsY.exe
  C:\Windows\System\seZzGsY.exe
  2⤵
  PID:8312
- C:\Windows\System\yzIuFgL.exe
  C:\Windows\System\yzIuFgL.exe
  2⤵
  PID:8320
- C:\Windows\System\DwXLWkE.exe
  C:\Windows\System\DwXLWkE.exe
  2⤵
  PID:9140
- C:\Windows\System\XhhzpAQ.exe
  C:\Windows\System\XhhzpAQ.exe
  2⤵
  PID:7456
- C:\Windows\System\fjRecyf.exe
  C:\Windows\System\fjRecyf.exe
  2⤵
  PID:9196
- C:\Windows\System\MCAPjlc.exe
  C:\Windows\System\MCAPjlc.exe
  2⤵
  PID:9212
- C:\Windows\System\orNSiVy.exe
  C:\Windows\System\orNSiVy.exe
  2⤵
  PID:8396
- C:\Windows\System\TkFpETV.exe
  C:\Windows\System\TkFpETV.exe
  2⤵
  PID:8224
- C:\Windows\System\zyToBZP.exe
  C:\Windows\System\zyToBZP.exe
  2⤵
  PID:7228
- C:\Windows\System\sBBwvJS.exe
  C:\Windows\System\sBBwvJS.exe
  2⤵
  PID:7776
- C:\Windows\System\jplGhSD.exe
  C:\Windows\System\jplGhSD.exe
  2⤵
  PID:8016
- C:\Windows\System\DAABFNa.exe
  C:\Windows\System\DAABFNa.exe
  2⤵
  PID:8176
- C:\Windows\System\FSKpafb.exe
  C:\Windows\System\FSKpafb.exe
  2⤵
  PID:8196
- C:\Windows\System\uYGTlVB.exe
  C:\Windows\System\uYGTlVB.exe
  2⤵
  PID:8232
- C:\Windows\System\RGrCGqQ.exe
  C:\Windows\System\RGrCGqQ.exe
  2⤵
  PID:8392
- C:\Windows\System\WsaCmAn.exe
  C:\Windows\System\WsaCmAn.exe
  2⤵
  PID:8416
- C:\Windows\System\iroCGuC.exe
  C:\Windows\System\iroCGuC.exe
  2⤵
  PID:8288
- C:\Windows\System\znfgxXX.exe
  C:\Windows\System\znfgxXX.exe
  2⤵
  PID:8344
- C:\Windows\System\lnVLUOT.exe
  C:\Windows\System\lnVLUOT.exe
  2⤵
  PID:8356
- C:\Windows\System\OVAzYFY.exe
  C:\Windows\System\OVAzYFY.exe
  2⤵
  PID:8376
- C:\Windows\System\AiUZtqv.exe
  C:\Windows\System\AiUZtqv.exe
  2⤵
  PID:6472
- C:\Windows\System\gCiJWRb.exe
  C:\Windows\System\gCiJWRb.exe
  2⤵
  PID:8456
- C:\Windows\System\dVRLXPe.exe
  C:\Windows\System\dVRLXPe.exe
  2⤵
  PID:8516
- C:\Windows\System\EVwXqSj.exe
  C:\Windows\System\EVwXqSj.exe
  2⤵
  PID:8500
- C:\Windows\System\oriXDMd.exe
  C:\Windows\System\oriXDMd.exe
  2⤵
  PID:8524
- C:\Windows\System\NqKyqey.exe
  C:\Windows\System\NqKyqey.exe
  2⤵
  PID:8548
- C:\Windows\System\ikFtqyy.exe
  C:\Windows\System\ikFtqyy.exe
  2⤵
  PID:8592
- C:\Windows\System\JXPNRwo.exe
  C:\Windows\System\JXPNRwo.exe
  2⤵
  PID:8596
- C:\Windows\System\PxZSgyj.exe
  C:\Windows\System\PxZSgyj.exe
  2⤵
  PID:8620
- C:\Windows\System\SoIPYST.exe
  C:\Windows\System\SoIPYST.exe
  2⤵
  PID:8636
- C:\Windows\System\gGaraXy.exe
  C:\Windows\System\gGaraXy.exe
  2⤵
  PID:8668
- C:\Windows\System\LsURHFm.exe
  C:\Windows\System\LsURHFm.exe
  2⤵
  PID:8696
- C:\Windows\System\eFeaNcl.exe
  C:\Windows\System\eFeaNcl.exe
  2⤵
  PID:8736
- C:\Windows\System\ofMteNA.exe
  C:\Windows\System\ofMteNA.exe
  2⤵
  PID:8896
- C:\Windows\System\tTHOKnR.exe
  C:\Windows\System\tTHOKnR.exe
  2⤵
  PID:8768
- C:\Windows\System\RBxkNQq.exe
  C:\Windows\System\RBxkNQq.exe
  2⤵
  PID:8800
- C:\Windows\System\qLpUiwF.exe
  C:\Windows\System\qLpUiwF.exe
  2⤵
  PID:8944
- C:\Windows\System\yhlWJJQ.exe
  C:\Windows\System\yhlWJJQ.exe
  2⤵
  PID:8996
- C:\Windows\System\BcIPWPa.exe
  C:\Windows\System\BcIPWPa.exe
  2⤵
  PID:8844
- C:\Windows\System\IZPMoFT.exe
  C:\Windows\System\IZPMoFT.exe
  2⤵
  PID:9116
- C:\Windows\System\XPmfNRi.exe
  C:\Windows\System\XPmfNRi.exe
  2⤵
  PID:7328
- C:\Windows\System\UrbfPcq.exe
  C:\Windows\System\UrbfPcq.exe
  2⤵
  PID:9192
- C:\Windows\System\FvDpvCp.exe
  C:\Windows\System\FvDpvCp.exe
  2⤵
  PID:7720
- C:\Windows\System\ghqFBiH.exe
  C:\Windows\System\ghqFBiH.exe
  2⤵
  PID:7708
- C:\Windows\System\mdVzTxm.exe
  C:\Windows\System\mdVzTxm.exe
  2⤵
  PID:9204
- C:\Windows\System\HYqmFJf.exe
  C:\Windows\System\HYqmFJf.exe
  2⤵
  PID:7544
- C:\Windows\System\UicKpbm.exe
  C:\Windows\System\UicKpbm.exe
  2⤵
  PID:7928
- C:\Windows\System\tMoVszS.exe
  C:\Windows\System\tMoVszS.exe
  2⤵
  PID:8076
- C:\Windows\System\GNqDltH.exe
  C:\Windows\System\GNqDltH.exe
  2⤵
  PID:8220
- C:\Windows\System\aOCEKcu.exe
  C:\Windows\System\aOCEKcu.exe
  2⤵
  PID:8404
- C:\Windows\System\jnoniCr.exe
  C:\Windows\System\jnoniCr.exe
  2⤵
  PID:8292
- C:\Windows\System\zrvHUvE.exe
  C:\Windows\System\zrvHUvE.exe
  2⤵
  PID:8268
- C:\Windows\System\ZffDMfX.exe
  C:\Windows\System\ZffDMfX.exe
  2⤵
  PID:8432
- C:\Windows\System\GGyGJcW.exe
  C:\Windows\System\GGyGJcW.exe
  2⤵
  PID:8496
- C:\Windows\System\Bxudvlx.exe
  C:\Windows\System\Bxudvlx.exe
  2⤵
  PID:8504
- C:\Windows\System\HAvVTwi.exe
  C:\Windows\System\HAvVTwi.exe
  2⤵
  PID:8544
- C:\Windows\System\HSMAdPG.exe
  C:\Windows\System\HSMAdPG.exe
  2⤵
  PID:8560
- C:\Windows\System\UvjWDFW.exe
  C:\Windows\System\UvjWDFW.exe
  2⤵
  PID:8584
- C:\Windows\System\wlWjHGH.exe
  C:\Windows\System\wlWjHGH.exe
  2⤵
  PID:8716
- C:\Windows\System\lwMfqzV.exe
  C:\Windows\System\lwMfqzV.exe
  2⤵
  PID:8748
- C:\Windows\System\FLmIAMU.exe
  C:\Windows\System\FLmIAMU.exe
  2⤵
  PID:8796
- C:\Windows\System\yJedNpQ.exe
  C:\Windows\System\yJedNpQ.exe
  2⤵
  PID:8984
- C:\Windows\System\YyApkug.exe
  C:\Windows\System\YyApkug.exe
  2⤵
  PID:9112
- C:\Windows\System\fXxbfpH.exe
  C:\Windows\System\fXxbfpH.exe
  2⤵
  PID:9076
- C:\Windows\System\CZEQTWR.exe
  C:\Windows\System\CZEQTWR.exe
  2⤵
  PID:8252
- C:\Windows\System\YQUSlBx.exe
  C:\Windows\System\YQUSlBx.exe
  2⤵
  PID:8308
- C:\Windows\System\UwlFjXr.exe
  C:\Windows\System\UwlFjXr.exe
  2⤵
  PID:7188
- C:\Windows\System\RegKXTa.exe
  C:\Windows\System\RegKXTa.exe
  2⤵
  PID:8712
- C:\Windows\System\AtSSQbH.exe
  C:\Windows\System\AtSSQbH.exe
  2⤵
  PID:7288
- C:\Windows\System\LMqixtQ.exe
  C:\Windows\System\LMqixtQ.exe
  2⤵
  PID:8228
- C:\Windows\System\rAUIbXk.exe
  C:\Windows\System\rAUIbXk.exe
  2⤵
  PID:8372
- C:\Windows\System\ywbumIs.exe
  C:\Windows\System\ywbumIs.exe
  2⤵
  PID:8336
- C:\Windows\System\ArRVTfQ.exe
  C:\Windows\System\ArRVTfQ.exe
  2⤵
  PID:8472
- C:\Windows\System\lxDfkvq.exe
  C:\Windows\System\lxDfkvq.exe
  2⤵
  PID:8540
- C:\Windows\System\ALEUHDa.exe
  C:\Windows\System\ALEUHDa.exe
  2⤵
  PID:8664
- C:\Windows\System\zQnunHt.exe
  C:\Windows\System\zQnunHt.exe
  2⤵
  PID:8756
- C:\Windows\System\cBQCCuA.exe
  C:\Windows\System\cBQCCuA.exe
  2⤵
  PID:8860
- C:\Windows\System\ZvNJuWy.exe
  C:\Windows\System\ZvNJuWy.exe
  2⤵
  PID:8568
- C:\Windows\System\RjEvyAy.exe
  C:\Windows\System\RjEvyAy.exe
  2⤵
  PID:8140
- C:\Windows\System\hLdczYD.exe
  C:\Windows\System\hLdczYD.exe
  2⤵
  PID:9048
- C:\Windows\System\GtCaZdC.exe
  C:\Windows\System\GtCaZdC.exe
  2⤵
  PID:8420
- C:\Windows\System\mgCcKzQ.exe
  C:\Windows\System\mgCcKzQ.exe
  2⤵
  PID:7364
- C:\Windows\System\suOEXqe.exe
  C:\Windows\System\suOEXqe.exe
  2⤵
  PID:8532
- C:\Windows\System\qLuXoLy.exe
  C:\Windows\System\qLuXoLy.exe
  2⤵
  PID:8352
- C:\Windows\System\TJseEju.exe
  C:\Windows\System\TJseEju.exe
  2⤵
  PID:8588
- C:\Windows\System\sbrcGHL.exe
  C:\Windows\System\sbrcGHL.exe
  2⤵
  PID:8600
- C:\Windows\System\WPSyuPE.exe
  C:\Windows\System\WPSyuPE.exe
  2⤵
  PID:8900
- C:\Windows\System\UItfPMN.exe
  C:\Windows\System\UItfPMN.exe
  2⤵
  PID:8776
- C:\Windows\System\qzOXLSY.exe
  C:\Windows\System\qzOXLSY.exe
  2⤵
  PID:7844
- C:\Windows\System\nqRYEmM.exe
  C:\Windows\System\nqRYEmM.exe
  2⤵
  PID:8112
- C:\Windows\System\uCbrjOW.exe
  C:\Windows\System\uCbrjOW.exe
  2⤵
  PID:8424
- C:\Windows\System\FdPJHXU.exe
  C:\Windows\System\FdPJHXU.exe
  2⤵
  PID:7736
- C:\Windows\System\bEUXekf.exe
  C:\Windows\System\bEUXekf.exe
  2⤵
  PID:8536
- C:\Windows\System\esdjyka.exe
  C:\Windows\System\esdjyka.exe
  2⤵
  PID:9208
- C:\Windows\System\bYPWJJP.exe
  C:\Windows\System\bYPWJJP.exe
  2⤵
  PID:7484
- C:\Windows\System\ZWPLvEi.exe
  C:\Windows\System\ZWPLvEi.exe
  2⤵
  PID:8476
- C:\Windows\System\RQVHsfu.exe
  C:\Windows\System\RQVHsfu.exe
  2⤵
  PID:9240
- C:\Windows\System\HGbACSK.exe
  C:\Windows\System\HGbACSK.exe
  2⤵
  PID:9288
- C:\Windows\System\gvppJTJ.exe
  C:\Windows\System\gvppJTJ.exe
  2⤵
  PID:9304
- C:\Windows\System\OXloyhq.exe
  C:\Windows\System\OXloyhq.exe
  2⤵
  PID:9320
- C:\Windows\System\JOCBVvS.exe
  C:\Windows\System\JOCBVvS.exe
  2⤵
  PID:9336
- C:\Windows\System\LDfbdPp.exe
  C:\Windows\System\LDfbdPp.exe
  2⤵
  PID:9352
- C:\Windows\System\dIhNkAI.exe
  C:\Windows\System\dIhNkAI.exe
  2⤵
  PID:9368
- C:\Windows\System\AVZyZji.exe
  C:\Windows\System\AVZyZji.exe
  2⤵
  PID:9384
- C:\Windows\System\zejHfyF.exe
  C:\Windows\System\zejHfyF.exe
  2⤵
  PID:9412
- C:\Windows\System\kUlcGMg.exe
  C:\Windows\System\kUlcGMg.exe
  2⤵
  PID:9440
- C:\Windows\System\JSrBKmL.exe
  C:\Windows\System\JSrBKmL.exe
  2⤵
  PID:9456
- C:\Windows\System\kgwiMEO.exe
  C:\Windows\System\kgwiMEO.exe
  2⤵
  PID:9472
- C:\Windows\System\RvdPREu.exe
  C:\Windows\System\RvdPREu.exe
  2⤵
  PID:9492
- C:\Windows\System\BAzTiin.exe
  C:\Windows\System\BAzTiin.exe
  2⤵
  PID:9512
- C:\Windows\System\CYeIIPJ.exe
  C:\Windows\System\CYeIIPJ.exe
  2⤵
  PID:9548
- C:\Windows\System\rApGlXo.exe
  C:\Windows\System\rApGlXo.exe
  2⤵
  PID:9572
- C:\Windows\System\jPQXDNE.exe
  C:\Windows\System\jPQXDNE.exe
  2⤵
  PID:9588
- C:\Windows\System\iOTTsoH.exe
  C:\Windows\System\iOTTsoH.exe
  2⤵
  PID:9608
- C:\Windows\System\vCRBLza.exe
  C:\Windows\System\vCRBLza.exe
  2⤵
  PID:9624
- C:\Windows\System\RimdYwE.exe
  C:\Windows\System\RimdYwE.exe
  2⤵
  PID:9648
- C:\Windows\System\SUviNyQ.exe
  C:\Windows\System\SUviNyQ.exe
  2⤵
  PID:9664
- C:\Windows\System\MnLtYbq.exe
  C:\Windows\System\MnLtYbq.exe
  2⤵
  PID:9688
- C:\Windows\System\WyRkfxu.exe
  C:\Windows\System\WyRkfxu.exe
  2⤵
  PID:9708
- C:\Windows\System\tvoiCEc.exe
  C:\Windows\System\tvoiCEc.exe
  2⤵
  PID:9724
- C:\Windows\System\AwiWxpU.exe
  C:\Windows\System\AwiWxpU.exe
  2⤵
  PID:9740
- C:\Windows\System\kXDCIfi.exe
  C:\Windows\System\kXDCIfi.exe
  2⤵
  PID:9756
- C:\Windows\System\voWndxu.exe
  C:\Windows\System\voWndxu.exe
  2⤵
  PID:9776
- C:\Windows\System\oVPHIul.exe
  C:\Windows\System\oVPHIul.exe
  2⤵
  PID:9792
- C:\Windows\System\RpQqIec.exe
  C:\Windows\System\RpQqIec.exe
  2⤵
  PID:9812
- C:\Windows\System\hTVDfym.exe
  C:\Windows\System\hTVDfym.exe
  2⤵
  PID:9836
- C:\Windows\System\IlyNNpX.exe
  C:\Windows\System\IlyNNpX.exe
  2⤵
  PID:9872
- C:\Windows\System\EXKDfbO.exe
  C:\Windows\System\EXKDfbO.exe
  2⤵
  PID:9888
- C:\Windows\System\ffqKgiU.exe
  C:\Windows\System\ffqKgiU.exe
  2⤵
  PID:9904
- C:\Windows\System\TvpEjXj.exe
  C:\Windows\System\TvpEjXj.exe
  2⤵
  PID:9920
- C:\Windows\System\QwDAMvk.exe
  C:\Windows\System\QwDAMvk.exe
  2⤵
  PID:9948
- C:\Windows\System\cxQPfts.exe
  C:\Windows\System\cxQPfts.exe
  2⤵
  PID:9964
- C:\Windows\System\xeAAuoi.exe
  C:\Windows\System\xeAAuoi.exe
  2⤵
  PID:9980
- C:\Windows\System\dConwgq.exe
  C:\Windows\System\dConwgq.exe
  2⤵
  PID:9996
- C:\Windows\System\csnlmEG.exe
  C:\Windows\System\csnlmEG.exe
  2⤵
  PID:10016
- C:\Windows\System\DMFglLY.exe
  C:\Windows\System\DMFglLY.exe
  2⤵
  PID:10036
- C:\Windows\System\UpzYCDq.exe
  C:\Windows\System\UpzYCDq.exe
  2⤵
  PID:10056
- C:\Windows\System\XnKxXRu.exe
  C:\Windows\System\XnKxXRu.exe
  2⤵
  PID:10076
- C:\Windows\System\sEayeGo.exe
  C:\Windows\System\sEayeGo.exe
  2⤵
  PID:10096
- C:\Windows\System\ARJLrBL.exe
  C:\Windows\System\ARJLrBL.exe
  2⤵
  PID:10136
- C:\Windows\System\Yayuxqc.exe
  C:\Windows\System\Yayuxqc.exe
  2⤵
  PID:10152
- C:\Windows\System\Hpwsfak.exe
  C:\Windows\System\Hpwsfak.exe
  2⤵
  PID:10172
- C:\Windows\System\Bxjnwij.exe
  C:\Windows\System\Bxjnwij.exe
  2⤵
  PID:10188
- C:\Windows\System\jBcqBHl.exe
  C:\Windows\System\jBcqBHl.exe
  2⤵
  PID:10208
- C:\Windows\System\cHfbxGc.exe
  C:\Windows\System\cHfbxGc.exe
  2⤵
  PID:10228
- C:\Windows\System\GLWnOjZ.exe
  C:\Windows\System\GLWnOjZ.exe
  2⤵
  PID:9228
- C:\Windows\System\qmDyCEi.exe
  C:\Windows\System\qmDyCEi.exe
  2⤵
  PID:9248
- C:\Windows\System\PkKOXib.exe
  C:\Windows\System\PkKOXib.exe
  2⤵
  PID:7808
- C:\Windows\System\HzhrpwF.exe
  C:\Windows\System\HzhrpwF.exe
  2⤵
  PID:9264
- C:\Windows\System\sFBEfwM.exe
  C:\Windows\System\sFBEfwM.exe
  2⤵
  PID:9280
- C:\Windows\System\ETMbzsg.exe
  C:\Windows\System\ETMbzsg.exe
  2⤵
  PID:9328
- C:\Windows\System\Lbmlklg.exe
  C:\Windows\System\Lbmlklg.exe
  2⤵
  PID:9396
- C:\Windows\System\CimMTfl.exe
  C:\Windows\System\CimMTfl.exe
  2⤵
  PID:9400
- C:\Windows\System\NMqqPGO.exe
  C:\Windows\System\NMqqPGO.exe
  2⤵
  PID:9448
- C:\Windows\System\UnNRqjX.exe
  C:\Windows\System\UnNRqjX.exe
  2⤵
  PID:9432
- C:\Windows\System\gpYZzjY.exe
  C:\Windows\System\gpYZzjY.exe
  2⤵
  PID:9484
- C:\Windows\System\MuqIHWi.exe
  C:\Windows\System\MuqIHWi.exe
  2⤵
  PID:9500
- C:\Windows\System\cwGYAcL.exe
  C:\Windows\System\cwGYAcL.exe
  2⤵
  PID:9528
- C:\Windows\System\JshfOzc.exe
  C:\Windows\System\JshfOzc.exe
  2⤵
  PID:9468
- C:\Windows\System\KgOhrtk.exe
  C:\Windows\System\KgOhrtk.exe
  2⤵
  PID:9580
- C:\Windows\System\DDPJIYS.exe
  C:\Windows\System\DDPJIYS.exe
  2⤵
  PID:9620
- C:\Windows\System\CcfCebU.exe
  C:\Windows\System\CcfCebU.exe
  2⤵
  PID:9640
- C:\Windows\System\JjztMsi.exe
  C:\Windows\System\JjztMsi.exe
  2⤵
  PID:9680
- C:\Windows\System\fnWLSNV.exe
  C:\Windows\System\fnWLSNV.exe
  2⤵
  PID:9704
- C:\Windows\System\VrBqTGT.exe
  C:\Windows\System\VrBqTGT.exe
  2⤵
  PID:9764
- C:\Windows\System\yCJQTXs.exe
  C:\Windows\System\yCJQTXs.exe
  2⤵
  PID:9844
- C:\Windows\System\abLthOq.exe
  C:\Windows\System\abLthOq.exe
  2⤵
  PID:9824
- C:\Windows\System\SxzxmwP.exe
  C:\Windows\System\SxzxmwP.exe
  2⤵
  PID:9868
- C:\Windows\System\iGWcbhb.exe
  C:\Windows\System\iGWcbhb.exe
  2⤵
  PID:9932
- C:\Windows\System\wbBvtMm.exe
  C:\Windows\System\wbBvtMm.exe
  2⤵
  PID:9912
- C:\Windows\System\IKHOVAr.exe
  C:\Windows\System\IKHOVAr.exe
  2⤵
  PID:9988
- C:\Windows\System\ZIQZBPs.exe
  C:\Windows\System\ZIQZBPs.exe
  2⤵
  PID:10044
- C:\Windows\System\RTfSpXL.exe
  C:\Windows\System\RTfSpXL.exe
  2⤵
  PID:10028
- C:\Windows\System\GwYcDUB.exe
  C:\Windows\System\GwYcDUB.exe
  2⤵
  PID:10088
- C:\Windows\System\NUWOeTM.exe
  C:\Windows\System\NUWOeTM.exe
  2⤵
  PID:10104
- C:\Windows\System\UkiXvNN.exe
  C:\Windows\System\UkiXvNN.exe
  2⤵
  PID:10132
- C:\Windows\System\OtNJMEX.exe
  C:\Windows\System\OtNJMEX.exe
  2⤵
  PID:10168
- C:\Windows\System\jwCeVQk.exe
  C:\Windows\System\jwCeVQk.exe
  2⤵
  PID:10200
- C:\Windows\System\WlFoJCH.exe
  C:\Windows\System\WlFoJCH.exe
  2⤵
  PID:10204
- C:\Windows\System\hkHCmRA.exe
  C:\Windows\System\hkHCmRA.exe
  2⤵
  PID:8752
- C:\Windows\System\AjdsuBt.exe
  C:\Windows\System\AjdsuBt.exe
  2⤵
  PID:7172
- C:\Windows\System\QlAmQkw.exe
  C:\Windows\System\QlAmQkw.exe
  2⤵
  PID:9360
- C:\Windows\System\YdOBBuL.exe
  C:\Windows\System\YdOBBuL.exe
  2⤵
  PID:9316
- C:\Windows\System\FiYkhdV.exe
  C:\Windows\System\FiYkhdV.exe
  2⤵
  PID:9544
- C:\Windows\System\sxrOJMz.exe
  C:\Windows\System\sxrOJMz.exe
  2⤵
  PID:9344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AxtFKil.exe

Filesize
6.0MB

MD5
9c2d50281e26093e0d31f896fa8710e5

SHA1
2450e93a21db5bc22f8a33de0b0416f772eafeeb

SHA256
2c65058b881728a869d8997fe6cce8f9ac61264e04e57a802d47816f54cc4891

SHA512
41041dbcf2457b5985a598f91e84777aa84e5b899602b9cce504c77fef2dbb754a11e564956f01f5c7be387caed5dc0fe5ff924b000c5a02e03a29bbd235db65

Download Submit
C:\Windows\system\BmcDDrE.exe

Filesize
6.0MB

MD5
3d396bbe5615688792a6d85fc64b091d

SHA1
5b81a84d0589fbb851014cbfafa164ce4f156768

SHA256
d0fcc827ce8ca168ab322c8338a4f833525a42c4095681614762b401c18f9637

SHA512
d4cfdeeb420d3677fe4a67522931469220e94f3ceeb2a55967fa889757ea83fbb6d47eb933d28103d87ecb49c7a7ff43f0480f25b0f889596e304c912c20c249

Download Submit
C:\Windows\system\FONYFdl.exe

Filesize
6.0MB

MD5
f1163fb1bfdf6fc9a73f163da112cc9b

SHA1
5874a05aa65385b5adfa9f5bf1f7dc2c69e29abe

SHA256
3dae9d5b306ca354fb9e3db5f328ca255af33d3e8760fb099d74ddac140ba2be

SHA512
fa385cd6f13efd03c8020a5696e9c5f7f827b7406cc4681525008b044c527ad80e757ef24b9b0ed392c3119d53a603bec6552e4649c07e364872130b7fa6adff

Download Submit
C:\Windows\system\FTPHrWS.exe

Filesize
6.0MB

MD5
8bc63bdd28cdec668c52de7bbcf40249

SHA1
a6bcbd588dfe3fa482473c586e8f8255f9f46c72

SHA256
8f0eb4c743164b854f3de91df4c062538db123b0b8add952c5f9ef08bb407f86

SHA512
c732d774dab6e84773ffcc75f05634b3eed547812cd3438e3f12840f29fc4b9a97d9ea856d58cc9da09176db6296aae40d6111af0a381736008c27df9375d294

Download Submit
C:\Windows\system\GqOmPFu.exe

Filesize
6.0MB

MD5
128be26138383f5f1ef08a9f2418befd

SHA1
0f49121ec827b9cfad3e475d7bc8148be62972e0

SHA256
23fc78e65c1f7ab6f790fbbe91ec9c6e2cd28171787b81352b45bcda83622dc3

SHA512
7feb0680d717c3e3f842ebff37a77d4b33eb8c7e4dd63d1d27bcbdfcbe11671f4fa0c608cb07afdffc74723130fed54edfc29d7b79b437241f36cdbb6c91986a

Download Submit
C:\Windows\system\HSvsaiT.exe

Filesize
6.0MB

MD5
e975313bb64a8417e50aca66c21e2d4b

SHA1
4af827da0385ff23bdc223d464a7efe94cadf55e

SHA256
240b79fdc210b4aa59d6a76cbe3f30e5edeb558492ef340d7410ecdce722c769

SHA512
bfafaa2ca94b1b4f73abb66c80ce245d2550830e830d90ae8e082f66ea58374298fac375ca24a2485290e6f590e738447d760d4dfe21155d54fdb6c01a79049b

Download Submit
C:\Windows\system\HelxwQh.exe

Filesize
6.0MB

MD5
bcc21b19c7a2630e41dbb9d8a094bb0f

SHA1
6904c35cd7c2ef441dfd533ab84bd299b21c8f74

SHA256
c8537e91e14e9dad9bab05312a2a935efdf8b0874fa4dd5e6c685daea0a4f820

SHA512
57a8342855940034e70764e22863c2d8f870a12b3d55fc020f55dffca43e8911a8b1b0af03607f83f27821592b4287c385d7f88f7cdaddd4f782515eac1c6299

Download Submit
C:\Windows\system\KHbmpRU.exe

Filesize
6.0MB

MD5
5bd9c0d4f76fff942449715284aca7c9

SHA1
e88f91173e913843b7982a31207567f35811f6b1

SHA256
214de8f4f837ba6043850be08a2d5fa6b2bc4e40efaeaaba4b14896901afd643

SHA512
a5463c07635fe11ffa2da3984e5e5dfdcb76cde46502aaa68cae4a3271663aa506b9f981e7e44f56f132591386a2a29a75ca81d274fd90a11bbf80ecb6ffb52c

Download Submit
C:\Windows\system\KrNWLsr.exe

Filesize
6.0MB

MD5
9e093782dbd10e98c812460c9368e04c

SHA1
0f529024a584bdfbce991bcd5ff5a42c2a1bdcaf

SHA256
63d21ef5f4b8ddb7857c97e0a1fd5d53c4c7cdce4b3b6be4db92507eb7be78a5

SHA512
618ea57b3ecc64bf89bf170fe9563cbd5e2fb2154a7426127a7dbf508a562dcb0bb3ae63212f26f555ffd91d76e5093be002a24d7c9a985268cce118486406ea

Download Submit
C:\Windows\system\KxGDofK.exe

Filesize
6.0MB

MD5
7552d1c5701b4d40260ed9a3a48098a1

SHA1
1250361964b3f7ecd838e2a082f9b19f080efcb4

SHA256
d40411ea1088f91ca71b11bd49ac08baa1cbe2d892da726ccce3bc836f97621c

SHA512
27e10a44cd0ae70814afe963829ff6641c0e1917399c8aa38517598aec8eb9d98118cd0493b614fa2ff5b65bc0d76388e9f8c10f74b3b9c9e34e9343af57df1f

Download Submit
C:\Windows\system\NmoFVan.exe

Filesize
6.0MB

MD5
9f7a369f35245403b0517cfbc7658461

SHA1
36d54de6f8e656ec29da6fb423572179a7a83ed5

SHA256
c8a1064801e052c00cdd82a3405f08795e09c12f228814d4e6d3e856d868ac57

SHA512
ac817b9bc11c1d9db5f3e38b997b25f09c1315d20e51ab62075eabed80b7347eca18b88160405169b269f62960a19fc7b92792cb9ce508a3d500332f6cfa4ac4

Download Submit
C:\Windows\system\NomBPZK.exe

Filesize
6.0MB

MD5
7b7f4ccb37ef75ba43ba362c98461a47

SHA1
4e305b8883b42a7b52eeccf3d2b3edbad9e11468

SHA256
9df3c1a3d2ae2cde9c9bf155a3e3c8c0bbdd31cfc005bab3c1e4c42be6021867

SHA512
c8919e9e7af3a801d804edbd4a415b78a1d99cc4b76fc382fdc399683077afbb244d9ada94bc286b0a610050086acae1432be48a3ce6e4e8d9415dc7b09f2050

Download Submit
C:\Windows\system\OwyORZy.exe

Filesize
6.0MB

MD5
dc5687da72ff2e42893da9a1183b340c

SHA1
417f23326f1a325d3292f6dfe7228bdeeb313a7d

SHA256
f6bbe792c3a32c258a15744f1293a50edb0f26be9ab753a76bc4c80ad638d999

SHA512
70c4eea698694bfc6e3dc831bef9848b9ffb2499d79676e14f95434d820d621f1b50923fffc1541ba7e5a3f709373baf704571b3e2fa2e68b482b4f7bf91510c

Download Submit
C:\Windows\system\PvoZmEY.exe

Filesize
6.0MB

MD5
25e599d67f45bfc9ac0f2116ed0e36cf

SHA1
e1eb9dd130b6e7301b94149fdc236ce1613d5d19

SHA256
cf441a3f99d64da6412d61d9183a9c1ac6ebd9f5cc8fc0117f07c973c89a5666

SHA512
2aeef68f824495c239116fcc7d790f23f67cee70e91b1ce2e31b9d04e18e3d357507ec1d4c91c55ffa25c69c288bde99c38b453f92253bb2198da8d244983ed8

Download Submit
C:\Windows\system\QLwXNYj.exe

Filesize
6.0MB

MD5
1e8ce852bbe8d8bb6f0f7cd802a6c6d3

SHA1
458e384fee2435cf45abdd4a62bd6eb2efd002e3

SHA256
5df3cad14d26b5ffbf050d3dc7b97c7728b40c2ac2ee0284ae84aeb2fe536a9f

SHA512
9e5315db86af2312e05d39d2938bbd2cfeb1994713445e7ae478acdb535dfd765958674137c12a27aa3241d9f073890b7c6ea8f8abe0fb3a5b29033e3087512f

Download Submit
C:\Windows\system\TedoaOy.exe

Filesize
6.0MB

MD5
1bffb1d144477ecf50c966455695ccb9

SHA1
7fac5d9d05e1a9431e6b21497d0b24f34929e53a

SHA256
06f80ec914a9023c6fe405f6664fdfa23bbf86d3747c47fa0e70e9d4847ee48e

SHA512
00aa0e26a539169c02d8885bbc54637070a535c7a28c9e3c90c24a34fcd903e1934742bc2b5184d2175aa854ecbe3d4dd15c8c655a270db2d1881f869ee4e594

Download Submit
C:\Windows\system\UlllqLX.exe

Filesize
6.0MB

MD5
9283547c56e74739f65fcf78a31dc11c

SHA1
087bd23bbf468b3557efcf23c3bddd54f967e516

SHA256
e66348eb6b2c4cd5106d0907e0c95b946523c618894f0fca23bb56ecc3be56f7

SHA512
90549d9666cb124333963c7325a826ccce139b7ded6fe409ebc1dcf6562b568a08e10ae3b046c30bae327675282f3093946f7758c98e6af6ed4eead4071fdd88

Download Submit
C:\Windows\system\UsNIPqw.exe

Filesize
6.0MB

MD5
150ed986c7e482de743171806e7f05f3

SHA1
23366b30104b5bd4c25fc3a557e1332661483e52

SHA256
4ae504a36b00e671af19ca9e2c5805f63136f4899c068833b89cc78e5d1780a5

SHA512
83aeadbcc9e5935691d79d4ff8586490696b8f0de77ae5aedaaf46b9491a6e9b330b023e20b47434d11edf80f0f1394d74232b362714709050037e7e56f1a889

Download Submit
C:\Windows\system\VODGSYp.exe

Filesize
6.0MB

MD5
0d5081ff0c54a4774fa6462286fa724c

SHA1
8073bc226b373027d6434fc141827b5ea2e0c822

SHA256
23e11ffef228f37530931bab689c16fff21d76f538a2207b56b8d30caa1a78f8

SHA512
5a731eb2c7bc27d773550acb7fc725406f5b02d13c64cb3ae82f59e3fc33e3eeea04afdc05db25e8ee93eae661ca45049deef15b5b4ef2bdbba3f2332cbe79bd

Download Submit
C:\Windows\system\bQepzEy.exe

Filesize
6.0MB

MD5
a1f5b0dda1dceb52a4f5b0acc7f4c273

SHA1
1d57978e1b8749ee5de2b1dd3598fda15f58ba0c

SHA256
3bf7e1ebff86115d689c121931e29306ef3ab497f8f52ee03047f8e5bacf34b8

SHA512
c6fd6f32a914a65e49c077a46e0649813baebb9aaf98c07d16223cb72316dd9d5dd583599176a64661e57e260cf0fa2ab03690332bccc7d5ac96d1402b2216b2

Download Submit
C:\Windows\system\hHbNRPy.exe

Filesize
6.0MB

MD5
637898149d155d53b6f66dbbfa1a5377

SHA1
cfde3fa36d20027ffc49f1f31d14874501c022d4

SHA256
ecbc23e07b5dc6de497c095e87f27efcc4d90e94ffd6c5934b792154357a096e

SHA512
08ac00ca5312ca4d6f49240117cf42f762df337ebb6d192f42d6ffc456289f37c17b1460dd51531d8eda27f899f2a88f8ef68cab61c02d437c2db881d00eaa21

Download Submit
C:\Windows\system\hKcCxMS.exe

Filesize
6.0MB

MD5
2555f112c0608af13c8d8c3e71d26464

SHA1
83459cc7393c74cbb64c05b2082b5dd9456de09c

SHA256
50aaad9304defcb2f97efc728ac95dbce3f81d307c5e86e7eca1ee8e1ee28726

SHA512
20f611eba67717e2794d5534c919ff02a80b803dc1122b67e70c1c219ee924a2ccfcb028507ff2f0d17bddbcdaa9fa114ca3a05b1033496b465a8f001b53451b

Download Submit
C:\Windows\system\ivgjLBh.exe

Filesize
6.0MB

MD5
e4668fb4a56cfa0a3bddad6c1ef6a127

SHA1
772ad24e477e65634cdcf5772e74d1b2917ca3da

SHA256
2290e9b9780da03fb9a1a2b617586f8e59eb88ad57d59e6caa9e5825e76b8410

SHA512
3c86791982bf8760530b28502ab398b9a08a299d0bd89a20bf9eadaa52860a9f57b0a3be618b0cb2b41b2f61e1afa06c5ada93e726ec143897ac90fd8785d8c6

Download Submit
C:\Windows\system\jykxJzb.exe

Filesize
6.0MB

MD5
dfbdf589cdfc98cac545eed140735a06

SHA1
5128f51b02f9f6d6d0f8d6b0fde52133b1697a2a

SHA256
28cc9cd2057d98055b991739b2ae969d7c8d0f4d4386d42ec6238bd10f279620

SHA512
07aacf4f08baceb89aacc43e5a7f0aff5ebec6b621b9ec1f700013435cc0e56dce1c186f697d20f97be95aa18b2b86a9c7376c6dfca02fa9c5f1e210b3764c12

Download Submit
C:\Windows\system\lYcdslW.exe

Filesize
6.0MB

MD5
7fc7c2e4997457f3d4c6e5a0d6594909

SHA1
021d48a03409bdd4908cf61bc240d50ca35523cb

SHA256
4992ddc33f1c0e781da9bba34f503477ba21995bc0c7ba6a68eae718ddff934f

SHA512
2b7cab62dc1583e5c06938aaf22b0b9fedaa3ebc47714cd5cdd982aed38904ea426ba3578762dd28ebf8cba803c248b6099aedf25af3260ce8e7000ce45e543b

Download Submit
C:\Windows\system\mAHschq.exe

Filesize
6.0MB

MD5
b862ac8b1f62885e013b77d632d588b2

SHA1
aba452ef10ac7e92fa6c0fa07ca01509eed5d4d9

SHA256
8df6fa69aab1407d0f133a54490d631c0a9feae44e961dbb9ca64d6d40296f1e

SHA512
a7a7d99e80e8282c9ef7e190df984deccbf86f48af0f2be5650cb3e0bad40002f920ed6736a81e53c1603aca825f8678766801e8a52d42a76ff0d3059428d1cb

Download Submit
C:\Windows\system\tHiDFyw.exe

Filesize
6.0MB

MD5
30d027ea6b175d525a8381d1dc500a5d

SHA1
006f399a22052a0968c3882b49434464fc9ebcae

SHA256
ac1c82e079fc676c85db3eacd00c4073f6a3e1338907d9b1067aef73bf23c248

SHA512
492f90fb51bb022ad65bfb98fd5f3e2d0bf8fe53b67e1cb6e869425f1ad4181897d3f630996028b3d8365bdd3135ce2760d0497356a60e1437ccf713a070594d

Download Submit
C:\Windows\system\vhtejBL.exe

Filesize
6.0MB

MD5
df2b8f62cd6f88d2e9a4941706177fc7

SHA1
74572efcd6ae4f2d76bc0709dc09f361c5e15dc2

SHA256
23ca9e93ed6e60e0facc54af3ab5cc30d5d5fe877ccb305cb5547550dd20ab12

SHA512
c0228ef9802c3c0b321432e6652036e359d1b90ed334d6e64b006e5a3c9655ebe02ed073f6eca06153edbf11ab1fd07ea76e372eece970c139e11c6371220ed0

Download Submit
C:\Windows\system\zPvFZCi.exe

Filesize
6.0MB

MD5
d5643f146a513d96d37a22667394f2b0

SHA1
9ce50471a403eb510885768b6bae0a1d79c81a6b

SHA256
3d7c341025b6b57df4ca238dfc0034e06455778c03d0f0a202558a9249b303c0

SHA512
45422d38ea99684b2db61f41101df98fe3eb49c664a96f987c2738979866d6ed781e3744b45851acc0727b929b7a767a6bb0689b56b6a916e9f8abb9eb8afa41

Download Submit
\Windows\system\WZZzIyB.exe

Filesize
6.0MB

MD5
5192a67d32c3130fc42b01c7896dae32

SHA1
f4570827d708da95dfebace2da2231c5b3a09681

SHA256
16b058a55f041dc792a1920689f76fd1d8d30bd654b447d2019f21eb122af906

SHA512
0943fed21a56eaf392c41d24008e7b4192e5ab35cedad304b89837045981725d66a408da8d6bfa9ccfef6f2d3331ea60f5b9d8274a4a462d6db18f8d04b180ac

Download Submit
\Windows\system\ZmyhjRR.exe

Filesize
6.0MB

MD5
b022d9b3e8c0fe350539bf4684872136

SHA1
3043e06b0cc8f1fbff41cb39700a093b4ab2f5ce

SHA256
15a583a5af93dc1c240c9a83e2087b2b4153f21ec0404b57a3af3fb8a815d8b4

SHA512
ee20ddea0fa3d0a91522fd7a08392c6c814edab990546cd93b221c8640fe784cad597ab51034babfd5c2746a6f0134467498ea0cacad00f1dbc13242827630c6

Download Submit
\Windows\system\uwdEllT.exe

Filesize
6.0MB

MD5
6359010c9c887c0f5d33aa59194b5bce

SHA1
532e9daab384513b43c18e240ccdbafa32f31efe

SHA256
e0b48ea793a8b34df445c3fbe8c53720480132efb45be85aa190e4bd10e3fa36

SHA512
6728754bb90f0f6daca4b5572e4d5d62b5322a8f244a62f415ec14893df1225a9a66d9d4f6849efcefde53e62087b64c19b3b9531c2ae34bc5ce2bdd9c354435

Download Submit
memory/1136-3944-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/1136-391-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/1624-402-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1624-389-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1624-384-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1624-401-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1624-359-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1624-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1624-341-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/1624-339-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1624-16-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/1624-399-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1624-544-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/1624-6-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1624-1067-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/1624-1098-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1624-337-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/1624-1094-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1624-1087-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1624-1105-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1624-1104-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1624-1103-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/1624-1075-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1624-1080-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/1624-1225-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1624-1066-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1624-335-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1624-0-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/1624-393-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/1624-543-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1624-539-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2140-1065-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2140-333-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2140-3942-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-334-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-3943-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2336-15-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2336-3561-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2424-3640-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2424-22-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2484-3563-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-540-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-14-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2556-400-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2556-3941-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2564-4001-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-354-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-1084-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-372-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2676-3940-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3952-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-340-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-3997-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2728-396-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3945-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2760-336-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2788-385-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2788-3951-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3973-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2824-338-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2824-1071-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download