cobaltstrike | c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26/12/2024, 17:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
Size

6.0MB
MD5

615f2ff669446a823f03524016f85546
SHA1

45e3f7d375a0eccad91da5eaec30162d867fd625
SHA256

c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e
SHA512

5cb9e847090c9ab81e91b3ea69ecb486220201c867d36842b158d27ad4cf461a350aa208c0b868c88a6ece3a44a43632990d793c83ea1a4db706b9a08b919939
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lU5:eOl56utgpPF8u/75

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000012102-6.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173b2-8.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173ee-16.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173f6-22.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001746c-27.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017474-31.dat	cobalt_reflective_dll
behavioral1/files/0x000a00000001749c-37.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019614-47.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019616-51.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196ac-71.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c36-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d44-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f9f-126.dat	cobalt_reflective_dll
behavioral1/files/0x0033000000016e73-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a345-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0a1-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42b-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a301-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07b-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a067-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fb9-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db8-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019da4-116.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d20-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c53-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3a-96.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c38-92.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001997c-81.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196e8-76.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001966c-66.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962a-61.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019618-56.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019238-41.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2688-0-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/files/0x0008000000012102-6.dat	xmrig
behavioral1/files/0x00080000000173b2-8.dat	xmrig
behavioral1/files/0x00070000000173ee-16.dat	xmrig
behavioral1/files/0x00070000000173f6-22.dat	xmrig
behavioral1/files/0x000700000001746c-27.dat	xmrig
behavioral1/files/0x0007000000017474-31.dat	xmrig
behavioral1/files/0x000a00000001749c-37.dat	xmrig
behavioral1/files/0x0005000000019614-47.dat	xmrig
behavioral1/files/0x0005000000019616-51.dat	xmrig
behavioral1/files/0x00050000000196ac-71.dat	xmrig
behavioral1/files/0x0005000000019c36-86.dat	xmrig
behavioral1/files/0x0005000000019d44-111.dat	xmrig
behavioral1/files/0x0005000000019f9f-126.dat	xmrig
behavioral1/files/0x0033000000016e73-136.dat	xmrig
behavioral1/files/0x000500000001a345-158.dat	xmrig
behavioral1/memory/1348-359-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2852-363-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2688-1459-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2688-1692-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/3052-353-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2376-361-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/692-357-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2416-355-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2624-351-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2560-349-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2604-347-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2768-345-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2920-343-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2720-307-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2964-295-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2712-293-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/files/0x000500000001a0a1-151.dat	xmrig
behavioral1/files/0x000500000001a42b-162.dat	xmrig
behavioral1/files/0x000500000001a301-155.dat	xmrig
behavioral1/files/0x000500000001a07b-146.dat	xmrig
behavioral1/files/0x000500000001a067-141.dat	xmrig
behavioral1/files/0x0005000000019fb9-132.dat	xmrig
behavioral1/files/0x0005000000019db8-121.dat	xmrig
behavioral1/files/0x0005000000019da4-116.dat	xmrig
behavioral1/files/0x0005000000019d20-105.dat	xmrig
behavioral1/files/0x0005000000019c53-101.dat	xmrig
behavioral1/files/0x0005000000019c3a-96.dat	xmrig
behavioral1/files/0x0005000000019c38-92.dat	xmrig
behavioral1/files/0x000500000001997c-81.dat	xmrig
behavioral1/files/0x00050000000196e8-76.dat	xmrig
behavioral1/files/0x000500000001966c-66.dat	xmrig
behavioral1/files/0x000500000001962a-61.dat	xmrig
behavioral1/files/0x0005000000019618-56.dat	xmrig
behavioral1/files/0x0006000000019238-41.dat	xmrig
behavioral1/memory/2852-4026-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2712-4025-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2920-4028-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2964-4027-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2416-4029-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2604-4031-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2720-4030-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2624-4034-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/1348-4033-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/692-4032-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2560-4035-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2768-4038-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/3052-4037-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2376-4036-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2852	ZLOsJvW.exe
2712	uKawNHA.exe
2964	UaRvKyX.exe
2720	cVzUiTg.exe
2920	rnsRnqY.exe
2768	kFQculq.exe
2604	KZRAwNX.exe
2560	KbsolSn.exe
2624	pGYIlSB.exe
3052	tZgoaNu.exe
2416	mxEwOXp.exe
692	DSGRBTT.exe
1348	YjIYWSV.exe
2376	YDeuTjK.exe
1436	OaQIjEO.exe
1156	CqKkWDf.exe
2804	BugRDKJ.exe
1272	IzbkfyG.exe
2772	wIHCXff.exe
1252	mHvTqPQ.exe
1404	XlNbcXc.exe
2736	oPeUkQz.exe
3020	TyyisAy.exe
2104	ZgQbSbj.exe
1940	xxipHDp.exe
2124	oVROTCe.exe
2420	kTqHBNh.exe
1868	ibnqgfq.exe
2452	RpDonwQ.exe
2220	wMlROPN.exe
1812	cepsVMl.exe
2528	iTAHBCJ.exe
896	COxxbAY.exe
2252	YZDgoMo.exe
1320	rsxwNCK.exe
2360	SpdpCfz.exe
1756	sGMytnQ.exe
2020	bBQwYav.exe
1844	EIMWdeo.exe
872	kkEBrYR.exe
1728	ULtAYXm.exe
1732	MnoxqGa.exe
608	BGuCjpA.exe
1036	SlUSzhc.exe
1632	LfqRUkE.exe
3028	zEOUuuh.exe
2092	wUFlxFS.exe
1692	phAiCyI.exe
1824	hHOjJUB.exe
1752	wDJrkmu.exe
1800	eFaAItV.exe
2900	kxytOcr.exe
1236	fXEUKsl.exe
2808	rudmjCB.exe
1688	zoBQEQv.exe
2844	syErtef.exe
2840	BZoGrNp.exe
1604	pQMbouC.exe
2568	dUuQrof.exe
2732	xZkBgUI.exe
3048	xhaQZkp.exe
2436	DCDhlQe.exe
1920	YXYEtTI.exe
2908	BVfBsZu.exe

Loads dropped DLL 64 IoCs

pid	Process
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2688-0-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/files/0x0008000000012102-6.dat	upx
behavioral1/files/0x00080000000173b2-8.dat	upx
behavioral1/files/0x00070000000173ee-16.dat	upx
behavioral1/files/0x00070000000173f6-22.dat	upx
behavioral1/files/0x000700000001746c-27.dat	upx
behavioral1/files/0x0007000000017474-31.dat	upx
behavioral1/files/0x000a00000001749c-37.dat	upx
behavioral1/files/0x0005000000019614-47.dat	upx
behavioral1/files/0x0005000000019616-51.dat	upx
behavioral1/files/0x00050000000196ac-71.dat	upx
behavioral1/files/0x0005000000019c36-86.dat	upx
behavioral1/files/0x0005000000019d44-111.dat	upx
behavioral1/files/0x0005000000019f9f-126.dat	upx
behavioral1/files/0x0033000000016e73-136.dat	upx
behavioral1/files/0x000500000001a345-158.dat	upx
behavioral1/memory/1348-359-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2852-363-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2688-1459-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/3052-353-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2376-361-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/692-357-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2416-355-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2624-351-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2560-349-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2604-347-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2768-345-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2920-343-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2720-307-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2964-295-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2712-293-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/files/0x000500000001a0a1-151.dat	upx
behavioral1/files/0x000500000001a42b-162.dat	upx
behavioral1/files/0x000500000001a301-155.dat	upx
behavioral1/files/0x000500000001a07b-146.dat	upx
behavioral1/files/0x000500000001a067-141.dat	upx
behavioral1/files/0x0005000000019fb9-132.dat	upx
behavioral1/files/0x0005000000019db8-121.dat	upx
behavioral1/files/0x0005000000019da4-116.dat	upx
behavioral1/files/0x0005000000019d20-105.dat	upx
behavioral1/files/0x0005000000019c53-101.dat	upx
behavioral1/files/0x0005000000019c3a-96.dat	upx
behavioral1/files/0x0005000000019c38-92.dat	upx
behavioral1/files/0x000500000001997c-81.dat	upx
behavioral1/files/0x00050000000196e8-76.dat	upx
behavioral1/files/0x000500000001966c-66.dat	upx
behavioral1/files/0x000500000001962a-61.dat	upx
behavioral1/files/0x0005000000019618-56.dat	upx
behavioral1/files/0x0006000000019238-41.dat	upx
behavioral1/memory/2852-4026-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2712-4025-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2920-4028-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2964-4027-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2416-4029-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2604-4031-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2720-4030-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2624-4034-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/1348-4033-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/692-4032-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2560-4035-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2768-4038-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/3052-4037-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2376-4036-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\buYjTpg.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\dYqtXem.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\DEWmWQR.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\UvXFwPh.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\XUnAejd.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\KKOKCRF.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\LiEfMCv.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\UjPRbDK.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\PTMqEey.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\DLCjoGy.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\oyIpFKn.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\hlUyuEQ.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\TkNEXkc.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\bpGaquW.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\qHtAXGf.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\VSMJEhm.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\qtfLiVW.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\haNEhyG.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\DuCflqk.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\RqnJwfD.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\tPGdYUV.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\NSyDqIx.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\HbChdOR.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\lhbCOUB.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\IpQIsgB.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\dbnVCwn.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\kkANjMt.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\gJLlGvK.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\XKwvfdk.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\WIaypga.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\QdbvaAe.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\ChbJhol.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\mFfSsxn.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\kzMSzUt.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\OqupghT.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\fFhNoFX.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\eojkvxC.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\OtmnUpS.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\nrSpQsi.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\rakIDbx.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\pEiGriS.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\cNdIbFv.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\HDFiCpT.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\ouMcZuG.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\muNmchb.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\oVROTCe.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\SpdpCfz.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\EfoniiC.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\VyAlzlc.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\vGfNvhz.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\qElxlLw.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\IvJvYgb.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\YKEzJAX.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\wWdDmgl.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\ETbuKDa.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\TByViIT.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\qeoSvUP.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\LqbZQgX.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\pXvrFsp.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\AlzeNot.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\HCmLqyN.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\qbcQTVJ.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\knHCGSy.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
File created	C:\Windows\System\xImztdu.exe	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2688 wrote to memory of 2852	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	32
PID 2688 wrote to memory of 2852	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	32
PID 2688 wrote to memory of 2852	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	32
PID 2688 wrote to memory of 2712	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	33
PID 2688 wrote to memory of 2712	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	33
PID 2688 wrote to memory of 2712	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	33
PID 2688 wrote to memory of 2964	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	34
PID 2688 wrote to memory of 2964	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	34
PID 2688 wrote to memory of 2964	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	34
PID 2688 wrote to memory of 2720	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	35
PID 2688 wrote to memory of 2720	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	35
PID 2688 wrote to memory of 2720	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	35
PID 2688 wrote to memory of 2920	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	36
PID 2688 wrote to memory of 2920	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	36
PID 2688 wrote to memory of 2920	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	36
PID 2688 wrote to memory of 2768	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	37
PID 2688 wrote to memory of 2768	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	37
PID 2688 wrote to memory of 2768	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	37
PID 2688 wrote to memory of 2604	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	38
PID 2688 wrote to memory of 2604	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	38
PID 2688 wrote to memory of 2604	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	38
PID 2688 wrote to memory of 2560	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	39
PID 2688 wrote to memory of 2560	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	39
PID 2688 wrote to memory of 2560	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	39
PID 2688 wrote to memory of 2624	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	40
PID 2688 wrote to memory of 2624	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	40
PID 2688 wrote to memory of 2624	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	40
PID 2688 wrote to memory of 3052	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	41
PID 2688 wrote to memory of 3052	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	41
PID 2688 wrote to memory of 3052	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	41
PID 2688 wrote to memory of 2416	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	42
PID 2688 wrote to memory of 2416	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	42
PID 2688 wrote to memory of 2416	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	42
PID 2688 wrote to memory of 692	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	43
PID 2688 wrote to memory of 692	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	43
PID 2688 wrote to memory of 692	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	43
PID 2688 wrote to memory of 1348	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	44
PID 2688 wrote to memory of 1348	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	44
PID 2688 wrote to memory of 1348	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	44
PID 2688 wrote to memory of 2376	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	45
PID 2688 wrote to memory of 2376	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	45
PID 2688 wrote to memory of 2376	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	45
PID 2688 wrote to memory of 1436	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	46
PID 2688 wrote to memory of 1436	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	46
PID 2688 wrote to memory of 1436	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	46
PID 2688 wrote to memory of 1156	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	47
PID 2688 wrote to memory of 1156	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	47
PID 2688 wrote to memory of 1156	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	47
PID 2688 wrote to memory of 2804	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	48
PID 2688 wrote to memory of 2804	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	48
PID 2688 wrote to memory of 2804	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	48
PID 2688 wrote to memory of 1272	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	49
PID 2688 wrote to memory of 1272	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	49
PID 2688 wrote to memory of 1272	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	49
PID 2688 wrote to memory of 2772	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	50
PID 2688 wrote to memory of 2772	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	50
PID 2688 wrote to memory of 2772	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	50
PID 2688 wrote to memory of 1252	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	51
PID 2688 wrote to memory of 1252	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	51
PID 2688 wrote to memory of 1252	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	51
PID 2688 wrote to memory of 1404	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	52
PID 2688 wrote to memory of 1404	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	52
PID 2688 wrote to memory of 1404	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	52
PID 2688 wrote to memory of 2736	2688	JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe	53

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c107d556a0428c556882d15279dc0d2cabc553f59df05dec3ba809764b30622e.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Windows\System\ZLOsJvW.exe
  C:\Windows\System\ZLOsJvW.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\uKawNHA.exe
  C:\Windows\System\uKawNHA.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\UaRvKyX.exe
  C:\Windows\System\UaRvKyX.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\cVzUiTg.exe
  C:\Windows\System\cVzUiTg.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\rnsRnqY.exe
  C:\Windows\System\rnsRnqY.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\kFQculq.exe
  C:\Windows\System\kFQculq.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\KZRAwNX.exe
  C:\Windows\System\KZRAwNX.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\KbsolSn.exe
  C:\Windows\System\KbsolSn.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\pGYIlSB.exe
  C:\Windows\System\pGYIlSB.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\tZgoaNu.exe
  C:\Windows\System\tZgoaNu.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\mxEwOXp.exe
  C:\Windows\System\mxEwOXp.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\DSGRBTT.exe
  C:\Windows\System\DSGRBTT.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\YjIYWSV.exe
  C:\Windows\System\YjIYWSV.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\YDeuTjK.exe
  C:\Windows\System\YDeuTjK.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\OaQIjEO.exe
  C:\Windows\System\OaQIjEO.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\CqKkWDf.exe
  C:\Windows\System\CqKkWDf.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\BugRDKJ.exe
  C:\Windows\System\BugRDKJ.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\IzbkfyG.exe
  C:\Windows\System\IzbkfyG.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\wIHCXff.exe
  C:\Windows\System\wIHCXff.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\mHvTqPQ.exe
  C:\Windows\System\mHvTqPQ.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\XlNbcXc.exe
  C:\Windows\System\XlNbcXc.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\oPeUkQz.exe
  C:\Windows\System\oPeUkQz.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\TyyisAy.exe
  C:\Windows\System\TyyisAy.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\ZgQbSbj.exe
  C:\Windows\System\ZgQbSbj.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\xxipHDp.exe
  C:\Windows\System\xxipHDp.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\oVROTCe.exe
  C:\Windows\System\oVROTCe.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\kTqHBNh.exe
  C:\Windows\System\kTqHBNh.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\ibnqgfq.exe
  C:\Windows\System\ibnqgfq.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\RpDonwQ.exe
  C:\Windows\System\RpDonwQ.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\wMlROPN.exe
  C:\Windows\System\wMlROPN.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\cepsVMl.exe
  C:\Windows\System\cepsVMl.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\rsxwNCK.exe
  C:\Windows\System\rsxwNCK.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\iTAHBCJ.exe
  C:\Windows\System\iTAHBCJ.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\SpdpCfz.exe
  C:\Windows\System\SpdpCfz.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\COxxbAY.exe
  C:\Windows\System\COxxbAY.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\sGMytnQ.exe
  C:\Windows\System\sGMytnQ.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\YZDgoMo.exe
  C:\Windows\System\YZDgoMo.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\bBQwYav.exe
  C:\Windows\System\bBQwYav.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\EIMWdeo.exe
  C:\Windows\System\EIMWdeo.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\kkEBrYR.exe
  C:\Windows\System\kkEBrYR.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\ULtAYXm.exe
  C:\Windows\System\ULtAYXm.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\MnoxqGa.exe
  C:\Windows\System\MnoxqGa.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\BGuCjpA.exe
  C:\Windows\System\BGuCjpA.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\LfqRUkE.exe
  C:\Windows\System\LfqRUkE.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\SlUSzhc.exe
  C:\Windows\System\SlUSzhc.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\zEOUuuh.exe
  C:\Windows\System\zEOUuuh.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\wUFlxFS.exe
  C:\Windows\System\wUFlxFS.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\phAiCyI.exe
  C:\Windows\System\phAiCyI.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\hHOjJUB.exe
  C:\Windows\System\hHOjJUB.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\eFaAItV.exe
  C:\Windows\System\eFaAItV.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\wDJrkmu.exe
  C:\Windows\System\wDJrkmu.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\rudmjCB.exe
  C:\Windows\System\rudmjCB.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\kxytOcr.exe
  C:\Windows\System\kxytOcr.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\zoBQEQv.exe
  C:\Windows\System\zoBQEQv.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\fXEUKsl.exe
  C:\Windows\System\fXEUKsl.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\pQMbouC.exe
  C:\Windows\System\pQMbouC.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\syErtef.exe
  C:\Windows\System\syErtef.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\dUuQrof.exe
  C:\Windows\System\dUuQrof.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\BZoGrNp.exe
  C:\Windows\System\BZoGrNp.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\CoHctNN.exe
  C:\Windows\System\CoHctNN.exe
  2⤵
  PID:2912
- C:\Windows\System\xZkBgUI.exe
  C:\Windows\System\xZkBgUI.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\mvoaBhP.exe
  C:\Windows\System\mvoaBhP.exe
  2⤵
  PID:2680
- C:\Windows\System\xhaQZkp.exe
  C:\Windows\System\xhaQZkp.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\WlpcmdG.exe
  C:\Windows\System\WlpcmdG.exe
  2⤵
  PID:3056
- C:\Windows\System\DCDhlQe.exe
  C:\Windows\System\DCDhlQe.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\zaayNbT.exe
  C:\Windows\System\zaayNbT.exe
  2⤵
  PID:1104
- C:\Windows\System\YXYEtTI.exe
  C:\Windows\System\YXYEtTI.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\xyewndK.exe
  C:\Windows\System\xyewndK.exe
  2⤵
  PID:828
- C:\Windows\System\BVfBsZu.exe
  C:\Windows\System\BVfBsZu.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\vuMMzGF.exe
  C:\Windows\System\vuMMzGF.exe
  2⤵
  PID:2744
- C:\Windows\System\lhbCOUB.exe
  C:\Windows\System\lhbCOUB.exe
  2⤵
  PID:2936
- C:\Windows\System\MxjmlGU.exe
  C:\Windows\System\MxjmlGU.exe
  2⤵
  PID:3068
- C:\Windows\System\IZZhIwK.exe
  C:\Windows\System\IZZhIwK.exe
  2⤵
  PID:2664
- C:\Windows\System\VXfJMzN.exe
  C:\Windows\System\VXfJMzN.exe
  2⤵
  PID:2212
- C:\Windows\System\fPwgwSs.exe
  C:\Windows\System\fPwgwSs.exe
  2⤵
  PID:448
- C:\Windows\System\rqmdTyS.exe
  C:\Windows\System\rqmdTyS.exe
  2⤵
  PID:1660
- C:\Windows\System\yATPpFh.exe
  C:\Windows\System\yATPpFh.exe
  2⤵
  PID:780
- C:\Windows\System\IOAGfcE.exe
  C:\Windows\System\IOAGfcE.exe
  2⤵
  PID:1448
- C:\Windows\System\AshXeuS.exe
  C:\Windows\System\AshXeuS.exe
  2⤵
  PID:1388
- C:\Windows\System\qvFbfrg.exe
  C:\Windows\System\qvFbfrg.exe
  2⤵
  PID:2256
- C:\Windows\System\kSQntiU.exe
  C:\Windows\System\kSQntiU.exe
  2⤵
  PID:1264
- C:\Windows\System\zntxRLU.exe
  C:\Windows\System\zntxRLU.exe
  2⤵
  PID:284
- C:\Windows\System\rmzIhjt.exe
  C:\Windows\System\rmzIhjt.exe
  2⤵
  PID:1720
- C:\Windows\System\CPCCbWD.exe
  C:\Windows\System\CPCCbWD.exe
  2⤵
  PID:2372
- C:\Windows\System\yMqSOqV.exe
  C:\Windows\System\yMqSOqV.exe
  2⤵
  PID:1324
- C:\Windows\System\ZEgVuYY.exe
  C:\Windows\System\ZEgVuYY.exe
  2⤵
  PID:344
- C:\Windows\System\MwwOJvL.exe
  C:\Windows\System\MwwOJvL.exe
  2⤵
  PID:2100
- C:\Windows\System\JFyMYNI.exe
  C:\Windows\System\JFyMYNI.exe
  2⤵
  PID:1492
- C:\Windows\System\jVWgOBZ.exe
  C:\Windows\System\jVWgOBZ.exe
  2⤵
  PID:2872
- C:\Windows\System\zTJYcnK.exe
  C:\Windows\System\zTJYcnK.exe
  2⤵
  PID:1440
- C:\Windows\System\IhyYGvw.exe
  C:\Windows\System\IhyYGvw.exe
  2⤵
  PID:2816
- C:\Windows\System\TliLYSe.exe
  C:\Windows\System\TliLYSe.exe
  2⤵
  PID:2608
- C:\Windows\System\NtNyYxr.exe
  C:\Windows\System\NtNyYxr.exe
  2⤵
  PID:2612
- C:\Windows\System\mFfSsxn.exe
  C:\Windows\System\mFfSsxn.exe
  2⤵
  PID:1488
- C:\Windows\System\vgEouFc.exe
  C:\Windows\System\vgEouFc.exe
  2⤵
  PID:2620
- C:\Windows\System\ZDuRgDq.exe
  C:\Windows\System\ZDuRgDq.exe
  2⤵
  PID:2724
- C:\Windows\System\MxITyrN.exe
  C:\Windows\System\MxITyrN.exe
  2⤵
  PID:2236
- C:\Windows\System\oGYkEfK.exe
  C:\Windows\System\oGYkEfK.exe
  2⤵
  PID:320
- C:\Windows\System\PTMqEey.exe
  C:\Windows\System\PTMqEey.exe
  2⤵
  PID:1572
- C:\Windows\System\BqdarkZ.exe
  C:\Windows\System\BqdarkZ.exe
  2⤵
  PID:1808
- C:\Windows\System\yFnLFhq.exe
  C:\Windows\System\yFnLFhq.exe
  2⤵
  PID:2880
- C:\Windows\System\rFeASzh.exe
  C:\Windows\System\rFeASzh.exe
  2⤵
  PID:1224
- C:\Windows\System\thrFeDH.exe
  C:\Windows\System\thrFeDH.exe
  2⤵
  PID:1672
- C:\Windows\System\PCHnRpA.exe
  C:\Windows\System\PCHnRpA.exe
  2⤵
  PID:1536
- C:\Windows\System\OvnqLfs.exe
  C:\Windows\System\OvnqLfs.exe
  2⤵
  PID:2132
- C:\Windows\System\wLFREzI.exe
  C:\Windows\System\wLFREzI.exe
  2⤵
  PID:1952
- C:\Windows\System\NKIAODp.exe
  C:\Windows\System\NKIAODp.exe
  2⤵
  PID:2832
- C:\Windows\System\hIOLlIR.exe
  C:\Windows\System\hIOLlIR.exe
  2⤵
  PID:1948
- C:\Windows\System\eyfSkyc.exe
  C:\Windows\System\eyfSkyc.exe
  2⤵
  PID:3084
- C:\Windows\System\dlVNZVN.exe
  C:\Windows\System\dlVNZVN.exe
  2⤵
  PID:3108
- C:\Windows\System\SZwkuDu.exe
  C:\Windows\System\SZwkuDu.exe
  2⤵
  PID:3124
- C:\Windows\System\JUZXXZg.exe
  C:\Windows\System\JUZXXZg.exe
  2⤵
  PID:3148
- C:\Windows\System\JahIIYL.exe
  C:\Windows\System\JahIIYL.exe
  2⤵
  PID:3164
- C:\Windows\System\qEYeJXE.exe
  C:\Windows\System\qEYeJXE.exe
  2⤵
  PID:3184
- C:\Windows\System\ZNIiuLg.exe
  C:\Windows\System\ZNIiuLg.exe
  2⤵
  PID:3204
- C:\Windows\System\cxDkdFI.exe
  C:\Windows\System\cxDkdFI.exe
  2⤵
  PID:3220
- C:\Windows\System\uuUvQCj.exe
  C:\Windows\System\uuUvQCj.exe
  2⤵
  PID:3244
- C:\Windows\System\QAyUsIl.exe
  C:\Windows\System\QAyUsIl.exe
  2⤵
  PID:3264
- C:\Windows\System\qRKVBhY.exe
  C:\Windows\System\qRKVBhY.exe
  2⤵
  PID:3288
- C:\Windows\System\JRucwZY.exe
  C:\Windows\System\JRucwZY.exe
  2⤵
  PID:3308
- C:\Windows\System\kAJYiaB.exe
  C:\Windows\System\kAJYiaB.exe
  2⤵
  PID:3328
- C:\Windows\System\sskAVMu.exe
  C:\Windows\System\sskAVMu.exe
  2⤵
  PID:3344
- C:\Windows\System\wBeJAdq.exe
  C:\Windows\System\wBeJAdq.exe
  2⤵
  PID:3364
- C:\Windows\System\aHvXtZi.exe
  C:\Windows\System\aHvXtZi.exe
  2⤵
  PID:3380
- C:\Windows\System\zFWvEOT.exe
  C:\Windows\System\zFWvEOT.exe
  2⤵
  PID:3404
- C:\Windows\System\GZvxydb.exe
  C:\Windows\System\GZvxydb.exe
  2⤵
  PID:3424
- C:\Windows\System\ZfQAoxI.exe
  C:\Windows\System\ZfQAoxI.exe
  2⤵
  PID:3448
- C:\Windows\System\PGQQpAw.exe
  C:\Windows\System\PGQQpAw.exe
  2⤵
  PID:3468
- C:\Windows\System\dgeJYFW.exe
  C:\Windows\System\dgeJYFW.exe
  2⤵
  PID:3488
- C:\Windows\System\qXYohAY.exe
  C:\Windows\System\qXYohAY.exe
  2⤵
  PID:3508
- C:\Windows\System\OtmnUpS.exe
  C:\Windows\System\OtmnUpS.exe
  2⤵
  PID:3524
- C:\Windows\System\qiCwriz.exe
  C:\Windows\System\qiCwriz.exe
  2⤵
  PID:3544
- C:\Windows\System\GORrVey.exe
  C:\Windows\System\GORrVey.exe
  2⤵
  PID:3564
- C:\Windows\System\YQuwSPb.exe
  C:\Windows\System\YQuwSPb.exe
  2⤵
  PID:3580
- C:\Windows\System\lfLXuvm.exe
  C:\Windows\System\lfLXuvm.exe
  2⤵
  PID:3604
- C:\Windows\System\sPaFRQP.exe
  C:\Windows\System\sPaFRQP.exe
  2⤵
  PID:3620
- C:\Windows\System\MuQlfSB.exe
  C:\Windows\System\MuQlfSB.exe
  2⤵
  PID:3644
- C:\Windows\System\ommMbzO.exe
  C:\Windows\System\ommMbzO.exe
  2⤵
  PID:3664
- C:\Windows\System\SWQeXbA.exe
  C:\Windows\System\SWQeXbA.exe
  2⤵
  PID:3684
- C:\Windows\System\bFXEQsN.exe
  C:\Windows\System\bFXEQsN.exe
  2⤵
  PID:3704
- C:\Windows\System\reSiAXW.exe
  C:\Windows\System\reSiAXW.exe
  2⤵
  PID:3724
- C:\Windows\System\sgFMtRF.exe
  C:\Windows\System\sgFMtRF.exe
  2⤵
  PID:3744
- C:\Windows\System\CYnmAMt.exe
  C:\Windows\System\CYnmAMt.exe
  2⤵
  PID:3764
- C:\Windows\System\uYobRhL.exe
  C:\Windows\System\uYobRhL.exe
  2⤵
  PID:3784
- C:\Windows\System\vDZzRaT.exe
  C:\Windows\System\vDZzRaT.exe
  2⤵
  PID:3804
- C:\Windows\System\AmLbweM.exe
  C:\Windows\System\AmLbweM.exe
  2⤵
  PID:3824
- C:\Windows\System\tFGQVRo.exe
  C:\Windows\System\tFGQVRo.exe
  2⤵
  PID:3844
- C:\Windows\System\HkfAekF.exe
  C:\Windows\System\HkfAekF.exe
  2⤵
  PID:3864
- C:\Windows\System\ILiKcLY.exe
  C:\Windows\System\ILiKcLY.exe
  2⤵
  PID:3888
- C:\Windows\System\mjEdLMx.exe
  C:\Windows\System\mjEdLMx.exe
  2⤵
  PID:3904
- C:\Windows\System\FjXUYyY.exe
  C:\Windows\System\FjXUYyY.exe
  2⤵
  PID:3920
- C:\Windows\System\zDorOBq.exe
  C:\Windows\System\zDorOBq.exe
  2⤵
  PID:3944
- C:\Windows\System\ZQhyybR.exe
  C:\Windows\System\ZQhyybR.exe
  2⤵
  PID:3964
- C:\Windows\System\wpLmppD.exe
  C:\Windows\System\wpLmppD.exe
  2⤵
  PID:3980
- C:\Windows\System\qQKmYys.exe
  C:\Windows\System\qQKmYys.exe
  2⤵
  PID:3996
- C:\Windows\System\axPUvYM.exe
  C:\Windows\System\axPUvYM.exe
  2⤵
  PID:4012
- C:\Windows\System\EdvVaVo.exe
  C:\Windows\System\EdvVaVo.exe
  2⤵
  PID:4028
- C:\Windows\System\pEfeEKI.exe
  C:\Windows\System\pEfeEKI.exe
  2⤵
  PID:4044
- C:\Windows\System\nRAAWzS.exe
  C:\Windows\System\nRAAWzS.exe
  2⤵
  PID:4076
- C:\Windows\System\pebXjFA.exe
  C:\Windows\System\pebXjFA.exe
  2⤵
  PID:548
- C:\Windows\System\qFtbeUN.exe
  C:\Windows\System\qFtbeUN.exe
  2⤵
  PID:2892
- C:\Windows\System\RXvzfOA.exe
  C:\Windows\System\RXvzfOA.exe
  2⤵
  PID:776
- C:\Windows\System\SpJRNqB.exe
  C:\Windows\System\SpJRNqB.exe
  2⤵
  PID:760
- C:\Windows\System\HYYpTWy.exe
  C:\Windows\System\HYYpTWy.exe
  2⤵
  PID:2576
- C:\Windows\System\iEbUOxR.exe
  C:\Windows\System\iEbUOxR.exe
  2⤵
  PID:3104
- C:\Windows\System\EDyzrVP.exe
  C:\Windows\System\EDyzrVP.exe
  2⤵
  PID:2176
- C:\Windows\System\nAfPmgK.exe
  C:\Windows\System\nAfPmgK.exe
  2⤵
  PID:3144
- C:\Windows\System\sQVnAFT.exe
  C:\Windows\System\sQVnAFT.exe
  2⤵
  PID:3180
- C:\Windows\System\EeHkgnK.exe
  C:\Windows\System\EeHkgnK.exe
  2⤵
  PID:3216
- C:\Windows\System\KPCWHag.exe
  C:\Windows\System\KPCWHag.exe
  2⤵
  PID:3256
- C:\Windows\System\sqJwBKU.exe
  C:\Windows\System\sqJwBKU.exe
  2⤵
  PID:3296
- C:\Windows\System\QAtItoC.exe
  C:\Windows\System\QAtItoC.exe
  2⤵
  PID:3280
- C:\Windows\System\xHeaitO.exe
  C:\Windows\System\xHeaitO.exe
  2⤵
  PID:3412
- C:\Windows\System\EMuZyNc.exe
  C:\Windows\System\EMuZyNc.exe
  2⤵
  PID:3324
- C:\Windows\System\VgRaxxN.exe
  C:\Windows\System\VgRaxxN.exe
  2⤵
  PID:3388
- C:\Windows\System\QHxyRGm.exe
  C:\Windows\System\QHxyRGm.exe
  2⤵
  PID:3360
- C:\Windows\System\syBdZEy.exe
  C:\Windows\System\syBdZEy.exe
  2⤵
  PID:3532
- C:\Windows\System\koSxWEJ.exe
  C:\Windows\System\koSxWEJ.exe
  2⤵
  PID:3444
- C:\Windows\System\cEzGzeV.exe
  C:\Windows\System\cEzGzeV.exe
  2⤵
  PID:3516
- C:\Windows\System\FpmuVPm.exe
  C:\Windows\System\FpmuVPm.exe
  2⤵
  PID:3612
- C:\Windows\System\PoilLGJ.exe
  C:\Windows\System\PoilLGJ.exe
  2⤵
  PID:3556
- C:\Windows\System\WHNwegm.exe
  C:\Windows\System\WHNwegm.exe
  2⤵
  PID:3692
- C:\Windows\System\OSPtUSj.exe
  C:\Windows\System\OSPtUSj.exe
  2⤵
  PID:3636
- C:\Windows\System\RCvTNxj.exe
  C:\Windows\System\RCvTNxj.exe
  2⤵
  PID:3680
- C:\Windows\System\EfoniiC.exe
  C:\Windows\System\EfoniiC.exe
  2⤵
  PID:3716
- C:\Windows\System\psAWmuu.exe
  C:\Windows\System\psAWmuu.exe
  2⤵
  PID:3820
- C:\Windows\System\BJMxCcy.exe
  C:\Windows\System\BJMxCcy.exe
  2⤵
  PID:3760
- C:\Windows\System\foFOHZe.exe
  C:\Windows\System\foFOHZe.exe
  2⤵
  PID:3800
- C:\Windows\System\fOMfAeJ.exe
  C:\Windows\System\fOMfAeJ.exe
  2⤵
  PID:3896
- C:\Windows\System\PBbayci.exe
  C:\Windows\System\PBbayci.exe
  2⤵
  PID:3940
- C:\Windows\System\VHLbFGS.exe
  C:\Windows\System\VHLbFGS.exe
  2⤵
  PID:3876
- C:\Windows\System\brSYMGk.exe
  C:\Windows\System\brSYMGk.exe
  2⤵
  PID:3912
- C:\Windows\System\QPyQRGB.exe
  C:\Windows\System\QPyQRGB.exe
  2⤵
  PID:4084
- C:\Windows\System\cAXpqEO.exe
  C:\Windows\System\cAXpqEO.exe
  2⤵
  PID:4020
- C:\Windows\System\bGPiEmy.exe
  C:\Windows\System\bGPiEmy.exe
  2⤵
  PID:4060
- C:\Windows\System\EjTaJgo.exe
  C:\Windows\System\EjTaJgo.exe
  2⤵
  PID:3956
- C:\Windows\System\mAjqnsk.exe
  C:\Windows\System\mAjqnsk.exe
  2⤵
  PID:2136
- C:\Windows\System\ExVyBst.exe
  C:\Windows\System\ExVyBst.exe
  2⤵
  PID:1544
- C:\Windows\System\ZzkuFKH.exe
  C:\Windows\System\ZzkuFKH.exe
  2⤵
  PID:2332
- C:\Windows\System\XitRqoA.exe
  C:\Windows\System\XitRqoA.exe
  2⤵
  PID:1056
- C:\Windows\System\ZmYEPMZ.exe
  C:\Windows\System\ZmYEPMZ.exe
  2⤵
  PID:3116
- C:\Windows\System\qwxHSCZ.exe
  C:\Windows\System\qwxHSCZ.exe
  2⤵
  PID:3260
- C:\Windows\System\koPAeKG.exe
  C:\Windows\System\koPAeKG.exe
  2⤵
  PID:3092
- C:\Windows\System\cqiWzen.exe
  C:\Windows\System\cqiWzen.exe
  2⤵
  PID:3140
- C:\Windows\System\bvULoDh.exe
  C:\Windows\System\bvULoDh.exe
  2⤵
  PID:3160
- C:\Windows\System\ekDulfm.exe
  C:\Windows\System\ekDulfm.exe
  2⤵
  PID:3340
- C:\Windows\System\SWighzg.exe
  C:\Windows\System\SWighzg.exe
  2⤵
  PID:3484
- C:\Windows\System\opusXlo.exe
  C:\Windows\System\opusXlo.exe
  2⤵
  PID:3600
- C:\Windows\System\kjgjYKR.exe
  C:\Windows\System\kjgjYKR.exe
  2⤵
  PID:3676
- C:\Windows\System\EqMvPvu.exe
  C:\Windows\System\EqMvPvu.exe
  2⤵
  PID:3756
- C:\Windows\System\yToFZiq.exe
  C:\Windows\System\yToFZiq.exe
  2⤵
  PID:3776
- C:\Windows\System\MwxFHnq.exe
  C:\Windows\System\MwxFHnq.exe
  2⤵
  PID:3884
- C:\Windows\System\szWAYrk.exe
  C:\Windows\System\szWAYrk.exe
  2⤵
  PID:3992
- C:\Windows\System\YUVwbIu.exe
  C:\Windows\System\YUVwbIu.exe
  2⤵
  PID:1724
- C:\Windows\System\vlkSipB.exe
  C:\Windows\System\vlkSipB.exe
  2⤵
  PID:3100
- C:\Windows\System\Twhqqey.exe
  C:\Windows\System\Twhqqey.exe
  2⤵
  PID:3736
- C:\Windows\System\fxwzKaR.exe
  C:\Windows\System\fxwzKaR.exe
  2⤵
  PID:4004
- C:\Windows\System\FwWCAyO.exe
  C:\Windows\System\FwWCAyO.exe
  2⤵
  PID:4052
- C:\Windows\System\KylUyzX.exe
  C:\Windows\System\KylUyzX.exe
  2⤵
  PID:2792
- C:\Windows\System\RgKklSD.exe
  C:\Windows\System\RgKklSD.exe
  2⤵
  PID:2028
- C:\Windows\System\taIFJuS.exe
  C:\Windows\System\taIFJuS.exe
  2⤵
  PID:3232
- C:\Windows\System\kJMNcjx.exe
  C:\Windows\System\kJMNcjx.exe
  2⤵
  PID:3660
- C:\Windows\System\XYuOEIo.exe
  C:\Windows\System\XYuOEIo.exe
  2⤵
  PID:3928
- C:\Windows\System\AlrHuOH.exe
  C:\Windows\System\AlrHuOH.exe
  2⤵
  PID:2084
- C:\Windows\System\CYdSAVQ.exe
  C:\Windows\System\CYdSAVQ.exe
  2⤵
  PID:3696
- C:\Windows\System\wcJsjjX.exe
  C:\Windows\System\wcJsjjX.exe
  2⤵
  PID:4036
- C:\Windows\System\tGfmUYi.exe
  C:\Windows\System\tGfmUYi.exe
  2⤵
  PID:3272
- C:\Windows\System\OlYnnYX.exe
  C:\Windows\System\OlYnnYX.exe
  2⤵
  PID:3640
- C:\Windows\System\tAnhUfZ.exe
  C:\Windows\System\tAnhUfZ.exe
  2⤵
  PID:3172
- C:\Windows\System\VHUZbqp.exe
  C:\Windows\System\VHUZbqp.exe
  2⤵
  PID:3840
- C:\Windows\System\ZpeQURB.exe
  C:\Windows\System\ZpeQURB.exe
  2⤵
  PID:3320
- C:\Windows\System\JfYcLGN.exe
  C:\Windows\System\JfYcLGN.exe
  2⤵
  PID:3592
- C:\Windows\System\aSsJQYn.exe
  C:\Windows\System\aSsJQYn.exe
  2⤵
  PID:3796
- C:\Windows\System\LgLgnHt.exe
  C:\Windows\System\LgLgnHt.exe
  2⤵
  PID:3540
- C:\Windows\System\tPGdYUV.exe
  C:\Windows\System\tPGdYUV.exe
  2⤵
  PID:3504
- C:\Windows\System\bCkTIZe.exe
  C:\Windows\System\bCkTIZe.exe
  2⤵
  PID:2864
- C:\Windows\System\SRFrUeq.exe
  C:\Windows\System\SRFrUeq.exe
  2⤵
  PID:4108
- C:\Windows\System\sdhkWID.exe
  C:\Windows\System\sdhkWID.exe
  2⤵
  PID:4132
- C:\Windows\System\FejYPEk.exe
  C:\Windows\System\FejYPEk.exe
  2⤵
  PID:4152
- C:\Windows\System\ujRicWZ.exe
  C:\Windows\System\ujRicWZ.exe
  2⤵
  PID:4172
- C:\Windows\System\dlOcNsk.exe
  C:\Windows\System\dlOcNsk.exe
  2⤵
  PID:4192
- C:\Windows\System\hlzZcCH.exe
  C:\Windows\System\hlzZcCH.exe
  2⤵
  PID:4208
- C:\Windows\System\SnJYGUb.exe
  C:\Windows\System\SnJYGUb.exe
  2⤵
  PID:4232
- C:\Windows\System\CUjnEKn.exe
  C:\Windows\System\CUjnEKn.exe
  2⤵
  PID:4248
- C:\Windows\System\fxQdyxI.exe
  C:\Windows\System\fxQdyxI.exe
  2⤵
  PID:4264
- C:\Windows\System\onNbPkW.exe
  C:\Windows\System\onNbPkW.exe
  2⤵
  PID:4284
- C:\Windows\System\iBYsNfG.exe
  C:\Windows\System\iBYsNfG.exe
  2⤵
  PID:4300
- C:\Windows\System\XolnPUE.exe
  C:\Windows\System\XolnPUE.exe
  2⤵
  PID:4316
- C:\Windows\System\JVtuxDU.exe
  C:\Windows\System\JVtuxDU.exe
  2⤵
  PID:4332
- C:\Windows\System\dgJAZKQ.exe
  C:\Windows\System\dgJAZKQ.exe
  2⤵
  PID:4356
- C:\Windows\System\lCZmpYL.exe
  C:\Windows\System\lCZmpYL.exe
  2⤵
  PID:4376
- C:\Windows\System\AUcrwKG.exe
  C:\Windows\System\AUcrwKG.exe
  2⤵
  PID:4392
- C:\Windows\System\KOVgcZA.exe
  C:\Windows\System\KOVgcZA.exe
  2⤵
  PID:4408
- C:\Windows\System\hQuvVwF.exe
  C:\Windows\System\hQuvVwF.exe
  2⤵
  PID:4428
- C:\Windows\System\KVXJAYA.exe
  C:\Windows\System\KVXJAYA.exe
  2⤵
  PID:4444
- C:\Windows\System\JYsaAiG.exe
  C:\Windows\System\JYsaAiG.exe
  2⤵
  PID:4460
- C:\Windows\System\oEgfVTI.exe
  C:\Windows\System\oEgfVTI.exe
  2⤵
  PID:4476
- C:\Windows\System\BRhKUqm.exe
  C:\Windows\System\BRhKUqm.exe
  2⤵
  PID:4492
- C:\Windows\System\folTcxL.exe
  C:\Windows\System\folTcxL.exe
  2⤵
  PID:4508
- C:\Windows\System\HKHElek.exe
  C:\Windows\System\HKHElek.exe
  2⤵
  PID:4548
- C:\Windows\System\cBEWmpM.exe
  C:\Windows\System\cBEWmpM.exe
  2⤵
  PID:4564
- C:\Windows\System\qMxUlaD.exe
  C:\Windows\System\qMxUlaD.exe
  2⤵
  PID:4580
- C:\Windows\System\VyAlzlc.exe
  C:\Windows\System\VyAlzlc.exe
  2⤵
  PID:4596
- C:\Windows\System\doPKEmS.exe
  C:\Windows\System\doPKEmS.exe
  2⤵
  PID:4612
- C:\Windows\System\KXWWbrw.exe
  C:\Windows\System\KXWWbrw.exe
  2⤵
  PID:4628
- C:\Windows\System\SiDAxSJ.exe
  C:\Windows\System\SiDAxSJ.exe
  2⤵
  PID:4648
- C:\Windows\System\VHWMGby.exe
  C:\Windows\System\VHWMGby.exe
  2⤵
  PID:4664
- C:\Windows\System\xxXbIRd.exe
  C:\Windows\System\xxXbIRd.exe
  2⤵
  PID:4680
- C:\Windows\System\toPphFd.exe
  C:\Windows\System\toPphFd.exe
  2⤵
  PID:4696
- C:\Windows\System\vKaXRhf.exe
  C:\Windows\System\vKaXRhf.exe
  2⤵
  PID:4712
- C:\Windows\System\ejrRgtH.exe
  C:\Windows\System\ejrRgtH.exe
  2⤵
  PID:4728
- C:\Windows\System\RfDeeoe.exe
  C:\Windows\System\RfDeeoe.exe
  2⤵
  PID:4744
- C:\Windows\System\IdkWVqD.exe
  C:\Windows\System\IdkWVqD.exe
  2⤵
  PID:4760
- C:\Windows\System\CflvfzR.exe
  C:\Windows\System\CflvfzR.exe
  2⤵
  PID:4776
- C:\Windows\System\NSyDqIx.exe
  C:\Windows\System\NSyDqIx.exe
  2⤵
  PID:4876
- C:\Windows\System\SekSzNQ.exe
  C:\Windows\System\SekSzNQ.exe
  2⤵
  PID:4892
- C:\Windows\System\XHlWfgi.exe
  C:\Windows\System\XHlWfgi.exe
  2⤵
  PID:4908
- C:\Windows\System\zMZjOcf.exe
  C:\Windows\System\zMZjOcf.exe
  2⤵
  PID:4924
- C:\Windows\System\qtfLiVW.exe
  C:\Windows\System\qtfLiVW.exe
  2⤵
  PID:4940
- C:\Windows\System\btqLxGk.exe
  C:\Windows\System\btqLxGk.exe
  2⤵
  PID:4956
- C:\Windows\System\mcizgYU.exe
  C:\Windows\System\mcizgYU.exe
  2⤵
  PID:4972
- C:\Windows\System\oywbipH.exe
  C:\Windows\System\oywbipH.exe
  2⤵
  PID:4988
- C:\Windows\System\KJcIFzz.exe
  C:\Windows\System\KJcIFzz.exe
  2⤵
  PID:5004
- C:\Windows\System\QIyHxZh.exe
  C:\Windows\System\QIyHxZh.exe
  2⤵
  PID:5020
- C:\Windows\System\VGaaIiy.exe
  C:\Windows\System\VGaaIiy.exe
  2⤵
  PID:5036
- C:\Windows\System\IxvMGVe.exe
  C:\Windows\System\IxvMGVe.exe
  2⤵
  PID:5060
- C:\Windows\System\AlCAJiW.exe
  C:\Windows\System\AlCAJiW.exe
  2⤵
  PID:5076
- C:\Windows\System\BAOzGJf.exe
  C:\Windows\System\BAOzGJf.exe
  2⤵
  PID:5108
- C:\Windows\System\aslPmyz.exe
  C:\Windows\System\aslPmyz.exe
  2⤵
  PID:3812
- C:\Windows\System\bNrGTCz.exe
  C:\Windows\System\bNrGTCz.exe
  2⤵
  PID:3436
- C:\Windows\System\GsQXuQE.exe
  C:\Windows\System\GsQXuQE.exe
  2⤵
  PID:3156
- C:\Windows\System\xDisoFT.exe
  C:\Windows\System\xDisoFT.exe
  2⤵
  PID:4072
- C:\Windows\System\zEWoTLw.exe
  C:\Windows\System\zEWoTLw.exe
  2⤵
  PID:3396
- C:\Windows\System\TRMWRjC.exe
  C:\Windows\System\TRMWRjC.exe
  2⤵
  PID:4128
- C:\Windows\System\oZeZZjL.exe
  C:\Windows\System\oZeZZjL.exe
  2⤵
  PID:4200
- C:\Windows\System\oZymPJE.exe
  C:\Windows\System\oZymPJE.exe
  2⤵
  PID:4240
- C:\Windows\System\yJXFboM.exe
  C:\Windows\System\yJXFboM.exe
  2⤵
  PID:4308
- C:\Windows\System\TwjTLvd.exe
  C:\Windows\System\TwjTLvd.exe
  2⤵
  PID:4344
- C:\Windows\System\NrTvYsn.exe
  C:\Windows\System\NrTvYsn.exe
  2⤵
  PID:4416
- C:\Windows\System\DWiyRpS.exe
  C:\Windows\System\DWiyRpS.exe
  2⤵
  PID:4420
- C:\Windows\System\xmvWPdj.exe
  C:\Windows\System\xmvWPdj.exe
  2⤵
  PID:4148
- C:\Windows\System\wIWWdYK.exe
  C:\Windows\System\wIWWdYK.exe
  2⤵
  PID:4484
- C:\Windows\System\xhDscry.exe
  C:\Windows\System\xhDscry.exe
  2⤵
  PID:4532
- C:\Windows\System\iCJCDfK.exe
  C:\Windows\System\iCJCDfK.exe
  2⤵
  PID:4636
- C:\Windows\System\eaGbsYK.exe
  C:\Windows\System\eaGbsYK.exe
  2⤵
  PID:4676
- C:\Windows\System\FVwiyOj.exe
  C:\Windows\System\FVwiyOj.exe
  2⤵
  PID:4736
- C:\Windows\System\XOTilHL.exe
  C:\Windows\System\XOTilHL.exe
  2⤵
  PID:4296
- C:\Windows\System\cdJLOxw.exe
  C:\Windows\System\cdJLOxw.exe
  2⤵
  PID:4216
- C:\Windows\System\VzJuyZp.exe
  C:\Windows\System\VzJuyZp.exe
  2⤵
  PID:4560
- C:\Windows\System\vGfNvhz.exe
  C:\Windows\System\vGfNvhz.exe
  2⤵
  PID:4624
- C:\Windows\System\fiEGVxs.exe
  C:\Windows\System\fiEGVxs.exe
  2⤵
  PID:4688
- C:\Windows\System\HxZUFZa.exe
  C:\Windows\System\HxZUFZa.exe
  2⤵
  PID:4756
- C:\Windows\System\DxrrKvh.exe
  C:\Windows\System\DxrrKvh.exe
  2⤵
  PID:4440
- C:\Windows\System\PdVfwYg.exe
  C:\Windows\System\PdVfwYg.exe
  2⤵
  PID:4400
- C:\Windows\System\cyepofa.exe
  C:\Windows\System\cyepofa.exe
  2⤵
  PID:4800
- C:\Windows\System\GBxkYWe.exe
  C:\Windows\System\GBxkYWe.exe
  2⤵
  PID:4816
- C:\Windows\System\PuWpqZZ.exe
  C:\Windows\System\PuWpqZZ.exe
  2⤵
  PID:4832
- C:\Windows\System\zgRHWvL.exe
  C:\Windows\System\zgRHWvL.exe
  2⤵
  PID:4848
- C:\Windows\System\TNOPHeV.exe
  C:\Windows\System\TNOPHeV.exe
  2⤵
  PID:4860
- C:\Windows\System\eNqZlUC.exe
  C:\Windows\System\eNqZlUC.exe
  2⤵
  PID:4888
- C:\Windows\System\IMgcLMP.exe
  C:\Windows\System\IMgcLMP.exe
  2⤵
  PID:4980
- C:\Windows\System\xbfQfmb.exe
  C:\Windows\System\xbfQfmb.exe
  2⤵
  PID:5044
- C:\Windows\System\BiNNyiv.exe
  C:\Windows\System\BiNNyiv.exe
  2⤵
  PID:5096
- C:\Windows\System\iYvhMPI.exe
  C:\Windows\System\iYvhMPI.exe
  2⤵
  PID:5028
- C:\Windows\System\FrhHlsZ.exe
  C:\Windows\System\FrhHlsZ.exe
  2⤵
  PID:4088
- C:\Windows\System\EBUBBHs.exe
  C:\Windows\System\EBUBBHs.exe
  2⤵
  PID:4168
- C:\Windows\System\buYjTpg.exe
  C:\Windows\System\buYjTpg.exe
  2⤵
  PID:3628
- C:\Windows\System\JPolOfC.exe
  C:\Windows\System\JPolOfC.exe
  2⤵
  PID:4932
- C:\Windows\System\PXaQRdv.exe
  C:\Windows\System\PXaQRdv.exe
  2⤵
  PID:4116
- C:\Windows\System\pJdhCpf.exe
  C:\Windows\System\pJdhCpf.exe
  2⤵
  PID:4144
- C:\Windows\System\cVhwiKL.exe
  C:\Windows\System\cVhwiKL.exe
  2⤵
  PID:4324
- C:\Windows\System\wixYpPH.exe
  C:\Windows\System\wixYpPH.exe
  2⤵
  PID:4220
- C:\Windows\System\aGMcTFz.exe
  C:\Windows\System\aGMcTFz.exe
  2⤵
  PID:4488
- C:\Windows\System\eCbGbOz.exe
  C:\Windows\System\eCbGbOz.exe
  2⤵
  PID:4576
- C:\Windows\System\jtWlScu.exe
  C:\Windows\System\jtWlScu.exe
  2⤵
  PID:4184
- C:\Windows\System\skxeKky.exe
  C:\Windows\System\skxeKky.exe
  2⤵
  PID:4752
- C:\Windows\System\qlrtxKc.exe
  C:\Windows\System\qlrtxKc.exe
  2⤵
  PID:4812
- C:\Windows\System\nrSpQsi.exe
  C:\Windows\System\nrSpQsi.exe
  2⤵
  PID:4160
- C:\Windows\System\LpgWPVp.exe
  C:\Windows\System\LpgWPVp.exe
  2⤵
  PID:5016
- C:\Windows\System\pmSxSAk.exe
  C:\Windows\System\pmSxSAk.exe
  2⤵
  PID:4768
- C:\Windows\System\dygFHYG.exe
  C:\Windows\System\dygFHYG.exe
  2⤵
  PID:4660
- C:\Windows\System\CtFwbVL.exe
  C:\Windows\System\CtFwbVL.exe
  2⤵
  PID:4796
- C:\Windows\System\mTrCxYi.exe
  C:\Windows\System\mTrCxYi.exe
  2⤵
  PID:4856
- C:\Windows\System\hTzcaMv.exe
  C:\Windows\System\hTzcaMv.exe
  2⤵
  PID:5216
- C:\Windows\System\uxpqwnG.exe
  C:\Windows\System\uxpqwnG.exe
  2⤵
  PID:5232
- C:\Windows\System\xhalCiW.exe
  C:\Windows\System\xhalCiW.exe
  2⤵
  PID:5248
- C:\Windows\System\IPmVpwk.exe
  C:\Windows\System\IPmVpwk.exe
  2⤵
  PID:5264
- C:\Windows\System\VzwxQLG.exe
  C:\Windows\System\VzwxQLG.exe
  2⤵
  PID:5284
- C:\Windows\System\UDihTHI.exe
  C:\Windows\System\UDihTHI.exe
  2⤵
  PID:5300
- C:\Windows\System\RWsiSPS.exe
  C:\Windows\System\RWsiSPS.exe
  2⤵
  PID:5316
- C:\Windows\System\SgXtRbX.exe
  C:\Windows\System\SgXtRbX.exe
  2⤵
  PID:5332
- C:\Windows\System\dYqtXem.exe
  C:\Windows\System\dYqtXem.exe
  2⤵
  PID:5352
- C:\Windows\System\OXkkZgJ.exe
  C:\Windows\System\OXkkZgJ.exe
  2⤵
  PID:5368
- C:\Windows\System\bOIlQnu.exe
  C:\Windows\System\bOIlQnu.exe
  2⤵
  PID:5384
- C:\Windows\System\lCNZGCA.exe
  C:\Windows\System\lCNZGCA.exe
  2⤵
  PID:5400
- C:\Windows\System\sQqtxvL.exe
  C:\Windows\System\sQqtxvL.exe
  2⤵
  PID:5416
- C:\Windows\System\LkdzfFc.exe
  C:\Windows\System\LkdzfFc.exe
  2⤵
  PID:5436
- C:\Windows\System\pZxLdlb.exe
  C:\Windows\System\pZxLdlb.exe
  2⤵
  PID:5452
- C:\Windows\System\USXlNIl.exe
  C:\Windows\System\USXlNIl.exe
  2⤵
  PID:5472
- C:\Windows\System\lgLkUXd.exe
  C:\Windows\System\lgLkUXd.exe
  2⤵
  PID:5488
- C:\Windows\System\mdjkYVd.exe
  C:\Windows\System\mdjkYVd.exe
  2⤵
  PID:5504
- C:\Windows\System\JhWLzsZ.exe
  C:\Windows\System\JhWLzsZ.exe
  2⤵
  PID:5524
- C:\Windows\System\EcLjdrf.exe
  C:\Windows\System\EcLjdrf.exe
  2⤵
  PID:5540
- C:\Windows\System\jMhsYSZ.exe
  C:\Windows\System\jMhsYSZ.exe
  2⤵
  PID:5560
- C:\Windows\System\gQkxbum.exe
  C:\Windows\System\gQkxbum.exe
  2⤵
  PID:5576
- C:\Windows\System\hdIcWkA.exe
  C:\Windows\System\hdIcWkA.exe
  2⤵
  PID:5592
- C:\Windows\System\qbcQTVJ.exe
  C:\Windows\System\qbcQTVJ.exe
  2⤵
  PID:5612
- C:\Windows\System\MlYYbnR.exe
  C:\Windows\System\MlYYbnR.exe
  2⤵
  PID:5628
- C:\Windows\System\suPANNj.exe
  C:\Windows\System\suPANNj.exe
  2⤵
  PID:5648
- C:\Windows\System\slAIlBF.exe
  C:\Windows\System\slAIlBF.exe
  2⤵
  PID:5664
- C:\Windows\System\KoxuklQ.exe
  C:\Windows\System\KoxuklQ.exe
  2⤵
  PID:5760
- C:\Windows\System\DEWmWQR.exe
  C:\Windows\System\DEWmWQR.exe
  2⤵
  PID:5776
- C:\Windows\System\SxmgrQT.exe
  C:\Windows\System\SxmgrQT.exe
  2⤵
  PID:5792
- C:\Windows\System\zmTSNBT.exe
  C:\Windows\System\zmTSNBT.exe
  2⤵
  PID:5808
- C:\Windows\System\JVVLTWS.exe
  C:\Windows\System\JVVLTWS.exe
  2⤵
  PID:5824
- C:\Windows\System\XPODkQW.exe
  C:\Windows\System\XPODkQW.exe
  2⤵
  PID:5840
- C:\Windows\System\xsPwWwN.exe
  C:\Windows\System\xsPwWwN.exe
  2⤵
  PID:5856
- C:\Windows\System\IpQIsgB.exe
  C:\Windows\System\IpQIsgB.exe
  2⤵
  PID:5872
- C:\Windows\System\BHyskQi.exe
  C:\Windows\System\BHyskQi.exe
  2⤵
  PID:5892
- C:\Windows\System\NVEDWzp.exe
  C:\Windows\System\NVEDWzp.exe
  2⤵
  PID:5908
- C:\Windows\System\LPLcsQL.exe
  C:\Windows\System\LPLcsQL.exe
  2⤵
  PID:5928
- C:\Windows\System\ybXbqnN.exe
  C:\Windows\System\ybXbqnN.exe
  2⤵
  PID:5944
- C:\Windows\System\VfenkHu.exe
  C:\Windows\System\VfenkHu.exe
  2⤵
  PID:5960
- C:\Windows\System\dbnVCwn.exe
  C:\Windows\System\dbnVCwn.exe
  2⤵
  PID:5980
- C:\Windows\System\dexVoBp.exe
  C:\Windows\System\dexVoBp.exe
  2⤵
  PID:6000
- C:\Windows\System\rQUsucP.exe
  C:\Windows\System\rQUsucP.exe
  2⤵
  PID:6020
- C:\Windows\System\uECEXeD.exe
  C:\Windows\System\uECEXeD.exe
  2⤵
  PID:6044
- C:\Windows\System\SHudWZw.exe
  C:\Windows\System\SHudWZw.exe
  2⤵
  PID:6064
- C:\Windows\System\lNuFBSc.exe
  C:\Windows\System\lNuFBSc.exe
  2⤵
  PID:6080
- C:\Windows\System\nAbgTdd.exe
  C:\Windows\System\nAbgTdd.exe
  2⤵
  PID:6104
- C:\Windows\System\JVPtKwE.exe
  C:\Windows\System\JVPtKwE.exe
  2⤵
  PID:6120
- C:\Windows\System\YpqoFek.exe
  C:\Windows\System\YpqoFek.exe
  2⤵
  PID:6140
- C:\Windows\System\BlLUNUu.exe
  C:\Windows\System\BlLUNUu.exe
  2⤵
  PID:5052
- C:\Windows\System\rrzwztn.exe
  C:\Windows\System\rrzwztn.exe
  2⤵
  PID:5072
- C:\Windows\System\uIfSszR.exe
  C:\Windows\System\uIfSszR.exe
  2⤵
  PID:5100
- C:\Windows\System\WpJHDKg.exe
  C:\Windows\System\WpJHDKg.exe
  2⤵
  PID:4104
- C:\Windows\System\CAqkpvz.exe
  C:\Windows\System\CAqkpvz.exe
  2⤵
  PID:4608
- C:\Windows\System\BkuNHEv.exe
  C:\Windows\System\BkuNHEv.exe
  2⤵
  PID:4500
- C:\Windows\System\AWWZjbw.exe
  C:\Windows\System\AWWZjbw.exe
  2⤵
  PID:2972
- C:\Windows\System\iqeeyfr.exe
  C:\Windows\System\iqeeyfr.exe
  2⤵
  PID:4824
- C:\Windows\System\kkWGIXK.exe
  C:\Windows\System\kkWGIXK.exe
  2⤵
  PID:5088
- C:\Windows\System\vfOIdEl.exe
  C:\Windows\System\vfOIdEl.exe
  2⤵
  PID:4968
- C:\Windows\System\HMuiNcn.exe
  C:\Windows\System\HMuiNcn.exe
  2⤵
  PID:3656
- C:\Windows\System\skFogLl.exe
  C:\Windows\System\skFogLl.exe
  2⤵
  PID:5224
- C:\Windows\System\tijegBT.exe
  C:\Windows\System\tijegBT.exe
  2⤵
  PID:5292
- C:\Windows\System\ShXJmFe.exe
  C:\Windows\System\ShXJmFe.exe
  2⤵
  PID:5360
- C:\Windows\System\asBdXYW.exe
  C:\Windows\System\asBdXYW.exe
  2⤵
  PID:5424
- C:\Windows\System\RxzbXpA.exe
  C:\Windows\System\RxzbXpA.exe
  2⤵
  PID:5496
- C:\Windows\System\aNmpYul.exe
  C:\Windows\System\aNmpYul.exe
  2⤵
  PID:4348
- C:\Windows\System\iLsUalq.exe
  C:\Windows\System\iLsUalq.exe
  2⤵
  PID:4540
- C:\Windows\System\QiAPJgv.exe
  C:\Windows\System\QiAPJgv.exe
  2⤵
  PID:4620
- C:\Windows\System\qLfbimE.exe
  C:\Windows\System\qLfbimE.exe
  2⤵
  PID:4644
- C:\Windows\System\BPvgXHL.exe
  C:\Windows\System\BPvgXHL.exe
  2⤵
  PID:4472
- C:\Windows\System\WqWqlNG.exe
  C:\Windows\System\WqWqlNG.exe
  2⤵
  PID:5132
- C:\Windows\System\BpOBbVQ.exe
  C:\Windows\System\BpOBbVQ.exe
  2⤵
  PID:5600
- C:\Windows\System\YfRDRxy.exe
  C:\Windows\System\YfRDRxy.exe
  2⤵
  PID:5144
- C:\Windows\System\MoYAMxD.exe
  C:\Windows\System\MoYAMxD.exe
  2⤵
  PID:5428
- C:\Windows\System\fwWNNyy.exe
  C:\Windows\System\fwWNNyy.exe
  2⤵
  PID:5676
- C:\Windows\System\bchFuCB.exe
  C:\Windows\System\bchFuCB.exe
  2⤵
  PID:5692
- C:\Windows\System\RjPMktS.exe
  C:\Windows\System\RjPMktS.exe
  2⤵
  PID:5708
- C:\Windows\System\WvoYnWd.exe
  C:\Windows\System\WvoYnWd.exe
  2⤵
  PID:5724
- C:\Windows\System\pjnatys.exe
  C:\Windows\System\pjnatys.exe
  2⤵
  PID:5152
- C:\Windows\System\syfLzCH.exe
  C:\Windows\System\syfLzCH.exe
  2⤵
  PID:5128
- C:\Windows\System\qPsZdLv.exe
  C:\Windows\System\qPsZdLv.exe
  2⤵
  PID:5180
- C:\Windows\System\GQliIqt.exe
  C:\Windows\System\GQliIqt.exe
  2⤵
  PID:5196
- C:\Windows\System\SdWlcEA.exe
  C:\Windows\System\SdWlcEA.exe
  2⤵
  PID:5212
- C:\Windows\System\xFfPGrB.exe
  C:\Windows\System\xFfPGrB.exe
  2⤵
  PID:5720
- C:\Windows\System\oQypGbA.exe
  C:\Windows\System\oQypGbA.exe
  2⤵
  PID:5748
- C:\Windows\System\VZtKwtz.exe
  C:\Windows\System\VZtKwtz.exe
  2⤵
  PID:5820
- C:\Windows\System\eIPAewm.exe
  C:\Windows\System\eIPAewm.exe
  2⤵
  PID:5280
- C:\Windows\System\oOMLVQu.exe
  C:\Windows\System\oOMLVQu.exe
  2⤵
  PID:5344
- C:\Windows\System\aRTPUxF.exe
  C:\Windows\System\aRTPUxF.exe
  2⤵
  PID:5408
- C:\Windows\System\WXFNpVA.exe
  C:\Windows\System\WXFNpVA.exe
  2⤵
  PID:5484
- C:\Windows\System\RGAjNqg.exe
  C:\Windows\System\RGAjNqg.exe
  2⤵
  PID:5520
- C:\Windows\System\UwCLkdv.exe
  C:\Windows\System\UwCLkdv.exe
  2⤵
  PID:5584
- C:\Windows\System\KaPoJPF.exe
  C:\Windows\System\KaPoJPF.exe
  2⤵
  PID:5656
- C:\Windows\System\hDWncVz.exe
  C:\Windows\System\hDWncVz.exe
  2⤵
  PID:5800
- C:\Windows\System\ThQqyue.exe
  C:\Windows\System\ThQqyue.exe
  2⤵
  PID:5880
- C:\Windows\System\AaXAgkU.exe
  C:\Windows\System\AaXAgkU.exe
  2⤵
  PID:5952
- C:\Windows\System\lxuqvyg.exe
  C:\Windows\System\lxuqvyg.exe
  2⤵
  PID:5864
- C:\Windows\System\DQNsFsp.exe
  C:\Windows\System\DQNsFsp.exe
  2⤵
  PID:5904
- C:\Windows\System\zasmECs.exe
  C:\Windows\System\zasmECs.exe
  2⤵
  PID:5968
- C:\Windows\System\NcCVxWI.exe
  C:\Windows\System\NcCVxWI.exe
  2⤵
  PID:6016
- C:\Windows\System\kzMSzUt.exe
  C:\Windows\System\kzMSzUt.exe
  2⤵
  PID:6088
- C:\Windows\System\FwPkipv.exe
  C:\Windows\System\FwPkipv.exe
  2⤵
  PID:6128
- C:\Windows\System\eEqplfH.exe
  C:\Windows\System\eEqplfH.exe
  2⤵
  PID:4900
- C:\Windows\System\MnXrzlv.exe
  C:\Windows\System\MnXrzlv.exe
  2⤵
  PID:3932
- C:\Windows\System\TAYbMeu.exe
  C:\Windows\System\TAYbMeu.exe
  2⤵
  PID:5996
- C:\Windows\System\ylIcUbf.exe
  C:\Windows\System\ylIcUbf.exe
  2⤵
  PID:6072
- C:\Windows\System\bNVAucL.exe
  C:\Windows\System\bNVAucL.exe
  2⤵
  PID:4704
- C:\Windows\System\ViCcKTm.exe
  C:\Windows\System\ViCcKTm.exe
  2⤵
  PID:3536
- C:\Windows\System\rReMrnP.exe
  C:\Windows\System\rReMrnP.exe
  2⤵
  PID:4452
- C:\Windows\System\TnLohVo.exe
  C:\Windows\System\TnLohVo.exe
  2⤵
  PID:2408
- C:\Windows\System\qqNrXOh.exe
  C:\Windows\System\qqNrXOh.exe
  2⤵
  PID:5084
- C:\Windows\System\LqbZQgX.exe
  C:\Windows\System\LqbZQgX.exe
  2⤵
  PID:4276
- C:\Windows\System\SgzxhmD.exe
  C:\Windows\System\SgzxhmD.exe
  2⤵
  PID:5328
- C:\Windows\System\EYSoYXs.exe
  C:\Windows\System\EYSoYXs.exe
  2⤵
  PID:5644
- C:\Windows\System\jioYsMs.exe
  C:\Windows\System\jioYsMs.exe
  2⤵
  PID:2264
- C:\Windows\System\TThFpam.exe
  C:\Windows\System\TThFpam.exe
  2⤵
  PID:5972
- C:\Windows\System\ySvSBxd.exe
  C:\Windows\System\ySvSBxd.exe
  2⤵
  PID:6008
- C:\Windows\System\QtHmoEh.exe
  C:\Windows\System\QtHmoEh.exe
  2⤵
  PID:4524
- C:\Windows\System\xAvAeab.exe
  C:\Windows\System\xAvAeab.exe
  2⤵
  PID:3012
- C:\Windows\System\uxcDqCl.exe
  C:\Windows\System\uxcDqCl.exe
  2⤵
  PID:5988
- C:\Windows\System\PXTXjUe.exe
  C:\Windows\System\PXTXjUe.exe
  2⤵
  PID:6040
- C:\Windows\System\DIcSNDm.exe
  C:\Windows\System\DIcSNDm.exe
  2⤵
  PID:4404
- C:\Windows\System\lgKzTKx.exe
  C:\Windows\System\lgKzTKx.exe
  2⤵
  PID:5104
- C:\Windows\System\uTDPXRH.exe
  C:\Windows\System\uTDPXRH.exe
  2⤵
  PID:5536
- C:\Windows\System\nVtuwSV.exe
  C:\Windows\System\nVtuwSV.exe
  2⤵
  PID:5604
- C:\Windows\System\wKlPaJq.exe
  C:\Windows\System\wKlPaJq.exe
  2⤵
  PID:4340
- C:\Windows\System\azvhBOu.exe
  C:\Windows\System\azvhBOu.exe
  2⤵
  PID:4592
- C:\Windows\System\nOkvHjF.exe
  C:\Windows\System\nOkvHjF.exe
  2⤵
  PID:5124
- C:\Windows\System\gvXDtvP.exe
  C:\Windows\System\gvXDtvP.exe
  2⤵
  PID:348
- C:\Windows\System\EGMOqIL.exe
  C:\Windows\System\EGMOqIL.exe
  2⤵
  PID:1740
- C:\Windows\System\dCVsXeD.exe
  C:\Windows\System\dCVsXeD.exe
  2⤵
  PID:2756
- C:\Windows\System\odOymqA.exe
  C:\Windows\System\odOymqA.exe
  2⤵
  PID:592
- C:\Windows\System\LioDWxM.exe
  C:\Windows\System\LioDWxM.exe
  2⤵
  PID:1996
- C:\Windows\System\FQXJEFg.exe
  C:\Windows\System\FQXJEFg.exe
  2⤵
  PID:628
- C:\Windows\System\ooWyfHJ.exe
  C:\Windows\System\ooWyfHJ.exe
  2⤵
  PID:588
- C:\Windows\System\wFCocPA.exe
  C:\Windows\System\wFCocPA.exe
  2⤵
  PID:2684
- C:\Windows\System\ZrbznfD.exe
  C:\Windows\System\ZrbznfD.exe
  2⤵
  PID:1748
- C:\Windows\System\tHOUhbJ.exe
  C:\Windows\System\tHOUhbJ.exe
  2⤵
  PID:5208
- C:\Windows\System\RxeWrHP.exe
  C:\Windows\System\RxeWrHP.exe
  2⤵
  PID:888
- C:\Windows\System\kmNBLxB.exe
  C:\Windows\System\kmNBLxB.exe
  2⤵
  PID:5272
- C:\Windows\System\pPqPGLd.exe
  C:\Windows\System\pPqPGLd.exe
  2⤵
  PID:2916
- C:\Windows\System\osGeHQl.exe
  C:\Windows\System\osGeHQl.exe
  2⤵
  PID:5340
- C:\Windows\System\IUAISMI.exe
  C:\Windows\System\IUAISMI.exe
  2⤵
  PID:5448
- C:\Windows\System\RwclowE.exe
  C:\Windows\System\RwclowE.exe
  2⤵
  PID:408
- C:\Windows\System\cGpWfJX.exe
  C:\Windows\System\cGpWfJX.exe
  2⤵
  PID:5868
- C:\Windows\System\MpVLnbB.exe
  C:\Windows\System\MpVLnbB.exe
  2⤵
  PID:5392
- C:\Windows\System\GeRPmGg.exe
  C:\Windows\System\GeRPmGg.exe
  2⤵
  PID:5256
- C:\Windows\System\pabMUBs.exe
  C:\Windows\System\pabMUBs.exe
  2⤵
  PID:2748
- C:\Windows\System\SPYdPgr.exe
  C:\Windows\System\SPYdPgr.exe
  2⤵
  PID:3040
- C:\Windows\System\gDuslHR.exe
  C:\Windows\System\gDuslHR.exe
  2⤵
  PID:4904
- C:\Windows\System\wNYQYQP.exe
  C:\Windows\System\wNYQYQP.exe
  2⤵
  PID:5736
- C:\Windows\System\qElxlLw.exe
  C:\Windows\System\qElxlLw.exe
  2⤵
  PID:1332
- C:\Windows\System\aZhbRpv.exe
  C:\Windows\System\aZhbRpv.exe
  2⤵
  PID:5468
- C:\Windows\System\luNRwWd.exe
  C:\Windows\System\luNRwWd.exe
  2⤵
  PID:4256
- C:\Windows\System\ISEcVZV.exe
  C:\Windows\System\ISEcVZV.exe
  2⤵
  PID:2944
- C:\Windows\System\UXDFBPs.exe
  C:\Windows\System\UXDFBPs.exe
  2⤵
  PID:684
- C:\Windows\System\SNPhmiF.exe
  C:\Windows\System\SNPhmiF.exe
  2⤵
  PID:5032
- C:\Windows\System\jFjDyIl.exe
  C:\Windows\System\jFjDyIl.exe
  2⤵
  PID:5568
- C:\Windows\System\EqChWnZ.exe
  C:\Windows\System\EqChWnZ.exe
  2⤵
  PID:5168
- C:\Windows\System\reMgjeN.exe
  C:\Windows\System\reMgjeN.exe
  2⤵
  PID:5192
- C:\Windows\System\dnNWbRI.exe
  C:\Windows\System\dnNWbRI.exe
  2⤵
  PID:2432
- C:\Windows\System\naEPylJ.exe
  C:\Windows\System\naEPylJ.exe
  2⤵
  PID:5784
- C:\Windows\System\SPHsFOI.exe
  C:\Windows\System\SPHsFOI.exe
  2⤵
  PID:5620
- C:\Windows\System\gxxjmrr.exe
  C:\Windows\System\gxxjmrr.exe
  2⤵
  PID:1260
- C:\Windows\System\UHyonFT.exe
  C:\Windows\System\UHyonFT.exe
  2⤵
  PID:5900
- C:\Windows\System\DZKBxAF.exe
  C:\Windows\System\DZKBxAF.exe
  2⤵
  PID:6028
- C:\Windows\System\GXrumHE.exe
  C:\Windows\System\GXrumHE.exe
  2⤵
  PID:5704
- C:\Windows\System\PWbKFfH.exe
  C:\Windows\System\PWbKFfH.exe
  2⤵
  PID:2588
- C:\Windows\System\PCcJmja.exe
  C:\Windows\System\PCcJmja.exe
  2⤵
  PID:956
- C:\Windows\System\VjRvqtI.exe
  C:\Windows\System\VjRvqtI.exe
  2⤵
  PID:4804
- C:\Windows\System\HLOGKLG.exe
  C:\Windows\System\HLOGKLG.exe
  2⤵
  PID:5260
- C:\Windows\System\jYKJBTO.exe
  C:\Windows\System\jYKJBTO.exe
  2⤵
  PID:5160
- C:\Windows\System\sdECmii.exe
  C:\Windows\System\sdECmii.exe
  2⤵
  PID:1804
- C:\Windows\System\gJLlGvK.exe
  C:\Windows\System\gJLlGvK.exe
  2⤵
  PID:2700
- C:\Windows\System\ylwBGkd.exe
  C:\Windows\System\ylwBGkd.exe
  2⤵
  PID:5376
- C:\Windows\System\OplcIQG.exe
  C:\Windows\System\OplcIQG.exe
  2⤵
  PID:4456
- C:\Windows\System\mDrrBtc.exe
  C:\Windows\System\mDrrBtc.exe
  2⤵
  PID:6160
- C:\Windows\System\geSrOiJ.exe
  C:\Windows\System\geSrOiJ.exe
  2⤵
  PID:6176
- C:\Windows\System\mpttnhP.exe
  C:\Windows\System\mpttnhP.exe
  2⤵
  PID:6192
- C:\Windows\System\OuOBIQk.exe
  C:\Windows\System\OuOBIQk.exe
  2⤵
  PID:6208
- C:\Windows\System\eemkRMm.exe
  C:\Windows\System\eemkRMm.exe
  2⤵
  PID:6224
- C:\Windows\System\VbMcvqE.exe
  C:\Windows\System\VbMcvqE.exe
  2⤵
  PID:6240
- C:\Windows\System\JDBpsca.exe
  C:\Windows\System\JDBpsca.exe
  2⤵
  PID:6256
- C:\Windows\System\AmoNQVC.exe
  C:\Windows\System\AmoNQVC.exe
  2⤵
  PID:6272
- C:\Windows\System\itzaxrn.exe
  C:\Windows\System\itzaxrn.exe
  2⤵
  PID:6288
- C:\Windows\System\eKjmVsT.exe
  C:\Windows\System\eKjmVsT.exe
  2⤵
  PID:6308
- C:\Windows\System\mlGkCSL.exe
  C:\Windows\System\mlGkCSL.exe
  2⤵
  PID:6324
- C:\Windows\System\YazCCkY.exe
  C:\Windows\System\YazCCkY.exe
  2⤵
  PID:6340
- C:\Windows\System\orIjPiN.exe
  C:\Windows\System\orIjPiN.exe
  2⤵
  PID:6356
- C:\Windows\System\JfvaMPq.exe
  C:\Windows\System\JfvaMPq.exe
  2⤵
  PID:6372
- C:\Windows\System\MHBUJDh.exe
  C:\Windows\System\MHBUJDh.exe
  2⤵
  PID:6388
- C:\Windows\System\AKCVqjE.exe
  C:\Windows\System\AKCVqjE.exe
  2⤵
  PID:6404
- C:\Windows\System\uhqIjff.exe
  C:\Windows\System\uhqIjff.exe
  2⤵
  PID:6424
- C:\Windows\System\FJYPmTc.exe
  C:\Windows\System\FJYPmTc.exe
  2⤵
  PID:6440
- C:\Windows\System\itlioum.exe
  C:\Windows\System\itlioum.exe
  2⤵
  PID:6456
- C:\Windows\System\lowboua.exe
  C:\Windows\System\lowboua.exe
  2⤵
  PID:6472
- C:\Windows\System\pXvrFsp.exe
  C:\Windows\System\pXvrFsp.exe
  2⤵
  PID:6488
- C:\Windows\System\PpeeqRO.exe
  C:\Windows\System\PpeeqRO.exe
  2⤵
  PID:6504
- C:\Windows\System\HUoJARU.exe
  C:\Windows\System\HUoJARU.exe
  2⤵
  PID:6520
- C:\Windows\System\XKwvfdk.exe
  C:\Windows\System\XKwvfdk.exe
  2⤵
  PID:6536
- C:\Windows\System\haNEhyG.exe
  C:\Windows\System\haNEhyG.exe
  2⤵
  PID:6568
- C:\Windows\System\sglqkZm.exe
  C:\Windows\System\sglqkZm.exe
  2⤵
  PID:6588
- C:\Windows\System\BHfQKne.exe
  C:\Windows\System\BHfQKne.exe
  2⤵
  PID:6604
- C:\Windows\System\MNJXwlN.exe
  C:\Windows\System\MNJXwlN.exe
  2⤵
  PID:6620
- C:\Windows\System\TWjQWaI.exe
  C:\Windows\System\TWjQWaI.exe
  2⤵
  PID:6636
- C:\Windows\System\sUABxxF.exe
  C:\Windows\System\sUABxxF.exe
  2⤵
  PID:6652
- C:\Windows\System\lWOybSw.exe
  C:\Windows\System\lWOybSw.exe
  2⤵
  PID:6668
- C:\Windows\System\TkiKoZd.exe
  C:\Windows\System\TkiKoZd.exe
  2⤵
  PID:6684
- C:\Windows\System\axVUihR.exe
  C:\Windows\System\axVUihR.exe
  2⤵
  PID:6700
- C:\Windows\System\xYSQksx.exe
  C:\Windows\System\xYSQksx.exe
  2⤵
  PID:6716
- C:\Windows\System\cPDHtqh.exe
  C:\Windows\System\cPDHtqh.exe
  2⤵
  PID:6732
- C:\Windows\System\vLeLvCd.exe
  C:\Windows\System\vLeLvCd.exe
  2⤵
  PID:6748
- C:\Windows\System\MzVhPlm.exe
  C:\Windows\System\MzVhPlm.exe
  2⤵
  PID:6764
- C:\Windows\System\OZDTayd.exe
  C:\Windows\System\OZDTayd.exe
  2⤵
  PID:6780
- C:\Windows\System\PtHLpcg.exe
  C:\Windows\System\PtHLpcg.exe
  2⤵
  PID:6800
- C:\Windows\System\dwvawSV.exe
  C:\Windows\System\dwvawSV.exe
  2⤵
  PID:6820
- C:\Windows\System\sILEfTf.exe
  C:\Windows\System\sILEfTf.exe
  2⤵
  PID:6836
- C:\Windows\System\tUjIdDN.exe
  C:\Windows\System\tUjIdDN.exe
  2⤵
  PID:6852
- C:\Windows\System\TjbtCaU.exe
  C:\Windows\System\TjbtCaU.exe
  2⤵
  PID:6868
- C:\Windows\System\zurUrHm.exe
  C:\Windows\System\zurUrHm.exe
  2⤵
  PID:6884
- C:\Windows\System\DnkaSFV.exe
  C:\Windows\System\DnkaSFV.exe
  2⤵
  PID:6900
- C:\Windows\System\gPaccNc.exe
  C:\Windows\System\gPaccNc.exe
  2⤵
  PID:6916
- C:\Windows\System\BZvYUEo.exe
  C:\Windows\System\BZvYUEo.exe
  2⤵
  PID:6932
- C:\Windows\System\qfWqmIe.exe
  C:\Windows\System\qfWqmIe.exe
  2⤵
  PID:6948
- C:\Windows\System\QNJsISV.exe
  C:\Windows\System\QNJsISV.exe
  2⤵
  PID:6964
- C:\Windows\System\HTkqOiJ.exe
  C:\Windows\System\HTkqOiJ.exe
  2⤵
  PID:6980
- C:\Windows\System\KUxEfRG.exe
  C:\Windows\System\KUxEfRG.exe
  2⤵
  PID:6996
- C:\Windows\System\tGhuQXt.exe
  C:\Windows\System\tGhuQXt.exe
  2⤵
  PID:7016
- C:\Windows\System\cZKVZiJ.exe
  C:\Windows\System\cZKVZiJ.exe
  2⤵
  PID:7032
- C:\Windows\System\iOOLRZo.exe
  C:\Windows\System\iOOLRZo.exe
  2⤵
  PID:7048
- C:\Windows\System\HYFTdXd.exe
  C:\Windows\System\HYFTdXd.exe
  2⤵
  PID:7064
- C:\Windows\System\LqjsKxv.exe
  C:\Windows\System\LqjsKxv.exe
  2⤵
  PID:7080
- C:\Windows\System\TwwZlZs.exe
  C:\Windows\System\TwwZlZs.exe
  2⤵
  PID:7096
- C:\Windows\System\PwnVHiC.exe
  C:\Windows\System\PwnVHiC.exe
  2⤵
  PID:7116
- C:\Windows\System\IZKRzXm.exe
  C:\Windows\System\IZKRzXm.exe
  2⤵
  PID:7132
- C:\Windows\System\IvJvYgb.exe
  C:\Windows\System\IvJvYgb.exe
  2⤵
  PID:7152
- C:\Windows\System\iXbvnYE.exe
  C:\Windows\System\iXbvnYE.exe
  2⤵
  PID:5136
- C:\Windows\System\DLCjoGy.exe
  C:\Windows\System\DLCjoGy.exe
  2⤵
  PID:5556
- C:\Windows\System\DzNnweR.exe
  C:\Windows\System\DzNnweR.exe
  2⤵
  PID:4372
- C:\Windows\System\SyUDPUR.exe
  C:\Windows\System\SyUDPUR.exe
  2⤵
  PID:2648
- C:\Windows\System\JOYqGCS.exe
  C:\Windows\System\JOYqGCS.exe
  2⤵
  PID:5888
- C:\Windows\System\oihhPlb.exe
  C:\Windows\System\oihhPlb.exe
  2⤵
  PID:6172
- C:\Windows\System\EAljlIH.exe
  C:\Windows\System\EAljlIH.exe
  2⤵
  PID:6232
- C:\Windows\System\UhbafwP.exe
  C:\Windows\System\UhbafwP.exe
  2⤵
  PID:6268
- C:\Windows\System\ifbYore.exe
  C:\Windows\System\ifbYore.exe
  2⤵
  PID:1096
- C:\Windows\System\oFArbbQ.exe
  C:\Windows\System\oFArbbQ.exe
  2⤵
  PID:5636
- C:\Windows\System\OfsBceB.exe
  C:\Windows\System\OfsBceB.exe
  2⤵
  PID:5816
- C:\Windows\System\DJpxMoL.exe
  C:\Windows\System\DJpxMoL.exe
  2⤵
  PID:6188
- C:\Windows\System\oXvGXkJ.exe
  C:\Windows\System\oXvGXkJ.exe
  2⤵
  PID:6252
- C:\Windows\System\WjHEQBX.exe
  C:\Windows\System\WjHEQBX.exe
  2⤵
  PID:6348
- C:\Windows\System\KJNvxIi.exe
  C:\Windows\System\KJNvxIi.exe
  2⤵
  PID:6352
- C:\Windows\System\tyICalo.exe
  C:\Windows\System\tyICalo.exe
  2⤵
  PID:6416
- C:\Windows\System\loHTYFw.exe
  C:\Windows\System\loHTYFw.exe
  2⤵
  PID:6512
- C:\Windows\System\xTIaDoF.exe
  C:\Windows\System\xTIaDoF.exe
  2⤵
  PID:6432
- C:\Windows\System\hBYGRAj.exe
  C:\Windows\System\hBYGRAj.exe
  2⤵
  PID:6296
- C:\Windows\System\mNshPLu.exe
  C:\Windows\System\mNshPLu.exe
  2⤵
  PID:6464
- C:\Windows\System\DzJGmet.exe
  C:\Windows\System\DzJGmet.exe
  2⤵
  PID:6584
- C:\Windows\System\jrhLpqe.exe
  C:\Windows\System\jrhLpqe.exe
  2⤵
  PID:6648
- C:\Windows\System\aEGIOzP.exe
  C:\Windows\System\aEGIOzP.exe
  2⤵
  PID:2580
- C:\Windows\System\GjVkOki.exe
  C:\Windows\System\GjVkOki.exe
  2⤵
  PID:6744
- C:\Windows\System\kSjluTV.exe
  C:\Windows\System\kSjluTV.exe
  2⤵
  PID:2740
- C:\Windows\System\QuRhoHW.exe
  C:\Windows\System\QuRhoHW.exe
  2⤵
  PID:668
- C:\Windows\System\aqTHHnP.exe
  C:\Windows\System\aqTHHnP.exe
  2⤵
  PID:6844
- C:\Windows\System\wmIwZkE.exe
  C:\Windows\System\wmIwZkE.exe
  2⤵
  PID:6908
- C:\Windows\System\guzOFMz.exe
  C:\Windows\System\guzOFMz.exe
  2⤵
  PID:6972
- C:\Windows\System\fLyHWKv.exe
  C:\Windows\System\fLyHWKv.exe
  2⤵
  PID:7008
- C:\Windows\System\kJPsxIX.exe
  C:\Windows\System\kJPsxIX.exe
  2⤵
  PID:908
- C:\Windows\System\ybkeuoQ.exe
  C:\Windows\System\ybkeuoQ.exe
  2⤵
  PID:2064
- C:\Windows\System\VLtJZoi.exe
  C:\Windows\System\VLtJZoi.exe
  2⤵
  PID:1984
- C:\Windows\System\WIxtTrM.exe
  C:\Windows\System\WIxtTrM.exe
  2⤵
  PID:3032
- C:\Windows\System\yvBbucH.exe
  C:\Windows\System\yvBbucH.exe
  2⤵
  PID:6600
- C:\Windows\System\piKquHK.exe
  C:\Windows\System\piKquHK.exe
  2⤵
  PID:6664
- C:\Windows\System\OMVIxzQ.exe
  C:\Windows\System\OMVIxzQ.exe
  2⤵
  PID:6728
- C:\Windows\System\IVBHwtM.exe
  C:\Windows\System\IVBHwtM.exe
  2⤵
  PID:6796
- C:\Windows\System\lQuXggB.exe
  C:\Windows\System\lQuXggB.exe
  2⤵
  PID:6864
- C:\Windows\System\oAhHOZr.exe
  C:\Windows\System\oAhHOZr.exe
  2⤵
  PID:6928
- C:\Windows\System\DuCflqk.exe
  C:\Windows\System\DuCflqk.exe
  2⤵
  PID:6992
- C:\Windows\System\fDXHJkK.exe
  C:\Windows\System\fDXHJkK.exe
  2⤵
  PID:1932
- C:\Windows\System\SDQMlAR.exe
  C:\Windows\System\SDQMlAR.exe
  2⤵
  PID:3064
- C:\Windows\System\knHCGSy.exe
  C:\Windows\System\knHCGSy.exe
  2⤵
  PID:6264
- C:\Windows\System\dARrZzI.exe
  C:\Windows\System\dARrZzI.exe
  2⤵
  PID:6156
- C:\Windows\System\tAjqNPV.exe
  C:\Windows\System\tAjqNPV.exe
  2⤵
  PID:7060
- C:\Windows\System\TQuEzhU.exe
  C:\Windows\System\TQuEzhU.exe
  2⤵
  PID:7124
- C:\Windows\System\xqYQdZO.exe
  C:\Windows\System\xqYQdZO.exe
  2⤵
  PID:6384
- C:\Windows\System\IOeSJxY.exe
  C:\Windows\System\IOeSJxY.exe
  2⤵
  PID:6516
- C:\Windows\System\QGybngJ.exe
  C:\Windows\System\QGybngJ.exe
  2⤵
  PID:6436
- C:\Windows\System\EyRBpRG.exe
  C:\Windows\System\EyRBpRG.exe
  2⤵
  PID:1576
- C:\Windows\System\nPlUyCK.exe
  C:\Windows\System\nPlUyCK.exe
  2⤵
  PID:108
- C:\Windows\System\KzALZqL.exe
  C:\Windows\System\KzALZqL.exe
  2⤵
  PID:2924
- C:\Windows\System\rKPLUUI.exe
  C:\Windows\System\rKPLUUI.exe
  2⤵
  PID:7040
- C:\Windows\System\GBzBlZS.exe
  C:\Windows\System\GBzBlZS.exe
  2⤵
  PID:6480
- C:\Windows\System\pnDSesf.exe
  C:\Windows\System\pnDSesf.exe
  2⤵
  PID:5380
- C:\Windows\System\lxbCVLb.exe
  C:\Windows\System\lxbCVLb.exe
  2⤵
  PID:7028
- C:\Windows\System\VrhDOYV.exe
  C:\Windows\System\VrhDOYV.exe
  2⤵
  PID:6828
- C:\Windows\System\oLdvsAa.exe
  C:\Windows\System\oLdvsAa.exe
  2⤵
  PID:6320
- C:\Windows\System\AVOFuQn.exe
  C:\Windows\System\AVOFuQn.exe
  2⤵
  PID:6248
- C:\Windows\System\oyIpFKn.exe
  C:\Windows\System\oyIpFKn.exe
  2⤵
  PID:6876
- C:\Windows\System\fqPGegO.exe
  C:\Windows\System\fqPGegO.exe
  2⤵
  PID:5244
- C:\Windows\System\Vbiltab.exe
  C:\Windows\System\Vbiltab.exe
  2⤵
  PID:7140
- C:\Windows\System\EpoXVoz.exe
  C:\Windows\System\EpoXVoz.exe
  2⤵
  PID:2656
- C:\Windows\System\gbgDkWu.exe
  C:\Windows\System\gbgDkWu.exe
  2⤵
  PID:6776
- C:\Windows\System\tmpdCgr.exe
  C:\Windows\System\tmpdCgr.exe
  2⤵
  PID:6560
- C:\Windows\System\QaPHdgE.exe
  C:\Windows\System\QaPHdgE.exe
  2⤵
  PID:6896
- C:\Windows\System\vhRoAwX.exe
  C:\Windows\System\vhRoAwX.exe
  2⤵
  PID:6576
- C:\Windows\System\SOzKzmi.exe
  C:\Windows\System\SOzKzmi.exe
  2⤵
  PID:2404
- C:\Windows\System\hlUyuEQ.exe
  C:\Windows\System\hlUyuEQ.exe
  2⤵
  PID:6696
- C:\Windows\System\gLFrdBp.exe
  C:\Windows\System\gLFrdBp.exe
  2⤵
  PID:7088
- C:\Windows\System\scoBWJk.exe
  C:\Windows\System\scoBWJk.exe
  2⤵
  PID:7104
- C:\Windows\System\oTSRFya.exe
  C:\Windows\System\oTSRFya.exe
  2⤵
  PID:6596
- C:\Windows\System\WMUsPWq.exe
  C:\Windows\System\WMUsPWq.exe
  2⤵
  PID:6400
- C:\Windows\System\waOpcdX.exe
  C:\Windows\System\waOpcdX.exe
  2⤵
  PID:6712
- C:\Windows\System\fustrDc.exe
  C:\Windows\System\fustrDc.exe
  2⤵
  PID:6960
- C:\Windows\System\YNevWXJ.exe
  C:\Windows\System\YNevWXJ.exe
  2⤵
  PID:6580
- C:\Windows\System\DCNOtSK.exe
  C:\Windows\System\DCNOtSK.exe
  2⤵
  PID:5768
- C:\Windows\System\IqYmFcr.exe
  C:\Windows\System\IqYmFcr.exe
  2⤵
  PID:6036
- C:\Windows\System\ohvWjMo.exe
  C:\Windows\System\ohvWjMo.exe
  2⤵
  PID:6680
- C:\Windows\System\muNmchb.exe
  C:\Windows\System\muNmchb.exe
  2⤵
  PID:7160
- C:\Windows\System\YbGDKqw.exe
  C:\Windows\System\YbGDKqw.exe
  2⤵
  PID:7164
- C:\Windows\System\IxRHzlV.exe
  C:\Windows\System\IxRHzlV.exe
  2⤵
  PID:6452
- C:\Windows\System\BWVADnR.exe
  C:\Windows\System\BWVADnR.exe
  2⤵
  PID:2628
- C:\Windows\System\GRUqmTI.exe
  C:\Windows\System\GRUqmTI.exe
  2⤵
  PID:6760
- C:\Windows\System\yjBWjGy.exe
  C:\Windows\System\yjBWjGy.exe
  2⤵
  PID:6792
- C:\Windows\System\RTqUBPy.exe
  C:\Windows\System\RTqUBPy.exe
  2⤵
  PID:6168
- C:\Windows\System\tiFbUVA.exe
  C:\Windows\System\tiFbUVA.exe
  2⤵
  PID:6564
- C:\Windows\System\AoBbSCB.exe
  C:\Windows\System\AoBbSCB.exe
  2⤵
  PID:7076
- C:\Windows\System\gQYhPjg.exe
  C:\Windows\System\gQYhPjg.exe
  2⤵
  PID:6556
- C:\Windows\System\ZKztJNm.exe
  C:\Windows\System\ZKztJNm.exe
  2⤵
  PID:7184
- C:\Windows\System\tzVxOGI.exe
  C:\Windows\System\tzVxOGI.exe
  2⤵
  PID:7204
- C:\Windows\System\ZSJdhDR.exe
  C:\Windows\System\ZSJdhDR.exe
  2⤵
  PID:7220
- C:\Windows\System\TkNEXkc.exe
  C:\Windows\System\TkNEXkc.exe
  2⤵
  PID:7240
- C:\Windows\System\inWcxge.exe
  C:\Windows\System\inWcxge.exe
  2⤵
  PID:7256
- C:\Windows\System\ORnKgtI.exe
  C:\Windows\System\ORnKgtI.exe
  2⤵
  PID:7280
- C:\Windows\System\YPpJXnQ.exe
  C:\Windows\System\YPpJXnQ.exe
  2⤵
  PID:7296
- C:\Windows\System\wxGjZAk.exe
  C:\Windows\System\wxGjZAk.exe
  2⤵
  PID:7316
- C:\Windows\System\beeDMer.exe
  C:\Windows\System\beeDMer.exe
  2⤵
  PID:7332
- C:\Windows\System\suMaray.exe
  C:\Windows\System\suMaray.exe
  2⤵
  PID:7348
- C:\Windows\System\lrxkNvh.exe
  C:\Windows\System\lrxkNvh.exe
  2⤵
  PID:7368
- C:\Windows\System\bpGaquW.exe
  C:\Windows\System\bpGaquW.exe
  2⤵
  PID:7388
- C:\Windows\System\kJbtAAl.exe
  C:\Windows\System\kJbtAAl.exe
  2⤵
  PID:7404
- C:\Windows\System\kxIImVP.exe
  C:\Windows\System\kxIImVP.exe
  2⤵
  PID:7460
- C:\Windows\System\nKdparh.exe
  C:\Windows\System\nKdparh.exe
  2⤵
  PID:7476
- C:\Windows\System\DOzQDQp.exe
  C:\Windows\System\DOzQDQp.exe
  2⤵
  PID:7496
- C:\Windows\System\OeOiQsJ.exe
  C:\Windows\System\OeOiQsJ.exe
  2⤵
  PID:7512
- C:\Windows\System\kPJaHBm.exe
  C:\Windows\System\kPJaHBm.exe
  2⤵
  PID:7528
- C:\Windows\System\lsGSsNL.exe
  C:\Windows\System\lsGSsNL.exe
  2⤵
  PID:7548
- C:\Windows\System\aJwwkEc.exe
  C:\Windows\System\aJwwkEc.exe
  2⤵
  PID:7564
- C:\Windows\System\LNpEpqS.exe
  C:\Windows\System\LNpEpqS.exe
  2⤵
  PID:7584
- C:\Windows\System\lRfpERn.exe
  C:\Windows\System\lRfpERn.exe
  2⤵
  PID:7604
- C:\Windows\System\qwfICkz.exe
  C:\Windows\System\qwfICkz.exe
  2⤵
  PID:7620
- C:\Windows\System\qIBbHxL.exe
  C:\Windows\System\qIBbHxL.exe
  2⤵
  PID:7636
- C:\Windows\System\qeguwuo.exe
  C:\Windows\System\qeguwuo.exe
  2⤵
  PID:7656
- C:\Windows\System\YNqlOUe.exe
  C:\Windows\System\YNqlOUe.exe
  2⤵
  PID:7676
- C:\Windows\System\GhOXfQn.exe
  C:\Windows\System\GhOXfQn.exe
  2⤵
  PID:7696
- C:\Windows\System\xfLXJBS.exe
  C:\Windows\System\xfLXJBS.exe
  2⤵
  PID:7716
- C:\Windows\System\IuJsAkj.exe
  C:\Windows\System\IuJsAkj.exe
  2⤵
  PID:7732
- C:\Windows\System\XVufZXU.exe
  C:\Windows\System\XVufZXU.exe
  2⤵
  PID:7752
- C:\Windows\System\vrRVVsB.exe
  C:\Windows\System\vrRVVsB.exe
  2⤵
  PID:7768
- C:\Windows\System\KIcnXtv.exe
  C:\Windows\System\KIcnXtv.exe
  2⤵
  PID:7788
- C:\Windows\System\WIaypga.exe
  C:\Windows\System\WIaypga.exe
  2⤵
  PID:7804
- C:\Windows\System\NumlAOa.exe
  C:\Windows\System\NumlAOa.exe
  2⤵
  PID:7820
- C:\Windows\System\ZILfxhV.exe
  C:\Windows\System\ZILfxhV.exe
  2⤵
  PID:7840
- C:\Windows\System\TasqRKT.exe
  C:\Windows\System\TasqRKT.exe
  2⤵
  PID:7856
- C:\Windows\System\MNdCbKP.exe
  C:\Windows\System\MNdCbKP.exe
  2⤵
  PID:7876
- C:\Windows\System\dYLfRif.exe
  C:\Windows\System\dYLfRif.exe
  2⤵
  PID:7896
- C:\Windows\System\fyXXvlo.exe
  C:\Windows\System\fyXXvlo.exe
  2⤵
  PID:7912
- C:\Windows\System\OEktJEe.exe
  C:\Windows\System\OEktJEe.exe
  2⤵
  PID:7936
- C:\Windows\System\eoXSwKr.exe
  C:\Windows\System\eoXSwKr.exe
  2⤵
  PID:7952
- C:\Windows\System\IinZlMd.exe
  C:\Windows\System\IinZlMd.exe
  2⤵
  PID:7972
- C:\Windows\System\mJnLFjg.exe
  C:\Windows\System\mJnLFjg.exe
  2⤵
  PID:7988
- C:\Windows\System\GtqmQXg.exe
  C:\Windows\System\GtqmQXg.exe
  2⤵
  PID:8012
- C:\Windows\System\XjBDBUl.exe
  C:\Windows\System\XjBDBUl.exe
  2⤵
  PID:8028
- C:\Windows\System\zklsadj.exe
  C:\Windows\System\zklsadj.exe
  2⤵
  PID:8044
- C:\Windows\System\CdycdFd.exe
  C:\Windows\System\CdycdFd.exe
  2⤵
  PID:8064
- C:\Windows\System\XuvqJXi.exe
  C:\Windows\System\XuvqJXi.exe
  2⤵
  PID:8084
- C:\Windows\System\SzdDVfS.exe
  C:\Windows\System\SzdDVfS.exe
  2⤵
  PID:8100
- C:\Windows\System\HRZktDI.exe
  C:\Windows\System\HRZktDI.exe
  2⤵
  PID:8116
- C:\Windows\System\kTxhRkr.exe
  C:\Windows\System\kTxhRkr.exe
  2⤵
  PID:8136
- C:\Windows\System\MrVHtni.exe
  C:\Windows\System\MrVHtni.exe
  2⤵
  PID:8156
- C:\Windows\System\dTietmm.exe
  C:\Windows\System\dTietmm.exe
  2⤵
  PID:8172
- C:\Windows\System\dpPgkFq.exe
  C:\Windows\System\dpPgkFq.exe
  2⤵
  PID:8188
- C:\Windows\System\JrgknEq.exe
  C:\Windows\System\JrgknEq.exe
  2⤵
  PID:1496
- C:\Windows\System\pYORqiy.exe
  C:\Windows\System\pYORqiy.exe
  2⤵
  PID:7228
- C:\Windows\System\vgrvoSL.exe
  C:\Windows\System\vgrvoSL.exe
  2⤵
  PID:7276
- C:\Windows\System\QdbvaAe.exe
  C:\Windows\System\QdbvaAe.exe
  2⤵
  PID:7340
- C:\Windows\System\wLGSWpd.exe
  C:\Windows\System\wLGSWpd.exe
  2⤵
  PID:7384
- C:\Windows\System\GpdQbFb.exe
  C:\Windows\System\GpdQbFb.exe
  2⤵
  PID:7428
- C:\Windows\System\jXxRgpu.exe
  C:\Windows\System\jXxRgpu.exe
  2⤵
  PID:6816
- C:\Windows\System\PmJKkHH.exe
  C:\Windows\System\PmJKkHH.exe
  2⤵
  PID:6420
- C:\Windows\System\gfcABao.exe
  C:\Windows\System\gfcABao.exe
  2⤵
  PID:2596
- C:\Windows\System\jlDaWqr.exe
  C:\Windows\System\jlDaWqr.exe
  2⤵
  PID:7600
- C:\Windows\System\yZqhdcE.exe
  C:\Windows\System\yZqhdcE.exe
  2⤵
  PID:7668
- C:\Windows\System\OTwNOwP.exe
  C:\Windows\System\OTwNOwP.exe
  2⤵
  PID:7740
- C:\Windows\System\dbuuxhh.exe
  C:\Windows\System\dbuuxhh.exe
  2⤵
  PID:7776
- C:\Windows\System\ToZgHDs.exe
  C:\Windows\System\ToZgHDs.exe
  2⤵
  PID:7816
- C:\Windows\System\ntWGaOG.exe
  C:\Windows\System\ntWGaOG.exe
  2⤵
  PID:7884
- C:\Windows\System\BUZnUAu.exe
  C:\Windows\System\BUZnUAu.exe
  2⤵
  PID:7960
- C:\Windows\System\jgKsftO.exe
  C:\Windows\System\jgKsftO.exe
  2⤵
  PID:7996
- C:\Windows\System\sJzRAzm.exe
  C:\Windows\System\sJzRAzm.exe
  2⤵
  PID:8040
- C:\Windows\System\ZGpyYQp.exe
  C:\Windows\System\ZGpyYQp.exe
  2⤵
  PID:8108
- C:\Windows\System\TlbQSUl.exe
  C:\Windows\System\TlbQSUl.exe
  2⤵
  PID:8148
- C:\Windows\System\KfIStxr.exe
  C:\Windows\System\KfIStxr.exe
  2⤵
  PID:2812
- C:\Windows\System\rakIDbx.exe
  C:\Windows\System\rakIDbx.exe
  2⤵
  PID:7424
- C:\Windows\System\GHFsUKA.exe
  C:\Windows\System\GHFsUKA.exe
  2⤵
  PID:6316
- C:\Windows\System\ifiODkB.exe
  C:\Windows\System\ifiODkB.exe
  2⤵
  PID:7180
- C:\Windows\System\bNCJJhi.exe
  C:\Windows\System\bNCJJhi.exe
  2⤵
  PID:7796
- C:\Windows\System\pEiGriS.exe
  C:\Windows\System\pEiGriS.exe
  2⤵
  PID:7356
- C:\Windows\System\fYCmlFZ.exe
  C:\Windows\System\fYCmlFZ.exe
  2⤵
  PID:7400
- C:\Windows\System\xNAYChu.exe
  C:\Windows\System\xNAYChu.exe
  2⤵
  PID:7592
- C:\Windows\System\MkPbwZj.exe
  C:\Windows\System\MkPbwZj.exe
  2⤵
  PID:7828
- C:\Windows\System\kdqEtyf.exe
  C:\Windows\System\kdqEtyf.exe
  2⤵
  PID:7540
- C:\Windows\System\lqXBIlq.exe
  C:\Windows\System\lqXBIlq.exe
  2⤵
  PID:7580
- C:\Windows\System\MxvjLke.exe
  C:\Windows\System\MxvjLke.exe
  2⤵
  PID:7648
- C:\Windows\System\xcAqmsZ.exe
  C:\Windows\System\xcAqmsZ.exe
  2⤵
  PID:7692
- C:\Windows\System\eDXrotP.exe
  C:\Windows\System\eDXrotP.exe
  2⤵
  PID:7904
- C:\Windows\System\yDqWubW.exe
  C:\Windows\System\yDqWubW.exe
  2⤵
  PID:7172
- C:\Windows\System\VpxRkWO.exe
  C:\Windows\System\VpxRkWO.exe
  2⤵
  PID:8060
- C:\Windows\System\dQIUGIp.exe
  C:\Windows\System\dQIUGIp.exe
  2⤵
  PID:8168
- C:\Windows\System\yNcDNqN.exe
  C:\Windows\System\yNcDNqN.exe
  2⤵
  PID:7248
- C:\Windows\System\tYmvItm.exe
  C:\Windows\System\tYmvItm.exe
  2⤵
  PID:7712
- C:\Windows\System\QKwtxpG.exe
  C:\Windows\System\QKwtxpG.exe
  2⤵
  PID:7892
- C:\Windows\System\eDCQHmq.exe
  C:\Windows\System\eDCQHmq.exe
  2⤵
  PID:8004
- C:\Windows\System\OqupghT.exe
  C:\Windows\System\OqupghT.exe
  2⤵
  PID:8152
- C:\Windows\System\xImztdu.exe
  C:\Windows\System\xImztdu.exe
  2⤵
  PID:7644
- C:\Windows\System\roUwQBl.exe
  C:\Windows\System\roUwQBl.exe
  2⤵
  PID:7328
- C:\Windows\System\ASOOGhL.exe
  C:\Windows\System\ASOOGhL.exe
  2⤵
  PID:7492
- C:\Windows\System\QdDpRpH.exe
  C:\Windows\System\QdDpRpH.exe
  2⤵
  PID:7572
- C:\Windows\System\OLEIGdr.exe
  C:\Windows\System\OLEIGdr.exe
  2⤵
  PID:7632
- C:\Windows\System\eDFJjqm.exe
  C:\Windows\System\eDFJjqm.exe
  2⤵
  PID:7216
- C:\Windows\System\vyHhwEi.exe
  C:\Windows\System\vyHhwEi.exe
  2⤵
  PID:8080
- C:\Windows\System\ZzXawCf.exe
  C:\Windows\System\ZzXawCf.exe
  2⤵
  PID:7560
- C:\Windows\System\pQpRuVO.exe
  C:\Windows\System\pQpRuVO.exe
  2⤵
  PID:7868
- C:\Windows\System\lyYVLsX.exe
  C:\Windows\System\lyYVLsX.exe
  2⤵
  PID:7760
- C:\Windows\System\ZUKtQKz.exe
  C:\Windows\System\ZUKtQKz.exe
  2⤵
  PID:8052
- C:\Windows\System\wsBukOc.exe
  C:\Windows\System\wsBukOc.exe
  2⤵
  PID:5532
- C:\Windows\System\ASwxmWW.exe
  C:\Windows\System\ASwxmWW.exe
  2⤵
  PID:7948
- C:\Windows\System\pDdNbrE.exe
  C:\Windows\System\pDdNbrE.exe
  2⤵
  PID:7984
- C:\Windows\System\wwLGkZM.exe
  C:\Windows\System\wwLGkZM.exe
  2⤵
  PID:7704
- C:\Windows\System\nEXhWaE.exe
  C:\Windows\System\nEXhWaE.exe
  2⤵
  PID:7812
- C:\Windows\System\xqdJuOT.exe
  C:\Windows\System\xqdJuOT.exe
  2⤵
  PID:7176
- C:\Windows\System\oDvmVmE.exe
  C:\Windows\System\oDvmVmE.exe
  2⤵
  PID:7764
- C:\Windows\System\llUgBYm.exe
  C:\Windows\System\llUgBYm.exe
  2⤵
  PID:7092
- C:\Windows\System\KaTLjch.exe
  C:\Windows\System\KaTLjch.exe
  2⤵
  PID:7524
- C:\Windows\System\IkccqPe.exe
  C:\Windows\System\IkccqPe.exe
  2⤵
  PID:8184
- C:\Windows\System\pNiLVxS.exe
  C:\Windows\System\pNiLVxS.exe
  2⤵
  PID:7452
- C:\Windows\System\vqFKwEY.exe
  C:\Windows\System\vqFKwEY.exe
  2⤵
  PID:7308
- C:\Windows\System\xdbxfNE.exe
  C:\Windows\System\xdbxfNE.exe
  2⤵
  PID:8024
- C:\Windows\System\rgvCDwZ.exe
  C:\Windows\System\rgvCDwZ.exe
  2⤵
  PID:7380
- C:\Windows\System\cGWREkg.exe
  C:\Windows\System\cGWREkg.exe
  2⤵
  PID:7436
- C:\Windows\System\wmcIzyE.exe
  C:\Windows\System\wmcIzyE.exe
  2⤵
  PID:7612
- C:\Windows\System\mRAFiML.exe
  C:\Windows\System\mRAFiML.exe
  2⤵
  PID:7324
- C:\Windows\System\nmQDcxI.exe
  C:\Windows\System\nmQDcxI.exe
  2⤵
  PID:7520
- C:\Windows\System\XJtrAsg.exe
  C:\Windows\System\XJtrAsg.exe
  2⤵
  PID:8000
- C:\Windows\System\EwpoKFb.exe
  C:\Windows\System\EwpoKFb.exe
  2⤵
  PID:7364
- C:\Windows\System\ciRoGik.exe
  C:\Windows\System\ciRoGik.exe
  2⤵
  PID:8200
- C:\Windows\System\LFeNITl.exe
  C:\Windows\System\LFeNITl.exe
  2⤵
  PID:8216
- C:\Windows\System\MxFzbLJ.exe
  C:\Windows\System\MxFzbLJ.exe
  2⤵
  PID:8236
- C:\Windows\System\bPiDapb.exe
  C:\Windows\System\bPiDapb.exe
  2⤵
  PID:8256
- C:\Windows\System\gRjyVxA.exe
  C:\Windows\System\gRjyVxA.exe
  2⤵
  PID:8276
- C:\Windows\System\qHtAXGf.exe
  C:\Windows\System\qHtAXGf.exe
  2⤵
  PID:8292
- C:\Windows\System\XTbhjBh.exe
  C:\Windows\System\XTbhjBh.exe
  2⤵
  PID:8312
- C:\Windows\System\bjGuuUb.exe
  C:\Windows\System\bjGuuUb.exe
  2⤵
  PID:8328
- C:\Windows\System\aSPNwIB.exe
  C:\Windows\System\aSPNwIB.exe
  2⤵
  PID:8348
- C:\Windows\System\QFGcDXo.exe
  C:\Windows\System\QFGcDXo.exe
  2⤵
  PID:8364
- C:\Windows\System\HpIhASh.exe
  C:\Windows\System\HpIhASh.exe
  2⤵
  PID:8380
- C:\Windows\System\qKPxKif.exe
  C:\Windows\System\qKPxKif.exe
  2⤵
  PID:8396
- C:\Windows\System\TWUBrxD.exe
  C:\Windows\System\TWUBrxD.exe
  2⤵
  PID:8416
- C:\Windows\System\vQmhhXM.exe
  C:\Windows\System\vQmhhXM.exe
  2⤵
  PID:8436
- C:\Windows\System\zwYVABY.exe
  C:\Windows\System\zwYVABY.exe
  2⤵
  PID:8452
- C:\Windows\System\wGFFXqf.exe
  C:\Windows\System\wGFFXqf.exe
  2⤵
  PID:8468
- C:\Windows\System\tbRWPug.exe
  C:\Windows\System\tbRWPug.exe
  2⤵
  PID:8488
- C:\Windows\System\gEfZsyd.exe
  C:\Windows\System\gEfZsyd.exe
  2⤵
  PID:8508
- C:\Windows\System\eCFqjwN.exe
  C:\Windows\System\eCFqjwN.exe
  2⤵
  PID:8524
- C:\Windows\System\FVgpYIx.exe
  C:\Windows\System\FVgpYIx.exe
  2⤵
  PID:8540
- C:\Windows\System\yHjwUbu.exe
  C:\Windows\System\yHjwUbu.exe
  2⤵
  PID:8560
- C:\Windows\System\eXBHPvL.exe
  C:\Windows\System\eXBHPvL.exe
  2⤵
  PID:8576
- C:\Windows\System\ZVuTHQv.exe
  C:\Windows\System\ZVuTHQv.exe
  2⤵
  PID:8672
- C:\Windows\System\YKEzJAX.exe
  C:\Windows\System\YKEzJAX.exe
  2⤵
  PID:8692
- C:\Windows\System\hyJtheZ.exe
  C:\Windows\System\hyJtheZ.exe
  2⤵
  PID:8708
- C:\Windows\System\ybBpjkr.exe
  C:\Windows\System\ybBpjkr.exe
  2⤵
  PID:8724
- C:\Windows\System\HXalxpd.exe
  C:\Windows\System\HXalxpd.exe
  2⤵
  PID:8740
- C:\Windows\System\nKyqtqN.exe
  C:\Windows\System\nKyqtqN.exe
  2⤵
  PID:8760
- C:\Windows\System\pjYGvgy.exe
  C:\Windows\System\pjYGvgy.exe
  2⤵
  PID:8792
- C:\Windows\System\IBHHksD.exe
  C:\Windows\System\IBHHksD.exe
  2⤵
  PID:8808
- C:\Windows\System\sgSZVAp.exe
  C:\Windows\System\sgSZVAp.exe
  2⤵
  PID:8824
- C:\Windows\System\RSERLfP.exe
  C:\Windows\System\RSERLfP.exe
  2⤵
  PID:8840
- C:\Windows\System\gHUMXiZ.exe
  C:\Windows\System\gHUMXiZ.exe
  2⤵
  PID:8860
- C:\Windows\System\UNSpzFx.exe
  C:\Windows\System\UNSpzFx.exe
  2⤵
  PID:8880
- C:\Windows\System\uWTHLDw.exe
  C:\Windows\System\uWTHLDw.exe
  2⤵
  PID:8900
- C:\Windows\System\KMwqHxI.exe
  C:\Windows\System\KMwqHxI.exe
  2⤵
  PID:8916
- C:\Windows\System\dhgjVri.exe
  C:\Windows\System\dhgjVri.exe
  2⤵
  PID:8932
- C:\Windows\System\epzXZuy.exe
  C:\Windows\System\epzXZuy.exe
  2⤵
  PID:8956
- C:\Windows\System\FxbQhcC.exe
  C:\Windows\System\FxbQhcC.exe
  2⤵
  PID:9004
- C:\Windows\System\PltPFjH.exe
  C:\Windows\System\PltPFjH.exe
  2⤵
  PID:9020
- C:\Windows\System\TiBQgCl.exe
  C:\Windows\System\TiBQgCl.exe
  2⤵
  PID:9036
- C:\Windows\System\QKEHCvE.exe
  C:\Windows\System\QKEHCvE.exe
  2⤵
  PID:9052
- C:\Windows\System\szRUpBs.exe
  C:\Windows\System\szRUpBs.exe
  2⤵
  PID:9068
- C:\Windows\System\ywVwzYA.exe
  C:\Windows\System\ywVwzYA.exe
  2⤵
  PID:9088
- C:\Windows\System\noqkDaE.exe
  C:\Windows\System\noqkDaE.exe
  2⤵
  PID:9104
- C:\Windows\System\EOrczdp.exe
  C:\Windows\System\EOrczdp.exe
  2⤵
  PID:9120
- C:\Windows\System\VbkyJDa.exe
  C:\Windows\System\VbkyJDa.exe
  2⤵
  PID:9136
- C:\Windows\System\LDbDZFD.exe
  C:\Windows\System\LDbDZFD.exe
  2⤵
  PID:9152
- C:\Windows\System\JryVxTn.exe
  C:\Windows\System\JryVxTn.exe
  2⤵
  PID:9168
- C:\Windows\System\gHIOwIZ.exe
  C:\Windows\System\gHIOwIZ.exe
  2⤵
  PID:9184
- C:\Windows\System\CqTXoaH.exe
  C:\Windows\System\CqTXoaH.exe
  2⤵
  PID:9204
- C:\Windows\System\WvfYuBv.exe
  C:\Windows\System\WvfYuBv.exe
  2⤵
  PID:8232
- C:\Windows\System\YXWmsaD.exe
  C:\Windows\System\YXWmsaD.exe
  2⤵
  PID:8308
- C:\Windows\System\CKeeQRE.exe
  C:\Windows\System\CKeeQRE.exe
  2⤵
  PID:8340
- C:\Windows\System\AtlTcTw.exe
  C:\Windows\System\AtlTcTw.exe
  2⤵
  PID:8408
- C:\Windows\System\THfaMQu.exe
  C:\Windows\System\THfaMQu.exe
  2⤵
  PID:8476
- C:\Windows\System\YJjdYhl.exe
  C:\Windows\System\YJjdYhl.exe
  2⤵
  PID:8520
- C:\Windows\System\nnpxZtO.exe
  C:\Windows\System\nnpxZtO.exe
  2⤵
  PID:8584
- C:\Windows\System\klLWsYJ.exe
  C:\Windows\System\klLWsYJ.exe
  2⤵
  PID:7448
- C:\Windows\System\vFOSwVs.exe
  C:\Windows\System\vFOSwVs.exe
  2⤵
  PID:8500
- C:\Windows\System\vTMtsMv.exe
  C:\Windows\System\vTMtsMv.exe
  2⤵
  PID:7744
- C:\Windows\System\hCvKMLn.exe
  C:\Windows\System\hCvKMLn.exe
  2⤵
  PID:7596
- C:\Windows\System\ShtFAuu.exe
  C:\Windows\System\ShtFAuu.exe
  2⤵
  PID:8208
- C:\Windows\System\eMIPiJa.exe
  C:\Windows\System\eMIPiJa.exe
  2⤵
  PID:8284
- C:\Windows\System\PcPLTpq.exe
  C:\Windows\System\PcPLTpq.exe
  2⤵
  PID:8360
- C:\Windows\System\gMXvlBD.exe
  C:\Windows\System\gMXvlBD.exe
  2⤵
  PID:8432
- C:\Windows\System\fBrpwyM.exe
  C:\Windows\System\fBrpwyM.exe
  2⤵
  PID:8640
- C:\Windows\System\QfLeovC.exe
  C:\Windows\System\QfLeovC.exe
  2⤵
  PID:8700
- C:\Windows\System\yZbsWHP.exe
  C:\Windows\System\yZbsWHP.exe
  2⤵
  PID:8720
- C:\Windows\System\cZzMhwD.exe
  C:\Windows\System\cZzMhwD.exe
  2⤵
  PID:8732
- C:\Windows\System\wGlooUC.exe
  C:\Windows\System\wGlooUC.exe
  2⤵
  PID:8772
- C:\Windows\System\wJCIcvA.exe
  C:\Windows\System\wJCIcvA.exe
  2⤵
  PID:8800
- C:\Windows\System\vXPdlvW.exe
  C:\Windows\System\vXPdlvW.exe
  2⤵
  PID:8836
- C:\Windows\System\wHEpxde.exe
  C:\Windows\System\wHEpxde.exe
  2⤵
  PID:8832
- C:\Windows\System\kUnaNJE.exe
  C:\Windows\System\kUnaNJE.exe
  2⤵
  PID:8924
- C:\Windows\System\NKWZQEF.exe
  C:\Windows\System\NKWZQEF.exe
  2⤵
  PID:8896
- C:\Windows\System\UXmNNex.exe
  C:\Windows\System\UXmNNex.exe
  2⤵
  PID:9028
- C:\Windows\System\SubGrdS.exe
  C:\Windows\System\SubGrdS.exe
  2⤵
  PID:9100
- C:\Windows\System\bGZJulV.exe
  C:\Windows\System\bGZJulV.exe
  2⤵
  PID:9080
- C:\Windows\System\yxtMgws.exe
  C:\Windows\System\yxtMgws.exe
  2⤵
  PID:9112
- C:\Windows\System\FVQGQUU.exe
  C:\Windows\System\FVQGQUU.exe
  2⤵
  PID:9148
- C:\Windows\System\GCSzeCk.exe
  C:\Windows\System\GCSzeCk.exe
  2⤵
  PID:9212
- C:\Windows\System\sMQDbwt.exe
  C:\Windows\System\sMQDbwt.exe
  2⤵
  PID:8336
- C:\Windows\System\khsLBEd.exe
  C:\Windows\System\khsLBEd.exe
  2⤵
  PID:8268
- C:\Windows\System\BcZuDQM.exe
  C:\Windows\System\BcZuDQM.exe
  2⤵
  PID:8404
- C:\Windows\System\hMOifix.exe
  C:\Windows\System\hMOifix.exe
  2⤵
  PID:7360
- C:\Windows\System\yxAgLPp.exe
  C:\Windows\System\yxAgLPp.exe
  2⤵
  PID:8356
- C:\Windows\System\wWdDmgl.exe
  C:\Windows\System\wWdDmgl.exe
  2⤵
  PID:8324
- C:\Windows\System\LQPYuug.exe
  C:\Windows\System\LQPYuug.exe
  2⤵
  PID:8252
- C:\Windows\System\uwxXuyU.exe
  C:\Windows\System\uwxXuyU.exe
  2⤵
  PID:8636
- C:\Windows\System\yzszgfs.exe
  C:\Windows\System\yzszgfs.exe
  2⤵
  PID:8592
- C:\Windows\System\vdgNxWS.exe
  C:\Windows\System\vdgNxWS.exe
  2⤵
  PID:8536
- C:\Windows\System\UapUUZg.exe
  C:\Windows\System\UapUUZg.exe
  2⤵
  PID:8612
- C:\Windows\System\WbglBJp.exe
  C:\Windows\System\WbglBJp.exe
  2⤵
  PID:8684
- C:\Windows\System\adzNieD.exe
  C:\Windows\System\adzNieD.exe
  2⤵
  PID:8664
- C:\Windows\System\MeHqXBv.exe
  C:\Windows\System\MeHqXBv.exe
  2⤵
  PID:8784
- C:\Windows\System\hdJUeeE.exe
  C:\Windows\System\hdJUeeE.exe
  2⤵
  PID:8872
- C:\Windows\System\gNlBYWB.exe
  C:\Windows\System\gNlBYWB.exe
  2⤵
  PID:8804
- C:\Windows\System\xxsQBSS.exe
  C:\Windows\System\xxsQBSS.exe
  2⤵
  PID:8952
- C:\Windows\System\irGXhCW.exe
  C:\Windows\System\irGXhCW.exe
  2⤵
  PID:8984
- C:\Windows\System\HsnpHNe.exe
  C:\Windows\System\HsnpHNe.exe
  2⤵
  PID:9096
- C:\Windows\System\ZYFsZFK.exe
  C:\Windows\System\ZYFsZFK.exe
  2⤵
  PID:9076
- C:\Windows\System\fEpkQYc.exe
  C:\Windows\System\fEpkQYc.exe
  2⤵
  PID:9164
- C:\Windows\System\cNdIbFv.exe
  C:\Windows\System\cNdIbFv.exe
  2⤵
  PID:9192
- C:\Windows\System\oJnUxQF.exe
  C:\Windows\System\oJnUxQF.exe
  2⤵
  PID:8228
- C:\Windows\System\omVQxWx.exe
  C:\Windows\System\omVQxWx.exe
  2⤵
  PID:8516
- C:\Windows\System\LXBWFKl.exe
  C:\Windows\System\LXBWFKl.exe
  2⤵
  PID:7576
- C:\Windows\System\GIvdXDn.exe
  C:\Windows\System\GIvdXDn.exe
  2⤵
  PID:8552
- C:\Windows\System\CvoiBeM.exe
  C:\Windows\System\CvoiBeM.exe
  2⤵
  PID:8660
- C:\Windows\System\PBunNvC.exe
  C:\Windows\System\PBunNvC.exe
  2⤵
  PID:8600
- C:\Windows\System\UqvRjqR.exe
  C:\Windows\System\UqvRjqR.exe
  2⤵
  PID:8816
- C:\Windows\System\zTYMNAN.exe
  C:\Windows\System\zTYMNAN.exe
  2⤵
  PID:8648
- C:\Windows\System\FGMeoqc.exe
  C:\Windows\System\FGMeoqc.exe
  2⤵
  PID:9116
- C:\Windows\System\wKzmGvC.exe
  C:\Windows\System\wKzmGvC.exe
  2⤵
  PID:7488
- C:\Windows\System\cEgwJyS.exe
  C:\Windows\System\cEgwJyS.exe
  2⤵
  PID:8616
- C:\Windows\System\tmdSbdm.exe
  C:\Windows\System\tmdSbdm.exe
  2⤵
  PID:8908
- C:\Windows\System\vizEcnV.exe
  C:\Windows\System\vizEcnV.exe
  2⤵
  PID:8972
- C:\Windows\System\bPXOWSP.exe
  C:\Windows\System\bPXOWSP.exe
  2⤵
  PID:8736
- C:\Windows\System\GxbgmmP.exe
  C:\Windows\System\GxbgmmP.exe
  2⤵
  PID:8888
- C:\Windows\System\vCDWOMk.exe
  C:\Windows\System\vCDWOMk.exe
  2⤵
  PID:9016
- C:\Windows\System\VWaqCQb.exe
  C:\Windows\System\VWaqCQb.exe
  2⤵
  PID:8376
- C:\Windows\System\gbEOGra.exe
  C:\Windows\System\gbEOGra.exe
  2⤵
  PID:8912
- C:\Windows\System\VmWpyBu.exe
  C:\Windows\System\VmWpyBu.exe
  2⤵
  PID:8504
- C:\Windows\System\ETbuKDa.exe
  C:\Windows\System\ETbuKDa.exe
  2⤵
  PID:8856
- C:\Windows\System\sneVgUS.exe
  C:\Windows\System\sneVgUS.exe
  2⤵
  PID:9144
- C:\Windows\System\GVKWBrY.exe
  C:\Windows\System\GVKWBrY.exe
  2⤵
  PID:8532
- C:\Windows\System\XJMAOrD.exe
  C:\Windows\System\XJMAOrD.exe
  2⤵
  PID:8464
- C:\Windows\System\EWFtBFs.exe
  C:\Windows\System\EWFtBFs.exe
  2⤵
  PID:7688
- C:\Windows\System\NWEUcuP.exe
  C:\Windows\System\NWEUcuP.exe
  2⤵
  PID:8768
- C:\Windows\System\bxfJaEH.exe
  C:\Windows\System\bxfJaEH.exe
  2⤵
  PID:8628
- C:\Windows\System\HALDLBa.exe
  C:\Windows\System\HALDLBa.exe
  2⤵
  PID:9224
- C:\Windows\System\cwbFzkn.exe
  C:\Windows\System\cwbFzkn.exe
  2⤵
  PID:9240
- C:\Windows\System\QzwJJKi.exe
  C:\Windows\System\QzwJJKi.exe
  2⤵
  PID:9256
- C:\Windows\System\YIxZXgc.exe
  C:\Windows\System\YIxZXgc.exe
  2⤵
  PID:9272
- C:\Windows\System\jNSZdtE.exe
  C:\Windows\System\jNSZdtE.exe
  2⤵
  PID:9288
- C:\Windows\System\xNxAUSI.exe
  C:\Windows\System\xNxAUSI.exe
  2⤵
  PID:9308
- C:\Windows\System\PwjrqhF.exe
  C:\Windows\System\PwjrqhF.exe
  2⤵
  PID:9332
- C:\Windows\System\YSkaFAX.exe
  C:\Windows\System\YSkaFAX.exe
  2⤵
  PID:9352
- C:\Windows\System\ZxvCIrC.exe
  C:\Windows\System\ZxvCIrC.exe
  2⤵
  PID:9376
- C:\Windows\System\SOwaaZM.exe
  C:\Windows\System\SOwaaZM.exe
  2⤵
  PID:9392
- C:\Windows\System\VzFYWAi.exe
  C:\Windows\System\VzFYWAi.exe
  2⤵
  PID:9408
- C:\Windows\System\wgXgZml.exe
  C:\Windows\System\wgXgZml.exe
  2⤵
  PID:9428
- C:\Windows\System\xoCOQiH.exe
  C:\Windows\System\xoCOQiH.exe
  2⤵
  PID:9444
- C:\Windows\System\MTnmHWQ.exe
  C:\Windows\System\MTnmHWQ.exe
  2⤵
  PID:9464
- C:\Windows\System\mgSwRAm.exe
  C:\Windows\System\mgSwRAm.exe
  2⤵
  PID:9484
- C:\Windows\System\UjPRbDK.exe
  C:\Windows\System\UjPRbDK.exe
  2⤵
  PID:9500
- C:\Windows\System\ntoSGIT.exe
  C:\Windows\System\ntoSGIT.exe
  2⤵
  PID:9520
- C:\Windows\System\rGUPXPa.exe
  C:\Windows\System\rGUPXPa.exe
  2⤵
  PID:9540
- C:\Windows\System\sWQsESm.exe
  C:\Windows\System\sWQsESm.exe
  2⤵
  PID:9556
- C:\Windows\System\XebuIgS.exe
  C:\Windows\System\XebuIgS.exe
  2⤵
  PID:9576
- C:\Windows\System\gFjdBkN.exe
  C:\Windows\System\gFjdBkN.exe
  2⤵
  PID:9592
- C:\Windows\System\sswmGYq.exe
  C:\Windows\System\sswmGYq.exe
  2⤵
  PID:9612
- C:\Windows\System\wHpsQcV.exe
  C:\Windows\System\wHpsQcV.exe
  2⤵
  PID:9632
- C:\Windows\System\McXAMMB.exe
  C:\Windows\System\McXAMMB.exe
  2⤵
  PID:9648
- C:\Windows\System\NBnFGWq.exe
  C:\Windows\System\NBnFGWq.exe
  2⤵
  PID:9672
- C:\Windows\System\SIZJNIp.exe
  C:\Windows\System\SIZJNIp.exe
  2⤵
  PID:9688
- C:\Windows\System\UvXFwPh.exe
  C:\Windows\System\UvXFwPh.exe
  2⤵
  PID:9712
- C:\Windows\System\PZYQKIQ.exe
  C:\Windows\System\PZYQKIQ.exe
  2⤵
  PID:9728
- C:\Windows\System\fPsXrGu.exe
  C:\Windows\System\fPsXrGu.exe
  2⤵
  PID:9744
- C:\Windows\System\kJgudvP.exe
  C:\Windows\System\kJgudvP.exe
  2⤵
  PID:9764
- C:\Windows\System\dHPtNsh.exe
  C:\Windows\System\dHPtNsh.exe
  2⤵
  PID:9780
- C:\Windows\System\NHxwvnD.exe
  C:\Windows\System\NHxwvnD.exe
  2⤵
  PID:9796
- C:\Windows\System\JejZGBD.exe
  C:\Windows\System\JejZGBD.exe
  2⤵
  PID:9812
- C:\Windows\System\VSMJEhm.exe
  C:\Windows\System\VSMJEhm.exe
  2⤵
  PID:9828
- C:\Windows\System\FBCeEUs.exe
  C:\Windows\System\FBCeEUs.exe
  2⤵
  PID:9844
- C:\Windows\System\fSvRiXA.exe
  C:\Windows\System\fSvRiXA.exe
  2⤵
  PID:9860
- C:\Windows\System\EIiVnTX.exe
  C:\Windows\System\EIiVnTX.exe
  2⤵
  PID:9960
- C:\Windows\System\SIqcRxL.exe
  C:\Windows\System\SIqcRxL.exe
  2⤵
  PID:9980
- C:\Windows\System\nwUMawK.exe
  C:\Windows\System\nwUMawK.exe
  2⤵
  PID:9996
- C:\Windows\System\khTcvkz.exe
  C:\Windows\System\khTcvkz.exe
  2⤵
  PID:10012
- C:\Windows\System\KdGAvCR.exe
  C:\Windows\System\KdGAvCR.exe
  2⤵
  PID:10028
- C:\Windows\System\xXVDslL.exe
  C:\Windows\System\xXVDslL.exe
  2⤵
  PID:10044
- C:\Windows\System\WUoTpWf.exe
  C:\Windows\System\WUoTpWf.exe
  2⤵
  PID:10060
- C:\Windows\System\oVgIjrQ.exe
  C:\Windows\System\oVgIjrQ.exe
  2⤵
  PID:10076
- C:\Windows\System\memttuL.exe
  C:\Windows\System\memttuL.exe
  2⤵
  PID:10092
- C:\Windows\System\vNCgoEH.exe
  C:\Windows\System\vNCgoEH.exe
  2⤵
  PID:10112
- C:\Windows\System\QQKUUPC.exe
  C:\Windows\System\QQKUUPC.exe
  2⤵
  PID:10128
- C:\Windows\System\BoZZeCy.exe
  C:\Windows\System\BoZZeCy.exe
  2⤵
  PID:10148
- C:\Windows\System\rkvbaON.exe
  C:\Windows\System\rkvbaON.exe
  2⤵
  PID:10164
- C:\Windows\System\apmkxnq.exe
  C:\Windows\System\apmkxnq.exe
  2⤵
  PID:10180
- C:\Windows\System\HDFiCpT.exe
  C:\Windows\System\HDFiCpT.exe
  2⤵
  PID:10196
- C:\Windows\System\ChYzNxo.exe
  C:\Windows\System\ChYzNxo.exe
  2⤵
  PID:10212
- C:\Windows\System\KVifWYk.exe
  C:\Windows\System\KVifWYk.exe
  2⤵
  PID:10232
- C:\Windows\System\kkANjMt.exe
  C:\Windows\System\kkANjMt.exe
  2⤵
  PID:9320
- C:\Windows\System\EcqxtJb.exe
  C:\Windows\System\EcqxtJb.exe
  2⤵
  PID:9368
- C:\Windows\System\xCVnFZX.exe
  C:\Windows\System\xCVnFZX.exe
  2⤵
  PID:9440
- C:\Windows\System\TNjlTmK.exe
  C:\Windows\System\TNjlTmK.exe
  2⤵
  PID:9508
- C:\Windows\System\tKUnFGi.exe
  C:\Windows\System\tKUnFGi.exe
  2⤵
  PID:9584
- C:\Windows\System\eGtXLgt.exe
  C:\Windows\System\eGtXLgt.exe
  2⤵
  PID:9696
- C:\Windows\System\OVAHLJj.exe
  C:\Windows\System\OVAHLJj.exe
  2⤵
  PID:9740
- C:\Windows\System\ERjBriM.exe
  C:\Windows\System\ERjBriM.exe
  2⤵
  PID:9840
- C:\Windows\System\Spfzike.exe
  C:\Windows\System\Spfzike.exe
  2⤵
  PID:9808
- C:\Windows\System\ysJdeRg.exe
  C:\Windows\System\ysJdeRg.exe
  2⤵
  PID:9892
- C:\Windows\System\yAHmpfw.exe
  C:\Windows\System\yAHmpfw.exe
  2⤵
  PID:9900
- C:\Windows\System\bUArNIT.exe
  C:\Windows\System\bUArNIT.exe
  2⤵
  PID:9496
- C:\Windows\System\CsaqKaS.exe
  C:\Windows\System\CsaqKaS.exe
  2⤵
  PID:9920
- C:\Windows\System\XmDSHcB.exe
  C:\Windows\System\XmDSHcB.exe
  2⤵
  PID:9932
- C:\Windows\System\HqrUueu.exe
  C:\Windows\System\HqrUueu.exe
  2⤵
  PID:9948
- C:\Windows\System\hkPXHVN.exe
  C:\Windows\System\hkPXHVN.exe
  2⤵
  PID:9516
- C:\Windows\System\HXpkHBA.exe
  C:\Windows\System\HXpkHBA.exe
  2⤵
  PID:9268
- C:\Windows\System\WpOCnMx.exe
  C:\Windows\System\WpOCnMx.exe
  2⤵
  PID:9344
- C:\Windows\System\kzRlQzw.exe
  C:\Windows\System\kzRlQzw.exe
  2⤵
  PID:9420
- C:\Windows\System\LAFtCup.exe
  C:\Windows\System\LAFtCup.exe
  2⤵
  PID:9492
- C:\Windows\System\mZGsRgx.exe
  C:\Windows\System\mZGsRgx.exe
  2⤵
  PID:9572
- C:\Windows\System\IhxqVqH.exe
  C:\Windows\System\IhxqVqH.exe
  2⤵
  PID:9644
- C:\Windows\System\NdPkkdi.exe
  C:\Windows\System\NdPkkdi.exe
  2⤵
  PID:9724
- C:\Windows\System\qGvFfhQ.exe
  C:\Windows\System\qGvFfhQ.exe
  2⤵
  PID:9792
- C:\Windows\System\KSaApUA.exe
  C:\Windows\System\KSaApUA.exe
  2⤵
  PID:9968
- C:\Windows\System\DjkXrHR.exe
  C:\Windows\System\DjkXrHR.exe
  2⤵
  PID:9992
- C:\Windows\System\DJpmLkh.exe
  C:\Windows\System\DJpmLkh.exe
  2⤵
  PID:10056
- C:\Windows\System\CQKZwUS.exe
  C:\Windows\System\CQKZwUS.exe
  2⤵
  PID:10036
- C:\Windows\System\oCnwBoV.exe
  C:\Windows\System\oCnwBoV.exe
  2⤵
  PID:10192
- C:\Windows\System\MOxVzzk.exe
  C:\Windows\System\MOxVzzk.exe
  2⤵
  PID:10228
- C:\Windows\System\MIMMtsQ.exe
  C:\Windows\System\MIMMtsQ.exe
  2⤵
  PID:9364
- C:\Windows\System\qtkwCbv.exe
  C:\Windows\System\qtkwCbv.exe
  2⤵
  PID:10068
- C:\Windows\System\lJcxQML.exe
  C:\Windows\System\lJcxQML.exe
  2⤵
  PID:9248
- C:\Windows\System\fPSljAA.exe
  C:\Windows\System\fPSljAA.exe
  2⤵
  PID:10172
- C:\Windows\System\tWDsJFZ.exe
  C:\Windows\System\tWDsJFZ.exe
  2⤵
  PID:9656
- C:\Windows\System\tyRFDJs.exe
  C:\Windows\System\tyRFDJs.exe
  2⤵
  PID:9220
- C:\Windows\System\onhziAl.exe
  C:\Windows\System\onhziAl.exe
  2⤵
  PID:9252
- C:\Windows\System\sHvlahS.exe
  C:\Windows\System\sHvlahS.exe
  2⤵
  PID:8620
- C:\Windows\System\iHgkgeq.exe
  C:\Windows\System\iHgkgeq.exe
  2⤵
  PID:9548
- C:\Windows\System\yZAiWsW.exe
  C:\Windows\System\yZAiWsW.exe
  2⤵
  PID:9660
- C:\Windows\System\tmzBdpb.exe
  C:\Windows\System\tmzBdpb.exe
  2⤵
  PID:9804
- C:\Windows\System\bMnrxEg.exe
  C:\Windows\System\bMnrxEg.exe
  2⤵
  PID:9304
- C:\Windows\System\iHvHRsG.exe
  C:\Windows\System\iHvHRsG.exe
  2⤵
  PID:9940
- C:\Windows\System\hNbdZwZ.exe
  C:\Windows\System\hNbdZwZ.exe
  2⤵
  PID:9424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BugRDKJ.exe

Filesize
6.0MB

MD5
827dad4a8d58963e4844510b37c5c4d9

SHA1
a21921a9c2a9f84f54a68f607bb52db68e4c71e1

SHA256
6f8b2e8c7d5a6fd261d3b6a5aa39a2872997fff78b9fc73f92e56d6a9f1b89e7

SHA512
dca96a97b2d00d1ab51b8425e0868f6894b700a9044476940d8c9b79257bc965ad87aa14833fb0caf4ba659d8966d71301857e70b276f7c00bb6c033cb62909d

Download Submit
C:\Windows\system\CqKkWDf.exe

Filesize
6.0MB

MD5
cb45b66de8717ddb76e0801d935ee6e3

SHA1
8777822861e01ecf3abcf9ffa2e6c78f12e90ac5

SHA256
3f2a37de98aad783dcdacfe8caf6112e7995dabdf77696674db78203e483ea3c

SHA512
e098f89f8dd6475cbff7bdb2c7474dca35617c32baf45963f22966b960b08bb489511862db13a035ba5306455224a821623028fd7f34a9d30d33e9e1b3a7d927

Download Submit
C:\Windows\system\DSGRBTT.exe

Filesize
6.0MB

MD5
82d493178ecbb2d9bbb8e24299832008

SHA1
6ba6c5d7edc5a04d9334c348e2b057cc75d25a90

SHA256
60eacdb7c69df4314ee5bf76d565ea1977c2aa2dd638f2134a515a74c1a99eb7

SHA512
90defc0962cf3029df291528647aabf0a4c59e958d443028f4cd2c6132a8a5dd68f19791b75f288b5ca1517549aa48d25bbca0d01f067d9542692706b17fb2e9

Download Submit
C:\Windows\system\IzbkfyG.exe

Filesize
6.0MB

MD5
6fc376b0a2a2134c1a21b813a0ecacc8

SHA1
a4279eb776b17234541ab969193412405e6b28f2

SHA256
bef16cf4b9803d409abe422a2df32e511b657e9dba00d318ce8fc7ebb658a3da

SHA512
15f81e59397ba7e30c957872885d021c43c077add72a9c418134d3726fd0ad9c7f60bea15bc2a9fc5fb53f8713c76bf7a9ad95711e18d13d9accc3394a1f14ca

Download Submit
C:\Windows\system\KZRAwNX.exe

Filesize
6.0MB

MD5
43f873e1661602ee0634663c306cf5e6

SHA1
300866b94d5d1ddf074523d7999f6ff437871907

SHA256
ff4ef9c3883f2653618c52600ddf84be2093de37cf80b31dc3a9ea6143422b16

SHA512
2be828956704b30869e84145ecc0228582c1425f606ea5ef98d04f67bfc1efe92c5899af2c279159438967dfb461c2b5752f1556b64bcd8972e40fb98a981678

Download Submit
C:\Windows\system\KbsolSn.exe

Filesize
6.0MB

MD5
59434c35fad74c53374b4dab989d3456

SHA1
3078c38a9d2bddb584c4f6f5f9113a7a6f33ef62

SHA256
024dcba3995ec2a8e10e5fd196589b04d39847d93915bafcbf356569860c5199

SHA512
837f2dd4baa37d6ec1d679f6ab289ea6ce6b4e41b2b7a53030e99aa8b53af4a4f0938ef0a085ea1ab633f7a5e3ca0db38e319185d2c73c1bd9a58ac54a5186af

Download Submit
C:\Windows\system\OaQIjEO.exe

Filesize
6.0MB

MD5
2a48e06090e5909fa53de07686c846c9

SHA1
5859f5523b9f888cc1b5709cbf8a5d2b475f41fe

SHA256
04fdc7af062f10f4facfbe424e7252638b62df211ac19d754440246385047cbb

SHA512
43be07781ef5d2586245571f7ff61515346b7d9b5f0c0125ef736c119176333a87d67ebff317aced4ff4154ac291386d488c474a4ebba2d38419e628f15f1bbd

Download Submit
C:\Windows\system\RpDonwQ.exe

Filesize
6.0MB

MD5
38a6dec57963e91642751893ac57176c

SHA1
17d9cc949ee0087b701f93f3647f547d8bbb52a2

SHA256
641a79efa2d105440b4f474c0af72690c40b81369ad304e2b49f6bc19a93ea6a

SHA512
4f3880e0060538fa360f4eff0552f8272907f998b45eae1872ea52476d56903a571209ade47b797c23bd19ebec8c6ee4df1c7d778672cd0f628f5da24ced5b77

Download Submit
C:\Windows\system\TyyisAy.exe

Filesize
6.0MB

MD5
675378b185e6939a4daf7a4072cfb551

SHA1
bd23e782eecc978c8f04d2f465a23ce351704dfe

SHA256
69a147314cac268ca33a8e610d9e4a7bf8868baf900220369704c48f7c9e66d2

SHA512
e22839d44a5646c82046c557022b93c455e42bc6382c8012f7ca39c04391fb52b9cac453f21bbefb5ccfa4aa7859256c8974ceb0f6d5ca595231bfe8369642a2

Download Submit
C:\Windows\system\UaRvKyX.exe

Filesize
6.0MB

MD5
be2eefd3eb2bb20894315c2e335ac60a

SHA1
4a6b320c2aaab47539e278c5d427e29c3e085eef

SHA256
07674ee55a8a12e304b487693c4fa90d488b03562a09f757261bef3bdccab7f7

SHA512
0b8a22f011fb109a867054d5bad7ec4cdcfc69eb392adb57a5be85a5fcc62f209dec42840dc5a3993619e2cc3f87cdbb85067235ab118da7da980771eda4c1fb

Download Submit
C:\Windows\system\XlNbcXc.exe

Filesize
6.0MB

MD5
f8129f399b216abc04d1ebf916d07978

SHA1
347bd0d87d34b1662daf766068baed2cd343a42f

SHA256
3e051418741ba1879ecbd6afdd6b020a12a18bde0dd603144be61c8a5725c924

SHA512
1f81eb5634c9b8f676892d6929c63b9c780e37926aa7dbe19b3f6e7ad942b8e30d85ef8f5cc01298033e1ec75576f14b2bc528320c85275253d1e18ae0ff826e

Download Submit
C:\Windows\system\YDeuTjK.exe

Filesize
6.0MB

MD5
088a14f5bcb181c53870f632058864c8

SHA1
ee97c8d1ea28236702cc2d85f693bb307acfb114

SHA256
5a8e718f687993dbaf0eebff163c5800283bf32ced6aa336c10c418acf842d7d

SHA512
00ed95c01e1cef35810a8898a31304e73ee79b9e798d4f9815fcf2c16b0bb2ff726868dcdf32465f1239a8accb9884a9e614211bca7d680f934728661ab3debc

Download Submit
C:\Windows\system\YjIYWSV.exe

Filesize
6.0MB

MD5
59fb3b475ccecce0684c0f8dcfb36b0c

SHA1
c1b79da3b7c82810df7f67f43fa928e6b8443367

SHA256
6ac60175f98f5ba0c615929097c27e4d681806251c1bdf4930190c61e5999bb5

SHA512
37ef718001519ff40807d6bcdef86d00cca8c7b16ab7266245f3da175ba62bd59c92c399d27278c45ecfa698c4287fa51384d4905c48d3583b34c70688c4caa5

Download Submit
C:\Windows\system\ZLOsJvW.exe

Filesize
6.0MB

MD5
d5bffdeb9de7909bb44aa4e0f5207f91

SHA1
b9933154c7cbf453ccf829c8f088ca00c71f3388

SHA256
3fe1e863361434f9d1ff4c9ffc04261995bfb31d154c6bbca798cf05ba9ff39e

SHA512
c31405ce268a63abf2915ef62f47447eb877c70973270338abefa29e9b63e3442b6490aa9b8d0fa2cdba611cc2c6fa3885dda2cc36a7feb74548055745e8c20b

Download Submit
C:\Windows\system\ZgQbSbj.exe

Filesize
6.0MB

MD5
fe5d8950c20b602d4fa17e72226d7b3a

SHA1
b61affa0612424a941a3a641ea2eb054ab18aa79

SHA256
f64fa22301a9019ada1d943e5e7c373f1d52998fb8f67292fefdccbcf39782ab

SHA512
efb802ee4614cb1e7b5e52945a351eca80f5c73c7924a39ea85f31a7b5887b5b4d18d3d5e158b10c0e18652f4fc794692d18048889bc9421e021514c6e25a9e6

Download Submit
C:\Windows\system\cVzUiTg.exe

Filesize
6.0MB

MD5
fe492b1a8ef19eb3c81d46eb3cd25b6e

SHA1
8eff1ac433777e62c005b043e59f748aec30d52b

SHA256
096bba17cf56929adee8d86ed855df890885c674da4cdf6e5b11983ad10dcdc6

SHA512
4de31e78d3c8275215c31ab1819da8c254be775fea752c7426bb4056317f06f39d72e39317f0a747df234fc753039a34522f8b07ee7421ad5d6189637dff7700

Download Submit
C:\Windows\system\cepsVMl.exe

Filesize
6.0MB

MD5
2ecb66f437380070f33fb756cfcec45a

SHA1
6c46b7225443a77b676f25bd0d67a23e23bb07da

SHA256
46b724b25459e8b8f5fb5dae3d424cd087833648008a3f02a8e5aaf7b0f334b8

SHA512
72d95c1d6aa32ddf5eae744ff5b7683002700499ad644b231863aea9b95bb9e70b7d9a322bdea9950b8abe8eadfd8de7ae1fbac1a69c1f11795fddf59de89d51

Download Submit
C:\Windows\system\ibnqgfq.exe

Filesize
6.0MB

MD5
dc6c4f103964bb6516b806b3bec8d789

SHA1
272582db8568d0f43b993d0d5600d15c2318a144

SHA256
6b80f045641ff1fa584e5446a389fe8a9a91139f815ef7e8ea492123cb0ed424

SHA512
a90e3b15cd2cd6c094abb62eda673cfd5d4eb18303a656d27ec4be3d364395db0f6e456932f8d5559b13534fd3c9959b8e75cd41309bb281df61431e9c7919c3

Download Submit
C:\Windows\system\kFQculq.exe

Filesize
6.0MB

MD5
88705a91a9c459bc3e20cdd01eca3e52

SHA1
505f1f28ed2f7be413442f9d3e1522549395c7e6

SHA256
df8b6465cb5eb8e15ca0d8fc358e895fffe974fa206dcdb39592476724372252

SHA512
5babf0b8554d83bc5fd15bd77051bd4d6580666a835f39305f1c32036f25356f3577a8a6d2501ed3f18b9e3ec3621fdff803284e02cb3bfa3524bbb0b3820781

Download Submit
C:\Windows\system\kTqHBNh.exe

Filesize
6.0MB

MD5
7c1a617f95a445c27c35caf208ea7432

SHA1
5c5580def6ad4998485b25b99823a9c3ad6a2445

SHA256
4009f6dcec1ad3a41ad6c69195415a7a1c167c05acebb65a416d70c2bee8ffe8

SHA512
798bf9eef19181a68e367ef7890cb6fd794d9961f0c3c3ad88f1c5de7b3ad36e3834b85c3cc8d226f7a76eee1b5d953be035ed7d6c7d132f2c0d00fa0512e9f4

Download Submit
C:\Windows\system\mHvTqPQ.exe

Filesize
6.0MB

MD5
d0df4e340252d6a3f0c8a0245124b912

SHA1
289322ebf927f8918b07fe7b69f921053b3a994d

SHA256
434bf91bb09fb0563a8d72643266fcb60a0ded65fd22bde1f6dff16b8782028b

SHA512
6f484f2e0b2134839df8b55f2b6fbb3f1d002926558789bb58ba0c7e6c1d533b9d91dbdc61400af228be91902fbea2e79a8ba2fcce40de1efdffd15ff80dc5b2

Download Submit
C:\Windows\system\mxEwOXp.exe

Filesize
6.0MB

MD5
a37949117d9f4015ecabd8ab32c38b3d

SHA1
f92f7977a8fcf6c7e794e73a0ad63c57f527fdb6

SHA256
8d2e769a5327bc0c550f77dad697d060a119dc78a03d697589b7e9fbf3c62c04

SHA512
fdcde1baf489ffa9c194ff47df5e03201cde0fcf8a818419f3a004343b1489a81225e6a06e2ff0e6ddc5ebf78756480700dfe3178d04ecb24824530a2e4ba892

Download Submit
C:\Windows\system\oPeUkQz.exe

Filesize
6.0MB

MD5
7c87eb5d09fd5e1d14af1c8dde083946

SHA1
f9c90e4e0f458fec2554826af2655926397cfd17

SHA256
2da8c68b5b4b24edbcab27ddf3539c56f02c1f735078e0e3f41568b74709ec3f

SHA512
8a6e925c0f491e86286c8f00cea5792b3f26ff84ac1f3e238715c8e0d58684c778e99ea58cc8977501ec1de3a8ad5a4efc8ce070430d80ee8d88d89c377de2a7

Download Submit
C:\Windows\system\oVROTCe.exe

Filesize
6.0MB

MD5
2e3d7af6aa77b06e6a497b5f06c87772

SHA1
fbd6e943999825805477c2a2d5b66dc93aea143a

SHA256
36ada6809c37f7b21741254d514930a716ee6e20df9df72e8e9f0ea779dea165

SHA512
bc8027defea6e6ec7caa28c0c9d33669ba0f6164b431d925790bdb9942295843b5c32b89351117b6533634ed2f32eeae1b7b5e54d5c1e14cc7128986b0dd93ee

Download Submit
C:\Windows\system\pGYIlSB.exe

Filesize
6.0MB

MD5
2c649a48f1b83176fc0aef4954bc7dc0

SHA1
f619cc069d566af98e868b331737df1b9e8cfa69

SHA256
3335327cd6ec8e254fcc43277363757eac41e1d9f824fed49f2171cf40ef7fee

SHA512
86b5448d18cb3dc28259e4dcaefea47ebb8513572a5075cca5a652db298c82ef9645cd002fccf9be28a84225263935a00825efcddd68ceb8fddfb0a31491fe5f

Download Submit
C:\Windows\system\rnsRnqY.exe

Filesize
6.0MB

MD5
73b09073e8641f686520dd4feff65195

SHA1
c029a4a7996b72863709fcafc708846dd033962f

SHA256
9d433c463594d73a6f155874ace7783f7dd6f74b1b7a57e8f4781facea48b5ed

SHA512
b4ce6780204d3d0d901c04c1f898dedd05c6e5e939afa2afc127cfc83180218e22afe22f9ccba1025d4600f1192acd2fd29b9a1c2056053048d06395744823d9

Download Submit
C:\Windows\system\tZgoaNu.exe

Filesize
6.0MB

MD5
6beea7822f82b4fc4db92550a871103d

SHA1
a42c63770fef7b84c29a6b1cdcd422c4c3d5e2fe

SHA256
b0d407d794db2993183a06d5bfa98ae6bb6725f45539bbc1bd4eeba5af1d327d

SHA512
00919fb3961f1835b28a3f06d005a2bd43e4be4e67b5d45de0c461b36048a5276b07ac72f8cd1a72c74c9670d2911368272a89344bbdb826774c6aad0ef13e9a

Download Submit
C:\Windows\system\wIHCXff.exe

Filesize
6.0MB

MD5
9090de098fd5e5d4fe49bb39d8b36ca6

SHA1
74a91dcb95d6925d41f7f694aae43cda6481e4ac

SHA256
57fe75ad70c55bb25c02e24363b3b6270bd9856be7d158fc6da28c1767be9633

SHA512
7cd4fe4859b592b5a85f9769225058ff6487959e680829cc3d0194eb5b89123e9baee98a198ae518295aad24858ec3134db03e2d1c34ed9131ca8ded5f76f565

Download Submit
C:\Windows\system\wMlROPN.exe

Filesize
6.0MB

MD5
b1980ad62af51fb8333d5f99a4b15a2e

SHA1
038e66efd4d4fdd5d0531c0620098f6b43402bc4

SHA256
dad31d2ce908fe7ef5b0f6086a71f231f13c3f091fb365e93b0ce39f30af684e

SHA512
039f32eb16704584b19b188a290c61fbbd5ab3ec95c62f5b4ec242ddc4af17c6f90d73ad950f8dd9f5777e1210e48cf95d7616ff8ed945edc34d7e4d16601c3b

Download Submit
C:\Windows\system\xxipHDp.exe

Filesize
6.0MB

MD5
728268847a5baab577e591ffafb5d3db

SHA1
62b77f182b1785a0d9902f18dd5a884a78b9ead0

SHA256
95ae4477f147301b85b0c730c40696d034c104d490aab818c03bed7c5286b618

SHA512
ba7ea0ff4829bccdf983cbac5688ad2cf0d848d31554cf550af0884e25f2ee62cd7397f06c32b7aa22afefca240f844dcc6e7c3a19d5a0df17a225684d92d5a5

Download Submit
\Windows\system\iTAHBCJ.exe

Filesize
6.0MB

MD5
352d5408293de40d8587ee56707c7944

SHA1
a14f621ede4b4cdf87000157d7451238683f3a76

SHA256
5f5d724bc06c6b09603470ad085de10e4524fbabe19787f5a150268faedc5d58

SHA512
4262e7b90ecddb49da8a7770e9101c383191a38eeb8caac15a7f294c4c8b8c126e9cdf1793e7eadedd5741329a52a1cc198e9c97a3806a5b0003ed21e74909ae

Download Submit
\Windows\system\rsxwNCK.exe

Filesize
6.0MB

MD5
70ba6a171bb7f210c2de218b6575d3a7

SHA1
d451343758f1e2af53720377c59728643dbe7546

SHA256
28438ba101b9e7c111cd97e58afc89bf1fd99e7b983a1e87a875bcbc83108965

SHA512
de0a10d70ef0f2d0ae7909ead86038e65f4ac19f4b86bd43b1308c689e5dfb6fa44c0155f77c3e9a30a73633674da36b2b4c8a8048bda754d0bd1cf40a04d282

Download Submit
\Windows\system\uKawNHA.exe

Filesize
6.0MB

MD5
180c72e8263070b3a5e97dc372f7d8c2

SHA1
978a470b0270258c640d6516e50e014d4007d246

SHA256
6c68bc428039d7bd297b836226570d4c4fffc503e29bc6ad8d353fa42bbcef4a

SHA512
78853c270a9bc15137220bf6ad649e36d8314bae83a1cb403d5460eb1f414708d83d5d8eda9322aac4d1d7cc583d8151f28db407a7a6704bf039ba23154d2c87

Download Submit
memory/692-357-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/692-4032-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/1348-4033-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/1348-359-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2376-4036-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2376-361-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2416-355-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-4029-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-4035-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2560-349-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2604-4031-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-347-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-351-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2624-4034-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1720-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-362-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-356-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-348-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-358-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-346-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2688-344-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-11-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-342-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2688-296-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2688-261-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-294-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-0-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2688-360-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1771-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1822-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1672-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1692-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1690-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1724-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-354-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-350-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1770-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2688-352-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1807-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1800-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1779-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1762-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1749-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1691-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1459-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2712-4025-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2712-293-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2720-307-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2720-4030-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2768-345-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-4038-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-363-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-4026-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-343-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2920-4028-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2964-4027-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-295-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-353-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/3052-4037-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download