cobaltstrike | 907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26-12-2024 19:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
Size

6.0MB
MD5

b7d48c0bf712f6f0db645aef1f7d8f8e
SHA1

35a11bf1316209806c62ac3cb9dc913d97c26b84
SHA256

907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415
SHA512

f9c3194a657f13f5667dd3c49aa209e6020423f1f9121d6e2f9942321ae7acccc0b5d7fc74bf7865f91ec1b567084d7446d03b225d6f985d52cf2db1a1047c56
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lU7:eOl56utgpPF8u/77

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000016df8-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016edc-16.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000174b4-31.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016f02-26.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000174f8-35.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924f-51.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019299-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019358-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939f-96.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193dc-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019428-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019518-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019510-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019508-156.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e1-147.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c3-144.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d5-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019502-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ad-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-121.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f9-116.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d0-106.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-101.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-91.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019354-81.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-76.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001927a-66.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-61.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-56.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000175f7-46.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017570-42.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3048-0-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016df8-11.dat	xmrig
behavioral1/memory/2768-15-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2700-14-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/files/0x0008000000016edc-16.dat	xmrig
behavioral1/files/0x00070000000174b4-31.dat	xmrig
behavioral1/files/0x0008000000016f02-26.dat	xmrig
behavioral1/files/0x00070000000174f8-35.dat	xmrig
behavioral1/files/0x000500000001924f-51.dat	xmrig
behavioral1/files/0x0005000000019299-69.dat	xmrig
behavioral1/files/0x0005000000019358-86.dat	xmrig
behavioral1/files/0x000500000001939f-96.dat	xmrig
behavioral1/files/0x00050000000193dc-111.dat	xmrig
behavioral1/files/0x0005000000019428-126.dat	xmrig
behavioral1/memory/2380-1593-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2576-1607-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/2596-1609-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/3048-1612-0x0000000002480000-0x00000000027D4000-memory.dmp	xmrig
behavioral1/memory/2544-1611-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/files/0x0005000000019518-166.dat	xmrig
behavioral1/files/0x0005000000019510-160.dat	xmrig
behavioral1/files/0x0005000000019508-156.dat	xmrig
behavioral1/files/0x00050000000194e1-147.dat	xmrig
behavioral1/files/0x00050000000194c3-144.dat	xmrig
behavioral1/files/0x00050000000194d5-141.dat	xmrig
behavioral1/files/0x0005000000019502-151.dat	xmrig
behavioral1/files/0x00050000000194ad-131.dat	xmrig
behavioral1/files/0x0005000000019426-121.dat	xmrig
behavioral1/files/0x00050000000193f9-116.dat	xmrig
behavioral1/files/0x00050000000193d0-106.dat	xmrig
behavioral1/files/0x00050000000193cc-101.dat	xmrig
behavioral1/files/0x000500000001938e-91.dat	xmrig
behavioral1/files/0x0005000000019354-81.dat	xmrig
behavioral1/files/0x00050000000192a1-76.dat	xmrig
behavioral1/files/0x000500000001927a-66.dat	xmrig
behavioral1/files/0x0005000000019274-61.dat	xmrig
behavioral1/files/0x0005000000019261-56.dat	xmrig
behavioral1/files/0x00080000000175f7-46.dat	xmrig
behavioral1/files/0x0007000000017570-42.dat	xmrig
behavioral1/memory/2676-22-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2624-1613-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2980-1820-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2992-2059-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/1028-2130-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/3048-2142-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/1968-2258-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/3048-2267-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2832-2266-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2712-2324-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/3048-2642-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2676-3131-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2380-3250-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/3048-3377-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/3048-3363-0x0000000002480000-0x00000000027D4000-memory.dmp	xmrig
behavioral1/memory/3048-3407-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/3048-3504-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2624-3988-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2576-3989-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/2992-3987-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2700-3986-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2712-3985-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2544-4110-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2980-4111-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2700	WyfeDUE.exe
2768	RubEOUw.exe
2676	XcdcLri.exe
2380	TetEmdP.exe
2712	OJQybdJ.exe
2576	SAtvLNe.exe
2596	cNZTuWK.exe
2544	dePIaIe.exe
2624	TstvTjw.exe
2980	CKHRPCJ.exe
2992	ibUwVSX.exe
1028	Xsfodam.exe
1968	ECauuLl.exe
2832	eZIsxsC.exe
2728	fAmyvpG.exe
1700	RlSPEaM.exe
2964	PrCbyqe.exe
1548	xNJdDiA.exe
1984	Udlgdxj.exe
1532	tzeOdGn.exe
2060	bZQZyIN.exe
1044	aAohEBQ.exe
1848	mlGCxyN.exe
532	GdvMkRe.exe
580	CrmPNrz.exe
2528	RepiRKX.exe
2172	yHmvpkG.exe
912	DwYhKaz.exe
2416	zPDyXss.exe
2400	pFrrfnY.exe
964	tuIoGJV.exe
2252	IWjCkuX.exe
904	XhSmcZQ.exe
2264	oWlvbpS.exe
848	NRjOBjq.exe
1688	NKuNmAX.exe
1788	gPbwvat.exe
1084	QOAsgmy.exe
2084	kpFCQzL.exe
1664	wJpAJCi.exe
1352	kXxFtev.exe
984	qtyVDdx.exe
2152	GylueSy.exe
1660	EwiZAdb.exe
2636	deMroKI.exe
2508	zwHcjVI.exe
1624	eiUtMvo.exe
1152	kFDOzHA.exe
996	wCFpeAv.exe
888	aMPOBqS.exe
1120	xNlVCsk.exe
2260	gqvqMaS.exe
1224	YqZOigd.exe
2824	ECaRDzg.exe
1260	MsWTAbE.exe
840	VNmWTCD.exe
2680	iRYPVsJ.exe
2660	drABwcV.exe
2588	jxeGUVS.exe
2724	pQbNTIw.exe
2784	lQzAyrb.exe
3024	PGKfxbz.exe
1696	PLaJvsM.exe
2612	KNoQVEU.exe

Loads dropped DLL 64 IoCs

pid	Process
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe

UPX packed file 60 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3048-0-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/files/0x0008000000016df8-11.dat	upx
behavioral1/memory/2768-15-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2700-14-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x0008000000016edc-16.dat	upx
behavioral1/files/0x00070000000174b4-31.dat	upx
behavioral1/files/0x0008000000016f02-26.dat	upx
behavioral1/files/0x00070000000174f8-35.dat	upx
behavioral1/files/0x000500000001924f-51.dat	upx
behavioral1/files/0x0005000000019299-69.dat	upx
behavioral1/files/0x0005000000019358-86.dat	upx
behavioral1/files/0x000500000001939f-96.dat	upx
behavioral1/files/0x00050000000193dc-111.dat	upx
behavioral1/files/0x0005000000019428-126.dat	upx
behavioral1/memory/2380-1593-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2576-1607-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2596-1609-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2544-1611-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/files/0x0005000000019518-166.dat	upx
behavioral1/files/0x0005000000019510-160.dat	upx
behavioral1/files/0x0005000000019508-156.dat	upx
behavioral1/files/0x00050000000194e1-147.dat	upx
behavioral1/files/0x00050000000194c3-144.dat	upx
behavioral1/files/0x00050000000194d5-141.dat	upx
behavioral1/files/0x0005000000019502-151.dat	upx
behavioral1/files/0x00050000000194ad-131.dat	upx
behavioral1/files/0x0005000000019426-121.dat	upx
behavioral1/files/0x00050000000193f9-116.dat	upx
behavioral1/files/0x00050000000193d0-106.dat	upx
behavioral1/files/0x00050000000193cc-101.dat	upx
behavioral1/files/0x000500000001938e-91.dat	upx
behavioral1/files/0x0005000000019354-81.dat	upx
behavioral1/files/0x00050000000192a1-76.dat	upx
behavioral1/files/0x000500000001927a-66.dat	upx
behavioral1/files/0x0005000000019274-61.dat	upx
behavioral1/files/0x0005000000019261-56.dat	upx
behavioral1/files/0x00080000000175f7-46.dat	upx
behavioral1/files/0x0007000000017570-42.dat	upx
behavioral1/memory/2676-22-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2624-1613-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2980-1820-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2992-2059-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/1028-2130-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/1968-2258-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2832-2266-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2712-2324-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/3048-2642-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2676-3131-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2380-3250-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2624-3988-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2576-3989-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2992-3987-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2700-3986-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2712-3985-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2544-4110-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2980-4111-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/1968-4125-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/1028-4137-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2832-4148-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ZBgpzYf.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\ATiZXwL.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\VbsSOWP.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\uMmvNVO.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\OjvKKAV.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\SOJXCXT.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\cXmLNBf.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\UaUKeDr.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\YaLWTAi.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\sgoVFvC.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\OtvElff.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\aPRlNoE.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\ByuxwcY.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\xYsyQgA.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\XqwVfZI.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\AhGnsfm.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\ElGweon.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\VUKiJow.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\WXHIRGC.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\ECaRDzg.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\oorZdkq.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\dYIhZSW.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\KmiMxgk.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\rbFvpvW.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\gvmqdtZ.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\gcJPHet.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\NmNmJQf.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\DWQRMWs.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\gGxLZih.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\KovtHRT.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\WqzLyGD.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\nQvZlTY.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\hFkuNNt.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\zAfYDTM.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\hIkVmEE.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\tyWOhUJ.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\WRvBALK.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\MYitYDS.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\gLsBZWj.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\lfUaqtG.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\OavAtKd.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\vwIsJGp.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\WQzNgvz.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\yNTXldv.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\yxPzPHl.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\qtyVDdx.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\oJOICKZ.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\BNUmIMH.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\uxlGUYT.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\BGFzRtA.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\xNlVCsk.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\zXUmSTK.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\PqJEcXC.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\WFRSCbq.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\ZZqBAOD.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\pVFKXHw.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\OWHPFKx.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\noIdByQ.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\SAtvLNe.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\zPDyXss.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\HCpJhkV.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\bMmHAYC.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\ucOmulP.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
File created	C:\Windows\System\svGcLPA.exe	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 2700	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	31
PID 3048 wrote to memory of 2700	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	31
PID 3048 wrote to memory of 2700	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	31
PID 3048 wrote to memory of 2768	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	32
PID 3048 wrote to memory of 2768	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	32
PID 3048 wrote to memory of 2768	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	32
PID 3048 wrote to memory of 2676	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	33
PID 3048 wrote to memory of 2676	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	33
PID 3048 wrote to memory of 2676	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	33
PID 3048 wrote to memory of 2380	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	34
PID 3048 wrote to memory of 2380	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	34
PID 3048 wrote to memory of 2380	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	34
PID 3048 wrote to memory of 2712	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	35
PID 3048 wrote to memory of 2712	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	35
PID 3048 wrote to memory of 2712	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	35
PID 3048 wrote to memory of 2576	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	36
PID 3048 wrote to memory of 2576	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	36
PID 3048 wrote to memory of 2576	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	36
PID 3048 wrote to memory of 2596	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	37
PID 3048 wrote to memory of 2596	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	37
PID 3048 wrote to memory of 2596	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	37
PID 3048 wrote to memory of 2544	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	38
PID 3048 wrote to memory of 2544	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	38
PID 3048 wrote to memory of 2544	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	38
PID 3048 wrote to memory of 2624	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	39
PID 3048 wrote to memory of 2624	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	39
PID 3048 wrote to memory of 2624	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	39
PID 3048 wrote to memory of 2980	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	40
PID 3048 wrote to memory of 2980	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	40
PID 3048 wrote to memory of 2980	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	40
PID 3048 wrote to memory of 2992	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	41
PID 3048 wrote to memory of 2992	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	41
PID 3048 wrote to memory of 2992	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	41
PID 3048 wrote to memory of 1028	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	42
PID 3048 wrote to memory of 1028	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	42
PID 3048 wrote to memory of 1028	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	42
PID 3048 wrote to memory of 1968	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	43
PID 3048 wrote to memory of 1968	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	43
PID 3048 wrote to memory of 1968	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	43
PID 3048 wrote to memory of 2832	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	44
PID 3048 wrote to memory of 2832	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	44
PID 3048 wrote to memory of 2832	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	44
PID 3048 wrote to memory of 2728	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	45
PID 3048 wrote to memory of 2728	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	45
PID 3048 wrote to memory of 2728	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	45
PID 3048 wrote to memory of 1700	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	46
PID 3048 wrote to memory of 1700	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	46
PID 3048 wrote to memory of 1700	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	46
PID 3048 wrote to memory of 2964	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	47
PID 3048 wrote to memory of 2964	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	47
PID 3048 wrote to memory of 2964	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	47
PID 3048 wrote to memory of 1548	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	48
PID 3048 wrote to memory of 1548	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	48
PID 3048 wrote to memory of 1548	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	48
PID 3048 wrote to memory of 1984	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	49
PID 3048 wrote to memory of 1984	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	49
PID 3048 wrote to memory of 1984	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	49
PID 3048 wrote to memory of 1532	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	50
PID 3048 wrote to memory of 1532	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	50
PID 3048 wrote to memory of 1532	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	50
PID 3048 wrote to memory of 2060	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	51
PID 3048 wrote to memory of 2060	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	51
PID 3048 wrote to memory of 2060	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	51
PID 3048 wrote to memory of 1044	3048	JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_907dc7b2df9a96b286306cc88bf366cdad60e333aa04cc5d637768bcc1044415.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Windows\System\WyfeDUE.exe
  C:\Windows\System\WyfeDUE.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\RubEOUw.exe
  C:\Windows\System\RubEOUw.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\XcdcLri.exe
  C:\Windows\System\XcdcLri.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\TetEmdP.exe
  C:\Windows\System\TetEmdP.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\OJQybdJ.exe
  C:\Windows\System\OJQybdJ.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\SAtvLNe.exe
  C:\Windows\System\SAtvLNe.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\cNZTuWK.exe
  C:\Windows\System\cNZTuWK.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\dePIaIe.exe
  C:\Windows\System\dePIaIe.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\TstvTjw.exe
  C:\Windows\System\TstvTjw.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\CKHRPCJ.exe
  C:\Windows\System\CKHRPCJ.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\ibUwVSX.exe
  C:\Windows\System\ibUwVSX.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\Xsfodam.exe
  C:\Windows\System\Xsfodam.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\ECauuLl.exe
  C:\Windows\System\ECauuLl.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\eZIsxsC.exe
  C:\Windows\System\eZIsxsC.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\fAmyvpG.exe
  C:\Windows\System\fAmyvpG.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\RlSPEaM.exe
  C:\Windows\System\RlSPEaM.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\PrCbyqe.exe
  C:\Windows\System\PrCbyqe.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\xNJdDiA.exe
  C:\Windows\System\xNJdDiA.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\Udlgdxj.exe
  C:\Windows\System\Udlgdxj.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\tzeOdGn.exe
  C:\Windows\System\tzeOdGn.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\bZQZyIN.exe
  C:\Windows\System\bZQZyIN.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\aAohEBQ.exe
  C:\Windows\System\aAohEBQ.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\mlGCxyN.exe
  C:\Windows\System\mlGCxyN.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\GdvMkRe.exe
  C:\Windows\System\GdvMkRe.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\CrmPNrz.exe
  C:\Windows\System\CrmPNrz.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\yHmvpkG.exe
  C:\Windows\System\yHmvpkG.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\RepiRKX.exe
  C:\Windows\System\RepiRKX.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\DwYhKaz.exe
  C:\Windows\System\DwYhKaz.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\zPDyXss.exe
  C:\Windows\System\zPDyXss.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\pFrrfnY.exe
  C:\Windows\System\pFrrfnY.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\tuIoGJV.exe
  C:\Windows\System\tuIoGJV.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\IWjCkuX.exe
  C:\Windows\System\IWjCkuX.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\XhSmcZQ.exe
  C:\Windows\System\XhSmcZQ.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\NRjOBjq.exe
  C:\Windows\System\NRjOBjq.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\oWlvbpS.exe
  C:\Windows\System\oWlvbpS.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\NKuNmAX.exe
  C:\Windows\System\NKuNmAX.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\gPbwvat.exe
  C:\Windows\System\gPbwvat.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\QOAsgmy.exe
  C:\Windows\System\QOAsgmy.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\kpFCQzL.exe
  C:\Windows\System\kpFCQzL.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\wJpAJCi.exe
  C:\Windows\System\wJpAJCi.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\kXxFtev.exe
  C:\Windows\System\kXxFtev.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\EwiZAdb.exe
  C:\Windows\System\EwiZAdb.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\qtyVDdx.exe
  C:\Windows\System\qtyVDdx.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\deMroKI.exe
  C:\Windows\System\deMroKI.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\GylueSy.exe
  C:\Windows\System\GylueSy.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\zwHcjVI.exe
  C:\Windows\System\zwHcjVI.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\eiUtMvo.exe
  C:\Windows\System\eiUtMvo.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\kFDOzHA.exe
  C:\Windows\System\kFDOzHA.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\wCFpeAv.exe
  C:\Windows\System\wCFpeAv.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\xNlVCsk.exe
  C:\Windows\System\xNlVCsk.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\aMPOBqS.exe
  C:\Windows\System\aMPOBqS.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\YqZOigd.exe
  C:\Windows\System\YqZOigd.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\gqvqMaS.exe
  C:\Windows\System\gqvqMaS.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\MsWTAbE.exe
  C:\Windows\System\MsWTAbE.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\ECaRDzg.exe
  C:\Windows\System\ECaRDzg.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\VNmWTCD.exe
  C:\Windows\System\VNmWTCD.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\iRYPVsJ.exe
  C:\Windows\System\iRYPVsJ.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\drABwcV.exe
  C:\Windows\System\drABwcV.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\jxeGUVS.exe
  C:\Windows\System\jxeGUVS.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\pQbNTIw.exe
  C:\Windows\System\pQbNTIw.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\lQzAyrb.exe
  C:\Windows\System\lQzAyrb.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\PGKfxbz.exe
  C:\Windows\System\PGKfxbz.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\PLaJvsM.exe
  C:\Windows\System\PLaJvsM.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\KNoQVEU.exe
  C:\Windows\System\KNoQVEU.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\aINWVlr.exe
  C:\Windows\System\aINWVlr.exe
  2⤵
  PID:2872
- C:\Windows\System\NDdpAih.exe
  C:\Windows\System\NDdpAih.exe
  2⤵
  PID:2888
- C:\Windows\System\WqzLyGD.exe
  C:\Windows\System\WqzLyGD.exe
  2⤵
  PID:1752
- C:\Windows\System\gVkCLfR.exe
  C:\Windows\System\gVkCLfR.exe
  2⤵
  PID:1936
- C:\Windows\System\RArFgRl.exe
  C:\Windows\System\RArFgRl.exe
  2⤵
  PID:1192
- C:\Windows\System\nyzAVVn.exe
  C:\Windows\System\nyzAVVn.exe
  2⤵
  PID:572
- C:\Windows\System\yPErcHl.exe
  C:\Windows\System\yPErcHl.exe
  2⤵
  PID:1756
- C:\Windows\System\eFsCaGN.exe
  C:\Windows\System\eFsCaGN.exe
  2⤵
  PID:588
- C:\Windows\System\sXtgpee.exe
  C:\Windows\System\sXtgpee.exe
  2⤵
  PID:2928
- C:\Windows\System\TysrhNH.exe
  C:\Windows\System\TysrhNH.exe
  2⤵
  PID:1856
- C:\Windows\System\pVFKXHw.exe
  C:\Windows\System\pVFKXHw.exe
  2⤵
  PID:1236
- C:\Windows\System\BBYNSxn.exe
  C:\Windows\System\BBYNSxn.exe
  2⤵
  PID:1648
- C:\Windows\System\dBKDZBp.exe
  C:\Windows\System\dBKDZBp.exe
  2⤵
  PID:2484
- C:\Windows\System\bPXdzGp.exe
  C:\Windows\System\bPXdzGp.exe
  2⤵
  PID:1516
- C:\Windows\System\wJZSbaD.exe
  C:\Windows\System\wJZSbaD.exe
  2⤵
  PID:1764
- C:\Windows\System\MBULxgN.exe
  C:\Windows\System\MBULxgN.exe
  2⤵
  PID:2272
- C:\Windows\System\CpqcJXQ.exe
  C:\Windows\System\CpqcJXQ.exe
  2⤵
  PID:2896
- C:\Windows\System\zSWXpkD.exe
  C:\Windows\System\zSWXpkD.exe
  2⤵
  PID:2012
- C:\Windows\System\zRRTxiA.exe
  C:\Windows\System\zRRTxiA.exe
  2⤵
  PID:3016
- C:\Windows\System\SjVPhWT.exe
  C:\Windows\System\SjVPhWT.exe
  2⤵
  PID:784
- C:\Windows\System\KrxgKwm.exe
  C:\Windows\System\KrxgKwm.exe
  2⤵
  PID:2632
- C:\Windows\System\SxaPLZZ.exe
  C:\Windows\System\SxaPLZZ.exe
  2⤵
  PID:2268
- C:\Windows\System\AjbhJHJ.exe
  C:\Windows\System\AjbhJHJ.exe
  2⤵
  PID:892
- C:\Windows\System\QAcoUDO.exe
  C:\Windows\System\QAcoUDO.exe
  2⤵
  PID:1604
- C:\Windows\System\POZSVwh.exe
  C:\Windows\System\POZSVwh.exe
  2⤵
  PID:1280
- C:\Windows\System\MAfbcVv.exe
  C:\Windows\System\MAfbcVv.exe
  2⤵
  PID:2736
- C:\Windows\System\uNPnXMD.exe
  C:\Windows\System\uNPnXMD.exe
  2⤵
  PID:2780
- C:\Windows\System\xpnLRGw.exe
  C:\Windows\System\xpnLRGw.exe
  2⤵
  PID:2684
- C:\Windows\System\dSjgqHd.exe
  C:\Windows\System\dSjgqHd.exe
  2⤵
  PID:1524
- C:\Windows\System\mgwmHFw.exe
  C:\Windows\System\mgwmHFw.exe
  2⤵
  PID:1972
- C:\Windows\System\cSQlAua.exe
  C:\Windows\System\cSQlAua.exe
  2⤵
  PID:2852
- C:\Windows\System\fiHeAIB.exe
  C:\Windows\System\fiHeAIB.exe
  2⤵
  PID:1980
- C:\Windows\System\DdwNmMj.exe
  C:\Windows\System\DdwNmMj.exe
  2⤵
  PID:1724
- C:\Windows\System\mserFdC.exe
  C:\Windows\System\mserFdC.exe
  2⤵
  PID:1284
- C:\Windows\System\kCcvfrp.exe
  C:\Windows\System\kCcvfrp.exe
  2⤵
  PID:2924
- C:\Windows\System\ZCeHcoK.exe
  C:\Windows\System\ZCeHcoK.exe
  2⤵
  PID:1740
- C:\Windows\System\xvhFTTO.exe
  C:\Windows\System\xvhFTTO.exe
  2⤵
  PID:2316
- C:\Windows\System\FtCkuEM.exe
  C:\Windows\System\FtCkuEM.exe
  2⤵
  PID:1244
- C:\Windows\System\UCmwUUF.exe
  C:\Windows\System\UCmwUUF.exe
  2⤵
  PID:1512
- C:\Windows\System\Khzjbnz.exe
  C:\Windows\System\Khzjbnz.exe
  2⤵
  PID:1768
- C:\Windows\System\DVnvWmE.exe
  C:\Windows\System\DVnvWmE.exe
  2⤵
  PID:2324
- C:\Windows\System\XkSeSCZ.exe
  C:\Windows\System\XkSeSCZ.exe
  2⤵
  PID:1844
- C:\Windows\System\LjieNvD.exe
  C:\Windows\System\LjieNvD.exe
  2⤵
  PID:2944
- C:\Windows\System\xmUqkJo.exe
  C:\Windows\System\xmUqkJo.exe
  2⤵
  PID:3004
- C:\Windows\System\QbfMjjs.exe
  C:\Windows\System\QbfMjjs.exe
  2⤵
  PID:2112
- C:\Windows\System\CtEGrHu.exe
  C:\Windows\System\CtEGrHu.exe
  2⤵
  PID:2744
- C:\Windows\System\ywIRpPS.exe
  C:\Windows\System\ywIRpPS.exe
  2⤵
  PID:2256
- C:\Windows\System\ZmcUcOl.exe
  C:\Windows\System\ZmcUcOl.exe
  2⤵
  PID:2600
- C:\Windows\System\zZAReTi.exe
  C:\Windows\System\zZAReTi.exe
  2⤵
  PID:2844
- C:\Windows\System\vwIsJGp.exe
  C:\Windows\System\vwIsJGp.exe
  2⤵
  PID:708
- C:\Windows\System\VrMGDvB.exe
  C:\Windows\System\VrMGDvB.exe
  2⤵
  PID:664
- C:\Windows\System\pkkrTGR.exe
  C:\Windows\System\pkkrTGR.exe
  2⤵
  PID:1376
- C:\Windows\System\hUjoPPj.exe
  C:\Windows\System\hUjoPPj.exe
  2⤵
  PID:2236
- C:\Windows\System\DXtIYRy.exe
  C:\Windows\System\DXtIYRy.exe
  2⤵
  PID:960
- C:\Windows\System\fkVdyoi.exe
  C:\Windows\System\fkVdyoi.exe
  2⤵
  PID:3088
- C:\Windows\System\AJongsW.exe
  C:\Windows\System\AJongsW.exe
  2⤵
  PID:3120
- C:\Windows\System\hslfFJi.exe
  C:\Windows\System\hslfFJi.exe
  2⤵
  PID:3140
- C:\Windows\System\zXpFyie.exe
  C:\Windows\System\zXpFyie.exe
  2⤵
  PID:3156
- C:\Windows\System\PZvpCVi.exe
  C:\Windows\System\PZvpCVi.exe
  2⤵
  PID:3172
- C:\Windows\System\oBlShUc.exe
  C:\Windows\System\oBlShUc.exe
  2⤵
  PID:3196
- C:\Windows\System\oRgiCwS.exe
  C:\Windows\System\oRgiCwS.exe
  2⤵
  PID:3216
- C:\Windows\System\mfpjXyS.exe
  C:\Windows\System\mfpjXyS.exe
  2⤵
  PID:3252
- C:\Windows\System\KQWKxHV.exe
  C:\Windows\System\KQWKxHV.exe
  2⤵
  PID:3272
- C:\Windows\System\sJEXBbm.exe
  C:\Windows\System\sJEXBbm.exe
  2⤵
  PID:3292
- C:\Windows\System\WQzNgvz.exe
  C:\Windows\System\WQzNgvz.exe
  2⤵
  PID:3312
- C:\Windows\System\XsNOKrb.exe
  C:\Windows\System\XsNOKrb.exe
  2⤵
  PID:3332
- C:\Windows\System\GNQcATA.exe
  C:\Windows\System\GNQcATA.exe
  2⤵
  PID:3352
- C:\Windows\System\cKIUlFd.exe
  C:\Windows\System\cKIUlFd.exe
  2⤵
  PID:3372
- C:\Windows\System\skkFAEm.exe
  C:\Windows\System\skkFAEm.exe
  2⤵
  PID:3392
- C:\Windows\System\sztMwRy.exe
  C:\Windows\System\sztMwRy.exe
  2⤵
  PID:3412
- C:\Windows\System\GTrMbAX.exe
  C:\Windows\System\GTrMbAX.exe
  2⤵
  PID:3432
- C:\Windows\System\MrbOVCr.exe
  C:\Windows\System\MrbOVCr.exe
  2⤵
  PID:3452
- C:\Windows\System\NAWEtnq.exe
  C:\Windows\System\NAWEtnq.exe
  2⤵
  PID:3472
- C:\Windows\System\dOYGufh.exe
  C:\Windows\System\dOYGufh.exe
  2⤵
  PID:3492
- C:\Windows\System\ZYxmQnx.exe
  C:\Windows\System\ZYxmQnx.exe
  2⤵
  PID:3512
- C:\Windows\System\JICBRje.exe
  C:\Windows\System\JICBRje.exe
  2⤵
  PID:3532
- C:\Windows\System\oYtVrBg.exe
  C:\Windows\System\oYtVrBg.exe
  2⤵
  PID:3552
- C:\Windows\System\MriNpkD.exe
  C:\Windows\System\MriNpkD.exe
  2⤵
  PID:3572
- C:\Windows\System\AQNCRMS.exe
  C:\Windows\System\AQNCRMS.exe
  2⤵
  PID:3588
- C:\Windows\System\wOAoGJj.exe
  C:\Windows\System\wOAoGJj.exe
  2⤵
  PID:3612
- C:\Windows\System\MdtUdVE.exe
  C:\Windows\System\MdtUdVE.exe
  2⤵
  PID:3632
- C:\Windows\System\KvqinyL.exe
  C:\Windows\System\KvqinyL.exe
  2⤵
  PID:3652
- C:\Windows\System\OWHPFKx.exe
  C:\Windows\System\OWHPFKx.exe
  2⤵
  PID:3672
- C:\Windows\System\jWUcLfk.exe
  C:\Windows\System\jWUcLfk.exe
  2⤵
  PID:3692
- C:\Windows\System\aOdJgmH.exe
  C:\Windows\System\aOdJgmH.exe
  2⤵
  PID:3712
- C:\Windows\System\NptwHBH.exe
  C:\Windows\System\NptwHBH.exe
  2⤵
  PID:3732
- C:\Windows\System\IsFvLKj.exe
  C:\Windows\System\IsFvLKj.exe
  2⤵
  PID:3752
- C:\Windows\System\MyDFjAb.exe
  C:\Windows\System\MyDFjAb.exe
  2⤵
  PID:3772
- C:\Windows\System\jsYYTJd.exe
  C:\Windows\System\jsYYTJd.exe
  2⤵
  PID:3792
- C:\Windows\System\ZZfBSZc.exe
  C:\Windows\System\ZZfBSZc.exe
  2⤵
  PID:3812
- C:\Windows\System\AtjFdeP.exe
  C:\Windows\System\AtjFdeP.exe
  2⤵
  PID:3832
- C:\Windows\System\JJnCSuM.exe
  C:\Windows\System\JJnCSuM.exe
  2⤵
  PID:3852
- C:\Windows\System\tBlrzwj.exe
  C:\Windows\System\tBlrzwj.exe
  2⤵
  PID:3868
- C:\Windows\System\qMZsXRi.exe
  C:\Windows\System\qMZsXRi.exe
  2⤵
  PID:3892
- C:\Windows\System\zNtunQg.exe
  C:\Windows\System\zNtunQg.exe
  2⤵
  PID:3912
- C:\Windows\System\LCyzvsL.exe
  C:\Windows\System\LCyzvsL.exe
  2⤵
  PID:3936
- C:\Windows\System\yjrgicZ.exe
  C:\Windows\System\yjrgicZ.exe
  2⤵
  PID:3952
- C:\Windows\System\gvmqdtZ.exe
  C:\Windows\System\gvmqdtZ.exe
  2⤵
  PID:3972
- C:\Windows\System\gDGNjjc.exe
  C:\Windows\System\gDGNjjc.exe
  2⤵
  PID:3992
- C:\Windows\System\NVCJbpX.exe
  C:\Windows\System\NVCJbpX.exe
  2⤵
  PID:4012
- C:\Windows\System\TPwwXDa.exe
  C:\Windows\System\TPwwXDa.exe
  2⤵
  PID:4032
- C:\Windows\System\oLckuWw.exe
  C:\Windows\System\oLckuWw.exe
  2⤵
  PID:4056
- C:\Windows\System\aSDDqCm.exe
  C:\Windows\System\aSDDqCm.exe
  2⤵
  PID:4076
- C:\Windows\System\BCkYomL.exe
  C:\Windows\System\BCkYomL.exe
  2⤵
  PID:800
- C:\Windows\System\paSeQbj.exe
  C:\Windows\System\paSeQbj.exe
  2⤵
  PID:1616
- C:\Windows\System\zAxECtM.exe
  C:\Windows\System\zAxECtM.exe
  2⤵
  PID:2064
- C:\Windows\System\uzdRtQo.exe
  C:\Windows\System\uzdRtQo.exe
  2⤵
  PID:1552
- C:\Windows\System\XknsNYO.exe
  C:\Windows\System\XknsNYO.exe
  2⤵
  PID:2068
- C:\Windows\System\btqbCnV.exe
  C:\Windows\System\btqbCnV.exe
  2⤵
  PID:2716
- C:\Windows\System\kYNcABz.exe
  C:\Windows\System\kYNcABz.exe
  2⤵
  PID:2476
- C:\Windows\System\JYUxbfW.exe
  C:\Windows\System\JYUxbfW.exe
  2⤵
  PID:3000
- C:\Windows\System\UnDcXIq.exe
  C:\Windows\System\UnDcXIq.exe
  2⤵
  PID:2688
- C:\Windows\System\oHIlTPK.exe
  C:\Windows\System\oHIlTPK.exe
  2⤵
  PID:2020
- C:\Windows\System\yDoYYHD.exe
  C:\Windows\System\yDoYYHD.exe
  2⤵
  PID:3180
- C:\Windows\System\BizbYGc.exe
  C:\Windows\System\BizbYGc.exe
  2⤵
  PID:3136
- C:\Windows\System\tkXblpA.exe
  C:\Windows\System\tkXblpA.exe
  2⤵
  PID:3164
- C:\Windows\System\PsmPtiF.exe
  C:\Windows\System\PsmPtiF.exe
  2⤵
  PID:3080
- C:\Windows\System\aFctVTC.exe
  C:\Windows\System\aFctVTC.exe
  2⤵
  PID:3244
- C:\Windows\System\VABSuvb.exe
  C:\Windows\System\VABSuvb.exe
  2⤵
  PID:3288
- C:\Windows\System\kLAdVkt.exe
  C:\Windows\System\kLAdVkt.exe
  2⤵
  PID:3300
- C:\Windows\System\ztuTFzi.exe
  C:\Windows\System\ztuTFzi.exe
  2⤵
  PID:3324
- C:\Windows\System\GVUBUaD.exe
  C:\Windows\System\GVUBUaD.exe
  2⤵
  PID:3364
- C:\Windows\System\XimXzwm.exe
  C:\Windows\System\XimXzwm.exe
  2⤵
  PID:3408
- C:\Windows\System\ewPmgQH.exe
  C:\Windows\System\ewPmgQH.exe
  2⤵
  PID:3448
- C:\Windows\System\kPXfOZK.exe
  C:\Windows\System\kPXfOZK.exe
  2⤵
  PID:3468
- C:\Windows\System\AXRTLZr.exe
  C:\Windows\System\AXRTLZr.exe
  2⤵
  PID:3508
- C:\Windows\System\dQHaIQd.exe
  C:\Windows\System\dQHaIQd.exe
  2⤵
  PID:3524
- C:\Windows\System\TNiLPVR.exe
  C:\Windows\System\TNiLPVR.exe
  2⤵
  PID:3568
- C:\Windows\System\gYKwANZ.exe
  C:\Windows\System\gYKwANZ.exe
  2⤵
  PID:3600
- C:\Windows\System\hCveCOQ.exe
  C:\Windows\System\hCveCOQ.exe
  2⤵
  PID:3648
- C:\Windows\System\nUyqkDp.exe
  C:\Windows\System\nUyqkDp.exe
  2⤵
  PID:3680
- C:\Windows\System\MugNhkL.exe
  C:\Windows\System\MugNhkL.exe
  2⤵
  PID:3700
- C:\Windows\System\VpnjHlu.exe
  C:\Windows\System\VpnjHlu.exe
  2⤵
  PID:3760
- C:\Windows\System\XiTUYys.exe
  C:\Windows\System\XiTUYys.exe
  2⤵
  PID:3744
- C:\Windows\System\iyrwYZK.exe
  C:\Windows\System\iyrwYZK.exe
  2⤵
  PID:3788
- C:\Windows\System\zLcYjxj.exe
  C:\Windows\System\zLcYjxj.exe
  2⤵
  PID:3848
- C:\Windows\System\UQnAlDf.exe
  C:\Windows\System\UQnAlDf.exe
  2⤵
  PID:3888
- C:\Windows\System\sqRzXfU.exe
  C:\Windows\System\sqRzXfU.exe
  2⤵
  PID:3900
- C:\Windows\System\GYTzgZi.exe
  C:\Windows\System\GYTzgZi.exe
  2⤵
  PID:3928
- C:\Windows\System\JGwlwff.exe
  C:\Windows\System\JGwlwff.exe
  2⤵
  PID:3984
- C:\Windows\System\zwyloIk.exe
  C:\Windows\System\zwyloIk.exe
  2⤵
  PID:4008
- C:\Windows\System\raRZNSi.exe
  C:\Windows\System\raRZNSi.exe
  2⤵
  PID:4028
- C:\Windows\System\fBYdQjL.exe
  C:\Windows\System\fBYdQjL.exe
  2⤵
  PID:4088
- C:\Windows\System\VUKiJow.exe
  C:\Windows\System\VUKiJow.exe
  2⤵
  PID:2892
- C:\Windows\System\FcdoDPy.exe
  C:\Windows\System\FcdoDPy.exe
  2⤵
  PID:1448
- C:\Windows\System\qpXnzeO.exe
  C:\Windows\System\qpXnzeO.exe
  2⤵
  PID:612
- C:\Windows\System\ibTlIsy.exe
  C:\Windows\System\ibTlIsy.exe
  2⤵
  PID:1772
- C:\Windows\System\PHfMlME.exe
  C:\Windows\System\PHfMlME.exe
  2⤵
  PID:2148
- C:\Windows\System\jqaTybM.exe
  C:\Windows\System\jqaTybM.exe
  2⤵
  PID:3148
- C:\Windows\System\nAYkFyo.exe
  C:\Windows\System\nAYkFyo.exe
  2⤵
  PID:1140
- C:\Windows\System\IIGFRMb.exe
  C:\Windows\System\IIGFRMb.exe
  2⤵
  PID:3224
- C:\Windows\System\AiXZpAo.exe
  C:\Windows\System\AiXZpAo.exe
  2⤵
  PID:3264
- C:\Windows\System\bgKCeDY.exe
  C:\Windows\System\bgKCeDY.exe
  2⤵
  PID:3260
- C:\Windows\System\mflBbjy.exe
  C:\Windows\System\mflBbjy.exe
  2⤵
  PID:3320
- C:\Windows\System\QudReSc.exe
  C:\Windows\System\QudReSc.exe
  2⤵
  PID:3440
- C:\Windows\System\pjvEMSy.exe
  C:\Windows\System\pjvEMSy.exe
  2⤵
  PID:3500
- C:\Windows\System\yRCZgHE.exe
  C:\Windows\System\yRCZgHE.exe
  2⤵
  PID:3484
- C:\Windows\System\qcXWNIO.exe
  C:\Windows\System\qcXWNIO.exe
  2⤵
  PID:3604
- C:\Windows\System\wmlSCTI.exe
  C:\Windows\System\wmlSCTI.exe
  2⤵
  PID:3620
- C:\Windows\System\NPjqxvq.exe
  C:\Windows\System\NPjqxvq.exe
  2⤵
  PID:3668
- C:\Windows\System\sLlXfsY.exe
  C:\Windows\System\sLlXfsY.exe
  2⤵
  PID:3704
- C:\Windows\System\PAFCjPR.exe
  C:\Windows\System\PAFCjPR.exe
  2⤵
  PID:3740
- C:\Windows\System\KlBwhCX.exe
  C:\Windows\System\KlBwhCX.exe
  2⤵
  PID:3780
- C:\Windows\System\UWqenHy.exe
  C:\Windows\System\UWqenHy.exe
  2⤵
  PID:3828
- C:\Windows\System\CwWdNKu.exe
  C:\Windows\System\CwWdNKu.exe
  2⤵
  PID:4000
- C:\Windows\System\zUqXPNu.exe
  C:\Windows\System\zUqXPNu.exe
  2⤵
  PID:4044
- C:\Windows\System\rUtcFAU.exe
  C:\Windows\System\rUtcFAU.exe
  2⤵
  PID:4020
- C:\Windows\System\UwCKPhl.exe
  C:\Windows\System\UwCKPhl.exe
  2⤵
  PID:1792
- C:\Windows\System\eRhfvYs.exe
  C:\Windows\System\eRhfvYs.exe
  2⤵
  PID:2056
- C:\Windows\System\ZFBUWXm.exe
  C:\Windows\System\ZFBUWXm.exe
  2⤵
  PID:3100
- C:\Windows\System\lHCNtUV.exe
  C:\Windows\System\lHCNtUV.exe
  2⤵
  PID:2340
- C:\Windows\System\YaLWTAi.exe
  C:\Windows\System\YaLWTAi.exe
  2⤵
  PID:3128
- C:\Windows\System\PjEXVFz.exe
  C:\Windows\System\PjEXVFz.exe
  2⤵
  PID:3348
- C:\Windows\System\diDWzIt.exe
  C:\Windows\System\diDWzIt.exe
  2⤵
  PID:3268
- C:\Windows\System\wDPwuww.exe
  C:\Windows\System\wDPwuww.exe
  2⤵
  PID:3328
- C:\Windows\System\kNheOVE.exe
  C:\Windows\System\kNheOVE.exe
  2⤵
  PID:3444
- C:\Windows\System\pfIUlsZ.exe
  C:\Windows\System\pfIUlsZ.exe
  2⤵
  PID:3644
- C:\Windows\System\zUvSGal.exe
  C:\Windows\System\zUvSGal.exe
  2⤵
  PID:3728
- C:\Windows\System\iOgKUQv.exe
  C:\Windows\System\iOgKUQv.exe
  2⤵
  PID:3820
- C:\Windows\System\lPGLQNt.exe
  C:\Windows\System\lPGLQNt.exe
  2⤵
  PID:4040
- C:\Windows\System\PEOwLVO.exe
  C:\Windows\System\PEOwLVO.exe
  2⤵
  PID:4068
- C:\Windows\System\gVryDrv.exe
  C:\Windows\System\gVryDrv.exe
  2⤵
  PID:4100
- C:\Windows\System\uPgpjym.exe
  C:\Windows\System\uPgpjym.exe
  2⤵
  PID:4120
- C:\Windows\System\dBapkDR.exe
  C:\Windows\System\dBapkDR.exe
  2⤵
  PID:4144
- C:\Windows\System\bNSLiVH.exe
  C:\Windows\System\bNSLiVH.exe
  2⤵
  PID:4160
- C:\Windows\System\NDlDUCV.exe
  C:\Windows\System\NDlDUCV.exe
  2⤵
  PID:4184
- C:\Windows\System\JbghEVX.exe
  C:\Windows\System\JbghEVX.exe
  2⤵
  PID:4200
- C:\Windows\System\LqkGUdw.exe
  C:\Windows\System\LqkGUdw.exe
  2⤵
  PID:4220
- C:\Windows\System\OlhBMry.exe
  C:\Windows\System\OlhBMry.exe
  2⤵
  PID:4240
- C:\Windows\System\IKUzfBb.exe
  C:\Windows\System\IKUzfBb.exe
  2⤵
  PID:4264
- C:\Windows\System\KHIuNRf.exe
  C:\Windows\System\KHIuNRf.exe
  2⤵
  PID:4284
- C:\Windows\System\XytRJRz.exe
  C:\Windows\System\XytRJRz.exe
  2⤵
  PID:4308
- C:\Windows\System\mKBqKTa.exe
  C:\Windows\System\mKBqKTa.exe
  2⤵
  PID:4324
- C:\Windows\System\lonDuoO.exe
  C:\Windows\System\lonDuoO.exe
  2⤵
  PID:4344
- C:\Windows\System\lsDHMiS.exe
  C:\Windows\System\lsDHMiS.exe
  2⤵
  PID:4364
- C:\Windows\System\esFatgo.exe
  C:\Windows\System\esFatgo.exe
  2⤵
  PID:4388
- C:\Windows\System\XuAyNNu.exe
  C:\Windows\System\XuAyNNu.exe
  2⤵
  PID:4404
- C:\Windows\System\ekNLBfn.exe
  C:\Windows\System\ekNLBfn.exe
  2⤵
  PID:4428
- C:\Windows\System\RYKkxIk.exe
  C:\Windows\System\RYKkxIk.exe
  2⤵
  PID:4444
- C:\Windows\System\kPsDJCu.exe
  C:\Windows\System\kPsDJCu.exe
  2⤵
  PID:4464
- C:\Windows\System\ruAwjhX.exe
  C:\Windows\System\ruAwjhX.exe
  2⤵
  PID:4484
- C:\Windows\System\AoxGSSS.exe
  C:\Windows\System\AoxGSSS.exe
  2⤵
  PID:4500
- C:\Windows\System\AsObvGc.exe
  C:\Windows\System\AsObvGc.exe
  2⤵
  PID:4516
- C:\Windows\System\ULSRsTP.exe
  C:\Windows\System\ULSRsTP.exe
  2⤵
  PID:4536
- C:\Windows\System\IxhCgSn.exe
  C:\Windows\System\IxhCgSn.exe
  2⤵
  PID:4552
- C:\Windows\System\yvlJSiA.exe
  C:\Windows\System\yvlJSiA.exe
  2⤵
  PID:4572
- C:\Windows\System\RlksLGG.exe
  C:\Windows\System\RlksLGG.exe
  2⤵
  PID:4596
- C:\Windows\System\HKjLbmV.exe
  C:\Windows\System\HKjLbmV.exe
  2⤵
  PID:4612
- C:\Windows\System\RWhXlae.exe
  C:\Windows\System\RWhXlae.exe
  2⤵
  PID:4628
- C:\Windows\System\eszCPMe.exe
  C:\Windows\System\eszCPMe.exe
  2⤵
  PID:4652
- C:\Windows\System\EJWJFVr.exe
  C:\Windows\System\EJWJFVr.exe
  2⤵
  PID:4672
- C:\Windows\System\WLeIpGS.exe
  C:\Windows\System\WLeIpGS.exe
  2⤵
  PID:4696
- C:\Windows\System\tyKDbDa.exe
  C:\Windows\System\tyKDbDa.exe
  2⤵
  PID:4716
- C:\Windows\System\QqPpokb.exe
  C:\Windows\System\QqPpokb.exe
  2⤵
  PID:4732
- C:\Windows\System\rqQHhkJ.exe
  C:\Windows\System\rqQHhkJ.exe
  2⤵
  PID:4752
- C:\Windows\System\eOCtKOy.exe
  C:\Windows\System\eOCtKOy.exe
  2⤵
  PID:4776
- C:\Windows\System\pfBbKqg.exe
  C:\Windows\System\pfBbKqg.exe
  2⤵
  PID:4804
- C:\Windows\System\sZymonH.exe
  C:\Windows\System\sZymonH.exe
  2⤵
  PID:4824
- C:\Windows\System\golLeNw.exe
  C:\Windows\System\golLeNw.exe
  2⤵
  PID:4844
- C:\Windows\System\YpvlObW.exe
  C:\Windows\System\YpvlObW.exe
  2⤵
  PID:4864
- C:\Windows\System\AGczpFK.exe
  C:\Windows\System\AGczpFK.exe
  2⤵
  PID:4880
- C:\Windows\System\oWwzAdw.exe
  C:\Windows\System\oWwzAdw.exe
  2⤵
  PID:4904
- C:\Windows\System\RSaWwWD.exe
  C:\Windows\System\RSaWwWD.exe
  2⤵
  PID:4924
- C:\Windows\System\QAyvvhs.exe
  C:\Windows\System\QAyvvhs.exe
  2⤵
  PID:4940
- C:\Windows\System\xKMNtxu.exe
  C:\Windows\System\xKMNtxu.exe
  2⤵
  PID:4956
- C:\Windows\System\LMXBoJl.exe
  C:\Windows\System\LMXBoJl.exe
  2⤵
  PID:4976
- C:\Windows\System\pnTVjIK.exe
  C:\Windows\System\pnTVjIK.exe
  2⤵
  PID:5004
- C:\Windows\System\utbbQtg.exe
  C:\Windows\System\utbbQtg.exe
  2⤵
  PID:5024
- C:\Windows\System\XlGHHnv.exe
  C:\Windows\System\XlGHHnv.exe
  2⤵
  PID:5044
- C:\Windows\System\WjknUNi.exe
  C:\Windows\System\WjknUNi.exe
  2⤵
  PID:5060
- C:\Windows\System\YFHedGd.exe
  C:\Windows\System\YFHedGd.exe
  2⤵
  PID:5084
- C:\Windows\System\ufuvyNu.exe
  C:\Windows\System\ufuvyNu.exe
  2⤵
  PID:5104
- C:\Windows\System\qXIpoCz.exe
  C:\Windows\System\qXIpoCz.exe
  2⤵
  PID:1584
- C:\Windows\System\UnQpBHQ.exe
  C:\Windows\System\UnQpBHQ.exe
  2⤵
  PID:632
- C:\Windows\System\uTNbzWX.exe
  C:\Windows\System\uTNbzWX.exe
  2⤵
  PID:3104
- C:\Windows\System\NlTLOkl.exe
  C:\Windows\System\NlTLOkl.exe
  2⤵
  PID:1708
- C:\Windows\System\xmIRzGR.exe
  C:\Windows\System\xmIRzGR.exe
  2⤵
  PID:3344
- C:\Windows\System\NPEgyjW.exe
  C:\Windows\System\NPEgyjW.exe
  2⤵
  PID:3488
- C:\Windows\System\JlvKLNA.exe
  C:\Windows\System\JlvKLNA.exe
  2⤵
  PID:3660
- C:\Windows\System\hAwFMcd.exe
  C:\Windows\System\hAwFMcd.exe
  2⤵
  PID:3596
- C:\Windows\System\hibDcVn.exe
  C:\Windows\System\hibDcVn.exe
  2⤵
  PID:3864
- C:\Windows\System\gtHJQQy.exe
  C:\Windows\System\gtHJQQy.exe
  2⤵
  PID:4024
- C:\Windows\System\kKQKcUq.exe
  C:\Windows\System\kKQKcUq.exe
  2⤵
  PID:4132
- C:\Windows\System\IgBPhds.exe
  C:\Windows\System\IgBPhds.exe
  2⤵
  PID:4108
- C:\Windows\System\MEtjHqY.exe
  C:\Windows\System\MEtjHqY.exe
  2⤵
  PID:4180
- C:\Windows\System\hUKWOGP.exe
  C:\Windows\System\hUKWOGP.exe
  2⤵
  PID:4212
- C:\Windows\System\mJQpZyc.exe
  C:\Windows\System\mJQpZyc.exe
  2⤵
  PID:4248
- C:\Windows\System\LrSSPYc.exe
  C:\Windows\System\LrSSPYc.exe
  2⤵
  PID:4232
- C:\Windows\System\fkseJwD.exe
  C:\Windows\System\fkseJwD.exe
  2⤵
  PID:4304
- C:\Windows\System\yuQvQsG.exe
  C:\Windows\System\yuQvQsG.exe
  2⤵
  PID:4320
- C:\Windows\System\AgrGzlv.exe
  C:\Windows\System\AgrGzlv.exe
  2⤵
  PID:4380
- C:\Windows\System\DXmduar.exe
  C:\Windows\System\DXmduar.exe
  2⤵
  PID:4452
- C:\Windows\System\AQgAqxu.exe
  C:\Windows\System\AQgAqxu.exe
  2⤵
  PID:4524
- C:\Windows\System\YjzilOI.exe
  C:\Windows\System\YjzilOI.exe
  2⤵
  PID:4356
- C:\Windows\System\yItqjWO.exe
  C:\Windows\System\yItqjWO.exe
  2⤵
  PID:4400
- C:\Windows\System\skHoqge.exe
  C:\Windows\System\skHoqge.exe
  2⤵
  PID:4644
- C:\Windows\System\CWrUYTg.exe
  C:\Windows\System\CWrUYTg.exe
  2⤵
  PID:4512
- C:\Windows\System\mbtmNxw.exe
  C:\Windows\System\mbtmNxw.exe
  2⤵
  PID:4728
- C:\Windows\System\JtqgoXf.exe
  C:\Windows\System\JtqgoXf.exe
  2⤵
  PID:4764
- C:\Windows\System\ThhvDce.exe
  C:\Windows\System\ThhvDce.exe
  2⤵
  PID:4584
- C:\Windows\System\KzPviMr.exe
  C:\Windows\System\KzPviMr.exe
  2⤵
  PID:4820
- C:\Windows\System\rcPKEJo.exe
  C:\Windows\System\rcPKEJo.exe
  2⤵
  PID:4740
- C:\Windows\System\bsqfcPj.exe
  C:\Windows\System\bsqfcPj.exe
  2⤵
  PID:4704
- C:\Windows\System\xThgJih.exe
  C:\Windows\System\xThgJih.exe
  2⤵
  PID:4900
- C:\Windows\System\FzlPKjC.exe
  C:\Windows\System\FzlPKjC.exe
  2⤵
  PID:4972
- C:\Windows\System\tyWOhUJ.exe
  C:\Windows\System\tyWOhUJ.exe
  2⤵
  PID:4832
- C:\Windows\System\HhoPdyJ.exe
  C:\Windows\System\HhoPdyJ.exe
  2⤵
  PID:4872
- C:\Windows\System\mCYMGIs.exe
  C:\Windows\System\mCYMGIs.exe
  2⤵
  PID:5012
- C:\Windows\System\yySFEyP.exe
  C:\Windows\System\yySFEyP.exe
  2⤵
  PID:4948
- C:\Windows\System\MHgsbJc.exe
  C:\Windows\System\MHgsbJc.exe
  2⤵
  PID:4992
- C:\Windows\System\WssPkFD.exe
  C:\Windows\System\WssPkFD.exe
  2⤵
  PID:5100
- C:\Windows\System\rNdJBPH.exe
  C:\Windows\System\rNdJBPH.exe
  2⤵
  PID:2812
- C:\Windows\System\BKwKJdc.exe
  C:\Windows\System\BKwKJdc.exe
  2⤵
  PID:3528
- C:\Windows\System\VvIupFe.exe
  C:\Windows\System\VvIupFe.exe
  2⤵
  PID:5068
- C:\Windows\System\ioOyKlp.exe
  C:\Windows\System\ioOyKlp.exe
  2⤵
  PID:5072
- C:\Windows\System\taOseRq.exe
  C:\Windows\System\taOseRq.exe
  2⤵
  PID:3168
- C:\Windows\System\IjzkrJL.exe
  C:\Windows\System\IjzkrJL.exe
  2⤵
  PID:2856
- C:\Windows\System\dSeJrSo.exe
  C:\Windows\System\dSeJrSo.exe
  2⤵
  PID:4256
- C:\Windows\System\kHWoSUK.exe
  C:\Windows\System\kHWoSUK.exe
  2⤵
  PID:3684
- C:\Windows\System\ZfbgGHb.exe
  C:\Windows\System\ZfbgGHb.exe
  2⤵
  PID:4340
- C:\Windows\System\TFZxTNX.exe
  C:\Windows\System\TFZxTNX.exe
  2⤵
  PID:4412
- C:\Windows\System\MkEoHjx.exe
  C:\Windows\System\MkEoHjx.exe
  2⤵
  PID:4300
- C:\Windows\System\KikuNWp.exe
  C:\Windows\System\KikuNWp.exe
  2⤵
  PID:4216
- C:\Windows\System\mALmKlU.exe
  C:\Windows\System\mALmKlU.exe
  2⤵
  PID:4376
- C:\Windows\System\LHhAYaw.exe
  C:\Windows\System\LHhAYaw.exe
  2⤵
  PID:4532
- C:\Windows\System\OypQQyJ.exe
  C:\Windows\System\OypQQyJ.exe
  2⤵
  PID:4604
- C:\Windows\System\VpDtyWg.exe
  C:\Windows\System\VpDtyWg.exe
  2⤵
  PID:4476
- C:\Windows\System\PivdzBr.exe
  C:\Windows\System\PivdzBr.exe
  2⤵
  PID:4684
- C:\Windows\System\hYDfoDK.exe
  C:\Windows\System\hYDfoDK.exe
  2⤵
  PID:4772
- C:\Windows\System\NGWUFsU.exe
  C:\Windows\System\NGWUFsU.exe
  2⤵
  PID:4592
- C:\Windows\System\pGjEPNG.exe
  C:\Windows\System\pGjEPNG.exe
  2⤵
  PID:4856
- C:\Windows\System\XMbriHH.exe
  C:\Windows\System\XMbriHH.exe
  2⤵
  PID:4744
- C:\Windows\System\kolnEjz.exe
  C:\Windows\System\kolnEjz.exe
  2⤵
  PID:4932
- C:\Windows\System\flWtkdB.exe
  C:\Windows\System\flWtkdB.exe
  2⤵
  PID:4792
- C:\Windows\System\vdEjKZo.exe
  C:\Windows\System\vdEjKZo.exe
  2⤵
  PID:4784
- C:\Windows\System\IJVsstX.exe
  C:\Windows\System\IJVsstX.exe
  2⤵
  PID:5092
- C:\Windows\System\CrbWhAw.exe
  C:\Windows\System\CrbWhAw.exe
  2⤵
  PID:5052
- C:\Windows\System\blJEoCP.exe
  C:\Windows\System\blJEoCP.exe
  2⤵
  PID:4048
- C:\Windows\System\Dwifxvo.exe
  C:\Windows\System\Dwifxvo.exe
  2⤵
  PID:2836
- C:\Windows\System\lIDIuFF.exe
  C:\Windows\System\lIDIuFF.exe
  2⤵
  PID:5036
- C:\Windows\System\jRXNYyv.exe
  C:\Windows\System\jRXNYyv.exe
  2⤵
  PID:3280
- C:\Windows\System\ByJdyUJ.exe
  C:\Windows\System\ByJdyUJ.exe
  2⤵
  PID:4260
- C:\Windows\System\WRvBALK.exe
  C:\Windows\System\WRvBALK.exe
  2⤵
  PID:4416
- C:\Windows\System\vHqueqf.exe
  C:\Windows\System\vHqueqf.exe
  2⤵
  PID:4168
- C:\Windows\System\YjPqgrm.exe
  C:\Windows\System\YjPqgrm.exe
  2⤵
  PID:4396
- C:\Windows\System\TCuuIQk.exe
  C:\Windows\System\TCuuIQk.exe
  2⤵
  PID:5124
- C:\Windows\System\DTtMinu.exe
  C:\Windows\System\DTtMinu.exe
  2⤵
  PID:5140
- C:\Windows\System\lwEKiqx.exe
  C:\Windows\System\lwEKiqx.exe
  2⤵
  PID:5156
- C:\Windows\System\ZmVzfdB.exe
  C:\Windows\System\ZmVzfdB.exe
  2⤵
  PID:5172
- C:\Windows\System\dhpxDHx.exe
  C:\Windows\System\dhpxDHx.exe
  2⤵
  PID:5188
- C:\Windows\System\GhsQwCv.exe
  C:\Windows\System\GhsQwCv.exe
  2⤵
  PID:5204
- C:\Windows\System\nyIilQr.exe
  C:\Windows\System\nyIilQr.exe
  2⤵
  PID:5220
- C:\Windows\System\vxFBUsF.exe
  C:\Windows\System\vxFBUsF.exe
  2⤵
  PID:5236
- C:\Windows\System\YptZzcs.exe
  C:\Windows\System\YptZzcs.exe
  2⤵
  PID:5256
- C:\Windows\System\IvkAKcg.exe
  C:\Windows\System\IvkAKcg.exe
  2⤵
  PID:5296
- C:\Windows\System\rSVMAUE.exe
  C:\Windows\System\rSVMAUE.exe
  2⤵
  PID:5332
- C:\Windows\System\UMGmWdm.exe
  C:\Windows\System\UMGmWdm.exe
  2⤵
  PID:5364
- C:\Windows\System\orTlbjL.exe
  C:\Windows\System\orTlbjL.exe
  2⤵
  PID:5380
- C:\Windows\System\aAelJpQ.exe
  C:\Windows\System\aAelJpQ.exe
  2⤵
  PID:5396
- C:\Windows\System\WTkuqZo.exe
  C:\Windows\System\WTkuqZo.exe
  2⤵
  PID:5420
- C:\Windows\System\mdiSrnB.exe
  C:\Windows\System\mdiSrnB.exe
  2⤵
  PID:5440
- C:\Windows\System\YHxjbsG.exe
  C:\Windows\System\YHxjbsG.exe
  2⤵
  PID:5460
- C:\Windows\System\xCvMSWF.exe
  C:\Windows\System\xCvMSWF.exe
  2⤵
  PID:5480
- C:\Windows\System\MNxLqRb.exe
  C:\Windows\System\MNxLqRb.exe
  2⤵
  PID:5504
- C:\Windows\System\qaQGXdM.exe
  C:\Windows\System\qaQGXdM.exe
  2⤵
  PID:5520
- C:\Windows\System\InBxLUk.exe
  C:\Windows\System\InBxLUk.exe
  2⤵
  PID:5600
- C:\Windows\System\oDeOXWR.exe
  C:\Windows\System\oDeOXWR.exe
  2⤵
  PID:5616
- C:\Windows\System\IJVTxNo.exe
  C:\Windows\System\IJVTxNo.exe
  2⤵
  PID:5636
- C:\Windows\System\OnWyGSq.exe
  C:\Windows\System\OnWyGSq.exe
  2⤵
  PID:5656
- C:\Windows\System\HEucGYg.exe
  C:\Windows\System\HEucGYg.exe
  2⤵
  PID:5672
- C:\Windows\System\vycuvQr.exe
  C:\Windows\System\vycuvQr.exe
  2⤵
  PID:5696
- C:\Windows\System\QcaLllY.exe
  C:\Windows\System\QcaLllY.exe
  2⤵
  PID:5720
- C:\Windows\System\AAqmGVf.exe
  C:\Windows\System\AAqmGVf.exe
  2⤵
  PID:5740
- C:\Windows\System\RSEPuKO.exe
  C:\Windows\System\RSEPuKO.exe
  2⤵
  PID:5760
- C:\Windows\System\eiUROqG.exe
  C:\Windows\System\eiUROqG.exe
  2⤵
  PID:5776
- C:\Windows\System\oJOICKZ.exe
  C:\Windows\System\oJOICKZ.exe
  2⤵
  PID:5800
- C:\Windows\System\bRUUKpI.exe
  C:\Windows\System\bRUUKpI.exe
  2⤵
  PID:5820
- C:\Windows\System\wTUgndS.exe
  C:\Windows\System\wTUgndS.exe
  2⤵
  PID:5840
- C:\Windows\System\GTNBKDK.exe
  C:\Windows\System\GTNBKDK.exe
  2⤵
  PID:5860
- C:\Windows\System\uzJjMUA.exe
  C:\Windows\System\uzJjMUA.exe
  2⤵
  PID:5880
- C:\Windows\System\UFHfKyd.exe
  C:\Windows\System\UFHfKyd.exe
  2⤵
  PID:5896
- C:\Windows\System\UBysoBX.exe
  C:\Windows\System\UBysoBX.exe
  2⤵
  PID:5920
- C:\Windows\System\VaDFQdo.exe
  C:\Windows\System\VaDFQdo.exe
  2⤵
  PID:5940
- C:\Windows\System\ZhmYWWo.exe
  C:\Windows\System\ZhmYWWo.exe
  2⤵
  PID:5960
- C:\Windows\System\DekZFxE.exe
  C:\Windows\System\DekZFxE.exe
  2⤵
  PID:5980
- C:\Windows\System\gMsxFdz.exe
  C:\Windows\System\gMsxFdz.exe
  2⤵
  PID:6000
- C:\Windows\System\gcJPHet.exe
  C:\Windows\System\gcJPHet.exe
  2⤵
  PID:6020
- C:\Windows\System\HvDzrkk.exe
  C:\Windows\System\HvDzrkk.exe
  2⤵
  PID:6040
- C:\Windows\System\XtEOuOC.exe
  C:\Windows\System\XtEOuOC.exe
  2⤵
  PID:6060
- C:\Windows\System\GqjhyHg.exe
  C:\Windows\System\GqjhyHg.exe
  2⤵
  PID:6080
- C:\Windows\System\AGRIpeL.exe
  C:\Windows\System\AGRIpeL.exe
  2⤵
  PID:6100
- C:\Windows\System\kheNjAK.exe
  C:\Windows\System\kheNjAK.exe
  2⤵
  PID:6120
- C:\Windows\System\IhiEYtX.exe
  C:\Windows\System\IhiEYtX.exe
  2⤵
  PID:6140
- C:\Windows\System\nQvZlTY.exe
  C:\Windows\System\nQvZlTY.exe
  2⤵
  PID:2740
- C:\Windows\System\SVpMXcx.exe
  C:\Windows\System\SVpMXcx.exe
  2⤵
  PID:4800
- C:\Windows\System\ftAnWrF.exe
  C:\Windows\System\ftAnWrF.exe
  2⤵
  PID:5076
- C:\Windows\System\PulQUuQ.exe
  C:\Windows\System\PulQUuQ.exe
  2⤵
  PID:4688
- C:\Windows\System\bhgYEeF.exe
  C:\Windows\System\bhgYEeF.exe
  2⤵
  PID:2752
- C:\Windows\System\ujiAMZg.exe
  C:\Windows\System\ujiAMZg.exe
  2⤵
  PID:5244
- C:\Windows\System\zNykaTV.exe
  C:\Windows\System\zNykaTV.exe
  2⤵
  PID:5312
- C:\Windows\System\QbOToHf.exe
  C:\Windows\System\QbOToHf.exe
  2⤵
  PID:5116
- C:\Windows\System\sgoVFvC.exe
  C:\Windows\System\sgoVFvC.exe
  2⤵
  PID:4116
- C:\Windows\System\SuBIOzq.exe
  C:\Windows\System\SuBIOzq.exe
  2⤵
  PID:4136
- C:\Windows\System\vlgtbnQ.exe
  C:\Windows\System\vlgtbnQ.exe
  2⤵
  PID:5412
- C:\Windows\System\qRzzgwt.exe
  C:\Windows\System\qRzzgwt.exe
  2⤵
  PID:4436
- C:\Windows\System\DMvFswe.exe
  C:\Windows\System\DMvFswe.exe
  2⤵
  PID:5448
- C:\Windows\System\OXczTif.exe
  C:\Windows\System\OXczTif.exe
  2⤵
  PID:5452
- C:\Windows\System\eDxsurx.exe
  C:\Windows\System\eDxsurx.exe
  2⤵
  PID:5492
- C:\Windows\System\OvzNWdr.exe
  C:\Windows\System\OvzNWdr.exe
  2⤵
  PID:5288
- C:\Windows\System\jYLtPsK.exe
  C:\Windows\System\jYLtPsK.exe
  2⤵
  PID:5360
- C:\Windows\System\DZpgERd.exe
  C:\Windows\System\DZpgERd.exe
  2⤵
  PID:5512
- C:\Windows\System\Ofgxdzw.exe
  C:\Windows\System\Ofgxdzw.exe
  2⤵
  PID:5392
- C:\Windows\System\kwQhOYL.exe
  C:\Windows\System\kwQhOYL.exe
  2⤵
  PID:5264
- C:\Windows\System\MlstAQp.exe
  C:\Windows\System\MlstAQp.exe
  2⤵
  PID:5168
- C:\Windows\System\QIUnhDA.exe
  C:\Windows\System\QIUnhDA.exe
  2⤵
  PID:4568
- C:\Windows\System\YysrWLb.exe
  C:\Windows\System\YysrWLb.exe
  2⤵
  PID:3584
- C:\Windows\System\FgygVkt.exe
  C:\Windows\System\FgygVkt.exe
  2⤵
  PID:5528
- C:\Windows\System\DVVIZgC.exe
  C:\Windows\System\DVVIZgC.exe
  2⤵
  PID:5548
- C:\Windows\System\heQrkdh.exe
  C:\Windows\System\heQrkdh.exe
  2⤵
  PID:5568
- C:\Windows\System\tTPHMTz.exe
  C:\Windows\System\tTPHMTz.exe
  2⤵
  PID:5588
- C:\Windows\System\pwWRSEW.exe
  C:\Windows\System\pwWRSEW.exe
  2⤵
  PID:5612
- C:\Windows\System\CaOkDFx.exe
  C:\Windows\System\CaOkDFx.exe
  2⤵
  PID:5668
- C:\Windows\System\lCXwdHE.exe
  C:\Windows\System\lCXwdHE.exe
  2⤵
  PID:5712
- C:\Windows\System\iOWcBCz.exe
  C:\Windows\System\iOWcBCz.exe
  2⤵
  PID:5748
- C:\Windows\System\xXNTgLs.exe
  C:\Windows\System\xXNTgLs.exe
  2⤵
  PID:5732
- C:\Windows\System\noIdByQ.exe
  C:\Windows\System\noIdByQ.exe
  2⤵
  PID:5784
- C:\Windows\System\zAapvxq.exe
  C:\Windows\System\zAapvxq.exe
  2⤵
  PID:5828
- C:\Windows\System\oHqzCPp.exe
  C:\Windows\System\oHqzCPp.exe
  2⤵
  PID:5816
- C:\Windows\System\bZXOOlJ.exe
  C:\Windows\System\bZXOOlJ.exe
  2⤵
  PID:5848
- C:\Windows\System\gJIfUHB.exe
  C:\Windows\System\gJIfUHB.exe
  2⤵
  PID:5912
- C:\Windows\System\VwGpsOZ.exe
  C:\Windows\System\VwGpsOZ.exe
  2⤵
  PID:5948
- C:\Windows\System\gvDXvuQ.exe
  C:\Windows\System\gvDXvuQ.exe
  2⤵
  PID:5988
- C:\Windows\System\uiTgPhI.exe
  C:\Windows\System\uiTgPhI.exe
  2⤵
  PID:5968
- C:\Windows\System\XrUcvrm.exe
  C:\Windows\System\XrUcvrm.exe
  2⤵
  PID:6016
- C:\Windows\System\pAeyLRB.exe
  C:\Windows\System\pAeyLRB.exe
  2⤵
  PID:6072
- C:\Windows\System\AwQOBzB.exe
  C:\Windows\System\AwQOBzB.exe
  2⤵
  PID:6116
- C:\Windows\System\BOHEAPz.exe
  C:\Windows\System\BOHEAPz.exe
  2⤵
  PID:6128
- C:\Windows\System\hXrljzm.exe
  C:\Windows\System\hXrljzm.exe
  2⤵
  PID:4812
- C:\Windows\System\qytLSXE.exe
  C:\Windows\System\qytLSXE.exe
  2⤵
  PID:3228
- C:\Windows\System\JFRtWoH.exe
  C:\Windows\System\JFRtWoH.exe
  2⤵
  PID:1800
- C:\Windows\System\xecfUKD.exe
  C:\Windows\System\xecfUKD.exe
  2⤵
  PID:5248
- C:\Windows\System\EnKAMIO.exe
  C:\Windows\System\EnKAMIO.exe
  2⤵
  PID:5372
- C:\Windows\System\LLFRqgU.exe
  C:\Windows\System\LLFRqgU.exe
  2⤵
  PID:5416
- C:\Windows\System\XPpdoQE.exe
  C:\Windows\System\XPpdoQE.exe
  2⤵
  PID:4296
- C:\Windows\System\aDNAdKz.exe
  C:\Windows\System\aDNAdKz.exe
  2⤵
  PID:4280
- C:\Windows\System\DalbKkc.exe
  C:\Windows\System\DalbKkc.exe
  2⤵
  PID:5496
- C:\Windows\System\OpFdTCU.exe
  C:\Windows\System\OpFdTCU.exe
  2⤵
  PID:5280
- C:\Windows\System\GvUCAUS.exe
  C:\Windows\System\GvUCAUS.exe
  2⤵
  PID:5468
- C:\Windows\System\XxvyUZf.exe
  C:\Windows\System\XxvyUZf.exe
  2⤵
  PID:5436
- C:\Windows\System\KYjjjBl.exe
  C:\Windows\System\KYjjjBl.exe
  2⤵
  PID:5196
- C:\Windows\System\wXHxIMO.exe
  C:\Windows\System\wXHxIMO.exe
  2⤵
  PID:3860
- C:\Windows\System\vIoIlbO.exe
  C:\Windows\System\vIoIlbO.exe
  2⤵
  PID:5016
- C:\Windows\System\QApSwAI.exe
  C:\Windows\System\QApSwAI.exe
  2⤵
  PID:5564
- C:\Windows\System\iIJlYWk.exe
  C:\Windows\System\iIJlYWk.exe
  2⤵
  PID:2040
- C:\Windows\System\zKKPqUE.exe
  C:\Windows\System\zKKPqUE.exe
  2⤵
  PID:5664
- C:\Windows\System\WJDvBKk.exe
  C:\Windows\System\WJDvBKk.exe
  2⤵
  PID:5716
- C:\Windows\System\PgVeFMj.exe
  C:\Windows\System\PgVeFMj.exe
  2⤵
  PID:5728
- C:\Windows\System\jyDkPwR.exe
  C:\Windows\System\jyDkPwR.exe
  2⤵
  PID:5832
- C:\Windows\System\QVKOexp.exe
  C:\Windows\System\QVKOexp.exe
  2⤵
  PID:5772
- C:\Windows\System\mgYfKax.exe
  C:\Windows\System\mgYfKax.exe
  2⤵
  PID:5904
- C:\Windows\System\mqjkPDt.exe
  C:\Windows\System\mqjkPDt.exe
  2⤵
  PID:2608
- C:\Windows\System\rwzSxgQ.exe
  C:\Windows\System\rwzSxgQ.exe
  2⤵
  PID:6036
- C:\Windows\System\sUkwXuo.exe
  C:\Windows\System\sUkwXuo.exe
  2⤵
  PID:5972
- C:\Windows\System\Tdchifm.exe
  C:\Windows\System\Tdchifm.exe
  2⤵
  PID:6068
- C:\Windows\System\CEebnzB.exe
  C:\Windows\System\CEebnzB.exe
  2⤵
  PID:4580
- C:\Windows\System\qDVLdsp.exe
  C:\Windows\System\qDVLdsp.exe
  2⤵
  PID:5152
- C:\Windows\System\mJejOpU.exe
  C:\Windows\System\mJejOpU.exe
  2⤵
  PID:5080
- C:\Windows\System\hFkuNNt.exe
  C:\Windows\System\hFkuNNt.exe
  2⤵
  PID:5408
- C:\Windows\System\zaOCzFb.exe
  C:\Windows\System\zaOCzFb.exe
  2⤵
  PID:2672
- C:\Windows\System\VdlGDOq.exe
  C:\Windows\System\VdlGDOq.exe
  2⤵
  PID:5456
- C:\Windows\System\FdEAPJR.exe
  C:\Windows\System\FdEAPJR.exe
  2⤵
  PID:2864
- C:\Windows\System\KknsdOu.exe
  C:\Windows\System\KknsdOu.exe
  2⤵
  PID:5344
- C:\Windows\System\DiYvcoT.exe
  C:\Windows\System\DiYvcoT.exe
  2⤵
  PID:5428
- C:\Windows\System\wbOBipp.exe
  C:\Windows\System\wbOBipp.exe
  2⤵
  PID:5516
- C:\Windows\System\NHyBgRN.exe
  C:\Windows\System\NHyBgRN.exe
  2⤵
  PID:1588
- C:\Windows\System\uAUERFZ.exe
  C:\Windows\System\uAUERFZ.exe
  2⤵
  PID:5592
- C:\Windows\System\oqRlfpx.exe
  C:\Windows\System\oqRlfpx.exe
  2⤵
  PID:2536
- C:\Windows\System\eEQUDCU.exe
  C:\Windows\System\eEQUDCU.exe
  2⤵
  PID:2804
- C:\Windows\System\WNQFqto.exe
  C:\Windows\System\WNQFqto.exe
  2⤵
  PID:5876
- C:\Windows\System\xSClqsC.exe
  C:\Windows\System\xSClqsC.exe
  2⤵
  PID:764
- C:\Windows\System\urfqHtD.exe
  C:\Windows\System\urfqHtD.exe
  2⤵
  PID:5892
- C:\Windows\System\oSilfRY.exe
  C:\Windows\System\oSilfRY.exe
  2⤵
  PID:2764
- C:\Windows\System\QduoRZC.exe
  C:\Windows\System\QduoRZC.exe
  2⤵
  PID:5992
- C:\Windows\System\XUNZQno.exe
  C:\Windows\System\XUNZQno.exe
  2⤵
  PID:2292
- C:\Windows\System\TZENJle.exe
  C:\Windows\System\TZENJle.exe
  2⤵
  PID:6096
- C:\Windows\System\nHmuEcV.exe
  C:\Windows\System\nHmuEcV.exe
  2⤵
  PID:2800
- C:\Windows\System\zXUmSTK.exe
  C:\Windows\System\zXUmSTK.exe
  2⤵
  PID:4748
- C:\Windows\System\uGetLFW.exe
  C:\Windows\System\uGetLFW.exe
  2⤵
  PID:5356
- C:\Windows\System\boRwiwx.exe
  C:\Windows\System\boRwiwx.exe
  2⤵
  PID:5580
- C:\Windows\System\PEoQdeq.exe
  C:\Windows\System\PEoQdeq.exe
  2⤵
  PID:5768
- C:\Windows\System\BSvnQqo.exe
  C:\Windows\System\BSvnQqo.exe
  2⤵
  PID:1644
- C:\Windows\System\PMvevJO.exe
  C:\Windows\System\PMvevJO.exe
  2⤵
  PID:5796
- C:\Windows\System\BxNwFDe.exe
  C:\Windows\System\BxNwFDe.exe
  2⤵
  PID:5788
- C:\Windows\System\vRqRWzB.exe
  C:\Windows\System\vRqRWzB.exe
  2⤵
  PID:6048
- C:\Windows\System\kNyPCLn.exe
  C:\Windows\System\kNyPCLn.exe
  2⤵
  PID:1996
- C:\Windows\System\VBDBBaw.exe
  C:\Windows\System\VBDBBaw.exe
  2⤵
  PID:1400
- C:\Windows\System\lXFmlRV.exe
  C:\Windows\System\lXFmlRV.exe
  2⤵
  PID:2332
- C:\Windows\System\DXgZHxN.exe
  C:\Windows\System\DXgZHxN.exe
  2⤵
  PID:2276
- C:\Windows\System\DfTXnIf.exe
  C:\Windows\System\DfTXnIf.exe
  2⤵
  PID:5324
- C:\Windows\System\nDrwuRV.exe
  C:\Windows\System\nDrwuRV.exe
  2⤵
  PID:1032
- C:\Windows\System\OtvElff.exe
  C:\Windows\System\OtvElff.exe
  2⤵
  PID:4276
- C:\Windows\System\QXbfUZV.exe
  C:\Windows\System\QXbfUZV.exe
  2⤵
  PID:5404
- C:\Windows\System\MthUusw.exe
  C:\Windows\System\MthUusw.exe
  2⤵
  PID:4692
- C:\Windows\System\cmVspdI.exe
  C:\Windows\System\cmVspdI.exe
  2⤵
  PID:880
- C:\Windows\System\CLtwvrL.exe
  C:\Windows\System\CLtwvrL.exe
  2⤵
  PID:2300
- C:\Windows\System\uYeRMdK.exe
  C:\Windows\System\uYeRMdK.exe
  2⤵
  PID:884
- C:\Windows\System\dMoHkER.exe
  C:\Windows\System\dMoHkER.exe
  2⤵
  PID:5628
- C:\Windows\System\SSQMAcH.exe
  C:\Windows\System\SSQMAcH.exe
  2⤵
  PID:5540
- C:\Windows\System\sidzCsB.exe
  C:\Windows\System\sidzCsB.exe
  2⤵
  PID:5624
- C:\Windows\System\NmNmJQf.exe
  C:\Windows\System\NmNmJQf.exe
  2⤵
  PID:6132
- C:\Windows\System\ZBgpzYf.exe
  C:\Windows\System\ZBgpzYf.exe
  2⤵
  PID:6156
- C:\Windows\System\kBzJCoM.exe
  C:\Windows\System\kBzJCoM.exe
  2⤵
  PID:6172
- C:\Windows\System\SezaxaI.exe
  C:\Windows\System\SezaxaI.exe
  2⤵
  PID:6196
- C:\Windows\System\ZpLWwUb.exe
  C:\Windows\System\ZpLWwUb.exe
  2⤵
  PID:6212
- C:\Windows\System\hTEhJGb.exe
  C:\Windows\System\hTEhJGb.exe
  2⤵
  PID:6228
- C:\Windows\System\WTMsVfS.exe
  C:\Windows\System\WTMsVfS.exe
  2⤵
  PID:6252
- C:\Windows\System\bfcDAVK.exe
  C:\Windows\System\bfcDAVK.exe
  2⤵
  PID:6304
- C:\Windows\System\ZsHRUNr.exe
  C:\Windows\System\ZsHRUNr.exe
  2⤵
  PID:6320
- C:\Windows\System\wgTVjtb.exe
  C:\Windows\System\wgTVjtb.exe
  2⤵
  PID:6336
- C:\Windows\System\JdPmvWT.exe
  C:\Windows\System\JdPmvWT.exe
  2⤵
  PID:6352
- C:\Windows\System\NqYWLgp.exe
  C:\Windows\System\NqYWLgp.exe
  2⤵
  PID:6372
- C:\Windows\System\kqhJtwF.exe
  C:\Windows\System\kqhJtwF.exe
  2⤵
  PID:6388
- C:\Windows\System\DWQRMWs.exe
  C:\Windows\System\DWQRMWs.exe
  2⤵
  PID:6408
- C:\Windows\System\VDhKYzC.exe
  C:\Windows\System\VDhKYzC.exe
  2⤵
  PID:6424
- C:\Windows\System\TWscFni.exe
  C:\Windows\System\TWscFni.exe
  2⤵
  PID:6440
- C:\Windows\System\xGuIjed.exe
  C:\Windows\System\xGuIjed.exe
  2⤵
  PID:6460
- C:\Windows\System\VzCAcDl.exe
  C:\Windows\System\VzCAcDl.exe
  2⤵
  PID:6476
- C:\Windows\System\pOVUtPs.exe
  C:\Windows\System\pOVUtPs.exe
  2⤵
  PID:6508
- C:\Windows\System\HZhTkTY.exe
  C:\Windows\System\HZhTkTY.exe
  2⤵
  PID:6568
- C:\Windows\System\dbsTNeU.exe
  C:\Windows\System\dbsTNeU.exe
  2⤵
  PID:6620
- C:\Windows\System\MktbFKS.exe
  C:\Windows\System\MktbFKS.exe
  2⤵
  PID:6644
- C:\Windows\System\aPRlNoE.exe
  C:\Windows\System\aPRlNoE.exe
  2⤵
  PID:6660
- C:\Windows\System\ZfSOJEt.exe
  C:\Windows\System\ZfSOJEt.exe
  2⤵
  PID:6676
- C:\Windows\System\SIvVagT.exe
  C:\Windows\System\SIvVagT.exe
  2⤵
  PID:6692
- C:\Windows\System\PBUevBO.exe
  C:\Windows\System\PBUevBO.exe
  2⤵
  PID:6708
- C:\Windows\System\cJfmwUg.exe
  C:\Windows\System\cJfmwUg.exe
  2⤵
  PID:6724
- C:\Windows\System\AMgQQkU.exe
  C:\Windows\System\AMgQQkU.exe
  2⤵
  PID:6740
- C:\Windows\System\CXDPECj.exe
  C:\Windows\System\CXDPECj.exe
  2⤵
  PID:6776
- C:\Windows\System\rWagMcZ.exe
  C:\Windows\System\rWagMcZ.exe
  2⤵
  PID:6796
- C:\Windows\System\GgDCyoN.exe
  C:\Windows\System\GgDCyoN.exe
  2⤵
  PID:6812
- C:\Windows\System\BNUmIMH.exe
  C:\Windows\System\BNUmIMH.exe
  2⤵
  PID:6832
- C:\Windows\System\DxPaOYE.exe
  C:\Windows\System\DxPaOYE.exe
  2⤵
  PID:6852
- C:\Windows\System\bNkfRzi.exe
  C:\Windows\System\bNkfRzi.exe
  2⤵
  PID:6868
- C:\Windows\System\MPLFJge.exe
  C:\Windows\System\MPLFJge.exe
  2⤵
  PID:6884
- C:\Windows\System\zMtQKKr.exe
  C:\Windows\System\zMtQKKr.exe
  2⤵
  PID:6904
- C:\Windows\System\hnOLHCq.exe
  C:\Windows\System\hnOLHCq.exe
  2⤵
  PID:6924
- C:\Windows\System\TaGnljr.exe
  C:\Windows\System\TaGnljr.exe
  2⤵
  PID:6940
- C:\Windows\System\wHYXmzQ.exe
  C:\Windows\System\wHYXmzQ.exe
  2⤵
  PID:6968
- C:\Windows\System\KywXsyi.exe
  C:\Windows\System\KywXsyi.exe
  2⤵
  PID:6984
- C:\Windows\System\kXGcSTv.exe
  C:\Windows\System\kXGcSTv.exe
  2⤵
  PID:7004
- C:\Windows\System\jfaAUDy.exe
  C:\Windows\System\jfaAUDy.exe
  2⤵
  PID:7024
- C:\Windows\System\gGxLZih.exe
  C:\Windows\System\gGxLZih.exe
  2⤵
  PID:7040
- C:\Windows\System\gPoJpSY.exe
  C:\Windows\System\gPoJpSY.exe
  2⤵
  PID:7056
- C:\Windows\System\cyfScJt.exe
  C:\Windows\System\cyfScJt.exe
  2⤵
  PID:7072
- C:\Windows\System\pVLkvlm.exe
  C:\Windows\System\pVLkvlm.exe
  2⤵
  PID:7088
- C:\Windows\System\FgjZlEl.exe
  C:\Windows\System\FgjZlEl.exe
  2⤵
  PID:7104
- C:\Windows\System\NVFUXtb.exe
  C:\Windows\System\NVFUXtb.exe
  2⤵
  PID:7120
- C:\Windows\System\JMRGtUX.exe
  C:\Windows\System\JMRGtUX.exe
  2⤵
  PID:7140
- C:\Windows\System\PjiVpFo.exe
  C:\Windows\System\PjiVpFo.exe
  2⤵
  PID:7156
- C:\Windows\System\bUttONH.exe
  C:\Windows\System\bUttONH.exe
  2⤵
  PID:2580
- C:\Windows\System\rCTYwKY.exe
  C:\Windows\System\rCTYwKY.exe
  2⤵
  PID:1488
- C:\Windows\System\VYfMqlA.exe
  C:\Windows\System\VYfMqlA.exe
  2⤵
  PID:2516
- C:\Windows\System\zOZSGat.exe
  C:\Windows\System\zOZSGat.exe
  2⤵
  PID:4796
- C:\Windows\System\uxlGUYT.exe
  C:\Windows\System\uxlGUYT.exe
  2⤵
  PID:6168
- C:\Windows\System\IZEhRdY.exe
  C:\Windows\System\IZEhRdY.exe
  2⤵
  PID:6244
- C:\Windows\System\qxrlKbl.exe
  C:\Windows\System\qxrlKbl.exe
  2⤵
  PID:5216
- C:\Windows\System\qSCRTzt.exe
  C:\Windows\System\qSCRTzt.exe
  2⤵
  PID:5284
- C:\Windows\System\YsgVHYr.exe
  C:\Windows\System\YsgVHYr.exe
  2⤵
  PID:6484
- C:\Windows\System\uddmDhq.exe
  C:\Windows\System\uddmDhq.exe
  2⤵
  PID:6504
- C:\Windows\System\IeJEQsz.exe
  C:\Windows\System\IeJEQsz.exe
  2⤵
  PID:6184
- C:\Windows\System\kZhjZOr.exe
  C:\Windows\System\kZhjZOr.exe
  2⤵
  PID:6260
- C:\Windows\System\VLEKqVH.exe
  C:\Windows\System\VLEKqVH.exe
  2⤵
  PID:6276
- C:\Windows\System\MJjTXJr.exe
  C:\Windows\System\MJjTXJr.exe
  2⤵
  PID:6292
- C:\Windows\System\OdQIONl.exe
  C:\Windows\System\OdQIONl.exe
  2⤵
  PID:6332
- C:\Windows\System\XFCFEbo.exe
  C:\Windows\System\XFCFEbo.exe
  2⤵
  PID:6432
- C:\Windows\System\gZxWjYW.exe
  C:\Windows\System\gZxWjYW.exe
  2⤵
  PID:6152
- C:\Windows\System\ATiZXwL.exe
  C:\Windows\System\ATiZXwL.exe
  2⤵
  PID:6628
- C:\Windows\System\Vfabgqx.exe
  C:\Windows\System\Vfabgqx.exe
  2⤵
  PID:6668
- C:\Windows\System\LsnnINY.exe
  C:\Windows\System\LsnnINY.exe
  2⤵
  PID:6732
- C:\Windows\System\oCZTVvl.exe
  C:\Windows\System\oCZTVvl.exe
  2⤵
  PID:6588
- C:\Windows\System\iHxWAkJ.exe
  C:\Windows\System\iHxWAkJ.exe
  2⤵
  PID:6604
- C:\Windows\System\bzZNAYE.exe
  C:\Windows\System\bzZNAYE.exe
  2⤵
  PID:6652
- C:\Windows\System\hxVjGUE.exe
  C:\Windows\System\hxVjGUE.exe
  2⤵
  PID:6784
- C:\Windows\System\uZAncFT.exe
  C:\Windows\System\uZAncFT.exe
  2⤵
  PID:6828
- C:\Windows\System\hmoXroq.exe
  C:\Windows\System\hmoXroq.exe
  2⤵
  PID:5136
- C:\Windows\System\ZacjCuh.exe
  C:\Windows\System\ZacjCuh.exe
  2⤵
  PID:6720
- C:\Windows\System\DvMKpcA.exe
  C:\Windows\System\DvMKpcA.exe
  2⤵
  PID:6764
- C:\Windows\System\aweFToX.exe
  C:\Windows\System\aweFToX.exe
  2⤵
  PID:7012
- C:\Windows\System\VunLuVb.exe
  C:\Windows\System\VunLuVb.exe
  2⤵
  PID:6752
- C:\Windows\System\XqwVfZI.exe
  C:\Windows\System\XqwVfZI.exe
  2⤵
  PID:6848
- C:\Windows\System\RdRgRZU.exe
  C:\Windows\System\RdRgRZU.exe
  2⤵
  PID:6916
- C:\Windows\System\oowYgJO.exe
  C:\Windows\System\oowYgJO.exe
  2⤵
  PID:6956
- C:\Windows\System\SEheuQq.exe
  C:\Windows\System\SEheuQq.exe
  2⤵
  PID:7000
- C:\Windows\System\KIZJooj.exe
  C:\Windows\System\KIZJooj.exe
  2⤵
  PID:7068
- C:\Windows\System\uvvtAKQ.exe
  C:\Windows\System\uvvtAKQ.exe
  2⤵
  PID:7136
- C:\Windows\System\PYldyTB.exe
  C:\Windows\System\PYldyTB.exe
  2⤵
  PID:1496
- C:\Windows\System\gJdJHuw.exe
  C:\Windows\System\gJdJHuw.exe
  2⤵
  PID:5952
- C:\Windows\System\SKtNXfC.exe
  C:\Windows\System\SKtNXfC.exe
  2⤵
  PID:5928
- C:\Windows\System\lQdOliZ.exe
  C:\Windows\System\lQdOliZ.exe
  2⤵
  PID:2564
- C:\Windows\System\yLlhCwX.exe
  C:\Windows\System\yLlhCwX.exe
  2⤵
  PID:6404
- C:\Windows\System\fMQxskw.exe
  C:\Windows\System\fMQxskw.exe
  2⤵
  PID:6500
- C:\Windows\System\RPLPZRx.exe
  C:\Windows\System\RPLPZRx.exe
  2⤵
  PID:6284
- C:\Windows\System\zNUoTWx.exe
  C:\Windows\System\zNUoTWx.exe
  2⤵
  PID:6368
- C:\Windows\System\IfPAsfW.exe
  C:\Windows\System\IfPAsfW.exe
  2⤵
  PID:6564
- C:\Windows\System\MRGlFCd.exe
  C:\Windows\System\MRGlFCd.exe
  2⤵
  PID:6600
- C:\Windows\System\UZLQLrS.exe
  C:\Windows\System\UZLQLrS.exe
  2⤵
  PID:6688
- C:\Windows\System\zkcYBOa.exe
  C:\Windows\System\zkcYBOa.exe
  2⤵
  PID:6896
- C:\Windows\System\EpZDXPq.exe
  C:\Windows\System\EpZDXPq.exe
  2⤵
  PID:7052
- C:\Windows\System\OjvKKAV.exe
  C:\Windows\System\OjvKKAV.exe
  2⤵
  PID:6328
- C:\Windows\System\QxgzKlY.exe
  C:\Windows\System\QxgzKlY.exe
  2⤵
  PID:832
- C:\Windows\System\AGAwAck.exe
  C:\Windows\System\AGAwAck.exe
  2⤵
  PID:6472
- C:\Windows\System\EMfJpHi.exe
  C:\Windows\System\EMfJpHi.exe
  2⤵
  PID:6616
- C:\Windows\System\GMSPZgH.exe
  C:\Windows\System\GMSPZgH.exe
  2⤵
  PID:6980
- C:\Windows\System\EmKZOvr.exe
  C:\Windows\System\EmKZOvr.exe
  2⤵
  PID:7148
- C:\Windows\System\sBQCkgh.exe
  C:\Windows\System\sBQCkgh.exe
  2⤵
  PID:6844
- C:\Windows\System\DfxeVSU.exe
  C:\Windows\System\DfxeVSU.exe
  2⤵
  PID:2184
- C:\Windows\System\oorZdkq.exe
  C:\Windows\System\oorZdkq.exe
  2⤵
  PID:6964
- C:\Windows\System\rEAFPvr.exe
  C:\Windows\System\rEAFPvr.exe
  2⤵
  PID:5556
- C:\Windows\System\iZQCiTg.exe
  C:\Windows\System\iZQCiTg.exe
  2⤵
  PID:7132
- C:\Windows\System\KqccoTi.exe
  C:\Windows\System\KqccoTi.exe
  2⤵
  PID:2032
- C:\Windows\System\ByuxwcY.exe
  C:\Windows\System\ByuxwcY.exe
  2⤵
  PID:6316
- C:\Windows\System\fawHtdz.exe
  C:\Windows\System\fawHtdz.exe
  2⤵
  PID:6384
- C:\Windows\System\kdaWBbC.exe
  C:\Windows\System\kdaWBbC.exe
  2⤵
  PID:6364
- C:\Windows\System\KEpCWSb.exe
  C:\Windows\System\KEpCWSb.exe
  2⤵
  PID:6704
- C:\Windows\System\IIcRZnQ.exe
  C:\Windows\System\IIcRZnQ.exe
  2⤵
  PID:6684
- C:\Windows\System\cxfstYY.exe
  C:\Windows\System\cxfstYY.exe
  2⤵
  PID:7084
- C:\Windows\System\QCCzQLX.exe
  C:\Windows\System\QCCzQLX.exe
  2⤵
  PID:6772
- C:\Windows\System\AJYzDkf.exe
  C:\Windows\System\AJYzDkf.exe
  2⤵
  PID:5472
- C:\Windows\System\rxwBMzU.exe
  C:\Windows\System\rxwBMzU.exe
  2⤵
  PID:6760
- C:\Windows\System\wiraWSv.exe
  C:\Windows\System\wiraWSv.exe
  2⤵
  PID:4888
- C:\Windows\System\fCCaeiB.exe
  C:\Windows\System\fCCaeiB.exe
  2⤵
  PID:7100
- C:\Windows\System\FeKjoqZ.exe
  C:\Windows\System\FeKjoqZ.exe
  2⤵
  PID:7116
- C:\Windows\System\xrGvQQj.exe
  C:\Windows\System\xrGvQQj.exe
  2⤵
  PID:6952
- C:\Windows\System\kRdEiHT.exe
  C:\Windows\System\kRdEiHT.exe
  2⤵
  PID:6312
- C:\Windows\System\kPUAKnx.exe
  C:\Windows\System\kPUAKnx.exe
  2⤵
  PID:6220
- C:\Windows\System\PnATAPu.exe
  C:\Windows\System\PnATAPu.exe
  2⤵
  PID:2976
- C:\Windows\System\BRUQWMF.exe
  C:\Windows\System\BRUQWMF.exe
  2⤵
  PID:6936
- C:\Windows\System\eWEKzOI.exe
  C:\Windows\System\eWEKzOI.exe
  2⤵
  PID:6912
- C:\Windows\System\tfUonab.exe
  C:\Windows\System\tfUonab.exe
  2⤵
  PID:6272
- C:\Windows\System\AhYEviE.exe
  C:\Windows\System\AhYEviE.exe
  2⤵
  PID:1036
- C:\Windows\System\hOqlVXg.exe
  C:\Windows\System\hOqlVXg.exe
  2⤵
  PID:7184
- C:\Windows\System\OFzOnGr.exe
  C:\Windows\System\OFzOnGr.exe
  2⤵
  PID:7200
- C:\Windows\System\GVcmfMN.exe
  C:\Windows\System\GVcmfMN.exe
  2⤵
  PID:7216
- C:\Windows\System\uTFXrgm.exe
  C:\Windows\System\uTFXrgm.exe
  2⤵
  PID:7244
- C:\Windows\System\HPguTar.exe
  C:\Windows\System\HPguTar.exe
  2⤵
  PID:7260
- C:\Windows\System\Zdroqcv.exe
  C:\Windows\System\Zdroqcv.exe
  2⤵
  PID:7276
- C:\Windows\System\IgmFmjI.exe
  C:\Windows\System\IgmFmjI.exe
  2⤵
  PID:7312
- C:\Windows\System\DDspYqy.exe
  C:\Windows\System\DDspYqy.exe
  2⤵
  PID:7328
- C:\Windows\System\FNfvfoQ.exe
  C:\Windows\System\FNfvfoQ.exe
  2⤵
  PID:7352
- C:\Windows\System\seCTOne.exe
  C:\Windows\System\seCTOne.exe
  2⤵
  PID:7376
- C:\Windows\System\BtLlWyc.exe
  C:\Windows\System\BtLlWyc.exe
  2⤵
  PID:7400
- C:\Windows\System\frHfvWZ.exe
  C:\Windows\System\frHfvWZ.exe
  2⤵
  PID:7420
- C:\Windows\System\IvIfjaJ.exe
  C:\Windows\System\IvIfjaJ.exe
  2⤵
  PID:7440
- C:\Windows\System\kVPOswp.exe
  C:\Windows\System\kVPOswp.exe
  2⤵
  PID:7460
- C:\Windows\System\JyzrADV.exe
  C:\Windows\System\JyzrADV.exe
  2⤵
  PID:7480
- C:\Windows\System\nGaKxNc.exe
  C:\Windows\System\nGaKxNc.exe
  2⤵
  PID:7500
- C:\Windows\System\pVZdxeS.exe
  C:\Windows\System\pVZdxeS.exe
  2⤵
  PID:7548
- C:\Windows\System\HFkQxkW.exe
  C:\Windows\System\HFkQxkW.exe
  2⤵
  PID:7564
- C:\Windows\System\JgqhBYC.exe
  C:\Windows\System\JgqhBYC.exe
  2⤵
  PID:7580
- C:\Windows\System\OLCcbfs.exe
  C:\Windows\System\OLCcbfs.exe
  2⤵
  PID:7600
- C:\Windows\System\MYitYDS.exe
  C:\Windows\System\MYitYDS.exe
  2⤵
  PID:7620
- C:\Windows\System\ZuTYVWs.exe
  C:\Windows\System\ZuTYVWs.exe
  2⤵
  PID:7636
- C:\Windows\System\pZKXpHO.exe
  C:\Windows\System\pZKXpHO.exe
  2⤵
  PID:7656
- C:\Windows\System\qdJSCoJ.exe
  C:\Windows\System\qdJSCoJ.exe
  2⤵
  PID:7672
- C:\Windows\System\WmRiaJu.exe
  C:\Windows\System\WmRiaJu.exe
  2⤵
  PID:7692
- C:\Windows\System\ZPgwxSQ.exe
  C:\Windows\System\ZPgwxSQ.exe
  2⤵
  PID:7716
- C:\Windows\System\kOIStmx.exe
  C:\Windows\System\kOIStmx.exe
  2⤵
  PID:7736
- C:\Windows\System\pAnZjza.exe
  C:\Windows\System\pAnZjza.exe
  2⤵
  PID:7756
- C:\Windows\System\LhFpobI.exe
  C:\Windows\System\LhFpobI.exe
  2⤵
  PID:7772
- C:\Windows\System\wnHaJPb.exe
  C:\Windows\System\wnHaJPb.exe
  2⤵
  PID:7816
- C:\Windows\System\GVVOKir.exe
  C:\Windows\System\GVVOKir.exe
  2⤵
  PID:7832
- C:\Windows\System\tDSipku.exe
  C:\Windows\System\tDSipku.exe
  2⤵
  PID:7848
- C:\Windows\System\ZSgvfnF.exe
  C:\Windows\System\ZSgvfnF.exe
  2⤵
  PID:7868
- C:\Windows\System\vEUNtbu.exe
  C:\Windows\System\vEUNtbu.exe
  2⤵
  PID:7884
- C:\Windows\System\JwAmCIV.exe
  C:\Windows\System\JwAmCIV.exe
  2⤵
  PID:7900
- C:\Windows\System\zNhChpR.exe
  C:\Windows\System\zNhChpR.exe
  2⤵
  PID:7916
- C:\Windows\System\LzDYJGH.exe
  C:\Windows\System\LzDYJGH.exe
  2⤵
  PID:7932
- C:\Windows\System\eLWySod.exe
  C:\Windows\System\eLWySod.exe
  2⤵
  PID:7952
- C:\Windows\System\vGZTspx.exe
  C:\Windows\System\vGZTspx.exe
  2⤵
  PID:7972
- C:\Windows\System\DMUINpv.exe
  C:\Windows\System\DMUINpv.exe
  2⤵
  PID:7992
- C:\Windows\System\cRHgqvx.exe
  C:\Windows\System\cRHgqvx.exe
  2⤵
  PID:8008
- C:\Windows\System\arbFFvW.exe
  C:\Windows\System\arbFFvW.exe
  2⤵
  PID:8024
- C:\Windows\System\ElwRUYi.exe
  C:\Windows\System\ElwRUYi.exe
  2⤵
  PID:8040
- C:\Windows\System\urhOFwm.exe
  C:\Windows\System\urhOFwm.exe
  2⤵
  PID:8056
- C:\Windows\System\jvucwjR.exe
  C:\Windows\System\jvucwjR.exe
  2⤵
  PID:8072
- C:\Windows\System\vyLESzJ.exe
  C:\Windows\System\vyLESzJ.exe
  2⤵
  PID:8088
- C:\Windows\System\JVbbOBy.exe
  C:\Windows\System\JVbbOBy.exe
  2⤵
  PID:8104
- C:\Windows\System\rtHxJCP.exe
  C:\Windows\System\rtHxJCP.exe
  2⤵
  PID:8124
- C:\Windows\System\ZhGGCdv.exe
  C:\Windows\System\ZhGGCdv.exe
  2⤵
  PID:8148
- C:\Windows\System\oGNKCxD.exe
  C:\Windows\System\oGNKCxD.exe
  2⤵
  PID:8164
- C:\Windows\System\KHsKtHV.exe
  C:\Windows\System\KHsKtHV.exe
  2⤵
  PID:8180
- C:\Windows\System\lcnMzZW.exe
  C:\Windows\System\lcnMzZW.exe
  2⤵
  PID:6208
- C:\Windows\System\MCqJSrF.exe
  C:\Windows\System\MCqJSrF.exe
  2⤵
  PID:6948
- C:\Windows\System\kCPfiSE.exe
  C:\Windows\System\kCPfiSE.exe
  2⤵
  PID:6596
- C:\Windows\System\zQfSdRT.exe
  C:\Windows\System\zQfSdRT.exe
  2⤵
  PID:6892
- C:\Windows\System\MwJnUOn.exe
  C:\Windows\System\MwJnUOn.exe
  2⤵
  PID:2908
- C:\Windows\System\rzeUbjG.exe
  C:\Windows\System\rzeUbjG.exe
  2⤵
  PID:1736
- C:\Windows\System\xYsyQgA.exe
  C:\Windows\System\xYsyQgA.exe
  2⤵
  PID:2668
- C:\Windows\System\KlZbSKT.exe
  C:\Windows\System\KlZbSKT.exe
  2⤵
  PID:7288
- C:\Windows\System\QxEhsVL.exe
  C:\Windows\System\QxEhsVL.exe
  2⤵
  PID:7308
- C:\Windows\System\TSGzxuM.exe
  C:\Windows\System\TSGzxuM.exe
  2⤵
  PID:7408
- C:\Windows\System\puMwyoa.exe
  C:\Windows\System\puMwyoa.exe
  2⤵
  PID:7360
- C:\Windows\System\BMvzayk.exe
  C:\Windows\System\BMvzayk.exe
  2⤵
  PID:7448
- C:\Windows\System\qdqYuWm.exe
  C:\Windows\System\qdqYuWm.exe
  2⤵
  PID:7492
- C:\Windows\System\inCPFeI.exe
  C:\Windows\System\inCPFeI.exe
  2⤵
  PID:7524
- C:\Windows\System\YMmLdSZ.exe
  C:\Windows\System\YMmLdSZ.exe
  2⤵
  PID:7540
- C:\Windows\System\mnzjFxj.exe
  C:\Windows\System\mnzjFxj.exe
  2⤵
  PID:7572
- C:\Windows\System\beGqlRM.exe
  C:\Windows\System\beGqlRM.exe
  2⤵
  PID:7644
- C:\Windows\System\xgudRbK.exe
  C:\Windows\System\xgudRbK.exe
  2⤵
  PID:7592
- C:\Windows\System\lCtbdBs.exe
  C:\Windows\System\lCtbdBs.exe
  2⤵
  PID:7664
- C:\Windows\System\TDkCzeB.exe
  C:\Windows\System\TDkCzeB.exe
  2⤵
  PID:7700
- C:\Windows\System\SsOSPet.exe
  C:\Windows\System\SsOSPet.exe
  2⤵
  PID:7732
- C:\Windows\System\UzXKpCk.exe
  C:\Windows\System\UzXKpCk.exe
  2⤵
  PID:7744
- C:\Windows\System\xfGAGXG.exe
  C:\Windows\System\xfGAGXG.exe
  2⤵
  PID:7792
- C:\Windows\System\gYMqFOw.exe
  C:\Windows\System\gYMqFOw.exe
  2⤵
  PID:7808
- C:\Windows\System\HloBMol.exe
  C:\Windows\System\HloBMol.exe
  2⤵
  PID:7768
- C:\Windows\System\VVHYKWG.exe
  C:\Windows\System\VVHYKWG.exe
  2⤵
  PID:7880
- C:\Windows\System\kmaWRoc.exe
  C:\Windows\System\kmaWRoc.exe
  2⤵
  PID:7860
- C:\Windows\System\fxWCYyZ.exe
  C:\Windows\System\fxWCYyZ.exe
  2⤵
  PID:7928
- C:\Windows\System\kYRaCMC.exe
  C:\Windows\System\kYRaCMC.exe
  2⤵
  PID:7912
- C:\Windows\System\nhtgRoQ.exe
  C:\Windows\System\nhtgRoQ.exe
  2⤵
  PID:7988
- C:\Windows\System\dbapuze.exe
  C:\Windows\System\dbapuze.exe
  2⤵
  PID:8052
- C:\Windows\System\yNcyKcx.exe
  C:\Windows\System\yNcyKcx.exe
  2⤵
  PID:8120
- C:\Windows\System\oiDDOsR.exe
  C:\Windows\System\oiDDOsR.exe
  2⤵
  PID:8140
- C:\Windows\System\pDhmDSB.exe
  C:\Windows\System\pDhmDSB.exe
  2⤵
  PID:7680
- C:\Windows\System\zGlPNGY.exe
  C:\Windows\System\zGlPNGY.exe
  2⤵
  PID:4492
- C:\Windows\System\JVOLZhh.exe
  C:\Windows\System\JVOLZhh.exe
  2⤵
  PID:7240
- C:\Windows\System\PkEoeNz.exe
  C:\Windows\System\PkEoeNz.exe
  2⤵
  PID:7224
- C:\Windows\System\QYBzxeG.exe
  C:\Windows\System\QYBzxeG.exe
  2⤵
  PID:7252
- C:\Windows\System\XFsDAPv.exe
  C:\Windows\System\XFsDAPv.exe
  2⤵
  PID:7336
- C:\Windows\System\CmXWrxN.exe
  C:\Windows\System\CmXWrxN.exe
  2⤵
  PID:7340
- C:\Windows\System\OofOzgc.exe
  C:\Windows\System\OofOzgc.exe
  2⤵
  PID:7272
- C:\Windows\System\vurnCaK.exe
  C:\Windows\System\vurnCaK.exe
  2⤵
  PID:7436
- C:\Windows\System\ypDAQPa.exe
  C:\Windows\System\ypDAQPa.exe
  2⤵
  PID:7368
- C:\Windows\System\EhZmoyA.exe
  C:\Windows\System\EhZmoyA.exe
  2⤵
  PID:7324
- C:\Windows\System\TmpvFUa.exe
  C:\Windows\System\TmpvFUa.exe
  2⤵
  PID:7628
- C:\Windows\System\TySfuis.exe
  C:\Windows\System\TySfuis.exe
  2⤵
  PID:7612
- C:\Windows\System\cPWArzN.exe
  C:\Windows\System\cPWArzN.exe
  2⤵
  PID:7532
- C:\Windows\System\IamJfee.exe
  C:\Windows\System\IamJfee.exe
  2⤵
  PID:7560
- C:\Windows\System\VbsSOWP.exe
  C:\Windows\System\VbsSOWP.exe
  2⤵
  PID:7840
- C:\Windows\System\BGFzRtA.exe
  C:\Windows\System\BGFzRtA.exe
  2⤵
  PID:7800
- C:\Windows\System\EKCjnFN.exe
  C:\Windows\System\EKCjnFN.exe
  2⤵
  PID:7844
- C:\Windows\System\pGrkpbE.exe
  C:\Windows\System\pGrkpbE.exe
  2⤵
  PID:7924
- C:\Windows\System\kPtjzaz.exe
  C:\Windows\System\kPtjzaz.exe
  2⤵
  PID:8000
- C:\Windows\System\efvoory.exe
  C:\Windows\System\efvoory.exe
  2⤵
  PID:8064
- C:\Windows\System\bfscCCo.exe
  C:\Windows\System\bfscCCo.exe
  2⤵
  PID:7940
- C:\Windows\System\DGCOxUs.exe
  C:\Windows\System\DGCOxUs.exe
  2⤵
  PID:8132
- C:\Windows\System\tqCQjAP.exe
  C:\Windows\System\tqCQjAP.exe
  2⤵
  PID:6380
- C:\Windows\System\mxsMngf.exe
  C:\Windows\System\mxsMngf.exe
  2⤵
  PID:7048
- C:\Windows\System\TNaZFdi.exe
  C:\Windows\System\TNaZFdi.exe
  2⤵
  PID:8172
- C:\Windows\System\lLwsVVl.exe
  C:\Windows\System\lLwsVVl.exe
  2⤵
  PID:6348
- C:\Windows\System\YenVIYs.exe
  C:\Windows\System\YenVIYs.exe
  2⤵
  PID:6840
- C:\Windows\System\FhQHdnE.exe
  C:\Windows\System\FhQHdnE.exe
  2⤵
  PID:7708
- C:\Windows\System\hxquDRD.exe
  C:\Windows\System\hxquDRD.exe
  2⤵
  PID:8048
- C:\Windows\System\RwRGdZQ.exe
  C:\Windows\System\RwRGdZQ.exe
  2⤵
  PID:8084
- C:\Windows\System\BNmpNea.exe
  C:\Windows\System\BNmpNea.exe
  2⤵
  PID:7296
- C:\Windows\System\avOQDhO.exe
  C:\Windows\System\avOQDhO.exe
  2⤵
  PID:7712
- C:\Windows\System\kZoQQOL.exe
  C:\Windows\System\kZoQQOL.exe
  2⤵
  PID:6792
- C:\Windows\System\qyouudP.exe
  C:\Windows\System\qyouudP.exe
  2⤵
  PID:7896
- C:\Windows\System\TkSsIxd.exe
  C:\Windows\System\TkSsIxd.exe
  2⤵
  PID:4564
- C:\Windows\System\AxzsanD.exe
  C:\Windows\System\AxzsanD.exe
  2⤵
  PID:932
- C:\Windows\System\fvcGELU.exe
  C:\Windows\System\fvcGELU.exe
  2⤵
  PID:7384
- C:\Windows\System\swVUAAh.exe
  C:\Windows\System\swVUAAh.exe
  2⤵
  PID:7392
- C:\Windows\System\IGNqlge.exe
  C:\Windows\System\IGNqlge.exe
  2⤵
  PID:7856
- C:\Windows\System\azLgLju.exe
  C:\Windows\System\azLgLju.exe
  2⤵
  PID:7232
- C:\Windows\System\HMklRLq.exe
  C:\Windows\System\HMklRLq.exe
  2⤵
  PID:7764
- C:\Windows\System\FHRmLCj.exe
  C:\Windows\System\FHRmLCj.exe
  2⤵
  PID:7980
- C:\Windows\System\tWCiIhU.exe
  C:\Windows\System\tWCiIhU.exe
  2⤵
  PID:7788
- C:\Windows\System\FfmyCht.exe
  C:\Windows\System\FfmyCht.exe
  2⤵
  PID:7520
- C:\Windows\System\TvbxqXk.exe
  C:\Windows\System\TvbxqXk.exe
  2⤵
  PID:7428
- C:\Windows\System\sNFtKho.exe
  C:\Windows\System\sNFtKho.exe
  2⤵
  PID:8196
- C:\Windows\System\ekzwRAh.exe
  C:\Windows\System\ekzwRAh.exe
  2⤵
  PID:8212
- C:\Windows\System\YOtQSOV.exe
  C:\Windows\System\YOtQSOV.exe
  2⤵
  PID:8228
- C:\Windows\System\kxHaZKA.exe
  C:\Windows\System\kxHaZKA.exe
  2⤵
  PID:8244
- C:\Windows\System\pUibNvd.exe
  C:\Windows\System\pUibNvd.exe
  2⤵
  PID:8260
- C:\Windows\System\FfuPtpF.exe
  C:\Windows\System\FfuPtpF.exe
  2⤵
  PID:8276
- C:\Windows\System\ibPxEUX.exe
  C:\Windows\System\ibPxEUX.exe
  2⤵
  PID:8292
- C:\Windows\System\OhgHgJT.exe
  C:\Windows\System\OhgHgJT.exe
  2⤵
  PID:8308
- C:\Windows\System\PrGswpF.exe
  C:\Windows\System\PrGswpF.exe
  2⤵
  PID:8324
- C:\Windows\System\SOJXCXT.exe
  C:\Windows\System\SOJXCXT.exe
  2⤵
  PID:8340
- C:\Windows\System\GsgURon.exe
  C:\Windows\System\GsgURon.exe
  2⤵
  PID:8356
- C:\Windows\System\nKBPQRV.exe
  C:\Windows\System\nKBPQRV.exe
  2⤵
  PID:8372
- C:\Windows\System\gLsBZWj.exe
  C:\Windows\System\gLsBZWj.exe
  2⤵
  PID:8388
- C:\Windows\System\CkKzGCk.exe
  C:\Windows\System\CkKzGCk.exe
  2⤵
  PID:8404
- C:\Windows\System\tMlnKPs.exe
  C:\Windows\System\tMlnKPs.exe
  2⤵
  PID:8420
- C:\Windows\System\tGCACoJ.exe
  C:\Windows\System\tGCACoJ.exe
  2⤵
  PID:8436
- C:\Windows\System\XyshusT.exe
  C:\Windows\System\XyshusT.exe
  2⤵
  PID:8452
- C:\Windows\System\GOgWCNh.exe
  C:\Windows\System\GOgWCNh.exe
  2⤵
  PID:8468
- C:\Windows\System\bryCqoY.exe
  C:\Windows\System\bryCqoY.exe
  2⤵
  PID:8484
- C:\Windows\System\sffxNmy.exe
  C:\Windows\System\sffxNmy.exe
  2⤵
  PID:8500
- C:\Windows\System\nPDnKDq.exe
  C:\Windows\System\nPDnKDq.exe
  2⤵
  PID:8516
- C:\Windows\System\dYIhZSW.exe
  C:\Windows\System\dYIhZSW.exe
  2⤵
  PID:8532
- C:\Windows\System\QLubJEE.exe
  C:\Windows\System\QLubJEE.exe
  2⤵
  PID:8548
- C:\Windows\System\pnVvayB.exe
  C:\Windows\System\pnVvayB.exe
  2⤵
  PID:8564
- C:\Windows\System\ZYjsrSp.exe
  C:\Windows\System\ZYjsrSp.exe
  2⤵
  PID:8580
- C:\Windows\System\KmMjJJc.exe
  C:\Windows\System\KmMjJJc.exe
  2⤵
  PID:8596
- C:\Windows\System\tYebIMJ.exe
  C:\Windows\System\tYebIMJ.exe
  2⤵
  PID:8612
- C:\Windows\System\cIrBdAT.exe
  C:\Windows\System\cIrBdAT.exe
  2⤵
  PID:8628
- C:\Windows\System\ZEyzjrG.exe
  C:\Windows\System\ZEyzjrG.exe
  2⤵
  PID:8644
- C:\Windows\System\byiixGS.exe
  C:\Windows\System\byiixGS.exe
  2⤵
  PID:8660
- C:\Windows\System\AiAUBqh.exe
  C:\Windows\System\AiAUBqh.exe
  2⤵
  PID:8680
- C:\Windows\System\yGKtoGf.exe
  C:\Windows\System\yGKtoGf.exe
  2⤵
  PID:8712
- C:\Windows\System\UtPfInY.exe
  C:\Windows\System\UtPfInY.exe
  2⤵
  PID:8752
- C:\Windows\System\yNTXldv.exe
  C:\Windows\System\yNTXldv.exe
  2⤵
  PID:8768
- C:\Windows\System\BimQzEt.exe
  C:\Windows\System\BimQzEt.exe
  2⤵
  PID:8784
- C:\Windows\System\lhPTqao.exe
  C:\Windows\System\lhPTqao.exe
  2⤵
  PID:8800
- C:\Windows\System\OERlwOk.exe
  C:\Windows\System\OERlwOk.exe
  2⤵
  PID:8928
- C:\Windows\System\iRUDdeS.exe
  C:\Windows\System\iRUDdeS.exe
  2⤵
  PID:8944
- C:\Windows\System\AhGnsfm.exe
  C:\Windows\System\AhGnsfm.exe
  2⤵
  PID:8968
- C:\Windows\System\JfXXCIb.exe
  C:\Windows\System\JfXXCIb.exe
  2⤵
  PID:8984
- C:\Windows\System\IcqNNKC.exe
  C:\Windows\System\IcqNNKC.exe
  2⤵
  PID:9008
- C:\Windows\System\IcoiBOi.exe
  C:\Windows\System\IcoiBOi.exe
  2⤵
  PID:9028
- C:\Windows\System\ZAsCZjU.exe
  C:\Windows\System\ZAsCZjU.exe
  2⤵
  PID:9056
- C:\Windows\System\ZCJBQQU.exe
  C:\Windows\System\ZCJBQQU.exe
  2⤵
  PID:9076
- C:\Windows\System\oVgEUBG.exe
  C:\Windows\System\oVgEUBG.exe
  2⤵
  PID:9112
- C:\Windows\System\TnqftJM.exe
  C:\Windows\System\TnqftJM.exe
  2⤵
  PID:9144
- C:\Windows\System\fnOvVqH.exe
  C:\Windows\System\fnOvVqH.exe
  2⤵
  PID:9164
- C:\Windows\System\LHhfOoy.exe
  C:\Windows\System\LHhfOoy.exe
  2⤵
  PID:9192
- C:\Windows\System\ZqEIkxa.exe
  C:\Windows\System\ZqEIkxa.exe
  2⤵
  PID:9208
- C:\Windows\System\EBhxfLl.exe
  C:\Windows\System\EBhxfLl.exe
  2⤵
  PID:8032
- C:\Windows\System\MNMssKX.exe
  C:\Windows\System\MNMssKX.exe
  2⤵
  PID:8220
- C:\Windows\System\DOoYnbI.exe
  C:\Windows\System\DOoYnbI.exe
  2⤵
  PID:8284
- C:\Windows\System\MJFNcqu.exe
  C:\Windows\System\MJFNcqu.exe
  2⤵
  PID:8332
- C:\Windows\System\PQqbPHk.exe
  C:\Windows\System\PQqbPHk.exe
  2⤵
  PID:8368
- C:\Windows\System\xiEIPfq.exe
  C:\Windows\System\xiEIPfq.exe
  2⤵
  PID:6496
- C:\Windows\System\mXjrEep.exe
  C:\Windows\System\mXjrEep.exe
  2⤵
  PID:7208
- C:\Windows\System\oUuGKVw.exe
  C:\Windows\System\oUuGKVw.exe
  2⤵
  PID:7824
- C:\Windows\System\jKJiHLj.exe
  C:\Windows\System\jKJiHLj.exe
  2⤵
  PID:7508
- C:\Windows\System\epxHciZ.exe
  C:\Windows\System\epxHciZ.exe
  2⤵
  PID:8208
- C:\Windows\System\ZloaKiU.exe
  C:\Windows\System\ZloaKiU.exe
  2⤵
  PID:380
- C:\Windows\System\QBcARrE.exe
  C:\Windows\System\QBcARrE.exe
  2⤵
  PID:8380
- C:\Windows\System\FEwudjW.exe
  C:\Windows\System\FEwudjW.exe
  2⤵
  PID:8444
- C:\Windows\System\gKSoIOV.exe
  C:\Windows\System\gKSoIOV.exe
  2⤵
  PID:8508
- C:\Windows\System\IMKkrrL.exe
  C:\Windows\System\IMKkrrL.exe
  2⤵
  PID:8572
- C:\Windows\System\usAGyvi.exe
  C:\Windows\System\usAGyvi.exe
  2⤵
  PID:8624
- C:\Windows\System\dtwaWyo.exe
  C:\Windows\System\dtwaWyo.exe
  2⤵
  PID:8460
- C:\Windows\System\kcnKKUY.exe
  C:\Windows\System\kcnKKUY.exe
  2⤵
  PID:8528
- C:\Windows\System\nCGAOAx.exe
  C:\Windows\System\nCGAOAx.exe
  2⤵
  PID:8656
- C:\Windows\System\CbUnoQH.exe
  C:\Windows\System\CbUnoQH.exe
  2⤵
  PID:8640
- C:\Windows\System\aqknTKA.exe
  C:\Windows\System\aqknTKA.exe
  2⤵
  PID:8692
- C:\Windows\System\LOWocOE.exe
  C:\Windows\System\LOWocOE.exe
  2⤵
  PID:8704
- C:\Windows\System\wDJUOOA.exe
  C:\Windows\System\wDJUOOA.exe
  2⤵
  PID:8744
- C:\Windows\System\EbrXpiN.exe
  C:\Windows\System\EbrXpiN.exe
  2⤵
  PID:8792
- C:\Windows\System\kRipRLs.exe
  C:\Windows\System\kRipRLs.exe
  2⤵
  PID:8776
- C:\Windows\System\EvTIbBh.exe
  C:\Windows\System\EvTIbBh.exe
  2⤵
  PID:8828
- C:\Windows\System\hhQiIOd.exe
  C:\Windows\System\hhQiIOd.exe
  2⤵
  PID:8952
- C:\Windows\System\tUXrfqe.exe
  C:\Windows\System\tUXrfqe.exe
  2⤵
  PID:7212
- C:\Windows\System\ekCKtGf.exe
  C:\Windows\System\ekCKtGf.exe
  2⤵
  PID:9004
- C:\Windows\System\lyVRcyC.exe
  C:\Windows\System\lyVRcyC.exe
  2⤵
  PID:9040
- C:\Windows\System\qtvgmMx.exe
  C:\Windows\System\qtvgmMx.exe
  2⤵
  PID:9048
- C:\Windows\System\OwOSIuS.exe
  C:\Windows\System\OwOSIuS.exe
  2⤵
  PID:9084
- C:\Windows\System\PqJEcXC.exe
  C:\Windows\System\PqJEcXC.exe
  2⤵
  PID:9100
- C:\Windows\System\uHhWotu.exe
  C:\Windows\System\uHhWotu.exe
  2⤵
  PID:9124
- C:\Windows\System\wEqbSPS.exe
  C:\Windows\System\wEqbSPS.exe
  2⤵
  PID:9132
- C:\Windows\System\FcICNOF.exe
  C:\Windows\System\FcICNOF.exe
  2⤵
  PID:9176
- C:\Windows\System\cgTWcsA.exe
  C:\Windows\System\cgTWcsA.exe
  2⤵
  PID:9188
- C:\Windows\System\kCXPDfY.exe
  C:\Windows\System\kCXPDfY.exe
  2⤵
  PID:7172
- C:\Windows\System\FdZBvDg.exe
  C:\Windows\System\FdZBvDg.exe
  2⤵
  PID:7300
- C:\Windows\System\BeWDuGp.exe
  C:\Windows\System\BeWDuGp.exe
  2⤵
  PID:7268
- C:\Windows\System\RnoLPXe.exe
  C:\Windows\System\RnoLPXe.exe
  2⤵
  PID:8252
- C:\Windows\System\UicYYJT.exe
  C:\Windows\System\UicYYJT.exe
  2⤵
  PID:8268
- C:\Windows\System\lfUaqtG.exe
  C:\Windows\System\lfUaqtG.exe
  2⤵
  PID:8316
- C:\Windows\System\dhbvYwW.exe
  C:\Windows\System\dhbvYwW.exe
  2⤵
  PID:8412
- C:\Windows\System\vGxSEDj.exe
  C:\Windows\System\vGxSEDj.exe
  2⤵
  PID:8652
- C:\Windows\System\YoHsKTv.exe
  C:\Windows\System\YoHsKTv.exe
  2⤵
  PID:8480
- C:\Windows\System\JngjQQC.exe
  C:\Windows\System\JngjQQC.exe
  2⤵
  PID:8836
- C:\Windows\System\lIZacfe.exe
  C:\Windows\System\lIZacfe.exe
  2⤵
  PID:8852
- C:\Windows\System\Plqbogh.exe
  C:\Windows\System\Plqbogh.exe
  2⤵
  PID:8820
- C:\Windows\System\ufJSdpO.exe
  C:\Windows\System\ufJSdpO.exe
  2⤵
  PID:8868
- C:\Windows\System\daHPelQ.exe
  C:\Windows\System\daHPelQ.exe
  2⤵
  PID:8888
- C:\Windows\System\LNjpghf.exe
  C:\Windows\System\LNjpghf.exe
  2⤵
  PID:8904
- C:\Windows\System\tVNlGhi.exe
  C:\Windows\System\tVNlGhi.exe
  2⤵
  PID:8916
- C:\Windows\System\JdCKEcA.exe
  C:\Windows\System\JdCKEcA.exe
  2⤵
  PID:8992
- C:\Windows\System\Ivxlxwe.exe
  C:\Windows\System\Ivxlxwe.exe
  2⤵
  PID:8976
- C:\Windows\System\xqIGRWt.exe
  C:\Windows\System\xqIGRWt.exe
  2⤵
  PID:9044
- C:\Windows\System\FNlrJYo.exe
  C:\Windows\System\FNlrJYo.exe
  2⤵
  PID:9184
- C:\Windows\System\LcLiPKS.exe
  C:\Windows\System\LcLiPKS.exe
  2⤵
  PID:7892
- C:\Windows\System\ziIMBIw.exe
  C:\Windows\System\ziIMBIw.exe
  2⤵
  PID:9160
- C:\Windows\System\rpZUJtl.exe
  C:\Windows\System\rpZUJtl.exe
  2⤵
  PID:7284
- C:\Windows\System\PCqziNM.exe
  C:\Windows\System\PCqziNM.exe
  2⤵
  PID:9092
- C:\Windows\System\ZEEjhip.exe
  C:\Windows\System\ZEEjhip.exe
  2⤵
  PID:8364
- C:\Windows\System\GbmqZVS.exe
  C:\Windows\System\GbmqZVS.exe
  2⤵
  PID:8544
- C:\Windows\System\HtVXrhh.exe
  C:\Windows\System\HtVXrhh.exe
  2⤵
  PID:8860
- C:\Windows\System\CcodHOV.exe
  C:\Windows\System\CcodHOV.exe
  2⤵
  PID:8864
- C:\Windows\System\IAwtDqr.exe
  C:\Windows\System\IAwtDqr.exe
  2⤵
  PID:8940
- C:\Windows\System\pRxUzUr.exe
  C:\Windows\System\pRxUzUr.exe
  2⤵
  PID:8672
- C:\Windows\System\KIOITPO.exe
  C:\Windows\System\KIOITPO.exe
  2⤵
  PID:8592
- C:\Windows\System\FYznojf.exe
  C:\Windows\System\FYznojf.exe
  2⤵
  PID:9020
- C:\Windows\System\YadnNsH.exe
  C:\Windows\System\YadnNsH.exe
  2⤵
  PID:8964
- C:\Windows\System\qccKfea.exe
  C:\Windows\System\qccKfea.exe
  2⤵
  PID:8912
- C:\Windows\System\sUKefRy.exe
  C:\Windows\System\sUKefRy.exe
  2⤵
  PID:8352
- C:\Windows\System\WFRSCbq.exe
  C:\Windows\System\WFRSCbq.exe
  2⤵
  PID:9120
- C:\Windows\System\LQSLYsM.exe
  C:\Windows\System\LQSLYsM.exe
  2⤵
  PID:8540
- C:\Windows\System\hZJLwGM.exe
  C:\Windows\System\hZJLwGM.exe
  2⤵
  PID:8796
- C:\Windows\System\utDagZw.exe
  C:\Windows\System\utDagZw.exe
  2⤵
  PID:8688
- C:\Windows\System\CXMjRfN.exe
  C:\Windows\System\CXMjRfN.exe
  2⤵
  PID:8740
- C:\Windows\System\NwGmjSr.exe
  C:\Windows\System\NwGmjSr.exe
  2⤵
  PID:7728
- C:\Windows\System\iggiiCl.exe
  C:\Windows\System\iggiiCl.exe
  2⤵
  PID:9068
- C:\Windows\System\OoiblkH.exe
  C:\Windows\System\OoiblkH.exe
  2⤵
  PID:8348
- C:\Windows\System\DdWYoye.exe
  C:\Windows\System\DdWYoye.exe
  2⤵
  PID:8676
- C:\Windows\System\djbBJsD.exe
  C:\Windows\System\djbBJsD.exe
  2⤵
  PID:9220
- C:\Windows\System\pXgBpvV.exe
  C:\Windows\System\pXgBpvV.exe
  2⤵
  PID:9240
- C:\Windows\System\mZKPcFT.exe
  C:\Windows\System\mZKPcFT.exe
  2⤵
  PID:9256
- C:\Windows\System\gqAUHyY.exe
  C:\Windows\System\gqAUHyY.exe
  2⤵
  PID:9272
- C:\Windows\System\cXmLNBf.exe
  C:\Windows\System\cXmLNBf.exe
  2⤵
  PID:9292
- C:\Windows\System\EjjOmpR.exe
  C:\Windows\System\EjjOmpR.exe
  2⤵
  PID:9308
- C:\Windows\System\acrsOCN.exe
  C:\Windows\System\acrsOCN.exe
  2⤵
  PID:9324
- C:\Windows\System\pDoKZzv.exe
  C:\Windows\System\pDoKZzv.exe
  2⤵
  PID:9344
- C:\Windows\System\sjszQdr.exe
  C:\Windows\System\sjszQdr.exe
  2⤵
  PID:9360
- C:\Windows\System\HroiuoD.exe
  C:\Windows\System\HroiuoD.exe
  2⤵
  PID:9380
- C:\Windows\System\NrKEaLE.exe
  C:\Windows\System\NrKEaLE.exe
  2⤵
  PID:9396
- C:\Windows\System\GwgqDBp.exe
  C:\Windows\System\GwgqDBp.exe
  2⤵
  PID:9412
- C:\Windows\System\QCVqcav.exe
  C:\Windows\System\QCVqcav.exe
  2⤵
  PID:9428
- C:\Windows\System\URTtALt.exe
  C:\Windows\System\URTtALt.exe
  2⤵
  PID:9444
- C:\Windows\System\OXicCuQ.exe
  C:\Windows\System\OXicCuQ.exe
  2⤵
  PID:9460
- C:\Windows\System\OMeOuuO.exe
  C:\Windows\System\OMeOuuO.exe
  2⤵
  PID:9476
- C:\Windows\System\roixRcu.exe
  C:\Windows\System\roixRcu.exe
  2⤵
  PID:9496
- C:\Windows\System\szhxZdg.exe
  C:\Windows\System\szhxZdg.exe
  2⤵
  PID:9512
- C:\Windows\System\uMlxEmr.exe
  C:\Windows\System\uMlxEmr.exe
  2⤵
  PID:9528
- C:\Windows\System\EpAaxaf.exe
  C:\Windows\System\EpAaxaf.exe
  2⤵
  PID:9544
- C:\Windows\System\sjcyxLn.exe
  C:\Windows\System\sjcyxLn.exe
  2⤵
  PID:9560
- C:\Windows\System\lIbBUPn.exe
  C:\Windows\System\lIbBUPn.exe
  2⤵
  PID:9576
- C:\Windows\System\uMmvNVO.exe
  C:\Windows\System\uMmvNVO.exe
  2⤵
  PID:9592
- C:\Windows\System\OPJzftK.exe
  C:\Windows\System\OPJzftK.exe
  2⤵
  PID:9608
- C:\Windows\System\spsXEQy.exe
  C:\Windows\System\spsXEQy.exe
  2⤵
  PID:9624
- C:\Windows\System\dcASgYH.exe
  C:\Windows\System\dcASgYH.exe
  2⤵
  PID:9640
- C:\Windows\System\dtUOFWB.exe
  C:\Windows\System\dtUOFWB.exe
  2⤵
  PID:9656
- C:\Windows\System\RraEuvH.exe
  C:\Windows\System\RraEuvH.exe
  2⤵
  PID:9672
- C:\Windows\System\LBhHUAk.exe
  C:\Windows\System\LBhHUAk.exe
  2⤵
  PID:9692
- C:\Windows\System\tUZMfMN.exe
  C:\Windows\System\tUZMfMN.exe
  2⤵
  PID:9712
- C:\Windows\System\rkKKalv.exe
  C:\Windows\System\rkKKalv.exe
  2⤵
  PID:9732
- C:\Windows\System\rkuTRUl.exe
  C:\Windows\System\rkuTRUl.exe
  2⤵
  PID:9760
- C:\Windows\System\vsJSSFL.exe
  C:\Windows\System\vsJSSFL.exe
  2⤵
  PID:9872
- C:\Windows\System\VVgbrIT.exe
  C:\Windows\System\VVgbrIT.exe
  2⤵
  PID:9888
- C:\Windows\System\PEZRJxM.exe
  C:\Windows\System\PEZRJxM.exe
  2⤵
  PID:9904
- C:\Windows\System\mlgZySS.exe
  C:\Windows\System\mlgZySS.exe
  2⤵
  PID:9920
- C:\Windows\System\IITUuOI.exe
  C:\Windows\System\IITUuOI.exe
  2⤵
  PID:9996
- C:\Windows\System\MZcMfvB.exe
  C:\Windows\System\MZcMfvB.exe
  2⤵
  PID:10040
- C:\Windows\System\gYAYruD.exe
  C:\Windows\System\gYAYruD.exe
  2⤵
  PID:10080
- C:\Windows\System\WAfgiyo.exe
  C:\Windows\System\WAfgiyo.exe
  2⤵
  PID:10100
- C:\Windows\System\BcjbvCQ.exe
  C:\Windows\System\BcjbvCQ.exe
  2⤵
  PID:10116
- C:\Windows\System\IJgLDoL.exe
  C:\Windows\System\IJgLDoL.exe
  2⤵
  PID:10136
- C:\Windows\System\wHCAbSq.exe
  C:\Windows\System\wHCAbSq.exe
  2⤵
  PID:10156
- C:\Windows\System\HUpoezx.exe
  C:\Windows\System\HUpoezx.exe
  2⤵
  PID:10172
- C:\Windows\System\mzXXEbQ.exe
  C:\Windows\System\mzXXEbQ.exe
  2⤵
  PID:10188
- C:\Windows\System\DjNmTFi.exe
  C:\Windows\System\DjNmTFi.exe
  2⤵
  PID:10204
- C:\Windows\System\pAcwsms.exe
  C:\Windows\System\pAcwsms.exe
  2⤵
  PID:10220
- C:\Windows\System\nWnlQVg.exe
  C:\Windows\System\nWnlQVg.exe
  2⤵
  PID:9280
- C:\Windows\System\lfHReBt.exe
  C:\Windows\System\lfHReBt.exe
  2⤵
  PID:9288
- C:\Windows\System\qsNnIyk.exe
  C:\Windows\System\qsNnIyk.exe
  2⤵
  PID:9392
- C:\Windows\System\OxnfXBQ.exe
  C:\Windows\System\OxnfXBQ.exe
  2⤵
  PID:9456
- C:\Windows\System\UWbudyu.exe
  C:\Windows\System\UWbudyu.exe
  2⤵
  PID:9520
- C:\Windows\System\DZSrEKL.exe
  C:\Windows\System\DZSrEKL.exe
  2⤵
  PID:9052
- C:\Windows\System\jifaher.exe
  C:\Windows\System\jifaher.exe
  2⤵
  PID:8920
- C:\Windows\System\yxPzPHl.exe
  C:\Windows\System\yxPzPHl.exe
  2⤵
  PID:9232
- C:\Windows\System\nSOmigD.exe
  C:\Windows\System\nSOmigD.exe
  2⤵
  PID:9336
- C:\Windows\System\WzltsFD.exe
  C:\Windows\System\WzltsFD.exe
  2⤵
  PID:9436
- C:\Windows\System\pXxXLaW.exe
  C:\Windows\System\pXxXLaW.exe
  2⤵
  PID:9504
- C:\Windows\System\Toiwsft.exe
  C:\Windows\System\Toiwsft.exe
  2⤵
  PID:9604
- C:\Windows\System\IOuRZmT.exe
  C:\Windows\System\IOuRZmT.exe
  2⤵
  PID:9552
- C:\Windows\System\iwvrMAP.exe
  C:\Windows\System\iwvrMAP.exe
  2⤵
  PID:9648
- C:\Windows\System\EmLllgo.exe
  C:\Windows\System\EmLllgo.exe
  2⤵
  PID:9556
- C:\Windows\System\SExfPXd.exe
  C:\Windows\System\SExfPXd.exe
  2⤵
  PID:9740
- C:\Windows\System\MrjWzyl.exe
  C:\Windows\System\MrjWzyl.exe
  2⤵
  PID:9752
- C:\Windows\System\gOJGEDC.exe
  C:\Windows\System\gOJGEDC.exe
  2⤵
  PID:9776
- C:\Windows\System\CeTPYae.exe
  C:\Windows\System\CeTPYae.exe
  2⤵
  PID:9796
- C:\Windows\System\xKYTerF.exe
  C:\Windows\System\xKYTerF.exe
  2⤵
  PID:9816
- C:\Windows\System\XmiCLhk.exe
  C:\Windows\System\XmiCLhk.exe
  2⤵
  PID:9836
- C:\Windows\System\PDLJXtv.exe
  C:\Windows\System\PDLJXtv.exe
  2⤵
  PID:9856
- C:\Windows\System\UiUqOEi.exe
  C:\Windows\System\UiUqOEi.exe
  2⤵
  PID:9864
- C:\Windows\System\ZFgTuxq.exe
  C:\Windows\System\ZFgTuxq.exe
  2⤵
  PID:9912
- C:\Windows\System\NESCDYn.exe
  C:\Windows\System\NESCDYn.exe
  2⤵
  PID:9976
- C:\Windows\System\tvkPAfV.exe
  C:\Windows\System\tvkPAfV.exe
  2⤵
  PID:10016
- C:\Windows\System\vfPhgvS.exe
  C:\Windows\System\vfPhgvS.exe
  2⤵
  PID:9972
- C:\Windows\System\stJWSAc.exe
  C:\Windows\System\stJWSAc.exe
  2⤵
  PID:10060
- C:\Windows\System\fGbIdzw.exe
  C:\Windows\System\fGbIdzw.exe
  2⤵
  PID:10108
- C:\Windows\System\zsFcAjJ.exe
  C:\Windows\System\zsFcAjJ.exe
  2⤵
  PID:10180
- C:\Windows\System\HCpJhkV.exe
  C:\Windows\System\HCpJhkV.exe
  2⤵
  PID:10028
- C:\Windows\System\zKIEUpv.exe
  C:\Windows\System\zKIEUpv.exe
  2⤵
  PID:8272
- C:\Windows\System\pRAnJFw.exe
  C:\Windows\System\pRAnJFw.exe
  2⤵
  PID:9452
- C:\Windows\System\QeuJONZ.exe
  C:\Windows\System\QeuJONZ.exe
  2⤵
  PID:8824
- C:\Windows\System\TsDGBwk.exe
  C:\Windows\System\TsDGBwk.exe
  2⤵
  PID:8188
- C:\Windows\System\WXHIRGC.exe
  C:\Windows\System\WXHIRGC.exe
  2⤵
  PID:10032
- C:\Windows\System\FyqHRKW.exe
  C:\Windows\System\FyqHRKW.exe
  2⤵
  PID:10132
- C:\Windows\System\iDNRVnz.exe
  C:\Windows\System\iDNRVnz.exe
  2⤵
  PID:9404
- C:\Windows\System\zIPeXCH.exe
  C:\Windows\System\zIPeXCH.exe
  2⤵
  PID:10092
- C:\Windows\System\lYhdbCS.exe
  C:\Windows\System\lYhdbCS.exe
  2⤵
  PID:9572
- C:\Windows\System\UhVHskQ.exe
  C:\Windows\System\UhVHskQ.exe
  2⤵
  PID:9472
- C:\Windows\System\dFaXTCF.exe
  C:\Windows\System\dFaXTCF.exe
  2⤵
  PID:10196
- C:\Windows\System\hjkCACS.exe
  C:\Windows\System\hjkCACS.exe
  2⤵
  PID:9252
- C:\Windows\System\gMBWgtl.exe
  C:\Windows\System\gMBWgtl.exe
  2⤵
  PID:8956
- C:\Windows\System\vMdvjNs.exe
  C:\Windows\System\vMdvjNs.exe
  2⤵
  PID:9704
- C:\Windows\System\CcvaPaH.exe
  C:\Windows\System\CcvaPaH.exe
  2⤵
  PID:8812
- C:\Windows\System\rmflZzE.exe
  C:\Windows\System\rmflZzE.exe
  2⤵
  PID:9848
- C:\Windows\System\DQUwsep.exe
  C:\Windows\System\DQUwsep.exe
  2⤵
  PID:9852
- C:\Windows\System\dVZGeEI.exe
  C:\Windows\System\dVZGeEI.exe
  2⤵
  PID:9748
- C:\Windows\System\CmcjmrU.exe
  C:\Windows\System\CmcjmrU.exe
  2⤵
  PID:9784
- C:\Windows\System\vEZiVDo.exe
  C:\Windows\System\vEZiVDo.exe
  2⤵
  PID:9832
- C:\Windows\System\qqUdvhH.exe
  C:\Windows\System\qqUdvhH.exe
  2⤵
  PID:9988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CKHRPCJ.exe

Filesize
6.0MB

MD5
75203d5994e20faf58a5a479ac8e087d

SHA1
2e17beb0da7d71ebb13f8ac45fe5f109b5172889

SHA256
9c387851c8ed85516cc06086f8af2471e1e8741eb945c6d218ffaac4a040dafe

SHA512
f9d3bd3e2a339cd3220565baf720059c89c6a70e6075b7e9ad2f65c64d7e653c01ca0c12daf853da43bc88418d43ef7a3fab39b2b19adece883ec90e86445066

Download Submit
C:\Windows\system\CrmPNrz.exe

Filesize
6.0MB

MD5
6ec315038110dccc04d329f446e1212f

SHA1
2a79622276e48afe787044f58629d70801752372

SHA256
af35b6a374ecd7c4ef34bec40fe6085ce7d3de44e49cddc659230131f7676698

SHA512
ca5f29ecd6f7e967b2927240262b81d8249b3605ace4597fb13227ee996d86ee8be690a4ceedb5e2ca80571eb7f53045b0c41f759d670170a8eb534aa920e45d

Download Submit
C:\Windows\system\DwYhKaz.exe

Filesize
6.0MB

MD5
c69279017ef9b54155bf1251b4f3bbc5

SHA1
34b9dc181e355b43189d66ed95ae49766f7dae37

SHA256
48828893d52dc226f3293112af9eb6b48421d5a88c78daa02cb96eda842de5bc

SHA512
6e2b7a1e76692fed27edd09b48d6d0b58c8b7a4eb8b85f1f171412d79109fda2349714f09a12a070bb7eeec56f3eb8e1e4a5ddfd1d3e5b26862de552a7cb01d8

Download Submit
C:\Windows\system\GdvMkRe.exe

Filesize
6.0MB

MD5
4eeedc477bdde0e5e196ce882bf82d85

SHA1
d3ae270fa5c7cb00249429b6194e71b3bd3f1f38

SHA256
89b9f4bc59b459cd016eec84bc9eb7830b7596ca367b416e3baf06cb7704c5d6

SHA512
bf5be9812302a8f3bec909bc7849ad56803ec53d332c3bdf119e2bd72ab6820c0bb4ea317af7eada20fc7554abbc1454bb8a1d2b8f3c2890cda76cdda872ea48

Download Submit
C:\Windows\system\IWjCkuX.exe

Filesize
6.0MB

MD5
5be1a20fdcfe86ceaf60ff008c3f7673

SHA1
ec2f840880ce3e5c0e5a0be884c442fd039b3cff

SHA256
a14eebac4f65712b027a3ebd242d095120e7186b17bb6355966b2aff85c2c99c

SHA512
d860251a6639480bbdb5dfa246bb8424721cd1fa8c65f8dda25389c82644f217632508927b2179a258f1ee4f54c564199378262796be0becc93c84c788b1c0f2

Download Submit
C:\Windows\system\OJQybdJ.exe

Filesize
6.0MB

MD5
d6a2b93259469a41775a68dfc331a756

SHA1
b9fe23eb057ac3903534daa62cd63c756f8e2269

SHA256
e2c2377954c17bceae8e9fb5de947c589ba84942bfcfe58508f6c7cd09953626

SHA512
92caa15246b37d0e65c0f9044ce406a35063c45e3fd2a12681e6b7a07cd1c5205a3ed288c0c0fed385d59083b728c77843158ee6f4ad38a653f05e8a9680c163

Download Submit
C:\Windows\system\PrCbyqe.exe

Filesize
6.0MB

MD5
b77df4b784ddf507faca79c3d18fcb47

SHA1
4dcf2a5cb465a7e8d6e90074586a34cb42150d24

SHA256
0289719bdbe8e940988607507fe31f2afbd96386a522571c44611e91c189277d

SHA512
4727a220faa57a366dca97716a7e0491ca0f9524db017abff1b7c87051522d6d6250081549d0211a135156605910cb99d56ca503df7caa1b9d47081e5fa17097

Download Submit
C:\Windows\system\RepiRKX.exe

Filesize
6.0MB

MD5
3d745a2f6b713565183d923d3c2de1c0

SHA1
a8009ba1f8139b8b487a2e5f3c61a2d9579ec33c

SHA256
37f87763813ea7d364ec4309afa0da1143f32f40a8f9631a9b9f6fadbf6af543

SHA512
d0000c44ba9e4ee146450f5889e0a7aff77dfe284b447c442edb0887c608fb56cded67416ec7598c35853ad675d5dfafcad8ab7f7f5d8c98e93fa5d4b3cb122d

Download Submit
C:\Windows\system\RlSPEaM.exe

Filesize
6.0MB

MD5
815bfcea4cb0a7e0073af67806969a51

SHA1
f10ddc6ef6c00f5c7d2237b5fbdec41f538e61f1

SHA256
995176413d2d7ec489b81bfaecdd34c7f7c06bcbe758d0d41676c8112b88d1b0

SHA512
7058536611e4c3cd6502d23bdb56b0f0546838b31ca837054646ba7008228fb27653fd92955be39773ff9f585404496916d1a7a2ce5750a12b45fec32479ee1c

Download Submit
C:\Windows\system\RubEOUw.exe

Filesize
6.0MB

MD5
a40cdc44a339d2e81349f1ff573989f7

SHA1
cdc4b0ae53b06881d15034d7ddf73ae12b92bd68

SHA256
6cb3e496009d274e96dc64f1346bfb64d7b9e402a846a77833d50344bf4ba908

SHA512
306f4061735ca6b2b4d333f10ae03cabcef6da2a8358ef622f3534766fd3e2274b61605ad4223ddd66a1b7fcd27ed82056c5d6acc1cd8341e576a37d082b547a

Download Submit
C:\Windows\system\SAtvLNe.exe

Filesize
6.0MB

MD5
f3105ff01d9f1b44b2316a5d408c93ec

SHA1
0dfca3795f11a8516e90d20cdbf3bf5488b793a5

SHA256
3d42d00e5252b6fdcf4de7989f7bf560458898a6973088ec4d351ad813e506fe

SHA512
2c4dbbca7822fa7a24ba4d8aa8f1d5ea5a36c15548b591635857ef5dcacc1b5b8f77e52dff36bb1d325c8d1f39821bca1a2154dd83cfb1d4dcd1a40177765d5c

Download Submit
C:\Windows\system\TetEmdP.exe

Filesize
6.0MB

MD5
b3d88bebe4c173b57b932370efd43581

SHA1
d5734c7aa332bc95f36b73259b650b4ade606d2a

SHA256
bd863177506827781892c2ae3a33478f6c449efb47eda5a5fbe6590eb3498b9b

SHA512
7a6b38bf209cc9bf4845e91259432b470447e639b3f6835e21e360054d602c4c697c8c8fb9b5af61089ce64812249d14c964c61b9c396e6702c4b5d9b4c60705

Download Submit
C:\Windows\system\TstvTjw.exe

Filesize
6.0MB

MD5
79b34b5c7caeb460ce85bf7db406cbb6

SHA1
7c79b99d5f6402c5247a184a61f3b30a973b2e3b

SHA256
b955cea1efd51d0d5909ad8792d8b88209eb88c3318b4e937e2c563fef7b3420

SHA512
05aaadbb1e33cdc301008078b12819a55b2440c1de1657d4164dc2725a3753ad154aad5be683e3ebb1a32dd2f17f45eb8bb8cc193b071f56b48965d6d0b6e049

Download Submit
C:\Windows\system\Udlgdxj.exe

Filesize
6.0MB

MD5
78f801dfdc940585efae4e949321260f

SHA1
21f757b8624ce9e8bba759de7b6626d771de578a

SHA256
f1c491111da5dbc209693e48d30f54ca51f5dead6f43f10bec1bc4a1398b12ce

SHA512
942f2883e9321d08d6ff9046d962036f9da11d69d2f63f1721aeab943a1e5bc1db64933c7ee4f1989bb93147610a0b79687721cefec2e6f69ee89431f5113537

Download Submit
C:\Windows\system\WyfeDUE.exe

Filesize
6.0MB

MD5
5ecdd38520cdb26863966843cdf86810

SHA1
3e6295818e8c4dd8f47a6b3f982887e5b909c9cf

SHA256
363f92e892a2d9cf64473652d83708f1e00c02eee7d15ca0be2ae52bfd9b6035

SHA512
d6b7c1277684650b7bfead2a1f1d7c541b1b4e77f3994054e7c101199b5581df81da5f259df17fcacba140547a0536827d438f23cd0b5665b91030188fe3f41b

Download Submit
C:\Windows\system\Xsfodam.exe

Filesize
6.0MB

MD5
e77e2a26dfa417f66163c9f2c331f590

SHA1
f3394b1c1de6a72ef413706eed27d19000626d8a

SHA256
55d018dd41f3278cb40f9dd0761a13d0723c2f4f62afc81816a8e0dca2b67af5

SHA512
10347ed264c4466d39f90c95e684b2ca3f6822087c6a4b453c36b48e3af964cff4cf0a86fb7a87a2ea9440e435e6be5147bf171a3cc3e06203e08e3bfdbe114a

Download Submit
C:\Windows\system\aAohEBQ.exe

Filesize
6.0MB

MD5
592faaab21ffab82635f206618ad1301

SHA1
5be253382a6f78a21f0bf38ea69ee9c2e83ff5a2

SHA256
9dc11b67388d3083e1f0b107d4cebb682e0e704ac79a546877c36e66b85ebacc

SHA512
9b29d155fcec9df89b51a93d10be22ef426eefdb866137f7cc961f6e9c07bbc1f40b4473f5dfa5252702ffe401702f48edfa05ad45640ce350971d1c80e0ef73

Download Submit
C:\Windows\system\bZQZyIN.exe

Filesize
6.0MB

MD5
dea5dae66912f721ed11dc5911d42430

SHA1
01f532292027ecdc27e4fe91afe696ec93404b72

SHA256
f32635f2ad444ddd758a5df4910722935537bb6f17a150fc178fa8894df1dea6

SHA512
d9f63f5b260d56118dab537d496a0bc878f19a9be70f8ffb1439e9e7a89e4c89dbdd61358c3bc5275a9b235f9a3ee42297429c56df4dbec789c02c0ddadb22be

Download Submit
C:\Windows\system\cNZTuWK.exe

Filesize
6.0MB

MD5
828da62c2b2f3dd2e9e6f4fc8321fd35

SHA1
464dee018ced0699b5fb3c4f1b5c4dc7cef71fee

SHA256
81d57b51b26c9fa517ae6ec08ba27f4039eda15068cf7a52492a1508b557a255

SHA512
af8c898a4b55ee97bb112b81c0ea9d05fdefb3b39ab44f590b59fa9112bbf118cc4c164caf1e9ba67b781c1209a017dd097d81f7dded5d7fa6b02914f861b95a

Download Submit
C:\Windows\system\dePIaIe.exe

Filesize
6.0MB

MD5
4f0567f0ff272702ea150fe2f650a597

SHA1
d41cd6de0026dd79b1744cd6a40fa862de57caac

SHA256
45f0c11a13786f9f65291b8c48b5c34953dd9546d7fb10fa46ffe07e543a7977

SHA512
908ff6968736559f42e860d3606984d1c6866d5fca328b7f0d95aca1f1c88dee8d805017bd13f416c0d8ff7ba47f6662a2736bb3ebdddba01fc0dffcd71eec9d

Download Submit
C:\Windows\system\eZIsxsC.exe

Filesize
6.0MB

MD5
c8289a65ab5cc69686eefe438c893010

SHA1
18a2698253d77f350b8cec9f2f4959cbabd16585

SHA256
6880d356c4826f6064849de619d57cef54f53ad710947f857441b37c1bda5794

SHA512
fb8b8404d082abc23aed60dfbaf10030126e61a6c13035feaffac623ba5aac248983b066a162dc47b84853f18dff0a59ee890b557214d10c2cb38b40bee9d6af

Download Submit
C:\Windows\system\fAmyvpG.exe

Filesize
6.0MB

MD5
82cf178359033278e5a64c7a4d0c13aa

SHA1
db26db71d812aab81b9a7f25e865adb7ee5183d2

SHA256
f05fa55ed5b3232c9286eedd417f45ca43c3c737289ddc3a0c25dd7266eb1f2a

SHA512
6961a6ea775f6fecd1ccee55c2ce4ed30e82394fbdfbbba8d0eda15b7a1ab8980f0fd9165984d5e77a7d141dd8da26082c641d1029bd5619623490c2d2582419

Download Submit
C:\Windows\system\ibUwVSX.exe

Filesize
6.0MB

MD5
779bef59d55b246d33ed219f9a1b13ed

SHA1
8344b87c9568177ca54d36a44c6cc06d6d0e6e1d

SHA256
6f2b942e5a1bd00efede1ce006faa585998c0805641c5f0cd6d5a560fc9d939e

SHA512
381835cc36206322ecbc622aad2b2f912c921e1bff7de469481f4410b6ae8d45401c33531450640cc7b545827ef15355d8861560a69e15f8efc42127de45bf51

Download Submit
C:\Windows\system\mlGCxyN.exe

Filesize
6.0MB

MD5
14471dc9599dac28c30f52178df4817f

SHA1
4e30a43f41cb067dede4193965fe4a149247db50

SHA256
34f7a4aaa985c800ff7bd879d692999490f0aa9935636290b453cf087b32cd5f

SHA512
c292bd0d477471220faefc18e165bcc305782abdd8f3526501531d9e9fd468e5961cd1f301ca4f010fd8a6d9deadd94883e40b316340d14364bdc7af46d25c51

Download Submit
C:\Windows\system\pFrrfnY.exe

Filesize
6.0MB

MD5
3585fdfc5a7c9172d2ee4acef560a130

SHA1
6e8048783da2063fd3819a6167f0aec1f641cfb7

SHA256
91b5b4fc8aa2a7adfb1a0e8896a2c17e9aa8e1c91d5322c836fc686c13158287

SHA512
9200bbe3d557550bb852549d817c5832ac108c5892b3008f72fc667c9ebe528c93b4676579af98cdc4dc1dc49394daf3afa29661209aad081cc1a857abb19c30

Download Submit
C:\Windows\system\tuIoGJV.exe

Filesize
6.0MB

MD5
774173f1d939a517838a9eedc35fe280

SHA1
2f685cb7d765414d566c85e9ba88ef6b99cbbfbe

SHA256
a11101625d5c0fff1ab7211f7d14390c18146dc0660cf26f5903f19508764e54

SHA512
6fee7f9800e2f71d52e6ed6765d7b2106a27f3067feb6f88f1edc4744e9fe1629b64340d9e041313e48a409622ee54e8163c2c72bd379c0a6491a59e87876d1d

Download Submit
C:\Windows\system\tzeOdGn.exe

Filesize
6.0MB

MD5
a92c1b8f6f316b983d7e9171fd0ea600

SHA1
4fd7c58ea59780e02a61145e1b2597761a377141

SHA256
482bfd36bdaf98e3846b130cd3d9915bcbcd38aad844df9ce14a7e96ec944a69

SHA512
0d35ad137869d577ac68ee5893d82ea41b5f0d8f2bb9f52aefc5926f56ef04a0bac0cf7066dbc14caeaa31174b53bc2a524be9f6847476ce08e5e0bae82bb5d8

Download Submit
C:\Windows\system\xNJdDiA.exe

Filesize
6.0MB

MD5
c9780d97f861e5cee947cdadb16e1440

SHA1
a5c92324eee4c196668dd96af107e3d2b9f6d7f7

SHA256
6bfaaad9d430203f37c721e6f571405b6b36cfeb7efde41d8c0b89ae91ec8be2

SHA512
f1728b90fb586706337b7cb85bbd965f9098e8559f45b588898defda298ba7350628cf41f06317049a0c6399b4e3fefb07aae4be66867bd2026df4cda009b74f

Download Submit
C:\Windows\system\yHmvpkG.exe

Filesize
6.0MB

MD5
4da8eaa0dc9827bb3c61c9599ab86ba6

SHA1
cc46b929c8b846e8c34f0cb0ad28a6cd1feaee26

SHA256
5c5e3c9238840965bd899e7631501777aa7febca97b6ec78a935bd3a519253cd

SHA512
9b3624b5df3030de930984715b46a4b94ff08f36d90a862f3e941e8598a06ebd9bc50b2eac1ab6590947f1af57125e346e112ceee3d3fdbc908ec4041ff45a35

Download Submit
C:\Windows\system\zPDyXss.exe

Filesize
6.0MB

MD5
b37508d8091845d5f985de33f1f87241

SHA1
fa643aef8b4c9e57ac56684da9b68102a0b58090

SHA256
1840bb974ac8f350f9f75c353544039a575cbf8cb6d51c7a888a23a231524096

SHA512
643708a0cf5458553afa8b2763c55050f0f47139df961588cfe0c049c4dd34833daed1ab69527dcb62e76109a4192e56e69a6821314570781b87029acaa53bad

Download Submit
\Windows\system\ECauuLl.exe

Filesize
6.0MB

MD5
527094bdbfebca853c61ecc9c92862f1

SHA1
d5d707cee8a79a7b85e13cacb1000564c9994565

SHA256
7414ca309e3f98b9d9133914aa44fc99275aebd18cf3c8a47b2455fb7275cf1f

SHA512
cd6b3f2efe4eeeb6866061820dc68c6eadc9f70514024e031e909ba21d496cc0fed3075d770a36f8b2ae8df72f54ff0dafe1a7a219ec2a72afb4bba6efff3d81

Download Submit
\Windows\system\XcdcLri.exe

Filesize
6.0MB

MD5
2689414961aa9345106cc0bce41d1bc7

SHA1
ae3c0ffc5be2298fc77c73d0f50a08b1db6a345a

SHA256
9b885791fb5470d79df7e566944e5cf32e388dd30f4272d251b0b036e5ab99d2

SHA512
dfa21a5003ed116fb647eb7f9e2657a1b78b6a0d2e7709b11cf031902e6738f528d4bceb7741856ed1d1229ad81c69791c3151f09750a04997b2f94405888a15

Download Submit
memory/1028-4137-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/1028-2130-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/1968-4125-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/1968-2258-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1593-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-3250-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2544-1611-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2544-4110-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2576-1607-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2576-3989-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2596-1609-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2624-3988-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2624-1613-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2676-3131-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2676-22-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2700-14-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-3986-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3985-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-2324-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-15-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2832-2266-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-4148-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-4111-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1820-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2992-2059-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2992-3987-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/3048-3377-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/3048-3406-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-2294-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-2259-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-2642-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-0-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-1601-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/3048-3357-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/3048-1617-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/3048-3405-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/3048-3386-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-3363-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-3407-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/3048-2267-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/3048-3425-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/3048-3419-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-3410-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/3048-3504-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-30-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-12-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/3048-1608-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-2142-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/3048-1610-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/3048-2064-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/3048-1840-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-1612-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/3048-20-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download