cobaltstrike | 1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 21:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
Size

6.0MB
MD5

cfff22854a491bdacddbf2aa67e06aa9
SHA1

69c9be886458f3943be526b295be47a3337b5f10
SHA256

1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65
SHA512

62337c4cdc019104badbc8a432255b3fd8c77366deb53009aa06845f02b91bf6086470efb6ea96db5330d9e2b5988e93a817bf9cccc808f53abe07648dd548f4
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUS:eOl56utgpPF8u/7S

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012266-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cf0-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d0c-12.dat	cobalt_reflective_dll
behavioral1/files/0x000b000000016cab-23.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000016d2c-38.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d1c-34.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d3f-50.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-58.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-73.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-76.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-87.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-99.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-106.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-119.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-129.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-150.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-190.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-196.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-201.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-185.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-181.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-176.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-170.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-166.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-160.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-146.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b1-136.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-139.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-83.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1736-0-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/files/0x000c000000012266-3.dat	xmrig
behavioral1/files/0x0008000000016cf0-9.dat	xmrig
behavioral1/memory/1236-8-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/1224-16-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d0c-12.dat	xmrig
behavioral1/files/0x000b000000016cab-23.dat	xmrig
behavioral1/memory/1736-27-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2324-25-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2912-29-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/files/0x000a000000016d2c-38.dat	xmrig
behavioral1/memory/3064-36-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/1224-42-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/3044-43-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/1236-35-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d1c-34.dat	xmrig
behavioral1/memory/2324-47-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2912-48-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d3f-50.dat	xmrig
behavioral1/memory/3064-53-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2920-57-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/files/0x0002000000018334-58.dat	xmrig
behavioral1/files/0x000500000001950f-73.dat	xmrig
behavioral1/memory/1968-75-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/files/0x00050000000194ef-76.dat	xmrig
behavioral1/memory/2248-77-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/2872-68-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/files/0x0005000000019547-87.dat	xmrig
behavioral1/memory/1692-84-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2920-91-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2984-93-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/1736-92-0x00000000024B0000-0x0000000002804000-memory.dmp	xmrig
behavioral1/memory/2908-100-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001957c-99.dat	xmrig
behavioral1/files/0x00050000000195a7-106.dat	xmrig
behavioral1/files/0x00050000000195ab-119.dat	xmrig
behavioral1/files/0x00050000000195ad-125.dat	xmrig
behavioral1/files/0x00050000000195af-129.dat	xmrig
behavioral1/memory/2248-132-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/files/0x00050000000195b7-150.dat	xmrig
behavioral1/files/0x00050000000195bb-153.dat	xmrig
behavioral1/files/0x000500000001960c-190.dat	xmrig
behavioral1/files/0x0005000000019643-196.dat	xmrig
behavioral1/memory/1736-276-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2908-293-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/1736-409-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/1236-609-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/1224-610-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/2324-611-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/3064-612-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2276-371-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2984-241-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/3044-613-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2912-614-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/files/0x000500000001975a-201.dat	xmrig
behavioral1/memory/1692-193-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c7-185.dat	xmrig
behavioral1/files/0x00050000000195c6-181.dat	xmrig
behavioral1/files/0x00050000000195c5-176.dat	xmrig
behavioral1/files/0x00050000000195c3-170.dat	xmrig
behavioral1/files/0x00050000000195c1-166.dat	xmrig
behavioral1/files/0x00050000000195bd-160.dat	xmrig
behavioral1/files/0x00050000000195b5-146.dat	xmrig
behavioral1/files/0x00050000000195b1-136.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1236	zBUnETc.exe
1224	FHMpebI.exe
2324	ymcvamv.exe
2912	hPepvHR.exe
3064	MCUWoXp.exe
3044	mFNTHnL.exe
2920	PKHQMCY.exe
2872	CZzoZTn.exe
1968	MvIqRzQ.exe
2248	aomZaeW.exe
1692	EqSHRAd.exe
2984	rwitxnU.exe
2908	auUsQHE.exe
2276	dwiXLbj.exe
2860	OcktryR.exe
2460	lBlFRAu.exe
1352	mNJjXwi.exe
2088	FOhwZIH.exe
696	XXyfpzo.exe
1400	biOklYW.exe
1304	QFsepdo.exe
2216	HRDqSiy.exe
2336	viyXisl.exe
2244	OolgFqI.exe
2176	niMAStU.exe
2428	VIhEgzB.exe
1876	IOrxJLG.exe
560	FVYIzNI.exe
1164	ukpLDrO.exe
2148	eZhFGoF.exe
1812	qecFLAl.exe
1364	IAbZPiu.exe
1540	jpblEOX.exe
2584	fLOPEEx.exe
2264	AADiNQV.exe
1712	ovykLYL.exe
1064	ofmdKgv.exe
1204	JbJbgeL.exe
2704	lAkwuJQ.exe
2096	jgmtJHP.exe
2808	acsfRbJ.exe
2172	dVagIJs.exe
1920	nSaKxnX.exe
1824	qgTnaoz.exe
2616	GrbrbLC.exe
2372	ULqObRH.exe
1256	fsjVmQY.exe
1612	Uxoyhjo.exe
1616	KZtMSJE.exe
2164	uNOLWxM.exe
2936	GvqYOBJ.exe
2156	akuXzBZ.exe
2900	nRQQlsG.exe
2180	uigGzCV.exe
2252	uCRCsfR.exe
3048	rlytQRw.exe
2980	GyykAUs.exe
2956	VEorABD.exe
3040	JFvNlLG.exe
1804	flknCAQ.exe
2800	RujztXd.exe
1944	JGSXyKn.exe
264	yCLcusK.exe
1264	CTAwxKf.exe

Loads dropped DLL 64 IoCs

pid	Process
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1736-0-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/files/0x000c000000012266-3.dat	upx
behavioral1/files/0x0008000000016cf0-9.dat	upx
behavioral1/memory/1236-8-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/1224-16-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/files/0x0007000000016d0c-12.dat	upx
behavioral1/files/0x000b000000016cab-23.dat	upx
behavioral1/memory/1736-27-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2324-25-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2912-29-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/files/0x000a000000016d2c-38.dat	upx
behavioral1/memory/3064-36-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/1224-42-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/3044-43-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/1236-35-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x0007000000016d1c-34.dat	upx
behavioral1/memory/2324-47-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2912-48-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/files/0x0009000000016d3f-50.dat	upx
behavioral1/memory/3064-53-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2920-57-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/files/0x0002000000018334-58.dat	upx
behavioral1/files/0x000500000001950f-73.dat	upx
behavioral1/memory/1968-75-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/files/0x00050000000194ef-76.dat	upx
behavioral1/memory/2248-77-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/2872-68-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/files/0x0005000000019547-87.dat	upx
behavioral1/memory/1692-84-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2920-91-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2984-93-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2908-100-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/files/0x000500000001957c-99.dat	upx
behavioral1/files/0x00050000000195a7-106.dat	upx
behavioral1/files/0x00050000000195ab-119.dat	upx
behavioral1/files/0x00050000000195ad-125.dat	upx
behavioral1/files/0x00050000000195af-129.dat	upx
behavioral1/memory/2248-132-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/files/0x00050000000195b7-150.dat	upx
behavioral1/files/0x00050000000195bb-153.dat	upx
behavioral1/files/0x000500000001960c-190.dat	upx
behavioral1/files/0x0005000000019643-196.dat	upx
behavioral1/memory/2908-293-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/1236-609-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/1224-610-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/2324-611-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/3064-612-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2276-371-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2984-241-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/3044-613-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2912-614-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/files/0x000500000001975a-201.dat	upx
behavioral1/memory/1692-193-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/files/0x00050000000195c7-185.dat	upx
behavioral1/files/0x00050000000195c6-181.dat	upx
behavioral1/files/0x00050000000195c5-176.dat	upx
behavioral1/files/0x00050000000195c3-170.dat	upx
behavioral1/files/0x00050000000195c1-166.dat	upx
behavioral1/files/0x00050000000195bd-160.dat	upx
behavioral1/files/0x00050000000195b5-146.dat	upx
behavioral1/files/0x00050000000195b1-136.dat	upx
behavioral1/files/0x00050000000195b3-139.dat	upx
behavioral1/files/0x00050000000195a9-115.dat	upx
behavioral1/memory/1968-111-0x000000013FD20000-0x0000000140074000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\OPcHIGd.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\gJeDvTQ.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\LHZJZIn.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\dPlICEy.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\nXaCBFr.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\ymWqQnu.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\uoIKKyZ.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\WYDmiQx.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\IAbZPiu.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\eiShgTh.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\CzcwkCA.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\DBKRpvv.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\DOyyUgI.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\jzBmQVW.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\qSSocof.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\HHkppyt.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\qRcDEhr.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\hWdlXWX.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\tSPbrhW.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\oWChYxt.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\MDmCsvk.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\ttdRHch.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\EjWGdZc.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\PqGhaxG.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\RfetQHT.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\zZATEQl.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\JmxADrh.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\lPexnSV.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\ivJCubm.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\WoDTCKM.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\TgMbXtO.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\HoUEncG.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\iDqxyqO.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\vircszc.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\Lljazez.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\XUTqRzs.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\OIjuyAH.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\TFATOJM.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\aosTOPJ.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\LKkLmnS.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\yGIiLxG.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\MGSKKwE.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\uUVVhgm.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\zgXIQVK.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\Nydvsod.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\tiJTnQB.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\zRUwrRL.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\wqHIZcR.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\zSRPRuu.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\yDWDtSk.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\JEtseye.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\jsKKPBL.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\quciLVv.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\DnZcOlP.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\fsjVmQY.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\LKoMZFN.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\POGEfAs.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\FiQUqkc.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\zkeyJjv.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\PcbRYDc.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\BNPcnNl.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\zxSGtqs.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\aXlsKcC.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
File created	C:\Windows\System\EkGwybA.exe	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 1236	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	31
PID 1736 wrote to memory of 1236	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	31
PID 1736 wrote to memory of 1236	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	31
PID 1736 wrote to memory of 1224	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	32
PID 1736 wrote to memory of 1224	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	32
PID 1736 wrote to memory of 1224	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	32
PID 1736 wrote to memory of 2912	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	33
PID 1736 wrote to memory of 2912	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	33
PID 1736 wrote to memory of 2912	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	33
PID 1736 wrote to memory of 2324	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	34
PID 1736 wrote to memory of 2324	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	34
PID 1736 wrote to memory of 2324	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	34
PID 1736 wrote to memory of 3064	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	35
PID 1736 wrote to memory of 3064	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	35
PID 1736 wrote to memory of 3064	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	35
PID 1736 wrote to memory of 3044	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	36
PID 1736 wrote to memory of 3044	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	36
PID 1736 wrote to memory of 3044	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	36
PID 1736 wrote to memory of 2920	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	37
PID 1736 wrote to memory of 2920	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	37
PID 1736 wrote to memory of 2920	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	37
PID 1736 wrote to memory of 2872	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	38
PID 1736 wrote to memory of 2872	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	38
PID 1736 wrote to memory of 2872	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	38
PID 1736 wrote to memory of 2248	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	39
PID 1736 wrote to memory of 2248	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	39
PID 1736 wrote to memory of 2248	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	39
PID 1736 wrote to memory of 1968	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	40
PID 1736 wrote to memory of 1968	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	40
PID 1736 wrote to memory of 1968	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	40
PID 1736 wrote to memory of 1692	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	41
PID 1736 wrote to memory of 1692	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	41
PID 1736 wrote to memory of 1692	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	41
PID 1736 wrote to memory of 2984	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	42
PID 1736 wrote to memory of 2984	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	42
PID 1736 wrote to memory of 2984	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	42
PID 1736 wrote to memory of 2908	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	43
PID 1736 wrote to memory of 2908	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	43
PID 1736 wrote to memory of 2908	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	43
PID 1736 wrote to memory of 2276	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	44
PID 1736 wrote to memory of 2276	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	44
PID 1736 wrote to memory of 2276	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	44
PID 1736 wrote to memory of 2860	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	45
PID 1736 wrote to memory of 2860	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	45
PID 1736 wrote to memory of 2860	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	45
PID 1736 wrote to memory of 2460	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	46
PID 1736 wrote to memory of 2460	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	46
PID 1736 wrote to memory of 2460	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	46
PID 1736 wrote to memory of 1352	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	47
PID 1736 wrote to memory of 1352	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	47
PID 1736 wrote to memory of 1352	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	47
PID 1736 wrote to memory of 2088	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	48
PID 1736 wrote to memory of 2088	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	48
PID 1736 wrote to memory of 2088	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	48
PID 1736 wrote to memory of 696	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	49
PID 1736 wrote to memory of 696	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	49
PID 1736 wrote to memory of 696	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	49
PID 1736 wrote to memory of 1400	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	50
PID 1736 wrote to memory of 1400	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	50
PID 1736 wrote to memory of 1400	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	50
PID 1736 wrote to memory of 1304	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	51
PID 1736 wrote to memory of 1304	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	51
PID 1736 wrote to memory of 1304	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	51
PID 1736 wrote to memory of 2216	1736	JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1765537895892d2ddd4f9d246670769a0887234360958b2b499f41dc2bce2f65.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Windows\System\zBUnETc.exe
  C:\Windows\System\zBUnETc.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\FHMpebI.exe
  C:\Windows\System\FHMpebI.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\hPepvHR.exe
  C:\Windows\System\hPepvHR.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\ymcvamv.exe
  C:\Windows\System\ymcvamv.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\MCUWoXp.exe
  C:\Windows\System\MCUWoXp.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\mFNTHnL.exe
  C:\Windows\System\mFNTHnL.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\PKHQMCY.exe
  C:\Windows\System\PKHQMCY.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\CZzoZTn.exe
  C:\Windows\System\CZzoZTn.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\aomZaeW.exe
  C:\Windows\System\aomZaeW.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\MvIqRzQ.exe
  C:\Windows\System\MvIqRzQ.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\EqSHRAd.exe
  C:\Windows\System\EqSHRAd.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\rwitxnU.exe
  C:\Windows\System\rwitxnU.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\auUsQHE.exe
  C:\Windows\System\auUsQHE.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\dwiXLbj.exe
  C:\Windows\System\dwiXLbj.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\OcktryR.exe
  C:\Windows\System\OcktryR.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\lBlFRAu.exe
  C:\Windows\System\lBlFRAu.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\mNJjXwi.exe
  C:\Windows\System\mNJjXwi.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\FOhwZIH.exe
  C:\Windows\System\FOhwZIH.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\XXyfpzo.exe
  C:\Windows\System\XXyfpzo.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\biOklYW.exe
  C:\Windows\System\biOklYW.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\QFsepdo.exe
  C:\Windows\System\QFsepdo.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\HRDqSiy.exe
  C:\Windows\System\HRDqSiy.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\viyXisl.exe
  C:\Windows\System\viyXisl.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\OolgFqI.exe
  C:\Windows\System\OolgFqI.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\niMAStU.exe
  C:\Windows\System\niMAStU.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\VIhEgzB.exe
  C:\Windows\System\VIhEgzB.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\IOrxJLG.exe
  C:\Windows\System\IOrxJLG.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\FVYIzNI.exe
  C:\Windows\System\FVYIzNI.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\ukpLDrO.exe
  C:\Windows\System\ukpLDrO.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\eZhFGoF.exe
  C:\Windows\System\eZhFGoF.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\qecFLAl.exe
  C:\Windows\System\qecFLAl.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\IAbZPiu.exe
  C:\Windows\System\IAbZPiu.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\jpblEOX.exe
  C:\Windows\System\jpblEOX.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\fLOPEEx.exe
  C:\Windows\System\fLOPEEx.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\AADiNQV.exe
  C:\Windows\System\AADiNQV.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\ovykLYL.exe
  C:\Windows\System\ovykLYL.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\ofmdKgv.exe
  C:\Windows\System\ofmdKgv.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\JbJbgeL.exe
  C:\Windows\System\JbJbgeL.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\lAkwuJQ.exe
  C:\Windows\System\lAkwuJQ.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\jgmtJHP.exe
  C:\Windows\System\jgmtJHP.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\acsfRbJ.exe
  C:\Windows\System\acsfRbJ.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\dVagIJs.exe
  C:\Windows\System\dVagIJs.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\nSaKxnX.exe
  C:\Windows\System\nSaKxnX.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\qgTnaoz.exe
  C:\Windows\System\qgTnaoz.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\GrbrbLC.exe
  C:\Windows\System\GrbrbLC.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\ULqObRH.exe
  C:\Windows\System\ULqObRH.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\fsjVmQY.exe
  C:\Windows\System\fsjVmQY.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\Uxoyhjo.exe
  C:\Windows\System\Uxoyhjo.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\KZtMSJE.exe
  C:\Windows\System\KZtMSJE.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\uNOLWxM.exe
  C:\Windows\System\uNOLWxM.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\GvqYOBJ.exe
  C:\Windows\System\GvqYOBJ.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\akuXzBZ.exe
  C:\Windows\System\akuXzBZ.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\nRQQlsG.exe
  C:\Windows\System\nRQQlsG.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\uigGzCV.exe
  C:\Windows\System\uigGzCV.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\uCRCsfR.exe
  C:\Windows\System\uCRCsfR.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\rlytQRw.exe
  C:\Windows\System\rlytQRw.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\GyykAUs.exe
  C:\Windows\System\GyykAUs.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\VEorABD.exe
  C:\Windows\System\VEorABD.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\JFvNlLG.exe
  C:\Windows\System\JFvNlLG.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\flknCAQ.exe
  C:\Windows\System\flknCAQ.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\RujztXd.exe
  C:\Windows\System\RujztXd.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\JGSXyKn.exe
  C:\Windows\System\JGSXyKn.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\yCLcusK.exe
  C:\Windows\System\yCLcusK.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\CTAwxKf.exe
  C:\Windows\System\CTAwxKf.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\MVhQAXF.exe
  C:\Windows\System\MVhQAXF.exe
  2⤵
  PID:2136
- C:\Windows\System\hUSQUyz.exe
  C:\Windows\System\hUSQUyz.exe
  2⤵
  PID:2740
- C:\Windows\System\meGEsnO.exe
  C:\Windows\System\meGEsnO.exe
  2⤵
  PID:452
- C:\Windows\System\kZUGoeU.exe
  C:\Windows\System\kZUGoeU.exe
  2⤵
  PID:1152
- C:\Windows\System\YUtulaV.exe
  C:\Windows\System\YUtulaV.exe
  2⤵
  PID:764
- C:\Windows\System\xMFEJVJ.exe
  C:\Windows\System\xMFEJVJ.exe
  2⤵
  PID:2268
- C:\Windows\System\sSXYzjl.exe
  C:\Windows\System\sSXYzjl.exe
  2⤵
  PID:2052
- C:\Windows\System\HrOyKRN.exe
  C:\Windows\System\HrOyKRN.exe
  2⤵
  PID:2384
- C:\Windows\System\cCHRaSU.exe
  C:\Windows\System\cCHRaSU.exe
  2⤵
  PID:972
- C:\Windows\System\MwzeLct.exe
  C:\Windows\System\MwzeLct.exe
  2⤵
  PID:624
- C:\Windows\System\IirfNPo.exe
  C:\Windows\System\IirfNPo.exe
  2⤵
  PID:2700
- C:\Windows\System\yONmugH.exe
  C:\Windows\System\yONmugH.exe
  2⤵
  PID:612
- C:\Windows\System\VNYoLUZ.exe
  C:\Windows\System\VNYoLUZ.exe
  2⤵
  PID:1972
- C:\Windows\System\YnNMAkV.exe
  C:\Windows\System\YnNMAkV.exe
  2⤵
  PID:2568
- C:\Windows\System\SnDTYZK.exe
  C:\Windows\System\SnDTYZK.exe
  2⤵
  PID:2840
- C:\Windows\System\waqbYXU.exe
  C:\Windows\System\waqbYXU.exe
  2⤵
  PID:2204
- C:\Windows\System\CmDxzFG.exe
  C:\Windows\System\CmDxzFG.exe
  2⤵
  PID:2604
- C:\Windows\System\BqyCLZz.exe
  C:\Windows\System\BqyCLZz.exe
  2⤵
  PID:576
- C:\Windows\System\fSjGHPo.exe
  C:\Windows\System\fSjGHPo.exe
  2⤵
  PID:2628
- C:\Windows\System\psQESNU.exe
  C:\Windows\System\psQESNU.exe
  2⤵
  PID:536
- C:\Windows\System\gADsMhh.exe
  C:\Windows\System\gADsMhh.exe
  2⤵
  PID:2636
- C:\Windows\System\tNruedf.exe
  C:\Windows\System\tNruedf.exe
  2⤵
  PID:2236
- C:\Windows\System\MgYXGoD.exe
  C:\Windows\System\MgYXGoD.exe
  2⤵
  PID:1624
- C:\Windows\System\IjqttSs.exe
  C:\Windows\System\IjqttSs.exe
  2⤵
  PID:2212
- C:\Windows\System\NxLQErF.exe
  C:\Windows\System\NxLQErF.exe
  2⤵
  PID:1984
- C:\Windows\System\TcQjyXl.exe
  C:\Windows\System\TcQjyXl.exe
  2⤵
  PID:584
- C:\Windows\System\flfNRhk.exe
  C:\Windows\System\flfNRhk.exe
  2⤵
  PID:3068
- C:\Windows\System\DZlwSRz.exe
  C:\Windows\System\DZlwSRz.exe
  2⤵
  PID:2496
- C:\Windows\System\xUNjyGF.exe
  C:\Windows\System\xUNjyGF.exe
  2⤵
  PID:2916
- C:\Windows\System\oCWBZjj.exe
  C:\Windows\System\oCWBZjj.exe
  2⤵
  PID:1940
- C:\Windows\System\IuzhZoV.exe
  C:\Windows\System\IuzhZoV.exe
  2⤵
  PID:2960
- C:\Windows\System\HlSxjuB.exe
  C:\Windows\System\HlSxjuB.exe
  2⤵
  PID:2540
- C:\Windows\System\XxXMzoA.exe
  C:\Windows\System\XxXMzoA.exe
  2⤵
  PID:2884
- C:\Windows\System\DegWXNp.exe
  C:\Windows\System\DegWXNp.exe
  2⤵
  PID:1952
- C:\Windows\System\ZcnAeGA.exe
  C:\Windows\System\ZcnAeGA.exe
  2⤵
  PID:1168
- C:\Windows\System\paZSAqA.exe
  C:\Windows\System\paZSAqA.exe
  2⤵
  PID:904
- C:\Windows\System\qlRnxnS.exe
  C:\Windows\System\qlRnxnS.exe
  2⤵
  PID:564
- C:\Windows\System\TFUnqpC.exe
  C:\Windows\System\TFUnqpC.exe
  2⤵
  PID:1964
- C:\Windows\System\XbelTlX.exe
  C:\Windows\System\XbelTlX.exe
  2⤵
  PID:912
- C:\Windows\System\ULpjnPm.exe
  C:\Windows\System\ULpjnPm.exe
  2⤵
  PID:2408
- C:\Windows\System\IMOtzmp.exe
  C:\Windows\System\IMOtzmp.exe
  2⤵
  PID:1564
- C:\Windows\System\XSzaZyc.exe
  C:\Windows\System\XSzaZyc.exe
  2⤵
  PID:2072
- C:\Windows\System\NGRsvKB.exe
  C:\Windows\System\NGRsvKB.exe
  2⤵
  PID:2056
- C:\Windows\System\hDnpZNP.exe
  C:\Windows\System\hDnpZNP.exe
  2⤵
  PID:1744
- C:\Windows\System\UjETqSs.exe
  C:\Windows\System\UjETqSs.exe
  2⤵
  PID:2140
- C:\Windows\System\IEuUaoj.exe
  C:\Windows\System\IEuUaoj.exe
  2⤵
  PID:1720
- C:\Windows\System\JspaPUV.exe
  C:\Windows\System\JspaPUV.exe
  2⤵
  PID:2288
- C:\Windows\System\htnyOGG.exe
  C:\Windows\System\htnyOGG.exe
  2⤵
  PID:2432
- C:\Windows\System\YyymmIb.exe
  C:\Windows\System\YyymmIb.exe
  2⤵
  PID:3016
- C:\Windows\System\qNbhQxp.exe
  C:\Windows\System\qNbhQxp.exe
  2⤵
  PID:2016
- C:\Windows\System\uPPYpzH.exe
  C:\Windows\System\uPPYpzH.exe
  2⤵
  PID:2952
- C:\Windows\System\vuDJPvM.exe
  C:\Windows\System\vuDJPvM.exe
  2⤵
  PID:2832
- C:\Windows\System\dYdzHUm.exe
  C:\Windows\System\dYdzHUm.exe
  2⤵
  PID:1996
- C:\Windows\System\XqMBCfu.exe
  C:\Windows\System\XqMBCfu.exe
  2⤵
  PID:1496
- C:\Windows\System\brAWemI.exe
  C:\Windows\System\brAWemI.exe
  2⤵
  PID:1408
- C:\Windows\System\FOoKFLF.exe
  C:\Windows\System\FOoKFLF.exe
  2⤵
  PID:1868
- C:\Windows\System\DUdRfuw.exe
  C:\Windows\System\DUdRfuw.exe
  2⤵
  PID:2780
- C:\Windows\System\EgNkAZe.exe
  C:\Windows\System\EgNkAZe.exe
  2⤵
  PID:1544
- C:\Windows\System\iiWXctz.exe
  C:\Windows\System\iiWXctz.exe
  2⤵
  PID:1620
- C:\Windows\System\RLecrcI.exe
  C:\Windows\System\RLecrcI.exe
  2⤵
  PID:1820
- C:\Windows\System\cELCwks.exe
  C:\Windows\System\cELCwks.exe
  2⤵
  PID:2208
- C:\Windows\System\EBYUTEk.exe
  C:\Windows\System\EBYUTEk.exe
  2⤵
  PID:1528
- C:\Windows\System\jbGEIha.exe
  C:\Windows\System\jbGEIha.exe
  2⤵
  PID:3080
- C:\Windows\System\TMhKwmt.exe
  C:\Windows\System\TMhKwmt.exe
  2⤵
  PID:3100
- C:\Windows\System\exoeXBl.exe
  C:\Windows\System\exoeXBl.exe
  2⤵
  PID:3120
- C:\Windows\System\oZkGfSQ.exe
  C:\Windows\System\oZkGfSQ.exe
  2⤵
  PID:3140
- C:\Windows\System\nwyeOjt.exe
  C:\Windows\System\nwyeOjt.exe
  2⤵
  PID:3160
- C:\Windows\System\fsFzAqW.exe
  C:\Windows\System\fsFzAqW.exe
  2⤵
  PID:3180
- C:\Windows\System\TpmJbNX.exe
  C:\Windows\System\TpmJbNX.exe
  2⤵
  PID:3200
- C:\Windows\System\SrfPjNQ.exe
  C:\Windows\System\SrfPjNQ.exe
  2⤵
  PID:3216
- C:\Windows\System\arGSVnb.exe
  C:\Windows\System\arGSVnb.exe
  2⤵
  PID:3240
- C:\Windows\System\jjccpzC.exe
  C:\Windows\System\jjccpzC.exe
  2⤵
  PID:3256
- C:\Windows\System\bDanAAm.exe
  C:\Windows\System\bDanAAm.exe
  2⤵
  PID:3276
- C:\Windows\System\jcrAGxF.exe
  C:\Windows\System\jcrAGxF.exe
  2⤵
  PID:3304
- C:\Windows\System\wdMHSiW.exe
  C:\Windows\System\wdMHSiW.exe
  2⤵
  PID:3324
- C:\Windows\System\NkSguxR.exe
  C:\Windows\System\NkSguxR.exe
  2⤵
  PID:3344
- C:\Windows\System\TapEsuw.exe
  C:\Windows\System\TapEsuw.exe
  2⤵
  PID:3364
- C:\Windows\System\xKnGRDI.exe
  C:\Windows\System\xKnGRDI.exe
  2⤵
  PID:3384
- C:\Windows\System\PvkbYKP.exe
  C:\Windows\System\PvkbYKP.exe
  2⤵
  PID:3404
- C:\Windows\System\GdrEnXN.exe
  C:\Windows\System\GdrEnXN.exe
  2⤵
  PID:3424
- C:\Windows\System\qweWOCJ.exe
  C:\Windows\System\qweWOCJ.exe
  2⤵
  PID:3444
- C:\Windows\System\lccYRXm.exe
  C:\Windows\System\lccYRXm.exe
  2⤵
  PID:3464
- C:\Windows\System\unIRKbX.exe
  C:\Windows\System\unIRKbX.exe
  2⤵
  PID:3484
- C:\Windows\System\RKYxRUf.exe
  C:\Windows\System\RKYxRUf.exe
  2⤵
  PID:3500
- C:\Windows\System\HCihZqY.exe
  C:\Windows\System\HCihZqY.exe
  2⤵
  PID:3520
- C:\Windows\System\wJubEHB.exe
  C:\Windows\System\wJubEHB.exe
  2⤵
  PID:3540
- C:\Windows\System\dShozet.exe
  C:\Windows\System\dShozet.exe
  2⤵
  PID:3564
- C:\Windows\System\NVgBvmm.exe
  C:\Windows\System\NVgBvmm.exe
  2⤵
  PID:3588
- C:\Windows\System\zFzJgAT.exe
  C:\Windows\System\zFzJgAT.exe
  2⤵
  PID:3608
- C:\Windows\System\wXYyBAX.exe
  C:\Windows\System\wXYyBAX.exe
  2⤵
  PID:3628
- C:\Windows\System\FiQUqkc.exe
  C:\Windows\System\FiQUqkc.exe
  2⤵
  PID:3648
- C:\Windows\System\mVLmkAt.exe
  C:\Windows\System\mVLmkAt.exe
  2⤵
  PID:3664
- C:\Windows\System\onJiJii.exe
  C:\Windows\System\onJiJii.exe
  2⤵
  PID:3684
- C:\Windows\System\gsYrYhq.exe
  C:\Windows\System\gsYrYhq.exe
  2⤵
  PID:3708
- C:\Windows\System\DPQgWrd.exe
  C:\Windows\System\DPQgWrd.exe
  2⤵
  PID:3728
- C:\Windows\System\JVCwpbe.exe
  C:\Windows\System\JVCwpbe.exe
  2⤵
  PID:3744
- C:\Windows\System\rSllREY.exe
  C:\Windows\System\rSllREY.exe
  2⤵
  PID:3768
- C:\Windows\System\dsuNmPn.exe
  C:\Windows\System\dsuNmPn.exe
  2⤵
  PID:3784
- C:\Windows\System\RTbehJE.exe
  C:\Windows\System\RTbehJE.exe
  2⤵
  PID:3808
- C:\Windows\System\jiNiQGO.exe
  C:\Windows\System\jiNiQGO.exe
  2⤵
  PID:3824
- C:\Windows\System\ehQYuvU.exe
  C:\Windows\System\ehQYuvU.exe
  2⤵
  PID:3848
- C:\Windows\System\qdJREWk.exe
  C:\Windows\System\qdJREWk.exe
  2⤵
  PID:3988
- C:\Windows\System\xaJIPgz.exe
  C:\Windows\System\xaJIPgz.exe
  2⤵
  PID:4008
- C:\Windows\System\cNQRCTQ.exe
  C:\Windows\System\cNQRCTQ.exe
  2⤵
  PID:4028
- C:\Windows\System\IwiDTEV.exe
  C:\Windows\System\IwiDTEV.exe
  2⤵
  PID:4048
- C:\Windows\System\ApVaiTL.exe
  C:\Windows\System\ApVaiTL.exe
  2⤵
  PID:4068
- C:\Windows\System\fTMyrCV.exe
  C:\Windows\System\fTMyrCV.exe
  2⤵
  PID:4084
- C:\Windows\System\KMBQjcQ.exe
  C:\Windows\System\KMBQjcQ.exe
  2⤵
  PID:1632
- C:\Windows\System\taELzCl.exe
  C:\Windows\System\taELzCl.exe
  2⤵
  PID:3028
- C:\Windows\System\RGADtDI.exe
  C:\Windows\System\RGADtDI.exe
  2⤵
  PID:1880
- C:\Windows\System\UIFlTTq.exe
  C:\Windows\System\UIFlTTq.exe
  2⤵
  PID:944
- C:\Windows\System\IUKVfyJ.exe
  C:\Windows\System\IUKVfyJ.exe
  2⤵
  PID:2632
- C:\Windows\System\DYghlGL.exe
  C:\Windows\System\DYghlGL.exe
  2⤵
  PID:2656
- C:\Windows\System\OxMzHRx.exe
  C:\Windows\System\OxMzHRx.exe
  2⤵
  PID:960
- C:\Windows\System\JWgrkuf.exe
  C:\Windows\System\JWgrkuf.exe
  2⤵
  PID:3076
- C:\Windows\System\phyJyTf.exe
  C:\Windows\System\phyJyTf.exe
  2⤵
  PID:2892
- C:\Windows\System\JBTKyFU.exe
  C:\Windows\System\JBTKyFU.exe
  2⤵
  PID:3096
- C:\Windows\System\wrKtUGs.exe
  C:\Windows\System\wrKtUGs.exe
  2⤵
  PID:3152
- C:\Windows\System\pAGhoMc.exe
  C:\Windows\System\pAGhoMc.exe
  2⤵
  PID:3196
- C:\Windows\System\CZaCDaI.exe
  C:\Windows\System\CZaCDaI.exe
  2⤵
  PID:3172
- C:\Windows\System\OqnPxCc.exe
  C:\Windows\System\OqnPxCc.exe
  2⤵
  PID:3232
- C:\Windows\System\zFvNGWE.exe
  C:\Windows\System\zFvNGWE.exe
  2⤵
  PID:3268
- C:\Windows\System\BnZlzwW.exe
  C:\Windows\System\BnZlzwW.exe
  2⤵
  PID:3316
- C:\Windows\System\FpBDGql.exe
  C:\Windows\System\FpBDGql.exe
  2⤵
  PID:3300
- C:\Windows\System\iMblkPK.exe
  C:\Windows\System\iMblkPK.exe
  2⤵
  PID:3340
- C:\Windows\System\VZrKPZR.exe
  C:\Windows\System\VZrKPZR.exe
  2⤵
  PID:3400
- C:\Windows\System\MwqtFxa.exe
  C:\Windows\System\MwqtFxa.exe
  2⤵
  PID:3476
- C:\Windows\System\ezzDwfR.exe
  C:\Windows\System\ezzDwfR.exe
  2⤵
  PID:3452
- C:\Windows\System\xiVxYHS.exe
  C:\Windows\System\xiVxYHS.exe
  2⤵
  PID:3512
- C:\Windows\System\iMbxgOH.exe
  C:\Windows\System\iMbxgOH.exe
  2⤵
  PID:3460
- C:\Windows\System\iQaUFsv.exe
  C:\Windows\System\iQaUFsv.exe
  2⤵
  PID:3560
- C:\Windows\System\oktyAzU.exe
  C:\Windows\System\oktyAzU.exe
  2⤵
  PID:3600
- C:\Windows\System\JFIIHlM.exe
  C:\Windows\System\JFIIHlM.exe
  2⤵
  PID:3672
- C:\Windows\System\ULbMcse.exe
  C:\Windows\System\ULbMcse.exe
  2⤵
  PID:3616
- C:\Windows\System\RsTmHld.exe
  C:\Windows\System\RsTmHld.exe
  2⤵
  PID:3716
- C:\Windows\System\LSDRkSd.exe
  C:\Windows\System\LSDRkSd.exe
  2⤵
  PID:3700
- C:\Windows\System\XmvyWVP.exe
  C:\Windows\System\XmvyWVP.exe
  2⤵
  PID:3740
- C:\Windows\System\dHSnZPO.exe
  C:\Windows\System\dHSnZPO.exe
  2⤵
  PID:3800
- C:\Windows\System\zSRWIbR.exe
  C:\Windows\System\zSRWIbR.exe
  2⤵
  PID:3844
- C:\Windows\System\WvBkqoA.exe
  C:\Windows\System\WvBkqoA.exe
  2⤵
  PID:3856
- C:\Windows\System\kaqgRQG.exe
  C:\Windows\System\kaqgRQG.exe
  2⤵
  PID:2904
- C:\Windows\System\PTyuJkb.exe
  C:\Windows\System\PTyuJkb.exe
  2⤵
  PID:2548
- C:\Windows\System\lTHVMyY.exe
  C:\Windows\System\lTHVMyY.exe
  2⤵
  PID:1460
- C:\Windows\System\njNxrHP.exe
  C:\Windows\System\njNxrHP.exe
  2⤵
  PID:1056
- C:\Windows\System\LKoMZFN.exe
  C:\Windows\System\LKoMZFN.exe
  2⤵
  PID:2300
- C:\Windows\System\cAdNBlC.exe
  C:\Windows\System\cAdNBlC.exe
  2⤵
  PID:2988
- C:\Windows\System\hvJMfUY.exe
  C:\Windows\System\hvJMfUY.exe
  2⤵
  PID:2228
- C:\Windows\System\qdmsQxW.exe
  C:\Windows\System\qdmsQxW.exe
  2⤵
  PID:2484
- C:\Windows\System\Neqyrrp.exe
  C:\Windows\System\Neqyrrp.exe
  2⤵
  PID:3944
- C:\Windows\System\EeTPiQH.exe
  C:\Windows\System\EeTPiQH.exe
  2⤵
  PID:2132
- C:\Windows\System\vOLLqLK.exe
  C:\Windows\System\vOLLqLK.exe
  2⤵
  PID:1348
- C:\Windows\System\iulpKHn.exe
  C:\Windows\System\iulpKHn.exe
  2⤵
  PID:2308
- C:\Windows\System\eCVMsAJ.exe
  C:\Windows\System\eCVMsAJ.exe
  2⤵
  PID:864
- C:\Windows\System\osbUVJj.exe
  C:\Windows\System\osbUVJj.exe
  2⤵
  PID:1716
- C:\Windows\System\GyREsna.exe
  C:\Windows\System\GyREsna.exe
  2⤵
  PID:2240
- C:\Windows\System\OaAVRik.exe
  C:\Windows\System\OaAVRik.exe
  2⤵
  PID:1548
- C:\Windows\System\JcVsqWl.exe
  C:\Windows\System\JcVsqWl.exe
  2⤵
  PID:2500
- C:\Windows\System\SCpmpRZ.exe
  C:\Windows\System\SCpmpRZ.exe
  2⤵
  PID:2436
- C:\Windows\System\XJYonkF.exe
  C:\Windows\System\XJYonkF.exe
  2⤵
  PID:3928
- C:\Windows\System\CotLEYx.exe
  C:\Windows\System\CotLEYx.exe
  2⤵
  PID:4036
- C:\Windows\System\ZjZTHeV.exe
  C:\Windows\System\ZjZTHeV.exe
  2⤵
  PID:4080
- C:\Windows\System\PgJXjiH.exe
  C:\Windows\System\PgJXjiH.exe
  2⤵
  PID:1324
- C:\Windows\System\MdgwEcn.exe
  C:\Windows\System\MdgwEcn.exe
  2⤵
  PID:1016
- C:\Windows\System\CmcfcNQ.exe
  C:\Windows\System\CmcfcNQ.exe
  2⤵
  PID:2948
- C:\Windows\System\KUQZEjH.exe
  C:\Windows\System\KUQZEjH.exe
  2⤵
  PID:2576
- C:\Windows\System\XVstcLz.exe
  C:\Windows\System\XVstcLz.exe
  2⤵
  PID:1708
- C:\Windows\System\lJbkOtf.exe
  C:\Windows\System\lJbkOtf.exe
  2⤵
  PID:2160
- C:\Windows\System\zZKiKoM.exe
  C:\Windows\System\zZKiKoM.exe
  2⤵
  PID:3960
- C:\Windows\System\UFUwuAl.exe
  C:\Windows\System\UFUwuAl.exe
  2⤵
  PID:3112
- C:\Windows\System\QjfbQlb.exe
  C:\Windows\System\QjfbQlb.exe
  2⤵
  PID:3236
- C:\Windows\System\HsrfDvA.exe
  C:\Windows\System\HsrfDvA.exe
  2⤵
  PID:3296
- C:\Windows\System\DttxYnF.exe
  C:\Windows\System\DttxYnF.exe
  2⤵
  PID:3176
- C:\Windows\System\CDJLtjL.exe
  C:\Windows\System\CDJLtjL.exe
  2⤵
  PID:3128
- C:\Windows\System\PAgfKot.exe
  C:\Windows\System\PAgfKot.exe
  2⤵
  PID:3372
- C:\Windows\System\llrlusX.exe
  C:\Windows\System\llrlusX.exe
  2⤵
  PID:3380
- C:\Windows\System\zZSsCGr.exe
  C:\Windows\System\zZSsCGr.exe
  2⤵
  PID:3252
- C:\Windows\System\jTFSbyP.exe
  C:\Windows\System\jTFSbyP.exe
  2⤵
  PID:3516
- C:\Windows\System\QfSgTNa.exe
  C:\Windows\System\QfSgTNa.exe
  2⤵
  PID:3576
- C:\Windows\System\qXytdyN.exe
  C:\Windows\System\qXytdyN.exe
  2⤵
  PID:3640
- C:\Windows\System\dEzHcee.exe
  C:\Windows\System\dEzHcee.exe
  2⤵
  PID:3680
- C:\Windows\System\BxoJrjE.exe
  C:\Windows\System\BxoJrjE.exe
  2⤵
  PID:3660
- C:\Windows\System\vsRfRIp.exe
  C:\Windows\System\vsRfRIp.exe
  2⤵
  PID:3584
- C:\Windows\System\EdJUFcM.exe
  C:\Windows\System\EdJUFcM.exe
  2⤵
  PID:3820
- C:\Windows\System\JLDOvKN.exe
  C:\Windows\System\JLDOvKN.exe
  2⤵
  PID:1080
- C:\Windows\System\uNyqmZk.exe
  C:\Windows\System\uNyqmZk.exe
  2⤵
  PID:2968
- C:\Windows\System\AeZJRID.exe
  C:\Windows\System\AeZJRID.exe
  2⤵
  PID:2536
- C:\Windows\System\LKgycAL.exe
  C:\Windows\System\LKgycAL.exe
  2⤵
  PID:1492
- C:\Windows\System\VhjvNTS.exe
  C:\Windows\System\VhjvNTS.exe
  2⤵
  PID:768
- C:\Windows\System\HXvIpti.exe
  C:\Windows\System\HXvIpti.exe
  2⤵
  PID:1836
- C:\Windows\System\eOZyiJK.exe
  C:\Windows\System\eOZyiJK.exe
  2⤵
  PID:2340
- C:\Windows\System\vSVYZou.exe
  C:\Windows\System\vSVYZou.exe
  2⤵
  PID:1532
- C:\Windows\System\BBlMdBM.exe
  C:\Windows\System\BBlMdBM.exe
  2⤵
  PID:3972
- C:\Windows\System\qcUSJir.exe
  C:\Windows\System\qcUSJir.exe
  2⤵
  PID:3860
- C:\Windows\System\kuxLlTU.exe
  C:\Windows\System\kuxLlTU.exe
  2⤵
  PID:4076
- C:\Windows\System\lmvZiSn.exe
  C:\Windows\System\lmvZiSn.exe
  2⤵
  PID:2824
- C:\Windows\System\pUPCfUm.exe
  C:\Windows\System\pUPCfUm.exe
  2⤵
  PID:2304
- C:\Windows\System\KkxzvGm.exe
  C:\Windows\System\KkxzvGm.exe
  2⤵
  PID:3440
- C:\Windows\System\zftnsSF.exe
  C:\Windows\System\zftnsSF.exe
  2⤵
  PID:3420
- C:\Windows\System\lyqnDWL.exe
  C:\Windows\System\lyqnDWL.exe
  2⤵
  PID:4016
- C:\Windows\System\eLSaZGR.exe
  C:\Windows\System\eLSaZGR.exe
  2⤵
  PID:4020
- C:\Windows\System\YlSzzBS.exe
  C:\Windows\System\YlSzzBS.exe
  2⤵
  PID:3108
- C:\Windows\System\XwCtGqS.exe
  C:\Windows\System\XwCtGqS.exe
  2⤵
  PID:3416
- C:\Windows\System\aeihnEj.exe
  C:\Windows\System\aeihnEj.exe
  2⤵
  PID:3392
- C:\Windows\System\kufaJtn.exe
  C:\Windows\System\kufaJtn.exe
  2⤵
  PID:3116
- C:\Windows\System\QRXbofN.exe
  C:\Windows\System\QRXbofN.exe
  2⤵
  PID:3696
- C:\Windows\System\GrzjYoq.exe
  C:\Windows\System\GrzjYoq.exe
  2⤵
  PID:3868
- C:\Windows\System\ogogPkV.exe
  C:\Windows\System\ogogPkV.exe
  2⤵
  PID:2600
- C:\Windows\System\MsSKVEM.exe
  C:\Windows\System\MsSKVEM.exe
  2⤵
  PID:3936
- C:\Windows\System\WVrXuGN.exe
  C:\Windows\System\WVrXuGN.exe
  2⤵
  PID:3876
- C:\Windows\System\WYDmiQx.exe
  C:\Windows\System\WYDmiQx.exe
  2⤵
  PID:3920
- C:\Windows\System\idyGoOc.exe
  C:\Windows\System\idyGoOc.exe
  2⤵
  PID:2476
- C:\Windows\System\zNuZeBt.exe
  C:\Windows\System\zNuZeBt.exe
  2⤵
  PID:520
- C:\Windows\System\WNJjatQ.exe
  C:\Windows\System\WNJjatQ.exe
  2⤵
  PID:3932
- C:\Windows\System\BIqkrDw.exe
  C:\Windows\System\BIqkrDw.exe
  2⤵
  PID:892
- C:\Windows\System\nGssYSc.exe
  C:\Windows\System\nGssYSc.exe
  2⤵
  PID:2356
- C:\Windows\System\JlDlKVx.exe
  C:\Windows\System\JlDlKVx.exe
  2⤵
  PID:964
- C:\Windows\System\OrOpXmv.exe
  C:\Windows\System\OrOpXmv.exe
  2⤵
  PID:4060
- C:\Windows\System\fQXaSnK.exe
  C:\Windows\System\fQXaSnK.exe
  2⤵
  PID:2284
- C:\Windows\System\qwjDgDC.exe
  C:\Windows\System\qwjDgDC.exe
  2⤵
  PID:3088
- C:\Windows\System\PIzLGqT.exe
  C:\Windows\System\PIzLGqT.exe
  2⤵
  PID:3656
- C:\Windows\System\qoxHYkO.exe
  C:\Windows\System\qoxHYkO.exe
  2⤵
  PID:1132
- C:\Windows\System\gVITmoM.exe
  C:\Windows\System\gVITmoM.exe
  2⤵
  PID:2348
- C:\Windows\System\VPBCGsZ.exe
  C:\Windows\System\VPBCGsZ.exe
  2⤵
  PID:2828
- C:\Windows\System\GBZlnCa.exe
  C:\Windows\System\GBZlnCa.exe
  2⤵
  PID:3272
- C:\Windows\System\sNzrTHy.exe
  C:\Windows\System\sNzrTHy.exe
  2⤵
  PID:3580
- C:\Windows\System\QDDNihm.exe
  C:\Windows\System\QDDNihm.exe
  2⤵
  PID:836
- C:\Windows\System\OBoRBAT.exe
  C:\Windows\System\OBoRBAT.exe
  2⤵
  PID:3760
- C:\Windows\System\ivJCubm.exe
  C:\Windows\System\ivJCubm.exe
  2⤵
  PID:3168
- C:\Windows\System\RubZsMh.exe
  C:\Windows\System\RubZsMh.exe
  2⤵
  PID:3816
- C:\Windows\System\IeWycud.exe
  C:\Windows\System\IeWycud.exe
  2⤵
  PID:1444
- C:\Windows\System\CtsicmL.exe
  C:\Windows\System\CtsicmL.exe
  2⤵
  PID:2996
- C:\Windows\System\RUtzICO.exe
  C:\Windows\System\RUtzICO.exe
  2⤵
  PID:3976
- C:\Windows\System\qOoaZrd.exe
  C:\Windows\System\qOoaZrd.exe
  2⤵
  PID:3356
- C:\Windows\System\TbAHYAK.exe
  C:\Windows\System\TbAHYAK.exe
  2⤵
  PID:3536
- C:\Windows\System\jvqgNoJ.exe
  C:\Windows\System\jvqgNoJ.exe
  2⤵
  PID:3720
- C:\Windows\System\WvDHcDy.exe
  C:\Windows\System\WvDHcDy.exe
  2⤵
  PID:3780
- C:\Windows\System\NDzGgsk.exe
  C:\Windows\System\NDzGgsk.exe
  2⤵
  PID:820
- C:\Windows\System\vbviXfq.exe
  C:\Windows\System\vbviXfq.exe
  2⤵
  PID:3288
- C:\Windows\System\nSvLREg.exe
  C:\Windows\System\nSvLREg.exe
  2⤵
  PID:4104
- C:\Windows\System\ltmWegn.exe
  C:\Windows\System\ltmWegn.exe
  2⤵
  PID:4124
- C:\Windows\System\oijEEZj.exe
  C:\Windows\System\oijEEZj.exe
  2⤵
  PID:4156
- C:\Windows\System\mroYJey.exe
  C:\Windows\System\mroYJey.exe
  2⤵
  PID:4176
- C:\Windows\System\LSXjQeN.exe
  C:\Windows\System\LSXjQeN.exe
  2⤵
  PID:4196
- C:\Windows\System\VcXGFrh.exe
  C:\Windows\System\VcXGFrh.exe
  2⤵
  PID:4216
- C:\Windows\System\fjlPktC.exe
  C:\Windows\System\fjlPktC.exe
  2⤵
  PID:4240
- C:\Windows\System\DqvTSJb.exe
  C:\Windows\System\DqvTSJb.exe
  2⤵
  PID:4256
- C:\Windows\System\EnPigvc.exe
  C:\Windows\System\EnPigvc.exe
  2⤵
  PID:4280
- C:\Windows\System\cUNmfyF.exe
  C:\Windows\System\cUNmfyF.exe
  2⤵
  PID:4296
- C:\Windows\System\nJAsiOk.exe
  C:\Windows\System\nJAsiOk.exe
  2⤵
  PID:4312
- C:\Windows\System\JVvllak.exe
  C:\Windows\System\JVvllak.exe
  2⤵
  PID:4336
- C:\Windows\System\BQILCFS.exe
  C:\Windows\System\BQILCFS.exe
  2⤵
  PID:4360
- C:\Windows\System\TknNvDb.exe
  C:\Windows\System\TknNvDb.exe
  2⤵
  PID:4376
- C:\Windows\System\LoDCvNp.exe
  C:\Windows\System\LoDCvNp.exe
  2⤵
  PID:4396
- C:\Windows\System\lXNgBrj.exe
  C:\Windows\System\lXNgBrj.exe
  2⤵
  PID:4420
- C:\Windows\System\nhdkEBv.exe
  C:\Windows\System\nhdkEBv.exe
  2⤵
  PID:4452
- C:\Windows\System\mOCsbEw.exe
  C:\Windows\System\mOCsbEw.exe
  2⤵
  PID:4468
- C:\Windows\System\nvJNplw.exe
  C:\Windows\System\nvJNplw.exe
  2⤵
  PID:4488
- C:\Windows\System\waAQwoj.exe
  C:\Windows\System\waAQwoj.exe
  2⤵
  PID:4508
- C:\Windows\System\aEfinoE.exe
  C:\Windows\System\aEfinoE.exe
  2⤵
  PID:4528
- C:\Windows\System\QWvgNbB.exe
  C:\Windows\System\QWvgNbB.exe
  2⤵
  PID:4548
- C:\Windows\System\bRyNZLr.exe
  C:\Windows\System\bRyNZLr.exe
  2⤵
  PID:4572
- C:\Windows\System\TIKLXqY.exe
  C:\Windows\System\TIKLXqY.exe
  2⤵
  PID:4588
- C:\Windows\System\bMXuPBx.exe
  C:\Windows\System\bMXuPBx.exe
  2⤵
  PID:4604
- C:\Windows\System\rTZbnec.exe
  C:\Windows\System\rTZbnec.exe
  2⤵
  PID:4624
- C:\Windows\System\OhXiffU.exe
  C:\Windows\System\OhXiffU.exe
  2⤵
  PID:4640
- C:\Windows\System\LISbVdM.exe
  C:\Windows\System\LISbVdM.exe
  2⤵
  PID:4656
- C:\Windows\System\zgXIQVK.exe
  C:\Windows\System\zgXIQVK.exe
  2⤵
  PID:4680
- C:\Windows\System\PqGhaxG.exe
  C:\Windows\System\PqGhaxG.exe
  2⤵
  PID:4708
- C:\Windows\System\vesmzuv.exe
  C:\Windows\System\vesmzuv.exe
  2⤵
  PID:4724
- C:\Windows\System\SlXGHvV.exe
  C:\Windows\System\SlXGHvV.exe
  2⤵
  PID:4744
- C:\Windows\System\smnxoFv.exe
  C:\Windows\System\smnxoFv.exe
  2⤵
  PID:4768
- C:\Windows\System\jXYunmv.exe
  C:\Windows\System\jXYunmv.exe
  2⤵
  PID:4788
- C:\Windows\System\ddJtLOV.exe
  C:\Windows\System\ddJtLOV.exe
  2⤵
  PID:4816
- C:\Windows\System\byYHkUu.exe
  C:\Windows\System\byYHkUu.exe
  2⤵
  PID:4832
- C:\Windows\System\uqEcPMF.exe
  C:\Windows\System\uqEcPMF.exe
  2⤵
  PID:4852
- C:\Windows\System\XJpzzYJ.exe
  C:\Windows\System\XJpzzYJ.exe
  2⤵
  PID:4876
- C:\Windows\System\uLgryXW.exe
  C:\Windows\System\uLgryXW.exe
  2⤵
  PID:4896
- C:\Windows\System\gKzGORy.exe
  C:\Windows\System\gKzGORy.exe
  2⤵
  PID:4912
- C:\Windows\System\HGvOSgD.exe
  C:\Windows\System\HGvOSgD.exe
  2⤵
  PID:4928
- C:\Windows\System\YfVxvXF.exe
  C:\Windows\System\YfVxvXF.exe
  2⤵
  PID:4944
- C:\Windows\System\ABpDxnV.exe
  C:\Windows\System\ABpDxnV.exe
  2⤵
  PID:4960
- C:\Windows\System\KiXgMhS.exe
  C:\Windows\System\KiXgMhS.exe
  2⤵
  PID:4980
- C:\Windows\System\dVIdoco.exe
  C:\Windows\System\dVIdoco.exe
  2⤵
  PID:5000
- C:\Windows\System\qeABJhC.exe
  C:\Windows\System\qeABJhC.exe
  2⤵
  PID:5016
- C:\Windows\System\SrxhDty.exe
  C:\Windows\System\SrxhDty.exe
  2⤵
  PID:5036
- C:\Windows\System\fwBpOBb.exe
  C:\Windows\System\fwBpOBb.exe
  2⤵
  PID:5056
- C:\Windows\System\PmltlzO.exe
  C:\Windows\System\PmltlzO.exe
  2⤵
  PID:5096
- C:\Windows\System\BpBcshS.exe
  C:\Windows\System\BpBcshS.exe
  2⤵
  PID:5112
- C:\Windows\System\cALVDLb.exe
  C:\Windows\System\cALVDLb.exe
  2⤵
  PID:2064
- C:\Windows\System\MZGSFsW.exe
  C:\Windows\System\MZGSFsW.exe
  2⤵
  PID:3996
- C:\Windows\System\vTtunJG.exe
  C:\Windows\System\vTtunJG.exe
  2⤵
  PID:1192
- C:\Windows\System\IZcfgrV.exe
  C:\Windows\System\IZcfgrV.exe
  2⤵
  PID:4188
- C:\Windows\System\HXeuoil.exe
  C:\Windows\System\HXeuoil.exe
  2⤵
  PID:1516
- C:\Windows\System\bfFxyzA.exe
  C:\Windows\System\bfFxyzA.exe
  2⤵
  PID:4236
- C:\Windows\System\AieKRsj.exe
  C:\Windows\System\AieKRsj.exe
  2⤵
  PID:4276
- C:\Windows\System\riUDuJK.exe
  C:\Windows\System\riUDuJK.exe
  2⤵
  PID:4344
- C:\Windows\System\RAKpLYZ.exe
  C:\Windows\System\RAKpLYZ.exe
  2⤵
  PID:4348
- C:\Windows\System\tHmmREr.exe
  C:\Windows\System\tHmmREr.exe
  2⤵
  PID:4388
- C:\Windows\System\iFlZUiY.exe
  C:\Windows\System\iFlZUiY.exe
  2⤵
  PID:4404
- C:\Windows\System\NBIHPDr.exe
  C:\Windows\System\NBIHPDr.exe
  2⤵
  PID:4436
- C:\Windows\System\stwlpWX.exe
  C:\Windows\System\stwlpWX.exe
  2⤵
  PID:4448
- C:\Windows\System\PTnJjVn.exe
  C:\Windows\System\PTnJjVn.exe
  2⤵
  PID:4460
- C:\Windows\System\lUhfSCl.exe
  C:\Windows\System\lUhfSCl.exe
  2⤵
  PID:4496
- C:\Windows\System\SPdYsqh.exe
  C:\Windows\System\SPdYsqh.exe
  2⤵
  PID:1832
- C:\Windows\System\CagAYCb.exe
  C:\Windows\System\CagAYCb.exe
  2⤵
  PID:4560
- C:\Windows\System\TbJFvsE.exe
  C:\Windows\System\TbJFvsE.exe
  2⤵
  PID:4584
- C:\Windows\System\HltFDqv.exe
  C:\Windows\System\HltFDqv.exe
  2⤵
  PID:4636
- C:\Windows\System\PNsHuDQ.exe
  C:\Windows\System\PNsHuDQ.exe
  2⤵
  PID:4612
- C:\Windows\System\twrNDsj.exe
  C:\Windows\System\twrNDsj.exe
  2⤵
  PID:4736
- C:\Windows\System\McbpRUJ.exe
  C:\Windows\System\McbpRUJ.exe
  2⤵
  PID:4764
- C:\Windows\System\pGvJjYA.exe
  C:\Windows\System\pGvJjYA.exe
  2⤵
  PID:4776
- C:\Windows\System\bfTdFOS.exe
  C:\Windows\System\bfTdFOS.exe
  2⤵
  PID:4320
- C:\Windows\System\dtsTOGE.exe
  C:\Windows\System\dtsTOGE.exe
  2⤵
  PID:4848
- C:\Windows\System\tPdUSYQ.exe
  C:\Windows\System\tPdUSYQ.exe
  2⤵
  PID:4888
- C:\Windows\System\WoDTCKM.exe
  C:\Windows\System\WoDTCKM.exe
  2⤵
  PID:4924
- C:\Windows\System\KhVIUBQ.exe
  C:\Windows\System\KhVIUBQ.exe
  2⤵
  PID:4936
- C:\Windows\System\XxzHrdp.exe
  C:\Windows\System\XxzHrdp.exe
  2⤵
  PID:5008
- C:\Windows\System\thTnLDo.exe
  C:\Windows\System\thTnLDo.exe
  2⤵
  PID:5044
- C:\Windows\System\YsIHelj.exe
  C:\Windows\System\YsIHelj.exe
  2⤵
  PID:5064
- C:\Windows\System\XJwcfLT.exe
  C:\Windows\System\XJwcfLT.exe
  2⤵
  PID:5012
- C:\Windows\System\xqRSoiZ.exe
  C:\Windows\System\xqRSoiZ.exe
  2⤵
  PID:2000
- C:\Windows\System\kZOWQqV.exe
  C:\Windows\System\kZOWQqV.exe
  2⤵
  PID:4144
- C:\Windows\System\bAMXanw.exe
  C:\Windows\System\bAMXanw.exe
  2⤵
  PID:4204
- C:\Windows\System\wEBHzNL.exe
  C:\Windows\System\wEBHzNL.exe
  2⤵
  PID:4168
- C:\Windows\System\GIwfwBa.exe
  C:\Windows\System\GIwfwBa.exe
  2⤵
  PID:4228
- C:\Windows\System\UGUBJVr.exe
  C:\Windows\System\UGUBJVr.exe
  2⤵
  PID:4252
- C:\Windows\System\tvLHKLf.exe
  C:\Windows\System\tvLHKLf.exe
  2⤵
  PID:4292
- C:\Windows\System\IGUPlDl.exe
  C:\Windows\System\IGUPlDl.exe
  2⤵
  PID:4132
- C:\Windows\System\mNuvTLC.exe
  C:\Windows\System\mNuvTLC.exe
  2⤵
  PID:4556
- C:\Windows\System\bnSgUJY.exe
  C:\Windows\System\bnSgUJY.exe
  2⤵
  PID:4484
- C:\Windows\System\UBsyZnk.exe
  C:\Windows\System\UBsyZnk.exe
  2⤵
  PID:4476
- C:\Windows\System\YXYWLkl.exe
  C:\Windows\System\YXYWLkl.exe
  2⤵
  PID:4568
- C:\Windows\System\VFaRwvz.exe
  C:\Windows\System\VFaRwvz.exe
  2⤵
  PID:4500
- C:\Windows\System\TrILcFo.exe
  C:\Windows\System\TrILcFo.exe
  2⤵
  PID:4356
- C:\Windows\System\utEsRpM.exe
  C:\Windows\System\utEsRpM.exe
  2⤵
  PID:4800
- C:\Windows\System\ShumHUc.exe
  C:\Windows\System\ShumHUc.exe
  2⤵
  PID:4840
- C:\Windows\System\KFdgXtJ.exe
  C:\Windows\System\KFdgXtJ.exe
  2⤵
  PID:4868
- C:\Windows\System\kCWPfQF.exe
  C:\Windows\System\kCWPfQF.exe
  2⤵
  PID:1684
- C:\Windows\System\qGSyDTw.exe
  C:\Windows\System\qGSyDTw.exe
  2⤵
  PID:4872
- C:\Windows\System\nORjrFI.exe
  C:\Windows\System\nORjrFI.exe
  2⤵
  PID:4972
- C:\Windows\System\xrsDraJ.exe
  C:\Windows\System\xrsDraJ.exe
  2⤵
  PID:5028
- C:\Windows\System\zxSGtqs.exe
  C:\Windows\System\zxSGtqs.exe
  2⤵
  PID:5072
- C:\Windows\System\JonGmth.exe
  C:\Windows\System\JonGmth.exe
  2⤵
  PID:432
- C:\Windows\System\Rnvwhmk.exe
  C:\Windows\System\Rnvwhmk.exe
  2⤵
  PID:5108
- C:\Windows\System\LgezmeY.exe
  C:\Windows\System\LgezmeY.exe
  2⤵
  PID:4540
- C:\Windows\System\jQDxUoV.exe
  C:\Windows\System\jQDxUoV.exe
  2⤵
  PID:4688
- C:\Windows\System\zFVMGVp.exe
  C:\Windows\System\zFVMGVp.exe
  2⤵
  PID:4428
- C:\Windows\System\xpblMeB.exe
  C:\Windows\System\xpblMeB.exe
  2⤵
  PID:3900
- C:\Windows\System\xRFGnAf.exe
  C:\Windows\System\xRFGnAf.exe
  2⤵
  PID:4672
- C:\Windows\System\YNEhxNq.exe
  C:\Windows\System\YNEhxNq.exe
  2⤵
  PID:4504
- C:\Windows\System\PGfmOMi.exe
  C:\Windows\System\PGfmOMi.exe
  2⤵
  PID:4740
- C:\Windows\System\IwZRmQb.exe
  C:\Windows\System\IwZRmQb.exe
  2⤵
  PID:4864
- C:\Windows\System\tjxIBOw.exe
  C:\Windows\System\tjxIBOw.exe
  2⤵
  PID:1044
- C:\Windows\System\DBJbtJp.exe
  C:\Windows\System\DBJbtJp.exe
  2⤵
  PID:5024
- C:\Windows\System\jdtmOyH.exe
  C:\Windows\System\jdtmOyH.exe
  2⤵
  PID:4996
- C:\Windows\System\qLJtZzL.exe
  C:\Windows\System\qLJtZzL.exe
  2⤵
  PID:5080
- C:\Windows\System\YCGplAD.exe
  C:\Windows\System\YCGplAD.exe
  2⤵
  PID:4120
- C:\Windows\System\TFLGwzv.exe
  C:\Windows\System\TFLGwzv.exe
  2⤵
  PID:4524
- C:\Windows\System\zjuYJSH.exe
  C:\Windows\System\zjuYJSH.exe
  2⤵
  PID:4412
- C:\Windows\System\DCkHtIo.exe
  C:\Windows\System\DCkHtIo.exe
  2⤵
  PID:4140
- C:\Windows\System\VHjqsga.exe
  C:\Windows\System\VHjqsga.exe
  2⤵
  PID:4756
- C:\Windows\System\Cckxqgu.exe
  C:\Windows\System\Cckxqgu.exe
  2⤵
  PID:2080
- C:\Windows\System\QhttclR.exe
  C:\Windows\System\QhttclR.exe
  2⤵
  PID:844
- C:\Windows\System\CEOtGtc.exe
  C:\Windows\System\CEOtGtc.exe
  2⤵
  PID:5048
- C:\Windows\System\uqJLapY.exe
  C:\Windows\System\uqJLapY.exe
  2⤵
  PID:4328
- C:\Windows\System\xrybemY.exe
  C:\Windows\System\xrybemY.exe
  2⤵
  PID:4332
- C:\Windows\System\BbFkbzr.exe
  C:\Windows\System\BbFkbzr.exe
  2⤵
  PID:4368
- C:\Windows\System\SNhmiYt.exe
  C:\Windows\System\SNhmiYt.exe
  2⤵
  PID:5076
- C:\Windows\System\RbDGISX.exe
  C:\Windows\System\RbDGISX.exe
  2⤵
  PID:4908
- C:\Windows\System\WoHhbDw.exe
  C:\Windows\System\WoHhbDw.exe
  2⤵
  PID:4632
- C:\Windows\System\nSHCbwQ.exe
  C:\Windows\System\nSHCbwQ.exe
  2⤵
  PID:2528
- C:\Windows\System\GWwCZaw.exe
  C:\Windows\System\GWwCZaw.exe
  2⤵
  PID:5104
- C:\Windows\System\aosTOPJ.exe
  C:\Windows\System\aosTOPJ.exe
  2⤵
  PID:5136
- C:\Windows\System\KjCskyH.exe
  C:\Windows\System\KjCskyH.exe
  2⤵
  PID:5152
- C:\Windows\System\rWtOWQk.exe
  C:\Windows\System\rWtOWQk.exe
  2⤵
  PID:5172
- C:\Windows\System\EdKkkQm.exe
  C:\Windows\System\EdKkkQm.exe
  2⤵
  PID:5188
- C:\Windows\System\AueDwtI.exe
  C:\Windows\System\AueDwtI.exe
  2⤵
  PID:5208
- C:\Windows\System\IgPzEgh.exe
  C:\Windows\System\IgPzEgh.exe
  2⤵
  PID:5228
- C:\Windows\System\FXOPOHf.exe
  C:\Windows\System\FXOPOHf.exe
  2⤵
  PID:5244
- C:\Windows\System\yitdUuJ.exe
  C:\Windows\System\yitdUuJ.exe
  2⤵
  PID:5264
- C:\Windows\System\JXcFnaX.exe
  C:\Windows\System\JXcFnaX.exe
  2⤵
  PID:5292
- C:\Windows\System\evHATHh.exe
  C:\Windows\System\evHATHh.exe
  2⤵
  PID:5308
- C:\Windows\System\TUpybgw.exe
  C:\Windows\System\TUpybgw.exe
  2⤵
  PID:5328
- C:\Windows\System\LHmwryf.exe
  C:\Windows\System\LHmwryf.exe
  2⤵
  PID:5344
- C:\Windows\System\BZykKSy.exe
  C:\Windows\System\BZykKSy.exe
  2⤵
  PID:5364
- C:\Windows\System\imtmhpV.exe
  C:\Windows\System\imtmhpV.exe
  2⤵
  PID:5380
- C:\Windows\System\zSRPRuu.exe
  C:\Windows\System\zSRPRuu.exe
  2⤵
  PID:5416
- C:\Windows\System\xOJoXBd.exe
  C:\Windows\System\xOJoXBd.exe
  2⤵
  PID:5432
- C:\Windows\System\peRckDP.exe
  C:\Windows\System\peRckDP.exe
  2⤵
  PID:5448
- C:\Windows\System\vIpUjuW.exe
  C:\Windows\System\vIpUjuW.exe
  2⤵
  PID:5464
- C:\Windows\System\FfIhwAd.exe
  C:\Windows\System\FfIhwAd.exe
  2⤵
  PID:5484
- C:\Windows\System\sAHLVEU.exe
  C:\Windows\System\sAHLVEU.exe
  2⤵
  PID:5504
- C:\Windows\System\aqIJBPs.exe
  C:\Windows\System\aqIJBPs.exe
  2⤵
  PID:5532
- C:\Windows\System\ugWJkVu.exe
  C:\Windows\System\ugWJkVu.exe
  2⤵
  PID:5548
- C:\Windows\System\ztKIMmk.exe
  C:\Windows\System\ztKIMmk.exe
  2⤵
  PID:5576
- C:\Windows\System\xkbUjWo.exe
  C:\Windows\System\xkbUjWo.exe
  2⤵
  PID:5592
- C:\Windows\System\KIbbGUd.exe
  C:\Windows\System\KIbbGUd.exe
  2⤵
  PID:5608
- C:\Windows\System\lNcxkpU.exe
  C:\Windows\System\lNcxkpU.exe
  2⤵
  PID:5624
- C:\Windows\System\kwsglPq.exe
  C:\Windows\System\kwsglPq.exe
  2⤵
  PID:5648
- C:\Windows\System\DuYVsWz.exe
  C:\Windows\System\DuYVsWz.exe
  2⤵
  PID:5668
- C:\Windows\System\QqbwGGx.exe
  C:\Windows\System\QqbwGGx.exe
  2⤵
  PID:5688
- C:\Windows\System\jRAzfpa.exe
  C:\Windows\System\jRAzfpa.exe
  2⤵
  PID:5708
- C:\Windows\System\NEvXUvy.exe
  C:\Windows\System\NEvXUvy.exe
  2⤵
  PID:5728
- C:\Windows\System\AMgwqdf.exe
  C:\Windows\System\AMgwqdf.exe
  2⤵
  PID:5752
- C:\Windows\System\suUuNSq.exe
  C:\Windows\System\suUuNSq.exe
  2⤵
  PID:5768
- C:\Windows\System\ocHoUxu.exe
  C:\Windows\System\ocHoUxu.exe
  2⤵
  PID:5784
- C:\Windows\System\UFusOdL.exe
  C:\Windows\System\UFusOdL.exe
  2⤵
  PID:5812
- C:\Windows\System\GiSnwOZ.exe
  C:\Windows\System\GiSnwOZ.exe
  2⤵
  PID:5836
- C:\Windows\System\aXlsKcC.exe
  C:\Windows\System\aXlsKcC.exe
  2⤵
  PID:5860
- C:\Windows\System\YPPaRoh.exe
  C:\Windows\System\YPPaRoh.exe
  2⤵
  PID:5880
- C:\Windows\System\FrjyNXn.exe
  C:\Windows\System\FrjyNXn.exe
  2⤵
  PID:5896
- C:\Windows\System\mgEjGeA.exe
  C:\Windows\System\mgEjGeA.exe
  2⤵
  PID:5916
- C:\Windows\System\HNyjQXb.exe
  C:\Windows\System\HNyjQXb.exe
  2⤵
  PID:5936
- C:\Windows\System\NJlLcES.exe
  C:\Windows\System\NJlLcES.exe
  2⤵
  PID:5956
- C:\Windows\System\caXMXsz.exe
  C:\Windows\System\caXMXsz.exe
  2⤵
  PID:5984
- C:\Windows\System\hptPycr.exe
  C:\Windows\System\hptPycr.exe
  2⤵
  PID:6000
- C:\Windows\System\zrCtrTV.exe
  C:\Windows\System\zrCtrTV.exe
  2⤵
  PID:6020
- C:\Windows\System\BUMQbux.exe
  C:\Windows\System\BUMQbux.exe
  2⤵
  PID:6036
- C:\Windows\System\HIyijUu.exe
  C:\Windows\System\HIyijUu.exe
  2⤵
  PID:6056
- C:\Windows\System\yBIVVoe.exe
  C:\Windows\System\yBIVVoe.exe
  2⤵
  PID:6072
- C:\Windows\System\RfetQHT.exe
  C:\Windows\System\RfetQHT.exe
  2⤵
  PID:6100
- C:\Windows\System\sQvgFGG.exe
  C:\Windows\System\sQvgFGG.exe
  2⤵
  PID:6116
- C:\Windows\System\jlJXdWM.exe
  C:\Windows\System\jlJXdWM.exe
  2⤵
  PID:6132
- C:\Windows\System\HIrXyEI.exe
  C:\Windows\System\HIrXyEI.exe
  2⤵
  PID:4384
- C:\Windows\System\qyxZXba.exe
  C:\Windows\System\qyxZXba.exe
  2⤵
  PID:4308
- C:\Windows\System\ClfIFZX.exe
  C:\Windows\System\ClfIFZX.exe
  2⤵
  PID:5168
- C:\Windows\System\tokFpoM.exe
  C:\Windows\System\tokFpoM.exe
  2⤵
  PID:5204
- C:\Windows\System\QUrgLqJ.exe
  C:\Windows\System\QUrgLqJ.exe
  2⤵
  PID:5272
- C:\Windows\System\TunZAUn.exe
  C:\Windows\System\TunZAUn.exe
  2⤵
  PID:5288
- C:\Windows\System\oYbaIda.exe
  C:\Windows\System\oYbaIda.exe
  2⤵
  PID:5220
- C:\Windows\System\iCcfinF.exe
  C:\Windows\System\iCcfinF.exe
  2⤵
  PID:5336
- C:\Windows\System\xURPhDr.exe
  C:\Windows\System\xURPhDr.exe
  2⤵
  PID:5376
- C:\Windows\System\KwERCdP.exe
  C:\Windows\System\KwERCdP.exe
  2⤵
  PID:5396
- C:\Windows\System\tZNgsWm.exe
  C:\Windows\System\tZNgsWm.exe
  2⤵
  PID:5480
- C:\Windows\System\Vhwvxia.exe
  C:\Windows\System\Vhwvxia.exe
  2⤵
  PID:5520
- C:\Windows\System\ioCusrz.exe
  C:\Windows\System\ioCusrz.exe
  2⤵
  PID:5500
- C:\Windows\System\iyGErHi.exe
  C:\Windows\System\iyGErHi.exe
  2⤵
  PID:5516
- C:\Windows\System\dnispyZ.exe
  C:\Windows\System\dnispyZ.exe
  2⤵
  PID:5568
- C:\Windows\System\jaVcfHx.exe
  C:\Windows\System\jaVcfHx.exe
  2⤵
  PID:5632
- C:\Windows\System\IhsDrlg.exe
  C:\Windows\System\IhsDrlg.exe
  2⤵
  PID:5720
- C:\Windows\System\pPemmiB.exe
  C:\Windows\System\pPemmiB.exe
  2⤵
  PID:5616
- C:\Windows\System\KfNCXwx.exe
  C:\Windows\System\KfNCXwx.exe
  2⤵
  PID:5744
- C:\Windows\System\UtCfXGp.exe
  C:\Windows\System\UtCfXGp.exe
  2⤵
  PID:5792
- C:\Windows\System\YkAgYtu.exe
  C:\Windows\System\YkAgYtu.exe
  2⤵
  PID:5800
- C:\Windows\System\jFwOBPA.exe
  C:\Windows\System\jFwOBPA.exe
  2⤵
  PID:5848
- C:\Windows\System\AOWrHRL.exe
  C:\Windows\System\AOWrHRL.exe
  2⤵
  PID:5876
- C:\Windows\System\uIwgDNI.exe
  C:\Windows\System\uIwgDNI.exe
  2⤵
  PID:5912
- C:\Windows\System\WTETtWW.exe
  C:\Windows\System\WTETtWW.exe
  2⤵
  PID:5948
- C:\Windows\System\qSSocof.exe
  C:\Windows\System\qSSocof.exe
  2⤵
  PID:5968
- C:\Windows\System\gKsPvUS.exe
  C:\Windows\System\gKsPvUS.exe
  2⤵
  PID:5972
- C:\Windows\System\iTGfOie.exe
  C:\Windows\System\iTGfOie.exe
  2⤵
  PID:6028
- C:\Windows\System\jNbnjYE.exe
  C:\Windows\System\jNbnjYE.exe
  2⤵
  PID:6008
- C:\Windows\System\TTnilzm.exe
  C:\Windows\System\TTnilzm.exe
  2⤵
  PID:6052
- C:\Windows\System\SLwNLGt.exe
  C:\Windows\System\SLwNLGt.exe
  2⤵
  PID:6088
- C:\Windows\System\VbANhXg.exe
  C:\Windows\System\VbANhXg.exe
  2⤵
  PID:6124
- C:\Windows\System\DUaiLOy.exe
  C:\Windows\System\DUaiLOy.exe
  2⤵
  PID:4956
- C:\Windows\System\scvIbxH.exe
  C:\Windows\System\scvIbxH.exe
  2⤵
  PID:4692
- C:\Windows\System\MTWiuui.exe
  C:\Windows\System\MTWiuui.exe
  2⤵
  PID:5324
- C:\Windows\System\SLEmHOC.exe
  C:\Windows\System\SLEmHOC.exe
  2⤵
  PID:4668
- C:\Windows\System\kOtgyef.exe
  C:\Windows\System\kOtgyef.exe
  2⤵
  PID:5280
- C:\Windows\System\vZxRBxl.exe
  C:\Windows\System\vZxRBxl.exe
  2⤵
  PID:5224
- C:\Windows\System\dkSZgjf.exe
  C:\Windows\System\dkSZgjf.exe
  2⤵
  PID:5304
- C:\Windows\System\YfpeJgs.exe
  C:\Windows\System\YfpeJgs.exe
  2⤵
  PID:5392
- C:\Windows\System\wVCdqGJ.exe
  C:\Windows\System\wVCdqGJ.exe
  2⤵
  PID:5476
- C:\Windows\System\PobuwPl.exe
  C:\Windows\System\PobuwPl.exe
  2⤵
  PID:5512
- C:\Windows\System\GneChKF.exe
  C:\Windows\System\GneChKF.exe
  2⤵
  PID:5544
- C:\Windows\System\PRdIGXV.exe
  C:\Windows\System\PRdIGXV.exe
  2⤵
  PID:5600
- C:\Windows\System\qedTgQb.exe
  C:\Windows\System\qedTgQb.exe
  2⤵
  PID:5656
- C:\Windows\System\GkoBAiW.exe
  C:\Windows\System\GkoBAiW.exe
  2⤵
  PID:5588
- C:\Windows\System\KEeAdXo.exe
  C:\Windows\System\KEeAdXo.exe
  2⤵
  PID:5748
- C:\Windows\System\wQHvlfq.exe
  C:\Windows\System\wQHvlfq.exe
  2⤵
  PID:5704
- C:\Windows\System\SQcRxyn.exe
  C:\Windows\System\SQcRxyn.exe
  2⤵
  PID:5796
- C:\Windows\System\jfaLdpZ.exe
  C:\Windows\System\jfaLdpZ.exe
  2⤵
  PID:2652
- C:\Windows\System\nKYLWME.exe
  C:\Windows\System\nKYLWME.exe
  2⤵
  PID:956
- C:\Windows\System\dIsvlOM.exe
  C:\Windows\System\dIsvlOM.exe
  2⤵
  PID:1924
- C:\Windows\System\skPrbdg.exe
  C:\Windows\System\skPrbdg.exe
  2⤵
  PID:5924
- C:\Windows\System\FXCkeyM.exe
  C:\Windows\System\FXCkeyM.exe
  2⤵
  PID:5932
- C:\Windows\System\EDNHZJB.exe
  C:\Windows\System\EDNHZJB.exe
  2⤵
  PID:6064
- C:\Windows\System\inxMnzM.exe
  C:\Windows\System\inxMnzM.exe
  2⤵
  PID:6044
- C:\Windows\System\eJJsOBB.exe
  C:\Windows\System\eJJsOBB.exe
  2⤵
  PID:4676
- C:\Windows\System\mIxAAmj.exe
  C:\Windows\System\mIxAAmj.exe
  2⤵
  PID:5148
- C:\Windows\System\vmvIZjo.exe
  C:\Windows\System\vmvIZjo.exe
  2⤵
  PID:5180
- C:\Windows\System\WLDicCf.exe
  C:\Windows\System\WLDicCf.exe
  2⤵
  PID:5252
- C:\Windows\System\uZuWAwo.exe
  C:\Windows\System\uZuWAwo.exe
  2⤵
  PID:5424
- C:\Windows\System\wverwmJ.exe
  C:\Windows\System\wverwmJ.exe
  2⤵
  PID:5492
- C:\Windows\System\mTcYRrK.exe
  C:\Windows\System\mTcYRrK.exe
  2⤵
  PID:5684
- C:\Windows\System\EYtzoIU.exe
  C:\Windows\System\EYtzoIU.exe
  2⤵
  PID:5764
- C:\Windows\System\KeOyYcG.exe
  C:\Windows\System\KeOyYcG.exe
  2⤵
  PID:5856
- C:\Windows\System\sWSObYT.exe
  C:\Windows\System\sWSObYT.exe
  2⤵
  PID:2752
- C:\Windows\System\mMVLVCv.exe
  C:\Windows\System\mMVLVCv.exe
  2⤵
  PID:5824
- C:\Windows\System\ZWQkHMF.exe
  C:\Windows\System\ZWQkHMF.exe
  2⤵
  PID:6092
- C:\Windows\System\vcqNcpH.exe
  C:\Windows\System\vcqNcpH.exe
  2⤵
  PID:6080
- C:\Windows\System\LgoLIbA.exe
  C:\Windows\System\LgoLIbA.exe
  2⤵
  PID:5276
- C:\Windows\System\AOhHljT.exe
  C:\Windows\System\AOhHljT.exe
  2⤵
  PID:5360
- C:\Windows\System\xSMUVxK.exe
  C:\Windows\System\xSMUVxK.exe
  2⤵
  PID:5400
- C:\Windows\System\gbOsSzw.exe
  C:\Windows\System\gbOsSzw.exe
  2⤵
  PID:5736
- C:\Windows\System\XpLGYPU.exe
  C:\Windows\System\XpLGYPU.exe
  2⤵
  PID:5572
- C:\Windows\System\UgzDuZb.exe
  C:\Windows\System\UgzDuZb.exe
  2⤵
  PID:5872
- C:\Windows\System\KzyYPwD.exe
  C:\Windows\System\KzyYPwD.exe
  2⤵
  PID:5128
- C:\Windows\System\jHlImfb.exe
  C:\Windows\System\jHlImfb.exe
  2⤵
  PID:5408
- C:\Windows\System\CDEZxss.exe
  C:\Windows\System\CDEZxss.exe
  2⤵
  PID:5992
- C:\Windows\System\WTQqyNU.exe
  C:\Windows\System\WTQqyNU.exe
  2⤵
  PID:1288
- C:\Windows\System\jjzQPsV.exe
  C:\Windows\System\jjzQPsV.exe
  2⤵
  PID:6012
- C:\Windows\System\gYaJcIc.exe
  C:\Windows\System\gYaJcIc.exe
  2⤵
  PID:6112
- C:\Windows\System\yxYqDWi.exe
  C:\Windows\System\yxYqDWi.exe
  2⤵
  PID:5804
- C:\Windows\System\bQDlLYf.exe
  C:\Windows\System\bQDlLYf.exe
  2⤵
  PID:6152
- C:\Windows\System\vdeqWQt.exe
  C:\Windows\System\vdeqWQt.exe
  2⤵
  PID:6168
- C:\Windows\System\WuskODI.exe
  C:\Windows\System\WuskODI.exe
  2⤵
  PID:6188
- C:\Windows\System\sJtSINL.exe
  C:\Windows\System\sJtSINL.exe
  2⤵
  PID:6208
- C:\Windows\System\YqWjWuU.exe
  C:\Windows\System\YqWjWuU.exe
  2⤵
  PID:6228
- C:\Windows\System\qdxXrNd.exe
  C:\Windows\System\qdxXrNd.exe
  2⤵
  PID:6244
- C:\Windows\System\kKCOovX.exe
  C:\Windows\System\kKCOovX.exe
  2⤵
  PID:6268
- C:\Windows\System\gbXVMts.exe
  C:\Windows\System\gbXVMts.exe
  2⤵
  PID:6284
- C:\Windows\System\JZLragC.exe
  C:\Windows\System\JZLragC.exe
  2⤵
  PID:6300
- C:\Windows\System\tXfjUDV.exe
  C:\Windows\System\tXfjUDV.exe
  2⤵
  PID:6316
- C:\Windows\System\HlIHRij.exe
  C:\Windows\System\HlIHRij.exe
  2⤵
  PID:6332
- C:\Windows\System\QrduzKT.exe
  C:\Windows\System\QrduzKT.exe
  2⤵
  PID:6348
- C:\Windows\System\brtkTdY.exe
  C:\Windows\System\brtkTdY.exe
  2⤵
  PID:6364
- C:\Windows\System\nAViNle.exe
  C:\Windows\System\nAViNle.exe
  2⤵
  PID:6384
- C:\Windows\System\yWyxhNx.exe
  C:\Windows\System\yWyxhNx.exe
  2⤵
  PID:6408
- C:\Windows\System\WmJyzBO.exe
  C:\Windows\System\WmJyzBO.exe
  2⤵
  PID:6424
- C:\Windows\System\RqTuQMV.exe
  C:\Windows\System\RqTuQMV.exe
  2⤵
  PID:6440
- C:\Windows\System\UAlzEyf.exe
  C:\Windows\System\UAlzEyf.exe
  2⤵
  PID:6460
- C:\Windows\System\XtFWtUz.exe
  C:\Windows\System\XtFWtUz.exe
  2⤵
  PID:6480
- C:\Windows\System\fwmuRPv.exe
  C:\Windows\System\fwmuRPv.exe
  2⤵
  PID:6496
- C:\Windows\System\RwWTnpT.exe
  C:\Windows\System\RwWTnpT.exe
  2⤵
  PID:6516
- C:\Windows\System\ZkptLYh.exe
  C:\Windows\System\ZkptLYh.exe
  2⤵
  PID:6540
- C:\Windows\System\gqgftWY.exe
  C:\Windows\System\gqgftWY.exe
  2⤵
  PID:6564
- C:\Windows\System\jypaWBW.exe
  C:\Windows\System\jypaWBW.exe
  2⤵
  PID:6608
- C:\Windows\System\bMsxrwf.exe
  C:\Windows\System\bMsxrwf.exe
  2⤵
  PID:6652
- C:\Windows\System\cALIBwX.exe
  C:\Windows\System\cALIBwX.exe
  2⤵
  PID:6676
- C:\Windows\System\ixEIylD.exe
  C:\Windows\System\ixEIylD.exe
  2⤵
  PID:6692
- C:\Windows\System\qgLghTw.exe
  C:\Windows\System\qgLghTw.exe
  2⤵
  PID:6708
- C:\Windows\System\RNAtZfX.exe
  C:\Windows\System\RNAtZfX.exe
  2⤵
  PID:6724
- C:\Windows\System\FzvgPfo.exe
  C:\Windows\System\FzvgPfo.exe
  2⤵
  PID:6740
- C:\Windows\System\Bxzbmfk.exe
  C:\Windows\System\Bxzbmfk.exe
  2⤵
  PID:6768
- C:\Windows\System\drtAgUY.exe
  C:\Windows\System\drtAgUY.exe
  2⤵
  PID:6800
- C:\Windows\System\mvIDJZh.exe
  C:\Windows\System\mvIDJZh.exe
  2⤵
  PID:6860
- C:\Windows\System\JYyACZb.exe
  C:\Windows\System\JYyACZb.exe
  2⤵
  PID:6876
- C:\Windows\System\HFNQrLn.exe
  C:\Windows\System\HFNQrLn.exe
  2⤵
  PID:6892
- C:\Windows\System\lcvsKXo.exe
  C:\Windows\System\lcvsKXo.exe
  2⤵
  PID:6916
- C:\Windows\System\gNikKRJ.exe
  C:\Windows\System\gNikKRJ.exe
  2⤵
  PID:6932
- C:\Windows\System\lwZKuMh.exe
  C:\Windows\System\lwZKuMh.exe
  2⤵
  PID:6948
- C:\Windows\System\xDFhbqt.exe
  C:\Windows\System\xDFhbqt.exe
  2⤵
  PID:6964
- C:\Windows\System\XFRoEVY.exe
  C:\Windows\System\XFRoEVY.exe
  2⤵
  PID:6980
- C:\Windows\System\reGIFdJ.exe
  C:\Windows\System\reGIFdJ.exe
  2⤵
  PID:6996
- C:\Windows\System\jYMZuFi.exe
  C:\Windows\System\jYMZuFi.exe
  2⤵
  PID:7012
- C:\Windows\System\gNxVCfL.exe
  C:\Windows\System\gNxVCfL.exe
  2⤵
  PID:7032
- C:\Windows\System\PqOqImd.exe
  C:\Windows\System\PqOqImd.exe
  2⤵
  PID:7048
- C:\Windows\System\hboZwvB.exe
  C:\Windows\System\hboZwvB.exe
  2⤵
  PID:7068
- C:\Windows\System\bjQidaZ.exe
  C:\Windows\System\bjQidaZ.exe
  2⤵
  PID:7092
- C:\Windows\System\HaituVb.exe
  C:\Windows\System\HaituVb.exe
  2⤵
  PID:7116
- C:\Windows\System\rfJAhwk.exe
  C:\Windows\System\rfJAhwk.exe
  2⤵
  PID:7132
- C:\Windows\System\QWPZqsE.exe
  C:\Windows\System\QWPZqsE.exe
  2⤵
  PID:7148
- C:\Windows\System\BagbzwI.exe
  C:\Windows\System\BagbzwI.exe
  2⤵
  PID:5528
- C:\Windows\System\kRXUIvA.exe
  C:\Windows\System\kRXUIvA.exe
  2⤵
  PID:6148
- C:\Windows\System\GhystYL.exe
  C:\Windows\System\GhystYL.exe
  2⤵
  PID:6200
- C:\Windows\System\RQWFBEV.exe
  C:\Windows\System\RQWFBEV.exe
  2⤵
  PID:6216
- C:\Windows\System\IXfWTWM.exe
  C:\Windows\System\IXfWTWM.exe
  2⤵
  PID:6280
- C:\Windows\System\lUCFwPC.exe
  C:\Windows\System\lUCFwPC.exe
  2⤵
  PID:6308
- C:\Windows\System\KINhtHU.exe
  C:\Windows\System\KINhtHU.exe
  2⤵
  PID:6292
- C:\Windows\System\pmNKFad.exe
  C:\Windows\System\pmNKFad.exe
  2⤵
  PID:6360
- C:\Windows\System\HoUEncG.exe
  C:\Windows\System\HoUEncG.exe
  2⤵
  PID:6416
- C:\Windows\System\ZOnkneP.exe
  C:\Windows\System\ZOnkneP.exe
  2⤵
  PID:6400
- C:\Windows\System\oWChYxt.exe
  C:\Windows\System\oWChYxt.exe
  2⤵
  PID:6448
- C:\Windows\System\fgleSna.exe
  C:\Windows\System\fgleSna.exe
  2⤵
  PID:6468
- C:\Windows\System\VQfmDIS.exe
  C:\Windows\System\VQfmDIS.exe
  2⤵
  PID:6524
- C:\Windows\System\CuRfPLe.exe
  C:\Windows\System\CuRfPLe.exe
  2⤵
  PID:6548
- C:\Windows\System\FQxrjxG.exe
  C:\Windows\System\FQxrjxG.exe
  2⤵
  PID:6556
- C:\Windows\System\MBabdpf.exe
  C:\Windows\System\MBabdpf.exe
  2⤵
  PID:6580
- C:\Windows\System\AEuFpYS.exe
  C:\Windows\System\AEuFpYS.exe
  2⤵
  PID:6596
- C:\Windows\System\ixqmEYJ.exe
  C:\Windows\System\ixqmEYJ.exe
  2⤵
  PID:952
- C:\Windows\System\MDmCsvk.exe
  C:\Windows\System\MDmCsvk.exe
  2⤵
  PID:6624
- C:\Windows\System\cCxdghm.exe
  C:\Windows\System\cCxdghm.exe
  2⤵
  PID:6640
- C:\Windows\System\MnxDekG.exe
  C:\Windows\System\MnxDekG.exe
  2⤵
  PID:6664
- C:\Windows\System\dYFwcVW.exe
  C:\Windows\System\dYFwcVW.exe
  2⤵
  PID:6688
- C:\Windows\System\zYTAgVq.exe
  C:\Windows\System\zYTAgVq.exe
  2⤵
  PID:6732
- C:\Windows\System\JTzLCQE.exe
  C:\Windows\System\JTzLCQE.exe
  2⤵
  PID:6748
- C:\Windows\System\GywmPdt.exe
  C:\Windows\System\GywmPdt.exe
  2⤵
  PID:6780
- C:\Windows\System\Ppuxjqt.exe
  C:\Windows\System\Ppuxjqt.exe
  2⤵
  PID:6812
- C:\Windows\System\IZrnHHO.exe
  C:\Windows\System\IZrnHHO.exe
  2⤵
  PID:6196
- C:\Windows\System\ZnEgZuo.exe
  C:\Windows\System\ZnEgZuo.exe
  2⤵
  PID:6160
- C:\Windows\System\yGtlUeR.exe
  C:\Windows\System\yGtlUeR.exe
  2⤵
  PID:4844
- C:\Windows\System\DIGUoMP.exe
  C:\Windows\System\DIGUoMP.exe
  2⤵
  PID:6224
- C:\Windows\System\KVJJThV.exe
  C:\Windows\System\KVJJThV.exe
  2⤵
  PID:6392
- C:\Windows\System\lTjKgWJ.exe
  C:\Windows\System\lTjKgWJ.exe
  2⤵
  PID:6476
- C:\Windows\System\lQbEqHx.exe
  C:\Windows\System\lQbEqHx.exe
  2⤵
  PID:6512
- C:\Windows\System\sgfZeyS.exe
  C:\Windows\System\sgfZeyS.exe
  2⤵
  PID:6576
- C:\Windows\System\lLosKSM.exe
  C:\Windows\System\lLosKSM.exe
  2⤵
  PID:6620
- C:\Windows\System\zRYeJhy.exe
  C:\Windows\System\zRYeJhy.exe
  2⤵
  PID:6760
- C:\Windows\System\ikDakav.exe
  C:\Windows\System\ikDakav.exe
  2⤵
  PID:6796
- C:\Windows\System\nPfqGDy.exe
  C:\Windows\System\nPfqGDy.exe
  2⤵
  PID:6828
- C:\Windows\System\swSPiLC.exe
  C:\Windows\System\swSPiLC.exe
  2⤵
  PID:6900
- C:\Windows\System\ILHMDLW.exe
  C:\Windows\System\ILHMDLW.exe
  2⤵
  PID:6940
- C:\Windows\System\AWVIBqv.exe
  C:\Windows\System\AWVIBqv.exe
  2⤵
  PID:6848
- C:\Windows\System\PgZqSBv.exe
  C:\Windows\System\PgZqSBv.exe
  2⤵
  PID:6928
- C:\Windows\System\ivsGnxw.exe
  C:\Windows\System\ivsGnxw.exe
  2⤵
  PID:7008
- C:\Windows\System\JyDHtaB.exe
  C:\Windows\System\JyDHtaB.exe
  2⤵
  PID:7056
- C:\Windows\System\bPYzkbv.exe
  C:\Windows\System\bPYzkbv.exe
  2⤵
  PID:7100
- C:\Windows\System\LHZJZIn.exe
  C:\Windows\System\LHZJZIn.exe
  2⤵
  PID:7112
- C:\Windows\System\ocbjdeG.exe
  C:\Windows\System\ocbjdeG.exe
  2⤵
  PID:6340
- C:\Windows\System\wapbVGM.exe
  C:\Windows\System\wapbVGM.exe
  2⤵
  PID:6488
- C:\Windows\System\DGsNMlU.exe
  C:\Windows\System\DGsNMlU.exe
  2⤵
  PID:6436
- C:\Windows\System\HuNjWiD.exe
  C:\Windows\System\HuNjWiD.exe
  2⤵
  PID:6592
- C:\Windows\System\BkoYaTa.exe
  C:\Windows\System\BkoYaTa.exe
  2⤵
  PID:6668
- C:\Windows\System\VDSutoQ.exe
  C:\Windows\System\VDSutoQ.exe
  2⤵
  PID:6856
- C:\Windows\System\Nmsqtoa.exe
  C:\Windows\System\Nmsqtoa.exe
  2⤵
  PID:6832
- C:\Windows\System\cARtucr.exe
  C:\Windows\System\cARtucr.exe
  2⤵
  PID:6972
- C:\Windows\System\orUNHaK.exe
  C:\Windows\System\orUNHaK.exe
  2⤵
  PID:6988
- C:\Windows\System\TYFneEw.exe
  C:\Windows\System\TYFneEw.exe
  2⤵
  PID:7044
- C:\Windows\System\AotUqlo.exe
  C:\Windows\System\AotUqlo.exe
  2⤵
  PID:7128
- C:\Windows\System\zpnKAdC.exe
  C:\Windows\System\zpnKAdC.exe
  2⤵
  PID:7140
- C:\Windows\System\QUiYyHD.exe
  C:\Windows\System\QUiYyHD.exe
  2⤵
  PID:6356
- C:\Windows\System\OffciSh.exe
  C:\Windows\System\OffciSh.exe
  2⤵
  PID:6604
- C:\Windows\System\KnlFSCe.exe
  C:\Windows\System\KnlFSCe.exe
  2⤵
  PID:6588
- C:\Windows\System\kUVfWDp.exe
  C:\Windows\System\kUVfWDp.exe
  2⤵
  PID:6872
- C:\Windows\System\EkGwybA.exe
  C:\Windows\System\EkGwybA.exe
  2⤵
  PID:6960
- C:\Windows\System\GKKjZzI.exe
  C:\Windows\System\GKKjZzI.exe
  2⤵
  PID:7108
- C:\Windows\System\TxgyLFO.exe
  C:\Windows\System\TxgyLFO.exe
  2⤵
  PID:6888
- C:\Windows\System\BWOorkC.exe
  C:\Windows\System\BWOorkC.exe
  2⤵
  PID:7024
- C:\Windows\System\AxQRqFp.exe
  C:\Windows\System\AxQRqFp.exe
  2⤵
  PID:6236
- C:\Windows\System\nneNJLn.exe
  C:\Windows\System\nneNJLn.exe
  2⤵
  PID:7004
- C:\Windows\System\kMsawhq.exe
  C:\Windows\System\kMsawhq.exe
  2⤵
  PID:7088
- C:\Windows\System\ykORnQH.exe
  C:\Windows\System\ykORnQH.exe
  2⤵
  PID:6672
- C:\Windows\System\yHAxdZZ.exe
  C:\Windows\System\yHAxdZZ.exe
  2⤵
  PID:1520
- C:\Windows\System\dSYlxbS.exe
  C:\Windows\System\dSYlxbS.exe
  2⤵
  PID:7184
- C:\Windows\System\DEzwUfz.exe
  C:\Windows\System\DEzwUfz.exe
  2⤵
  PID:7200
- C:\Windows\System\chAVLLf.exe
  C:\Windows\System\chAVLLf.exe
  2⤵
  PID:7216
- C:\Windows\System\FlsWojQ.exe
  C:\Windows\System\FlsWojQ.exe
  2⤵
  PID:7232
- C:\Windows\System\qyUktzp.exe
  C:\Windows\System\qyUktzp.exe
  2⤵
  PID:7248
- C:\Windows\System\kmihVTv.exe
  C:\Windows\System\kmihVTv.exe
  2⤵
  PID:7264
- C:\Windows\System\AGQoePq.exe
  C:\Windows\System\AGQoePq.exe
  2⤵
  PID:7280
- C:\Windows\System\EbzuSmH.exe
  C:\Windows\System\EbzuSmH.exe
  2⤵
  PID:7296
- C:\Windows\System\fgwYPPx.exe
  C:\Windows\System\fgwYPPx.exe
  2⤵
  PID:7312
- C:\Windows\System\YaOImEy.exe
  C:\Windows\System\YaOImEy.exe
  2⤵
  PID:7328
- C:\Windows\System\WhjuVDD.exe
  C:\Windows\System\WhjuVDD.exe
  2⤵
  PID:7348
- C:\Windows\System\zkeyJjv.exe
  C:\Windows\System\zkeyJjv.exe
  2⤵
  PID:7364
- C:\Windows\System\avhoNro.exe
  C:\Windows\System\avhoNro.exe
  2⤵
  PID:7380
- C:\Windows\System\zFSubJD.exe
  C:\Windows\System\zFSubJD.exe
  2⤵
  PID:7396
- C:\Windows\System\SEzaVHj.exe
  C:\Windows\System\SEzaVHj.exe
  2⤵
  PID:7412
- C:\Windows\System\nipsHnQ.exe
  C:\Windows\System\nipsHnQ.exe
  2⤵
  PID:7428
- C:\Windows\System\kXWCstk.exe
  C:\Windows\System\kXWCstk.exe
  2⤵
  PID:7444
- C:\Windows\System\azBhHzr.exe
  C:\Windows\System\azBhHzr.exe
  2⤵
  PID:7460
- C:\Windows\System\IijkMxQ.exe
  C:\Windows\System\IijkMxQ.exe
  2⤵
  PID:7476
- C:\Windows\System\Dehzzss.exe
  C:\Windows\System\Dehzzss.exe
  2⤵
  PID:7492
- C:\Windows\System\wEFaPeT.exe
  C:\Windows\System\wEFaPeT.exe
  2⤵
  PID:7508
- C:\Windows\System\CkrqvtI.exe
  C:\Windows\System\CkrqvtI.exe
  2⤵
  PID:7524
- C:\Windows\System\cgVeJQK.exe
  C:\Windows\System\cgVeJQK.exe
  2⤵
  PID:7540
- C:\Windows\System\bQDhiTX.exe
  C:\Windows\System\bQDhiTX.exe
  2⤵
  PID:7556
- C:\Windows\System\oaYGRFU.exe
  C:\Windows\System\oaYGRFU.exe
  2⤵
  PID:7572
- C:\Windows\System\BmRANUu.exe
  C:\Windows\System\BmRANUu.exe
  2⤵
  PID:7588
- C:\Windows\System\KIrmnGK.exe
  C:\Windows\System\KIrmnGK.exe
  2⤵
  PID:7604
- C:\Windows\System\Toewlti.exe
  C:\Windows\System\Toewlti.exe
  2⤵
  PID:7620
- C:\Windows\System\WKEjOTG.exe
  C:\Windows\System\WKEjOTG.exe
  2⤵
  PID:7636
- C:\Windows\System\FGbZNrt.exe
  C:\Windows\System\FGbZNrt.exe
  2⤵
  PID:7652
- C:\Windows\System\lShcnEV.exe
  C:\Windows\System\lShcnEV.exe
  2⤵
  PID:7668
- C:\Windows\System\DIcStWL.exe
  C:\Windows\System\DIcStWL.exe
  2⤵
  PID:7684
- C:\Windows\System\YABSvyc.exe
  C:\Windows\System\YABSvyc.exe
  2⤵
  PID:7700
- C:\Windows\System\nfkwbcd.exe
  C:\Windows\System\nfkwbcd.exe
  2⤵
  PID:7716
- C:\Windows\System\ktkGKcT.exe
  C:\Windows\System\ktkGKcT.exe
  2⤵
  PID:7732
- C:\Windows\System\FckQlDC.exe
  C:\Windows\System\FckQlDC.exe
  2⤵
  PID:7752
- C:\Windows\System\ewtYjYU.exe
  C:\Windows\System\ewtYjYU.exe
  2⤵
  PID:7768
- C:\Windows\System\frIzEIS.exe
  C:\Windows\System\frIzEIS.exe
  2⤵
  PID:7784
- C:\Windows\System\NFwmxnh.exe
  C:\Windows\System\NFwmxnh.exe
  2⤵
  PID:7800
- C:\Windows\System\JWaCKmt.exe
  C:\Windows\System\JWaCKmt.exe
  2⤵
  PID:7816
- C:\Windows\System\lplWaAV.exe
  C:\Windows\System\lplWaAV.exe
  2⤵
  PID:7836
- C:\Windows\System\FLGNfOf.exe
  C:\Windows\System\FLGNfOf.exe
  2⤵
  PID:7852
- C:\Windows\System\MwCrUxH.exe
  C:\Windows\System\MwCrUxH.exe
  2⤵
  PID:7868
- C:\Windows\System\nntAItG.exe
  C:\Windows\System\nntAItG.exe
  2⤵
  PID:7884
- C:\Windows\System\DfousFc.exe
  C:\Windows\System\DfousFc.exe
  2⤵
  PID:7900
- C:\Windows\System\yxsDyKz.exe
  C:\Windows\System\yxsDyKz.exe
  2⤵
  PID:7916
- C:\Windows\System\KwGNKCL.exe
  C:\Windows\System\KwGNKCL.exe
  2⤵
  PID:7932
- C:\Windows\System\PehpeRg.exe
  C:\Windows\System\PehpeRg.exe
  2⤵
  PID:7948
- C:\Windows\System\Nydvsod.exe
  C:\Windows\System\Nydvsod.exe
  2⤵
  PID:7964
- C:\Windows\System\IWzHDlv.exe
  C:\Windows\System\IWzHDlv.exe
  2⤵
  PID:7980
- C:\Windows\System\rfesslJ.exe
  C:\Windows\System\rfesslJ.exe
  2⤵
  PID:8000
- C:\Windows\System\tcuqpog.exe
  C:\Windows\System\tcuqpog.exe
  2⤵
  PID:8016
- C:\Windows\System\PcbRYDc.exe
  C:\Windows\System\PcbRYDc.exe
  2⤵
  PID:8032
- C:\Windows\System\DIQvisH.exe
  C:\Windows\System\DIQvisH.exe
  2⤵
  PID:8048
- C:\Windows\System\gWJWHxy.exe
  C:\Windows\System\gWJWHxy.exe
  2⤵
  PID:8064
- C:\Windows\System\VuxZGgx.exe
  C:\Windows\System\VuxZGgx.exe
  2⤵
  PID:8080
- C:\Windows\System\PVtcEqe.exe
  C:\Windows\System\PVtcEqe.exe
  2⤵
  PID:8096
- C:\Windows\System\BKIkJPN.exe
  C:\Windows\System\BKIkJPN.exe
  2⤵
  PID:8112
- C:\Windows\System\XUTqRzs.exe
  C:\Windows\System\XUTqRzs.exe
  2⤵
  PID:8128
- C:\Windows\System\yvSlhnM.exe
  C:\Windows\System\yvSlhnM.exe
  2⤵
  PID:8144
- C:\Windows\System\fSvjjph.exe
  C:\Windows\System\fSvjjph.exe
  2⤵
  PID:8160
- C:\Windows\System\imHTYzY.exe
  C:\Windows\System\imHTYzY.exe
  2⤵
  PID:8176
- C:\Windows\System\difJruV.exe
  C:\Windows\System\difJruV.exe
  2⤵
  PID:6504
- C:\Windows\System\jDibcCt.exe
  C:\Windows\System\jDibcCt.exe
  2⤵
  PID:7180
- C:\Windows\System\JBWTOgp.exe
  C:\Windows\System\JBWTOgp.exe
  2⤵
  PID:7240
- C:\Windows\System\tyRLawW.exe
  C:\Windows\System\tyRLawW.exe
  2⤵
  PID:7244
- C:\Windows\System\IieLOnv.exe
  C:\Windows\System\IieLOnv.exe
  2⤵
  PID:7292
- C:\Windows\System\mBqpORp.exe
  C:\Windows\System\mBqpORp.exe
  2⤵
  PID:7304
- C:\Windows\System\RIMznWj.exe
  C:\Windows\System\RIMznWj.exe
  2⤵
  PID:7372
- C:\Windows\System\steSzsM.exe
  C:\Windows\System\steSzsM.exe
  2⤵
  PID:7320
- C:\Windows\System\xNyReXI.exe
  C:\Windows\System\xNyReXI.exe
  2⤵
  PID:7436
- C:\Windows\System\JrAXIiQ.exe
  C:\Windows\System\JrAXIiQ.exe
  2⤵
  PID:7452
- C:\Windows\System\SdvhLBd.exe
  C:\Windows\System\SdvhLBd.exe
  2⤵
  PID:7504
- C:\Windows\System\ouKqwNt.exe
  C:\Windows\System\ouKqwNt.exe
  2⤵
  PID:7484
- C:\Windows\System\UlqrJZl.exe
  C:\Windows\System\UlqrJZl.exe
  2⤵
  PID:7584
- C:\Windows\System\RkjdHyg.exe
  C:\Windows\System\RkjdHyg.exe
  2⤵
  PID:7568
- C:\Windows\System\kxwRirG.exe
  C:\Windows\System\kxwRirG.exe
  2⤵
  PID:7616
- C:\Windows\System\vgmRUZI.exe
  C:\Windows\System\vgmRUZI.exe
  2⤵
  PID:7648
- C:\Windows\System\xruonWi.exe
  C:\Windows\System\xruonWi.exe
  2⤵
  PID:7692
- C:\Windows\System\oZRzZgd.exe
  C:\Windows\System\oZRzZgd.exe
  2⤵
  PID:7712
- C:\Windows\System\KtatXrX.exe
  C:\Windows\System\KtatXrX.exe
  2⤵
  PID:7740
- C:\Windows\System\KXqHIJg.exe
  C:\Windows\System\KXqHIJg.exe
  2⤵
  PID:7796
- C:\Windows\System\PMCSUKb.exe
  C:\Windows\System\PMCSUKb.exe
  2⤵
  PID:7824
- C:\Windows\System\eFEiJZA.exe
  C:\Windows\System\eFEiJZA.exe
  2⤵
  PID:7860
- C:\Windows\System\kVQFMdf.exe
  C:\Windows\System\kVQFMdf.exe
  2⤵
  PID:7340
- C:\Windows\System\QbjQQvj.exe
  C:\Windows\System\QbjQQvj.exe
  2⤵
  PID:7924
- C:\Windows\System\fWRwexg.exe
  C:\Windows\System\fWRwexg.exe
  2⤵
  PID:7960
- C:\Windows\System\JVnfQvP.exe
  C:\Windows\System\JVnfQvP.exe
  2⤵
  PID:7972
- C:\Windows\System\GNppHFd.exe
  C:\Windows\System\GNppHFd.exe
  2⤵
  PID:8024
- C:\Windows\System\MmXZNCw.exe
  C:\Windows\System\MmXZNCw.exe
  2⤵
  PID:8008
- C:\Windows\System\FcupyAS.exe
  C:\Windows\System\FcupyAS.exe
  2⤵
  PID:8044
- C:\Windows\System\MnsdAdH.exe
  C:\Windows\System\MnsdAdH.exe
  2⤵
  PID:8108
- C:\Windows\System\iwWtWgm.exe
  C:\Windows\System\iwWtWgm.exe
  2⤵
  PID:8152
- C:\Windows\System\SIBRZWk.exe
  C:\Windows\System\SIBRZWk.exe
  2⤵
  PID:8184
- C:\Windows\System\HEAhmyn.exe
  C:\Windows\System\HEAhmyn.exe
  2⤵
  PID:7176
- C:\Windows\System\aMxzQRg.exe
  C:\Windows\System\aMxzQRg.exe
  2⤵
  PID:7288
- C:\Windows\System\XVYUBOA.exe
  C:\Windows\System\XVYUBOA.exe
  2⤵
  PID:7192
- C:\Windows\System\ubSzBfJ.exe
  C:\Windows\System\ubSzBfJ.exe
  2⤵
  PID:7228
- C:\Windows\System\TltccNj.exe
  C:\Windows\System\TltccNj.exe
  2⤵
  PID:7392
- C:\Windows\System\bckmtGC.exe
  C:\Windows\System\bckmtGC.exe
  2⤵
  PID:7828
- C:\Windows\System\QPBNFMX.exe
  C:\Windows\System\QPBNFMX.exe
  2⤵
  PID:7488
- C:\Windows\System\TsRYfZZ.exe
  C:\Windows\System\TsRYfZZ.exe
  2⤵
  PID:7612
- C:\Windows\System\lJHzGNY.exe
  C:\Windows\System\lJHzGNY.exe
  2⤵
  PID:7564
- C:\Windows\System\uoUEyBk.exe
  C:\Windows\System\uoUEyBk.exe
  2⤵
  PID:7644
- C:\Windows\System\FaixFPt.exe
  C:\Windows\System\FaixFPt.exe
  2⤵
  PID:7848
- C:\Windows\System\uqUdMHc.exe
  C:\Windows\System\uqUdMHc.exe
  2⤵
  PID:7892
- C:\Windows\System\iDqxyqO.exe
  C:\Windows\System\iDqxyqO.exe
  2⤵
  PID:7780
- C:\Windows\System\ZgyTLnA.exe
  C:\Windows\System\ZgyTLnA.exe
  2⤵
  PID:7880
- C:\Windows\System\KqvcyVQ.exe
  C:\Windows\System\KqvcyVQ.exe
  2⤵
  PID:8060
- C:\Windows\System\soLhOwY.exe
  C:\Windows\System\soLhOwY.exe
  2⤵
  PID:8156
- C:\Windows\System\bqzYOVR.exe
  C:\Windows\System\bqzYOVR.exe
  2⤵
  PID:8188
- C:\Windows\System\jdpuPsp.exe
  C:\Windows\System\jdpuPsp.exe
  2⤵
  PID:7356
- C:\Windows\System\jOYdDIh.exe
  C:\Windows\System\jOYdDIh.exe
  2⤵
  PID:7276
- C:\Windows\System\HHkppyt.exe
  C:\Windows\System\HHkppyt.exe
  2⤵
  PID:7532
- C:\Windows\System\AdcQMYw.exe
  C:\Windows\System\AdcQMYw.exe
  2⤵
  PID:7728
- C:\Windows\System\dOqzWmP.exe
  C:\Windows\System\dOqzWmP.exe
  2⤵
  PID:7708
- C:\Windows\System\eKRLsfs.exe
  C:\Windows\System\eKRLsfs.exe
  2⤵
  PID:7808
- C:\Windows\System\hNxOZxI.exe
  C:\Windows\System\hNxOZxI.exe
  2⤵
  PID:8012
- C:\Windows\System\gZpTCUl.exe
  C:\Windows\System\gZpTCUl.exe
  2⤵
  PID:8120
- C:\Windows\System\sAesygn.exe
  C:\Windows\System\sAesygn.exe
  2⤵
  PID:7196
- C:\Windows\System\DSAxdON.exe
  C:\Windows\System\DSAxdON.exe
  2⤵
  PID:7676
- C:\Windows\System\quciLVv.exe
  C:\Windows\System\quciLVv.exe
  2⤵
  PID:7912
- C:\Windows\System\DbHBGNS.exe
  C:\Windows\System\DbHBGNS.exe
  2⤵
  PID:8136
- C:\Windows\System\moYWthq.exe
  C:\Windows\System\moYWthq.exe
  2⤵
  PID:7748
- C:\Windows\System\niKKNFr.exe
  C:\Windows\System\niKKNFr.exe
  2⤵
  PID:8200
- C:\Windows\System\BkYqrgX.exe
  C:\Windows\System\BkYqrgX.exe
  2⤵
  PID:8216
- C:\Windows\System\MnQtMoK.exe
  C:\Windows\System\MnQtMoK.exe
  2⤵
  PID:8232
- C:\Windows\System\dzliqae.exe
  C:\Windows\System\dzliqae.exe
  2⤵
  PID:8252
- C:\Windows\System\HrJBtfN.exe
  C:\Windows\System\HrJBtfN.exe
  2⤵
  PID:8268
- C:\Windows\System\vKHzNhT.exe
  C:\Windows\System\vKHzNhT.exe
  2⤵
  PID:8284
- C:\Windows\System\ijCsddv.exe
  C:\Windows\System\ijCsddv.exe
  2⤵
  PID:8300
- C:\Windows\System\uhZNAEg.exe
  C:\Windows\System\uhZNAEg.exe
  2⤵
  PID:8316
- C:\Windows\System\GbXAVou.exe
  C:\Windows\System\GbXAVou.exe
  2⤵
  PID:8332
- C:\Windows\System\hkldEMV.exe
  C:\Windows\System\hkldEMV.exe
  2⤵
  PID:8348
- C:\Windows\System\NORukAc.exe
  C:\Windows\System\NORukAc.exe
  2⤵
  PID:8364
- C:\Windows\System\HgyJWcS.exe
  C:\Windows\System\HgyJWcS.exe
  2⤵
  PID:8380
- C:\Windows\System\spemgpM.exe
  C:\Windows\System\spemgpM.exe
  2⤵
  PID:8400
- C:\Windows\System\eQuIPKZ.exe
  C:\Windows\System\eQuIPKZ.exe
  2⤵
  PID:8416
- C:\Windows\System\bWbagZL.exe
  C:\Windows\System\bWbagZL.exe
  2⤵
  PID:8436
- C:\Windows\System\XPxNLrj.exe
  C:\Windows\System\XPxNLrj.exe
  2⤵
  PID:8452
- C:\Windows\System\IPlwFeo.exe
  C:\Windows\System\IPlwFeo.exe
  2⤵
  PID:8468
- C:\Windows\System\QMXLIvW.exe
  C:\Windows\System\QMXLIvW.exe
  2⤵
  PID:8484
- C:\Windows\System\UlMpbNU.exe
  C:\Windows\System\UlMpbNU.exe
  2⤵
  PID:8500
- C:\Windows\System\OIjuyAH.exe
  C:\Windows\System\OIjuyAH.exe
  2⤵
  PID:8516
- C:\Windows\System\kHVsedP.exe
  C:\Windows\System\kHVsedP.exe
  2⤵
  PID:8532
- C:\Windows\System\BNsNPAH.exe
  C:\Windows\System\BNsNPAH.exe
  2⤵
  PID:8548
- C:\Windows\System\bmmILKz.exe
  C:\Windows\System\bmmILKz.exe
  2⤵
  PID:8564
- C:\Windows\System\bvmawwh.exe
  C:\Windows\System\bvmawwh.exe
  2⤵
  PID:8580
- C:\Windows\System\xjKvoGH.exe
  C:\Windows\System\xjKvoGH.exe
  2⤵
  PID:8600
- C:\Windows\System\aWZgxbO.exe
  C:\Windows\System\aWZgxbO.exe
  2⤵
  PID:8620
- C:\Windows\System\OndqFiQ.exe
  C:\Windows\System\OndqFiQ.exe
  2⤵
  PID:8636
- C:\Windows\System\FBprJqq.exe
  C:\Windows\System\FBprJqq.exe
  2⤵
  PID:8652
- C:\Windows\System\guaYiVs.exe
  C:\Windows\System\guaYiVs.exe
  2⤵
  PID:8668
- C:\Windows\System\GySYDwZ.exe
  C:\Windows\System\GySYDwZ.exe
  2⤵
  PID:8684
- C:\Windows\System\llmZlxO.exe
  C:\Windows\System\llmZlxO.exe
  2⤵
  PID:8700
- C:\Windows\System\MBycBii.exe
  C:\Windows\System\MBycBii.exe
  2⤵
  PID:8716
- C:\Windows\System\LqTepkO.exe
  C:\Windows\System\LqTepkO.exe
  2⤵
  PID:8732
- C:\Windows\System\bHNnXoi.exe
  C:\Windows\System\bHNnXoi.exe
  2⤵
  PID:8748
- C:\Windows\System\DQCPNUX.exe
  C:\Windows\System\DQCPNUX.exe
  2⤵
  PID:8764
- C:\Windows\System\rcPlmOl.exe
  C:\Windows\System\rcPlmOl.exe
  2⤵
  PID:8780
- C:\Windows\System\RMaRwCK.exe
  C:\Windows\System\RMaRwCK.exe
  2⤵
  PID:8800
- C:\Windows\System\DBtyBOI.exe
  C:\Windows\System\DBtyBOI.exe
  2⤵
  PID:8816
- C:\Windows\System\PLZfior.exe
  C:\Windows\System\PLZfior.exe
  2⤵
  PID:8832
- C:\Windows\System\VjpnOdE.exe
  C:\Windows\System\VjpnOdE.exe
  2⤵
  PID:8848
- C:\Windows\System\AuTRKrp.exe
  C:\Windows\System\AuTRKrp.exe
  2⤵
  PID:8868
- C:\Windows\System\JGZQKIc.exe
  C:\Windows\System\JGZQKIc.exe
  2⤵
  PID:8884
- C:\Windows\System\ZIizYdx.exe
  C:\Windows\System\ZIizYdx.exe
  2⤵
  PID:8904
- C:\Windows\System\hvXLhfc.exe
  C:\Windows\System\hvXLhfc.exe
  2⤵
  PID:8920
- C:\Windows\System\VNDgAGC.exe
  C:\Windows\System\VNDgAGC.exe
  2⤵
  PID:8936
- C:\Windows\System\DIvhegv.exe
  C:\Windows\System\DIvhegv.exe
  2⤵
  PID:8952
- C:\Windows\System\yuIBKSG.exe
  C:\Windows\System\yuIBKSG.exe
  2⤵
  PID:8968
- C:\Windows\System\GoHyzuM.exe
  C:\Windows\System\GoHyzuM.exe
  2⤵
  PID:8984
- C:\Windows\System\mjakHjI.exe
  C:\Windows\System\mjakHjI.exe
  2⤵
  PID:9000
- C:\Windows\System\kAbGuTV.exe
  C:\Windows\System\kAbGuTV.exe
  2⤵
  PID:9016
- C:\Windows\System\vbHsUVa.exe
  C:\Windows\System\vbHsUVa.exe
  2⤵
  PID:9032
- C:\Windows\System\XQKZMUD.exe
  C:\Windows\System\XQKZMUD.exe
  2⤵
  PID:9048
- C:\Windows\System\QgIkwQW.exe
  C:\Windows\System\QgIkwQW.exe
  2⤵
  PID:9064
- C:\Windows\System\avarUAN.exe
  C:\Windows\System\avarUAN.exe
  2⤵
  PID:9080
- C:\Windows\System\vvgGyZf.exe
  C:\Windows\System\vvgGyZf.exe
  2⤵
  PID:9096
- C:\Windows\System\osPxjJz.exe
  C:\Windows\System\osPxjJz.exe
  2⤵
  PID:9112
- C:\Windows\System\tsSnkmk.exe
  C:\Windows\System\tsSnkmk.exe
  2⤵
  PID:9128
- C:\Windows\System\EuYXQNl.exe
  C:\Windows\System\EuYXQNl.exe
  2⤵
  PID:9144
- C:\Windows\System\GUlZBfm.exe
  C:\Windows\System\GUlZBfm.exe
  2⤵
  PID:9160
- C:\Windows\System\UzZNhac.exe
  C:\Windows\System\UzZNhac.exe
  2⤵
  PID:9176
- C:\Windows\System\uSPSKGf.exe
  C:\Windows\System\uSPSKGf.exe
  2⤵
  PID:8424
- C:\Windows\System\yZsUfkj.exe
  C:\Windows\System\yZsUfkj.exe
  2⤵
  PID:8524
- C:\Windows\System\UGImrxc.exe
  C:\Windows\System\UGImrxc.exe
  2⤵
  PID:8664
- C:\Windows\System\WLCVzsu.exe
  C:\Windows\System\WLCVzsu.exe
  2⤵
  PID:8228
- C:\Windows\System\JXgnalZ.exe
  C:\Windows\System\JXgnalZ.exe
  2⤵
  PID:8248
- C:\Windows\System\ojEXavJ.exe
  C:\Windows\System\ojEXavJ.exe
  2⤵
  PID:8280
- C:\Windows\System\myUYifV.exe
  C:\Windows\System\myUYifV.exe
  2⤵
  PID:8328
- C:\Windows\System\UITfTZj.exe
  C:\Windows\System\UITfTZj.exe
  2⤵
  PID:8376
- C:\Windows\System\NzQyIZY.exe
  C:\Windows\System\NzQyIZY.exe
  2⤵
  PID:8432
- C:\Windows\System\seqNlDT.exe
  C:\Windows\System\seqNlDT.exe
  2⤵
  PID:8540
- C:\Windows\System\kllqeaD.exe
  C:\Windows\System\kllqeaD.exe
  2⤵
  PID:7060
- C:\Windows\System\wPrccsG.exe
  C:\Windows\System\wPrccsG.exe
  2⤵
  PID:8508
- C:\Windows\System\EbUqpAp.exe
  C:\Windows\System\EbUqpAp.exe
  2⤵
  PID:8264
- C:\Windows\System\HQNpgGC.exe
  C:\Windows\System\HQNpgGC.exe
  2⤵
  PID:8340
- C:\Windows\System\wXoyuqv.exe
  C:\Windows\System\wXoyuqv.exe
  2⤵
  PID:8892
- C:\Windows\System\mNzZuST.exe
  C:\Windows\System\mNzZuST.exe
  2⤵
  PID:9184
- C:\Windows\System\NoVrKgg.exe
  C:\Windows\System\NoVrKgg.exe
  2⤵
  PID:9140
- C:\Windows\System\smWBHAv.exe
  C:\Windows\System\smWBHAv.exe
  2⤵
  PID:9212
- C:\Windows\System\HPKSaRB.exe
  C:\Windows\System\HPKSaRB.exe
  2⤵
  PID:8208
- C:\Windows\System\bsGLDQk.exe
  C:\Windows\System\bsGLDQk.exe
  2⤵
  PID:8196
- C:\Windows\System\BiAMUQO.exe
  C:\Windows\System\BiAMUQO.exe
  2⤵
  PID:9192
- C:\Windows\System\ywjyIED.exe
  C:\Windows\System\ywjyIED.exe
  2⤵
  PID:8844
- C:\Windows\System\uhLGTBH.exe
  C:\Windows\System\uhLGTBH.exe
  2⤵
  PID:9012
- C:\Windows\System\qlQMOSp.exe
  C:\Windows\System\qlQMOSp.exe
  2⤵
  PID:8492
- C:\Windows\System\cLtaXQV.exe
  C:\Windows\System\cLtaXQV.exe
  2⤵
  PID:8460
- C:\Windows\System\LChfSII.exe
  C:\Windows\System\LChfSII.exe
  2⤵
  PID:8616
- C:\Windows\System\EVKlpdm.exe
  C:\Windows\System\EVKlpdm.exe
  2⤵
  PID:8572
- C:\Windows\System\AMdAkKd.exe
  C:\Windows\System\AMdAkKd.exe
  2⤵
  PID:8808
- C:\Windows\System\XCVJISD.exe
  C:\Windows\System\XCVJISD.exe
  2⤵
  PID:8712
- C:\Windows\System\tCOqNnt.exe
  C:\Windows\System\tCOqNnt.exe
  2⤵
  PID:8740
- C:\Windows\System\gbdLJsC.exe
  C:\Windows\System\gbdLJsC.exe
  2⤵
  PID:8760
- C:\Windows\System\JLGQVEV.exe
  C:\Windows\System\JLGQVEV.exe
  2⤵
  PID:8828
- C:\Windows\System\hNPqmut.exe
  C:\Windows\System\hNPqmut.exe
  2⤵
  PID:9008
- C:\Windows\System\ckwUNEc.exe
  C:\Windows\System\ckwUNEc.exe
  2⤵
  PID:8696
- C:\Windows\System\CjZvXti.exe
  C:\Windows\System\CjZvXti.exe
  2⤵
  PID:9028
- C:\Windows\System\MCIwfvS.exe
  C:\Windows\System\MCIwfvS.exe
  2⤵
  PID:8824
- C:\Windows\System\lhZzzDe.exe
  C:\Windows\System\lhZzzDe.exe
  2⤵
  PID:9156
- C:\Windows\System\pyrWllk.exe
  C:\Windows\System\pyrWllk.exe
  2⤵
  PID:8932
- C:\Windows\System\ivBEaXV.exe
  C:\Windows\System\ivBEaXV.exe
  2⤵
  PID:8396
- C:\Windows\System\NJghLim.exe
  C:\Windows\System\NJghLim.exe
  2⤵
  PID:9172
- C:\Windows\System\fxBWsoO.exe
  C:\Windows\System\fxBWsoO.exe
  2⤵
  PID:8244
- C:\Windows\System\spzFaeA.exe
  C:\Windows\System\spzFaeA.exe
  2⤵
  PID:7076
- C:\Windows\System\ZRaMfTn.exe
  C:\Windows\System\ZRaMfTn.exe
  2⤵
  PID:8676
- C:\Windows\System\pkVLFNZ.exe
  C:\Windows\System\pkVLFNZ.exe
  2⤵
  PID:8392
- C:\Windows\System\IezimsQ.exe
  C:\Windows\System\IezimsQ.exe
  2⤵
  PID:8644
- C:\Windows\System\skvJvqb.exe
  C:\Windows\System\skvJvqb.exe
  2⤵
  PID:8612
- C:\Windows\System\HKBPTRp.exe
  C:\Windows\System\HKBPTRp.exe
  2⤵
  PID:8324
- C:\Windows\System\EnVYjcT.exe
  C:\Windows\System\EnVYjcT.exe
  2⤵
  PID:8788
- C:\Windows\System\TTMmoCG.exe
  C:\Windows\System\TTMmoCG.exe
  2⤵
  PID:9136
- C:\Windows\System\OdRsEnt.exe
  C:\Windows\System\OdRsEnt.exe
  2⤵
  PID:9152
- C:\Windows\System\mCwqmFT.exe
  C:\Windows\System\mCwqmFT.exe
  2⤵
  PID:9072
- C:\Windows\System\meRIMJL.exe
  C:\Windows\System\meRIMJL.exe
  2⤵
  PID:8744
- C:\Windows\System\MkytHAR.exe
  C:\Windows\System\MkytHAR.exe
  2⤵
  PID:8864
- C:\Windows\System\NlyAJyP.exe
  C:\Windows\System\NlyAJyP.exe
  2⤵
  PID:8856
- C:\Windows\System\jrkOjBc.exe
  C:\Windows\System\jrkOjBc.exe
  2⤵
  PID:7580
- C:\Windows\System\ttdRHch.exe
  C:\Windows\System\ttdRHch.exe
  2⤵
  PID:9200
- C:\Windows\System\EGUiJiW.exe
  C:\Windows\System\EGUiJiW.exe
  2⤵
  PID:8692
- C:\Windows\System\jFfAgqf.exe
  C:\Windows\System\jFfAgqf.exe
  2⤵
  PID:8632
- C:\Windows\System\uimxMxL.exe
  C:\Windows\System\uimxMxL.exe
  2⤵
  PID:8312
- C:\Windows\System\OIrdZwK.exe
  C:\Windows\System\OIrdZwK.exe
  2⤵
  PID:8592
- C:\Windows\System\iTwBHro.exe
  C:\Windows\System\iTwBHro.exe
  2⤵
  PID:8124
- C:\Windows\System\kZqZdge.exe
  C:\Windows\System\kZqZdge.exe
  2⤵
  PID:9120
- C:\Windows\System\LFZWpct.exe
  C:\Windows\System\LFZWpct.exe
  2⤵
  PID:1368
- C:\Windows\System\VfnPHnV.exe
  C:\Windows\System\VfnPHnV.exe
  2⤵
  PID:8292
- C:\Windows\System\wFCOtYH.exe
  C:\Windows\System\wFCOtYH.exe
  2⤵
  PID:8660
- C:\Windows\System\FGBZYLp.exe
  C:\Windows\System\FGBZYLp.exe
  2⤵
  PID:8576
- C:\Windows\System\CGkpWIS.exe
  C:\Windows\System\CGkpWIS.exe
  2⤵
  PID:9056
- C:\Windows\System\BNZttrc.exe
  C:\Windows\System\BNZttrc.exe
  2⤵
  PID:9040
- C:\Windows\System\bEreeer.exe
  C:\Windows\System\bEreeer.exe
  2⤵
  PID:8796
- C:\Windows\System\VHFlDls.exe
  C:\Windows\System\VHFlDls.exe
  2⤵
  PID:9208
- C:\Windows\System\XdBqtSS.exe
  C:\Windows\System\XdBqtSS.exe
  2⤵
  PID:8224
- C:\Windows\System\FFbywek.exe
  C:\Windows\System\FFbywek.exe
  2⤵
  PID:9224
- C:\Windows\System\ymenJhd.exe
  C:\Windows\System\ymenJhd.exe
  2⤵
  PID:9240
- C:\Windows\System\xrZgjBU.exe
  C:\Windows\System\xrZgjBU.exe
  2⤵
  PID:9256
- C:\Windows\System\YLZdjmw.exe
  C:\Windows\System\YLZdjmw.exe
  2⤵
  PID:9272
- C:\Windows\System\yHOmBUl.exe
  C:\Windows\System\yHOmBUl.exe
  2⤵
  PID:9288
- C:\Windows\System\YzIyFbc.exe
  C:\Windows\System\YzIyFbc.exe
  2⤵
  PID:9304
- C:\Windows\System\fNQfHzH.exe
  C:\Windows\System\fNQfHzH.exe
  2⤵
  PID:9320
- C:\Windows\System\CxkGGwT.exe
  C:\Windows\System\CxkGGwT.exe
  2⤵
  PID:9336
- C:\Windows\System\fvermpw.exe
  C:\Windows\System\fvermpw.exe
  2⤵
  PID:9352
- C:\Windows\System\lyIPJRH.exe
  C:\Windows\System\lyIPJRH.exe
  2⤵
  PID:9368
- C:\Windows\System\turSJXM.exe
  C:\Windows\System\turSJXM.exe
  2⤵
  PID:9384
- C:\Windows\System\MSrwniD.exe
  C:\Windows\System\MSrwniD.exe
  2⤵
  PID:9400
- C:\Windows\System\zjzaBCU.exe
  C:\Windows\System\zjzaBCU.exe
  2⤵
  PID:9416
- C:\Windows\System\ntBGtpU.exe
  C:\Windows\System\ntBGtpU.exe
  2⤵
  PID:9432
- C:\Windows\System\xRdDGAB.exe
  C:\Windows\System\xRdDGAB.exe
  2⤵
  PID:9448
- C:\Windows\System\GcqfZap.exe
  C:\Windows\System\GcqfZap.exe
  2⤵
  PID:9464
- C:\Windows\System\WNOHNfw.exe
  C:\Windows\System\WNOHNfw.exe
  2⤵
  PID:9480
- C:\Windows\System\MFdstQm.exe
  C:\Windows\System\MFdstQm.exe
  2⤵
  PID:9500
- C:\Windows\System\wVbcDBL.exe
  C:\Windows\System\wVbcDBL.exe
  2⤵
  PID:9516
- C:\Windows\System\iMjDvyx.exe
  C:\Windows\System\iMjDvyx.exe
  2⤵
  PID:9532
- C:\Windows\System\sbzzlaj.exe
  C:\Windows\System\sbzzlaj.exe
  2⤵
  PID:9548
- C:\Windows\System\PNbOWFT.exe
  C:\Windows\System\PNbOWFT.exe
  2⤵
  PID:9564
- C:\Windows\System\yfspQEo.exe
  C:\Windows\System\yfspQEo.exe
  2⤵
  PID:9580
- C:\Windows\System\BiJQCqO.exe
  C:\Windows\System\BiJQCqO.exe
  2⤵
  PID:9596
- C:\Windows\System\vxEPlgk.exe
  C:\Windows\System\vxEPlgk.exe
  2⤵
  PID:9612
- C:\Windows\System\xbowDLM.exe
  C:\Windows\System\xbowDLM.exe
  2⤵
  PID:9628
- C:\Windows\System\dNfvBfV.exe
  C:\Windows\System\dNfvBfV.exe
  2⤵
  PID:9644
- C:\Windows\System\FVpjYIq.exe
  C:\Windows\System\FVpjYIq.exe
  2⤵
  PID:9660
- C:\Windows\System\qVrzKJN.exe
  C:\Windows\System\qVrzKJN.exe
  2⤵
  PID:9676
- C:\Windows\System\gUOLhUf.exe
  C:\Windows\System\gUOLhUf.exe
  2⤵
  PID:9692
- C:\Windows\System\piEYycf.exe
  C:\Windows\System\piEYycf.exe
  2⤵
  PID:9708
- C:\Windows\System\twswAnp.exe
  C:\Windows\System\twswAnp.exe
  2⤵
  PID:9728
- C:\Windows\System\MHDSDgP.exe
  C:\Windows\System\MHDSDgP.exe
  2⤵
  PID:9744
- C:\Windows\System\TFATOJM.exe
  C:\Windows\System\TFATOJM.exe
  2⤵
  PID:9760
- C:\Windows\System\HUGjkbv.exe
  C:\Windows\System\HUGjkbv.exe
  2⤵
  PID:9776
- C:\Windows\System\fTWuIEQ.exe
  C:\Windows\System\fTWuIEQ.exe
  2⤵
  PID:9792
- C:\Windows\System\tISwEWb.exe
  C:\Windows\System\tISwEWb.exe
  2⤵
  PID:9808
- C:\Windows\System\KmhdNAD.exe
  C:\Windows\System\KmhdNAD.exe
  2⤵
  PID:9824
- C:\Windows\System\QnPPQqO.exe
  C:\Windows\System\QnPPQqO.exe
  2⤵
  PID:9840
- C:\Windows\System\FqoffRb.exe
  C:\Windows\System\FqoffRb.exe
  2⤵
  PID:9856
- C:\Windows\System\pjNuEXy.exe
  C:\Windows\System\pjNuEXy.exe
  2⤵
  PID:9872
- C:\Windows\System\hQVESnX.exe
  C:\Windows\System\hQVESnX.exe
  2⤵
  PID:9888
- C:\Windows\System\gMcTkKk.exe
  C:\Windows\System\gMcTkKk.exe
  2⤵
  PID:9904
- C:\Windows\System\MmWphmf.exe
  C:\Windows\System\MmWphmf.exe
  2⤵
  PID:9920
- C:\Windows\System\hfqPGxj.exe
  C:\Windows\System\hfqPGxj.exe
  2⤵
  PID:10084
- C:\Windows\System\SiowiEN.exe
  C:\Windows\System\SiowiEN.exe
  2⤵
  PID:10112
- C:\Windows\System\uCLrXzI.exe
  C:\Windows\System\uCLrXzI.exe
  2⤵
  PID:10132
- C:\Windows\System\BBddoaZ.exe
  C:\Windows\System\BBddoaZ.exe
  2⤵
  PID:10148
- C:\Windows\System\BybrqWM.exe
  C:\Windows\System\BybrqWM.exe
  2⤵
  PID:10164
- C:\Windows\System\XpcLHMb.exe
  C:\Windows\System\XpcLHMb.exe
  2⤵
  PID:10180
- C:\Windows\System\ImFRpZP.exe
  C:\Windows\System\ImFRpZP.exe
  2⤵
  PID:10196
- C:\Windows\System\TafOlQC.exe
  C:\Windows\System\TafOlQC.exe
  2⤵
  PID:10212
- C:\Windows\System\saAedMr.exe
  C:\Windows\System\saAedMr.exe
  2⤵
  PID:10228
- C:\Windows\System\YnRUhDI.exe
  C:\Windows\System\YnRUhDI.exe
  2⤵
  PID:9236
- C:\Windows\System\xcFZphn.exe
  C:\Windows\System\xcFZphn.exe
  2⤵
  PID:9300
- C:\Windows\System\cBWGzIi.exe
  C:\Windows\System\cBWGzIi.exe
  2⤵
  PID:9364
- C:\Windows\System\fTSHArT.exe
  C:\Windows\System\fTSHArT.exe
  2⤵
  PID:9316
- C:\Windows\System\mXlmpdC.exe
  C:\Windows\System\mXlmpdC.exe
  2⤵
  PID:9380
- C:\Windows\System\DGdaiYx.exe
  C:\Windows\System\DGdaiYx.exe
  2⤵
  PID:9424
- C:\Windows\System\NvJldWg.exe
  C:\Windows\System\NvJldWg.exe
  2⤵
  PID:9408
- C:\Windows\System\vircszc.exe
  C:\Windows\System\vircszc.exe
  2⤵
  PID:9576
- C:\Windows\System\juxmlrG.exe
  C:\Windows\System\juxmlrG.exe
  2⤵
  PID:9640
- C:\Windows\System\rXkpYGi.exe
  C:\Windows\System\rXkpYGi.exe
  2⤵
  PID:9624
- C:\Windows\System\AFSNeya.exe
  C:\Windows\System\AFSNeya.exe
  2⤵
  PID:9668
- C:\Windows\System\OzRCHCe.exe
  C:\Windows\System\OzRCHCe.exe
  2⤵
  PID:9740
- C:\Windows\System\qsNjrhB.exe
  C:\Windows\System\qsNjrhB.exe
  2⤵
  PID:9804
- C:\Windows\System\gYoqFkg.exe
  C:\Windows\System\gYoqFkg.exe
  2⤵
  PID:9868
- C:\Windows\System\picPisg.exe
  C:\Windows\System\picPisg.exe
  2⤵
  PID:9912
- C:\Windows\System\DnZcOlP.exe
  C:\Windows\System\DnZcOlP.exe
  2⤵
  PID:9936
- C:\Windows\System\UbBTDIH.exe
  C:\Windows\System\UbBTDIH.exe
  2⤵
  PID:9956
- C:\Windows\System\rGlaJXF.exe
  C:\Windows\System\rGlaJXF.exe
  2⤵
  PID:9968
- C:\Windows\System\gjfaLzm.exe
  C:\Windows\System\gjfaLzm.exe
  2⤵
  PID:9984
- C:\Windows\System\YKjuEAK.exe
  C:\Windows\System\YKjuEAK.exe
  2⤵
  PID:10000
- C:\Windows\System\IavntRL.exe
  C:\Windows\System\IavntRL.exe
  2⤵
  PID:10016
- C:\Windows\System\pMDbXeG.exe
  C:\Windows\System\pMDbXeG.exe
  2⤵
  PID:10036
- C:\Windows\System\isSgzTZ.exe
  C:\Windows\System\isSgzTZ.exe
  2⤵
  PID:10048
- C:\Windows\System\tiJTnQB.exe
  C:\Windows\System\tiJTnQB.exe
  2⤵
  PID:10052
- C:\Windows\System\eJBqyEX.exe
  C:\Windows\System\eJBqyEX.exe
  2⤵
  PID:7028
- C:\Windows\System\xHJxPGO.exe
  C:\Windows\System\xHJxPGO.exe
  2⤵
  PID:10080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\EqSHRAd.exe

Filesize
6.0MB

MD5
c4e5c7b7aec2f8d35ed4e9d4c71d4c5b

SHA1
bdac68e7229dda35154b1a4eb1a5d167b8e70287

SHA256
d4b53a1a7d3b871c2b57dd5ecd5a0f7e355e9514a01b0710fa7ac269b4b2e34e

SHA512
b59192940dc4c972660bd41b564d38558bc9d80fb670731d88d23c79ec65b3f60267e2d8577edd8dccb40ab1bda7a61c939758a335f30a896b6d8d18cf83c6f8

Download Submit
C:\Windows\system\FOhwZIH.exe

Filesize
6.0MB

MD5
42fe90548b834408220461cdcc7fdb1d

SHA1
4fecca56c3c460959e5e34bf56b19a6ac843462b

SHA256
60284ecbe930faa85340b312e534de579868471ad20d2e325ee146a81ae2c570

SHA512
356d57a8e99ffcfb62c770c72ab35672efe0e1d3f6ccab1ea4e70f518bdc01e020628a2df4d6e039158beb092ffcfc715d00551628f909deada736e933552d20

Download Submit
C:\Windows\system\FVYIzNI.exe

Filesize
6.0MB

MD5
858299d7a14993cae6b65f2f69db71b7

SHA1
bdab37388cd9b705da5338892c1c37a6a94c8355

SHA256
5164c24561ce3d403eaad7365328a14da0dae0dd8402af753823886513db8cd7

SHA512
643f64132af637b05532108d9b7c2e45fdd0266e9c8716f5dbd9ac656a9a8e8d078e7cf3e9b7cebff5594a0a65457787e0586bdd2207b5acc54143c45b57268b

Download Submit
C:\Windows\system\HRDqSiy.exe

Filesize
6.0MB

MD5
8d39be3d89a32a14e81c88bb96a81e44

SHA1
ec63071b4c2e7ed50dc07b7ede849d87d96d0f38

SHA256
e50325e889ace394e99376a2b2ecaf7b37973bfe127f3dbbc2056d0522f9d071

SHA512
ad28fbffc3efe52907a40a5a7384722e9e2dc9753c6442efc6e92c4224882ad7396a8d540b165d5f13b4cf3b36529336770c4ba04c35109e4aeed03959ab4d3f

Download Submit
C:\Windows\system\IAbZPiu.exe

Filesize
6.0MB

MD5
aae011b9b03e2d30b0cbff11c13a24b0

SHA1
b71d978ec26c881e72c685c7bd1fccde538b8bc9

SHA256
c59a5850ee1da54f620660bfab565442bf48cb66d5ac8842578cd936eb4dc7ca

SHA512
508bd04e41c051b94ac3de614e5611d8500328e75b6975fe2e09eb5d81b31442a016a5d2c1f45cf106847b5788b1df2143a643f0a1db91f8c6ccdcb5077c08b9

Download Submit
C:\Windows\system\IOrxJLG.exe

Filesize
6.0MB

MD5
1de2d08196b0ae2bb228aa6b976d047a

SHA1
dcc50646135300582be1b535acde61628e879d51

SHA256
882e6422b0fc6607723b471eb65e2e71eb78601910200522901434e1839c0fce

SHA512
86b09fb4491f1126e6fa138d18df22602cd9052bea2041f1e1a21516ca1b6b6c0d338f02170aca242f4f9345b7224fcd46c9f9024953efd5dfb9a2ee2492cd0a

Download Submit
C:\Windows\system\MCUWoXp.exe

Filesize
6.0MB

MD5
c5464030c84b1d72a8a099e59c536074

SHA1
8a26ed379348dc57e4b622bb1ea301d00f6bea76

SHA256
38aff471e0b1811c59e10f9985e9f3116f1e2c84ef0620006b835226c56bc99c

SHA512
5a6ac76fa458c44815e8a2b93eecb8d19693b023c4dfc3fa49da0d8ec09045572cd857149b13765549b6925736a050dfe147ad31041ee015330b7a6fe45cb090

Download Submit
C:\Windows\system\MvIqRzQ.exe

Filesize
6.0MB

MD5
46c508c84312573b92e6d79e674b7187

SHA1
5fbf94d27a968f618d0dd27305710ccb05cf6025

SHA256
9184964002c2965f5a51c6d493a6b8dbc3ffa6ffdbf988241f521b48dad8be58

SHA512
083310678b9bd22b6963759b3ff949d05097e28b643ad844c6826ba37addfe440f8628c9c97d5cdee2a0cd5e33b54a8b42d9a6dbd7d4326ac362b59965960a97

Download Submit
C:\Windows\system\OcktryR.exe

Filesize
6.0MB

MD5
e543156ddce1d780a2f4b11eb2a46b79

SHA1
30faf3e6680d2178b23f18f02fb2fab633a40954

SHA256
caa3c13b7571f31f83590275e749738e5b8f543e7141b57b085933c8e462ab07

SHA512
f3d9b588deb18a96af886c4de6456d436825d3d78641728ea7fba19dabe4d3c205fc413d74b6439d27457c39db39f7b03b7a41f5daba26667e619eb41c8414ff

Download Submit
C:\Windows\system\OolgFqI.exe

Filesize
6.0MB

MD5
cf0eafb182a4038cabf35523fd41df8f

SHA1
2ef88df9da101b14976054589822693491b2a61b

SHA256
5e4c8dd3e33fa1da688f0106ca5eede00fda1c5d379a10aecfff52a355dcfb4e

SHA512
cdb43fbe555f34b0fecd7d6fb2face11d1c5c5e1c680100597edb641cd1ad21ef7b3691708cee53dca23d33e0074b2fc42b9ed20c1750d3c7ed847dc74f3ab2c

Download Submit
C:\Windows\system\QFsepdo.exe

Filesize
6.0MB

MD5
85674fee83ac0cc9062c7fc4a9affb42

SHA1
2ffd7913e016045d313557342fbeb7be63d1d516

SHA256
2efd84b37854716eb1f12059635ae9e08cd86c8478438557b842c3bd2be1167b

SHA512
dfe85e1bf954c843340e3efe91df4d4e364e33bea5aba55d2de4a845dff613902bd4bc3b9d6cbef2e069bafc729c32de30f0b6669e7b7fff76a4e9f2682bcdd1

Download Submit
C:\Windows\system\VIhEgzB.exe

Filesize
6.0MB

MD5
ae03ec74460f5e05ccd26feb5cd7d74f

SHA1
eb5f4edf200f836f2884a533f2b71a7afadc63ae

SHA256
bc59f2bc142d39d01dd9c242a25d94cbcaa06ee7030e09f03849a75535aa0c7e

SHA512
0da325a6242e9dfd41db94c3d8f2f7afb843b6ac1ad69aca7845b956b32d3f3482c580b0c477ab9a665ff3982eb4604d8721779f215a94d424d0bf08c7d44976

Download Submit
C:\Windows\system\XXyfpzo.exe

Filesize
6.0MB

MD5
a53cb13e7a29b51ca4750eebff710dce

SHA1
86b81f8b76a330a6b57bf3e28cca8498377bd7b5

SHA256
9dbcf3f24ed60ea7780ab1ac52ff28dec3361aaf222459efab5352e4d6399c97

SHA512
fa72da042c2738eb0bbf0adebc56ac89683126fb6edafee98825ed0c6b784ccc695a3121a53c666287d1153dbb3c6646bce26f923cb2b89659d723651009d571

Download Submit
C:\Windows\system\aomZaeW.exe

Filesize
6.0MB

MD5
17be2d082b1489e0f2fa86d2f739478a

SHA1
58f39db5205a54e20d84ddb1e6384a852e2b617a

SHA256
1d4472d3bd3291b6b4fed45915514b1169858c546be3ca84b95fd54a0565c8f6

SHA512
6becdad51540b987a140711c672cff96880912e8d650705221dc757e2036ab5eaf5f2cd954ee92a128c8b0b35b4aec5835e06e044c4c1a6b223682af09c310c6

Download Submit
C:\Windows\system\auUsQHE.exe

Filesize
6.0MB

MD5
8e98be5d002228bbf6c0ee63282de15f

SHA1
234c33f3a08d78e79e90195b118453435a6ac6b0

SHA256
acddbf8f6179175bcc5a2af8851cc49e7ad61d8f8e2d54c795c94a68589dafbd

SHA512
8d336ef17838581d674a902e58060f1333c36f06bf3324ebd76bfaf66a44d9d93b59aa621599648c6cd13f2cb2cca7604bdebfdd2d7bfb02e0c94b5c818de322

Download Submit
C:\Windows\system\biOklYW.exe

Filesize
6.0MB

MD5
c13e110499a7b82fa550247e380f4495

SHA1
2e12b9e81ced6fd22e7a4691c5c2f7700b73466d

SHA256
bcf4a9835a09f9cd5af35eb5c6bbb25a5c1262f60a5d2cedcc31dcd3c9df0b87

SHA512
1f53022837d5dad501690ea059f4b381d24d3cae7dc1956eddc0f79de7dae02eb23995e23b96f62c94015877d22f4f2180da778689e72b31303d03dc39f34ed2

Download Submit
C:\Windows\system\dwiXLbj.exe

Filesize
6.0MB

MD5
3cfa0b74eb36c611b4a49c1b34304bd5

SHA1
ab8cc5fdc467813dea0ab8e6efa2caa3c527dfe8

SHA256
75fc7e75bbdc381562a5078b40652ebe614e8094004b84c2bd3baeca1bd6757f

SHA512
069fac3031f8043cd984ea51cbca1971745ff87ab7a935b0ee46b90c79a2cd30eff5b93571a468b25e1de592cd48d36fd39399534354f4db92bbc82d34d54906

Download Submit
C:\Windows\system\eZhFGoF.exe

Filesize
6.0MB

MD5
3ab60e530a63d9cbd97086bd365a58f9

SHA1
35e7bdca66056c352b94be395c9623b338fc4cc2

SHA256
0cd39407d3f94276e936504fc513f54ab4bf56a0e2e76f01294ce617f548f58a

SHA512
b47e1b960b4102a059efd55d74558db865e85a7c4eadfec1143dff485f8364e7e5c0d08a1a0f5634cb80be4635f62ff7e5d152e6eda217887256ca8cc7f856da

Download Submit
C:\Windows\system\hPepvHR.exe

Filesize
6.0MB

MD5
aaefb5a62696e1ec7eaff2f9e75f4ac1

SHA1
4ed52e4d4e46e508eb02d8cd989be215e11af866

SHA256
5cc49663d34c43245029eb861715b902c293100fb1a706482952ed46dd596864

SHA512
f07959e24f224eda4cbff4f8632f602f35c55fb05fed87c9046d58c0f37c8f89cf50d0b9d0b13bac3e4f34917a54d8202688a78fc74d71af189fd46699b1ae25

Download Submit
C:\Windows\system\lBlFRAu.exe

Filesize
6.0MB

MD5
31a7a0461d4a76432a9ba3f90936ba75

SHA1
7d5d395af6451bd1bede2b91f871670b9cd53430

SHA256
81aa687ac806f96b24c075a608e78058fc905d5ea7aa3ef057f36371758a5b4a

SHA512
cfca7ebd906eceec5ea0819428392e6023b5455691f51cef156713b6028f6a25978d9794896819c8682f0c676e7ce6e494348dc7054d6a01e2fcbe4a3aca4811

Download Submit
C:\Windows\system\mNJjXwi.exe

Filesize
6.0MB

MD5
7d67cc2e77325d10c7a82e9eee3ed45a

SHA1
1920598c39ff8fafe983f39f4b853d21b52f36b9

SHA256
31524d6db425f810b79c2f4c46f6ea0979a8b60224b6dc6a4d0d742897e79fb2

SHA512
9f1b76c3fcdc8ede53b603d2bcd486c8d60f45f59898befaeb3f72fd910066b438a9d2acdecfe1c26c69d48b53680db4dd1a8286cbb4ab785dd8b9206afb2c38

Download Submit
C:\Windows\system\niMAStU.exe

Filesize
6.0MB

MD5
2745b5740bc52ed61734e829a93b8e2e

SHA1
9130439f1435fb960f69f86b68dbe8a55f345d6d

SHA256
7141640bf5321c3d01d9c1a3306b5635b6709671f5b64768d3e7b6b3e0600ed8

SHA512
3e40f7cf8d5ba6289a8f5f1ecf56eac346dd1be1efba62b2d97e80d1c3478ec5d5d7823dd19049a681eba59a9ffa83f218ee098a0ad53447044e72cb0779fa86

Download Submit
C:\Windows\system\qecFLAl.exe

Filesize
6.0MB

MD5
7b9dc075387021d55a065e6a02122ffa

SHA1
3db35d0d3f0de710f6286683af0751f6a3776aba

SHA256
13beae760db2a4da0f9322680a3fd4834b9d91198de874a3e7f4c378794b0a26

SHA512
93e20e01e610ffc5a5edbfe915c4ed6be0e144e7922eaf72db8f38478aaf32cd19e552d32cb50bb68a340109808f3cc3f0d285bd765dac719a2752fc0d47f116

Download Submit
C:\Windows\system\ukpLDrO.exe

Filesize
6.0MB

MD5
69d83f8a58ed5a356a9f590b58b1929f

SHA1
90ae9fff3ab185b4065446fb2ed07e2ecba44f16

SHA256
71e5d1d38d071fb4620125b045e7d82bc5c371e6b231f9042a66c5cda64bf9ae

SHA512
6f2a5442eb2d7334c7cf96d8a3cc7c3c377ffc445d8dc06d15ebaad9302cc8d2bda5dabcedd444b1d523e7c6b78b4b90e7f9dd7fd7b754048d817b0552e6b46c

Download Submit
C:\Windows\system\ymcvamv.exe

Filesize
6.0MB

MD5
7463881a57a426ee40b256decb2c88c2

SHA1
a95c1b0d67f038a2a26c1fb6b5f6daccf9a8d4f6

SHA256
58da2a00d1e1e8c9d81cff8641dbfe0645f499e279fdf1af346e598133798151

SHA512
f9f441474a53e834fd5b87c59e3a113b8f5518a775ed6ace1a2ac47445e56a50763767012268c9054bc7226e7d51710e25f9df267d832600e76e434e8d459c70

Download Submit
\Windows\system\CZzoZTn.exe

Filesize
6.0MB

MD5
0f92671c5c22ee0cd15e2cd7896f3752

SHA1
6fd83493aa5c3c442545483cc44c8b4bcfd3cc08

SHA256
b9c303b4628c157516155b6cb5993c2e17edc864ef40bb893b6d6b02aed6c850

SHA512
88f7d8983310a6c3345d4f15f3d0751c9a662f3832d1574512d019f7744b870c8bc95da935f4fd5763e5eccad8bb381835a40c4d345b5e36c942e54bbec3925f

Download Submit
\Windows\system\FHMpebI.exe

Filesize
6.0MB

MD5
48cb691f153607db2a35d70150379210

SHA1
63c79c689bd75be1eae1a43c295a9d711e48c0bf

SHA256
74559dc00320aad6cd7c49fa518f0bc355b76be531ec5d5d93e60096e119ae70

SHA512
a88337aa6a9aa85600992591ebecc9dfa01af23411af5ed36f63b15084b5bade232c8762339123ad4717ed188b2c9d74acc4834fb1569b5ebc7f353638dddc6b

Download Submit
\Windows\system\PKHQMCY.exe

Filesize
6.0MB

MD5
60cebad40a3f1fe454d342dc0f4a741b

SHA1
7e09c711c8230887e1cd429c4bdae58b14b74435

SHA256
652d4cc20f1981ae0b868180e34c966152c6edef43cbc5d196630a164babe9f7

SHA512
82362390288b7c2d1ad96e7fe866ead7d63d4b1f8be26cf6954abe3d72d5e77f8dca6de245a9678352cf4d28defb9d2d39cc9df7576b6d1a532f95c1a310830b

Download Submit
\Windows\system\mFNTHnL.exe

Filesize
6.0MB

MD5
ae2e08db4d54d64d0ce74c8361ee2020

SHA1
dd408424925c10b8d57865eac49c03e0c6921b5c

SHA256
2a53dd44915817ce3c1cdbd2fb060f5b39e46a4e1708a55f331f2610b3c449e0

SHA512
078cf2618a9b4dcdff95b49aae87705cf81483ac34a907b0658dad53372210b333f80907a32af58d977b76bb4cfa62b34e447fceecb9199c28bc33488471556a

Download Submit
\Windows\system\rwitxnU.exe

Filesize
6.0MB

MD5
9d892accf97881ec49789f1886303de3

SHA1
9708f0aeff5423a2b0f65ee70fef8a7304eb9b5a

SHA256
6714ab45ddeb56c8600a31ce3e949f406a4f047f481aafad504e6f2df8f5ea9c

SHA512
9cf0bf934ea32397eb059d119886de592540e45880bc01c456fdf33f61beecc045eccc410b71d5f05ded26fba4fe4cb686fa1db49005f2d4b78f55890216f128

Download Submit
\Windows\system\viyXisl.exe

Filesize
6.0MB

MD5
8149133b65c1832881c629bc931283ce

SHA1
74713e7e9293f1a1b846d93344cee127efa027d9

SHA256
00759fbeb2c73035abf288fab8da8578efda78db92c3ae78fd8ec13a7c07867a

SHA512
4a2cd4d2a12b22a009ba349ab9477f03970dcbceba012ca574cf1a3f161bd06e54ddf4c599982b8bcab6db9c61e968b87ea6b6824579992884311862cf499dae

Download Submit
\Windows\system\zBUnETc.exe

Filesize
6.0MB

MD5
6d4e447c191842d8b605e7cf99f3f799

SHA1
ea8b4ca71b38fe9da74c09fd29ffbfdbc872a551

SHA256
d31266df357d1ba87b3062a5720859c21bc6d721c7546ac46f4f6de42cbc7d2a

SHA512
52f430510ad730ad8cdef7f5503f25a9892739715672f28e29400c2cbe12d569abd4bf5b59872d52e9151e16dd495fe77ca958eb94a202eda4a857342e070aac

Download Submit
memory/1224-42-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/1224-16-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/1224-610-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/1236-8-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/1236-609-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/1236-35-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/1692-193-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/1692-84-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/1692-1032-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/1736-13-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1736-74-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1736-46-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1736-97-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-92-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1736-69-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/1736-0-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/1736-81-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/1736-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1736-89-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/1736-105-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-112-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-6-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/1736-276-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-31-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/1736-409-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-55-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/1736-39-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/1736-24-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/1736-64-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1736-27-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/1736-330-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-210-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/1968-75-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/1968-1019-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/1968-111-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2248-77-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2248-1020-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2248-132-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2276-107-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-1073-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-371-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2324-25-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2324-47-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2324-611-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2872-1014-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2872-68-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2908-100-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-293-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-1060-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-29-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2912-614-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2912-48-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2920-961-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2920-57-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2920-91-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2984-93-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2984-241-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2984-1036-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/3044-60-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/3044-613-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/3044-43-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/3064-36-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/3064-53-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/3064-612-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download