cobaltstrike | c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 21:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
Size

6.0MB
MD5

eedfbc82aadfa1b3d139251405826eb0
SHA1

c62b3790f872d614346a9440197215eef36a3188
SHA256

c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c
SHA512

258f8ca38a3aacfc15ca23935b3054bd2f2a61e285b00739df62f03d72931ab61027e8645b18ef5d317f12099cddec9ce89b1758a69916ef7d0d9727732065a3
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUf:eOl56utgpPF8u/7f

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001202c-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c53-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ca5-14.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cfd-18.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d17-25.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d1f-30.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d27-34.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019481-56.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e4-78.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f7-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019605-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019603-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ff-142.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fd-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fe-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019601-147.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f9-121.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fb-125.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016846-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c0-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019581-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001955c-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019551-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e6-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-75.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d0-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c6-65.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001949d-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019490-49.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001946b-37.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d0e-22.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2448-0-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/files/0x000a00000001202c-3.dat	xmrig
behavioral1/files/0x0008000000016c53-10.dat	xmrig
behavioral1/files/0x0008000000016ca5-14.dat	xmrig
behavioral1/files/0x0007000000016cfd-18.dat	xmrig
behavioral1/files/0x0007000000016d17-25.dat	xmrig
behavioral1/files/0x0009000000016d1f-30.dat	xmrig
behavioral1/files/0x0009000000016d27-34.dat	xmrig
behavioral1/files/0x0005000000019481-56.dat	xmrig
behavioral1/files/0x00050000000194e4-78.dat	xmrig
behavioral1/files/0x00050000000195f7-111.dat	xmrig
behavioral1/files/0x0005000000019615-161.dat	xmrig
behavioral1/memory/2732-1085-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2448-1586-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2448-1585-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2792-1852-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2448-1941-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2680-1997-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2640-2029-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2448-2032-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2448-2472-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2448-2546-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2760-1939-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2872-1801-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2800-1368-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2448-1106-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/1624-482-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2064-480-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2440-478-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/1732-476-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2228-474-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2388-457-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/files/0x0005000000019605-156.dat	xmrig
behavioral1/files/0x0005000000019603-151.dat	xmrig
behavioral1/files/0x00050000000195ff-142.dat	xmrig
behavioral1/files/0x00050000000195fd-140.dat	xmrig
behavioral1/files/0x00050000000195fe-136.dat	xmrig
behavioral1/memory/2424-131-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/files/0x0005000000019601-147.dat	xmrig
behavioral1/files/0x00050000000195f9-121.dat	xmrig
behavioral1/files/0x00050000000195fb-125.dat	xmrig
behavioral1/files/0x0009000000016846-115.dat	xmrig
behavioral1/files/0x00050000000195c0-105.dat	xmrig
behavioral1/files/0x0005000000019581-100.dat	xmrig
behavioral1/files/0x000500000001955c-95.dat	xmrig
behavioral1/files/0x0005000000019551-90.dat	xmrig
behavioral1/files/0x00050000000194e6-85.dat	xmrig
behavioral1/files/0x00050000000194da-75.dat	xmrig
behavioral1/files/0x00050000000194d0-70.dat	xmrig
behavioral1/files/0x00050000000194c6-65.dat	xmrig
behavioral1/files/0x000500000001949d-60.dat	xmrig
behavioral1/files/0x0005000000019490-49.dat	xmrig
behavioral1/files/0x000600000001946b-37.dat	xmrig
behavioral1/files/0x0007000000016d0e-22.dat	xmrig
behavioral1/memory/2800-3537-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2424-3541-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/1624-3540-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2440-3539-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2872-3542-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2680-3543-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2640-3548-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/1732-3560-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2760-3558-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2228-3557-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2424	UnpjitL.exe
2388	DqiYdrs.exe
2228	MZoKoQF.exe
1732	bVkIELh.exe
2440	RVxoJyy.exe
2064	qSMWcJn.exe
1624	qUVFWeP.exe
2732	HUllRuM.exe
2800	MCrsfdN.exe
2872	JyQoIWD.exe
2792	CvDONar.exe
2760	UtPthIC.exe
2680	Dopensn.exe
2640	aWyAbqM.exe
2588	kYqiShd.exe
2668	tRUkhHv.exe
3052	eljsOAc.exe
2636	CXEyBLf.exe
1192	zdPtLsd.exe
1648	pCIJWUh.exe
1016	bDzhrlF.exe
1564	yhCvSIx.exe
1544	ncyxRqW.exe
1088	GpgNUCX.exe
2688	McJmogG.exe
2204	zuVckCc.exe
1584	SwFTrzf.exe
2132	SJfCKmp.exe
2092	efwgazy.exe
320	yvtqodn.exe
1412	qxYZSWO.exe
2988	GaGhSmA.exe
448	XJNNPvg.exe
648	BzVKtuh.exe
768	SvoytOR.exe
1764	sPHRMzE.exe
1308	ywXPmqF.exe
948	nMYXHwy.exe
696	wVAWyUF.exe
356	wBCNbKx.exe
1280	aQdomeM.exe
564	TbpIFOm.exe
2568	GvwuOFB.exe
744	nHaschu.exe
548	PhUVKMK.exe
2480	MHOkLrM.exe
1028	HGIoPFD.exe
1872	qTsXSVJ.exe
1572	VXeiady.exe
3032	DWYFkgC.exe
2164	GiJHJxp.exe
2016	dYbPewC.exe
2120	hIoQSex.exe
2520	SaittcF.exe
2168	yhmKKHH.exe
3044	CULbWPP.exe
1540	KYGlXuH.exe
1880	KRhxfbW.exe
2368	EFzVGBv.exe
2512	YZMssLu.exe
2700	hWJJAkU.exe
2992	VPanela.exe
2452	fCJXGsp.exe
2980	hTDsLzo.exe

Loads dropped DLL 64 IoCs

pid	Process
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2448-0-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/files/0x000a00000001202c-3.dat	upx
behavioral1/files/0x0008000000016c53-10.dat	upx
behavioral1/files/0x0008000000016ca5-14.dat	upx
behavioral1/files/0x0007000000016cfd-18.dat	upx
behavioral1/files/0x0007000000016d17-25.dat	upx
behavioral1/files/0x0009000000016d1f-30.dat	upx
behavioral1/files/0x0009000000016d27-34.dat	upx
behavioral1/files/0x0005000000019481-56.dat	upx
behavioral1/files/0x00050000000194e4-78.dat	upx
behavioral1/files/0x00050000000195f7-111.dat	upx
behavioral1/files/0x0005000000019615-161.dat	upx
behavioral1/memory/2732-1085-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2792-1852-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2680-1997-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2640-2029-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2448-2472-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2760-1939-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2872-1801-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2800-1368-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/1624-482-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2064-480-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2440-478-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/1732-476-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2228-474-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2388-457-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/files/0x0005000000019605-156.dat	upx
behavioral1/files/0x0005000000019603-151.dat	upx
behavioral1/files/0x00050000000195ff-142.dat	upx
behavioral1/files/0x00050000000195fd-140.dat	upx
behavioral1/files/0x00050000000195fe-136.dat	upx
behavioral1/memory/2424-131-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/files/0x0005000000019601-147.dat	upx
behavioral1/files/0x00050000000195f9-121.dat	upx
behavioral1/files/0x00050000000195fb-125.dat	upx
behavioral1/files/0x0009000000016846-115.dat	upx
behavioral1/files/0x00050000000195c0-105.dat	upx
behavioral1/files/0x0005000000019581-100.dat	upx
behavioral1/files/0x000500000001955c-95.dat	upx
behavioral1/files/0x0005000000019551-90.dat	upx
behavioral1/files/0x00050000000194e6-85.dat	upx
behavioral1/files/0x00050000000194da-75.dat	upx
behavioral1/files/0x00050000000194d0-70.dat	upx
behavioral1/files/0x00050000000194c6-65.dat	upx
behavioral1/files/0x000500000001949d-60.dat	upx
behavioral1/files/0x0005000000019490-49.dat	upx
behavioral1/files/0x000600000001946b-37.dat	upx
behavioral1/files/0x0007000000016d0e-22.dat	upx
behavioral1/memory/2800-3537-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2424-3541-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/1624-3540-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2440-3539-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2872-3542-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2680-3543-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2640-3548-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/1732-3560-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2760-3558-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2228-3557-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2792-3556-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2732-3546-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2064-3545-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2388-3544-0x000000013F800000-0x000000013FB54000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\noHaNyM.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\tEksaAP.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\MlXOHne.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\QojZmlT.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\SnYLayV.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\lrWvvId.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\EKXQjWt.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\EphUeSO.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\etlaeFt.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\ZUcIlfm.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\TaYlALA.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\lMlxsha.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\zgmcNfT.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\OTGSByU.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\VcCiIGo.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\APfRPYV.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\PYIcblR.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\ZjUCzMM.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\colhtYx.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\iiUuTSE.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\wHSXavZ.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\hWJJAkU.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\WTBdKVd.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\JfKkWWP.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\RvWUsbB.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\LDnVtvE.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\dPzEIIN.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\IPUsCXh.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\CzyFznq.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\JljFxeA.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\fchnAen.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\VyGhcRh.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\pElXspk.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\UtkZVgb.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\CmTClRD.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\dDNZizx.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\ZIKDGRP.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\gbHgatF.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\xRdBTgO.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\MGVkGJq.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\eMOdPdW.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\IHhDPtt.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\VvVtnuA.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\TkklPhz.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\HUTfEid.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\bkPkJqI.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\rgnVruB.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\CjIpssK.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\JQlRyhv.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\VCimMUH.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\JfKmCPF.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\orHxRut.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\wVkNwaw.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\WizApbl.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\mdxQgAh.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\Ekzurrk.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\fhSTWhc.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\oVyHvfs.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\kSJpFAa.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\dLwNjEh.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\AAUNmRO.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\stIryhX.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\FEpIqlI.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
File created	C:\Windows\System\ZdZfvTJ.exe	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2448 wrote to memory of 2424	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	31
PID 2448 wrote to memory of 2424	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	31
PID 2448 wrote to memory of 2424	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	31
PID 2448 wrote to memory of 2388	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	32
PID 2448 wrote to memory of 2388	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	32
PID 2448 wrote to memory of 2388	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	32
PID 2448 wrote to memory of 2228	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	33
PID 2448 wrote to memory of 2228	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	33
PID 2448 wrote to memory of 2228	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	33
PID 2448 wrote to memory of 1732	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	34
PID 2448 wrote to memory of 1732	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	34
PID 2448 wrote to memory of 1732	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	34
PID 2448 wrote to memory of 2440	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	35
PID 2448 wrote to memory of 2440	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	35
PID 2448 wrote to memory of 2440	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	35
PID 2448 wrote to memory of 2064	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	36
PID 2448 wrote to memory of 2064	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	36
PID 2448 wrote to memory of 2064	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	36
PID 2448 wrote to memory of 1624	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	37
PID 2448 wrote to memory of 1624	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	37
PID 2448 wrote to memory of 1624	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	37
PID 2448 wrote to memory of 2732	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	38
PID 2448 wrote to memory of 2732	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	38
PID 2448 wrote to memory of 2732	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	38
PID 2448 wrote to memory of 2800	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	39
PID 2448 wrote to memory of 2800	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	39
PID 2448 wrote to memory of 2800	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	39
PID 2448 wrote to memory of 2792	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	40
PID 2448 wrote to memory of 2792	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	40
PID 2448 wrote to memory of 2792	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	40
PID 2448 wrote to memory of 2872	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	41
PID 2448 wrote to memory of 2872	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	41
PID 2448 wrote to memory of 2872	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	41
PID 2448 wrote to memory of 2760	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	42
PID 2448 wrote to memory of 2760	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	42
PID 2448 wrote to memory of 2760	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	42
PID 2448 wrote to memory of 2680	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	43
PID 2448 wrote to memory of 2680	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	43
PID 2448 wrote to memory of 2680	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	43
PID 2448 wrote to memory of 2640	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	44
PID 2448 wrote to memory of 2640	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	44
PID 2448 wrote to memory of 2640	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	44
PID 2448 wrote to memory of 2588	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	45
PID 2448 wrote to memory of 2588	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	45
PID 2448 wrote to memory of 2588	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	45
PID 2448 wrote to memory of 2668	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	46
PID 2448 wrote to memory of 2668	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	46
PID 2448 wrote to memory of 2668	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	46
PID 2448 wrote to memory of 3052	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	47
PID 2448 wrote to memory of 3052	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	47
PID 2448 wrote to memory of 3052	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	47
PID 2448 wrote to memory of 2636	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	48
PID 2448 wrote to memory of 2636	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	48
PID 2448 wrote to memory of 2636	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	48
PID 2448 wrote to memory of 1192	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	49
PID 2448 wrote to memory of 1192	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	49
PID 2448 wrote to memory of 1192	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	49
PID 2448 wrote to memory of 1648	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	50
PID 2448 wrote to memory of 1648	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	50
PID 2448 wrote to memory of 1648	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	50
PID 2448 wrote to memory of 1016	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	51
PID 2448 wrote to memory of 1016	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	51
PID 2448 wrote to memory of 1016	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	51
PID 2448 wrote to memory of 1564	2448	JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c710817731389f7dbaaca83afbbe818cf56edd8937def66186f3ace6a932848c.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2448
- C:\Windows\System\UnpjitL.exe
  C:\Windows\System\UnpjitL.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\DqiYdrs.exe
  C:\Windows\System\DqiYdrs.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\MZoKoQF.exe
  C:\Windows\System\MZoKoQF.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\bVkIELh.exe
  C:\Windows\System\bVkIELh.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\RVxoJyy.exe
  C:\Windows\System\RVxoJyy.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\qSMWcJn.exe
  C:\Windows\System\qSMWcJn.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\qUVFWeP.exe
  C:\Windows\System\qUVFWeP.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\HUllRuM.exe
  C:\Windows\System\HUllRuM.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\MCrsfdN.exe
  C:\Windows\System\MCrsfdN.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\CvDONar.exe
  C:\Windows\System\CvDONar.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\JyQoIWD.exe
  C:\Windows\System\JyQoIWD.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\UtPthIC.exe
  C:\Windows\System\UtPthIC.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\Dopensn.exe
  C:\Windows\System\Dopensn.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\aWyAbqM.exe
  C:\Windows\System\aWyAbqM.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\kYqiShd.exe
  C:\Windows\System\kYqiShd.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\tRUkhHv.exe
  C:\Windows\System\tRUkhHv.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\eljsOAc.exe
  C:\Windows\System\eljsOAc.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\CXEyBLf.exe
  C:\Windows\System\CXEyBLf.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\zdPtLsd.exe
  C:\Windows\System\zdPtLsd.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\pCIJWUh.exe
  C:\Windows\System\pCIJWUh.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\bDzhrlF.exe
  C:\Windows\System\bDzhrlF.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\yhCvSIx.exe
  C:\Windows\System\yhCvSIx.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\ncyxRqW.exe
  C:\Windows\System\ncyxRqW.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\GpgNUCX.exe
  C:\Windows\System\GpgNUCX.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\McJmogG.exe
  C:\Windows\System\McJmogG.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\SwFTrzf.exe
  C:\Windows\System\SwFTrzf.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\zuVckCc.exe
  C:\Windows\System\zuVckCc.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\SJfCKmp.exe
  C:\Windows\System\SJfCKmp.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\efwgazy.exe
  C:\Windows\System\efwgazy.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\yvtqodn.exe
  C:\Windows\System\yvtqodn.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\qxYZSWO.exe
  C:\Windows\System\qxYZSWO.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\GaGhSmA.exe
  C:\Windows\System\GaGhSmA.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\XJNNPvg.exe
  C:\Windows\System\XJNNPvg.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\BzVKtuh.exe
  C:\Windows\System\BzVKtuh.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\SvoytOR.exe
  C:\Windows\System\SvoytOR.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\sPHRMzE.exe
  C:\Windows\System\sPHRMzE.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\ywXPmqF.exe
  C:\Windows\System\ywXPmqF.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\nMYXHwy.exe
  C:\Windows\System\nMYXHwy.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\wVAWyUF.exe
  C:\Windows\System\wVAWyUF.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\wBCNbKx.exe
  C:\Windows\System\wBCNbKx.exe
  2⤵
  - Executes dropped EXE
  PID:356
- C:\Windows\System\aQdomeM.exe
  C:\Windows\System\aQdomeM.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\TbpIFOm.exe
  C:\Windows\System\TbpIFOm.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\GvwuOFB.exe
  C:\Windows\System\GvwuOFB.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\nHaschu.exe
  C:\Windows\System\nHaschu.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\PhUVKMK.exe
  C:\Windows\System\PhUVKMK.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\MHOkLrM.exe
  C:\Windows\System\MHOkLrM.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\HGIoPFD.exe
  C:\Windows\System\HGIoPFD.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\qTsXSVJ.exe
  C:\Windows\System\qTsXSVJ.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\VXeiady.exe
  C:\Windows\System\VXeiady.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\DWYFkgC.exe
  C:\Windows\System\DWYFkgC.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\GiJHJxp.exe
  C:\Windows\System\GiJHJxp.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\dYbPewC.exe
  C:\Windows\System\dYbPewC.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\hIoQSex.exe
  C:\Windows\System\hIoQSex.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\SaittcF.exe
  C:\Windows\System\SaittcF.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\yhmKKHH.exe
  C:\Windows\System\yhmKKHH.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\CULbWPP.exe
  C:\Windows\System\CULbWPP.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\KYGlXuH.exe
  C:\Windows\System\KYGlXuH.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\KRhxfbW.exe
  C:\Windows\System\KRhxfbW.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\EFzVGBv.exe
  C:\Windows\System\EFzVGBv.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\YZMssLu.exe
  C:\Windows\System\YZMssLu.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\hWJJAkU.exe
  C:\Windows\System\hWJJAkU.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\VPanela.exe
  C:\Windows\System\VPanela.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\fCJXGsp.exe
  C:\Windows\System\fCJXGsp.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\wiUlreK.exe
  C:\Windows\System\wiUlreK.exe
  2⤵
  PID:2888
- C:\Windows\System\hTDsLzo.exe
  C:\Windows\System\hTDsLzo.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\KangkKR.exe
  C:\Windows\System\KangkKR.exe
  2⤵
  PID:2728
- C:\Windows\System\tmDFTUb.exe
  C:\Windows\System\tmDFTUb.exe
  2⤵
  PID:2664
- C:\Windows\System\LhQwjmF.exe
  C:\Windows\System\LhQwjmF.exe
  2⤵
  PID:2160
- C:\Windows\System\RQLcSOH.exe
  C:\Windows\System\RQLcSOH.exe
  2⤵
  PID:2396
- C:\Windows\System\LNHTXEA.exe
  C:\Windows\System\LNHTXEA.exe
  2⤵
  PID:1256
- C:\Windows\System\EcrIZwA.exe
  C:\Windows\System\EcrIZwA.exe
  2⤵
  PID:1696
- C:\Windows\System\CSlPosD.exe
  C:\Windows\System\CSlPosD.exe
  2⤵
  PID:1588
- C:\Windows\System\oyCraGL.exe
  C:\Windows\System\oyCraGL.exe
  2⤵
  PID:1760
- C:\Windows\System\EaXuTDV.exe
  C:\Windows\System\EaXuTDV.exe
  2⤵
  PID:2180
- C:\Windows\System\SSfebof.exe
  C:\Windows\System\SSfebof.exe
  2⤵
  PID:1828
- C:\Windows\System\QIlXxuj.exe
  C:\Windows\System\QIlXxuj.exe
  2⤵
  PID:2364
- C:\Windows\System\OQjhtZk.exe
  C:\Windows\System\OQjhtZk.exe
  2⤵
  PID:1868
- C:\Windows\System\CZBTzXv.exe
  C:\Windows\System\CZBTzXv.exe
  2⤵
  PID:332
- C:\Windows\System\uiqlRkG.exe
  C:\Windows\System\uiqlRkG.exe
  2⤵
  PID:572
- C:\Windows\System\DczonFv.exe
  C:\Windows\System\DczonFv.exe
  2⤵
  PID:672
- C:\Windows\System\UdlfAJI.exe
  C:\Windows\System\UdlfAJI.exe
  2⤵
  PID:344
- C:\Windows\System\haNzVsY.exe
  C:\Windows\System\haNzVsY.exe
  2⤵
  PID:1484
- C:\Windows\System\PnwLwAx.exe
  C:\Windows\System\PnwLwAx.exe
  2⤵
  PID:1716
- C:\Windows\System\DAhBQEr.exe
  C:\Windows\System\DAhBQEr.exe
  2⤵
  PID:1688
- C:\Windows\System\KrVFJUw.exe
  C:\Windows\System\KrVFJUw.exe
  2⤵
  PID:856
- C:\Windows\System\jshTRdq.exe
  C:\Windows\System\jshTRdq.exe
  2⤵
  PID:2824
- C:\Windows\System\pGEvMsr.exe
  C:\Windows\System\pGEvMsr.exe
  2⤵
  PID:2300
- C:\Windows\System\dNkEcxC.exe
  C:\Windows\System\dNkEcxC.exe
  2⤵
  PID:1600
- C:\Windows\System\pZsZtRV.exe
  C:\Windows\System\pZsZtRV.exe
  2⤵
  PID:3020
- C:\Windows\System\dPytnyO.exe
  C:\Windows\System\dPytnyO.exe
  2⤵
  PID:1448
- C:\Windows\System\KOlopqK.exe
  C:\Windows\System\KOlopqK.exe
  2⤵
  PID:2972
- C:\Windows\System\vlBsPrm.exe
  C:\Windows\System\vlBsPrm.exe
  2⤵
  PID:1640
- C:\Windows\System\imWgQsM.exe
  C:\Windows\System\imWgQsM.exe
  2⤵
  PID:2484
- C:\Windows\System\mGkgLaT.exe
  C:\Windows\System\mGkgLaT.exe
  2⤵
  PID:2904
- C:\Windows\System\YbnXdMz.exe
  C:\Windows\System\YbnXdMz.exe
  2⤵
  PID:2620
- C:\Windows\System\zusQAZG.exe
  C:\Windows\System\zusQAZG.exe
  2⤵
  PID:2780
- C:\Windows\System\GwcAHca.exe
  C:\Windows\System\GwcAHca.exe
  2⤵
  PID:1972
- C:\Windows\System\CTMeUqc.exe
  C:\Windows\System\CTMeUqc.exe
  2⤵
  PID:2868
- C:\Windows\System\WzdAQnd.exe
  C:\Windows\System\WzdAQnd.exe
  2⤵
  PID:2612
- C:\Windows\System\RBwQJSa.exe
  C:\Windows\System\RBwQJSa.exe
  2⤵
  PID:1816
- C:\Windows\System\Koxpike.exe
  C:\Windows\System\Koxpike.exe
  2⤵
  PID:1124
- C:\Windows\System\OqAfVqJ.exe
  C:\Windows\System\OqAfVqJ.exe
  2⤵
  PID:2776
- C:\Windows\System\lisORAo.exe
  C:\Windows\System\lisORAo.exe
  2⤵
  PID:980
- C:\Windows\System\yzMreJm.exe
  C:\Windows\System\yzMreJm.exe
  2⤵
  PID:2344
- C:\Windows\System\eMOdPdW.exe
  C:\Windows\System\eMOdPdW.exe
  2⤵
  PID:1032
- C:\Windows\System\NYwSFNI.exe
  C:\Windows\System\NYwSFNI.exe
  2⤵
  PID:1668
- C:\Windows\System\BpHSvOu.exe
  C:\Windows\System\BpHSvOu.exe
  2⤵
  PID:3024
- C:\Windows\System\DKuXAYB.exe
  C:\Windows\System\DKuXAYB.exe
  2⤵
  PID:1676
- C:\Windows\System\RZjIHVS.exe
  C:\Windows\System\RZjIHVS.exe
  2⤵
  PID:828
- C:\Windows\System\XejQYVa.exe
  C:\Windows\System\XejQYVa.exe
  2⤵
  PID:2140
- C:\Windows\System\vDYzFcO.exe
  C:\Windows\System\vDYzFcO.exe
  2⤵
  PID:2552
- C:\Windows\System\YPCVpWN.exe
  C:\Windows\System\YPCVpWN.exe
  2⤵
  PID:684
- C:\Windows\System\oZogqlP.exe
  C:\Windows\System\oZogqlP.exe
  2⤵
  PID:3040
- C:\Windows\System\UtCOfJi.exe
  C:\Windows\System\UtCOfJi.exe
  2⤵
  PID:1536
- C:\Windows\System\JLDFKVn.exe
  C:\Windows\System\JLDFKVn.exe
  2⤵
  PID:2600
- C:\Windows\System\FskeysV.exe
  C:\Windows\System\FskeysV.exe
  2⤵
  PID:2156
- C:\Windows\System\YKBrVkp.exe
  C:\Windows\System\YKBrVkp.exe
  2⤵
  PID:2940
- C:\Windows\System\RUpcPZQ.exe
  C:\Windows\System\RUpcPZQ.exe
  2⤵
  PID:1612
- C:\Windows\System\QDWCLLT.exe
  C:\Windows\System\QDWCLLT.exe
  2⤵
  PID:1628
- C:\Windows\System\QsYuOTk.exe
  C:\Windows\System\QsYuOTk.exe
  2⤵
  PID:1468
- C:\Windows\System\rZjxtxx.exe
  C:\Windows\System\rZjxtxx.exe
  2⤵
  PID:3088
- C:\Windows\System\KBskBpR.exe
  C:\Windows\System\KBskBpR.exe
  2⤵
  PID:3104
- C:\Windows\System\wWDcuER.exe
  C:\Windows\System\wWDcuER.exe
  2⤵
  PID:3120
- C:\Windows\System\hZFXCqG.exe
  C:\Windows\System\hZFXCqG.exe
  2⤵
  PID:3140
- C:\Windows\System\fNwVuKE.exe
  C:\Windows\System\fNwVuKE.exe
  2⤵
  PID:3156
- C:\Windows\System\tHHKJEB.exe
  C:\Windows\System\tHHKJEB.exe
  2⤵
  PID:3172
- C:\Windows\System\zfAVwVX.exe
  C:\Windows\System\zfAVwVX.exe
  2⤵
  PID:3188
- C:\Windows\System\lQNjXfN.exe
  C:\Windows\System\lQNjXfN.exe
  2⤵
  PID:3204
- C:\Windows\System\CUDvRwL.exe
  C:\Windows\System\CUDvRwL.exe
  2⤵
  PID:3220
- C:\Windows\System\exzsnmL.exe
  C:\Windows\System\exzsnmL.exe
  2⤵
  PID:3236
- C:\Windows\System\kiNghKN.exe
  C:\Windows\System\kiNghKN.exe
  2⤵
  PID:3252
- C:\Windows\System\LNFZfgA.exe
  C:\Windows\System\LNFZfgA.exe
  2⤵
  PID:3268
- C:\Windows\System\FuJZsyY.exe
  C:\Windows\System\FuJZsyY.exe
  2⤵
  PID:3284
- C:\Windows\System\QJPOLKI.exe
  C:\Windows\System\QJPOLKI.exe
  2⤵
  PID:3300
- C:\Windows\System\lGWZUJb.exe
  C:\Windows\System\lGWZUJb.exe
  2⤵
  PID:3316
- C:\Windows\System\TXERDPT.exe
  C:\Windows\System\TXERDPT.exe
  2⤵
  PID:3332
- C:\Windows\System\YjqZUWJ.exe
  C:\Windows\System\YjqZUWJ.exe
  2⤵
  PID:3356
- C:\Windows\System\XABGppf.exe
  C:\Windows\System\XABGppf.exe
  2⤵
  PID:3372
- C:\Windows\System\WJZJSfn.exe
  C:\Windows\System\WJZJSfn.exe
  2⤵
  PID:3392
- C:\Windows\System\sXnrqPy.exe
  C:\Windows\System\sXnrqPy.exe
  2⤵
  PID:3412
- C:\Windows\System\yQDcien.exe
  C:\Windows\System\yQDcien.exe
  2⤵
  PID:3428
- C:\Windows\System\kIxYSfY.exe
  C:\Windows\System\kIxYSfY.exe
  2⤵
  PID:3444
- C:\Windows\System\cJHTKDm.exe
  C:\Windows\System\cJHTKDm.exe
  2⤵
  PID:3532
- C:\Windows\System\OJUccgL.exe
  C:\Windows\System\OJUccgL.exe
  2⤵
  PID:3548
- C:\Windows\System\hXXYqNj.exe
  C:\Windows\System\hXXYqNj.exe
  2⤵
  PID:3572
- C:\Windows\System\Fsszoph.exe
  C:\Windows\System\Fsszoph.exe
  2⤵
  PID:3640
- C:\Windows\System\kofpucS.exe
  C:\Windows\System\kofpucS.exe
  2⤵
  PID:3664
- C:\Windows\System\MqLvCPQ.exe
  C:\Windows\System\MqLvCPQ.exe
  2⤵
  PID:3680
- C:\Windows\System\WTBdKVd.exe
  C:\Windows\System\WTBdKVd.exe
  2⤵
  PID:3700
- C:\Windows\System\EphUeSO.exe
  C:\Windows\System\EphUeSO.exe
  2⤵
  PID:3720
- C:\Windows\System\LArzxdL.exe
  C:\Windows\System\LArzxdL.exe
  2⤵
  PID:3740
- C:\Windows\System\LdjjMKe.exe
  C:\Windows\System\LdjjMKe.exe
  2⤵
  PID:3764
- C:\Windows\System\GgIigxP.exe
  C:\Windows\System\GgIigxP.exe
  2⤵
  PID:3780
- C:\Windows\System\xhJXajq.exe
  C:\Windows\System\xhJXajq.exe
  2⤵
  PID:3800
- C:\Windows\System\jwoNiEE.exe
  C:\Windows\System\jwoNiEE.exe
  2⤵
  PID:3816
- C:\Windows\System\AKoslYy.exe
  C:\Windows\System\AKoslYy.exe
  2⤵
  PID:3832
- C:\Windows\System\WIKsSXC.exe
  C:\Windows\System\WIKsSXC.exe
  2⤵
  PID:3848
- C:\Windows\System\OzwxXmV.exe
  C:\Windows\System\OzwxXmV.exe
  2⤵
  PID:3876
- C:\Windows\System\xTjkiVi.exe
  C:\Windows\System\xTjkiVi.exe
  2⤵
  PID:3892
- C:\Windows\System\auDtFwF.exe
  C:\Windows\System\auDtFwF.exe
  2⤵
  PID:3916
- C:\Windows\System\NbrawhC.exe
  C:\Windows\System\NbrawhC.exe
  2⤵
  PID:3944
- C:\Windows\System\FplRGCA.exe
  C:\Windows\System\FplRGCA.exe
  2⤵
  PID:3964
- C:\Windows\System\YjInSdZ.exe
  C:\Windows\System\YjInSdZ.exe
  2⤵
  PID:3984
- C:\Windows\System\jgwEJga.exe
  C:\Windows\System\jgwEJga.exe
  2⤵
  PID:4004
- C:\Windows\System\kcufdLY.exe
  C:\Windows\System\kcufdLY.exe
  2⤵
  PID:4024
- C:\Windows\System\xhBxRvW.exe
  C:\Windows\System\xhBxRvW.exe
  2⤵
  PID:4044
- C:\Windows\System\qQhoabD.exe
  C:\Windows\System\qQhoabD.exe
  2⤵
  PID:4060
- C:\Windows\System\yTZJFAg.exe
  C:\Windows\System\yTZJFAg.exe
  2⤵
  PID:4084
- C:\Windows\System\edwkhjL.exe
  C:\Windows\System\edwkhjL.exe
  2⤵
  PID:1784
- C:\Windows\System\VAOkVyP.exe
  C:\Windows\System\VAOkVyP.exe
  2⤵
  PID:1792
- C:\Windows\System\tBUfokv.exe
  C:\Windows\System\tBUfokv.exe
  2⤵
  PID:2316
- C:\Windows\System\XbGQiWw.exe
  C:\Windows\System\XbGQiWw.exe
  2⤵
  PID:1264
- C:\Windows\System\MUBLgDH.exe
  C:\Windows\System\MUBLgDH.exe
  2⤵
  PID:1476
- C:\Windows\System\uGFCsTj.exe
  C:\Windows\System\uGFCsTj.exe
  2⤵
  PID:3100
- C:\Windows\System\mBuHsmb.exe
  C:\Windows\System\mBuHsmb.exe
  2⤵
  PID:3164
- C:\Windows\System\cuOLQUZ.exe
  C:\Windows\System\cuOLQUZ.exe
  2⤵
  PID:1708
- C:\Windows\System\zxWwUVf.exe
  C:\Windows\System\zxWwUVf.exe
  2⤵
  PID:1692
- C:\Windows\System\EOLLHPy.exe
  C:\Windows\System\EOLLHPy.exe
  2⤵
  PID:2332
- C:\Windows\System\NMkGPOG.exe
  C:\Windows\System\NMkGPOG.exe
  2⤵
  PID:1996
- C:\Windows\System\MiKMMSX.exe
  C:\Windows\System\MiKMMSX.exe
  2⤵
  PID:3364
- C:\Windows\System\BzcRkvR.exe
  C:\Windows\System\BzcRkvR.exe
  2⤵
  PID:3436
- C:\Windows\System\QXwcDOM.exe
  C:\Windows\System\QXwcDOM.exe
  2⤵
  PID:2272
- C:\Windows\System\yqDrtpq.exe
  C:\Windows\System\yqDrtpq.exe
  2⤵
  PID:2596
- C:\Windows\System\AzApRRa.exe
  C:\Windows\System\AzApRRa.exe
  2⤵
  PID:3504
- C:\Windows\System\fYOzNCr.exe
  C:\Windows\System\fYOzNCr.exe
  2⤵
  PID:3520
- C:\Windows\System\fBDVmYl.exe
  C:\Windows\System\fBDVmYl.exe
  2⤵
  PID:3424
- C:\Windows\System\eOhuoUn.exe
  C:\Windows\System\eOhuoUn.exe
  2⤵
  PID:3340
- C:\Windows\System\uaibhRt.exe
  C:\Windows\System\uaibhRt.exe
  2⤵
  PID:3248
- C:\Windows\System\LLRZENV.exe
  C:\Windows\System\LLRZENV.exe
  2⤵
  PID:3180
- C:\Windows\System\swJAeNW.exe
  C:\Windows\System\swJAeNW.exe
  2⤵
  PID:3560
- C:\Windows\System\TlpEAWM.exe
  C:\Windows\System\TlpEAWM.exe
  2⤵
  PID:3592
- C:\Windows\System\VcclOdI.exe
  C:\Windows\System\VcclOdI.exe
  2⤵
  PID:3608
- C:\Windows\System\nOiLtYw.exe
  C:\Windows\System\nOiLtYw.exe
  2⤵
  PID:3628
- C:\Windows\System\ojyPdTB.exe
  C:\Windows\System\ojyPdTB.exe
  2⤵
  PID:3564
- C:\Windows\System\EmOOTUQ.exe
  C:\Windows\System\EmOOTUQ.exe
  2⤵
  PID:3688
- C:\Windows\System\iaKVZRC.exe
  C:\Windows\System\iaKVZRC.exe
  2⤵
  PID:3756
- C:\Windows\System\kSJpFAa.exe
  C:\Windows\System\kSJpFAa.exe
  2⤵
  PID:3792
- C:\Windows\System\RvcrhnW.exe
  C:\Windows\System\RvcrhnW.exe
  2⤵
  PID:3736
- C:\Windows\System\FEpIqlI.exe
  C:\Windows\System\FEpIqlI.exe
  2⤵
  PID:3860
- C:\Windows\System\mjaUhgb.exe
  C:\Windows\System\mjaUhgb.exe
  2⤵
  PID:3812
- C:\Windows\System\YxOdDKF.exe
  C:\Windows\System\YxOdDKF.exe
  2⤵
  PID:3900
- C:\Windows\System\PKSSSdy.exe
  C:\Windows\System\PKSSSdy.exe
  2⤵
  PID:3936
- C:\Windows\System\LmifFAp.exe
  C:\Windows\System\LmifFAp.exe
  2⤵
  PID:3956
- C:\Windows\System\vUrlAPc.exe
  C:\Windows\System\vUrlAPc.exe
  2⤵
  PID:4000
- C:\Windows\System\cGWLzcC.exe
  C:\Windows\System\cGWLzcC.exe
  2⤵
  PID:4036
- C:\Windows\System\jkBPuyp.exe
  C:\Windows\System\jkBPuyp.exe
  2⤵
  PID:4020
- C:\Windows\System\iSYTUoc.exe
  C:\Windows\System\iSYTUoc.exe
  2⤵
  PID:4056
- C:\Windows\System\zecctIz.exe
  C:\Windows\System\zecctIz.exe
  2⤵
  PID:1836
- C:\Windows\System\OBaUnwI.exe
  C:\Windows\System\OBaUnwI.exe
  2⤵
  PID:1684
- C:\Windows\System\AtbAjvU.exe
  C:\Windows\System\AtbAjvU.exe
  2⤵
  PID:1788
- C:\Windows\System\jcKmvmL.exe
  C:\Windows\System\jcKmvmL.exe
  2⤵
  PID:3292
- C:\Windows\System\aKqMbpX.exe
  C:\Windows\System\aKqMbpX.exe
  2⤵
  PID:3368
- C:\Windows\System\AZEObLO.exe
  C:\Windows\System\AZEObLO.exe
  2⤵
  PID:636
- C:\Windows\System\djIMNlo.exe
  C:\Windows\System\djIMNlo.exe
  2⤵
  PID:2784
- C:\Windows\System\JAGGApt.exe
  C:\Windows\System\JAGGApt.exe
  2⤵
  PID:2812
- C:\Windows\System\yTszHce.exe
  C:\Windows\System\yTszHce.exe
  2⤵
  PID:3516
- C:\Windows\System\qnIZApc.exe
  C:\Windows\System\qnIZApc.exe
  2⤵
  PID:3084
- C:\Windows\System\oeDVpBm.exe
  C:\Windows\System\oeDVpBm.exe
  2⤵
  PID:3308
- C:\Windows\System\JWVNvyW.exe
  C:\Windows\System\JWVNvyW.exe
  2⤵
  PID:3112
- C:\Windows\System\QQXCFQs.exe
  C:\Windows\System\QQXCFQs.exe
  2⤵
  PID:3600
- C:\Windows\System\ZZZYsSt.exe
  C:\Windows\System\ZZZYsSt.exe
  2⤵
  PID:3616
- C:\Windows\System\ZwgfMNu.exe
  C:\Windows\System\ZwgfMNu.exe
  2⤵
  PID:3712
- C:\Windows\System\XLMChZI.exe
  C:\Windows\System\XLMChZI.exe
  2⤵
  PID:3656
- C:\Windows\System\uEiRadB.exe
  C:\Windows\System\uEiRadB.exe
  2⤵
  PID:3788
- C:\Windows\System\YIUiDBB.exe
  C:\Windows\System\YIUiDBB.exe
  2⤵
  PID:3872
- C:\Windows\System\GzdtMIl.exe
  C:\Windows\System\GzdtMIl.exe
  2⤵
  PID:3908
- C:\Windows\System\TqGKEAH.exe
  C:\Windows\System\TqGKEAH.exe
  2⤵
  PID:3888
- C:\Windows\System\YYaPaRl.exe
  C:\Windows\System\YYaPaRl.exe
  2⤵
  PID:3932
- C:\Windows\System\nOhKQgm.exe
  C:\Windows\System\nOhKQgm.exe
  2⤵
  PID:4076
- C:\Windows\System\IheSqEy.exe
  C:\Windows\System\IheSqEy.exe
  2⤵
  PID:4040
- C:\Windows\System\bfygEZQ.exe
  C:\Windows\System\bfygEZQ.exe
  2⤵
  PID:4092
- C:\Windows\System\fyEUjhj.exe
  C:\Windows\System\fyEUjhj.exe
  2⤵
  PID:2128
- C:\Windows\System\ZIPVVwm.exe
  C:\Windows\System\ZIPVVwm.exe
  2⤵
  PID:3228
- C:\Windows\System\WjuCwge.exe
  C:\Windows\System\WjuCwge.exe
  2⤵
  PID:2100
- C:\Windows\System\XdMrBrw.exe
  C:\Windows\System\XdMrBrw.exe
  2⤵
  PID:3500
- C:\Windows\System\aoIvJgh.exe
  C:\Windows\System\aoIvJgh.exe
  2⤵
  PID:3384
- C:\Windows\System\puiLZqc.exe
  C:\Windows\System\puiLZqc.exe
  2⤵
  PID:3276
- C:\Windows\System\QDrbRMG.exe
  C:\Windows\System\QDrbRMG.exe
  2⤵
  PID:3676
- C:\Windows\System\SQPfqie.exe
  C:\Windows\System\SQPfqie.exe
  2⤵
  PID:3752
- C:\Windows\System\SAlBbjy.exe
  C:\Windows\System\SAlBbjy.exe
  2⤵
  PID:3828
- C:\Windows\System\NaSfvTt.exe
  C:\Windows\System\NaSfvTt.exe
  2⤵
  PID:3952
- C:\Windows\System\RnLQOOS.exe
  C:\Windows\System\RnLQOOS.exe
  2⤵
  PID:3732
- C:\Windows\System\CssQYUt.exe
  C:\Windows\System\CssQYUt.exe
  2⤵
  PID:4100
- C:\Windows\System\MMhzvIM.exe
  C:\Windows\System\MMhzvIM.exe
  2⤵
  PID:4116
- C:\Windows\System\UnOADAq.exe
  C:\Windows\System\UnOADAq.exe
  2⤵
  PID:4140
- C:\Windows\System\igxjEtA.exe
  C:\Windows\System\igxjEtA.exe
  2⤵
  PID:4164
- C:\Windows\System\HCRHUvQ.exe
  C:\Windows\System\HCRHUvQ.exe
  2⤵
  PID:4180
- C:\Windows\System\qxDdxPx.exe
  C:\Windows\System\qxDdxPx.exe
  2⤵
  PID:4204
- C:\Windows\System\HskACbj.exe
  C:\Windows\System\HskACbj.exe
  2⤵
  PID:4224
- C:\Windows\System\iUEJzAl.exe
  C:\Windows\System\iUEJzAl.exe
  2⤵
  PID:4244
- C:\Windows\System\pNBZrqh.exe
  C:\Windows\System\pNBZrqh.exe
  2⤵
  PID:4264
- C:\Windows\System\GZnuJyb.exe
  C:\Windows\System\GZnuJyb.exe
  2⤵
  PID:4284
- C:\Windows\System\cMNdyuj.exe
  C:\Windows\System\cMNdyuj.exe
  2⤵
  PID:4304
- C:\Windows\System\bTkfEdW.exe
  C:\Windows\System\bTkfEdW.exe
  2⤵
  PID:4324
- C:\Windows\System\CImKNKv.exe
  C:\Windows\System\CImKNKv.exe
  2⤵
  PID:4344
- C:\Windows\System\KUOPNwg.exe
  C:\Windows\System\KUOPNwg.exe
  2⤵
  PID:4364
- C:\Windows\System\kRHOnUg.exe
  C:\Windows\System\kRHOnUg.exe
  2⤵
  PID:4380
- C:\Windows\System\vFPXfFQ.exe
  C:\Windows\System\vFPXfFQ.exe
  2⤵
  PID:4400
- C:\Windows\System\CgBBdYM.exe
  C:\Windows\System\CgBBdYM.exe
  2⤵
  PID:4424
- C:\Windows\System\NhMbBqC.exe
  C:\Windows\System\NhMbBqC.exe
  2⤵
  PID:4444
- C:\Windows\System\sSXOlnQ.exe
  C:\Windows\System\sSXOlnQ.exe
  2⤵
  PID:4464
- C:\Windows\System\BSyWdHb.exe
  C:\Windows\System\BSyWdHb.exe
  2⤵
  PID:4488
- C:\Windows\System\aYBpZxd.exe
  C:\Windows\System\aYBpZxd.exe
  2⤵
  PID:4508
- C:\Windows\System\uGuazNA.exe
  C:\Windows\System\uGuazNA.exe
  2⤵
  PID:4524
- C:\Windows\System\vUHnDUg.exe
  C:\Windows\System\vUHnDUg.exe
  2⤵
  PID:4548
- C:\Windows\System\uSyeDxu.exe
  C:\Windows\System\uSyeDxu.exe
  2⤵
  PID:4568
- C:\Windows\System\ZghezFe.exe
  C:\Windows\System\ZghezFe.exe
  2⤵
  PID:4588
- C:\Windows\System\zCeWsGY.exe
  C:\Windows\System\zCeWsGY.exe
  2⤵
  PID:4608
- C:\Windows\System\AogGbky.exe
  C:\Windows\System\AogGbky.exe
  2⤵
  PID:4628
- C:\Windows\System\FGJEgEX.exe
  C:\Windows\System\FGJEgEX.exe
  2⤵
  PID:4648
- C:\Windows\System\DXmdwVF.exe
  C:\Windows\System\DXmdwVF.exe
  2⤵
  PID:4664
- C:\Windows\System\GpmAKOM.exe
  C:\Windows\System\GpmAKOM.exe
  2⤵
  PID:4688
- C:\Windows\System\ORidRDE.exe
  C:\Windows\System\ORidRDE.exe
  2⤵
  PID:4708
- C:\Windows\System\DBbpWzX.exe
  C:\Windows\System\DBbpWzX.exe
  2⤵
  PID:4724
- C:\Windows\System\PnaUPRt.exe
  C:\Windows\System\PnaUPRt.exe
  2⤵
  PID:4748
- C:\Windows\System\SjpOhKl.exe
  C:\Windows\System\SjpOhKl.exe
  2⤵
  PID:4768
- C:\Windows\System\sjlXwSv.exe
  C:\Windows\System\sjlXwSv.exe
  2⤵
  PID:4788
- C:\Windows\System\xSZZpEB.exe
  C:\Windows\System\xSZZpEB.exe
  2⤵
  PID:4808
- C:\Windows\System\GRyXhsK.exe
  C:\Windows\System\GRyXhsK.exe
  2⤵
  PID:4828
- C:\Windows\System\mZEmeqX.exe
  C:\Windows\System\mZEmeqX.exe
  2⤵
  PID:4844
- C:\Windows\System\SYpPzXT.exe
  C:\Windows\System\SYpPzXT.exe
  2⤵
  PID:4868
- C:\Windows\System\zOHLMYH.exe
  C:\Windows\System\zOHLMYH.exe
  2⤵
  PID:4888
- C:\Windows\System\VXhavSZ.exe
  C:\Windows\System\VXhavSZ.exe
  2⤵
  PID:4908
- C:\Windows\System\Yvjyufp.exe
  C:\Windows\System\Yvjyufp.exe
  2⤵
  PID:4928
- C:\Windows\System\xmupRjV.exe
  C:\Windows\System\xmupRjV.exe
  2⤵
  PID:4948
- C:\Windows\System\onRsDbd.exe
  C:\Windows\System\onRsDbd.exe
  2⤵
  PID:4968
- C:\Windows\System\ctZvpsd.exe
  C:\Windows\System\ctZvpsd.exe
  2⤵
  PID:4988
- C:\Windows\System\cBfNjWh.exe
  C:\Windows\System\cBfNjWh.exe
  2⤵
  PID:5004
- C:\Windows\System\eyUIfUK.exe
  C:\Windows\System\eyUIfUK.exe
  2⤵
  PID:5020
- C:\Windows\System\wcPdpDS.exe
  C:\Windows\System\wcPdpDS.exe
  2⤵
  PID:5040
- C:\Windows\System\UweNxIJ.exe
  C:\Windows\System\UweNxIJ.exe
  2⤵
  PID:5060
- C:\Windows\System\ZhUYkZa.exe
  C:\Windows\System\ZhUYkZa.exe
  2⤵
  PID:5088
- C:\Windows\System\QjjVuJM.exe
  C:\Windows\System\QjjVuJM.exe
  2⤵
  PID:5108
- C:\Windows\System\aCQUUEE.exe
  C:\Windows\System\aCQUUEE.exe
  2⤵
  PID:1924
- C:\Windows\System\zDsuAmH.exe
  C:\Windows\System\zDsuAmH.exe
  2⤵
  PID:4052
- C:\Windows\System\CBlqpwS.exe
  C:\Windows\System\CBlqpwS.exe
  2⤵
  PID:2828
- C:\Windows\System\AMmkeAo.exe
  C:\Windows\System\AMmkeAo.exe
  2⤵
  PID:3080
- C:\Windows\System\ZVRUbsu.exe
  C:\Windows\System\ZVRUbsu.exe
  2⤵
  PID:2908
- C:\Windows\System\ijvExjH.exe
  C:\Windows\System\ijvExjH.exe
  2⤵
  PID:3524
- C:\Windows\System\ljmJiwN.exe
  C:\Windows\System\ljmJiwN.exe
  2⤵
  PID:3148
- C:\Windows\System\DXludSi.exe
  C:\Windows\System\DXludSi.exe
  2⤵
  PID:3824
- C:\Windows\System\xZXlvsk.exe
  C:\Windows\System\xZXlvsk.exe
  2⤵
  PID:4112
- C:\Windows\System\kMCIkXB.exe
  C:\Windows\System\kMCIkXB.exe
  2⤵
  PID:4128
- C:\Windows\System\WWbIyzP.exe
  C:\Windows\System\WWbIyzP.exe
  2⤵
  PID:4156
- C:\Windows\System\bJOTYNH.exe
  C:\Windows\System\bJOTYNH.exe
  2⤵
  PID:4200
- C:\Windows\System\jPdNgqg.exe
  C:\Windows\System\jPdNgqg.exe
  2⤵
  PID:4232
- C:\Windows\System\auWagIZ.exe
  C:\Windows\System\auWagIZ.exe
  2⤵
  PID:4252
- C:\Windows\System\uPktYwr.exe
  C:\Windows\System\uPktYwr.exe
  2⤵
  PID:4260
- C:\Windows\System\EaLbRxc.exe
  C:\Windows\System\EaLbRxc.exe
  2⤵
  PID:4320
- C:\Windows\System\wtWUnEm.exe
  C:\Windows\System\wtWUnEm.exe
  2⤵
  PID:4356
- C:\Windows\System\wUTlCHg.exe
  C:\Windows\System\wUTlCHg.exe
  2⤵
  PID:4372
- C:\Windows\System\KzEwDaw.exe
  C:\Windows\System\KzEwDaw.exe
  2⤵
  PID:4412
- C:\Windows\System\HVQOFzd.exe
  C:\Windows\System\HVQOFzd.exe
  2⤵
  PID:4452
- C:\Windows\System\zuwZgWa.exe
  C:\Windows\System\zuwZgWa.exe
  2⤵
  PID:4476
- C:\Windows\System\tMwoFkt.exe
  C:\Windows\System\tMwoFkt.exe
  2⤵
  PID:4500
- C:\Windows\System\ytVboWn.exe
  C:\Windows\System\ytVboWn.exe
  2⤵
  PID:4544
- C:\Windows\System\jDUqLrd.exe
  C:\Windows\System\jDUqLrd.exe
  2⤵
  PID:4600
- C:\Windows\System\merBYRB.exe
  C:\Windows\System\merBYRB.exe
  2⤵
  PID:4620
- C:\Windows\System\IBPqxZl.exe
  C:\Windows\System\IBPqxZl.exe
  2⤵
  PID:4656
- C:\Windows\System\hviWDcJ.exe
  C:\Windows\System\hviWDcJ.exe
  2⤵
  PID:4696
- C:\Windows\System\omAPeGf.exe
  C:\Windows\System\omAPeGf.exe
  2⤵
  PID:4764
- C:\Windows\System\MhPDUZv.exe
  C:\Windows\System\MhPDUZv.exe
  2⤵
  PID:4760
- C:\Windows\System\aOPIils.exe
  C:\Windows\System\aOPIils.exe
  2⤵
  PID:4784
- C:\Windows\System\EVHvOZh.exe
  C:\Windows\System\EVHvOZh.exe
  2⤵
  PID:4816
- C:\Windows\System\SFJPyqD.exe
  C:\Windows\System\SFJPyqD.exe
  2⤵
  PID:4876
- C:\Windows\System\ZuEbHuL.exe
  C:\Windows\System\ZuEbHuL.exe
  2⤵
  PID:4864
- C:\Windows\System\yJFoRzs.exe
  C:\Windows\System\yJFoRzs.exe
  2⤵
  PID:4924
- C:\Windows\System\colhtYx.exe
  C:\Windows\System\colhtYx.exe
  2⤵
  PID:4964
- C:\Windows\System\mQQLKuh.exe
  C:\Windows\System\mQQLKuh.exe
  2⤵
  PID:4984
- C:\Windows\System\aCozXfG.exe
  C:\Windows\System\aCozXfG.exe
  2⤵
  PID:5076
- C:\Windows\System\xcrpJgV.exe
  C:\Windows\System\xcrpJgV.exe
  2⤵
  PID:5084
- C:\Windows\System\ttToKUr.exe
  C:\Windows\System\ttToKUr.exe
  2⤵
  PID:5056
- C:\Windows\System\pJcunxm.exe
  C:\Windows\System\pJcunxm.exe
  2⤵
  PID:5104
- C:\Windows\System\yNzgTGB.exe
  C:\Windows\System\yNzgTGB.exe
  2⤵
  PID:4072
- C:\Windows\System\XWRSqMF.exe
  C:\Windows\System\XWRSqMF.exe
  2⤵
  PID:1296
- C:\Windows\System\CQTIiEu.exe
  C:\Windows\System\CQTIiEu.exe
  2⤵
  PID:3196
- C:\Windows\System\KmGpRAy.exe
  C:\Windows\System\KmGpRAy.exe
  2⤵
  PID:3456
- C:\Windows\System\VATGMXu.exe
  C:\Windows\System\VATGMXu.exe
  2⤵
  PID:3884
- C:\Windows\System\BFOrPJH.exe
  C:\Windows\System\BFOrPJH.exe
  2⤵
  PID:3280
- C:\Windows\System\fpkPBze.exe
  C:\Windows\System\fpkPBze.exe
  2⤵
  PID:4124
- C:\Windows\System\pYpjwGV.exe
  C:\Windows\System\pYpjwGV.exe
  2⤵
  PID:4196
- C:\Windows\System\JqeJvOg.exe
  C:\Windows\System\JqeJvOg.exe
  2⤵
  PID:4220
- C:\Windows\System\vzPhvSC.exe
  C:\Windows\System\vzPhvSC.exe
  2⤵
  PID:4256
- C:\Windows\System\EefGkSR.exe
  C:\Windows\System\EefGkSR.exe
  2⤵
  PID:4312
- C:\Windows\System\yFDOOoJ.exe
  C:\Windows\System\yFDOOoJ.exe
  2⤵
  PID:4352
- C:\Windows\System\dGWqLUE.exe
  C:\Windows\System\dGWqLUE.exe
  2⤵
  PID:4392
- C:\Windows\System\qfPnzHJ.exe
  C:\Windows\System\qfPnzHJ.exe
  2⤵
  PID:4480
- C:\Windows\System\gbHgatF.exe
  C:\Windows\System\gbHgatF.exe
  2⤵
  PID:4532
- C:\Windows\System\PZWpitu.exe
  C:\Windows\System\PZWpitu.exe
  2⤵
  PID:4596
- C:\Windows\System\mjSPMQH.exe
  C:\Windows\System\mjSPMQH.exe
  2⤵
  PID:4576
- C:\Windows\System\Ekzurrk.exe
  C:\Windows\System\Ekzurrk.exe
  2⤵
  PID:4680
- C:\Windows\System\gKbVLdq.exe
  C:\Windows\System\gKbVLdq.exe
  2⤵
  PID:4644
- C:\Windows\System\IFuoVGO.exe
  C:\Windows\System\IFuoVGO.exe
  2⤵
  PID:4740
- C:\Windows\System\AosljvP.exe
  C:\Windows\System\AosljvP.exe
  2⤵
  PID:4780
- C:\Windows\System\HhxcuFz.exe
  C:\Windows\System\HhxcuFz.exe
  2⤵
  PID:4820
- C:\Windows\System\xDHncIX.exe
  C:\Windows\System\xDHncIX.exe
  2⤵
  PID:4880
- C:\Windows\System\XUQwYjw.exe
  C:\Windows\System\XUQwYjw.exe
  2⤵
  PID:5000
- C:\Windows\System\DUWkszJ.exe
  C:\Windows\System\DUWkszJ.exe
  2⤵
  PID:5068
- C:\Windows\System\TUPSdeq.exe
  C:\Windows\System\TUPSdeq.exe
  2⤵
  PID:4996
- C:\Windows\System\vzSNaXa.exe
  C:\Windows\System\vzSNaXa.exe
  2⤵
  PID:2724
- C:\Windows\System\fZGRtXN.exe
  C:\Windows\System\fZGRtXN.exe
  2⤵
  PID:4080
- C:\Windows\System\majKpYa.exe
  C:\Windows\System\majKpYa.exe
  2⤵
  PID:4236
- C:\Windows\System\zpwRUYa.exe
  C:\Windows\System\zpwRUYa.exe
  2⤵
  PID:4388
- C:\Windows\System\QmMoUIH.exe
  C:\Windows\System\QmMoUIH.exe
  2⤵
  PID:4616
- C:\Windows\System\noamhIF.exe
  C:\Windows\System\noamhIF.exe
  2⤵
  PID:4560
- C:\Windows\System\fhutfrZ.exe
  C:\Windows\System\fhutfrZ.exe
  2⤵
  PID:4852
- C:\Windows\System\LJtXhGd.exe
  C:\Windows\System\LJtXhGd.exe
  2⤵
  PID:3132
- C:\Windows\System\zSDmYwR.exe
  C:\Windows\System\zSDmYwR.exe
  2⤵
  PID:4732
- C:\Windows\System\xAmWjSq.exe
  C:\Windows\System\xAmWjSq.exe
  2⤵
  PID:5124
- C:\Windows\System\TWiCCrq.exe
  C:\Windows\System\TWiCCrq.exe
  2⤵
  PID:5140
- C:\Windows\System\HYDlYBq.exe
  C:\Windows\System\HYDlYBq.exe
  2⤵
  PID:5156
- C:\Windows\System\pEMQTEN.exe
  C:\Windows\System\pEMQTEN.exe
  2⤵
  PID:5172
- C:\Windows\System\aBWBzcT.exe
  C:\Windows\System\aBWBzcT.exe
  2⤵
  PID:5188
- C:\Windows\System\ScfDsxL.exe
  C:\Windows\System\ScfDsxL.exe
  2⤵
  PID:5204
- C:\Windows\System\VeeBsPz.exe
  C:\Windows\System\VeeBsPz.exe
  2⤵
  PID:5220
- C:\Windows\System\nLwUSrg.exe
  C:\Windows\System\nLwUSrg.exe
  2⤵
  PID:5236
- C:\Windows\System\rXIjyGT.exe
  C:\Windows\System\rXIjyGT.exe
  2⤵
  PID:5252
- C:\Windows\System\prGlkxw.exe
  C:\Windows\System\prGlkxw.exe
  2⤵
  PID:5268
- C:\Windows\System\YtKbGjV.exe
  C:\Windows\System\YtKbGjV.exe
  2⤵
  PID:5284
- C:\Windows\System\GOMuUGm.exe
  C:\Windows\System\GOMuUGm.exe
  2⤵
  PID:5300
- C:\Windows\System\PTBKzqk.exe
  C:\Windows\System\PTBKzqk.exe
  2⤵
  PID:5316
- C:\Windows\System\QnTJugW.exe
  C:\Windows\System\QnTJugW.exe
  2⤵
  PID:5332
- C:\Windows\System\DOlDirx.exe
  C:\Windows\System\DOlDirx.exe
  2⤵
  PID:5348
- C:\Windows\System\BhhMNeO.exe
  C:\Windows\System\BhhMNeO.exe
  2⤵
  PID:5364
- C:\Windows\System\jPWHDYQ.exe
  C:\Windows\System\jPWHDYQ.exe
  2⤵
  PID:5380
- C:\Windows\System\nRNcNVn.exe
  C:\Windows\System\nRNcNVn.exe
  2⤵
  PID:5396
- C:\Windows\System\fWbULid.exe
  C:\Windows\System\fWbULid.exe
  2⤵
  PID:5412
- C:\Windows\System\WteNBsf.exe
  C:\Windows\System\WteNBsf.exe
  2⤵
  PID:5428
- C:\Windows\System\dYBQJvX.exe
  C:\Windows\System\dYBQJvX.exe
  2⤵
  PID:5444
- C:\Windows\System\ZLqHaRS.exe
  C:\Windows\System\ZLqHaRS.exe
  2⤵
  PID:5460
- C:\Windows\System\VyGhcRh.exe
  C:\Windows\System\VyGhcRh.exe
  2⤵
  PID:5476
- C:\Windows\System\LNbsqkD.exe
  C:\Windows\System\LNbsqkD.exe
  2⤵
  PID:5492
- C:\Windows\System\kSmRVDN.exe
  C:\Windows\System\kSmRVDN.exe
  2⤵
  PID:5508
- C:\Windows\System\DJJHUCn.exe
  C:\Windows\System\DJJHUCn.exe
  2⤵
  PID:5524
- C:\Windows\System\TrPAnoA.exe
  C:\Windows\System\TrPAnoA.exe
  2⤵
  PID:5540
- C:\Windows\System\kRnpFJg.exe
  C:\Windows\System\kRnpFJg.exe
  2⤵
  PID:5556
- C:\Windows\System\kAzGOPL.exe
  C:\Windows\System\kAzGOPL.exe
  2⤵
  PID:5572
- C:\Windows\System\zdJtAqp.exe
  C:\Windows\System\zdJtAqp.exe
  2⤵
  PID:5588
- C:\Windows\System\LRtQtXn.exe
  C:\Windows\System\LRtQtXn.exe
  2⤵
  PID:5604
- C:\Windows\System\YubpSsl.exe
  C:\Windows\System\YubpSsl.exe
  2⤵
  PID:5620
- C:\Windows\System\pvPHuQb.exe
  C:\Windows\System\pvPHuQb.exe
  2⤵
  PID:5636
- C:\Windows\System\YLRTGti.exe
  C:\Windows\System\YLRTGti.exe
  2⤵
  PID:5652
- C:\Windows\System\xTANTaK.exe
  C:\Windows\System\xTANTaK.exe
  2⤵
  PID:5668
- C:\Windows\System\LwdFaWp.exe
  C:\Windows\System\LwdFaWp.exe
  2⤵
  PID:5684
- C:\Windows\System\cALEnfc.exe
  C:\Windows\System\cALEnfc.exe
  2⤵
  PID:5700
- C:\Windows\System\oDUjuQi.exe
  C:\Windows\System\oDUjuQi.exe
  2⤵
  PID:5716
- C:\Windows\System\byginLQ.exe
  C:\Windows\System\byginLQ.exe
  2⤵
  PID:5732
- C:\Windows\System\sOAunbL.exe
  C:\Windows\System\sOAunbL.exe
  2⤵
  PID:5748
- C:\Windows\System\dMhQDxi.exe
  C:\Windows\System\dMhQDxi.exe
  2⤵
  PID:5764
- C:\Windows\System\AtQMBtS.exe
  C:\Windows\System\AtQMBtS.exe
  2⤵
  PID:5780
- C:\Windows\System\aCNwThN.exe
  C:\Windows\System\aCNwThN.exe
  2⤵
  PID:5796
- C:\Windows\System\PdMEqKf.exe
  C:\Windows\System\PdMEqKf.exe
  2⤵
  PID:5816
- C:\Windows\System\WQZKGAv.exe
  C:\Windows\System\WQZKGAv.exe
  2⤵
  PID:5832
- C:\Windows\System\QwNgKkM.exe
  C:\Windows\System\QwNgKkM.exe
  2⤵
  PID:5848
- C:\Windows\System\csaHvkB.exe
  C:\Windows\System\csaHvkB.exe
  2⤵
  PID:5864
- C:\Windows\System\FiBCDlM.exe
  C:\Windows\System\FiBCDlM.exe
  2⤵
  PID:5880
- C:\Windows\System\hVsuJop.exe
  C:\Windows\System\hVsuJop.exe
  2⤵
  PID:5896
- C:\Windows\System\BUwanMq.exe
  C:\Windows\System\BUwanMq.exe
  2⤵
  PID:5912
- C:\Windows\System\rNDnvAO.exe
  C:\Windows\System\rNDnvAO.exe
  2⤵
  PID:5928
- C:\Windows\System\NbydSmZ.exe
  C:\Windows\System\NbydSmZ.exe
  2⤵
  PID:5944
- C:\Windows\System\bwfvqHM.exe
  C:\Windows\System\bwfvqHM.exe
  2⤵
  PID:5960
- C:\Windows\System\RkxzOsF.exe
  C:\Windows\System\RkxzOsF.exe
  2⤵
  PID:5976
- C:\Windows\System\ivGdUZX.exe
  C:\Windows\System\ivGdUZX.exe
  2⤵
  PID:5992
- C:\Windows\System\NEUgbLC.exe
  C:\Windows\System\NEUgbLC.exe
  2⤵
  PID:6008
- C:\Windows\System\tzWQuxk.exe
  C:\Windows\System\tzWQuxk.exe
  2⤵
  PID:6024
- C:\Windows\System\taHNXBQ.exe
  C:\Windows\System\taHNXBQ.exe
  2⤵
  PID:6040
- C:\Windows\System\JqUSkHl.exe
  C:\Windows\System\JqUSkHl.exe
  2⤵
  PID:6056
- C:\Windows\System\KTUiNLY.exe
  C:\Windows\System\KTUiNLY.exe
  2⤵
  PID:6072
- C:\Windows\System\lrqCgWs.exe
  C:\Windows\System\lrqCgWs.exe
  2⤵
  PID:6088
- C:\Windows\System\QJXwxpI.exe
  C:\Windows\System\QJXwxpI.exe
  2⤵
  PID:6104
- C:\Windows\System\dLwNjEh.exe
  C:\Windows\System\dLwNjEh.exe
  2⤵
  PID:6120
- C:\Windows\System\tlyZKKA.exe
  C:\Windows\System\tlyZKKA.exe
  2⤵
  PID:6136
- C:\Windows\System\CsgLLWt.exe
  C:\Windows\System\CsgLLWt.exe
  2⤵
  PID:4840
- C:\Windows\System\pElXspk.exe
  C:\Windows\System\pElXspk.exe
  2⤵
  PID:4280
- C:\Windows\System\VJKToOr.exe
  C:\Windows\System\VJKToOr.exe
  2⤵
  PID:4416
- C:\Windows\System\yxNmzjS.exe
  C:\Windows\System\yxNmzjS.exe
  2⤵
  PID:4296
- C:\Windows\System\qGAEpIi.exe
  C:\Windows\System\qGAEpIi.exe
  2⤵
  PID:5080
- C:\Windows\System\zEFEOmO.exe
  C:\Windows\System\zEFEOmO.exe
  2⤵
  PID:2708
- C:\Windows\System\ZKpfpeB.exe
  C:\Windows\System\ZKpfpeB.exe
  2⤵
  PID:4936
- C:\Windows\System\dPzEIIN.exe
  C:\Windows\System\dPzEIIN.exe
  2⤵
  PID:4504
- C:\Windows\System\qHYSMFD.exe
  C:\Windows\System\qHYSMFD.exe
  2⤵
  PID:3556
- C:\Windows\System\VfLyoQG.exe
  C:\Windows\System\VfLyoQG.exe
  2⤵
  PID:5184
- C:\Windows\System\cqTqkwx.exe
  C:\Windows\System\cqTqkwx.exe
  2⤵
  PID:5408
- C:\Windows\System\pAzMlow.exe
  C:\Windows\System\pAzMlow.exe
  2⤵
  PID:5280
- C:\Windows\System\OVZXfVT.exe
  C:\Windows\System\OVZXfVT.exe
  2⤵
  PID:5344
- C:\Windows\System\OgXjpii.exe
  C:\Windows\System\OgXjpii.exe
  2⤵
  PID:5536
- C:\Windows\System\lZAkgok.exe
  C:\Windows\System\lZAkgok.exe
  2⤵
  PID:5532
- C:\Windows\System\kbvfXUE.exe
  C:\Windows\System\kbvfXUE.exe
  2⤵
  PID:2576
- C:\Windows\System\zCUsedA.exe
  C:\Windows\System\zCUsedA.exe
  2⤵
  PID:5724
- C:\Windows\System\TMKMeDU.exe
  C:\Windows\System\TMKMeDU.exe
  2⤵
  PID:5596
- C:\Windows\System\iiafbFv.exe
  C:\Windows\System\iiafbFv.exe
  2⤵
  PID:4188
- C:\Windows\System\IjFSyCH.exe
  C:\Windows\System\IjFSyCH.exe
  2⤵
  PID:5132
- C:\Windows\System\LZTNdJj.exe
  C:\Windows\System\LZTNdJj.exe
  2⤵
  PID:5196
- C:\Windows\System\YpmwSuL.exe
  C:\Windows\System\YpmwSuL.exe
  2⤵
  PID:5260
- C:\Windows\System\wVwlkuh.exe
  C:\Windows\System\wVwlkuh.exe
  2⤵
  PID:5324
- C:\Windows\System\EGTmDdG.exe
  C:\Windows\System\EGTmDdG.exe
  2⤵
  PID:5388
- C:\Windows\System\SYROXXH.exe
  C:\Windows\System\SYROXXH.exe
  2⤵
  PID:5452
- C:\Windows\System\eLFIDKs.exe
  C:\Windows\System\eLFIDKs.exe
  2⤵
  PID:5488
- C:\Windows\System\GCGjMlQ.exe
  C:\Windows\System\GCGjMlQ.exe
  2⤵
  PID:5580
- C:\Windows\System\unlkuyl.exe
  C:\Windows\System\unlkuyl.exe
  2⤵
  PID:5644
- C:\Windows\System\hLpxCaM.exe
  C:\Windows\System\hLpxCaM.exe
  2⤵
  PID:5708
- C:\Windows\System\IqPVTGz.exe
  C:\Windows\System\IqPVTGz.exe
  2⤵
  PID:5772
- C:\Windows\System\LmVZyho.exe
  C:\Windows\System\LmVZyho.exe
  2⤵
  PID:4540
- C:\Windows\System\LTpyqdU.exe
  C:\Windows\System\LTpyqdU.exe
  2⤵
  PID:5792
- C:\Windows\System\MyYedMf.exe
  C:\Windows\System\MyYedMf.exe
  2⤵
  PID:5860
- C:\Windows\System\IMWNAgb.exe
  C:\Windows\System\IMWNAgb.exe
  2⤵
  PID:5920
- C:\Windows\System\mkNDeNC.exe
  C:\Windows\System\mkNDeNC.exe
  2⤵
  PID:5844
- C:\Windows\System\LIhyRtf.exe
  C:\Windows\System\LIhyRtf.exe
  2⤵
  PID:5988
- C:\Windows\System\VbgFfqP.exe
  C:\Windows\System\VbgFfqP.exe
  2⤵
  PID:6052
- C:\Windows\System\jRfgPEf.exe
  C:\Windows\System\jRfgPEf.exe
  2⤵
  PID:6116
- C:\Windows\System\rmWxEAB.exe
  C:\Windows\System\rmWxEAB.exe
  2⤵
  PID:5924
- C:\Windows\System\KhAuoiK.exe
  C:\Windows\System\KhAuoiK.exe
  2⤵
  PID:4676
- C:\Windows\System\YwAYWFN.exe
  C:\Windows\System\YwAYWFN.exe
  2⤵
  PID:5404
- C:\Windows\System\EiIDvTB.exe
  C:\Windows\System\EiIDvTB.exe
  2⤵
  PID:2920
- C:\Windows\System\mQkVKka.exe
  C:\Windows\System\mQkVKka.exe
  2⤵
  PID:5248
- C:\Windows\System\OTGSByU.exe
  C:\Windows\System\OTGSByU.exe
  2⤵
  PID:5904
- C:\Windows\System\PZqzaNY.exe
  C:\Windows\System\PZqzaNY.exe
  2⤵
  PID:6000
- C:\Windows\System\OrHLGML.exe
  C:\Windows\System\OrHLGML.exe
  2⤵
  PID:6036
- C:\Windows\System\gBduUNO.exe
  C:\Windows\System\gBduUNO.exe
  2⤵
  PID:6096
- C:\Windows\System\oVivmeK.exe
  C:\Windows\System\oVivmeK.exe
  2⤵
  PID:2348
- C:\Windows\System\LuDrikC.exe
  C:\Windows\System\LuDrikC.exe
  2⤵
  PID:3796
- C:\Windows\System\AOPqoyF.exe
  C:\Windows\System\AOPqoyF.exe
  2⤵
  PID:5116
- C:\Windows\System\YRIPnLG.exe
  C:\Windows\System\YRIPnLG.exe
  2⤵
  PID:5500
- C:\Windows\System\tfuIZnz.exe
  C:\Windows\System\tfuIZnz.exe
  2⤵
  PID:5628
- C:\Windows\System\VnhmzHk.exe
  C:\Windows\System\VnhmzHk.exe
  2⤵
  PID:5296
- C:\Windows\System\uVwAOev.exe
  C:\Windows\System\uVwAOev.exe
  2⤵
  PID:5676
- C:\Windows\System\VCSlpby.exe
  C:\Windows\System\VCSlpby.exe
  2⤵
  PID:4584
- C:\Windows\System\BQebcNn.exe
  C:\Windows\System\BQebcNn.exe
  2⤵
  PID:5228
- C:\Windows\System\TGHqwny.exe
  C:\Windows\System\TGHqwny.exe
  2⤵
  PID:5484
- C:\Windows\System\BaavpQx.exe
  C:\Windows\System\BaavpQx.exe
  2⤵
  PID:1804
- C:\Windows\System\FKKfvip.exe
  C:\Windows\System\FKKfvip.exe
  2⤵
  PID:5216
- C:\Windows\System\cxgSPdT.exe
  C:\Windows\System\cxgSPdT.exe
  2⤵
  PID:6020
- C:\Windows\System\MuVFfhA.exe
  C:\Windows\System\MuVFfhA.exe
  2⤵
  PID:5152
- C:\Windows\System\Vyvlxqi.exe
  C:\Windows\System\Vyvlxqi.exe
  2⤵
  PID:4408
- C:\Windows\System\PKtEHaL.exe
  C:\Windows\System\PKtEHaL.exe
  2⤵
  PID:5804
- C:\Windows\System\WYETXNL.exe
  C:\Windows\System\WYETXNL.exe
  2⤵
  PID:6148
- C:\Windows\System\filehRa.exe
  C:\Windows\System\filehRa.exe
  2⤵
  PID:6164
- C:\Windows\System\dljwldn.exe
  C:\Windows\System\dljwldn.exe
  2⤵
  PID:6184
- C:\Windows\System\lmINvJV.exe
  C:\Windows\System\lmINvJV.exe
  2⤵
  PID:6200
- C:\Windows\System\oISWdNl.exe
  C:\Windows\System\oISWdNl.exe
  2⤵
  PID:6216
- C:\Windows\System\fXpTyVt.exe
  C:\Windows\System\fXpTyVt.exe
  2⤵
  PID:6232
- C:\Windows\System\EcsnqWc.exe
  C:\Windows\System\EcsnqWc.exe
  2⤵
  PID:6248
- C:\Windows\System\pnVjfcp.exe
  C:\Windows\System\pnVjfcp.exe
  2⤵
  PID:6264
- C:\Windows\System\tScQdLu.exe
  C:\Windows\System\tScQdLu.exe
  2⤵
  PID:6280
- C:\Windows\System\onZznux.exe
  C:\Windows\System\onZznux.exe
  2⤵
  PID:6296
- C:\Windows\System\eGfLodh.exe
  C:\Windows\System\eGfLodh.exe
  2⤵
  PID:6312
- C:\Windows\System\VKqJRqT.exe
  C:\Windows\System\VKqJRqT.exe
  2⤵
  PID:6328
- C:\Windows\System\YTnPlqE.exe
  C:\Windows\System\YTnPlqE.exe
  2⤵
  PID:6344
- C:\Windows\System\JyzUHKX.exe
  C:\Windows\System\JyzUHKX.exe
  2⤵
  PID:6360
- C:\Windows\System\IPUsCXh.exe
  C:\Windows\System\IPUsCXh.exe
  2⤵
  PID:6376
- C:\Windows\System\qMMCIIy.exe
  C:\Windows\System\qMMCIIy.exe
  2⤵
  PID:6392
- C:\Windows\System\TnrawYH.exe
  C:\Windows\System\TnrawYH.exe
  2⤵
  PID:6408
- C:\Windows\System\VqzHelf.exe
  C:\Windows\System\VqzHelf.exe
  2⤵
  PID:6424
- C:\Windows\System\xOWIaFl.exe
  C:\Windows\System\xOWIaFl.exe
  2⤵
  PID:6440
- C:\Windows\System\aZUWzKx.exe
  C:\Windows\System\aZUWzKx.exe
  2⤵
  PID:6456
- C:\Windows\System\JWusQLi.exe
  C:\Windows\System\JWusQLi.exe
  2⤵
  PID:6472
- C:\Windows\System\NBUeMlE.exe
  C:\Windows\System\NBUeMlE.exe
  2⤵
  PID:6488
- C:\Windows\System\DwyMVTS.exe
  C:\Windows\System\DwyMVTS.exe
  2⤵
  PID:6504
- C:\Windows\System\HJOzFdI.exe
  C:\Windows\System\HJOzFdI.exe
  2⤵
  PID:6520
- C:\Windows\System\nNuFDTN.exe
  C:\Windows\System\nNuFDTN.exe
  2⤵
  PID:6536
- C:\Windows\System\TAxEKOZ.exe
  C:\Windows\System\TAxEKOZ.exe
  2⤵
  PID:6552
- C:\Windows\System\bcPULjn.exe
  C:\Windows\System\bcPULjn.exe
  2⤵
  PID:6568
- C:\Windows\System\TLUulPg.exe
  C:\Windows\System\TLUulPg.exe
  2⤵
  PID:6584
- C:\Windows\System\gdXhVJj.exe
  C:\Windows\System\gdXhVJj.exe
  2⤵
  PID:6600
- C:\Windows\System\HRBdsGe.exe
  C:\Windows\System\HRBdsGe.exe
  2⤵
  PID:6616
- C:\Windows\System\lcjrzxg.exe
  C:\Windows\System\lcjrzxg.exe
  2⤵
  PID:6632
- C:\Windows\System\jgNbouD.exe
  C:\Windows\System\jgNbouD.exe
  2⤵
  PID:6648
- C:\Windows\System\wkeOVzP.exe
  C:\Windows\System\wkeOVzP.exe
  2⤵
  PID:6664
- C:\Windows\System\LHjcWHp.exe
  C:\Windows\System\LHjcWHp.exe
  2⤵
  PID:6680
- C:\Windows\System\jFheBAp.exe
  C:\Windows\System\jFheBAp.exe
  2⤵
  PID:6696
- C:\Windows\System\ZfUmhUC.exe
  C:\Windows\System\ZfUmhUC.exe
  2⤵
  PID:6712
- C:\Windows\System\SdnVOWr.exe
  C:\Windows\System\SdnVOWr.exe
  2⤵
  PID:6728
- C:\Windows\System\zJcTuhn.exe
  C:\Windows\System\zJcTuhn.exe
  2⤵
  PID:6744
- C:\Windows\System\qViGyba.exe
  C:\Windows\System\qViGyba.exe
  2⤵
  PID:6760
- C:\Windows\System\jMULjUo.exe
  C:\Windows\System\jMULjUo.exe
  2⤵
  PID:6776
- C:\Windows\System\lIzeaxt.exe
  C:\Windows\System\lIzeaxt.exe
  2⤵
  PID:6792
- C:\Windows\System\TFwOPoX.exe
  C:\Windows\System\TFwOPoX.exe
  2⤵
  PID:6808
- C:\Windows\System\KDbVAmc.exe
  C:\Windows\System\KDbVAmc.exe
  2⤵
  PID:6824
- C:\Windows\System\ZCTmUVc.exe
  C:\Windows\System\ZCTmUVc.exe
  2⤵
  PID:6840
- C:\Windows\System\BLEDFpL.exe
  C:\Windows\System\BLEDFpL.exe
  2⤵
  PID:6856
- C:\Windows\System\leWsmSz.exe
  C:\Windows\System\leWsmSz.exe
  2⤵
  PID:6872
- C:\Windows\System\EaPkAmV.exe
  C:\Windows\System\EaPkAmV.exe
  2⤵
  PID:6888
- C:\Windows\System\IHhDPtt.exe
  C:\Windows\System\IHhDPtt.exe
  2⤵
  PID:6904
- C:\Windows\System\lbhvFEJ.exe
  C:\Windows\System\lbhvFEJ.exe
  2⤵
  PID:6920
- C:\Windows\System\LFGxRsS.exe
  C:\Windows\System\LFGxRsS.exe
  2⤵
  PID:6936
- C:\Windows\System\RnsmAVE.exe
  C:\Windows\System\RnsmAVE.exe
  2⤵
  PID:6952
- C:\Windows\System\QffeHsC.exe
  C:\Windows\System\QffeHsC.exe
  2⤵
  PID:6968
- C:\Windows\System\QxTRKsr.exe
  C:\Windows\System\QxTRKsr.exe
  2⤵
  PID:6984
- C:\Windows\System\cFVxcVl.exe
  C:\Windows\System\cFVxcVl.exe
  2⤵
  PID:7000
- C:\Windows\System\KyFaXyY.exe
  C:\Windows\System\KyFaXyY.exe
  2⤵
  PID:7016
- C:\Windows\System\XnLgwFc.exe
  C:\Windows\System\XnLgwFc.exe
  2⤵
  PID:7032
- C:\Windows\System\SnyekLZ.exe
  C:\Windows\System\SnyekLZ.exe
  2⤵
  PID:7048
- C:\Windows\System\sqBhUMD.exe
  C:\Windows\System\sqBhUMD.exe
  2⤵
  PID:7064
- C:\Windows\System\excWKQI.exe
  C:\Windows\System\excWKQI.exe
  2⤵
  PID:7080
- C:\Windows\System\rhXohXy.exe
  C:\Windows\System\rhXohXy.exe
  2⤵
  PID:7100
- C:\Windows\System\BcEYyaZ.exe
  C:\Windows\System\BcEYyaZ.exe
  2⤵
  PID:7116
- C:\Windows\System\xnPFGmg.exe
  C:\Windows\System\xnPFGmg.exe
  2⤵
  PID:7132
- C:\Windows\System\hZVDiWK.exe
  C:\Windows\System\hZVDiWK.exe
  2⤵
  PID:7148
- C:\Windows\System\YXKSwak.exe
  C:\Windows\System\YXKSwak.exe
  2⤵
  PID:7164
- C:\Windows\System\MuMOQSr.exe
  C:\Windows\System\MuMOQSr.exe
  2⤵
  PID:5616
- C:\Windows\System\ExsjMcN.exe
  C:\Windows\System\ExsjMcN.exe
  2⤵
  PID:5984
- C:\Windows\System\StQKiRf.exe
  C:\Windows\System\StQKiRf.exe
  2⤵
  PID:5956
- C:\Windows\System\TZVoahE.exe
  C:\Windows\System\TZVoahE.exe
  2⤵
  PID:5968
- C:\Windows\System\dYYwEfy.exe
  C:\Windows\System\dYYwEfy.exe
  2⤵
  PID:6128
- C:\Windows\System\iTgXLju.exe
  C:\Windows\System\iTgXLju.exe
  2⤵
  PID:5012
- C:\Windows\System\NvzoLBl.exe
  C:\Windows\System\NvzoLBl.exe
  2⤵
  PID:5840
- C:\Windows\System\NNqlvKg.exe
  C:\Windows\System\NNqlvKg.exe
  2⤵
  PID:5812
- C:\Windows\System\bswMeXs.exe
  C:\Windows\System\bswMeXs.exe
  2⤵
  PID:4704
- C:\Windows\System\XRTeFCq.exe
  C:\Windows\System\XRTeFCq.exe
  2⤵
  PID:4700
- C:\Windows\System\ZdZfvTJ.exe
  C:\Windows\System\ZdZfvTJ.exe
  2⤵
  PID:6276
- C:\Windows\System\wdMQJNt.exe
  C:\Windows\System\wdMQJNt.exe
  2⤵
  PID:6404
- C:\Windows\System\ObUtqHn.exe
  C:\Windows\System\ObUtqHn.exe
  2⤵
  PID:6592
- C:\Windows\System\rmRljQk.exe
  C:\Windows\System\rmRljQk.exe
  2⤵
  PID:6788
- C:\Windows\System\ZPuehjK.exe
  C:\Windows\System\ZPuehjK.exe
  2⤵
  PID:7108
- C:\Windows\System\UBEWuXa.exe
  C:\Windows\System\UBEWuXa.exe
  2⤵
  PID:2408
- C:\Windows\System\ZzaQpVC.exe
  C:\Windows\System\ZzaQpVC.exe
  2⤵
  PID:7060
- C:\Windows\System\IHPpEwE.exe
  C:\Windows\System\IHPpEwE.exe
  2⤵
  PID:7144
- C:\Windows\System\wXYhyhr.exe
  C:\Windows\System\wXYhyhr.exe
  2⤵
  PID:7156
- C:\Windows\System\YDQWfnD.exe
  C:\Windows\System\YDQWfnD.exe
  2⤵
  PID:5728
- C:\Windows\System\GnbEATP.exe
  C:\Windows\System\GnbEATP.exe
  2⤵
  PID:6004
- C:\Windows\System\JBEnrhZ.exe
  C:\Windows\System\JBEnrhZ.exe
  2⤵
  PID:5212
- C:\Windows\System\VcCiIGo.exe
  C:\Windows\System\VcCiIGo.exe
  2⤵
  PID:4940
- C:\Windows\System\qXViwEe.exe
  C:\Windows\System\qXViwEe.exe
  2⤵
  PID:5808
- C:\Windows\System\rgnVruB.exe
  C:\Windows\System\rgnVruB.exe
  2⤵
  PID:5696
- C:\Windows\System\NplpjwU.exe
  C:\Windows\System\NplpjwU.exe
  2⤵
  PID:6180
- C:\Windows\System\ukkdeJR.exe
  C:\Windows\System\ukkdeJR.exe
  2⤵
  PID:5148
- C:\Windows\System\asBCdul.exe
  C:\Windows\System\asBCdul.exe
  2⤵
  PID:6436
- C:\Windows\System\xhiUBIZ.exe
  C:\Windows\System\xhiUBIZ.exe
  2⤵
  PID:6500
- C:\Windows\System\DjYFHvt.exe
  C:\Windows\System\DjYFHvt.exe
  2⤵
  PID:6308
- C:\Windows\System\ZrjXFWw.exe
  C:\Windows\System\ZrjXFWw.exe
  2⤵
  PID:6372
- C:\Windows\System\iXaMlut.exe
  C:\Windows\System\iXaMlut.exe
  2⤵
  PID:6564
- C:\Windows\System\LLOjYOE.exe
  C:\Windows\System\LLOjYOE.exe
  2⤵
  PID:6656
- C:\Windows\System\iohcgpu.exe
  C:\Windows\System\iohcgpu.exe
  2⤵
  PID:6820
- C:\Windows\System\uRrIitD.exe
  C:\Windows\System\uRrIitD.exe
  2⤵
  PID:6752
- C:\Windows\System\eCaMoRD.exe
  C:\Windows\System\eCaMoRD.exe
  2⤵
  PID:6916
- C:\Windows\System\xUxKIHa.exe
  C:\Windows\System\xUxKIHa.exe
  2⤵
  PID:6980
- C:\Windows\System\SnbQEyc.exe
  C:\Windows\System\SnbQEyc.exe
  2⤵
  PID:6320
- C:\Windows\System\wpVeOmM.exe
  C:\Windows\System\wpVeOmM.exe
  2⤵
  PID:6416
- C:\Windows\System\eiTiHaO.exe
  C:\Windows\System\eiTiHaO.exe
  2⤵
  PID:6480
- C:\Windows\System\ZlkqnNN.exe
  C:\Windows\System\ZlkqnNN.exe
  2⤵
  PID:6576
- C:\Windows\System\JHgahiH.exe
  C:\Windows\System\JHgahiH.exe
  2⤵
  PID:3060
- C:\Windows\System\qHhgFvk.exe
  C:\Windows\System\qHhgFvk.exe
  2⤵
  PID:6708
- C:\Windows\System\tigErSq.exe
  C:\Windows\System\tigErSq.exe
  2⤵
  PID:6804
- C:\Windows\System\DADBzoq.exe
  C:\Windows\System\DADBzoq.exe
  2⤵
  PID:2880
- C:\Windows\System\dWAJKBC.exe
  C:\Windows\System\dWAJKBC.exe
  2⤵
  PID:2060
- C:\Windows\System\RnbMjkJ.exe
  C:\Windows\System\RnbMjkJ.exe
  2⤵
  PID:2556
- C:\Windows\System\rzpqswL.exe
  C:\Windows\System\rzpqswL.exe
  2⤵
  PID:5548
- C:\Windows\System\HAQUIYV.exe
  C:\Windows\System\HAQUIYV.exe
  2⤵
  PID:2896
- C:\Windows\System\gceOuOp.exe
  C:\Windows\System\gceOuOp.exe
  2⤵
  PID:6624
- C:\Windows\System\HcbrIWl.exe
  C:\Windows\System\HcbrIWl.exe
  2⤵
  PID:5740
- C:\Windows\System\JVYqbKr.exe
  C:\Windows\System\JVYqbKr.exe
  2⤵
  PID:5940
- C:\Windows\System\zAIFZTy.exe
  C:\Windows\System\zAIFZTy.exe
  2⤵
  PID:5680
- C:\Windows\System\NGYEIcf.exe
  C:\Windows\System\NGYEIcf.exe
  2⤵
  PID:6304
- C:\Windows\System\fhSTWhc.exe
  C:\Windows\System\fhSTWhc.exe
  2⤵
  PID:6368
- C:\Windows\System\SdkFDtp.exe
  C:\Windows\System\SdkFDtp.exe
  2⤵
  PID:6176
- C:\Windows\System\xxJVgHX.exe
  C:\Windows\System\xxJVgHX.exe
  2⤵
  PID:6852
- C:\Windows\System\pAPzafm.exe
  C:\Windows\System\pAPzafm.exe
  2⤵
  PID:3492
- C:\Windows\System\daIxjUX.exe
  C:\Windows\System\daIxjUX.exe
  2⤵
  PID:2032
- C:\Windows\System\nLnWccn.exe
  C:\Windows\System\nLnWccn.exe
  2⤵
  PID:2404
- C:\Windows\System\mUlMPau.exe
  C:\Windows\System\mUlMPau.exe
  2⤵
  PID:7040
- C:\Windows\System\wkjBYkN.exe
  C:\Windows\System\wkjBYkN.exe
  2⤵
  PID:6260
- C:\Windows\System\ZZPooSW.exe
  C:\Windows\System\ZZPooSW.exe
  2⤵
  PID:2496
- C:\Windows\System\RNbKLmv.exe
  C:\Windows\System\RNbKLmv.exe
  2⤵
  PID:6784
- C:\Windows\System\LDnVtvE.exe
  C:\Windows\System\LDnVtvE.exe
  2⤵
  PID:6612
- C:\Windows\System\sYnCJtH.exe
  C:\Windows\System\sYnCJtH.exe
  2⤵
  PID:2684
- C:\Windows\System\JprYDXj.exe
  C:\Windows\System\JprYDXj.exe
  2⤵
  PID:2860
- C:\Windows\System\evwPoib.exe
  C:\Windows\System\evwPoib.exe
  2⤵
  PID:3476
- C:\Windows\System\mxyEVvj.exe
  C:\Windows\System\mxyEVvj.exe
  2⤵
  PID:6768
- C:\Windows\System\DRxiLGT.exe
  C:\Windows\System\DRxiLGT.exe
  2⤵
  PID:7028
- C:\Windows\System\dGfUjHw.exe
  C:\Windows\System\dGfUjHw.exe
  2⤵
  PID:7092
- C:\Windows\System\IIDNQqd.exe
  C:\Windows\System\IIDNQqd.exe
  2⤵
  PID:2752
- C:\Windows\System\rRKcbUq.exe
  C:\Windows\System\rRKcbUq.exe
  2⤵
  PID:3472
- C:\Windows\System\VjWDAWC.exe
  C:\Windows\System\VjWDAWC.exe
  2⤵
  PID:3484
- C:\Windows\System\ueOgqaN.exe
  C:\Windows\System\ueOgqaN.exe
  2⤵
  PID:6532
- C:\Windows\System\FzkcxVH.exe
  C:\Windows\System\FzkcxVH.exe
  2⤵
  PID:3488
- C:\Windows\System\gZlUcTY.exe
  C:\Windows\System\gZlUcTY.exe
  2⤵
  PID:4956
- C:\Windows\System\GSwiuzl.exe
  C:\Windows\System\GSwiuzl.exe
  2⤵
  PID:6448
- C:\Windows\System\agUqdGy.exe
  C:\Windows\System\agUqdGy.exe
  2⤵
  PID:6880
- C:\Windows\System\wLQkNeJ.exe
  C:\Windows\System\wLQkNeJ.exe
  2⤵
  PID:1252
- C:\Windows\System\UdvvWaF.exe
  C:\Windows\System\UdvvWaF.exe
  2⤵
  PID:2188
- C:\Windows\System\eVjRXKY.exe
  C:\Windows\System\eVjRXKY.exe
  2⤵
  PID:6836
- C:\Windows\System\tzRdpyh.exe
  C:\Windows\System\tzRdpyh.exe
  2⤵
  PID:2740
- C:\Windows\System\EkfGedD.exe
  C:\Windows\System\EkfGedD.exe
  2⤵
  PID:5876
- C:\Windows\System\zooPtaD.exe
  C:\Windows\System\zooPtaD.exe
  2⤵
  PID:7140
- C:\Windows\System\vkaMVDH.exe
  C:\Windows\System\vkaMVDH.exe
  2⤵
  PID:6340
- C:\Windows\System\HCzOKlt.exe
  C:\Windows\System\HCzOKlt.exe
  2⤵
  PID:2648
- C:\Windows\System\EpFcBXS.exe
  C:\Windows\System\EpFcBXS.exe
  2⤵
  PID:6608
- C:\Windows\System\lqDEXai.exe
  C:\Windows\System\lqDEXai.exe
  2⤵
  PID:2936
- C:\Windows\System\FrprlZj.exe
  C:\Windows\System\FrprlZj.exe
  2⤵
  PID:1776
- C:\Windows\System\yjoqlxx.exe
  C:\Windows\System\yjoqlxx.exe
  2⤵
  PID:2224
- C:\Windows\System\igYNVqv.exe
  C:\Windows\System\igYNVqv.exe
  2⤵
  PID:2336
- C:\Windows\System\qxZxLaR.exe
  C:\Windows\System\qxZxLaR.exe
  2⤵
  PID:2816
- C:\Windows\System\knNVRFp.exe
  C:\Windows\System\knNVRFp.exe
  2⤵
  PID:2116
- C:\Windows\System\dzXxMPf.exe
  C:\Windows\System\dzXxMPf.exe
  2⤵
  PID:5788
- C:\Windows\System\djAfOZG.exe
  C:\Windows\System\djAfOZG.exe
  2⤵
  PID:6800
- C:\Windows\System\YlQQWel.exe
  C:\Windows\System\YlQQWel.exe
  2⤵
  PID:1832
- C:\Windows\System\AiZbsWx.exe
  C:\Windows\System\AiZbsWx.exe
  2⤵
  PID:1504
- C:\Windows\System\UUsdWXh.exe
  C:\Windows\System\UUsdWXh.exe
  2⤵
  PID:6640
- C:\Windows\System\wQjbSyY.exe
  C:\Windows\System\wQjbSyY.exe
  2⤵
  PID:7176
- C:\Windows\System\sDomUro.exe
  C:\Windows\System\sDomUro.exe
  2⤵
  PID:7196
- C:\Windows\System\ELsFncx.exe
  C:\Windows\System\ELsFncx.exe
  2⤵
  PID:7212
- C:\Windows\System\GjCFojk.exe
  C:\Windows\System\GjCFojk.exe
  2⤵
  PID:7232
- C:\Windows\System\peDfysj.exe
  C:\Windows\System\peDfysj.exe
  2⤵
  PID:7256
- C:\Windows\System\gaHezje.exe
  C:\Windows\System\gaHezje.exe
  2⤵
  PID:7316
- C:\Windows\System\SaYktXv.exe
  C:\Windows\System\SaYktXv.exe
  2⤵
  PID:7332
- C:\Windows\System\ACVXKho.exe
  C:\Windows\System\ACVXKho.exe
  2⤵
  PID:7348
- C:\Windows\System\aeUtFVh.exe
  C:\Windows\System\aeUtFVh.exe
  2⤵
  PID:7368
- C:\Windows\System\Zqzeqhq.exe
  C:\Windows\System\Zqzeqhq.exe
  2⤵
  PID:7384
- C:\Windows\System\zVJasIh.exe
  C:\Windows\System\zVJasIh.exe
  2⤵
  PID:7400
- C:\Windows\System\JQvBAdc.exe
  C:\Windows\System\JQvBAdc.exe
  2⤵
  PID:7420
- C:\Windows\System\JfKkWWP.exe
  C:\Windows\System\JfKkWWP.exe
  2⤵
  PID:7436
- C:\Windows\System\nQYxaIx.exe
  C:\Windows\System\nQYxaIx.exe
  2⤵
  PID:7452
- C:\Windows\System\cpztEEW.exe
  C:\Windows\System\cpztEEW.exe
  2⤵
  PID:7504
- C:\Windows\System\LkFEbnB.exe
  C:\Windows\System\LkFEbnB.exe
  2⤵
  PID:7520
- C:\Windows\System\resCexd.exe
  C:\Windows\System\resCexd.exe
  2⤵
  PID:7536
- C:\Windows\System\SDKLZyv.exe
  C:\Windows\System\SDKLZyv.exe
  2⤵
  PID:7552
- C:\Windows\System\omuERwR.exe
  C:\Windows\System\omuERwR.exe
  2⤵
  PID:7568
- C:\Windows\System\KxDaibS.exe
  C:\Windows\System\KxDaibS.exe
  2⤵
  PID:7584
- C:\Windows\System\grecxBc.exe
  C:\Windows\System\grecxBc.exe
  2⤵
  PID:7600
- C:\Windows\System\WyCRcUW.exe
  C:\Windows\System\WyCRcUW.exe
  2⤵
  PID:7616
- C:\Windows\System\CeqKdio.exe
  C:\Windows\System\CeqKdio.exe
  2⤵
  PID:7652
- C:\Windows\System\uPjoXiL.exe
  C:\Windows\System\uPjoXiL.exe
  2⤵
  PID:7668
- C:\Windows\System\YNtTuHd.exe
  C:\Windows\System\YNtTuHd.exe
  2⤵
  PID:7692
- C:\Windows\System\zFDrauG.exe
  C:\Windows\System\zFDrauG.exe
  2⤵
  PID:7712
- C:\Windows\System\kESeyfn.exe
  C:\Windows\System\kESeyfn.exe
  2⤵
  PID:7732
- C:\Windows\System\wCSzdAb.exe
  C:\Windows\System\wCSzdAb.exe
  2⤵
  PID:7748
- C:\Windows\System\xTNoXNx.exe
  C:\Windows\System\xTNoXNx.exe
  2⤵
  PID:7768
- C:\Windows\System\gzMYxut.exe
  C:\Windows\System\gzMYxut.exe
  2⤵
  PID:7788
- C:\Windows\System\QJrrkSg.exe
  C:\Windows\System\QJrrkSg.exe
  2⤵
  PID:7804
- C:\Windows\System\VvVtnuA.exe
  C:\Windows\System\VvVtnuA.exe
  2⤵
  PID:7820
- C:\Windows\System\DJupmgH.exe
  C:\Windows\System\DJupmgH.exe
  2⤵
  PID:7836
- C:\Windows\System\PbVyYjC.exe
  C:\Windows\System\PbVyYjC.exe
  2⤵
  PID:7852
- C:\Windows\System\ZgWGXio.exe
  C:\Windows\System\ZgWGXio.exe
  2⤵
  PID:7876
- C:\Windows\System\QSUBncm.exe
  C:\Windows\System\QSUBncm.exe
  2⤵
  PID:7896
- C:\Windows\System\zUlsXCJ.exe
  C:\Windows\System\zUlsXCJ.exe
  2⤵
  PID:7916
- C:\Windows\System\ENPMkad.exe
  C:\Windows\System\ENPMkad.exe
  2⤵
  PID:7940
- C:\Windows\System\ibNmoNt.exe
  C:\Windows\System\ibNmoNt.exe
  2⤵
  PID:7960
- C:\Windows\System\IHdBcyO.exe
  C:\Windows\System\IHdBcyO.exe
  2⤵
  PID:7976
- C:\Windows\System\QgPfZqW.exe
  C:\Windows\System\QgPfZqW.exe
  2⤵
  PID:7996
- C:\Windows\System\yDDiQGE.exe
  C:\Windows\System\yDDiQGE.exe
  2⤵
  PID:8016
- C:\Windows\System\mRLnhcL.exe
  C:\Windows\System\mRLnhcL.exe
  2⤵
  PID:8044
- C:\Windows\System\WGHlaUY.exe
  C:\Windows\System\WGHlaUY.exe
  2⤵
  PID:8064
- C:\Windows\System\tKiNeQf.exe
  C:\Windows\System\tKiNeQf.exe
  2⤵
  PID:8084
- C:\Windows\System\ETXTadu.exe
  C:\Windows\System\ETXTadu.exe
  2⤵
  PID:8104
- C:\Windows\System\YIAKQTL.exe
  C:\Windows\System\YIAKQTL.exe
  2⤵
  PID:8120
- C:\Windows\System\Uidugwp.exe
  C:\Windows\System\Uidugwp.exe
  2⤵
  PID:8148
- C:\Windows\System\apMaZFz.exe
  C:\Windows\System\apMaZFz.exe
  2⤵
  PID:8172
- C:\Windows\System\jGDoRYu.exe
  C:\Windows\System\jGDoRYu.exe
  2⤵
  PID:8188
- C:\Windows\System\TifCTZa.exe
  C:\Windows\System\TifCTZa.exe
  2⤵
  PID:6672
- C:\Windows\System\xotQtPZ.exe
  C:\Windows\System\xotQtPZ.exe
  2⤵
  PID:7240
- C:\Windows\System\lAVYToV.exe
  C:\Windows\System\lAVYToV.exe
  2⤵
  PID:3404
- C:\Windows\System\FnePyAP.exe
  C:\Windows\System\FnePyAP.exe
  2⤵
  PID:7184
- C:\Windows\System\SqOMNmc.exe
  C:\Windows\System\SqOMNmc.exe
  2⤵
  PID:2516
- C:\Windows\System\HiOfLdt.exe
  C:\Windows\System\HiOfLdt.exe
  2⤵
  PID:7272
- C:\Windows\System\YnhVZER.exe
  C:\Windows\System\YnhVZER.exe
  2⤵
  PID:7284
- C:\Windows\System\CbOorDY.exe
  C:\Windows\System\CbOorDY.exe
  2⤵
  PID:7300
- C:\Windows\System\bfhauJN.exe
  C:\Windows\System\bfhauJN.exe
  2⤵
  PID:7312
- C:\Windows\System\QRoFaIc.exe
  C:\Windows\System\QRoFaIc.exe
  2⤵
  PID:7364
- C:\Windows\System\zVjYekl.exe
  C:\Windows\System\zVjYekl.exe
  2⤵
  PID:7408
- C:\Windows\System\BfVxwwm.exe
  C:\Windows\System\BfVxwwm.exe
  2⤵
  PID:7416
- C:\Windows\System\pmtHJqc.exe
  C:\Windows\System\pmtHJqc.exe
  2⤵
  PID:7472
- C:\Windows\System\DeDvyTl.exe
  C:\Windows\System\DeDvyTl.exe
  2⤵
  PID:7484
- C:\Windows\System\oFyiIZq.exe
  C:\Windows\System\oFyiIZq.exe
  2⤵
  PID:7500
- C:\Windows\System\ykDftKc.exe
  C:\Windows\System\ykDftKc.exe
  2⤵
  PID:6720
- C:\Windows\System\bDbLxfL.exe
  C:\Windows\System\bDbLxfL.exe
  2⤵
  PID:7596
- C:\Windows\System\cCvpkMg.exe
  C:\Windows\System\cCvpkMg.exe
  2⤵
  PID:7608
- C:\Windows\System\AGzLdZi.exe
  C:\Windows\System\AGzLdZi.exe
  2⤵
  PID:7648
- C:\Windows\System\EWeXAug.exe
  C:\Windows\System\EWeXAug.exe
  2⤵
  PID:7684
- C:\Windows\System\ozSJKTE.exe
  C:\Windows\System\ozSJKTE.exe
  2⤵
  PID:7688
- C:\Windows\System\DYwqufF.exe
  C:\Windows\System\DYwqufF.exe
  2⤵
  PID:7780
- C:\Windows\System\GBmnmgQ.exe
  C:\Windows\System\GBmnmgQ.exe
  2⤵
  PID:7816
- C:\Windows\System\fNjNvuW.exe
  C:\Windows\System\fNjNvuW.exe
  2⤵
  PID:7888
- C:\Windows\System\vMVvftZ.exe
  C:\Windows\System\vMVvftZ.exe
  2⤵
  PID:7932
- C:\Windows\System\xvBBjNW.exe
  C:\Windows\System\xvBBjNW.exe
  2⤵
  PID:7864
- C:\Windows\System\wBMnWjK.exe
  C:\Windows\System\wBMnWjK.exe
  2⤵
  PID:8096
- C:\Windows\System\sHUDEex.exe
  C:\Windows\System\sHUDEex.exe
  2⤵
  PID:7912
- C:\Windows\System\bDYeUBG.exe
  C:\Windows\System\bDYeUBG.exe
  2⤵
  PID:8128
- C:\Windows\System\drKZKKT.exe
  C:\Windows\System\drKZKKT.exe
  2⤵
  PID:7872
- C:\Windows\System\zmraZBz.exe
  C:\Windows\System\zmraZBz.exe
  2⤵
  PID:7828
- C:\Windows\System\cQtLzUj.exe
  C:\Windows\System\cQtLzUj.exe
  2⤵
  PID:8028
- C:\Windows\System\YGqXQdI.exe
  C:\Windows\System\YGqXQdI.exe
  2⤵
  PID:8072
- C:\Windows\System\CmtjQdj.exe
  C:\Windows\System\CmtjQdj.exe
  2⤵
  PID:8116
- C:\Windows\System\RDkdcAG.exe
  C:\Windows\System\RDkdcAG.exe
  2⤵
  PID:6832
- C:\Windows\System\ULyQTqW.exe
  C:\Windows\System\ULyQTqW.exe
  2⤵
  PID:8160
- C:\Windows\System\iCOIyYc.exe
  C:\Windows\System\iCOIyYc.exe
  2⤵
  PID:6256
- C:\Windows\System\NDlbMNj.exe
  C:\Windows\System\NDlbMNj.exe
  2⤵
  PID:6452
- C:\Windows\System\KdWNHfY.exe
  C:\Windows\System\KdWNHfY.exe
  2⤵
  PID:1616
- C:\Windows\System\QgRfKYk.exe
  C:\Windows\System\QgRfKYk.exe
  2⤵
  PID:1636
- C:\Windows\System\irPmLrl.exe
  C:\Windows\System\irPmLrl.exe
  2⤵
  PID:7188
- C:\Windows\System\XsxNvCk.exe
  C:\Windows\System\XsxNvCk.exe
  2⤵
  PID:7296
- C:\Windows\System\WTUQpfa.exe
  C:\Windows\System\WTUQpfa.exe
  2⤵
  PID:7380
- C:\Windows\System\XWFsVOD.exe
  C:\Windows\System\XWFsVOD.exe
  2⤵
  PID:7308
- C:\Windows\System\grfGsZI.exe
  C:\Windows\System\grfGsZI.exe
  2⤵
  PID:7228
- C:\Windows\System\vpyvjCC.exe
  C:\Windows\System\vpyvjCC.exe
  2⤵
  PID:7360
- C:\Windows\System\CZyoYoP.exe
  C:\Windows\System\CZyoYoP.exe
  2⤵
  PID:7432
- C:\Windows\System\TapXApT.exe
  C:\Windows\System\TapXApT.exe
  2⤵
  PID:7476
- C:\Windows\System\xRdBTgO.exe
  C:\Windows\System\xRdBTgO.exe
  2⤵
  PID:6496
- C:\Windows\System\QnxtioO.exe
  C:\Windows\System\QnxtioO.exe
  2⤵
  PID:7632
- C:\Windows\System\BtMwQwc.exe
  C:\Windows\System\BtMwQwc.exe
  2⤵
  PID:7708
- C:\Windows\System\TALBAmd.exe
  C:\Windows\System\TALBAmd.exe
  2⤵
  PID:7676
- C:\Windows\System\fcwEruW.exe
  C:\Windows\System\fcwEruW.exe
  2⤵
  PID:7680
- C:\Windows\System\MbfaWYP.exe
  C:\Windows\System\MbfaWYP.exe
  2⤵
  PID:7848
- C:\Windows\System\kIEXlUq.exe
  C:\Windows\System\kIEXlUq.exe
  2⤵
  PID:1172
- C:\Windows\System\fHKaeJD.exe
  C:\Windows\System\fHKaeJD.exe
  2⤵
  PID:7324
- C:\Windows\System\czwNTdN.exe
  C:\Windows\System\czwNTdN.exe
  2⤵
  PID:7328
- C:\Windows\System\iuXiCmB.exe
  C:\Windows\System\iuXiCmB.exe
  2⤵
  PID:7592
- C:\Windows\System\lqUbJYP.exe
  C:\Windows\System\lqUbJYP.exe
  2⤵
  PID:7924
- C:\Windows\System\CgKSCyP.exe
  C:\Windows\System\CgKSCyP.exe
  2⤵
  PID:6724
- C:\Windows\System\VgWizQE.exe
  C:\Windows\System\VgWizQE.exe
  2⤵
  PID:8036
- C:\Windows\System\cxjzXYs.exe
  C:\Windows\System\cxjzXYs.exe
  2⤵
  PID:8184
- C:\Windows\System\pgpCUJX.exe
  C:\Windows\System\pgpCUJX.exe
  2⤵
  PID:8180
- C:\Windows\System\PaBnNqr.exe
  C:\Windows\System\PaBnNqr.exe
  2⤵
  PID:7356
- C:\Windows\System\MODXVtl.exe
  C:\Windows\System\MODXVtl.exe
  2⤵
  PID:7496
- C:\Windows\System\GEjwOAb.exe
  C:\Windows\System\GEjwOAb.exe
  2⤵
  PID:7704
- C:\Windows\System\nZpyske.exe
  C:\Windows\System\nZpyske.exe
  2⤵
  PID:8140
- C:\Windows\System\yfHbxmh.exe
  C:\Windows\System\yfHbxmh.exe
  2⤵
  PID:7956
- C:\Windows\System\mWEXneU.exe
  C:\Windows\System\mWEXneU.exe
  2⤵
  PID:2652
- C:\Windows\System\vrLsRvV.exe
  C:\Windows\System\vrLsRvV.exe
  2⤵
  PID:7984
- C:\Windows\System\DdlMMuQ.exe
  C:\Windows\System\DdlMMuQ.exe
  2⤵
  PID:8052
- C:\Windows\System\LuueUrR.exe
  C:\Windows\System\LuueUrR.exe
  2⤵
  PID:8024
- C:\Windows\System\gVUuoJt.exe
  C:\Windows\System\gVUuoJt.exe
  2⤵
  PID:3004
- C:\Windows\System\rPyLEnH.exe
  C:\Windows\System\rPyLEnH.exe
  2⤵
  PID:1188
- C:\Windows\System\JPCfrFH.exe
  C:\Windows\System\JPCfrFH.exe
  2⤵
  PID:7468
- C:\Windows\System\pswfKWo.exe
  C:\Windows\System\pswfKWo.exe
  2⤵
  PID:7764
- C:\Windows\System\PeStMdo.exe
  C:\Windows\System\PeStMdo.exe
  2⤵
  PID:7624
- C:\Windows\System\IPJtinV.exe
  C:\Windows\System\IPJtinV.exe
  2⤵
  PID:7224
- C:\Windows\System\VZIJmdJ.exe
  C:\Windows\System\VZIJmdJ.exe
  2⤵
  PID:8168
- C:\Windows\System\weHCYoD.exe
  C:\Windows\System\weHCYoD.exe
  2⤵
  PID:7640
- C:\Windows\System\HFGRqfG.exe
  C:\Windows\System\HFGRqfG.exe
  2⤵
  PID:7904
- C:\Windows\System\pasMVAd.exe
  C:\Windows\System\pasMVAd.exe
  2⤵
  PID:7728
- C:\Windows\System\OQcVHaE.exe
  C:\Windows\System\OQcVHaE.exe
  2⤵
  PID:6548
- C:\Windows\System\lsDLsaa.exe
  C:\Windows\System\lsDLsaa.exe
  2⤵
  PID:6208
- C:\Windows\System\RQUHZyJ.exe
  C:\Windows\System\RQUHZyJ.exe
  2⤵
  PID:7292
- C:\Windows\System\oixNuLz.exe
  C:\Windows\System\oixNuLz.exe
  2⤵
  PID:8060
- C:\Windows\System\OGvEUxs.exe
  C:\Windows\System\OGvEUxs.exe
  2⤵
  PID:8200
- C:\Windows\System\MVsKByE.exe
  C:\Windows\System\MVsKByE.exe
  2⤵
  PID:8216
- C:\Windows\System\UpDpJvK.exe
  C:\Windows\System\UpDpJvK.exe
  2⤵
  PID:8236
- C:\Windows\System\hDXTLYi.exe
  C:\Windows\System\hDXTLYi.exe
  2⤵
  PID:8252
- C:\Windows\System\FDOBfXv.exe
  C:\Windows\System\FDOBfXv.exe
  2⤵
  PID:8268
- C:\Windows\System\DGqsGlH.exe
  C:\Windows\System\DGqsGlH.exe
  2⤵
  PID:8284
- C:\Windows\System\SlSBqdk.exe
  C:\Windows\System\SlSBqdk.exe
  2⤵
  PID:8300
- C:\Windows\System\wpyyQWZ.exe
  C:\Windows\System\wpyyQWZ.exe
  2⤵
  PID:8316
- C:\Windows\System\FhtmXCC.exe
  C:\Windows\System\FhtmXCC.exe
  2⤵
  PID:8332
- C:\Windows\System\imIlfFO.exe
  C:\Windows\System\imIlfFO.exe
  2⤵
  PID:8348
- C:\Windows\System\uspzMkk.exe
  C:\Windows\System\uspzMkk.exe
  2⤵
  PID:8364
- C:\Windows\System\NBInbWm.exe
  C:\Windows\System\NBInbWm.exe
  2⤵
  PID:8380
- C:\Windows\System\uVsYdeD.exe
  C:\Windows\System\uVsYdeD.exe
  2⤵
  PID:8396
- C:\Windows\System\MGVkGJq.exe
  C:\Windows\System\MGVkGJq.exe
  2⤵
  PID:8424
- C:\Windows\System\GHyEEqn.exe
  C:\Windows\System\GHyEEqn.exe
  2⤵
  PID:8440
- C:\Windows\System\lSVWDuE.exe
  C:\Windows\System\lSVWDuE.exe
  2⤵
  PID:8456
- C:\Windows\System\fdejQIj.exe
  C:\Windows\System\fdejQIj.exe
  2⤵
  PID:8472
- C:\Windows\System\EbsVcOw.exe
  C:\Windows\System\EbsVcOw.exe
  2⤵
  PID:8488
- C:\Windows\System\VZLuQIQ.exe
  C:\Windows\System\VZLuQIQ.exe
  2⤵
  PID:8504
- C:\Windows\System\CnWoCLz.exe
  C:\Windows\System\CnWoCLz.exe
  2⤵
  PID:8520
- C:\Windows\System\JoYWVQR.exe
  C:\Windows\System\JoYWVQR.exe
  2⤵
  PID:8536
- C:\Windows\System\kwLfkzK.exe
  C:\Windows\System\kwLfkzK.exe
  2⤵
  PID:8552
- C:\Windows\System\fKEwSIG.exe
  C:\Windows\System\fKEwSIG.exe
  2⤵
  PID:8568
- C:\Windows\System\mypJqbo.exe
  C:\Windows\System\mypJqbo.exe
  2⤵
  PID:8584
- C:\Windows\System\CpKjFMw.exe
  C:\Windows\System\CpKjFMw.exe
  2⤵
  PID:8600
- C:\Windows\System\CjlNWfk.exe
  C:\Windows\System\CjlNWfk.exe
  2⤵
  PID:8616
- C:\Windows\System\mdOJSWV.exe
  C:\Windows\System\mdOJSWV.exe
  2⤵
  PID:8632
- C:\Windows\System\rOzzaMR.exe
  C:\Windows\System\rOzzaMR.exe
  2⤵
  PID:8648
- C:\Windows\System\XYrLSKJ.exe
  C:\Windows\System\XYrLSKJ.exe
  2⤵
  PID:8664
- C:\Windows\System\nmRNzSh.exe
  C:\Windows\System\nmRNzSh.exe
  2⤵
  PID:8680
- C:\Windows\System\AWBvCvl.exe
  C:\Windows\System\AWBvCvl.exe
  2⤵
  PID:8696
- C:\Windows\System\ZeIQMCd.exe
  C:\Windows\System\ZeIQMCd.exe
  2⤵
  PID:8712
- C:\Windows\System\RctXoXS.exe
  C:\Windows\System\RctXoXS.exe
  2⤵
  PID:8728
- C:\Windows\System\oEJkBqI.exe
  C:\Windows\System\oEJkBqI.exe
  2⤵
  PID:8744
- C:\Windows\System\kbculDY.exe
  C:\Windows\System\kbculDY.exe
  2⤵
  PID:8760
- C:\Windows\System\yaLVbqt.exe
  C:\Windows\System\yaLVbqt.exe
  2⤵
  PID:8776
- C:\Windows\System\tMucloe.exe
  C:\Windows\System\tMucloe.exe
  2⤵
  PID:8792
- C:\Windows\System\mQXppfp.exe
  C:\Windows\System\mQXppfp.exe
  2⤵
  PID:8812
- C:\Windows\System\iuksbcP.exe
  C:\Windows\System\iuksbcP.exe
  2⤵
  PID:8828
- C:\Windows\System\iCEsWIR.exe
  C:\Windows\System\iCEsWIR.exe
  2⤵
  PID:8860
- C:\Windows\System\pjTainN.exe
  C:\Windows\System\pjTainN.exe
  2⤵
  PID:9052
- C:\Windows\System\TKdwkuH.exe
  C:\Windows\System\TKdwkuH.exe
  2⤵
  PID:9168
- C:\Windows\System\bvNJqmt.exe
  C:\Windows\System\bvNJqmt.exe
  2⤵
  PID:9196
- C:\Windows\System\TVLjghs.exe
  C:\Windows\System\TVLjghs.exe
  2⤵
  PID:2044
- C:\Windows\System\QnLrFYy.exe
  C:\Windows\System\QnLrFYy.exe
  2⤵
  PID:1560
- C:\Windows\System\YGHWMCE.exe
  C:\Windows\System\YGHWMCE.exe
  2⤵
  PID:8092
- C:\Windows\System\OvnsuoK.exe
  C:\Windows\System\OvnsuoK.exe
  2⤵
  PID:8196
- C:\Windows\System\IcCybKm.exe
  C:\Windows\System\IcCybKm.exe
  2⤵
  PID:8292
- C:\Windows\System\ECQsfCk.exe
  C:\Windows\System\ECQsfCk.exe
  2⤵
  PID:8356
- C:\Windows\System\umgybqx.exe
  C:\Windows\System\umgybqx.exe
  2⤵
  PID:8392
- C:\Windows\System\SDpHRHj.exe
  C:\Windows\System\SDpHRHj.exe
  2⤵
  PID:8468
- C:\Windows\System\CPYzpJu.exe
  C:\Windows\System\CPYzpJu.exe
  2⤵
  PID:8532
- C:\Windows\System\fvmZxyP.exe
  C:\Windows\System\fvmZxyP.exe
  2⤵
  PID:8624
- C:\Windows\System\KjaUvaH.exe
  C:\Windows\System\KjaUvaH.exe
  2⤵
  PID:8576
- C:\Windows\System\osLGdPk.exe
  C:\Windows\System\osLGdPk.exe
  2⤵
  PID:8592
- C:\Windows\System\ygdXZdl.exe
  C:\Windows\System\ygdXZdl.exe
  2⤵
  PID:8644
- C:\Windows\System\ExAELyh.exe
  C:\Windows\System\ExAELyh.exe
  2⤵
  PID:8688
- C:\Windows\System\eRYMtWl.exe
  C:\Windows\System\eRYMtWl.exe
  2⤵
  PID:8756
- C:\Windows\System\VjueTEp.exe
  C:\Windows\System\VjueTEp.exe
  2⤵
  PID:8772
- C:\Windows\System\SHOZkvG.exe
  C:\Windows\System\SHOZkvG.exe
  2⤵
  PID:8740
- C:\Windows\System\cTGwqdJ.exe
  C:\Windows\System\cTGwqdJ.exe
  2⤵
  PID:8708
- C:\Windows\System\ImWIDvY.exe
  C:\Windows\System\ImWIDvY.exe
  2⤵
  PID:8872
- C:\Windows\System\hraoeJQ.exe
  C:\Windows\System\hraoeJQ.exe
  2⤵
  PID:8900
- C:\Windows\System\GmNpZEO.exe
  C:\Windows\System\GmNpZEO.exe
  2⤵
  PID:992
- C:\Windows\System\VnSOVDV.exe
  C:\Windows\System\VnSOVDV.exe
  2⤵
  PID:8960
- C:\Windows\System\YephqZA.exe
  C:\Windows\System\YephqZA.exe
  2⤵
  PID:8976
- C:\Windows\System\iiUuTSE.exe
  C:\Windows\System\iiUuTSE.exe
  2⤵
  PID:8992
- C:\Windows\System\FMlXtmB.exe
  C:\Windows\System\FMlXtmB.exe
  2⤵
  PID:9012
- C:\Windows\System\zLdZSjM.exe
  C:\Windows\System\zLdZSjM.exe
  2⤵
  PID:9032
- C:\Windows\System\APfRPYV.exe
  C:\Windows\System\APfRPYV.exe
  2⤵
  PID:9064
- C:\Windows\System\hlcCNYp.exe
  C:\Windows\System\hlcCNYp.exe
  2⤵
  PID:9080
- C:\Windows\System\siAXrbs.exe
  C:\Windows\System\siAXrbs.exe
  2⤵
  PID:9104
- C:\Windows\System\dzBeZkC.exe
  C:\Windows\System\dzBeZkC.exe
  2⤵
  PID:9120
- C:\Windows\System\XSMFAtX.exe
  C:\Windows\System\XSMFAtX.exe
  2⤵
  PID:9136
- C:\Windows\System\KqLnPXw.exe
  C:\Windows\System\KqLnPXw.exe
  2⤵
  PID:9160
- C:\Windows\System\UcDMZyk.exe
  C:\Windows\System\UcDMZyk.exe
  2⤵
  PID:9184
- C:\Windows\System\LvLicHa.exe
  C:\Windows\System\LvLicHa.exe
  2⤵
  PID:9212
- C:\Windows\System\axSXgRb.exe
  C:\Windows\System\axSXgRb.exe
  2⤵
  PID:8212
- C:\Windows\System\FRrjUOd.exe
  C:\Windows\System\FRrjUOd.exe
  2⤵
  PID:8312
- C:\Windows\System\blDmTPZ.exe
  C:\Windows\System\blDmTPZ.exe
  2⤵
  PID:7628
- C:\Windows\System\VkotdGz.exe
  C:\Windows\System\VkotdGz.exe
  2⤵
  PID:8328
- C:\Windows\System\ngoKoHX.exe
  C:\Windows\System\ngoKoHX.exe
  2⤵
  PID:8376
- C:\Windows\System\OCmnxOM.exe
  C:\Windows\System\OCmnxOM.exe
  2⤵
  PID:8500
- C:\Windows\System\VvGtfvc.exe
  C:\Windows\System\VvGtfvc.exe
  2⤵
  PID:8452
- C:\Windows\System\BXAHHkj.exe
  C:\Windows\System\BXAHHkj.exe
  2⤵
  PID:8544
- C:\Windows\System\qVxqfdJ.exe
  C:\Windows\System\qVxqfdJ.exe
  2⤵
  PID:8640
- C:\Windows\System\RvmABmu.exe
  C:\Windows\System\RvmABmu.exe
  2⤵
  PID:8724
- C:\Windows\System\wlCnhRn.exe
  C:\Windows\System\wlCnhRn.exe
  2⤵
  PID:8852
- C:\Windows\System\kEvnGeO.exe
  C:\Windows\System\kEvnGeO.exe
  2⤵
  PID:8988
- C:\Windows\System\iQyqNsu.exe
  C:\Windows\System\iQyqNsu.exe
  2⤵
  PID:8916
- C:\Windows\System\ZACpZGx.exe
  C:\Windows\System\ZACpZGx.exe
  2⤵
  PID:9008
- C:\Windows\System\JGyHPCD.exe
  C:\Windows\System\JGyHPCD.exe
  2⤵
  PID:9088
- C:\Windows\System\FrrUWTd.exe
  C:\Windows\System\FrrUWTd.exe
  2⤵
  PID:9116
- C:\Windows\System\FcmiLHC.exe
  C:\Windows\System\FcmiLHC.exe
  2⤵
  PID:9156
- C:\Windows\System\ZVCtwDk.exe
  C:\Windows\System\ZVCtwDk.exe
  2⤵
  PID:8004
- C:\Windows\System\xcktFCI.exe
  C:\Windows\System\xcktFCI.exe
  2⤵
  PID:7800
- C:\Windows\System\xScHWsr.exe
  C:\Windows\System\xScHWsr.exe
  2⤵
  PID:8248
- C:\Windows\System\VmdouKY.exe
  C:\Windows\System\VmdouKY.exe
  2⤵
  PID:8340
- C:\Windows\System\qIuEvrk.exe
  C:\Windows\System\qIuEvrk.exe
  2⤵
  PID:8464
- C:\Windows\System\VcQOZaP.exe
  C:\Windows\System\VcQOZaP.exe
  2⤵
  PID:6196
- C:\Windows\System\EuarTbk.exe
  C:\Windows\System\EuarTbk.exe
  2⤵
  PID:8408
- C:\Windows\System\cvohUtn.exe
  C:\Windows\System\cvohUtn.exe
  2⤵
  PID:8516
- C:\Windows\System\XAntJWW.exe
  C:\Windows\System\XAntJWW.exe
  2⤵
  PID:8720
- C:\Windows\System\qDzZwCi.exe
  C:\Windows\System\qDzZwCi.exe
  2⤵
  PID:8840
- C:\Windows\System\gQVGwWq.exe
  C:\Windows\System\gQVGwWq.exe
  2⤵
  PID:8656
- C:\Windows\System\eEFLPWh.exe
  C:\Windows\System\eEFLPWh.exe
  2⤵
  PID:9028
- C:\Windows\System\LOyLvMm.exe
  C:\Windows\System\LOyLvMm.exe
  2⤵
  PID:8968
- C:\Windows\System\bLyfscv.exe
  C:\Windows\System\bLyfscv.exe
  2⤵
  PID:8892
- C:\Windows\System\UxhJcWM.exe
  C:\Windows\System\UxhJcWM.exe
  2⤵
  PID:9060
- C:\Windows\System\lIKCyzn.exe
  C:\Windows\System\lIKCyzn.exe
  2⤵
  PID:8548
- C:\Windows\System\pqOfnqP.exe
  C:\Windows\System\pqOfnqP.exe
  2⤵
  PID:8528
- C:\Windows\System\uwoPcKk.exe
  C:\Windows\System\uwoPcKk.exe
  2⤵
  PID:8820
- C:\Windows\System\DWWQeTQ.exe
  C:\Windows\System\DWWQeTQ.exe
  2⤵
  PID:8880
- C:\Windows\System\enprLsM.exe
  C:\Windows\System\enprLsM.exe
  2⤵
  PID:9100
- C:\Windows\System\OQFfNyl.exe
  C:\Windows\System\OQFfNyl.exe
  2⤵
  PID:8580
- C:\Windows\System\scHaTzX.exe
  C:\Windows\System\scHaTzX.exe
  2⤵
  PID:9072
- C:\Windows\System\sUOgCSS.exe
  C:\Windows\System\sUOgCSS.exe
  2⤵
  PID:8416
- C:\Windows\System\BGzaEGC.exe
  C:\Windows\System\BGzaEGC.exe
  2⤵
  PID:9020
- C:\Windows\System\MHxJbRC.exe
  C:\Windows\System\MHxJbRC.exe
  2⤵
  PID:8920
- C:\Windows\System\CjIpssK.exe
  C:\Windows\System\CjIpssK.exe
  2⤵
  PID:8884
- C:\Windows\System\xHzTAQV.exe
  C:\Windows\System\xHzTAQV.exe
  2⤵
  PID:8824
- C:\Windows\System\HFFMzCR.exe
  C:\Windows\System\HFFMzCR.exe
  2⤵
  PID:8436
- C:\Windows\System\NsKsUux.exe
  C:\Windows\System\NsKsUux.exe
  2⤵
  PID:8564
- C:\Windows\System\SJtsgBd.exe
  C:\Windows\System\SJtsgBd.exe
  2⤵
  PID:8912
- C:\Windows\System\tvgyfrw.exe
  C:\Windows\System\tvgyfrw.exe
  2⤵
  PID:7868
- C:\Windows\System\JXdxatX.exe
  C:\Windows\System\JXdxatX.exe
  2⤵
  PID:8276
- C:\Windows\System\eqazMTd.exe
  C:\Windows\System\eqazMTd.exe
  2⤵
  PID:8308
- C:\Windows\System\umYcELx.exe
  C:\Windows\System\umYcELx.exe
  2⤵
  PID:9236
- C:\Windows\System\pAIQpia.exe
  C:\Windows\System\pAIQpia.exe
  2⤵
  PID:9260
- C:\Windows\System\xNHmLPX.exe
  C:\Windows\System\xNHmLPX.exe
  2⤵
  PID:9276
- C:\Windows\System\fVcYdaq.exe
  C:\Windows\System\fVcYdaq.exe
  2⤵
  PID:9292
- C:\Windows\System\QuQRILv.exe
  C:\Windows\System\QuQRILv.exe
  2⤵
  PID:9312
- C:\Windows\System\oMYvHty.exe
  C:\Windows\System\oMYvHty.exe
  2⤵
  PID:9328
- C:\Windows\System\CIyjotD.exe
  C:\Windows\System\CIyjotD.exe
  2⤵
  PID:9344
- C:\Windows\System\orHxRut.exe
  C:\Windows\System\orHxRut.exe
  2⤵
  PID:9364
- C:\Windows\System\jKZQUFX.exe
  C:\Windows\System\jKZQUFX.exe
  2⤵
  PID:9380
- C:\Windows\System\qsgabEW.exe
  C:\Windows\System\qsgabEW.exe
  2⤵
  PID:9400
- C:\Windows\System\EykbfkH.exe
  C:\Windows\System\EykbfkH.exe
  2⤵
  PID:9424
- C:\Windows\System\zHLLRgN.exe
  C:\Windows\System\zHLLRgN.exe
  2⤵
  PID:9448
- C:\Windows\System\GMjgsgh.exe
  C:\Windows\System\GMjgsgh.exe
  2⤵
  PID:9464
- C:\Windows\System\TaYlALA.exe
  C:\Windows\System\TaYlALA.exe
  2⤵
  PID:9480
- C:\Windows\System\BHSPivU.exe
  C:\Windows\System\BHSPivU.exe
  2⤵
  PID:9496
- C:\Windows\System\BgwrWZF.exe
  C:\Windows\System\BgwrWZF.exe
  2⤵
  PID:9512
- C:\Windows\System\OmlVCFk.exe
  C:\Windows\System\OmlVCFk.exe
  2⤵
  PID:9532
- C:\Windows\System\wqJTlKH.exe
  C:\Windows\System\wqJTlKH.exe
  2⤵
  PID:9552
- C:\Windows\System\uCAhhmB.exe
  C:\Windows\System\uCAhhmB.exe
  2⤵
  PID:9576
- C:\Windows\System\JLzkxKM.exe
  C:\Windows\System\JLzkxKM.exe
  2⤵
  PID:9596
- C:\Windows\System\bxENiGt.exe
  C:\Windows\System\bxENiGt.exe
  2⤵
  PID:9624
- C:\Windows\System\kqMxqLP.exe
  C:\Windows\System\kqMxqLP.exe
  2⤵
  PID:9644
- C:\Windows\System\dyxeSwQ.exe
  C:\Windows\System\dyxeSwQ.exe
  2⤵
  PID:9664
- C:\Windows\System\gMIBifa.exe
  C:\Windows\System\gMIBifa.exe
  2⤵
  PID:9680
- C:\Windows\System\mELSctH.exe
  C:\Windows\System\mELSctH.exe
  2⤵
  PID:9700
- C:\Windows\System\busSTBM.exe
  C:\Windows\System\busSTBM.exe
  2⤵
  PID:9716
- C:\Windows\System\Rfgtzkw.exe
  C:\Windows\System\Rfgtzkw.exe
  2⤵
  PID:9736
- C:\Windows\System\OXdJwPJ.exe
  C:\Windows\System\OXdJwPJ.exe
  2⤵
  PID:9756
- C:\Windows\System\UqFRncL.exe
  C:\Windows\System\UqFRncL.exe
  2⤵
  PID:9776
- C:\Windows\System\GQQnbvD.exe
  C:\Windows\System\GQQnbvD.exe
  2⤵
  PID:9792
- C:\Windows\System\VFeXiGw.exe
  C:\Windows\System\VFeXiGw.exe
  2⤵
  PID:9808
- C:\Windows\System\FmfJrXN.exe
  C:\Windows\System\FmfJrXN.exe
  2⤵
  PID:9832
- C:\Windows\System\xlyLqzr.exe
  C:\Windows\System\xlyLqzr.exe
  2⤵
  PID:9848
- C:\Windows\System\GQlzFhR.exe
  C:\Windows\System\GQlzFhR.exe
  2⤵
  PID:9872
- C:\Windows\System\pRBLxqb.exe
  C:\Windows\System\pRBLxqb.exe
  2⤵
  PID:9896
- C:\Windows\System\xnnWQMR.exe
  C:\Windows\System\xnnWQMR.exe
  2⤵
  PID:9932
- C:\Windows\System\giqxJNM.exe
  C:\Windows\System\giqxJNM.exe
  2⤵
  PID:9952
- C:\Windows\System\nKFsyRo.exe
  C:\Windows\System\nKFsyRo.exe
  2⤵
  PID:9972
- C:\Windows\System\bWKEDxO.exe
  C:\Windows\System\bWKEDxO.exe
  2⤵
  PID:9988
- C:\Windows\System\DoyjFUf.exe
  C:\Windows\System\DoyjFUf.exe
  2⤵
  PID:10008
- C:\Windows\System\bPhjVIz.exe
  C:\Windows\System\bPhjVIz.exe
  2⤵
  PID:10024
- C:\Windows\System\nRVWeKh.exe
  C:\Windows\System\nRVWeKh.exe
  2⤵
  PID:10040
- C:\Windows\System\ljWQtZa.exe
  C:\Windows\System\ljWQtZa.exe
  2⤵
  PID:10064
- C:\Windows\System\VkSNnDX.exe
  C:\Windows\System\VkSNnDX.exe
  2⤵
  PID:10084
- C:\Windows\System\zumKerV.exe
  C:\Windows\System\zumKerV.exe
  2⤵
  PID:10104
- C:\Windows\System\sNkedYC.exe
  C:\Windows\System\sNkedYC.exe
  2⤵
  PID:10124
- C:\Windows\System\XafSEli.exe
  C:\Windows\System\XafSEli.exe
  2⤵
  PID:10144
- C:\Windows\System\EaxFGPz.exe
  C:\Windows\System\EaxFGPz.exe
  2⤵
  PID:10164
- C:\Windows\System\KTdBlvH.exe
  C:\Windows\System\KTdBlvH.exe
  2⤵
  PID:10188
- C:\Windows\System\faSgEcJ.exe
  C:\Windows\System\faSgEcJ.exe
  2⤵
  PID:10204
- C:\Windows\System\ZCgjBRF.exe
  C:\Windows\System\ZCgjBRF.exe
  2⤵
  PID:10220
- C:\Windows\System\jAcslif.exe
  C:\Windows\System\jAcslif.exe
  2⤵
  PID:8844
- C:\Windows\System\uuPKmHi.exe
  C:\Windows\System\uuPKmHi.exe
  2⤵
  PID:9232
- C:\Windows\System\dhrWjFw.exe
  C:\Windows\System\dhrWjFw.exe
  2⤵
  PID:9228
- C:\Windows\System\uECntcn.exe
  C:\Windows\System\uECntcn.exe
  2⤵
  PID:9372
- C:\Windows\System\wnnGfFu.exe
  C:\Windows\System\wnnGfFu.exe
  2⤵
  PID:9420
- C:\Windows\System\UCakWoA.exe
  C:\Windows\System\UCakWoA.exe
  2⤵
  PID:9488
- C:\Windows\System\nZdrEHx.exe
  C:\Windows\System\nZdrEHx.exe
  2⤵
  PID:9572
- C:\Windows\System\DSPuzKU.exe
  C:\Windows\System\DSPuzKU.exe
  2⤵
  PID:9620
- C:\Windows\System\vMcawNR.exe
  C:\Windows\System\vMcawNR.exe
  2⤵
  PID:9692
- C:\Windows\System\ihVByDH.exe
  C:\Windows\System\ihVByDH.exe
  2⤵
  PID:9732
- C:\Windows\System\KpXmRZG.exe
  C:\Windows\System\KpXmRZG.exe
  2⤵
  PID:9804
- C:\Windows\System\AYJhZQf.exe
  C:\Windows\System\AYJhZQf.exe
  2⤵
  PID:9880
- C:\Windows\System\afuvEHB.exe
  C:\Windows\System\afuvEHB.exe
  2⤵
  PID:9944
- C:\Windows\System\XlBAryA.exe
  C:\Windows\System\XlBAryA.exe
  2⤵
  PID:10016
- C:\Windows\System\jPZihSI.exe
  C:\Windows\System\jPZihSI.exe
  2⤵
  PID:9288
- C:\Windows\System\RlGGbkx.exe
  C:\Windows\System\RlGGbkx.exe
  2⤵
  PID:10100
- C:\Windows\System\hgayWHJ.exe
  C:\Windows\System\hgayWHJ.exe
  2⤵
  PID:9320
- C:\Windows\System\zpQJJUD.exe
  C:\Windows\System\zpQJJUD.exe
  2⤵
  PID:10212
- C:\Windows\System\FKhvBnY.exe
  C:\Windows\System\FKhvBnY.exe
  2⤵
  PID:9352
- C:\Windows\System\mgklscy.exe
  C:\Windows\System\mgklscy.exe
  2⤵
  PID:9140
- C:\Windows\System\GNjGEYH.exe
  C:\Windows\System\GNjGEYH.exe
  2⤵
  PID:7644
- C:\Windows\System\DNUVqIn.exe
  C:\Windows\System\DNUVqIn.exe
  2⤵
  PID:9244
- C:\Windows\System\wkFWUEr.exe
  C:\Windows\System\wkFWUEr.exe
  2⤵
  PID:9520
- C:\Windows\System\pQZLzDl.exe
  C:\Windows\System\pQZLzDl.exe
  2⤵
  PID:9636
- C:\Windows\System\CaaPclX.exe
  C:\Windows\System\CaaPclX.exe
  2⤵
  PID:9724
- C:\Windows\System\ISABgvc.exe
  C:\Windows\System\ISABgvc.exe
  2⤵
  PID:9984
- C:\Windows\System\zDpPJqF.exe
  C:\Windows\System\zDpPJqF.exe
  2⤵
  PID:10172
- C:\Windows\System\OgBDsVO.exe
  C:\Windows\System\OgBDsVO.exe
  2⤵
  PID:9096
- C:\Windows\System\fYapdgY.exe
  C:\Windows\System\fYapdgY.exe
  2⤵
  PID:9608
- C:\Windows\System\LXRhABe.exe
  C:\Windows\System\LXRhABe.exe
  2⤵
  PID:9980
- C:\Windows\System\pXgBpWE.exe
  C:\Windows\System\pXgBpWE.exe
  2⤵
  PID:9844
- C:\Windows\System\JEhSQpu.exe
  C:\Windows\System\JEhSQpu.exe
  2⤵
  PID:10260
- C:\Windows\System\ZyrphOp.exe
  C:\Windows\System\ZyrphOp.exe
  2⤵
  PID:10276
- C:\Windows\System\wvBzjkg.exe
  C:\Windows\System\wvBzjkg.exe
  2⤵
  PID:10292
- C:\Windows\System\TimSOyG.exe
  C:\Windows\System\TimSOyG.exe
  2⤵
  PID:10308
- C:\Windows\System\SCPaJJt.exe
  C:\Windows\System\SCPaJJt.exe
  2⤵
  PID:10424
- C:\Windows\System\GTnhVHo.exe
  C:\Windows\System\GTnhVHo.exe
  2⤵
  PID:10444
- C:\Windows\System\vXGYOBP.exe
  C:\Windows\System\vXGYOBP.exe
  2⤵
  PID:10460
- C:\Windows\System\BzTJPkX.exe
  C:\Windows\System\BzTJPkX.exe
  2⤵
  PID:10476
- C:\Windows\System\PzKiVHQ.exe
  C:\Windows\System\PzKiVHQ.exe
  2⤵
  PID:10492
- C:\Windows\System\odDNaJZ.exe
  C:\Windows\System\odDNaJZ.exe
  2⤵
  PID:10508
- C:\Windows\System\lMlxsha.exe
  C:\Windows\System\lMlxsha.exe
  2⤵
  PID:10524
- C:\Windows\System\LiVobGB.exe
  C:\Windows\System\LiVobGB.exe
  2⤵
  PID:10548
- C:\Windows\System\yYUkwue.exe
  C:\Windows\System\yYUkwue.exe
  2⤵
  PID:10568
- C:\Windows\System\EftXIFw.exe
  C:\Windows\System\EftXIFw.exe
  2⤵
  PID:10588
- C:\Windows\System\kxGMnEL.exe
  C:\Windows\System\kxGMnEL.exe
  2⤵
  PID:10604
- C:\Windows\System\shlPbAH.exe
  C:\Windows\System\shlPbAH.exe
  2⤵
  PID:10620
- C:\Windows\System\YFuTBZQ.exe
  C:\Windows\System\YFuTBZQ.exe
  2⤵
  PID:10636
- C:\Windows\System\iRekptq.exe
  C:\Windows\System\iRekptq.exe
  2⤵
  PID:10652
- C:\Windows\System\LuMCbbc.exe
  C:\Windows\System\LuMCbbc.exe
  2⤵
  PID:10668
- C:\Windows\System\aCuvvHv.exe
  C:\Windows\System\aCuvvHv.exe
  2⤵
  PID:10684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CXEyBLf.exe

Filesize
6.0MB

MD5
6876079de639610554e6b6a0dd8f0278

SHA1
32dc9238fae013238579bbbb2d262776b8b267d4

SHA256
c729b5d7f758ae6019bc2b2dc55b1a701b8fc55399582983c696c3973369cfae

SHA512
769a70ff772a1d429c7c2b801df99a769f10bcd163e8fa082b3053f34b48d59089e56d38aa3ca752be126818b60153227e055e3ac2922fa16e2073a036aace84

Download Submit
C:\Windows\system\CvDONar.exe

Filesize
6.0MB

MD5
e62719bca75ed60b48f308fb7352f540

SHA1
6d7315c9c6fcc5a700dda49bed5af6a7d588ecfc

SHA256
2bb644f6d9a7f3ef7cd76d5be39bf8c1bc83c96604c72a8cfd6f4ced764acfba

SHA512
5fafe6bbaba27e715f8105b7636ebffbbc1e5b0b63deec862e79313cd8982fdb9c9d9d5113ce598629c85f02c86f631ab6216eba759e3c233828a69759686b93

Download Submit
C:\Windows\system\Dopensn.exe

Filesize
6.0MB

MD5
f01082f1594437c0dcc183f6d4bed35b

SHA1
d9d163c0746f9bbec74cb78c29afd4bf3c85078e

SHA256
404551f05a056440f4d249614c4add266471ac38eb2786ceea6e3516ad59f142

SHA512
7706d0d5c76ba8ea065c5a7815057436463b7a65ffd0c2f9169a1fd6d16f6e7f344923d1bae234bbf536bb30946479f889b354fe7d109c458716dae5e36fc23b

Download Submit
C:\Windows\system\DqiYdrs.exe

Filesize
6.0MB

MD5
83170aa221a2169d8043c52c97bedf2b

SHA1
ca969f4b2e11b8b1f614ab701bd0e2fb938ba3b2

SHA256
131eb45a2b89abbcf12bbeaf5bf4eb8986b2f21a2f92dbe8e81b18671b1e15ae

SHA512
66d4bae5b79204bea5d4201e842c5c37be5c73ae029bf9eff8cc5404135b2d648e27371de838c2577c8348dda5c20baf7370cc4a20c05fa2c6a40fb469e83093

Download Submit
C:\Windows\system\GaGhSmA.exe

Filesize
6.0MB

MD5
12dd61861ee584d7209fd71a8ac7783c

SHA1
965361376b65b4db52a13a651bde5143532f8600

SHA256
23c04b7cb2dee4ed5a7ce4eb1768bf97ba02c8b8d1ac8f1bd8c55dd956ce5616

SHA512
e7a13136d39bc8482a341851516e4e0055affde29db579bb591dafa9c90e18aca4869cae3428c2a99b8f0d9827d91e7682c98e141a2aa8c2067cb284c9ec6b75

Download Submit
C:\Windows\system\GpgNUCX.exe

Filesize
6.0MB

MD5
cd07f2dd9459a7bbfcdf5a0c24051378

SHA1
1693918baf5378b6b23b4ef51c71eaad21011603

SHA256
5a068d8ac6bbf0a25de4723ad5cf55025757feaae5996b89afacd3efcff0fa75

SHA512
b150d6b2aac97831a2a2a544c6b3997edd44f65ce6aaa9b67b9cf37171294fd6305a3ebec4d20d0a7154600e52c074988ff00e039be58c501776323c8b5ae9a0

Download Submit
C:\Windows\system\HUllRuM.exe

Filesize
6.0MB

MD5
f072e1579a062d431d6e0d58199fd27d

SHA1
6a3e35b1ae4ca11e1233beb0cb14b56d83ef64a8

SHA256
b1ce6f48b168867aec8fd88cefd45ae8cf61d9f231a9c2073a000684dfcc68b9

SHA512
7e93782d0e777ba68533745dcc6c1e31bfae3008bf0a62edf7de3a5ad32c9d8958a33176b876274344256e4e6a7e3dfb54462a77993bcf6f108b23ae1d468543

Download Submit
C:\Windows\system\JyQoIWD.exe

Filesize
6.0MB

MD5
9003e768e020377209df997aead9a571

SHA1
468e1cdbe888f2a7c31d7565d8493dbd1ab7ad3a

SHA256
d3fc4c07924b4590380d1f358b890970b749eca80ebadf85e6857ac8fe7395c4

SHA512
d60d64594ea43a5c7a0c7f99bcd6ca28564ef60d7741349b06ecad8a9b10a6b2f2a635c59361f9361b425740a1b31d78e8431aeda1cc02d1c1e16964aa6649a1

Download Submit
C:\Windows\system\MCrsfdN.exe

Filesize
6.0MB

MD5
d4d321017348cc7e83555b0858ec6db2

SHA1
688de3b565cbcdb21a978917f46292f8ebb911a6

SHA256
0217a727a47732458ac0a2216ff50d32380dab96fd54afbfa46c972a6ab7dc8d

SHA512
68767b2816d9394579a3162fbe69e22571b3ae6758322271beb8d21726c7bcc4b668d5982559f131178ad30f25971432000586c2fcdb7d3b856b478b0ec01e13

Download Submit
C:\Windows\system\MZoKoQF.exe

Filesize
6.0MB

MD5
5f33741bb6320cf3ad634b4e24a7747c

SHA1
cc1663daaa3888f6d8e053176705f13a500181cf

SHA256
2e9ae3fab8f87b0c905d803057cdbf6ee9473ee981e3bdc1b413efce17c9e1dd

SHA512
558a0e08df968bb382c959ca27b2d4df0179f9446759377d0d34e4dfc32aef1a4e16aef2c1969d3d6c14b776416c6fe10c413ab45bb1efeeebf13d7f857ea491

Download Submit
C:\Windows\system\McJmogG.exe

Filesize
6.0MB

MD5
442eb85bb314f4e72eb55a691435cc48

SHA1
6513309f0d5a2aa03efa871f54bf4de008dd5caa

SHA256
783247f33807b37e2bc003ce030c3664d7e845771452cce32fcdeacd4e1c4e65

SHA512
dddff509bf560eb10ea5f578b9265b6f006cb5cb030ec4c609d22615efd6ef04d1b1d7bb814eafea7c6d19783b412be3b9c771d7a5a188c41a2545543414ea46

Download Submit
C:\Windows\system\RVxoJyy.exe

Filesize
6.0MB

MD5
5eb3e5d665b828807df9620f1d5a0cee

SHA1
a933a67e339d09ebe4413025b6551c8b9bb82aeb

SHA256
1a9f1351099376ac8c497ed312fca54cfaf263e3cd1e9eefed97465d9d7e74ee

SHA512
7cb8669f383cbdf7af1da8f2869c11a7c7fd7fa2cd6ff22d819d551e4bb139a563ce8a0e8744c996b8feb57289cb7b7a145c618e54d768806056c14a3470fe1c

Download Submit
C:\Windows\system\SJfCKmp.exe

Filesize
6.0MB

MD5
7aae6496f4fa6dae2e50c4021fe22aaa

SHA1
7b28dfc47744fda7cb74b0fdb80bafdd6d22655c

SHA256
6d6d7348827e341b9cef2fb099ba376c9a4fe92943e2ca21ed54ecdf152d60d3

SHA512
a2bdba025a1c000ba2f697f6891dc6e579cd04c4db9dda0ce8d7bfb612029f5de2a6a149f855191bdb2cd0dc8507754f188f33455799b64e7fdba8c156c41338

Download Submit
C:\Windows\system\SwFTrzf.exe

Filesize
6.0MB

MD5
8c907cfbdad5ec1f987e086d81ca76b3

SHA1
6187cb3f47079570d3434c1b3b0c46d4da886e0e

SHA256
99bebed1e6c4738ab160fb312de36cb11abdf687f0d539b337f360bd5d45bbe7

SHA512
bd28634e0f7757c75ecb8a54cc2d0bec60da2323c9651d2cd8e6089683db19df854918930631ca8c6cb0c273fc7e66ace5a1320389325b0bd5e549096dcd798c

Download Submit
C:\Windows\system\UtPthIC.exe

Filesize
6.0MB

MD5
68ba41ac3c4daae0d6cd5fb81d0410db

SHA1
499b13ad4a4c5287e6d2a638037e5f8036510743

SHA256
4f92ffe804b10a5ee6d6fa75dd580c0d6d4cf22288c05595d8f5ca08b069b3a5

SHA512
82d0190508d92b422303a57dde74fc9a52733d4dd571bc57d9e1a899073fd8561a8965ff1e5b36c23606145f6bfa7ae75a39048de39f5a36b34debdc11421744

Download Submit
C:\Windows\system\aWyAbqM.exe

Filesize
6.0MB

MD5
ccdb0bb4b0c093dca2a302978578a3f0

SHA1
00293c99e94247518d9f0ce9fec6e2abef284bc3

SHA256
d8b413225e6d67436b87cb05875a932d0df121845d4a5657dd09b7fd221ff58f

SHA512
2527df7f46ee481819fe6b104b10176ea8cda74f161ed9bd8c48fe9531572c43821f937a534ed5cc77cf612a93e9ea70b08d83f15cf0d034cbc1ab169c37a10a

Download Submit
C:\Windows\system\bDzhrlF.exe

Filesize
6.0MB

MD5
37ef7fb8e201e7892df7254e0ba2ff42

SHA1
00f754d436a8e9567629268553f4692b5fd16d3b

SHA256
92661c2e30af7a11e537d039dae8ad3bcc1d2b3276d50d15ee9af03a87a866f5

SHA512
a84382ed5eb4d0e74bfa6e9e347310b39d39276785c6eed689d6d4d6d1ed1d9654eba38dcafd8d93e6fbc0da20628c7ce1620b884cd84b7b779dcd0aca78d97c

Download Submit
C:\Windows\system\bVkIELh.exe

Filesize
6.0MB

MD5
c6bf9882b0b034a4f12dcc22387bf53c

SHA1
1f88c26882ca87d24a30e5bae1d1d8ba0f113814

SHA256
ea5dc6037c5d3d8e07ec3ba933a3d6d6f778cd242d8f4296bcb936f2be77c7ec

SHA512
74cbeb9af56cedbe8ff5b8e56145473f6c76a0a650d42307534e243e0169bd00938c25fc13f4f8994fbda775d1a46fe6b973531c9f9c5c111a6bd12681a4bc52

Download Submit
C:\Windows\system\efwgazy.exe

Filesize
6.0MB

MD5
02893de027e41ca000eca5d22e0415ec

SHA1
ada43f7452c0967dddfd0999e0d7c7dec9d60c3f

SHA256
ad14d52317d0bf11d19c03a05f00583f1722bc40d47bf650167738f5ca5536c8

SHA512
8a071f0ca3250244a900ee7218ba90afb604265e8553d25ec8a762ba4ffea41d332c1a945d58bc9c89e53a0cd524b6325d084041dcca54016bc51a73587c3d81

Download Submit
C:\Windows\system\eljsOAc.exe

Filesize
6.0MB

MD5
8dd8cbc8082f914dbda569b2aab35f2f

SHA1
d96e31e976fc7e3011b1fac11c7d86ca6c7e41fa

SHA256
4a8b835fb551fd5ed217a25370aa0f2fe32403922ad1a2c1f557a125d6fbf7ed

SHA512
18d864a3844b82fd1baebe8c979f9598c5149ca33cf5d35768539ac4b242c0a178e72ae002b4b83a3593add805a38b11be91c0af6be3c479edf09109b3c48629

Download Submit
C:\Windows\system\kYqiShd.exe

Filesize
6.0MB

MD5
b911af9f2135f85fd6d211a18111a7fb

SHA1
bfcc61ad3e898bef5b5d5699a84ea3ec94b75d36

SHA256
c425f279eae38a3b18c394aa1442144306068c623cc4f5cee90dc4f1bc6bc873

SHA512
4bdb2cf9383b7698993c39a0c2e64269aa3de19669d6868cb4aa71ad42507815b2146b4e4bc94cd28df2b5bd1c6f67e224510b579c4da78fd6d46dc3d4ecc912

Download Submit
C:\Windows\system\ncyxRqW.exe

Filesize
6.0MB

MD5
c01bf40c0e5f632d0568f7b4e303a47d

SHA1
03f11bcf3c743013d32f6669ecf8d806fdadea0a

SHA256
84580a6b39eab8c41b81dc3041c443df8a433407b9f3a754f4e0559964a6b48e

SHA512
76def8c492bd375f6fe6e7d2cf0d5edc4775e48d62a6da21ffb71d3a1c5d47b40aaf939a3fb414102060d97e1fed267b9ae8414e4c2a03b99eadc87724c3bde0

Download Submit
C:\Windows\system\pCIJWUh.exe

Filesize
6.0MB

MD5
73ca08f275df67753b7ec47301557ef7

SHA1
1ed7679b0367779b95fccfb0e79bf31af96c231b

SHA256
2373f440f8506f80dd7b3d1486af603e5468bfbb281ae0b34e276430302ad8cd

SHA512
da71d8389049129838648f6176ee6f33746b998cb07ff89e34ec803519452b0c72515f0a5f92288ce96aedce57a897b4933b47d6c83d4ebd882d14c3c062bd3d

Download Submit
C:\Windows\system\qSMWcJn.exe

Filesize
6.0MB

MD5
852d73a8805e5f2211144f50e15685c5

SHA1
0e8b874f6f6fdf04044414035cf635afcfe73cf0

SHA256
ba195dad1766ce9cba7fc65596d05a361313987b0ed4d22aad7541e7ae431d9f

SHA512
1918b24215b80286b8dd1e00a1014f37fa3ee73e0448e8878093009ffc54958a7c5d31f5adef8116ff6b1bd2ad2f8f5a9d9ece823d35d8b0308f1d0cd2996447

Download Submit
C:\Windows\system\qUVFWeP.exe

Filesize
6.0MB

MD5
2b40b04e63dc70e6c774c4b989b6cf1a

SHA1
e949ca881058acc1d35428fb0e9f9d9bb1c795c6

SHA256
129cde5ba20b2756eaa764c1a3b2058f529c522e70e86b884cf83bc995ef7e62

SHA512
7efd14be82b600ec13fd180b6a979a62d70f3d18c6741c8a598f6b61e636e2128e62d103a8ef270c557eda09964fe26a46911a259771fe83f4c6a3a1018d7a27

Download Submit
C:\Windows\system\qxYZSWO.exe

Filesize
6.0MB

MD5
5fd5a06061f7bdf6aa555a46d9f87259

SHA1
c468a2674c3e2190c9f23933f6f9dde37275d84b

SHA256
151f0dee0798dcb9834273da5832690e9b1bfe79bd1f26135291ddc395bdcdb8

SHA512
25241bb04985fad57872ceff3f1a96038828fd864c8b5dcca0d0f8754f428df2042aaa365c1ab580ba17f67300508ec15c7d70040dd47878d8e22b06093fc718

Download Submit
C:\Windows\system\yhCvSIx.exe

Filesize
6.0MB

MD5
4882c1346d0251ab47553c244fc57685

SHA1
6a3f0e911d22d04c32e7d02d54a37480a794bd43

SHA256
fda7073cf5651a471cc47d53d6441f43477b18e585cd41631b5cc07de560082c

SHA512
b7b91405176b715d185c5e62264fd4de7ce2895fc36e4fe61a908bb0485cb630c19e7593fa5f149df9098df0ad9791631e265bef9ca7e7a0aa279cef96be3fe6

Download Submit
C:\Windows\system\yvtqodn.exe

Filesize
6.0MB

MD5
9eca364ef0204969a19302dc42f19667

SHA1
e6735823218e647a2667f6566086e50a32a6cee2

SHA256
5931f6a6c1761296c3ba0cfe1f3ba282c32f6d8efcff19978f9af8ffa0ac5a5f

SHA512
06e95230ac4e2b1c4249c5e03ecc277bfb13e300224cf63771b7925b942c082ccd36450dc85b2ce8056732d092318ddfbcf4a1b75d4b89209d20641b9e0dbe16

Download Submit
C:\Windows\system\zdPtLsd.exe

Filesize
6.0MB

MD5
1adaa5ad5e28b53e20bf7f002d361838

SHA1
fb32149e3815c1475f4c53267c692f0c93d10a40

SHA256
ed25c742ce681a38a7d1c053302a5530a778363a6e9bd7e9057d84851331fb68

SHA512
a2833b5346f6f293c5eebbbf5d836d5d9314275ef3dfac01c934ec31c2b0ae372f775064067d79b4532ee46f8eb4c1f373c9a119769ce60b12db64562925ad47

Download Submit
C:\Windows\system\zuVckCc.exe

Filesize
6.0MB

MD5
f58e0d3ee506edbd934e906189816621

SHA1
1bf198fa8c4aed73ba3bfa5f9d4c4a12e6bc2dc5

SHA256
cecdbd3d457a5f052ab33dd4eaf0a52bc419432f584fcea6bb2f85251f98e2bd

SHA512
88e6a92a417710a60f9b391b8f1f6a02ac69e53a6cfd9aac8b9370b46bd1ee1c18747ff7b660f3be4f8401a09dfca294f5b5a0740660518506c398dd94f9560a

Download Submit
\Windows\system\UnpjitL.exe

Filesize
6.0MB

MD5
84725db1c4ebb865648b70ae5591a32e

SHA1
b4e354024cb2897834a0a4bbbbcda38609b2369b

SHA256
44660e75231226d97ffc5630949f3d4c546459ca17441b2572e0bc1e753b03e1

SHA512
647d30ebc159034b0249b3ac207684bc33ce4a074f4fbd3986ac531547be9dbcf6622e1f7e1c5399f46be09c9d7e05a6913931eb792bef917c57d35786bc9974

Download Submit
\Windows\system\tRUkhHv.exe

Filesize
6.0MB

MD5
35d65918e6dd3c6bbd926b27d3ee1d01

SHA1
b6ab183eec16aa5b9b38fae66ab96457321a1efb

SHA256
841bbd1799975eb9df5cccee90fbca428762a5c14476931dbf9d8da5c3287948

SHA512
0fc914a837740d13474085fd0c811378de57ba8a83ec64d96365c4c1d5b99d4a86a302377b58a936c100ca7311dacc302f6ee03241ad307071dd5cba8445f1b3

Download Submit
memory/1624-482-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1624-3540-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1732-476-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/1732-3560-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2064-3545-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-480-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-474-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2228-3557-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2388-3544-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2388-457-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2424-131-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2424-3541-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2440-3539-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2440-478-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2448-2032-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2448-2541-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2448-483-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2448-479-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-1106-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2448-477-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2448-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2448-475-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-466-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-1858-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2448-1586-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-2676-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-2474-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-2582-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-2594-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2448-2561-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2448-2573-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2448-2544-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2448-2545-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2448-2546-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-2533-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-2534-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2448-2537-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2448-481-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2448-2535-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-2531-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-2472-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2448-0-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2448-2033-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-1585-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2448-1998-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-1941-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2640-3548-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-2029-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-3543-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2680-1997-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2732-3546-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2732-1085-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3558-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2760-1939-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2792-1852-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2792-3556-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2800-3537-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2800-1368-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2872-3542-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-1801-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download