cobaltstrike | 392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 04:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
Size

6.0MB
MD5

11616e466e54c34ca9a04c64b010a3ad
SHA1

d34da664c5fb0ce1817432f71896f13473284ff1
SHA256

392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117
SHA512

341acde0090924ae5153d6584fd29cad46a85f3fa1aabddc0e0e7fc868b717d55aae89a303c80f4f936c0be7068e1d04ba1fdd8234c60588c004bb55e83769df
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUO:eOl56utgpPF8u/7O

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d0b-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d13-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d24-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d36-29.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d3f-36.dat	cobalt_reflective_dll
behavioral1/files/0x0033000000016ca2-45.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d50-57.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d9f-65.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d47-64.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018678-85.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001879b-99.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190cd-109.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190d6-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f7-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019229-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924c-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-149.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d9-177.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-173.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-169.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193be-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019389-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019277-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019271-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019218-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018690-90.dat	cobalt_reflective_dll
behavioral1/files/0x001500000001866d-80.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2320-0-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/files/0x0008000000016d0b-6.dat	xmrig
behavioral1/memory/2260-15-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2420-14-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2320-8-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d13-9.dat	xmrig
behavioral1/files/0x0008000000016d24-22.dat	xmrig
behavioral1/memory/2084-27-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2320-17-0x0000000002490000-0x00000000027E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d36-29.dat	xmrig
behavioral1/memory/2636-35-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d3f-36.dat	xmrig
behavioral1/memory/2320-34-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2260-37-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2748-44-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/files/0x0033000000016ca2-45.dat	xmrig
behavioral1/memory/2768-51-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/2668-48-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d50-57.dat	xmrig
behavioral1/files/0x0008000000016d9f-65.dat	xmrig
behavioral1/memory/2484-69-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2636-71-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2300-68-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2536-67-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d47-64.dat	xmrig
behavioral1/memory/2320-60-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/1728-86-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/files/0x0009000000018678-85.dat	xmrig
behavioral1/memory/2320-83-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2768-95-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/files/0x000500000001879b-99.dat	xmrig
behavioral1/memory/2664-100-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/files/0x00060000000190cd-109.dat	xmrig
behavioral1/files/0x00060000000190d6-113.dat	xmrig
behavioral1/files/0x00050000000191f3-117.dat	xmrig
behavioral1/files/0x00050000000191f7-121.dat	xmrig
behavioral1/files/0x0005000000019229-129.dat	xmrig
behavioral1/files/0x000500000001924c-137.dat	xmrig
behavioral1/files/0x0005000000019273-149.dat	xmrig
behavioral1/memory/2320-732-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/files/0x00050000000193d9-177.dat	xmrig
behavioral1/files/0x00050000000193cc-173.dat	xmrig
behavioral1/files/0x00050000000193c4-169.dat	xmrig
behavioral1/files/0x00050000000193be-165.dat	xmrig
behavioral1/files/0x0005000000019389-161.dat	xmrig
behavioral1/files/0x0005000000019382-157.dat	xmrig
behavioral1/files/0x0005000000019277-153.dat	xmrig
behavioral1/files/0x0005000000019271-146.dat	xmrig
behavioral1/files/0x000500000001926b-141.dat	xmrig
behavioral1/files/0x0005000000019234-133.dat	xmrig
behavioral1/files/0x0005000000019218-125.dat	xmrig
behavioral1/memory/2320-107-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2484-106-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2300-105-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2536-104-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2320-97-0x0000000002490000-0x00000000027E4000-memory.dmp	xmrig
behavioral1/memory/2044-92-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2320-91-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000018690-90.dat	xmrig
behavioral1/memory/376-81-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/files/0x001500000001866d-80.dat	xmrig
behavioral1/memory/2084-56-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2260-3478-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2420	aBtSVhb.exe
2260	IiEcZbb.exe
2668	JnAbOFk.exe
2084	gzktpnC.exe
2636	kgQrTKk.exe
2748	HRoEfuU.exe
2768	GgmXYiZ.exe
2536	JyItiOt.exe
2300	GeLrRbd.exe
2484	mFiPhOV.exe
376	YbrMxPS.exe
1728	mXcNfnt.exe
2044	qccsPfa.exe
2664	zGNbvRq.exe
2916	QoVqjCC.exe
2016	BjnvBoV.exe
620	KREXVcL.exe
852	VYHYTbD.exe
552	GXSASzw.exe
1792	RsCLqfT.exe
1204	qIaiUoe.exe
1800	IucOmra.exe
1156	lSJgPBf.exe
1992	tsjQXiJ.exe
2264	zoAKssG.exe
1920	xLuVDEK.exe
1912	lzlQblo.exe
2352	JVMrWXt.exe
2380	CebtGJT.exe
1148	MyFjCTg.exe
1272	xabXeur.exe
1484	ZWTAYuI.exe
660	BHFYHar.exe
936	sWOmZKV.exe
2180	XHNaiWl.exe
1324	AolUMyi.exe
1680	jHDEXwE.exe
1556	TuRCrIC.exe
3032	XYHUxFP.exe
2192	PzYSuPc.exe
1188	TnPEtkL.exe
944	iMGiFkq.exe
2208	bClgexc.exe
1704	tJzNESF.exe
1864	Vyqafna.exe
2404	fLlEXLa.exe
1532	JVXSPcH.exe
1856	IWuxFxv.exe
2896	wwdQVki.exe
1136	eokiEkk.exe
752	CXvIgai.exe
632	cQiWvCf.exe
560	ynzxhRl.exe
3008	nYGvERO.exe
2316	gRgSixw.exe
2308	TBnLxrl.exe
2984	yuHJDaB.exe
2096	VlHInpJ.exe
2424	pWQlPhR.exe
1780	qpgCGiz.exe
2368	ukYwHmr.exe
884	mOXBVyf.exe
2144	BEXGfkL.exe
2924	tppmsfV.exe

Loads dropped DLL 64 IoCs

pid	Process
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2320-0-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/files/0x0008000000016d0b-6.dat	upx
behavioral1/memory/2260-15-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2420-14-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2320-8-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/files/0x0008000000016d13-9.dat	upx
behavioral1/files/0x0008000000016d24-22.dat	upx
behavioral1/memory/2084-27-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2320-17-0x0000000002490000-0x00000000027E4000-memory.dmp	upx
behavioral1/files/0x0007000000016d36-29.dat	upx
behavioral1/memory/2636-35-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/files/0x0007000000016d3f-36.dat	upx
behavioral1/memory/2320-34-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2260-37-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2748-44-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/files/0x0033000000016ca2-45.dat	upx
behavioral1/memory/2768-51-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2668-48-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x0009000000016d50-57.dat	upx
behavioral1/files/0x0008000000016d9f-65.dat	upx
behavioral1/memory/2484-69-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2636-71-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2300-68-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2536-67-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/files/0x0007000000016d47-64.dat	upx
behavioral1/memory/1728-86-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/files/0x0009000000018678-85.dat	upx
behavioral1/memory/2768-95-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/files/0x000500000001879b-99.dat	upx
behavioral1/memory/2664-100-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/files/0x00060000000190cd-109.dat	upx
behavioral1/files/0x00060000000190d6-113.dat	upx
behavioral1/files/0x00050000000191f3-117.dat	upx
behavioral1/files/0x00050000000191f7-121.dat	upx
behavioral1/files/0x0005000000019229-129.dat	upx
behavioral1/files/0x000500000001924c-137.dat	upx
behavioral1/files/0x0005000000019273-149.dat	upx
behavioral1/files/0x00050000000193d9-177.dat	upx
behavioral1/files/0x00050000000193cc-173.dat	upx
behavioral1/files/0x00050000000193c4-169.dat	upx
behavioral1/files/0x00050000000193be-165.dat	upx
behavioral1/files/0x0005000000019389-161.dat	upx
behavioral1/files/0x0005000000019382-157.dat	upx
behavioral1/files/0x0005000000019277-153.dat	upx
behavioral1/files/0x0005000000019271-146.dat	upx
behavioral1/files/0x000500000001926b-141.dat	upx
behavioral1/files/0x0005000000019234-133.dat	upx
behavioral1/files/0x0005000000019218-125.dat	upx
behavioral1/memory/2484-106-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2300-105-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2536-104-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2044-92-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/files/0x0005000000018690-90.dat	upx
behavioral1/memory/376-81-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/files/0x001500000001866d-80.dat	upx
behavioral1/memory/2084-56-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2260-3478-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2420-3479-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2084-3486-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2748-3699-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2300-3707-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2668-3708-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2536-3709-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\zSooHHb.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\MSIGBCL.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\MwvxbOc.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\VYHYTbD.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\owxmikj.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\ABEXfUs.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\VcbFMNN.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\ZjchIEJ.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\xDsTJdt.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\ZUijoCJ.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\QQysAGa.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\CNOEXfM.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\PsyDCxH.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\NaJipOp.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\fPYyNLT.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\QoVqjCC.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\NRgDHbH.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\RbRGiTc.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\baBsvUd.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\IgBCkAm.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\iMGiFkq.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\trIsDNt.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\BUhlUPz.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\aFrlpyB.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\QAeMOEX.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\HubaSYP.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\VItzYnX.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\HYqRBkh.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\uOUEYWK.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\DnBSuff.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\YVCcZOt.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\SwcVZKF.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\XRNlSVk.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\HqrsuFy.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\LYColQw.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\IoWAURV.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\hvdeqnN.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\JKfhPbw.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\hXKTSyI.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\nVTDnKe.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\saqzAoV.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\MCcTkBr.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\GlHyxgE.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\UWUkxeh.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\vIhVbcL.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\sNYqKea.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\ORSgpxU.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\ovaqyea.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\AyxEIXv.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\gTVLnLs.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\KDBmlWm.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\GgmXYiZ.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\fSDLsdd.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\RwMUaDu.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\tVmllTq.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\NgLHOnr.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\UonFwZr.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\YpPNmEU.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\tZvdvfe.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\HxLmbXm.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\EWLGQVR.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\uWMoKXj.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\gzmbBgG.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
File created	C:\Windows\System\QBXzkIq.exe	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2420	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	29
PID 2320 wrote to memory of 2420	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	29
PID 2320 wrote to memory of 2420	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	29
PID 2320 wrote to memory of 2260	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	30
PID 2320 wrote to memory of 2260	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	30
PID 2320 wrote to memory of 2260	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	30
PID 2320 wrote to memory of 2668	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	31
PID 2320 wrote to memory of 2668	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	31
PID 2320 wrote to memory of 2668	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	31
PID 2320 wrote to memory of 2084	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	32
PID 2320 wrote to memory of 2084	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	32
PID 2320 wrote to memory of 2084	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	32
PID 2320 wrote to memory of 2636	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	33
PID 2320 wrote to memory of 2636	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	33
PID 2320 wrote to memory of 2636	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	33
PID 2320 wrote to memory of 2748	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	34
PID 2320 wrote to memory of 2748	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	34
PID 2320 wrote to memory of 2748	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	34
PID 2320 wrote to memory of 2768	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	35
PID 2320 wrote to memory of 2768	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	35
PID 2320 wrote to memory of 2768	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	35
PID 2320 wrote to memory of 2300	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	36
PID 2320 wrote to memory of 2300	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	36
PID 2320 wrote to memory of 2300	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	36
PID 2320 wrote to memory of 2536	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	37
PID 2320 wrote to memory of 2536	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	37
PID 2320 wrote to memory of 2536	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	37
PID 2320 wrote to memory of 2484	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	38
PID 2320 wrote to memory of 2484	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	38
PID 2320 wrote to memory of 2484	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	38
PID 2320 wrote to memory of 376	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	39
PID 2320 wrote to memory of 376	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	39
PID 2320 wrote to memory of 376	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	39
PID 2320 wrote to memory of 1728	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	40
PID 2320 wrote to memory of 1728	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	40
PID 2320 wrote to memory of 1728	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	40
PID 2320 wrote to memory of 2044	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	41
PID 2320 wrote to memory of 2044	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	41
PID 2320 wrote to memory of 2044	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	41
PID 2320 wrote to memory of 2664	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	42
PID 2320 wrote to memory of 2664	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	42
PID 2320 wrote to memory of 2664	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	42
PID 2320 wrote to memory of 2916	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	43
PID 2320 wrote to memory of 2916	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	43
PID 2320 wrote to memory of 2916	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	43
PID 2320 wrote to memory of 2016	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	44
PID 2320 wrote to memory of 2016	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	44
PID 2320 wrote to memory of 2016	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	44
PID 2320 wrote to memory of 620	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	45
PID 2320 wrote to memory of 620	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	45
PID 2320 wrote to memory of 620	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	45
PID 2320 wrote to memory of 852	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	46
PID 2320 wrote to memory of 852	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	46
PID 2320 wrote to memory of 852	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	46
PID 2320 wrote to memory of 552	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	47
PID 2320 wrote to memory of 552	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	47
PID 2320 wrote to memory of 552	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	47
PID 2320 wrote to memory of 1792	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	48
PID 2320 wrote to memory of 1792	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	48
PID 2320 wrote to memory of 1792	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	48
PID 2320 wrote to memory of 1204	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	49
PID 2320 wrote to memory of 1204	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	49
PID 2320 wrote to memory of 1204	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	49
PID 2320 wrote to memory of 1800	2320	JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe	50

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_392ef83db6048e3466129bca9f053b748755d91808ea446295d00c8e73b6a117.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Windows\System\aBtSVhb.exe
  C:\Windows\System\aBtSVhb.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\IiEcZbb.exe
  C:\Windows\System\IiEcZbb.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\JnAbOFk.exe
  C:\Windows\System\JnAbOFk.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\gzktpnC.exe
  C:\Windows\System\gzktpnC.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\kgQrTKk.exe
  C:\Windows\System\kgQrTKk.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\HRoEfuU.exe
  C:\Windows\System\HRoEfuU.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\GgmXYiZ.exe
  C:\Windows\System\GgmXYiZ.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\GeLrRbd.exe
  C:\Windows\System\GeLrRbd.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\JyItiOt.exe
  C:\Windows\System\JyItiOt.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\mFiPhOV.exe
  C:\Windows\System\mFiPhOV.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\YbrMxPS.exe
  C:\Windows\System\YbrMxPS.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\mXcNfnt.exe
  C:\Windows\System\mXcNfnt.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\qccsPfa.exe
  C:\Windows\System\qccsPfa.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\zGNbvRq.exe
  C:\Windows\System\zGNbvRq.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\QoVqjCC.exe
  C:\Windows\System\QoVqjCC.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\BjnvBoV.exe
  C:\Windows\System\BjnvBoV.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\KREXVcL.exe
  C:\Windows\System\KREXVcL.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\VYHYTbD.exe
  C:\Windows\System\VYHYTbD.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\GXSASzw.exe
  C:\Windows\System\GXSASzw.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\RsCLqfT.exe
  C:\Windows\System\RsCLqfT.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\qIaiUoe.exe
  C:\Windows\System\qIaiUoe.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\IucOmra.exe
  C:\Windows\System\IucOmra.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\lSJgPBf.exe
  C:\Windows\System\lSJgPBf.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\tsjQXiJ.exe
  C:\Windows\System\tsjQXiJ.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\zoAKssG.exe
  C:\Windows\System\zoAKssG.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\xLuVDEK.exe
  C:\Windows\System\xLuVDEK.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\lzlQblo.exe
  C:\Windows\System\lzlQblo.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\JVMrWXt.exe
  C:\Windows\System\JVMrWXt.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\CebtGJT.exe
  C:\Windows\System\CebtGJT.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\MyFjCTg.exe
  C:\Windows\System\MyFjCTg.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\xabXeur.exe
  C:\Windows\System\xabXeur.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\ZWTAYuI.exe
  C:\Windows\System\ZWTAYuI.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\BHFYHar.exe
  C:\Windows\System\BHFYHar.exe
  2⤵
  - Executes dropped EXE
  PID:660
- C:\Windows\System\sWOmZKV.exe
  C:\Windows\System\sWOmZKV.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\XHNaiWl.exe
  C:\Windows\System\XHNaiWl.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\AolUMyi.exe
  C:\Windows\System\AolUMyi.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\jHDEXwE.exe
  C:\Windows\System\jHDEXwE.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\TuRCrIC.exe
  C:\Windows\System\TuRCrIC.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\XYHUxFP.exe
  C:\Windows\System\XYHUxFP.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\PzYSuPc.exe
  C:\Windows\System\PzYSuPc.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\TnPEtkL.exe
  C:\Windows\System\TnPEtkL.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\iMGiFkq.exe
  C:\Windows\System\iMGiFkq.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\bClgexc.exe
  C:\Windows\System\bClgexc.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\tJzNESF.exe
  C:\Windows\System\tJzNESF.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\Vyqafna.exe
  C:\Windows\System\Vyqafna.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\fLlEXLa.exe
  C:\Windows\System\fLlEXLa.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\JVXSPcH.exe
  C:\Windows\System\JVXSPcH.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\IWuxFxv.exe
  C:\Windows\System\IWuxFxv.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\wwdQVki.exe
  C:\Windows\System\wwdQVki.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\eokiEkk.exe
  C:\Windows\System\eokiEkk.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\CXvIgai.exe
  C:\Windows\System\CXvIgai.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\cQiWvCf.exe
  C:\Windows\System\cQiWvCf.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\ynzxhRl.exe
  C:\Windows\System\ynzxhRl.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\nYGvERO.exe
  C:\Windows\System\nYGvERO.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\gRgSixw.exe
  C:\Windows\System\gRgSixw.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\TBnLxrl.exe
  C:\Windows\System\TBnLxrl.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\yuHJDaB.exe
  C:\Windows\System\yuHJDaB.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\VlHInpJ.exe
  C:\Windows\System\VlHInpJ.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\pWQlPhR.exe
  C:\Windows\System\pWQlPhR.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\qpgCGiz.exe
  C:\Windows\System\qpgCGiz.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\ukYwHmr.exe
  C:\Windows\System\ukYwHmr.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\mOXBVyf.exe
  C:\Windows\System\mOXBVyf.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\BEXGfkL.exe
  C:\Windows\System\BEXGfkL.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\tppmsfV.exe
  C:\Windows\System\tppmsfV.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\KAhCSuJ.exe
  C:\Windows\System\KAhCSuJ.exe
  2⤵
  PID:2908
- C:\Windows\System\QGzhfCz.exe
  C:\Windows\System\QGzhfCz.exe
  2⤵
  PID:1584
- C:\Windows\System\NehqdPr.exe
  C:\Windows\System\NehqdPr.exe
  2⤵
  PID:1588
- C:\Windows\System\aobGXZA.exe
  C:\Windows\System\aobGXZA.exe
  2⤵
  PID:2280
- C:\Windows\System\tDrZRFI.exe
  C:\Windows\System\tDrZRFI.exe
  2⤵
  PID:2252
- C:\Windows\System\ahaYERG.exe
  C:\Windows\System\ahaYERG.exe
  2⤵
  PID:2592
- C:\Windows\System\ImbHRxZ.exe
  C:\Windows\System\ImbHRxZ.exe
  2⤵
  PID:1812
- C:\Windows\System\zumMpMv.exe
  C:\Windows\System\zumMpMv.exe
  2⤵
  PID:2848
- C:\Windows\System\MEYMRfp.exe
  C:\Windows\System\MEYMRfp.exe
  2⤵
  PID:3020
- C:\Windows\System\bGiPVcI.exe
  C:\Windows\System\bGiPVcI.exe
  2⤵
  PID:2744
- C:\Windows\System\mYNgFeq.exe
  C:\Windows\System\mYNgFeq.exe
  2⤵
  PID:2628
- C:\Windows\System\qZuoAUj.exe
  C:\Windows\System\qZuoAUj.exe
  2⤵
  PID:1676
- C:\Windows\System\wQjKeWT.exe
  C:\Windows\System\wQjKeWT.exe
  2⤵
  PID:3036
- C:\Windows\System\UEOFJMx.exe
  C:\Windows\System\UEOFJMx.exe
  2⤵
  PID:2860
- C:\Windows\System\SiAzVIB.exe
  C:\Windows\System\SiAzVIB.exe
  2⤵
  PID:2516
- C:\Windows\System\VItzYnX.exe
  C:\Windows\System\VItzYnX.exe
  2⤵
  PID:2712
- C:\Windows\System\trIsDNt.exe
  C:\Windows\System\trIsDNt.exe
  2⤵
  PID:2652
- C:\Windows\System\JwuaZaF.exe
  C:\Windows\System\JwuaZaF.exe
  2⤵
  PID:2944
- C:\Windows\System\BYkyvXn.exe
  C:\Windows\System\BYkyvXn.exe
  2⤵
  PID:344
- C:\Windows\System\XscTTTO.exe
  C:\Windows\System\XscTTTO.exe
  2⤵
  PID:2824
- C:\Windows\System\HXUdqvO.exe
  C:\Windows\System\HXUdqvO.exe
  2⤵
  PID:1784
- C:\Windows\System\CCbGIXs.exe
  C:\Windows\System\CCbGIXs.exe
  2⤵
  PID:1400
- C:\Windows\System\jwPSPVA.exe
  C:\Windows\System\jwPSPVA.exe
  2⤵
  PID:1452
- C:\Windows\System\ShySLjF.exe
  C:\Windows\System\ShySLjF.exe
  2⤵
  PID:1280
- C:\Windows\System\VGFTSie.exe
  C:\Windows\System\VGFTSie.exe
  2⤵
  PID:1996
- C:\Windows\System\VRLrIYv.exe
  C:\Windows\System\VRLrIYv.exe
  2⤵
  PID:1932
- C:\Windows\System\GlbLIZQ.exe
  C:\Windows\System\GlbLIZQ.exe
  2⤵
  PID:2132
- C:\Windows\System\hktfIRd.exe
  C:\Windows\System\hktfIRd.exe
  2⤵
  PID:2104
- C:\Windows\System\RnRRhot.exe
  C:\Windows\System\RnRRhot.exe
  2⤵
  PID:1076
- C:\Windows\System\NRgDHbH.exe
  C:\Windows\System\NRgDHbH.exe
  2⤵
  PID:332
- C:\Windows\System\vQzBREC.exe
  C:\Windows\System\vQzBREC.exe
  2⤵
  PID:1124
- C:\Windows\System\dukAOpa.exe
  C:\Windows\System\dukAOpa.exe
  2⤵
  PID:448
- C:\Windows\System\VQschJC.exe
  C:\Windows\System\VQschJC.exe
  2⤵
  PID:2128
- C:\Windows\System\sxunhQG.exe
  C:\Windows\System\sxunhQG.exe
  2⤵
  PID:980
- C:\Windows\System\orwSmsC.exe
  C:\Windows\System\orwSmsC.exe
  2⤵
  PID:1756
- C:\Windows\System\FrsZvzl.exe
  C:\Windows\System\FrsZvzl.exe
  2⤵
  PID:2876
- C:\Windows\System\uCVNlgP.exe
  C:\Windows\System\uCVNlgP.exe
  2⤵
  PID:1380
- C:\Windows\System\azrGVVp.exe
  C:\Windows\System\azrGVVp.exe
  2⤵
  PID:788
- C:\Windows\System\CJmhxIV.exe
  C:\Windows\System\CJmhxIV.exe
  2⤵
  PID:2472
- C:\Windows\System\UWEgYnI.exe
  C:\Windows\System\UWEgYnI.exe
  2⤵
  PID:2176
- C:\Windows\System\jsxlqOe.exe
  C:\Windows\System\jsxlqOe.exe
  2⤵
  PID:2072
- C:\Windows\System\KhWZILs.exe
  C:\Windows\System\KhWZILs.exe
  2⤵
  PID:2304
- C:\Windows\System\ELHbyJN.exe
  C:\Windows\System\ELHbyJN.exe
  2⤵
  PID:2140
- C:\Windows\System\vmYpHLL.exe
  C:\Windows\System\vmYpHLL.exe
  2⤵
  PID:1720
- C:\Windows\System\zpuhXNh.exe
  C:\Windows\System\zpuhXNh.exe
  2⤵
  PID:940
- C:\Windows\System\xVUHgCA.exe
  C:\Windows\System\xVUHgCA.exe
  2⤵
  PID:2928
- C:\Windows\System\MkXupUs.exe
  C:\Windows\System\MkXupUs.exe
  2⤵
  PID:2412
- C:\Windows\System\fSDLsdd.exe
  C:\Windows\System\fSDLsdd.exe
  2⤵
  PID:2432
- C:\Windows\System\esqNjfN.exe
  C:\Windows\System\esqNjfN.exe
  2⤵
  PID:2580
- C:\Windows\System\vOQMvWc.exe
  C:\Windows\System\vOQMvWc.exe
  2⤵
  PID:1624
- C:\Windows\System\iWuDmOL.exe
  C:\Windows\System\iWuDmOL.exe
  2⤵
  PID:2724
- C:\Windows\System\ywYGeZn.exe
  C:\Windows\System\ywYGeZn.exe
  2⤵
  PID:2728
- C:\Windows\System\GaEuaJR.exe
  C:\Windows\System\GaEuaJR.exe
  2⤵
  PID:2648
- C:\Windows\System\cpaPzel.exe
  C:\Windows\System\cpaPzel.exe
  2⤵
  PID:2108
- C:\Windows\System\UOpGgBb.exe
  C:\Windows\System\UOpGgBb.exe
  2⤵
  PID:1828
- C:\Windows\System\mcvOvrO.exe
  C:\Windows\System\mcvOvrO.exe
  2⤵
  PID:2844
- C:\Windows\System\qATYzVF.exe
  C:\Windows\System\qATYzVF.exe
  2⤵
  PID:2000
- C:\Windows\System\bwohPNG.exe
  C:\Windows\System\bwohPNG.exe
  2⤵
  PID:1976
- C:\Windows\System\kMCOUuh.exe
  C:\Windows\System\kMCOUuh.exe
  2⤵
  PID:2392
- C:\Windows\System\bCOIwAu.exe
  C:\Windows\System\bCOIwAu.exe
  2⤵
  PID:900
- C:\Windows\System\GLLsfMT.exe
  C:\Windows\System\GLLsfMT.exe
  2⤵
  PID:1816
- C:\Windows\System\kxVzQqF.exe
  C:\Windows\System\kxVzQqF.exe
  2⤵
  PID:2164
- C:\Windows\System\mXUXTkP.exe
  C:\Windows\System\mXUXTkP.exe
  2⤵
  PID:1596
- C:\Windows\System\xVAtePA.exe
  C:\Windows\System\xVAtePA.exe
  2⤵
  PID:1724
- C:\Windows\System\BqEiYcG.exe
  C:\Windows\System\BqEiYcG.exe
  2⤵
  PID:3044
- C:\Windows\System\kXwrdbn.exe
  C:\Windows\System\kXwrdbn.exe
  2⤵
  PID:3004
- C:\Windows\System\XRNvCoC.exe
  C:\Windows\System\XRNvCoC.exe
  2⤵
  PID:1564
- C:\Windows\System\CNOEXfM.exe
  C:\Windows\System\CNOEXfM.exe
  2⤵
  PID:1168
- C:\Windows\System\nHQgDyj.exe
  C:\Windows\System\nHQgDyj.exe
  2⤵
  PID:1844
- C:\Windows\System\skkbapz.exe
  C:\Windows\System\skkbapz.exe
  2⤵
  PID:2568
- C:\Windows\System\hlYywtP.exe
  C:\Windows\System\hlYywtP.exe
  2⤵
  PID:2704
- C:\Windows\System\cjnDsLx.exe
  C:\Windows\System\cjnDsLx.exe
  2⤵
  PID:2604
- C:\Windows\System\mYXjphX.exe
  C:\Windows\System\mYXjphX.exe
  2⤵
  PID:2512
- C:\Windows\System\WwZwIgW.exe
  C:\Windows\System\WwZwIgW.exe
  2⤵
  PID:2584
- C:\Windows\System\FhVKcjf.exe
  C:\Windows\System\FhVKcjf.exe
  2⤵
  PID:2080
- C:\Windows\System\FNAuBQA.exe
  C:\Windows\System\FNAuBQA.exe
  2⤵
  PID:2880
- C:\Windows\System\PRoFjbI.exe
  C:\Windows\System\PRoFjbI.exe
  2⤵
  PID:1056
- C:\Windows\System\VRACcIC.exe
  C:\Windows\System\VRACcIC.exe
  2⤵
  PID:288
- C:\Windows\System\UrXQPCb.exe
  C:\Windows\System\UrXQPCb.exe
  2⤵
  PID:2204
- C:\Windows\System\fNBhLJt.exe
  C:\Windows\System\fNBhLJt.exe
  2⤵
  PID:3076
- C:\Windows\System\vBdAuOt.exe
  C:\Windows\System\vBdAuOt.exe
  2⤵
  PID:3092
- C:\Windows\System\rlmVqYX.exe
  C:\Windows\System\rlmVqYX.exe
  2⤵
  PID:3108
- C:\Windows\System\FtxOqfO.exe
  C:\Windows\System\FtxOqfO.exe
  2⤵
  PID:3124
- C:\Windows\System\EqJHako.exe
  C:\Windows\System\EqJHako.exe
  2⤵
  PID:3140
- C:\Windows\System\aOXxiAL.exe
  C:\Windows\System\aOXxiAL.exe
  2⤵
  PID:3156
- C:\Windows\System\PheiwHQ.exe
  C:\Windows\System\PheiwHQ.exe
  2⤵
  PID:3172
- C:\Windows\System\nVTDnKe.exe
  C:\Windows\System\nVTDnKe.exe
  2⤵
  PID:3192
- C:\Windows\System\ZuWKejJ.exe
  C:\Windows\System\ZuWKejJ.exe
  2⤵
  PID:3208
- C:\Windows\System\DfPcEuF.exe
  C:\Windows\System\DfPcEuF.exe
  2⤵
  PID:3224
- C:\Windows\System\ZUijoCJ.exe
  C:\Windows\System\ZUijoCJ.exe
  2⤵
  PID:3240
- C:\Windows\System\PLwnjUU.exe
  C:\Windows\System\PLwnjUU.exe
  2⤵
  PID:3256
- C:\Windows\System\AxFPwPS.exe
  C:\Windows\System\AxFPwPS.exe
  2⤵
  PID:3272
- C:\Windows\System\BoyaeCE.exe
  C:\Windows\System\BoyaeCE.exe
  2⤵
  PID:3288
- C:\Windows\System\laIyAgN.exe
  C:\Windows\System\laIyAgN.exe
  2⤵
  PID:3304
- C:\Windows\System\kAEStHf.exe
  C:\Windows\System\kAEStHf.exe
  2⤵
  PID:3320
- C:\Windows\System\bSaqQDZ.exe
  C:\Windows\System\bSaqQDZ.exe
  2⤵
  PID:3336
- C:\Windows\System\rrwXfxU.exe
  C:\Windows\System\rrwXfxU.exe
  2⤵
  PID:3352
- C:\Windows\System\sMkmsxo.exe
  C:\Windows\System\sMkmsxo.exe
  2⤵
  PID:3368
- C:\Windows\System\CVUoGkq.exe
  C:\Windows\System\CVUoGkq.exe
  2⤵
  PID:3384
- C:\Windows\System\pFTyPPG.exe
  C:\Windows\System\pFTyPPG.exe
  2⤵
  PID:3400
- C:\Windows\System\rGtjODH.exe
  C:\Windows\System\rGtjODH.exe
  2⤵
  PID:3416
- C:\Windows\System\vIhVbcL.exe
  C:\Windows\System\vIhVbcL.exe
  2⤵
  PID:3432
- C:\Windows\System\owxmikj.exe
  C:\Windows\System\owxmikj.exe
  2⤵
  PID:3448
- C:\Windows\System\ORSgpxU.exe
  C:\Windows\System\ORSgpxU.exe
  2⤵
  PID:3464
- C:\Windows\System\fzHaxlr.exe
  C:\Windows\System\fzHaxlr.exe
  2⤵
  PID:3480
- C:\Windows\System\rLHtLBX.exe
  C:\Windows\System\rLHtLBX.exe
  2⤵
  PID:3496
- C:\Windows\System\tdeoUUe.exe
  C:\Windows\System\tdeoUUe.exe
  2⤵
  PID:3512
- C:\Windows\System\IiQlnIH.exe
  C:\Windows\System\IiQlnIH.exe
  2⤵
  PID:3528
- C:\Windows\System\HRUeTGj.exe
  C:\Windows\System\HRUeTGj.exe
  2⤵
  PID:3544
- C:\Windows\System\vJACGGM.exe
  C:\Windows\System\vJACGGM.exe
  2⤵
  PID:3560
- C:\Windows\System\xyefMZu.exe
  C:\Windows\System\xyefMZu.exe
  2⤵
  PID:3576
- C:\Windows\System\DIuoeJP.exe
  C:\Windows\System\DIuoeJP.exe
  2⤵
  PID:3592
- C:\Windows\System\jqGJbTa.exe
  C:\Windows\System\jqGJbTa.exe
  2⤵
  PID:3608
- C:\Windows\System\hFSoiMg.exe
  C:\Windows\System\hFSoiMg.exe
  2⤵
  PID:3624
- C:\Windows\System\HdkQcJP.exe
  C:\Windows\System\HdkQcJP.exe
  2⤵
  PID:3640
- C:\Windows\System\bgxGhgd.exe
  C:\Windows\System\bgxGhgd.exe
  2⤵
  PID:3656
- C:\Windows\System\TJqJiIi.exe
  C:\Windows\System\TJqJiIi.exe
  2⤵
  PID:3672
- C:\Windows\System\hJlHrAO.exe
  C:\Windows\System\hJlHrAO.exe
  2⤵
  PID:3688
- C:\Windows\System\imaFYOZ.exe
  C:\Windows\System\imaFYOZ.exe
  2⤵
  PID:3704
- C:\Windows\System\hjQTMyo.exe
  C:\Windows\System\hjQTMyo.exe
  2⤵
  PID:3720
- C:\Windows\System\RIXHMdC.exe
  C:\Windows\System\RIXHMdC.exe
  2⤵
  PID:3736
- C:\Windows\System\XHasSNk.exe
  C:\Windows\System\XHasSNk.exe
  2⤵
  PID:3752
- C:\Windows\System\kPSJHnJ.exe
  C:\Windows\System\kPSJHnJ.exe
  2⤵
  PID:3768
- C:\Windows\System\vvpGCWu.exe
  C:\Windows\System\vvpGCWu.exe
  2⤵
  PID:3784
- C:\Windows\System\LfJyiuY.exe
  C:\Windows\System\LfJyiuY.exe
  2⤵
  PID:3800
- C:\Windows\System\GhCgoTq.exe
  C:\Windows\System\GhCgoTq.exe
  2⤵
  PID:3816
- C:\Windows\System\XcAprxa.exe
  C:\Windows\System\XcAprxa.exe
  2⤵
  PID:3832
- C:\Windows\System\JWaejer.exe
  C:\Windows\System\JWaejer.exe
  2⤵
  PID:3848
- C:\Windows\System\jCsRWZg.exe
  C:\Windows\System\jCsRWZg.exe
  2⤵
  PID:3864
- C:\Windows\System\Jcfupbr.exe
  C:\Windows\System\Jcfupbr.exe
  2⤵
  PID:3880
- C:\Windows\System\tEupYzc.exe
  C:\Windows\System\tEupYzc.exe
  2⤵
  PID:3900
- C:\Windows\System\xsodQvS.exe
  C:\Windows\System\xsodQvS.exe
  2⤵
  PID:3916
- C:\Windows\System\TYDiIHf.exe
  C:\Windows\System\TYDiIHf.exe
  2⤵
  PID:3932
- C:\Windows\System\RSbOBll.exe
  C:\Windows\System\RSbOBll.exe
  2⤵
  PID:3948
- C:\Windows\System\tkJpjFn.exe
  C:\Windows\System\tkJpjFn.exe
  2⤵
  PID:3964
- C:\Windows\System\PECjjhq.exe
  C:\Windows\System\PECjjhq.exe
  2⤵
  PID:3980
- C:\Windows\System\vLoKWQn.exe
  C:\Windows\System\vLoKWQn.exe
  2⤵
  PID:3996
- C:\Windows\System\tiuPiLR.exe
  C:\Windows\System\tiuPiLR.exe
  2⤵
  PID:4012
- C:\Windows\System\VLcNKnY.exe
  C:\Windows\System\VLcNKnY.exe
  2⤵
  PID:4028
- C:\Windows\System\nIznoiH.exe
  C:\Windows\System\nIznoiH.exe
  2⤵
  PID:4044
- C:\Windows\System\LzXmIDw.exe
  C:\Windows\System\LzXmIDw.exe
  2⤵
  PID:4060
- C:\Windows\System\QgpPRwp.exe
  C:\Windows\System\QgpPRwp.exe
  2⤵
  PID:4076
- C:\Windows\System\OqnoLZO.exe
  C:\Windows\System\OqnoLZO.exe
  2⤵
  PID:4092
- C:\Windows\System\xLLgFFL.exe
  C:\Windows\System\xLLgFFL.exe
  2⤵
  PID:1548
- C:\Windows\System\vNqoasr.exe
  C:\Windows\System\vNqoasr.exe
  2⤵
  PID:3068
- C:\Windows\System\hrpCzVQ.exe
  C:\Windows\System\hrpCzVQ.exe
  2⤵
  PID:2752
- C:\Windows\System\rLEohcs.exe
  C:\Windows\System\rLEohcs.exe
  2⤵
  PID:1328
- C:\Windows\System\FabfWlT.exe
  C:\Windows\System\FabfWlT.exe
  2⤵
  PID:264
- C:\Windows\System\VJVmyMX.exe
  C:\Windows\System\VJVmyMX.exe
  2⤵
  PID:1684
- C:\Windows\System\DKZWknq.exe
  C:\Windows\System\DKZWknq.exe
  2⤵
  PID:3088
- C:\Windows\System\nAaoBzz.exe
  C:\Windows\System\nAaoBzz.exe
  2⤵
  PID:3120
- C:\Windows\System\hbpQoWt.exe
  C:\Windows\System\hbpQoWt.exe
  2⤵
  PID:3136
- C:\Windows\System\QChEoel.exe
  C:\Windows\System\QChEoel.exe
  2⤵
  PID:3168
- C:\Windows\System\LrHlPef.exe
  C:\Windows\System\LrHlPef.exe
  2⤵
  PID:3220
- C:\Windows\System\RjXFGWI.exe
  C:\Windows\System\RjXFGWI.exe
  2⤵
  PID:3252
- C:\Windows\System\uoaeZNO.exe
  C:\Windows\System\uoaeZNO.exe
  2⤵
  PID:3284
- C:\Windows\System\zSooHHb.exe
  C:\Windows\System\zSooHHb.exe
  2⤵
  PID:3296
- C:\Windows\System\kWvtjRs.exe
  C:\Windows\System\kWvtjRs.exe
  2⤵
  PID:3332
- C:\Windows\System\Yrcrmem.exe
  C:\Windows\System\Yrcrmem.exe
  2⤵
  PID:3364
- C:\Windows\System\ezDeELt.exe
  C:\Windows\System\ezDeELt.exe
  2⤵
  PID:3408
- C:\Windows\System\dMkqCtr.exe
  C:\Windows\System\dMkqCtr.exe
  2⤵
  PID:3428
- C:\Windows\System\awBrOMW.exe
  C:\Windows\System\awBrOMW.exe
  2⤵
  PID:3460
- C:\Windows\System\YnSzQKD.exe
  C:\Windows\System\YnSzQKD.exe
  2⤵
  PID:3504
- C:\Windows\System\sNWfpdV.exe
  C:\Windows\System\sNWfpdV.exe
  2⤵
  PID:3536
- C:\Windows\System\hvfXHxC.exe
  C:\Windows\System\hvfXHxC.exe
  2⤵
  PID:3552
- C:\Windows\System\srcnDKW.exe
  C:\Windows\System\srcnDKW.exe
  2⤵
  PID:3572
- C:\Windows\System\GREfIUS.exe
  C:\Windows\System\GREfIUS.exe
  2⤵
  PID:3588
- C:\Windows\System\qBGpRzc.exe
  C:\Windows\System\qBGpRzc.exe
  2⤵
  PID:3620
- C:\Windows\System\CuJOBIq.exe
  C:\Windows\System\CuJOBIq.exe
  2⤵
  PID:3664
- C:\Windows\System\VBXbxZh.exe
  C:\Windows\System\VBXbxZh.exe
  2⤵
  PID:2312
- C:\Windows\System\IHbimtf.exe
  C:\Windows\System\IHbimtf.exe
  2⤵
  PID:3700
- C:\Windows\System\vwJsYap.exe
  C:\Windows\System\vwJsYap.exe
  2⤵
  PID:3716
- C:\Windows\System\UBscZxe.exe
  C:\Windows\System\UBscZxe.exe
  2⤵
  PID:3764
- C:\Windows\System\MzLpZCq.exe
  C:\Windows\System\MzLpZCq.exe
  2⤵
  PID:3808
- C:\Windows\System\WuqfxiL.exe
  C:\Windows\System\WuqfxiL.exe
  2⤵
  PID:3840
- C:\Windows\System\MODiryV.exe
  C:\Windows\System\MODiryV.exe
  2⤵
  PID:3872
- C:\Windows\System\LfDtMTd.exe
  C:\Windows\System\LfDtMTd.exe
  2⤵
  PID:3908
- C:\Windows\System\AViSofE.exe
  C:\Windows\System\AViSofE.exe
  2⤵
  PID:3940
- C:\Windows\System\NGQfMOU.exe
  C:\Windows\System\NGQfMOU.exe
  2⤵
  PID:3972
- C:\Windows\System\zRfyKfq.exe
  C:\Windows\System\zRfyKfq.exe
  2⤵
  PID:4020
- C:\Windows\System\txnlJVK.exe
  C:\Windows\System\txnlJVK.exe
  2⤵
  PID:4036
- C:\Windows\System\EoIzgjd.exe
  C:\Windows\System\EoIzgjd.exe
  2⤵
  PID:4084
- C:\Windows\System\bhnMkEJ.exe
  C:\Windows\System\bhnMkEJ.exe
  2⤵
  PID:1284
- C:\Windows\System\KfwSwQa.exe
  C:\Windows\System\KfwSwQa.exe
  2⤵
  PID:2696
- C:\Windows\System\EDjFWpW.exe
  C:\Windows\System\EDjFWpW.exe
  2⤵
  PID:864
- C:\Windows\System\jeqANzq.exe
  C:\Windows\System\jeqANzq.exe
  2⤵
  PID:3104
- C:\Windows\System\VSseKJF.exe
  C:\Windows\System\VSseKJF.exe
  2⤵
  PID:3148
- C:\Windows\System\fxUHJlR.exe
  C:\Windows\System\fxUHJlR.exe
  2⤵
  PID:3200
- C:\Windows\System\FnwdFeR.exe
  C:\Windows\System\FnwdFeR.exe
  2⤵
  PID:3264
- C:\Windows\System\LkIRJhc.exe
  C:\Windows\System\LkIRJhc.exe
  2⤵
  PID:1892
- C:\Windows\System\iMAiBSm.exe
  C:\Windows\System\iMAiBSm.exe
  2⤵
  PID:3376
- C:\Windows\System\efRhfPe.exe
  C:\Windows\System\efRhfPe.exe
  2⤵
  PID:3440
- C:\Windows\System\IZoQOMF.exe
  C:\Windows\System\IZoQOMF.exe
  2⤵
  PID:3472
- C:\Windows\System\ACREtxb.exe
  C:\Windows\System\ACREtxb.exe
  2⤵
  PID:3520
- C:\Windows\System\chVNQFf.exe
  C:\Windows\System\chVNQFf.exe
  2⤵
  PID:3556
- C:\Windows\System\opHNmOO.exe
  C:\Windows\System\opHNmOO.exe
  2⤵
  PID:2948
- C:\Windows\System\PJEpHiO.exe
  C:\Windows\System\PJEpHiO.exe
  2⤵
  PID:3668
- C:\Windows\System\VaJkZKK.exe
  C:\Windows\System\VaJkZKK.exe
  2⤵
  PID:3748
- C:\Windows\System\ghzYwqG.exe
  C:\Windows\System\ghzYwqG.exe
  2⤵
  PID:3812
- C:\Windows\System\vyTRwyM.exe
  C:\Windows\System\vyTRwyM.exe
  2⤵
  PID:3844
- C:\Windows\System\TswQNAl.exe
  C:\Windows\System\TswQNAl.exe
  2⤵
  PID:3912
- C:\Windows\System\uhcUDsE.exe
  C:\Windows\System\uhcUDsE.exe
  2⤵
  PID:3988
- C:\Windows\System\uKQusVh.exe
  C:\Windows\System\uKQusVh.exe
  2⤵
  PID:4040
- C:\Windows\System\oayUsEB.exe
  C:\Windows\System\oayUsEB.exe
  2⤵
  PID:880
- C:\Windows\System\xeANoeZ.exe
  C:\Windows\System\xeANoeZ.exe
  2⤵
  PID:1128
- C:\Windows\System\DSLIqZK.exe
  C:\Windows\System\DSLIqZK.exe
  2⤵
  PID:2492
- C:\Windows\System\mnWMYVg.exe
  C:\Windows\System\mnWMYVg.exe
  2⤵
  PID:3248
- C:\Windows\System\FprtZgJ.exe
  C:\Windows\System\FprtZgJ.exe
  2⤵
  PID:3280
- C:\Windows\System\zbvUvTs.exe
  C:\Windows\System\zbvUvTs.exe
  2⤵
  PID:3344
- C:\Windows\System\xVuBqgP.exe
  C:\Windows\System\xVuBqgP.exe
  2⤵
  PID:2840
- C:\Windows\System\ldFkrpv.exe
  C:\Windows\System\ldFkrpv.exe
  2⤵
  PID:3600
- C:\Windows\System\sBJncLV.exe
  C:\Windows\System\sBJncLV.exe
  2⤵
  PID:3652
- C:\Windows\System\SixmYfg.exe
  C:\Windows\System\SixmYfg.exe
  2⤵
  PID:3760
- C:\Windows\System\ySdpJgi.exe
  C:\Windows\System\ySdpJgi.exe
  2⤵
  PID:3892
- C:\Windows\System\ClFIsNS.exe
  C:\Windows\System\ClFIsNS.exe
  2⤵
  PID:4024
- C:\Windows\System\ueBPiXp.exe
  C:\Windows\System\ueBPiXp.exe
  2⤵
  PID:2596
- C:\Windows\System\MZkwwys.exe
  C:\Windows\System\MZkwwys.exe
  2⤵
  PID:2720
- C:\Windows\System\zrLopRx.exe
  C:\Windows\System\zrLopRx.exe
  2⤵
  PID:2964
- C:\Windows\System\JuoIlWU.exe
  C:\Windows\System\JuoIlWU.exe
  2⤵
  PID:3328
- C:\Windows\System\nabdnFM.exe
  C:\Windows\System\nabdnFM.exe
  2⤵
  PID:3508
- C:\Windows\System\JFJcHeW.exe
  C:\Windows\System\JFJcHeW.exe
  2⤵
  PID:3696
- C:\Windows\System\eNLUvzO.exe
  C:\Windows\System\eNLUvzO.exe
  2⤵
  PID:3928
- C:\Windows\System\zgdIYuU.exe
  C:\Windows\System\zgdIYuU.exe
  2⤵
  PID:4104
- C:\Windows\System\eJlnwqE.exe
  C:\Windows\System\eJlnwqE.exe
  2⤵
  PID:4120
- C:\Windows\System\tkAxTml.exe
  C:\Windows\System\tkAxTml.exe
  2⤵
  PID:4136
- C:\Windows\System\RwHxzSw.exe
  C:\Windows\System\RwHxzSw.exe
  2⤵
  PID:4152
- C:\Windows\System\MijYOPk.exe
  C:\Windows\System\MijYOPk.exe
  2⤵
  PID:4168
- C:\Windows\System\CYljTzK.exe
  C:\Windows\System\CYljTzK.exe
  2⤵
  PID:4184
- C:\Windows\System\UAnNCRG.exe
  C:\Windows\System\UAnNCRG.exe
  2⤵
  PID:4200
- C:\Windows\System\AVaRXRI.exe
  C:\Windows\System\AVaRXRI.exe
  2⤵
  PID:4216
- C:\Windows\System\rqssfBf.exe
  C:\Windows\System\rqssfBf.exe
  2⤵
  PID:4232
- C:\Windows\System\mdMwMuI.exe
  C:\Windows\System\mdMwMuI.exe
  2⤵
  PID:4248
- C:\Windows\System\gurOSMj.exe
  C:\Windows\System\gurOSMj.exe
  2⤵
  PID:4264
- C:\Windows\System\pRxmGQs.exe
  C:\Windows\System\pRxmGQs.exe
  2⤵
  PID:4280
- C:\Windows\System\QuvKTok.exe
  C:\Windows\System\QuvKTok.exe
  2⤵
  PID:4296
- C:\Windows\System\CdmvPQm.exe
  C:\Windows\System\CdmvPQm.exe
  2⤵
  PID:4312
- C:\Windows\System\aCyLuTN.exe
  C:\Windows\System\aCyLuTN.exe
  2⤵
  PID:4328
- C:\Windows\System\spjoxvK.exe
  C:\Windows\System\spjoxvK.exe
  2⤵
  PID:4344
- C:\Windows\System\qNpOKkS.exe
  C:\Windows\System\qNpOKkS.exe
  2⤵
  PID:4360
- C:\Windows\System\TpyqDXk.exe
  C:\Windows\System\TpyqDXk.exe
  2⤵
  PID:4376
- C:\Windows\System\fPUBhQK.exe
  C:\Windows\System\fPUBhQK.exe
  2⤵
  PID:4392
- C:\Windows\System\pCwWxac.exe
  C:\Windows\System\pCwWxac.exe
  2⤵
  PID:4408
- C:\Windows\System\YWSbrqF.exe
  C:\Windows\System\YWSbrqF.exe
  2⤵
  PID:4424
- C:\Windows\System\qWBBQUR.exe
  C:\Windows\System\qWBBQUR.exe
  2⤵
  PID:4444
- C:\Windows\System\USenTZr.exe
  C:\Windows\System\USenTZr.exe
  2⤵
  PID:4464
- C:\Windows\System\nhvCCXW.exe
  C:\Windows\System\nhvCCXW.exe
  2⤵
  PID:4480
- C:\Windows\System\MSIGBCL.exe
  C:\Windows\System\MSIGBCL.exe
  2⤵
  PID:4496
- C:\Windows\System\bQauPZE.exe
  C:\Windows\System\bQauPZE.exe
  2⤵
  PID:4512
- C:\Windows\System\OQzHJKw.exe
  C:\Windows\System\OQzHJKw.exe
  2⤵
  PID:4528
- C:\Windows\System\RbRGiTc.exe
  C:\Windows\System\RbRGiTc.exe
  2⤵
  PID:4544
- C:\Windows\System\PjQsrnh.exe
  C:\Windows\System\PjQsrnh.exe
  2⤵
  PID:4560
- C:\Windows\System\CrnQuZW.exe
  C:\Windows\System\CrnQuZW.exe
  2⤵
  PID:4576
- C:\Windows\System\oQqOuYS.exe
  C:\Windows\System\oQqOuYS.exe
  2⤵
  PID:4592
- C:\Windows\System\baBhEbV.exe
  C:\Windows\System\baBhEbV.exe
  2⤵
  PID:4608
- C:\Windows\System\ViJOoEQ.exe
  C:\Windows\System\ViJOoEQ.exe
  2⤵
  PID:4624
- C:\Windows\System\ZdfhKDi.exe
  C:\Windows\System\ZdfhKDi.exe
  2⤵
  PID:4640
- C:\Windows\System\lSAiMXk.exe
  C:\Windows\System\lSAiMXk.exe
  2⤵
  PID:4656
- C:\Windows\System\fNcqkCf.exe
  C:\Windows\System\fNcqkCf.exe
  2⤵
  PID:4672
- C:\Windows\System\VWrHLOK.exe
  C:\Windows\System\VWrHLOK.exe
  2⤵
  PID:4688
- C:\Windows\System\CZupdzB.exe
  C:\Windows\System\CZupdzB.exe
  2⤵
  PID:4704
- C:\Windows\System\FSjJSfe.exe
  C:\Windows\System\FSjJSfe.exe
  2⤵
  PID:4720
- C:\Windows\System\lBfaikg.exe
  C:\Windows\System\lBfaikg.exe
  2⤵
  PID:4736
- C:\Windows\System\yZwqlvq.exe
  C:\Windows\System\yZwqlvq.exe
  2⤵
  PID:4752
- C:\Windows\System\TVqJZFT.exe
  C:\Windows\System\TVqJZFT.exe
  2⤵
  PID:4768
- C:\Windows\System\vEUpQUF.exe
  C:\Windows\System\vEUpQUF.exe
  2⤵
  PID:4784
- C:\Windows\System\ksuOoxL.exe
  C:\Windows\System\ksuOoxL.exe
  2⤵
  PID:4800
- C:\Windows\System\RtnFQij.exe
  C:\Windows\System\RtnFQij.exe
  2⤵
  PID:4816
- C:\Windows\System\BWtlBno.exe
  C:\Windows\System\BWtlBno.exe
  2⤵
  PID:4832
- C:\Windows\System\HxLmbXm.exe
  C:\Windows\System\HxLmbXm.exe
  2⤵
  PID:4848
- C:\Windows\System\kXcEhal.exe
  C:\Windows\System\kXcEhal.exe
  2⤵
  PID:4864
- C:\Windows\System\lgGbiNM.exe
  C:\Windows\System\lgGbiNM.exe
  2⤵
  PID:4880
- C:\Windows\System\GYlgFmI.exe
  C:\Windows\System\GYlgFmI.exe
  2⤵
  PID:4896
- C:\Windows\System\WIMfOyi.exe
  C:\Windows\System\WIMfOyi.exe
  2⤵
  PID:4912
- C:\Windows\System\yYRBlGB.exe
  C:\Windows\System\yYRBlGB.exe
  2⤵
  PID:4928
- C:\Windows\System\lREJcAW.exe
  C:\Windows\System\lREJcAW.exe
  2⤵
  PID:4948
- C:\Windows\System\LDkOmqN.exe
  C:\Windows\System\LDkOmqN.exe
  2⤵
  PID:4964
- C:\Windows\System\kyeXmIJ.exe
  C:\Windows\System\kyeXmIJ.exe
  2⤵
  PID:4980
- C:\Windows\System\gpQAcWU.exe
  C:\Windows\System\gpQAcWU.exe
  2⤵
  PID:4996
- C:\Windows\System\AyxEIXv.exe
  C:\Windows\System\AyxEIXv.exe
  2⤵
  PID:5012
- C:\Windows\System\QVkEWGx.exe
  C:\Windows\System\QVkEWGx.exe
  2⤵
  PID:5028
- C:\Windows\System\ERCMyLV.exe
  C:\Windows\System\ERCMyLV.exe
  2⤵
  PID:5044
- C:\Windows\System\LUcBeTf.exe
  C:\Windows\System\LUcBeTf.exe
  2⤵
  PID:5060
- C:\Windows\System\aLvZSpQ.exe
  C:\Windows\System\aLvZSpQ.exe
  2⤵
  PID:5076
- C:\Windows\System\DDEkKFv.exe
  C:\Windows\System\DDEkKFv.exe
  2⤵
  PID:5092
- C:\Windows\System\JQsiuYJ.exe
  C:\Windows\System\JQsiuYJ.exe
  2⤵
  PID:5108
- C:\Windows\System\EWLGQVR.exe
  C:\Windows\System\EWLGQVR.exe
  2⤵
  PID:2828
- C:\Windows\System\JQhMcWL.exe
  C:\Windows\System\JQhMcWL.exe
  2⤵
  PID:2796
- C:\Windows\System\vPOeuzf.exe
  C:\Windows\System\vPOeuzf.exe
  2⤵
  PID:3488
- C:\Windows\System\VbgLEMt.exe
  C:\Windows\System\VbgLEMt.exe
  2⤵
  PID:3960
- C:\Windows\System\mNcofWG.exe
  C:\Windows\System\mNcofWG.exe
  2⤵
  PID:4128
- C:\Windows\System\ZlhWHvh.exe
  C:\Windows\System\ZlhWHvh.exe
  2⤵
  PID:4160
- C:\Windows\System\chwXXGC.exe
  C:\Windows\System\chwXXGC.exe
  2⤵
  PID:4192
- C:\Windows\System\EPZUBkq.exe
  C:\Windows\System\EPZUBkq.exe
  2⤵
  PID:4224
- C:\Windows\System\DtxbZhY.exe
  C:\Windows\System\DtxbZhY.exe
  2⤵
  PID:4256
- C:\Windows\System\PhfMzHj.exe
  C:\Windows\System\PhfMzHj.exe
  2⤵
  PID:4272
- C:\Windows\System\vCNwHdU.exe
  C:\Windows\System\vCNwHdU.exe
  2⤵
  PID:4304
- C:\Windows\System\xKypksr.exe
  C:\Windows\System\xKypksr.exe
  2⤵
  PID:4352
- C:\Windows\System\BIVouuL.exe
  C:\Windows\System\BIVouuL.exe
  2⤵
  PID:4368
- C:\Windows\System\RCpbnXV.exe
  C:\Windows\System\RCpbnXV.exe
  2⤵
  PID:4400
- C:\Windows\System\MJPSejM.exe
  C:\Windows\System\MJPSejM.exe
  2⤵
  PID:4420
- C:\Windows\System\BLzZDDQ.exe
  C:\Windows\System\BLzZDDQ.exe
  2⤵
  PID:4460
- C:\Windows\System\HUjCito.exe
  C:\Windows\System\HUjCito.exe
  2⤵
  PID:4476
- C:\Windows\System\FXNyxHr.exe
  C:\Windows\System\FXNyxHr.exe
  2⤵
  PID:4508
- C:\Windows\System\iwIvjWW.exe
  C:\Windows\System\iwIvjWW.exe
  2⤵
  PID:4540
- C:\Windows\System\aOpAwKG.exe
  C:\Windows\System\aOpAwKG.exe
  2⤵
  PID:4572
- C:\Windows\System\yzonxrU.exe
  C:\Windows\System\yzonxrU.exe
  2⤵
  PID:4604
- C:\Windows\System\JYeZCci.exe
  C:\Windows\System\JYeZCci.exe
  2⤵
  PID:4636
- C:\Windows\System\ghUICBm.exe
  C:\Windows\System\ghUICBm.exe
  2⤵
  PID:4684
- C:\Windows\System\pPbzJsw.exe
  C:\Windows\System\pPbzJsw.exe
  2⤵
  PID:4716
- C:\Windows\System\ZpHdlTW.exe
  C:\Windows\System\ZpHdlTW.exe
  2⤵
  PID:4728
- C:\Windows\System\vhicwVn.exe
  C:\Windows\System\vhicwVn.exe
  2⤵
  PID:4760
- C:\Windows\System\elaHlgq.exe
  C:\Windows\System\elaHlgq.exe
  2⤵
  PID:2660
- C:\Windows\System\zUkoiTo.exe
  C:\Windows\System\zUkoiTo.exe
  2⤵
  PID:4812
- C:\Windows\System\ccxOjKG.exe
  C:\Windows\System\ccxOjKG.exe
  2⤵
  PID:4828
- C:\Windows\System\KzGIQzB.exe
  C:\Windows\System\KzGIQzB.exe
  2⤵
  PID:4860
- C:\Windows\System\TnShAVZ.exe
  C:\Windows\System\TnShAVZ.exe
  2⤵
  PID:4904
- C:\Windows\System\sNOJyFn.exe
  C:\Windows\System\sNOJyFn.exe
  2⤵
  PID:4936
- C:\Windows\System\CLDpXCc.exe
  C:\Windows\System\CLDpXCc.exe
  2⤵
  PID:4972
- C:\Windows\System\rEquknF.exe
  C:\Windows\System\rEquknF.exe
  2⤵
  PID:2532
- C:\Windows\System\UbTrECV.exe
  C:\Windows\System\UbTrECV.exe
  2⤵
  PID:5036
- C:\Windows\System\ILoUybJ.exe
  C:\Windows\System\ILoUybJ.exe
  2⤵
  PID:5052
- C:\Windows\System\kgSTemH.exe
  C:\Windows\System\kgSTemH.exe
  2⤵
  PID:5084
- C:\Windows\System\uDfSCJh.exe
  C:\Windows\System\uDfSCJh.exe
  2⤵
  PID:5116
- C:\Windows\System\HYqRBkh.exe
  C:\Windows\System\HYqRBkh.exe
  2⤵
  PID:2528
- C:\Windows\System\TpdrJHu.exe
  C:\Windows\System\TpdrJHu.exe
  2⤵
  PID:4100
- C:\Windows\System\fbiUZOF.exe
  C:\Windows\System\fbiUZOF.exe
  2⤵
  PID:4164
- C:\Windows\System\InGMYlB.exe
  C:\Windows\System\InGMYlB.exe
  2⤵
  PID:4228
- C:\Windows\System\GscadPl.exe
  C:\Windows\System\GscadPl.exe
  2⤵
  PID:4276
- C:\Windows\System\FTMHBgo.exe
  C:\Windows\System\FTMHBgo.exe
  2⤵
  PID:4340
- C:\Windows\System\DZJKrzC.exe
  C:\Windows\System\DZJKrzC.exe
  2⤵
  PID:4416
- C:\Windows\System\kpQhASc.exe
  C:\Windows\System\kpQhASc.exe
  2⤵
  PID:4488
- C:\Windows\System\QlkKnqB.exe
  C:\Windows\System\QlkKnqB.exe
  2⤵
  PID:4552
- C:\Windows\System\LYFEWHz.exe
  C:\Windows\System\LYFEWHz.exe
  2⤵
  PID:4616
- C:\Windows\System\pqqcBYj.exe
  C:\Windows\System\pqqcBYj.exe
  2⤵
  PID:4680
- C:\Windows\System\gaqauiC.exe
  C:\Windows\System\gaqauiC.exe
  2⤵
  PID:2520
- C:\Windows\System\QQysAGa.exe
  C:\Windows\System\QQysAGa.exe
  2⤵
  PID:4764
- C:\Windows\System\toZONiK.exe
  C:\Windows\System\toZONiK.exe
  2⤵
  PID:4824
- C:\Windows\System\YbfTOur.exe
  C:\Windows\System\YbfTOur.exe
  2⤵
  PID:4888
- C:\Windows\System\GMhABSl.exe
  C:\Windows\System\GMhABSl.exe
  2⤵
  PID:4940
- C:\Windows\System\MYSUxBn.exe
  C:\Windows\System\MYSUxBn.exe
  2⤵
  PID:5008
- C:\Windows\System\XkelbUu.exe
  C:\Windows\System\XkelbUu.exe
  2⤵
  PID:5068
- C:\Windows\System\NacPUQE.exe
  C:\Windows\System\NacPUQE.exe
  2⤵
  PID:1656
- C:\Windows\System\xVIoZfm.exe
  C:\Windows\System\xVIoZfm.exe
  2⤵
  PID:2232
- C:\Windows\System\kwRLqxh.exe
  C:\Windows\System\kwRLqxh.exe
  2⤵
  PID:4196
- C:\Windows\System\CdUbFJY.exe
  C:\Windows\System\CdUbFJY.exe
  2⤵
  PID:4260
- C:\Windows\System\EZYPaIF.exe
  C:\Windows\System\EZYPaIF.exe
  2⤵
  PID:4436
- C:\Windows\System\jQZsSCR.exe
  C:\Windows\System\jQZsSCR.exe
  2⤵
  PID:4524
- C:\Windows\System\qzRqfVx.exe
  C:\Windows\System\qzRqfVx.exe
  2⤵
  PID:4696
- C:\Windows\System\yctWYwk.exe
  C:\Windows\System\yctWYwk.exe
  2⤵
  PID:5132
- C:\Windows\System\YirwGZz.exe
  C:\Windows\System\YirwGZz.exe
  2⤵
  PID:5148
- C:\Windows\System\mOuYcTp.exe
  C:\Windows\System\mOuYcTp.exe
  2⤵
  PID:5164
- C:\Windows\System\NShHsvn.exe
  C:\Windows\System\NShHsvn.exe
  2⤵
  PID:5180
- C:\Windows\System\ghcdnKX.exe
  C:\Windows\System\ghcdnKX.exe
  2⤵
  PID:5196
- C:\Windows\System\PTeGXJR.exe
  C:\Windows\System\PTeGXJR.exe
  2⤵
  PID:5212
- C:\Windows\System\IVmnDOW.exe
  C:\Windows\System\IVmnDOW.exe
  2⤵
  PID:5228
- C:\Windows\System\wdfHThD.exe
  C:\Windows\System\wdfHThD.exe
  2⤵
  PID:5244
- C:\Windows\System\qNSJque.exe
  C:\Windows\System\qNSJque.exe
  2⤵
  PID:5260
- C:\Windows\System\hYnRMmh.exe
  C:\Windows\System\hYnRMmh.exe
  2⤵
  PID:5276
- C:\Windows\System\BvbToBI.exe
  C:\Windows\System\BvbToBI.exe
  2⤵
  PID:5292
- C:\Windows\System\qgjaMag.exe
  C:\Windows\System\qgjaMag.exe
  2⤵
  PID:5308
- C:\Windows\System\pMQtvFU.exe
  C:\Windows\System\pMQtvFU.exe
  2⤵
  PID:5324
- C:\Windows\System\PZUmxOu.exe
  C:\Windows\System\PZUmxOu.exe
  2⤵
  PID:5340
- C:\Windows\System\LCkKCcv.exe
  C:\Windows\System\LCkKCcv.exe
  2⤵
  PID:5356
- C:\Windows\System\RbEgDzk.exe
  C:\Windows\System\RbEgDzk.exe
  2⤵
  PID:5372
- C:\Windows\System\NRxffGU.exe
  C:\Windows\System\NRxffGU.exe
  2⤵
  PID:5388
- C:\Windows\System\qvnIxIZ.exe
  C:\Windows\System\qvnIxIZ.exe
  2⤵
  PID:5404
- C:\Windows\System\nvxlFOW.exe
  C:\Windows\System\nvxlFOW.exe
  2⤵
  PID:5424
- C:\Windows\System\LkHyyHx.exe
  C:\Windows\System\LkHyyHx.exe
  2⤵
  PID:5440
- C:\Windows\System\ITefwgD.exe
  C:\Windows\System\ITefwgD.exe
  2⤵
  PID:5456
- C:\Windows\System\xFqKUjl.exe
  C:\Windows\System\xFqKUjl.exe
  2⤵
  PID:5472
- C:\Windows\System\WGNxMdf.exe
  C:\Windows\System\WGNxMdf.exe
  2⤵
  PID:5488
- C:\Windows\System\dvOaKCd.exe
  C:\Windows\System\dvOaKCd.exe
  2⤵
  PID:5504
- C:\Windows\System\axGMlFt.exe
  C:\Windows\System\axGMlFt.exe
  2⤵
  PID:5520
- C:\Windows\System\uATXFPP.exe
  C:\Windows\System\uATXFPP.exe
  2⤵
  PID:5536
- C:\Windows\System\WonpAQZ.exe
  C:\Windows\System\WonpAQZ.exe
  2⤵
  PID:5552
- C:\Windows\System\KfUnSiV.exe
  C:\Windows\System\KfUnSiV.exe
  2⤵
  PID:5568
- C:\Windows\System\GTclzBy.exe
  C:\Windows\System\GTclzBy.exe
  2⤵
  PID:5584
- C:\Windows\System\ABEXfUs.exe
  C:\Windows\System\ABEXfUs.exe
  2⤵
  PID:5600
- C:\Windows\System\uVqekWy.exe
  C:\Windows\System\uVqekWy.exe
  2⤵
  PID:5616
- C:\Windows\System\oGlhnmW.exe
  C:\Windows\System\oGlhnmW.exe
  2⤵
  PID:5632
- C:\Windows\System\ukQpulY.exe
  C:\Windows\System\ukQpulY.exe
  2⤵
  PID:5648
- C:\Windows\System\EmRJwpF.exe
  C:\Windows\System\EmRJwpF.exe
  2⤵
  PID:5664
- C:\Windows\System\boXmNCr.exe
  C:\Windows\System\boXmNCr.exe
  2⤵
  PID:5680
- C:\Windows\System\hvdeqnN.exe
  C:\Windows\System\hvdeqnN.exe
  2⤵
  PID:5696
- C:\Windows\System\ftUCdoc.exe
  C:\Windows\System\ftUCdoc.exe
  2⤵
  PID:5712
- C:\Windows\System\qQqdTor.exe
  C:\Windows\System\qQqdTor.exe
  2⤵
  PID:5728
- C:\Windows\System\BBgzPiU.exe
  C:\Windows\System\BBgzPiU.exe
  2⤵
  PID:5744
- C:\Windows\System\XRNlSVk.exe
  C:\Windows\System\XRNlSVk.exe
  2⤵
  PID:5760
- C:\Windows\System\Lgkbeim.exe
  C:\Windows\System\Lgkbeim.exe
  2⤵
  PID:5776
- C:\Windows\System\JbttQpQ.exe
  C:\Windows\System\JbttQpQ.exe
  2⤵
  PID:5792
- C:\Windows\System\IMjOsAF.exe
  C:\Windows\System\IMjOsAF.exe
  2⤵
  PID:5808
- C:\Windows\System\FAHFITz.exe
  C:\Windows\System\FAHFITz.exe
  2⤵
  PID:5824
- C:\Windows\System\XAhkWKQ.exe
  C:\Windows\System\XAhkWKQ.exe
  2⤵
  PID:5840
- C:\Windows\System\ABmEWxt.exe
  C:\Windows\System\ABmEWxt.exe
  2⤵
  PID:5856
- C:\Windows\System\VpWjbgO.exe
  C:\Windows\System\VpWjbgO.exe
  2⤵
  PID:5872
- C:\Windows\System\TOvqaKx.exe
  C:\Windows\System\TOvqaKx.exe
  2⤵
  PID:5892
- C:\Windows\System\jZoAPJJ.exe
  C:\Windows\System\jZoAPJJ.exe
  2⤵
  PID:5908
- C:\Windows\System\RwMUaDu.exe
  C:\Windows\System\RwMUaDu.exe
  2⤵
  PID:5924
- C:\Windows\System\GMKVKna.exe
  C:\Windows\System\GMKVKna.exe
  2⤵
  PID:5940
- C:\Windows\System\fcMWfdR.exe
  C:\Windows\System\fcMWfdR.exe
  2⤵
  PID:5956
- C:\Windows\System\OOuFuLp.exe
  C:\Windows\System\OOuFuLp.exe
  2⤵
  PID:5972
- C:\Windows\System\XfWXjpR.exe
  C:\Windows\System\XfWXjpR.exe
  2⤵
  PID:5988
- C:\Windows\System\oFhAASd.exe
  C:\Windows\System\oFhAASd.exe
  2⤵
  PID:6004
- C:\Windows\System\RTMPydH.exe
  C:\Windows\System\RTMPydH.exe
  2⤵
  PID:6020
- C:\Windows\System\juRtnGv.exe
  C:\Windows\System\juRtnGv.exe
  2⤵
  PID:6036
- C:\Windows\System\eCsdZbL.exe
  C:\Windows\System\eCsdZbL.exe
  2⤵
  PID:6052
- C:\Windows\System\CyQwjOr.exe
  C:\Windows\System\CyQwjOr.exe
  2⤵
  PID:6068
- C:\Windows\System\EIYTNKJ.exe
  C:\Windows\System\EIYTNKJ.exe
  2⤵
  PID:6084
- C:\Windows\System\wTvudYZ.exe
  C:\Windows\System\wTvudYZ.exe
  2⤵
  PID:6100
- C:\Windows\System\rHefqXf.exe
  C:\Windows\System\rHefqXf.exe
  2⤵
  PID:6116
- C:\Windows\System\quMgymN.exe
  C:\Windows\System\quMgymN.exe
  2⤵
  PID:6132
- C:\Windows\System\JhKJwGe.exe
  C:\Windows\System\JhKJwGe.exe
  2⤵
  PID:4732
- C:\Windows\System\gkQfBrE.exe
  C:\Windows\System\gkQfBrE.exe
  2⤵
  PID:4872
- C:\Windows\System\EMrFBkr.exe
  C:\Windows\System\EMrFBkr.exe
  2⤵
  PID:4988
- C:\Windows\System\LYXgOpl.exe
  C:\Windows\System\LYXgOpl.exe
  2⤵
  PID:2952
- C:\Windows\System\dRmNBij.exe
  C:\Windows\System\dRmNBij.exe
  2⤵
  PID:4116
- C:\Windows\System\rxwHXxz.exe
  C:\Windows\System\rxwHXxz.exe
  2⤵
  PID:4356
- C:\Windows\System\ldrZefP.exe
  C:\Windows\System\ldrZefP.exe
  2⤵
  PID:1852
- C:\Windows\System\rtJgijg.exe
  C:\Windows\System\rtJgijg.exe
  2⤵
  PID:5128
- C:\Windows\System\MgHeNJb.exe
  C:\Windows\System\MgHeNJb.exe
  2⤵
  PID:5172
- C:\Windows\System\EcRMzGe.exe
  C:\Windows\System\EcRMzGe.exe
  2⤵
  PID:5204
- C:\Windows\System\LByqUrd.exe
  C:\Windows\System\LByqUrd.exe
  2⤵
  PID:5236
- C:\Windows\System\EfnPvME.exe
  C:\Windows\System\EfnPvME.exe
  2⤵
  PID:5268
- C:\Windows\System\GioSJSd.exe
  C:\Windows\System\GioSJSd.exe
  2⤵
  PID:5300
- C:\Windows\System\YoPrPqY.exe
  C:\Windows\System\YoPrPqY.exe
  2⤵
  PID:5320
- C:\Windows\System\WCMfLta.exe
  C:\Windows\System\WCMfLta.exe
  2⤵
  PID:5352
- C:\Windows\System\uriLhMo.exe
  C:\Windows\System\uriLhMo.exe
  2⤵
  PID:5384
- C:\Windows\System\uHNGwTP.exe
  C:\Windows\System\uHNGwTP.exe
  2⤵
  PID:2832
- C:\Windows\System\OsOcaQv.exe
  C:\Windows\System\OsOcaQv.exe
  2⤵
  PID:4388
- C:\Windows\System\zkzJUWf.exe
  C:\Windows\System\zkzJUWf.exe
  2⤵
  PID:5452
- C:\Windows\System\sCtTaiz.exe
  C:\Windows\System\sCtTaiz.exe
  2⤵
  PID:5484
- C:\Windows\System\EhJzzUL.exe
  C:\Windows\System\EhJzzUL.exe
  2⤵
  PID:5516
- C:\Windows\System\wDIxSTf.exe
  C:\Windows\System\wDIxSTf.exe
  2⤵
  PID:5548
- C:\Windows\System\YnGarhZ.exe
  C:\Windows\System\YnGarhZ.exe
  2⤵
  PID:5580
- C:\Windows\System\lRBqVRx.exe
  C:\Windows\System\lRBqVRx.exe
  2⤵
  PID:5612
- C:\Windows\System\pvctUIG.exe
  C:\Windows\System\pvctUIG.exe
  2⤵
  PID:5644
- C:\Windows\System\xrfHpZK.exe
  C:\Windows\System\xrfHpZK.exe
  2⤵
  PID:5676
- C:\Windows\System\Whrxelv.exe
  C:\Windows\System\Whrxelv.exe
  2⤵
  PID:5708
- C:\Windows\System\kBtLAkJ.exe
  C:\Windows\System\kBtLAkJ.exe
  2⤵
  PID:5784
- C:\Windows\System\HZggOSP.exe
  C:\Windows\System\HZggOSP.exe
  2⤵
  PID:5800
- C:\Windows\System\igNOacG.exe
  C:\Windows\System\igNOacG.exe
  2⤵
  PID:5832
- C:\Windows\System\xPVGWMe.exe
  C:\Windows\System\xPVGWMe.exe
  2⤵
  PID:5848
- C:\Windows\System\ITdFHXW.exe
  C:\Windows\System\ITdFHXW.exe
  2⤵
  PID:5880
- C:\Windows\System\UvQNjnN.exe
  C:\Windows\System\UvQNjnN.exe
  2⤵
  PID:5916
- C:\Windows\System\QaErNPW.exe
  C:\Windows\System\QaErNPW.exe
  2⤵
  PID:5964
- C:\Windows\System\NEzcGis.exe
  C:\Windows\System\NEzcGis.exe
  2⤵
  PID:6000
- C:\Windows\System\naQWrWI.exe
  C:\Windows\System\naQWrWI.exe
  2⤵
  PID:6016
- C:\Windows\System\XyZniXE.exe
  C:\Windows\System\XyZniXE.exe
  2⤵
  PID:6060
- C:\Windows\System\MrxreRd.exe
  C:\Windows\System\MrxreRd.exe
  2⤵
  PID:6096
- C:\Windows\System\NZnpzxc.exe
  C:\Windows\System\NZnpzxc.exe
  2⤵
  PID:6140
- C:\Windows\System\BYAqgXU.exe
  C:\Windows\System\BYAqgXU.exe
  2⤵
  PID:4960
- C:\Windows\System\KNdkpww.exe
  C:\Windows\System\KNdkpww.exe
  2⤵
  PID:2324
- C:\Windows\System\oLiIqES.exe
  C:\Windows\System\oLiIqES.exe
  2⤵
  PID:4292
- C:\Windows\System\eKQiBIp.exe
  C:\Windows\System\eKQiBIp.exe
  2⤵
  PID:5124
- C:\Windows\System\APJztfc.exe
  C:\Windows\System\APJztfc.exe
  2⤵
  PID:5192
- C:\Windows\System\FVxlCCm.exe
  C:\Windows\System\FVxlCCm.exe
  2⤵
  PID:2476
- C:\Windows\System\MUicxsH.exe
  C:\Windows\System\MUicxsH.exe
  2⤵
  PID:1672
- C:\Windows\System\tbZPMtg.exe
  C:\Windows\System\tbZPMtg.exe
  2⤵
  PID:5380
- C:\Windows\System\TnTTsRf.exe
  C:\Windows\System\TnTTsRf.exe
  2⤵
  PID:5412
- C:\Windows\System\dqKiWzr.exe
  C:\Windows\System\dqKiWzr.exe
  2⤵
  PID:1940
- C:\Windows\System\JOWZIyO.exe
  C:\Windows\System\JOWZIyO.exe
  2⤵
  PID:2932
- C:\Windows\System\gsevEeI.exe
  C:\Windows\System\gsevEeI.exe
  2⤵
  PID:5564
- C:\Windows\System\SYunnBZ.exe
  C:\Windows\System\SYunnBZ.exe
  2⤵
  PID:5628
- C:\Windows\System\HJRpojs.exe
  C:\Windows\System\HJRpojs.exe
  2⤵
  PID:5660
- C:\Windows\System\PTsbkkK.exe
  C:\Windows\System\PTsbkkK.exe
  2⤵
  PID:5672
- C:\Windows\System\YMLUPLg.exe
  C:\Windows\System\YMLUPLg.exe
  2⤵
  PID:5704
- C:\Windows\System\XyWijtA.exe
  C:\Windows\System\XyWijtA.exe
  2⤵
  PID:5888
- C:\Windows\System\VcbFMNN.exe
  C:\Windows\System\VcbFMNN.exe
  2⤵
  PID:5772
- C:\Windows\System\UdBbKoc.exe
  C:\Windows\System\UdBbKoc.exe
  2⤵
  PID:5820
- C:\Windows\System\eVonSDX.exe
  C:\Windows\System\eVonSDX.exe
  2⤵
  PID:5920
- C:\Windows\System\RTQfnnn.exe
  C:\Windows\System\RTQfnnn.exe
  2⤵
  PID:4456
- C:\Windows\System\ixKlfqG.exe
  C:\Windows\System\ixKlfqG.exe
  2⤵
  PID:5984
- C:\Windows\System\YHqZOHs.exe
  C:\Windows\System\YHqZOHs.exe
  2⤵
  PID:6076
- C:\Windows\System\TeiRgld.exe
  C:\Windows\System\TeiRgld.exe
  2⤵
  PID:4856
- C:\Windows\System\mYNGMFe.exe
  C:\Windows\System\mYNGMFe.exe
  2⤵
  PID:6124
- C:\Windows\System\OSTKrQU.exe
  C:\Windows\System\OSTKrQU.exe
  2⤵
  PID:5088
- C:\Windows\System\zONyhFD.exe
  C:\Windows\System\zONyhFD.exe
  2⤵
  PID:1444
- C:\Windows\System\zlTqBxe.exe
  C:\Windows\System\zlTqBxe.exe
  2⤵
  PID:5188
- C:\Windows\System\CDQnMrG.exe
  C:\Windows\System\CDQnMrG.exe
  2⤵
  PID:5432
- C:\Windows\System\JJKxFza.exe
  C:\Windows\System\JJKxFza.exe
  2⤵
  PID:5468
- C:\Windows\System\Izhocwh.exe
  C:\Windows\System\Izhocwh.exe
  2⤵
  PID:5348
- C:\Windows\System\dcyJDDG.exe
  C:\Windows\System\dcyJDDG.exe
  2⤵
  PID:536
- C:\Windows\System\TeKwkCh.exe
  C:\Windows\System\TeKwkCh.exe
  2⤵
  PID:5512
- C:\Windows\System\eZmpYCk.exe
  C:\Windows\System\eZmpYCk.exe
  2⤵
  PID:2468
- C:\Windows\System\kYpwzAO.exe
  C:\Windows\System\kYpwzAO.exe
  2⤵
  PID:3084
- C:\Windows\System\raNjiNQ.exe
  C:\Windows\System\raNjiNQ.exe
  2⤵
  PID:2384
- C:\Windows\System\lqaenwy.exe
  C:\Windows\System\lqaenwy.exe
  2⤵
  PID:5736
- C:\Windows\System\PNvvJcd.exe
  C:\Windows\System\PNvvJcd.exe
  2⤵
  PID:5788
- C:\Windows\System\HEZalBu.exe
  C:\Windows\System\HEZalBu.exe
  2⤵
  PID:5980
- C:\Windows\System\agGRAOx.exe
  C:\Windows\System\agGRAOx.exe
  2⤵
  PID:5852
- C:\Windows\System\qsqxGCi.exe
  C:\Windows\System\qsqxGCi.exe
  2⤵
  PID:6032
- C:\Windows\System\NXCoXAE.exe
  C:\Windows\System\NXCoXAE.exe
  2⤵
  PID:2004
- C:\Windows\System\dHdKUQC.exe
  C:\Windows\System\dHdKUQC.exe
  2⤵
  PID:2788
- C:\Windows\System\IcbCNas.exe
  C:\Windows\System\IcbCNas.exe
  2⤵
  PID:4584
- C:\Windows\System\grlJsOL.exe
  C:\Windows\System\grlJsOL.exe
  2⤵
  PID:5500
- C:\Windows\System\vqJtgre.exe
  C:\Windows\System\vqJtgre.exe
  2⤵
  PID:2888
- C:\Windows\System\xpZPkjJ.exe
  C:\Windows\System\xpZPkjJ.exe
  2⤵
  PID:6048
- C:\Windows\System\tqFcYSm.exe
  C:\Windows\System\tqFcYSm.exe
  2⤵
  PID:6044
- C:\Windows\System\skoVdfi.exe
  C:\Windows\System\skoVdfi.exe
  2⤵
  PID:6128
- C:\Windows\System\ZSTySjx.exe
  C:\Windows\System\ZSTySjx.exe
  2⤵
  PID:668
- C:\Windows\System\lCuQvLz.exe
  C:\Windows\System\lCuQvLz.exe
  2⤵
  PID:5608
- C:\Windows\System\hhjrlzx.exe
  C:\Windows\System\hhjrlzx.exe
  2⤵
  PID:2408
- C:\Windows\System\RYfMalA.exe
  C:\Windows\System\RYfMalA.exe
  2⤵
  PID:5936
- C:\Windows\System\xESPqBK.exe
  C:\Windows\System\xESPqBK.exe
  2⤵
  PID:5288
- C:\Windows\System\QsdeBUo.exe
  C:\Windows\System\QsdeBUo.exe
  2⤵
  PID:6152
- C:\Windows\System\rOMyETE.exe
  C:\Windows\System\rOMyETE.exe
  2⤵
  PID:6168
- C:\Windows\System\aRhRJHn.exe
  C:\Windows\System\aRhRJHn.exe
  2⤵
  PID:6184
- C:\Windows\System\LPLgkpe.exe
  C:\Windows\System\LPLgkpe.exe
  2⤵
  PID:6200
- C:\Windows\System\cWffOAb.exe
  C:\Windows\System\cWffOAb.exe
  2⤵
  PID:6216
- C:\Windows\System\pAtHUmd.exe
  C:\Windows\System\pAtHUmd.exe
  2⤵
  PID:6232
- C:\Windows\System\XPdtqPv.exe
  C:\Windows\System\XPdtqPv.exe
  2⤵
  PID:6248
- C:\Windows\System\qfMqmNA.exe
  C:\Windows\System\qfMqmNA.exe
  2⤵
  PID:6264
- C:\Windows\System\ZrxgfGw.exe
  C:\Windows\System\ZrxgfGw.exe
  2⤵
  PID:6280
- C:\Windows\System\ROTeCtd.exe
  C:\Windows\System\ROTeCtd.exe
  2⤵
  PID:6296
- C:\Windows\System\acPuYKH.exe
  C:\Windows\System\acPuYKH.exe
  2⤵
  PID:6312
- C:\Windows\System\IYEecrv.exe
  C:\Windows\System\IYEecrv.exe
  2⤵
  PID:6328
- C:\Windows\System\WUyHekq.exe
  C:\Windows\System\WUyHekq.exe
  2⤵
  PID:6344
- C:\Windows\System\GEzjPMZ.exe
  C:\Windows\System\GEzjPMZ.exe
  2⤵
  PID:6360
- C:\Windows\System\XWTwHrh.exe
  C:\Windows\System\XWTwHrh.exe
  2⤵
  PID:6376
- C:\Windows\System\GaFvwwA.exe
  C:\Windows\System\GaFvwwA.exe
  2⤵
  PID:6392
- C:\Windows\System\gnGAJqc.exe
  C:\Windows\System\gnGAJqc.exe
  2⤵
  PID:6408
- C:\Windows\System\YRrIJAU.exe
  C:\Windows\System\YRrIJAU.exe
  2⤵
  PID:6424
- C:\Windows\System\msrklth.exe
  C:\Windows\System\msrklth.exe
  2⤵
  PID:6440
- C:\Windows\System\OJBZAcK.exe
  C:\Windows\System\OJBZAcK.exe
  2⤵
  PID:6456
- C:\Windows\System\ULCcLOo.exe
  C:\Windows\System\ULCcLOo.exe
  2⤵
  PID:6472
- C:\Windows\System\Gflynyv.exe
  C:\Windows\System\Gflynyv.exe
  2⤵
  PID:6488
- C:\Windows\System\qrSxWYB.exe
  C:\Windows\System\qrSxWYB.exe
  2⤵
  PID:6504
- C:\Windows\System\ULgCgry.exe
  C:\Windows\System\ULgCgry.exe
  2⤵
  PID:6520
- C:\Windows\System\mnFtKSN.exe
  C:\Windows\System\mnFtKSN.exe
  2⤵
  PID:6536
- C:\Windows\System\NpjPuzv.exe
  C:\Windows\System\NpjPuzv.exe
  2⤵
  PID:6552
- C:\Windows\System\EHaiUPX.exe
  C:\Windows\System\EHaiUPX.exe
  2⤵
  PID:6568
- C:\Windows\System\sxFeiee.exe
  C:\Windows\System\sxFeiee.exe
  2⤵
  PID:6584
- C:\Windows\System\DcXOYvp.exe
  C:\Windows\System\DcXOYvp.exe
  2⤵
  PID:6600
- C:\Windows\System\ciUgmHK.exe
  C:\Windows\System\ciUgmHK.exe
  2⤵
  PID:6616
- C:\Windows\System\fJYBPgc.exe
  C:\Windows\System\fJYBPgc.exe
  2⤵
  PID:6632
- C:\Windows\System\YCllIsf.exe
  C:\Windows\System\YCllIsf.exe
  2⤵
  PID:6648
- C:\Windows\System\gKMHQfW.exe
  C:\Windows\System\gKMHQfW.exe
  2⤵
  PID:6664
- C:\Windows\System\rpEQydg.exe
  C:\Windows\System\rpEQydg.exe
  2⤵
  PID:6680
- C:\Windows\System\IfNmiKf.exe
  C:\Windows\System\IfNmiKf.exe
  2⤵
  PID:6696
- C:\Windows\System\rVwDGiY.exe
  C:\Windows\System\rVwDGiY.exe
  2⤵
  PID:6712
- C:\Windows\System\rnZCJBX.exe
  C:\Windows\System\rnZCJBX.exe
  2⤵
  PID:6728
- C:\Windows\System\NNjffGW.exe
  C:\Windows\System\NNjffGW.exe
  2⤵
  PID:6744
- C:\Windows\System\dWOiIye.exe
  C:\Windows\System\dWOiIye.exe
  2⤵
  PID:6760
- C:\Windows\System\niXidDy.exe
  C:\Windows\System\niXidDy.exe
  2⤵
  PID:6776
- C:\Windows\System\gpiNqEa.exe
  C:\Windows\System\gpiNqEa.exe
  2⤵
  PID:6792
- C:\Windows\System\VfHYwGJ.exe
  C:\Windows\System\VfHYwGJ.exe
  2⤵
  PID:6808
- C:\Windows\System\RUZNutq.exe
  C:\Windows\System\RUZNutq.exe
  2⤵
  PID:6824
- C:\Windows\System\IRyboPM.exe
  C:\Windows\System\IRyboPM.exe
  2⤵
  PID:6840
- C:\Windows\System\sNYqKea.exe
  C:\Windows\System\sNYqKea.exe
  2⤵
  PID:6856
- C:\Windows\System\DUczYLQ.exe
  C:\Windows\System\DUczYLQ.exe
  2⤵
  PID:6872
- C:\Windows\System\tTGErIW.exe
  C:\Windows\System\tTGErIW.exe
  2⤵
  PID:6888
- C:\Windows\System\FcQiThu.exe
  C:\Windows\System\FcQiThu.exe
  2⤵
  PID:6904
- C:\Windows\System\EaIcHAW.exe
  C:\Windows\System\EaIcHAW.exe
  2⤵
  PID:6920
- C:\Windows\System\zSTtBmg.exe
  C:\Windows\System\zSTtBmg.exe
  2⤵
  PID:6936
- C:\Windows\System\AnExrbw.exe
  C:\Windows\System\AnExrbw.exe
  2⤵
  PID:6952
- C:\Windows\System\rdIBjqv.exe
  C:\Windows\System\rdIBjqv.exe
  2⤵
  PID:6968
- C:\Windows\System\kPuGpTG.exe
  C:\Windows\System\kPuGpTG.exe
  2⤵
  PID:6984
- C:\Windows\System\LiTSnKP.exe
  C:\Windows\System\LiTSnKP.exe
  2⤵
  PID:7000
- C:\Windows\System\gTVLnLs.exe
  C:\Windows\System\gTVLnLs.exe
  2⤵
  PID:7016
- C:\Windows\System\vcLdEId.exe
  C:\Windows\System\vcLdEId.exe
  2⤵
  PID:7032
- C:\Windows\System\wartjvl.exe
  C:\Windows\System\wartjvl.exe
  2⤵
  PID:7048
- C:\Windows\System\balYxOL.exe
  C:\Windows\System\balYxOL.exe
  2⤵
  PID:7064
- C:\Windows\System\xkwZEkU.exe
  C:\Windows\System\xkwZEkU.exe
  2⤵
  PID:7080
- C:\Windows\System\XMWUVSK.exe
  C:\Windows\System\XMWUVSK.exe
  2⤵
  PID:7096
- C:\Windows\System\mmEGlQJ.exe
  C:\Windows\System\mmEGlQJ.exe
  2⤵
  PID:7112
- C:\Windows\System\nMnkBtQ.exe
  C:\Windows\System\nMnkBtQ.exe
  2⤵
  PID:7128
- C:\Windows\System\BOpkByg.exe
  C:\Windows\System\BOpkByg.exe
  2⤵
  PID:7144
- C:\Windows\System\wcmPUmo.exe
  C:\Windows\System\wcmPUmo.exe
  2⤵
  PID:7160
- C:\Windows\System\lTCCWAl.exe
  C:\Windows\System\lTCCWAl.exe
  2⤵
  PID:5756
- C:\Windows\System\bOBhSNP.exe
  C:\Windows\System\bOBhSNP.exe
  2⤵
  PID:6192
- C:\Windows\System\SpsIvdA.exe
  C:\Windows\System\SpsIvdA.exe
  2⤵
  PID:6180
- C:\Windows\System\qCnXKgO.exe
  C:\Windows\System\qCnXKgO.exe
  2⤵
  PID:6244
- C:\Windows\System\lGbcfgF.exe
  C:\Windows\System\lGbcfgF.exe
  2⤵
  PID:1300
- C:\Windows\System\FDwdBoM.exe
  C:\Windows\System\FDwdBoM.exe
  2⤵
  PID:6276
- C:\Windows\System\lnKzTEI.exe
  C:\Windows\System\lnKzTEI.exe
  2⤵
  PID:6320
- C:\Windows\System\iAoKRDw.exe
  C:\Windows\System\iAoKRDw.exe
  2⤵
  PID:6340
- C:\Windows\System\xpidCNq.exe
  C:\Windows\System\xpidCNq.exe
  2⤵
  PID:6384
- C:\Windows\System\OMqlVzR.exe
  C:\Windows\System\OMqlVzR.exe
  2⤵
  PID:6448
- C:\Windows\System\QMXcDPT.exe
  C:\Windows\System\QMXcDPT.exe
  2⤵
  PID:6512
- C:\Windows\System\OBkFVKo.exe
  C:\Windows\System\OBkFVKo.exe
  2⤵
  PID:6496
- C:\Windows\System\lUAIwLL.exe
  C:\Windows\System\lUAIwLL.exe
  2⤵
  PID:6400
- C:\Windows\System\NAePCZa.exe
  C:\Windows\System\NAePCZa.exe
  2⤵
  PID:6464
- C:\Windows\System\MitsPbo.exe
  C:\Windows\System\MitsPbo.exe
  2⤵
  PID:6580
- C:\Windows\System\pIfjUYT.exe
  C:\Windows\System\pIfjUYT.exe
  2⤵
  PID:6608
- C:\Windows\System\ngrwCpv.exe
  C:\Windows\System\ngrwCpv.exe
  2⤵
  PID:6656
- C:\Windows\System\DzHulpr.exe
  C:\Windows\System\DzHulpr.exe
  2⤵
  PID:6676
- C:\Windows\System\ujYjuvn.exe
  C:\Windows\System\ujYjuvn.exe
  2⤵
  PID:6708
- C:\Windows\System\mapQCuc.exe
  C:\Windows\System\mapQCuc.exe
  2⤵
  PID:6768
- C:\Windows\System\opIwagh.exe
  C:\Windows\System\opIwagh.exe
  2⤵
  PID:6804
- C:\Windows\System\DFHMPjB.exe
  C:\Windows\System\DFHMPjB.exe
  2⤵
  PID:6788
- C:\Windows\System\FsGDqLg.exe
  C:\Windows\System\FsGDqLg.exe
  2⤵
  PID:6836
- C:\Windows\System\LVtVgGh.exe
  C:\Windows\System\LVtVgGh.exe
  2⤵
  PID:6868
- C:\Windows\System\ZVLryBm.exe
  C:\Windows\System\ZVLryBm.exe
  2⤵
  PID:6900
- C:\Windows\System\PbpzoaC.exe
  C:\Windows\System\PbpzoaC.exe
  2⤵
  PID:6960
- C:\Windows\System\BOIHNzf.exe
  C:\Windows\System\BOIHNzf.exe
  2⤵
  PID:6976
- C:\Windows\System\GvAbOYE.exe
  C:\Windows\System\GvAbOYE.exe
  2⤵
  PID:6996
- C:\Windows\System\qokAuWr.exe
  C:\Windows\System\qokAuWr.exe
  2⤵
  PID:7060
- C:\Windows\System\GSIxWIv.exe
  C:\Windows\System\GSIxWIv.exe
  2⤵
  PID:7124
- C:\Windows\System\lrQQNxc.exe
  C:\Windows\System\lrQQNxc.exe
  2⤵
  PID:7008
- C:\Windows\System\UwGWIRz.exe
  C:\Windows\System\UwGWIRz.exe
  2⤵
  PID:7072
- C:\Windows\System\jcPoQLF.exe
  C:\Windows\System\jcPoQLF.exe
  2⤵
  PID:6240
- C:\Windows\System\hBchLIy.exe
  C:\Windows\System\hBchLIy.exe
  2⤵
  PID:5952
- C:\Windows\System\qrLffyc.exe
  C:\Windows\System\qrLffyc.exe
  2⤵
  PID:7108
- C:\Windows\System\jfyAHBz.exe
  C:\Windows\System\jfyAHBz.exe
  2⤵
  PID:6292
- C:\Windows\System\tWucLoq.exe
  C:\Windows\System\tWucLoq.exe
  2⤵
  PID:6420
- C:\Windows\System\enUfJEI.exe
  C:\Windows\System\enUfJEI.exe
  2⤵
  PID:6308
- C:\Windows\System\rnvpBJB.exe
  C:\Windows\System\rnvpBJB.exe
  2⤵
  PID:6484
- C:\Windows\System\hPqRLxC.exe
  C:\Windows\System\hPqRLxC.exe
  2⤵
  PID:6480
- C:\Windows\System\EZStKxM.exe
  C:\Windows\System\EZStKxM.exe
  2⤵
  PID:6576
- C:\Windows\System\XPPfkYP.exe
  C:\Windows\System\XPPfkYP.exe
  2⤵
  PID:6660
- C:\Windows\System\QPTIWOM.exe
  C:\Windows\System\QPTIWOM.exe
  2⤵
  PID:6752
- C:\Windows\System\ZoGWGhG.exe
  C:\Windows\System\ZoGWGhG.exe
  2⤵
  PID:6704
- C:\Windows\System\SGdlgCX.exe
  C:\Windows\System\SGdlgCX.exe
  2⤵
  PID:6820
- C:\Windows\System\dazzXmW.exe
  C:\Windows\System\dazzXmW.exe
  2⤵
  PID:6932
- C:\Windows\System\RnDzBpg.exe
  C:\Windows\System\RnDzBpg.exe
  2⤵
  PID:7092
- C:\Windows\System\INvalVf.exe
  C:\Windows\System\INvalVf.exe
  2⤵
  PID:7028
- C:\Windows\System\JKfhPbw.exe
  C:\Windows\System\JKfhPbw.exe
  2⤵
  PID:6212
- C:\Windows\System\tJCWQtc.exe
  C:\Windows\System\tJCWQtc.exe
  2⤵
  PID:7044
- C:\Windows\System\bhVXGKy.exe
  C:\Windows\System\bhVXGKy.exe
  2⤵
  PID:6176
- C:\Windows\System\lyRWkcs.exe
  C:\Windows\System\lyRWkcs.exe
  2⤵
  PID:6436
- C:\Windows\System\lDBHRNO.exe
  C:\Windows\System\lDBHRNO.exe
  2⤵
  PID:6724
- C:\Windows\System\ObQLtrb.exe
  C:\Windows\System\ObQLtrb.exe
  2⤵
  PID:6468
- C:\Windows\System\yiNsjRE.exe
  C:\Windows\System\yiNsjRE.exe
  2⤵
  PID:6864
- C:\Windows\System\waDWnsI.exe
  C:\Windows\System\waDWnsI.exe
  2⤵
  PID:6896
- C:\Windows\System\OdBaUMr.exe
  C:\Windows\System\OdBaUMr.exe
  2⤵
  PID:7104
- C:\Windows\System\SCAxxsr.exe
  C:\Windows\System\SCAxxsr.exe
  2⤵
  PID:6740
- C:\Windows\System\XoPDGEZ.exe
  C:\Windows\System\XoPDGEZ.exe
  2⤵
  PID:6532
- C:\Windows\System\dYtZuyi.exe
  C:\Windows\System\dYtZuyi.exe
  2⤵
  PID:6164
- C:\Windows\System\Quvimoi.exe
  C:\Windows\System\Quvimoi.exe
  2⤵
  PID:6596
- C:\Windows\System\pdXJxQC.exe
  C:\Windows\System\pdXJxQC.exe
  2⤵
  PID:6944
- C:\Windows\System\ILrgCIz.exe
  C:\Windows\System\ILrgCIz.exe
  2⤵
  PID:6372
- C:\Windows\System\hQhpCXv.exe
  C:\Windows\System\hQhpCXv.exe
  2⤵
  PID:7184
- C:\Windows\System\JgHVUAz.exe
  C:\Windows\System\JgHVUAz.exe
  2⤵
  PID:7200
- C:\Windows\System\DmcQutV.exe
  C:\Windows\System\DmcQutV.exe
  2⤵
  PID:7216
- C:\Windows\System\HJVsnjN.exe
  C:\Windows\System\HJVsnjN.exe
  2⤵
  PID:7232
- C:\Windows\System\zvqqqXf.exe
  C:\Windows\System\zvqqqXf.exe
  2⤵
  PID:7248
- C:\Windows\System\DKmnIuD.exe
  C:\Windows\System\DKmnIuD.exe
  2⤵
  PID:7264
- C:\Windows\System\rtefGmq.exe
  C:\Windows\System\rtefGmq.exe
  2⤵
  PID:7280
- C:\Windows\System\elIGYmT.exe
  C:\Windows\System\elIGYmT.exe
  2⤵
  PID:7296
- C:\Windows\System\shnALeY.exe
  C:\Windows\System\shnALeY.exe
  2⤵
  PID:7312
- C:\Windows\System\kHPNSct.exe
  C:\Windows\System\kHPNSct.exe
  2⤵
  PID:7328
- C:\Windows\System\BSyuGYG.exe
  C:\Windows\System\BSyuGYG.exe
  2⤵
  PID:7344
- C:\Windows\System\zdxjZsD.exe
  C:\Windows\System\zdxjZsD.exe
  2⤵
  PID:7360
- C:\Windows\System\ehgOPuD.exe
  C:\Windows\System\ehgOPuD.exe
  2⤵
  PID:7376
- C:\Windows\System\mqISOkX.exe
  C:\Windows\System\mqISOkX.exe
  2⤵
  PID:7392
- C:\Windows\System\vTJfmPd.exe
  C:\Windows\System\vTJfmPd.exe
  2⤵
  PID:7408
- C:\Windows\System\hSLsbAl.exe
  C:\Windows\System\hSLsbAl.exe
  2⤵
  PID:7424
- C:\Windows\System\hufssTm.exe
  C:\Windows\System\hufssTm.exe
  2⤵
  PID:7440
- C:\Windows\System\hYYLJhM.exe
  C:\Windows\System\hYYLJhM.exe
  2⤵
  PID:7456
- C:\Windows\System\MCcTkBr.exe
  C:\Windows\System\MCcTkBr.exe
  2⤵
  PID:7472
- C:\Windows\System\nWXjRAh.exe
  C:\Windows\System\nWXjRAh.exe
  2⤵
  PID:7488
- C:\Windows\System\JOhTWIE.exe
  C:\Windows\System\JOhTWIE.exe
  2⤵
  PID:7504
- C:\Windows\System\WQYvolD.exe
  C:\Windows\System\WQYvolD.exe
  2⤵
  PID:7520
- C:\Windows\System\stiWpYV.exe
  C:\Windows\System\stiWpYV.exe
  2⤵
  PID:7536
- C:\Windows\System\nkHIrrE.exe
  C:\Windows\System\nkHIrrE.exe
  2⤵
  PID:7552
- C:\Windows\System\CMAFzHR.exe
  C:\Windows\System\CMAFzHR.exe
  2⤵
  PID:7568
- C:\Windows\System\bGZAMsR.exe
  C:\Windows\System\bGZAMsR.exe
  2⤵
  PID:7584
- C:\Windows\System\rqkVarA.exe
  C:\Windows\System\rqkVarA.exe
  2⤵
  PID:7600
- C:\Windows\System\sgXaVSD.exe
  C:\Windows\System\sgXaVSD.exe
  2⤵
  PID:7616
- C:\Windows\System\IRjobyp.exe
  C:\Windows\System\IRjobyp.exe
  2⤵
  PID:7632
- C:\Windows\System\jlauSjY.exe
  C:\Windows\System\jlauSjY.exe
  2⤵
  PID:7648
- C:\Windows\System\bcoCDKO.exe
  C:\Windows\System\bcoCDKO.exe
  2⤵
  PID:7664
- C:\Windows\System\SnwKAwN.exe
  C:\Windows\System\SnwKAwN.exe
  2⤵
  PID:7680
- C:\Windows\System\JHKEngI.exe
  C:\Windows\System\JHKEngI.exe
  2⤵
  PID:7696
- C:\Windows\System\FFaCsIv.exe
  C:\Windows\System\FFaCsIv.exe
  2⤵
  PID:7712
- C:\Windows\System\sZKzriJ.exe
  C:\Windows\System\sZKzriJ.exe
  2⤵
  PID:7728
- C:\Windows\System\BDXaHQp.exe
  C:\Windows\System\BDXaHQp.exe
  2⤵
  PID:7744
- C:\Windows\System\SQMhdtr.exe
  C:\Windows\System\SQMhdtr.exe
  2⤵
  PID:7760
- C:\Windows\System\blyYZOi.exe
  C:\Windows\System\blyYZOi.exe
  2⤵
  PID:7776
- C:\Windows\System\GUoDBeh.exe
  C:\Windows\System\GUoDBeh.exe
  2⤵
  PID:7792
- C:\Windows\System\EKEnYFV.exe
  C:\Windows\System\EKEnYFV.exe
  2⤵
  PID:7808
- C:\Windows\System\BhouMmW.exe
  C:\Windows\System\BhouMmW.exe
  2⤵
  PID:7824
- C:\Windows\System\arvhWKx.exe
  C:\Windows\System\arvhWKx.exe
  2⤵
  PID:7840
- C:\Windows\System\CYIdXAi.exe
  C:\Windows\System\CYIdXAi.exe
  2⤵
  PID:7856
- C:\Windows\System\HGWMydG.exe
  C:\Windows\System\HGWMydG.exe
  2⤵
  PID:7872
- C:\Windows\System\ddCrMXG.exe
  C:\Windows\System\ddCrMXG.exe
  2⤵
  PID:7888
- C:\Windows\System\FEQGpQo.exe
  C:\Windows\System\FEQGpQo.exe
  2⤵
  PID:7904
- C:\Windows\System\bKXXkmL.exe
  C:\Windows\System\bKXXkmL.exe
  2⤵
  PID:7920
- C:\Windows\System\vaTwEeM.exe
  C:\Windows\System\vaTwEeM.exe
  2⤵
  PID:7936
- C:\Windows\System\EVYBLPw.exe
  C:\Windows\System\EVYBLPw.exe
  2⤵
  PID:7952
- C:\Windows\System\VZufszc.exe
  C:\Windows\System\VZufszc.exe
  2⤵
  PID:7968
- C:\Windows\System\MwvxbOc.exe
  C:\Windows\System\MwvxbOc.exe
  2⤵
  PID:7984
- C:\Windows\System\GlHyxgE.exe
  C:\Windows\System\GlHyxgE.exe
  2⤵
  PID:8000
- C:\Windows\System\GNPCPvP.exe
  C:\Windows\System\GNPCPvP.exe
  2⤵
  PID:8016
- C:\Windows\System\TAOeNxK.exe
  C:\Windows\System\TAOeNxK.exe
  2⤵
  PID:8032
- C:\Windows\System\ALECpxH.exe
  C:\Windows\System\ALECpxH.exe
  2⤵
  PID:8048
- C:\Windows\System\APytkje.exe
  C:\Windows\System\APytkje.exe
  2⤵
  PID:8064
- C:\Windows\System\KqhZeTv.exe
  C:\Windows\System\KqhZeTv.exe
  2⤵
  PID:8080
- C:\Windows\System\PsyDCxH.exe
  C:\Windows\System\PsyDCxH.exe
  2⤵
  PID:8096
- C:\Windows\System\qblArFk.exe
  C:\Windows\System\qblArFk.exe
  2⤵
  PID:8112
- C:\Windows\System\SOofsuv.exe
  C:\Windows\System\SOofsuv.exe
  2⤵
  PID:8128
- C:\Windows\System\azwtLDY.exe
  C:\Windows\System\azwtLDY.exe
  2⤵
  PID:8144
- C:\Windows\System\LXBMGaU.exe
  C:\Windows\System\LXBMGaU.exe
  2⤵
  PID:8160
- C:\Windows\System\KAvtPYq.exe
  C:\Windows\System\KAvtPYq.exe
  2⤵
  PID:8176
- C:\Windows\System\DzZsjnj.exe
  C:\Windows\System\DzZsjnj.exe
  2⤵
  PID:6256
- C:\Windows\System\KZCELOq.exe
  C:\Windows\System\KZCELOq.exe
  2⤵
  PID:6160
- C:\Windows\System\ZcElfyE.exe
  C:\Windows\System\ZcElfyE.exe
  2⤵
  PID:7228
- C:\Windows\System\FrKKNUY.exe
  C:\Windows\System\FrKKNUY.exe
  2⤵
  PID:7176
- C:\Windows\System\tRsGHSC.exe
  C:\Windows\System\tRsGHSC.exe
  2⤵
  PID:7180
- C:\Windows\System\IXOIerH.exe
  C:\Windows\System\IXOIerH.exe
  2⤵
  PID:7304
- C:\Windows\System\OkefDbd.exe
  C:\Windows\System\OkefDbd.exe
  2⤵
  PID:7320
- C:\Windows\System\ZpttssJ.exe
  C:\Windows\System\ZpttssJ.exe
  2⤵
  PID:7372
- C:\Windows\System\baBsvUd.exe
  C:\Windows\System\baBsvUd.exe
  2⤵
  PID:7432
- C:\Windows\System\GUPfUpN.exe
  C:\Windows\System\GUPfUpN.exe
  2⤵
  PID:7448
- C:\Windows\System\SyfhXbP.exe
  C:\Windows\System\SyfhXbP.exe
  2⤵
  PID:7500
- C:\Windows\System\UBMUzgH.exe
  C:\Windows\System\UBMUzgH.exe
  2⤵
  PID:7564
- C:\Windows\System\QKORCTi.exe
  C:\Windows\System\QKORCTi.exe
  2⤵
  PID:7516
- C:\Windows\System\WYkghnw.exe
  C:\Windows\System\WYkghnw.exe
  2⤵
  PID:7452
- C:\Windows\System\HciKLYA.exe
  C:\Windows\System\HciKLYA.exe
  2⤵
  PID:7608
- C:\Windows\System\pkwSvMP.exe
  C:\Windows\System\pkwSvMP.exe
  2⤵
  PID:7640
- C:\Windows\System\aMZkdax.exe
  C:\Windows\System\aMZkdax.exe
  2⤵
  PID:7688
- C:\Windows\System\xShTuUB.exe
  C:\Windows\System\xShTuUB.exe
  2⤵
  PID:7736
- C:\Windows\System\zeZaIhX.exe
  C:\Windows\System\zeZaIhX.exe
  2⤵
  PID:7768
- C:\Windows\System\uWMoKXj.exe
  C:\Windows\System\uWMoKXj.exe
  2⤵
  PID:7816
- C:\Windows\System\pKdBnDX.exe
  C:\Windows\System\pKdBnDX.exe
  2⤵
  PID:7864
- C:\Windows\System\blgVHPr.exe
  C:\Windows\System\blgVHPr.exe
  2⤵
  PID:7928
- C:\Windows\System\gIiiBJl.exe
  C:\Windows\System\gIiiBJl.exe
  2⤵
  PID:7724
- C:\Windows\System\PkMMfCj.exe
  C:\Windows\System\PkMMfCj.exe
  2⤵
  PID:7788
- C:\Windows\System\RnrJdYr.exe
  C:\Windows\System\RnrJdYr.exe
  2⤵
  PID:7976
- C:\Windows\System\PTZfkfo.exe
  C:\Windows\System\PTZfkfo.exe
  2⤵
  PID:7852
- C:\Windows\System\cqGlCPS.exe
  C:\Windows\System\cqGlCPS.exe
  2⤵
  PID:7944
- C:\Windows\System\ElaFyUY.exe
  C:\Windows\System\ElaFyUY.exe
  2⤵
  PID:8040
- C:\Windows\System\zcpuUQz.exe
  C:\Windows\System\zcpuUQz.exe
  2⤵
  PID:8076
- C:\Windows\System\kRidehb.exe
  C:\Windows\System\kRidehb.exe
  2⤵
  PID:8168
- C:\Windows\System\YKbWWeO.exe
  C:\Windows\System\YKbWWeO.exe
  2⤵
  PID:7260
- C:\Windows\System\IZoSWgz.exe
  C:\Windows\System\IZoSWgz.exe
  2⤵
  PID:8120
- C:\Windows\System\quoXDWx.exe
  C:\Windows\System\quoXDWx.exe
  2⤵
  PID:8156
- C:\Windows\System\bmANKiZ.exe
  C:\Windows\System\bmANKiZ.exe
  2⤵
  PID:7224
- C:\Windows\System\SwyfmBP.exe
  C:\Windows\System\SwyfmBP.exe
  2⤵
  PID:7288
- C:\Windows\System\geTzqCM.exe
  C:\Windows\System\geTzqCM.exe
  2⤵
  PID:8056
- C:\Windows\System\aclWuBu.exe
  C:\Windows\System\aclWuBu.exe
  2⤵
  PID:7368
- C:\Windows\System\UvpFExu.exe
  C:\Windows\System\UvpFExu.exe
  2⤵
  PID:7468
- C:\Windows\System\LQQdVyG.exe
  C:\Windows\System\LQQdVyG.exe
  2⤵
  PID:7596
- C:\Windows\System\JwVqiJL.exe
  C:\Windows\System\JwVqiJL.exe
  2⤵
  PID:7660
- C:\Windows\System\IdCBDGX.exe
  C:\Windows\System\IdCBDGX.exe
  2⤵
  PID:7832
- C:\Windows\System\GAIIBOb.exe
  C:\Windows\System\GAIIBOb.exe
  2⤵
  PID:7820
- C:\Windows\System\QoMhQsI.exe
  C:\Windows\System\QoMhQsI.exe
  2⤵
  PID:8092
- C:\Windows\System\qZPQJzB.exe
  C:\Windows\System\qZPQJzB.exe
  2⤵
  PID:8124
- C:\Windows\System\clIuZEA.exe
  C:\Windows\System\clIuZEA.exe
  2⤵
  PID:8028
- C:\Windows\System\gpeJnCh.exe
  C:\Windows\System\gpeJnCh.exe
  2⤵
  PID:7672
- C:\Windows\System\VqyZOOQ.exe
  C:\Windows\System\VqyZOOQ.exe
  2⤵
  PID:8196
- C:\Windows\System\khqeWCy.exe
  C:\Windows\System\khqeWCy.exe
  2⤵
  PID:8212
- C:\Windows\System\RLryYcL.exe
  C:\Windows\System\RLryYcL.exe
  2⤵
  PID:8228
- C:\Windows\System\BTnsfsp.exe
  C:\Windows\System\BTnsfsp.exe
  2⤵
  PID:8244
- C:\Windows\System\gzmbBgG.exe
  C:\Windows\System\gzmbBgG.exe
  2⤵
  PID:8260
- C:\Windows\System\twqhReE.exe
  C:\Windows\System\twqhReE.exe
  2⤵
  PID:8276
- C:\Windows\System\rFIzXlO.exe
  C:\Windows\System\rFIzXlO.exe
  2⤵
  PID:8292
- C:\Windows\System\yrhSKes.exe
  C:\Windows\System\yrhSKes.exe
  2⤵
  PID:8308
- C:\Windows\System\KKVvjsm.exe
  C:\Windows\System\KKVvjsm.exe
  2⤵
  PID:8324
- C:\Windows\System\VtNSHjQ.exe
  C:\Windows\System\VtNSHjQ.exe
  2⤵
  PID:8340
- C:\Windows\System\hzXKTqF.exe
  C:\Windows\System\hzXKTqF.exe
  2⤵
  PID:8356
- C:\Windows\System\VBdenoT.exe
  C:\Windows\System\VBdenoT.exe
  2⤵
  PID:8372
- C:\Windows\System\oREQAjp.exe
  C:\Windows\System\oREQAjp.exe
  2⤵
  PID:8388
- C:\Windows\System\QIosNYi.exe
  C:\Windows\System\QIosNYi.exe
  2⤵
  PID:8404
- C:\Windows\System\DPvogHp.exe
  C:\Windows\System\DPvogHp.exe
  2⤵
  PID:8420
- C:\Windows\System\qsXWOIL.exe
  C:\Windows\System\qsXWOIL.exe
  2⤵
  PID:8436
- C:\Windows\System\fBJzNzy.exe
  C:\Windows\System\fBJzNzy.exe
  2⤵
  PID:8452
- C:\Windows\System\NfIqidl.exe
  C:\Windows\System\NfIqidl.exe
  2⤵
  PID:8468
- C:\Windows\System\ARoLBWO.exe
  C:\Windows\System\ARoLBWO.exe
  2⤵
  PID:8484
- C:\Windows\System\lzYOfnB.exe
  C:\Windows\System\lzYOfnB.exe
  2⤵
  PID:8500
- C:\Windows\System\YSCfQLD.exe
  C:\Windows\System\YSCfQLD.exe
  2⤵
  PID:8516
- C:\Windows\System\fsZhEyP.exe
  C:\Windows\System\fsZhEyP.exe
  2⤵
  PID:8532
- C:\Windows\System\wetNNFL.exe
  C:\Windows\System\wetNNFL.exe
  2⤵
  PID:8548
- C:\Windows\System\zSuCIYJ.exe
  C:\Windows\System\zSuCIYJ.exe
  2⤵
  PID:8564
- C:\Windows\System\OWhZFnv.exe
  C:\Windows\System\OWhZFnv.exe
  2⤵
  PID:8580
- C:\Windows\System\SIkjzIT.exe
  C:\Windows\System\SIkjzIT.exe
  2⤵
  PID:8596
- C:\Windows\System\WarZvzE.exe
  C:\Windows\System\WarZvzE.exe
  2⤵
  PID:8612
- C:\Windows\System\unesgCl.exe
  C:\Windows\System\unesgCl.exe
  2⤵
  PID:8628
- C:\Windows\System\cJAExkH.exe
  C:\Windows\System\cJAExkH.exe
  2⤵
  PID:8644
- C:\Windows\System\FxtozWN.exe
  C:\Windows\System\FxtozWN.exe
  2⤵
  PID:8660
- C:\Windows\System\NsgLGYO.exe
  C:\Windows\System\NsgLGYO.exe
  2⤵
  PID:8676
- C:\Windows\System\dxcpNEH.exe
  C:\Windows\System\dxcpNEH.exe
  2⤵
  PID:8692
- C:\Windows\System\OnXgHSx.exe
  C:\Windows\System\OnXgHSx.exe
  2⤵
  PID:8708
- C:\Windows\System\NwkZxPX.exe
  C:\Windows\System\NwkZxPX.exe
  2⤵
  PID:8724
- C:\Windows\System\pRAzTIq.exe
  C:\Windows\System\pRAzTIq.exe
  2⤵
  PID:8740
- C:\Windows\System\PhlAQII.exe
  C:\Windows\System\PhlAQII.exe
  2⤵
  PID:8756
- C:\Windows\System\fvHhQnd.exe
  C:\Windows\System\fvHhQnd.exe
  2⤵
  PID:8772
- C:\Windows\System\JLyAsVH.exe
  C:\Windows\System\JLyAsVH.exe
  2⤵
  PID:8788
- C:\Windows\System\cusZNix.exe
  C:\Windows\System\cusZNix.exe
  2⤵
  PID:8804
- C:\Windows\System\tCwfdvz.exe
  C:\Windows\System\tCwfdvz.exe
  2⤵
  PID:8820
- C:\Windows\System\XMzElzf.exe
  C:\Windows\System\XMzElzf.exe
  2⤵
  PID:8836
- C:\Windows\System\eGftXYs.exe
  C:\Windows\System\eGftXYs.exe
  2⤵
  PID:8852
- C:\Windows\System\hAwlsRY.exe
  C:\Windows\System\hAwlsRY.exe
  2⤵
  PID:8868
- C:\Windows\System\VLEuteX.exe
  C:\Windows\System\VLEuteX.exe
  2⤵
  PID:8884
- C:\Windows\System\EcRphQB.exe
  C:\Windows\System\EcRphQB.exe
  2⤵
  PID:8900
- C:\Windows\System\SBOqaCP.exe
  C:\Windows\System\SBOqaCP.exe
  2⤵
  PID:8916
- C:\Windows\System\QAeMOEX.exe
  C:\Windows\System\QAeMOEX.exe
  2⤵
  PID:8932
- C:\Windows\System\EUdZVYI.exe
  C:\Windows\System\EUdZVYI.exe
  2⤵
  PID:8948
- C:\Windows\System\LYColQw.exe
  C:\Windows\System\LYColQw.exe
  2⤵
  PID:8964
- C:\Windows\System\rFZSlCS.exe
  C:\Windows\System\rFZSlCS.exe
  2⤵
  PID:8980
- C:\Windows\System\lblsgSD.exe
  C:\Windows\System\lblsgSD.exe
  2⤵
  PID:8996
- C:\Windows\System\vSsvPfK.exe
  C:\Windows\System\vSsvPfK.exe
  2⤵
  PID:9012
- C:\Windows\System\WWtrxgw.exe
  C:\Windows\System\WWtrxgw.exe
  2⤵
  PID:9028
- C:\Windows\System\aMFRkRP.exe
  C:\Windows\System\aMFRkRP.exe
  2⤵
  PID:9048
- C:\Windows\System\ARFJctz.exe
  C:\Windows\System\ARFJctz.exe
  2⤵
  PID:9064
- C:\Windows\System\BVzxcKv.exe
  C:\Windows\System\BVzxcKv.exe
  2⤵
  PID:9080
- C:\Windows\System\MYDgVJi.exe
  C:\Windows\System\MYDgVJi.exe
  2⤵
  PID:9096
- C:\Windows\System\UCtGoJc.exe
  C:\Windows\System\UCtGoJc.exe
  2⤵
  PID:9112
- C:\Windows\System\DaMmLTU.exe
  C:\Windows\System\DaMmLTU.exe
  2⤵
  PID:9128
- C:\Windows\System\wjOAdUr.exe
  C:\Windows\System\wjOAdUr.exe
  2⤵
  PID:9144
- C:\Windows\System\RkBIGaR.exe
  C:\Windows\System\RkBIGaR.exe
  2⤵
  PID:9160
- C:\Windows\System\TnFhvYJ.exe
  C:\Windows\System\TnFhvYJ.exe
  2⤵
  PID:9176
- C:\Windows\System\OiLFTYK.exe
  C:\Windows\System\OiLFTYK.exe
  2⤵
  PID:9192
- C:\Windows\System\bPOuQCN.exe
  C:\Windows\System\bPOuQCN.exe
  2⤵
  PID:9208
- C:\Windows\System\KNVBxeZ.exe
  C:\Windows\System\KNVBxeZ.exe
  2⤵
  PID:7416
- C:\Windows\System\sKdlZPy.exe
  C:\Windows\System\sKdlZPy.exe
  2⤵
  PID:8252
- C:\Windows\System\mHoXWzb.exe
  C:\Windows\System\mHoXWzb.exe
  2⤵
  PID:8316
- C:\Windows\System\YFcKeXi.exe
  C:\Windows\System\YFcKeXi.exe
  2⤵
  PID:7800
- C:\Windows\System\SfJAddj.exe
  C:\Windows\System\SfJAddj.exe
  2⤵
  PID:7624
- C:\Windows\System\eJfjqwU.exe
  C:\Windows\System\eJfjqwU.exe
  2⤵
  PID:8380
- C:\Windows\System\lpeKYdQ.exe
  C:\Windows\System\lpeKYdQ.exe
  2⤵
  PID:8444
- C:\Windows\System\JDnCvmD.exe
  C:\Windows\System\JDnCvmD.exe
  2⤵
  PID:8508
- C:\Windows\System\icfJllu.exe
  C:\Windows\System\icfJllu.exe
  2⤵
  PID:8572
- C:\Windows\System\pWSVpGj.exe
  C:\Windows\System\pWSVpGj.exe
  2⤵
  PID:7900
- C:\Windows\System\xKHeTJH.exe
  C:\Windows\System\xKHeTJH.exe
  2⤵
  PID:8364
- C:\Windows\System\SmHYvQu.exe
  C:\Windows\System\SmHYvQu.exe
  2⤵
  PID:8636
- C:\Windows\System\QgPkEae.exe
  C:\Windows\System\QgPkEae.exe
  2⤵
  PID:8104
- C:\Windows\System\CeVaDaj.exe
  C:\Windows\System\CeVaDaj.exe
  2⤵
  PID:8136
- C:\Windows\System\sCcDErz.exe
  C:\Windows\System\sCcDErz.exe
  2⤵
  PID:8188
- C:\Windows\System\BwShKep.exe
  C:\Windows\System\BwShKep.exe
  2⤵
  PID:7404
- C:\Windows\System\pHjbAvA.exe
  C:\Windows\System\pHjbAvA.exe
  2⤵
  PID:7964
- C:\Windows\System\MMcVmOt.exe
  C:\Windows\System\MMcVmOt.exe
  2⤵
  PID:7692
- C:\Windows\System\xpKGJKz.exe
  C:\Windows\System\xpKGJKz.exe
  2⤵
  PID:8240
- C:\Windows\System\BppUSrg.exe
  C:\Windows\System\BppUSrg.exe
  2⤵
  PID:8304
- C:\Windows\System\WnDuByw.exe
  C:\Windows\System\WnDuByw.exe
  2⤵
  PID:8396
- C:\Windows\System\ziXRSGa.exe
  C:\Windows\System\ziXRSGa.exe
  2⤵
  PID:8732
- C:\Windows\System\wowKviN.exe
  C:\Windows\System\wowKviN.exe
  2⤵
  PID:8432
- C:\Windows\System\WnKkGxo.exe
  C:\Windows\System\WnKkGxo.exe
  2⤵
  PID:8624
- C:\Windows\System\oIOlPJN.exe
  C:\Windows\System\oIOlPJN.exe
  2⤵
  PID:8524
- C:\Windows\System\auqYgcn.exe
  C:\Windows\System\auqYgcn.exe
  2⤵
  PID:8588
- C:\Windows\System\dIhCcDe.exe
  C:\Windows\System\dIhCcDe.exe
  2⤵
  PID:8716
- C:\Windows\System\mSPfPuZ.exe
  C:\Windows\System\mSPfPuZ.exe
  2⤵
  PID:8768
- C:\Windows\System\saqzAoV.exe
  C:\Windows\System\saqzAoV.exe
  2⤵
  PID:8816
- C:\Windows\System\uRsCKCe.exe
  C:\Windows\System\uRsCKCe.exe
  2⤵
  PID:8880
- C:\Windows\System\UCdwycq.exe
  C:\Windows\System\UCdwycq.exe
  2⤵
  PID:8800
- C:\Windows\System\HlkKXil.exe
  C:\Windows\System\HlkKXil.exe
  2⤵
  PID:8892
- C:\Windows\System\qWVrSYe.exe
  C:\Windows\System\qWVrSYe.exe
  2⤵
  PID:8956
- C:\Windows\System\hfbotmU.exe
  C:\Windows\System\hfbotmU.exe
  2⤵
  PID:7704
- C:\Windows\System\rMmSHDW.exe
  C:\Windows\System\rMmSHDW.exe
  2⤵
  PID:9156
- C:\Windows\System\iSEqVLv.exe
  C:\Windows\System\iSEqVLv.exe
  2⤵
  PID:8480
- C:\Windows\System\DbsrGkI.exe
  C:\Windows\System\DbsrGkI.exe
  2⤵
  PID:7480
- C:\Windows\System\xgzZQAP.exe
  C:\Windows\System\xgzZQAP.exe
  2⤵
  PID:8336
- C:\Windows\System\FfWKpan.exe
  C:\Windows\System\FfWKpan.exe
  2⤵
  PID:9120
- C:\Windows\System\hyAQcbF.exe
  C:\Windows\System\hyAQcbF.exe
  2⤵
  PID:7292
- C:\Windows\System\osxHUjx.exe
  C:\Windows\System\osxHUjx.exe
  2⤵
  PID:7784
- C:\Windows\System\IWimYzq.exe
  C:\Windows\System\IWimYzq.exe
  2⤵
  PID:9236
- C:\Windows\System\BUhlUPz.exe
  C:\Windows\System\BUhlUPz.exe
  2⤵
  PID:9252
- C:\Windows\System\QEywJrb.exe
  C:\Windows\System\QEywJrb.exe
  2⤵
  PID:9268
- C:\Windows\System\TJzRiNr.exe
  C:\Windows\System\TJzRiNr.exe
  2⤵
  PID:9284
- C:\Windows\System\ZhdxowW.exe
  C:\Windows\System\ZhdxowW.exe
  2⤵
  PID:9300
- C:\Windows\System\aJwcbfj.exe
  C:\Windows\System\aJwcbfj.exe
  2⤵
  PID:9316
- C:\Windows\System\fVgsBpD.exe
  C:\Windows\System\fVgsBpD.exe
  2⤵
  PID:9332
- C:\Windows\System\HqrsuFy.exe
  C:\Windows\System\HqrsuFy.exe
  2⤵
  PID:9348
- C:\Windows\System\lPtuSek.exe
  C:\Windows\System\lPtuSek.exe
  2⤵
  PID:9364
- C:\Windows\System\HfhBzWP.exe
  C:\Windows\System\HfhBzWP.exe
  2⤵
  PID:9380
- C:\Windows\System\jbhikHU.exe
  C:\Windows\System\jbhikHU.exe
  2⤵
  PID:9396
- C:\Windows\System\aeIDEyY.exe
  C:\Windows\System\aeIDEyY.exe
  2⤵
  PID:9424
- C:\Windows\System\kaKZxKG.exe
  C:\Windows\System\kaKZxKG.exe
  2⤵
  PID:9440
- C:\Windows\System\GDrMKHk.exe
  C:\Windows\System\GDrMKHk.exe
  2⤵
  PID:9456
- C:\Windows\System\aFtwSQW.exe
  C:\Windows\System\aFtwSQW.exe
  2⤵
  PID:9472
- C:\Windows\System\qxtsoqO.exe
  C:\Windows\System\qxtsoqO.exe
  2⤵
  PID:9488
- C:\Windows\System\FTiQrxv.exe
  C:\Windows\System\FTiQrxv.exe
  2⤵
  PID:9504
- C:\Windows\System\FFZDhVK.exe
  C:\Windows\System\FFZDhVK.exe
  2⤵
  PID:9520
- C:\Windows\System\TvylLto.exe
  C:\Windows\System\TvylLto.exe
  2⤵
  PID:9536
- C:\Windows\System\hXKTSyI.exe
  C:\Windows\System\hXKTSyI.exe
  2⤵
  PID:9552
- C:\Windows\System\yqJDTUg.exe
  C:\Windows\System\yqJDTUg.exe
  2⤵
  PID:9568
- C:\Windows\System\SHBGEwA.exe
  C:\Windows\System\SHBGEwA.exe
  2⤵
  PID:9604
- C:\Windows\System\QwqqCKL.exe
  C:\Windows\System\QwqqCKL.exe
  2⤵
  PID:9628
- C:\Windows\System\QBXzkIq.exe
  C:\Windows\System\QBXzkIq.exe
  2⤵
  PID:9644
- C:\Windows\System\TuVnBBR.exe
  C:\Windows\System\TuVnBBR.exe
  2⤵
  PID:9664
- C:\Windows\System\uOUEYWK.exe
  C:\Windows\System\uOUEYWK.exe
  2⤵
  PID:9692
- C:\Windows\System\LkQZZNf.exe
  C:\Windows\System\LkQZZNf.exe
  2⤵
  PID:9712
- C:\Windows\System\HCowZrV.exe
  C:\Windows\System\HCowZrV.exe
  2⤵
  PID:9728
- C:\Windows\System\xjWPuhc.exe
  C:\Windows\System\xjWPuhc.exe
  2⤵
  PID:9752
- C:\Windows\System\kTLmwTX.exe
  C:\Windows\System\kTLmwTX.exe
  2⤵
  PID:9772
- C:\Windows\System\DqpRIHN.exe
  C:\Windows\System\DqpRIHN.exe
  2⤵
  PID:9852
- C:\Windows\System\PfGhSlm.exe
  C:\Windows\System\PfGhSlm.exe
  2⤵
  PID:9872
- C:\Windows\System\xejcAdM.exe
  C:\Windows\System\xejcAdM.exe
  2⤵
  PID:10208
- C:\Windows\System\YXwizRM.exe
  C:\Windows\System\YXwizRM.exe
  2⤵
  PID:10224
- C:\Windows\System\bXkEPHu.exe
  C:\Windows\System\bXkEPHu.exe
  2⤵
  PID:8476
- C:\Windows\System\KSpwJxA.exe
  C:\Windows\System\KSpwJxA.exe
  2⤵
  PID:8620
- C:\Windows\System\StQuvTM.exe
  C:\Windows\System\StQuvTM.exe
  2⤵
  PID:8752
- C:\Windows\System\CJAkDxF.exe
  C:\Windows\System\CJAkDxF.exe
  2⤵
  PID:8912
- C:\Windows\System\MTZJjhh.exe
  C:\Windows\System\MTZJjhh.exe
  2⤵
  PID:8700
- C:\Windows\System\nSrqVhq.exe
  C:\Windows\System\nSrqVhq.exe
  2⤵
  PID:8300
- C:\Windows\System\aXdlMTP.exe
  C:\Windows\System\aXdlMTP.exe
  2⤵
  PID:8560
- C:\Windows\System\wdlFiOH.exe
  C:\Windows\System\wdlFiOH.exe
  2⤵
  PID:8848
- C:\Windows\System\BgMJkyA.exe
  C:\Windows\System\BgMJkyA.exe
  2⤵
  PID:8988
- C:\Windows\System\LnBArZX.exe
  C:\Windows\System\LnBArZX.exe
  2⤵
  PID:8940
- C:\Windows\System\sMbLXlB.exe
  C:\Windows\System\sMbLXlB.exe
  2⤵
  PID:8976
- C:\Windows\System\ueqEgam.exe
  C:\Windows\System\ueqEgam.exe
  2⤵
  PID:9060
- C:\Windows\System\APqlqny.exe
  C:\Windows\System\APqlqny.exe
  2⤵
  PID:8544
- C:\Windows\System\SDVeLxn.exe
  C:\Windows\System\SDVeLxn.exe
  2⤵
  PID:7276
- C:\Windows\System\ROxUycx.exe
  C:\Windows\System\ROxUycx.exe
  2⤵
  PID:8412
- C:\Windows\System\fNKrqjB.exe
  C:\Windows\System\fNKrqjB.exe
  2⤵
  PID:8008
- C:\Windows\System\wCefCwW.exe
  C:\Windows\System\wCefCwW.exe
  2⤵
  PID:9040
- C:\Windows\System\YuvqMeB.exe
  C:\Windows\System\YuvqMeB.exe
  2⤵
  PID:9688
- C:\Windows\System\NWgVkKn.exe
  C:\Windows\System\NWgVkKn.exe
  2⤵
  PID:9720
- C:\Windows\System\YCgCAvH.exe
  C:\Windows\System\YCgCAvH.exe
  2⤵
  PID:9824
- C:\Windows\System\gHpOZVM.exe
  C:\Windows\System\gHpOZVM.exe
  2⤵
  PID:9880
- C:\Windows\System\CSSUEbL.exe
  C:\Windows\System\CSSUEbL.exe
  2⤵
  PID:9904
- C:\Windows\System\cQDaFiM.exe
  C:\Windows\System\cQDaFiM.exe
  2⤵
  PID:9760
- C:\Windows\System\dixMovD.exe
  C:\Windows\System\dixMovD.exe
  2⤵
  PID:9932
- C:\Windows\System\HDUyNxn.exe
  C:\Windows\System\HDUyNxn.exe
  2⤵
  PID:9976
- C:\Windows\System\tVmllTq.exe
  C:\Windows\System\tVmllTq.exe
  2⤵
  PID:9992
- C:\Windows\System\GWhvAnb.exe
  C:\Windows\System\GWhvAnb.exe
  2⤵
  PID:10008
- C:\Windows\System\nwOhVmO.exe
  C:\Windows\System\nwOhVmO.exe
  2⤵
  PID:10020
- C:\Windows\System\hYAZQsG.exe
  C:\Windows\System\hYAZQsG.exe
  2⤵
  PID:10040
- C:\Windows\System\aeSgaDg.exe
  C:\Windows\System\aeSgaDg.exe
  2⤵
  PID:10060
- C:\Windows\System\xtduGLa.exe
  C:\Windows\System\xtduGLa.exe
  2⤵
  PID:10088
- C:\Windows\System\TvGhxVw.exe
  C:\Windows\System\TvGhxVw.exe
  2⤵
  PID:10112
- C:\Windows\System\IpleMLW.exe
  C:\Windows\System\IpleMLW.exe
  2⤵
  PID:10128
- C:\Windows\System\GkFRHaq.exe
  C:\Windows\System\GkFRHaq.exe
  2⤵
  PID:10144
- C:\Windows\System\NSBiCgt.exe
  C:\Windows\System\NSBiCgt.exe
  2⤵
  PID:10172
- C:\Windows\System\tmYWjQj.exe
  C:\Windows\System\tmYWjQj.exe
  2⤵
  PID:10188
- C:\Windows\System\chIoHJw.exe
  C:\Windows\System\chIoHJw.exe
  2⤵
  PID:9864
- C:\Windows\System\MOmBPJo.exe
  C:\Windows\System\MOmBPJo.exe
  2⤵
  PID:8060
- C:\Windows\System\fkSNQSL.exe
  C:\Windows\System\fkSNQSL.exe
  2⤵
  PID:7896
- C:\Windows\System\YqSFCTl.exe
  C:\Windows\System\YqSFCTl.exe
  2⤵
  PID:7272
- C:\Windows\System\IoWAURV.exe
  C:\Windows\System\IoWAURV.exe
  2⤵
  PID:8220
- C:\Windows\System\UVoXJiz.exe
  C:\Windows\System\UVoXJiz.exe
  2⤵
  PID:8288
- C:\Windows\System\cBhaCKp.exe
  C:\Windows\System\cBhaCKp.exe
  2⤵
  PID:9264
- C:\Windows\System\eaEGWIy.exe
  C:\Windows\System\eaEGWIy.exe
  2⤵
  PID:9324
- C:\Windows\System\BoQLsqn.exe
  C:\Windows\System\BoQLsqn.exe
  2⤵
  PID:9388
- C:\Windows\System\hfeyXir.exe
  C:\Windows\System\hfeyXir.exe
  2⤵
  PID:9464
- C:\Windows\System\mPXLPic.exe
  C:\Windows\System\mPXLPic.exe
  2⤵
  PID:9312
- C:\Windows\System\LfbIzEv.exe
  C:\Windows\System\LfbIzEv.exe
  2⤵
  PID:9376
- C:\Windows\System\IYwFlBM.exe
  C:\Windows\System\IYwFlBM.exe
  2⤵
  PID:9480
- C:\Windows\System\oIAJPVh.exe
  C:\Windows\System\oIAJPVh.exe
  2⤵
  PID:9544
- C:\Windows\System\hdaDDTv.exe
  C:\Windows\System\hdaDDTv.exe
  2⤵
  PID:9496
- C:\Windows\System\WklxwyC.exe
  C:\Windows\System\WklxwyC.exe
  2⤵
  PID:9560
- C:\Windows\System\VIXKMnk.exe
  C:\Windows\System\VIXKMnk.exe
  2⤵
  PID:9588
- C:\Windows\System\chqTGtb.exe
  C:\Windows\System\chqTGtb.exe
  2⤵
  PID:9652
- C:\Windows\System\yglKijG.exe
  C:\Windows\System\yglKijG.exe
  2⤵
  PID:7580
- C:\Windows\System\trpEYCy.exe
  C:\Windows\System\trpEYCy.exe
  2⤵
  PID:9704
- C:\Windows\System\gfJhqOp.exe
  C:\Windows\System\gfJhqOp.exe
  2⤵
  PID:9820
- C:\Windows\System\TsIYCSa.exe
  C:\Windows\System\TsIYCSa.exe
  2⤵
  PID:9680
- C:\Windows\System\VFDZNBw.exe
  C:\Windows\System\VFDZNBw.exe
  2⤵
  PID:9800
- C:\Windows\System\woiAPvB.exe
  C:\Windows\System\woiAPvB.exe
  2⤵
  PID:9836
- C:\Windows\System\cczkHUQ.exe
  C:\Windows\System\cczkHUQ.exe
  2⤵
  PID:9916
- C:\Windows\System\FvIHaUG.exe
  C:\Windows\System\FvIHaUG.exe
  2⤵
  PID:9952
- C:\Windows\System\vEMmhpM.exe
  C:\Windows\System\vEMmhpM.exe
  2⤵
  PID:9896
- C:\Windows\System\KDBmlWm.exe
  C:\Windows\System\KDBmlWm.exe
  2⤵
  PID:9928
- C:\Windows\System\eYriugV.exe
  C:\Windows\System\eYriugV.exe
  2⤵
  PID:10028
- C:\Windows\System\gvvDwtd.exe
  C:\Windows\System\gvvDwtd.exe
  2⤵
  PID:10072
- C:\Windows\System\CZqjOuG.exe
  C:\Windows\System\CZqjOuG.exe
  2⤵
  PID:10120
- C:\Windows\System\uttyVBE.exe
  C:\Windows\System\uttyVBE.exe
  2⤵
  PID:10152
- C:\Windows\System\pgRAVUH.exe
  C:\Windows\System\pgRAVUH.exe
  2⤵
  PID:10204
- C:\Windows\System\jNxaSpk.exe
  C:\Windows\System\jNxaSpk.exe
  2⤵
  PID:10220
- C:\Windows\System\vSSsOWE.exe
  C:\Windows\System\vSSsOWE.exe
  2⤵
  PID:10052
- C:\Windows\System\rGQbnss.exe
  C:\Windows\System\rGQbnss.exe
  2⤵
  PID:10108
- C:\Windows\System\fLRPybD.exe
  C:\Windows\System\fLRPybD.exe
  2⤵
  PID:9092
- C:\Windows\System\zpqRrdg.exe
  C:\Windows\System\zpqRrdg.exe
  2⤵
  PID:9136
- C:\Windows\System\SQZHXWp.exe
  C:\Windows\System\SQZHXWp.exe
  2⤵
  PID:10236
- C:\Windows\System\QlNAgoo.exe
  C:\Windows\System\QlNAgoo.exe
  2⤵
  PID:9168
- C:\Windows\System\ZlGqjxj.exe
  C:\Windows\System\ZlGqjxj.exe
  2⤵
  PID:8832
- C:\Windows\System\ezWBXRN.exe
  C:\Windows\System\ezWBXRN.exe
  2⤵
  PID:9224
- C:\Windows\System\bFoYAxV.exe
  C:\Windows\System\bFoYAxV.exe
  2⤵
  PID:9260
- C:\Windows\System\UxUklwz.exe
  C:\Windows\System\UxUklwz.exe
  2⤵
  PID:9280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BjnvBoV.exe

Filesize
6.0MB

MD5
206209e5ad5d222fbf4f85cf4b5911cc

SHA1
1187ff91fbccae7eca4ff0cef708ff7199023de3

SHA256
bafbdd7aec4c1de4fcba47c549621ec127186d076a142c3476b17de82771a70c

SHA512
12585b11297b97e66b43adffe40bf1a287dcf21cd82c2b67d8f861db53d585a98944dd65449bd0469a0b76543f2c288944ea10081aa68dbdd658b999621d7451

Download Submit
C:\Windows\system\CebtGJT.exe

Filesize
6.0MB

MD5
cc4b7e4df014e6082c2b89b7b0110b8b

SHA1
f0d77b0d063ee63eaf7530d5eb1d923084975a5d

SHA256
75b4da6bb96f481d97440a3b641b6e7f316e1f86d9942a517a4fca0c5e350771

SHA512
5b8cae14fd3bc27f30115dc72ee4560a500e443998bd77b6368ec5126e8cd832079338d6c020c938c7a1319b7693152e9cd529ee60919cb3766b627cb56444f6

Download Submit
C:\Windows\system\GXSASzw.exe

Filesize
6.0MB

MD5
702bed70f2797d01cfeba1e9eb936eaa

SHA1
10cca419a24121ecd51ab8bf514f2dc21d270147

SHA256
15d2e1e6303698ad19ff68db94a2d8b251181f4d3ceeec1907e1c06da4346adb

SHA512
136723cc5fe131549e401fb06347c4640836f0e0b48d3767474c8a7b4a1267aac494625d7cfbd4a85f2fb9f349257fcfe43e10c7eadd6484e2cbf12146691472

Download Submit
C:\Windows\system\GeLrRbd.exe

Filesize
6.0MB

MD5
d4291bd4774a3e23e1c9762405560715

SHA1
a072a576c5999650ab4aab78279a606d24f12b88

SHA256
96bca0ace9c78111bd467d052176814a7dd1fe100528e5a4e6fccdee0cb08956

SHA512
c28db002254b0bea794155825437306d4ed5941a58247aa94b69e76f1d56ce7e443b7a99eaf4a1e09d8b04f647263b5c0b8df9fa3d312e25aa0a364496c3555f

Download Submit
C:\Windows\system\IucOmra.exe

Filesize
6.0MB

MD5
71fb9e9a0c86fdd27e278d8dfab1d630

SHA1
01c7150dde1ca3dd5e87d28d93af9fcde4ae2dbc

SHA256
0b16dc05356dcd97f7492c4b6deca8bac847c0473b5f16aa9a041462e1a7478a

SHA512
bb79c87b4854d6ea68ff955219d60fb3d5a981e54eff996662725e9aa6c26b1f08f8ee88cd423be81fdde979f39b55eda10f507655b2dbde25dde480fbad700b

Download Submit
C:\Windows\system\JVMrWXt.exe

Filesize
6.0MB

MD5
ea31bc85967f23077b7c1030a5de43bd

SHA1
27a3960f10740c92967887b6360dd305e5deb70d

SHA256
0c1be86d25907109aa4610ed55e9f3b2efc314d17eb317e7fbf68d54b1c18e12

SHA512
e3c2aff9c55248b7cf8aa95406b3fb2462fe53f2c59fe01596d0c3dd16c05e150f245fb3840e3ff89ec636b488ded6f9e89104d19f35943e63f933cfdc141e75

Download Submit
C:\Windows\system\JnAbOFk.exe

Filesize
6.0MB

MD5
b75b3da8b6a4766ea46c4e6d26a5bb67

SHA1
4cebc497a0c308e065ab2c54415c09b2c72f7b6b

SHA256
985427f6e99ec6532d8d2bbd24d1e8a0b11cc93378450f6ee507c5fee47ef932

SHA512
47ffb83a1f483e18cc471f0d12cd9538c0a530972ace08eb71bc0c65c346bfbf648e65537048394c297a58d3cdb9fbb0ebc33b152c59a8ffcbea58023b46a102

Download Submit
C:\Windows\system\KREXVcL.exe

Filesize
6.0MB

MD5
929eab709b6aecf64b0e9670a1569ecc

SHA1
6e127b6f350490af609ef5430ccec3f15cfa2646

SHA256
29799d0580530ed09fbee49b621f4d80a234004fd5c705f762153c11b1a740f2

SHA512
21e129d0f75082e09527e4dcf65f24ca8c7441b352916e173f22f467bcbd60e329cf5b4cc67428a4bca803fc5e941b94e31d532373d9903ddbaaea70786babb0

Download Submit
C:\Windows\system\MyFjCTg.exe

Filesize
6.0MB

MD5
bd22fe6da33f67ce775f5dbe2a5578c4

SHA1
a5e09f57fe22db5fa8659a6b66d520736aa4daa6

SHA256
94fd54b710eafee47a31b259cf43b96fc718e5823c415434672401fc2cb335a9

SHA512
0b03ee1bec1ad870fe5cb0db74522d5c567e5e834b6b5f6856287a2db84f5ca7c4e208089b51afd517548966abf81508faeb5369ab0bf14cdfe2d61f3df9c39c

Download Submit
C:\Windows\system\QoVqjCC.exe

Filesize
6.0MB

MD5
8e38c82ff40123744680d8df6e31bd3b

SHA1
f50e9416546ac013f8ec043174f574041161a7cb

SHA256
01b480ddc09b960aa4178b12f7789a346e56dd33394b2d6a05cd3da09c747bf5

SHA512
342bed73ba9b1a20be9f2b68d3ce116d4d87bd4f75a27d5603cdb2f8e9b997e35070ad0478fe0758eebe25c2731fa61af26c4879725eabc9a4ebde9b60e1e686

Download Submit
C:\Windows\system\RsCLqfT.exe

Filesize
6.0MB

MD5
8ee83273fb1fbd530eb6d9c05dd917dc

SHA1
122ea1b6943db7a1c37b3cb4e0523625b507a3db

SHA256
72e6a484087050e816b4a427be23e4a0802624de52eda7da1cf61f4bd5a13d4d

SHA512
d77c69fc35e1a692ddfb1966551839f62e8e3046a8dbb3bb9f2b02ac22bca6dcb9e1cc83fe3674c462a47d8cd76985ef86e397d5ba1459e58e2e5d5ca24b7110

Download Submit
C:\Windows\system\VYHYTbD.exe

Filesize
6.0MB

MD5
d2b26cadae9faa1b60fdd8631d2a239d

SHA1
e87d58c13cf74ff9ed852edda40d9e5cadc7ecb8

SHA256
98a3c6e1be9b92c57b6fdbd4771a2aa82695677984e94fd3998866e696a5f2cf

SHA512
92843dffec2e9937f8076f619e234c3a074fd712cd041e2fb614d706a38ba5cf132a34827868df80531e87f5c712b67c493abf708cc430ed997441ab8f4bb425

Download Submit
C:\Windows\system\YbrMxPS.exe

Filesize
6.0MB

MD5
d0b7a58c3bc5ab716066d93324db5d8c

SHA1
db82293545c0365bfd01d59a6d26067b259cfd01

SHA256
bcff3061bb94c629e732ced4ea1a0cca0cc03b80b5a06cfd69a5cc1628cb9f8a

SHA512
2111f6ff064fc41a3b2b2de92fd936c7470cdf2db7f179e5479c2039e89e31bb989f4b73a3849cbca8d53670449ae166781397a0d7eaa2227d0c5411887d5701

Download Submit
C:\Windows\system\ZWTAYuI.exe

Filesize
6.0MB

MD5
755d776aaf9c429b6207935a75357e0c

SHA1
8bdc69d331de16b298c0b674e654a6a6dbdb5d83

SHA256
09f13306ceaf5b8f4a181779e0c8c8148815b385eb9caf3e989581aad6ab363b

SHA512
c4add5ed1decd57d108105c160137cb63a22fd681e4082c1ed4e1916f0997ccb0bb600c179be146079d0250b9a2e835c72c94139d5bc90d68d3ae95090d97ea2

Download Submit
C:\Windows\system\lSJgPBf.exe

Filesize
6.0MB

MD5
1a591f78e5365fd9b2772da778551814

SHA1
264c058f828af6c33c940336ae1b3838a43395b5

SHA256
233596ef48077a3859244221088afdbed4d5ae31299e666d0329b59980cb84ef

SHA512
6f4fd8db5133a607bf138224db05cdd7763d4754ebfe0ff0d51912dbb5a0b87def1866e93fbd73aca876322553630cab01809319044da13502f4b0dbd94f5e88

Download Submit
C:\Windows\system\lzlQblo.exe

Filesize
6.0MB

MD5
02cf488bb80f23df0bfc15f5b766c0c5

SHA1
b9e3b2207212853644e3072e10814ff7466c684d

SHA256
2bbea0a6db09026967b68a3d1274ea3a9eac18ebec07944056aac09bf0d13966

SHA512
c0c4730a77b73b3ec536671f06a7f1e6c076f40f6d8747459044b43ffe32eaa219903921065cee8d61de394ef565cf1017a95a9e865d731fe54c176c51c7225c

Download Submit
C:\Windows\system\mFiPhOV.exe

Filesize
6.0MB

MD5
db98702866b8122d9c1e81a8c2b4e637

SHA1
bf42e291640a1db3faf75604e24b5d3143875c8e

SHA256
93872bc996774a145419d17a7a9a85a7354970ecc4291cdc353de55fa2a9d4e6

SHA512
93f040565a7267370644d0a5a15698f95858f056fa9a341ebbed90305eaf1e149fff089a571c2068332f2388f9983ae8e73911cd02f35942246c845fcee1ffa3

Download Submit
C:\Windows\system\mXcNfnt.exe

Filesize
6.0MB

MD5
8f517b5dbeef17d21496f6a105e52b0e

SHA1
d45068adff541ce4accb4afe45ea1c4c8013d292

SHA256
7382105044eb543b009d43702ee3b3dab60f33b16ede1ae47ffa6d7c7f767be7

SHA512
570a19000423268a9bb7c469851f0ae1e7edb766100d1a562d8e42fa46a23b2dfc60d07785d5f5054a29b2cef34c0d2ca39a0cfe02e5c3f95cfdae9f4e6f14d1

Download Submit
C:\Windows\system\qIaiUoe.exe

Filesize
6.0MB

MD5
74419abf5c99f71ddc1ed98870aad2aa

SHA1
c27d52779166d07bae2cac700c6397d74e8b15db

SHA256
06c9d05c9a90a3bea216c172c9ea90790bb784db3c5a5bbaefcf7c33ac29b4cc

SHA512
e2a998c6cc2ac56d104073c000f6f9f2f4a42ef8d5db52c56af3df6212af09e8951c0d46ad323ab2c6c7fb2044e50ea96241cc987381f82f18681eac0c9609a8

Download Submit
C:\Windows\system\qccsPfa.exe

Filesize
6.0MB

MD5
a852a9b23b88853e318b3ea77396cf6a

SHA1
55910fa158bd6f75214c97b4460aa20b4c78d156

SHA256
52bc7ccf497e0772b7a967b8168ea816261a4573362383c3f3049c8f5efb0d3f

SHA512
017a825b73ed1c0e1d0131cf6a116d0c83087311a75b3e170ccbc94e0765d1ead0dfdccaac60dcd5b289fc22a15ec171e5b2eb78ed75ff5e838374d58cc4b96e

Download Submit
C:\Windows\system\tsjQXiJ.exe

Filesize
6.0MB

MD5
47e0df79678c7294ef4e918d699a370f

SHA1
9db3384f2ebe5701a3f1b0004ec93a7d3bfd8126

SHA256
86f3d0b693f276dbabc1d0141823a10a906fd102426f9654496f3d3503844083

SHA512
02bce13ea2dda3e88341ae1b98b950230d7d5cb157489d4403fc2b64477f7a54cb7b4c7275026fa35f524c87cbd04f15a4a6e568ca6443a22e5cb0056cbfd2d8

Download Submit
C:\Windows\system\xLuVDEK.exe

Filesize
6.0MB

MD5
b54a7ff7ccb95c294ba8f47ec4db0985

SHA1
52656166c7d3deb640e938b736ffd684c712f27b

SHA256
d63de6dc4d9aeb74d68e76eb65afb5272399d635d1ec147623dec0194bd473a7

SHA512
8d8b29b10a5f90dc917cb06b996b09e7ddbbe874cc458226c9259c9231821d399ffc417e15aa07c1b308d983c46a342ddd76463424ee7abe840e3bf49cd1581c

Download Submit
C:\Windows\system\xabXeur.exe

Filesize
6.0MB

MD5
8fbf1ffc55dc367b9f5e44d502c6c352

SHA1
95f4cc65253cadb80883368e0e0e289c57381735

SHA256
d58f68d6ee234704a3d433b79fb69eb41c76e236df345b0a5c488c9d0634baa7

SHA512
ea5159c891fffece2628e73c06afdea99d96919cab79f6a9c0fbe8bb11c216958afae5dff0dd6785ff1200047e8ec427600fa5f6ffc49d1e701f7fbc789bb74a

Download Submit
C:\Windows\system\zGNbvRq.exe

Filesize
6.0MB

MD5
cab59ac9cd22fa15e7ab747d85913c81

SHA1
5e73dcf38eb8b375511778443985050c86b5ed8e

SHA256
098bb198a52bb1aeb80f94ffc389af1659c88216f90794bb236280294689aa4b

SHA512
fd3e63df16f371451182e19db57cd39e5d15bff38e66ce7c52fb48bb9a7f49f48ca2d0055df4340bc8acc9b1112cb85e8d5a2769b1db10757bf876710aa5515d

Download Submit
C:\Windows\system\zoAKssG.exe

Filesize
6.0MB

MD5
52a4bb6b5626adb8c65b6fe2a1feb8c7

SHA1
4b36ebf180ef20bb2f06153dc769a322139f7f30

SHA256
acdaf905f442d687a02e5326f6cb194de3fca022db44a19effbf7be89d78374b

SHA512
1e22838c04d007763f981f71709c163bf22f4fe3057b20bc3086b373c28c79058f5b66f3423c7923057acb31260ae92d5a5209d35f5fbefce2496110ea90c3a8

Download Submit
\Windows\system\GgmXYiZ.exe

Filesize
6.0MB

MD5
33f77156ea399ef5278f294e5dd930dd

SHA1
d67743af90c0e1c15066acca9d4434e1022194b9

SHA256
92754c14a02b9609bac6b7354a0da9c5b2ea81da0fcce22d5109456d08d2ed68

SHA512
2e45e7db462542ab498e606776f0e23f100387c4b56c36f5c1ae892b3b395a818b9fb79bda30695212a0dcd869f772cb61e3d0f797dd49c9542cd06961a0b4a2

Download Submit
\Windows\system\HRoEfuU.exe

Filesize
6.0MB

MD5
f749b32254e67d1b1975c025d92cd058

SHA1
8f82f29bdf55397eb928185f8221d45778d1346e

SHA256
735d4da10897805500972e8f98421e35e70c193212ad4218609893a59fb74664

SHA512
f99bd7675d6bb7cbfc43dd9f1777b4fe6170544f9cb6a155192fe1d016bd40131bbd33895a0176b6ee3b3b98aeee60ae380c30c7079588fcf84c2c9b561ce595

Download Submit
\Windows\system\IiEcZbb.exe

Filesize
6.0MB

MD5
cb83026bcd44f8f33da34c71328bdb43

SHA1
348fe8f667d9c88aedfa39235baed87042c9425c

SHA256
64e5422fed9eb362fbd184b942cdd1915c581af0723ddd0bb326225ba44b874b

SHA512
39bbbbffc972a3982ab803a225aef189947d531be3c69d7b5f09cfab9dcdc61d82bcf5ed02c3a5d8a12c3fe7c9c8f501f3c621e03f368ecbfdce84c7a943a427

Download Submit
\Windows\system\JyItiOt.exe

Filesize
6.0MB

MD5
75a3587caf47e49a4b575af0e3d37750

SHA1
e7e5742e944fc580ffccd601dd19e08455d2c1c5

SHA256
47d4073c81f297fa704509955537838b2e2a73baaf91c7f47af0a8c8326f740f

SHA512
14cd608021c7de6b25c414f427d0133e2fe9b0379c8e40e497df34d9001d92f52d1bd2f01c3abdb03e631a01f549a2f228f0b1d4114ce50298b726400c7d5bd6

Download Submit
\Windows\system\aBtSVhb.exe

Filesize
6.0MB

MD5
ad7cc1bc245f644476bbd10cc0d0a853

SHA1
0ad27f12d2be30c42f92b957a56e2ec5247a7705

SHA256
bd20b25cf3ae645eaa5790ef0b0167208a36ce453329d9b0a34e32dc599107c2

SHA512
4de0587deac25ed81650d051607257008488e9c7bf6d7c42d376847f6d648381ce646387f3c3bdc1e98b77bbf3a92cd532d8e40537c915e17ba03995e8d0320a

Download Submit
\Windows\system\gzktpnC.exe

Filesize
6.0MB

MD5
b95af65f3517d7347fa67ad366092e7f

SHA1
eb33214df00bda34034a517ad58692dae081127f

SHA256
4efd2efca2645de692c62e7ada2bb014f94b6b73cdf5a72e0f98e16d60a59541

SHA512
9e15b01eaadfab762b32fa28b7f525e23d9b1afc8e6828353ea8213052a7e683e8ce7b2a92c1dbff9f92257bd99c6fb39b3a6a90eb7542a6381c1809f9bb858e

Download Submit
\Windows\system\kgQrTKk.exe

Filesize
6.0MB

MD5
d49d8a239881355f399a94a7e61f6a0e

SHA1
3ccc3b894d9e742559703759fe5978ea0cf57356

SHA256
c069ad28baf1d1c41caca0bc509de07dae12ad6aabb40993c0f09887fa488612

SHA512
970f42e8c83a0efe9bebb08f302e7acebec987317998172ecd12ab88c575c83e20c53f66827980068a21bf9012f8b6bc49038dc7368b50cb37fb79fbf43be74e

Download Submit
memory/376-81-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/376-4035-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1728-86-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/1728-4037-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2044-92-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2044-4034-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-3486-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2084-56-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2084-27-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2260-37-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2260-3478-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2260-15-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2300-68-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2300-105-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2300-3707-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-49-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-17-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-237-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-732-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2320-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2320-11-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2320-83-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2320-60-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-8-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-70-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-23-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2320-614-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-66-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2320-79-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-107-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2320-34-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2320-0-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2320-30-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-103-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2320-97-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-96-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-91-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-3479-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-14-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-106-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-69-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-104-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2536-3709-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2536-67-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2636-71-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-35-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-4036-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-100-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-3708-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2668-48-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3699-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2748-44-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2768-51-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-3710-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-95-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download