cobaltstrike | 3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
29-12-2024 23:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
Size

6.0MB
MD5

d539a707b1d4984115be09ba67cb8433
SHA1

d3c4dcea0f1d870cde3559588e305fd113361b3a
SHA256

3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b
SHA512

913b6c8617388442c156e1890838ecab302c1dd08bb7965d4dd3dcf6544079fe3537038ccbbc8c17e769f6b47154be86cddd7753fb32866b71724078f389aee4
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lU3:eOl56utgpPF8u/73

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001202c-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015e8f-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015ef6-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015f4f-21.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d33-25.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015fdb-28.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016239-33.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016307-37.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016485-46.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016621-52.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925b-73.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925d-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-92.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019481-118.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d0-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019581-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001955c-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019551-152.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e6-148.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e4-144.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001949d-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c6-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019429-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019490-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946b-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941b-108.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939c-104.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-101.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938a-96.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932a-88.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001930d-84.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1656-0-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/files/0x000a00000001202c-6.dat	xmrig
behavioral1/files/0x0008000000015e8f-11.dat	xmrig
behavioral1/files/0x0008000000015ef6-12.dat	xmrig
behavioral1/files/0x0008000000015f4f-21.dat	xmrig
behavioral1/files/0x0008000000015d33-25.dat	xmrig
behavioral1/files/0x0008000000015fdb-28.dat	xmrig
behavioral1/files/0x0007000000016239-33.dat	xmrig
behavioral1/files/0x0007000000016307-37.dat	xmrig
behavioral1/files/0x0007000000016485-46.dat	xmrig
behavioral1/memory/2452-45-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/1592-44-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016621-52.dat	xmrig
behavioral1/memory/804-60-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2960-66-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x000500000001925b-73.dat	xmrig
behavioral1/memory/1984-70-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/1656-69-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/memory/2528-68-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2340-67-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/1996-64-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/1656-63-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2440-62-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/1656-61-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/1656-59-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/memory/2236-57-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x000500000001925d-80.dat	xmrig
behavioral1/files/0x0005000000019377-92.dat	xmrig
behavioral1/files/0x0005000000019481-118.dat	xmrig
behavioral1/files/0x00050000000194d0-136.dat	xmrig
behavioral1/memory/2532-438-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2600-440-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/1656-1353-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/1008-436-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/376-435-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/files/0x0005000000019581-160.dat	xmrig
behavioral1/files/0x000500000001955c-159.dat	xmrig
behavioral1/files/0x0005000000019551-152.dat	xmrig
behavioral1/files/0x00050000000194e6-148.dat	xmrig
behavioral1/files/0x00050000000194e4-144.dat	xmrig
behavioral1/files/0x00050000000194da-140.dat	xmrig
behavioral1/files/0x000500000001949d-125.dat	xmrig
behavioral1/files/0x00050000000194c6-131.dat	xmrig
behavioral1/files/0x0005000000019429-112.dat	xmrig
behavioral1/files/0x0005000000019490-123.dat	xmrig
behavioral1/files/0x000500000001946b-116.dat	xmrig
behavioral1/files/0x000500000001941b-108.dat	xmrig
behavioral1/files/0x000500000001939c-104.dat	xmrig
behavioral1/files/0x000500000001938e-101.dat	xmrig
behavioral1/files/0x000500000001938a-96.dat	xmrig
behavioral1/files/0x000500000001932a-88.dat	xmrig
behavioral1/files/0x000500000001930d-84.dat	xmrig
behavioral1/memory/376-2194-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2452-3196-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/1592-3224-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2440-3444-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2236-3426-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2960-3403-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/1996-3402-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/804-3474-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/1984-3473-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2528-3488-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2340-3485-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/1008-3853-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1592	xtRcknO.exe
2452	tZMEwoj.exe
1984	jPVAbve.exe
2236	wcfCGTn.exe
804	IpODMRn.exe
2440	ctJgZOc.exe
1996	GdbPNgR.exe
2960	lxtfskH.exe
2340	xNlPxQS.exe
2528	kaRtMIz.exe
376	IrWuQyL.exe
1008	cgWWvXG.exe
2532	fOISAvs.exe
2600	WPSfBxB.exe
2128	goRHUDD.exe
2040	zOcKEwR.exe
1648	HaptPng.exe
2700	BuynRlT.exe
2856	ucefEXB.exe
1652	NZQFmhY.exe
2420	BjOiLrp.exe
1724	HMWSmLD.exe
2180	azkEcEc.exe
536	HhzzFfy.exe
2756	MmzJBrF.exe
2256	YLlSafT.exe
824	nfOMwtE.exe
1168	vsArSUS.exe
2900	oYKxwgS.exe
2888	puivWiZ.exe
2876	zEpBrTX.exe
2064	iONYVXO.exe
332	EQpwcAo.exe
580	aIBCeqW.exe
1956	heQVVuk.exe
3060	gFDeBMd.exe
2080	CVgCICv.exe
2916	DkSdQKk.exe
276	wKeCtEe.exe
1616	jaCpaDY.exe
448	vWVrchE.exe
1160	MyGraDk.exe
2100	KcMQDUX.exe
1092	JlNAaLc.exe
328	aLyQhGO.exe
1552	OvRoBlq.exe
1296	jbBhhQa.exe
936	THBWpIa.exe
3056	LeLNomL.exe
1748	HsYBijI.exe
1264	NSfOSPN.exe
2200	sQdIWCM.exe
1752	Jpvlraf.exe
896	nyzKhzV.exe
1532	VOwOWZk.exe
2992	alJYadc.exe
1016	olpupBG.exe
1936	BwMbDoS.exe
2320	nxSdPSZ.exe
2400	oVVBvBO.exe
2892	DLVHYPR.exe
2008	abwpVUt.exe
2288	ogSEQrs.exe
2368	ctEoahF.exe

Loads dropped DLL 64 IoCs

pid	Process
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1656-0-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/files/0x000a00000001202c-6.dat	upx
behavioral1/files/0x0008000000015e8f-11.dat	upx
behavioral1/files/0x0008000000015ef6-12.dat	upx
behavioral1/files/0x0008000000015f4f-21.dat	upx
behavioral1/files/0x0008000000015d33-25.dat	upx
behavioral1/files/0x0008000000015fdb-28.dat	upx
behavioral1/files/0x0007000000016239-33.dat	upx
behavioral1/files/0x0007000000016307-37.dat	upx
behavioral1/files/0x0007000000016485-46.dat	upx
behavioral1/memory/2452-45-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/1592-44-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/files/0x0008000000016621-52.dat	upx
behavioral1/memory/804-60-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2960-66-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x000500000001925b-73.dat	upx
behavioral1/memory/1984-70-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2528-68-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2340-67-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/1996-64-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2440-62-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2236-57-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x000500000001925d-80.dat	upx
behavioral1/files/0x0005000000019377-92.dat	upx
behavioral1/files/0x0005000000019481-118.dat	upx
behavioral1/files/0x00050000000194d0-136.dat	upx
behavioral1/memory/2532-438-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2600-440-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/1656-1353-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/1008-436-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/376-435-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/files/0x0005000000019581-160.dat	upx
behavioral1/files/0x000500000001955c-159.dat	upx
behavioral1/files/0x0005000000019551-152.dat	upx
behavioral1/files/0x00050000000194e6-148.dat	upx
behavioral1/files/0x00050000000194e4-144.dat	upx
behavioral1/files/0x00050000000194da-140.dat	upx
behavioral1/files/0x000500000001949d-125.dat	upx
behavioral1/files/0x00050000000194c6-131.dat	upx
behavioral1/files/0x0005000000019429-112.dat	upx
behavioral1/files/0x0005000000019490-123.dat	upx
behavioral1/files/0x000500000001946b-116.dat	upx
behavioral1/files/0x000500000001941b-108.dat	upx
behavioral1/files/0x000500000001939c-104.dat	upx
behavioral1/files/0x000500000001938e-101.dat	upx
behavioral1/files/0x000500000001938a-96.dat	upx
behavioral1/files/0x000500000001932a-88.dat	upx
behavioral1/files/0x000500000001930d-84.dat	upx
behavioral1/memory/376-2194-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2452-3196-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/1592-3224-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2440-3444-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2236-3426-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2960-3403-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/1996-3402-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/804-3474-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/1984-3473-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2528-3488-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2340-3485-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/1008-3853-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/376-3974-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2600-3850-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2532-3975-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\LFQJIwU.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\qLBChzO.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\gUnRjcj.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\pWcffRz.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\LsVLraE.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\TkUOjgC.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\lBAWfKo.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\vmPlkXk.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\jRLgBeI.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\BxDHqTF.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\GdbPNgR.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\VrOsxfK.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\HazyibV.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\ZWJOSAT.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\cihrDXA.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\fxYCqRC.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\LScJjmO.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\OFWDUrh.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\jtoGtav.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\LEHBxfP.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\wsZKKam.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\SrQocdd.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\CHtfrGX.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\hlufnYp.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\XnCIrZG.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\aEKLiTg.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\AJHdWXn.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\ssDuuBy.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\EmBAWoi.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\JmqXeFl.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\jhsTDCb.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\XMoBEMM.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\RBortWl.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\zCEhCuF.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\oZuDgkn.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\JNabydr.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\IiDXWiy.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\hzJKcQZ.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\ekZOuxP.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\wPBdxIH.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\GvEnpxB.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\JaalqPW.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\XGukOkH.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\RMMLIex.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\sPAxsLb.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\mFmwFeh.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\VDtlPkn.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\JFWCQft.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\AQuAzPm.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\fvAAVox.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\rJDvXfb.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\zvKNNoE.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\gVQpFCp.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\jMMoWVx.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\yGhpUXX.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\iMTydgm.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\EQqmyee.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\vSJpoFq.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\hNaYNcQ.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\mIKNDWg.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\iVhvoeo.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\TdzglgN.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\FYqQfrC.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
File created	C:\Windows\System\lCfsleh.exe	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 1592	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	29
PID 1656 wrote to memory of 1592	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	29
PID 1656 wrote to memory of 1592	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	29
PID 1656 wrote to memory of 2452	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	30
PID 1656 wrote to memory of 2452	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	30
PID 1656 wrote to memory of 2452	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	30
PID 1656 wrote to memory of 1984	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	31
PID 1656 wrote to memory of 1984	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	31
PID 1656 wrote to memory of 1984	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	31
PID 1656 wrote to memory of 2236	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	32
PID 1656 wrote to memory of 2236	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	32
PID 1656 wrote to memory of 2236	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	32
PID 1656 wrote to memory of 804	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	33
PID 1656 wrote to memory of 804	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	33
PID 1656 wrote to memory of 804	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	33
PID 1656 wrote to memory of 2440	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	34
PID 1656 wrote to memory of 2440	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	34
PID 1656 wrote to memory of 2440	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	34
PID 1656 wrote to memory of 1996	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	35
PID 1656 wrote to memory of 1996	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	35
PID 1656 wrote to memory of 1996	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	35
PID 1656 wrote to memory of 2960	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	36
PID 1656 wrote to memory of 2960	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	36
PID 1656 wrote to memory of 2960	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	36
PID 1656 wrote to memory of 2340	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	37
PID 1656 wrote to memory of 2340	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	37
PID 1656 wrote to memory of 2340	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	37
PID 1656 wrote to memory of 2528	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	38
PID 1656 wrote to memory of 2528	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	38
PID 1656 wrote to memory of 2528	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	38
PID 1656 wrote to memory of 376	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	39
PID 1656 wrote to memory of 376	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	39
PID 1656 wrote to memory of 376	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	39
PID 1656 wrote to memory of 1008	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	40
PID 1656 wrote to memory of 1008	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	40
PID 1656 wrote to memory of 1008	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	40
PID 1656 wrote to memory of 2532	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	41
PID 1656 wrote to memory of 2532	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	41
PID 1656 wrote to memory of 2532	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	41
PID 1656 wrote to memory of 2600	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	42
PID 1656 wrote to memory of 2600	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	42
PID 1656 wrote to memory of 2600	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	42
PID 1656 wrote to memory of 2128	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	43
PID 1656 wrote to memory of 2128	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	43
PID 1656 wrote to memory of 2128	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	43
PID 1656 wrote to memory of 2040	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	44
PID 1656 wrote to memory of 2040	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	44
PID 1656 wrote to memory of 2040	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	44
PID 1656 wrote to memory of 1648	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	45
PID 1656 wrote to memory of 1648	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	45
PID 1656 wrote to memory of 1648	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	45
PID 1656 wrote to memory of 2700	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	46
PID 1656 wrote to memory of 2700	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	46
PID 1656 wrote to memory of 2700	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	46
PID 1656 wrote to memory of 2856	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	47
PID 1656 wrote to memory of 2856	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	47
PID 1656 wrote to memory of 2856	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	47
PID 1656 wrote to memory of 1652	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	48
PID 1656 wrote to memory of 1652	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	48
PID 1656 wrote to memory of 1652	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	48
PID 1656 wrote to memory of 2420	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	49
PID 1656 wrote to memory of 2420	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	49
PID 1656 wrote to memory of 2420	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	49
PID 1656 wrote to memory of 2180	1656	JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe	50

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3f04b634a13b7c7fe35bf805a75bb41751998822454db78a1382f88cf95f560b.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Windows\System\xtRcknO.exe
  C:\Windows\System\xtRcknO.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\tZMEwoj.exe
  C:\Windows\System\tZMEwoj.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\jPVAbve.exe
  C:\Windows\System\jPVAbve.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\wcfCGTn.exe
  C:\Windows\System\wcfCGTn.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\IpODMRn.exe
  C:\Windows\System\IpODMRn.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\ctJgZOc.exe
  C:\Windows\System\ctJgZOc.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\GdbPNgR.exe
  C:\Windows\System\GdbPNgR.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\lxtfskH.exe
  C:\Windows\System\lxtfskH.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\xNlPxQS.exe
  C:\Windows\System\xNlPxQS.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\kaRtMIz.exe
  C:\Windows\System\kaRtMIz.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\IrWuQyL.exe
  C:\Windows\System\IrWuQyL.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\cgWWvXG.exe
  C:\Windows\System\cgWWvXG.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\fOISAvs.exe
  C:\Windows\System\fOISAvs.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\WPSfBxB.exe
  C:\Windows\System\WPSfBxB.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\goRHUDD.exe
  C:\Windows\System\goRHUDD.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\zOcKEwR.exe
  C:\Windows\System\zOcKEwR.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\HaptPng.exe
  C:\Windows\System\HaptPng.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\BuynRlT.exe
  C:\Windows\System\BuynRlT.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\ucefEXB.exe
  C:\Windows\System\ucefEXB.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\NZQFmhY.exe
  C:\Windows\System\NZQFmhY.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\BjOiLrp.exe
  C:\Windows\System\BjOiLrp.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\azkEcEc.exe
  C:\Windows\System\azkEcEc.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\HMWSmLD.exe
  C:\Windows\System\HMWSmLD.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\MmzJBrF.exe
  C:\Windows\System\MmzJBrF.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\HhzzFfy.exe
  C:\Windows\System\HhzzFfy.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\YLlSafT.exe
  C:\Windows\System\YLlSafT.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\nfOMwtE.exe
  C:\Windows\System\nfOMwtE.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\vsArSUS.exe
  C:\Windows\System\vsArSUS.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\oYKxwgS.exe
  C:\Windows\System\oYKxwgS.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\puivWiZ.exe
  C:\Windows\System\puivWiZ.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\zEpBrTX.exe
  C:\Windows\System\zEpBrTX.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\iONYVXO.exe
  C:\Windows\System\iONYVXO.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\EQpwcAo.exe
  C:\Windows\System\EQpwcAo.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\aIBCeqW.exe
  C:\Windows\System\aIBCeqW.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\heQVVuk.exe
  C:\Windows\System\heQVVuk.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\gFDeBMd.exe
  C:\Windows\System\gFDeBMd.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\CVgCICv.exe
  C:\Windows\System\CVgCICv.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\DkSdQKk.exe
  C:\Windows\System\DkSdQKk.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\wKeCtEe.exe
  C:\Windows\System\wKeCtEe.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\jaCpaDY.exe
  C:\Windows\System\jaCpaDY.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\vWVrchE.exe
  C:\Windows\System\vWVrchE.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\MyGraDk.exe
  C:\Windows\System\MyGraDk.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\KcMQDUX.exe
  C:\Windows\System\KcMQDUX.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\JlNAaLc.exe
  C:\Windows\System\JlNAaLc.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\aLyQhGO.exe
  C:\Windows\System\aLyQhGO.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\OvRoBlq.exe
  C:\Windows\System\OvRoBlq.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\jbBhhQa.exe
  C:\Windows\System\jbBhhQa.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\THBWpIa.exe
  C:\Windows\System\THBWpIa.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\LeLNomL.exe
  C:\Windows\System\LeLNomL.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\HsYBijI.exe
  C:\Windows\System\HsYBijI.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\NSfOSPN.exe
  C:\Windows\System\NSfOSPN.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\sQdIWCM.exe
  C:\Windows\System\sQdIWCM.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\Jpvlraf.exe
  C:\Windows\System\Jpvlraf.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\nyzKhzV.exe
  C:\Windows\System\nyzKhzV.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\VOwOWZk.exe
  C:\Windows\System\VOwOWZk.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\alJYadc.exe
  C:\Windows\System\alJYadc.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\olpupBG.exe
  C:\Windows\System\olpupBG.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\BwMbDoS.exe
  C:\Windows\System\BwMbDoS.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\nxSdPSZ.exe
  C:\Windows\System\nxSdPSZ.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\oVVBvBO.exe
  C:\Windows\System\oVVBvBO.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\DLVHYPR.exe
  C:\Windows\System\DLVHYPR.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\abwpVUt.exe
  C:\Windows\System\abwpVUt.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\ogSEQrs.exe
  C:\Windows\System\ogSEQrs.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\ctEoahF.exe
  C:\Windows\System\ctEoahF.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\Eucivzt.exe
  C:\Windows\System\Eucivzt.exe
  2⤵
  PID:2392
- C:\Windows\System\SyStqcA.exe
  C:\Windows\System\SyStqcA.exe
  2⤵
  PID:1436
- C:\Windows\System\RGCMdBW.exe
  C:\Windows\System\RGCMdBW.exe
  2⤵
  PID:2376
- C:\Windows\System\KdJeSTj.exe
  C:\Windows\System\KdJeSTj.exe
  2⤵
  PID:2364
- C:\Windows\System\RZEOIet.exe
  C:\Windows\System\RZEOIet.exe
  2⤵
  PID:1500
- C:\Windows\System\AJvWisD.exe
  C:\Windows\System\AJvWisD.exe
  2⤵
  PID:1012
- C:\Windows\System\yoCTjUN.exe
  C:\Windows\System\yoCTjUN.exe
  2⤵
  PID:2024
- C:\Windows\System\RCoTlIc.exe
  C:\Windows\System\RCoTlIc.exe
  2⤵
  PID:2428
- C:\Windows\System\waFUKEH.exe
  C:\Windows\System\waFUKEH.exe
  2⤵
  PID:2216
- C:\Windows\System\nwIvnLC.exe
  C:\Windows\System\nwIvnLC.exe
  2⤵
  PID:1000
- C:\Windows\System\yWSzEaN.exe
  C:\Windows\System\yWSzEaN.exe
  2⤵
  PID:1920
- C:\Windows\System\EcfQmUd.exe
  C:\Windows\System\EcfQmUd.exe
  2⤵
  PID:2676
- C:\Windows\System\QWcExdU.exe
  C:\Windows\System\QWcExdU.exe
  2⤵
  PID:1952
- C:\Windows\System\JSktMvX.exe
  C:\Windows\System\JSktMvX.exe
  2⤵
  PID:2656
- C:\Windows\System\aMLYGBL.exe
  C:\Windows\System\aMLYGBL.exe
  2⤵
  PID:2776
- C:\Windows\System\lKTVmQP.exe
  C:\Windows\System\lKTVmQP.exe
  2⤵
  PID:2176
- C:\Windows\System\oUtfFhI.exe
  C:\Windows\System\oUtfFhI.exe
  2⤵
  PID:2184
- C:\Windows\System\hScrrOi.exe
  C:\Windows\System\hScrrOi.exe
  2⤵
  PID:1776
- C:\Windows\System\tgygEcA.exe
  C:\Windows\System\tgygEcA.exe
  2⤵
  PID:1880
- C:\Windows\System\AoIwDim.exe
  C:\Windows\System\AoIwDim.exe
  2⤵
  PID:840
- C:\Windows\System\ZNkuifm.exe
  C:\Windows\System\ZNkuifm.exe
  2⤵
  PID:1608
- C:\Windows\System\pLeGRJT.exe
  C:\Windows\System\pLeGRJT.exe
  2⤵
  PID:2416
- C:\Windows\System\awNXQtl.exe
  C:\Windows\System\awNXQtl.exe
  2⤵
  PID:1456
- C:\Windows\System\XGukOkH.exe
  C:\Windows\System\XGukOkH.exe
  2⤵
  PID:1896
- C:\Windows\System\xHMsmnU.exe
  C:\Windows\System\xHMsmnU.exe
  2⤵
  PID:1256
- C:\Windows\System\bdNsynE.exe
  C:\Windows\System\bdNsynE.exe
  2⤵
  PID:1692
- C:\Windows\System\tOnVJDU.exe
  C:\Windows\System\tOnVJDU.exe
  2⤵
  PID:3048
- C:\Windows\System\XiRySlG.exe
  C:\Windows\System\XiRySlG.exe
  2⤵
  PID:3032
- C:\Windows\System\biKOJXO.exe
  C:\Windows\System\biKOJXO.exe
  2⤵
  PID:2124
- C:\Windows\System\zOQiZwl.exe
  C:\Windows\System\zOQiZwl.exe
  2⤵
  PID:1848
- C:\Windows\System\PYuSYoT.exe
  C:\Windows\System\PYuSYoT.exe
  2⤵
  PID:864
- C:\Windows\System\GLXMUjo.exe
  C:\Windows\System\GLXMUjo.exe
  2⤵
  PID:2308
- C:\Windows\System\mrGhjXa.exe
  C:\Windows\System\mrGhjXa.exe
  2⤵
  PID:1928
- C:\Windows\System\rZqGaCX.exe
  C:\Windows\System\rZqGaCX.exe
  2⤵
  PID:1700
- C:\Windows\System\rQwlEcM.exe
  C:\Windows\System\rQwlEcM.exe
  2⤵
  PID:2612
- C:\Windows\System\eRjRNQs.exe
  C:\Windows\System\eRjRNQs.exe
  2⤵
  PID:1468
- C:\Windows\System\pmDunse.exe
  C:\Windows\System\pmDunse.exe
  2⤵
  PID:1720
- C:\Windows\System\GiuBqXZ.exe
  C:\Windows\System\GiuBqXZ.exe
  2⤵
  PID:1904
- C:\Windows\System\ssUXVcv.exe
  C:\Windows\System\ssUXVcv.exe
  2⤵
  PID:1424
- C:\Windows\System\fGDNIzS.exe
  C:\Windows\System\fGDNIzS.exe
  2⤵
  PID:2292
- C:\Windows\System\LztsECq.exe
  C:\Windows\System\LztsECq.exe
  2⤵
  PID:1876
- C:\Windows\System\tZOOgrd.exe
  C:\Windows\System\tZOOgrd.exe
  2⤵
  PID:1868
- C:\Windows\System\KdNaHqr.exe
  C:\Windows\System\KdNaHqr.exe
  2⤵
  PID:1548
- C:\Windows\System\PhirshI.exe
  C:\Windows\System\PhirshI.exe
  2⤵
  PID:1464
- C:\Windows\System\PSEKsXJ.exe
  C:\Windows\System\PSEKsXJ.exe
  2⤵
  PID:2272
- C:\Windows\System\OhevvQl.exe
  C:\Windows\System\OhevvQl.exe
  2⤵
  PID:1972
- C:\Windows\System\ESVEHJt.exe
  C:\Windows\System\ESVEHJt.exe
  2⤵
  PID:1892
- C:\Windows\System\uvhHWGG.exe
  C:\Windows\System\uvhHWGG.exe
  2⤵
  PID:2496
- C:\Windows\System\gWELzIy.exe
  C:\Windows\System\gWELzIy.exe
  2⤵
  PID:2000
- C:\Windows\System\HbaYFke.exe
  C:\Windows\System\HbaYFke.exe
  2⤵
  PID:2616
- C:\Windows\System\AJqqbQk.exe
  C:\Windows\System\AJqqbQk.exe
  2⤵
  PID:1900
- C:\Windows\System\zVzmvyt.exe
  C:\Windows\System\zVzmvyt.exe
  2⤵
  PID:2516
- C:\Windows\System\LnZnRxW.exe
  C:\Windows\System\LnZnRxW.exe
  2⤵
  PID:2044
- C:\Windows\System\xwfCqqn.exe
  C:\Windows\System\xwfCqqn.exe
  2⤵
  PID:2864
- C:\Windows\System\lyPouhX.exe
  C:\Windows\System\lyPouhX.exe
  2⤵
  PID:2624
- C:\Windows\System\JEOCway.exe
  C:\Windows\System\JEOCway.exe
  2⤵
  PID:1664
- C:\Windows\System\fHmlxqp.exe
  C:\Windows\System\fHmlxqp.exe
  2⤵
  PID:484
- C:\Windows\System\PSBquek.exe
  C:\Windows\System\PSBquek.exe
  2⤵
  PID:2312
- C:\Windows\System\LlhLTug.exe
  C:\Windows\System\LlhLTug.exe
  2⤵
  PID:1080
- C:\Windows\System\gSOkBzj.exe
  C:\Windows\System\gSOkBzj.exe
  2⤵
  PID:2120
- C:\Windows\System\nosgGlt.exe
  C:\Windows\System\nosgGlt.exe
  2⤵
  PID:1796
- C:\Windows\System\tHmJaHC.exe
  C:\Windows\System\tHmJaHC.exe
  2⤵
  PID:1312
- C:\Windows\System\YvJfKLe.exe
  C:\Windows\System\YvJfKLe.exe
  2⤵
  PID:636
- C:\Windows\System\dDwuNDt.exe
  C:\Windows\System\dDwuNDt.exe
  2⤵
  PID:1888
- C:\Windows\System\hLfCaUz.exe
  C:\Windows\System\hLfCaUz.exe
  2⤵
  PID:3000
- C:\Windows\System\vxppocJ.exe
  C:\Windows\System\vxppocJ.exe
  2⤵
  PID:2964
- C:\Windows\System\LflAujS.exe
  C:\Windows\System\LflAujS.exe
  2⤵
  PID:1528
- C:\Windows\System\bjTkmyI.exe
  C:\Windows\System\bjTkmyI.exe
  2⤵
  PID:2240
- C:\Windows\System\TnEfHWy.exe
  C:\Windows\System\TnEfHWy.exe
  2⤵
  PID:3084
- C:\Windows\System\GRoghcP.exe
  C:\Windows\System\GRoghcP.exe
  2⤵
  PID:3100
- C:\Windows\System\HnFpdtX.exe
  C:\Windows\System\HnFpdtX.exe
  2⤵
  PID:3116
- C:\Windows\System\VxcyxEJ.exe
  C:\Windows\System\VxcyxEJ.exe
  2⤵
  PID:3132
- C:\Windows\System\BvNJgjF.exe
  C:\Windows\System\BvNJgjF.exe
  2⤵
  PID:3148
- C:\Windows\System\XtRIBtx.exe
  C:\Windows\System\XtRIBtx.exe
  2⤵
  PID:3164
- C:\Windows\System\gETzzGY.exe
  C:\Windows\System\gETzzGY.exe
  2⤵
  PID:3180
- C:\Windows\System\ioXDOjB.exe
  C:\Windows\System\ioXDOjB.exe
  2⤵
  PID:3196
- C:\Windows\System\EgBlxCS.exe
  C:\Windows\System\EgBlxCS.exe
  2⤵
  PID:3212
- C:\Windows\System\yFpQoUk.exe
  C:\Windows\System\yFpQoUk.exe
  2⤵
  PID:3232
- C:\Windows\System\mUMNMVE.exe
  C:\Windows\System\mUMNMVE.exe
  2⤵
  PID:3248
- C:\Windows\System\PDjXVEh.exe
  C:\Windows\System\PDjXVEh.exe
  2⤵
  PID:3264
- C:\Windows\System\XxwzkNC.exe
  C:\Windows\System\XxwzkNC.exe
  2⤵
  PID:3280
- C:\Windows\System\CUkVsEc.exe
  C:\Windows\System\CUkVsEc.exe
  2⤵
  PID:3296
- C:\Windows\System\IyXMOuO.exe
  C:\Windows\System\IyXMOuO.exe
  2⤵
  PID:3312
- C:\Windows\System\xwgoQqW.exe
  C:\Windows\System\xwgoQqW.exe
  2⤵
  PID:3328
- C:\Windows\System\VUjxzHn.exe
  C:\Windows\System\VUjxzHn.exe
  2⤵
  PID:3344
- C:\Windows\System\uvEsvYU.exe
  C:\Windows\System\uvEsvYU.exe
  2⤵
  PID:3360
- C:\Windows\System\rQZSzep.exe
  C:\Windows\System\rQZSzep.exe
  2⤵
  PID:3376
- C:\Windows\System\WbWWdpt.exe
  C:\Windows\System\WbWWdpt.exe
  2⤵
  PID:3392
- C:\Windows\System\qBFXEBs.exe
  C:\Windows\System\qBFXEBs.exe
  2⤵
  PID:3408
- C:\Windows\System\LFQJIwU.exe
  C:\Windows\System\LFQJIwU.exe
  2⤵
  PID:3424
- C:\Windows\System\QfCoAJE.exe
  C:\Windows\System\QfCoAJE.exe
  2⤵
  PID:3440
- C:\Windows\System\NTKPGYc.exe
  C:\Windows\System\NTKPGYc.exe
  2⤵
  PID:3456
- C:\Windows\System\HijRoRy.exe
  C:\Windows\System\HijRoRy.exe
  2⤵
  PID:3472
- C:\Windows\System\gNvvhQW.exe
  C:\Windows\System\gNvvhQW.exe
  2⤵
  PID:3488
- C:\Windows\System\GovHqrR.exe
  C:\Windows\System\GovHqrR.exe
  2⤵
  PID:3504
- C:\Windows\System\eHXUzHJ.exe
  C:\Windows\System\eHXUzHJ.exe
  2⤵
  PID:3520
- C:\Windows\System\uGDbvnO.exe
  C:\Windows\System\uGDbvnO.exe
  2⤵
  PID:3536
- C:\Windows\System\VjYWUaw.exe
  C:\Windows\System\VjYWUaw.exe
  2⤵
  PID:3552
- C:\Windows\System\uIuUebY.exe
  C:\Windows\System\uIuUebY.exe
  2⤵
  PID:3568
- C:\Windows\System\aYriaxU.exe
  C:\Windows\System\aYriaxU.exe
  2⤵
  PID:3584
- C:\Windows\System\upzdNrx.exe
  C:\Windows\System\upzdNrx.exe
  2⤵
  PID:3600
- C:\Windows\System\kkKWxDQ.exe
  C:\Windows\System\kkKWxDQ.exe
  2⤵
  PID:3624
- C:\Windows\System\zrnxCja.exe
  C:\Windows\System\zrnxCja.exe
  2⤵
  PID:3696
- C:\Windows\System\bEWXeTG.exe
  C:\Windows\System\bEWXeTG.exe
  2⤵
  PID:3712
- C:\Windows\System\RMMLIex.exe
  C:\Windows\System\RMMLIex.exe
  2⤵
  PID:3728
- C:\Windows\System\vfUphkZ.exe
  C:\Windows\System\vfUphkZ.exe
  2⤵
  PID:3744
- C:\Windows\System\HHbsZkD.exe
  C:\Windows\System\HHbsZkD.exe
  2⤵
  PID:3760
- C:\Windows\System\yKimyxI.exe
  C:\Windows\System\yKimyxI.exe
  2⤵
  PID:3776
- C:\Windows\System\QPwyhUI.exe
  C:\Windows\System\QPwyhUI.exe
  2⤵
  PID:3792
- C:\Windows\System\hwIKpyW.exe
  C:\Windows\System\hwIKpyW.exe
  2⤵
  PID:3808
- C:\Windows\System\LYUvmRA.exe
  C:\Windows\System\LYUvmRA.exe
  2⤵
  PID:3824
- C:\Windows\System\eaOWxMZ.exe
  C:\Windows\System\eaOWxMZ.exe
  2⤵
  PID:3840
- C:\Windows\System\nVgNqTj.exe
  C:\Windows\System\nVgNqTj.exe
  2⤵
  PID:3856
- C:\Windows\System\goRvfds.exe
  C:\Windows\System\goRvfds.exe
  2⤵
  PID:3876
- C:\Windows\System\YqeiTlj.exe
  C:\Windows\System\YqeiTlj.exe
  2⤵
  PID:3900
- C:\Windows\System\jDVEBgg.exe
  C:\Windows\System\jDVEBgg.exe
  2⤵
  PID:3916
- C:\Windows\System\SMhvVLl.exe
  C:\Windows\System\SMhvVLl.exe
  2⤵
  PID:3960
- C:\Windows\System\CiGwYtK.exe
  C:\Windows\System\CiGwYtK.exe
  2⤵
  PID:3076
- C:\Windows\System\wqKADDb.exe
  C:\Windows\System\wqKADDb.exe
  2⤵
  PID:3108
- C:\Windows\System\hNaYNcQ.exe
  C:\Windows\System\hNaYNcQ.exe
  2⤵
  PID:3156
- C:\Windows\System\RlKcJRB.exe
  C:\Windows\System\RlKcJRB.exe
  2⤵
  PID:3140
- C:\Windows\System\xLgxctL.exe
  C:\Windows\System\xLgxctL.exe
  2⤵
  PID:3204
- C:\Windows\System\EAcYaOy.exe
  C:\Windows\System\EAcYaOy.exe
  2⤵
  PID:3240
- C:\Windows\System\YwbNHDV.exe
  C:\Windows\System\YwbNHDV.exe
  2⤵
  PID:3288
- C:\Windows\System\YgoDTHR.exe
  C:\Windows\System\YgoDTHR.exe
  2⤵
  PID:3272
- C:\Windows\System\MqJmcsZ.exe
  C:\Windows\System\MqJmcsZ.exe
  2⤵
  PID:3356
- C:\Windows\System\yNUXQhf.exe
  C:\Windows\System\yNUXQhf.exe
  2⤵
  PID:3420
- C:\Windows\System\ErgvvtI.exe
  C:\Windows\System\ErgvvtI.exe
  2⤵
  PID:3432
- C:\Windows\System\xhOrCwl.exe
  C:\Windows\System\xhOrCwl.exe
  2⤵
  PID:3404
- C:\Windows\System\dSLEXgi.exe
  C:\Windows\System\dSLEXgi.exe
  2⤵
  PID:3592
- C:\Windows\System\uamCxyp.exe
  C:\Windows\System\uamCxyp.exe
  2⤵
  PID:3644
- C:\Windows\System\LsVLraE.exe
  C:\Windows\System\LsVLraE.exe
  2⤵
  PID:3484
- C:\Windows\System\akVLkfL.exe
  C:\Windows\System\akVLkfL.exe
  2⤵
  PID:3752
- C:\Windows\System\LluPEHN.exe
  C:\Windows\System\LluPEHN.exe
  2⤵
  PID:3848
- C:\Windows\System\MhDfclz.exe
  C:\Windows\System\MhDfclz.exe
  2⤵
  PID:3892
- C:\Windows\System\OyppDMS.exe
  C:\Windows\System\OyppDMS.exe
  2⤵
  PID:3756
- C:\Windows\System\xUMAjMt.exe
  C:\Windows\System\xUMAjMt.exe
  2⤵
  PID:2556
- C:\Windows\System\nnvVhvz.exe
  C:\Windows\System\nnvVhvz.exe
  2⤵
  PID:2564
- C:\Windows\System\jMCiEKi.exe
  C:\Windows\System\jMCiEKi.exe
  2⤵
  PID:3968
- C:\Windows\System\HtzwHIa.exe
  C:\Windows\System\HtzwHIa.exe
  2⤵
  PID:3984
- C:\Windows\System\qIAVQLt.exe
  C:\Windows\System\qIAVQLt.exe
  2⤵
  PID:4004
- C:\Windows\System\SnSNIqd.exe
  C:\Windows\System\SnSNIqd.exe
  2⤵
  PID:4016
- C:\Windows\System\JFcvwEz.exe
  C:\Windows\System\JFcvwEz.exe
  2⤵
  PID:4060
- C:\Windows\System\VfVkEIi.exe
  C:\Windows\System\VfVkEIi.exe
  2⤵
  PID:4076
- C:\Windows\System\ySakzMR.exe
  C:\Windows\System\ySakzMR.exe
  2⤵
  PID:4092
- C:\Windows\System\TnKnfNS.exe
  C:\Windows\System\TnKnfNS.exe
  2⤵
  PID:2012
- C:\Windows\System\QlfjDnR.exe
  C:\Windows\System\QlfjDnR.exe
  2⤵
  PID:2852
- C:\Windows\System\Nrnpyvg.exe
  C:\Windows\System\Nrnpyvg.exe
  2⤵
  PID:2752
- C:\Windows\System\OGcgzQs.exe
  C:\Windows\System\OGcgzQs.exe
  2⤵
  PID:828
- C:\Windows\System\CzlQNxm.exe
  C:\Windows\System\CzlQNxm.exe
  2⤵
  PID:1960
- C:\Windows\System\nkcSWKq.exe
  C:\Windows\System\nkcSWKq.exe
  2⤵
  PID:1836
- C:\Windows\System\CHtfrGX.exe
  C:\Windows\System\CHtfrGX.exe
  2⤵
  PID:2404
- C:\Windows\System\hXFHrqx.exe
  C:\Windows\System\hXFHrqx.exe
  2⤵
  PID:1736
- C:\Windows\System\YazpJwY.exe
  C:\Windows\System\YazpJwY.exe
  2⤵
  PID:292
- C:\Windows\System\rnzbaMs.exe
  C:\Windows\System\rnzbaMs.exe
  2⤵
  PID:2544
- C:\Windows\System\lFLMbcf.exe
  C:\Windows\System\lFLMbcf.exe
  2⤵
  PID:2740
- C:\Windows\System\ApvArLZ.exe
  C:\Windows\System\ApvArLZ.exe
  2⤵
  PID:1732
- C:\Windows\System\YdZkRGV.exe
  C:\Windows\System\YdZkRGV.exe
  2⤵
  PID:3188
- C:\Windows\System\TlgWIEg.exe
  C:\Windows\System\TlgWIEg.exe
  2⤵
  PID:3260
- C:\Windows\System\nAonYXa.exe
  C:\Windows\System\nAonYXa.exe
  2⤵
  PID:3308
- C:\Windows\System\FqruEOM.exe
  C:\Windows\System\FqruEOM.exe
  2⤵
  PID:3980
- C:\Windows\System\njVRlPx.exe
  C:\Windows\System\njVRlPx.exe
  2⤵
  PID:3688
- C:\Windows\System\peJuzNr.exe
  C:\Windows\System\peJuzNr.exe
  2⤵
  PID:3788
- C:\Windows\System\NPqnPxO.exe
  C:\Windows\System\NPqnPxO.exe
  2⤵
  PID:3208
- C:\Windows\System\jrmfmBU.exe
  C:\Windows\System\jrmfmBU.exe
  2⤵
  PID:3080
- C:\Windows\System\lSBIEBN.exe
  C:\Windows\System\lSBIEBN.exe
  2⤵
  PID:2144
- C:\Windows\System\FOwszbO.exe
  C:\Windows\System\FOwszbO.exe
  2⤵
  PID:3336
- C:\Windows\System\EYOdZcP.exe
  C:\Windows\System\EYOdZcP.exe
  2⤵
  PID:3516
- C:\Windows\System\OhQyhQl.exe
  C:\Windows\System\OhQyhQl.exe
  2⤵
  PID:3580
- C:\Windows\System\OirXBsJ.exe
  C:\Windows\System\OirXBsJ.exe
  2⤵
  PID:3608
- C:\Windows\System\oInUlXD.exe
  C:\Windows\System\oInUlXD.exe
  2⤵
  PID:2976
- C:\Windows\System\MmVvlwT.exe
  C:\Windows\System\MmVvlwT.exe
  2⤵
  PID:3740
- C:\Windows\System\yeqqpqe.exe
  C:\Windows\System\yeqqpqe.exe
  2⤵
  PID:3800
- C:\Windows\System\OTwfjJx.exe
  C:\Windows\System\OTwfjJx.exe
  2⤵
  PID:3528
- C:\Windows\System\VrOsxfK.exe
  C:\Windows\System\VrOsxfK.exe
  2⤵
  PID:2684
- C:\Windows\System\vflVfCA.exe
  C:\Windows\System\vflVfCA.exe
  2⤵
  PID:3908
- C:\Windows\System\RIlxhEp.exe
  C:\Windows\System\RIlxhEp.exe
  2⤵
  PID:3720
- C:\Windows\System\mrZMYqN.exe
  C:\Windows\System\mrZMYqN.exe
  2⤵
  PID:3988
- C:\Windows\System\tdIVBnN.exe
  C:\Windows\System\tdIVBnN.exe
  2⤵
  PID:3320
- C:\Windows\System\noqEDFF.exe
  C:\Windows\System\noqEDFF.exe
  2⤵
  PID:4068
- C:\Windows\System\FDHbtOj.exe
  C:\Windows\System\FDHbtOj.exe
  2⤵
  PID:2820
- C:\Windows\System\VspGGxj.exe
  C:\Windows\System\VspGGxj.exe
  2⤵
  PID:2896
- C:\Windows\System\BiBQwbZ.exe
  C:\Windows\System\BiBQwbZ.exe
  2⤵
  PID:884
- C:\Windows\System\dfjMcpV.exe
  C:\Windows\System\dfjMcpV.exe
  2⤵
  PID:3128
- C:\Windows\System\izOAezL.exe
  C:\Windows\System\izOAezL.exe
  2⤵
  PID:3400
- C:\Windows\System\kqpHgXA.exe
  C:\Windows\System\kqpHgXA.exe
  2⤵
  PID:3636
- C:\Windows\System\BAeVDqw.exe
  C:\Windows\System\BAeVDqw.exe
  2⤵
  PID:3736
- C:\Windows\System\ylfQChV.exe
  C:\Windows\System\ylfQChV.exe
  2⤵
  PID:3872
- C:\Windows\System\VhqZvZQ.exe
  C:\Windows\System\VhqZvZQ.exe
  2⤵
  PID:3956
- C:\Windows\System\tqKEPwp.exe
  C:\Windows\System\tqKEPwp.exe
  2⤵
  PID:3616
- C:\Windows\System\aQXwDBc.exe
  C:\Windows\System\aQXwDBc.exe
  2⤵
  PID:3500
- C:\Windows\System\rJDvXfb.exe
  C:\Windows\System\rJDvXfb.exe
  2⤵
  PID:4024
- C:\Windows\System\LScJjmO.exe
  C:\Windows\System\LScJjmO.exe
  2⤵
  PID:3244
- C:\Windows\System\syKzqpr.exe
  C:\Windows\System\syKzqpr.exe
  2⤵
  PID:2228
- C:\Windows\System\KggEncU.exe
  C:\Windows\System\KggEncU.exe
  2⤵
  PID:1140
- C:\Windows\System\hRSDZZR.exe
  C:\Windows\System\hRSDZZR.exe
  2⤵
  PID:2508
- C:\Windows\System\dqELQLL.exe
  C:\Windows\System\dqELQLL.exe
  2⤵
  PID:2108
- C:\Windows\System\ThzYXgx.exe
  C:\Windows\System\ThzYXgx.exe
  2⤵
  PID:4100
- C:\Windows\System\DAYbIGo.exe
  C:\Windows\System\DAYbIGo.exe
  2⤵
  PID:4184
- C:\Windows\System\vWxyQpy.exe
  C:\Windows\System\vWxyQpy.exe
  2⤵
  PID:4204
- C:\Windows\System\jqrQGPe.exe
  C:\Windows\System\jqrQGPe.exe
  2⤵
  PID:4220
- C:\Windows\System\cEvYgSU.exe
  C:\Windows\System\cEvYgSU.exe
  2⤵
  PID:4236
- C:\Windows\System\HdLUAmH.exe
  C:\Windows\System\HdLUAmH.exe
  2⤵
  PID:4252
- C:\Windows\System\HmCpdfm.exe
  C:\Windows\System\HmCpdfm.exe
  2⤵
  PID:4272
- C:\Windows\System\sCQolRv.exe
  C:\Windows\System\sCQolRv.exe
  2⤵
  PID:4288
- C:\Windows\System\hyLyJjN.exe
  C:\Windows\System\hyLyJjN.exe
  2⤵
  PID:4304
- C:\Windows\System\mmRrwNb.exe
  C:\Windows\System\mmRrwNb.exe
  2⤵
  PID:4320
- C:\Windows\System\wJpgJtj.exe
  C:\Windows\System\wJpgJtj.exe
  2⤵
  PID:4336
- C:\Windows\System\TkUOjgC.exe
  C:\Windows\System\TkUOjgC.exe
  2⤵
  PID:4352
- C:\Windows\System\xZGthyH.exe
  C:\Windows\System\xZGthyH.exe
  2⤵
  PID:4368
- C:\Windows\System\VTPGTFG.exe
  C:\Windows\System\VTPGTFG.exe
  2⤵
  PID:4384
- C:\Windows\System\oKisRWf.exe
  C:\Windows\System\oKisRWf.exe
  2⤵
  PID:4400
- C:\Windows\System\jqKxapo.exe
  C:\Windows\System\jqKxapo.exe
  2⤵
  PID:4416
- C:\Windows\System\wfWhYIO.exe
  C:\Windows\System\wfWhYIO.exe
  2⤵
  PID:4432
- C:\Windows\System\aEKLiTg.exe
  C:\Windows\System\aEKLiTg.exe
  2⤵
  PID:4448
- C:\Windows\System\aNMLocA.exe
  C:\Windows\System\aNMLocA.exe
  2⤵
  PID:4588
- C:\Windows\System\YZJIyok.exe
  C:\Windows\System\YZJIyok.exe
  2⤵
  PID:4620
- C:\Windows\System\JSxVJFs.exe
  C:\Windows\System\JSxVJFs.exe
  2⤵
  PID:4636
- C:\Windows\System\uQZRDiY.exe
  C:\Windows\System\uQZRDiY.exe
  2⤵
  PID:4652
- C:\Windows\System\JyTjdLj.exe
  C:\Windows\System\JyTjdLj.exe
  2⤵
  PID:4668
- C:\Windows\System\lBAWfKo.exe
  C:\Windows\System\lBAWfKo.exe
  2⤵
  PID:4684
- C:\Windows\System\TNqnOSq.exe
  C:\Windows\System\TNqnOSq.exe
  2⤵
  PID:4700
- C:\Windows\System\fagSnjl.exe
  C:\Windows\System\fagSnjl.exe
  2⤵
  PID:4716
- C:\Windows\System\sPAxsLb.exe
  C:\Windows\System\sPAxsLb.exe
  2⤵
  PID:4792
- C:\Windows\System\btLnZrL.exe
  C:\Windows\System\btLnZrL.exe
  2⤵
  PID:4808
- C:\Windows\System\eeLXhvR.exe
  C:\Windows\System\eeLXhvR.exe
  2⤵
  PID:4824
- C:\Windows\System\NrfnSct.exe
  C:\Windows\System\NrfnSct.exe
  2⤵
  PID:4840
- C:\Windows\System\qLBChzO.exe
  C:\Windows\System\qLBChzO.exe
  2⤵
  PID:4856
- C:\Windows\System\NCtwREm.exe
  C:\Windows\System\NCtwREm.exe
  2⤵
  PID:4872
- C:\Windows\System\kkHTEIv.exe
  C:\Windows\System\kkHTEIv.exe
  2⤵
  PID:4888
- C:\Windows\System\mFmwFeh.exe
  C:\Windows\System\mFmwFeh.exe
  2⤵
  PID:4904
- C:\Windows\System\ajxCgwn.exe
  C:\Windows\System\ajxCgwn.exe
  2⤵
  PID:4920
- C:\Windows\System\KWaiSwD.exe
  C:\Windows\System\KWaiSwD.exe
  2⤵
  PID:4936
- C:\Windows\System\lUEAvRU.exe
  C:\Windows\System\lUEAvRU.exe
  2⤵
  PID:4956
- C:\Windows\System\WTVQhBj.exe
  C:\Windows\System\WTVQhBj.exe
  2⤵
  PID:4980
- C:\Windows\System\lfQRVgD.exe
  C:\Windows\System\lfQRVgD.exe
  2⤵
  PID:4996
- C:\Windows\System\IrpNfnQ.exe
  C:\Windows\System\IrpNfnQ.exe
  2⤵
  PID:5096
- C:\Windows\System\Tmlxzfx.exe
  C:\Windows\System\Tmlxzfx.exe
  2⤵
  PID:5112
- C:\Windows\System\CGMmGep.exe
  C:\Windows\System\CGMmGep.exe
  2⤵
  PID:2824
- C:\Windows\System\ReSCDwD.exe
  C:\Windows\System\ReSCDwD.exe
  2⤵
  PID:2436
- C:\Windows\System\ZMJZawR.exe
  C:\Windows\System\ZMJZawR.exe
  2⤵
  PID:3416
- C:\Windows\System\gUnRjcj.exe
  C:\Windows\System\gUnRjcj.exe
  2⤵
  PID:2464
- C:\Windows\System\OucLaVe.exe
  C:\Windows\System\OucLaVe.exe
  2⤵
  PID:2672
- C:\Windows\System\dmnViLP.exe
  C:\Windows\System\dmnViLP.exe
  2⤵
  PID:1620
- C:\Windows\System\FwKuKBK.exe
  C:\Windows\System\FwKuKBK.exe
  2⤵
  PID:2712
- C:\Windows\System\THsFxzG.exe
  C:\Windows\System\THsFxzG.exe
  2⤵
  PID:4228
- C:\Windows\System\iKHdGRk.exe
  C:\Windows\System\iKHdGRk.exe
  2⤵
  PID:3564
- C:\Windows\System\eMVkmzu.exe
  C:\Windows\System\eMVkmzu.exe
  2⤵
  PID:3952
- C:\Windows\System\OdeGETH.exe
  C:\Windows\System\OdeGETH.exe
  2⤵
  PID:4112
- C:\Windows\System\bDHsnGm.exe
  C:\Windows\System\bDHsnGm.exe
  2⤵
  PID:4364
- C:\Windows\System\fXhAzPp.exe
  C:\Windows\System\fXhAzPp.exe
  2⤵
  PID:3816
- C:\Windows\System\eHDDGVi.exe
  C:\Windows\System\eHDDGVi.exe
  2⤵
  PID:3352
- C:\Windows\System\mFmHxsr.exe
  C:\Windows\System\mFmHxsr.exe
  2⤵
  PID:4424
- C:\Windows\System\lCkcXxy.exe
  C:\Windows\System\lCkcXxy.exe
  2⤵
  PID:4120
- C:\Windows\System\OnFLKTc.exe
  C:\Windows\System\OnFLKTc.exe
  2⤵
  PID:4136
- C:\Windows\System\qWDTeia.exe
  C:\Windows\System\qWDTeia.exe
  2⤵
  PID:4472
- C:\Windows\System\kkygdmc.exe
  C:\Windows\System\kkygdmc.exe
  2⤵
  PID:4160
- C:\Windows\System\PPnYDpH.exe
  C:\Windows\System\PPnYDpH.exe
  2⤵
  PID:4176
- C:\Windows\System\qHkgQXH.exe
  C:\Windows\System\qHkgQXH.exe
  2⤵
  PID:4484
- C:\Windows\System\tzboHGT.exe
  C:\Windows\System\tzboHGT.exe
  2⤵
  PID:4500
- C:\Windows\System\VDtlPkn.exe
  C:\Windows\System\VDtlPkn.exe
  2⤵
  PID:4516
- C:\Windows\System\eyjGfaK.exe
  C:\Windows\System\eyjGfaK.exe
  2⤵
  PID:4532
- C:\Windows\System\tntMcan.exe
  C:\Windows\System\tntMcan.exe
  2⤵
  PID:4544
- C:\Windows\System\lPivYJy.exe
  C:\Windows\System\lPivYJy.exe
  2⤵
  PID:4572
- C:\Windows\System\svudSsp.exe
  C:\Windows\System\svudSsp.exe
  2⤵
  PID:4028
- C:\Windows\System\aKdnyJu.exe
  C:\Windows\System\aKdnyJu.exe
  2⤵
  PID:4408
- C:\Windows\System\vhpVLvZ.exe
  C:\Windows\System\vhpVLvZ.exe
  2⤵
  PID:4348
- C:\Windows\System\NDlfnlf.exe
  C:\Windows\System\NDlfnlf.exe
  2⤵
  PID:4280
- C:\Windows\System\rOGbgmR.exe
  C:\Windows\System\rOGbgmR.exe
  2⤵
  PID:4212
- C:\Windows\System\TBTVTCO.exe
  C:\Windows\System\TBTVTCO.exe
  2⤵
  PID:4596
- C:\Windows\System\OvdXMUl.exe
  C:\Windows\System\OvdXMUl.exe
  2⤵
  PID:4608
- C:\Windows\System\YhCvtho.exe
  C:\Windows\System\YhCvtho.exe
  2⤵
  PID:4116
- C:\Windows\System\upuyofB.exe
  C:\Windows\System\upuyofB.exe
  2⤵
  PID:4696
- C:\Windows\System\nWXVuAw.exe
  C:\Windows\System\nWXVuAw.exe
  2⤵
  PID:4736
- C:\Windows\System\bjiTFyQ.exe
  C:\Windows\System\bjiTFyQ.exe
  2⤵
  PID:4752
- C:\Windows\System\FiBnYgE.exe
  C:\Windows\System\FiBnYgE.exe
  2⤵
  PID:4680
- C:\Windows\System\mIKNDWg.exe
  C:\Windows\System\mIKNDWg.exe
  2⤵
  PID:4764
- C:\Windows\System\hXenvdr.exe
  C:\Windows\System\hXenvdr.exe
  2⤵
  PID:4648
- C:\Windows\System\MkYlmCR.exe
  C:\Windows\System\MkYlmCR.exe
  2⤵
  PID:4820
- C:\Windows\System\ftWLvmY.exe
  C:\Windows\System\ftWLvmY.exe
  2⤵
  PID:4880
- C:\Windows\System\EzgmiJZ.exe
  C:\Windows\System\EzgmiJZ.exe
  2⤵
  PID:4944
- C:\Windows\System\jhsTDCb.exe
  C:\Windows\System\jhsTDCb.exe
  2⤵
  PID:4900
- C:\Windows\System\roxyeUX.exe
  C:\Windows\System\roxyeUX.exe
  2⤵
  PID:4832
- C:\Windows\System\noLPzEm.exe
  C:\Windows\System\noLPzEm.exe
  2⤵
  PID:4800
- C:\Windows\System\PEyXisz.exe
  C:\Windows\System\PEyXisz.exe
  2⤵
  PID:5004
- C:\Windows\System\ghbnQMp.exe
  C:\Windows\System\ghbnQMp.exe
  2⤵
  PID:5016
- C:\Windows\System\OfEbfxv.exe
  C:\Windows\System\OfEbfxv.exe
  2⤵
  PID:5032
- C:\Windows\System\qlUaKfs.exe
  C:\Windows\System\qlUaKfs.exe
  2⤵
  PID:5048
- C:\Windows\System\XpToXfs.exe
  C:\Windows\System\XpToXfs.exe
  2⤵
  PID:5064
- C:\Windows\System\OvGgHoV.exe
  C:\Windows\System\OvGgHoV.exe
  2⤵
  PID:4992
- C:\Windows\System\iVhvoeo.exe
  C:\Windows\System\iVhvoeo.exe
  2⤵
  PID:3868
- C:\Windows\System\qaklPrb.exe
  C:\Windows\System\qaklPrb.exe
  2⤵
  PID:3576
- C:\Windows\System\vUDYLnI.exe
  C:\Windows\System\vUDYLnI.exe
  2⤵
  PID:5104
- C:\Windows\System\NSKUBmT.exe
  C:\Windows\System\NSKUBmT.exe
  2⤵
  PID:3888
- C:\Windows\System\RwPGsbs.exe
  C:\Windows\System\RwPGsbs.exe
  2⤵
  PID:5108
- C:\Windows\System\sXQfRdu.exe
  C:\Windows\System\sXQfRdu.exe
  2⤵
  PID:4264
- C:\Windows\System\twVcoCH.exe
  C:\Windows\System\twVcoCH.exe
  2⤵
  PID:3024
- C:\Windows\System\tLaZsGM.exe
  C:\Windows\System\tLaZsGM.exe
  2⤵
  PID:4328
- C:\Windows\System\dcsvbDy.exe
  C:\Windows\System\dcsvbDy.exe
  2⤵
  PID:1968
- C:\Windows\System\hszsZDF.exe
  C:\Windows\System\hszsZDF.exe
  2⤵
  PID:4396
- C:\Windows\System\cOGWghp.exe
  C:\Windows\System\cOGWghp.exe
  2⤵
  PID:4152
- C:\Windows\System\RdNVKTz.exe
  C:\Windows\System\RdNVKTz.exe
  2⤵
  PID:4512
- C:\Windows\System\NtymPoC.exe
  C:\Windows\System\NtymPoC.exe
  2⤵
  PID:4568
- C:\Windows\System\LzIHSXx.exe
  C:\Windows\System\LzIHSXx.exe
  2⤵
  PID:4216
- C:\Windows\System\ADoPLma.exe
  C:\Windows\System\ADoPLma.exe
  2⤵
  PID:4316
- C:\Windows\System\ynrVVtL.exe
  C:\Windows\System\ynrVVtL.exe
  2⤵
  PID:4464
- C:\Windows\System\YJRQiyw.exe
  C:\Windows\System\YJRQiyw.exe
  2⤵
  PID:4632
- C:\Windows\System\pzAvKwf.exe
  C:\Windows\System\pzAvKwf.exe
  2⤵
  PID:4528
- C:\Windows\System\hDDAboT.exe
  C:\Windows\System\hDDAboT.exe
  2⤵
  PID:4460
- C:\Windows\System\XFCyJfG.exe
  C:\Windows\System\XFCyJfG.exe
  2⤵
  PID:4604
- C:\Windows\System\gSxwtCW.exe
  C:\Windows\System\gSxwtCW.exe
  2⤵
  PID:4868
- C:\Windows\System\PDpLzwr.exe
  C:\Windows\System\PDpLzwr.exe
  2⤵
  PID:4744
- C:\Windows\System\QcNJakg.exe
  C:\Windows\System\QcNJakg.exe
  2⤵
  PID:4788
- C:\Windows\System\jbPoERv.exe
  C:\Windows\System\jbPoERv.exe
  2⤵
  PID:4932
- C:\Windows\System\CzBHiPS.exe
  C:\Windows\System\CzBHiPS.exe
  2⤵
  PID:4988
- C:\Windows\System\hRHPLPm.exe
  C:\Windows\System\hRHPLPm.exe
  2⤵
  PID:5392
- C:\Windows\System\InDjpjN.exe
  C:\Windows\System\InDjpjN.exe
  2⤵
  PID:5488
- C:\Windows\System\wTJgvoa.exe
  C:\Windows\System\wTJgvoa.exe
  2⤵
  PID:5504
- C:\Windows\System\ziSaOUF.exe
  C:\Windows\System\ziSaOUF.exe
  2⤵
  PID:5520
- C:\Windows\System\XMoBEMM.exe
  C:\Windows\System\XMoBEMM.exe
  2⤵
  PID:5544
- C:\Windows\System\odrQfpQ.exe
  C:\Windows\System\odrQfpQ.exe
  2⤵
  PID:5560
- C:\Windows\System\XvpdOeS.exe
  C:\Windows\System\XvpdOeS.exe
  2⤵
  PID:5580
- C:\Windows\System\HpmYXOp.exe
  C:\Windows\System\HpmYXOp.exe
  2⤵
  PID:5596
- C:\Windows\System\gdXWONv.exe
  C:\Windows\System\gdXWONv.exe
  2⤵
  PID:5612
- C:\Windows\System\GazTAlL.exe
  C:\Windows\System\GazTAlL.exe
  2⤵
  PID:5632
- C:\Windows\System\vmPlkXk.exe
  C:\Windows\System\vmPlkXk.exe
  2⤵
  PID:5648
- C:\Windows\System\ZvSKxAA.exe
  C:\Windows\System\ZvSKxAA.exe
  2⤵
  PID:5668
- C:\Windows\System\IfoWKWB.exe
  C:\Windows\System\IfoWKWB.exe
  2⤵
  PID:5684
- C:\Windows\System\wEYXKHe.exe
  C:\Windows\System\wEYXKHe.exe
  2⤵
  PID:5700
- C:\Windows\System\ILMtaca.exe
  C:\Windows\System\ILMtaca.exe
  2⤵
  PID:5720
- C:\Windows\System\kYpSQHi.exe
  C:\Windows\System\kYpSQHi.exe
  2⤵
  PID:5736
- C:\Windows\System\mPQrtxd.exe
  C:\Windows\System\mPQrtxd.exe
  2⤵
  PID:5752
- C:\Windows\System\mkeUikm.exe
  C:\Windows\System\mkeUikm.exe
  2⤵
  PID:5768
- C:\Windows\System\TRDhtrB.exe
  C:\Windows\System\TRDhtrB.exe
  2⤵
  PID:5784
- C:\Windows\System\MgwxRhs.exe
  C:\Windows\System\MgwxRhs.exe
  2⤵
  PID:5800
- C:\Windows\System\JDSWDhk.exe
  C:\Windows\System\JDSWDhk.exe
  2⤵
  PID:5816
- C:\Windows\System\NfTydUt.exe
  C:\Windows\System\NfTydUt.exe
  2⤵
  PID:5832
- C:\Windows\System\akVYVVZ.exe
  C:\Windows\System\akVYVVZ.exe
  2⤵
  PID:5912
- C:\Windows\System\duOMSoF.exe
  C:\Windows\System\duOMSoF.exe
  2⤵
  PID:5928
- C:\Windows\System\tujoQDH.exe
  C:\Windows\System\tujoQDH.exe
  2⤵
  PID:5944
- C:\Windows\System\QloZfng.exe
  C:\Windows\System\QloZfng.exe
  2⤵
  PID:5960
- C:\Windows\System\lgHujRO.exe
  C:\Windows\System\lgHujRO.exe
  2⤵
  PID:5976
- C:\Windows\System\QIiUbMP.exe
  C:\Windows\System\QIiUbMP.exe
  2⤵
  PID:5992
- C:\Windows\System\JzdFJTx.exe
  C:\Windows\System\JzdFJTx.exe
  2⤵
  PID:6012
- C:\Windows\System\AuzyzUv.exe
  C:\Windows\System\AuzyzUv.exe
  2⤵
  PID:6036
- C:\Windows\System\dNABAjl.exe
  C:\Windows\System\dNABAjl.exe
  2⤵
  PID:6072
- C:\Windows\System\MZOuIbO.exe
  C:\Windows\System\MZOuIbO.exe
  2⤵
  PID:6104
- C:\Windows\System\TKToeUu.exe
  C:\Windows\System\TKToeUu.exe
  2⤵
  PID:6124
- C:\Windows\System\OFWDUrh.exe
  C:\Windows\System\OFWDUrh.exe
  2⤵
  PID:6140
- C:\Windows\System\gmUQidR.exe
  C:\Windows\System\gmUQidR.exe
  2⤵
  PID:2664
- C:\Windows\System\nsfJfwD.exe
  C:\Windows\System\nsfJfwD.exe
  2⤵
  PID:4392
- C:\Windows\System\hFXCHwA.exe
  C:\Windows\System\hFXCHwA.exe
  2⤵
  PID:4468
- C:\Windows\System\yVajtoX.exe
  C:\Windows\System\yVajtoX.exe
  2⤵
  PID:4972
- C:\Windows\System\SZXUcQI.exe
  C:\Windows\System\SZXUcQI.exe
  2⤵
  PID:1032
- C:\Windows\System\buyylFu.exe
  C:\Windows\System\buyylFu.exe
  2⤵
  PID:4732
- C:\Windows\System\JeymulW.exe
  C:\Windows\System\JeymulW.exe
  2⤵
  PID:4108
- C:\Windows\System\awirHSp.exe
  C:\Windows\System\awirHSp.exe
  2⤵
  PID:4132
- C:\Windows\System\iJYpuuF.exe
  C:\Windows\System\iJYpuuF.exe
  2⤵
  PID:4676
- C:\Windows\System\XngELWK.exe
  C:\Windows\System\XngELWK.exe
  2⤵
  PID:4760
- C:\Windows\System\fCiiMle.exe
  C:\Windows\System\fCiiMle.exe
  2⤵
  PID:4644
- C:\Windows\System\CtvazDh.exe
  C:\Windows\System\CtvazDh.exe
  2⤵
  PID:4692
- C:\Windows\System\CpOEAzO.exe
  C:\Windows\System\CpOEAzO.exe
  2⤵
  PID:5128
- C:\Windows\System\YwNxHKQ.exe
  C:\Windows\System\YwNxHKQ.exe
  2⤵
  PID:5144
- C:\Windows\System\vReAKXE.exe
  C:\Windows\System\vReAKXE.exe
  2⤵
  PID:5164
- C:\Windows\System\fTZHwbb.exe
  C:\Windows\System\fTZHwbb.exe
  2⤵
  PID:5180
- C:\Windows\System\vEtFfBf.exe
  C:\Windows\System\vEtFfBf.exe
  2⤵
  PID:3656
- C:\Windows\System\PkPmwcs.exe
  C:\Windows\System\PkPmwcs.exe
  2⤵
  PID:5208
- C:\Windows\System\iCsTEZr.exe
  C:\Windows\System\iCsTEZr.exe
  2⤵
  PID:5224
- C:\Windows\System\hfjeUip.exe
  C:\Windows\System\hfjeUip.exe
  2⤵
  PID:5240
- C:\Windows\System\qUBMizQ.exe
  C:\Windows\System\qUBMizQ.exe
  2⤵
  PID:5256
- C:\Windows\System\iicYIUE.exe
  C:\Windows\System\iicYIUE.exe
  2⤵
  PID:5272
- C:\Windows\System\QVcqeDw.exe
  C:\Windows\System\QVcqeDw.exe
  2⤵
  PID:5288
- C:\Windows\System\GBlRWHl.exe
  C:\Windows\System\GBlRWHl.exe
  2⤵
  PID:5304
- C:\Windows\System\SQgwpSY.exe
  C:\Windows\System\SQgwpSY.exe
  2⤵
  PID:5320
- C:\Windows\System\eObAgcA.exe
  C:\Windows\System\eObAgcA.exe
  2⤵
  PID:5336
- C:\Windows\System\VJvFiCX.exe
  C:\Windows\System\VJvFiCX.exe
  2⤵
  PID:5360
- C:\Windows\System\USMJlQL.exe
  C:\Windows\System\USMJlQL.exe
  2⤵
  PID:3660
- C:\Windows\System\skkXNQX.exe
  C:\Windows\System\skkXNQX.exe
  2⤵
  PID:3668
- C:\Windows\System\VWklbcf.exe
  C:\Windows\System\VWklbcf.exe
  2⤵
  PID:2540
- C:\Windows\System\LrGRQHS.exe
  C:\Windows\System\LrGRQHS.exe
  2⤵
  PID:5404
- C:\Windows\System\vTaDIlL.exe
  C:\Windows\System\vTaDIlL.exe
  2⤵
  PID:5420
- C:\Windows\System\NfJWDqu.exe
  C:\Windows\System\NfJWDqu.exe
  2⤵
  PID:5432
- C:\Windows\System\kpknXOs.exe
  C:\Windows\System\kpknXOs.exe
  2⤵
  PID:5456
- C:\Windows\System\YZIvMfS.exe
  C:\Windows\System\YZIvMfS.exe
  2⤵
  PID:5472
- C:\Windows\System\ezohlZd.exe
  C:\Windows\System\ezohlZd.exe
  2⤵
  PID:5512
- C:\Windows\System\UxttNTq.exe
  C:\Windows\System\UxttNTq.exe
  2⤵
  PID:5496
- C:\Windows\System\VlBXthv.exe
  C:\Windows\System\VlBXthv.exe
  2⤵
  PID:5572
- C:\Windows\System\KmDypzR.exe
  C:\Windows\System\KmDypzR.exe
  2⤵
  PID:5608
- C:\Windows\System\zCjsMyG.exe
  C:\Windows\System\zCjsMyG.exe
  2⤵
  PID:5516
- C:\Windows\System\KfXZGeJ.exe
  C:\Windows\System\KfXZGeJ.exe
  2⤵
  PID:5708
- C:\Windows\System\lWztigi.exe
  C:\Windows\System\lWztigi.exe
  2⤵
  PID:5776
- C:\Windows\System\TRpZDjI.exe
  C:\Windows\System\TRpZDjI.exe
  2⤵
  PID:5840
- C:\Windows\System\WGhOTtw.exe
  C:\Windows\System\WGhOTtw.exe
  2⤵
  PID:5680
- C:\Windows\System\nydyxTz.exe
  C:\Windows\System\nydyxTz.exe
  2⤵
  PID:1612
- C:\Windows\System\dYrtgkC.exe
  C:\Windows\System\dYrtgkC.exe
  2⤵
  PID:5588
- C:\Windows\System\FBaUoyK.exe
  C:\Windows\System\FBaUoyK.exe
  2⤵
  PID:5624
- C:\Windows\System\GAvpTGn.exe
  C:\Windows\System\GAvpTGn.exe
  2⤵
  PID:5712
- C:\Windows\System\ugGKMSJ.exe
  C:\Windows\System\ugGKMSJ.exe
  2⤵
  PID:5732
- C:\Windows\System\RVXMvMx.exe
  C:\Windows\System\RVXMvMx.exe
  2⤵
  PID:5796
- C:\Windows\System\uzybcSY.exe
  C:\Windows\System\uzybcSY.exe
  2⤵
  PID:5856
- C:\Windows\System\mpEcjbu.exe
  C:\Windows\System\mpEcjbu.exe
  2⤵
  PID:5896
- C:\Windows\System\KEuTHnZ.exe
  C:\Windows\System\KEuTHnZ.exe
  2⤵
  PID:5884
- C:\Windows\System\IiDXWiy.exe
  C:\Windows\System\IiDXWiy.exe
  2⤵
  PID:5844
- C:\Windows\System\YCVlllb.exe
  C:\Windows\System\YCVlllb.exe
  2⤵
  PID:5920
- C:\Windows\System\ojToNIX.exe
  C:\Windows\System\ojToNIX.exe
  2⤵
  PID:5984
- C:\Windows\System\fUiOsyz.exe
  C:\Windows\System\fUiOsyz.exe
  2⤵
  PID:6044
- C:\Windows\System\eQDoxvW.exe
  C:\Windows\System\eQDoxvW.exe
  2⤵
  PID:6048
- C:\Windows\System\gYxjmBp.exe
  C:\Windows\System\gYxjmBp.exe
  2⤵
  PID:6004
- C:\Windows\System\qlKusRG.exe
  C:\Windows\System\qlKusRG.exe
  2⤵
  PID:6060
- C:\Windows\System\YrrRzMY.exe
  C:\Windows\System\YrrRzMY.exe
  2⤵
  PID:6116
- C:\Windows\System\ptdyVeQ.exe
  C:\Windows\System\ptdyVeQ.exe
  2⤵
  PID:6100
- C:\Windows\System\ysyqdFb.exe
  C:\Windows\System\ysyqdFb.exe
  2⤵
  PID:6136
- C:\Windows\System\NgIbFmb.exe
  C:\Windows\System\NgIbFmb.exe
  2⤵
  PID:988
- C:\Windows\System\qeluZPX.exe
  C:\Windows\System\qeluZPX.exe
  2⤵
  PID:4444
- C:\Windows\System\bhLkYWY.exe
  C:\Windows\System\bhLkYWY.exe
  2⤵
  PID:5092
- C:\Windows\System\cODpjQb.exe
  C:\Windows\System\cODpjQb.exe
  2⤵
  PID:4852
- C:\Windows\System\zldzQjr.exe
  C:\Windows\System\zldzQjr.exe
  2⤵
  PID:3176
- C:\Windows\System\nqOLMBn.exe
  C:\Windows\System\nqOLMBn.exe
  2⤵
  PID:4564
- C:\Windows\System\xtEhMwD.exe
  C:\Windows\System\xtEhMwD.exe
  2⤵
  PID:4916
- C:\Windows\System\OOUQiWD.exe
  C:\Windows\System\OOUQiWD.exe
  2⤵
  PID:5160
- C:\Windows\System\pOKGCZm.exe
  C:\Windows\System\pOKGCZm.exe
  2⤵
  PID:5216
- C:\Windows\System\JLOsQYk.exe
  C:\Windows\System\JLOsQYk.exe
  2⤵
  PID:5284
- C:\Windows\System\vrIcjnx.exe
  C:\Windows\System\vrIcjnx.exe
  2⤵
  PID:5352
- C:\Windows\System\XLRYSOo.exe
  C:\Windows\System\XLRYSOo.exe
  2⤵
  PID:5300
- C:\Windows\System\VXQSCVY.exe
  C:\Windows\System\VXQSCVY.exe
  2⤵
  PID:4664
- C:\Windows\System\jlgmCsh.exe
  C:\Windows\System\jlgmCsh.exe
  2⤵
  PID:5176
- C:\Windows\System\PJAKbhT.exe
  C:\Windows\System\PJAKbhT.exe
  2⤵
  PID:5268
- C:\Windows\System\kqoKwSp.exe
  C:\Windows\System\kqoKwSp.exe
  2⤵
  PID:2692
- C:\Windows\System\oDlcaZT.exe
  C:\Windows\System\oDlcaZT.exe
  2⤵
  PID:5072
- C:\Windows\System\jwQqsZQ.exe
  C:\Windows\System\jwQqsZQ.exe
  2⤵
  PID:1556
- C:\Windows\System\rvwUqPQ.exe
  C:\Windows\System\rvwUqPQ.exe
  2⤵
  PID:2644
- C:\Windows\System\hzJKcQZ.exe
  C:\Windows\System\hzJKcQZ.exe
  2⤵
  PID:1632
- C:\Windows\System\iHmOyDZ.exe
  C:\Windows\System\iHmOyDZ.exe
  2⤵
  PID:5528
- C:\Windows\System\yMcqFhE.exe
  C:\Windows\System\yMcqFhE.exe
  2⤵
  PID:5900
- C:\Windows\System\RBortWl.exe
  C:\Windows\System\RBortWl.exe
  2⤵
  PID:6032
- C:\Windows\System\evwiHDP.exe
  C:\Windows\System\evwiHDP.exe
  2⤵
  PID:6084
- C:\Windows\System\gIRxoeW.exe
  C:\Windows\System\gIRxoeW.exe
  2⤵
  PID:2904
- C:\Windows\System\QqKjCWg.exe
  C:\Windows\System\QqKjCWg.exe
  2⤵
  PID:4948
- C:\Windows\System\ujwlgJV.exe
  C:\Windows\System\ujwlgJV.exe
  2⤵
  PID:5328
- C:\Windows\System\sQfHcsP.exe
  C:\Windows\System\sQfHcsP.exe
  2⤵
  PID:4244
- C:\Windows\System\gxeGsOk.exe
  C:\Windows\System\gxeGsOk.exe
  2⤵
  PID:5264
- C:\Windows\System\FfLJDnP.exe
  C:\Windows\System\FfLJDnP.exe
  2⤵
  PID:5728
- C:\Windows\System\FDXKjkP.exe
  C:\Windows\System\FDXKjkP.exe
  2⤵
  PID:5876
- C:\Windows\System\kZBDCVB.exe
  C:\Windows\System\kZBDCVB.exe
  2⤵
  PID:5968
- C:\Windows\System\XUTaWQB.exe
  C:\Windows\System\XUTaWQB.exe
  2⤵
  PID:3096
- C:\Windows\System\MbGNVpR.exe
  C:\Windows\System\MbGNVpR.exe
  2⤵
  PID:3772
- C:\Windows\System\zIVgwDs.exe
  C:\Windows\System\zIVgwDs.exe
  2⤵
  PID:4548
- C:\Windows\System\tkxwnpg.exe
  C:\Windows\System\tkxwnpg.exe
  2⤵
  PID:5236
- C:\Windows\System\XtBIZTU.exe
  C:\Windows\System\XtBIZTU.exe
  2⤵
  PID:5364
- C:\Windows\System\RteHurN.exe
  C:\Windows\System\RteHurN.exe
  2⤵
  PID:2744
- C:\Windows\System\zvKNNoE.exe
  C:\Windows\System\zvKNNoE.exe
  2⤵
  PID:2920
- C:\Windows\System\DIzWVGw.exe
  C:\Windows\System\DIzWVGw.exe
  2⤵
  PID:1668
- C:\Windows\System\dJwwOTZ.exe
  C:\Windows\System\dJwwOTZ.exe
  2⤵
  PID:5452
- C:\Windows\System\FTPaIYr.exe
  C:\Windows\System\FTPaIYr.exe
  2⤵
  PID:2932
- C:\Windows\System\KFzRQOi.exe
  C:\Windows\System\KFzRQOi.exe
  2⤵
  PID:5852
- C:\Windows\System\nJWvioT.exe
  C:\Windows\System\nJWvioT.exe
  2⤵
  PID:5436
- C:\Windows\System\nEHuZwc.exe
  C:\Windows\System\nEHuZwc.exe
  2⤵
  PID:1184
- C:\Windows\System\ivTeymv.exe
  C:\Windows\System\ivTeymv.exe
  2⤵
  PID:5808
- C:\Windows\System\XeecXha.exe
  C:\Windows\System\XeecXha.exe
  2⤵
  PID:752
- C:\Windows\System\TKseMyj.exe
  C:\Windows\System\TKseMyj.exe
  2⤵
  PID:5464
- C:\Windows\System\fvCArEg.exe
  C:\Windows\System\fvCArEg.exe
  2⤵
  PID:5956
- C:\Windows\System\vDiMfzr.exe
  C:\Windows\System\vDiMfzr.exe
  2⤵
  PID:5316
- C:\Windows\System\BCScVxs.exe
  C:\Windows\System\BCScVxs.exe
  2⤵
  PID:5880
- C:\Windows\System\UKcMYPn.exe
  C:\Windows\System\UKcMYPn.exe
  2⤵
  PID:3112
- C:\Windows\System\hrBWKEG.exe
  C:\Windows\System\hrBWKEG.exe
  2⤵
  PID:5408
- C:\Windows\System\SrQocdd.exe
  C:\Windows\System\SrQocdd.exe
  2⤵
  PID:5744
- C:\Windows\System\LALeMgG.exe
  C:\Windows\System\LALeMgG.exe
  2⤵
  PID:5620
- C:\Windows\System\VaLkalp.exe
  C:\Windows\System\VaLkalp.exe
  2⤵
  PID:5532
- C:\Windows\System\gYAlWlO.exe
  C:\Windows\System\gYAlWlO.exe
  2⤵
  PID:3704
- C:\Windows\System\shyEJWS.exe
  C:\Windows\System\shyEJWS.exe
  2⤵
  PID:6112
- C:\Windows\System\IdUJTlA.exe
  C:\Windows\System\IdUJTlA.exe
  2⤵
  PID:6068
- C:\Windows\System\zGbYxDA.exe
  C:\Windows\System\zGbYxDA.exe
  2⤵
  PID:5812
- C:\Windows\System\uvsQqUc.exe
  C:\Windows\System\uvsQqUc.exe
  2⤵
  PID:5028
- C:\Windows\System\MgflZlS.exe
  C:\Windows\System\MgflZlS.exe
  2⤵
  PID:1912
- C:\Windows\System\znOMMcu.exe
  C:\Windows\System\znOMMcu.exe
  2⤵
  PID:5568
- C:\Windows\System\MXlxhQn.exe
  C:\Windows\System\MXlxhQn.exe
  2⤵
  PID:5792
- C:\Windows\System\VRrxoBV.exe
  C:\Windows\System\VRrxoBV.exe
  2⤵
  PID:672
- C:\Windows\System\HqpdVsy.exe
  C:\Windows\System\HqpdVsy.exe
  2⤵
  PID:5152
- C:\Windows\System\ZeBgqOk.exe
  C:\Windows\System\ZeBgqOk.exe
  2⤵
  PID:2112
- C:\Windows\System\gqZMJpf.exe
  C:\Windows\System\gqZMJpf.exe
  2⤵
  PID:2580
- C:\Windows\System\MNsUIFp.exe
  C:\Windows\System\MNsUIFp.exe
  2⤵
  PID:2720
- C:\Windows\System\tZWeKqm.exe
  C:\Windows\System\tZWeKqm.exe
  2⤵
  PID:5764
- C:\Windows\System\HazyibV.exe
  C:\Windows\System\HazyibV.exe
  2⤵
  PID:6156
- C:\Windows\System\qqRvGAV.exe
  C:\Windows\System\qqRvGAV.exe
  2⤵
  PID:6172
- C:\Windows\System\NKlHYZD.exe
  C:\Windows\System\NKlHYZD.exe
  2⤵
  PID:6188
- C:\Windows\System\CWvvqAZ.exe
  C:\Windows\System\CWvvqAZ.exe
  2⤵
  PID:6204
- C:\Windows\System\OuYoXSe.exe
  C:\Windows\System\OuYoXSe.exe
  2⤵
  PID:6220
- C:\Windows\System\XWZSDLz.exe
  C:\Windows\System\XWZSDLz.exe
  2⤵
  PID:6236
- C:\Windows\System\bEZPiSx.exe
  C:\Windows\System\bEZPiSx.exe
  2⤵
  PID:6252
- C:\Windows\System\xjLgLxH.exe
  C:\Windows\System\xjLgLxH.exe
  2⤵
  PID:6268
- C:\Windows\System\wIEaxwp.exe
  C:\Windows\System\wIEaxwp.exe
  2⤵
  PID:6284
- C:\Windows\System\jPBMKzo.exe
  C:\Windows\System\jPBMKzo.exe
  2⤵
  PID:6300
- C:\Windows\System\JpXDbPE.exe
  C:\Windows\System\JpXDbPE.exe
  2⤵
  PID:6316
- C:\Windows\System\uvXxOvK.exe
  C:\Windows\System\uvXxOvK.exe
  2⤵
  PID:6332
- C:\Windows\System\GmVSxHS.exe
  C:\Windows\System\GmVSxHS.exe
  2⤵
  PID:6348
- C:\Windows\System\BvwInrO.exe
  C:\Windows\System\BvwInrO.exe
  2⤵
  PID:6364
- C:\Windows\System\knAYJQk.exe
  C:\Windows\System\knAYJQk.exe
  2⤵
  PID:6380
- C:\Windows\System\rZljXXf.exe
  C:\Windows\System\rZljXXf.exe
  2⤵
  PID:6616
- C:\Windows\System\FfWpIoh.exe
  C:\Windows\System\FfWpIoh.exe
  2⤵
  PID:6636
- C:\Windows\System\TJTjdac.exe
  C:\Windows\System\TJTjdac.exe
  2⤵
  PID:6652
- C:\Windows\System\WWbYwFW.exe
  C:\Windows\System\WWbYwFW.exe
  2⤵
  PID:6668
- C:\Windows\System\INLLQZl.exe
  C:\Windows\System\INLLQZl.exe
  2⤵
  PID:6688
- C:\Windows\System\knxHJgb.exe
  C:\Windows\System\knxHJgb.exe
  2⤵
  PID:6708
- C:\Windows\System\LGcXxei.exe
  C:\Windows\System\LGcXxei.exe
  2⤵
  PID:6724
- C:\Windows\System\JgIcsOK.exe
  C:\Windows\System\JgIcsOK.exe
  2⤵
  PID:6740
- C:\Windows\System\jtoGtav.exe
  C:\Windows\System\jtoGtav.exe
  2⤵
  PID:6756
- C:\Windows\System\tGNWVxH.exe
  C:\Windows\System\tGNWVxH.exe
  2⤵
  PID:6772
- C:\Windows\System\XMwbsaF.exe
  C:\Windows\System\XMwbsaF.exe
  2⤵
  PID:6788
- C:\Windows\System\XhxoDDm.exe
  C:\Windows\System\XhxoDDm.exe
  2⤵
  PID:6804
- C:\Windows\System\jQSxHnZ.exe
  C:\Windows\System\jQSxHnZ.exe
  2⤵
  PID:6832
- C:\Windows\System\NrJzumC.exe
  C:\Windows\System\NrJzumC.exe
  2⤵
  PID:6848
- C:\Windows\System\TdzglgN.exe
  C:\Windows\System\TdzglgN.exe
  2⤵
  PID:6868
- C:\Windows\System\OvRLlEt.exe
  C:\Windows\System\OvRLlEt.exe
  2⤵
  PID:6884
- C:\Windows\System\bnSFpQT.exe
  C:\Windows\System\bnSFpQT.exe
  2⤵
  PID:6900
- C:\Windows\System\qXwaBTt.exe
  C:\Windows\System\qXwaBTt.exe
  2⤵
  PID:6916
- C:\Windows\System\qvmIiYd.exe
  C:\Windows\System\qvmIiYd.exe
  2⤵
  PID:6932
- C:\Windows\System\LroHrRw.exe
  C:\Windows\System\LroHrRw.exe
  2⤵
  PID:6948
- C:\Windows\System\FYqQfrC.exe
  C:\Windows\System\FYqQfrC.exe
  2⤵
  PID:6964
- C:\Windows\System\WNzGvnP.exe
  C:\Windows\System\WNzGvnP.exe
  2⤵
  PID:6980
- C:\Windows\System\LrqQBdV.exe
  C:\Windows\System\LrqQBdV.exe
  2⤵
  PID:6996
- C:\Windows\System\vFYsHua.exe
  C:\Windows\System\vFYsHua.exe
  2⤵
  PID:7012
- C:\Windows\System\GKsZGJj.exe
  C:\Windows\System\GKsZGJj.exe
  2⤵
  PID:7028
- C:\Windows\System\evTqgxy.exe
  C:\Windows\System\evTqgxy.exe
  2⤵
  PID:7048
- C:\Windows\System\kLhtJIT.exe
  C:\Windows\System\kLhtJIT.exe
  2⤵
  PID:7064
- C:\Windows\System\gorHRKI.exe
  C:\Windows\System\gorHRKI.exe
  2⤵
  PID:7080
- C:\Windows\System\Dbsvnia.exe
  C:\Windows\System\Dbsvnia.exe
  2⤵
  PID:7100
- C:\Windows\System\TjZNFgN.exe
  C:\Windows\System\TjZNFgN.exe
  2⤵
  PID:7120
- C:\Windows\System\GmAQunu.exe
  C:\Windows\System\GmAQunu.exe
  2⤵
  PID:7136
- C:\Windows\System\nFRmhfP.exe
  C:\Windows\System\nFRmhfP.exe
  2⤵
  PID:7156
- C:\Windows\System\TPjFTzM.exe
  C:\Windows\System\TPjFTzM.exe
  2⤵
  PID:3664
- C:\Windows\System\LNnANWm.exe
  C:\Windows\System\LNnANWm.exe
  2⤵
  PID:5088
- C:\Windows\System\dWowIrY.exe
  C:\Windows\System\dWowIrY.exe
  2⤵
  PID:6200
- C:\Windows\System\wqfKKyk.exe
  C:\Windows\System\wqfKKyk.exe
  2⤵
  PID:6296
- C:\Windows\System\fWpOfsm.exe
  C:\Windows\System\fWpOfsm.exe
  2⤵
  PID:1452
- C:\Windows\System\chhEmNn.exe
  C:\Windows\System\chhEmNn.exe
  2⤵
  PID:6308
- C:\Windows\System\ybTondn.exe
  C:\Windows\System\ybTondn.exe
  2⤵
  PID:4780
- C:\Windows\System\hKaykBT.exe
  C:\Windows\System\hKaykBT.exe
  2⤵
  PID:6248
- C:\Windows\System\QPcwKyU.exe
  C:\Windows\System\QPcwKyU.exe
  2⤵
  PID:6244
- C:\Windows\System\afgCGno.exe
  C:\Windows\System\afgCGno.exe
  2⤵
  PID:6372
- C:\Windows\System\AFLNyKj.exe
  C:\Windows\System\AFLNyKj.exe
  2⤵
  PID:6416
- C:\Windows\System\NQsPisK.exe
  C:\Windows\System\NQsPisK.exe
  2⤵
  PID:6432
- C:\Windows\System\nPwmNrX.exe
  C:\Windows\System\nPwmNrX.exe
  2⤵
  PID:6452
- C:\Windows\System\abEWQIk.exe
  C:\Windows\System\abEWQIk.exe
  2⤵
  PID:6468
- C:\Windows\System\swMFOCa.exe
  C:\Windows\System\swMFOCa.exe
  2⤵
  PID:6484
- C:\Windows\System\iJmqktw.exe
  C:\Windows\System\iJmqktw.exe
  2⤵
  PID:6500
- C:\Windows\System\ffsjrvE.exe
  C:\Windows\System\ffsjrvE.exe
  2⤵
  PID:6516
- C:\Windows\System\CBFfOal.exe
  C:\Windows\System\CBFfOal.exe
  2⤵
  PID:6532
- C:\Windows\System\guyXXhB.exe
  C:\Windows\System\guyXXhB.exe
  2⤵
  PID:6548
- C:\Windows\System\CQhAEIX.exe
  C:\Windows\System\CQhAEIX.exe
  2⤵
  PID:6572
- C:\Windows\System\GRMstjv.exe
  C:\Windows\System\GRMstjv.exe
  2⤵
  PID:6588
- C:\Windows\System\MybOsQU.exe
  C:\Windows\System\MybOsQU.exe
  2⤵
  PID:6628
- C:\Windows\System\EXITHEx.exe
  C:\Windows\System\EXITHEx.exe
  2⤵
  PID:6664
- C:\Windows\System\caShbsn.exe
  C:\Windows\System\caShbsn.exe
  2⤵
  PID:6732
- C:\Windows\System\zTINSyA.exe
  C:\Windows\System\zTINSyA.exe
  2⤵
  PID:6796
- C:\Windows\System\RSFWVuW.exe
  C:\Windows\System\RSFWVuW.exe
  2⤵
  PID:6908
- C:\Windows\System\hNzEJWU.exe
  C:\Windows\System\hNzEJWU.exe
  2⤵
  PID:6976
- C:\Windows\System\qsWdmtA.exe
  C:\Windows\System\qsWdmtA.exe
  2⤵
  PID:7044
- C:\Windows\System\rPulUsb.exe
  C:\Windows\System\rPulUsb.exe
  2⤵
  PID:7112
- C:\Windows\System\UNFKwxV.exe
  C:\Windows\System\UNFKwxV.exe
  2⤵
  PID:2572
- C:\Windows\System\mkReYxX.exe
  C:\Windows\System\mkReYxX.exe
  2⤵
  PID:6260
- C:\Windows\System\GPrmdeH.exe
  C:\Windows\System\GPrmdeH.exe
  2⤵
  PID:6360
- C:\Windows\System\otffLFn.exe
  C:\Windows\System\otffLFn.exe
  2⤵
  PID:6276
- C:\Windows\System\dyyXWzZ.exe
  C:\Windows\System\dyyXWzZ.exe
  2⤵
  PID:6464
- C:\Windows\System\mjmOnbW.exe
  C:\Windows\System\mjmOnbW.exe
  2⤵
  PID:7152
- C:\Windows\System\xuKjLsn.exe
  C:\Windows\System\xuKjLsn.exe
  2⤵
  PID:6816
- C:\Windows\System\bQfAiaU.exe
  C:\Windows\System\bQfAiaU.exe
  2⤵
  PID:6860
- C:\Windows\System\ekZOuxP.exe
  C:\Windows\System\ekZOuxP.exe
  2⤵
  PID:6924
- C:\Windows\System\DJaicYt.exe
  C:\Windows\System\DJaicYt.exe
  2⤵
  PID:6992
- C:\Windows\System\qraHhUW.exe
  C:\Windows\System\qraHhUW.exe
  2⤵
  PID:7088
- C:\Windows\System\qNujRlb.exe
  C:\Windows\System\qNujRlb.exe
  2⤵
  PID:7164
- C:\Windows\System\qHYZjeW.exe
  C:\Windows\System\qHYZjeW.exe
  2⤵
  PID:1496
- C:\Windows\System\wmWIXsj.exe
  C:\Windows\System\wmWIXsj.exe
  2⤵
  PID:5892
- C:\Windows\System\ILBNCrn.exe
  C:\Windows\System\ILBNCrn.exe
  2⤵
  PID:6152
- C:\Windows\System\EYhOdLv.exe
  C:\Windows\System\EYhOdLv.exe
  2⤵
  PID:6412
- C:\Windows\System\NnBXMLu.exe
  C:\Windows\System\NnBXMLu.exe
  2⤵
  PID:6444
- C:\Windows\System\eQrXNHx.exe
  C:\Windows\System\eQrXNHx.exe
  2⤵
  PID:6512
- C:\Windows\System\IdRMljr.exe
  C:\Windows\System\IdRMljr.exe
  2⤵
  PID:6584
- C:\Windows\System\ljOrXGx.exe
  C:\Windows\System\ljOrXGx.exe
  2⤵
  PID:6940
- C:\Windows\System\xVIiayG.exe
  C:\Windows\System\xVIiayG.exe
  2⤵
  PID:7108
- C:\Windows\System\IlVKjTo.exe
  C:\Windows\System\IlVKjTo.exe
  2⤵
  PID:6376
- C:\Windows\System\WOgajCC.exe
  C:\Windows\System\WOgajCC.exe
  2⤵
  PID:6524
- C:\Windows\System\tZJLWIM.exe
  C:\Windows\System\tZJLWIM.exe
  2⤵
  PID:6568
- C:\Windows\System\xtuoKtn.exe
  C:\Windows\System\xtuoKtn.exe
  2⤵
  PID:6844
- C:\Windows\System\ojXFZmT.exe
  C:\Windows\System\ojXFZmT.exe
  2⤵
  PID:7008
- C:\Windows\System\JPVymSF.exe
  C:\Windows\System\JPVymSF.exe
  2⤵
  PID:7144
- C:\Windows\System\DvRjhke.exe
  C:\Windows\System\DvRjhke.exe
  2⤵
  PID:6612
- C:\Windows\System\VyWiYTF.exe
  C:\Windows\System\VyWiYTF.exe
  2⤵
  PID:6648
- C:\Windows\System\jFmVqcE.exe
  C:\Windows\System\jFmVqcE.exe
  2⤵
  PID:6716
- C:\Windows\System\eqFZmUw.exe
  C:\Windows\System\eqFZmUw.exe
  2⤵
  PID:6784
- C:\Windows\System\JnzzsAA.exe
  C:\Windows\System\JnzzsAA.exe
  2⤵
  PID:5012
- C:\Windows\System\ktDcEyz.exe
  C:\Windows\System\ktDcEyz.exe
  2⤵
  PID:4776
- C:\Windows\System\hlufnYp.exe
  C:\Windows\System\hlufnYp.exe
  2⤵
  PID:6972
- C:\Windows\System\YDpvtkC.exe
  C:\Windows\System\YDpvtkC.exe
  2⤵
  PID:6700
- C:\Windows\System\xSQZFxj.exe
  C:\Windows\System\xSQZFxj.exe
  2⤵
  PID:6820
- C:\Windows\System\gHWBYBm.exe
  C:\Windows\System\gHWBYBm.exe
  2⤵
  PID:6340
- C:\Windows\System\TmRhODt.exe
  C:\Windows\System\TmRhODt.exe
  2⤵
  PID:7172
- C:\Windows\System\uzbiAka.exe
  C:\Windows\System\uzbiAka.exe
  2⤵
  PID:7188
- C:\Windows\System\GLXiVwL.exe
  C:\Windows\System\GLXiVwL.exe
  2⤵
  PID:7208
- C:\Windows\System\amZENLX.exe
  C:\Windows\System\amZENLX.exe
  2⤵
  PID:7228
- C:\Windows\System\PBRjfvq.exe
  C:\Windows\System\PBRjfvq.exe
  2⤵
  PID:7244
- C:\Windows\System\DdcKrQX.exe
  C:\Windows\System\DdcKrQX.exe
  2⤵
  PID:7260
- C:\Windows\System\VrbiNgl.exe
  C:\Windows\System\VrbiNgl.exe
  2⤵
  PID:7276
- C:\Windows\System\CBgKTqN.exe
  C:\Windows\System\CBgKTqN.exe
  2⤵
  PID:7300
- C:\Windows\System\XDxzrKK.exe
  C:\Windows\System\XDxzrKK.exe
  2⤵
  PID:7324
- C:\Windows\System\mNLDKTe.exe
  C:\Windows\System\mNLDKTe.exe
  2⤵
  PID:7344
- C:\Windows\System\dUILqkN.exe
  C:\Windows\System\dUILqkN.exe
  2⤵
  PID:7364
- C:\Windows\System\qBCUXkv.exe
  C:\Windows\System\qBCUXkv.exe
  2⤵
  PID:7380
- C:\Windows\System\pRZeFDA.exe
  C:\Windows\System\pRZeFDA.exe
  2⤵
  PID:7404
- C:\Windows\System\gVQpFCp.exe
  C:\Windows\System\gVQpFCp.exe
  2⤵
  PID:7420
- C:\Windows\System\laUQisu.exe
  C:\Windows\System\laUQisu.exe
  2⤵
  PID:7436
- C:\Windows\System\maUTlOi.exe
  C:\Windows\System\maUTlOi.exe
  2⤵
  PID:7460
- C:\Windows\System\ROHVhLG.exe
  C:\Windows\System\ROHVhLG.exe
  2⤵
  PID:7480
- C:\Windows\System\wwmcLjn.exe
  C:\Windows\System\wwmcLjn.exe
  2⤵
  PID:7500
- C:\Windows\System\ZgMyBnr.exe
  C:\Windows\System\ZgMyBnr.exe
  2⤵
  PID:7516
- C:\Windows\System\keDxGbk.exe
  C:\Windows\System\keDxGbk.exe
  2⤵
  PID:7536
- C:\Windows\System\JmMSleD.exe
  C:\Windows\System\JmMSleD.exe
  2⤵
  PID:7556
- C:\Windows\System\wQjAUBz.exe
  C:\Windows\System\wQjAUBz.exe
  2⤵
  PID:7572
- C:\Windows\System\qqrUcEp.exe
  C:\Windows\System\qqrUcEp.exe
  2⤵
  PID:7592
- C:\Windows\System\KaFUomr.exe
  C:\Windows\System\KaFUomr.exe
  2⤵
  PID:7608
- C:\Windows\System\SCAwYfq.exe
  C:\Windows\System\SCAwYfq.exe
  2⤵
  PID:7632
- C:\Windows\System\wevjobY.exe
  C:\Windows\System\wevjobY.exe
  2⤵
  PID:7648
- C:\Windows\System\fiQGjaJ.exe
  C:\Windows\System\fiQGjaJ.exe
  2⤵
  PID:7668
- C:\Windows\System\khVLYqO.exe
  C:\Windows\System\khVLYqO.exe
  2⤵
  PID:7688
- C:\Windows\System\DIviJIr.exe
  C:\Windows\System\DIviJIr.exe
  2⤵
  PID:7704
- C:\Windows\System\uMslNWJ.exe
  C:\Windows\System\uMslNWJ.exe
  2⤵
  PID:7728
- C:\Windows\System\STDvqHO.exe
  C:\Windows\System\STDvqHO.exe
  2⤵
  PID:7744
- C:\Windows\System\KofnDZQ.exe
  C:\Windows\System\KofnDZQ.exe
  2⤵
  PID:7764
- C:\Windows\System\UyBJarW.exe
  C:\Windows\System\UyBJarW.exe
  2⤵
  PID:7780
- C:\Windows\System\dfntFIK.exe
  C:\Windows\System\dfntFIK.exe
  2⤵
  PID:7796
- C:\Windows\System\wLUyZdY.exe
  C:\Windows\System\wLUyZdY.exe
  2⤵
  PID:7820
- C:\Windows\System\KRJywgQ.exe
  C:\Windows\System\KRJywgQ.exe
  2⤵
  PID:7840
- C:\Windows\System\wjHhNfk.exe
  C:\Windows\System\wjHhNfk.exe
  2⤵
  PID:7856
- C:\Windows\System\pWcffRz.exe
  C:\Windows\System\pWcffRz.exe
  2⤵
  PID:7880
- C:\Windows\System\VqmWYRy.exe
  C:\Windows\System\VqmWYRy.exe
  2⤵
  PID:7896
- C:\Windows\System\UydzWbt.exe
  C:\Windows\System\UydzWbt.exe
  2⤵
  PID:7912
- C:\Windows\System\RxcGClK.exe
  C:\Windows\System\RxcGClK.exe
  2⤵
  PID:7928
- C:\Windows\System\JXOxYuo.exe
  C:\Windows\System\JXOxYuo.exe
  2⤵
  PID:7944
- C:\Windows\System\XNMQoFy.exe
  C:\Windows\System\XNMQoFy.exe
  2⤵
  PID:7960
- C:\Windows\System\wupYAGH.exe
  C:\Windows\System\wupYAGH.exe
  2⤵
  PID:7980
- C:\Windows\System\qJpxUqW.exe
  C:\Windows\System\qJpxUqW.exe
  2⤵
  PID:8000
- C:\Windows\System\hcNNGQr.exe
  C:\Windows\System\hcNNGQr.exe
  2⤵
  PID:8020
- C:\Windows\System\sKhvIHT.exe
  C:\Windows\System\sKhvIHT.exe
  2⤵
  PID:8040
- C:\Windows\System\JRyOHKK.exe
  C:\Windows\System\JRyOHKK.exe
  2⤵
  PID:8056
- C:\Windows\System\IbouFRA.exe
  C:\Windows\System\IbouFRA.exe
  2⤵
  PID:8076
- C:\Windows\System\KrnbNQw.exe
  C:\Windows\System\KrnbNQw.exe
  2⤵
  PID:8092
- C:\Windows\System\XeDUeAO.exe
  C:\Windows\System\XeDUeAO.exe
  2⤵
  PID:8108
- C:\Windows\System\DtJgemP.exe
  C:\Windows\System\DtJgemP.exe
  2⤵
  PID:8128
- C:\Windows\System\yFCsJjg.exe
  C:\Windows\System\yFCsJjg.exe
  2⤵
  PID:8144
- C:\Windows\System\KpNihsK.exe
  C:\Windows\System\KpNihsK.exe
  2⤵
  PID:8160
- C:\Windows\System\UPtIDIJ.exe
  C:\Windows\System\UPtIDIJ.exe
  2⤵
  PID:8180
- C:\Windows\System\tmSaioU.exe
  C:\Windows\System\tmSaioU.exe
  2⤵
  PID:7180
- C:\Windows\System\dmjKsDD.exe
  C:\Windows\System\dmjKsDD.exe
  2⤵
  PID:7224
- C:\Windows\System\VfJqFGb.exe
  C:\Windows\System\VfJqFGb.exe
  2⤵
  PID:7296
- C:\Windows\System\vKFcZLS.exe
  C:\Windows\System\vKFcZLS.exe
  2⤵
  PID:7372
- C:\Windows\System\waJbYlW.exe
  C:\Windows\System\waJbYlW.exe
  2⤵
  PID:7416
- C:\Windows\System\IeBlCpL.exe
  C:\Windows\System\IeBlCpL.exe
  2⤵
  PID:7492
- C:\Windows\System\XxAtBgC.exe
  C:\Windows\System\XxAtBgC.exe
  2⤵
  PID:7564
- C:\Windows\System\zHfEJDO.exe
  C:\Windows\System\zHfEJDO.exe
  2⤵
  PID:7676
- C:\Windows\System\dgqpSvp.exe
  C:\Windows\System\dgqpSvp.exe
  2⤵
  PID:7724
- C:\Windows\System\gWtfFuY.exe
  C:\Windows\System\gWtfFuY.exe
  2⤵
  PID:7828
- C:\Windows\System\PetaNxE.exe
  C:\Windows\System\PetaNxE.exe
  2⤵
  PID:7872
- C:\Windows\System\aINHdeD.exe
  C:\Windows\System\aINHdeD.exe
  2⤵
  PID:7908
- C:\Windows\System\YDRkFrl.exe
  C:\Windows\System\YDRkFrl.exe
  2⤵
  PID:7972
- C:\Windows\System\zCEhCuF.exe
  C:\Windows\System\zCEhCuF.exe
  2⤵
  PID:8048
- C:\Windows\System\YUFvreZ.exe
  C:\Windows\System\YUFvreZ.exe
  2⤵
  PID:8188
- C:\Windows\System\ieQnvdK.exe
  C:\Windows\System\ieQnvdK.exe
  2⤵
  PID:8016
- C:\Windows\System\eyCOWqy.exe
  C:\Windows\System\eyCOWqy.exe
  2⤵
  PID:8124
- C:\Windows\System\JiXZBHS.exe
  C:\Windows\System\JiXZBHS.exe
  2⤵
  PID:6476
- C:\Windows\System\INjTdnX.exe
  C:\Windows\System\INjTdnX.exe
  2⤵
  PID:7864
- C:\Windows\System\OlPKQrO.exe
  C:\Windows\System\OlPKQrO.exe
  2⤵
  PID:7532
- C:\Windows\System\ozngGKr.exe
  C:\Windows\System\ozngGKr.exe
  2⤵
  PID:7720
- C:\Windows\System\bvbWEUS.exe
  C:\Windows\System\bvbWEUS.exe
  2⤵
  PID:8196
- C:\Windows\System\splNOuo.exe
  C:\Windows\System\splNOuo.exe
  2⤵
  PID:8216
- C:\Windows\System\BDZwEpI.exe
  C:\Windows\System\BDZwEpI.exe
  2⤵
  PID:8236
- C:\Windows\System\zpoiztm.exe
  C:\Windows\System\zpoiztm.exe
  2⤵
  PID:8252
- C:\Windows\System\djLDnot.exe
  C:\Windows\System\djLDnot.exe
  2⤵
  PID:8272
- C:\Windows\System\qTxTBDX.exe
  C:\Windows\System\qTxTBDX.exe
  2⤵
  PID:8304
- C:\Windows\System\jDolNSd.exe
  C:\Windows\System\jDolNSd.exe
  2⤵
  PID:8320
- C:\Windows\System\badJEdh.exe
  C:\Windows\System\badJEdh.exe
  2⤵
  PID:8352
- C:\Windows\System\zXpNRDk.exe
  C:\Windows\System\zXpNRDk.exe
  2⤵
  PID:8388
- C:\Windows\System\euHAecx.exe
  C:\Windows\System\euHAecx.exe
  2⤵
  PID:8404
- C:\Windows\System\GWHbBdO.exe
  C:\Windows\System\GWHbBdO.exe
  2⤵
  PID:8424
- C:\Windows\System\FjqmuRs.exe
  C:\Windows\System\FjqmuRs.exe
  2⤵
  PID:8440
- C:\Windows\System\BIICAnS.exe
  C:\Windows\System\BIICAnS.exe
  2⤵
  PID:8464
- C:\Windows\System\POGXRCD.exe
  C:\Windows\System\POGXRCD.exe
  2⤵
  PID:8484
- C:\Windows\System\BKmXTDE.exe
  C:\Windows\System\BKmXTDE.exe
  2⤵
  PID:8500
- C:\Windows\System\HVVlBRM.exe
  C:\Windows\System\HVVlBRM.exe
  2⤵
  PID:8516
- C:\Windows\System\JurOjUD.exe
  C:\Windows\System\JurOjUD.exe
  2⤵
  PID:8540
- C:\Windows\System\NcRSlFI.exe
  C:\Windows\System\NcRSlFI.exe
  2⤵
  PID:8556
- C:\Windows\System\gPBxguk.exe
  C:\Windows\System\gPBxguk.exe
  2⤵
  PID:8576
- C:\Windows\System\AkaXGvn.exe
  C:\Windows\System\AkaXGvn.exe
  2⤵
  PID:8592
- C:\Windows\System\IYzSJwv.exe
  C:\Windows\System\IYzSJwv.exe
  2⤵
  PID:8612
- C:\Windows\System\VLupZUO.exe
  C:\Windows\System\VLupZUO.exe
  2⤵
  PID:8628
- C:\Windows\System\IeIBMWy.exe
  C:\Windows\System\IeIBMWy.exe
  2⤵
  PID:8648
- C:\Windows\System\wuZjuZD.exe
  C:\Windows\System\wuZjuZD.exe
  2⤵
  PID:8668
- C:\Windows\System\FLZrWtS.exe
  C:\Windows\System\FLZrWtS.exe
  2⤵
  PID:8688
- C:\Windows\System\XBNJdba.exe
  C:\Windows\System\XBNJdba.exe
  2⤵
  PID:8704
- C:\Windows\System\FOkdhER.exe
  C:\Windows\System\FOkdhER.exe
  2⤵
  PID:8720
- C:\Windows\System\LgLoBJg.exe
  C:\Windows\System\LgLoBJg.exe
  2⤵
  PID:8740
- C:\Windows\System\cTZVrEL.exe
  C:\Windows\System\cTZVrEL.exe
  2⤵
  PID:8760
- C:\Windows\System\jixNMNo.exe
  C:\Windows\System\jixNMNo.exe
  2⤵
  PID:8776
- C:\Windows\System\RyLHgVL.exe
  C:\Windows\System\RyLHgVL.exe
  2⤵
  PID:8796
- C:\Windows\System\mqIXfXy.exe
  C:\Windows\System\mqIXfXy.exe
  2⤵
  PID:8816
- C:\Windows\System\udYXRNO.exe
  C:\Windows\System\udYXRNO.exe
  2⤵
  PID:8832
- C:\Windows\System\cqQEsLg.exe
  C:\Windows\System\cqQEsLg.exe
  2⤵
  PID:8852
- C:\Windows\System\UWVKLYx.exe
  C:\Windows\System\UWVKLYx.exe
  2⤵
  PID:8872
- C:\Windows\System\GvxEqhG.exe
  C:\Windows\System\GvxEqhG.exe
  2⤵
  PID:8888
- C:\Windows\System\PRabstW.exe
  C:\Windows\System\PRabstW.exe
  2⤵
  PID:8904
- C:\Windows\System\WzLLWtN.exe
  C:\Windows\System\WzLLWtN.exe
  2⤵
  PID:8924
- C:\Windows\System\QzZmfOP.exe
  C:\Windows\System\QzZmfOP.exe
  2⤵
  PID:8940
- C:\Windows\System\rtYFjNq.exe
  C:\Windows\System\rtYFjNq.exe
  2⤵
  PID:8984
- C:\Windows\System\lRCiDxC.exe
  C:\Windows\System\lRCiDxC.exe
  2⤵
  PID:9000
- C:\Windows\System\JUVHmUA.exe
  C:\Windows\System\JUVHmUA.exe
  2⤵
  PID:9016
- C:\Windows\System\uIadHfQ.exe
  C:\Windows\System\uIadHfQ.exe
  2⤵
  PID:9040
- C:\Windows\System\ddoOvhj.exe
  C:\Windows\System\ddoOvhj.exe
  2⤵
  PID:9060
- C:\Windows\System\ekvUObv.exe
  C:\Windows\System\ekvUObv.exe
  2⤵
  PID:9080
- C:\Windows\System\Uuqyvle.exe
  C:\Windows\System\Uuqyvle.exe
  2⤵
  PID:9100
- C:\Windows\System\PWjzTtL.exe
  C:\Windows\System\PWjzTtL.exe
  2⤵
  PID:9116
- C:\Windows\System\CwCINLs.exe
  C:\Windows\System\CwCINLs.exe
  2⤵
  PID:9140
- C:\Windows\System\JFWCQft.exe
  C:\Windows\System\JFWCQft.exe
  2⤵
  PID:9168
- C:\Windows\System\dYjoehU.exe
  C:\Windows\System\dYjoehU.exe
  2⤵
  PID:9200
- C:\Windows\System\uOsGomI.exe
  C:\Windows\System\uOsGomI.exe
  2⤵
  PID:7528
- C:\Windows\System\TTgdDiA.exe
  C:\Windows\System\TTgdDiA.exe
  2⤵
  PID:8120
- C:\Windows\System\EHNuJyI.exe
  C:\Windows\System\EHNuJyI.exe
  2⤵
  PID:8288
- C:\Windows\System\WbwARbp.exe
  C:\Windows\System\WbwARbp.exe
  2⤵
  PID:8328
- C:\Windows\System\WJbFAGH.exe
  C:\Windows\System\WJbFAGH.exe
  2⤵
  PID:8396
- C:\Windows\System\rktaiVt.exe
  C:\Windows\System\rktaiVt.exe
  2⤵
  PID:8548
- C:\Windows\System\FpFOIUr.exe
  C:\Windows\System\FpFOIUr.exe
  2⤵
  PID:8620
- C:\Windows\System\Pbaxnld.exe
  C:\Windows\System\Pbaxnld.exe
  2⤵
  PID:8696
- C:\Windows\System\pXmkIny.exe
  C:\Windows\System\pXmkIny.exe
  2⤵
  PID:8736
- C:\Windows\System\KwBdXNf.exe
  C:\Windows\System\KwBdXNf.exe
  2⤵
  PID:8804
- C:\Windows\System\VhoNoTQ.exe
  C:\Windows\System\VhoNoTQ.exe
  2⤵
  PID:6748
- C:\Windows\System\CKtOzqD.exe
  C:\Windows\System\CKtOzqD.exe
  2⤵
  PID:8848
- C:\Windows\System\ZWJOSAT.exe
  C:\Windows\System\ZWJOSAT.exe
  2⤵
  PID:8912
- C:\Windows\System\RMhRqKB.exe
  C:\Windows\System\RMhRqKB.exe
  2⤵
  PID:8960
- C:\Windows\System\RvIQENE.exe
  C:\Windows\System\RvIQENE.exe
  2⤵
  PID:8980
- C:\Windows\System\OGqHgAY.exe
  C:\Windows\System\OGqHgAY.exe
  2⤵
  PID:7132
- C:\Windows\System\NPcDRLh.exe
  C:\Windows\System\NPcDRLh.exe
  2⤵
  PID:6180
- C:\Windows\System\MDywDZW.exe
  C:\Windows\System\MDywDZW.exe
  2⤵
  PID:6768
- C:\Windows\System\jTjDeDy.exe
  C:\Windows\System\jTjDeDy.exe
  2⤵
  PID:9048
- C:\Windows\System\cvqttzG.exe
  C:\Windows\System\cvqttzG.exe
  2⤵
  PID:9180
- C:\Windows\System\facJyTo.exe
  C:\Windows\System\facJyTo.exe
  2⤵
  PID:8204
- C:\Windows\System\AmYqjNE.exe
  C:\Windows\System\AmYqjNE.exe
  2⤵
  PID:8340
- C:\Windows\System\GvEnpxB.exe
  C:\Windows\System\GvEnpxB.exe
  2⤵
  PID:8480
- C:\Windows\System\vdzhYRo.exe
  C:\Windows\System\vdzhYRo.exe
  2⤵
  PID:8508
- C:\Windows\System\mJZBkTz.exe
  C:\Windows\System\mJZBkTz.exe
  2⤵
  PID:7736
- C:\Windows\System\rXQaOgd.exe
  C:\Windows\System\rXQaOgd.exe
  2⤵
  PID:7056
- C:\Windows\System\DaoJtAv.exe
  C:\Windows\System\DaoJtAv.exe
  2⤵
  PID:6960
- C:\Windows\System\foKboke.exe
  C:\Windows\System\foKboke.exe
  2⤵
  PID:7196
- C:\Windows\System\SOHTXSC.exe
  C:\Windows\System\SOHTXSC.exe
  2⤵
  PID:7240
- C:\Windows\System\RgQoyJo.exe
  C:\Windows\System\RgQoyJo.exe
  2⤵
  PID:6460
- C:\Windows\System\riNgNnX.exe
  C:\Windows\System\riNgNnX.exe
  2⤵
  PID:7352
- C:\Windows\System\yVmgfFB.exe
  C:\Windows\System\yVmgfFB.exe
  2⤵
  PID:7396
- C:\Windows\System\bdIrlgy.exe
  C:\Windows\System\bdIrlgy.exe
  2⤵
  PID:7468
- C:\Windows\System\GGnecum.exe
  C:\Windows\System\GGnecum.exe
  2⤵
  PID:8584
- C:\Windows\System\LGNcRTO.exe
  C:\Windows\System\LGNcRTO.exe
  2⤵
  PID:7904
- C:\Windows\System\aJeJYbl.exe
  C:\Windows\System\aJeJYbl.exe
  2⤵
  PID:6196
- C:\Windows\System\HNoCQOu.exe
  C:\Windows\System\HNoCQOu.exe
  2⤵
  PID:7544
- C:\Windows\System\JzsKRgH.exe
  C:\Windows\System\JzsKRgH.exe
  2⤵
  PID:7580
- C:\Windows\System\npEntEU.exe
  C:\Windows\System\npEntEU.exe
  2⤵
  PID:7620
- C:\Windows\System\bIJErUb.exe
  C:\Windows\System\bIJErUb.exe
  2⤵
  PID:7772
- C:\Windows\System\hhDndUH.exe
  C:\Windows\System\hhDndUH.exe
  2⤵
  PID:7812
- C:\Windows\System\urPNmue.exe
  C:\Windows\System\urPNmue.exe
  2⤵
  PID:7888
- C:\Windows\System\hKCtMtx.exe
  C:\Windows\System\hKCtMtx.exe
  2⤵
  PID:7956
- C:\Windows\System\eaKrTpc.exe
  C:\Windows\System\eaKrTpc.exe
  2⤵
  PID:8028
- C:\Windows\System\mPtnksm.exe
  C:\Windows\System\mPtnksm.exe
  2⤵
  PID:8068
- C:\Windows\System\eGTWoGz.exe
  C:\Windows\System\eGTWoGz.exe
  2⤵
  PID:8176
- C:\Windows\System\eKhrNpF.exe
  C:\Windows\System\eKhrNpF.exe
  2⤵
  PID:7340
- C:\Windows\System\CxrwHMk.exe
  C:\Windows\System\CxrwHMk.exe
  2⤵
  PID:7600
- C:\Windows\System\wlixxiu.exe
  C:\Windows\System\wlixxiu.exe
  2⤵
  PID:7756
- C:\Windows\System\bgKefNq.exe
  C:\Windows\System\bgKefNq.exe
  2⤵
  PID:9068
- C:\Windows\System\dEsVzzW.exe
  C:\Windows\System\dEsVzzW.exe
  2⤵
  PID:8920
- C:\Windows\System\DcsTGjm.exe
  C:\Windows\System\DcsTGjm.exe
  2⤵
  PID:7940
- C:\Windows\System\LZqQEdB.exe
  C:\Windows\System\LZqQEdB.exe
  2⤵
  PID:7412
- C:\Windows\System\WlCykNW.exe
  C:\Windows\System\WlCykNW.exe
  2⤵
  PID:8260
- C:\Windows\System\Yowkree.exe
  C:\Windows\System\Yowkree.exe
  2⤵
  PID:8360
- C:\Windows\System\TWowWas.exe
  C:\Windows\System\TWowWas.exe
  2⤵
  PID:8376
- C:\Windows\System\RUERFru.exe
  C:\Windows\System\RUERFru.exe
  2⤵
  PID:8420
- C:\Windows\System\rCrwnKx.exe
  C:\Windows\System\rCrwnKx.exe
  2⤵
  PID:8460
- C:\Windows\System\lCfsleh.exe
  C:\Windows\System\lCfsleh.exe
  2⤵
  PID:8528
- C:\Windows\System\MnNlQnB.exe
  C:\Windows\System\MnNlQnB.exe
  2⤵
  PID:8572
- C:\Windows\System\xioPyxh.exe
  C:\Windows\System\xioPyxh.exe
  2⤵
  PID:8636
- C:\Windows\System\jqnJLjn.exe
  C:\Windows\System\jqnJLjn.exe
  2⤵
  PID:8716
- C:\Windows\System\ZmsKZEW.exe
  C:\Windows\System\ZmsKZEW.exe
  2⤵
  PID:8792
- C:\Windows\System\GqKFnBz.exe
  C:\Windows\System\GqKFnBz.exe
  2⤵
  PID:8868
- C:\Windows\System\djGEuYO.exe
  C:\Windows\System\djGEuYO.exe
  2⤵
  PID:8996
- C:\Windows\System\JMPvOce.exe
  C:\Windows\System\JMPvOce.exe
  2⤵
  PID:9076
- C:\Windows\System\ebdHJpu.exe
  C:\Windows\System\ebdHJpu.exe
  2⤵
  PID:9160
- C:\Windows\System\dGldbBi.exe
  C:\Windows\System\dGldbBi.exe
  2⤵
  PID:7684
- C:\Windows\System\ACVUdMG.exe
  C:\Windows\System\ACVUdMG.exe
  2⤵
  PID:8588
- C:\Windows\System\CxYRvya.exe
  C:\Windows\System\CxYRvya.exe
  2⤵
  PID:8916
- C:\Windows\System\PSHfMTt.exe
  C:\Windows\System\PSHfMTt.exe
  2⤵
  PID:8072
- C:\Windows\System\ovqwknz.exe
  C:\Windows\System\ovqwknz.exe
  2⤵
  PID:8312
- C:\Windows\System\PaWvTBP.exe
  C:\Windows\System\PaWvTBP.exe
  2⤵
  PID:8948
- C:\Windows\System\oZuDgkn.exe
  C:\Windows\System\oZuDgkn.exe
  2⤵
  PID:7060
- C:\Windows\System\MAVaXdD.exe
  C:\Windows\System\MAVaXdD.exe
  2⤵
  PID:6644
- C:\Windows\System\ZKAcLOK.exe
  C:\Windows\System\ZKAcLOK.exe
  2⤵
  PID:7700
- C:\Windows\System\wvjLskr.exe
  C:\Windows\System\wvjLskr.exe
  2⤵
  PID:6680
- C:\Windows\System\saRDXYU.exe
  C:\Windows\System\saRDXYU.exe
  2⤵
  PID:7236
- C:\Windows\System\oOVCYTJ.exe
  C:\Windows\System\oOVCYTJ.exe
  2⤵
  PID:7388
- C:\Windows\System\QKbRTxW.exe
  C:\Windows\System\QKbRTxW.exe
  2⤵
  PID:8968
- C:\Windows\System\dEAZIcC.exe
  C:\Windows\System\dEAZIcC.exe
  2⤵
  PID:7696
- C:\Windows\System\FeeZyNF.exe
  C:\Windows\System\FeeZyNF.exe
  2⤵
  PID:7616
- C:\Windows\System\MwTLqYo.exe
  C:\Windows\System\MwTLqYo.exe
  2⤵
  PID:8412
- C:\Windows\System\LWRakzt.exe
  C:\Windows\System\LWRakzt.exe
  2⤵
  PID:8680
- C:\Windows\System\RaEfsiR.exe
  C:\Windows\System\RaEfsiR.exe
  2⤵
  PID:7924
- C:\Windows\System\AGGlmvt.exe
  C:\Windows\System\AGGlmvt.exe
  2⤵
  PID:8136
- C:\Windows\System\dFFZTeK.exe
  C:\Windows\System\dFFZTeK.exe
  2⤵
  PID:7456
- C:\Windows\System\OLqUPpV.exe
  C:\Windows\System\OLqUPpV.exe
  2⤵
  PID:7288
- C:\Windows\System\LFsPqlT.exe
  C:\Windows\System\LFsPqlT.exe
  2⤵
  PID:8368
- C:\Windows\System\TiVyhsZ.exe
  C:\Windows\System\TiVyhsZ.exe
  2⤵
  PID:8456
- C:\Windows\System\ockxuYO.exe
  C:\Windows\System\ockxuYO.exe
  2⤵
  PID:8828
- C:\Windows\System\bEYqerM.exe
  C:\Windows\System\bEYqerM.exe
  2⤵
  PID:7644
- C:\Windows\System\ybwnseh.exe
  C:\Windows\System\ybwnseh.exe
  2⤵
  PID:7220
- C:\Windows\System\JonYgwC.exe
  C:\Windows\System\JonYgwC.exe
  2⤵
  PID:8788
- C:\Windows\System\jgwWRmC.exe
  C:\Windows\System\jgwWRmC.exe
  2⤵
  PID:9036
- C:\Windows\System\mZLrxED.exe
  C:\Windows\System\mZLrxED.exe
  2⤵
  PID:9208
- C:\Windows\System\XNpkIPA.exe
  C:\Windows\System\XNpkIPA.exe
  2⤵
  PID:7336
- C:\Windows\System\dCBgNxU.exe
  C:\Windows\System\dCBgNxU.exe
  2⤵
  PID:9012
- C:\Windows\System\JNabydr.exe
  C:\Windows\System\JNabydr.exe
  2⤵
  PID:9128
- C:\Windows\System\vOQgCPw.exe
  C:\Windows\System\vOQgCPw.exe
  2⤵
  PID:9176
- C:\Windows\System\YhTrtXv.exe
  C:\Windows\System\YhTrtXv.exe
  2⤵
  PID:6560
- C:\Windows\System\tQfllam.exe
  C:\Windows\System\tQfllam.exe
  2⤵
  PID:9052
- C:\Windows\System\FVFfaGp.exe
  C:\Windows\System\FVFfaGp.exe
  2⤵
  PID:7660
- C:\Windows\System\WHdjuTF.exe
  C:\Windows\System\WHdjuTF.exe
  2⤵
  PID:8784
- C:\Windows\System\jBogfUJ.exe
  C:\Windows\System\jBogfUJ.exe
  2⤵
  PID:6720
- C:\Windows\System\ldJAVAE.exe
  C:\Windows\System\ldJAVAE.exe
  2⤵
  PID:7040
- C:\Windows\System\ZFTSdEt.exe
  C:\Windows\System\ZFTSdEt.exe
  2⤵
  PID:8756
- C:\Windows\System\xBQpMBj.exe
  C:\Windows\System\xBQpMBj.exe
  2⤵
  PID:5400
- C:\Windows\System\WQPJBYe.exe
  C:\Windows\System\WQPJBYe.exe
  2⤵
  PID:7508
- C:\Windows\System\ZOyfFoB.exe
  C:\Windows\System\ZOyfFoB.exe
  2⤵
  PID:8452
- C:\Windows\System\MKkXYAI.exe
  C:\Windows\System\MKkXYAI.exe
  2⤵
  PID:7996
- C:\Windows\System\vnZVyPM.exe
  C:\Windows\System\vnZVyPM.exe
  2⤵
  PID:6184
- C:\Windows\System\xqyCCrj.exe
  C:\Windows\System\xqyCCrj.exe
  2⤵
  PID:7920
- C:\Windows\System\lDBeQUp.exe
  C:\Windows\System\lDBeQUp.exe
  2⤵
  PID:8232
- C:\Windows\System\tfdlTnn.exe
  C:\Windows\System\tfdlTnn.exe
  2⤵
  PID:8564
- C:\Windows\System\xkcGoJr.exe
  C:\Windows\System\xkcGoJr.exe
  2⤵
  PID:8676
- C:\Windows\System\RagkOXN.exe
  C:\Windows\System\RagkOXN.exe
  2⤵
  PID:8268
- C:\Windows\System\fhEpqQb.exe
  C:\Windows\System\fhEpqQb.exe
  2⤵
  PID:7976
- C:\Windows\System\nJwBXIn.exe
  C:\Windows\System\nJwBXIn.exe
  2⤵
  PID:9136
- C:\Windows\System\gsrrMue.exe
  C:\Windows\System\gsrrMue.exe
  2⤵
  PID:8116
- C:\Windows\System\AVdHmTE.exe
  C:\Windows\System\AVdHmTE.exe
  2⤵
  PID:8656
- C:\Windows\System\wFYtlQf.exe
  C:\Windows\System\wFYtlQf.exe
  2⤵
  PID:6528
- C:\Windows\System\rsHFxuZ.exe
  C:\Windows\System\rsHFxuZ.exe
  2⤵
  PID:7204
- C:\Windows\System\AHmoLGT.exe
  C:\Windows\System\AHmoLGT.exe
  2⤵
  PID:6148
- C:\Windows\System\yTtXpfx.exe
  C:\Windows\System\yTtXpfx.exe
  2⤵
  PID:7452
- C:\Windows\System\jMvIBZD.exe
  C:\Windows\System\jMvIBZD.exe
  2⤵
  PID:7792
- C:\Windows\System\LpwFsZL.exe
  C:\Windows\System\LpwFsZL.exe
  2⤵
  PID:5448
- C:\Windows\System\BtBOinc.exe
  C:\Windows\System\BtBOinc.exe
  2⤵
  PID:7852
- C:\Windows\System\xvVEinQ.exe
  C:\Windows\System\xvVEinQ.exe
  2⤵
  PID:7968
- C:\Windows\System\kLEAADI.exe
  C:\Windows\System\kLEAADI.exe
  2⤵
  PID:992
- C:\Windows\System\jMMoWVx.exe
  C:\Windows\System\jMMoWVx.exe
  2⤵
  PID:8524
- C:\Windows\System\dAsCcDH.exe
  C:\Windows\System\dAsCcDH.exe
  2⤵
  PID:8936
- C:\Windows\System\doeAeJm.exe
  C:\Windows\System\doeAeJm.exe
  2⤵
  PID:8344
- C:\Windows\System\DCDipcx.exe
  C:\Windows\System\DCDipcx.exe
  2⤵
  PID:8772
- C:\Windows\System\ihPSPOS.exe
  C:\Windows\System\ihPSPOS.exe
  2⤵
  PID:8476
- C:\Windows\System\JaalqPW.exe
  C:\Windows\System\JaalqPW.exe
  2⤵
  PID:8472
- C:\Windows\System\fIwqpSO.exe
  C:\Windows\System\fIwqpSO.exe
  2⤵
  PID:9096
- C:\Windows\System\KvQQfgz.exe
  C:\Windows\System\KvQQfgz.exe
  2⤵
  PID:8496
- C:\Windows\System\ibtjKls.exe
  C:\Windows\System\ibtjKls.exe
  2⤵
  PID:6684
- C:\Windows\System\xApVeyq.exe
  C:\Windows\System\xApVeyq.exe
  2⤵
  PID:6544
- C:\Windows\System\swRdQVk.exe
  C:\Windows\System\swRdQVk.exe
  2⤵
  PID:9148
- C:\Windows\System\jcyytZR.exe
  C:\Windows\System\jcyytZR.exe
  2⤵
  PID:9088
- C:\Windows\System\EmBAWoi.exe
  C:\Windows\System\EmBAWoi.exe
  2⤵
  PID:9224
- C:\Windows\System\ETPRbjK.exe
  C:\Windows\System\ETPRbjK.exe
  2⤵
  PID:9240
- C:\Windows\System\fwHqySr.exe
  C:\Windows\System\fwHqySr.exe
  2⤵
  PID:9256
- C:\Windows\System\vQPVcgo.exe
  C:\Windows\System\vQPVcgo.exe
  2⤵
  PID:9272
- C:\Windows\System\wZqtGvQ.exe
  C:\Windows\System\wZqtGvQ.exe
  2⤵
  PID:9288
- C:\Windows\System\vvhiafL.exe
  C:\Windows\System\vvhiafL.exe
  2⤵
  PID:9304
- C:\Windows\System\jFnhqnw.exe
  C:\Windows\System\jFnhqnw.exe
  2⤵
  PID:9320
- C:\Windows\System\jegYDrk.exe
  C:\Windows\System\jegYDrk.exe
  2⤵
  PID:9336
- C:\Windows\System\lAzpfwy.exe
  C:\Windows\System\lAzpfwy.exe
  2⤵
  PID:9352
- C:\Windows\System\kuhLDaf.exe
  C:\Windows\System\kuhLDaf.exe
  2⤵
  PID:9396
- C:\Windows\System\FExPyzi.exe
  C:\Windows\System\FExPyzi.exe
  2⤵
  PID:9412
- C:\Windows\System\TWOFTzl.exe
  C:\Windows\System\TWOFTzl.exe
  2⤵
  PID:9428
- C:\Windows\System\PKsWwVe.exe
  C:\Windows\System\PKsWwVe.exe
  2⤵
  PID:9496
- C:\Windows\System\cvbQnVf.exe
  C:\Windows\System\cvbQnVf.exe
  2⤵
  PID:9516
- C:\Windows\System\hThIVFZ.exe
  C:\Windows\System\hThIVFZ.exe
  2⤵
  PID:9532
- C:\Windows\System\IUhZCBC.exe
  C:\Windows\System\IUhZCBC.exe
  2⤵
  PID:9552
- C:\Windows\System\iEFXviN.exe
  C:\Windows\System\iEFXviN.exe
  2⤵
  PID:9568
- C:\Windows\System\kqjXXdj.exe
  C:\Windows\System\kqjXXdj.exe
  2⤵
  PID:9588
- C:\Windows\System\rvfUtNW.exe
  C:\Windows\System\rvfUtNW.exe
  2⤵
  PID:9604
- C:\Windows\System\QEFFIwa.exe
  C:\Windows\System\QEFFIwa.exe
  2⤵
  PID:9620
- C:\Windows\System\NgznjVV.exe
  C:\Windows\System\NgznjVV.exe
  2⤵
  PID:9644
- C:\Windows\System\FwAievO.exe
  C:\Windows\System\FwAievO.exe
  2⤵
  PID:9660
- C:\Windows\System\EQqmyee.exe
  C:\Windows\System\EQqmyee.exe
  2⤵
  PID:9680
- C:\Windows\System\bNmqdVF.exe
  C:\Windows\System\bNmqdVF.exe
  2⤵
  PID:9696
- C:\Windows\System\pvcXrRu.exe
  C:\Windows\System\pvcXrRu.exe
  2⤵
  PID:9716
- C:\Windows\System\cLdwicd.exe
  C:\Windows\System\cLdwicd.exe
  2⤵
  PID:9732
- C:\Windows\System\YLjYBoz.exe
  C:\Windows\System\YLjYBoz.exe
  2⤵
  PID:9752
- C:\Windows\System\BIcLEhu.exe
  C:\Windows\System\BIcLEhu.exe
  2⤵
  PID:9768
- C:\Windows\System\gwjNTRr.exe
  C:\Windows\System\gwjNTRr.exe
  2⤵
  PID:9784
- C:\Windows\System\hCMqhgO.exe
  C:\Windows\System\hCMqhgO.exe
  2⤵
  PID:9800
- C:\Windows\System\cihrDXA.exe
  C:\Windows\System\cihrDXA.exe
  2⤵
  PID:9816
- C:\Windows\System\KiQEijN.exe
  C:\Windows\System\KiQEijN.exe
  2⤵
  PID:9832
- C:\Windows\System\pIYBBoj.exe
  C:\Windows\System\pIYBBoj.exe
  2⤵
  PID:9852
- C:\Windows\System\KajASoj.exe
  C:\Windows\System\KajASoj.exe
  2⤵
  PID:9868
- C:\Windows\System\moDLpRv.exe
  C:\Windows\System\moDLpRv.exe
  2⤵
  PID:9888
- C:\Windows\System\IzBuqEs.exe
  C:\Windows\System\IzBuqEs.exe
  2⤵
  PID:9912
- C:\Windows\System\QiaVrRV.exe
  C:\Windows\System\QiaVrRV.exe
  2⤵
  PID:9932
- C:\Windows\System\XOswVjH.exe
  C:\Windows\System\XOswVjH.exe
  2⤵
  PID:9952
- C:\Windows\System\WYMtoPO.exe
  C:\Windows\System\WYMtoPO.exe
  2⤵
  PID:9972
- C:\Windows\System\LNBxEJO.exe
  C:\Windows\System\LNBxEJO.exe
  2⤵
  PID:9996
- C:\Windows\System\jPFhBOn.exe
  C:\Windows\System\jPFhBOn.exe
  2⤵
  PID:10012
- C:\Windows\System\LDyMKYl.exe
  C:\Windows\System\LDyMKYl.exe
  2⤵
  PID:10032
- C:\Windows\System\cBWFqnS.exe
  C:\Windows\System\cBWFqnS.exe
  2⤵
  PID:10052
- C:\Windows\System\DfTKKqp.exe
  C:\Windows\System\DfTKKqp.exe
  2⤵
  PID:10072
- C:\Windows\System\bmWyJpK.exe
  C:\Windows\System\bmWyJpK.exe
  2⤵
  PID:10088
- C:\Windows\System\JgMNdFh.exe
  C:\Windows\System\JgMNdFh.exe
  2⤵
  PID:10104
- C:\Windows\System\aTdNJnW.exe
  C:\Windows\System\aTdNJnW.exe
  2⤵
  PID:10124
- C:\Windows\System\ZaYwIht.exe
  C:\Windows\System\ZaYwIht.exe
  2⤵
  PID:10144
- C:\Windows\System\xeKMqvk.exe
  C:\Windows\System\xeKMqvk.exe
  2⤵
  PID:10160
- C:\Windows\System\LEHBxfP.exe
  C:\Windows\System\LEHBxfP.exe
  2⤵
  PID:10180
- C:\Windows\System\qQjcpeB.exe
  C:\Windows\System\qQjcpeB.exe
  2⤵
  PID:10200
- C:\Windows\System\oNPVxyO.exe
  C:\Windows\System\oNPVxyO.exe
  2⤵
  PID:10220
- C:\Windows\System\jZPXcIf.exe
  C:\Windows\System\jZPXcIf.exe
  2⤵
  PID:9360
- C:\Windows\System\hfkanxH.exe
  C:\Windows\System\hfkanxH.exe
  2⤵
  PID:6564
- C:\Windows\System\wuDdrUg.exe
  C:\Windows\System\wuDdrUg.exe
  2⤵
  PID:9264
- C:\Windows\System\rMBLAFC.exe
  C:\Windows\System\rMBLAFC.exe
  2⤵
  PID:8104
- C:\Windows\System\ZmxNNcv.exe
  C:\Windows\System\ZmxNNcv.exe
  2⤵
  PID:8712
- C:\Windows\System\QquOotH.exe
  C:\Windows\System\QquOotH.exe
  2⤵
  PID:8660
- C:\Windows\System\TTTPqwm.exe
  C:\Windows\System\TTTPqwm.exe
  2⤵
  PID:6428
- C:\Windows\System\ssopcYe.exe
  C:\Windows\System\ssopcYe.exe
  2⤵
  PID:9280
- C:\Windows\System\imeeLMH.exe
  C:\Windows\System\imeeLMH.exe
  2⤵
  PID:7788
- C:\Windows\System\NUwCQFV.exe
  C:\Windows\System\NUwCQFV.exe
  2⤵
  PID:9404
- C:\Windows\System\UhTkYVv.exe
  C:\Windows\System\UhTkYVv.exe
  2⤵
  PID:9388
- C:\Windows\System\zquSyog.exe
  C:\Windows\System\zquSyog.exe
  2⤵
  PID:9444
- C:\Windows\System\UFqYSef.exe
  C:\Windows\System\UFqYSef.exe
  2⤵
  PID:9456
- C:\Windows\System\WIzCTXT.exe
  C:\Windows\System\WIzCTXT.exe
  2⤵
  PID:9480
- C:\Windows\System\YaumLsj.exe
  C:\Windows\System\YaumLsj.exe
  2⤵
  PID:9512
- C:\Windows\System\GYWhQsr.exe
  C:\Windows\System\GYWhQsr.exe
  2⤵
  PID:9540
- C:\Windows\System\KxZkiZu.exe
  C:\Windows\System\KxZkiZu.exe
  2⤵
  PID:9612
- C:\Windows\System\QCSSyTu.exe
  C:\Windows\System\QCSSyTu.exe
  2⤵
  PID:9688
- C:\Windows\System\jRphdWE.exe
  C:\Windows\System\jRphdWE.exe
  2⤵
  PID:9764
- C:\Windows\System\MGBtjVM.exe
  C:\Windows\System\MGBtjVM.exe
  2⤵
  PID:9864
- C:\Windows\System\KaLAmCe.exe
  C:\Windows\System\KaLAmCe.exe
  2⤵
  PID:9940
- C:\Windows\System\porAwtE.exe
  C:\Windows\System\porAwtE.exe
  2⤵
  PID:9948
- C:\Windows\System\fxYCqRC.exe
  C:\Windows\System\fxYCqRC.exe
  2⤵
  PID:10100
- C:\Windows\System\gcyXjDY.exe
  C:\Windows\System\gcyXjDY.exe
  2⤵
  PID:10168
- C:\Windows\System\VArpPRw.exe
  C:\Windows\System\VArpPRw.exe
  2⤵
  PID:10212
- C:\Windows\System\xvQxaYw.exe
  C:\Windows\System\xvQxaYw.exe
  2⤵
  PID:8864
- C:\Windows\System\uDxHwvn.exe
  C:\Windows\System\uDxHwvn.exe
  2⤵
  PID:9704
- C:\Windows\System\tdnsGgf.exe
  C:\Windows\System\tdnsGgf.exe
  2⤵
  PID:9368
- C:\Windows\System\DTHDVRw.exe
  C:\Windows\System\DTHDVRw.exe
  2⤵
  PID:9376
- C:\Windows\System\mfDQykF.exe
  C:\Windows\System\mfDQykF.exe
  2⤵
  PID:9472
- C:\Windows\System\YcwzpwP.exe
  C:\Windows\System\YcwzpwP.exe
  2⤵
  PID:9860
- C:\Windows\System\wBiFmbE.exe
  C:\Windows\System\wBiFmbE.exe
  2⤵
  PID:9632
- C:\Windows\System\kDIkNfF.exe
  C:\Windows\System\kDIkNfF.exe
  2⤵
  PID:7664
- C:\Windows\System\wItgRwo.exe
  C:\Windows\System\wItgRwo.exe
  2⤵
  PID:9440
- C:\Windows\System\zgESYAX.exe
  C:\Windows\System\zgESYAX.exe
  2⤵
  PID:9796
- C:\Windows\System\oeUYCPP.exe
  C:\Windows\System\oeUYCPP.exe
  2⤵
  PID:9600
- C:\Windows\System\wPBdxIH.exe
  C:\Windows\System\wPBdxIH.exe
  2⤵
  PID:10244
- C:\Windows\System\AbteTDn.exe
  C:\Windows\System\AbteTDn.exe
  2⤵
  PID:10264
- C:\Windows\System\jQrrAYs.exe
  C:\Windows\System\jQrrAYs.exe
  2⤵
  PID:10280
- C:\Windows\System\iShxVfr.exe
  C:\Windows\System\iShxVfr.exe
  2⤵
  PID:10296
- C:\Windows\System\qvDMuRD.exe
  C:\Windows\System\qvDMuRD.exe
  2⤵
  PID:10316
- C:\Windows\System\RFCakIR.exe
  C:\Windows\System\RFCakIR.exe
  2⤵
  PID:10332
- C:\Windows\System\cHarJfg.exe
  C:\Windows\System\cHarJfg.exe
  2⤵
  PID:10352
- C:\Windows\System\WSSbpxa.exe
  C:\Windows\System\WSSbpxa.exe
  2⤵
  PID:10376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BjOiLrp.exe

Filesize
6.0MB

MD5
193e3c56e2817f115f44c20ec9b5285f

SHA1
aae98f9f278da6ca5395f46e98216cd0fbef8d7b

SHA256
0e3f03ad2563fb3f95b22602a8897a314763afcd5bcfc6e031747c88df27a757

SHA512
7414b3873c0ac5e07849ed6e49a207b23be093d10ffc5d79172873db52a1db16ad653bad87528b0f0cd59d76242e7d53d783c5a5a7c3e8e0578377e1dd155eb5

Download Submit
C:\Windows\system\BuynRlT.exe

Filesize
6.0MB

MD5
0c7138933d8644b8472c4a05d6cc63d7

SHA1
3424f5d492d8be3126437bab8b36caf2a0900828

SHA256
188572a2a22420c8f22d08770e55ae4dbb0fcb9adf4c7481f7f7ce0d59ac844f

SHA512
9de62d71101f373769e9573bd858a91405b68d3b9323cde794a9fcc468e279b9e58c18f558253ddcd12590305764a908247b4c9e8410de818f0e318ae361657b

Download Submit
C:\Windows\system\GdbPNgR.exe

Filesize
6.0MB

MD5
242f42aeda621353e24eb4bdb5dabd8e

SHA1
92b3a88bf7a741f9a5d7a77b577180218906f0b0

SHA256
7ff13c87aed1a202a3c09f2fe311f749833e078b4e285d398e9c3c445431addb

SHA512
f75e56289135dd7dd7710de49a7d9ec239552cf128c6c06b61182faf0ab3e6b465276501597d7cd238ebab9707dd0aa012fb132d560d23dfa70e2dff5ccb1d85

Download Submit
C:\Windows\system\HMWSmLD.exe

Filesize
6.0MB

MD5
fc6054f6521b65874c15383b07967036

SHA1
ed3b75533be513901c0c1807fc85d8d5f41915e7

SHA256
0172ec32e4c26d17c69044111b2e4b37f81edc985e87c6da6b14486c082cc961

SHA512
ec111138984f0e8bf28138825a8ba81643c8526fd5fb14c59a276fba9084134c1105fe297706e2bde72c426542cece8fa22f0e5dc098e6666e2a9ef1a6cdd382

Download Submit
C:\Windows\system\HaptPng.exe

Filesize
6.0MB

MD5
4e0e2b6fa28e2b5e75b03dae0f286cda

SHA1
37eff4b21fa75a5bb0a5abf099a7c7efc1aefaa1

SHA256
76c21240a5c39a33ddf5d8b4602d0f208d9d97a405b9bf32656b3971458d5033

SHA512
493ce034b5889109e9ed6ac82d25801e00fd431fb5e96dd7e0c15f138f710f8c8e476e6cd43c03114019f91759c2b2e91b876139c695dcd8889c3f97aecea666

Download Submit
C:\Windows\system\HhzzFfy.exe

Filesize
6.0MB

MD5
f0681f0b0e6159a82a8937e104b988b1

SHA1
00a061fb195ad3f386a72687319b6776b2b4860f

SHA256
f4c07769909a67e3f70b283e54c471d97590582425e38a97f83e0935f3726773

SHA512
7c005e565a870369ef7cb62f348dc62c43189992d7e40fea94447d9c22228781a2e1febdf2854be8394fc546af06eaa2570dabf40a2565299b36ce878d2e2c1a

Download Submit
C:\Windows\system\IpODMRn.exe

Filesize
6.0MB

MD5
f64119643705ca65703da7bbf7ae5890

SHA1
f41a8c1a4dbe1764f8c714429685cd241d884d39

SHA256
30dc6a524116723116a1666c7178b13be06c07a78376312850291b72b54b214f

SHA512
b3dc6f08517635c12d31cc2b37b8cdd9de7da190b67eec7b350001c829b654577339e237794567e77f5524514ea76bf82e08618701bf800a0b30273bff4c30f4

Download Submit
C:\Windows\system\NZQFmhY.exe

Filesize
6.0MB

MD5
c44e25c64bb359c05aabe9772597da48

SHA1
c5cf0cdf2e082ed325e3fc87f7809f8c3f34d952

SHA256
5fbd2b0411f3a293747ad7e57a6a1ea8a2c13b0486e97ae1495189b1935dfc07

SHA512
93f8c128a6400cece5c648db86e2a7fb9a967328ac673904398c962554e4ac40f4cdb0ae03b78a847dd85f95c640ee8d039f57fde8801ce28fa456b775d3a208

Download Submit
C:\Windows\system\WPSfBxB.exe

Filesize
6.0MB

MD5
5b6963f4862c3c969b9304eac3cd9581

SHA1
5b06d98cbf08a0980d9d892bd975443400b73be9

SHA256
4463c71da09fb889bef332b8cb7c0c75f0c3755c62270d60d2b99732a4c5e521

SHA512
8d3a5320b6bc2c37b00cfdba4fc2c4101eac82bba512d1fdb179bbb3260df023cab0fd5abf32175d15054e5fd2716e36a78114883118e5e2a4eff8b184d42afc

Download Submit
C:\Windows\system\YLlSafT.exe

Filesize
6.0MB

MD5
cdebb75917b002d505e5bf14af605b10

SHA1
3269c37de3d11bf333720e7c27c332645da97c78

SHA256
898e73527c8f1e532c7a3640d5c39dc0910394a5571e5739d20b60d5abaf5b93

SHA512
c698e3a332ffb841edfe6222059d0e4fc2485ef25ed4d92acc087a9c4662dfee39375f928b782f126ba24833568dbb16729fb245f7feaa4649c3b310d93582c6

Download Submit
C:\Windows\system\cgWWvXG.exe

Filesize
6.0MB

MD5
a8d755c92f9a256522ca1ffe62bb28fe

SHA1
e8635ef347e22334da30827bd63a159afc5f14dd

SHA256
204247dd637b09a7b1316e68b32fa05e0f60e36cff2fbbab2f6010e1bcceaa98

SHA512
45d4541b236fffe575fce739f489150c7a37599e490746195b35f190ee667f371042f58a2366bfed5199b4679dc0b865dfd8115b136239339a7e97f7775d31bc

Download Submit
C:\Windows\system\ctJgZOc.exe

Filesize
6.0MB

MD5
a0c549a26753fa86118205d9cf1e8b4f

SHA1
04143573568e53bf52586abffc92006e8d461f77

SHA256
9a06eddc69b22c74d8abbb16054466c718608f295f166f768d98971f38cd013d

SHA512
bafda548092fb4717c9adfe448ffb0c7ac1a7a3a544b11de39af223fc90ee19743986fda25413176e874575d55d7dc15d4f73bf817e6aa89ad1b363d61497a8c

Download Submit
C:\Windows\system\fOISAvs.exe

Filesize
6.0MB

MD5
ba7bbeb401871c3ca6e8495433a8fd5f

SHA1
dea0af6a281cac80aa9f9ed663059638f0d0af8b

SHA256
242585e0c974ab98c196236883324c3bf66e60b4e385249256058ff67f90f738

SHA512
94533313acce150ca653da031849c008ba4a4cc03cbaa05a736a72c43ed1ba394605efd44e7016d7587869c5309fa5b022357066e9781fff21d70fc139bf6046

Download Submit
C:\Windows\system\goRHUDD.exe

Filesize
6.0MB

MD5
b14707c88bbeb40ac6567d349f325f68

SHA1
56ce3d1039b2621e36a38f55818e97eb9c1b735e

SHA256
d3369bf3935cab968e2328ce66a9dd72801f8161572792c6e45809fafd272d18

SHA512
b70a0463117c36745efd6324a55cbdf865c40181f395afd5a9b980328a43da9e1869c7615a559d0aa0b54b21ff1b8da80d3fbe4dfbe8c18d09121081e2ace373

Download Submit
C:\Windows\system\iONYVXO.exe

Filesize
6.0MB

MD5
8332db2be2a50dcecee93d78a07f5eb3

SHA1
494d6b617053f70669c31937a9ef4d898d77c76a

SHA256
201a6ee7032ae820241636e6c5feee48fc0adf76f00eb6effb1f369ef94b5811

SHA512
a2cf40b4a4eb8d20b5ef86a170c3f448ea6f435d83a2b2ce71ecf23905090136776e1edfe9555ef613263eac4f3c018a56291b3d65470711f46f14bb1bb23f54

Download Submit
C:\Windows\system\lxtfskH.exe

Filesize
6.0MB

MD5
cad11a91b5b0164984026e922a8caf1a

SHA1
d24fb1ea0c2f7ff3304960c3d83b7f2a85da00f8

SHA256
8cc40a1e118dc47587068267544e7a64d28891e3d7a224ed9a4cf5ecc1c2f898

SHA512
c42f8c270eb68ae90abd4ce1bf20c88ab3fafc64eb2a97e665a36e3edd3b4481d6c0bc5b778a1e659f2323b31ae5f312b77f781d34ac03e18f80351c565261ae

Download Submit
C:\Windows\system\nfOMwtE.exe

Filesize
6.0MB

MD5
33d02ce5726168c8cfd0cc5907e5e946

SHA1
979f2c4fecfc79de247cd240bf4fca5079739e49

SHA256
8a9709c31a36cd5f1790f6d85091ba55e2958d75fbdf0f70fd0d9136890582c9

SHA512
57e94dd118b2ba6a6bd0bcea45cd9b1ef9a3e7c1b8549dc27b3c36b194803ac62f4f4450929ffeb8cfad788494794ccf3c6d58f22d2c90df814a98b75408bc72

Download Submit
C:\Windows\system\oYKxwgS.exe

Filesize
6.0MB

MD5
576ede326b7c8608a5a5fc805cbac9d5

SHA1
1099044be0c1c56fe58e810c740a8c6167067c39

SHA256
75709b36531d10886df124bbb777fc9c5a7dd9516c5df08f621f325f5ad7b2aa

SHA512
83f23474aa39b164029f90bd2789d43b042ccd8967e661fa04154858cdd93ec1c14da102fa520fb034555263d9c184a740c56dbf798ab213db349687c10262bd

Download Submit
C:\Windows\system\puivWiZ.exe

Filesize
6.0MB

MD5
1ebf57ae7de0e7dee9ee7a654ac22056

SHA1
33a5fb4e0e8405311a4f9035a2de21083222d6d5

SHA256
7e9dacc3f149e8b0795d377fc94134684c8559195b62087d397a053c1daa9b79

SHA512
03b6d5804be6ce798e21477f7cf19a245daf98802ada99dc4168aa83b73aaea00686b61c3a0ab725d7ade1e64ba44d0b6117a5b53bc981286083e3de7c98378a

Download Submit
C:\Windows\system\tZMEwoj.exe

Filesize
6.0MB

MD5
d7206597e6a50c5b4c213b44309543ca

SHA1
36b9fb70cfb8f69531d52fe90d25ff4311513023

SHA256
8e8bff6faa9d7f8e359014936c7ff5ee1aa84022909d924643c986ac5cf963c1

SHA512
833b08ba05a879a6e1dc7f44e8fe1c4595ad6ac98e5e0317b24b5b95b725afd64fb46699129096a8ffa23446d703a2aa93975e5623e16a64f91d03bab2b39ba2

Download Submit
C:\Windows\system\ucefEXB.exe

Filesize
6.0MB

MD5
c7e6340a5ee11d21ff40fcb3d4573ce4

SHA1
2094ed62e4d1693f46ced6b741943d5e1ba2c19b

SHA256
9793f65c7089c72175a1e9700388a996e2eb2fd8e3a6704db5689357e5fb28d0

SHA512
c1cb5450042e32bf8bac3f4494d2303dd3e853e516506c6a21a1156fdb39c7435adb79ecf2530dcf715b46f75936e0033d8952d99cbbca3f902decc38927ccab

Download Submit
C:\Windows\system\vsArSUS.exe

Filesize
6.0MB

MD5
42bc45df66657dfc5a26042f7ad2416a

SHA1
017febf6f5b9c82855008341c16c0112c04ee6fd

SHA256
5718844878d7a08b7d495c23b54c89040b8abfb79016eb3e65dcd8c9cdff21a4

SHA512
72df5f0a4251bc1aa1f610733412c507b478c24047f42d6eb355e854ff4cc5bce481e38b55cf1e51c9a1b6e115c8457ee4227b2ee40b1a0a9818faaec922e851

Download Submit
C:\Windows\system\wcfCGTn.exe

Filesize
6.0MB

MD5
48277c16b45851c6d2b019cec550bc47

SHA1
48063ea2e0037adbc8925f921c1b33a61eb93164

SHA256
542560e0f0ed476f3952a53dd21b30dcc326cc30f9d0559f29741872fac292b0

SHA512
a988b9c75e958abb84593bcd0dde46c3de02661d15d2efb1ac466217b63a1bd22d069ad1ed62e2735eaa52a0d92409dcc61c177411ac377f807bb602991737e8

Download Submit
C:\Windows\system\xtRcknO.exe

Filesize
6.0MB

MD5
b98acbc7d74ca81175c727c65efde462

SHA1
3de2b959b43949e39650499c0ef155af6e87a164

SHA256
2830675a0b71ab2192a075f89495bcf79d05541041838acbd7adfa709ccdb253

SHA512
b76e381b0e3af6090e7c2486ccd78f3256086c0ac3e9115336a9288dd7d78e5d6f3ccf581246379bec3cfe68cb2269732985ec23692f4456f4c7d8ce72c5055a

Download Submit
C:\Windows\system\zEpBrTX.exe

Filesize
6.0MB

MD5
b032adac4ba08d72a315fbc0f777f50f

SHA1
82a042ae695f6c9b4abb94e01fe67b83b3213dfd

SHA256
07d75976535eb3feec1bcc91b9e9dfa811355f921c6a92d1181e36c1141a637e

SHA512
c0781d0edc7e11284affc8e94d86e6946b763b636ed9147cd83bb14306abac38ccdee0bf3d2fe75491aaeb93e481985c8ce1c25be72a77f477c48d95092f8509

Download Submit
C:\Windows\system\zOcKEwR.exe

Filesize
6.0MB

MD5
0b4d0a8e3c4ac007904b323a31291099

SHA1
128d169360facce5a0fb0709ea822b8623d636e0

SHA256
db1d4974df05020afd6abd49b1ce24831c25a7040db4f02e5a2e09fb9829efdc

SHA512
cea7c117d9652e8e26b478f89a8492aad4de95087d9af0fdae7a67a14d6e7c3242d78ee04ad2fed9827e9b33cb80ea75edbb2257a0091fa8ca6220f87d6ac06e

Download Submit
\Windows\system\IrWuQyL.exe

Filesize
6.0MB

MD5
eb6878696b572438f321de15f4fb01a5

SHA1
4e13ee6fc36f8edebd35538beee736c6db656fa4

SHA256
c5c0cee33ad93d70be738b1cc1662d3ab9952bd9346b12348d040e39625fe671

SHA512
5cba14aa8392959e1e15c5082870f17b54dd42b544ca688592fdf5ecacd386c379770f14a7f5b51e76ffa06d4588764dac950341df64daaaf5d98314abe6e55e

Download Submit
\Windows\system\MmzJBrF.exe

Filesize
6.0MB

MD5
abd0995973880a0b8707f3a865ee06ff

SHA1
3931240cca9590d4b6a2e747cadf0b50c4b9a4f5

SHA256
96d239cd27b9bbee8c27236b73c8d24000bdd577f7910ee0c84f24d3fa029c09

SHA512
287af9ec36c9abe1969b81b5f7e6169c6ffaac887da7b9c0b386f1780dd0d1cfba9497900480aab15181ae8c01eddd7907941d77e7915fe662d8f43fff90b629

Download Submit
\Windows\system\azkEcEc.exe

Filesize
6.0MB

MD5
1327b3905ae7fc90491e5bbb73c7e4da

SHA1
1017d7b072421ad12778875f51961fddfd1adf23

SHA256
ec70729398c9004f38130ab7940b11e28ed8fe3ca6feb7a27462d752e59d2e06

SHA512
b90ecb74f4fc2148e98a6e4ddbb87ece623f9ffa6691d33e89e14c9446aeba671a43a95a8bb80beabb87fe5e5da445ce83adb0462748d43528336c6159438f15

Download Submit
\Windows\system\jPVAbve.exe

Filesize
6.0MB

MD5
1534b72144ecb5cedff071c924142f81

SHA1
41c1485ab89d6a4cd3758ac908bca74ca43d1151

SHA256
a1f0ef0e1d1fb56ba59ca6af47dbf03d573c8bfa938e5edef24198de0dc137b1

SHA512
79f5ce4dd1d76cb31f6987895741746b9d0106441e770e0a5e316eeafc5f31e64a8437f56ce78b8b01035360400461d987329b1a8f1f4cdb6a9145c83b03d795

Download Submit
\Windows\system\kaRtMIz.exe

Filesize
6.0MB

MD5
90bbac8c16d0d93688cc7b01e0b24b60

SHA1
d11847ee478f39a893b5f68c8184853cd56a9668

SHA256
1c9c2117daa154856984fccb28d669716176244328f9d607e81565161b543301

SHA512
45e27c5e9a21748aa472d2d35b27a61df4fe0427f6472a716b47d57e340ab8796ca53b8a8a6784bf85318bd2391e47cbc0b4fe3b6f49ef93331980701af4a863

Download Submit
\Windows\system\xNlPxQS.exe

Filesize
6.0MB

MD5
7ffea4fffab73ea0d238a214951e8c0b

SHA1
1117ab9887fd261e2e3dd6946fe2596470eb666f

SHA256
8d03408edf463f844638455cc74f942e247408b6b0408dc57269a04e94b2dd2e

SHA512
74fced6d76fd48d5c6bdd8efdd5623f8869f62d1ce06f1fd378d5025eb1d944418ea2b4293748865474ac395657998ecd9dd9df6fc4133ad7572aa4c3adb4376

Download Submit
memory/376-2194-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/376-3974-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/376-435-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/804-3474-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/804-60-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/1008-3853-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/1008-436-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/1592-44-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/1592-3224-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-69-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-71-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-1363-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-1354-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-1353-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-1507-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-1505-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/1656-1497-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-437-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-441-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-442-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-439-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/1656-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1656-56-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-15-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-59-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-61-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/1656-50-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-63-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-2217-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-65-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/1656-2207-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/1656-2368-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-0-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-2200-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-1926-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-72-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/1656-74-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-1777-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/1984-70-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/1984-3473-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/1996-3402-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-64-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-3426-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2236-57-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2340-3485-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2340-67-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2440-3444-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2440-62-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2452-3196-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2452-45-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2528-68-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2528-3488-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2532-438-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2532-3975-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2600-440-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2600-3850-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2960-66-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2960-3403-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download