cobaltstrike | 683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5

Analysis

max time kernel
150s
max time network
18s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
24/12/2024, 10:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
Size

6.0MB
MD5

2b2617a0eb8606faa13ef4de9f36a4b4
SHA1

9a1b6934ec998aa9d3df70fa21437c86ae5c11d8
SHA256

683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5
SHA512

e28462118b5dbd095820cdfb29910cada94e485c3ddc0e0adc059bef9926b5ecb7bac0ecde4ee5c4329eb209a9c143456548f4e25890b82edb3370a4ae09f58d
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUx:eOl56utgpPF8u/7x

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012264-3.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001756e-10.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-17.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186bb-24.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000016fc9-31.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186c3-40.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b05-47.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b28-52.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193b8-63.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-75.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-85.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-98.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b6-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a049-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fdd-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a03c-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fd4-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-116.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-95.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-71.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b50-61.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 61 IoCs

miner

resource	yara_rule
behavioral1/memory/2904-0-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/files/0x000c000000012264-3.dat	xmrig
behavioral1/memory/2460-9-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/files/0x000900000001756e-10.dat	xmrig
behavioral1/memory/2980-16-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x0002000000018334-17.dat	xmrig
behavioral1/memory/2840-23-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/files/0x00060000000186bb-24.dat	xmrig
behavioral1/memory/2832-29-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/files/0x0014000000016fc9-31.dat	xmrig
behavioral1/memory/3044-38-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/2904-36-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/files/0x00060000000186c3-40.dat	xmrig
behavioral1/memory/2904-44-0x0000000002310000-0x0000000002664000-memory.dmp	xmrig
behavioral1/memory/2980-46-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x0007000000018b05-47.dat	xmrig
behavioral1/files/0x0008000000018b28-52.dat	xmrig
behavioral1/memory/2828-55-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x00070000000193b8-63.dat	xmrig
behavioral1/files/0x00050000000195c7-75.dat	xmrig
behavioral1/files/0x000500000001960c-80.dat	xmrig
behavioral1/files/0x0005000000019643-85.dat	xmrig
behavioral1/files/0x000500000001975a-90.dat	xmrig
behavioral1/files/0x00050000000197fd-98.dat	xmrig
behavioral1/files/0x0005000000019820-105.dat	xmrig
behavioral1/files/0x000500000001998d-110.dat	xmrig
behavioral1/files/0x0005000000019bf9-125.dat	xmrig
behavioral1/files/0x0005000000019d61-133.dat	xmrig
behavioral1/memory/2732-1479-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/files/0x000500000001a0b6-175.dat	xmrig
behavioral1/files/0x000500000001a049-170.dat	xmrig
behavioral1/files/0x0005000000019fdd-160.dat	xmrig
behavioral1/files/0x000500000001a03c-165.dat	xmrig
behavioral1/files/0x0005000000019e92-150.dat	xmrig
behavioral1/files/0x0005000000019fd4-154.dat	xmrig
behavioral1/files/0x0005000000019d62-140.dat	xmrig
behavioral1/files/0x0005000000019d6d-145.dat	xmrig
behavioral1/files/0x0005000000019c3c-130.dat	xmrig
behavioral1/files/0x0005000000019bf6-120.dat	xmrig
behavioral1/files/0x0005000000019bf5-116.dat	xmrig
behavioral1/files/0x0005000000019761-95.dat	xmrig
behavioral1/files/0x00050000000195c6-71.dat	xmrig
behavioral1/files/0x0008000000018b50-61.dat	xmrig
behavioral1/memory/2460-1485-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2904-1484-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/3044-1483-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/2840-1488-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/2980-1487-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2832-1486-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2828-1493-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2904-1496-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2576-1495-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/1188-1497-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/1188-1503-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/568-1500-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/568-1508-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2836-1511-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/968-1516-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2732-1507-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2576-1499-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2688-1955-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2460	JKCmBJV.exe
2980	nNHHssB.exe
2840	divebwD.exe
2832	AokMwyS.exe
3044	LrPRMeC.exe
2828	EHtLrsc.exe
2732	tnootXR.exe
2836	xQGrndW.exe
2576	NKsmLMy.exe
1188	WTOBHgT.exe
568	UrLhSaL.exe
2100	LuBqSTM.exe
2688	qYLKenF.exe
968	yvgDgxe.exe
2180	hGIWqdW.exe
1252	FwYKYrc.exe
2900	CbsIMsI.exe
3040	XMCbXCa.exe
3064	kSusNFs.exe
1360	lcytTqe.exe
892	hMYyxoX.exe
2504	kopOcxm.exe
1636	KAqCVxJ.exe
632	zViRSTX.exe
1820	IlJlSpX.exe
2480	lwcywks.exe
468	eSFqbZF.exe
2108	gbkqgSq.exe
2328	wmshjmU.exe
2668	vkIXjms.exe
1584	SFFOcMw.exe
268	tokrazn.exe
1688	LrVIdkH.exe
2616	HdBjKSb.exe
604	nTgJtfv.exe
2168	GOViGLs.exe
2204	qbWVBnw.exe
932	DHiZMuP.exe
2672	NDKtoyY.exe
2540	rjwrzJV.exe
1512	VAcLAPU.exe
1916	GbMlGzv.exe
1664	dvpyYnF.exe
928	hkUDjDS.exe
1020	fzhFUrg.exe
1040	lcpykwl.exe
2648	oIthDuu.exe
912	GgFVkXb.exe
1676	iKRzfpy.exe
2388	NiZWhNw.exe
1504	GpkrwbQ.exe
2392	lAtQBdQ.exe
1476	qzSDRQU.exe
1432	ExsdHQS.exe
1936	jAWmmrY.exe
1724	CiVZREl.exe
2660	AIgPMWg.exe
1564	qqVVtet.exe
2424	oMhCfdF.exe
2824	pzWdKMP.exe
2872	nPxKhye.exe
2184	sRrYqhs.exe
2972	mgrBXiR.exe
2712	wzEPBpx.exe

Loads dropped DLL 64 IoCs

pid	Process
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe

UPX packed file 59 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2904-0-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/files/0x000c000000012264-3.dat	upx
behavioral1/memory/2460-9-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/files/0x000900000001756e-10.dat	upx
behavioral1/memory/2980-16-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x0002000000018334-17.dat	upx
behavioral1/memory/2840-23-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/files/0x00060000000186bb-24.dat	upx
behavioral1/memory/2832-29-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/files/0x0014000000016fc9-31.dat	upx
behavioral1/memory/3044-38-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2904-36-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/files/0x00060000000186c3-40.dat	upx
behavioral1/memory/2980-46-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x0007000000018b05-47.dat	upx
behavioral1/files/0x0008000000018b28-52.dat	upx
behavioral1/memory/2828-55-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x00070000000193b8-63.dat	upx
behavioral1/files/0x00050000000195c7-75.dat	upx
behavioral1/files/0x000500000001960c-80.dat	upx
behavioral1/files/0x0005000000019643-85.dat	upx
behavioral1/files/0x000500000001975a-90.dat	upx
behavioral1/files/0x00050000000197fd-98.dat	upx
behavioral1/files/0x0005000000019820-105.dat	upx
behavioral1/files/0x000500000001998d-110.dat	upx
behavioral1/files/0x0005000000019bf9-125.dat	upx
behavioral1/files/0x0005000000019d61-133.dat	upx
behavioral1/memory/2732-1479-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/files/0x000500000001a0b6-175.dat	upx
behavioral1/files/0x000500000001a049-170.dat	upx
behavioral1/files/0x0005000000019fdd-160.dat	upx
behavioral1/files/0x000500000001a03c-165.dat	upx
behavioral1/files/0x0005000000019e92-150.dat	upx
behavioral1/files/0x0005000000019fd4-154.dat	upx
behavioral1/files/0x0005000000019d62-140.dat	upx
behavioral1/files/0x0005000000019d6d-145.dat	upx
behavioral1/files/0x0005000000019c3c-130.dat	upx
behavioral1/files/0x0005000000019bf6-120.dat	upx
behavioral1/files/0x0005000000019bf5-116.dat	upx
behavioral1/files/0x0005000000019761-95.dat	upx
behavioral1/files/0x00050000000195c6-71.dat	upx
behavioral1/files/0x0008000000018b50-61.dat	upx
behavioral1/memory/2460-1485-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/3044-1483-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2840-1488-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/2980-1487-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2832-1486-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2828-1493-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2576-1495-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/1188-1497-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/1188-1503-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/568-1500-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/568-1508-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2836-1511-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2688-1512-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/968-1516-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2100-1509-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/2732-1507-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2576-1499-0x000000013F200000-0x000000013F554000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\DaAzMhY.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\iefFhfu.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\UOlcgdd.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\RkQpovq.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\nMbRCwO.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\cAlOGYl.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\tJTLIrw.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\VJocKMC.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\uXdgdSm.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\miobHub.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\UvSISaQ.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\tobzDNU.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\rtzbKma.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\EVkNQGl.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\zOKeieI.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\Tlccmla.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\jKqnYJo.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\IrkIOQg.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\PgoHcqQ.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\XlhCEeA.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\XpVPkMM.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\ZaehWzy.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\PhWtdKa.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\vbxdTpG.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\SffgAYs.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\lywbJxk.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\bACnIKV.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\uFAwBmA.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\yQbsCyx.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\DHiZMuP.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\TrZNHwS.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\xmvxRfg.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\JYZqXpL.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\zzCMWZO.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\rsEqUys.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\JruabRf.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\SIxFpKQ.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\riRQYuf.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\UrRUmgP.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\lwODtQM.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\VHPGppi.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\schsxQh.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\FDWurGm.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\WIMvYWt.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\TWSicay.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\zYyJvjO.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\DVVuOjb.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\QVmYAwH.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\gjQNpYu.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\lDxamty.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\qELWecb.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\BhnBBwU.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\uywPNGb.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\heUKTCz.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\kiKdbbm.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\BlQJeNB.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\WCbOqOg.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\JYJjCLM.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\bEaAQaK.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\QXiwEWH.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\DHTRqmZ.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\jMaJyFw.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\jzBCudY.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
File created	C:\Windows\System\bhCWJxh.exe	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 2460	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	30
PID 2904 wrote to memory of 2460	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	30
PID 2904 wrote to memory of 2460	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	30
PID 2904 wrote to memory of 2980	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	31
PID 2904 wrote to memory of 2980	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	31
PID 2904 wrote to memory of 2980	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	31
PID 2904 wrote to memory of 2840	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	32
PID 2904 wrote to memory of 2840	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	32
PID 2904 wrote to memory of 2840	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	32
PID 2904 wrote to memory of 2832	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	33
PID 2904 wrote to memory of 2832	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	33
PID 2904 wrote to memory of 2832	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	33
PID 2904 wrote to memory of 3044	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	34
PID 2904 wrote to memory of 3044	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	34
PID 2904 wrote to memory of 3044	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	34
PID 2904 wrote to memory of 2828	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	35
PID 2904 wrote to memory of 2828	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	35
PID 2904 wrote to memory of 2828	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	35
PID 2904 wrote to memory of 2732	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	36
PID 2904 wrote to memory of 2732	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	36
PID 2904 wrote to memory of 2732	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	36
PID 2904 wrote to memory of 2836	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	37
PID 2904 wrote to memory of 2836	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	37
PID 2904 wrote to memory of 2836	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	37
PID 2904 wrote to memory of 2576	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	38
PID 2904 wrote to memory of 2576	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	38
PID 2904 wrote to memory of 2576	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	38
PID 2904 wrote to memory of 1188	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	39
PID 2904 wrote to memory of 1188	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	39
PID 2904 wrote to memory of 1188	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	39
PID 2904 wrote to memory of 568	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	40
PID 2904 wrote to memory of 568	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	40
PID 2904 wrote to memory of 568	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	40
PID 2904 wrote to memory of 2100	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	41
PID 2904 wrote to memory of 2100	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	41
PID 2904 wrote to memory of 2100	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	41
PID 2904 wrote to memory of 2688	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	42
PID 2904 wrote to memory of 2688	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	42
PID 2904 wrote to memory of 2688	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	42
PID 2904 wrote to memory of 968	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	43
PID 2904 wrote to memory of 968	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	43
PID 2904 wrote to memory of 968	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	43
PID 2904 wrote to memory of 2180	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	44
PID 2904 wrote to memory of 2180	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	44
PID 2904 wrote to memory of 2180	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	44
PID 2904 wrote to memory of 1252	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	45
PID 2904 wrote to memory of 1252	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	45
PID 2904 wrote to memory of 1252	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	45
PID 2904 wrote to memory of 2900	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	46
PID 2904 wrote to memory of 2900	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	46
PID 2904 wrote to memory of 2900	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	46
PID 2904 wrote to memory of 3040	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	47
PID 2904 wrote to memory of 3040	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	47
PID 2904 wrote to memory of 3040	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	47
PID 2904 wrote to memory of 3064	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	48
PID 2904 wrote to memory of 3064	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	48
PID 2904 wrote to memory of 3064	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	48
PID 2904 wrote to memory of 1360	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	49
PID 2904 wrote to memory of 1360	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	49
PID 2904 wrote to memory of 1360	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	49
PID 2904 wrote to memory of 892	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	50
PID 2904 wrote to memory of 892	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	50
PID 2904 wrote to memory of 892	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	50
PID 2904 wrote to memory of 2504	2904	JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe	51

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_683dd9838c543a42b0afab87cdd0373567cfb6df8c064778fdab77835c85f9b5.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Windows\System\JKCmBJV.exe
  C:\Windows\System\JKCmBJV.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\nNHHssB.exe
  C:\Windows\System\nNHHssB.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\divebwD.exe
  C:\Windows\System\divebwD.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\AokMwyS.exe
  C:\Windows\System\AokMwyS.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\LrPRMeC.exe
  C:\Windows\System\LrPRMeC.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\EHtLrsc.exe
  C:\Windows\System\EHtLrsc.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\tnootXR.exe
  C:\Windows\System\tnootXR.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\xQGrndW.exe
  C:\Windows\System\xQGrndW.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\NKsmLMy.exe
  C:\Windows\System\NKsmLMy.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\WTOBHgT.exe
  C:\Windows\System\WTOBHgT.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\UrLhSaL.exe
  C:\Windows\System\UrLhSaL.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\LuBqSTM.exe
  C:\Windows\System\LuBqSTM.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\qYLKenF.exe
  C:\Windows\System\qYLKenF.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\yvgDgxe.exe
  C:\Windows\System\yvgDgxe.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\hGIWqdW.exe
  C:\Windows\System\hGIWqdW.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\FwYKYrc.exe
  C:\Windows\System\FwYKYrc.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\CbsIMsI.exe
  C:\Windows\System\CbsIMsI.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\XMCbXCa.exe
  C:\Windows\System\XMCbXCa.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\kSusNFs.exe
  C:\Windows\System\kSusNFs.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\lcytTqe.exe
  C:\Windows\System\lcytTqe.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\hMYyxoX.exe
  C:\Windows\System\hMYyxoX.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\kopOcxm.exe
  C:\Windows\System\kopOcxm.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\KAqCVxJ.exe
  C:\Windows\System\KAqCVxJ.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\zViRSTX.exe
  C:\Windows\System\zViRSTX.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\IlJlSpX.exe
  C:\Windows\System\IlJlSpX.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\lwcywks.exe
  C:\Windows\System\lwcywks.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\eSFqbZF.exe
  C:\Windows\System\eSFqbZF.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\gbkqgSq.exe
  C:\Windows\System\gbkqgSq.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\wmshjmU.exe
  C:\Windows\System\wmshjmU.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\vkIXjms.exe
  C:\Windows\System\vkIXjms.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\SFFOcMw.exe
  C:\Windows\System\SFFOcMw.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\tokrazn.exe
  C:\Windows\System\tokrazn.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\LrVIdkH.exe
  C:\Windows\System\LrVIdkH.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\HdBjKSb.exe
  C:\Windows\System\HdBjKSb.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\nTgJtfv.exe
  C:\Windows\System\nTgJtfv.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\GOViGLs.exe
  C:\Windows\System\GOViGLs.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\qbWVBnw.exe
  C:\Windows\System\qbWVBnw.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\DHiZMuP.exe
  C:\Windows\System\DHiZMuP.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\NDKtoyY.exe
  C:\Windows\System\NDKtoyY.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\rjwrzJV.exe
  C:\Windows\System\rjwrzJV.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\VAcLAPU.exe
  C:\Windows\System\VAcLAPU.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\GbMlGzv.exe
  C:\Windows\System\GbMlGzv.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\dvpyYnF.exe
  C:\Windows\System\dvpyYnF.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\hkUDjDS.exe
  C:\Windows\System\hkUDjDS.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\fzhFUrg.exe
  C:\Windows\System\fzhFUrg.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\lcpykwl.exe
  C:\Windows\System\lcpykwl.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\oIthDuu.exe
  C:\Windows\System\oIthDuu.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\GgFVkXb.exe
  C:\Windows\System\GgFVkXb.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\iKRzfpy.exe
  C:\Windows\System\iKRzfpy.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\NiZWhNw.exe
  C:\Windows\System\NiZWhNw.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\GpkrwbQ.exe
  C:\Windows\System\GpkrwbQ.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\lAtQBdQ.exe
  C:\Windows\System\lAtQBdQ.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\qzSDRQU.exe
  C:\Windows\System\qzSDRQU.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\ExsdHQS.exe
  C:\Windows\System\ExsdHQS.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\jAWmmrY.exe
  C:\Windows\System\jAWmmrY.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\CiVZREl.exe
  C:\Windows\System\CiVZREl.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\AIgPMWg.exe
  C:\Windows\System\AIgPMWg.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\qqVVtet.exe
  C:\Windows\System\qqVVtet.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\oMhCfdF.exe
  C:\Windows\System\oMhCfdF.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\pzWdKMP.exe
  C:\Windows\System\pzWdKMP.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\nPxKhye.exe
  C:\Windows\System\nPxKhye.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\sRrYqhs.exe
  C:\Windows\System\sRrYqhs.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\mgrBXiR.exe
  C:\Windows\System\mgrBXiR.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\wzEPBpx.exe
  C:\Windows\System\wzEPBpx.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\dQLcPXe.exe
  C:\Windows\System\dQLcPXe.exe
  2⤵
  PID:2764
- C:\Windows\System\FAhqFnZ.exe
  C:\Windows\System\FAhqFnZ.exe
  2⤵
  PID:2740
- C:\Windows\System\XfiPYXC.exe
  C:\Windows\System\XfiPYXC.exe
  2⤵
  PID:2572
- C:\Windows\System\SDtJyPb.exe
  C:\Windows\System\SDtJyPb.exe
  2⤵
  PID:3048
- C:\Windows\System\ystYgPN.exe
  C:\Windows\System\ystYgPN.exe
  2⤵
  PID:2148
- C:\Windows\System\hqDJPbY.exe
  C:\Windows\System\hqDJPbY.exe
  2⤵
  PID:1748
- C:\Windows\System\PRfULbX.exe
  C:\Windows\System\PRfULbX.exe
  2⤵
  PID:2776
- C:\Windows\System\bULlsfS.exe
  C:\Windows\System\bULlsfS.exe
  2⤵
  PID:2564
- C:\Windows\System\FZIPzXk.exe
  C:\Windows\System\FZIPzXk.exe
  2⤵
  PID:2176
- C:\Windows\System\djBRqnw.exe
  C:\Windows\System\djBRqnw.exe
  2⤵
  PID:1952
- C:\Windows\System\emnQJLS.exe
  C:\Windows\System\emnQJLS.exe
  2⤵
  PID:2224
- C:\Windows\System\RcsKwyp.exe
  C:\Windows\System\RcsKwyp.exe
  2⤵
  PID:836
- C:\Windows\System\heUKTCz.exe
  C:\Windows\System\heUKTCz.exe
  2⤵
  PID:2232
- C:\Windows\System\JKfjDQj.exe
  C:\Windows\System\JKfjDQj.exe
  2⤵
  PID:2356
- C:\Windows\System\YfzoLYH.exe
  C:\Windows\System\YfzoLYH.exe
  2⤵
  PID:2412
- C:\Windows\System\pYsgtOv.exe
  C:\Windows\System\pYsgtOv.exe
  2⤵
  PID:904
- C:\Windows\System\etyhiDb.exe
  C:\Windows\System\etyhiDb.exe
  2⤵
  PID:2244
- C:\Windows\System\TgnWRST.exe
  C:\Windows\System\TgnWRST.exe
  2⤵
  PID:808
- C:\Windows\System\LJGHpvK.exe
  C:\Windows\System\LJGHpvK.exe
  2⤵
  PID:1620
- C:\Windows\System\NJZrphP.exe
  C:\Windows\System\NJZrphP.exe
  2⤵
  PID:1148
- C:\Windows\System\ilrchIC.exe
  C:\Windows\System\ilrchIC.exe
  2⤵
  PID:2384
- C:\Windows\System\dngsKBB.exe
  C:\Windows\System\dngsKBB.exe
  2⤵
  PID:572
- C:\Windows\System\FDWurGm.exe
  C:\Windows\System\FDWurGm.exe
  2⤵
  PID:1784
- C:\Windows\System\zJynUuo.exe
  C:\Windows\System\zJynUuo.exe
  2⤵
  PID:2588
- C:\Windows\System\NRKtZKd.exe
  C:\Windows\System\NRKtZKd.exe
  2⤵
  PID:748
- C:\Windows\System\DSXqNCm.exe
  C:\Windows\System\DSXqNCm.exe
  2⤵
  PID:1288
- C:\Windows\System\QqASAhq.exe
  C:\Windows\System\QqASAhq.exe
  2⤵
  PID:1304
- C:\Windows\System\vGBLKPv.exe
  C:\Windows\System\vGBLKPv.exe
  2⤵
  PID:916
- C:\Windows\System\ZtnochD.exe
  C:\Windows\System\ZtnochD.exe
  2⤵
  PID:1048
- C:\Windows\System\rAMbGrk.exe
  C:\Windows\System\rAMbGrk.exe
  2⤵
  PID:2044
- C:\Windows\System\ylpzMvg.exe
  C:\Windows\System\ylpzMvg.exe
  2⤵
  PID:1696
- C:\Windows\System\XsKIzWO.exe
  C:\Windows\System\XsKIzWO.exe
  2⤵
  PID:272
- C:\Windows\System\BnxOPiX.exe
  C:\Windows\System\BnxOPiX.exe
  2⤵
  PID:1716
- C:\Windows\System\krHADEr.exe
  C:\Windows\System\krHADEr.exe
  2⤵
  PID:2380
- C:\Windows\System\ACrUWma.exe
  C:\Windows\System\ACrUWma.exe
  2⤵
  PID:2216
- C:\Windows\System\SLpLjqI.exe
  C:\Windows\System\SLpLjqI.exe
  2⤵
  PID:2264
- C:\Windows\System\Tlccmla.exe
  C:\Windows\System\Tlccmla.exe
  2⤵
  PID:2912
- C:\Windows\System\OUTEyor.exe
  C:\Windows\System\OUTEyor.exe
  2⤵
  PID:2976
- C:\Windows\System\nVqonuf.exe
  C:\Windows\System\nVqonuf.exe
  2⤵
  PID:3016
- C:\Windows\System\AGlbEDC.exe
  C:\Windows\System\AGlbEDC.exe
  2⤵
  PID:2792
- C:\Windows\System\lTwmsgz.exe
  C:\Windows\System\lTwmsgz.exe
  2⤵
  PID:1380
- C:\Windows\System\GYFUvFS.exe
  C:\Windows\System\GYFUvFS.exe
  2⤵
  PID:1580
- C:\Windows\System\MbeQBnu.exe
  C:\Windows\System\MbeQBnu.exe
  2⤵
  PID:1076
- C:\Windows\System\DuXWaYV.exe
  C:\Windows\System\DuXWaYV.exe
  2⤵
  PID:2960
- C:\Windows\System\txZCpdK.exe
  C:\Windows\System\txZCpdK.exe
  2⤵
  PID:2416
- C:\Windows\System\hfpoMxn.exe
  C:\Windows\System\hfpoMxn.exe
  2⤵
  PID:1088
- C:\Windows\System\NSyqzbb.exe
  C:\Windows\System\NSyqzbb.exe
  2⤵
  PID:2124
- C:\Windows\System\HxinDzY.exe
  C:\Windows\System\HxinDzY.exe
  2⤵
  PID:2464
- C:\Windows\System\caBAbjp.exe
  C:\Windows\System\caBAbjp.exe
  2⤵
  PID:2604
- C:\Windows\System\NEZbXQl.exe
  C:\Windows\System\NEZbXQl.exe
  2⤵
  PID:772
- C:\Windows\System\TvcTANH.exe
  C:\Windows\System\TvcTANH.exe
  2⤵
  PID:2404
- C:\Windows\System\XTjWKLt.exe
  C:\Windows\System\XTjWKLt.exe
  2⤵
  PID:1808
- C:\Windows\System\AYDYCuC.exe
  C:\Windows\System\AYDYCuC.exe
  2⤵
  PID:1272
- C:\Windows\System\zChfYXh.exe
  C:\Windows\System\zChfYXh.exe
  2⤵
  PID:2800
- C:\Windows\System\emfSNNP.exe
  C:\Windows\System\emfSNNP.exe
  2⤵
  PID:1832
- C:\Windows\System\SkZoLDQ.exe
  C:\Windows\System\SkZoLDQ.exe
  2⤵
  PID:1384
- C:\Windows\System\hwKFMcz.exe
  C:\Windows\System\hwKFMcz.exe
  2⤵
  PID:1276
- C:\Windows\System\ZMNRlJW.exe
  C:\Windows\System\ZMNRlJW.exe
  2⤵
  PID:2640
- C:\Windows\System\ThuJqid.exe
  C:\Windows\System\ThuJqid.exe
  2⤵
  PID:1092
- C:\Windows\System\MFXwtqS.exe
  C:\Windows\System\MFXwtqS.exe
  2⤵
  PID:1572
- C:\Windows\System\fVBviJa.exe
  C:\Windows\System\fVBviJa.exe
  2⤵
  PID:3008
- C:\Windows\System\ZMAvqHq.exe
  C:\Windows\System\ZMAvqHq.exe
  2⤵
  PID:2620
- C:\Windows\System\EeVmeoZ.exe
  C:\Windows\System\EeVmeoZ.exe
  2⤵
  PID:2696
- C:\Windows\System\vLArgCe.exe
  C:\Windows\System\vLArgCe.exe
  2⤵
  PID:2308
- C:\Windows\System\tuWmQcS.exe
  C:\Windows\System\tuWmQcS.exe
  2⤵
  PID:2352
- C:\Windows\System\ptyAiVS.exe
  C:\Windows\System\ptyAiVS.exe
  2⤵
  PID:2676
- C:\Windows\System\zJpvlFf.exe
  C:\Windows\System\zJpvlFf.exe
  2⤵
  PID:1692
- C:\Windows\System\MOcWVFG.exe
  C:\Windows\System\MOcWVFG.exe
  2⤵
  PID:2076
- C:\Windows\System\TTpZLXZ.exe
  C:\Windows\System\TTpZLXZ.exe
  2⤵
  PID:2472
- C:\Windows\System\qNHpsdw.exe
  C:\Windows\System\qNHpsdw.exe
  2⤵
  PID:3024
- C:\Windows\System\hOvCbsY.exe
  C:\Windows\System\hOvCbsY.exe
  2⤵
  PID:2548
- C:\Windows\System\ktLCdlQ.exe
  C:\Windows\System\ktLCdlQ.exe
  2⤵
  PID:540
- C:\Windows\System\RgMYkwt.exe
  C:\Windows\System\RgMYkwt.exe
  2⤵
  PID:264
- C:\Windows\System\ilQPiPN.exe
  C:\Windows\System\ilQPiPN.exe
  2⤵
  PID:1760
- C:\Windows\System\DCmyklW.exe
  C:\Windows\System\DCmyklW.exe
  2⤵
  PID:2152
- C:\Windows\System\Wdczxnp.exe
  C:\Windows\System\Wdczxnp.exe
  2⤵
  PID:2344
- C:\Windows\System\afglLcy.exe
  C:\Windows\System\afglLcy.exe
  2⤵
  PID:2756
- C:\Windows\System\BAHwAuu.exe
  C:\Windows\System\BAHwAuu.exe
  2⤵
  PID:2760
- C:\Windows\System\bnzdjwv.exe
  C:\Windows\System\bnzdjwv.exe
  2⤵
  PID:2852
- C:\Windows\System\geTtShv.exe
  C:\Windows\System\geTtShv.exe
  2⤵
  PID:2940
- C:\Windows\System\KfVzdYS.exe
  C:\Windows\System\KfVzdYS.exe
  2⤵
  PID:1824
- C:\Windows\System\adDMfNy.exe
  C:\Windows\System\adDMfNy.exe
  2⤵
  PID:824
- C:\Windows\System\niBAVtu.exe
  C:\Windows\System\niBAVtu.exe
  2⤵
  PID:1728
- C:\Windows\System\SiuxNmf.exe
  C:\Windows\System\SiuxNmf.exe
  2⤵
  PID:1660
- C:\Windows\System\cjZwgtL.exe
  C:\Windows\System\cjZwgtL.exe
  2⤵
  PID:2376
- C:\Windows\System\WCbOqOg.exe
  C:\Windows\System\WCbOqOg.exe
  2⤵
  PID:2484
- C:\Windows\System\gdEgXwj.exe
  C:\Windows\System\gdEgXwj.exe
  2⤵
  PID:2804
- C:\Windows\System\ebhbfBH.exe
  C:\Windows\System\ebhbfBH.exe
  2⤵
  PID:2348
- C:\Windows\System\udEPPom.exe
  C:\Windows\System\udEPPom.exe
  2⤵
  PID:3092
- C:\Windows\System\AlVeDXK.exe
  C:\Windows\System\AlVeDXK.exe
  2⤵
  PID:3112
- C:\Windows\System\QQXMxcx.exe
  C:\Windows\System\QQXMxcx.exe
  2⤵
  PID:3136
- C:\Windows\System\JIuAaxr.exe
  C:\Windows\System\JIuAaxr.exe
  2⤵
  PID:3156
- C:\Windows\System\oKabiYL.exe
  C:\Windows\System\oKabiYL.exe
  2⤵
  PID:3176
- C:\Windows\System\MLqMnlg.exe
  C:\Windows\System\MLqMnlg.exe
  2⤵
  PID:3196
- C:\Windows\System\pddjeEr.exe
  C:\Windows\System\pddjeEr.exe
  2⤵
  PID:3216
- C:\Windows\System\DtWwQFO.exe
  C:\Windows\System\DtWwQFO.exe
  2⤵
  PID:3236
- C:\Windows\System\wvWpfVu.exe
  C:\Windows\System\wvWpfVu.exe
  2⤵
  PID:3260
- C:\Windows\System\AfPnECp.exe
  C:\Windows\System\AfPnECp.exe
  2⤵
  PID:3280
- C:\Windows\System\EzUlEZT.exe
  C:\Windows\System\EzUlEZT.exe
  2⤵
  PID:3312
- C:\Windows\System\OQSoZQj.exe
  C:\Windows\System\OQSoZQj.exe
  2⤵
  PID:3332
- C:\Windows\System\tsCVLrY.exe
  C:\Windows\System\tsCVLrY.exe
  2⤵
  PID:3352
- C:\Windows\System\tBZgfQv.exe
  C:\Windows\System\tBZgfQv.exe
  2⤵
  PID:3372
- C:\Windows\System\lyrYwUO.exe
  C:\Windows\System\lyrYwUO.exe
  2⤵
  PID:3392
- C:\Windows\System\zlJRptk.exe
  C:\Windows\System\zlJRptk.exe
  2⤵
  PID:3412
- C:\Windows\System\hddVXOV.exe
  C:\Windows\System\hddVXOV.exe
  2⤵
  PID:3432
- C:\Windows\System\AXRuJyi.exe
  C:\Windows\System\AXRuJyi.exe
  2⤵
  PID:3460
- C:\Windows\System\mkCpSuV.exe
  C:\Windows\System\mkCpSuV.exe
  2⤵
  PID:3480
- C:\Windows\System\MiExvWb.exe
  C:\Windows\System\MiExvWb.exe
  2⤵
  PID:3500
- C:\Windows\System\wEFuBGp.exe
  C:\Windows\System\wEFuBGp.exe
  2⤵
  PID:3520
- C:\Windows\System\BBCLHzB.exe
  C:\Windows\System\BBCLHzB.exe
  2⤵
  PID:3540
- C:\Windows\System\fkZAGaT.exe
  C:\Windows\System\fkZAGaT.exe
  2⤵
  PID:3560
- C:\Windows\System\PTPvycO.exe
  C:\Windows\System\PTPvycO.exe
  2⤵
  PID:3580
- C:\Windows\System\ytSeuKn.exe
  C:\Windows\System\ytSeuKn.exe
  2⤵
  PID:3600
- C:\Windows\System\fkcCVnE.exe
  C:\Windows\System\fkcCVnE.exe
  2⤵
  PID:3616
- C:\Windows\System\DGeyIKL.exe
  C:\Windows\System\DGeyIKL.exe
  2⤵
  PID:3640
- C:\Windows\System\NFrNtjh.exe
  C:\Windows\System\NFrNtjh.exe
  2⤵
  PID:3660
- C:\Windows\System\svikHIJ.exe
  C:\Windows\System\svikHIJ.exe
  2⤵
  PID:3680
- C:\Windows\System\KeHKnTj.exe
  C:\Windows\System\KeHKnTj.exe
  2⤵
  PID:3700
- C:\Windows\System\dodVSEq.exe
  C:\Windows\System\dodVSEq.exe
  2⤵
  PID:3720
- C:\Windows\System\IRMGWmD.exe
  C:\Windows\System\IRMGWmD.exe
  2⤵
  PID:3740
- C:\Windows\System\WLwlKbl.exe
  C:\Windows\System\WLwlKbl.exe
  2⤵
  PID:3760
- C:\Windows\System\joZoQUF.exe
  C:\Windows\System\joZoQUF.exe
  2⤵
  PID:3784
- C:\Windows\System\owvPObS.exe
  C:\Windows\System\owvPObS.exe
  2⤵
  PID:3804
- C:\Windows\System\SbVoFxv.exe
  C:\Windows\System\SbVoFxv.exe
  2⤵
  PID:3824
- C:\Windows\System\ZUzXjAr.exe
  C:\Windows\System\ZUzXjAr.exe
  2⤵
  PID:3844
- C:\Windows\System\BnaqASf.exe
  C:\Windows\System\BnaqASf.exe
  2⤵
  PID:3868
- C:\Windows\System\pUNjfDw.exe
  C:\Windows\System\pUNjfDw.exe
  2⤵
  PID:3888
- C:\Windows\System\khCGvOR.exe
  C:\Windows\System\khCGvOR.exe
  2⤵
  PID:3908
- C:\Windows\System\lTaBPSJ.exe
  C:\Windows\System\lTaBPSJ.exe
  2⤵
  PID:3928
- C:\Windows\System\gIqxTPU.exe
  C:\Windows\System\gIqxTPU.exe
  2⤵
  PID:3948
- C:\Windows\System\ZBCViwc.exe
  C:\Windows\System\ZBCViwc.exe
  2⤵
  PID:3968
- C:\Windows\System\rEEUjqV.exe
  C:\Windows\System\rEEUjqV.exe
  2⤵
  PID:3988
- C:\Windows\System\zUUifTy.exe
  C:\Windows\System\zUUifTy.exe
  2⤵
  PID:4008
- C:\Windows\System\bLXBALn.exe
  C:\Windows\System\bLXBALn.exe
  2⤵
  PID:4028
- C:\Windows\System\mzpQWrd.exe
  C:\Windows\System\mzpQWrd.exe
  2⤵
  PID:4048
- C:\Windows\System\mrLpTTD.exe
  C:\Windows\System\mrLpTTD.exe
  2⤵
  PID:4068
- C:\Windows\System\laetsfJ.exe
  C:\Windows\System\laetsfJ.exe
  2⤵
  PID:4088
- C:\Windows\System\tMBNdaf.exe
  C:\Windows\System\tMBNdaf.exe
  2⤵
  PID:3068
- C:\Windows\System\WAYiHik.exe
  C:\Windows\System\WAYiHik.exe
  2⤵
  PID:996
- C:\Windows\System\kWihTuh.exe
  C:\Windows\System\kWihTuh.exe
  2⤵
  PID:764
- C:\Windows\System\NsXubpC.exe
  C:\Windows\System\NsXubpC.exe
  2⤵
  PID:2552
- C:\Windows\System\lSMhcQe.exe
  C:\Windows\System\lSMhcQe.exe
  2⤵
  PID:2880
- C:\Windows\System\jfdAIGT.exe
  C:\Windows\System\jfdAIGT.exe
  2⤵
  PID:3084
- C:\Windows\System\NRVATDb.exe
  C:\Windows\System\NRVATDb.exe
  2⤵
  PID:3104
- C:\Windows\System\TUtFeqQ.exe
  C:\Windows\System\TUtFeqQ.exe
  2⤵
  PID:3144
- C:\Windows\System\vMmQGvh.exe
  C:\Windows\System\vMmQGvh.exe
  2⤵
  PID:3208
- C:\Windows\System\aojcleP.exe
  C:\Windows\System\aojcleP.exe
  2⤵
  PID:3252
- C:\Windows\System\eaBUIlv.exe
  C:\Windows\System\eaBUIlv.exe
  2⤵
  PID:3124
- C:\Windows\System\JvCnoQI.exe
  C:\Windows\System\JvCnoQI.exe
  2⤵
  PID:3292
- C:\Windows\System\DssdcWK.exe
  C:\Windows\System\DssdcWK.exe
  2⤵
  PID:3320
- C:\Windows\System\KzDeVwD.exe
  C:\Windows\System\KzDeVwD.exe
  2⤵
  PID:3380
- C:\Windows\System\TSnfxvU.exe
  C:\Windows\System\TSnfxvU.exe
  2⤵
  PID:3428
- C:\Windows\System\voDgiIN.exe
  C:\Windows\System\voDgiIN.exe
  2⤵
  PID:3468
- C:\Windows\System\vuKkYEr.exe
  C:\Windows\System\vuKkYEr.exe
  2⤵
  PID:3508
- C:\Windows\System\OcllTvF.exe
  C:\Windows\System\OcllTvF.exe
  2⤵
  PID:3512
- C:\Windows\System\cNRuIae.exe
  C:\Windows\System\cNRuIae.exe
  2⤵
  PID:3552
- C:\Windows\System\iEYEfyo.exe
  C:\Windows\System\iEYEfyo.exe
  2⤵
  PID:3592
- C:\Windows\System\FWEBKCT.exe
  C:\Windows\System\FWEBKCT.exe
  2⤵
  PID:3628
- C:\Windows\System\BdXViaa.exe
  C:\Windows\System\BdXViaa.exe
  2⤵
  PID:3656
- C:\Windows\System\SLGWxHz.exe
  C:\Windows\System\SLGWxHz.exe
  2⤵
  PID:3672
- C:\Windows\System\qTBMFOB.exe
  C:\Windows\System\qTBMFOB.exe
  2⤵
  PID:3712
- C:\Windows\System\pUDGagX.exe
  C:\Windows\System\pUDGagX.exe
  2⤵
  PID:3732
- C:\Windows\System\luZMdXy.exe
  C:\Windows\System\luZMdXy.exe
  2⤵
  PID:3780
- C:\Windows\System\KkRDSvV.exe
  C:\Windows\System\KkRDSvV.exe
  2⤵
  PID:3816
- C:\Windows\System\dxXEVhs.exe
  C:\Windows\System\dxXEVhs.exe
  2⤵
  PID:3876
- C:\Windows\System\kZkseed.exe
  C:\Windows\System\kZkseed.exe
  2⤵
  PID:3916
- C:\Windows\System\qjNAEUE.exe
  C:\Windows\System\qjNAEUE.exe
  2⤵
  PID:3956
- C:\Windows\System\QTYuGvs.exe
  C:\Windows\System\QTYuGvs.exe
  2⤵
  PID:3960
- C:\Windows\System\xbzxMFT.exe
  C:\Windows\System\xbzxMFT.exe
  2⤵
  PID:4004
- C:\Windows\System\BzIjOzv.exe
  C:\Windows\System\BzIjOzv.exe
  2⤵
  PID:4020
- C:\Windows\System\KryBHVV.exe
  C:\Windows\System\KryBHVV.exe
  2⤵
  PID:4060
- C:\Windows\System\WLypDtE.exe
  C:\Windows\System\WLypDtE.exe
  2⤵
  PID:2364
- C:\Windows\System\uIvdhMG.exe
  C:\Windows\System\uIvdhMG.exe
  2⤵
  PID:1548
- C:\Windows\System\hXoPwCx.exe
  C:\Windows\System\hXoPwCx.exe
  2⤵
  PID:1556
- C:\Windows\System\caZDGTy.exe
  C:\Windows\System\caZDGTy.exe
  2⤵
  PID:3080
- C:\Windows\System\NzuqFoe.exe
  C:\Windows\System\NzuqFoe.exe
  2⤵
  PID:3108
- C:\Windows\System\kRtVarI.exe
  C:\Windows\System\kRtVarI.exe
  2⤵
  PID:3148
- C:\Windows\System\TiXHYiQ.exe
  C:\Windows\System\TiXHYiQ.exe
  2⤵
  PID:3232
- C:\Windows\System\hrgnFvt.exe
  C:\Windows\System\hrgnFvt.exe
  2⤵
  PID:3296
- C:\Windows\System\cUQMGVQ.exe
  C:\Windows\System\cUQMGVQ.exe
  2⤵
  PID:3344
- C:\Windows\System\SvtmVhZ.exe
  C:\Windows\System\SvtmVhZ.exe
  2⤵
  PID:3404
- C:\Windows\System\FiatsBk.exe
  C:\Windows\System\FiatsBk.exe
  2⤵
  PID:3472
- C:\Windows\System\gqtiqBk.exe
  C:\Windows\System\gqtiqBk.exe
  2⤵
  PID:3536
- C:\Windows\System\zqJuoEU.exe
  C:\Windows\System\zqJuoEU.exe
  2⤵
  PID:3588
- C:\Windows\System\vyQBjgy.exe
  C:\Windows\System\vyQBjgy.exe
  2⤵
  PID:3668
- C:\Windows\System\zuAZAbA.exe
  C:\Windows\System\zuAZAbA.exe
  2⤵
  PID:3716
- C:\Windows\System\TMufdch.exe
  C:\Windows\System\TMufdch.exe
  2⤵
  PID:3768
- C:\Windows\System\hcEAAWc.exe
  C:\Windows\System\hcEAAWc.exe
  2⤵
  PID:3820
- C:\Windows\System\SRshhiZ.exe
  C:\Windows\System\SRshhiZ.exe
  2⤵
  PID:3856
- C:\Windows\System\CCpqofP.exe
  C:\Windows\System\CCpqofP.exe
  2⤵
  PID:3936
- C:\Windows\System\rZBVHwB.exe
  C:\Windows\System\rZBVHwB.exe
  2⤵
  PID:4040
- C:\Windows\System\gonHmCA.exe
  C:\Windows\System\gonHmCA.exe
  2⤵
  PID:4056
- C:\Windows\System\aFnVUNb.exe
  C:\Windows\System\aFnVUNb.exe
  2⤵
  PID:4080
- C:\Windows\System\YwyJEEP.exe
  C:\Windows\System\YwyJEEP.exe
  2⤵
  PID:2772
- C:\Windows\System\KaPyIyr.exe
  C:\Windows\System\KaPyIyr.exe
  2⤵
  PID:3120
- C:\Windows\System\JHlLvoz.exe
  C:\Windows\System\JHlLvoz.exe
  2⤵
  PID:3168
- C:\Windows\System\suvBuKR.exe
  C:\Windows\System\suvBuKR.exe
  2⤵
  PID:3188
- C:\Windows\System\UptRtEp.exe
  C:\Windows\System\UptRtEp.exe
  2⤵
  PID:3420
- C:\Windows\System\YQnmPTE.exe
  C:\Windows\System\YQnmPTE.exe
  2⤵
  PID:3496
- C:\Windows\System\yMZvkYX.exe
  C:\Windows\System\yMZvkYX.exe
  2⤵
  PID:3612
- C:\Windows\System\xwhPiYQ.exe
  C:\Windows\System\xwhPiYQ.exe
  2⤵
  PID:3708
- C:\Windows\System\zduZNIf.exe
  C:\Windows\System\zduZNIf.exe
  2⤵
  PID:3748
- C:\Windows\System\CwxubSm.exe
  C:\Windows\System\CwxubSm.exe
  2⤵
  PID:3792
- C:\Windows\System\miobHub.exe
  C:\Windows\System\miobHub.exe
  2⤵
  PID:3944
- C:\Windows\System\SMFOASz.exe
  C:\Windows\System\SMFOASz.exe
  2⤵
  PID:4036
- C:\Windows\System\JELfaZI.exe
  C:\Windows\System\JELfaZI.exe
  2⤵
  PID:2260
- C:\Windows\System\HWDqwZN.exe
  C:\Windows\System\HWDqwZN.exe
  2⤵
  PID:2968
- C:\Windows\System\bqmbkJN.exe
  C:\Windows\System\bqmbkJN.exe
  2⤵
  PID:4112
- C:\Windows\System\zuekqeg.exe
  C:\Windows\System\zuekqeg.exe
  2⤵
  PID:4132
- C:\Windows\System\WIMvYWt.exe
  C:\Windows\System\WIMvYWt.exe
  2⤵
  PID:4152
- C:\Windows\System\vsFHaDR.exe
  C:\Windows\System\vsFHaDR.exe
  2⤵
  PID:4176
- C:\Windows\System\qSsoURp.exe
  C:\Windows\System\qSsoURp.exe
  2⤵
  PID:4196
- C:\Windows\System\EQvtwAv.exe
  C:\Windows\System\EQvtwAv.exe
  2⤵
  PID:4216
- C:\Windows\System\wOmpYeC.exe
  C:\Windows\System\wOmpYeC.exe
  2⤵
  PID:4236
- C:\Windows\System\thzFNyX.exe
  C:\Windows\System\thzFNyX.exe
  2⤵
  PID:4256
- C:\Windows\System\KnBgXlV.exe
  C:\Windows\System\KnBgXlV.exe
  2⤵
  PID:4276
- C:\Windows\System\kDjvgSI.exe
  C:\Windows\System\kDjvgSI.exe
  2⤵
  PID:4296
- C:\Windows\System\gYSwSRo.exe
  C:\Windows\System\gYSwSRo.exe
  2⤵
  PID:4316
- C:\Windows\System\rdStkqG.exe
  C:\Windows\System\rdStkqG.exe
  2⤵
  PID:4336
- C:\Windows\System\rfYJzXt.exe
  C:\Windows\System\rfYJzXt.exe
  2⤵
  PID:4356
- C:\Windows\System\dUVggUD.exe
  C:\Windows\System\dUVggUD.exe
  2⤵
  PID:4376
- C:\Windows\System\SUofPDJ.exe
  C:\Windows\System\SUofPDJ.exe
  2⤵
  PID:4396
- C:\Windows\System\VQmbERD.exe
  C:\Windows\System\VQmbERD.exe
  2⤵
  PID:4416
- C:\Windows\System\yvBjbJB.exe
  C:\Windows\System\yvBjbJB.exe
  2⤵
  PID:4436
- C:\Windows\System\dmkoRgC.exe
  C:\Windows\System\dmkoRgC.exe
  2⤵
  PID:4460
- C:\Windows\System\JruabRf.exe
  C:\Windows\System\JruabRf.exe
  2⤵
  PID:4480
- C:\Windows\System\kaxDjsh.exe
  C:\Windows\System\kaxDjsh.exe
  2⤵
  PID:4500
- C:\Windows\System\joMJNUT.exe
  C:\Windows\System\joMJNUT.exe
  2⤵
  PID:4520
- C:\Windows\System\kYLnvqd.exe
  C:\Windows\System\kYLnvqd.exe
  2⤵
  PID:4540
- C:\Windows\System\ssAVWZv.exe
  C:\Windows\System\ssAVWZv.exe
  2⤵
  PID:4560
- C:\Windows\System\YjANixF.exe
  C:\Windows\System\YjANixF.exe
  2⤵
  PID:4584
- C:\Windows\System\MqCJkUU.exe
  C:\Windows\System\MqCJkUU.exe
  2⤵
  PID:4604
- C:\Windows\System\ldWRLeM.exe
  C:\Windows\System\ldWRLeM.exe
  2⤵
  PID:4624
- C:\Windows\System\HdKeMnV.exe
  C:\Windows\System\HdKeMnV.exe
  2⤵
  PID:4644
- C:\Windows\System\wkpgVzC.exe
  C:\Windows\System\wkpgVzC.exe
  2⤵
  PID:4664
- C:\Windows\System\DnNGAyY.exe
  C:\Windows\System\DnNGAyY.exe
  2⤵
  PID:4680
- C:\Windows\System\jzBCudY.exe
  C:\Windows\System\jzBCudY.exe
  2⤵
  PID:4704
- C:\Windows\System\FxbLKkJ.exe
  C:\Windows\System\FxbLKkJ.exe
  2⤵
  PID:4724
- C:\Windows\System\GfOyhJQ.exe
  C:\Windows\System\GfOyhJQ.exe
  2⤵
  PID:4744
- C:\Windows\System\VBZfsEG.exe
  C:\Windows\System\VBZfsEG.exe
  2⤵
  PID:4764
- C:\Windows\System\PbFIBeh.exe
  C:\Windows\System\PbFIBeh.exe
  2⤵
  PID:4784
- C:\Windows\System\dNlIOMZ.exe
  C:\Windows\System\dNlIOMZ.exe
  2⤵
  PID:4804
- C:\Windows\System\lCRXhUf.exe
  C:\Windows\System\lCRXhUf.exe
  2⤵
  PID:4824
- C:\Windows\System\emhsqcm.exe
  C:\Windows\System\emhsqcm.exe
  2⤵
  PID:4848
- C:\Windows\System\ueXnvDm.exe
  C:\Windows\System\ueXnvDm.exe
  2⤵
  PID:4868
- C:\Windows\System\xaThjRp.exe
  C:\Windows\System\xaThjRp.exe
  2⤵
  PID:4888
- C:\Windows\System\XDRjnXR.exe
  C:\Windows\System\XDRjnXR.exe
  2⤵
  PID:4908
- C:\Windows\System\paqtPuW.exe
  C:\Windows\System\paqtPuW.exe
  2⤵
  PID:4928
- C:\Windows\System\cFYFFfX.exe
  C:\Windows\System\cFYFFfX.exe
  2⤵
  PID:4948
- C:\Windows\System\RhNFDuA.exe
  C:\Windows\System\RhNFDuA.exe
  2⤵
  PID:4968
- C:\Windows\System\VyJSAkw.exe
  C:\Windows\System\VyJSAkw.exe
  2⤵
  PID:4988
- C:\Windows\System\gJlJVdE.exe
  C:\Windows\System\gJlJVdE.exe
  2⤵
  PID:5008
- C:\Windows\System\UsteeUA.exe
  C:\Windows\System\UsteeUA.exe
  2⤵
  PID:5028
- C:\Windows\System\PhhCuCP.exe
  C:\Windows\System\PhhCuCP.exe
  2⤵
  PID:5052
- C:\Windows\System\daabgeO.exe
  C:\Windows\System\daabgeO.exe
  2⤵
  PID:5072
- C:\Windows\System\RhIfSuV.exe
  C:\Windows\System\RhIfSuV.exe
  2⤵
  PID:5092
- C:\Windows\System\KOBKTys.exe
  C:\Windows\System\KOBKTys.exe
  2⤵
  PID:5112
- C:\Windows\System\ftkfmhP.exe
  C:\Windows\System\ftkfmhP.exe
  2⤵
  PID:3228
- C:\Windows\System\shueuDf.exe
  C:\Windows\System\shueuDf.exe
  2⤵
  PID:3448
- C:\Windows\System\Qkjuhzo.exe
  C:\Windows\System\Qkjuhzo.exe
  2⤵
  PID:3456
- C:\Windows\System\MxIOiRg.exe
  C:\Windows\System\MxIOiRg.exe
  2⤵
  PID:3812
- C:\Windows\System\GPTXlWi.exe
  C:\Windows\System\GPTXlWi.exe
  2⤵
  PID:2716
- C:\Windows\System\eYrhKVz.exe
  C:\Windows\System\eYrhKVz.exe
  2⤵
  PID:3900
- C:\Windows\System\VuXQupw.exe
  C:\Windows\System\VuXQupw.exe
  2⤵
  PID:4120
- C:\Windows\System\pedGPCi.exe
  C:\Windows\System\pedGPCi.exe
  2⤵
  PID:4104
- C:\Windows\System\uYNrknU.exe
  C:\Windows\System\uYNrknU.exe
  2⤵
  PID:4148
- C:\Windows\System\pVxTGLW.exe
  C:\Windows\System\pVxTGLW.exe
  2⤵
  PID:4204
- C:\Windows\System\Lasmqsl.exe
  C:\Windows\System\Lasmqsl.exe
  2⤵
  PID:4232
- C:\Windows\System\ZdyhcTp.exe
  C:\Windows\System\ZdyhcTp.exe
  2⤵
  PID:4284
- C:\Windows\System\VtzKNTV.exe
  C:\Windows\System\VtzKNTV.exe
  2⤵
  PID:4288
- C:\Windows\System\jFjCear.exe
  C:\Windows\System\jFjCear.exe
  2⤵
  PID:4332
- C:\Windows\System\kcmLZXw.exe
  C:\Windows\System\kcmLZXw.exe
  2⤵
  PID:4344
- C:\Windows\System\wKMoTzs.exe
  C:\Windows\System\wKMoTzs.exe
  2⤵
  PID:4392
- C:\Windows\System\nLFxywz.exe
  C:\Windows\System\nLFxywz.exe
  2⤵
  PID:4444
- C:\Windows\System\mdNUrfQ.exe
  C:\Windows\System\mdNUrfQ.exe
  2⤵
  PID:4476
- C:\Windows\System\jSEkDHD.exe
  C:\Windows\System\jSEkDHD.exe
  2⤵
  PID:4508
- C:\Windows\System\xruFfyi.exe
  C:\Windows\System\xruFfyi.exe
  2⤵
  PID:4532
- C:\Windows\System\ebFZaZq.exe
  C:\Windows\System\ebFZaZq.exe
  2⤵
  PID:4556
- C:\Windows\System\lGgofxh.exe
  C:\Windows\System\lGgofxh.exe
  2⤵
  PID:4596
- C:\Windows\System\btZQqbD.exe
  C:\Windows\System\btZQqbD.exe
  2⤵
  PID:4640
- C:\Windows\System\ydsVLmW.exe
  C:\Windows\System\ydsVLmW.exe
  2⤵
  PID:4700
- C:\Windows\System\HAOgYZP.exe
  C:\Windows\System\HAOgYZP.exe
  2⤵
  PID:4676
- C:\Windows\System\lwODtQM.exe
  C:\Windows\System\lwODtQM.exe
  2⤵
  PID:4716
- C:\Windows\System\NUtQBPS.exe
  C:\Windows\System\NUtQBPS.exe
  2⤵
  PID:4756
- C:\Windows\System\LOdqSOz.exe
  C:\Windows\System\LOdqSOz.exe
  2⤵
  PID:4800
- C:\Windows\System\PnlyWrW.exe
  C:\Windows\System\PnlyWrW.exe
  2⤵
  PID:4844
- C:\Windows\System\kzuulvL.exe
  C:\Windows\System\kzuulvL.exe
  2⤵
  PID:4876
- C:\Windows\System\FxrmQGg.exe
  C:\Windows\System\FxrmQGg.exe
  2⤵
  PID:4936
- C:\Windows\System\vYJJXUb.exe
  C:\Windows\System\vYJJXUb.exe
  2⤵
  PID:4920
- C:\Windows\System\qzoyJqw.exe
  C:\Windows\System\qzoyJqw.exe
  2⤵
  PID:4960
- C:\Windows\System\uklDYKp.exe
  C:\Windows\System\uklDYKp.exe
  2⤵
  PID:5000
- C:\Windows\System\IgBRamv.exe
  C:\Windows\System\IgBRamv.exe
  2⤵
  PID:5068
- C:\Windows\System\RRuUhLX.exe
  C:\Windows\System\RRuUhLX.exe
  2⤵
  PID:5100
- C:\Windows\System\nYmuVqo.exe
  C:\Windows\System\nYmuVqo.exe
  2⤵
  PID:3272
- C:\Windows\System\HXJrSsB.exe
  C:\Windows\System\HXJrSsB.exe
  2⤵
  PID:3328
- C:\Windows\System\ZbXPhca.exe
  C:\Windows\System\ZbXPhca.exe
  2⤵
  PID:3636
- C:\Windows\System\yKHKAJc.exe
  C:\Windows\System\yKHKAJc.exe
  2⤵
  PID:900
- C:\Windows\System\ccXgKrA.exe
  C:\Windows\System\ccXgKrA.exe
  2⤵
  PID:4124
- C:\Windows\System\siaRedJ.exe
  C:\Windows\System\siaRedJ.exe
  2⤵
  PID:4188
- C:\Windows\System\pLhbMVX.exe
  C:\Windows\System\pLhbMVX.exe
  2⤵
  PID:4208
- C:\Windows\System\RnmKyVL.exe
  C:\Windows\System\RnmKyVL.exe
  2⤵
  PID:4264
- C:\Windows\System\FGPszno.exe
  C:\Windows\System\FGPszno.exe
  2⤵
  PID:4308
- C:\Windows\System\cAlOGYl.exe
  C:\Windows\System\cAlOGYl.exe
  2⤵
  PID:4364
- C:\Windows\System\HIzrfXE.exe
  C:\Windows\System\HIzrfXE.exe
  2⤵
  PID:4528
- C:\Windows\System\CWGsOiI.exe
  C:\Windows\System\CWGsOiI.exe
  2⤵
  PID:4512
- C:\Windows\System\RSCvdGj.exe
  C:\Windows\System\RSCvdGj.exe
  2⤵
  PID:4600
- C:\Windows\System\TaNSOkT.exe
  C:\Windows\System\TaNSOkT.exe
  2⤵
  PID:1308
- C:\Windows\System\ZfkRzYo.exe
  C:\Windows\System\ZfkRzYo.exe
  2⤵
  PID:4660
- C:\Windows\System\IVwbxjI.exe
  C:\Windows\System\IVwbxjI.exe
  2⤵
  PID:4736
- C:\Windows\System\sJoClCE.exe
  C:\Windows\System\sJoClCE.exe
  2⤵
  PID:4792
- C:\Windows\System\iEzBCgA.exe
  C:\Windows\System\iEzBCgA.exe
  2⤵
  PID:4780
- C:\Windows\System\qfaLJEd.exe
  C:\Windows\System\qfaLJEd.exe
  2⤵
  PID:4884
- C:\Windows\System\uHubuPH.exe
  C:\Windows\System\uHubuPH.exe
  2⤵
  PID:4924
- C:\Windows\System\yCWoPQC.exe
  C:\Windows\System\yCWoPQC.exe
  2⤵
  PID:4984
- C:\Windows\System\AOGQsMR.exe
  C:\Windows\System\AOGQsMR.exe
  2⤵
  PID:5020
- C:\Windows\System\XKmiMdD.exe
  C:\Windows\System\XKmiMdD.exe
  2⤵
  PID:5088
- C:\Windows\System\VYcmIRk.exe
  C:\Windows\System\VYcmIRk.exe
  2⤵
  PID:3164
- C:\Windows\System\pDzzvqG.exe
  C:\Windows\System\pDzzvqG.exe
  2⤵
  PID:3736
- C:\Windows\System\bnZefOG.exe
  C:\Windows\System\bnZefOG.exe
  2⤵
  PID:4192
- C:\Windows\System\BkHGFFT.exe
  C:\Windows\System\BkHGFFT.exe
  2⤵
  PID:4252
- C:\Windows\System\DaAzMhY.exe
  C:\Windows\System\DaAzMhY.exe
  2⤵
  PID:4016
- C:\Windows\System\rFmHDSJ.exe
  C:\Windows\System\rFmHDSJ.exe
  2⤵
  PID:4312
- C:\Windows\System\hahEXIs.exe
  C:\Windows\System\hahEXIs.exe
  2⤵
  PID:4424
- C:\Windows\System\iiSKlgU.exe
  C:\Windows\System\iiSKlgU.exe
  2⤵
  PID:4612
- C:\Windows\System\CKxOecR.exe
  C:\Windows\System\CKxOecR.exe
  2⤵
  PID:4656
- C:\Windows\System\vQngXaP.exe
  C:\Windows\System\vQngXaP.exe
  2⤵
  PID:4740
- C:\Windows\System\FkINndw.exe
  C:\Windows\System\FkINndw.exe
  2⤵
  PID:4896
- C:\Windows\System\BpvjvRC.exe
  C:\Windows\System\BpvjvRC.exe
  2⤵
  PID:4880
- C:\Windows\System\yzStpFY.exe
  C:\Windows\System\yzStpFY.exe
  2⤵
  PID:5016
- C:\Windows\System\IoEJUlJ.exe
  C:\Windows\System\IoEJUlJ.exe
  2⤵
  PID:5040
- C:\Windows\System\bZNYNjz.exe
  C:\Windows\System\bZNYNjz.exe
  2⤵
  PID:3984
- C:\Windows\System\pOoOywG.exe
  C:\Windows\System\pOoOywG.exe
  2⤵
  PID:4160
- C:\Windows\System\aYzWlPw.exe
  C:\Windows\System\aYzWlPw.exe
  2⤵
  PID:4168
- C:\Windows\System\pOntvLC.exe
  C:\Windows\System\pOntvLC.exe
  2⤵
  PID:2560
- C:\Windows\System\XYAGyAo.exe
  C:\Windows\System\XYAGyAo.exe
  2⤵
  PID:4552
- C:\Windows\System\IUWTLMc.exe
  C:\Windows\System\IUWTLMc.exe
  2⤵
  PID:5132
- C:\Windows\System\wTwgTGD.exe
  C:\Windows\System\wTwgTGD.exe
  2⤵
  PID:5152
- C:\Windows\System\KeOhtJa.exe
  C:\Windows\System\KeOhtJa.exe
  2⤵
  PID:5172
- C:\Windows\System\TwwUDvg.exe
  C:\Windows\System\TwwUDvg.exe
  2⤵
  PID:5192
- C:\Windows\System\kBGlnTQ.exe
  C:\Windows\System\kBGlnTQ.exe
  2⤵
  PID:5212
- C:\Windows\System\RYVwThP.exe
  C:\Windows\System\RYVwThP.exe
  2⤵
  PID:5232
- C:\Windows\System\vcBPjpO.exe
  C:\Windows\System\vcBPjpO.exe
  2⤵
  PID:5252
- C:\Windows\System\QXiwEWH.exe
  C:\Windows\System\QXiwEWH.exe
  2⤵
  PID:5272
- C:\Windows\System\CVBPlEz.exe
  C:\Windows\System\CVBPlEz.exe
  2⤵
  PID:5296
- C:\Windows\System\fzyFtDw.exe
  C:\Windows\System\fzyFtDw.exe
  2⤵
  PID:5316
- C:\Windows\System\EOMJuhP.exe
  C:\Windows\System\EOMJuhP.exe
  2⤵
  PID:5336
- C:\Windows\System\CExwzSD.exe
  C:\Windows\System\CExwzSD.exe
  2⤵
  PID:5356
- C:\Windows\System\McTMqYP.exe
  C:\Windows\System\McTMqYP.exe
  2⤵
  PID:5376
- C:\Windows\System\XRMDcvb.exe
  C:\Windows\System\XRMDcvb.exe
  2⤵
  PID:5396
- C:\Windows\System\wELJEQG.exe
  C:\Windows\System\wELJEQG.exe
  2⤵
  PID:5416
- C:\Windows\System\gJHdvSj.exe
  C:\Windows\System\gJHdvSj.exe
  2⤵
  PID:5436
- C:\Windows\System\VpsMZTp.exe
  C:\Windows\System\VpsMZTp.exe
  2⤵
  PID:5456
- C:\Windows\System\GjGDrtT.exe
  C:\Windows\System\GjGDrtT.exe
  2⤵
  PID:5476
- C:\Windows\System\eJFQOuy.exe
  C:\Windows\System\eJFQOuy.exe
  2⤵
  PID:5496
- C:\Windows\System\qnLLqbn.exe
  C:\Windows\System\qnLLqbn.exe
  2⤵
  PID:5516
- C:\Windows\System\sbDlpiv.exe
  C:\Windows\System\sbDlpiv.exe
  2⤵
  PID:5540
- C:\Windows\System\LvhDvfy.exe
  C:\Windows\System\LvhDvfy.exe
  2⤵
  PID:5560
- C:\Windows\System\OnYRiBP.exe
  C:\Windows\System\OnYRiBP.exe
  2⤵
  PID:5580
- C:\Windows\System\xzGdMkc.exe
  C:\Windows\System\xzGdMkc.exe
  2⤵
  PID:5600
- C:\Windows\System\RtXsHwp.exe
  C:\Windows\System\RtXsHwp.exe
  2⤵
  PID:5624
- C:\Windows\System\uLAQAOj.exe
  C:\Windows\System\uLAQAOj.exe
  2⤵
  PID:5644
- C:\Windows\System\rxYZgbg.exe
  C:\Windows\System\rxYZgbg.exe
  2⤵
  PID:5664
- C:\Windows\System\KmLQYjc.exe
  C:\Windows\System\KmLQYjc.exe
  2⤵
  PID:5684
- C:\Windows\System\DWyFaVN.exe
  C:\Windows\System\DWyFaVN.exe
  2⤵
  PID:5704
- C:\Windows\System\ZQyxHdD.exe
  C:\Windows\System\ZQyxHdD.exe
  2⤵
  PID:5724
- C:\Windows\System\tWkFGXW.exe
  C:\Windows\System\tWkFGXW.exe
  2⤵
  PID:5744
- C:\Windows\System\eUsqxCO.exe
  C:\Windows\System\eUsqxCO.exe
  2⤵
  PID:5764
- C:\Windows\System\zlwOfSC.exe
  C:\Windows\System\zlwOfSC.exe
  2⤵
  PID:5784
- C:\Windows\System\IIQFUkD.exe
  C:\Windows\System\IIQFUkD.exe
  2⤵
  PID:5804
- C:\Windows\System\HMBUnTu.exe
  C:\Windows\System\HMBUnTu.exe
  2⤵
  PID:5824
- C:\Windows\System\zwIzfsQ.exe
  C:\Windows\System\zwIzfsQ.exe
  2⤵
  PID:5844
- C:\Windows\System\EQACDPo.exe
  C:\Windows\System\EQACDPo.exe
  2⤵
  PID:5864
- C:\Windows\System\kHEhHAT.exe
  C:\Windows\System\kHEhHAT.exe
  2⤵
  PID:5884
- C:\Windows\System\bQrvghX.exe
  C:\Windows\System\bQrvghX.exe
  2⤵
  PID:5904
- C:\Windows\System\thWzItD.exe
  C:\Windows\System\thWzItD.exe
  2⤵
  PID:5928
- C:\Windows\System\gCFHYtp.exe
  C:\Windows\System\gCFHYtp.exe
  2⤵
  PID:5948
- C:\Windows\System\vpNVBVt.exe
  C:\Windows\System\vpNVBVt.exe
  2⤵
  PID:5968
- C:\Windows\System\kAfxvNk.exe
  C:\Windows\System\kAfxvNk.exe
  2⤵
  PID:5988
- C:\Windows\System\iDHcPky.exe
  C:\Windows\System\iDHcPky.exe
  2⤵
  PID:6008
- C:\Windows\System\aKowKbl.exe
  C:\Windows\System\aKowKbl.exe
  2⤵
  PID:6028
- C:\Windows\System\Auroqax.exe
  C:\Windows\System\Auroqax.exe
  2⤵
  PID:6048
- C:\Windows\System\KIRRZwv.exe
  C:\Windows\System\KIRRZwv.exe
  2⤵
  PID:6068
- C:\Windows\System\JbIutEK.exe
  C:\Windows\System\JbIutEK.exe
  2⤵
  PID:6088
- C:\Windows\System\SUuPFAS.exe
  C:\Windows\System\SUuPFAS.exe
  2⤵
  PID:6108
- C:\Windows\System\EyMJYdL.exe
  C:\Windows\System\EyMJYdL.exe
  2⤵
  PID:6128
- C:\Windows\System\SxHCZCn.exe
  C:\Windows\System\SxHCZCn.exe
  2⤵
  PID:4688
- C:\Windows\System\EUbJphi.exe
  C:\Windows\System\EUbJphi.exe
  2⤵
  PID:4816
- C:\Windows\System\NniCDfP.exe
  C:\Windows\System\NniCDfP.exe
  2⤵
  PID:4900
- C:\Windows\System\CZFhCqS.exe
  C:\Windows\System\CZFhCqS.exe
  2⤵
  PID:3224
- C:\Windows\System\NJgHLPu.exe
  C:\Windows\System\NJgHLPu.exe
  2⤵
  PID:2808
- C:\Windows\System\zwSWSmN.exe
  C:\Windows\System\zwSWSmN.exe
  2⤵
  PID:4428
- C:\Windows\System\sHjNxhx.exe
  C:\Windows\System\sHjNxhx.exe
  2⤵
  PID:2788
- C:\Windows\System\uoQtBHM.exe
  C:\Windows\System\uoQtBHM.exe
  2⤵
  PID:5148
- C:\Windows\System\YGKQwCw.exe
  C:\Windows\System\YGKQwCw.exe
  2⤵
  PID:5188
- C:\Windows\System\qlrmJaB.exe
  C:\Windows\System\qlrmJaB.exe
  2⤵
  PID:5208
- C:\Windows\System\bhCWJxh.exe
  C:\Windows\System\bhCWJxh.exe
  2⤵
  PID:5260
- C:\Windows\System\OsKSenN.exe
  C:\Windows\System\OsKSenN.exe
  2⤵
  PID:5304
- C:\Windows\System\NrxtPcV.exe
  C:\Windows\System\NrxtPcV.exe
  2⤵
  PID:1396
- C:\Windows\System\jKqnYJo.exe
  C:\Windows\System\jKqnYJo.exe
  2⤵
  PID:5328
- C:\Windows\System\NqAlANq.exe
  C:\Windows\System\NqAlANq.exe
  2⤵
  PID:432
- C:\Windows\System\trctpPS.exe
  C:\Windows\System\trctpPS.exe
  2⤵
  PID:5404
- C:\Windows\System\kIRocvB.exe
  C:\Windows\System\kIRocvB.exe
  2⤵
  PID:5424
- C:\Windows\System\LZvuUHJ.exe
  C:\Windows\System\LZvuUHJ.exe
  2⤵
  PID:5524
- C:\Windows\System\RAoLOYQ.exe
  C:\Windows\System\RAoLOYQ.exe
  2⤵
  PID:5552
- C:\Windows\System\WKGhnbV.exe
  C:\Windows\System\WKGhnbV.exe
  2⤵
  PID:5680
- C:\Windows\System\VFukhLw.exe
  C:\Windows\System\VFukhLw.exe
  2⤵
  PID:5732
- C:\Windows\System\rvZJuRL.exe
  C:\Windows\System\rvZJuRL.exe
  2⤵
  PID:5852
- C:\Windows\System\nyvtcNb.exe
  C:\Windows\System\nyvtcNb.exe
  2⤵
  PID:5876
- C:\Windows\System\JNythSI.exe
  C:\Windows\System\JNythSI.exe
  2⤵
  PID:5924
- C:\Windows\System\MROqsgp.exe
  C:\Windows\System\MROqsgp.exe
  2⤵
  PID:5964
- C:\Windows\System\RevcVzn.exe
  C:\Windows\System\RevcVzn.exe
  2⤵
  PID:5996
- C:\Windows\System\bEaAQaK.exe
  C:\Windows\System\bEaAQaK.exe
  2⤵
  PID:6000
- C:\Windows\System\xZqaigZ.exe
  C:\Windows\System\xZqaigZ.exe
  2⤵
  PID:6020
- C:\Windows\System\SmuVbjV.exe
  C:\Windows\System\SmuVbjV.exe
  2⤵
  PID:6064
- C:\Windows\System\lwlFQaG.exe
  C:\Windows\System\lwlFQaG.exe
  2⤵
  PID:6096
- C:\Windows\System\wShBTYe.exe
  C:\Windows\System\wShBTYe.exe
  2⤵
  PID:6124
- C:\Windows\System\pMVFahq.exe
  C:\Windows\System\pMVFahq.exe
  2⤵
  PID:4632
- C:\Windows\System\ohacguR.exe
  C:\Windows\System\ohacguR.exe
  2⤵
  PID:4720
- C:\Windows\System\nMIFcHR.exe
  C:\Windows\System\nMIFcHR.exe
  2⤵
  PID:2944
- C:\Windows\System\pKyOfnm.exe
  C:\Windows\System\pKyOfnm.exe
  2⤵
  PID:4128
- C:\Windows\System\QWaVBgi.exe
  C:\Windows\System\QWaVBgi.exe
  2⤵
  PID:4452
- C:\Windows\System\iCgPRti.exe
  C:\Windows\System\iCgPRti.exe
  2⤵
  PID:1084
- C:\Windows\System\relwwWz.exe
  C:\Windows\System\relwwWz.exe
  2⤵
  PID:1796
- C:\Windows\System\TNzHBAN.exe
  C:\Windows\System\TNzHBAN.exe
  2⤵
  PID:2140
- C:\Windows\System\LUzuZoV.exe
  C:\Windows\System\LUzuZoV.exe
  2⤵
  PID:972
- C:\Windows\System\wIrIWmu.exe
  C:\Windows\System\wIrIWmu.exe
  2⤵
  PID:856
- C:\Windows\System\qPTCGEh.exe
  C:\Windows\System\qPTCGEh.exe
  2⤵
  PID:2200
- C:\Windows\System\SGYEpzb.exe
  C:\Windows\System\SGYEpzb.exe
  2⤵
  PID:5352
- C:\Windows\System\EbdWYxc.exe
  C:\Windows\System\EbdWYxc.exe
  2⤵
  PID:2408
- C:\Windows\System\tTLjDZr.exe
  C:\Windows\System\tTLjDZr.exe
  2⤵
  PID:5464
- C:\Windows\System\coQsaxl.exe
  C:\Windows\System\coQsaxl.exe
  2⤵
  PID:1128
- C:\Windows\System\tzwjvcC.exe
  C:\Windows\System\tzwjvcC.exe
  2⤵
  PID:2128
- C:\Windows\System\rWfypcQ.exe
  C:\Windows\System\rWfypcQ.exe
  2⤵
  PID:2948
- C:\Windows\System\wQlZKQj.exe
  C:\Windows\System\wQlZKQj.exe
  2⤵
  PID:5532
- C:\Windows\System\WDKDkYG.exe
  C:\Windows\System\WDKDkYG.exe
  2⤵
  PID:5576
- C:\Windows\System\PVykxrQ.exe
  C:\Windows\System\PVykxrQ.exe
  2⤵
  PID:5652
- C:\Windows\System\XCzFpwQ.exe
  C:\Windows\System\XCzFpwQ.exe
  2⤵
  PID:2088
- C:\Windows\System\DHTRqmZ.exe
  C:\Windows\System\DHTRqmZ.exe
  2⤵
  PID:5608
- C:\Windows\System\hxdisJW.exe
  C:\Windows\System\hxdisJW.exe
  2⤵
  PID:5856
- C:\Windows\System\QizuTyC.exe
  C:\Windows\System\QizuTyC.exe
  2⤵
  PID:5892
- C:\Windows\System\tjdnukL.exe
  C:\Windows\System\tjdnukL.exe
  2⤵
  PID:5900
- C:\Windows\System\UcKxXOk.exe
  C:\Windows\System\UcKxXOk.exe
  2⤵
  PID:6024
- C:\Windows\System\qKTrDHl.exe
  C:\Windows\System\qKTrDHl.exe
  2⤵
  PID:5980
- C:\Windows\System\hCgHteW.exe
  C:\Windows\System\hCgHteW.exe
  2⤵
  PID:6056
- C:\Windows\System\xWVFIjD.exe
  C:\Windows\System\xWVFIjD.exe
  2⤵
  PID:2488
- C:\Windows\System\HBlTOEI.exe
  C:\Windows\System\HBlTOEI.exe
  2⤵
  PID:2936
- C:\Windows\System\TzxiJwA.exe
  C:\Windows\System\TzxiJwA.exe
  2⤵
  PID:2748
- C:\Windows\System\uqAbUam.exe
  C:\Windows\System\uqAbUam.exe
  2⤵
  PID:5676
- C:\Windows\System\BSNzlrO.exe
  C:\Windows\System\BSNzlrO.exe
  2⤵
  PID:5776
- C:\Windows\System\fMKojqf.exe
  C:\Windows\System\fMKojqf.exe
  2⤵
  PID:5124
- C:\Windows\System\xoEkjOZ.exe
  C:\Windows\System\xoEkjOZ.exe
  2⤵
  PID:5180
- C:\Windows\System\cYMrkjy.exe
  C:\Windows\System\cYMrkjy.exe
  2⤵
  PID:5832
- C:\Windows\System\ISMjWIl.exe
  C:\Windows\System\ISMjWIl.exe
  2⤵
  PID:2272
- C:\Windows\System\yJaOVCJ.exe
  C:\Windows\System\yJaOVCJ.exe
  2⤵
  PID:5244
- C:\Windows\System\BbhTbNN.exe
  C:\Windows\System\BbhTbNN.exe
  2⤵
  PID:5344
- C:\Windows\System\dxmFrJm.exe
  C:\Windows\System\dxmFrJm.exe
  2⤵
  PID:5392
- C:\Windows\System\jwzGwio.exe
  C:\Windows\System\jwzGwio.exe
  2⤵
  PID:5452
- C:\Windows\System\yuHzkLw.exe
  C:\Windows\System\yuHzkLw.exe
  2⤵
  PID:1944
- C:\Windows\System\XrhMFBk.exe
  C:\Windows\System\XrhMFBk.exe
  2⤵
  PID:2084
- C:\Windows\System\CAxbeAE.exe
  C:\Windows\System\CAxbeAE.exe
  2⤵
  PID:5616
- C:\Windows\System\PqFJnHv.exe
  C:\Windows\System\PqFJnHv.exe
  2⤵
  PID:5772
- C:\Windows\System\GvsROnc.exe
  C:\Windows\System\GvsROnc.exe
  2⤵
  PID:5820
- C:\Windows\System\PIBUkqX.exe
  C:\Windows\System\PIBUkqX.exe
  2⤵
  PID:5984
- C:\Windows\System\wVaFmRc.exe
  C:\Windows\System\wVaFmRc.exe
  2⤵
  PID:6076
- C:\Windows\System\KSSfFCn.exe
  C:\Windows\System\KSSfFCn.exe
  2⤵
  PID:6080
- C:\Windows\System\Pbkyrbu.exe
  C:\Windows\System\Pbkyrbu.exe
  2⤵
  PID:5004
- C:\Windows\System\UvdMpqg.exe
  C:\Windows\System\UvdMpqg.exe
  2⤵
  PID:5048
- C:\Windows\System\qnAJDHD.exe
  C:\Windows\System\qnAJDHD.exe
  2⤵
  PID:4456
- C:\Windows\System\SKHpIFA.exe
  C:\Windows\System\SKHpIFA.exe
  2⤵
  PID:5168
- C:\Windows\System\uplSuyZ.exe
  C:\Windows\System\uplSuyZ.exe
  2⤵
  PID:2956
- C:\Windows\System\TLeKXtP.exe
  C:\Windows\System\TLeKXtP.exe
  2⤵
  PID:2052
- C:\Windows\System\TSBdjeR.exe
  C:\Windows\System\TSBdjeR.exe
  2⤵
  PID:5368
- C:\Windows\System\HqWWfOj.exe
  C:\Windows\System\HqWWfOj.exe
  2⤵
  PID:5444
- C:\Windows\System\xinhCTP.exe
  C:\Windows\System\xinhCTP.exe
  2⤵
  PID:5488
- C:\Windows\System\WmdSXUc.exe
  C:\Windows\System\WmdSXUc.exe
  2⤵
  PID:1792
- C:\Windows\System\bkqhoLR.exe
  C:\Windows\System\bkqhoLR.exe
  2⤵
  PID:5960
- C:\Windows\System\NIIRIIM.exe
  C:\Windows\System\NIIRIIM.exe
  2⤵
  PID:6084
- C:\Windows\System\HPqOtXE.exe
  C:\Windows\System\HPqOtXE.exe
  2⤵
  PID:5920
- C:\Windows\System\NRgOvUQ.exe
  C:\Windows\System\NRgOvUQ.exe
  2⤵
  PID:3388
- C:\Windows\System\tsQohUB.exe
  C:\Windows\System\tsQohUB.exe
  2⤵
  PID:5200
- C:\Windows\System\ISFbitg.exe
  C:\Windows\System\ISFbitg.exe
  2⤵
  PID:5700
- C:\Windows\System\AKxLGCJ.exe
  C:\Windows\System\AKxLGCJ.exe
  2⤵
  PID:2556
- C:\Windows\System\TPhKykZ.exe
  C:\Windows\System\TPhKykZ.exe
  2⤵
  PID:5720
- C:\Windows\System\ukijyTg.exe
  C:\Windows\System\ukijyTg.exe
  2⤵
  PID:4732
- C:\Windows\System\TUrOfXz.exe
  C:\Windows\System\TUrOfXz.exe
  2⤵
  PID:6036
- C:\Windows\System\aYMbjbx.exe
  C:\Windows\System\aYMbjbx.exe
  2⤵
  PID:2320
- C:\Windows\System\uFEHyKw.exe
  C:\Windows\System\uFEHyKw.exe
  2⤵
  PID:5812
- C:\Windows\System\TrZNHwS.exe
  C:\Windows\System\TrZNHwS.exe
  2⤵
  PID:2332
- C:\Windows\System\kEHZtIG.exe
  C:\Windows\System\kEHZtIG.exe
  2⤵
  PID:2268
- C:\Windows\System\TAmuApg.exe
  C:\Windows\System\TAmuApg.exe
  2⤵
  PID:5740
- C:\Windows\System\VSPbDBG.exe
  C:\Windows\System\VSPbDBG.exe
  2⤵
  PID:5912
- C:\Windows\System\gAsPnPz.exe
  C:\Windows\System\gAsPnPz.exe
  2⤵
  PID:5312
- C:\Windows\System\MsXSdwC.exe
  C:\Windows\System\MsXSdwC.exe
  2⤵
  PID:5800
- C:\Windows\System\GDCCPxH.exe
  C:\Windows\System\GDCCPxH.exe
  2⤵
  PID:4940
- C:\Windows\System\jMaJyFw.exe
  C:\Windows\System\jMaJyFw.exe
  2⤵
  PID:5428
- C:\Windows\System\unbPOHb.exe
  C:\Windows\System\unbPOHb.exe
  2⤵
  PID:2596
- C:\Windows\System\yPvTwtp.exe
  C:\Windows\System\yPvTwtp.exe
  2⤵
  PID:6164
- C:\Windows\System\umXrFBw.exe
  C:\Windows\System\umXrFBw.exe
  2⤵
  PID:6180
- C:\Windows\System\iYnxxTl.exe
  C:\Windows\System\iYnxxTl.exe
  2⤵
  PID:6200
- C:\Windows\System\ixgWBoe.exe
  C:\Windows\System\ixgWBoe.exe
  2⤵
  PID:6224
- C:\Windows\System\fnGBLjO.exe
  C:\Windows\System\fnGBLjO.exe
  2⤵
  PID:6240
- C:\Windows\System\DxUImoN.exe
  C:\Windows\System\DxUImoN.exe
  2⤵
  PID:6256
- C:\Windows\System\AFiRZWH.exe
  C:\Windows\System\AFiRZWH.exe
  2⤵
  PID:6276
- C:\Windows\System\bYBXWSJ.exe
  C:\Windows\System\bYBXWSJ.exe
  2⤵
  PID:6300
- C:\Windows\System\foiaBCc.exe
  C:\Windows\System\foiaBCc.exe
  2⤵
  PID:6320
- C:\Windows\System\jGUXnTN.exe
  C:\Windows\System\jGUXnTN.exe
  2⤵
  PID:6336
- C:\Windows\System\kOihXOh.exe
  C:\Windows\System\kOihXOh.exe
  2⤵
  PID:6360
- C:\Windows\System\EqdSiPX.exe
  C:\Windows\System\EqdSiPX.exe
  2⤵
  PID:6376
- C:\Windows\System\sTWBagz.exe
  C:\Windows\System\sTWBagz.exe
  2⤵
  PID:6396
- C:\Windows\System\xuOaVNo.exe
  C:\Windows\System\xuOaVNo.exe
  2⤵
  PID:6416
- C:\Windows\System\hHHvudF.exe
  C:\Windows\System\hHHvudF.exe
  2⤵
  PID:6440
- C:\Windows\System\QhJCwkz.exe
  C:\Windows\System\QhJCwkz.exe
  2⤵
  PID:6468
- C:\Windows\System\eVgWZTQ.exe
  C:\Windows\System\eVgWZTQ.exe
  2⤵
  PID:6488
- C:\Windows\System\SIxFpKQ.exe
  C:\Windows\System\SIxFpKQ.exe
  2⤵
  PID:6504
- C:\Windows\System\khEmFGJ.exe
  C:\Windows\System\khEmFGJ.exe
  2⤵
  PID:6524
- C:\Windows\System\vgzdCdj.exe
  C:\Windows\System\vgzdCdj.exe
  2⤵
  PID:6540
- C:\Windows\System\AEevrmJ.exe
  C:\Windows\System\AEevrmJ.exe
  2⤵
  PID:6556
- C:\Windows\System\gRqyxHy.exe
  C:\Windows\System\gRqyxHy.exe
  2⤵
  PID:6592
- C:\Windows\System\kGGpmdk.exe
  C:\Windows\System\kGGpmdk.exe
  2⤵
  PID:6612
- C:\Windows\System\sCkwdUk.exe
  C:\Windows\System\sCkwdUk.exe
  2⤵
  PID:6628
- C:\Windows\System\gsTjAmz.exe
  C:\Windows\System\gsTjAmz.exe
  2⤵
  PID:6648
- C:\Windows\System\Objcxge.exe
  C:\Windows\System\Objcxge.exe
  2⤵
  PID:6668
- C:\Windows\System\TPVEtsc.exe
  C:\Windows\System\TPVEtsc.exe
  2⤵
  PID:6688
- C:\Windows\System\UiNgNVD.exe
  C:\Windows\System\UiNgNVD.exe
  2⤵
  PID:6704
- C:\Windows\System\HtDSQqN.exe
  C:\Windows\System\HtDSQqN.exe
  2⤵
  PID:6732
- C:\Windows\System\meYSWvC.exe
  C:\Windows\System\meYSWvC.exe
  2⤵
  PID:6748
- C:\Windows\System\XVZOzqV.exe
  C:\Windows\System\XVZOzqV.exe
  2⤵
  PID:6764
- C:\Windows\System\WGrwUhr.exe
  C:\Windows\System\WGrwUhr.exe
  2⤵
  PID:6780
- C:\Windows\System\XRFZPev.exe
  C:\Windows\System\XRFZPev.exe
  2⤵
  PID:6800
- C:\Windows\System\NTuyCow.exe
  C:\Windows\System\NTuyCow.exe
  2⤵
  PID:6832
- C:\Windows\System\MXWzDpX.exe
  C:\Windows\System\MXWzDpX.exe
  2⤵
  PID:6848
- C:\Windows\System\HpJMmvt.exe
  C:\Windows\System\HpJMmvt.exe
  2⤵
  PID:6864
- C:\Windows\System\XcrYYaM.exe
  C:\Windows\System\XcrYYaM.exe
  2⤵
  PID:6884
- C:\Windows\System\YdoJBXy.exe
  C:\Windows\System\YdoJBXy.exe
  2⤵
  PID:6900
- C:\Windows\System\iTDgurW.exe
  C:\Windows\System\iTDgurW.exe
  2⤵
  PID:6916
- C:\Windows\System\UvSISaQ.exe
  C:\Windows\System\UvSISaQ.exe
  2⤵
  PID:6956
- C:\Windows\System\IbIXbYu.exe
  C:\Windows\System\IbIXbYu.exe
  2⤵
  PID:6976
- C:\Windows\System\pJXjgWv.exe
  C:\Windows\System\pJXjgWv.exe
  2⤵
  PID:6992
- C:\Windows\System\hfJzwpT.exe
  C:\Windows\System\hfJzwpT.exe
  2⤵
  PID:7016
- C:\Windows\System\qAbznAn.exe
  C:\Windows\System\qAbznAn.exe
  2⤵
  PID:7032
- C:\Windows\System\vsIdKhc.exe
  C:\Windows\System\vsIdKhc.exe
  2⤵
  PID:7056
- C:\Windows\System\RoUnJZC.exe
  C:\Windows\System\RoUnJZC.exe
  2⤵
  PID:7072
- C:\Windows\System\dPtfUcB.exe
  C:\Windows\System\dPtfUcB.exe
  2⤵
  PID:7088
- C:\Windows\System\oByqXgd.exe
  C:\Windows\System\oByqXgd.exe
  2⤵
  PID:7104
- C:\Windows\System\TbejBwl.exe
  C:\Windows\System\TbejBwl.exe
  2⤵
  PID:7120
- C:\Windows\System\apQtkZn.exe
  C:\Windows\System\apQtkZn.exe
  2⤵
  PID:7144
- C:\Windows\System\dPVxsIG.exe
  C:\Windows\System\dPVxsIG.exe
  2⤵
  PID:7164
- C:\Windows\System\PSvpEzx.exe
  C:\Windows\System\PSvpEzx.exe
  2⤵
  PID:6192
- C:\Windows\System\lnStSrK.exe
  C:\Windows\System\lnStSrK.exe
  2⤵
  PID:6220
- C:\Windows\System\iKaXqeC.exe
  C:\Windows\System\iKaXqeC.exe
  2⤵
  PID:6432
- C:\Windows\System\wMBjvPR.exe
  C:\Windows\System\wMBjvPR.exe
  2⤵
  PID:6480
- C:\Windows\System\xmvxRfg.exe
  C:\Windows\System\xmvxRfg.exe
  2⤵
  PID:6296
- C:\Windows\System\IkwxGNe.exe
  C:\Windows\System\IkwxGNe.exe
  2⤵
  PID:6372
- C:\Windows\System\cGrKKgE.exe
  C:\Windows\System\cGrKKgE.exe
  2⤵
  PID:6448
- C:\Windows\System\VjtvJyF.exe
  C:\Windows\System\VjtvJyF.exe
  2⤵
  PID:6460
- C:\Windows\System\KPIvLMP.exe
  C:\Windows\System\KPIvLMP.exe
  2⤵
  PID:6536
- C:\Windows\System\nCAESUZ.exe
  C:\Windows\System\nCAESUZ.exe
  2⤵
  PID:6572
- C:\Windows\System\jyvuYCH.exe
  C:\Windows\System\jyvuYCH.exe
  2⤵
  PID:6604
- C:\Windows\System\tfVQzAm.exe
  C:\Windows\System\tfVQzAm.exe
  2⤵
  PID:6644
- C:\Windows\System\MdtSqoB.exe
  C:\Windows\System\MdtSqoB.exe
  2⤵
  PID:6664
- C:\Windows\System\VEAKeIB.exe
  C:\Windows\System\VEAKeIB.exe
  2⤵
  PID:6716
- C:\Windows\System\fWItkJz.exe
  C:\Windows\System\fWItkJz.exe
  2⤵
  PID:6728
- C:\Windows\System\ZXoSKut.exe
  C:\Windows\System\ZXoSKut.exe
  2⤵
  PID:6788
- C:\Windows\System\xxTuXMs.exe
  C:\Windows\System\xxTuXMs.exe
  2⤵
  PID:6776
- C:\Windows\System\WBTPWPA.exe
  C:\Windows\System\WBTPWPA.exe
  2⤵
  PID:6820
- C:\Windows\System\DTKzLot.exe
  C:\Windows\System\DTKzLot.exe
  2⤵
  PID:6876
- C:\Windows\System\IckyRVv.exe
  C:\Windows\System\IckyRVv.exe
  2⤵
  PID:6860
- C:\Windows\System\boxTdiE.exe
  C:\Windows\System\boxTdiE.exe
  2⤵
  PID:6948
- C:\Windows\System\IYEmiUU.exe
  C:\Windows\System\IYEmiUU.exe
  2⤵
  PID:6352
- C:\Windows\System\QVmYAwH.exe
  C:\Windows\System\QVmYAwH.exe
  2⤵
  PID:6984
- C:\Windows\System\kIMdnMC.exe
  C:\Windows\System\kIMdnMC.exe
  2⤵
  PID:7044
- C:\Windows\System\MFfiCmq.exe
  C:\Windows\System\MFfiCmq.exe
  2⤵
  PID:7080
- C:\Windows\System\tiebArk.exe
  C:\Windows\System\tiebArk.exe
  2⤵
  PID:7156
- C:\Windows\System\OHgmGsk.exe
  C:\Windows\System\OHgmGsk.exe
  2⤵
  PID:7100
- C:\Windows\System\gqulWfa.exe
  C:\Windows\System\gqulWfa.exe
  2⤵
  PID:7136
- C:\Windows\System\AXBzgWK.exe
  C:\Windows\System\AXBzgWK.exe
  2⤵
  PID:6172
- C:\Windows\System\bQcpqIQ.exe
  C:\Windows\System\bQcpqIQ.exe
  2⤵
  PID:6264
- C:\Windows\System\ICQYPpK.exe
  C:\Windows\System\ICQYPpK.exe
  2⤵
  PID:6268
- C:\Windows\System\lYjHghz.exe
  C:\Windows\System\lYjHghz.exe
  2⤵
  PID:6388
- C:\Windows\System\iIiDzZg.exe
  C:\Windows\System\iIiDzZg.exe
  2⤵
  PID:6428
- C:\Windows\System\mInNPfO.exe
  C:\Windows\System\mInNPfO.exe
  2⤵
  PID:6332
- C:\Windows\System\ipqKIpn.exe
  C:\Windows\System\ipqKIpn.exe
  2⤵
  PID:6548
- C:\Windows\System\jYvXkzi.exe
  C:\Windows\System\jYvXkzi.exe
  2⤵
  PID:6564
- C:\Windows\System\FEyWTbm.exe
  C:\Windows\System\FEyWTbm.exe
  2⤵
  PID:6580
- C:\Windows\System\pQthncx.exe
  C:\Windows\System\pQthncx.exe
  2⤵
  PID:6624
- C:\Windows\System\IWGMhso.exe
  C:\Windows\System\IWGMhso.exe
  2⤵
  PID:6684
- C:\Windows\System\URRHRqJ.exe
  C:\Windows\System\URRHRqJ.exe
  2⤵
  PID:6760
- C:\Windows\System\WpqHaHI.exe
  C:\Windows\System\WpqHaHI.exe
  2⤵
  PID:6812
- C:\Windows\System\ATwtlxZ.exe
  C:\Windows\System\ATwtlxZ.exe
  2⤵
  PID:6816
- C:\Windows\System\LOmocOb.exe
  C:\Windows\System\LOmocOb.exe
  2⤵
  PID:6932
- C:\Windows\System\kiKdbbm.exe
  C:\Windows\System\kiKdbbm.exe
  2⤵
  PID:6968
- C:\Windows\System\RZryiFk.exe
  C:\Windows\System\RZryiFk.exe
  2⤵
  PID:7024
- C:\Windows\System\oIdDsTf.exe
  C:\Windows\System\oIdDsTf.exe
  2⤵
  PID:7116
- C:\Windows\System\lRCFZwo.exe
  C:\Windows\System\lRCFZwo.exe
  2⤵
  PID:7132
- C:\Windows\System\RwySMAw.exe
  C:\Windows\System\RwySMAw.exe
  2⤵
  PID:6160
- C:\Windows\System\UvbrHVD.exe
  C:\Windows\System\UvbrHVD.exe
  2⤵
  PID:6356
- C:\Windows\System\THyppsq.exe
  C:\Windows\System\THyppsq.exe
  2⤵
  PID:6272
- C:\Windows\System\eddZemp.exe
  C:\Windows\System\eddZemp.exe
  2⤵
  PID:6512
- C:\Windows\System\CCCiDrg.exe
  C:\Windows\System\CCCiDrg.exe
  2⤵
  PID:6552
- C:\Windows\System\UBWxxaE.exe
  C:\Windows\System\UBWxxaE.exe
  2⤵
  PID:6500
- C:\Windows\System\WQvOSLQ.exe
  C:\Windows\System\WQvOSLQ.exe
  2⤵
  PID:6620
- C:\Windows\System\nBCfKkf.exe
  C:\Windows\System\nBCfKkf.exe
  2⤵
  PID:6796
- C:\Windows\System\mShvzJL.exe
  C:\Windows\System\mShvzJL.exe
  2⤵
  PID:6840
- C:\Windows\System\afuZYQc.exe
  C:\Windows\System\afuZYQc.exe
  2⤵
  PID:6964
- C:\Windows\System\HtkBwkp.exe
  C:\Windows\System\HtkBwkp.exe
  2⤵
  PID:7012
- C:\Windows\System\yIOZXJi.exe
  C:\Windows\System\yIOZXJi.exe
  2⤵
  PID:7068
- C:\Windows\System\uoCdLqZ.exe
  C:\Windows\System\uoCdLqZ.exe
  2⤵
  PID:6152
- C:\Windows\System\JzYWRDC.exe
  C:\Windows\System\JzYWRDC.exe
  2⤵
  PID:6236
- C:\Windows\System\SsMySYl.exe
  C:\Windows\System\SsMySYl.exe
  2⤵
  PID:6408
- C:\Windows\System\aGJKSYx.exe
  C:\Windows\System\aGJKSYx.exe
  2⤵
  PID:6600
- C:\Windows\System\WFHrXPE.exe
  C:\Windows\System\WFHrXPE.exe
  2⤵
  PID:6740
- C:\Windows\System\RIJEzmh.exe
  C:\Windows\System\RIJEzmh.exe
  2⤵
  PID:6724
- C:\Windows\System\wfpzceV.exe
  C:\Windows\System\wfpzceV.exe
  2⤵
  PID:7008
- C:\Windows\System\qDdYLvq.exe
  C:\Windows\System\qDdYLvq.exe
  2⤵
  PID:6216
- C:\Windows\System\TqPYBKd.exe
  C:\Windows\System\TqPYBKd.exe
  2⤵
  PID:6856
- C:\Windows\System\VfMcHOT.exe
  C:\Windows\System\VfMcHOT.exe
  2⤵
  PID:6640
- C:\Windows\System\xbqBKsW.exe
  C:\Windows\System\xbqBKsW.exe
  2⤵
  PID:6680
- C:\Windows\System\vawZtut.exe
  C:\Windows\System\vawZtut.exe
  2⤵
  PID:6392
- C:\Windows\System\oNCBnyJ.exe
  C:\Windows\System\oNCBnyJ.exe
  2⤵
  PID:6636
- C:\Windows\System\poqTSPu.exe
  C:\Windows\System\poqTSPu.exe
  2⤵
  PID:6292
- C:\Windows\System\gaJpYGe.exe
  C:\Windows\System\gaJpYGe.exe
  2⤵
  PID:7112
- C:\Windows\System\PpZSbdl.exe
  C:\Windows\System\PpZSbdl.exe
  2⤵
  PID:6952
- C:\Windows\System\fqJLzTP.exe
  C:\Windows\System\fqJLzTP.exe
  2⤵
  PID:7172
- C:\Windows\System\VgLHGCs.exe
  C:\Windows\System\VgLHGCs.exe
  2⤵
  PID:7188
- C:\Windows\System\FhbNtcA.exe
  C:\Windows\System\FhbNtcA.exe
  2⤵
  PID:7208
- C:\Windows\System\SbJFzlT.exe
  C:\Windows\System\SbJFzlT.exe
  2⤵
  PID:7224
- C:\Windows\System\hLUSocy.exe
  C:\Windows\System\hLUSocy.exe
  2⤵
  PID:7248
- C:\Windows\System\cFIFnYJ.exe
  C:\Windows\System\cFIFnYJ.exe
  2⤵
  PID:7268
- C:\Windows\System\bdEgcVc.exe
  C:\Windows\System\bdEgcVc.exe
  2⤵
  PID:7284
- C:\Windows\System\XktTjBB.exe
  C:\Windows\System\XktTjBB.exe
  2⤵
  PID:7300
- C:\Windows\System\MDMartn.exe
  C:\Windows\System\MDMartn.exe
  2⤵
  PID:7328
- C:\Windows\System\yZRutaB.exe
  C:\Windows\System\yZRutaB.exe
  2⤵
  PID:7344
- C:\Windows\System\HlciKVA.exe
  C:\Windows\System\HlciKVA.exe
  2⤵
  PID:7364
- C:\Windows\System\amaAEwC.exe
  C:\Windows\System\amaAEwC.exe
  2⤵
  PID:7388
- C:\Windows\System\qQlwDmo.exe
  C:\Windows\System\qQlwDmo.exe
  2⤵
  PID:7404
- C:\Windows\System\HwKnEKR.exe
  C:\Windows\System\HwKnEKR.exe
  2⤵
  PID:7420
- C:\Windows\System\RiBzqDF.exe
  C:\Windows\System\RiBzqDF.exe
  2⤵
  PID:7444
- C:\Windows\System\MbjWhMm.exe
  C:\Windows\System\MbjWhMm.exe
  2⤵
  PID:7472
- C:\Windows\System\Osqvwca.exe
  C:\Windows\System\Osqvwca.exe
  2⤵
  PID:7488
- C:\Windows\System\DhobwbR.exe
  C:\Windows\System\DhobwbR.exe
  2⤵
  PID:7508
- C:\Windows\System\wvwWKfc.exe
  C:\Windows\System\wvwWKfc.exe
  2⤵
  PID:7532
- C:\Windows\System\LxtKpQh.exe
  C:\Windows\System\LxtKpQh.exe
  2⤵
  PID:7548
- C:\Windows\System\Uhmjixa.exe
  C:\Windows\System\Uhmjixa.exe
  2⤵
  PID:7572
- C:\Windows\System\ujXGqSo.exe
  C:\Windows\System\ujXGqSo.exe
  2⤵
  PID:7588
- C:\Windows\System\GZATwjw.exe
  C:\Windows\System\GZATwjw.exe
  2⤵
  PID:7608
- C:\Windows\System\MMknkFH.exe
  C:\Windows\System\MMknkFH.exe
  2⤵
  PID:7624
- C:\Windows\System\KSlmvjs.exe
  C:\Windows\System\KSlmvjs.exe
  2⤵
  PID:7648
- C:\Windows\System\kwyLOyW.exe
  C:\Windows\System\kwyLOyW.exe
  2⤵
  PID:7664
- C:\Windows\System\KfIcsMO.exe
  C:\Windows\System\KfIcsMO.exe
  2⤵
  PID:7692
- C:\Windows\System\JeJeFAr.exe
  C:\Windows\System\JeJeFAr.exe
  2⤵
  PID:7708
- C:\Windows\System\UEgdFco.exe
  C:\Windows\System\UEgdFco.exe
  2⤵
  PID:7732
- C:\Windows\System\NewdNWc.exe
  C:\Windows\System\NewdNWc.exe
  2⤵
  PID:7748
- C:\Windows\System\INocuri.exe
  C:\Windows\System\INocuri.exe
  2⤵
  PID:7768
- C:\Windows\System\sdUStlT.exe
  C:\Windows\System\sdUStlT.exe
  2⤵
  PID:7792
- C:\Windows\System\wzIQOqz.exe
  C:\Windows\System\wzIQOqz.exe
  2⤵
  PID:7808
- C:\Windows\System\fJyTMgu.exe
  C:\Windows\System\fJyTMgu.exe
  2⤵
  PID:7832
- C:\Windows\System\OHKjqPW.exe
  C:\Windows\System\OHKjqPW.exe
  2⤵
  PID:7848
- C:\Windows\System\aZLyEEs.exe
  C:\Windows\System\aZLyEEs.exe
  2⤵
  PID:7868
- C:\Windows\System\FrtvdWK.exe
  C:\Windows\System\FrtvdWK.exe
  2⤵
  PID:7896
- C:\Windows\System\dkqDCRX.exe
  C:\Windows\System\dkqDCRX.exe
  2⤵
  PID:7912
- C:\Windows\System\BcwhJIs.exe
  C:\Windows\System\BcwhJIs.exe
  2⤵
  PID:7936
- C:\Windows\System\MMHRZCE.exe
  C:\Windows\System\MMHRZCE.exe
  2⤵
  PID:7952
- C:\Windows\System\mpmyugB.exe
  C:\Windows\System\mpmyugB.exe
  2⤵
  PID:7972
- C:\Windows\System\etFpEhN.exe
  C:\Windows\System\etFpEhN.exe
  2⤵
  PID:7996
- C:\Windows\System\BwzYaNA.exe
  C:\Windows\System\BwzYaNA.exe
  2⤵
  PID:8016
- C:\Windows\System\PzUOVON.exe
  C:\Windows\System\PzUOVON.exe
  2⤵
  PID:8032
- C:\Windows\System\hvIdZJf.exe
  C:\Windows\System\hvIdZJf.exe
  2⤵
  PID:8048
- C:\Windows\System\ltxwGhQ.exe
  C:\Windows\System\ltxwGhQ.exe
  2⤵
  PID:8064
- C:\Windows\System\CUbTaMI.exe
  C:\Windows\System\CUbTaMI.exe
  2⤵
  PID:8084
- C:\Windows\System\AgykTCq.exe
  C:\Windows\System\AgykTCq.exe
  2⤵
  PID:8108
- C:\Windows\System\yYxTkVE.exe
  C:\Windows\System\yYxTkVE.exe
  2⤵
  PID:8128
- C:\Windows\System\JmtJzqE.exe
  C:\Windows\System\JmtJzqE.exe
  2⤵
  PID:8156
- C:\Windows\System\GgADJuF.exe
  C:\Windows\System\GgADJuF.exe
  2⤵
  PID:8172
- C:\Windows\System\tgmVErF.exe
  C:\Windows\System\tgmVErF.exe
  2⤵
  PID:6232
- C:\Windows\System\EgNkxaX.exe
  C:\Windows\System\EgNkxaX.exe
  2⤵
  PID:7236
- C:\Windows\System\yJxPluo.exe
  C:\Windows\System\yJxPluo.exe
  2⤵
  PID:7180
- C:\Windows\System\JlvgDIW.exe
  C:\Windows\System\JlvgDIW.exe
  2⤵
  PID:7280
- C:\Windows\System\WwtlriG.exe
  C:\Windows\System\WwtlriG.exe
  2⤵
  PID:7324
- C:\Windows\System\OMOpiuQ.exe
  C:\Windows\System\OMOpiuQ.exe
  2⤵
  PID:7296
- C:\Windows\System\LicWGgz.exe
  C:\Windows\System\LicWGgz.exe
  2⤵
  PID:7372
- C:\Windows\System\XWVCwVc.exe
  C:\Windows\System\XWVCwVc.exe
  2⤵
  PID:7436
- C:\Windows\System\hXIrXMz.exe
  C:\Windows\System\hXIrXMz.exe
  2⤵
  PID:7340
- C:\Windows\System\NVrmmKC.exe
  C:\Windows\System\NVrmmKC.exe
  2⤵
  PID:7516
- C:\Windows\System\bOlgiYw.exe
  C:\Windows\System\bOlgiYw.exe
  2⤵
  PID:7468
- C:\Windows\System\HYsZRwf.exe
  C:\Windows\System\HYsZRwf.exe
  2⤵
  PID:7500
- C:\Windows\System\IkEqpmP.exe
  C:\Windows\System\IkEqpmP.exe
  2⤵
  PID:7560
- C:\Windows\System\GMxKMdT.exe
  C:\Windows\System\GMxKMdT.exe
  2⤵
  PID:7600
- C:\Windows\System\INjiibF.exe
  C:\Windows\System\INjiibF.exe
  2⤵
  PID:7684
- C:\Windows\System\UJKJfmH.exe
  C:\Windows\System\UJKJfmH.exe
  2⤵
  PID:7656
- C:\Windows\System\PpkojIY.exe
  C:\Windows\System\PpkojIY.exe
  2⤵
  PID:7704
- C:\Windows\System\UpOAFiM.exe
  C:\Windows\System\UpOAFiM.exe
  2⤵
  PID:7728
- C:\Windows\System\fgCKxvZ.exe
  C:\Windows\System\fgCKxvZ.exe
  2⤵
  PID:7800
- C:\Windows\System\qfjTPch.exe
  C:\Windows\System\qfjTPch.exe
  2⤵
  PID:7788
- C:\Windows\System\rVSnmUr.exe
  C:\Windows\System\rVSnmUr.exe
  2⤵
  PID:7824
- C:\Windows\System\IGIQkPy.exe
  C:\Windows\System\IGIQkPy.exe
  2⤵
  PID:7892
- C:\Windows\System\HkvHUFe.exe
  C:\Windows\System\HkvHUFe.exe
  2⤵
  PID:7828
- C:\Windows\System\FpEHLTO.exe
  C:\Windows\System\FpEHLTO.exe
  2⤵
  PID:7908
- C:\Windows\System\rRKWxAb.exe
  C:\Windows\System\rRKWxAb.exe
  2⤵
  PID:8004
- C:\Windows\System\DypBPEM.exe
  C:\Windows\System\DypBPEM.exe
  2⤵
  PID:8044
- C:\Windows\System\DiKgwUm.exe
  C:\Windows\System\DiKgwUm.exe
  2⤵
  PID:8040
- C:\Windows\System\SwkvxOw.exe
  C:\Windows\System\SwkvxOw.exe
  2⤵
  PID:8120
- C:\Windows\System\GHrHqGn.exe
  C:\Windows\System\GHrHqGn.exe
  2⤵
  PID:8136
- C:\Windows\System\JjPGdxs.exe
  C:\Windows\System\JjPGdxs.exe
  2⤵
  PID:8180
- C:\Windows\System\rmuVgYi.exe
  C:\Windows\System\rmuVgYi.exe
  2⤵
  PID:7200
- C:\Windows\System\WxCaUfr.exe
  C:\Windows\System\WxCaUfr.exe
  2⤵
  PID:7216
- C:\Windows\System\kKhmsCd.exe
  C:\Windows\System\kKhmsCd.exe
  2⤵
  PID:7292
- C:\Windows\System\dnrlBsl.exe
  C:\Windows\System\dnrlBsl.exe
  2⤵
  PID:7320
- C:\Windows\System\lDxamty.exe
  C:\Windows\System\lDxamty.exe
  2⤵
  PID:7764
- C:\Windows\System\BgHfZcL.exe
  C:\Windows\System\BgHfZcL.exe
  2⤵
  PID:7480
- C:\Windows\System\mjSRbya.exe
  C:\Windows\System\mjSRbya.exe
  2⤵
  PID:7496
- C:\Windows\System\lvZNtYE.exe
  C:\Windows\System\lvZNtYE.exe
  2⤵
  PID:7564
- C:\Windows\System\CtxmQUb.exe
  C:\Windows\System\CtxmQUb.exe
  2⤵
  PID:7636
- C:\Windows\System\nGXLPee.exe
  C:\Windows\System\nGXLPee.exe
  2⤵
  PID:2524
- C:\Windows\System\rEWbqMg.exe
  C:\Windows\System\rEWbqMg.exe
  2⤵
  PID:588
- C:\Windows\System\qxClxer.exe
  C:\Windows\System\qxClxer.exe
  2⤵
  PID:7660
- C:\Windows\System\kkgFDgc.exe
  C:\Windows\System\kkgFDgc.exe
  2⤵
  PID:7780
- C:\Windows\System\qaPNsFp.exe
  C:\Windows\System\qaPNsFp.exe
  2⤵
  PID:7884
- C:\Windows\System\RkQpovq.exe
  C:\Windows\System\RkQpovq.exe
  2⤵
  PID:7880
- C:\Windows\System\ZfQcSuy.exe
  C:\Windows\System\ZfQcSuy.exe
  2⤵
  PID:7924
- C:\Windows\System\rboiivF.exe
  C:\Windows\System\rboiivF.exe
  2⤵
  PID:7944
- C:\Windows\System\TFgnrLr.exe
  C:\Windows\System\TFgnrLr.exe
  2⤵
  PID:2988
- C:\Windows\System\WXmeTTB.exe
  C:\Windows\System\WXmeTTB.exe
  2⤵
  PID:8024
- C:\Windows\System\nkrSvkV.exe
  C:\Windows\System\nkrSvkV.exe
  2⤵
  PID:7932
- C:\Windows\System\PtygASv.exe
  C:\Windows\System\PtygASv.exe
  2⤵
  PID:8104
- C:\Windows\System\ReCwWJY.exe
  C:\Windows\System\ReCwWJY.exe
  2⤵
  PID:7196
- C:\Windows\System\bnmWuQm.exe
  C:\Windows\System\bnmWuQm.exe
  2⤵
  PID:7264
- C:\Windows\System\qHjNHap.exe
  C:\Windows\System\qHjNHap.exe
  2⤵
  PID:7484
- C:\Windows\System\SffgAYs.exe
  C:\Windows\System\SffgAYs.exe
  2⤵
  PID:7584
- C:\Windows\System\vEsIhYE.exe
  C:\Windows\System\vEsIhYE.exe
  2⤵
  PID:7400
- C:\Windows\System\JeFMYgw.exe
  C:\Windows\System\JeFMYgw.exe
  2⤵
  PID:1752
- C:\Windows\System\nxaxrgR.exe
  C:\Windows\System\nxaxrgR.exe
  2⤵
  PID:2036
- C:\Windows\System\VvaUjAz.exe
  C:\Windows\System\VvaUjAz.exe
  2⤵
  PID:7740
- C:\Windows\System\yZtPpbj.exe
  C:\Windows\System\yZtPpbj.exe
  2⤵
  PID:7860
- C:\Windows\System\OrnzdRZ.exe
  C:\Windows\System\OrnzdRZ.exe
  2⤵
  PID:7960
- C:\Windows\System\HoxCbCr.exe
  C:\Windows\System\HoxCbCr.exe
  2⤵
  PID:7992
- C:\Windows\System\iTljxNn.exe
  C:\Windows\System\iTljxNn.exe
  2⤵
  PID:8080
- C:\Windows\System\VMoQGZH.exe
  C:\Windows\System\VMoQGZH.exe
  2⤵
  PID:8188
- C:\Windows\System\tsieDRe.exe
  C:\Windows\System\tsieDRe.exe
  2⤵
  PID:7244
- C:\Windows\System\MlTzcNH.exe
  C:\Windows\System\MlTzcNH.exe
  2⤵
  PID:7360
- C:\Windows\System\cCZTlIO.exe
  C:\Windows\System\cCZTlIO.exe
  2⤵
  PID:7504
- C:\Windows\System\hhEHdKU.exe
  C:\Windows\System\hhEHdKU.exe
  2⤵
  PID:2372
- C:\Windows\System\iRaXdiE.exe
  C:\Windows\System\iRaXdiE.exe
  2⤵
  PID:7640
- C:\Windows\System\ZBiPtNu.exe
  C:\Windows\System\ZBiPtNu.exe
  2⤵
  PID:7680
- C:\Windows\System\cOLaYSR.exe
  C:\Windows\System\cOLaYSR.exe
  2⤵
  PID:8072
- C:\Windows\System\whCLMDW.exe
  C:\Windows\System\whCLMDW.exe
  2⤵
  PID:8164
- C:\Windows\System\oiTXuRq.exe
  C:\Windows\System\oiTXuRq.exe
  2⤵
  PID:7260
- C:\Windows\System\kznlkNw.exe
  C:\Windows\System\kznlkNw.exe
  2⤵
  PID:2056
- C:\Windows\System\qLpuYGt.exe
  C:\Windows\System\qLpuYGt.exe
  2⤵
  PID:7620
- C:\Windows\System\IDjLXeG.exe
  C:\Windows\System\IDjLXeG.exe
  2⤵
  PID:8168
- C:\Windows\System\ZTYHFAc.exe
  C:\Windows\System\ZTYHFAc.exe
  2⤵
  PID:7376
- C:\Windows\System\pzsjwAC.exe
  C:\Windows\System\pzsjwAC.exe
  2⤵
  PID:688
- C:\Windows\System\xgLBDkC.exe
  C:\Windows\System\xgLBDkC.exe
  2⤵
  PID:7784
- C:\Windows\System\EBLlWag.exe
  C:\Windows\System\EBLlWag.exe
  2⤵
  PID:6452
- C:\Windows\System\SpzNaIO.exe
  C:\Windows\System\SpzNaIO.exe
  2⤵
  PID:8208
- C:\Windows\System\dVcVHQQ.exe
  C:\Windows\System\dVcVHQQ.exe
  2⤵
  PID:8228
- C:\Windows\System\jrZzyvU.exe
  C:\Windows\System\jrZzyvU.exe
  2⤵
  PID:8248
- C:\Windows\System\veKZSmj.exe
  C:\Windows\System\veKZSmj.exe
  2⤵
  PID:8264
- C:\Windows\System\DaXUatY.exe
  C:\Windows\System\DaXUatY.exe
  2⤵
  PID:8284
- C:\Windows\System\cQqSGGH.exe
  C:\Windows\System\cQqSGGH.exe
  2⤵
  PID:8304
- C:\Windows\System\CxFrvIJ.exe
  C:\Windows\System\CxFrvIJ.exe
  2⤵
  PID:8336
- C:\Windows\System\fEWZPHY.exe
  C:\Windows\System\fEWZPHY.exe
  2⤵
  PID:8352
- C:\Windows\System\PZJXGHA.exe
  C:\Windows\System\PZJXGHA.exe
  2⤵
  PID:8368
- C:\Windows\System\JVtBYCs.exe
  C:\Windows\System\JVtBYCs.exe
  2⤵
  PID:8388
- C:\Windows\System\nwXWakz.exe
  C:\Windows\System\nwXWakz.exe
  2⤵
  PID:8420
- C:\Windows\System\yQtlDxg.exe
  C:\Windows\System\yQtlDxg.exe
  2⤵
  PID:8440
- C:\Windows\System\YepwRWw.exe
  C:\Windows\System\YepwRWw.exe
  2⤵
  PID:8456
- C:\Windows\System\EFetbBq.exe
  C:\Windows\System\EFetbBq.exe
  2⤵
  PID:8480
- C:\Windows\System\NYYOBtb.exe
  C:\Windows\System\NYYOBtb.exe
  2⤵
  PID:8500
- C:\Windows\System\DvhQcaN.exe
  C:\Windows\System\DvhQcaN.exe
  2⤵
  PID:8524
- C:\Windows\System\EVlFqEG.exe
  C:\Windows\System\EVlFqEG.exe
  2⤵
  PID:8540
- C:\Windows\System\lngRfeK.exe
  C:\Windows\System\lngRfeK.exe
  2⤵
  PID:8556
- C:\Windows\System\xhQWFuw.exe
  C:\Windows\System\xhQWFuw.exe
  2⤵
  PID:8584
- C:\Windows\System\tpORdQg.exe
  C:\Windows\System\tpORdQg.exe
  2⤵
  PID:8600
- C:\Windows\System\xSCTwJE.exe
  C:\Windows\System\xSCTwJE.exe
  2⤵
  PID:8620
- C:\Windows\System\wxqWlbk.exe
  C:\Windows\System\wxqWlbk.exe
  2⤵
  PID:8644
- C:\Windows\System\BUMTDyl.exe
  C:\Windows\System\BUMTDyl.exe
  2⤵
  PID:8660
- C:\Windows\System\twAzYRR.exe
  C:\Windows\System\twAzYRR.exe
  2⤵
  PID:8680
- C:\Windows\System\AobHzXC.exe
  C:\Windows\System\AobHzXC.exe
  2⤵
  PID:8700
- C:\Windows\System\yXoXGLY.exe
  C:\Windows\System\yXoXGLY.exe
  2⤵
  PID:8724
- C:\Windows\System\DNcJqzW.exe
  C:\Windows\System\DNcJqzW.exe
  2⤵
  PID:8740
- C:\Windows\System\mIVcJjY.exe
  C:\Windows\System\mIVcJjY.exe
  2⤵
  PID:8764
- C:\Windows\System\uyIlUmA.exe
  C:\Windows\System\uyIlUmA.exe
  2⤵
  PID:8784
- C:\Windows\System\uPdBZAt.exe
  C:\Windows\System\uPdBZAt.exe
  2⤵
  PID:8808
- C:\Windows\System\RydgQZp.exe
  C:\Windows\System\RydgQZp.exe
  2⤵
  PID:8824
- C:\Windows\System\dHzbxyA.exe
  C:\Windows\System\dHzbxyA.exe
  2⤵
  PID:8844
- C:\Windows\System\dyMNnmU.exe
  C:\Windows\System\dyMNnmU.exe
  2⤵
  PID:8860
- C:\Windows\System\HORlNZh.exe
  C:\Windows\System\HORlNZh.exe
  2⤵
  PID:8888
- C:\Windows\System\MSoSPNO.exe
  C:\Windows\System\MSoSPNO.exe
  2⤵
  PID:8904
- C:\Windows\System\fuaNzso.exe
  C:\Windows\System\fuaNzso.exe
  2⤵
  PID:8924
- C:\Windows\System\ROSbxIX.exe
  C:\Windows\System\ROSbxIX.exe
  2⤵
  PID:8944
- C:\Windows\System\ORtujPQ.exe
  C:\Windows\System\ORtujPQ.exe
  2⤵
  PID:8960
- C:\Windows\System\gGptHTn.exe
  C:\Windows\System\gGptHTn.exe
  2⤵
  PID:8976
- C:\Windows\System\RHabBIP.exe
  C:\Windows\System\RHabBIP.exe
  2⤵
  PID:8996
- C:\Windows\System\ZnRsKxo.exe
  C:\Windows\System\ZnRsKxo.exe
  2⤵
  PID:9028
- C:\Windows\System\mNTNBIs.exe
  C:\Windows\System\mNTNBIs.exe
  2⤵
  PID:9044
- C:\Windows\System\VJocKMC.exe
  C:\Windows\System\VJocKMC.exe
  2⤵
  PID:9064
- C:\Windows\System\dMaXfJc.exe
  C:\Windows\System\dMaXfJc.exe
  2⤵
  PID:9080
- C:\Windows\System\YblWZNP.exe
  C:\Windows\System\YblWZNP.exe
  2⤵
  PID:9100
- C:\Windows\System\oMmyYYA.exe
  C:\Windows\System\oMmyYYA.exe
  2⤵
  PID:9128
- C:\Windows\System\uyoMfcT.exe
  C:\Windows\System\uyoMfcT.exe
  2⤵
  PID:9144
- C:\Windows\System\xEayVOZ.exe
  C:\Windows\System\xEayVOZ.exe
  2⤵
  PID:9164
- C:\Windows\System\AOtzRjX.exe
  C:\Windows\System\AOtzRjX.exe
  2⤵
  PID:9180
- C:\Windows\System\bAXNLvJ.exe
  C:\Windows\System\bAXNLvJ.exe
  2⤵
  PID:9196
- C:\Windows\System\NnHrzfg.exe
  C:\Windows\System\NnHrzfg.exe
  2⤵
  PID:7596
- C:\Windows\System\XbxZoov.exe
  C:\Windows\System\XbxZoov.exe
  2⤵
  PID:8256
- C:\Windows\System\CFtRVga.exe
  C:\Windows\System\CFtRVga.exe
  2⤵
  PID:8272
- C:\Windows\System\sWgiWMf.exe
  C:\Windows\System\sWgiWMf.exe
  2⤵
  PID:8300
- C:\Windows\System\KQtFXEg.exe
  C:\Windows\System\KQtFXEg.exe
  2⤵
  PID:8276
- C:\Windows\System\hnjxbfL.exe
  C:\Windows\System\hnjxbfL.exe
  2⤵
  PID:8316
- C:\Windows\System\eOZGNSG.exe
  C:\Windows\System\eOZGNSG.exe
  2⤵
  PID:8376
- C:\Windows\System\pGWTKQX.exe
  C:\Windows\System\pGWTKQX.exe
  2⤵
  PID:8412
- C:\Windows\System\hQqktmV.exe
  C:\Windows\System\hQqktmV.exe
  2⤵
  PID:8432
- C:\Windows\System\rQlowQG.exe
  C:\Windows\System\rQlowQG.exe
  2⤵
  PID:8464
- C:\Windows\System\KRVVTIg.exe
  C:\Windows\System\KRVVTIg.exe
  2⤵
  PID:8492
- C:\Windows\System\goLnytc.exe
  C:\Windows\System\goLnytc.exe
  2⤵
  PID:8532
- C:\Windows\System\UYaqfYh.exe
  C:\Windows\System\UYaqfYh.exe
  2⤵
  PID:8568
- C:\Windows\System\LRtqAzs.exe
  C:\Windows\System\LRtqAzs.exe
  2⤵
  PID:8596
- C:\Windows\System\XHRRWKp.exe
  C:\Windows\System\XHRRWKp.exe
  2⤵
  PID:8632
- C:\Windows\System\IuZhNhJ.exe
  C:\Windows\System\IuZhNhJ.exe
  2⤵
  PID:8668
- C:\Windows\System\XWMQgpr.exe
  C:\Windows\System\XWMQgpr.exe
  2⤵
  PID:8696
- C:\Windows\System\OzMFVwP.exe
  C:\Windows\System\OzMFVwP.exe
  2⤵
  PID:8748
- C:\Windows\System\cGumMHB.exe
  C:\Windows\System\cGumMHB.exe
  2⤵
  PID:8776
- C:\Windows\System\MqsFmsU.exe
  C:\Windows\System\MqsFmsU.exe
  2⤵
  PID:8780
- C:\Windows\System\jLCKLSF.exe
  C:\Windows\System\jLCKLSF.exe
  2⤵
  PID:8836
- C:\Windows\System\xkQPkYI.exe
  C:\Windows\System\xkQPkYI.exe
  2⤵
  PID:8876
- C:\Windows\System\APLXGyz.exe
  C:\Windows\System\APLXGyz.exe
  2⤵
  PID:8916
- C:\Windows\System\ylkoMDa.exe
  C:\Windows\System\ylkoMDa.exe
  2⤵
  PID:8992
- C:\Windows\System\HuxxqNT.exe
  C:\Windows\System\HuxxqNT.exe
  2⤵
  PID:8968
- C:\Windows\System\zVCZCAl.exe
  C:\Windows\System\zVCZCAl.exe
  2⤵
  PID:8936
- C:\Windows\System\qhjaOTP.exe
  C:\Windows\System\qhjaOTP.exe
  2⤵
  PID:9016
- C:\Windows\System\PThpHCn.exe
  C:\Windows\System\PThpHCn.exe
  2⤵
  PID:9060
- C:\Windows\System\GTZGNpC.exe
  C:\Windows\System\GTZGNpC.exe
  2⤵
  PID:9056
- C:\Windows\System\JYZqXpL.exe
  C:\Windows\System\JYZqXpL.exe
  2⤵
  PID:9152
- C:\Windows\System\yVzXtmJ.exe
  C:\Windows\System\yVzXtmJ.exe
  2⤵
  PID:9188
- C:\Windows\System\HxfAicU.exe
  C:\Windows\System\HxfAicU.exe
  2⤵
  PID:8260
- C:\Windows\System\cwtXzkh.exe
  C:\Windows\System\cwtXzkh.exe
  2⤵
  PID:2624
- C:\Windows\System\cXMCysR.exe
  C:\Windows\System\cXMCysR.exe
  2⤵
  PID:8280
- C:\Windows\System\zEHOviu.exe
  C:\Windows\System\zEHOviu.exe
  2⤵
  PID:8244
- C:\Windows\System\TWMLrcX.exe
  C:\Windows\System\TWMLrcX.exe
  2⤵
  PID:8396
- C:\Windows\System\ndeEVHQ.exe
  C:\Windows\System\ndeEVHQ.exe
  2⤵
  PID:8384
- C:\Windows\System\OSCfLRk.exe
  C:\Windows\System\OSCfLRk.exe
  2⤵
  PID:8520
- C:\Windows\System\XVHRsiV.exe
  C:\Windows\System\XVHRsiV.exe
  2⤵
  PID:8552
- C:\Windows\System\MrQJOcq.exe
  C:\Windows\System\MrQJOcq.exe
  2⤵
  PID:8564
- C:\Windows\System\SZedEfM.exe
  C:\Windows\System\SZedEfM.exe
  2⤵
  PID:8640
- C:\Windows\System\tobzDNU.exe
  C:\Windows\System\tobzDNU.exe
  2⤵
  PID:8712
- C:\Windows\System\zYyJvjO.exe
  C:\Windows\System\zYyJvjO.exe
  2⤵
  PID:8688
- C:\Windows\System\THeWWTP.exe
  C:\Windows\System\THeWWTP.exe
  2⤵
  PID:8760
- C:\Windows\System\dPlUfja.exe
  C:\Windows\System\dPlUfja.exe
  2⤵
  PID:8804
- C:\Windows\System\zIoFCSU.exe
  C:\Windows\System\zIoFCSU.exe
  2⤵
  PID:8868
- C:\Windows\System\FSdqbJM.exe
  C:\Windows\System\FSdqbJM.exe
  2⤵
  PID:8872
- C:\Windows\System\laRySPa.exe
  C:\Windows\System\laRySPa.exe
  2⤵
  PID:8956
- C:\Windows\System\CeaLRuM.exe
  C:\Windows\System\CeaLRuM.exe
  2⤵
  PID:8972
- C:\Windows\System\YgJRokm.exe
  C:\Windows\System\YgJRokm.exe
  2⤵
  PID:9076
- C:\Windows\System\bgzZPZL.exe
  C:\Windows\System\bgzZPZL.exe
  2⤵
  PID:9108
- C:\Windows\System\qngfcpb.exe
  C:\Windows\System\qngfcpb.exe
  2⤵
  PID:9020
- C:\Windows\System\gTFNPpT.exe
  C:\Windows\System\gTFNPpT.exe
  2⤵
  PID:9176
- C:\Windows\System\keNgIKe.exe
  C:\Windows\System\keNgIKe.exe
  2⤵
  PID:9160
- C:\Windows\System\fuhjRWp.exe
  C:\Windows\System\fuhjRWp.exe
  2⤵
  PID:9204
- C:\Windows\System\wSXPwys.exe
  C:\Windows\System\wSXPwys.exe
  2⤵
  PID:8240
- C:\Windows\System\hTDEzmD.exe
  C:\Windows\System\hTDEzmD.exe
  2⤵
  PID:8328
- C:\Windows\System\mIipaQh.exe
  C:\Windows\System\mIipaQh.exe
  2⤵
  PID:8400
- C:\Windows\System\LJETsnI.exe
  C:\Windows\System\LJETsnI.exe
  2⤵
  PID:8488
- C:\Windows\System\hMQakMV.exe
  C:\Windows\System\hMQakMV.exe
  2⤵
  PID:8572
- C:\Windows\System\XDObCqR.exe
  C:\Windows\System\XDObCqR.exe
  2⤵
  PID:8612
- C:\Windows\System\AfwQaYG.exe
  C:\Windows\System\AfwQaYG.exe
  2⤵
  PID:8820
- C:\Windows\System\JxrSshC.exe
  C:\Windows\System\JxrSshC.exe
  2⤵
  PID:8880
- C:\Windows\System\kJuadpv.exe
  C:\Windows\System\kJuadpv.exe
  2⤵
  PID:8920
- C:\Windows\System\fTeUjkd.exe
  C:\Windows\System\fTeUjkd.exe
  2⤵
  PID:9124
- C:\Windows\System\eSciLWb.exe
  C:\Windows\System\eSciLWb.exe
  2⤵
  PID:8220
- C:\Windows\System\bSYgvUX.exe
  C:\Windows\System\bSYgvUX.exe
  2⤵
  PID:8204
- C:\Windows\System\QrWxZWT.exe
  C:\Windows\System\QrWxZWT.exe
  2⤵
  PID:8380
- C:\Windows\System\bnCvGNb.exe
  C:\Windows\System\bnCvGNb.exe
  2⤵
  PID:8360
- C:\Windows\System\XxiMLwb.exe
  C:\Windows\System\XxiMLwb.exe
  2⤵
  PID:8608
- C:\Windows\System\WczfUzw.exe
  C:\Windows\System\WczfUzw.exe
  2⤵
  PID:8832
- C:\Windows\System\sLQEFzo.exe
  C:\Windows\System\sLQEFzo.exe
  2⤵
  PID:9096
- C:\Windows\System\woUDsPA.exe
  C:\Windows\System\woUDsPA.exe
  2⤵
  PID:9052
- C:\Windows\System\sHiAqxz.exe
  C:\Windows\System\sHiAqxz.exe
  2⤵
  PID:8508
- C:\Windows\System\IXfYTpz.exe
  C:\Windows\System\IXfYTpz.exe
  2⤵
  PID:8796
- C:\Windows\System\fWXlOHu.exe
  C:\Windows\System\fWXlOHu.exe
  2⤵
  PID:8772
- C:\Windows\System\pCQuYUc.exe
  C:\Windows\System\pCQuYUc.exe
  2⤵
  PID:8516
- C:\Windows\System\HQYzkuw.exe
  C:\Windows\System\HQYzkuw.exe
  2⤵
  PID:8720
- C:\Windows\System\WTOwZZN.exe
  C:\Windows\System\WTOwZZN.exe
  2⤵
  PID:8332
- C:\Windows\System\atpHOWm.exe
  C:\Windows\System\atpHOWm.exe
  2⤵
  PID:9232
- C:\Windows\System\GoyrlMM.exe
  C:\Windows\System\GoyrlMM.exe
  2⤵
  PID:9268
- C:\Windows\System\TNRgApj.exe
  C:\Windows\System\TNRgApj.exe
  2⤵
  PID:9292
- C:\Windows\System\AyxctnU.exe
  C:\Windows\System\AyxctnU.exe
  2⤵
  PID:9312
- C:\Windows\System\ggUgVWM.exe
  C:\Windows\System\ggUgVWM.exe
  2⤵
  PID:9340
- C:\Windows\System\KbyjfIG.exe
  C:\Windows\System\KbyjfIG.exe
  2⤵
  PID:9360
- C:\Windows\System\UvASkHQ.exe
  C:\Windows\System\UvASkHQ.exe
  2⤵
  PID:9380
- C:\Windows\System\vfohPBa.exe
  C:\Windows\System\vfohPBa.exe
  2⤵
  PID:9404
- C:\Windows\System\xvNVNnc.exe
  C:\Windows\System\xvNVNnc.exe
  2⤵
  PID:9420
- C:\Windows\System\roFcQwS.exe
  C:\Windows\System\roFcQwS.exe
  2⤵
  PID:9436
- C:\Windows\System\HAKBdic.exe
  C:\Windows\System\HAKBdic.exe
  2⤵
  PID:9468
- C:\Windows\System\RgzJyui.exe
  C:\Windows\System\RgzJyui.exe
  2⤵
  PID:9492
- C:\Windows\System\SciOmtk.exe
  C:\Windows\System\SciOmtk.exe
  2⤵
  PID:9516
- C:\Windows\System\RJsRqpe.exe
  C:\Windows\System\RJsRqpe.exe
  2⤵
  PID:9532
- C:\Windows\System\btLlnXn.exe
  C:\Windows\System\btLlnXn.exe
  2⤵
  PID:9552
- C:\Windows\System\WzRXzvY.exe
  C:\Windows\System\WzRXzvY.exe
  2⤵
  PID:9568
- C:\Windows\System\CMCyRif.exe
  C:\Windows\System\CMCyRif.exe
  2⤵
  PID:9584
- C:\Windows\System\AuOsKoK.exe
  C:\Windows\System\AuOsKoK.exe
  2⤵
  PID:9608
- C:\Windows\System\lvpOzLU.exe
  C:\Windows\System\lvpOzLU.exe
  2⤵
  PID:9628
- C:\Windows\System\WGhRUsK.exe
  C:\Windows\System\WGhRUsK.exe
  2⤵
  PID:9648
- C:\Windows\System\aaHszCM.exe
  C:\Windows\System\aaHszCM.exe
  2⤵
  PID:9672
- C:\Windows\System\PnzGYAd.exe
  C:\Windows\System\PnzGYAd.exe
  2⤵
  PID:9692
- C:\Windows\System\UoZshkx.exe
  C:\Windows\System\UoZshkx.exe
  2⤵
  PID:9712
- C:\Windows\System\gkJmNRk.exe
  C:\Windows\System\gkJmNRk.exe
  2⤵
  PID:9732
- C:\Windows\System\tZgFPBd.exe
  C:\Windows\System\tZgFPBd.exe
  2⤵
  PID:9748
- C:\Windows\System\dSMTQVh.exe
  C:\Windows\System\dSMTQVh.exe
  2⤵
  PID:9768
- C:\Windows\System\xtDARaK.exe
  C:\Windows\System\xtDARaK.exe
  2⤵
  PID:9788
- C:\Windows\System\QJZiEJK.exe
  C:\Windows\System\QJZiEJK.exe
  2⤵
  PID:9804
- C:\Windows\System\MmxMpoQ.exe
  C:\Windows\System\MmxMpoQ.exe
  2⤵
  PID:9824
- C:\Windows\System\kCVrNxM.exe
  C:\Windows\System\kCVrNxM.exe
  2⤵
  PID:9852
- C:\Windows\System\EtxOJos.exe
  C:\Windows\System\EtxOJos.exe
  2⤵
  PID:9876
- C:\Windows\System\fNGGyHd.exe
  C:\Windows\System\fNGGyHd.exe
  2⤵
  PID:9892
- C:\Windows\System\qsdpsPB.exe
  C:\Windows\System\qsdpsPB.exe
  2⤵
  PID:9916
- C:\Windows\System\omyKNwB.exe
  C:\Windows\System\omyKNwB.exe
  2⤵
  PID:9936
- C:\Windows\System\KHQLpPB.exe
  C:\Windows\System\KHQLpPB.exe
  2⤵
  PID:9956
- C:\Windows\System\ShFgqfS.exe
  C:\Windows\System\ShFgqfS.exe
  2⤵
  PID:9972
- C:\Windows\System\TRsMcIN.exe
  C:\Windows\System\TRsMcIN.exe
  2⤵
  PID:9988
- C:\Windows\System\qmVAvvZ.exe
  C:\Windows\System\qmVAvvZ.exe
  2⤵
  PID:10016
- C:\Windows\System\udyNlab.exe
  C:\Windows\System\udyNlab.exe
  2⤵
  PID:10032
- C:\Windows\System\kOwoQqv.exe
  C:\Windows\System\kOwoQqv.exe
  2⤵
  PID:10056
- C:\Windows\System\wdKDPly.exe
  C:\Windows\System\wdKDPly.exe
  2⤵
  PID:10096
- C:\Windows\System\hcHaXyU.exe
  C:\Windows\System\hcHaXyU.exe
  2⤵
  PID:10112
- C:\Windows\System\EORBBGk.exe
  C:\Windows\System\EORBBGk.exe
  2⤵
  PID:10132
- C:\Windows\System\hUUcdnJ.exe
  C:\Windows\System\hUUcdnJ.exe
  2⤵
  PID:10148
- C:\Windows\System\KzHvKxE.exe
  C:\Windows\System\KzHvKxE.exe
  2⤵
  PID:10172
- C:\Windows\System\HRrQQrP.exe
  C:\Windows\System\HRrQQrP.exe
  2⤵
  PID:10200
- C:\Windows\System\ISULStC.exe
  C:\Windows\System\ISULStC.exe
  2⤵
  PID:10224
- C:\Windows\System\gBNnHOu.exe
  C:\Windows\System\gBNnHOu.exe
  2⤵
  PID:9240
- C:\Windows\System\zTgNkjP.exe
  C:\Windows\System\zTgNkjP.exe
  2⤵
  PID:9248
- C:\Windows\System\ZrFaaXc.exe
  C:\Windows\System\ZrFaaXc.exe
  2⤵
  PID:9252
- C:\Windows\System\gmKJGrs.exe
  C:\Windows\System\gmKJGrs.exe
  2⤵
  PID:9324
- C:\Windows\System\ElZkrRX.exe
  C:\Windows\System\ElZkrRX.exe
  2⤵
  PID:9328
- C:\Windows\System\zzCMWZO.exe
  C:\Windows\System\zzCMWZO.exe
  2⤵
  PID:9392
- C:\Windows\System\KULjdOA.exe
  C:\Windows\System\KULjdOA.exe
  2⤵
  PID:9444
- C:\Windows\System\MXhMtwK.exe
  C:\Windows\System\MXhMtwK.exe
  2⤵
  PID:9464
- C:\Windows\System\YgjrrDm.exe
  C:\Windows\System\YgjrrDm.exe
  2⤵
  PID:9488
- C:\Windows\System\SVpTcZx.exe
  C:\Windows\System\SVpTcZx.exe
  2⤵
  PID:9512
- C:\Windows\System\jxPfISD.exe
  C:\Windows\System\jxPfISD.exe
  2⤵
  PID:9576
- C:\Windows\System\wfuGUKV.exe
  C:\Windows\System\wfuGUKV.exe
  2⤵
  PID:9616
- C:\Windows\System\RoXDxFV.exe
  C:\Windows\System\RoXDxFV.exe
  2⤵
  PID:9604
- C:\Windows\System\ijljkrC.exe
  C:\Windows\System\ijljkrC.exe
  2⤵
  PID:9640
- C:\Windows\System\JeRggPl.exe
  C:\Windows\System\JeRggPl.exe
  2⤵
  PID:9704
- C:\Windows\System\DXAOyHD.exe
  C:\Windows\System\DXAOyHD.exe
  2⤵
  PID:9740
- C:\Windows\System\AoCFNDG.exe
  C:\Windows\System\AoCFNDG.exe
  2⤵
  PID:9776
- C:\Windows\System\ZBkkEaF.exe
  C:\Windows\System\ZBkkEaF.exe
  2⤵
  PID:9800
- C:\Windows\System\WKEGwpF.exe
  C:\Windows\System\WKEGwpF.exe
  2⤵
  PID:9868
- C:\Windows\System\TFiyTKQ.exe
  C:\Windows\System\TFiyTKQ.exe
  2⤵
  PID:9900
- C:\Windows\System\RCezTNP.exe
  C:\Windows\System\RCezTNP.exe
  2⤵
  PID:9924
- C:\Windows\System\JtlUaDU.exe
  C:\Windows\System\JtlUaDU.exe
  2⤵
  PID:9948
- C:\Windows\System\QoCHrKM.exe
  C:\Windows\System\QoCHrKM.exe
  2⤵
  PID:9964
- C:\Windows\System\DVVuOjb.exe
  C:\Windows\System\DVVuOjb.exe
  2⤵
  PID:10004
- C:\Windows\System\pIMOEfj.exe
  C:\Windows\System\pIMOEfj.exe
  2⤵
  PID:10012
- C:\Windows\System\pnyRyHo.exe
  C:\Windows\System\pnyRyHo.exe
  2⤵
  PID:10068
- C:\Windows\System\XpVPkMM.exe
  C:\Windows\System\XpVPkMM.exe
  2⤵
  PID:10080
- C:\Windows\System\FBxmsfH.exe
  C:\Windows\System\FBxmsfH.exe
  2⤵
  PID:10104
- C:\Windows\System\zyggEuc.exe
  C:\Windows\System\zyggEuc.exe
  2⤵
  PID:10124
- C:\Windows\System\BJLPbhn.exe
  C:\Windows\System\BJLPbhn.exe
  2⤵
  PID:10160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\FwYKYrc.exe

Filesize
6.0MB

MD5
a880042be704f3da5918260a7f1450d6

SHA1
f272512ba4379f0018c4bd69c65294d18c70a2fa

SHA256
8d8718eff6ad5757426f4765185def0777074d42b4eaa42376abe99477d25ea8

SHA512
627d84a8107bc8104de35a919b56be60bf3735a2045018f29cb4fe86ffb71615885e56f21981803bb24334f0375b2c3febef3a1f256e4c4489f6d4b7c59bde87

Download Submit
C:\Windows\system\IlJlSpX.exe

Filesize
6.0MB

MD5
4e42ab04581ddb4270027fea7a9e0f68

SHA1
314804335dd34c7bcbe403b10f57835a46ab5252

SHA256
8b1642ed26545bfe8ce4e91efbf2656de2a71b7a7639b8c93ccb14206f4496bd

SHA512
7b622e69cb869ca2b02941158ad4db74bee3373791c4eec806058bee11f4356933f1d972d990b408e494466e0d5fa704d2f3800a9fa0b126207a289790fa42b4

Download Submit
C:\Windows\system\KAqCVxJ.exe

Filesize
6.0MB

MD5
9c8d6e1518377ca0d86fff104629651c

SHA1
bed00bf4e4ba4ee0d88e2dc019e4e1369ec1814c

SHA256
dac15d9ed0f62fe767e86276f839d37b2413e965c3ac468e383fc9336199eb87

SHA512
b370f033e2071a501cfbbb52986c7963086b11e3ae3efd31b00d144b0fad39492f573ac6df5cc2781414a8f5180a927b243f686b0b87e0893bc4d28689c4188b

Download Submit
C:\Windows\system\LuBqSTM.exe

Filesize
6.0MB

MD5
71e3cef196f125e9ef293a558bba7e36

SHA1
1a5b7acbe48f3163d9f87d6ad3156de512a2f436

SHA256
77615d93fa8b283e2df3c66a886adbea615d3575f9e979a3b1d8397e86424ad7

SHA512
d00eece5c07bcf0fb43c4667b240478b8b14a5b62ca8743ee4ae7fa0fa934bac778c2c3d79e2e0ee088035bcf2377b22406fe921220c148185bcd286abe8e62b

Download Submit
C:\Windows\system\NKsmLMy.exe

Filesize
6.0MB

MD5
9bfb5f14d1bf9017ef84b357a889206b

SHA1
8a82a4e0fd9f73cc1fc5bbbf93e5e8019cee949b

SHA256
c6e515e0db7f78b2492d5539dff672a8ab2ed4cc29c72bf79bb182f1fcaa0930

SHA512
b944e3c2abedd5128accab28251428021fa2a7b4c0e23c56836b033d2135324edcad612fe6949037ed1e7e2b961245490e73dd717d26b50bd26ba5e6a4e2a731

Download Submit
C:\Windows\system\SFFOcMw.exe

Filesize
6.0MB

MD5
b484e2b5387c851c1d306235c28d00fa

SHA1
b3d3362fc7c962e9455140c7c123d681a445c5bd

SHA256
e2d185daa5728fac52aa5cc7da77aa17f3db93ad5f68b83f755840d6076920e3

SHA512
2325d370f51e928805d2a8d676860df2d91ab6a5cad3b8a29a789cbcde68983058375bbbbadcb8f82c7578118af01b2cc595d4be4d4fd960407feb300b8507dc

Download Submit
C:\Windows\system\UrLhSaL.exe

Filesize
6.0MB

MD5
96927c1017ccfc2a98f640177a5eb8ec

SHA1
c4e4c635a7d6c06708204d33a30c8fd38b57a620

SHA256
cf4b60f2498ac1b4a06d1a450105a023f78d1660c18b01e0a77c83443352c716

SHA512
2590623eaa4320761250c44c0b7ad8c6f57d5b1d915cf44f98fd0ab50e0d11b79fbd3d148edd64cf9978137d4f90a7b6da3e6b12c6b4d5014e29a90923bbd51a

Download Submit
C:\Windows\system\XMCbXCa.exe

Filesize
6.0MB

MD5
35ff291deffd40f13418e05c99dab86a

SHA1
ab4f2b4d9d192c9a874bff60d9b453bb464d920d

SHA256
0e3ff0d31d5d46b0333bef06572819b069a266ce191bb516ce14dd08eedf5e3d

SHA512
c3659016b09ae8722ac690baf8d942fca0e3b24e693be6ac3469c787b5b313d9ae4de06045b52bd20b11e72237a172d65c727097752d69f9de9cef1caa32c863

Download Submit
C:\Windows\system\eSFqbZF.exe

Filesize
6.0MB

MD5
37e3067307cafc767a1b2890f7f7d9f3

SHA1
235c7d98a32dd398177c966a5a7cdf1d126d8484

SHA256
0dbbe883aaea95276a8a32f3d0afc3fc363bfccc98cfe94f5b4e0bf6608e4367

SHA512
d25ef418eed04d9178583ea25e31815da034cde22a6f0ffea922684e5c7df4941e9dcf175db3a5b491e5912cc8cfb209f6ee5615b50c073bf5264ee32f6dc937

Download Submit
C:\Windows\system\gbkqgSq.exe

Filesize
6.0MB

MD5
758faeac63f93ab07c4fb991611eaf7f

SHA1
fc2768db48cfd89143a38f3631c03aa9c5be2bab

SHA256
314c43f6ccbc1c6b7e61f345d599fa626f9c43106a9d19da37ead8f3617e8765

SHA512
b465662983ebc970507262405a7514962673a367a65e760bc5a8a636ac49b7e43a5d33ea20fb09e6e4b79edae6ff8b97c08ae1ce7ff90a37a9d235efe9866694

Download Submit
C:\Windows\system\hGIWqdW.exe

Filesize
6.0MB

MD5
9d82fe9eff87f33118b32ed9f0e7545e

SHA1
db49f10544db1d2022cc47a39d89017d581128c9

SHA256
9983fc632a5988ac63baf79759f12a99dbf5703604037c600fe556217507d536

SHA512
e0eb2ca115cc6660f1045839acafb94625f3911a93d4fc7feb75500f91f6a33ac5077f66d4176866d3e3d7eae0a86e6782ed5c6321bb06b815b7ecf755b79cba

Download Submit
C:\Windows\system\hMYyxoX.exe

Filesize
6.0MB

MD5
bc311e06a063ccc6fc30aa98b3946632

SHA1
5e91816c7afccf3b1fe69787ca32fa6053b16b6c

SHA256
a8de1c8abefb0bb3acdfc47623f4d70b4a2ddeb8b9cf438025b2df3b4e09ceeb

SHA512
570823730b7748b0e9e8f4c0f8fe922eb8dce9d1404c7b4bbacc209a84a5686cbf919a2804f79dff0460cac4b9b9bf8cef581b75123df3a33b225a8ebe8bf936

Download Submit
C:\Windows\system\kSusNFs.exe

Filesize
6.0MB

MD5
d06ab3837c7bf4ccc68003e2a98a05b1

SHA1
1e8bd85090e40c03e2732172690ea3bf1695b742

SHA256
f35dea68738410cfdf794f79abfd9e6de10e1b078cb1178ffc11841e51ad09ad

SHA512
f56eab59aaa1396deaa2a93507e7c643133bfdf82471a33635c6db2efce1903448b22027f2e480b69d5f999cc4cf22d7a08c09755adec8af965f6b6ce27c8d82

Download Submit
C:\Windows\system\kopOcxm.exe

Filesize
6.0MB

MD5
795849e8a9facfa2b29dc9c10d4d6a2f

SHA1
1c611affba443898cfe59259717f3ea99d9db703

SHA256
0fb87df4ed031bff4eb36ab97df041615a150e1259eea011e5d178fe487eef9a

SHA512
e28509078a90e25e71fee93af90136f98b5cc8816397fdcdaa393e3023f99825a6d7ad1378a6e5ec0da9829bbdf74064d2d684dc0d3e1ca8a5004cd429421dd3

Download Submit
C:\Windows\system\lcytTqe.exe

Filesize
6.0MB

MD5
a70eb208e0a2a94ee361713ce74d5ae2

SHA1
d36021c685d6d4d7800a169a4666dea6eb07e66e

SHA256
9ac0aff4f7193275547788e1bb0cd112b5f6ec5e9fb4d1ca00f2711b7b1c84cb

SHA512
caf1eedc03e0129cee057732ce0c9e716a3d862091e61c1aa6960450fcf5233b66fdee49e575bb34a6c360ca8b4355b82c29f780371986063cc5ac7e72d1217d

Download Submit
C:\Windows\system\lwcywks.exe

Filesize
6.0MB

MD5
b3e7050a6ba140749915b859e1819a35

SHA1
8d1c16f91697655fcb9e2a9fc6c602794874c660

SHA256
9d6f407dcff93c0a0cd15b9d574d15605413575b479be70a03a8536a3c724595

SHA512
fbfeb3aa0e3798b66a852e4eb0ea0c3d6100c89fc91ad35af105800de5df10d78d11e8face8f0b0b23fa0d7bc29c610b92e6f3a14d5da6d33c8d56376d36f7b8

Download Submit
C:\Windows\system\qYLKenF.exe

Filesize
6.0MB

MD5
366090f670de8d34e970fdd5e9311e0f

SHA1
35d3e9ca935388f56b2c6d6938997da8df017b97

SHA256
0d0489610f6c726d2bd4328e28b54462538aa3c9393d6c5b1b6dea84ec2cdfb2

SHA512
b4eed62084844b1ee378ea65ad9fb5dc329d90ed0bdf94763456646e65c72a4db3b06d440ccffedabbf603f4bb6c0c2be0651acf2bc02c0f480f6a688e9f549f

Download Submit
C:\Windows\system\tokrazn.exe

Filesize
6.0MB

MD5
2901507e649f3231e986c0ca64929896

SHA1
084575b32ff8a5cc6bc38010c4e54cc1437ff25d

SHA256
f1aaa12e5f090d4f58ad1917cac6b660fe44f113996269b2243a66e57afb8f3c

SHA512
146add26dfa10133f30d9756e02830683fd378826b8c1de68ad7628ef8329c4c670f5f731f099f1797a526b10fa5b64f91fd8cc85f49ba5c05043b96f8bcbbab

Download Submit
C:\Windows\system\vkIXjms.exe

Filesize
6.0MB

MD5
88529d4419656cd3e1ac75e4128bbd36

SHA1
4459152271dba23f183894e63cf7af35607669ad

SHA256
55a9f1c083c9f88ccdf254a87f6c76ab5f18387c3826e632028eb75c3dcc894e

SHA512
f1561c1d178befe1c739628b12d40db9f8034e3aa5f9383efaf62b538ee1e8bdb5330be04eb7e9b18c703f4f8563a70629d1b4e013065712b1965603b302ac03

Download Submit
C:\Windows\system\wmshjmU.exe

Filesize
6.0MB

MD5
7d0a45ceec05f40f83872ee9c8b31883

SHA1
2b97587e6a675e1476c7580c554017224644e436

SHA256
9a2597dacd44cb6ba94849c9cd0dfcd79a996b5d5b908b8595a7c534a8b61572

SHA512
f0715e9139cf4f7b59a6b5bb010cb6bd5c6af90c1b5d3d3a2744cacdbccfb88fb99f66b0e023d1c8a8e52ebbcdf1f4767cc61ff29b861fbb13b5798bbb8817dd

Download Submit
C:\Windows\system\yvgDgxe.exe

Filesize
6.0MB

MD5
5916b2906190d949dc8d361fdea8f97e

SHA1
2f7d71416298a98f05fc9d1e5f013635b69e417f

SHA256
d65567c588d158df99b79f6fa3aae728b3adb6e86e1bd047a977609317d3f77e

SHA512
d889f2fa47beb88ac219061c7107839a786db4f681eb941f135b652de314c37856b597f5e7f9f9e7eeb3123596f9f653c36b37ad6d4be62df9ebe97a7a84878a

Download Submit
\Windows\system\AokMwyS.exe

Filesize
6.0MB

MD5
6c30663f91af9be86f84fb61acdfce2e

SHA1
47f5213e6360b17bc98f36d55a0f37339773eaed

SHA256
76eb319dcbae35955f07bca504476e2597c2deecf2ccd3a23bf1b86d07b335a8

SHA512
3690d991e2f63407a2193b2dd9cb2556418256c8d1ea1cf6b754fb94ba19fa3a7013da64adfc233fc07aaa4fc7594178b743f0c11d0b9d7f0262bd2378e0f632

Download Submit
\Windows\system\CbsIMsI.exe

Filesize
6.0MB

MD5
43cf08f165a85c43e3c92d364429df1d

SHA1
caa66bd05594b7cb4363f3916e79eaf867c66353

SHA256
2d93dd9ba30271f079366c8fd68d7b00a4c00adbc1332725bfb9fa1c4a4c59e7

SHA512
9e12a80a0eb0838579e38ccc360cbe83bd35e79a152c0fb6022b5fcf64129a943cde6f6cd344edc28024d001f321ddfc06c3369b767feb92cecab825483aa856

Download Submit
\Windows\system\EHtLrsc.exe

Filesize
6.0MB

MD5
e56bcc611bf4fd21842b3cb95895fdbd

SHA1
348433e0584cc127bdefa702eb6e4fad6697f2cf

SHA256
ea1cf75cb559c859e56bbe623e22ba2f262430733e84b5442f8965466a87f2c0

SHA512
b08fa0c448445cd7c8286a6d5909a4ae00286590d97467d1f7888a8d063d7e9a357e7e91563e3df05ec85b190d4f9cf5d26ad76030146d1ac22441b85e755cc3

Download Submit
\Windows\system\JKCmBJV.exe

Filesize
6.0MB

MD5
e593caeed474538fa27b10ef389efdc7

SHA1
21cc29d9a6f515d53de713acfe62b2829cd34d07

SHA256
024cbf6e0ece1cd22855a158ac7e8b265b06a6a004dc0e228c4eb93f0bae81e5

SHA512
28e8c71a9891cd6767a8eed0831993d43cb8d08bc6cecc6526fc4f3e7b9fd6a7f80a6575128fd57eb0bf7de35f20756d4548b5218d29b31315436f36e86fe821

Download Submit
\Windows\system\LrPRMeC.exe

Filesize
6.0MB

MD5
10af043d8fa6050b84130b6c0f3c561f

SHA1
5ce62dcd54c27c8b798c60094fac8ba20ca197ce

SHA256
9d3e974ef4ce1904094467f7e2724a8fff46848069a7c6b43b83d95802550119

SHA512
f0cc00b0cd37bb7808fb0d46007866deb25ed405c70504387952cf29f15a781b9390c46d028dccc060ef3d36be8caa7f64cffe99320d64ff0b0cc3e58f90be9a

Download Submit
\Windows\system\WTOBHgT.exe

Filesize
6.0MB

MD5
70e1d5c3a03ca3bb3d4042734fefd2a0

SHA1
e73f2c3dcef4558eea078989102581084c2cfac1

SHA256
76f5d27e23ee585eaef9f8b2ed00b4c06d42298f28f8606bc6aae9a70bd6915c

SHA512
dafe9c8e4f578fa79c78a1e2fdb9ea3fcdbdec9f360b0aa396c6df63aaed19bbd475e7ba1937ecadabc72017fa2d701ac7bfc7b46d8eafd820a975d950ab1639

Download Submit
\Windows\system\divebwD.exe

Filesize
6.0MB

MD5
74b64258602cd8e4e8e2da3f7e9ba77f

SHA1
b6871147223febe639ad4cad3612d532ec06409c

SHA256
7a537db202e2823abdc4dbcb291f20d8d37f91e6a653f13d2b766512b68f6c3f

SHA512
aa6699cd1bc66365bbabe612e6df3c981a14a5b23a1c9d75df1b7d0656a73d190681662258ed906272df90fbca7ec2d29d4f215cac138123ed83ce467ebf2665

Download Submit
\Windows\system\nNHHssB.exe

Filesize
6.0MB

MD5
b90c259b929a518b0037096b1b9c81ae

SHA1
689fe8d13432ddeaa9968eb959c0b8b90869f610

SHA256
bdd345f77839947dbe2dcf604e3125ec14b6e748dbe69c3ed248cb86f9599a62

SHA512
3d37f0b27e97a441ef0cfde6f52d0b4287c81babd1f86a082486878e807bec10c70349d99987bfc8c1ac2fa1af2b32d3a68f5a8450eb54c0ce314905c354f870

Download Submit
\Windows\system\tnootXR.exe

Filesize
6.0MB

MD5
083702cd95cf68713f3dfadbba4d128a

SHA1
49a9dbfbee1a77a809f05b6159055745d095edee

SHA256
c60ad0b632f9a166b5044e87e4559bd2a475da33490a43e1ab89760581e28151

SHA512
293ea0df908fbfe9c01b146efb939a32b177e3ac84709c39ac815035c57e04838fbb8d96ca2ad41a432b3b0ce1832b958a6c51d7577a72e31548177d7c490093

Download Submit
\Windows\system\xQGrndW.exe

Filesize
6.0MB

MD5
fac582059abfc7491436ce9d8d67f624

SHA1
90d82954e036e6d1ecc83cee519be8f93684d5ac

SHA256
f7585b8fe15afd7c6eb240529712afce7a6e7121cda7ee81c541b9bcd2098f94

SHA512
148b9af20631b4627e1d735db715bdb1ce326fa3a1fc935ba8a9c6224cbac4145be0ec16e1d3840703d52ef5a9af8d524c05a8fef945135b6a7f14382508b6ce

Download Submit
\Windows\system\zViRSTX.exe

Filesize
6.0MB

MD5
970f31389f0182aed281ebb405b7a656

SHA1
63cbd3e2de6912c4522e42a63e851b58dba31b62

SHA256
2d764ce08f74c2ca15f57ee7ec2ee2af19b5a242325f45be922d422672eaba34

SHA512
7cf9611350990f03a162604f27ad7b035e390d0a8943fac19b8fee2daf3e0e2965077516dcacaa7b782386fb448ec5b29cdc985f87afd83adb0cb1208b8a3ab9

Download Submit
memory/568-1500-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/568-1508-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/968-1516-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/1188-1503-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/1188-1497-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-1509-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2100-1950-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2460-1485-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2460-9-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-1499-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2576-1495-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1512-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1955-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2732-1479-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2732-1507-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2828-55-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-1493-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-1486-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2832-29-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2836-1511-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2840-23-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-1488-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-14-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1515-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1489-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1958-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1496-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1484-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1498-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2904-8-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1953-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2904-25-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2904-18-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1954-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1514-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2904-37-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1956-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1513-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1510-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2904-36-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1560-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2904-32-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2904-44-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1505-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1806-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1949-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2904-0-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1951-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1952-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1957-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2980-16-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-46-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1487-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-38-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/3044-1483-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download