cobaltstrike | be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27-12-2024 00:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
Size

6.0MB
MD5

7b8d373f1379fe2fd28a050023c41aa6
SHA1

5a3a5df0f31ab7f9e2352b97e2542b27636a6d52
SHA256

be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec
SHA512

f281483d523bf8202a3e7586223a9fb9df6d5e74d387217faa07f595bb1037fe0cda38e99a2d937007eaabcf8a04aad2b09b875a69a0230d9f0f940b16f6a60c
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUd:eOl56utgpPF8u/7d

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012116-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ca2-13.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd3-18.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cfe-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d1b-46.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d13-37.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d0b-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d24-53.dat	cobalt_reflective_dll
behavioral1/files/0x0035000000016c3d-65.dat	cobalt_reflective_dll
behavioral1/files/0x001500000001866d-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018690-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001879b-122.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190cd-127.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190d6-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-187.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019389-193.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019277-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019271-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924c-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019229-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019218-146.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f7-142.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-137.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018678-112.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001752f-99.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001748f-86.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174ac-93.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d36-85.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001747b-80.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2440-0-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012116-3.dat	xmrig
behavioral1/files/0x0008000000016ca2-13.dat	xmrig
behavioral1/memory/2764-14-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2732-12-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cd3-18.dat	xmrig
behavioral1/memory/2688-21-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/files/0x0008000000016cfe-26.dat	xmrig
behavioral1/memory/2932-34-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d1b-46.dat	xmrig
behavioral1/memory/2764-50-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2540-49-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2816-39-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2440-38-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d13-37.dat	xmrig
behavioral1/files/0x0007000000016d0b-32.dat	xmrig
behavioral1/memory/2192-28-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2688-51-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2192-52-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d24-53.dat	xmrig
behavioral1/memory/2440-59-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2932-61-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2816-69-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/236-68-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/files/0x0035000000016c3d-65.dat	xmrig
behavioral1/memory/2616-60-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2440-84-0x00000000022E0000-0x0000000002634000-memory.dmp	xmrig
behavioral1/memory/3060-88-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/files/0x001500000001866d-105.dat	xmrig
behavioral1/files/0x0005000000018690-117.dat	xmrig
behavioral1/files/0x000500000001879b-122.dat	xmrig
behavioral1/files/0x00060000000190cd-127.dat	xmrig
behavioral1/files/0x00060000000190d6-132.dat	xmrig
behavioral1/files/0x0005000000019382-187.dat	xmrig
behavioral1/memory/2440-1316-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2784-1067-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2440-1066-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2880-817-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2384-608-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x0005000000019389-193.dat	xmrig
behavioral1/files/0x0005000000019277-183.dat	xmrig
behavioral1/files/0x0005000000019271-173.dat	xmrig
behavioral1/files/0x0005000000019273-177.dat	xmrig
behavioral1/files/0x000500000001924c-163.dat	xmrig
behavioral1/files/0x000500000001926b-167.dat	xmrig
behavioral1/files/0x0005000000019229-152.dat	xmrig
behavioral1/files/0x0005000000019234-157.dat	xmrig
behavioral1/files/0x0005000000019218-146.dat	xmrig
behavioral1/files/0x00050000000191f7-142.dat	xmrig
behavioral1/files/0x00050000000191f3-137.dat	xmrig
behavioral1/files/0x0009000000018678-112.dat	xmrig
behavioral1/memory/2440-108-0x00000000022E0000-0x0000000002634000-memory.dmp	xmrig
behavioral1/memory/2784-102-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/files/0x000600000001752f-99.dat	xmrig
behavioral1/memory/2384-89-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x000600000001748f-86.dat	xmrig
behavioral1/memory/2880-95-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x00060000000174ac-93.dat	xmrig
behavioral1/files/0x0008000000016d36-85.dat	xmrig
behavioral1/memory/2128-83-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/files/0x000600000001747b-80.dat	xmrig
behavioral1/memory/2816-3900-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2732-3921-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2688-3920-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2732	ZPZeGFY.exe
2764	cqsbsOH.exe
2688	tLaEczN.exe
2192	klghgDY.exe
2932	YjQlVKN.exe
2816	vLGPaTp.exe
2540	iHiCdIo.exe
2616	MCWOXAA.exe
236	dmIKTOY.exe
2128	Gthmihq.exe
3060	lqHkfIr.exe
2384	WpNFjhY.exe
2880	WbLQbYm.exe
2784	hIZNLGC.exe
2864	fxciXji.exe
1736	ATByrvb.exe
1140	cnNqLfm.exe
556	MkXCgTO.exe
3004	JSNbZle.exe
2076	aVSqDWH.exe
2108	bvRVPjF.exe
848	zCmvPGW.exe
2004	fXCeIFv.exe
1036	aYsjRkT.exe
2188	dcxFtim.exe
2248	GpgttqJ.exe
2124	EpuTVqL.exe
2236	QmcShIK.exe
1080	rPypreC.exe
1784	FAGbNVg.exe
448	XsWSaGa.exe
1896	JLUJKGC.exe
1244	fuBZFRE.exe
940	dwdOBca.exe
824	SHDxgjf.exe
1848	ubsmvBC.exe
1356	uCGcOhg.exe
292	FXQVCra.exe
1704	kyHHvti.exe
1720	JpLUeVy.exe
692	umoxVtX.exe
700	lPxRRaj.exe
2344	kYZHawv.exe
2520	MHNsCvZ.exe
1948	AhqyYyV.exe
1460	FzDHKvh.exe
2464	RrcLyOl.exe
1472	sbVNTIs.exe
304	ZylrqTr.exe
2300	bMcFLuc.exe
2456	ZNctGpM.exe
1580	IIeFkcX.exe
2996	XBYOXNG.exe
1944	nuwJcjD.exe
2824	zVVnnBy.exe
2720	YoJRxtp.exe
2656	rdcJVyz.exe
2396	UnKfLVz.exe
2652	thwJVmt.exe
2576	zNdGQyN.exe
2608	KSsRTdF.exe
2840	PBxVAND.exe
2564	HinRdNh.exe
2712	gMtRwUO.exe

Loads dropped DLL 64 IoCs

pid	Process
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2440-0-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/files/0x0007000000012116-3.dat	upx
behavioral1/files/0x0008000000016ca2-13.dat	upx
behavioral1/memory/2764-14-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2732-12-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x0007000000016cd3-18.dat	upx
behavioral1/memory/2688-21-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/files/0x0008000000016cfe-26.dat	upx
behavioral1/memory/2932-34-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/files/0x0007000000016d1b-46.dat	upx
behavioral1/memory/2764-50-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2540-49-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2816-39-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2440-38-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/files/0x0007000000016d13-37.dat	upx
behavioral1/files/0x0007000000016d0b-32.dat	upx
behavioral1/memory/2192-28-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2688-51-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2192-52-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/files/0x0007000000016d24-53.dat	upx
behavioral1/memory/2932-61-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2816-69-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/236-68-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x0035000000016c3d-65.dat	upx
behavioral1/memory/2616-60-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/3060-88-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/files/0x001500000001866d-105.dat	upx
behavioral1/files/0x0005000000018690-117.dat	upx
behavioral1/files/0x000500000001879b-122.dat	upx
behavioral1/files/0x00060000000190cd-127.dat	upx
behavioral1/files/0x00060000000190d6-132.dat	upx
behavioral1/files/0x0005000000019382-187.dat	upx
behavioral1/memory/2784-1067-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2880-817-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2384-608-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x0005000000019389-193.dat	upx
behavioral1/files/0x0005000000019277-183.dat	upx
behavioral1/files/0x0005000000019271-173.dat	upx
behavioral1/files/0x0005000000019273-177.dat	upx
behavioral1/files/0x000500000001924c-163.dat	upx
behavioral1/files/0x000500000001926b-167.dat	upx
behavioral1/files/0x0005000000019229-152.dat	upx
behavioral1/files/0x0005000000019234-157.dat	upx
behavioral1/files/0x0005000000019218-146.dat	upx
behavioral1/files/0x00050000000191f7-142.dat	upx
behavioral1/files/0x00050000000191f3-137.dat	upx
behavioral1/files/0x0009000000018678-112.dat	upx
behavioral1/memory/2784-102-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2440-101-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/files/0x000600000001752f-99.dat	upx
behavioral1/memory/2384-89-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x000600000001748f-86.dat	upx
behavioral1/memory/2880-95-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x00060000000174ac-93.dat	upx
behavioral1/files/0x0008000000016d36-85.dat	upx
behavioral1/memory/2128-83-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/files/0x000600000001747b-80.dat	upx
behavioral1/memory/2816-3900-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2732-3921-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2688-3920-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2764-3908-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2932-3923-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2540-3922-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/3060-3975-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\weujUyz.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\GiVRnSg.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\joxsWTp.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\UYYGFyo.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\nEowgoH.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\RCGmqjo.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\yflXzpN.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\eTHaYrD.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\wmhzgDO.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\amjCLGp.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\tErKvBN.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\JlcYzRX.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\QvXJviF.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\tRBFbzJ.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\boWKNTv.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\nDVBWZY.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\gBYPMzA.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\OgHHRrx.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\jFHDhAR.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\VVVyVVt.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\PBxVAND.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\bZIWKqS.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\vXEfPQH.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\fohgXtt.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\uctiGDZ.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\FWulJAJ.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\almginP.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\HqZPmWv.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\uZBMBXF.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\cNNzloZ.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\NZVCEYi.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\PHWSTQf.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\vvMtpnq.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\JLUJKGC.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\AsZXjmz.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\bfGBdvK.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\qNJJWyo.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\bFOynhh.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\yRtVsAq.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\tnNcUAe.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\bRZZVOG.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\wXGsfse.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\NCtynYt.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\bkjVBRu.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\ffMzgvb.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\ALixWvf.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\gMtRwUO.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\IWXktTT.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\ajPNcNN.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\IIeFkcX.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\RsAGgMH.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\rRUTpAj.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\XvqAkOJ.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\umoxVtX.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\NMKtheU.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\FXyhOih.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\wKMwUGh.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\YkUAIqh.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\EOdGcxJ.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\StbuWLZ.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\wBPlaIm.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\sDQvCSu.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\VHQNJlA.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
File created	C:\Windows\System\EpuTVqL.exe	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 2732	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	31
PID 2440 wrote to memory of 2732	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	31
PID 2440 wrote to memory of 2732	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	31
PID 2440 wrote to memory of 2764	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	32
PID 2440 wrote to memory of 2764	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	32
PID 2440 wrote to memory of 2764	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	32
PID 2440 wrote to memory of 2688	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	33
PID 2440 wrote to memory of 2688	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	33
PID 2440 wrote to memory of 2688	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	33
PID 2440 wrote to memory of 2192	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	34
PID 2440 wrote to memory of 2192	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	34
PID 2440 wrote to memory of 2192	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	34
PID 2440 wrote to memory of 2932	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	35
PID 2440 wrote to memory of 2932	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	35
PID 2440 wrote to memory of 2932	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	35
PID 2440 wrote to memory of 2816	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	36
PID 2440 wrote to memory of 2816	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	36
PID 2440 wrote to memory of 2816	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	36
PID 2440 wrote to memory of 2540	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	37
PID 2440 wrote to memory of 2540	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	37
PID 2440 wrote to memory of 2540	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	37
PID 2440 wrote to memory of 2616	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	38
PID 2440 wrote to memory of 2616	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	38
PID 2440 wrote to memory of 2616	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	38
PID 2440 wrote to memory of 236	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	39
PID 2440 wrote to memory of 236	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	39
PID 2440 wrote to memory of 236	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	39
PID 2440 wrote to memory of 3060	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	40
PID 2440 wrote to memory of 3060	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	40
PID 2440 wrote to memory of 3060	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	40
PID 2440 wrote to memory of 2128	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	41
PID 2440 wrote to memory of 2128	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	41
PID 2440 wrote to memory of 2128	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	41
PID 2440 wrote to memory of 2384	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	42
PID 2440 wrote to memory of 2384	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	42
PID 2440 wrote to memory of 2384	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	42
PID 2440 wrote to memory of 2880	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	43
PID 2440 wrote to memory of 2880	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	43
PID 2440 wrote to memory of 2880	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	43
PID 2440 wrote to memory of 2784	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	44
PID 2440 wrote to memory of 2784	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	44
PID 2440 wrote to memory of 2784	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	44
PID 2440 wrote to memory of 2864	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	45
PID 2440 wrote to memory of 2864	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	45
PID 2440 wrote to memory of 2864	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	45
PID 2440 wrote to memory of 1736	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	46
PID 2440 wrote to memory of 1736	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	46
PID 2440 wrote to memory of 1736	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	46
PID 2440 wrote to memory of 1140	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	47
PID 2440 wrote to memory of 1140	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	47
PID 2440 wrote to memory of 1140	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	47
PID 2440 wrote to memory of 556	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	48
PID 2440 wrote to memory of 556	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	48
PID 2440 wrote to memory of 556	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	48
PID 2440 wrote to memory of 3004	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	49
PID 2440 wrote to memory of 3004	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	49
PID 2440 wrote to memory of 3004	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	49
PID 2440 wrote to memory of 2076	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	50
PID 2440 wrote to memory of 2076	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	50
PID 2440 wrote to memory of 2076	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	50
PID 2440 wrote to memory of 2108	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	51
PID 2440 wrote to memory of 2108	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	51
PID 2440 wrote to memory of 2108	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	51
PID 2440 wrote to memory of 848	2440	JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_be66de871902854eb655a01b1dc2e9d4612c5f645883e781babc3930f7fb0fec.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Windows\System\ZPZeGFY.exe
  C:\Windows\System\ZPZeGFY.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\cqsbsOH.exe
  C:\Windows\System\cqsbsOH.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\tLaEczN.exe
  C:\Windows\System\tLaEczN.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\klghgDY.exe
  C:\Windows\System\klghgDY.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\YjQlVKN.exe
  C:\Windows\System\YjQlVKN.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\vLGPaTp.exe
  C:\Windows\System\vLGPaTp.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\iHiCdIo.exe
  C:\Windows\System\iHiCdIo.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\MCWOXAA.exe
  C:\Windows\System\MCWOXAA.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\dmIKTOY.exe
  C:\Windows\System\dmIKTOY.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\lqHkfIr.exe
  C:\Windows\System\lqHkfIr.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\Gthmihq.exe
  C:\Windows\System\Gthmihq.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\WpNFjhY.exe
  C:\Windows\System\WpNFjhY.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\WbLQbYm.exe
  C:\Windows\System\WbLQbYm.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\hIZNLGC.exe
  C:\Windows\System\hIZNLGC.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\fxciXji.exe
  C:\Windows\System\fxciXji.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\ATByrvb.exe
  C:\Windows\System\ATByrvb.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\cnNqLfm.exe
  C:\Windows\System\cnNqLfm.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\MkXCgTO.exe
  C:\Windows\System\MkXCgTO.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\JSNbZle.exe
  C:\Windows\System\JSNbZle.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\aVSqDWH.exe
  C:\Windows\System\aVSqDWH.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\bvRVPjF.exe
  C:\Windows\System\bvRVPjF.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\zCmvPGW.exe
  C:\Windows\System\zCmvPGW.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\fXCeIFv.exe
  C:\Windows\System\fXCeIFv.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\aYsjRkT.exe
  C:\Windows\System\aYsjRkT.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\dcxFtim.exe
  C:\Windows\System\dcxFtim.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\GpgttqJ.exe
  C:\Windows\System\GpgttqJ.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\EpuTVqL.exe
  C:\Windows\System\EpuTVqL.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\QmcShIK.exe
  C:\Windows\System\QmcShIK.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\rPypreC.exe
  C:\Windows\System\rPypreC.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\FAGbNVg.exe
  C:\Windows\System\FAGbNVg.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\XsWSaGa.exe
  C:\Windows\System\XsWSaGa.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\JLUJKGC.exe
  C:\Windows\System\JLUJKGC.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\fuBZFRE.exe
  C:\Windows\System\fuBZFRE.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\dwdOBca.exe
  C:\Windows\System\dwdOBca.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\SHDxgjf.exe
  C:\Windows\System\SHDxgjf.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\ubsmvBC.exe
  C:\Windows\System\ubsmvBC.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\uCGcOhg.exe
  C:\Windows\System\uCGcOhg.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\FXQVCra.exe
  C:\Windows\System\FXQVCra.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\kyHHvti.exe
  C:\Windows\System\kyHHvti.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\JpLUeVy.exe
  C:\Windows\System\JpLUeVy.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\umoxVtX.exe
  C:\Windows\System\umoxVtX.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\lPxRRaj.exe
  C:\Windows\System\lPxRRaj.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\kYZHawv.exe
  C:\Windows\System\kYZHawv.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\AhqyYyV.exe
  C:\Windows\System\AhqyYyV.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\MHNsCvZ.exe
  C:\Windows\System\MHNsCvZ.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\FzDHKvh.exe
  C:\Windows\System\FzDHKvh.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\RrcLyOl.exe
  C:\Windows\System\RrcLyOl.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\sbVNTIs.exe
  C:\Windows\System\sbVNTIs.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\ZylrqTr.exe
  C:\Windows\System\ZylrqTr.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\ZNctGpM.exe
  C:\Windows\System\ZNctGpM.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\bMcFLuc.exe
  C:\Windows\System\bMcFLuc.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\XBYOXNG.exe
  C:\Windows\System\XBYOXNG.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\IIeFkcX.exe
  C:\Windows\System\IIeFkcX.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\nuwJcjD.exe
  C:\Windows\System\nuwJcjD.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\zVVnnBy.exe
  C:\Windows\System\zVVnnBy.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\YoJRxtp.exe
  C:\Windows\System\YoJRxtp.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\rdcJVyz.exe
  C:\Windows\System\rdcJVyz.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\UnKfLVz.exe
  C:\Windows\System\UnKfLVz.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\thwJVmt.exe
  C:\Windows\System\thwJVmt.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\zNdGQyN.exe
  C:\Windows\System\zNdGQyN.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\KSsRTdF.exe
  C:\Windows\System\KSsRTdF.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\PBxVAND.exe
  C:\Windows\System\PBxVAND.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\HinRdNh.exe
  C:\Windows\System\HinRdNh.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\gMtRwUO.exe
  C:\Windows\System\gMtRwUO.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\QRjFhua.exe
  C:\Windows\System\QRjFhua.exe
  2⤵
  PID:332
- C:\Windows\System\vyfeWEY.exe
  C:\Windows\System\vyfeWEY.exe
  2⤵
  PID:1776
- C:\Windows\System\ApSTLIN.exe
  C:\Windows\System\ApSTLIN.exe
  2⤵
  PID:2016
- C:\Windows\System\iieLboJ.exe
  C:\Windows\System\iieLboJ.exe
  2⤵
  PID:2452
- C:\Windows\System\EWHmNRR.exe
  C:\Windows\System\EWHmNRR.exe
  2⤵
  PID:1264
- C:\Windows\System\hLdlvxE.exe
  C:\Windows\System\hLdlvxE.exe
  2⤵
  PID:348
- C:\Windows\System\LMuGpSt.exe
  C:\Windows\System\LMuGpSt.exe
  2⤵
  PID:3008
- C:\Windows\System\hMXozxq.exe
  C:\Windows\System\hMXozxq.exe
  2⤵
  PID:1424
- C:\Windows\System\CHMgxjf.exe
  C:\Windows\System\CHMgxjf.exe
  2⤵
  PID:2332
- C:\Windows\System\zyjUEqU.exe
  C:\Windows\System\zyjUEqU.exe
  2⤵
  PID:2960
- C:\Windows\System\DzNIwYy.exe
  C:\Windows\System\DzNIwYy.exe
  2⤵
  PID:2312
- C:\Windows\System\wIxPpIZ.exe
  C:\Windows\System\wIxPpIZ.exe
  2⤵
  PID:844
- C:\Windows\System\nzpQVfg.exe
  C:\Windows\System\nzpQVfg.exe
  2⤵
  PID:1464
- C:\Windows\System\MTARWih.exe
  C:\Windows\System\MTARWih.exe
  2⤵
  PID:1092
- C:\Windows\System\zHobkfv.exe
  C:\Windows\System\zHobkfv.exe
  2⤵
  PID:1676
- C:\Windows\System\JFgNYPW.exe
  C:\Windows\System\JFgNYPW.exe
  2⤵
  PID:1928
- C:\Windows\System\PDXRoaj.exe
  C:\Windows\System\PDXRoaj.exe
  2⤵
  PID:1492
- C:\Windows\System\FeQfZrg.exe
  C:\Windows\System\FeQfZrg.exe
  2⤵
  PID:1768
- C:\Windows\System\oYNZLvo.exe
  C:\Windows\System\oYNZLvo.exe
  2⤵
  PID:2380
- C:\Windows\System\tSvyyOM.exe
  C:\Windows\System\tSvyyOM.exe
  2⤵
  PID:888
- C:\Windows\System\kXhDSgV.exe
  C:\Windows\System\kXhDSgV.exe
  2⤵
  PID:2100
- C:\Windows\System\gUINTCI.exe
  C:\Windows\System\gUINTCI.exe
  2⤵
  PID:2356
- C:\Windows\System\wnYEnfA.exe
  C:\Windows\System\wnYEnfA.exe
  2⤵
  PID:356
- C:\Windows\System\GUDXyHe.exe
  C:\Windows\System\GUDXyHe.exe
  2⤵
  PID:2256
- C:\Windows\System\yYtJWyY.exe
  C:\Windows\System\yYtJWyY.exe
  2⤵
  PID:2252
- C:\Windows\System\TsgArIo.exe
  C:\Windows\System\TsgArIo.exe
  2⤵
  PID:1692
- C:\Windows\System\sydjdkY.exe
  C:\Windows\System\sydjdkY.exe
  2⤵
  PID:1548
- C:\Windows\System\bvJiFNa.exe
  C:\Windows\System\bvJiFNa.exe
  2⤵
  PID:2752
- C:\Windows\System\fAuOCEd.exe
  C:\Windows\System\fAuOCEd.exe
  2⤵
  PID:2696
- C:\Windows\System\YSSpbkO.exe
  C:\Windows\System\YSSpbkO.exe
  2⤵
  PID:2572
- C:\Windows\System\uAqglwd.exe
  C:\Windows\System\uAqglwd.exe
  2⤵
  PID:2024
- C:\Windows\System\kRtUkTZ.exe
  C:\Windows\System\kRtUkTZ.exe
  2⤵
  PID:2588
- C:\Windows\System\PxFcGrZ.exe
  C:\Windows\System\PxFcGrZ.exe
  2⤵
  PID:2700
- C:\Windows\System\OqXqNFP.exe
  C:\Windows\System\OqXqNFP.exe
  2⤵
  PID:2992
- C:\Windows\System\fPuVGTe.exe
  C:\Windows\System\fPuVGTe.exe
  2⤵
  PID:2812
- C:\Windows\System\wqgXcYp.exe
  C:\Windows\System\wqgXcYp.exe
  2⤵
  PID:808
- C:\Windows\System\SVlwrZB.exe
  C:\Windows\System\SVlwrZB.exe
  2⤵
  PID:2800
- C:\Windows\System\nQIWlHw.exe
  C:\Windows\System\nQIWlHw.exe
  2⤵
  PID:2292
- C:\Windows\System\fKkcHXY.exe
  C:\Windows\System\fKkcHXY.exe
  2⤵
  PID:2788
- C:\Windows\System\cBeniEr.exe
  C:\Windows\System\cBeniEr.exe
  2⤵
  PID:1792
- C:\Windows\System\VOsNvyC.exe
  C:\Windows\System\VOsNvyC.exe
  2⤵
  PID:1908
- C:\Windows\System\HPSsgRi.exe
  C:\Windows\System\HPSsgRi.exe
  2⤵
  PID:2444
- C:\Windows\System\WLZsKIw.exe
  C:\Windows\System\WLZsKIw.exe
  2⤵
  PID:1532
- C:\Windows\System\yylahsi.exe
  C:\Windows\System\yylahsi.exe
  2⤵
  PID:1236
- C:\Windows\System\fEKsclv.exe
  C:\Windows\System\fEKsclv.exe
  2⤵
  PID:1352
- C:\Windows\System\aNZAxHA.exe
  C:\Windows\System\aNZAxHA.exe
  2⤵
  PID:660
- C:\Windows\System\qiSoZYk.exe
  C:\Windows\System\qiSoZYk.exe
  2⤵
  PID:1980
- C:\Windows\System\ZAxqmUV.exe
  C:\Windows\System\ZAxqmUV.exe
  2⤵
  PID:2924
- C:\Windows\System\tWZaVsW.exe
  C:\Windows\System\tWZaVsW.exe
  2⤵
  PID:288
- C:\Windows\System\UJAGaNl.exe
  C:\Windows\System\UJAGaNl.exe
  2⤵
  PID:2820
- C:\Windows\System\EfWckfO.exe
  C:\Windows\System\EfWckfO.exe
  2⤵
  PID:2892
- C:\Windows\System\DPydMva.exe
  C:\Windows\System\DPydMva.exe
  2⤵
  PID:2828
- C:\Windows\System\NMKtheU.exe
  C:\Windows\System\NMKtheU.exe
  2⤵
  PID:2676
- C:\Windows\System\BAwrRMv.exe
  C:\Windows\System\BAwrRMv.exe
  2⤵
  PID:2012
- C:\Windows\System\zLauaug.exe
  C:\Windows\System\zLauaug.exe
  2⤵
  PID:532
- C:\Windows\System\hCDZZDz.exe
  C:\Windows\System\hCDZZDz.exe
  2⤵
  PID:2376
- C:\Windows\System\HvZXbtG.exe
  C:\Windows\System\HvZXbtG.exe
  2⤵
  PID:3080
- C:\Windows\System\NtSkavA.exe
  C:\Windows\System\NtSkavA.exe
  2⤵
  PID:3096
- C:\Windows\System\OGgTGRQ.exe
  C:\Windows\System\OGgTGRQ.exe
  2⤵
  PID:3136
- C:\Windows\System\JZhnQXq.exe
  C:\Windows\System\JZhnQXq.exe
  2⤵
  PID:3152
- C:\Windows\System\jhkdZan.exe
  C:\Windows\System\jhkdZan.exe
  2⤵
  PID:3176
- C:\Windows\System\BNJMmIS.exe
  C:\Windows\System\BNJMmIS.exe
  2⤵
  PID:3196
- C:\Windows\System\MPcKidi.exe
  C:\Windows\System\MPcKidi.exe
  2⤵
  PID:3216
- C:\Windows\System\XCKjGST.exe
  C:\Windows\System\XCKjGST.exe
  2⤵
  PID:3236
- C:\Windows\System\NphGJqy.exe
  C:\Windows\System\NphGJqy.exe
  2⤵
  PID:3264
- C:\Windows\System\fmkeVcF.exe
  C:\Windows\System\fmkeVcF.exe
  2⤵
  PID:3284
- C:\Windows\System\bSTTIQw.exe
  C:\Windows\System\bSTTIQw.exe
  2⤵
  PID:3304
- C:\Windows\System\BWATmBO.exe
  C:\Windows\System\BWATmBO.exe
  2⤵
  PID:3320
- C:\Windows\System\YtbIjGQ.exe
  C:\Windows\System\YtbIjGQ.exe
  2⤵
  PID:3340
- C:\Windows\System\lxCSIud.exe
  C:\Windows\System\lxCSIud.exe
  2⤵
  PID:3360
- C:\Windows\System\hvGJVUM.exe
  C:\Windows\System\hvGJVUM.exe
  2⤵
  PID:3380
- C:\Windows\System\eaJPWrK.exe
  C:\Windows\System\eaJPWrK.exe
  2⤵
  PID:3396
- C:\Windows\System\AusFsro.exe
  C:\Windows\System\AusFsro.exe
  2⤵
  PID:3412
- C:\Windows\System\txsasmt.exe
  C:\Windows\System\txsasmt.exe
  2⤵
  PID:3432
- C:\Windows\System\smGDJFI.exe
  C:\Windows\System\smGDJFI.exe
  2⤵
  PID:3464
- C:\Windows\System\tAcjCRk.exe
  C:\Windows\System\tAcjCRk.exe
  2⤵
  PID:3484
- C:\Windows\System\MuVUish.exe
  C:\Windows\System\MuVUish.exe
  2⤵
  PID:3504
- C:\Windows\System\MMyIxqV.exe
  C:\Windows\System\MMyIxqV.exe
  2⤵
  PID:3524
- C:\Windows\System\NYUHRfY.exe
  C:\Windows\System\NYUHRfY.exe
  2⤵
  PID:3540
- C:\Windows\System\nWRpMYl.exe
  C:\Windows\System\nWRpMYl.exe
  2⤵
  PID:3556
- C:\Windows\System\XwQsZQh.exe
  C:\Windows\System\XwQsZQh.exe
  2⤵
  PID:3580
- C:\Windows\System\ObTwNdh.exe
  C:\Windows\System\ObTwNdh.exe
  2⤵
  PID:3600
- C:\Windows\System\IZrseuS.exe
  C:\Windows\System\IZrseuS.exe
  2⤵
  PID:3620
- C:\Windows\System\GliFZDe.exe
  C:\Windows\System\GliFZDe.exe
  2⤵
  PID:3640
- C:\Windows\System\RXOBMCD.exe
  C:\Windows\System\RXOBMCD.exe
  2⤵
  PID:3660
- C:\Windows\System\rzlXyVy.exe
  C:\Windows\System\rzlXyVy.exe
  2⤵
  PID:3676
- C:\Windows\System\zkVcLYG.exe
  C:\Windows\System\zkVcLYG.exe
  2⤵
  PID:3692
- C:\Windows\System\JMLXRwH.exe
  C:\Windows\System\JMLXRwH.exe
  2⤵
  PID:3708
- C:\Windows\System\dqBnrEk.exe
  C:\Windows\System\dqBnrEk.exe
  2⤵
  PID:3724
- C:\Windows\System\oyVwQrm.exe
  C:\Windows\System\oyVwQrm.exe
  2⤵
  PID:3752
- C:\Windows\System\BgOYrEc.exe
  C:\Windows\System\BgOYrEc.exe
  2⤵
  PID:3780
- C:\Windows\System\cZlRNuv.exe
  C:\Windows\System\cZlRNuv.exe
  2⤵
  PID:3804
- C:\Windows\System\qpwLjjn.exe
  C:\Windows\System\qpwLjjn.exe
  2⤵
  PID:3820
- C:\Windows\System\kEVBdvJ.exe
  C:\Windows\System\kEVBdvJ.exe
  2⤵
  PID:3836
- C:\Windows\System\kKVscCc.exe
  C:\Windows\System\kKVscCc.exe
  2⤵
  PID:3856
- C:\Windows\System\WHPozKf.exe
  C:\Windows\System\WHPozKf.exe
  2⤵
  PID:3880
- C:\Windows\System\JJQlodg.exe
  C:\Windows\System\JJQlodg.exe
  2⤵
  PID:3896
- C:\Windows\System\QHCCkwm.exe
  C:\Windows\System\QHCCkwm.exe
  2⤵
  PID:3924
- C:\Windows\System\UWJtiFp.exe
  C:\Windows\System\UWJtiFp.exe
  2⤵
  PID:3940
- C:\Windows\System\wubGlLt.exe
  C:\Windows\System\wubGlLt.exe
  2⤵
  PID:3960
- C:\Windows\System\uwmEuyd.exe
  C:\Windows\System\uwmEuyd.exe
  2⤵
  PID:3980
- C:\Windows\System\wffuxGP.exe
  C:\Windows\System\wffuxGP.exe
  2⤵
  PID:4000
- C:\Windows\System\pLfIIFM.exe
  C:\Windows\System\pLfIIFM.exe
  2⤵
  PID:4020
- C:\Windows\System\PFHajNf.exe
  C:\Windows\System\PFHajNf.exe
  2⤵
  PID:4044
- C:\Windows\System\jgTXSlA.exe
  C:\Windows\System\jgTXSlA.exe
  2⤵
  PID:4060
- C:\Windows\System\FWkwEtk.exe
  C:\Windows\System\FWkwEtk.exe
  2⤵
  PID:4084
- C:\Windows\System\LZnpPWM.exe
  C:\Windows\System\LZnpPWM.exe
  2⤵
  PID:1232
- C:\Windows\System\tNMMeit.exe
  C:\Windows\System\tNMMeit.exe
  2⤵
  PID:624
- C:\Windows\System\SRMgTxI.exe
  C:\Windows\System\SRMgTxI.exe
  2⤵
  PID:1732
- C:\Windows\System\RUPoEjF.exe
  C:\Windows\System\RUPoEjF.exe
  2⤵
  PID:2204
- C:\Windows\System\VgDPglg.exe
  C:\Windows\System\VgDPglg.exe
  2⤵
  PID:680
- C:\Windows\System\HROxDLx.exe
  C:\Windows\System\HROxDLx.exe
  2⤵
  PID:1936
- C:\Windows\System\aEIXRQj.exe
  C:\Windows\System\aEIXRQj.exe
  2⤵
  PID:2280
- C:\Windows\System\PARsNSm.exe
  C:\Windows\System\PARsNSm.exe
  2⤵
  PID:2952
- C:\Windows\System\CiGvDdz.exe
  C:\Windows\System\CiGvDdz.exe
  2⤵
  PID:2736
- C:\Windows\System\lSnPhie.exe
  C:\Windows\System\lSnPhie.exe
  2⤵
  PID:2140
- C:\Windows\System\uYEuzAI.exe
  C:\Windows\System\uYEuzAI.exe
  2⤵
  PID:2168
- C:\Windows\System\qMXETBY.exe
  C:\Windows\System\qMXETBY.exe
  2⤵
  PID:476
- C:\Windows\System\GDfURzS.exe
  C:\Windows\System\GDfURzS.exe
  2⤵
  PID:3148
- C:\Windows\System\ynuBHmQ.exe
  C:\Windows\System\ynuBHmQ.exe
  2⤵
  PID:3112
- C:\Windows\System\dYseEEy.exe
  C:\Windows\System\dYseEEy.exe
  2⤵
  PID:3128
- C:\Windows\System\eTHaYrD.exe
  C:\Windows\System\eTHaYrD.exe
  2⤵
  PID:3232
- C:\Windows\System\iPJuZui.exe
  C:\Windows\System\iPJuZui.exe
  2⤵
  PID:3272
- C:\Windows\System\xfYHpbA.exe
  C:\Windows\System\xfYHpbA.exe
  2⤵
  PID:3204
- C:\Windows\System\UYcLhQx.exe
  C:\Windows\System\UYcLhQx.exe
  2⤵
  PID:3348
- C:\Windows\System\JXbKsmS.exe
  C:\Windows\System\JXbKsmS.exe
  2⤵
  PID:3424
- C:\Windows\System\apxyfwM.exe
  C:\Windows\System\apxyfwM.exe
  2⤵
  PID:3336
- C:\Windows\System\BcElzez.exe
  C:\Windows\System\BcElzez.exe
  2⤵
  PID:3368
- C:\Windows\System\weujUyz.exe
  C:\Windows\System\weujUyz.exe
  2⤵
  PID:3520
- C:\Windows\System\upNLiNc.exe
  C:\Windows\System\upNLiNc.exe
  2⤵
  PID:3444
- C:\Windows\System\jbNTDEm.exe
  C:\Windows\System\jbNTDEm.exe
  2⤵
  PID:3596
- C:\Windows\System\zbJSBVR.exe
  C:\Windows\System\zbJSBVR.exe
  2⤵
  PID:3496
- C:\Windows\System\gXVLXwF.exe
  C:\Windows\System\gXVLXwF.exe
  2⤵
  PID:3500
- C:\Windows\System\PdHZCaK.exe
  C:\Windows\System\PdHZCaK.exe
  2⤵
  PID:3564
- C:\Windows\System\yfxayxw.exe
  C:\Windows\System\yfxayxw.exe
  2⤵
  PID:3704
- C:\Windows\System\DrcTWXC.exe
  C:\Windows\System\DrcTWXC.exe
  2⤵
  PID:3732
- C:\Windows\System\FXyhOih.exe
  C:\Windows\System\FXyhOih.exe
  2⤵
  PID:3744
- C:\Windows\System\XIPgJjw.exe
  C:\Windows\System\XIPgJjw.exe
  2⤵
  PID:3760
- C:\Windows\System\OgIKADS.exe
  C:\Windows\System\OgIKADS.exe
  2⤵
  PID:3684
- C:\Windows\System\reSbPjv.exe
  C:\Windows\System\reSbPjv.exe
  2⤵
  PID:3800
- C:\Windows\System\FApoAXa.exe
  C:\Windows\System\FApoAXa.exe
  2⤵
  PID:3876
- C:\Windows\System\iOIhpuS.exe
  C:\Windows\System\iOIhpuS.exe
  2⤵
  PID:3904
- C:\Windows\System\ROiZqer.exe
  C:\Windows\System\ROiZqer.exe
  2⤵
  PID:3920
- C:\Windows\System\UeaNyQW.exe
  C:\Windows\System\UeaNyQW.exe
  2⤵
  PID:3988
- C:\Windows\System\GiVRnSg.exe
  C:\Windows\System\GiVRnSg.exe
  2⤵
  PID:4028
- C:\Windows\System\kAfCvhV.exe
  C:\Windows\System\kAfCvhV.exe
  2⤵
  PID:3968
- C:\Windows\System\DutQsEb.exe
  C:\Windows\System\DutQsEb.exe
  2⤵
  PID:4076
- C:\Windows\System\xBRTIbK.exe
  C:\Windows\System\xBRTIbK.exe
  2⤵
  PID:2164
- C:\Windows\System\KnFwHZt.exe
  C:\Windows\System\KnFwHZt.exe
  2⤵
  PID:4056
- C:\Windows\System\dEubObS.exe
  C:\Windows\System\dEubObS.exe
  2⤵
  PID:2184
- C:\Windows\System\cHJbSsl.exe
  C:\Windows\System\cHJbSsl.exe
  2⤵
  PID:2372
- C:\Windows\System\IPNAyio.exe
  C:\Windows\System\IPNAyio.exe
  2⤵
  PID:2964
- C:\Windows\System\WNhsUHB.exe
  C:\Windows\System\WNhsUHB.exe
  2⤵
  PID:1576
- C:\Windows\System\pguIzMw.exe
  C:\Windows\System\pguIzMw.exe
  2⤵
  PID:3188
- C:\Windows\System\BhLlvWk.exe
  C:\Windows\System\BhLlvWk.exe
  2⤵
  PID:3164
- C:\Windows\System\bZIWKqS.exe
  C:\Windows\System\bZIWKqS.exe
  2⤵
  PID:3356
- C:\Windows\System\BCXNigs.exe
  C:\Windows\System\BCXNigs.exe
  2⤵
  PID:1780
- C:\Windows\System\XBvwkOG.exe
  C:\Windows\System\XBvwkOG.exe
  2⤵
  PID:3144
- C:\Windows\System\LlYUHrl.exe
  C:\Windows\System\LlYUHrl.exe
  2⤵
  PID:3212
- C:\Windows\System\JgqBtDZ.exe
  C:\Windows\System\JgqBtDZ.exe
  2⤵
  PID:3408
- C:\Windows\System\pDycKTX.exe
  C:\Windows\System\pDycKTX.exe
  2⤵
  PID:3552
- C:\Windows\System\lEGbYAO.exe
  C:\Windows\System\lEGbYAO.exe
  2⤵
  PID:3300
- C:\Windows\System\SEOKwpi.exe
  C:\Windows\System\SEOKwpi.exe
  2⤵
  PID:3476
- C:\Windows\System\vUGoGhj.exe
  C:\Windows\System\vUGoGhj.exe
  2⤵
  PID:3688
- C:\Windows\System\OGktLZN.exe
  C:\Windows\System\OGktLZN.exe
  2⤵
  PID:3720
- C:\Windows\System\vrqVEYC.exe
  C:\Windows\System\vrqVEYC.exe
  2⤵
  PID:3776
- C:\Windows\System\tTajIOk.exe
  C:\Windows\System\tTajIOk.exe
  2⤵
  PID:3832
- C:\Windows\System\nIZuPwX.exe
  C:\Windows\System\nIZuPwX.exe
  2⤵
  PID:3632
- C:\Windows\System\CHRPQpe.exe
  C:\Windows\System\CHRPQpe.exe
  2⤵
  PID:3852
- C:\Windows\System\jRXpHDN.exe
  C:\Windows\System\jRXpHDN.exe
  2⤵
  PID:3892
- C:\Windows\System\Rbuqrdr.exe
  C:\Windows\System\Rbuqrdr.exe
  2⤵
  PID:4032
- C:\Windows\System\jihtczx.exe
  C:\Windows\System\jihtczx.exe
  2⤵
  PID:3996
- C:\Windows\System\OxkplKU.exe
  C:\Windows\System\OxkplKU.exe
  2⤵
  PID:4080
- C:\Windows\System\LxcfPuG.exe
  C:\Windows\System\LxcfPuG.exe
  2⤵
  PID:1476
- C:\Windows\System\OqnNHGd.exe
  C:\Windows\System\OqnNHGd.exe
  2⤵
  PID:1912
- C:\Windows\System\UhFDafw.exe
  C:\Windows\System\UhFDafw.exe
  2⤵
  PID:3168
- C:\Windows\System\GLmEEbw.exe
  C:\Windows\System\GLmEEbw.exe
  2⤵
  PID:2504
- C:\Windows\System\bbYeyEm.exe
  C:\Windows\System\bbYeyEm.exe
  2⤵
  PID:3248
- C:\Windows\System\rsHfTNI.exe
  C:\Windows\System\rsHfTNI.exe
  2⤵
  PID:3104
- C:\Windows\System\JfHcGHM.exe
  C:\Windows\System\JfHcGHM.exe
  2⤵
  PID:3224
- C:\Windows\System\nPTLIdT.exe
  C:\Windows\System\nPTLIdT.exe
  2⤵
  PID:2600
- C:\Windows\System\lmBnQZi.exe
  C:\Windows\System\lmBnQZi.exe
  2⤵
  PID:3208
- C:\Windows\System\ehOIhbm.exe
  C:\Windows\System\ehOIhbm.exe
  2⤵
  PID:3548
- C:\Windows\System\wkWerng.exe
  C:\Windows\System\wkWerng.exe
  2⤵
  PID:3472
- C:\Windows\System\ZJvxFqw.exe
  C:\Windows\System\ZJvxFqw.exe
  2⤵
  PID:3864
- C:\Windows\System\sFShkAa.exe
  C:\Windows\System\sFShkAa.exe
  2⤵
  PID:3828
- C:\Windows\System\jQcqelf.exe
  C:\Windows\System\jQcqelf.exe
  2⤵
  PID:3844
- C:\Windows\System\vKvhBzz.exe
  C:\Windows\System\vKvhBzz.exe
  2⤵
  PID:4012
- C:\Windows\System\lyBNsoi.exe
  C:\Windows\System\lyBNsoi.exe
  2⤵
  PID:4052
- C:\Windows\System\fShSjJD.exe
  C:\Windows\System\fShSjJD.exe
  2⤵
  PID:2468
- C:\Windows\System\fdNBYDg.exe
  C:\Windows\System\fdNBYDg.exe
  2⤵
  PID:2336
- C:\Windows\System\MNkEFMS.exe
  C:\Windows\System\MNkEFMS.exe
  2⤵
  PID:4112
- C:\Windows\System\VJSSYNs.exe
  C:\Windows\System\VJSSYNs.exe
  2⤵
  PID:4128
- C:\Windows\System\FMscKED.exe
  C:\Windows\System\FMscKED.exe
  2⤵
  PID:4144
- C:\Windows\System\ijMURHT.exe
  C:\Windows\System\ijMURHT.exe
  2⤵
  PID:4168
- C:\Windows\System\mdNLkNl.exe
  C:\Windows\System\mdNLkNl.exe
  2⤵
  PID:4184
- C:\Windows\System\ExfLZAO.exe
  C:\Windows\System\ExfLZAO.exe
  2⤵
  PID:4200
- C:\Windows\System\jSDbUTY.exe
  C:\Windows\System\jSDbUTY.exe
  2⤵
  PID:4220
- C:\Windows\System\NhYCKXE.exe
  C:\Windows\System\NhYCKXE.exe
  2⤵
  PID:4236
- C:\Windows\System\FwFnlsp.exe
  C:\Windows\System\FwFnlsp.exe
  2⤵
  PID:4252
- C:\Windows\System\gxXHwJo.exe
  C:\Windows\System\gxXHwJo.exe
  2⤵
  PID:4268
- C:\Windows\System\qXqClaj.exe
  C:\Windows\System\qXqClaj.exe
  2⤵
  PID:4296
- C:\Windows\System\bWsqZzX.exe
  C:\Windows\System\bWsqZzX.exe
  2⤵
  PID:4336
- C:\Windows\System\ghbpJYz.exe
  C:\Windows\System\ghbpJYz.exe
  2⤵
  PID:4364
- C:\Windows\System\HvriVTh.exe
  C:\Windows\System\HvriVTh.exe
  2⤵
  PID:4380
- C:\Windows\System\TBMRQlZ.exe
  C:\Windows\System\TBMRQlZ.exe
  2⤵
  PID:4396
- C:\Windows\System\bhoKjhL.exe
  C:\Windows\System\bhoKjhL.exe
  2⤵
  PID:4416
- C:\Windows\System\iaRTrZP.exe
  C:\Windows\System\iaRTrZP.exe
  2⤵
  PID:4440
- C:\Windows\System\THokdAA.exe
  C:\Windows\System\THokdAA.exe
  2⤵
  PID:4460
- C:\Windows\System\BtUgTvV.exe
  C:\Windows\System\BtUgTvV.exe
  2⤵
  PID:4484
- C:\Windows\System\amUUUPz.exe
  C:\Windows\System\amUUUPz.exe
  2⤵
  PID:4504
- C:\Windows\System\ibrTvrW.exe
  C:\Windows\System\ibrTvrW.exe
  2⤵
  PID:4520
- C:\Windows\System\DtkUhPy.exe
  C:\Windows\System\DtkUhPy.exe
  2⤵
  PID:4544
- C:\Windows\System\xnGheuS.exe
  C:\Windows\System\xnGheuS.exe
  2⤵
  PID:4564
- C:\Windows\System\noLJdMl.exe
  C:\Windows\System\noLJdMl.exe
  2⤵
  PID:4580
- C:\Windows\System\cSQdVmo.exe
  C:\Windows\System\cSQdVmo.exe
  2⤵
  PID:4604
- C:\Windows\System\GeDgKlL.exe
  C:\Windows\System\GeDgKlL.exe
  2⤵
  PID:4620
- C:\Windows\System\KCFxkqo.exe
  C:\Windows\System\KCFxkqo.exe
  2⤵
  PID:4636
- C:\Windows\System\ilKXOxT.exe
  C:\Windows\System\ilKXOxT.exe
  2⤵
  PID:4660
- C:\Windows\System\EflRmqW.exe
  C:\Windows\System\EflRmqW.exe
  2⤵
  PID:4680
- C:\Windows\System\huXvfLB.exe
  C:\Windows\System\huXvfLB.exe
  2⤵
  PID:4700
- C:\Windows\System\ZbwemUI.exe
  C:\Windows\System\ZbwemUI.exe
  2⤵
  PID:4720
- C:\Windows\System\xeZJCIn.exe
  C:\Windows\System\xeZJCIn.exe
  2⤵
  PID:4740
- C:\Windows\System\UxSKgNF.exe
  C:\Windows\System\UxSKgNF.exe
  2⤵
  PID:4760
- C:\Windows\System\vXEfPQH.exe
  C:\Windows\System\vXEfPQH.exe
  2⤵
  PID:4780
- C:\Windows\System\LBHRneg.exe
  C:\Windows\System\LBHRneg.exe
  2⤵
  PID:4800
- C:\Windows\System\nrQjhCn.exe
  C:\Windows\System\nrQjhCn.exe
  2⤵
  PID:4820
- C:\Windows\System\QvXJviF.exe
  C:\Windows\System\QvXJviF.exe
  2⤵
  PID:4844
- C:\Windows\System\OAmDumX.exe
  C:\Windows\System\OAmDumX.exe
  2⤵
  PID:4860
- C:\Windows\System\NFrqoCj.exe
  C:\Windows\System\NFrqoCj.exe
  2⤵
  PID:4880
- C:\Windows\System\TDfUgHx.exe
  C:\Windows\System\TDfUgHx.exe
  2⤵
  PID:4900
- C:\Windows\System\eTULFUW.exe
  C:\Windows\System\eTULFUW.exe
  2⤵
  PID:4924
- C:\Windows\System\IpOXLAV.exe
  C:\Windows\System\IpOXLAV.exe
  2⤵
  PID:4940
- C:\Windows\System\ebjGnLK.exe
  C:\Windows\System\ebjGnLK.exe
  2⤵
  PID:4960
- C:\Windows\System\yICwFqG.exe
  C:\Windows\System\yICwFqG.exe
  2⤵
  PID:4980
- C:\Windows\System\vMqUhUS.exe
  C:\Windows\System\vMqUhUS.exe
  2⤵
  PID:5000
- C:\Windows\System\Nhwbxdb.exe
  C:\Windows\System\Nhwbxdb.exe
  2⤵
  PID:5020
- C:\Windows\System\XfEUjdJ.exe
  C:\Windows\System\XfEUjdJ.exe
  2⤵
  PID:5040
- C:\Windows\System\lXytaXf.exe
  C:\Windows\System\lXytaXf.exe
  2⤵
  PID:5060
- C:\Windows\System\mVATwle.exe
  C:\Windows\System\mVATwle.exe
  2⤵
  PID:5080
- C:\Windows\System\wwLvgbv.exe
  C:\Windows\System\wwLvgbv.exe
  2⤵
  PID:5100
- C:\Windows\System\buTBNIt.exe
  C:\Windows\System\buTBNIt.exe
  2⤵
  PID:2060
- C:\Windows\System\wKNPCvn.exe
  C:\Windows\System\wKNPCvn.exe
  2⤵
  PID:3120
- C:\Windows\System\PaPHftz.exe
  C:\Windows\System\PaPHftz.exe
  2⤵
  PID:3124
- C:\Windows\System\tysFbTN.exe
  C:\Windows\System\tysFbTN.exe
  2⤵
  PID:3772
- C:\Windows\System\laTRShe.exe
  C:\Windows\System\laTRShe.exe
  2⤵
  PID:3976
- C:\Windows\System\AwJnIDD.exe
  C:\Windows\System\AwJnIDD.exe
  2⤵
  PID:2092
- C:\Windows\System\xRvsmWs.exe
  C:\Windows\System\xRvsmWs.exe
  2⤵
  PID:4136
- C:\Windows\System\oxtqDwT.exe
  C:\Windows\System\oxtqDwT.exe
  2⤵
  PID:4208
- C:\Windows\System\NqpMGct.exe
  C:\Windows\System\NqpMGct.exe
  2⤵
  PID:3612
- C:\Windows\System\LczeyhL.exe
  C:\Windows\System\LczeyhL.exe
  2⤵
  PID:3848
- C:\Windows\System\QeYiOjX.exe
  C:\Windows\System\QeYiOjX.exe
  2⤵
  PID:4276
- C:\Windows\System\DAkMYOS.exe
  C:\Windows\System\DAkMYOS.exe
  2⤵
  PID:4288
- C:\Windows\System\DLKBVGx.exe
  C:\Windows\System\DLKBVGx.exe
  2⤵
  PID:4228
- C:\Windows\System\GbMKNCo.exe
  C:\Windows\System\GbMKNCo.exe
  2⤵
  PID:4308
- C:\Windows\System\HWkgqbc.exe
  C:\Windows\System\HWkgqbc.exe
  2⤵
  PID:4152
- C:\Windows\System\sFEvEUf.exe
  C:\Windows\System\sFEvEUf.exe
  2⤵
  PID:4344
- C:\Windows\System\BfMqfhF.exe
  C:\Windows\System\BfMqfhF.exe
  2⤵
  PID:4328
- C:\Windows\System\ZfMeUPL.exe
  C:\Windows\System\ZfMeUPL.exe
  2⤵
  PID:4388
- C:\Windows\System\QFUzLUL.exe
  C:\Windows\System\QFUzLUL.exe
  2⤵
  PID:4436
- C:\Windows\System\sXujeJf.exe
  C:\Windows\System\sXujeJf.exe
  2⤵
  PID:4412
- C:\Windows\System\FRygmXI.exe
  C:\Windows\System\FRygmXI.exe
  2⤵
  PID:4456
- C:\Windows\System\OJBpfvu.exe
  C:\Windows\System\OJBpfvu.exe
  2⤵
  PID:4492
- C:\Windows\System\almginP.exe
  C:\Windows\System\almginP.exe
  2⤵
  PID:4588
- C:\Windows\System\QpkbvEc.exe
  C:\Windows\System\QpkbvEc.exe
  2⤵
  PID:4536
- C:\Windows\System\otbGqSd.exe
  C:\Windows\System\otbGqSd.exe
  2⤵
  PID:640
- C:\Windows\System\RTliYEP.exe
  C:\Windows\System\RTliYEP.exe
  2⤵
  PID:4672
- C:\Windows\System\bLnRSEp.exe
  C:\Windows\System\bLnRSEp.exe
  2⤵
  PID:4652
- C:\Windows\System\wEWsIxQ.exe
  C:\Windows\System\wEWsIxQ.exe
  2⤵
  PID:4656
- C:\Windows\System\yDwUQHE.exe
  C:\Windows\System\yDwUQHE.exe
  2⤵
  PID:4732
- C:\Windows\System\MqpyQsz.exe
  C:\Windows\System\MqpyQsz.exe
  2⤵
  PID:4756
- C:\Windows\System\wCtcZnD.exe
  C:\Windows\System\wCtcZnD.exe
  2⤵
  PID:4832
- C:\Windows\System\pFLfGBJ.exe
  C:\Windows\System\pFLfGBJ.exe
  2⤵
  PID:4776
- C:\Windows\System\zOaLlyH.exe
  C:\Windows\System\zOaLlyH.exe
  2⤵
  PID:4868
- C:\Windows\System\CSxhePm.exe
  C:\Windows\System\CSxhePm.exe
  2⤵
  PID:4916
- C:\Windows\System\hLUmzSP.exe
  C:\Windows\System\hLUmzSP.exe
  2⤵
  PID:4952
- C:\Windows\System\UAZgplG.exe
  C:\Windows\System\UAZgplG.exe
  2⤵
  PID:4936
- C:\Windows\System\iDYnpoM.exe
  C:\Windows\System\iDYnpoM.exe
  2⤵
  PID:4972
- C:\Windows\System\tWalRwa.exe
  C:\Windows\System\tWalRwa.exe
  2⤵
  PID:5028
- C:\Windows\System\XRHjSkT.exe
  C:\Windows\System\XRHjSkT.exe
  2⤵
  PID:5072
- C:\Windows\System\LEcqTbG.exe
  C:\Windows\System\LEcqTbG.exe
  2⤵
  PID:5088
- C:\Windows\System\kLdiniE.exe
  C:\Windows\System\kLdiniE.exe
  2⤵
  PID:5116
- C:\Windows\System\rhSSSac.exe
  C:\Windows\System\rhSSSac.exe
  2⤵
  PID:3316
- C:\Windows\System\DPHwrWL.exe
  C:\Windows\System\DPHwrWL.exe
  2⤵
  PID:2704
- C:\Windows\System\sqAeGfQ.exe
  C:\Windows\System\sqAeGfQ.exe
  2⤵
  PID:3460
- C:\Windows\System\ALtahRq.exe
  C:\Windows\System\ALtahRq.exe
  2⤵
  PID:4104
- C:\Windows\System\BESGBwa.exe
  C:\Windows\System\BESGBwa.exe
  2⤵
  PID:820
- C:\Windows\System\TKnweBl.exe
  C:\Windows\System\TKnweBl.exe
  2⤵
  PID:4248
- C:\Windows\System\EswrhRd.exe
  C:\Windows\System\EswrhRd.exe
  2⤵
  PID:3700
- C:\Windows\System\hFSbHZx.exe
  C:\Windows\System\hFSbHZx.exe
  2⤵
  PID:4280
- C:\Windows\System\tsaJLZj.exe
  C:\Windows\System\tsaJLZj.exe
  2⤵
  PID:4264
- C:\Windows\System\jsgwZoN.exe
  C:\Windows\System\jsgwZoN.exe
  2⤵
  PID:4120
- C:\Windows\System\TmzVUkB.exe
  C:\Windows\System\TmzVUkB.exe
  2⤵
  PID:4356
- C:\Windows\System\IBgmIkN.exe
  C:\Windows\System\IBgmIkN.exe
  2⤵
  PID:4404
- C:\Windows\System\zKgAlsM.exe
  C:\Windows\System\zKgAlsM.exe
  2⤵
  PID:4480
- C:\Windows\System\qZIQkOj.exe
  C:\Windows\System\qZIQkOj.exe
  2⤵
  PID:4572
- C:\Windows\System\MTuNJXZ.exe
  C:\Windows\System\MTuNJXZ.exe
  2⤵
  PID:4532
- C:\Windows\System\YJprWEV.exe
  C:\Windows\System\YJprWEV.exe
  2⤵
  PID:4676
- C:\Windows\System\ARnrtcj.exe
  C:\Windows\System\ARnrtcj.exe
  2⤵
  PID:4696
- C:\Windows\System\AoeyjFI.exe
  C:\Windows\System\AoeyjFI.exe
  2⤵
  PID:4796
- C:\Windows\System\pNxZeex.exe
  C:\Windows\System\pNxZeex.exe
  2⤵
  PID:4792
- C:\Windows\System\cXvAbYp.exe
  C:\Windows\System\cXvAbYp.exe
  2⤵
  PID:4852
- C:\Windows\System\rZlIdfP.exe
  C:\Windows\System\rZlIdfP.exe
  2⤵
  PID:4876
- C:\Windows\System\gdcLHAM.exe
  C:\Windows\System\gdcLHAM.exe
  2⤵
  PID:4932
- C:\Windows\System\YrocAxz.exe
  C:\Windows\System\YrocAxz.exe
  2⤵
  PID:5012
- C:\Windows\System\iAoAjWb.exe
  C:\Windows\System\iAoAjWb.exe
  2⤵
  PID:5048
- C:\Windows\System\uAoELyu.exe
  C:\Windows\System\uAoELyu.exe
  2⤵
  PID:2884
- C:\Windows\System\kKJxFOb.exe
  C:\Windows\System\kKJxFOb.exe
  2⤵
  PID:3132
- C:\Windows\System\WkhkAKP.exe
  C:\Windows\System\WkhkAKP.exe
  2⤵
  PID:3616
- C:\Windows\System\EjnCgpu.exe
  C:\Windows\System\EjnCgpu.exe
  2⤵
  PID:4244
- C:\Windows\System\tZSpMbo.exe
  C:\Windows\System\tZSpMbo.exe
  2⤵
  PID:4164
- C:\Windows\System\LRpKeia.exe
  C:\Windows\System\LRpKeia.exe
  2⤵
  PID:4156
- C:\Windows\System\gaixYGi.exe
  C:\Windows\System\gaixYGi.exe
  2⤵
  PID:4424
- C:\Windows\System\KDefXgK.exe
  C:\Windows\System\KDefXgK.exe
  2⤵
  PID:4068
- C:\Windows\System\ksUPXyO.exe
  C:\Windows\System\ksUPXyO.exe
  2⤵
  PID:4408
- C:\Windows\System\OJNSGOo.exe
  C:\Windows\System\OJNSGOo.exe
  2⤵
  PID:4576
- C:\Windows\System\gaknKBd.exe
  C:\Windows\System\gaknKBd.exe
  2⤵
  PID:4528
- C:\Windows\System\SaWXkYo.exe
  C:\Windows\System\SaWXkYo.exe
  2⤵
  PID:4712
- C:\Windows\System\fmrNiUC.exe
  C:\Windows\System\fmrNiUC.exe
  2⤵
  PID:4836
- C:\Windows\System\eCOUVUJ.exe
  C:\Windows\System\eCOUVUJ.exe
  2⤵
  PID:4896
- C:\Windows\System\SYDnMvw.exe
  C:\Windows\System\SYDnMvw.exe
  2⤵
  PID:5016
- C:\Windows\System\tRBFbzJ.exe
  C:\Windows\System\tRBFbzJ.exe
  2⤵
  PID:3652
- C:\Windows\System\ZTOYWtf.exe
  C:\Windows\System\ZTOYWtf.exe
  2⤵
  PID:2876
- C:\Windows\System\ozfafgB.exe
  C:\Windows\System\ozfafgB.exe
  2⤵
  PID:3312
- C:\Windows\System\JQzzQge.exe
  C:\Windows\System\JQzzQge.exe
  2⤵
  PID:3812
- C:\Windows\System\RRIzsOI.exe
  C:\Windows\System\RRIzsOI.exe
  2⤵
  PID:4376
- C:\Windows\System\tKRSrox.exe
  C:\Windows\System\tKRSrox.exe
  2⤵
  PID:5128
- C:\Windows\System\IZlahsl.exe
  C:\Windows\System\IZlahsl.exe
  2⤵
  PID:5148
- C:\Windows\System\DDUTdHB.exe
  C:\Windows\System\DDUTdHB.exe
  2⤵
  PID:5168
- C:\Windows\System\bzJyuxe.exe
  C:\Windows\System\bzJyuxe.exe
  2⤵
  PID:5184
- C:\Windows\System\LwyThcO.exe
  C:\Windows\System\LwyThcO.exe
  2⤵
  PID:5204
- C:\Windows\System\QhLxAJr.exe
  C:\Windows\System\QhLxAJr.exe
  2⤵
  PID:5228
- C:\Windows\System\OuymtYi.exe
  C:\Windows\System\OuymtYi.exe
  2⤵
  PID:5248
- C:\Windows\System\fWjZouN.exe
  C:\Windows\System\fWjZouN.exe
  2⤵
  PID:5268
- C:\Windows\System\idpUmaB.exe
  C:\Windows\System\idpUmaB.exe
  2⤵
  PID:5288
- C:\Windows\System\mKOzxoW.exe
  C:\Windows\System\mKOzxoW.exe
  2⤵
  PID:5308
- C:\Windows\System\SsxbQlk.exe
  C:\Windows\System\SsxbQlk.exe
  2⤵
  PID:5328
- C:\Windows\System\lmVbSiB.exe
  C:\Windows\System\lmVbSiB.exe
  2⤵
  PID:5344
- C:\Windows\System\VhXOuxU.exe
  C:\Windows\System\VhXOuxU.exe
  2⤵
  PID:5364
- C:\Windows\System\nworyBC.exe
  C:\Windows\System\nworyBC.exe
  2⤵
  PID:5388
- C:\Windows\System\yunlrWB.exe
  C:\Windows\System\yunlrWB.exe
  2⤵
  PID:5404
- C:\Windows\System\qhSalBz.exe
  C:\Windows\System\qhSalBz.exe
  2⤵
  PID:5432
- C:\Windows\System\waTAZnF.exe
  C:\Windows\System\waTAZnF.exe
  2⤵
  PID:5448
- C:\Windows\System\bnYyuTl.exe
  C:\Windows\System\bnYyuTl.exe
  2⤵
  PID:5472
- C:\Windows\System\HYlbtwL.exe
  C:\Windows\System\HYlbtwL.exe
  2⤵
  PID:5492
- C:\Windows\System\ZMaUhDL.exe
  C:\Windows\System\ZMaUhDL.exe
  2⤵
  PID:5508
- C:\Windows\System\UxvFVRJ.exe
  C:\Windows\System\UxvFVRJ.exe
  2⤵
  PID:5532
- C:\Windows\System\xIXAktA.exe
  C:\Windows\System\xIXAktA.exe
  2⤵
  PID:5548
- C:\Windows\System\gNrWkdn.exe
  C:\Windows\System\gNrWkdn.exe
  2⤵
  PID:5572
- C:\Windows\System\dkkBjmG.exe
  C:\Windows\System\dkkBjmG.exe
  2⤵
  PID:5596
- C:\Windows\System\bFStVkf.exe
  C:\Windows\System\bFStVkf.exe
  2⤵
  PID:5616
- C:\Windows\System\eHZLCfz.exe
  C:\Windows\System\eHZLCfz.exe
  2⤵
  PID:5636
- C:\Windows\System\uvwvzOc.exe
  C:\Windows\System\uvwvzOc.exe
  2⤵
  PID:5652
- C:\Windows\System\WNNSmia.exe
  C:\Windows\System\WNNSmia.exe
  2⤵
  PID:5672
- C:\Windows\System\umqMYNC.exe
  C:\Windows\System\umqMYNC.exe
  2⤵
  PID:5692
- C:\Windows\System\IWceqYK.exe
  C:\Windows\System\IWceqYK.exe
  2⤵
  PID:5708
- C:\Windows\System\HvkgPcC.exe
  C:\Windows\System\HvkgPcC.exe
  2⤵
  PID:5728
- C:\Windows\System\pqbkoqB.exe
  C:\Windows\System\pqbkoqB.exe
  2⤵
  PID:5748
- C:\Windows\System\JCUTakj.exe
  C:\Windows\System\JCUTakj.exe
  2⤵
  PID:5776
- C:\Windows\System\qPleOqs.exe
  C:\Windows\System\qPleOqs.exe
  2⤵
  PID:5796
- C:\Windows\System\OolNgtP.exe
  C:\Windows\System\OolNgtP.exe
  2⤵
  PID:5812
- C:\Windows\System\rrnBnjc.exe
  C:\Windows\System\rrnBnjc.exe
  2⤵
  PID:5832
- C:\Windows\System\OmaLLkc.exe
  C:\Windows\System\OmaLLkc.exe
  2⤵
  PID:5848
- C:\Windows\System\MepahVj.exe
  C:\Windows\System\MepahVj.exe
  2⤵
  PID:5876
- C:\Windows\System\oEAIDon.exe
  C:\Windows\System\oEAIDon.exe
  2⤵
  PID:5896
- C:\Windows\System\gtSLiSO.exe
  C:\Windows\System\gtSLiSO.exe
  2⤵
  PID:5916
- C:\Windows\System\boWKNTv.exe
  C:\Windows\System\boWKNTv.exe
  2⤵
  PID:5936
- C:\Windows\System\SIKUklo.exe
  C:\Windows\System\SIKUklo.exe
  2⤵
  PID:5956
- C:\Windows\System\SMvIAgc.exe
  C:\Windows\System\SMvIAgc.exe
  2⤵
  PID:5976
- C:\Windows\System\CWGomOY.exe
  C:\Windows\System\CWGomOY.exe
  2⤵
  PID:5996
- C:\Windows\System\wGEavbY.exe
  C:\Windows\System\wGEavbY.exe
  2⤵
  PID:6016
- C:\Windows\System\CwbWafw.exe
  C:\Windows\System\CwbWafw.exe
  2⤵
  PID:6036
- C:\Windows\System\HKbjrAb.exe
  C:\Windows\System\HKbjrAb.exe
  2⤵
  PID:6056
- C:\Windows\System\tpyJaEQ.exe
  C:\Windows\System\tpyJaEQ.exe
  2⤵
  PID:6076
- C:\Windows\System\TsbxcGr.exe
  C:\Windows\System\TsbxcGr.exe
  2⤵
  PID:6096
- C:\Windows\System\BxBxdkU.exe
  C:\Windows\System\BxBxdkU.exe
  2⤵
  PID:6116
- C:\Windows\System\DRSoiPv.exe
  C:\Windows\System\DRSoiPv.exe
  2⤵
  PID:6136
- C:\Windows\System\kIPgZLq.exe
  C:\Windows\System\kIPgZLq.exe
  2⤵
  PID:4428
- C:\Windows\System\pQpNLOh.exe
  C:\Windows\System\pQpNLOh.exe
  2⤵
  PID:4212
- C:\Windows\System\nshsLVr.exe
  C:\Windows\System\nshsLVr.exe
  2⤵
  PID:4992
- C:\Windows\System\KDlPPCn.exe
  C:\Windows\System\KDlPPCn.exe
  2⤵
  PID:5036
- C:\Windows\System\yOZPrtY.exe
  C:\Windows\System\yOZPrtY.exe
  2⤵
  PID:3792
- C:\Windows\System\OzcwoCt.exe
  C:\Windows\System\OzcwoCt.exe
  2⤵
  PID:5008
- C:\Windows\System\RXhJuaZ.exe
  C:\Windows\System\RXhJuaZ.exe
  2⤵
  PID:4284
- C:\Windows\System\VbAeAep.exe
  C:\Windows\System\VbAeAep.exe
  2⤵
  PID:5144
- C:\Windows\System\JHfQZfd.exe
  C:\Windows\System\JHfQZfd.exe
  2⤵
  PID:5156
- C:\Windows\System\xOkviUp.exe
  C:\Windows\System\xOkviUp.exe
  2⤵
  PID:5220
- C:\Windows\System\aicbySE.exe
  C:\Windows\System\aicbySE.exe
  2⤵
  PID:5200
- C:\Windows\System\ldRhJxM.exe
  C:\Windows\System\ldRhJxM.exe
  2⤵
  PID:5240
- C:\Windows\System\MLNZuOS.exe
  C:\Windows\System\MLNZuOS.exe
  2⤵
  PID:5300
- C:\Windows\System\OBVekoS.exe
  C:\Windows\System\OBVekoS.exe
  2⤵
  PID:5316
- C:\Windows\System\OxZYuWV.exe
  C:\Windows\System\OxZYuWV.exe
  2⤵
  PID:5324
- C:\Windows\System\IevZkpX.exe
  C:\Windows\System\IevZkpX.exe
  2⤵
  PID:5396
- C:\Windows\System\RtoeEci.exe
  C:\Windows\System\RtoeEci.exe
  2⤵
  PID:5424
- C:\Windows\System\hIFdQcQ.exe
  C:\Windows\System\hIFdQcQ.exe
  2⤵
  PID:5500
- C:\Windows\System\jmVbiJj.exe
  C:\Windows\System\jmVbiJj.exe
  2⤵
  PID:5484
- C:\Windows\System\gnLpsKv.exe
  C:\Windows\System\gnLpsKv.exe
  2⤵
  PID:5588
- C:\Windows\System\OSwZLou.exe
  C:\Windows\System\OSwZLou.exe
  2⤵
  PID:5524
- C:\Windows\System\PiIlDcZ.exe
  C:\Windows\System\PiIlDcZ.exe
  2⤵
  PID:5624
- C:\Windows\System\IVQKYls.exe
  C:\Windows\System\IVQKYls.exe
  2⤵
  PID:5612
- C:\Windows\System\RVWTCin.exe
  C:\Windows\System\RVWTCin.exe
  2⤵
  PID:5644
- C:\Windows\System\zGKvMQa.exe
  C:\Windows\System\zGKvMQa.exe
  2⤵
  PID:5744
- C:\Windows\System\xpJUhdW.exe
  C:\Windows\System\xpJUhdW.exe
  2⤵
  PID:5756
- C:\Windows\System\CfvDyIu.exe
  C:\Windows\System\CfvDyIu.exe
  2⤵
  PID:5768
- C:\Windows\System\nQuyboP.exe
  C:\Windows\System\nQuyboP.exe
  2⤵
  PID:5760
- C:\Windows\System\scfdSqX.exe
  C:\Windows\System\scfdSqX.exe
  2⤵
  PID:5864
- C:\Windows\System\ybbGduQ.exe
  C:\Windows\System\ybbGduQ.exe
  2⤵
  PID:5804
- C:\Windows\System\PZutbLe.exe
  C:\Windows\System\PZutbLe.exe
  2⤵
  PID:5884
- C:\Windows\System\IyoHTlg.exe
  C:\Windows\System\IyoHTlg.exe
  2⤵
  PID:5888
- C:\Windows\System\vEFDUyV.exe
  C:\Windows\System\vEFDUyV.exe
  2⤵
  PID:5952
- C:\Windows\System\lpGNqxJ.exe
  C:\Windows\System\lpGNqxJ.exe
  2⤵
  PID:5984
- C:\Windows\System\UfuUNgQ.exe
  C:\Windows\System\UfuUNgQ.exe
  2⤵
  PID:6024
- C:\Windows\System\AYamYBF.exe
  C:\Windows\System\AYamYBF.exe
  2⤵
  PID:6044
- C:\Windows\System\RnXruLT.exe
  C:\Windows\System\RnXruLT.exe
  2⤵
  PID:6068
- C:\Windows\System\THxOsUg.exe
  C:\Windows\System\THxOsUg.exe
  2⤵
  PID:6112
- C:\Windows\System\BXVOsyl.exe
  C:\Windows\System\BXVOsyl.exe
  2⤵
  PID:6128
- C:\Windows\System\XoLdtqv.exe
  C:\Windows\System\XoLdtqv.exe
  2⤵
  PID:4516
- C:\Windows\System\URmeDpJ.exe
  C:\Windows\System\URmeDpJ.exe
  2⤵
  PID:4948
- C:\Windows\System\ALTjPIM.exe
  C:\Windows\System\ALTjPIM.exe
  2⤵
  PID:3428
- C:\Windows\System\zzrrstk.exe
  C:\Windows\System\zzrrstk.exe
  2⤵
  PID:4648
- C:\Windows\System\onqoxKJ.exe
  C:\Windows\System\onqoxKJ.exe
  2⤵
  PID:5176
- C:\Windows\System\JpmBcvp.exe
  C:\Windows\System\JpmBcvp.exe
  2⤵
  PID:5160
- C:\Windows\System\xYLsnUQ.exe
  C:\Windows\System\xYLsnUQ.exe
  2⤵
  PID:5244
- C:\Windows\System\VRoYrLg.exe
  C:\Windows\System\VRoYrLg.exe
  2⤵
  PID:5340
- C:\Windows\System\amAgLPq.exe
  C:\Windows\System\amAgLPq.exe
  2⤵
  PID:5384
- C:\Windows\System\yYXwyge.exe
  C:\Windows\System\yYXwyge.exe
  2⤵
  PID:5428
- C:\Windows\System\UGlfspU.exe
  C:\Windows\System\UGlfspU.exe
  2⤵
  PID:5440
- C:\Windows\System\nlzGHYT.exe
  C:\Windows\System\nlzGHYT.exe
  2⤵
  PID:5520
- C:\Windows\System\UDwHtYP.exe
  C:\Windows\System\UDwHtYP.exe
  2⤵
  PID:5556
- C:\Windows\System\ipPkKkx.exe
  C:\Windows\System\ipPkKkx.exe
  2⤵
  PID:5660
- C:\Windows\System\gSnqBDh.exe
  C:\Windows\System\gSnqBDh.exe
  2⤵
  PID:5704
- C:\Windows\System\wnJBYEM.exe
  C:\Windows\System\wnJBYEM.exe
  2⤵
  PID:5764
- C:\Windows\System\WRircqi.exe
  C:\Windows\System\WRircqi.exe
  2⤵
  PID:5792
- C:\Windows\System\qotlfTB.exe
  C:\Windows\System\qotlfTB.exe
  2⤵
  PID:5840
- C:\Windows\System\BjWhIWJ.exe
  C:\Windows\System\BjWhIWJ.exe
  2⤵
  PID:1468
- C:\Windows\System\jYQRcvu.exe
  C:\Windows\System\jYQRcvu.exe
  2⤵
  PID:5948
- C:\Windows\System\FgDHwzr.exe
  C:\Windows\System\FgDHwzr.exe
  2⤵
  PID:5988
- C:\Windows\System\wmhzgDO.exe
  C:\Windows\System\wmhzgDO.exe
  2⤵
  PID:6048
- C:\Windows\System\YMbMQhX.exe
  C:\Windows\System\YMbMQhX.exe
  2⤵
  PID:6092
- C:\Windows\System\LZdFpok.exe
  C:\Windows\System\LZdFpok.exe
  2⤵
  PID:4908
- C:\Windows\System\TFlgkoJ.exe
  C:\Windows\System\TFlgkoJ.exe
  2⤵
  PID:4752
- C:\Windows\System\mgOVNjW.exe
  C:\Windows\System\mgOVNjW.exe
  2⤵
  PID:4452
- C:\Windows\System\ansDtjS.exe
  C:\Windows\System\ansDtjS.exe
  2⤵
  PID:5216
- C:\Windows\System\tGjxkcr.exe
  C:\Windows\System\tGjxkcr.exe
  2⤵
  PID:5192
- C:\Windows\System\swXUygs.exe
  C:\Windows\System\swXUygs.exe
  2⤵
  PID:5360
- C:\Windows\System\JjriSlm.exe
  C:\Windows\System\JjriSlm.exe
  2⤵
  PID:5444
- C:\Windows\System\PKNheDJ.exe
  C:\Windows\System\PKNheDJ.exe
  2⤵
  PID:5544
- C:\Windows\System\oTZqVmg.exe
  C:\Windows\System\oTZqVmg.exe
  2⤵
  PID:5516
- C:\Windows\System\HJcMUcf.exe
  C:\Windows\System\HJcMUcf.exe
  2⤵
  PID:5720
- C:\Windows\System\hISUtkt.exe
  C:\Windows\System\hISUtkt.exe
  2⤵
  PID:5828
- C:\Windows\System\NVQfIlD.exe
  C:\Windows\System\NVQfIlD.exe
  2⤵
  PID:3012
- C:\Windows\System\OHEjuRB.exe
  C:\Windows\System\OHEjuRB.exe
  2⤵
  PID:2208
- C:\Windows\System\OCQPXvG.exe
  C:\Windows\System\OCQPXvG.exe
  2⤵
  PID:6072
- C:\Windows\System\YbStUxV.exe
  C:\Windows\System\YbStUxV.exe
  2⤵
  PID:6088
- C:\Windows\System\dKrFZsf.exe
  C:\Windows\System\dKrFZsf.exe
  2⤵
  PID:744
- C:\Windows\System\kYObhyV.exe
  C:\Windows\System\kYObhyV.exe
  2⤵
  PID:6152
- C:\Windows\System\QLZtrfm.exe
  C:\Windows\System\QLZtrfm.exe
  2⤵
  PID:6172
- C:\Windows\System\AmcHMym.exe
  C:\Windows\System\AmcHMym.exe
  2⤵
  PID:6192
- C:\Windows\System\TMxcNzO.exe
  C:\Windows\System\TMxcNzO.exe
  2⤵
  PID:6212
- C:\Windows\System\UYvHIQc.exe
  C:\Windows\System\UYvHIQc.exe
  2⤵
  PID:6232
- C:\Windows\System\WgNtNQv.exe
  C:\Windows\System\WgNtNQv.exe
  2⤵
  PID:6252
- C:\Windows\System\fohgXtt.exe
  C:\Windows\System\fohgXtt.exe
  2⤵
  PID:6272
- C:\Windows\System\iIvVNNx.exe
  C:\Windows\System\iIvVNNx.exe
  2⤵
  PID:6292
- C:\Windows\System\OQcxtBt.exe
  C:\Windows\System\OQcxtBt.exe
  2⤵
  PID:6312
- C:\Windows\System\jkWFluQ.exe
  C:\Windows\System\jkWFluQ.exe
  2⤵
  PID:6332
- C:\Windows\System\tZDYNQO.exe
  C:\Windows\System\tZDYNQO.exe
  2⤵
  PID:6352
- C:\Windows\System\tMtLdqa.exe
  C:\Windows\System\tMtLdqa.exe
  2⤵
  PID:6372
- C:\Windows\System\crVdNGK.exe
  C:\Windows\System\crVdNGK.exe
  2⤵
  PID:6392
- C:\Windows\System\NimMpII.exe
  C:\Windows\System\NimMpII.exe
  2⤵
  PID:6412
- C:\Windows\System\YNTeCrU.exe
  C:\Windows\System\YNTeCrU.exe
  2⤵
  PID:6432
- C:\Windows\System\amGmJJh.exe
  C:\Windows\System\amGmJJh.exe
  2⤵
  PID:6452
- C:\Windows\System\DaqFDuG.exe
  C:\Windows\System\DaqFDuG.exe
  2⤵
  PID:6472
- C:\Windows\System\klTJZmK.exe
  C:\Windows\System\klTJZmK.exe
  2⤵
  PID:6492
- C:\Windows\System\FcAmWDy.exe
  C:\Windows\System\FcAmWDy.exe
  2⤵
  PID:6512
- C:\Windows\System\eshKFHM.exe
  C:\Windows\System\eshKFHM.exe
  2⤵
  PID:6532
- C:\Windows\System\WrlqeiU.exe
  C:\Windows\System\WrlqeiU.exe
  2⤵
  PID:6552
- C:\Windows\System\wrvflau.exe
  C:\Windows\System\wrvflau.exe
  2⤵
  PID:6572
- C:\Windows\System\OztDZMJ.exe
  C:\Windows\System\OztDZMJ.exe
  2⤵
  PID:6592
- C:\Windows\System\mKTXYnr.exe
  C:\Windows\System\mKTXYnr.exe
  2⤵
  PID:6612
- C:\Windows\System\sqyuQzW.exe
  C:\Windows\System\sqyuQzW.exe
  2⤵
  PID:6636
- C:\Windows\System\CqJCnmE.exe
  C:\Windows\System\CqJCnmE.exe
  2⤵
  PID:6656
- C:\Windows\System\OMwiqZQ.exe
  C:\Windows\System\OMwiqZQ.exe
  2⤵
  PID:6676
- C:\Windows\System\ukWDEjS.exe
  C:\Windows\System\ukWDEjS.exe
  2⤵
  PID:6696
- C:\Windows\System\YINiedb.exe
  C:\Windows\System\YINiedb.exe
  2⤵
  PID:6716
- C:\Windows\System\ccBgplF.exe
  C:\Windows\System\ccBgplF.exe
  2⤵
  PID:6736
- C:\Windows\System\KuUFZLe.exe
  C:\Windows\System\KuUFZLe.exe
  2⤵
  PID:6756
- C:\Windows\System\rHlQYnm.exe
  C:\Windows\System\rHlQYnm.exe
  2⤵
  PID:6776
- C:\Windows\System\mWDzpan.exe
  C:\Windows\System\mWDzpan.exe
  2⤵
  PID:6796
- C:\Windows\System\xdxaCEC.exe
  C:\Windows\System\xdxaCEC.exe
  2⤵
  PID:6816
- C:\Windows\System\MtvIPWm.exe
  C:\Windows\System\MtvIPWm.exe
  2⤵
  PID:6836
- C:\Windows\System\GmiLOBi.exe
  C:\Windows\System\GmiLOBi.exe
  2⤵
  PID:6856
- C:\Windows\System\fOsHlUd.exe
  C:\Windows\System\fOsHlUd.exe
  2⤵
  PID:6876
- C:\Windows\System\EqYrxOn.exe
  C:\Windows\System\EqYrxOn.exe
  2⤵
  PID:6896
- C:\Windows\System\jFAoupU.exe
  C:\Windows\System\jFAoupU.exe
  2⤵
  PID:6916
- C:\Windows\System\scnhAGU.exe
  C:\Windows\System\scnhAGU.exe
  2⤵
  PID:6936
- C:\Windows\System\bSpjioS.exe
  C:\Windows\System\bSpjioS.exe
  2⤵
  PID:6956
- C:\Windows\System\kNTxwMN.exe
  C:\Windows\System\kNTxwMN.exe
  2⤵
  PID:6976
- C:\Windows\System\qdduXpk.exe
  C:\Windows\System\qdduXpk.exe
  2⤵
  PID:6996
- C:\Windows\System\TnwMfmd.exe
  C:\Windows\System\TnwMfmd.exe
  2⤵
  PID:7016
- C:\Windows\System\qFvnabK.exe
  C:\Windows\System\qFvnabK.exe
  2⤵
  PID:7032
- C:\Windows\System\bdsTnrO.exe
  C:\Windows\System\bdsTnrO.exe
  2⤵
  PID:7056
- C:\Windows\System\hAPHyue.exe
  C:\Windows\System\hAPHyue.exe
  2⤵
  PID:7076
- C:\Windows\System\Xuatkrh.exe
  C:\Windows\System\Xuatkrh.exe
  2⤵
  PID:7096
- C:\Windows\System\pwjJIBo.exe
  C:\Windows\System\pwjJIBo.exe
  2⤵
  PID:7116
- C:\Windows\System\eDTkCMU.exe
  C:\Windows\System\eDTkCMU.exe
  2⤵
  PID:7132
- C:\Windows\System\MgmqUAE.exe
  C:\Windows\System\MgmqUAE.exe
  2⤵
  PID:7156
- C:\Windows\System\HyMKJNT.exe
  C:\Windows\System\HyMKJNT.exe
  2⤵
  PID:5236
- C:\Windows\System\GZZkRuz.exe
  C:\Windows\System\GZZkRuz.exe
  2⤵
  PID:5356
- C:\Windows\System\SEOxfMJ.exe
  C:\Windows\System\SEOxfMJ.exe
  2⤵
  PID:5464
- C:\Windows\System\WTMLtWF.exe
  C:\Windows\System\WTMLtWF.exe
  2⤵
  PID:5560
- C:\Windows\System\biwwLUa.exe
  C:\Windows\System\biwwLUa.exe
  2⤵
  PID:5784
- C:\Windows\System\smCAycj.exe
  C:\Windows\System\smCAycj.exe
  2⤵
  PID:5944
- C:\Windows\System\DYYIIBD.exe
  C:\Windows\System\DYYIIBD.exe
  2⤵
  PID:4912
- C:\Windows\System\lZXgrPD.exe
  C:\Windows\System\lZXgrPD.exe
  2⤵
  PID:4808
- C:\Windows\System\ZgVngTA.exe
  C:\Windows\System\ZgVngTA.exe
  2⤵
  PID:6160
- C:\Windows\System\oGoRqnW.exe
  C:\Windows\System\oGoRqnW.exe
  2⤵
  PID:6200
- C:\Windows\System\biMRgvK.exe
  C:\Windows\System\biMRgvK.exe
  2⤵
  PID:6224
- C:\Windows\System\joxsWTp.exe
  C:\Windows\System\joxsWTp.exe
  2⤵
  PID:6244
- C:\Windows\System\fcVGSnO.exe
  C:\Windows\System\fcVGSnO.exe
  2⤵
  PID:6308
- C:\Windows\System\ivMiykn.exe
  C:\Windows\System\ivMiykn.exe
  2⤵
  PID:6328
- C:\Windows\System\hlSQGgr.exe
  C:\Windows\System\hlSQGgr.exe
  2⤵
  PID:6380
- C:\Windows\System\nDVBWZY.exe
  C:\Windows\System\nDVBWZY.exe
  2⤵
  PID:6400
- C:\Windows\System\Rwnndfq.exe
  C:\Windows\System\Rwnndfq.exe
  2⤵
  PID:6424
- C:\Windows\System\jbEiujq.exe
  C:\Windows\System\jbEiujq.exe
  2⤵
  PID:6444
- C:\Windows\System\skVJUde.exe
  C:\Windows\System\skVJUde.exe
  2⤵
  PID:6484
- C:\Windows\System\CgSlfut.exe
  C:\Windows\System\CgSlfut.exe
  2⤵
  PID:6548
- C:\Windows\System\zLQbvGS.exe
  C:\Windows\System\zLQbvGS.exe
  2⤵
  PID:6568
- C:\Windows\System\BykVTqZ.exe
  C:\Windows\System\BykVTqZ.exe
  2⤵
  PID:6600
- C:\Windows\System\CJVKLdW.exe
  C:\Windows\System\CJVKLdW.exe
  2⤵
  PID:6628
- C:\Windows\System\fAKWXGt.exe
  C:\Windows\System\fAKWXGt.exe
  2⤵
  PID:6672
- C:\Windows\System\dqOiLte.exe
  C:\Windows\System\dqOiLte.exe
  2⤵
  PID:6692
- C:\Windows\System\sRujhAE.exe
  C:\Windows\System\sRujhAE.exe
  2⤵
  PID:6744
- C:\Windows\System\ffbnOVM.exe
  C:\Windows\System\ffbnOVM.exe
  2⤵
  PID:612
- C:\Windows\System\DEPumvf.exe
  C:\Windows\System\DEPumvf.exe
  2⤵
  PID:6768
- C:\Windows\System\gbZRZPH.exe
  C:\Windows\System\gbZRZPH.exe
  2⤵
  PID:6832
- C:\Windows\System\bXaVdWy.exe
  C:\Windows\System\bXaVdWy.exe
  2⤵
  PID:6844
- C:\Windows\System\eeFGnSy.exe
  C:\Windows\System\eeFGnSy.exe
  2⤵
  PID:6904
- C:\Windows\System\HIZudWm.exe
  C:\Windows\System\HIZudWm.exe
  2⤵
  PID:6908
- C:\Windows\System\HqZPmWv.exe
  C:\Windows\System\HqZPmWv.exe
  2⤵
  PID:6948
- C:\Windows\System\etabHEl.exe
  C:\Windows\System\etabHEl.exe
  2⤵
  PID:6992
- C:\Windows\System\ARQhZtm.exe
  C:\Windows\System\ARQhZtm.exe
  2⤵
  PID:7028
- C:\Windows\System\aWmqpwg.exe
  C:\Windows\System\aWmqpwg.exe
  2⤵
  PID:2240
- C:\Windows\System\ybsKcuu.exe
  C:\Windows\System\ybsKcuu.exe
  2⤵
  PID:7044
- C:\Windows\System\DmLuzVe.exe
  C:\Windows\System\DmLuzVe.exe
  2⤵
  PID:7108
- C:\Windows\System\fyKtuCW.exe
  C:\Windows\System\fyKtuCW.exe
  2⤵
  PID:7140
- C:\Windows\System\pbnbQPW.exe
  C:\Windows\System\pbnbQPW.exe
  2⤵
  PID:7124
- C:\Windows\System\YgBfrZq.exe
  C:\Windows\System\YgBfrZq.exe
  2⤵
  PID:2264
- C:\Windows\System\TUOUnFz.exe
  C:\Windows\System\TUOUnFz.exe
  2⤵
  PID:5380
- C:\Windows\System\ZwGtyaP.exe
  C:\Windows\System\ZwGtyaP.exe
  2⤵
  PID:5688
- C:\Windows\System\aUxDNst.exe
  C:\Windows\System\aUxDNst.exe
  2⤵
  PID:2896
- C:\Windows\System\goziJbt.exe
  C:\Windows\System\goziJbt.exe
  2⤵
  PID:6028
- C:\Windows\System\OnIbtih.exe
  C:\Windows\System\OnIbtih.exe
  2⤵
  PID:2872
- C:\Windows\System\Bjirpma.exe
  C:\Windows\System\Bjirpma.exe
  2⤵
  PID:6228
- C:\Windows\System\nKRYmei.exe
  C:\Windows\System\nKRYmei.exe
  2⤵
  PID:6280
- C:\Windows\System\kKcRzlB.exe
  C:\Windows\System\kKcRzlB.exe
  2⤵
  PID:6288
- C:\Windows\System\hMhYHfU.exe
  C:\Windows\System\hMhYHfU.exe
  2⤵
  PID:6360
- C:\Windows\System\AISYLpi.exe
  C:\Windows\System\AISYLpi.exe
  2⤵
  PID:6420
- C:\Windows\System\dorqPOl.exe
  C:\Windows\System\dorqPOl.exe
  2⤵
  PID:6428
- C:\Windows\System\qxyTIBE.exe
  C:\Windows\System\qxyTIBE.exe
  2⤵
  PID:6500
- C:\Windows\System\xMqNayA.exe
  C:\Windows\System\xMqNayA.exe
  2⤵
  PID:6564
- C:\Windows\System\dqYBFxV.exe
  C:\Windows\System\dqYBFxV.exe
  2⤵
  PID:6644
- C:\Windows\System\rGOkJyX.exe
  C:\Windows\System\rGOkJyX.exe
  2⤵
  PID:6708
- C:\Windows\System\lkQLpIM.exe
  C:\Windows\System\lkQLpIM.exe
  2⤵
  PID:6704
- C:\Windows\System\nECMEzC.exe
  C:\Windows\System\nECMEzC.exe
  2⤵
  PID:1292
- C:\Windows\System\ZiOMNtU.exe
  C:\Windows\System\ZiOMNtU.exe
  2⤵
  PID:6772
- C:\Windows\System\NzneFwH.exe
  C:\Windows\System\NzneFwH.exe
  2⤵
  PID:2172
- C:\Windows\System\AJMJcZD.exe
  C:\Windows\System\AJMJcZD.exe
  2⤵
  PID:6804
- C:\Windows\System\Xbmipor.exe
  C:\Windows\System\Xbmipor.exe
  2⤵
  PID:6872
- C:\Windows\System\HbxWQwI.exe
  C:\Windows\System\HbxWQwI.exe
  2⤵
  PID:2640
- C:\Windows\System\qLfNpoW.exe
  C:\Windows\System\qLfNpoW.exe
  2⤵
  PID:6952
- C:\Windows\System\pYRhrCb.exe
  C:\Windows\System\pYRhrCb.exe
  2⤵
  PID:6972
- C:\Windows\System\RCriikV.exe
  C:\Windows\System\RCriikV.exe
  2⤵
  PID:2808
- C:\Windows\System\QNuPpGp.exe
  C:\Windows\System\QNuPpGp.exe
  2⤵
  PID:7052
- C:\Windows\System\kYhXkaI.exe
  C:\Windows\System\kYhXkaI.exe
  2⤵
  PID:7040
- C:\Windows\System\QITGRhU.exe
  C:\Windows\System\QITGRhU.exe
  2⤵
  PID:7084
- C:\Windows\System\XxsLGTh.exe
  C:\Windows\System\XxsLGTh.exe
  2⤵
  PID:7092
- C:\Windows\System\hIuGIPb.exe
  C:\Windows\System\hIuGIPb.exe
  2⤵
  PID:2008
- C:\Windows\System\tWsxbIM.exe
  C:\Windows\System\tWsxbIM.exe
  2⤵
  PID:5540
- C:\Windows\System\RiToCDo.exe
  C:\Windows\System\RiToCDo.exe
  2⤵
  PID:5736
- C:\Windows\System\JazDqEx.exe
  C:\Windows\System\JazDqEx.exe
  2⤵
  PID:6204
- C:\Windows\System\ESBcbpW.exe
  C:\Windows\System\ESBcbpW.exe
  2⤵
  PID:6268
- C:\Windows\System\QTgKJpy.exe
  C:\Windows\System\QTgKJpy.exe
  2⤵
  PID:6208
- C:\Windows\System\mgaxDGh.exe
  C:\Windows\System\mgaxDGh.exe
  2⤵
  PID:2904
- C:\Windows\System\MuPaarZ.exe
  C:\Windows\System\MuPaarZ.exe
  2⤵
  PID:2856
- C:\Windows\System\kdWepRY.exe
  C:\Windows\System\kdWepRY.exe
  2⤵
  PID:2244
- C:\Windows\System\ODUMeBO.exe
  C:\Windows\System\ODUMeBO.exe
  2⤵
  PID:344
- C:\Windows\System\oExanMu.exe
  C:\Windows\System\oExanMu.exe
  2⤵
  PID:6588
- C:\Windows\System\JsXEUeV.exe
  C:\Windows\System\JsXEUeV.exe
  2⤵
  PID:6544
- C:\Windows\System\uctiGDZ.exe
  C:\Windows\System\uctiGDZ.exe
  2⤵
  PID:6732
- C:\Windows\System\fZdlcvS.exe
  C:\Windows\System\fZdlcvS.exe
  2⤵
  PID:1796
- C:\Windows\System\uZBMBXF.exe
  C:\Windows\System\uZBMBXF.exe
  2⤵
  PID:6864
- C:\Windows\System\PEROMNw.exe
  C:\Windows\System\PEROMNw.exe
  2⤵
  PID:7112
- C:\Windows\System\MzsVpkA.exe
  C:\Windows\System\MzsVpkA.exe
  2⤵
  PID:7104
- C:\Windows\System\tOOsQhf.exe
  C:\Windows\System\tOOsQhf.exe
  2⤵
  PID:6132
- C:\Windows\System\BAJSsyE.exe
  C:\Windows\System\BAJSsyE.exe
  2⤵
  PID:1968
- C:\Windows\System\aRjyNFX.exe
  C:\Windows\System\aRjyNFX.exe
  2⤵
  PID:6964
- C:\Windows\System\hHyacsY.exe
  C:\Windows\System\hHyacsY.exe
  2⤵
  PID:7072
- C:\Windows\System\nhxsPfG.exe
  C:\Windows\System\nhxsPfG.exe
  2⤵
  PID:3068
- C:\Windows\System\YhbmBpt.exe
  C:\Windows\System\YhbmBpt.exe
  2⤵
  PID:5904
- C:\Windows\System\cUTXFcg.exe
  C:\Windows\System\cUTXFcg.exe
  2⤵
  PID:6304
- C:\Windows\System\mwOVpSP.exe
  C:\Windows\System\mwOVpSP.exe
  2⤵
  PID:2144
- C:\Windows\System\FTqXzOx.exe
  C:\Windows\System\FTqXzOx.exe
  2⤵
  PID:6668
- C:\Windows\System\pxPZBHo.exe
  C:\Windows\System\pxPZBHo.exe
  2⤵
  PID:1744
- C:\Windows\System\skLKsiz.exe
  C:\Windows\System\skLKsiz.exe
  2⤵
  PID:6608
- C:\Windows\System\kHzznNJ.exe
  C:\Windows\System\kHzznNJ.exe
  2⤵
  PID:6932
- C:\Windows\System\oZWDwfF.exe
  C:\Windows\System\oZWDwfF.exe
  2⤵
  PID:4192
- C:\Windows\System\BqNXoVT.exe
  C:\Windows\System\BqNXoVT.exe
  2⤵
  PID:5824
- C:\Windows\System\bgSzjte.exe
  C:\Windows\System\bgSzjte.exe
  2⤵
  PID:6868
- C:\Windows\System\GLqDMVZ.exe
  C:\Windows\System\GLqDMVZ.exe
  2⤵
  PID:2956
- C:\Windows\System\nargraf.exe
  C:\Windows\System\nargraf.exe
  2⤵
  PID:1528
- C:\Windows\System\aERkkEZ.exe
  C:\Windows\System\aERkkEZ.exe
  2⤵
  PID:1900
- C:\Windows\System\VxSppAk.exe
  C:\Windows\System\VxSppAk.exe
  2⤵
  PID:2316
- C:\Windows\System\eLYLScM.exe
  C:\Windows\System\eLYLScM.exe
  2⤵
  PID:1592
- C:\Windows\System\wnhkxAV.exe
  C:\Windows\System\wnhkxAV.exe
  2⤵
  PID:1852
- C:\Windows\System\OvbfqRN.exe
  C:\Windows\System\OvbfqRN.exe
  2⤵
  PID:5304
- C:\Windows\System\GoRjwYf.exe
  C:\Windows\System\GoRjwYf.exe
  2⤵
  PID:7184
- C:\Windows\System\gWCiEiF.exe
  C:\Windows\System\gWCiEiF.exe
  2⤵
  PID:7204
- C:\Windows\System\TusYfXS.exe
  C:\Windows\System\TusYfXS.exe
  2⤵
  PID:7224
- C:\Windows\System\rdaPlMi.exe
  C:\Windows\System\rdaPlMi.exe
  2⤵
  PID:7244
- C:\Windows\System\yYcLRVr.exe
  C:\Windows\System\yYcLRVr.exe
  2⤵
  PID:7264
- C:\Windows\System\JqBBwmA.exe
  C:\Windows\System\JqBBwmA.exe
  2⤵
  PID:7280
- C:\Windows\System\hcqQDrm.exe
  C:\Windows\System\hcqQDrm.exe
  2⤵
  PID:7296
- C:\Windows\System\qvMPUvN.exe
  C:\Windows\System\qvMPUvN.exe
  2⤵
  PID:7388
- C:\Windows\System\wKMwUGh.exe
  C:\Windows\System\wKMwUGh.exe
  2⤵
  PID:7408
- C:\Windows\System\PlYDtOv.exe
  C:\Windows\System\PlYDtOv.exe
  2⤵
  PID:7424
- C:\Windows\System\niQnBXd.exe
  C:\Windows\System\niQnBXd.exe
  2⤵
  PID:7444
- C:\Windows\System\AUpclHS.exe
  C:\Windows\System\AUpclHS.exe
  2⤵
  PID:7460
- C:\Windows\System\WYEneaU.exe
  C:\Windows\System\WYEneaU.exe
  2⤵
  PID:7476
- C:\Windows\System\nPgqsNx.exe
  C:\Windows\System\nPgqsNx.exe
  2⤵
  PID:7492
- C:\Windows\System\ewvQnmZ.exe
  C:\Windows\System\ewvQnmZ.exe
  2⤵
  PID:7508
- C:\Windows\System\DmpwEvK.exe
  C:\Windows\System\DmpwEvK.exe
  2⤵
  PID:7524
- C:\Windows\System\luarcQB.exe
  C:\Windows\System\luarcQB.exe
  2⤵
  PID:7544
- C:\Windows\System\WYlHiIO.exe
  C:\Windows\System\WYlHiIO.exe
  2⤵
  PID:7572
- C:\Windows\System\IOmcsgP.exe
  C:\Windows\System\IOmcsgP.exe
  2⤵
  PID:7592
- C:\Windows\System\SfnlLva.exe
  C:\Windows\System\SfnlLva.exe
  2⤵
  PID:7616
- C:\Windows\System\GMPTYOQ.exe
  C:\Windows\System\GMPTYOQ.exe
  2⤵
  PID:7636
- C:\Windows\System\SIvFrZT.exe
  C:\Windows\System\SIvFrZT.exe
  2⤵
  PID:7652
- C:\Windows\System\FPsujdN.exe
  C:\Windows\System\FPsujdN.exe
  2⤵
  PID:7668
- C:\Windows\System\AsZXjmz.exe
  C:\Windows\System\AsZXjmz.exe
  2⤵
  PID:7688
- C:\Windows\System\Lscebgx.exe
  C:\Windows\System\Lscebgx.exe
  2⤵
  PID:7708
- C:\Windows\System\NzQMBQN.exe
  C:\Windows\System\NzQMBQN.exe
  2⤵
  PID:7724
- C:\Windows\System\SmrbCGJ.exe
  C:\Windows\System\SmrbCGJ.exe
  2⤵
  PID:7740
- C:\Windows\System\FUOBmdv.exe
  C:\Windows\System\FUOBmdv.exe
  2⤵
  PID:7756
- C:\Windows\System\zINyuJl.exe
  C:\Windows\System\zINyuJl.exe
  2⤵
  PID:7772
- C:\Windows\System\BRzoIUh.exe
  C:\Windows\System\BRzoIUh.exe
  2⤵
  PID:7788
- C:\Windows\System\nkqyHPB.exe
  C:\Windows\System\nkqyHPB.exe
  2⤵
  PID:7848
- C:\Windows\System\EqasNVC.exe
  C:\Windows\System\EqasNVC.exe
  2⤵
  PID:7864
- C:\Windows\System\rtHrPEK.exe
  C:\Windows\System\rtHrPEK.exe
  2⤵
  PID:7880
- C:\Windows\System\SXhCtWP.exe
  C:\Windows\System\SXhCtWP.exe
  2⤵
  PID:7896
- C:\Windows\System\VLrzFIu.exe
  C:\Windows\System\VLrzFIu.exe
  2⤵
  PID:7912
- C:\Windows\System\iXsaSUg.exe
  C:\Windows\System\iXsaSUg.exe
  2⤵
  PID:7928
- C:\Windows\System\wXGsfse.exe
  C:\Windows\System\wXGsfse.exe
  2⤵
  PID:7944
- C:\Windows\System\sIbQGXS.exe
  C:\Windows\System\sIbQGXS.exe
  2⤵
  PID:7960
- C:\Windows\System\DRXHsAw.exe
  C:\Windows\System\DRXHsAw.exe
  2⤵
  PID:7976
- C:\Windows\System\LMEIzDc.exe
  C:\Windows\System\LMEIzDc.exe
  2⤵
  PID:7992
- C:\Windows\System\mSggbFT.exe
  C:\Windows\System\mSggbFT.exe
  2⤵
  PID:8016
- C:\Windows\System\DCtPoDs.exe
  C:\Windows\System\DCtPoDs.exe
  2⤵
  PID:8068
- C:\Windows\System\stSbbuo.exe
  C:\Windows\System\stSbbuo.exe
  2⤵
  PID:8084
- C:\Windows\System\NSELnEC.exe
  C:\Windows\System\NSELnEC.exe
  2⤵
  PID:8100
- C:\Windows\System\yWTVlGM.exe
  C:\Windows\System\yWTVlGM.exe
  2⤵
  PID:8116
- C:\Windows\System\TgpqNNz.exe
  C:\Windows\System\TgpqNNz.exe
  2⤵
  PID:8136
- C:\Windows\System\tDuZTPr.exe
  C:\Windows\System\tDuZTPr.exe
  2⤵
  PID:8152
- C:\Windows\System\uRgGdKd.exe
  C:\Windows\System\uRgGdKd.exe
  2⤵
  PID:8168
- C:\Windows\System\QcOkzne.exe
  C:\Windows\System\QcOkzne.exe
  2⤵
  PID:8188
- C:\Windows\System\QwirkuB.exe
  C:\Windows\System\QwirkuB.exe
  2⤵
  PID:4324
- C:\Windows\System\TmtkzLE.exe
  C:\Windows\System\TmtkzLE.exe
  2⤵
  PID:7192
- C:\Windows\System\eLizuqB.exe
  C:\Windows\System\eLizuqB.exe
  2⤵
  PID:7232
- C:\Windows\System\IWXktTT.exe
  C:\Windows\System\IWXktTT.exe
  2⤵
  PID:7312
- C:\Windows\System\osLuTQT.exe
  C:\Windows\System\osLuTQT.exe
  2⤵
  PID:7304
- C:\Windows\System\ELpvPPW.exe
  C:\Windows\System\ELpvPPW.exe
  2⤵
  PID:7336
- C:\Windows\System\KOcXUvB.exe
  C:\Windows\System\KOcXUvB.exe
  2⤵
  PID:7356
- C:\Windows\System\fPmpGvc.exe
  C:\Windows\System\fPmpGvc.exe
  2⤵
  PID:632
- C:\Windows\System\beNwvnS.exe
  C:\Windows\System\beNwvnS.exe
  2⤵
  PID:2420
- C:\Windows\System\RsAGgMH.exe
  C:\Windows\System\RsAGgMH.exe
  2⤵
  PID:5992
- C:\Windows\System\VUDePYY.exe
  C:\Windows\System\VUDePYY.exe
  2⤵
  PID:6384
- C:\Windows\System\YAqMQXz.exe
  C:\Windows\System\YAqMQXz.exe
  2⤵
  PID:7288
- C:\Windows\System\jDixFAI.exe
  C:\Windows\System\jDixFAI.exe
  2⤵
  PID:7400
- C:\Windows\System\sBlIufe.exe
  C:\Windows\System\sBlIufe.exe
  2⤵
  PID:7560
- C:\Windows\System\bnvfTYP.exe
  C:\Windows\System\bnvfTYP.exe
  2⤵
  PID:7604
- C:\Windows\System\KMAogkr.exe
  C:\Windows\System\KMAogkr.exe
  2⤵
  PID:7648
- C:\Windows\System\QyBcXHY.exe
  C:\Windows\System\QyBcXHY.exe
  2⤵
  PID:7676
- C:\Windows\System\SqciTSI.exe
  C:\Windows\System\SqciTSI.exe
  2⤵
  PID:7720
- C:\Windows\System\RAOlGQi.exe
  C:\Windows\System\RAOlGQi.exe
  2⤵
  PID:7784
- C:\Windows\System\EurJovw.exe
  C:\Windows\System\EurJovw.exe
  2⤵
  PID:7588
- C:\Windows\System\VvKbbQB.exe
  C:\Windows\System\VvKbbQB.exe
  2⤵
  PID:7696
- C:\Windows\System\wmEHbvJ.exe
  C:\Windows\System\wmEHbvJ.exe
  2⤵
  PID:7736
- C:\Windows\System\VrlyUiv.exe
  C:\Windows\System\VrlyUiv.exe
  2⤵
  PID:7812
- C:\Windows\System\OPzcEzh.exe
  C:\Windows\System\OPzcEzh.exe
  2⤵
  PID:7828
- C:\Windows\System\sCPlCDJ.exe
  C:\Windows\System\sCPlCDJ.exe
  2⤵
  PID:7836
- C:\Windows\System\jSUGTrt.exe
  C:\Windows\System\jSUGTrt.exe
  2⤵
  PID:7988
- C:\Windows\System\ejqgTcY.exe
  C:\Windows\System\ejqgTcY.exe
  2⤵
  PID:8028
- C:\Windows\System\zWGZMNz.exe
  C:\Windows\System\zWGZMNz.exe
  2⤵
  PID:8048
- C:\Windows\System\VHBsuDR.exe
  C:\Windows\System\VHBsuDR.exe
  2⤵
  PID:7936
- C:\Windows\System\aDKgOzQ.exe
  C:\Windows\System\aDKgOzQ.exe
  2⤵
  PID:8008
- C:\Windows\System\wpWxokH.exe
  C:\Windows\System\wpWxokH.exe
  2⤵
  PID:8032
- C:\Windows\System\IsbypDz.exe
  C:\Windows\System\IsbypDz.exe
  2⤵
  PID:8128
- C:\Windows\System\XzRSdnI.exe
  C:\Windows\System\XzRSdnI.exe
  2⤵
  PID:2644
- C:\Windows\System\ilpDNrv.exe
  C:\Windows\System\ilpDNrv.exe
  2⤵
  PID:4352
- C:\Windows\System\kkiOqfo.exe
  C:\Windows\System\kkiOqfo.exe
  2⤵
  PID:7176
- C:\Windows\System\doiGFPY.exe
  C:\Windows\System\doiGFPY.exe
  2⤵
  PID:7372
- C:\Windows\System\pISYGCl.exe
  C:\Windows\System\pISYGCl.exe
  2⤵
  PID:7324
- C:\Windows\System\cjXrnIf.exe
  C:\Windows\System\cjXrnIf.exe
  2⤵
  PID:8112
- C:\Windows\System\eBSnGyw.exe
  C:\Windows\System\eBSnGyw.exe
  2⤵
  PID:8176
- C:\Windows\System\ueoinbh.exe
  C:\Windows\System\ueoinbh.exe
  2⤵
  PID:7272
- C:\Windows\System\DHlIyoI.exe
  C:\Windows\System\DHlIyoI.exe
  2⤵
  PID:6824
- C:\Windows\System\aOipGqB.exe
  C:\Windows\System\aOipGqB.exe
  2⤵
  PID:7440
- C:\Windows\System\FVOXgtB.exe
  C:\Windows\System\FVOXgtB.exe
  2⤵
  PID:7568
- C:\Windows\System\EwiFyWK.exe
  C:\Windows\System\EwiFyWK.exe
  2⤵
  PID:7472
- C:\Windows\System\yQeVkJf.exe
  C:\Windows\System\yQeVkJf.exe
  2⤵
  PID:7612
- C:\Windows\System\wiypmYY.exe
  C:\Windows\System\wiypmYY.exe
  2⤵
  PID:7540
- C:\Windows\System\ohdpmDc.exe
  C:\Windows\System\ohdpmDc.exe
  2⤵
  PID:7860
- C:\Windows\System\BDtQjne.exe
  C:\Windows\System\BDtQjne.exe
  2⤵
  PID:7796
- C:\Windows\System\iPoVUGf.exe
  C:\Windows\System\iPoVUGf.exe
  2⤵
  PID:7824
- C:\Windows\System\QPsqhgS.exe
  C:\Windows\System\QPsqhgS.exe
  2⤵
  PID:7956
- C:\Windows\System\JVdDkdm.exe
  C:\Windows\System\JVdDkdm.exe
  2⤵
  PID:7984
- C:\Windows\System\GQBfRGn.exe
  C:\Windows\System\GQBfRGn.exe
  2⤵
  PID:7908
- C:\Windows\System\PHWSTQf.exe
  C:\Windows\System\PHWSTQf.exe
  2⤵
  PID:8064
- C:\Windows\System\IVhgJMs.exe
  C:\Windows\System\IVhgJMs.exe
  2⤵
  PID:8004
- C:\Windows\System\CovOFHJ.exe
  C:\Windows\System\CovOFHJ.exe
  2⤵
  PID:8096
- C:\Windows\System\xLwWRPV.exe
  C:\Windows\System\xLwWRPV.exe
  2⤵
  PID:7220
- C:\Windows\System\dPiETOO.exe
  C:\Windows\System\dPiETOO.exe
  2⤵
  PID:7396
- C:\Windows\System\GSoTooh.exe
  C:\Windows\System\GSoTooh.exe
  2⤵
  PID:8108
- C:\Windows\System\uzMUwYT.exe
  C:\Windows\System\uzMUwYT.exe
  2⤵
  PID:8184
- C:\Windows\System\oZqqePB.exe
  C:\Windows\System\oZqqePB.exe
  2⤵
  PID:7488
- C:\Windows\System\RwenUbc.exe
  C:\Windows\System\RwenUbc.exe
  2⤵
  PID:7780
- C:\Windows\System\iajBwak.exe
  C:\Windows\System\iajBwak.exe
  2⤵
  PID:7468
- C:\Windows\System\yKzlGoD.exe
  C:\Windows\System\yKzlGoD.exe
  2⤵
  PID:7660
- C:\Windows\System\cgOfHcT.exe
  C:\Windows\System\cgOfHcT.exe
  2⤵
  PID:7716
- C:\Windows\System\guGgmhc.exe
  C:\Windows\System\guGgmhc.exe
  2⤵
  PID:8060
- C:\Windows\System\FUByhrF.exe
  C:\Windows\System\FUByhrF.exe
  2⤵
  PID:7352
- C:\Windows\System\UMFmmWI.exe
  C:\Windows\System\UMFmmWI.exe
  2⤵
  PID:7580
- C:\Windows\System\KZqhrgk.exe
  C:\Windows\System\KZqhrgk.exe
  2⤵
  PID:7200
- C:\Windows\System\VWMFund.exe
  C:\Windows\System\VWMFund.exe
  2⤵
  PID:7240
- C:\Windows\System\amjCLGp.exe
  C:\Windows\System\amjCLGp.exe
  2⤵
  PID:7212
- C:\Windows\System\ssTGslA.exe
  C:\Windows\System\ssTGslA.exe
  2⤵
  PID:6340
- C:\Windows\System\GVLfTvl.exe
  C:\Windows\System\GVLfTvl.exe
  2⤵
  PID:7556
- C:\Windows\System\SjXDBWD.exe
  C:\Windows\System\SjXDBWD.exe
  2⤵
  PID:7768
- C:\Windows\System\IeSZoem.exe
  C:\Windows\System\IeSZoem.exe
  2⤵
  PID:6888
- C:\Windows\System\bfGBdvK.exe
  C:\Windows\System\bfGBdvK.exe
  2⤵
  PID:8208
- C:\Windows\System\GggOimq.exe
  C:\Windows\System\GggOimq.exe
  2⤵
  PID:8224
- C:\Windows\System\YCGMtiM.exe
  C:\Windows\System\YCGMtiM.exe
  2⤵
  PID:8240
- C:\Windows\System\mYzuvWw.exe
  C:\Windows\System\mYzuvWw.exe
  2⤵
  PID:8256
- C:\Windows\System\OteZVWN.exe
  C:\Windows\System\OteZVWN.exe
  2⤵
  PID:8272
- C:\Windows\System\fkQKbdT.exe
  C:\Windows\System\fkQKbdT.exe
  2⤵
  PID:8288
- C:\Windows\System\bALITDk.exe
  C:\Windows\System\bALITDk.exe
  2⤵
  PID:8304
- C:\Windows\System\tVlQEDt.exe
  C:\Windows\System\tVlQEDt.exe
  2⤵
  PID:8328
- C:\Windows\System\cWwslqR.exe
  C:\Windows\System\cWwslqR.exe
  2⤵
  PID:8352
- C:\Windows\System\ZhcNaBS.exe
  C:\Windows\System\ZhcNaBS.exe
  2⤵
  PID:8368
- C:\Windows\System\tErKvBN.exe
  C:\Windows\System\tErKvBN.exe
  2⤵
  PID:8384
- C:\Windows\System\YGdasLJ.exe
  C:\Windows\System\YGdasLJ.exe
  2⤵
  PID:8400
- C:\Windows\System\hgCTdLS.exe
  C:\Windows\System\hgCTdLS.exe
  2⤵
  PID:8416
- C:\Windows\System\NoftqxZ.exe
  C:\Windows\System\NoftqxZ.exe
  2⤵
  PID:8436
- C:\Windows\System\DoSdHbJ.exe
  C:\Windows\System\DoSdHbJ.exe
  2⤵
  PID:8452
- C:\Windows\System\gyUODUJ.exe
  C:\Windows\System\gyUODUJ.exe
  2⤵
  PID:8468
- C:\Windows\System\QKxGKTY.exe
  C:\Windows\System\QKxGKTY.exe
  2⤵
  PID:8484
- C:\Windows\System\uiKJuEO.exe
  C:\Windows\System\uiKJuEO.exe
  2⤵
  PID:8500
- C:\Windows\System\vCeDiSA.exe
  C:\Windows\System\vCeDiSA.exe
  2⤵
  PID:8516
- C:\Windows\System\vglDJYo.exe
  C:\Windows\System\vglDJYo.exe
  2⤵
  PID:8532
- C:\Windows\System\QxpBhJh.exe
  C:\Windows\System\QxpBhJh.exe
  2⤵
  PID:8548
- C:\Windows\System\OONwMKr.exe
  C:\Windows\System\OONwMKr.exe
  2⤵
  PID:8564
- C:\Windows\System\nsgIjyQ.exe
  C:\Windows\System\nsgIjyQ.exe
  2⤵
  PID:8580
- C:\Windows\System\pMlDIDu.exe
  C:\Windows\System\pMlDIDu.exe
  2⤵
  PID:8596
- C:\Windows\System\SOHzekh.exe
  C:\Windows\System\SOHzekh.exe
  2⤵
  PID:8612
- C:\Windows\System\OCVcnja.exe
  C:\Windows\System\OCVcnja.exe
  2⤵
  PID:8628
- C:\Windows\System\vvZAXEa.exe
  C:\Windows\System\vvZAXEa.exe
  2⤵
  PID:8644
- C:\Windows\System\CpBTCnW.exe
  C:\Windows\System\CpBTCnW.exe
  2⤵
  PID:8660
- C:\Windows\System\WkyFcpp.exe
  C:\Windows\System\WkyFcpp.exe
  2⤵
  PID:8676
- C:\Windows\System\qomTRDI.exe
  C:\Windows\System\qomTRDI.exe
  2⤵
  PID:8692
- C:\Windows\System\PUNeWog.exe
  C:\Windows\System\PUNeWog.exe
  2⤵
  PID:8856
- C:\Windows\System\vqjwZwr.exe
  C:\Windows\System\vqjwZwr.exe
  2⤵
  PID:8872
- C:\Windows\System\OyLyhWe.exe
  C:\Windows\System\OyLyhWe.exe
  2⤵
  PID:8888
- C:\Windows\System\blOavPU.exe
  C:\Windows\System\blOavPU.exe
  2⤵
  PID:8904
- C:\Windows\System\jXzKRvA.exe
  C:\Windows\System\jXzKRvA.exe
  2⤵
  PID:8920
- C:\Windows\System\PiCnFFt.exe
  C:\Windows\System\PiCnFFt.exe
  2⤵
  PID:8936
- C:\Windows\System\SJIlwNT.exe
  C:\Windows\System\SJIlwNT.exe
  2⤵
  PID:8952
- C:\Windows\System\wsrKNHF.exe
  C:\Windows\System\wsrKNHF.exe
  2⤵
  PID:8968
- C:\Windows\System\YjVjMCA.exe
  C:\Windows\System\YjVjMCA.exe
  2⤵
  PID:8988
- C:\Windows\System\EOdGcxJ.exe
  C:\Windows\System\EOdGcxJ.exe
  2⤵
  PID:9004
- C:\Windows\System\ggqlULP.exe
  C:\Windows\System\ggqlULP.exe
  2⤵
  PID:9020
- C:\Windows\System\qKSdoIK.exe
  C:\Windows\System\qKSdoIK.exe
  2⤵
  PID:9036
- C:\Windows\System\JyylHDT.exe
  C:\Windows\System\JyylHDT.exe
  2⤵
  PID:9052
- C:\Windows\System\oMtkJUY.exe
  C:\Windows\System\oMtkJUY.exe
  2⤵
  PID:9068
- C:\Windows\System\YGRKrSH.exe
  C:\Windows\System\YGRKrSH.exe
  2⤵
  PID:9084
- C:\Windows\System\UINlUKt.exe
  C:\Windows\System\UINlUKt.exe
  2⤵
  PID:9100
- C:\Windows\System\VWKvdIs.exe
  C:\Windows\System\VWKvdIs.exe
  2⤵
  PID:9116
- C:\Windows\System\RQUzvAw.exe
  C:\Windows\System\RQUzvAw.exe
  2⤵
  PID:9132
- C:\Windows\System\yIOqXZr.exe
  C:\Windows\System\yIOqXZr.exe
  2⤵
  PID:9148
- C:\Windows\System\wtHmewP.exe
  C:\Windows\System\wtHmewP.exe
  2⤵
  PID:9164
- C:\Windows\System\LPoodvR.exe
  C:\Windows\System\LPoodvR.exe
  2⤵
  PID:9180
- C:\Windows\System\dzXPFJv.exe
  C:\Windows\System\dzXPFJv.exe
  2⤵
  PID:9196
- C:\Windows\System\Burqikx.exe
  C:\Windows\System\Burqikx.exe
  2⤵
  PID:9212
- C:\Windows\System\ZgKWBSH.exe
  C:\Windows\System\ZgKWBSH.exe
  2⤵
  PID:8076
- C:\Windows\System\TBwntME.exe
  C:\Windows\System\TBwntME.exe
  2⤵
  PID:7536
- C:\Windows\System\QfekBEO.exe
  C:\Windows\System\QfekBEO.exe
  2⤵
  PID:8232
- C:\Windows\System\RdeSDMz.exe
  C:\Windows\System\RdeSDMz.exe
  2⤵
  PID:8268
- C:\Windows\System\uloglJa.exe
  C:\Windows\System\uloglJa.exe
  2⤵
  PID:7808
- C:\Windows\System\lKeFyJl.exe
  C:\Windows\System\lKeFyJl.exe
  2⤵
  PID:6892
- C:\Windows\System\yflvGgo.exe
  C:\Windows\System\yflvGgo.exe
  2⤵
  PID:8144
- C:\Windows\System\NwYbQOk.exe
  C:\Windows\System\NwYbQOk.exe
  2⤵
  PID:7800
- C:\Windows\System\SjVyFIG.exe
  C:\Windows\System\SjVyFIG.exe
  2⤵
  PID:8252
- C:\Windows\System\LxZdEwe.exe
  C:\Windows\System\LxZdEwe.exe
  2⤵
  PID:8364
- C:\Windows\System\HvqkyjY.exe
  C:\Windows\System\HvqkyjY.exe
  2⤵
  PID:8464
- C:\Windows\System\RWyDcij.exe
  C:\Windows\System\RWyDcij.exe
  2⤵
  PID:8348
- C:\Windows\System\iWGeAwb.exe
  C:\Windows\System\iWGeAwb.exe
  2⤵
  PID:8412
- C:\Windows\System\ikrnLNj.exe
  C:\Windows\System\ikrnLNj.exe
  2⤵
  PID:8480
- C:\Windows\System\npZvoxX.exe
  C:\Windows\System\npZvoxX.exe
  2⤵
  PID:8512
- C:\Windows\System\jRrOyHh.exe
  C:\Windows\System\jRrOyHh.exe
  2⤵
  PID:8560
- C:\Windows\System\EcRsIwF.exe
  C:\Windows\System\EcRsIwF.exe
  2⤵
  PID:8540
- C:\Windows\System\UwUzufZ.exe
  C:\Windows\System\UwUzufZ.exe
  2⤵
  PID:8576
- C:\Windows\System\JocmAlq.exe
  C:\Windows\System\JocmAlq.exe
  2⤵
  PID:8624
- C:\Windows\System\TtmQSpc.exe
  C:\Windows\System\TtmQSpc.exe
  2⤵
  PID:8672
- C:\Windows\System\kWRsVnx.exe
  C:\Windows\System\kWRsVnx.exe
  2⤵
  PID:8704
- C:\Windows\System\qNJJWyo.exe
  C:\Windows\System\qNJJWyo.exe
  2⤵
  PID:8720
- C:\Windows\System\DjByUea.exe
  C:\Windows\System\DjByUea.exe
  2⤵
  PID:8736
- C:\Windows\System\jbNvpZv.exe
  C:\Windows\System\jbNvpZv.exe
  2⤵
  PID:8752
- C:\Windows\System\cplaCmL.exe
  C:\Windows\System\cplaCmL.exe
  2⤵
  PID:8764
- C:\Windows\System\svLrvzu.exe
  C:\Windows\System\svLrvzu.exe
  2⤵
  PID:8784
- C:\Windows\System\VZGGdTN.exe
  C:\Windows\System\VZGGdTN.exe
  2⤵
  PID:8800
- C:\Windows\System\LhuIRHc.exe
  C:\Windows\System\LhuIRHc.exe
  2⤵
  PID:8812
- C:\Windows\System\rDegpSD.exe
  C:\Windows\System\rDegpSD.exe
  2⤵
  PID:7516
- C:\Windows\System\liEiIiT.exe
  C:\Windows\System\liEiIiT.exe
  2⤵
  PID:8900
- C:\Windows\System\zKawMti.exe
  C:\Windows\System\zKawMti.exe
  2⤵
  PID:9044
- C:\Windows\System\djUcmKb.exe
  C:\Windows\System\djUcmKb.exe
  2⤵
  PID:8044
- C:\Windows\System\JHxwOgC.exe
  C:\Windows\System\JHxwOgC.exe
  2⤵
  PID:9048
- C:\Windows\System\ACmlaNB.exe
  C:\Windows\System\ACmlaNB.exe
  2⤵
  PID:9192
- C:\Windows\System\jOrotxM.exe
  C:\Windows\System\jOrotxM.exe
  2⤵
  PID:8200
- C:\Windows\System\vvMtpnq.exe
  C:\Windows\System\vvMtpnq.exe
  2⤵
  PID:8428
- C:\Windows\System\KRqloMQ.exe
  C:\Windows\System\KRqloMQ.exe
  2⤵
  PID:8640
- C:\Windows\System\mZmUXEC.exe
  C:\Windows\System\mZmUXEC.exe
  2⤵
  PID:8496
- C:\Windows\System\pQCyeWX.exe
  C:\Windows\System\pQCyeWX.exe
  2⤵
  PID:8556
- C:\Windows\System\IARRmVs.exe
  C:\Windows\System\IARRmVs.exe
  2⤵
  PID:8668
- C:\Windows\System\WKpkRNm.exe
  C:\Windows\System\WKpkRNm.exe
  2⤵
  PID:8732
- C:\Windows\System\qvosjYN.exe
  C:\Windows\System\qvosjYN.exe
  2⤵
  PID:8700
- C:\Windows\System\Alpwynt.exe
  C:\Windows\System\Alpwynt.exe
  2⤵
  PID:8828
- C:\Windows\System\qTBZXoz.exe
  C:\Windows\System\qTBZXoz.exe
  2⤵
  PID:8816
- C:\Windows\System\IzJOPnP.exe
  C:\Windows\System\IzJOPnP.exe
  2⤵
  PID:8880
- C:\Windows\System\gBYPMzA.exe
  C:\Windows\System\gBYPMzA.exe
  2⤵
  PID:8916
- C:\Windows\System\VHOzEGi.exe
  C:\Windows\System\VHOzEGi.exe
  2⤵
  PID:8868
- C:\Windows\System\mclXNGL.exe
  C:\Windows\System\mclXNGL.exe
  2⤵
  PID:8984
- C:\Windows\System\PGjwYRX.exe
  C:\Windows\System\PGjwYRX.exe
  2⤵
  PID:8960
- C:\Windows\System\UaKPrJa.exe
  C:\Windows\System\UaKPrJa.exe
  2⤵
  PID:7484
- C:\Windows\System\XFkzNYP.exe
  C:\Windows\System\XFkzNYP.exe
  2⤵
  PID:8264
- C:\Windows\System\KNpXKHf.exe
  C:\Windows\System\KNpXKHf.exe
  2⤵
  PID:8204
- C:\Windows\System\sdmNepB.exe
  C:\Windows\System\sdmNepB.exe
  2⤵
  PID:9160
- C:\Windows\System\EAvdNDK.exe
  C:\Windows\System\EAvdNDK.exe
  2⤵
  PID:7820
- C:\Windows\System\yvVSqLi.exe
  C:\Windows\System\yvVSqLi.exe
  2⤵
  PID:8316
- C:\Windows\System\zGSSWmS.exe
  C:\Windows\System\zGSSWmS.exe
  2⤵
  PID:8620
- C:\Windows\System\TUjURsd.exe
  C:\Windows\System\TUjURsd.exe
  2⤵
  PID:8336
- C:\Windows\System\fHZNQxL.exe
  C:\Windows\System\fHZNQxL.exe
  2⤵
  PID:8756
- C:\Windows\System\AtUjcRr.exe
  C:\Windows\System\AtUjcRr.exe
  2⤵
  PID:8748
- C:\Windows\System\fttQMMH.exe
  C:\Windows\System\fttQMMH.exe
  2⤵
  PID:8712
- C:\Windows\System\rMVYzAr.exe
  C:\Windows\System\rMVYzAr.exe
  2⤵
  PID:8980
- C:\Windows\System\WOnCYcp.exe
  C:\Windows\System\WOnCYcp.exe
  2⤵
  PID:9112
- C:\Windows\System\mSSwecT.exe
  C:\Windows\System\mSSwecT.exe
  2⤵
  PID:8896
- C:\Windows\System\tGVKzFk.exe
  C:\Windows\System\tGVKzFk.exe
  2⤵
  PID:8996
- C:\Windows\System\SrsKqGy.exe
  C:\Windows\System\SrsKqGy.exe
  2⤵
  PID:9144
- C:\Windows\System\HqGxDGB.exe
  C:\Windows\System\HqGxDGB.exe
  2⤵
  PID:9096
- C:\Windows\System\uIkvsKK.exe
  C:\Windows\System\uIkvsKK.exe
  2⤵
  PID:8000
- C:\Windows\System\DyseDwp.exe
  C:\Windows\System\DyseDwp.exe
  2⤵
  PID:8360
- C:\Windows\System\pTZuGBZ.exe
  C:\Windows\System\pTZuGBZ.exe
  2⤵
  PID:8380
- C:\Windows\System\CvZyBMp.exe
  C:\Windows\System\CvZyBMp.exe
  2⤵
  PID:8396
- C:\Windows\System\ZpZTOjB.exe
  C:\Windows\System\ZpZTOjB.exe
  2⤵
  PID:8476
- C:\Windows\System\cNNzloZ.exe
  C:\Windows\System\cNNzloZ.exe
  2⤵
  PID:8976
- C:\Windows\System\awBhWiS.exe
  C:\Windows\System\awBhWiS.exe
  2⤵
  PID:7532
- C:\Windows\System\bFOynhh.exe
  C:\Windows\System\bFOynhh.exe
  2⤵
  PID:9232
- C:\Windows\System\asSgRRy.exe
  C:\Windows\System\asSgRRy.exe
  2⤵
  PID:9248
- C:\Windows\System\shPbWUH.exe
  C:\Windows\System\shPbWUH.exe
  2⤵
  PID:9272
- C:\Windows\System\Ylrpfqx.exe
  C:\Windows\System\Ylrpfqx.exe
  2⤵
  PID:9296
- C:\Windows\System\PWuHAKA.exe
  C:\Windows\System\PWuHAKA.exe
  2⤵
  PID:9332
- C:\Windows\System\FHhTVEP.exe
  C:\Windows\System\FHhTVEP.exe
  2⤵
  PID:9364
- C:\Windows\System\WKoSMtJ.exe
  C:\Windows\System\WKoSMtJ.exe
  2⤵
  PID:9432
- C:\Windows\System\EDDnnxD.exe
  C:\Windows\System\EDDnnxD.exe
  2⤵
  PID:9460
- C:\Windows\System\HBkYSeg.exe
  C:\Windows\System\HBkYSeg.exe
  2⤵
  PID:9484
- C:\Windows\System\QbTGyNR.exe
  C:\Windows\System\QbTGyNR.exe
  2⤵
  PID:9504
- C:\Windows\System\eCdtBqC.exe
  C:\Windows\System\eCdtBqC.exe
  2⤵
  PID:9520
- C:\Windows\System\tYNZUgx.exe
  C:\Windows\System\tYNZUgx.exe
  2⤵
  PID:9544
- C:\Windows\System\LhVZjyz.exe
  C:\Windows\System\LhVZjyz.exe
  2⤵
  PID:9560
- C:\Windows\System\UtJWFlM.exe
  C:\Windows\System\UtJWFlM.exe
  2⤵
  PID:9576
- C:\Windows\System\UYYGFyo.exe
  C:\Windows\System\UYYGFyo.exe
  2⤵
  PID:9592
- C:\Windows\System\DJbHtAs.exe
  C:\Windows\System\DJbHtAs.exe
  2⤵
  PID:9608
- C:\Windows\System\fVzEYXw.exe
  C:\Windows\System\fVzEYXw.exe
  2⤵
  PID:9628
- C:\Windows\System\akNjRff.exe
  C:\Windows\System\akNjRff.exe
  2⤵
  PID:9644
- C:\Windows\System\uYnDxtT.exe
  C:\Windows\System\uYnDxtT.exe
  2⤵
  PID:9660
- C:\Windows\System\nGAaXUh.exe
  C:\Windows\System\nGAaXUh.exe
  2⤵
  PID:9676
- C:\Windows\System\gNUfkJM.exe
  C:\Windows\System\gNUfkJM.exe
  2⤵
  PID:9700
- C:\Windows\System\ttOgDps.exe
  C:\Windows\System\ttOgDps.exe
  2⤵
  PID:9716
- C:\Windows\System\JfRNyCr.exe
  C:\Windows\System\JfRNyCr.exe
  2⤵
  PID:9732
- C:\Windows\System\EUdYFXJ.exe
  C:\Windows\System\EUdYFXJ.exe
  2⤵
  PID:9748
- C:\Windows\System\IibAdnO.exe
  C:\Windows\System\IibAdnO.exe
  2⤵
  PID:9764
- C:\Windows\System\WbiNIAK.exe
  C:\Windows\System\WbiNIAK.exe
  2⤵
  PID:9784
- C:\Windows\System\BDrYRDt.exe
  C:\Windows\System\BDrYRDt.exe
  2⤵
  PID:9804
- C:\Windows\System\PqLcKQL.exe
  C:\Windows\System\PqLcKQL.exe
  2⤵
  PID:9820
- C:\Windows\System\dDUtEqt.exe
  C:\Windows\System\dDUtEqt.exe
  2⤵
  PID:9840
- C:\Windows\System\epWDOgo.exe
  C:\Windows\System\epWDOgo.exe
  2⤵
  PID:9860
- C:\Windows\System\oigNlvw.exe
  C:\Windows\System\oigNlvw.exe
  2⤵
  PID:9880
- C:\Windows\System\uTFizks.exe
  C:\Windows\System\uTFizks.exe
  2⤵
  PID:9896
- C:\Windows\System\ioGjssr.exe
  C:\Windows\System\ioGjssr.exe
  2⤵
  PID:9920
- C:\Windows\System\FgEolcy.exe
  C:\Windows\System\FgEolcy.exe
  2⤵
  PID:9944
- C:\Windows\System\XzRhwFP.exe
  C:\Windows\System\XzRhwFP.exe
  2⤵
  PID:9964
- C:\Windows\System\DQAokSw.exe
  C:\Windows\System\DQAokSw.exe
  2⤵
  PID:9980
- C:\Windows\System\OHnGapI.exe
  C:\Windows\System\OHnGapI.exe
  2⤵
  PID:9996
- C:\Windows\System\YTYWniJ.exe
  C:\Windows\System\YTYWniJ.exe
  2⤵
  PID:10012
- C:\Windows\System\Ugignbw.exe
  C:\Windows\System\Ugignbw.exe
  2⤵
  PID:10032
- C:\Windows\System\dHfUbUZ.exe
  C:\Windows\System\dHfUbUZ.exe
  2⤵
  PID:10104
- C:\Windows\System\OqeKvYd.exe
  C:\Windows\System\OqeKvYd.exe
  2⤵
  PID:10124
- C:\Windows\System\zHIRcVk.exe
  C:\Windows\System\zHIRcVk.exe
  2⤵
  PID:10160
- C:\Windows\System\tTBajxT.exe
  C:\Windows\System\tTBajxT.exe
  2⤵
  PID:10196
- C:\Windows\System\AHGcxqC.exe
  C:\Windows\System\AHGcxqC.exe
  2⤵
  PID:10216
- C:\Windows\System\Tbpdxho.exe
  C:\Windows\System\Tbpdxho.exe
  2⤵
  PID:10236
- C:\Windows\System\SpoHrKc.exe
  C:\Windows\System\SpoHrKc.exe
  2⤵
  PID:9224
- C:\Windows\System\RgeQggC.exe
  C:\Windows\System\RgeQggC.exe
  2⤵
  PID:988
- C:\Windows\System\KAuwFKs.exe
  C:\Windows\System\KAuwFKs.exe
  2⤵
  PID:9108
- C:\Windows\System\TtLlXHM.exe
  C:\Windows\System\TtLlXHM.exe
  2⤵
  PID:8864
- C:\Windows\System\bOVFYJl.exe
  C:\Windows\System\bOVFYJl.exe
  2⤵
  PID:7632
- C:\Windows\System\otUTrxp.exe
  C:\Windows\System\otUTrxp.exe
  2⤵
  PID:8848
- C:\Windows\System\HjVhDnn.exe
  C:\Windows\System\HjVhDnn.exe
  2⤵
  PID:9268
- C:\Windows\System\gljwNPg.exe
  C:\Windows\System\gljwNPg.exe
  2⤵
  PID:9284
- C:\Windows\System\dHYnXaI.exe
  C:\Windows\System\dHYnXaI.exe
  2⤵
  PID:9308
- C:\Windows\System\oFSBMBd.exe
  C:\Windows\System\oFSBMBd.exe
  2⤵
  PID:9324
- C:\Windows\System\LSfGoUs.exe
  C:\Windows\System\LSfGoUs.exe
  2⤵
  PID:9404
- C:\Windows\System\CVSqGkY.exe
  C:\Windows\System\CVSqGkY.exe
  2⤵
  PID:9424
- C:\Windows\System\pKnfMCJ.exe
  C:\Windows\System\pKnfMCJ.exe
  2⤵
  PID:9492
- C:\Windows\System\JjgDANG.exe
  C:\Windows\System\JjgDANG.exe
  2⤵
  PID:9584
- C:\Windows\System\RLFrYBJ.exe
  C:\Windows\System\RLFrYBJ.exe
  2⤵
  PID:9532
- C:\Windows\System\LravNoo.exe
  C:\Windows\System\LravNoo.exe
  2⤵
  PID:9600
- C:\Windows\System\VtdeeoL.exe
  C:\Windows\System\VtdeeoL.exe
  2⤵
  PID:9672
- C:\Windows\System\egNmqIw.exe
  C:\Windows\System\egNmqIw.exe
  2⤵
  PID:9744
- C:\Windows\System\HxxNVaM.exe
  C:\Windows\System\HxxNVaM.exe
  2⤵
  PID:9616
- C:\Windows\System\cLVFinC.exe
  C:\Windows\System\cLVFinC.exe
  2⤵
  PID:9848
- C:\Windows\System\NIEUTAm.exe
  C:\Windows\System\NIEUTAm.exe
  2⤵
  PID:9852
- C:\Windows\System\HvJruvK.exe
  C:\Windows\System\HvJruvK.exe
  2⤵
  PID:9928
- C:\Windows\System\sfnKOUw.exe
  C:\Windows\System\sfnKOUw.exe
  2⤵
  PID:10008
- C:\Windows\System\FUNcXZR.exe
  C:\Windows\System\FUNcXZR.exe
  2⤵
  PID:9684
- C:\Windows\System\mvdpSyU.exe
  C:\Windows\System\mvdpSyU.exe
  2⤵
  PID:9724
- C:\Windows\System\fFgkKaz.exe
  C:\Windows\System\fFgkKaz.exe
  2⤵
  PID:9800
- C:\Windows\System\VVHmcns.exe
  C:\Windows\System\VVHmcns.exe
  2⤵
  PID:9868
- C:\Windows\System\oYolixg.exe
  C:\Windows\System\oYolixg.exe
  2⤵
  PID:9908
- C:\Windows\System\AVkFyDM.exe
  C:\Windows\System\AVkFyDM.exe
  2⤵
  PID:9956
- C:\Windows\System\BUiiTIe.exe
  C:\Windows\System\BUiiTIe.exe
  2⤵
  PID:10028
- C:\Windows\System\UMoSPVL.exe
  C:\Windows\System\UMoSPVL.exe
  2⤵
  PID:10100
- C:\Windows\System\IFWZrTg.exe
  C:\Windows\System\IFWZrTg.exe
  2⤵
  PID:10084
- C:\Windows\System\jejgyAf.exe
  C:\Windows\System\jejgyAf.exe
  2⤵
  PID:10068
- C:\Windows\System\ruqLuST.exe
  C:\Windows\System\ruqLuST.exe
  2⤵
  PID:10048
- C:\Windows\System\StbuWLZ.exe
  C:\Windows\System\StbuWLZ.exe
  2⤵
  PID:9256
- C:\Windows\System\EkPIGOP.exe
  C:\Windows\System\EkPIGOP.exe
  2⤵
  PID:8776
- C:\Windows\System\ryJlYRg.exe
  C:\Windows\System\ryJlYRg.exe
  2⤵
  PID:8432
- C:\Windows\System\NCtynYt.exe
  C:\Windows\System\NCtynYt.exe
  2⤵
  PID:9280
- C:\Windows\System\cjGSqBJ.exe
  C:\Windows\System\cjGSqBJ.exe
  2⤵
  PID:8932
- C:\Windows\System\eTEjyJl.exe
  C:\Windows\System\eTEjyJl.exe
  2⤵
  PID:9304
- C:\Windows\System\RHmzKRY.exe
  C:\Windows\System\RHmzKRY.exe
  2⤵
  PID:9452
- C:\Windows\System\rIuFLec.exe
  C:\Windows\System\rIuFLec.exe
  2⤵
  PID:9384
- C:\Windows\System\npTgzHr.exe
  C:\Windows\System\npTgzHr.exe
  2⤵
  PID:9412
- C:\Windows\System\BnzqklF.exe
  C:\Windows\System\BnzqklF.exe
  2⤵
  PID:9456
- C:\Windows\System\EAFXOli.exe
  C:\Windows\System\EAFXOli.exe
  2⤵
  PID:9476
- C:\Windows\System\nMfHEtY.exe
  C:\Windows\System\nMfHEtY.exe
  2⤵
  PID:9568
- C:\Windows\System\rdXKoXk.exe
  C:\Windows\System\rdXKoXk.exe
  2⤵
  PID:9696
- C:\Windows\System\MxbDAhI.exe
  C:\Windows\System\MxbDAhI.exe
  2⤵
  PID:9940
- C:\Windows\System\uwdzmpv.exe
  C:\Windows\System\uwdzmpv.exe
  2⤵
  PID:9832
- C:\Windows\System\qaBDjal.exe
  C:\Windows\System\qaBDjal.exe
  2⤵
  PID:10024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ATByrvb.exe

Filesize
6.0MB

MD5
7461218e0e584fb2aa4261a42df671db

SHA1
53f388a39d2e571b6b8276bf474b2fe687238bf3

SHA256
447bce68c4f3e247e9f68d34365af2471eb73ff8e5a82a17b03800929952cf69

SHA512
264d39332372976f06f0c83e24db25c9caae9ba157cfded06296fa44091805dc5c54b1baab137b4d516530f6b366d18c4818c2f843bb8b9cb10f522dcc23714e

Download Submit
C:\Windows\system\EpuTVqL.exe

Filesize
6.0MB

MD5
870ef9d1cc0bff50da96f11111f2cf4e

SHA1
1242f3c936d1b3729336446ef6c328e3c6c759bd

SHA256
1d0339fb4637ce3839cf7991fadf285dd6647d4bff8e25cb885d241cbfdd1470

SHA512
7732f379a1398eff5213c904de92fd8c6a8700dd70bd258ddaf7f110e03fdd564ddab89407b2d0c5a1c6e1222ba4b6a663aff9327192120560ebf5b634328bc9

Download Submit
C:\Windows\system\FAGbNVg.exe

Filesize
6.0MB

MD5
f4a298c31cfd4e058b8aed2e40c8794f

SHA1
3dfd2b63c4913c66aa76d7ff9090a6a91cf23049

SHA256
732dea995b4889083b02096849c5f3185e19020782124c19adf1bf891f05a170

SHA512
343faf4567f448578723a37b55a992a09609cfa6df629dabd856047c51c87779d5db356e876dea7812fd7c13f96c0ab3ab0177d3a3aa8bfd9c75bda3e400e9ea

Download Submit
C:\Windows\system\GpgttqJ.exe

Filesize
6.0MB

MD5
5718dc2639c7303eb288467bec31a753

SHA1
06bd518bd26ada7b1728b8326613ee6d0a7588a2

SHA256
8a3de1be9bfd0883b8203132f022f7a9459805fc70ea4b0e005346e56290d53a

SHA512
b7468f967eb71fb510f8ffddd9c5074a771c56f9f8e5432aeb4e09d397a074e35ec39cb7a88ed76a41cae8a10a5d7ac4057ec0737e038842d150754df6ce5c45

Download Submit
C:\Windows\system\Gthmihq.exe

Filesize
6.0MB

MD5
c5221456453c1ac1d18d2525b3491336

SHA1
6703489da55189b3fcf2db9c27d1f4c59004958d

SHA256
7422879970ef7ab28dcc5b28f750697da006f99e4232baafb8f229e930bb7534

SHA512
9dde6f2d0e3824fa5106f1ed1f7578f61d840e4d013aa8c26e5c5b9dba147aa35f8639dabb6d3b25193298635b2a25fdf88d99d04478d936ef252b940663d0ca

Download Submit
C:\Windows\system\JLUJKGC.exe

Filesize
6.0MB

MD5
12354e6cdcfbf1d27660bd10937d1e70

SHA1
0725c98e470fec1bdedf543bb023c68064939d71

SHA256
0cae534856519cc825f4ccce373ad661a858f57a064ec8107b0066957361e2ca

SHA512
5ad9bb11b45c2e4c41a5fbe8212115e81aeeeca90f9ceb55746216ed9ee618fc4cf14ea92e61bc091dc6e1bbdb898150500ed6f5ce0b30b022d7ea0b1ae3d6fe

Download Submit
C:\Windows\system\JSNbZle.exe

Filesize
6.0MB

MD5
d5b4933595ae02f4d5062152abad73c0

SHA1
2290181e1b4f8c79634c9cfecb12dbd025f5be8a

SHA256
fa65beed4fbf1aa1f94468e36bddfd6597904934ed44df8b11239c72f7cb0780

SHA512
d6853c093b2be439d2d490a082f9dd2fd6f83d5e6962ff25b27b6ed684f6b15c1e67e5574febae854883e0c2d1fd7931b3b4c59d74d19569b0762bcc419009c1

Download Submit
C:\Windows\system\MkXCgTO.exe

Filesize
6.0MB

MD5
0fe2bf7e8449173758cf7a33b1478960

SHA1
16c7bc23299a59c7405d899d866e7559b78df631

SHA256
945a2d01f2e290614c85b765fb7b35d875dddb736d96e224be955dfe32580db8

SHA512
57764cec0127b7788195614f2f14471dec386765daf40bc604282a81741e49649f1ea33c36f6679edef7efcd933db7d6288f93c2445cb2ddbf45649339c31e09

Download Submit
C:\Windows\system\QmcShIK.exe

Filesize
6.0MB

MD5
28b9436bec64224dc01ab5d53928078b

SHA1
4b2761426b59f7b82d63ece50910a7eae0272c98

SHA256
3b0a7a28c4d20cf6e002eee34d0de9587f27c87f39f0ee0f27381699ab48442f

SHA512
f29e8c1de53636f7dc6c9bb9cabe6034a95a078cf539553d130306b5904f5465ee472daf6c14d5d59ebef48e704194f2d4ef21769729a9aeffb1e44c45e308bc

Download Submit
C:\Windows\system\WbLQbYm.exe

Filesize
6.0MB

MD5
be1a531560052cbfc361e5a8ef1fa187

SHA1
f1f2b263dcc138833595e358e8c654826b3f0b97

SHA256
7f0f8b1c5beaa4107356a22d01286442337e19634abfb112e122316151c877a0

SHA512
35adeb41646a8a7f38b8721000f248d76e84ff2d84dc2481bd07401f7e46e4187cbc05802f676edfe8f503147d5bcbf56e898a56df1b0c6bfdbcf8dbf9b5a6fd

Download Submit
C:\Windows\system\WpNFjhY.exe

Filesize
6.0MB

MD5
3ff507f51d4324da7b9d6bfd6af0dffc

SHA1
e7180581d20c14db42dec495620c03299824abd8

SHA256
3fd5c3b5b726683203ca8ac92c4240f880b002453d553e9edc3f43054397e6fb

SHA512
c8fd19ff4ac62a03e090cc5a5ab61cad7e2e7ba372d969bc1dadc1791ed98cc08b92936a154cc645e579df1c8c84f475f479324844f3a1740c31f44dbc8312a5

Download Submit
C:\Windows\system\XsWSaGa.exe

Filesize
6.0MB

MD5
6325dd274976ac9801b490a5b12e24e2

SHA1
e61b2514f8764f64197a2b02061674a2b55c6efd

SHA256
4bae6419ab882547258f198e582ccc24fa6d7f3076c5446e70db5cb7af29267f

SHA512
ee4f2f0d3610b0a45ad1cd94e8d3035c7bcaa4dc5af818c33fc9a8fb97310c2add29e20f310180f7c847e28b7beb0a408e94c0992b07d9f98b836d756f45b330

Download Submit
C:\Windows\system\YjQlVKN.exe

Filesize
6.0MB

MD5
a65a225253f321f7b8df61a38b13ec37

SHA1
43f77a47d186a391e51a187102c6df252fc1296a

SHA256
9788450320ed0edf3b8ce6a6e8f3cf30a7277b59593f8fb616e13271c55d0d36

SHA512
39dd1584a1d9fbe435e071810b69e5e9e8b5cf3fa3b68c188e82cbb16ac6980cd9ae826d6b5b0d0aaeafa9fb95e0434013819ae6bcc195891049774408c8ee03

Download Submit
C:\Windows\system\aVSqDWH.exe

Filesize
6.0MB

MD5
2eac1833a536fd4d57881c36e4eafc11

SHA1
7fd6f3296579dc951aa39d3b87467a07935bacc1

SHA256
4967873d690848a2eaf75efa3ab909b1bc8dbcc12dc950450937a8366e30f60b

SHA512
bee35f8dd162679716296e7255ec1c53652175e7c5da05e3f22cc7581e013aea60b8a4c535b133e7530eed89fa6da8f62937b01d4172d4249260660ec4dd4edd

Download Submit
C:\Windows\system\aYsjRkT.exe

Filesize
6.0MB

MD5
d9ac8cea8fe19ea0ce5937525b8e0fea

SHA1
b0f8c2e2cdc38b51fc98815d3035cfecf0706347

SHA256
0eeba6772274fe61632f13ca5c23ef164b404cd0569c6df3b6c5a15e1ac610d3

SHA512
eb6264605a50270d2ec5ef912b4271ff7ae8d3416f7fc08b7c6ce89545b62566a47c164767f17b0804cb02c60b8ee279cfa548bb698addb11b6240aecaf1b815

Download Submit
C:\Windows\system\bvRVPjF.exe

Filesize
6.0MB

MD5
bf17bedaf808934b304710916362041b

SHA1
acb7fbe6fa7dd1339f3389b907d54f4839997ea4

SHA256
44fe76c0a3db0a9b96a940da2f68a0095c27d7a0ac17dc3637c34ea922861500

SHA512
f5566f5417dabb887b42a831e921624ec5950f1dbe9b3cbe13f6ad2628682a6587f138a82a6ae261b68f389a33d23d2f5929bf3cab3fa2100e9e09a42275d0cd

Download Submit
C:\Windows\system\cnNqLfm.exe

Filesize
6.0MB

MD5
a11f81a658b34a47cc7054389f5c489a

SHA1
640fc779988778b6ea6cc30a5c2333a8c93bb45a

SHA256
179a03ed87b6cfd1ea002ab35cd8bf8e89130a12c3baa969b13c152712a66bb7

SHA512
7655d89ac3c78cbf87311561f7d36dc19725c58e510017f2ea69fd2e25f536eaa76a768af6c8446f6cabbae03417913f69e99a5bf0a74dec094e9e3559eb37f4

Download Submit
C:\Windows\system\cqsbsOH.exe

Filesize
6.0MB

MD5
8b306206b6c57e461bfec5c63f5ce64b

SHA1
22ecbb98c67a7e80883ad06fe1072cc68d28b4f3

SHA256
6529447f9b4980b8d281d8f64b1903dfa8301d0874fa8e73bf2864d0e6a9c3b6

SHA512
0e76359d853e8c16d683c07501f5eb0993cc43b1b80b1d8f5641e9444af21973b28485409a7d8862277e1cc33f104a19483aac76489831684e81ff5477c9f237

Download Submit
C:\Windows\system\dcxFtim.exe

Filesize
6.0MB

MD5
f770309eabc94fac63b7ea616d9f7fca

SHA1
dd525f6b07690dcd763aa7c9c13923137543c012

SHA256
1e60e1a826461d7e0834abdb1ec00a17eb5c8ea9909a776745278d665cd0f09d

SHA512
ea3cb15f5e1a9caa1e2bb40c1bed913e9424b15050e9113d14fc78045007c464fe44da4845c219c21de3f2548f2be386820b89f78613f4505e1b970afa0da367

Download Submit
C:\Windows\system\dmIKTOY.exe

Filesize
6.0MB

MD5
bd7e7c35e2573f5b73cf28e1062517f1

SHA1
c84f58ca566f24ad3a8afb20b4861a7bde2fc428

SHA256
2c84e038dc17e0d48b4bb8d44105be48c6f11d521e1cf4982ab6db3e1b77277f

SHA512
3c84968180dd62f09899b41ca36b3487fcd7e5ddb00c0b3e352a9938aadf0308ad2e3ede1d13deebf108a286816fd26e7aa94e6d06e8115d5977fc907853c690

Download Submit
C:\Windows\system\fXCeIFv.exe

Filesize
6.0MB

MD5
00870bae317c0a0d55f45f98a96d1dc9

SHA1
acec907700cfc89648d4d9c32f1898ad0c001113

SHA256
12d73b04172026b2d16f741efc21f053752abad2a8a50a503ca9a21fd7af4218

SHA512
e25d3d8a2bf2abe62cdb664617b31f8a42d140a456b7c21f150ffec98ca9710ab92ececd32f09dc4a9f543721c16780b36440caf473812b688ad55dee949df7a

Download Submit
C:\Windows\system\fxciXji.exe

Filesize
6.0MB

MD5
d9231fd6772725046d0298422259028f

SHA1
a143acee4a02a9cfb664ce71d857b9829a364706

SHA256
4b73af04febf0ebb179b4d4019b35f8b51497c53d714ed3b93daa74664e3637c

SHA512
90291da165f98ed740dd5be78d128543414a41c6cc97e65c2da913a51ac68e2a3cbf2e16aabfbf4106f1b17b3e7614d53da5a6b6a71f07859e654a1b268795e7

Download Submit
C:\Windows\system\hIZNLGC.exe

Filesize
6.0MB

MD5
25cb27454477b6777546c308578ff678

SHA1
222aedeacca64ebd20636cf23f5790cf4e6b57a3

SHA256
5ded661ee141950b39cf41ae4e7a67007757b65d551011b6e73c9ccc98177437

SHA512
5db02e4b80254e31d22dcaeaf84b8fc0d0a70d4ba0614a93a10ed70272577c0d84ae10e4b9724028b3facb9e3cf06610dba9c38c5232373aee98735ca287fce9

Download Submit
C:\Windows\system\iHiCdIo.exe

Filesize
6.0MB

MD5
2c235d883488d48826c7dc0663f50a69

SHA1
e4b436e6dead7b37e213f2656f5b4f9592f36e34

SHA256
79a129d92912d34dc13db1e537b013d9a4d86d425d0e02101a7bfb305b470716

SHA512
7f484334edc4008962843acdcc2fed5aa520037a7b21b5cdd742d7f32cdfc09ca0b817c01f764cbe7baa7d4ba11a54a148abae2bb0b2121cbc0c6c0177dbdffe

Download Submit
C:\Windows\system\klghgDY.exe

Filesize
6.0MB

MD5
c9140c3797e301f89c039b08561ecb44

SHA1
701e05648b158d5e7df9c6b7f91163755a2a683b

SHA256
eb7b68e12a1b3b48387d03b83cb9b1c1caa1459f299b43690ad707ba2a623702

SHA512
561437958dff4c0ebd4bb880660a3531cf3fc07c185c74e55c90fc1eec3e3a9314c388319d72f4cb024e86fa18dd8c082dd5eba23a1e097a537bc12d3848a227

Download Submit
C:\Windows\system\lqHkfIr.exe

Filesize
6.0MB

MD5
7a9a3706ccaae3529bd4ec89eb0aa3c5

SHA1
b96bd1ab0eec11722c6eeb9284a2bfbee8524161

SHA256
877b21588b8e0f6cd08baa5a5fac4462098837f078577989cae2f3ac8356eef7

SHA512
9d08c1fc183737b97f7d133eb61c4bcc5e5e6ac23486bba6a791123bf8255189460478897865505f5d324949e2eceaca3e3a1cf665c4877a1a5d5072d17f5a46

Download Submit
C:\Windows\system\rPypreC.exe

Filesize
6.0MB

MD5
ae09e1390c7e134433db63b6cbb23f05

SHA1
c7fc896be3b11e763d3d2ba08b84d7703d9b33a7

SHA256
7a7e37f9244cf193dea00271898f7652ec8a5e5589d3bae95e79960011b615d1

SHA512
39abed7389a8466fb4b021ee0dced551274522137867cd0610af022f0ad06cf5d4eeb8b6234811ed946dc55d4104a88b42146ccd7f11c4d068653fc468d96979

Download Submit
C:\Windows\system\tLaEczN.exe

Filesize
6.0MB

MD5
92a4bf11950eefd0b0721567477eb6aa

SHA1
7f8ddd9e2ff0413a477a489713057d0f0c18a8da

SHA256
738ae936b71da0e8f5f666c16a6fac50e9d8e3a56ec1c2997c3268eefff54c69

SHA512
49291cdfd1777adee8964e9943e8d25fa92a1a29b3514bc1f33961dd33f72699f06fa1e63973e16945ca98094e1a5da5efe168bdfdf63c06e3006e5d78ffa489

Download Submit
C:\Windows\system\vLGPaTp.exe

Filesize
6.0MB

MD5
768ba6b37eb34266fa69503737597dcb

SHA1
24f7a5a6766a9cf89cebd66ec6b0feebf4e16d00

SHA256
4e5c2351f3765fe9276a113945189a64da095c89468bacdaf86c08b09033b4b7

SHA512
4b7896ba8b4db8c768299a6fd65c7dae4ddd2d665e47356baacb2fb14a57779e6848b596bf46364970f65245cb36d4498819cc56cd1a8588c99de4bcb85414cc

Download Submit
C:\Windows\system\zCmvPGW.exe

Filesize
6.0MB

MD5
6eeff35afc1595e24283892e69b08f7f

SHA1
2ae8559e5a3a9568c312c0d7b85c1d208d275131

SHA256
b623bcefd24a19936ca0795e292e3948214bf67599cecbd965700e70042ffce6

SHA512
6e86d68e308aa6ac21ff8231331c922f5900b0b800b058956ac6edf8d29cb7d46fbd973be1d95c5c50b43edc66f2e6fdb1b69ce78fb2b531d80e7b04780a20fa

Download Submit
\Windows\system\MCWOXAA.exe

Filesize
6.0MB

MD5
8ca94da4c01304baca98bbb6887542f5

SHA1
3bed44b1b671ea9319c1f089b9991333e7f127fa

SHA256
9df5926414b84c99a5b7af6e2b622fa11604e2cba6e152525a78975513aef223

SHA512
6ecfc9934fc2c6da416b62983277f40b615e69f08afc00e154270c74a8268af0e941aa8c62fd43f9d8dceaf444e4558e9be7948acafee86f6c1f750352ec95c5

Download Submit
\Windows\system\ZPZeGFY.exe

Filesize
6.0MB

MD5
d09d9c1a2b9d091b09b74f3a74e734c6

SHA1
7491459aad6e5ca5a9e0638c426c93ce23ea404b

SHA256
4d896c8eb5923dc4bfd7433fd5cb0b354fcbd5d10e94543760df58da78804e12

SHA512
a33b33e580e4f425649767bd34e5c70c86062d8851a88bd75397b73d8e8f8dc1355aabbdc7cfd1d842de760f0398f186802315562f433b35e947d4da0a96380d

Download Submit
memory/236-68-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/236-3969-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2128-83-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-3971-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-28-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2192-3972-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2192-52-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2384-89-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2384-608-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2440-230-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-101-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2440-1316-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2440-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2440-1066-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2440-8-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2440-815-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2440-81-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-481-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2440-84-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2440-76-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-19-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2440-67-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2440-33-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2440-0-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-59-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2440-108-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2440-27-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2440-38-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-48-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-3922-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-49-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-60-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3973-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2688-51-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3920-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2688-21-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2732-12-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2732-3921-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2764-14-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3908-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-50-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-3974-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2784-102-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2784-1067-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2816-39-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-3900-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-69-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-3970-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-817-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-95-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-34-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-61-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-3923-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-3975-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/3060-88-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download