cobaltstrike | a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-12-2024 23:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
Size

6.0MB
MD5

8b959e0a87b0a4276588d411018c064c
SHA1

eea659a6be1e10f115ae5db5738fe68dcfc6ae02
SHA256

a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847
SHA512

a26c489a035281233cc8392d00bd8b4bd9f17868ef472e55cfaed8a77c09c3a011501c35d4b53ad7c046be0153c9c37db472e83f99703b4be6e02a5a2da47463
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUm:eOl56utgpPF8u/7m

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d24-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d2e-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d36-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d9f-43.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d50-38.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dc8-54.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018690-69.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190cd-84.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924c-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019403-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001942f-192.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019401-185.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d9-175.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-171.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193be-161.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019389-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019277-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019271-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019229-116.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019218-111.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f7-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-98.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190d6-90.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001879b-77.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001752f-62.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d47-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2980-0-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/memory/1716-9-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d24-10.dat	xmrig
behavioral1/memory/2656-15-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d2e-12.dat	xmrig
behavioral1/memory/2828-21-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d36-23.dat	xmrig
behavioral1/memory/2980-40-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/1716-44-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d9f-43.dat	xmrig
behavioral1/memory/2580-42-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d50-38.dat	xmrig
behavioral1/memory/836-50-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/files/0x0008000000016dc8-54.dat	xmrig
behavioral1/files/0x0005000000018690-69.dat	xmrig
behavioral1/memory/1876-81-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/files/0x00060000000190cd-84.dat	xmrig
behavioral1/memory/2140-95-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x000500000001924c-126.dat	xmrig
behavioral1/files/0x0005000000019382-151.dat	xmrig
behavioral1/files/0x00050000000193df-178.dat	xmrig
behavioral1/memory/844-587-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/708-1021-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2980-586-0x0000000002490000-0x00000000027E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019403-188.dat	xmrig
behavioral1/files/0x000500000001942f-192.dat	xmrig
behavioral1/files/0x0005000000019401-185.dat	xmrig
behavioral1/files/0x00050000000193d9-175.dat	xmrig
behavioral1/files/0x00050000000193cc-171.dat	xmrig
behavioral1/files/0x00050000000193be-161.dat	xmrig
behavioral1/files/0x00050000000193c4-165.dat	xmrig
behavioral1/files/0x0005000000019389-155.dat	xmrig
behavioral1/files/0x0005000000019273-141.dat	xmrig
behavioral1/files/0x0005000000019277-146.dat	xmrig
behavioral1/files/0x000500000001926b-132.dat	xmrig
behavioral1/files/0x0005000000019271-137.dat	xmrig
behavioral1/files/0x0005000000019234-121.dat	xmrig
behavioral1/files/0x0005000000019229-116.dat	xmrig
behavioral1/files/0x0005000000019218-111.dat	xmrig
behavioral1/files/0x00050000000191f7-105.dat	xmrig
behavioral1/memory/708-100-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/files/0x00050000000191f3-98.dat	xmrig
behavioral1/memory/2980-94-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2980-93-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/files/0x00060000000190d6-90.dat	xmrig
behavioral1/memory/844-85-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2580-80-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2120-74-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2088-73-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001879b-77.dat	xmrig
behavioral1/memory/2148-66-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2828-59-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2540-58-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2656-56-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/files/0x000700000001752f-62.dat	xmrig
behavioral1/memory/2120-35-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2980-34-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d47-33.dat	xmrig
behavioral1/memory/2992-32-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2656-3576-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2992-3572-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2140-3719-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2540-3718-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1716	PgefdmY.exe
2656	eaDoGJg.exe
2828	ygyxFdO.exe
2992	BsVOLWx.exe
2120	ExtYROu.exe
2580	Agxixru.exe
836	KWrCKlF.exe
2540	akBHNeX.exe
2148	ZufYIKJ.exe
2088	Plnxggq.exe
1876	rUxddxQ.exe
844	wPiOqMt.exe
2140	TqbgaQj.exe
708	HyXGHhM.exe
808	oKpMEBL.exe
1096	moLfJZt.exe
3068	cTdZImn.exe
2092	ufaKSxU.exe
584	lKmKUww.exe
380	JvNhLFE.exe
1764	NruWsby.exe
2904	otjinUA.exe
3012	mMmNyGa.exe
2100	pbTnqcc.exe
2200	VfuOSXB.exe
2388	OneJMqg.exe
1708	mUzWkRJ.exe
2644	qKxIHNG.exe
2240	fOaSAOT.exe
2520	zqtSkHq.exe
840	wBBlYkn.exe
904	DPZUPou.exe
2344	NqLIGjt.exe
2408	MpAArbX.exe
2948	Cyzcqud.exe
1912	DszlfxR.exe
2332	KntQoBg.exe
1728	pEobuKI.exe
1300	rexYXwO.exe
1656	BzgXmdn.exe
1752	cbktJAh.exe
1664	kqYykor.exe
2292	jWHYeYJ.exe
2460	EOgJaRp.exe
1208	kFZuLhK.exe
1688	UEaAFxX.exe
1184	eZXqrni.exe
1800	AKcXqgj.exe
1916	YqYlCbL.exe
2976	YkOtoOO.exe
1516	POrJyMV.exe
2640	QclIJUO.exe
1588	cPHuIUm.exe
2812	IBeFFyM.exe
2668	pVKFidL.exe
2720	DVoWOMd.exe
2084	eWoYhto.exe
2576	XScVjHI.exe
2760	EJcLdFD.exe
1464	HnzwbAp.exe
2768	llFXtmP.exe
2924	EjOdEYq.exe
2972	taLVrpW.exe
2528	lKozinA.exe

Loads dropped DLL 64 IoCs

pid	Process
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2980-0-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/memory/1716-9-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/files/0x0008000000016d24-10.dat	upx
behavioral1/memory/2656-15-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x0008000000016d2e-12.dat	upx
behavioral1/memory/2828-21-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/files/0x0008000000016d36-23.dat	upx
behavioral1/memory/2980-40-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/1716-44-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/files/0x0007000000016d9f-43.dat	upx
behavioral1/memory/2580-42-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/files/0x0007000000016d50-38.dat	upx
behavioral1/memory/836-50-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/files/0x0008000000016dc8-54.dat	upx
behavioral1/files/0x0005000000018690-69.dat	upx
behavioral1/memory/1876-81-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/files/0x00060000000190cd-84.dat	upx
behavioral1/memory/2140-95-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x000500000001924c-126.dat	upx
behavioral1/files/0x0005000000019382-151.dat	upx
behavioral1/files/0x00050000000193df-178.dat	upx
behavioral1/memory/844-587-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/708-1021-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/files/0x0005000000019403-188.dat	upx
behavioral1/files/0x000500000001942f-192.dat	upx
behavioral1/files/0x0005000000019401-185.dat	upx
behavioral1/files/0x00050000000193d9-175.dat	upx
behavioral1/files/0x00050000000193cc-171.dat	upx
behavioral1/files/0x00050000000193be-161.dat	upx
behavioral1/files/0x00050000000193c4-165.dat	upx
behavioral1/files/0x0005000000019389-155.dat	upx
behavioral1/files/0x0005000000019273-141.dat	upx
behavioral1/files/0x0005000000019277-146.dat	upx
behavioral1/files/0x000500000001926b-132.dat	upx
behavioral1/files/0x0005000000019271-137.dat	upx
behavioral1/files/0x0005000000019234-121.dat	upx
behavioral1/files/0x0005000000019229-116.dat	upx
behavioral1/files/0x0005000000019218-111.dat	upx
behavioral1/files/0x00050000000191f7-105.dat	upx
behavioral1/memory/708-100-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/files/0x00050000000191f3-98.dat	upx
behavioral1/files/0x00060000000190d6-90.dat	upx
behavioral1/memory/844-85-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2580-80-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2120-74-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2088-73-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/files/0x000500000001879b-77.dat	upx
behavioral1/memory/2148-66-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2828-59-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2540-58-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2656-56-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x000700000001752f-62.dat	upx
behavioral1/memory/2120-35-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/files/0x0007000000016d47-33.dat	upx
behavioral1/memory/2992-32-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2656-3576-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2992-3572-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2140-3719-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2540-3718-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2088-3814-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/836-3717-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/844-3716-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/708-3715-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\TyIGTSx.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\VjJkVLx.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\ILrAxnK.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\bBikQSu.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\mSRpDvw.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\RMtIlsZ.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\XoahxqJ.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\pVKFidL.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\sCxfhpv.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\IvYBqpj.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\RvggJxO.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\dAYMfUr.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\PXghnRK.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\vAednIa.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\haINxNV.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\NoNGWMG.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\uWIJXCj.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\YQhwSfw.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\AChBVjx.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\bpBEjaw.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\CgQnTiI.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\dzbfuDz.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\PHKMruR.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\NIngFno.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\UhzeKnb.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\DDaGbfg.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\ROQvDNs.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\ahxKKiJ.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\KGQccNO.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\mMmNyGa.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\iinDWgX.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\uiKwBrW.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\VrxZcua.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\vgRiVQe.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\DACLkRj.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\nGukLIr.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\CZkfSxl.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\mZbJDpQ.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\AStKBCo.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\mpdpzSZ.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\rFcyWZP.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\RrYaySU.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\JCHBKOz.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\nDRMBCO.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\OqdFLQb.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\DMXhNbQ.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\vnZoMaI.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\eCjWhRY.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\SkaAHaB.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\XhQcqeT.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\LuFSfTr.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\uMfdZuM.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\OExLgQd.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\tiPEzrT.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\GpHFWlL.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\DnoPkWi.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\ksnhJxA.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\ARTPPtq.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\NcucpwK.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\ByCgULv.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\YkOtoOO.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\SCQYsZd.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\IRZjVTC.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
File created	C:\Windows\System\wPcnLDU.exe	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 1716	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	32
PID 2980 wrote to memory of 1716	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	32
PID 2980 wrote to memory of 1716	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	32
PID 2980 wrote to memory of 2656	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	33
PID 2980 wrote to memory of 2656	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	33
PID 2980 wrote to memory of 2656	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	33
PID 2980 wrote to memory of 2828	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	34
PID 2980 wrote to memory of 2828	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	34
PID 2980 wrote to memory of 2828	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	34
PID 2980 wrote to memory of 2992	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	35
PID 2980 wrote to memory of 2992	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	35
PID 2980 wrote to memory of 2992	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	35
PID 2980 wrote to memory of 2120	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	36
PID 2980 wrote to memory of 2120	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	36
PID 2980 wrote to memory of 2120	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	36
PID 2980 wrote to memory of 2580	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	37
PID 2980 wrote to memory of 2580	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	37
PID 2980 wrote to memory of 2580	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	37
PID 2980 wrote to memory of 836	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	38
PID 2980 wrote to memory of 836	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	38
PID 2980 wrote to memory of 836	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	38
PID 2980 wrote to memory of 2540	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	39
PID 2980 wrote to memory of 2540	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	39
PID 2980 wrote to memory of 2540	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	39
PID 2980 wrote to memory of 2148	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	40
PID 2980 wrote to memory of 2148	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	40
PID 2980 wrote to memory of 2148	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	40
PID 2980 wrote to memory of 2088	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	41
PID 2980 wrote to memory of 2088	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	41
PID 2980 wrote to memory of 2088	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	41
PID 2980 wrote to memory of 1876	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	42
PID 2980 wrote to memory of 1876	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	42
PID 2980 wrote to memory of 1876	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	42
PID 2980 wrote to memory of 844	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	43
PID 2980 wrote to memory of 844	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	43
PID 2980 wrote to memory of 844	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	43
PID 2980 wrote to memory of 2140	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	44
PID 2980 wrote to memory of 2140	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	44
PID 2980 wrote to memory of 2140	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	44
PID 2980 wrote to memory of 708	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	45
PID 2980 wrote to memory of 708	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	45
PID 2980 wrote to memory of 708	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	45
PID 2980 wrote to memory of 808	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	46
PID 2980 wrote to memory of 808	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	46
PID 2980 wrote to memory of 808	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	46
PID 2980 wrote to memory of 1096	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	47
PID 2980 wrote to memory of 1096	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	47
PID 2980 wrote to memory of 1096	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	47
PID 2980 wrote to memory of 3068	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	48
PID 2980 wrote to memory of 3068	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	48
PID 2980 wrote to memory of 3068	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	48
PID 2980 wrote to memory of 2092	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	49
PID 2980 wrote to memory of 2092	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	49
PID 2980 wrote to memory of 2092	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	49
PID 2980 wrote to memory of 584	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	50
PID 2980 wrote to memory of 584	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	50
PID 2980 wrote to memory of 584	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	50
PID 2980 wrote to memory of 380	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	51
PID 2980 wrote to memory of 380	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	51
PID 2980 wrote to memory of 380	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	51
PID 2980 wrote to memory of 1764	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	52
PID 2980 wrote to memory of 1764	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	52
PID 2980 wrote to memory of 1764	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	52
PID 2980 wrote to memory of 2904	2980	JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe	53

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a525be627d96342cdab463916a2ec8267a4e4d03510786bf9e3cc4ed00967847.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Windows\System\PgefdmY.exe
  C:\Windows\System\PgefdmY.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\eaDoGJg.exe
  C:\Windows\System\eaDoGJg.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\ygyxFdO.exe
  C:\Windows\System\ygyxFdO.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\BsVOLWx.exe
  C:\Windows\System\BsVOLWx.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\ExtYROu.exe
  C:\Windows\System\ExtYROu.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\Agxixru.exe
  C:\Windows\System\Agxixru.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\KWrCKlF.exe
  C:\Windows\System\KWrCKlF.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\akBHNeX.exe
  C:\Windows\System\akBHNeX.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\ZufYIKJ.exe
  C:\Windows\System\ZufYIKJ.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\Plnxggq.exe
  C:\Windows\System\Plnxggq.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\rUxddxQ.exe
  C:\Windows\System\rUxddxQ.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\wPiOqMt.exe
  C:\Windows\System\wPiOqMt.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\TqbgaQj.exe
  C:\Windows\System\TqbgaQj.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\HyXGHhM.exe
  C:\Windows\System\HyXGHhM.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\oKpMEBL.exe
  C:\Windows\System\oKpMEBL.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\moLfJZt.exe
  C:\Windows\System\moLfJZt.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\cTdZImn.exe
  C:\Windows\System\cTdZImn.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\ufaKSxU.exe
  C:\Windows\System\ufaKSxU.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\lKmKUww.exe
  C:\Windows\System\lKmKUww.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\JvNhLFE.exe
  C:\Windows\System\JvNhLFE.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\NruWsby.exe
  C:\Windows\System\NruWsby.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\otjinUA.exe
  C:\Windows\System\otjinUA.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\mMmNyGa.exe
  C:\Windows\System\mMmNyGa.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\pbTnqcc.exe
  C:\Windows\System\pbTnqcc.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\VfuOSXB.exe
  C:\Windows\System\VfuOSXB.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\OneJMqg.exe
  C:\Windows\System\OneJMqg.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\mUzWkRJ.exe
  C:\Windows\System\mUzWkRJ.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\qKxIHNG.exe
  C:\Windows\System\qKxIHNG.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\fOaSAOT.exe
  C:\Windows\System\fOaSAOT.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\wBBlYkn.exe
  C:\Windows\System\wBBlYkn.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\zqtSkHq.exe
  C:\Windows\System\zqtSkHq.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\NqLIGjt.exe
  C:\Windows\System\NqLIGjt.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\DPZUPou.exe
  C:\Windows\System\DPZUPou.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\Cyzcqud.exe
  C:\Windows\System\Cyzcqud.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\MpAArbX.exe
  C:\Windows\System\MpAArbX.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\DszlfxR.exe
  C:\Windows\System\DszlfxR.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\KntQoBg.exe
  C:\Windows\System\KntQoBg.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\pEobuKI.exe
  C:\Windows\System\pEobuKI.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\rexYXwO.exe
  C:\Windows\System\rexYXwO.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\kqYykor.exe
  C:\Windows\System\kqYykor.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\BzgXmdn.exe
  C:\Windows\System\BzgXmdn.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\jWHYeYJ.exe
  C:\Windows\System\jWHYeYJ.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\cbktJAh.exe
  C:\Windows\System\cbktJAh.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\EOgJaRp.exe
  C:\Windows\System\EOgJaRp.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\kFZuLhK.exe
  C:\Windows\System\kFZuLhK.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\UEaAFxX.exe
  C:\Windows\System\UEaAFxX.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\eZXqrni.exe
  C:\Windows\System\eZXqrni.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\YqYlCbL.exe
  C:\Windows\System\YqYlCbL.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\AKcXqgj.exe
  C:\Windows\System\AKcXqgj.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\POrJyMV.exe
  C:\Windows\System\POrJyMV.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\YkOtoOO.exe
  C:\Windows\System\YkOtoOO.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\cPHuIUm.exe
  C:\Windows\System\cPHuIUm.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\QclIJUO.exe
  C:\Windows\System\QclIJUO.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\IBeFFyM.exe
  C:\Windows\System\IBeFFyM.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\pVKFidL.exe
  C:\Windows\System\pVKFidL.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\DVoWOMd.exe
  C:\Windows\System\DVoWOMd.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\eWoYhto.exe
  C:\Windows\System\eWoYhto.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\XScVjHI.exe
  C:\Windows\System\XScVjHI.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\EJcLdFD.exe
  C:\Windows\System\EJcLdFD.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\HnzwbAp.exe
  C:\Windows\System\HnzwbAp.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\llFXtmP.exe
  C:\Windows\System\llFXtmP.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\EjOdEYq.exe
  C:\Windows\System\EjOdEYq.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\taLVrpW.exe
  C:\Windows\System\taLVrpW.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\lKozinA.exe
  C:\Windows\System\lKozinA.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\VLgZbed.exe
  C:\Windows\System\VLgZbed.exe
  2⤵
  PID:2352
- C:\Windows\System\tVUTZNI.exe
  C:\Windows\System\tVUTZNI.exe
  2⤵
  PID:280
- C:\Windows\System\vamlQgh.exe
  C:\Windows\System\vamlQgh.exe
  2⤵
  PID:3016
- C:\Windows\System\JlqMksO.exe
  C:\Windows\System\JlqMksO.exe
  2⤵
  PID:1880
- C:\Windows\System\sFMQAiL.exe
  C:\Windows\System\sFMQAiL.exe
  2⤵
  PID:2136
- C:\Windows\System\eRkkgof.exe
  C:\Windows\System\eRkkgof.exe
  2⤵
  PID:2172
- C:\Windows\System\AabwUpr.exe
  C:\Windows\System\AabwUpr.exe
  2⤵
  PID:1696
- C:\Windows\System\Ftiikeu.exe
  C:\Windows\System\Ftiikeu.exe
  2⤵
  PID:1396
- C:\Windows\System\SSfaeOp.exe
  C:\Windows\System\SSfaeOp.exe
  2⤵
  PID:1648
- C:\Windows\System\FsjhbDb.exe
  C:\Windows\System\FsjhbDb.exe
  2⤵
  PID:1772
- C:\Windows\System\JpGqyUL.exe
  C:\Windows\System\JpGqyUL.exe
  2⤵
  PID:2032
- C:\Windows\System\Vkhcqtm.exe
  C:\Windows\System\Vkhcqtm.exe
  2⤵
  PID:2420
- C:\Windows\System\kcqbelm.exe
  C:\Windows\System\kcqbelm.exe
  2⤵
  PID:1760
- C:\Windows\System\Mnmniir.exe
  C:\Windows\System\Mnmniir.exe
  2⤵
  PID:1060
- C:\Windows\System\nsXxZrn.exe
  C:\Windows\System\nsXxZrn.exe
  2⤵
  PID:1652
- C:\Windows\System\gDztrNS.exe
  C:\Windows\System\gDztrNS.exe
  2⤵
  PID:1908
- C:\Windows\System\AExPozF.exe
  C:\Windows\System\AExPozF.exe
  2⤵
  PID:620
- C:\Windows\System\rzQnXoW.exe
  C:\Windows\System\rzQnXoW.exe
  2⤵
  PID:3032
- C:\Windows\System\PDpTQpY.exe
  C:\Windows\System\PDpTQpY.exe
  2⤵
  PID:1996
- C:\Windows\System\NfgWxWk.exe
  C:\Windows\System\NfgWxWk.exe
  2⤵
  PID:1720
- C:\Windows\System\uDWYNMA.exe
  C:\Windows\System\uDWYNMA.exe
  2⤵
  PID:2552
- C:\Windows\System\osjdBHK.exe
  C:\Windows\System\osjdBHK.exe
  2⤵
  PID:2988
- C:\Windows\System\uvXNRwX.exe
  C:\Windows\System\uvXNRwX.exe
  2⤵
  PID:2228
- C:\Windows\System\PKiKsGG.exe
  C:\Windows\System\PKiKsGG.exe
  2⤵
  PID:1684
- C:\Windows\System\yOMVfBs.exe
  C:\Windows\System\yOMVfBs.exe
  2⤵
  PID:2440
- C:\Windows\System\cIdNjNV.exe
  C:\Windows\System\cIdNjNV.exe
  2⤵
  PID:2920
- C:\Windows\System\gHLzdQu.exe
  C:\Windows\System\gHLzdQu.exe
  2⤵
  PID:1864
- C:\Windows\System\ayaIeEy.exe
  C:\Windows\System\ayaIeEy.exe
  2⤵
  PID:1712
- C:\Windows\System\GBSFqOF.exe
  C:\Windows\System\GBSFqOF.exe
  2⤵
  PID:2184
- C:\Windows\System\IxWcFvU.exe
  C:\Windows\System\IxWcFvU.exe
  2⤵
  PID:1280
- C:\Windows\System\MDZTTiz.exe
  C:\Windows\System\MDZTTiz.exe
  2⤵
  PID:1564
- C:\Windows\System\VUVgetP.exe
  C:\Windows\System\VUVgetP.exe
  2⤵
  PID:988
- C:\Windows\System\PkEBgDs.exe
  C:\Windows\System\PkEBgDs.exe
  2⤵
  PID:2660
- C:\Windows\System\wYFflan.exe
  C:\Windows\System\wYFflan.exe
  2⤵
  PID:3092
- C:\Windows\System\cXxwSkA.exe
  C:\Windows\System\cXxwSkA.exe
  2⤵
  PID:3108
- C:\Windows\System\ArELUmj.exe
  C:\Windows\System\ArELUmj.exe
  2⤵
  PID:3132
- C:\Windows\System\LpjixHS.exe
  C:\Windows\System\LpjixHS.exe
  2⤵
  PID:3168
- C:\Windows\System\pHYRUzm.exe
  C:\Windows\System\pHYRUzm.exe
  2⤵
  PID:3184
- C:\Windows\System\sWTPSuU.exe
  C:\Windows\System\sWTPSuU.exe
  2⤵
  PID:3204
- C:\Windows\System\iDPGXgk.exe
  C:\Windows\System\iDPGXgk.exe
  2⤵
  PID:3224
- C:\Windows\System\Gzqecre.exe
  C:\Windows\System\Gzqecre.exe
  2⤵
  PID:3244
- C:\Windows\System\Gnytydj.exe
  C:\Windows\System\Gnytydj.exe
  2⤵
  PID:3272
- C:\Windows\System\DSIrrRU.exe
  C:\Windows\System\DSIrrRU.exe
  2⤵
  PID:3288
- C:\Windows\System\xfpMeEW.exe
  C:\Windows\System\xfpMeEW.exe
  2⤵
  PID:3312
- C:\Windows\System\YTheXfg.exe
  C:\Windows\System\YTheXfg.exe
  2⤵
  PID:3328
- C:\Windows\System\ldUyAXJ.exe
  C:\Windows\System\ldUyAXJ.exe
  2⤵
  PID:3348
- C:\Windows\System\HbWlGVD.exe
  C:\Windows\System\HbWlGVD.exe
  2⤵
  PID:3372
- C:\Windows\System\baoBXyI.exe
  C:\Windows\System\baoBXyI.exe
  2⤵
  PID:3388
- C:\Windows\System\maIwFTK.exe
  C:\Windows\System\maIwFTK.exe
  2⤵
  PID:3404
- C:\Windows\System\jtLCQrR.exe
  C:\Windows\System\jtLCQrR.exe
  2⤵
  PID:3420
- C:\Windows\System\EwXuXYM.exe
  C:\Windows\System\EwXuXYM.exe
  2⤵
  PID:3436
- C:\Windows\System\JPrTFps.exe
  C:\Windows\System\JPrTFps.exe
  2⤵
  PID:3464
- C:\Windows\System\fGssosc.exe
  C:\Windows\System\fGssosc.exe
  2⤵
  PID:3484
- C:\Windows\System\Kyqehor.exe
  C:\Windows\System\Kyqehor.exe
  2⤵
  PID:3516
- C:\Windows\System\xgyqtQw.exe
  C:\Windows\System\xgyqtQw.exe
  2⤵
  PID:3536
- C:\Windows\System\AqoUYbQ.exe
  C:\Windows\System\AqoUYbQ.exe
  2⤵
  PID:3552
- C:\Windows\System\qWgAXkC.exe
  C:\Windows\System\qWgAXkC.exe
  2⤵
  PID:3576
- C:\Windows\System\ewRywUF.exe
  C:\Windows\System\ewRywUF.exe
  2⤵
  PID:3592
- C:\Windows\System\TyIGTSx.exe
  C:\Windows\System\TyIGTSx.exe
  2⤵
  PID:3616
- C:\Windows\System\zfzBLBU.exe
  C:\Windows\System\zfzBLBU.exe
  2⤵
  PID:3632
- C:\Windows\System\KsHWQTb.exe
  C:\Windows\System\KsHWQTb.exe
  2⤵
  PID:3656
- C:\Windows\System\cMmdHgT.exe
  C:\Windows\System\cMmdHgT.exe
  2⤵
  PID:3672
- C:\Windows\System\MJrpZUR.exe
  C:\Windows\System\MJrpZUR.exe
  2⤵
  PID:3692
- C:\Windows\System\KeRCEJm.exe
  C:\Windows\System\KeRCEJm.exe
  2⤵
  PID:3716
- C:\Windows\System\mTvhmUY.exe
  C:\Windows\System\mTvhmUY.exe
  2⤵
  PID:3732
- C:\Windows\System\VPvtvtI.exe
  C:\Windows\System\VPvtvtI.exe
  2⤵
  PID:3756
- C:\Windows\System\WvtdeVp.exe
  C:\Windows\System\WvtdeVp.exe
  2⤵
  PID:3776
- C:\Windows\System\EGrdgwQ.exe
  C:\Windows\System\EGrdgwQ.exe
  2⤵
  PID:3792
- C:\Windows\System\SkaAHaB.exe
  C:\Windows\System\SkaAHaB.exe
  2⤵
  PID:3812
- C:\Windows\System\YnAAhBO.exe
  C:\Windows\System\YnAAhBO.exe
  2⤵
  PID:3836
- C:\Windows\System\JLvRRYc.exe
  C:\Windows\System\JLvRRYc.exe
  2⤵
  PID:3856
- C:\Windows\System\KKmGmeO.exe
  C:\Windows\System\KKmGmeO.exe
  2⤵
  PID:3876
- C:\Windows\System\ITTixso.exe
  C:\Windows\System\ITTixso.exe
  2⤵
  PID:3896
- C:\Windows\System\uOqpNDh.exe
  C:\Windows\System\uOqpNDh.exe
  2⤵
  PID:3912
- C:\Windows\System\FaSOCXG.exe
  C:\Windows\System\FaSOCXG.exe
  2⤵
  PID:3936
- C:\Windows\System\pqFQraC.exe
  C:\Windows\System\pqFQraC.exe
  2⤵
  PID:3956
- C:\Windows\System\SCADOjK.exe
  C:\Windows\System\SCADOjK.exe
  2⤵
  PID:3972
- C:\Windows\System\IZymNad.exe
  C:\Windows\System\IZymNad.exe
  2⤵
  PID:3996
- C:\Windows\System\mgrAfMx.exe
  C:\Windows\System\mgrAfMx.exe
  2⤵
  PID:4016
- C:\Windows\System\VaKktCX.exe
  C:\Windows\System\VaKktCX.exe
  2⤵
  PID:4036
- C:\Windows\System\TjlXOiy.exe
  C:\Windows\System\TjlXOiy.exe
  2⤵
  PID:4052
- C:\Windows\System\mmQVAbw.exe
  C:\Windows\System\mmQVAbw.exe
  2⤵
  PID:4080
- C:\Windows\System\pfMMDTv.exe
  C:\Windows\System\pfMMDTv.exe
  2⤵
  PID:2156
- C:\Windows\System\ABMZNte.exe
  C:\Windows\System\ABMZNte.exe
  2⤵
  PID:1744
- C:\Windows\System\ipIGyfz.exe
  C:\Windows\System\ipIGyfz.exe
  2⤵
  PID:1032
- C:\Windows\System\kMAFsUn.exe
  C:\Windows\System\kMAFsUn.exe
  2⤵
  PID:2484
- C:\Windows\System\qUJLgFG.exe
  C:\Windows\System\qUJLgFG.exe
  2⤵
  PID:2684
- C:\Windows\System\qHjVFqY.exe
  C:\Windows\System\qHjVFqY.exe
  2⤵
  PID:2844
- C:\Windows\System\OyzuOVB.exe
  C:\Windows\System\OyzuOVB.exe
  2⤵
  PID:2964
- C:\Windows\System\QsKZdFa.exe
  C:\Windows\System\QsKZdFa.exe
  2⤵
  PID:2452
- C:\Windows\System\HmykVEh.exe
  C:\Windows\System\HmykVEh.exe
  2⤵
  PID:1000
- C:\Windows\System\RrYaySU.exe
  C:\Windows\System\RrYaySU.exe
  2⤵
  PID:2544
- C:\Windows\System\jcaThLb.exe
  C:\Windows\System\jcaThLb.exe
  2⤵
  PID:1492
- C:\Windows\System\UKlFlpQ.exe
  C:\Windows\System\UKlFlpQ.exe
  2⤵
  PID:3084
- C:\Windows\System\BNleMUs.exe
  C:\Windows\System\BNleMUs.exe
  2⤵
  PID:3104
- C:\Windows\System\jaAFqFq.exe
  C:\Windows\System\jaAFqFq.exe
  2⤵
  PID:812
- C:\Windows\System\SKnkGNI.exe
  C:\Windows\System\SKnkGNI.exe
  2⤵
  PID:2216
- C:\Windows\System\TuBlHTV.exe
  C:\Windows\System\TuBlHTV.exe
  2⤵
  PID:3180
- C:\Windows\System\pnVkcRC.exe
  C:\Windows\System\pnVkcRC.exe
  2⤵
  PID:3144
- C:\Windows\System\xfJySPH.exe
  C:\Windows\System\xfJySPH.exe
  2⤵
  PID:3152
- C:\Windows\System\SlgENOQ.exe
  C:\Windows\System\SlgENOQ.exe
  2⤵
  PID:3256
- C:\Windows\System\ZcUkcni.exe
  C:\Windows\System\ZcUkcni.exe
  2⤵
  PID:3280
- C:\Windows\System\hUBhQyM.exe
  C:\Windows\System\hUBhQyM.exe
  2⤵
  PID:3300
- C:\Windows\System\GTQOxFH.exe
  C:\Windows\System\GTQOxFH.exe
  2⤵
  PID:3340
- C:\Windows\System\vExywrc.exe
  C:\Windows\System\vExywrc.exe
  2⤵
  PID:3364
- C:\Windows\System\UusHnUd.exe
  C:\Windows\System\UusHnUd.exe
  2⤵
  PID:3444
- C:\Windows\System\zRguRnT.exe
  C:\Windows\System\zRguRnT.exe
  2⤵
  PID:3400
- C:\Windows\System\lKbKYSh.exe
  C:\Windows\System\lKbKYSh.exe
  2⤵
  PID:3476
- C:\Windows\System\NQUiSiK.exe
  C:\Windows\System\NQUiSiK.exe
  2⤵
  PID:3508
- C:\Windows\System\WvKHRBG.exe
  C:\Windows\System\WvKHRBG.exe
  2⤵
  PID:3532
- C:\Windows\System\QBZTzej.exe
  C:\Windows\System\QBZTzej.exe
  2⤵
  PID:3568
- C:\Windows\System\BOCSauN.exe
  C:\Windows\System\BOCSauN.exe
  2⤵
  PID:3608
- C:\Windows\System\zrMceuQ.exe
  C:\Windows\System\zrMceuQ.exe
  2⤵
  PID:3664
- C:\Windows\System\gwZbpwu.exe
  C:\Windows\System\gwZbpwu.exe
  2⤵
  PID:3708
- C:\Windows\System\OwHTPne.exe
  C:\Windows\System\OwHTPne.exe
  2⤵
  PID:3688
- C:\Windows\System\GDDlQsw.exe
  C:\Windows\System\GDDlQsw.exe
  2⤵
  PID:3752
- C:\Windows\System\HSikqpY.exe
  C:\Windows\System\HSikqpY.exe
  2⤵
  PID:3772
- C:\Windows\System\gZcCniV.exe
  C:\Windows\System\gZcCniV.exe
  2⤵
  PID:3824
- C:\Windows\System\RJCtCeT.exe
  C:\Windows\System\RJCtCeT.exe
  2⤵
  PID:3800
- C:\Windows\System\enLPJfV.exe
  C:\Windows\System\enLPJfV.exe
  2⤵
  PID:3852
- C:\Windows\System\qmVridL.exe
  C:\Windows\System\qmVridL.exe
  2⤵
  PID:3944
- C:\Windows\System\zuassnH.exe
  C:\Windows\System\zuassnH.exe
  2⤵
  PID:3932
- C:\Windows\System\vyJhlVT.exe
  C:\Windows\System\vyJhlVT.exe
  2⤵
  PID:3984
- C:\Windows\System\aljXYtq.exe
  C:\Windows\System\aljXYtq.exe
  2⤵
  PID:4032
- C:\Windows\System\KGfpOdr.exe
  C:\Windows\System\KGfpOdr.exe
  2⤵
  PID:4060
- C:\Windows\System\HVjTXQq.exe
  C:\Windows\System\HVjTXQq.exe
  2⤵
  PID:4048
- C:\Windows\System\TuDLBxz.exe
  C:\Windows\System\TuDLBxz.exe
  2⤵
  PID:1376
- C:\Windows\System\hODICTt.exe
  C:\Windows\System\hODICTt.exe
  2⤵
  PID:860
- C:\Windows\System\vQXHTCx.exe
  C:\Windows\System\vQXHTCx.exe
  2⤵
  PID:2808
- C:\Windows\System\DExQNvc.exe
  C:\Windows\System\DExQNvc.exe
  2⤵
  PID:1428
- C:\Windows\System\WLDdELJ.exe
  C:\Windows\System\WLDdELJ.exe
  2⤵
  PID:2600
- C:\Windows\System\flcwNcG.exe
  C:\Windows\System\flcwNcG.exe
  2⤵
  PID:2224
- C:\Windows\System\WWyItvv.exe
  C:\Windows\System\WWyItvv.exe
  2⤵
  PID:3100
- C:\Windows\System\eGgrApn.exe
  C:\Windows\System\eGgrApn.exe
  2⤵
  PID:1860
- C:\Windows\System\SRfsrnk.exe
  C:\Windows\System\SRfsrnk.exe
  2⤵
  PID:3176
- C:\Windows\System\ZWMOowq.exe
  C:\Windows\System\ZWMOowq.exe
  2⤵
  PID:3156
- C:\Windows\System\tkEgyad.exe
  C:\Windows\System\tkEgyad.exe
  2⤵
  PID:3268
- C:\Windows\System\QPjkDkk.exe
  C:\Windows\System\QPjkDkk.exe
  2⤵
  PID:3324
- C:\Windows\System\SqlnuMp.exe
  C:\Windows\System\SqlnuMp.exe
  2⤵
  PID:3308
- C:\Windows\System\FtFKFBw.exe
  C:\Windows\System\FtFKFBw.exe
  2⤵
  PID:3360
- C:\Windows\System\iXkftGb.exe
  C:\Windows\System\iXkftGb.exe
  2⤵
  PID:3460
- C:\Windows\System\JgzsDpN.exe
  C:\Windows\System\JgzsDpN.exe
  2⤵
  PID:3512
- C:\Windows\System\tJOYvtT.exe
  C:\Windows\System\tJOYvtT.exe
  2⤵
  PID:932
- C:\Windows\System\rvkSPtN.exe
  C:\Windows\System\rvkSPtN.exe
  2⤵
  PID:3644
- C:\Windows\System\CCdNxch.exe
  C:\Windows\System\CCdNxch.exe
  2⤵
  PID:3648
- C:\Windows\System\OkUytcb.exe
  C:\Windows\System\OkUytcb.exe
  2⤵
  PID:3724
- C:\Windows\System\WihpmzE.exe
  C:\Windows\System\WihpmzE.exe
  2⤵
  PID:3828
- C:\Windows\System\rwhaTAv.exe
  C:\Windows\System\rwhaTAv.exe
  2⤵
  PID:3820
- C:\Windows\System\HDpkOjW.exe
  C:\Windows\System\HDpkOjW.exe
  2⤵
  PID:3924
- C:\Windows\System\DdVollK.exe
  C:\Windows\System\DdVollK.exe
  2⤵
  PID:3888
- C:\Windows\System\CZkfSxl.exe
  C:\Windows\System\CZkfSxl.exe
  2⤵
  PID:4024
- C:\Windows\System\vrwASrP.exe
  C:\Windows\System\vrwASrP.exe
  2⤵
  PID:4044
- C:\Windows\System\Svaunxh.exe
  C:\Windows\System\Svaunxh.exe
  2⤵
  PID:2492
- C:\Windows\System\KfqxzGf.exe
  C:\Windows\System\KfqxzGf.exe
  2⤵
  PID:4092
- C:\Windows\System\ksnhJxA.exe
  C:\Windows\System\ksnhJxA.exe
  2⤵
  PID:2376
- C:\Windows\System\QhHVAEi.exe
  C:\Windows\System\QhHVAEi.exe
  2⤵
  PID:884
- C:\Windows\System\tFbifiy.exe
  C:\Windows\System\tFbifiy.exe
  2⤵
  PID:3160
- C:\Windows\System\XhQcqeT.exe
  C:\Windows\System\XhQcqeT.exe
  2⤵
  PID:3252
- C:\Windows\System\ysGonWW.exe
  C:\Windows\System\ysGonWW.exe
  2⤵
  PID:3380
- C:\Windows\System\zPWdGCl.exe
  C:\Windows\System\zPWdGCl.exe
  2⤵
  PID:3456
- C:\Windows\System\JCHBKOz.exe
  C:\Windows\System\JCHBKOz.exe
  2⤵
  PID:4108
- C:\Windows\System\QjUQVxh.exe
  C:\Windows\System\QjUQVxh.exe
  2⤵
  PID:4128
- C:\Windows\System\grsYKAJ.exe
  C:\Windows\System\grsYKAJ.exe
  2⤵
  PID:4144
- C:\Windows\System\agjwCiy.exe
  C:\Windows\System\agjwCiy.exe
  2⤵
  PID:4168
- C:\Windows\System\uprqWqW.exe
  C:\Windows\System\uprqWqW.exe
  2⤵
  PID:4188
- C:\Windows\System\ERcNdHN.exe
  C:\Windows\System\ERcNdHN.exe
  2⤵
  PID:4208
- C:\Windows\System\uWIJXCj.exe
  C:\Windows\System\uWIJXCj.exe
  2⤵
  PID:4228
- C:\Windows\System\zqACfDZ.exe
  C:\Windows\System\zqACfDZ.exe
  2⤵
  PID:4248
- C:\Windows\System\YrchCOE.exe
  C:\Windows\System\YrchCOE.exe
  2⤵
  PID:4264
- C:\Windows\System\XNgVbrY.exe
  C:\Windows\System\XNgVbrY.exe
  2⤵
  PID:4280
- C:\Windows\System\OaVhHDP.exe
  C:\Windows\System\OaVhHDP.exe
  2⤵
  PID:4308
- C:\Windows\System\xlOxnLn.exe
  C:\Windows\System\xlOxnLn.exe
  2⤵
  PID:4324
- C:\Windows\System\wthKtxh.exe
  C:\Windows\System\wthKtxh.exe
  2⤵
  PID:4344
- C:\Windows\System\KzxFXdK.exe
  C:\Windows\System\KzxFXdK.exe
  2⤵
  PID:4368
- C:\Windows\System\MsyzqOh.exe
  C:\Windows\System\MsyzqOh.exe
  2⤵
  PID:4388
- C:\Windows\System\UhzeKnb.exe
  C:\Windows\System\UhzeKnb.exe
  2⤵
  PID:4412
- C:\Windows\System\QoFNEkp.exe
  C:\Windows\System\QoFNEkp.exe
  2⤵
  PID:4432
- C:\Windows\System\MGlBmdr.exe
  C:\Windows\System\MGlBmdr.exe
  2⤵
  PID:4452
- C:\Windows\System\luecGTN.exe
  C:\Windows\System\luecGTN.exe
  2⤵
  PID:4476
- C:\Windows\System\jEUdAai.exe
  C:\Windows\System\jEUdAai.exe
  2⤵
  PID:4492
- C:\Windows\System\BZiwIfj.exe
  C:\Windows\System\BZiwIfj.exe
  2⤵
  PID:4512
- C:\Windows\System\hVJobKx.exe
  C:\Windows\System\hVJobKx.exe
  2⤵
  PID:4532
- C:\Windows\System\VzzqwIc.exe
  C:\Windows\System\VzzqwIc.exe
  2⤵
  PID:4556
- C:\Windows\System\mzJmZVC.exe
  C:\Windows\System\mzJmZVC.exe
  2⤵
  PID:4572
- C:\Windows\System\lAWbPja.exe
  C:\Windows\System\lAWbPja.exe
  2⤵
  PID:4592
- C:\Windows\System\dfRywTd.exe
  C:\Windows\System\dfRywTd.exe
  2⤵
  PID:4616
- C:\Windows\System\UiCALxK.exe
  C:\Windows\System\UiCALxK.exe
  2⤵
  PID:4632
- C:\Windows\System\dAYMfUr.exe
  C:\Windows\System\dAYMfUr.exe
  2⤵
  PID:4648
- C:\Windows\System\bXSsEME.exe
  C:\Windows\System\bXSsEME.exe
  2⤵
  PID:4668
- C:\Windows\System\qAIndKc.exe
  C:\Windows\System\qAIndKc.exe
  2⤵
  PID:4688
- C:\Windows\System\BDVISin.exe
  C:\Windows\System\BDVISin.exe
  2⤵
  PID:4704
- C:\Windows\System\doxrvah.exe
  C:\Windows\System\doxrvah.exe
  2⤵
  PID:4724
- C:\Windows\System\IGzXGuO.exe
  C:\Windows\System\IGzXGuO.exe
  2⤵
  PID:4752
- C:\Windows\System\XZJyeNe.exe
  C:\Windows\System\XZJyeNe.exe
  2⤵
  PID:4776
- C:\Windows\System\fLjFiDO.exe
  C:\Windows\System\fLjFiDO.exe
  2⤵
  PID:4796
- C:\Windows\System\qhKAkcm.exe
  C:\Windows\System\qhKAkcm.exe
  2⤵
  PID:4816
- C:\Windows\System\jDhMHCm.exe
  C:\Windows\System\jDhMHCm.exe
  2⤵
  PID:4836
- C:\Windows\System\zadfIws.exe
  C:\Windows\System\zadfIws.exe
  2⤵
  PID:4852
- C:\Windows\System\qYkhnoS.exe
  C:\Windows\System\qYkhnoS.exe
  2⤵
  PID:4872
- C:\Windows\System\FMyKRTo.exe
  C:\Windows\System\FMyKRTo.exe
  2⤵
  PID:4896
- C:\Windows\System\VjJkVLx.exe
  C:\Windows\System\VjJkVLx.exe
  2⤵
  PID:4916
- C:\Windows\System\AMXYJmT.exe
  C:\Windows\System\AMXYJmT.exe
  2⤵
  PID:4932
- C:\Windows\System\SVOkJuK.exe
  C:\Windows\System\SVOkJuK.exe
  2⤵
  PID:4952
- C:\Windows\System\FhCLtsC.exe
  C:\Windows\System\FhCLtsC.exe
  2⤵
  PID:4972
- C:\Windows\System\beXLfPg.exe
  C:\Windows\System\beXLfPg.exe
  2⤵
  PID:4992
- C:\Windows\System\AckPynE.exe
  C:\Windows\System\AckPynE.exe
  2⤵
  PID:5012
- C:\Windows\System\HbTzVMG.exe
  C:\Windows\System\HbTzVMG.exe
  2⤵
  PID:5032
- C:\Windows\System\zDAlUxA.exe
  C:\Windows\System\zDAlUxA.exe
  2⤵
  PID:5052
- C:\Windows\System\RqjOaOH.exe
  C:\Windows\System\RqjOaOH.exe
  2⤵
  PID:5072
- C:\Windows\System\UViwiqb.exe
  C:\Windows\System\UViwiqb.exe
  2⤵
  PID:5092
- C:\Windows\System\EIRrZPJ.exe
  C:\Windows\System\EIRrZPJ.exe
  2⤵
  PID:5116
- C:\Windows\System\FEiiKqv.exe
  C:\Windows\System\FEiiKqv.exe
  2⤵
  PID:2708
- C:\Windows\System\VgciqHr.exe
  C:\Windows\System\VgciqHr.exe
  2⤵
  PID:3704
- C:\Windows\System\GsUlQxA.exe
  C:\Windows\System\GsUlQxA.exe
  2⤵
  PID:3336
- C:\Windows\System\xDXWhcd.exe
  C:\Windows\System\xDXWhcd.exe
  2⤵
  PID:3000
- C:\Windows\System\KrSzyRq.exe
  C:\Windows\System\KrSzyRq.exe
  2⤵
  PID:3728
- C:\Windows\System\tpZfgvL.exe
  C:\Windows\System\tpZfgvL.exe
  2⤵
  PID:3908
- C:\Windows\System\lNksphW.exe
  C:\Windows\System\lNksphW.exe
  2⤵
  PID:4064
- C:\Windows\System\fRXCAnv.exe
  C:\Windows\System\fRXCAnv.exe
  2⤵
  PID:1052
- C:\Windows\System\rNiTQYh.exe
  C:\Windows\System\rNiTQYh.exe
  2⤵
  PID:1692
- C:\Windows\System\ZqUdIay.exe
  C:\Windows\System\ZqUdIay.exe
  2⤵
  PID:3080
- C:\Windows\System\RcnVoyR.exe
  C:\Windows\System\RcnVoyR.exe
  2⤵
  PID:2916
- C:\Windows\System\aIUXDGo.exe
  C:\Windows\System\aIUXDGo.exe
  2⤵
  PID:1136
- C:\Windows\System\QsPCpgk.exe
  C:\Windows\System\QsPCpgk.exe
  2⤵
  PID:4116
- C:\Windows\System\EXzsTeR.exe
  C:\Windows\System\EXzsTeR.exe
  2⤵
  PID:3296
- C:\Windows\System\vbGfKwQ.exe
  C:\Windows\System\vbGfKwQ.exe
  2⤵
  PID:4156
- C:\Windows\System\wemIQAU.exe
  C:\Windows\System\wemIQAU.exe
  2⤵
  PID:4176
- C:\Windows\System\bCiYjZH.exe
  C:\Windows\System\bCiYjZH.exe
  2⤵
  PID:4180
- C:\Windows\System\YIucNTS.exe
  C:\Windows\System\YIucNTS.exe
  2⤵
  PID:4220
- C:\Windows\System\LMapUSX.exe
  C:\Windows\System\LMapUSX.exe
  2⤵
  PID:4320
- C:\Windows\System\qWQbftB.exe
  C:\Windows\System\qWQbftB.exe
  2⤵
  PID:4396
- C:\Windows\System\icKSUqN.exe
  C:\Windows\System\icKSUqN.exe
  2⤵
  PID:4296
- C:\Windows\System\suIiVIP.exe
  C:\Windows\System\suIiVIP.exe
  2⤵
  PID:4380
- C:\Windows\System\bXsDKcI.exe
  C:\Windows\System\bXsDKcI.exe
  2⤵
  PID:4440
- C:\Windows\System\mTSkYbA.exe
  C:\Windows\System\mTSkYbA.exe
  2⤵
  PID:4484
- C:\Windows\System\FCpzswc.exe
  C:\Windows\System\FCpzswc.exe
  2⤵
  PID:4528
- C:\Windows\System\YIlOgWt.exe
  C:\Windows\System\YIlOgWt.exe
  2⤵
  PID:4508
- C:\Windows\System\JLJizhU.exe
  C:\Windows\System\JLJizhU.exe
  2⤵
  PID:4540
- C:\Windows\System\gJClzNW.exe
  C:\Windows\System\gJClzNW.exe
  2⤵
  PID:4612
- C:\Windows\System\QvbbJFa.exe
  C:\Windows\System\QvbbJFa.exe
  2⤵
  PID:4676
- C:\Windows\System\MjDtIBQ.exe
  C:\Windows\System\MjDtIBQ.exe
  2⤵
  PID:4684
- C:\Windows\System\FSdDSUR.exe
  C:\Windows\System\FSdDSUR.exe
  2⤵
  PID:4664
- C:\Windows\System\mwPNMgA.exe
  C:\Windows\System\mwPNMgA.exe
  2⤵
  PID:4732
- C:\Windows\System\bHyESMD.exe
  C:\Windows\System\bHyESMD.exe
  2⤵
  PID:4740
- C:\Windows\System\YQhwSfw.exe
  C:\Windows\System\YQhwSfw.exe
  2⤵
  PID:4812
- C:\Windows\System\SCQYsZd.exe
  C:\Windows\System\SCQYsZd.exe
  2⤵
  PID:4792
- C:\Windows\System\gGVycxU.exe
  C:\Windows\System\gGVycxU.exe
  2⤵
  PID:4884
- C:\Windows\System\rSNlyQQ.exe
  C:\Windows\System\rSNlyQQ.exe
  2⤵
  PID:4924
- C:\Windows\System\RbgieHg.exe
  C:\Windows\System\RbgieHg.exe
  2⤵
  PID:4908
- C:\Windows\System\JjHATUH.exe
  C:\Windows\System\JjHATUH.exe
  2⤵
  PID:4940
- C:\Windows\System\YIdfUiy.exe
  C:\Windows\System\YIdfUiy.exe
  2⤵
  PID:4948
- C:\Windows\System\DEtHzyy.exe
  C:\Windows\System\DEtHzyy.exe
  2⤵
  PID:5024
- C:\Windows\System\CLYTJAa.exe
  C:\Windows\System\CLYTJAa.exe
  2⤵
  PID:5080
- C:\Windows\System\hculcYV.exe
  C:\Windows\System\hculcYV.exe
  2⤵
  PID:5068
- C:\Windows\System\TiLqtyO.exe
  C:\Windows\System\TiLqtyO.exe
  2⤵
  PID:3572
- C:\Windows\System\rmdGUzR.exe
  C:\Windows\System\rmdGUzR.exe
  2⤵
  PID:3432
- C:\Windows\System\ttgZeao.exe
  C:\Windows\System\ttgZeao.exe
  2⤵
  PID:3560
- C:\Windows\System\MQYhwVs.exe
  C:\Windows\System\MQYhwVs.exe
  2⤵
  PID:3892
- C:\Windows\System\XKFJHzM.exe
  C:\Windows\System\XKFJHzM.exe
  2⤵
  PID:3868
- C:\Windows\System\gtRTsex.exe
  C:\Windows\System\gtRTsex.exe
  2⤵
  PID:3988
- C:\Windows\System\BPeVlhW.exe
  C:\Windows\System\BPeVlhW.exe
  2⤵
  PID:1416
- C:\Windows\System\QvPihfC.exe
  C:\Windows\System\QvPihfC.exe
  2⤵
  PID:3216
- C:\Windows\System\mIiMEJT.exe
  C:\Windows\System\mIiMEJT.exe
  2⤵
  PID:4152
- C:\Windows\System\bORKXCF.exe
  C:\Windows\System\bORKXCF.exe
  2⤵
  PID:4244
- C:\Windows\System\VggGNLI.exe
  C:\Windows\System\VggGNLI.exe
  2⤵
  PID:4240
- C:\Windows\System\hgaAjhL.exe
  C:\Windows\System\hgaAjhL.exe
  2⤵
  PID:4204
- C:\Windows\System\SEGJsen.exe
  C:\Windows\System\SEGJsen.exe
  2⤵
  PID:4364
- C:\Windows\System\MnwhPuV.exe
  C:\Windows\System\MnwhPuV.exe
  2⤵
  PID:4340
- C:\Windows\System\CZJjOoW.exe
  C:\Windows\System\CZJjOoW.exe
  2⤵
  PID:4408
- C:\Windows\System\oZiRfEd.exe
  C:\Windows\System\oZiRfEd.exe
  2⤵
  PID:4468
- C:\Windows\System\VGAccfp.exe
  C:\Windows\System\VGAccfp.exe
  2⤵
  PID:4644
- C:\Windows\System\EzfQxFr.exe
  C:\Windows\System\EzfQxFr.exe
  2⤵
  PID:4464
- C:\Windows\System\DQppJyU.exe
  C:\Windows\System\DQppJyU.exe
  2⤵
  PID:2588
- C:\Windows\System\EhaSuVb.exe
  C:\Windows\System\EhaSuVb.exe
  2⤵
  PID:4660
- C:\Windows\System\gunMLdb.exe
  C:\Windows\System\gunMLdb.exe
  2⤵
  PID:4736
- C:\Windows\System\IxgXvrK.exe
  C:\Windows\System\IxgXvrK.exe
  2⤵
  PID:4804
- C:\Windows\System\tYuZhpP.exe
  C:\Windows\System\tYuZhpP.exe
  2⤵
  PID:4832
- C:\Windows\System\NjaIwUk.exe
  C:\Windows\System\NjaIwUk.exe
  2⤵
  PID:4888
- C:\Windows\System\gXDmyGt.exe
  C:\Windows\System\gXDmyGt.exe
  2⤵
  PID:4984
- C:\Windows\System\yGUiTki.exe
  C:\Windows\System\yGUiTki.exe
  2⤵
  PID:4904
- C:\Windows\System\gtynoJg.exe
  C:\Windows\System\gtynoJg.exe
  2⤵
  PID:5088
- C:\Windows\System\tDuFmAJ.exe
  C:\Windows\System\tDuFmAJ.exe
  2⤵
  PID:3588
- C:\Windows\System\fpNfznr.exe
  C:\Windows\System\fpNfznr.exe
  2⤵
  PID:5020
- C:\Windows\System\hRWoBME.exe
  C:\Windows\System\hRWoBME.exe
  2⤵
  PID:3904
- C:\Windows\System\uinUqeu.exe
  C:\Windows\System\uinUqeu.exe
  2⤵
  PID:3952
- C:\Windows\System\wUTgANt.exe
  C:\Windows\System\wUTgANt.exe
  2⤵
  PID:1572
- C:\Windows\System\xemJYKw.exe
  C:\Windows\System\xemJYKw.exe
  2⤵
  PID:3500
- C:\Windows\System\SPnDgLt.exe
  C:\Windows\System\SPnDgLt.exe
  2⤵
  PID:4120
- C:\Windows\System\mAURyiV.exe
  C:\Windows\System\mAURyiV.exe
  2⤵
  PID:1964
- C:\Windows\System\DaydbUN.exe
  C:\Windows\System\DaydbUN.exe
  2⤵
  PID:4256
- C:\Windows\System\uVSlRYQ.exe
  C:\Windows\System\uVSlRYQ.exe
  2⤵
  PID:4424
- C:\Windows\System\LuFSfTr.exe
  C:\Windows\System\LuFSfTr.exe
  2⤵
  PID:4600
- C:\Windows\System\rCiKhRu.exe
  C:\Windows\System\rCiKhRu.exe
  2⤵
  PID:4588
- C:\Windows\System\ZEEawPb.exe
  C:\Windows\System\ZEEawPb.exe
  2⤵
  PID:4628
- C:\Windows\System\irEbJLF.exe
  C:\Windows\System\irEbJLF.exe
  2⤵
  PID:4784
- C:\Windows\System\rSjaRvN.exe
  C:\Windows\System\rSjaRvN.exe
  2⤵
  PID:4864
- C:\Windows\System\MLwWqml.exe
  C:\Windows\System\MLwWqml.exe
  2⤵
  PID:4968
- C:\Windows\System\ZxRJyKo.exe
  C:\Windows\System\ZxRJyKo.exe
  2⤵
  PID:5112
- C:\Windows\System\XPZnhVt.exe
  C:\Windows\System\XPZnhVt.exe
  2⤵
  PID:2568
- C:\Windows\System\YslCrTD.exe
  C:\Windows\System\YslCrTD.exe
  2⤵
  PID:3472
- C:\Windows\System\SjYiOxZ.exe
  C:\Windows\System\SjYiOxZ.exe
  2⤵
  PID:3684
- C:\Windows\System\EFtQlwg.exe
  C:\Windows\System\EFtQlwg.exe
  2⤵
  PID:1784
- C:\Windows\System\YnEFNru.exe
  C:\Windows\System\YnEFNru.exe
  2⤵
  PID:2260
- C:\Windows\System\uQFEQVO.exe
  C:\Windows\System\uQFEQVO.exe
  2⤵
  PID:4292
- C:\Windows\System\xztKtde.exe
  C:\Windows\System\xztKtde.exe
  2⤵
  PID:4640
- C:\Windows\System\XOmpiLs.exe
  C:\Windows\System\XOmpiLs.exe
  2⤵
  PID:4548
- C:\Windows\System\dBizSKh.exe
  C:\Windows\System\dBizSKh.exe
  2⤵
  PID:4828
- C:\Windows\System\vrEsagf.exe
  C:\Windows\System\vrEsagf.exe
  2⤵
  PID:4988
- C:\Windows\System\tmmMArp.exe
  C:\Windows\System\tmmMArp.exe
  2⤵
  PID:1408
- C:\Windows\System\OkDCjwC.exe
  C:\Windows\System\OkDCjwC.exe
  2⤵
  PID:5136
- C:\Windows\System\zObYSZP.exe
  C:\Windows\System\zObYSZP.exe
  2⤵
  PID:5156
- C:\Windows\System\mhYMOLS.exe
  C:\Windows\System\mhYMOLS.exe
  2⤵
  PID:5176
- C:\Windows\System\bfKzGyU.exe
  C:\Windows\System\bfKzGyU.exe
  2⤵
  PID:5196
- C:\Windows\System\WGgiimL.exe
  C:\Windows\System\WGgiimL.exe
  2⤵
  PID:5212
- C:\Windows\System\pSzWtIS.exe
  C:\Windows\System\pSzWtIS.exe
  2⤵
  PID:5236
- C:\Windows\System\ZtMAWzw.exe
  C:\Windows\System\ZtMAWzw.exe
  2⤵
  PID:5252
- C:\Windows\System\SKdaihI.exe
  C:\Windows\System\SKdaihI.exe
  2⤵
  PID:5272
- C:\Windows\System\LlwxpFo.exe
  C:\Windows\System\LlwxpFo.exe
  2⤵
  PID:5288
- C:\Windows\System\sCxfhpv.exe
  C:\Windows\System\sCxfhpv.exe
  2⤵
  PID:5304
- C:\Windows\System\ebYhRox.exe
  C:\Windows\System\ebYhRox.exe
  2⤵
  PID:5328
- C:\Windows\System\BZdFwNq.exe
  C:\Windows\System\BZdFwNq.exe
  2⤵
  PID:5352
- C:\Windows\System\nDRMBCO.exe
  C:\Windows\System\nDRMBCO.exe
  2⤵
  PID:5368
- C:\Windows\System\YjfOwwK.exe
  C:\Windows\System\YjfOwwK.exe
  2⤵
  PID:5392
- C:\Windows\System\mXFluDG.exe
  C:\Windows\System\mXFluDG.exe
  2⤵
  PID:5412
- C:\Windows\System\WXWNGmu.exe
  C:\Windows\System\WXWNGmu.exe
  2⤵
  PID:5428
- C:\Windows\System\IaRKhMA.exe
  C:\Windows\System\IaRKhMA.exe
  2⤵
  PID:5448
- C:\Windows\System\OqdFLQb.exe
  C:\Windows\System\OqdFLQb.exe
  2⤵
  PID:5472
- C:\Windows\System\jncCjnc.exe
  C:\Windows\System\jncCjnc.exe
  2⤵
  PID:5492
- C:\Windows\System\lxmKDSt.exe
  C:\Windows\System\lxmKDSt.exe
  2⤵
  PID:5508
- C:\Windows\System\UKLtopf.exe
  C:\Windows\System\UKLtopf.exe
  2⤵
  PID:5524
- C:\Windows\System\hVAnPKE.exe
  C:\Windows\System\hVAnPKE.exe
  2⤵
  PID:5540
- C:\Windows\System\TxmCLDY.exe
  C:\Windows\System\TxmCLDY.exe
  2⤵
  PID:5564
- C:\Windows\System\DURvcrF.exe
  C:\Windows\System\DURvcrF.exe
  2⤵
  PID:5588
- C:\Windows\System\DPZctZB.exe
  C:\Windows\System\DPZctZB.exe
  2⤵
  PID:5604
- C:\Windows\System\auWUBFC.exe
  C:\Windows\System\auWUBFC.exe
  2⤵
  PID:5624
- C:\Windows\System\HGwzBzX.exe
  C:\Windows\System\HGwzBzX.exe
  2⤵
  PID:5648
- C:\Windows\System\hqrtdOH.exe
  C:\Windows\System\hqrtdOH.exe
  2⤵
  PID:5664
- C:\Windows\System\hVpAKxU.exe
  C:\Windows\System\hVpAKxU.exe
  2⤵
  PID:5688
- C:\Windows\System\ZaMdxDJ.exe
  C:\Windows\System\ZaMdxDJ.exe
  2⤵
  PID:5708
- C:\Windows\System\xIzvtfn.exe
  C:\Windows\System\xIzvtfn.exe
  2⤵
  PID:5732
- C:\Windows\System\bMzHZsN.exe
  C:\Windows\System\bMzHZsN.exe
  2⤵
  PID:5748
- C:\Windows\System\TUauyaH.exe
  C:\Windows\System\TUauyaH.exe
  2⤵
  PID:5764
- C:\Windows\System\XbURQMj.exe
  C:\Windows\System\XbURQMj.exe
  2⤵
  PID:5788
- C:\Windows\System\IvYBqpj.exe
  C:\Windows\System\IvYBqpj.exe
  2⤵
  PID:5808
- C:\Windows\System\vRKddms.exe
  C:\Windows\System\vRKddms.exe
  2⤵
  PID:5832
- C:\Windows\System\ofZprRM.exe
  C:\Windows\System\ofZprRM.exe
  2⤵
  PID:5852
- C:\Windows\System\tcmYqMM.exe
  C:\Windows\System\tcmYqMM.exe
  2⤵
  PID:5884
- C:\Windows\System\DfSuAnp.exe
  C:\Windows\System\DfSuAnp.exe
  2⤵
  PID:5900
- C:\Windows\System\qltgDEC.exe
  C:\Windows\System\qltgDEC.exe
  2⤵
  PID:5920
- C:\Windows\System\uyUZenI.exe
  C:\Windows\System\uyUZenI.exe
  2⤵
  PID:5944
- C:\Windows\System\hYdlcYn.exe
  C:\Windows\System\hYdlcYn.exe
  2⤵
  PID:5968
- C:\Windows\System\nNJQyfy.exe
  C:\Windows\System\nNJQyfy.exe
  2⤵
  PID:5996
- C:\Windows\System\MzuArgA.exe
  C:\Windows\System\MzuArgA.exe
  2⤵
  PID:6016
- C:\Windows\System\pMdkoiJ.exe
  C:\Windows\System\pMdkoiJ.exe
  2⤵
  PID:6036
- C:\Windows\System\WykhGah.exe
  C:\Windows\System\WykhGah.exe
  2⤵
  PID:6056
- C:\Windows\System\SGRiooq.exe
  C:\Windows\System\SGRiooq.exe
  2⤵
  PID:6072
- C:\Windows\System\lHaJgsO.exe
  C:\Windows\System\lHaJgsO.exe
  2⤵
  PID:6092
- C:\Windows\System\kJaqzAW.exe
  C:\Windows\System\kJaqzAW.exe
  2⤵
  PID:6112
- C:\Windows\System\SVJBJIo.exe
  C:\Windows\System\SVJBJIo.exe
  2⤵
  PID:6128
- C:\Windows\System\ZSTOKYC.exe
  C:\Windows\System\ZSTOKYC.exe
  2⤵
  PID:5000
- C:\Windows\System\IRZjVTC.exe
  C:\Windows\System\IRZjVTC.exe
  2⤵
  PID:2712
- C:\Windows\System\NxKXkQp.exe
  C:\Windows\System\NxKXkQp.exe
  2⤵
  PID:4160
- C:\Windows\System\iinDWgX.exe
  C:\Windows\System\iinDWgX.exe
  2⤵
  PID:3220
- C:\Windows\System\XjmAzKA.exe
  C:\Windows\System\XjmAzKA.exe
  2⤵
  PID:4448
- C:\Windows\System\KUqGbMS.exe
  C:\Windows\System\KUqGbMS.exe
  2⤵
  PID:2068
- C:\Windows\System\XkqJUWQ.exe
  C:\Windows\System\XkqJUWQ.exe
  2⤵
  PID:4624
- C:\Windows\System\PRyUlcg.exe
  C:\Windows\System\PRyUlcg.exe
  2⤵
  PID:2740
- C:\Windows\System\eAmdmlG.exe
  C:\Windows\System\eAmdmlG.exe
  2⤵
  PID:5208
- C:\Windows\System\cJgmMVD.exe
  C:\Windows\System\cJgmMVD.exe
  2⤵
  PID:5284
- C:\Windows\System\zdnTdYT.exe
  C:\Windows\System\zdnTdYT.exe
  2⤵
  PID:5316
- C:\Windows\System\RBpAgRV.exe
  C:\Windows\System\RBpAgRV.exe
  2⤵
  PID:5364
- C:\Windows\System\eQjXTIl.exe
  C:\Windows\System\eQjXTIl.exe
  2⤵
  PID:5436
- C:\Windows\System\LviZkJP.exe
  C:\Windows\System\LviZkJP.exe
  2⤵
  PID:5488
- C:\Windows\System\CfrHoKn.exe
  C:\Windows\System\CfrHoKn.exe
  2⤵
  PID:5548
- C:\Windows\System\hHaTJYt.exe
  C:\Windows\System\hHaTJYt.exe
  2⤵
  PID:1812
- C:\Windows\System\fKJgdcB.exe
  C:\Windows\System\fKJgdcB.exe
  2⤵
  PID:5300
- C:\Windows\System\KceVMBg.exe
  C:\Windows\System\KceVMBg.exe
  2⤵
  PID:5260
- C:\Windows\System\tIvctJm.exe
  C:\Windows\System\tIvctJm.exe
  2⤵
  PID:5380
- C:\Windows\System\byThdvo.exe
  C:\Windows\System\byThdvo.exe
  2⤵
  PID:2624
- C:\Windows\System\rjyIJzk.exe
  C:\Windows\System\rjyIJzk.exe
  2⤵
  PID:5676
- C:\Windows\System\cZYdnQE.exe
  C:\Windows\System\cZYdnQE.exe
  2⤵
  PID:5460
- C:\Windows\System\JbjjbAK.exe
  C:\Windows\System\JbjjbAK.exe
  2⤵
  PID:5728
- C:\Windows\System\SXtaXbj.exe
  C:\Windows\System\SXtaXbj.exe
  2⤵
  PID:5532
- C:\Windows\System\YXusBre.exe
  C:\Windows\System\YXusBre.exe
  2⤵
  PID:5576
- C:\Windows\System\ofbLzTS.exe
  C:\Windows\System\ofbLzTS.exe
  2⤵
  PID:5616
- C:\Windows\System\MtZfNEa.exe
  C:\Windows\System\MtZfNEa.exe
  2⤵
  PID:5656
- C:\Windows\System\ygLqBXJ.exe
  C:\Windows\System\ygLqBXJ.exe
  2⤵
  PID:5840
- C:\Windows\System\jThwKcO.exe
  C:\Windows\System\jThwKcO.exe
  2⤵
  PID:5700
- C:\Windows\System\UBRavor.exe
  C:\Windows\System\UBRavor.exe
  2⤵
  PID:5928
- C:\Windows\System\AlIJigE.exe
  C:\Windows\System\AlIJigE.exe
  2⤵
  PID:5780
- C:\Windows\System\dcEczPp.exe
  C:\Windows\System\dcEczPp.exe
  2⤵
  PID:5828
- C:\Windows\System\oHRCcKr.exe
  C:\Windows\System\oHRCcKr.exe
  2⤵
  PID:5880
- C:\Windows\System\srysekE.exe
  C:\Windows\System\srysekE.exe
  2⤵
  PID:5952
- C:\Windows\System\oIOtoHY.exe
  C:\Windows\System\oIOtoHY.exe
  2⤵
  PID:5988
- C:\Windows\System\RFlENTa.exe
  C:\Windows\System\RFlENTa.exe
  2⤵
  PID:6068
- C:\Windows\System\mdFlcHd.exe
  C:\Windows\System\mdFlcHd.exe
  2⤵
  PID:6108
- C:\Windows\System\OdnbVfI.exe
  C:\Windows\System\OdnbVfI.exe
  2⤵
  PID:1832
- C:\Windows\System\SPUiNUc.exe
  C:\Windows\System\SPUiNUc.exe
  2⤵
  PID:6048
- C:\Windows\System\rEMNzKG.exe
  C:\Windows\System\rEMNzKG.exe
  2⤵
  PID:6084
- C:\Windows\System\PHNOuWn.exe
  C:\Windows\System\PHNOuWn.exe
  2⤵
  PID:4720
- C:\Windows\System\TqDcjRF.exe
  C:\Windows\System\TqDcjRF.exe
  2⤵
  PID:5320
- C:\Windows\System\oTDuhfN.exe
  C:\Windows\System\oTDuhfN.exe
  2⤵
  PID:5408
- C:\Windows\System\cmYTPrI.exe
  C:\Windows\System\cmYTPrI.exe
  2⤵
  PID:6124
- C:\Windows\System\fzyFJTG.exe
  C:\Windows\System\fzyFJTG.exe
  2⤵
  PID:5520
- C:\Windows\System\CeuizEX.exe
  C:\Windows\System\CeuizEX.exe
  2⤵
  PID:5044
- C:\Windows\System\VaOBVLt.exe
  C:\Windows\System\VaOBVLt.exe
  2⤵
  PID:5644
- C:\Windows\System\BNJCsII.exe
  C:\Windows\System\BNJCsII.exe
  2⤵
  PID:2020
- C:\Windows\System\XMfoaaM.exe
  C:\Windows\System\XMfoaaM.exe
  2⤵
  PID:5572
- C:\Windows\System\VPAdwWr.exe
  C:\Windows\System\VPAdwWr.exe
  2⤵
  PID:5484
- C:\Windows\System\cLENUel.exe
  C:\Windows\System\cLENUel.exe
  2⤵
  PID:5760
- C:\Windows\System\IOqyMJd.exe
  C:\Windows\System\IOqyMJd.exe
  2⤵
  PID:5224
- C:\Windows\System\ROHStFF.exe
  C:\Windows\System\ROHStFF.exe
  2⤵
  PID:5632
- C:\Windows\System\KjRLXjQ.exe
  C:\Windows\System\KjRLXjQ.exe
  2⤵
  PID:5772
- C:\Windows\System\nxxkVcl.exe
  C:\Windows\System\nxxkVcl.exe
  2⤵
  PID:5872
- C:\Windows\System\UUoncek.exe
  C:\Windows\System\UUoncek.exe
  2⤵
  PID:5716
- C:\Windows\System\FfaREAb.exe
  C:\Windows\System\FfaREAb.exe
  2⤵
  PID:5612
- C:\Windows\System\CrgKZqx.exe
  C:\Windows\System\CrgKZqx.exe
  2⤵
  PID:5964
- C:\Windows\System\sVTPElX.exe
  C:\Windows\System\sVTPElX.exe
  2⤵
  PID:5744
- C:\Windows\System\EmGqqti.exe
  C:\Windows\System\EmGqqti.exe
  2⤵
  PID:5816
- C:\Windows\System\GYxtWsz.exe
  C:\Windows\System\GYxtWsz.exe
  2⤵
  PID:2888
- C:\Windows\System\nTEbrJP.exe
  C:\Windows\System\nTEbrJP.exe
  2⤵
  PID:3700
- C:\Windows\System\FXZAOQz.exe
  C:\Windows\System\FXZAOQz.exe
  2⤵
  PID:6028
- C:\Windows\System\pcmiiVV.exe
  C:\Windows\System\pcmiiVV.exe
  2⤵
  PID:4580
- C:\Windows\System\NCpzmfv.exe
  C:\Windows\System\NCpzmfv.exe
  2⤵
  PID:4356
- C:\Windows\System\rAXytfd.exe
  C:\Windows\System\rAXytfd.exe
  2⤵
  PID:5168
- C:\Windows\System\SVxBHMK.exe
  C:\Windows\System\SVxBHMK.exe
  2⤵
  PID:5084
- C:\Windows\System\HoXuGYG.exe
  C:\Windows\System\HoXuGYG.exe
  2⤵
  PID:2176
- C:\Windows\System\xDboRPN.exe
  C:\Windows\System\xDboRPN.exe
  2⤵
  PID:5268
- C:\Windows\System\LZKOVAb.exe
  C:\Windows\System\LZKOVAb.exe
  2⤵
  PID:2284
- C:\Windows\System\GUzsZfS.exe
  C:\Windows\System\GUzsZfS.exe
  2⤵
  PID:5440
- C:\Windows\System\iZVkOpl.exe
  C:\Windows\System\iZVkOpl.exe
  2⤵
  PID:5844
- C:\Windows\System\bfRmMLm.exe
  C:\Windows\System\bfRmMLm.exe
  2⤵
  PID:5940
- C:\Windows\System\ILrAxnK.exe
  C:\Windows\System\ILrAxnK.exe
  2⤵
  PID:5500
- C:\Windows\System\xXKdheu.exe
  C:\Windows\System\xXKdheu.exe
  2⤵
  PID:5892
- C:\Windows\System\zkmWFhz.exe
  C:\Windows\System\zkmWFhz.exe
  2⤵
  PID:5916
- C:\Windows\System\GKzYePi.exe
  C:\Windows\System\GKzYePi.exe
  2⤵
  PID:2960
- C:\Windows\System\AChBVjx.exe
  C:\Windows\System\AChBVjx.exe
  2⤵
  PID:5908
- C:\Windows\System\usfdmea.exe
  C:\Windows\System\usfdmea.exe
  2⤵
  PID:2848
- C:\Windows\System\PJeZCSZ.exe
  C:\Windows\System\PJeZCSZ.exe
  2⤵
  PID:2548
- C:\Windows\System\tiBLgWw.exe
  C:\Windows\System\tiBLgWw.exe
  2⤵
  PID:5128
- C:\Windows\System\cCtOAyl.exe
  C:\Windows\System\cCtOAyl.exe
  2⤵
  PID:5264
- C:\Windows\System\ylkHAdT.exe
  C:\Windows\System\ylkHAdT.exe
  2⤵
  PID:2620
- C:\Windows\System\vKGtpHV.exe
  C:\Windows\System\vKGtpHV.exe
  2⤵
  PID:5144
- C:\Windows\System\JruNzvD.exe
  C:\Windows\System\JruNzvD.exe
  2⤵
  PID:2804
- C:\Windows\System\kaldPfn.exe
  C:\Windows\System\kaldPfn.exe
  2⤵
  PID:6164
- C:\Windows\System\GXDokPn.exe
  C:\Windows\System\GXDokPn.exe
  2⤵
  PID:6184
- C:\Windows\System\GKEbLcy.exe
  C:\Windows\System\GKEbLcy.exe
  2⤵
  PID:6200
- C:\Windows\System\SeWLNrs.exe
  C:\Windows\System\SeWLNrs.exe
  2⤵
  PID:6224
- C:\Windows\System\wxiUcpJ.exe
  C:\Windows\System\wxiUcpJ.exe
  2⤵
  PID:6240
- C:\Windows\System\qWIGVXq.exe
  C:\Windows\System\qWIGVXq.exe
  2⤵
  PID:6260
- C:\Windows\System\SYBDJSQ.exe
  C:\Windows\System\SYBDJSQ.exe
  2⤵
  PID:6280
- C:\Windows\System\NXBlzLV.exe
  C:\Windows\System\NXBlzLV.exe
  2⤵
  PID:6300
- C:\Windows\System\DDaGbfg.exe
  C:\Windows\System\DDaGbfg.exe
  2⤵
  PID:6320
- C:\Windows\System\IiHWVQX.exe
  C:\Windows\System\IiHWVQX.exe
  2⤵
  PID:6340
- C:\Windows\System\QkPGaFh.exe
  C:\Windows\System\QkPGaFh.exe
  2⤵
  PID:6360
- C:\Windows\System\aThbUpn.exe
  C:\Windows\System\aThbUpn.exe
  2⤵
  PID:6388
- C:\Windows\System\PzmFXiP.exe
  C:\Windows\System\PzmFXiP.exe
  2⤵
  PID:6404
- C:\Windows\System\iBpRFFK.exe
  C:\Windows\System\iBpRFFK.exe
  2⤵
  PID:6420
- C:\Windows\System\KVthzGR.exe
  C:\Windows\System\KVthzGR.exe
  2⤵
  PID:6440
- C:\Windows\System\oBwlvfI.exe
  C:\Windows\System\oBwlvfI.exe
  2⤵
  PID:6464
- C:\Windows\System\GhVAKIM.exe
  C:\Windows\System\GhVAKIM.exe
  2⤵
  PID:6488
- C:\Windows\System\UvsmLXx.exe
  C:\Windows\System\UvsmLXx.exe
  2⤵
  PID:6508
- C:\Windows\System\wurIISk.exe
  C:\Windows\System\wurIISk.exe
  2⤵
  PID:6524
- C:\Windows\System\uMfdZuM.exe
  C:\Windows\System\uMfdZuM.exe
  2⤵
  PID:6548
- C:\Windows\System\UPGlezp.exe
  C:\Windows\System\UPGlezp.exe
  2⤵
  PID:6564
- C:\Windows\System\hJUcsdP.exe
  C:\Windows\System\hJUcsdP.exe
  2⤵
  PID:6584
- C:\Windows\System\FtupowM.exe
  C:\Windows\System\FtupowM.exe
  2⤵
  PID:6604
- C:\Windows\System\kfiBjZg.exe
  C:\Windows\System\kfiBjZg.exe
  2⤵
  PID:6624
- C:\Windows\System\TkcIaWC.exe
  C:\Windows\System\TkcIaWC.exe
  2⤵
  PID:6644
- C:\Windows\System\WFuyiEW.exe
  C:\Windows\System\WFuyiEW.exe
  2⤵
  PID:6668
- C:\Windows\System\fIrVOwv.exe
  C:\Windows\System\fIrVOwv.exe
  2⤵
  PID:6684
- C:\Windows\System\NsYwJly.exe
  C:\Windows\System\NsYwJly.exe
  2⤵
  PID:6704
- C:\Windows\System\DieTkxI.exe
  C:\Windows\System\DieTkxI.exe
  2⤵
  PID:6724
- C:\Windows\System\FGhVEhy.exe
  C:\Windows\System\FGhVEhy.exe
  2⤵
  PID:6744
- C:\Windows\System\Jnkrqsz.exe
  C:\Windows\System\Jnkrqsz.exe
  2⤵
  PID:6764
- C:\Windows\System\auFYDiv.exe
  C:\Windows\System\auFYDiv.exe
  2⤵
  PID:6780
- C:\Windows\System\lIASbcu.exe
  C:\Windows\System\lIASbcu.exe
  2⤵
  PID:6804
- C:\Windows\System\EdHKett.exe
  C:\Windows\System\EdHKett.exe
  2⤵
  PID:6828
- C:\Windows\System\ShpGDXY.exe
  C:\Windows\System\ShpGDXY.exe
  2⤵
  PID:6844
- C:\Windows\System\gwtSyfx.exe
  C:\Windows\System\gwtSyfx.exe
  2⤵
  PID:6868
- C:\Windows\System\zBfxVLp.exe
  C:\Windows\System\zBfxVLp.exe
  2⤵
  PID:6888
- C:\Windows\System\ZObfEYh.exe
  C:\Windows\System\ZObfEYh.exe
  2⤵
  PID:6904
- C:\Windows\System\nmNbyew.exe
  C:\Windows\System\nmNbyew.exe
  2⤵
  PID:6924
- C:\Windows\System\kneBCDf.exe
  C:\Windows\System\kneBCDf.exe
  2⤵
  PID:6948
- C:\Windows\System\sOQupGx.exe
  C:\Windows\System\sOQupGx.exe
  2⤵
  PID:6964
- C:\Windows\System\vyhwIrj.exe
  C:\Windows\System\vyhwIrj.exe
  2⤵
  PID:6980
- C:\Windows\System\woIkRwB.exe
  C:\Windows\System\woIkRwB.exe
  2⤵
  PID:6996
- C:\Windows\System\fFafaPJ.exe
  C:\Windows\System\fFafaPJ.exe
  2⤵
  PID:7012
- C:\Windows\System\WQBgHJm.exe
  C:\Windows\System\WQBgHJm.exe
  2⤵
  PID:7028
- C:\Windows\System\dnjMBOI.exe
  C:\Windows\System\dnjMBOI.exe
  2⤵
  PID:7044
- C:\Windows\System\GZSeKZp.exe
  C:\Windows\System\GZSeKZp.exe
  2⤵
  PID:7072
- C:\Windows\System\PwFuxIE.exe
  C:\Windows\System\PwFuxIE.exe
  2⤵
  PID:7096
- C:\Windows\System\yZgfamZ.exe
  C:\Windows\System\yZgfamZ.exe
  2⤵
  PID:7112
- C:\Windows\System\QtKJHUq.exe
  C:\Windows\System\QtKJHUq.exe
  2⤵
  PID:7136
- C:\Windows\System\FuQudcp.exe
  C:\Windows\System\FuQudcp.exe
  2⤵
  PID:7152
- C:\Windows\System\SOjgupU.exe
  C:\Windows\System\SOjgupU.exe
  2⤵
  PID:5584
- C:\Windows\System\jOcQLlv.exe
  C:\Windows\System\jOcQLlv.exe
  2⤵
  PID:5776
- C:\Windows\System\AlEXnlf.exe
  C:\Windows\System\AlEXnlf.exe
  2⤵
  PID:6032
- C:\Windows\System\ajFYyrh.exe
  C:\Windows\System\ajFYyrh.exe
  2⤵
  PID:6052
- C:\Windows\System\ARTPPtq.exe
  C:\Windows\System\ARTPPtq.exe
  2⤵
  PID:5232
- C:\Windows\System\puqihvc.exe
  C:\Windows\System\puqihvc.exe
  2⤵
  PID:5152
- C:\Windows\System\VNIFueg.exe
  C:\Windows\System\VNIFueg.exe
  2⤵
  PID:5228
- C:\Windows\System\xJmxgfX.exe
  C:\Windows\System\xJmxgfX.exe
  2⤵
  PID:6172
- C:\Windows\System\ROQvDNs.exe
  C:\Windows\System\ROQvDNs.exe
  2⤵
  PID:6156
- C:\Windows\System\SOGpRby.exe
  C:\Windows\System\SOGpRby.exe
  2⤵
  PID:6196
- C:\Windows\System\xylRyPg.exe
  C:\Windows\System\xylRyPg.exe
  2⤵
  PID:6256
- C:\Windows\System\NtIBhMT.exe
  C:\Windows\System\NtIBhMT.exe
  2⤵
  PID:6308
- C:\Windows\System\GvChmqh.exe
  C:\Windows\System\GvChmqh.exe
  2⤵
  PID:6332
- C:\Windows\System\ZLqYXUz.exe
  C:\Windows\System\ZLqYXUz.exe
  2⤵
  PID:6348
- C:\Windows\System\TbPStJy.exe
  C:\Windows\System\TbPStJy.exe
  2⤵
  PID:6412
- C:\Windows\System\DNVecBf.exe
  C:\Windows\System\DNVecBf.exe
  2⤵
  PID:6396
- C:\Windows\System\jEoDMkX.exe
  C:\Windows\System\jEoDMkX.exe
  2⤵
  PID:6436
- C:\Windows\System\DBdSDla.exe
  C:\Windows\System\DBdSDla.exe
  2⤵
  PID:6500
- C:\Windows\System\eieNdki.exe
  C:\Windows\System\eieNdki.exe
  2⤵
  PID:6532
- C:\Windows\System\YnqMFHA.exe
  C:\Windows\System\YnqMFHA.exe
  2⤵
  PID:6556
- C:\Windows\System\dwLdOKG.exe
  C:\Windows\System\dwLdOKG.exe
  2⤵
  PID:6612
- C:\Windows\System\hoeHXTC.exe
  C:\Windows\System\hoeHXTC.exe
  2⤵
  PID:6632
- C:\Windows\System\DMXhNbQ.exe
  C:\Windows\System\DMXhNbQ.exe
  2⤵
  PID:2824
- C:\Windows\System\LIolNuh.exe
  C:\Windows\System\LIolNuh.exe
  2⤵
  PID:6700
- C:\Windows\System\ndHgoFb.exe
  C:\Windows\System\ndHgoFb.exe
  2⤵
  PID:6736
- C:\Windows\System\KTCbuGE.exe
  C:\Windows\System\KTCbuGE.exe
  2⤵
  PID:6824
- C:\Windows\System\OuyusFc.exe
  C:\Windows\System\OuyusFc.exe
  2⤵
  PID:6856
- C:\Windows\System\Ogvvhad.exe
  C:\Windows\System\Ogvvhad.exe
  2⤵
  PID:6932
- C:\Windows\System\abhMzJf.exe
  C:\Windows\System\abhMzJf.exe
  2⤵
  PID:6972
- C:\Windows\System\bpBEjaw.exe
  C:\Windows\System\bpBEjaw.exe
  2⤵
  PID:7004
- C:\Windows\System\KFoUClR.exe
  C:\Windows\System\KFoUClR.exe
  2⤵
  PID:7036
- C:\Windows\System\IiLqBpl.exe
  C:\Windows\System\IiLqBpl.exe
  2⤵
  PID:6800
- C:\Windows\System\xoJxJwm.exe
  C:\Windows\System\xoJxJwm.exe
  2⤵
  PID:7120
- C:\Windows\System\xFDELck.exe
  C:\Windows\System\xFDELck.exe
  2⤵
  PID:6836
- C:\Windows\System\nOPWfZC.exe
  C:\Windows\System\nOPWfZC.exe
  2⤵
  PID:1796
- C:\Windows\System\bLvfByM.exe
  C:\Windows\System\bLvfByM.exe
  2⤵
  PID:6080
- C:\Windows\System\MBuPSCJ.exe
  C:\Windows\System\MBuPSCJ.exe
  2⤵
  PID:6884
- C:\Windows\System\OExLgQd.exe
  C:\Windows\System\OExLgQd.exe
  2⤵
  PID:6956
- C:\Windows\System\vZIqNnB.exe
  C:\Windows\System\vZIqNnB.exe
  2⤵
  PID:6992
- C:\Windows\System\ZEyCVfh.exe
  C:\Windows\System\ZEyCVfh.exe
  2⤵
  PID:7052
- C:\Windows\System\jgkzvAI.exe
  C:\Windows\System\jgkzvAI.exe
  2⤵
  PID:6220
- C:\Windows\System\QSJjXkb.exe
  C:\Windows\System\QSJjXkb.exe
  2⤵
  PID:7148
- C:\Windows\System\AMkSwdf.exe
  C:\Windows\System\AMkSwdf.exe
  2⤵
  PID:6248
- C:\Windows\System\MgRZHAi.exe
  C:\Windows\System\MgRZHAi.exe
  2⤵
  PID:4552
- C:\Windows\System\vbTlHCA.exe
  C:\Windows\System\vbTlHCA.exe
  2⤵
  PID:6208
- C:\Windows\System\xseuvlM.exe
  C:\Windows\System\xseuvlM.exe
  2⤵
  PID:6268
- C:\Windows\System\FGiNtNb.exe
  C:\Windows\System\FGiNtNb.exe
  2⤵
  PID:6296
- C:\Windows\System\UiJRfza.exe
  C:\Windows\System\UiJRfza.exe
  2⤵
  PID:2744
- C:\Windows\System\mgrwDmA.exe
  C:\Windows\System\mgrwDmA.exe
  2⤵
  PID:6368
- C:\Windows\System\HPnHejA.exe
  C:\Windows\System\HPnHejA.exe
  2⤵
  PID:6428
- C:\Windows\System\gdRywlw.exe
  C:\Windows\System\gdRywlw.exe
  2⤵
  PID:6476
- C:\Windows\System\zYIUmHO.exe
  C:\Windows\System\zYIUmHO.exe
  2⤵
  PID:1816
- C:\Windows\System\LTwQoVZ.exe
  C:\Windows\System\LTwQoVZ.exe
  2⤵
  PID:6580
- C:\Windows\System\mZbJDpQ.exe
  C:\Windows\System\mZbJDpQ.exe
  2⤵
  PID:6640
- C:\Windows\System\czyyDKS.exe
  C:\Windows\System\czyyDKS.exe
  2⤵
  PID:6692
- C:\Windows\System\SFflGLk.exe
  C:\Windows\System\SFflGLk.exe
  2⤵
  PID:6864
- C:\Windows\System\CzyYJQM.exe
  C:\Windows\System\CzyYJQM.exe
  2⤵
  PID:1932
- C:\Windows\System\gBEkTcb.exe
  C:\Windows\System\gBEkTcb.exe
  2⤵
  PID:7008
- C:\Windows\System\OVfHDYb.exe
  C:\Windows\System\OVfHDYb.exe
  2⤵
  PID:7092
- C:\Windows\System\KtotZnt.exe
  C:\Windows\System\KtotZnt.exe
  2⤵
  PID:2736
- C:\Windows\System\BqDqGMF.exe
  C:\Windows\System\BqDqGMF.exe
  2⤵
  PID:7132
- C:\Windows\System\OkKcnYU.exe
  C:\Windows\System\OkKcnYU.exe
  2⤵
  PID:6876
- C:\Windows\System\OXwUzHK.exe
  C:\Windows\System\OXwUzHK.exe
  2⤵
  PID:2876
- C:\Windows\System\rtMLJrn.exe
  C:\Windows\System\rtMLJrn.exe
  2⤵
  PID:6988
- C:\Windows\System\PXghnRK.exe
  C:\Windows\System\PXghnRK.exe
  2⤵
  PID:7020
- C:\Windows\System\pLsmDto.exe
  C:\Windows\System\pLsmDto.exe
  2⤵
  PID:7108
- C:\Windows\System\xtslaNs.exe
  C:\Windows\System\xtslaNs.exe
  2⤵
  PID:7144
- C:\Windows\System\bYzqHWb.exe
  C:\Windows\System\bYzqHWb.exe
  2⤵
  PID:6192
- C:\Windows\System\ntswVSA.exe
  C:\Windows\System\ntswVSA.exe
  2⤵
  PID:6316
- C:\Windows\System\lIuzFYc.exe
  C:\Windows\System\lIuzFYc.exe
  2⤵
  PID:6292
- C:\Windows\System\UsikrFQ.exe
  C:\Windows\System\UsikrFQ.exe
  2⤵
  PID:6272
- C:\Windows\System\GBvHwIt.exe
  C:\Windows\System\GBvHwIt.exe
  2⤵
  PID:3008
- C:\Windows\System\bBNSVCR.exe
  C:\Windows\System\bBNSVCR.exe
  2⤵
  PID:6576
- C:\Windows\System\nuTrcLB.exe
  C:\Windows\System\nuTrcLB.exe
  2⤵
  PID:6660
- C:\Windows\System\FNQsXFa.exe
  C:\Windows\System\FNQsXFa.exe
  2⤵
  PID:1928
- C:\Windows\System\RvUgwDu.exe
  C:\Windows\System\RvUgwDu.exe
  2⤵
  PID:6600
- C:\Windows\System\ahOamfx.exe
  C:\Windows\System\ahOamfx.exe
  2⤵
  PID:6860
- C:\Windows\System\onlIbOM.exe
  C:\Windows\System\onlIbOM.exe
  2⤵
  PID:6944
- C:\Windows\System\MscTJjI.exe
  C:\Windows\System\MscTJjI.exe
  2⤵
  PID:7088
- C:\Windows\System\jliPDUb.exe
  C:\Windows\System\jliPDUb.exe
  2⤵
  PID:7124
- C:\Windows\System\xuaiLqC.exe
  C:\Windows\System\xuaiLqC.exe
  2⤵
  PID:5740
- C:\Windows\System\JGtTLwe.exe
  C:\Windows\System\JGtTLwe.exe
  2⤵
  PID:6920
- C:\Windows\System\TlGZQRT.exe
  C:\Windows\System\TlGZQRT.exe
  2⤵
  PID:6100
- C:\Windows\System\clSJdxF.exe
  C:\Windows\System\clSJdxF.exe
  2⤵
  PID:5424
- C:\Windows\System\Cjtyvka.exe
  C:\Windows\System\Cjtyvka.exe
  2⤵
  PID:6352
- C:\Windows\System\rAsEXgF.exe
  C:\Windows\System\rAsEXgF.exe
  2⤵
  PID:5560
- C:\Windows\System\mXsnfdk.exe
  C:\Windows\System\mXsnfdk.exe
  2⤵
  PID:6516
- C:\Windows\System\FCFjLyv.exe
  C:\Windows\System\FCFjLyv.exe
  2⤵
  PID:6480
- C:\Windows\System\pbMYTHk.exe
  C:\Windows\System\pbMYTHk.exe
  2⤵
  PID:6592
- C:\Windows\System\wtsAOKb.exe
  C:\Windows\System\wtsAOKb.exe
  2⤵
  PID:2072
- C:\Windows\System\QBdWsaf.exe
  C:\Windows\System\QBdWsaf.exe
  2⤵
  PID:6680
- C:\Windows\System\GmIxWWR.exe
  C:\Windows\System\GmIxWWR.exe
  2⤵
  PID:4712
- C:\Windows\System\AStKBCo.exe
  C:\Windows\System\AStKBCo.exe
  2⤵
  PID:4760
- C:\Windows\System\PfXpoNZ.exe
  C:\Windows\System\PfXpoNZ.exe
  2⤵
  PID:6212
- C:\Windows\System\TUZhDWU.exe
  C:\Windows\System\TUZhDWU.exe
  2⤵
  PID:2820
- C:\Windows\System\obfiJDc.exe
  C:\Windows\System\obfiJDc.exe
  2⤵
  PID:6400
- C:\Windows\System\vnZoMaI.exe
  C:\Windows\System\vnZoMaI.exe
  2⤵
  PID:3200
- C:\Windows\System\xMgWeUG.exe
  C:\Windows\System\xMgWeUG.exe
  2⤵
  PID:6472
- C:\Windows\System\HScIBiZ.exe
  C:\Windows\System\HScIBiZ.exe
  2⤵
  PID:6792
- C:\Windows\System\zIaVNph.exe
  C:\Windows\System\zIaVNph.exe
  2⤵
  PID:1608
- C:\Windows\System\gUrnHzV.exe
  C:\Windows\System\gUrnHzV.exe
  2⤵
  PID:6756
- C:\Windows\System\qwYqNkx.exe
  C:\Windows\System\qwYqNkx.exe
  2⤵
  PID:2256
- C:\Windows\System\giOUVGK.exe
  C:\Windows\System\giOUVGK.exe
  2⤵
  PID:3048
- C:\Windows\System\WRhNqFy.exe
  C:\Windows\System\WRhNqFy.exe
  2⤵
  PID:328
- C:\Windows\System\MGWTWpD.exe
  C:\Windows\System\MGWTWpD.exe
  2⤵
  PID:5824
- C:\Windows\System\uzwpCRR.exe
  C:\Windows\System\uzwpCRR.exe
  2⤵
  PID:4696
- C:\Windows\System\tdjDXbV.exe
  C:\Windows\System\tdjDXbV.exe
  2⤵
  PID:2908
- C:\Windows\System\AUZPQZV.exe
  C:\Windows\System\AUZPQZV.exe
  2⤵
  PID:7084
- C:\Windows\System\DNuwQRv.exe
  C:\Windows\System\DNuwQRv.exe
  2⤵
  PID:1892
- C:\Windows\System\PMiaKLc.exe
  C:\Windows\System\PMiaKLc.exe
  2⤵
  PID:1940
- C:\Windows\System\CwVvtjd.exe
  C:\Windows\System\CwVvtjd.exe
  2⤵
  PID:6544
- C:\Windows\System\uWvpluE.exe
  C:\Windows\System\uWvpluE.exe
  2⤵
  PID:7172
- C:\Windows\System\UGYhsPU.exe
  C:\Windows\System\UGYhsPU.exe
  2⤵
  PID:7192
- C:\Windows\System\IizreCR.exe
  C:\Windows\System\IizreCR.exe
  2⤵
  PID:7212
- C:\Windows\System\IIzFvXn.exe
  C:\Windows\System\IIzFvXn.exe
  2⤵
  PID:7228
- C:\Windows\System\FeRJBSN.exe
  C:\Windows\System\FeRJBSN.exe
  2⤵
  PID:7252
- C:\Windows\System\hsaRjvj.exe
  C:\Windows\System\hsaRjvj.exe
  2⤵
  PID:7268
- C:\Windows\System\JKtsotX.exe
  C:\Windows\System\JKtsotX.exe
  2⤵
  PID:7284
- C:\Windows\System\AYXWQnX.exe
  C:\Windows\System\AYXWQnX.exe
  2⤵
  PID:7300
- C:\Windows\System\kkGoMtx.exe
  C:\Windows\System\kkGoMtx.exe
  2⤵
  PID:7316
- C:\Windows\System\roQVhij.exe
  C:\Windows\System\roQVhij.exe
  2⤵
  PID:7332
- C:\Windows\System\qvQZcNW.exe
  C:\Windows\System\qvQZcNW.exe
  2⤵
  PID:7348
- C:\Windows\System\omahUny.exe
  C:\Windows\System\omahUny.exe
  2⤵
  PID:7380
- C:\Windows\System\zlIBYXF.exe
  C:\Windows\System\zlIBYXF.exe
  2⤵
  PID:7400
- C:\Windows\System\uiKwBrW.exe
  C:\Windows\System\uiKwBrW.exe
  2⤵
  PID:7416
- C:\Windows\System\gCaUTsQ.exe
  C:\Windows\System\gCaUTsQ.exe
  2⤵
  PID:7440
- C:\Windows\System\LfcNtOj.exe
  C:\Windows\System\LfcNtOj.exe
  2⤵
  PID:7456
- C:\Windows\System\wcpGYlo.exe
  C:\Windows\System\wcpGYlo.exe
  2⤵
  PID:7472
- C:\Windows\System\tkTjAeQ.exe
  C:\Windows\System\tkTjAeQ.exe
  2⤵
  PID:7488
- C:\Windows\System\MlWfZRP.exe
  C:\Windows\System\MlWfZRP.exe
  2⤵
  PID:7508
- C:\Windows\System\IgTMIGZ.exe
  C:\Windows\System\IgTMIGZ.exe
  2⤵
  PID:7540
- C:\Windows\System\uZsoPtq.exe
  C:\Windows\System\uZsoPtq.exe
  2⤵
  PID:7556
- C:\Windows\System\hqlfBOd.exe
  C:\Windows\System\hqlfBOd.exe
  2⤵
  PID:7572
- C:\Windows\System\OdMoFuQ.exe
  C:\Windows\System\OdMoFuQ.exe
  2⤵
  PID:7588
- C:\Windows\System\HDcJnUn.exe
  C:\Windows\System\HDcJnUn.exe
  2⤵
  PID:7604
- C:\Windows\System\LzYsKTt.exe
  C:\Windows\System\LzYsKTt.exe
  2⤵
  PID:7624
- C:\Windows\System\yPxqLrf.exe
  C:\Windows\System\yPxqLrf.exe
  2⤵
  PID:7640
- C:\Windows\System\AYVyBOe.exe
  C:\Windows\System\AYVyBOe.exe
  2⤵
  PID:7656
- C:\Windows\System\aUJTFts.exe
  C:\Windows\System\aUJTFts.exe
  2⤵
  PID:7672
- C:\Windows\System\GpXUPfm.exe
  C:\Windows\System\GpXUPfm.exe
  2⤵
  PID:7692
- C:\Windows\System\uQfCkMM.exe
  C:\Windows\System\uQfCkMM.exe
  2⤵
  PID:7720
- C:\Windows\System\JuyYWZC.exe
  C:\Windows\System\JuyYWZC.exe
  2⤵
  PID:7736
- C:\Windows\System\kHKOuDB.exe
  C:\Windows\System\kHKOuDB.exe
  2⤵
  PID:7752
- C:\Windows\System\qboaEHV.exe
  C:\Windows\System\qboaEHV.exe
  2⤵
  PID:7768
- C:\Windows\System\RiumSpy.exe
  C:\Windows\System\RiumSpy.exe
  2⤵
  PID:7816
- C:\Windows\System\TkyuxLV.exe
  C:\Windows\System\TkyuxLV.exe
  2⤵
  PID:7856
- C:\Windows\System\yPcsXkp.exe
  C:\Windows\System\yPcsXkp.exe
  2⤵
  PID:7884
- C:\Windows\System\NrVCwQG.exe
  C:\Windows\System\NrVCwQG.exe
  2⤵
  PID:7916
- C:\Windows\System\eCjWhRY.exe
  C:\Windows\System\eCjWhRY.exe
  2⤵
  PID:7936
- C:\Windows\System\gjmhnTJ.exe
  C:\Windows\System\gjmhnTJ.exe
  2⤵
  PID:7956
- C:\Windows\System\AzauimT.exe
  C:\Windows\System\AzauimT.exe
  2⤵
  PID:7996
- C:\Windows\System\Tlqbemz.exe
  C:\Windows\System\Tlqbemz.exe
  2⤵
  PID:8012
- C:\Windows\System\kLrpqVV.exe
  C:\Windows\System\kLrpqVV.exe
  2⤵
  PID:8032
- C:\Windows\System\OsJzghS.exe
  C:\Windows\System\OsJzghS.exe
  2⤵
  PID:8052
- C:\Windows\System\jHkbDYr.exe
  C:\Windows\System\jHkbDYr.exe
  2⤵
  PID:8068
- C:\Windows\System\RzorToZ.exe
  C:\Windows\System\RzorToZ.exe
  2⤵
  PID:8088
- C:\Windows\System\RKbNhjn.exe
  C:\Windows\System\RKbNhjn.exe
  2⤵
  PID:8104
- C:\Windows\System\EZxWsFH.exe
  C:\Windows\System\EZxWsFH.exe
  2⤵
  PID:8120
- C:\Windows\System\pQfjNed.exe
  C:\Windows\System\pQfjNed.exe
  2⤵
  PID:8136
- C:\Windows\System\sMsIytj.exe
  C:\Windows\System\sMsIytj.exe
  2⤵
  PID:8152
- C:\Windows\System\OOfAnCX.exe
  C:\Windows\System\OOfAnCX.exe
  2⤵
  PID:8168
- C:\Windows\System\NUONCkG.exe
  C:\Windows\System\NUONCkG.exe
  2⤵
  PID:8184
- C:\Windows\System\lJdzvYB.exe
  C:\Windows\System\lJdzvYB.exe
  2⤵
  PID:964
- C:\Windows\System\UYEnhGP.exe
  C:\Windows\System\UYEnhGP.exe
  2⤵
  PID:2212
- C:\Windows\System\YUxBSLz.exe
  C:\Windows\System\YUxBSLz.exe
  2⤵
  PID:7184
- C:\Windows\System\APuBzUZ.exe
  C:\Windows\System\APuBzUZ.exe
  2⤵
  PID:7224
- C:\Windows\System\tUEkTve.exe
  C:\Windows\System\tUEkTve.exe
  2⤵
  PID:6812
- C:\Windows\System\vTIPAGV.exe
  C:\Windows\System\vTIPAGV.exe
  2⤵
  PID:7296
- C:\Windows\System\qfUXTjX.exe
  C:\Windows\System\qfUXTjX.exe
  2⤵
  PID:7436
- C:\Windows\System\yJApsxu.exe
  C:\Windows\System\yJApsxu.exe
  2⤵
  PID:7388
- C:\Windows\System\MpwDbRY.exe
  C:\Windows\System\MpwDbRY.exe
  2⤵
  PID:7468
- C:\Windows\System\qGnNhjN.exe
  C:\Windows\System\qGnNhjN.exe
  2⤵
  PID:7324
- C:\Windows\System\vAednIa.exe
  C:\Windows\System\vAednIa.exe
  2⤵
  PID:7364
- C:\Windows\System\GSNtRHr.exe
  C:\Windows\System\GSNtRHr.exe
  2⤵
  PID:7412
- C:\Windows\System\ynpLLhA.exe
  C:\Windows\System\ynpLLhA.exe
  2⤵
  PID:7516
- C:\Windows\System\kOVvwIQ.exe
  C:\Windows\System\kOVvwIQ.exe
  2⤵
  PID:7536
- C:\Windows\System\xdDDVJg.exe
  C:\Windows\System\xdDDVJg.exe
  2⤵
  PID:7600
- C:\Windows\System\AXkdGsd.exe
  C:\Windows\System\AXkdGsd.exe
  2⤵
  PID:7392
- C:\Windows\System\eOPRBus.exe
  C:\Windows\System\eOPRBus.exe
  2⤵
  PID:7704
- C:\Windows\System\RLZWARV.exe
  C:\Windows\System\RLZWARV.exe
  2⤵
  PID:7744
- C:\Windows\System\jWZvkLm.exe
  C:\Windows\System\jWZvkLm.exe
  2⤵
  PID:7620
- C:\Windows\System\XDOrWqb.exe
  C:\Windows\System\XDOrWqb.exe
  2⤵
  PID:7688
- C:\Windows\System\BfoZCwv.exe
  C:\Windows\System\BfoZCwv.exe
  2⤵
  PID:7764
- C:\Windows\System\WPWBoGV.exe
  C:\Windows\System\WPWBoGV.exe
  2⤵
  PID:1348
- C:\Windows\System\FEpWfhz.exe
  C:\Windows\System\FEpWfhz.exe
  2⤵
  PID:7896
- C:\Windows\System\IPApeNr.exe
  C:\Windows\System\IPApeNr.exe
  2⤵
  PID:7944
- C:\Windows\System\ImPYVAS.exe
  C:\Windows\System\ImPYVAS.exe
  2⤵
  PID:7868
- C:\Windows\System\zrTVjbO.exe
  C:\Windows\System\zrTVjbO.exe
  2⤵
  PID:7924
- C:\Windows\System\jSuUlOU.exe
  C:\Windows\System\jSuUlOU.exe
  2⤵
  PID:7968
- C:\Windows\System\gscJvpA.exe
  C:\Windows\System\gscJvpA.exe
  2⤵
  PID:7836
- C:\Windows\System\MDUZwnQ.exe
  C:\Windows\System\MDUZwnQ.exe
  2⤵
  PID:7976
- C:\Windows\System\aICXrqg.exe
  C:\Windows\System\aICXrqg.exe
  2⤵
  PID:8020
- C:\Windows\System\polsYMs.exe
  C:\Windows\System\polsYMs.exe
  2⤵
  PID:8044
- C:\Windows\System\mgQhcUg.exe
  C:\Windows\System\mgQhcUg.exe
  2⤵
  PID:8080
- C:\Windows\System\UXhyyRE.exe
  C:\Windows\System\UXhyyRE.exe
  2⤵
  PID:8132
- C:\Windows\System\msQaDSC.exe
  C:\Windows\System\msQaDSC.exe
  2⤵
  PID:8148
- C:\Windows\System\nlfRypw.exe
  C:\Windows\System\nlfRypw.exe
  2⤵
  PID:628
- C:\Windows\System\JeJRESp.exe
  C:\Windows\System\JeJRESp.exe
  2⤵
  PID:6752
- C:\Windows\System\FkTgnFJ.exe
  C:\Windows\System\FkTgnFJ.exe
  2⤵
  PID:684
- C:\Windows\System\wKaSxyD.exe
  C:\Windows\System\wKaSxyD.exe
  2⤵
  PID:7260
- C:\Windows\System\rgbihRF.exe
  C:\Windows\System\rgbihRF.exe
  2⤵
  PID:7276
- C:\Windows\System\JinLjEy.exe
  C:\Windows\System\JinLjEy.exe
  2⤵
  PID:7356
- C:\Windows\System\lhVtdWT.exe
  C:\Windows\System\lhVtdWT.exe
  2⤵
  PID:7484
- C:\Windows\System\VRxYevi.exe
  C:\Windows\System\VRxYevi.exe
  2⤵
  PID:7700
- C:\Windows\System\mnBsAQp.exe
  C:\Windows\System\mnBsAQp.exe
  2⤵
  PID:7584
- C:\Windows\System\XQanVhg.exe
  C:\Windows\System\XQanVhg.exe
  2⤵
  PID:7408
- C:\Windows\System\wTUnhis.exe
  C:\Windows\System\wTUnhis.exe
  2⤵
  PID:7068
- C:\Windows\System\CKGYmhC.exe
  C:\Windows\System\CKGYmhC.exe
  2⤵
  PID:2604
- C:\Windows\System\OCUdgma.exe
  C:\Windows\System\OCUdgma.exe
  2⤵
  PID:7340
- C:\Windows\System\NfbzBBG.exe
  C:\Windows\System\NfbzBBG.exe
  2⤵
  PID:7372
- C:\Windows\System\LZyoODL.exe
  C:\Windows\System\LZyoODL.exe
  2⤵
  PID:7712
- C:\Windows\System\TnGXrAY.exe
  C:\Windows\System\TnGXrAY.exe
  2⤵
  PID:768
- C:\Windows\System\RzysNBJ.exe
  C:\Windows\System\RzysNBJ.exe
  2⤵
  PID:7680
- C:\Windows\System\ahxKKiJ.exe
  C:\Windows\System\ahxKKiJ.exe
  2⤵
  PID:7852
- C:\Windows\System\CgQnTiI.exe
  C:\Windows\System\CgQnTiI.exe
  2⤵
  PID:7912
- C:\Windows\System\MRMZHwn.exe
  C:\Windows\System\MRMZHwn.exe
  2⤵
  PID:7892
- C:\Windows\System\OHieNxk.exe
  C:\Windows\System\OHieNxk.exe
  2⤵
  PID:7964
- C:\Windows\System\UIwADCK.exe
  C:\Windows\System\UIwADCK.exe
  2⤵
  PID:7832
- C:\Windows\System\DRxsGrr.exe
  C:\Windows\System\DRxsGrr.exe
  2⤵
  PID:8024
- C:\Windows\System\ZzCVMvn.exe
  C:\Windows\System\ZzCVMvn.exe
  2⤵
  PID:8064
- C:\Windows\System\KDRSqLV.exe
  C:\Windows\System\KDRSqLV.exe
  2⤵
  PID:8100
- C:\Windows\System\mKEzDqJ.exe
  C:\Windows\System\mKEzDqJ.exe
  2⤵
  PID:8076
- C:\Windows\System\NtGPZRd.exe
  C:\Windows\System\NtGPZRd.exe
  2⤵
  PID:8180
- C:\Windows\System\XnmroZX.exe
  C:\Windows\System\XnmroZX.exe
  2⤵
  PID:6936
- C:\Windows\System\DPBUFaG.exe
  C:\Windows\System\DPBUFaG.exe
  2⤵
  PID:7668
- C:\Windows\System\dOUucip.exe
  C:\Windows\System\dOUucip.exe
  2⤵
  PID:7208
- C:\Windows\System\YLoOwjJ.exe
  C:\Windows\System\YLoOwjJ.exe
  2⤵
  PID:7524
- C:\Windows\System\vPJtVLJ.exe
  C:\Windows\System\vPJtVLJ.exe
  2⤵
  PID:7452
- C:\Windows\System\wtIKiag.exe
  C:\Windows\System\wtIKiag.exe
  2⤵
  PID:1364
- C:\Windows\System\bBikQSu.exe
  C:\Windows\System\bBikQSu.exe
  2⤵
  PID:7580
- C:\Windows\System\xYraLol.exe
  C:\Windows\System\xYraLol.exe
  2⤵
  PID:7236
- C:\Windows\System\TXhSUaH.exe
  C:\Windows\System\TXhSUaH.exe
  2⤵
  PID:7616
- C:\Windows\System\ZsQnFmn.exe
  C:\Windows\System\ZsQnFmn.exe
  2⤵
  PID:7972
- C:\Windows\System\vctITxi.exe
  C:\Windows\System\vctITxi.exe
  2⤵
  PID:8128
- C:\Windows\System\csjABUv.exe
  C:\Windows\System\csjABUv.exe
  2⤵
  PID:7180
- C:\Windows\System\eYwjKTl.exe
  C:\Windows\System\eYwjKTl.exe
  2⤵
  PID:7908
- C:\Windows\System\LlOAgNu.exe
  C:\Windows\System\LlOAgNu.exe
  2⤵
  PID:7812
- C:\Windows\System\fUvlkzM.exe
  C:\Windows\System\fUvlkzM.exe
  2⤵
  PID:1632
- C:\Windows\System\izepLCX.exe
  C:\Windows\System\izepLCX.exe
  2⤵
  PID:7684
- C:\Windows\System\RvggJxO.exe
  C:\Windows\System\RvggJxO.exe
  2⤵
  PID:7904
- C:\Windows\System\rCRhNEg.exe
  C:\Windows\System\rCRhNEg.exe
  2⤵
  PID:8200
- C:\Windows\System\npeFVxE.exe
  C:\Windows\System\npeFVxE.exe
  2⤵
  PID:8216
- C:\Windows\System\xzFxYjI.exe
  C:\Windows\System\xzFxYjI.exe
  2⤵
  PID:8232
- C:\Windows\System\rDrzPix.exe
  C:\Windows\System\rDrzPix.exe
  2⤵
  PID:8248
- C:\Windows\System\ESIAzLh.exe
  C:\Windows\System\ESIAzLh.exe
  2⤵
  PID:8264
- C:\Windows\System\KrJGmQn.exe
  C:\Windows\System\KrJGmQn.exe
  2⤵
  PID:8280
- C:\Windows\System\dGzJOjR.exe
  C:\Windows\System\dGzJOjR.exe
  2⤵
  PID:8296
- C:\Windows\System\jAOQSKw.exe
  C:\Windows\System\jAOQSKw.exe
  2⤵
  PID:8312
- C:\Windows\System\JkJDuxU.exe
  C:\Windows\System\JkJDuxU.exe
  2⤵
  PID:8328
- C:\Windows\System\hvNfrJD.exe
  C:\Windows\System\hvNfrJD.exe
  2⤵
  PID:8348
- C:\Windows\System\lVXXOCC.exe
  C:\Windows\System\lVXXOCC.exe
  2⤵
  PID:8368
- C:\Windows\System\whkBVxQ.exe
  C:\Windows\System\whkBVxQ.exe
  2⤵
  PID:8392
- C:\Windows\System\wcjfzbm.exe
  C:\Windows\System\wcjfzbm.exe
  2⤵
  PID:8408
- C:\Windows\System\JsdmSPY.exe
  C:\Windows\System\JsdmSPY.exe
  2⤵
  PID:8424
- C:\Windows\System\NNomBEr.exe
  C:\Windows\System\NNomBEr.exe
  2⤵
  PID:8440
- C:\Windows\System\XqgWZqO.exe
  C:\Windows\System\XqgWZqO.exe
  2⤵
  PID:8464
- C:\Windows\System\TfiCoYL.exe
  C:\Windows\System\TfiCoYL.exe
  2⤵
  PID:8484
- C:\Windows\System\HXuudqV.exe
  C:\Windows\System\HXuudqV.exe
  2⤵
  PID:8500
- C:\Windows\System\eZRlDUq.exe
  C:\Windows\System\eZRlDUq.exe
  2⤵
  PID:8516
- C:\Windows\System\ofqwHEb.exe
  C:\Windows\System\ofqwHEb.exe
  2⤵
  PID:8532
- C:\Windows\System\IUeApQC.exe
  C:\Windows\System\IUeApQC.exe
  2⤵
  PID:8548
- C:\Windows\System\tVlHGKe.exe
  C:\Windows\System\tVlHGKe.exe
  2⤵
  PID:8564
- C:\Windows\System\nqmFuNN.exe
  C:\Windows\System\nqmFuNN.exe
  2⤵
  PID:8580
- C:\Windows\System\QiFLevQ.exe
  C:\Windows\System\QiFLevQ.exe
  2⤵
  PID:8596
- C:\Windows\System\FEcOyRj.exe
  C:\Windows\System\FEcOyRj.exe
  2⤵
  PID:8612
- C:\Windows\System\NuODzlx.exe
  C:\Windows\System\NuODzlx.exe
  2⤵
  PID:8628
- C:\Windows\System\ymEICMP.exe
  C:\Windows\System\ymEICMP.exe
  2⤵
  PID:8644
- C:\Windows\System\doZIMRP.exe
  C:\Windows\System\doZIMRP.exe
  2⤵
  PID:8660
- C:\Windows\System\ScgMqPx.exe
  C:\Windows\System\ScgMqPx.exe
  2⤵
  PID:8676
- C:\Windows\System\ShRfziz.exe
  C:\Windows\System\ShRfziz.exe
  2⤵
  PID:8692
- C:\Windows\System\nknSllW.exe
  C:\Windows\System\nknSllW.exe
  2⤵
  PID:8708
- C:\Windows\System\VVRnaWq.exe
  C:\Windows\System\VVRnaWq.exe
  2⤵
  PID:8724
- C:\Windows\System\llytiDD.exe
  C:\Windows\System\llytiDD.exe
  2⤵
  PID:8740
- C:\Windows\System\zzNiyqS.exe
  C:\Windows\System\zzNiyqS.exe
  2⤵
  PID:8756
- C:\Windows\System\VlyfUcS.exe
  C:\Windows\System\VlyfUcS.exe
  2⤵
  PID:8772
- C:\Windows\System\YvGJJaL.exe
  C:\Windows\System\YvGJJaL.exe
  2⤵
  PID:8788
- C:\Windows\System\ItaUGcJ.exe
  C:\Windows\System\ItaUGcJ.exe
  2⤵
  PID:8804
- C:\Windows\System\KLAzgjF.exe
  C:\Windows\System\KLAzgjF.exe
  2⤵
  PID:8820
- C:\Windows\System\MyaXqdk.exe
  C:\Windows\System\MyaXqdk.exe
  2⤵
  PID:8836
- C:\Windows\System\NvPlhmM.exe
  C:\Windows\System\NvPlhmM.exe
  2⤵
  PID:8852
- C:\Windows\System\JqSLLan.exe
  C:\Windows\System\JqSLLan.exe
  2⤵
  PID:8868
- C:\Windows\System\ptfDdLe.exe
  C:\Windows\System\ptfDdLe.exe
  2⤵
  PID:8884
- C:\Windows\System\qCEdszU.exe
  C:\Windows\System\qCEdszU.exe
  2⤵
  PID:8900
- C:\Windows\System\rujrkop.exe
  C:\Windows\System\rujrkop.exe
  2⤵
  PID:8916
- C:\Windows\System\OhvmxSW.exe
  C:\Windows\System\OhvmxSW.exe
  2⤵
  PID:8932
- C:\Windows\System\WqvgPhQ.exe
  C:\Windows\System\WqvgPhQ.exe
  2⤵
  PID:8952
- C:\Windows\System\GrgafIb.exe
  C:\Windows\System\GrgafIb.exe
  2⤵
  PID:8972
- C:\Windows\System\SgwiddL.exe
  C:\Windows\System\SgwiddL.exe
  2⤵
  PID:8988
- C:\Windows\System\tQMrrsf.exe
  C:\Windows\System\tQMrrsf.exe
  2⤵
  PID:9008
- C:\Windows\System\YEjeEsz.exe
  C:\Windows\System\YEjeEsz.exe
  2⤵
  PID:9024
- C:\Windows\System\IQFclfL.exe
  C:\Windows\System\IQFclfL.exe
  2⤵
  PID:9040
- C:\Windows\System\QJJEcWk.exe
  C:\Windows\System\QJJEcWk.exe
  2⤵
  PID:9080
- C:\Windows\System\TTjsQYX.exe
  C:\Windows\System\TTjsQYX.exe
  2⤵
  PID:9096
- C:\Windows\System\BuBwcxE.exe
  C:\Windows\System\BuBwcxE.exe
  2⤵
  PID:9112
- C:\Windows\System\QUTGkEn.exe
  C:\Windows\System\QUTGkEn.exe
  2⤵
  PID:9128
- C:\Windows\System\rnmQKeT.exe
  C:\Windows\System\rnmQKeT.exe
  2⤵
  PID:9144
- C:\Windows\System\zoaDKGU.exe
  C:\Windows\System\zoaDKGU.exe
  2⤵
  PID:9160
- C:\Windows\System\rNmhbEU.exe
  C:\Windows\System\rNmhbEU.exe
  2⤵
  PID:9176
- C:\Windows\System\tDBZItb.exe
  C:\Windows\System\tDBZItb.exe
  2⤵
  PID:9192
- C:\Windows\System\fFPJyjb.exe
  C:\Windows\System\fFPJyjb.exe
  2⤵
  PID:9208
- C:\Windows\System\Kyjdiym.exe
  C:\Windows\System\Kyjdiym.exe
  2⤵
  PID:8208
- C:\Windows\System\tdbOOdV.exe
  C:\Windows\System\tdbOOdV.exe
  2⤵
  PID:8272
- C:\Windows\System\JBrRIqg.exe
  C:\Windows\System\JBrRIqg.exe
  2⤵
  PID:7504
- C:\Windows\System\lJTCkKH.exe
  C:\Windows\System\lJTCkKH.exe
  2⤵
  PID:8304
- C:\Windows\System\HiaHNoG.exe
  C:\Windows\System\HiaHNoG.exe
  2⤵
  PID:8164
- C:\Windows\System\bbEzpWt.exe
  C:\Windows\System\bbEzpWt.exe
  2⤵
  PID:1904
- C:\Windows\System\GzHAewm.exe
  C:\Windows\System\GzHAewm.exe
  2⤵
  PID:5980
- C:\Windows\System\quocdUG.exe
  C:\Windows\System\quocdUG.exe
  2⤵
  PID:8196
- C:\Windows\System\RiYknWW.exe
  C:\Windows\System\RiYknWW.exe
  2⤵
  PID:8260
- C:\Windows\System\OymKHjM.exe
  C:\Windows\System\OymKHjM.exe
  2⤵
  PID:8356
- C:\Windows\System\QrOYASj.exe
  C:\Windows\System\QrOYASj.exe
  2⤵
  PID:8376
- C:\Windows\System\oSbtlNp.exe
  C:\Windows\System\oSbtlNp.exe
  2⤵
  PID:8404
- C:\Windows\System\jmnAcvF.exe
  C:\Windows\System\jmnAcvF.exe
  2⤵
  PID:8452
- C:\Windows\System\apqkNXO.exe
  C:\Windows\System\apqkNXO.exe
  2⤵
  PID:8456
- C:\Windows\System\UruKCgg.exe
  C:\Windows\System\UruKCgg.exe
  2⤵
  PID:8524
- C:\Windows\System\amAJnIS.exe
  C:\Windows\System\amAJnIS.exe
  2⤵
  PID:8508
- C:\Windows\System\kHkLjXm.exe
  C:\Windows\System\kHkLjXm.exe
  2⤵
  PID:8540
- C:\Windows\System\swRTJGO.exe
  C:\Windows\System\swRTJGO.exe
  2⤵
  PID:8592
- C:\Windows\System\tjyarsV.exe
  C:\Windows\System\tjyarsV.exe
  2⤵
  PID:8620
- C:\Windows\System\jAWrceL.exe
  C:\Windows\System\jAWrceL.exe
  2⤵
  PID:8684
- C:\Windows\System\Khlokwo.exe
  C:\Windows\System\Khlokwo.exe
  2⤵
  PID:8668
- C:\Windows\System\YZuwjwU.exe
  C:\Windows\System\YZuwjwU.exe
  2⤵
  PID:8736
- C:\Windows\System\KGQccNO.exe
  C:\Windows\System\KGQccNO.exe
  2⤵
  PID:8752
- C:\Windows\System\HFSPqrY.exe
  C:\Windows\System\HFSPqrY.exe
  2⤵
  PID:8844
- C:\Windows\System\tNBKOaX.exe
  C:\Windows\System\tNBKOaX.exe
  2⤵
  PID:8908
- C:\Windows\System\jcDQRfE.exe
  C:\Windows\System\jcDQRfE.exe
  2⤵
  PID:8768
- C:\Windows\System\ENmQqJw.exe
  C:\Windows\System\ENmQqJw.exe
  2⤵
  PID:8832
- C:\Windows\System\gzkJJsU.exe
  C:\Windows\System\gzkJJsU.exe
  2⤵
  PID:8924
- C:\Windows\System\BTEWPKn.exe
  C:\Windows\System\BTEWPKn.exe
  2⤵
  PID:8928
- C:\Windows\System\xTGtQxX.exe
  C:\Windows\System\xTGtQxX.exe
  2⤵
  PID:9016
- C:\Windows\System\pmWsCnH.exe
  C:\Windows\System\pmWsCnH.exe
  2⤵
  PID:9004
- C:\Windows\System\TXbcikU.exe
  C:\Windows\System\TXbcikU.exe
  2⤵
  PID:9048
- C:\Windows\System\FjPiNZY.exe
  C:\Windows\System\FjPiNZY.exe
  2⤵
  PID:9060
- C:\Windows\System\wWzURtO.exe
  C:\Windows\System\wWzURtO.exe
  2⤵
  PID:9092
- C:\Windows\System\uCObPPK.exe
  C:\Windows\System\uCObPPK.exe
  2⤵
  PID:9136
- C:\Windows\System\fahNUCB.exe
  C:\Windows\System\fahNUCB.exe
  2⤵
  PID:8240
- C:\Windows\System\dqpJkeN.exe
  C:\Windows\System\dqpJkeN.exe
  2⤵
  PID:7780
- C:\Windows\System\wtnrRCt.exe
  C:\Windows\System\wtnrRCt.exe
  2⤵
  PID:8228
- C:\Windows\System\FlIriKu.exe
  C:\Windows\System\FlIriKu.exe
  2⤵
  PID:9152
- C:\Windows\System\yukePIm.exe
  C:\Windows\System\yukePIm.exe
  2⤵
  PID:2956
- C:\Windows\System\zYLGpLT.exe
  C:\Windows\System\zYLGpLT.exe
  2⤵
  PID:8360
- C:\Windows\System\zDFdaAq.exe
  C:\Windows\System\zDFdaAq.exe
  2⤵
  PID:8420
- C:\Windows\System\dGBFuza.exe
  C:\Windows\System\dGBFuza.exe
  2⤵
  PID:8292
- C:\Windows\System\KJXLlqZ.exe
  C:\Windows\System\KJXLlqZ.exe
  2⤵
  PID:8480
- C:\Windows\System\NcucpwK.exe
  C:\Windows\System\NcucpwK.exe
  2⤵
  PID:8656
- C:\Windows\System\dLjkbgo.exe
  C:\Windows\System\dLjkbgo.exe
  2⤵
  PID:8556
- C:\Windows\System\VFWGeNZ.exe
  C:\Windows\System\VFWGeNZ.exe
  2⤵
  PID:8636
- C:\Windows\System\aoqdbZz.exe
  C:\Windows\System\aoqdbZz.exe
  2⤵
  PID:8784
- C:\Windows\System\ChjIZMO.exe
  C:\Windows\System\ChjIZMO.exe
  2⤵
  PID:8880
- C:\Windows\System\oZwlGlo.exe
  C:\Windows\System\oZwlGlo.exe
  2⤵
  PID:8960
- C:\Windows\System\eiUjOFs.exe
  C:\Windows\System\eiUjOFs.exe
  2⤵
  PID:8800
- C:\Windows\System\IZCCbAB.exe
  C:\Windows\System\IZCCbAB.exe
  2⤵
  PID:8996
- C:\Windows\System\RPbzEff.exe
  C:\Windows\System\RPbzEff.exe
  2⤵
  PID:8984
- C:\Windows\System\PUrgRZr.exe
  C:\Windows\System\PUrgRZr.exe
  2⤵
  PID:9088
- C:\Windows\System\LdRPqwY.exe
  C:\Windows\System\LdRPqwY.exe
  2⤵
  PID:2432
- C:\Windows\System\GDPqrNr.exe
  C:\Windows\System\GDPqrNr.exe
  2⤵
  PID:2060
- C:\Windows\System\uOuFvdx.exe
  C:\Windows\System\uOuFvdx.exe
  2⤵
  PID:9188
- C:\Windows\System\LmDvAxb.exe
  C:\Windows\System\LmDvAxb.exe
  2⤵
  PID:2936
- C:\Windows\System\suQUnTL.exe
  C:\Windows\System\suQUnTL.exe
  2⤵
  PID:8472
- C:\Windows\System\WBbHhoP.exe
  C:\Windows\System\WBbHhoP.exe
  2⤵
  PID:8720
- C:\Windows\System\OibgnDO.exe
  C:\Windows\System\OibgnDO.exe
  2⤵
  PID:8400
- C:\Windows\System\rWsDheJ.exe
  C:\Windows\System\rWsDheJ.exe
  2⤵
  PID:8576
- C:\Windows\System\VxmnKCQ.exe
  C:\Windows\System\VxmnKCQ.exe
  2⤵
  PID:8608
- C:\Windows\System\iVJztJI.exe
  C:\Windows\System\iVJztJI.exe
  2⤵
  PID:8764
- C:\Windows\System\dVMYqew.exe
  C:\Windows\System\dVMYqew.exe
  2⤵
  PID:9036
- C:\Windows\System\mtNmEUL.exe
  C:\Windows\System\mtNmEUL.exe
  2⤵
  PID:9124
- C:\Windows\System\IjALSaw.exe
  C:\Windows\System\IjALSaw.exe
  2⤵
  PID:9072
- C:\Windows\System\WdXLUpT.exe
  C:\Windows\System\WdXLUpT.exe
  2⤵
  PID:9172
- C:\Windows\System\UGlZMhw.exe
  C:\Windows\System\UGlZMhw.exe
  2⤵
  PID:8812
- C:\Windows\System\xbjTKhp.exe
  C:\Windows\System\xbjTKhp.exe
  2⤵
  PID:2396
- C:\Windows\System\ByCgULv.exe
  C:\Windows\System\ByCgULv.exe
  2⤵
  PID:8588
- C:\Windows\System\zJcCXbA.exe
  C:\Windows\System\zJcCXbA.exe
  2⤵
  PID:9108
- C:\Windows\System\yIhdFUh.exe
  C:\Windows\System\yIhdFUh.exe
  2⤵
  PID:2024
- C:\Windows\System\IwDBzHN.exe
  C:\Windows\System\IwDBzHN.exe
  2⤵
  PID:7204
- C:\Windows\System\jFZZnku.exe
  C:\Windows\System\jFZZnku.exe
  2⤵
  PID:9220
- C:\Windows\System\kJZsaXF.exe
  C:\Windows\System\kJZsaXF.exe
  2⤵
  PID:9240
- C:\Windows\System\isvhNlG.exe
  C:\Windows\System\isvhNlG.exe
  2⤵
  PID:9256
- C:\Windows\System\TMMWEdc.exe
  C:\Windows\System\TMMWEdc.exe
  2⤵
  PID:9272
- C:\Windows\System\tgoBmwF.exe
  C:\Windows\System\tgoBmwF.exe
  2⤵
  PID:9288
- C:\Windows\System\SGzalzR.exe
  C:\Windows\System\SGzalzR.exe
  2⤵
  PID:9304
- C:\Windows\System\YfFSQDt.exe
  C:\Windows\System\YfFSQDt.exe
  2⤵
  PID:9320
- C:\Windows\System\RaAZIGH.exe
  C:\Windows\System\RaAZIGH.exe
  2⤵
  PID:9336
- C:\Windows\System\tbYEMXR.exe
  C:\Windows\System\tbYEMXR.exe
  2⤵
  PID:9352
- C:\Windows\System\kwZitwy.exe
  C:\Windows\System\kwZitwy.exe
  2⤵
  PID:9368
- C:\Windows\System\SqjmnhV.exe
  C:\Windows\System\SqjmnhV.exe
  2⤵
  PID:9384
- C:\Windows\System\JDeZHsp.exe
  C:\Windows\System\JDeZHsp.exe
  2⤵
  PID:9400
- C:\Windows\System\HWybUTK.exe
  C:\Windows\System\HWybUTK.exe
  2⤵
  PID:9416
- C:\Windows\System\wqOFQEm.exe
  C:\Windows\System\wqOFQEm.exe
  2⤵
  PID:9432
- C:\Windows\System\VrxZcua.exe
  C:\Windows\System\VrxZcua.exe
  2⤵
  PID:9448
- C:\Windows\System\iCkBbSj.exe
  C:\Windows\System\iCkBbSj.exe
  2⤵
  PID:9464
- C:\Windows\System\GmrhTwt.exe
  C:\Windows\System\GmrhTwt.exe
  2⤵
  PID:9480
- C:\Windows\System\vFkmpUj.exe
  C:\Windows\System\vFkmpUj.exe
  2⤵
  PID:9496
- C:\Windows\System\bpPLckv.exe
  C:\Windows\System\bpPLckv.exe
  2⤵
  PID:9512
- C:\Windows\System\QJmEDBr.exe
  C:\Windows\System\QJmEDBr.exe
  2⤵
  PID:9528
- C:\Windows\System\hpSfWTI.exe
  C:\Windows\System\hpSfWTI.exe
  2⤵
  PID:9544
- C:\Windows\System\vRFlzUG.exe
  C:\Windows\System\vRFlzUG.exe
  2⤵
  PID:9560
- C:\Windows\System\oSXiNbW.exe
  C:\Windows\System\oSXiNbW.exe
  2⤵
  PID:9576
- C:\Windows\System\bxbIfIO.exe
  C:\Windows\System\bxbIfIO.exe
  2⤵
  PID:9592
- C:\Windows\System\BReGiLp.exe
  C:\Windows\System\BReGiLp.exe
  2⤵
  PID:9608
- C:\Windows\System\VNRZDFC.exe
  C:\Windows\System\VNRZDFC.exe
  2⤵
  PID:9624
- C:\Windows\System\jDoJpeb.exe
  C:\Windows\System\jDoJpeb.exe
  2⤵
  PID:9664
- C:\Windows\System\cnqaVtK.exe
  C:\Windows\System\cnqaVtK.exe
  2⤵
  PID:9680
- C:\Windows\System\fkJfrta.exe
  C:\Windows\System\fkJfrta.exe
  2⤵
  PID:9736
- C:\Windows\System\NTlcNMy.exe
  C:\Windows\System\NTlcNMy.exe
  2⤵
  PID:9752
- C:\Windows\System\GAgneYM.exe
  C:\Windows\System\GAgneYM.exe
  2⤵
  PID:9768
- C:\Windows\System\STYagTM.exe
  C:\Windows\System\STYagTM.exe
  2⤵
  PID:9788
- C:\Windows\System\OmFsEpv.exe
  C:\Windows\System\OmFsEpv.exe
  2⤵
  PID:9808
- C:\Windows\System\OMXDGyw.exe
  C:\Windows\System\OMXDGyw.exe
  2⤵
  PID:9824
- C:\Windows\System\jtEiqrC.exe
  C:\Windows\System\jtEiqrC.exe
  2⤵
  PID:9848
- C:\Windows\System\mXfgATB.exe
  C:\Windows\System\mXfgATB.exe
  2⤵
  PID:9868
- C:\Windows\System\LofPcfX.exe
  C:\Windows\System\LofPcfX.exe
  2⤵
  PID:9884
- C:\Windows\System\nusTPfu.exe
  C:\Windows\System\nusTPfu.exe
  2⤵
  PID:9904
- C:\Windows\System\yNrjnlk.exe
  C:\Windows\System\yNrjnlk.exe
  2⤵
  PID:9948
- C:\Windows\System\jXoWods.exe
  C:\Windows\System\jXoWods.exe
  2⤵
  PID:9972
- C:\Windows\System\anImLOk.exe
  C:\Windows\System\anImLOk.exe
  2⤵
  PID:10000
- C:\Windows\System\iraUOKe.exe
  C:\Windows\System\iraUOKe.exe
  2⤵
  PID:10036
- C:\Windows\System\aWQYZrB.exe
  C:\Windows\System\aWQYZrB.exe
  2⤵
  PID:10092
- C:\Windows\System\mNPwMxa.exe
  C:\Windows\System\mNPwMxa.exe
  2⤵
  PID:10220
- C:\Windows\System\LcgyTWn.exe
  C:\Windows\System\LcgyTWn.exe
  2⤵
  PID:10236
- C:\Windows\System\GTXdySr.exe
  C:\Windows\System\GTXdySr.exe
  2⤵
  PID:8256
- C:\Windows\System\YHGoAFu.exe
  C:\Windows\System\YHGoAFu.exe
  2⤵
  PID:9120
- C:\Windows\System\ECDngmK.exe
  C:\Windows\System\ECDngmK.exe
  2⤵
  PID:9232
- C:\Windows\System\aNZczay.exe
  C:\Windows\System\aNZczay.exe
  2⤵
  PID:9284
- C:\Windows\System\KUdhaKw.exe
  C:\Windows\System\KUdhaKw.exe
  2⤵
  PID:9376
- C:\Windows\System\iQnIrOs.exe
  C:\Windows\System\iQnIrOs.exe
  2⤵
  PID:9316
- C:\Windows\System\iNDUlDA.exe
  C:\Windows\System\iNDUlDA.exe
  2⤵
  PID:9328
- C:\Windows\System\KlBAzld.exe
  C:\Windows\System\KlBAzld.exe
  2⤵
  PID:9476
- C:\Windows\System\eBuRQnv.exe
  C:\Windows\System\eBuRQnv.exe
  2⤵
  PID:9636
- C:\Windows\System\QRWdvdl.exe
  C:\Windows\System\QRWdvdl.exe
  2⤵
  PID:9588
- C:\Windows\System\DoraloF.exe
  C:\Windows\System\DoraloF.exe
  2⤵
  PID:9696
- C:\Windows\System\DXLEjwa.exe
  C:\Windows\System\DXLEjwa.exe
  2⤵
  PID:9712
- C:\Windows\System\ayjCSIx.exe
  C:\Windows\System\ayjCSIx.exe
  2⤵
  PID:9784
- C:\Windows\System\HIzrzzq.exe
  C:\Windows\System\HIzrzzq.exe
  2⤵
  PID:9936
- C:\Windows\System\oYGhGAf.exe
  C:\Windows\System\oYGhGAf.exe
  2⤵
  PID:10044
- C:\Windows\System\alFgNGe.exe
  C:\Windows\System\alFgNGe.exe
  2⤵
  PID:10052
- C:\Windows\System\NGCEZLa.exe
  C:\Windows\System\NGCEZLa.exe
  2⤵
  PID:10068
- C:\Windows\System\KuTsARg.exe
  C:\Windows\System\KuTsARg.exe
  2⤵
  PID:10084
- C:\Windows\System\glupXtM.exe
  C:\Windows\System\glupXtM.exe
  2⤵
  PID:10184
- C:\Windows\System\SgmYUhh.exe
  C:\Windows\System\SgmYUhh.exe
  2⤵
  PID:10204
- C:\Windows\System\YZcNQMP.exe
  C:\Windows\System\YZcNQMP.exe
  2⤵
  PID:10116
- C:\Windows\System\bAXbvdJ.exe
  C:\Windows\System\bAXbvdJ.exe
  2⤵
  PID:10152
- C:\Windows\System\LMTeqqw.exe
  C:\Windows\System\LMTeqqw.exe
  2⤵
  PID:10172
- C:\Windows\System\nhUJxZw.exe
  C:\Windows\System\nhUJxZw.exe
  2⤵
  PID:9056
- C:\Windows\System\AZQuKkM.exe
  C:\Windows\System\AZQuKkM.exe
  2⤵
  PID:10196
- C:\Windows\System\MMrjjuC.exe
  C:\Windows\System\MMrjjuC.exe
  2⤵
  PID:9348
- C:\Windows\System\nIxmSDO.exe
  C:\Windows\System\nIxmSDO.exe
  2⤵
  PID:9268
- C:\Windows\System\swaAVxY.exe
  C:\Windows\System\swaAVxY.exe
  2⤵
  PID:9360
- C:\Windows\System\DtlQPZA.exe
  C:\Windows\System\DtlQPZA.exe
  2⤵
  PID:9804
- C:\Windows\System\xHjQSsL.exe
  C:\Windows\System\xHjQSsL.exe
  2⤵
  PID:9632
- C:\Windows\System\lWOkNnJ.exe
  C:\Windows\System\lWOkNnJ.exe
  2⤵
  PID:9472
- C:\Windows\System\WNqqVOz.exe
  C:\Windows\System\WNqqVOz.exe
  2⤵
  PID:9556
- C:\Windows\System\PmkUztc.exe
  C:\Windows\System\PmkUztc.exe
  2⤵
  PID:9540
- C:\Windows\System\mSKfIec.exe
  C:\Windows\System\mSKfIec.exe
  2⤵
  PID:9648
- C:\Windows\System\DnoPkWi.exe
  C:\Windows\System\DnoPkWi.exe
  2⤵
  PID:9688
- C:\Windows\System\ijwROVV.exe
  C:\Windows\System\ijwROVV.exe
  2⤵
  PID:7596
- C:\Windows\System\yEEdSwg.exe
  C:\Windows\System\yEEdSwg.exe
  2⤵
  PID:9744
- C:\Windows\System\GDIbMDz.exe
  C:\Windows\System\GDIbMDz.exe
  2⤵
  PID:9764
- C:\Windows\System\TULiUUF.exe
  C:\Windows\System\TULiUUF.exe
  2⤵
  PID:9832
- C:\Windows\System\vgRiVQe.exe
  C:\Windows\System\vgRiVQe.exe
  2⤵
  PID:9860
- C:\Windows\System\gpZZgmx.exe
  C:\Windows\System\gpZZgmx.exe
  2⤵
  PID:9880
- C:\Windows\System\ayLloLS.exe
  C:\Windows\System\ayLloLS.exe
  2⤵
  PID:9856
- C:\Windows\System\ngGQcNv.exe
  C:\Windows\System\ngGQcNv.exe
  2⤵
  PID:9956
- C:\Windows\System\kVTckjD.exe
  C:\Windows\System\kVTckjD.exe
  2⤵
  PID:9988
- C:\Windows\System\DMSDbDt.exe
  C:\Windows\System\DMSDbDt.exe
  2⤵
  PID:10016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\Agxixru.exe

Filesize
6.0MB

MD5
4289a3b8480ec1fb7df960b192cadfbb

SHA1
42755e28ad10f201bf20d560c5c8732f99ab7f9e

SHA256
76687cb5b7225f7d7bf4b130a94b64dd601c9238678c23f76482f277d7eb9530

SHA512
be1da7aab4c6a1580de0b7e9d4de438b525801a42dd4855466a99ecfc1c575dd7322293a7bcb6eb8dca556be5c45e5b4772e649d2454b7777c45561e7e656128

Download Submit
C:\Windows\system\ExtYROu.exe

Filesize
6.0MB

MD5
2afd33304a8c2c14a7636905740f6c5f

SHA1
35c808870306af35ed4317bfb12da047fb60623b

SHA256
46344b3ad98f4db59e3b0625df57aaff7d5fceee8391b760a71976cfa86b6bed

SHA512
ed9666c9f61caca85ed50330820c422cb8b2311ccf295c4f0a7be7c2a95969e7110cb04dda666334a17aced96c26960fd4dc60f0cde625f1124d322444fab273

Download Submit
C:\Windows\system\HyXGHhM.exe

Filesize
6.0MB

MD5
562756a4cb39f1dd0449cfa1e8926d04

SHA1
7ae1926a7fa507f557dfc1130186e759ab326c6a

SHA256
f3aa15cbebbcca0fa50672e7abff736428b373eea222859c023539ca77ddfbd4

SHA512
fb98dd4fe13f3626e1c1aeafbc4b05cc3220890ebaed7903dc5ef00dae25b5cf960db2784dc679c37b83c7e7980274ab527521d46a8ccf20bf81dfe8b8e7fc5e

Download Submit
C:\Windows\system\JvNhLFE.exe

Filesize
6.0MB

MD5
e5bce149438bc3a4609b89aaffb68b77

SHA1
4e5e0781880d137140e25e8efcf49067550ef39e

SHA256
16d5b2b8e0d318585352b1b7d3bdd9ff3603831e5b5cf308e6411dc3cced6f62

SHA512
29300815b57e54ebb8dd9bdc4b7e2eba065adc6ba5254a8186e9778ab3cf6e19990f5e1ff1fe171c0eb596326d33973df414c1fd523adfae4638f64caa48ce6b

Download Submit
C:\Windows\system\NruWsby.exe

Filesize
6.0MB

MD5
2e5e61aecca4dd18f6be4f09f081ac9c

SHA1
fbdf2ac1efc4821e4bc54aa50748e0a2d9fd41de

SHA256
6de80212abc8be72deeea12d3d079a3d9847bb3661778c1d7e4076e1b8b4ccb4

SHA512
3831bf848cb9d441f24eb8ce49a81bc443775288a19b57b6e84c672ca0f08b54c6defaba95edf8803b56e39366407e6d514342a8b56ee7e1e7c38e3280ee159a

Download Submit
C:\Windows\system\OneJMqg.exe

Filesize
6.0MB

MD5
f8f0febd9ee761a1f9a54418485fa0ee

SHA1
406ea08b2270a67601ed6367ef3b1904c15b78b5

SHA256
cf5019dc8477538ba7234971fe36aad32f9a4ca1dba2c54b3e73289eee29327c

SHA512
af6f7203f4498c53cf2bba52bc57c51090ebbdd17d605971a3ca95b5866044433fafd2d61b3f4f75074edccf381b7e4f3cee17a830d1199d8271397c7f1c88a8

Download Submit
C:\Windows\system\Plnxggq.exe

Filesize
6.0MB

MD5
a70e99fe4f5857c637788ecc34d56593

SHA1
869bb992e68118ec96328f937bd0c12728a0343c

SHA256
8d0d7213aecba5c868ff13bd039af9fb6b2888cfb369633b1df78c8b2de0c34d

SHA512
3b41aaed6bda94a2b0091b8ced760677e2febfe19dc5834b9a2cab0c946252e08e90a61f2b9bb7d6955f8f95056be0629bc1a965cf518cfc1bc677994f6e5b24

Download Submit
C:\Windows\system\TqbgaQj.exe

Filesize
6.0MB

MD5
365c088966f45835f681d6ff1bf5350a

SHA1
6d8cca372f3d5b69cfa7b426d51897f9160f4f1d

SHA256
972fce733c21431c8eaee2394387e481f047c9aaa488594acc935db4c3eb9b21

SHA512
ca77b364d51a3465d345cca0a59853f917a60c6610ff503dda8a70566f747b6a77c72f0bd746fc654651d13ad77cd7c67ae276cad9054cb8a9ed5b20e370e4cf

Download Submit
C:\Windows\system\VfuOSXB.exe

Filesize
6.0MB

MD5
050af63204b21e780ae60bcd2b7db328

SHA1
2ff2c43856277376018ec27e5a05aae1f4b50367

SHA256
de712e5a5691fd18fb4377b32068a4d0b915249503e9ea99181b4cb734a24aa3

SHA512
57a590f70d7048c3b606782c5d5b8995e23ae0980d79491d3e97649ac2b1759e21b5e13f965f33bfc22282ab294a1c2b886999225c7fde487b7f96891700cdcb

Download Submit
C:\Windows\system\ZufYIKJ.exe

Filesize
6.0MB

MD5
1a9d085dada507c1a5e67d7d24620036

SHA1
3b4b5f79925db46c5b0c9d6f8bdb727a8295d37c

SHA256
9de729701841797bba26b4105f2bf4a6e16bdecf143f7e3540660ea34e4539aa

SHA512
8960868cd8e6c41ab2e78dc914f5a6bdea0934872d564879dd2b2558ae3a556cef4c8286290517638c4a185712d894aaa9452bf1841594dc2c5d50bf7214ad8a

Download Submit
C:\Windows\system\akBHNeX.exe

Filesize
6.0MB

MD5
0b1ecbf02078af031fafab6ab5799bea

SHA1
50f4983d9774efe8f1c2b903a29dbfc9bc047f57

SHA256
542d50316628364fa4c3706fecb6c8fbdfb2bce64bdceae90f3db5d577cef1c6

SHA512
62392cfb99b9457286a2130f3052d463eeaf5634b4f458ccb9d3883453ebca8b6083e56ea3c527c26e52a09e173d7a477c52fd4bc33db65c9b9c574708f7eda4

Download Submit
C:\Windows\system\cTdZImn.exe

Filesize
6.0MB

MD5
848e2a015d59f4d81d52690be626dcd6

SHA1
468ef5eaafd1abd51b629df8a6d052b4a25d2944

SHA256
76c44591f6f08f3e8fdc070a57c3a0e5b3dda17b170eb4cfbc343e4648517ae5

SHA512
b8160e829c74e548fcac52efe834710a6b41cc32ff38334deb4d8014173cc196f72cfd1431ec89442c54eb1030e71231ce41fb9195d85b7fef81a6bb2286ec4f

Download Submit
C:\Windows\system\fOaSAOT.exe

Filesize
6.0MB

MD5
cbfdef55e154dcbba1a37a38bf13084d

SHA1
e915aa6e8ad862a6721d4419d236be9c0e8c92e1

SHA256
4e71c5e3fc2d4fb927867ea77b922a65e1f83867d3bb54e08b6e21026f842516

SHA512
33ee6e47e2af6220dababea00066103943a3548f8a28578a2499a026e4af5122b67fa342e08b78d8971200f45c939dbbca8ed843a0be3926f5b8ece9da5843b7

Download Submit
C:\Windows\system\lKmKUww.exe

Filesize
6.0MB

MD5
62385bc0ed4b9a46f3b1ac1813756b27

SHA1
34b641cc4e04aa930cf7c558a9c96c6a288559af

SHA256
9a30f155b3b335cfb79ef0d119fa1417ff67c04a9acf1e6cec784a71a56add22

SHA512
367c803c20ffd9055a25a314cb10df16797eadffd3ba8ffdc5d603f50c40a91bae0561d90614d269e88766654646c0d5d1c926171ce6bd946682cf9567f4f51e

Download Submit
C:\Windows\system\mMmNyGa.exe

Filesize
6.0MB

MD5
60a24ac9f328605ba176afe075a44fde

SHA1
08aa50107048ec4bf7577942bf47055a60ecd7f5

SHA256
5ee3a9a1b9b14a14d2cd9379dc7164de9e6e089d74368a9e3af651b87dcb85b6

SHA512
b4151555b3241a2ade935a8b5a99473d528d846bd24715bce8b4ea5175f7af540ae93a2f876d5afd33098d3f7022cf93c05dedf67a2cf9ceffe22047c24d0c13

Download Submit
C:\Windows\system\mUzWkRJ.exe

Filesize
6.0MB

MD5
d4af006717f1d1366cacdfc37bd30c51

SHA1
d1533029fd5979babf6d518d9444958809320ae8

SHA256
774b1c61ec557f698a0fe7214c453898adcc3a292af6556d722dc0e7704ef4d7

SHA512
f13f3d96d7c852693af92ae65d44b0b42751de2f83a74b4053f1f4e316a62c97fc3a1374dbbc9741077c18c249ee0411067370edb0826c7ca0d64dd91cff3458

Download Submit
C:\Windows\system\moLfJZt.exe

Filesize
6.0MB

MD5
b325e3ba86e633487ab36cc9ec2ae94b

SHA1
0e01a28a3b9720f4e35f489e226c64acc95c0cb0

SHA256
659400539cb7d49ce014a8e9ac67c61bfab1a23eed01d2f72e3f14c23972de33

SHA512
e20bef91eeabfd9744147159dbf8e04c172e35c9e7cea9211415480ba66064a6409e40fc65df629911b68e381fffcffef139f6dfe74679f4904774842bf1f325

Download Submit
C:\Windows\system\oKpMEBL.exe

Filesize
6.0MB

MD5
33545e388c079910180143385ccfd32c

SHA1
f3a75e8e538c6a29aa143e3cb0bc1c2fc4b85980

SHA256
37629914b409ba4f5dc4ee4ff2a05b131b0b62dfd11feeab1ac26a5d97e162f1

SHA512
8bae8fb0e4c8e8f94002897a1b3fec7675a4415346aad02afc83c912fb8dac953558e51f5cca19b8b079a1bb9cb632efc69a4211ef64e58acbc9fb95657f2090

Download Submit
C:\Windows\system\otjinUA.exe

Filesize
6.0MB

MD5
4319c8e0e1bf12e0378e01be9adf52f1

SHA1
8d8881d645605d1e9d91caef627d6656eee3e085

SHA256
fc77cd2b06637ede323537199f1272c167b4819ceddb9c0e1bb78f1660571d73

SHA512
d190200ce1a815fdc7b6afc481c029c16e049efc45416a9b246d7bbd732129543624a304e1885d0ba340d2fbb876c8512bf35b722e0751772868cf298acd69c5

Download Submit
C:\Windows\system\pbTnqcc.exe

Filesize
6.0MB

MD5
af913bd4374eb6d45bf6733b1c70d8d3

SHA1
e06a89b0cea9d75cc930093adce189b6ccfab7a3

SHA256
bc12c689d1e9929b15fada5500b00bd43ee4aac10cb198311815201d28326ed1

SHA512
b2ee13d683182dfc09e87f3647ec71a9a5caa30d62eb2127c327ad6df1b2792fdc2c6c6daf5c75d2f903f4b8bc4b299d27fbb7fc74ab9bdccb88a8dcdf0b1a46

Download Submit
C:\Windows\system\qKxIHNG.exe

Filesize
6.0MB

MD5
09908bfb42e5fa4f6ae53614711945ca

SHA1
b27916ff9f26c5ad89d069bd5e71afdf8655b9bd

SHA256
36fa896a9155841683163115c5d71baf971faf05d0894174e99ad08393608447

SHA512
179919d04e483ed37a0c81a9000896306a95cfb1eaf49bbc84b6295371ab5a56a7f1d6b808dca659e7680f6c853581ebf79f8999b068c5693b992b4bcc23c4a6

Download Submit
C:\Windows\system\rUxddxQ.exe

Filesize
6.0MB

MD5
a7e26b034ea5de9a5da68711e59fa4a7

SHA1
b788ae8fa138382dbc75d5231c4cb3404efb2510

SHA256
8b5a2eb279a389fce08d68f83e83c53b24b413ae30bba03a891a364a57579d2d

SHA512
d5ad323e0150a3ae14ee9e4cdbfd980be9912914f1ae52b4932aaeb2020ea3c7fc3a378e66c07b261354860a3ec5338d54d9224c4becb9560888ccc36621f35f

Download Submit
C:\Windows\system\ufaKSxU.exe

Filesize
6.0MB

MD5
c7f667a6cd3517289c1baf8093a6b9c8

SHA1
b812e2ffa95d06598a9d47b360f429ccf2feb6cd

SHA256
e54882482349496be7612637a3bb9a66e9cda4df61013c8933c33bd04ba3dfd4

SHA512
5dfa8df5fed43df42594179e5f26b9a33bb182d5e2d653c3d75e7b064eb60aaeb4803b1634ef7d112f8984296b34948015981d3545753e23d121b088a63d6a69

Download Submit
C:\Windows\system\wPiOqMt.exe

Filesize
6.0MB

MD5
15eec01bd3c93c03b46f8263783084e7

SHA1
65bfa191bb70921844fba2ae3bc38b00995f0c17

SHA256
7ab0a333ceb380ced5bb0aeae3d4f6b83ee071f9a8321c280eed53e49f2bedc0

SHA512
507621223d8565e1c950c092b85b1af4f4f7158bda4e1b44583b0554b562297aef07fe70079eab74ab365da262fd933f865550c1818ab5033433cca54082b49c

Download Submit
C:\Windows\system\ygyxFdO.exe

Filesize
6.0MB

MD5
0bc8da73fe0f44173a88fd7f31d4d79d

SHA1
9c720efaec6d599322da21ac95fe02e13d88862d

SHA256
12a491ff4e37510958b983998e1920dc6a1cf168df448aa2a034d8db86169187

SHA512
c10c457c8a62c668720c2ed0c78c2e23d0f2812eb6a40f08ebcbd045944205e5e10eb72e877550d46755f6726e2e9d7e52a64dd598e9cc6d7159ffeff03f6d16

Download Submit
C:\Windows\system\zqtSkHq.exe

Filesize
6.0MB

MD5
f8328e221339142dcc302d273897da04

SHA1
1fb0e07cbf2f4dba867c19879961b51446b84414

SHA256
01e26b66648a130e2c4af7e696a6387c77decce8a57a68d0026869b00b7077ca

SHA512
eee2f15cf4c9f2acd9fe3469a57591dd268db7dea8c942001e448a7fb05b92477f3d5138e4cf82405ee644fbf9000bebfd121dc4e4642df9030327503e516a9f

Download Submit
\Windows\system\BsVOLWx.exe

Filesize
6.0MB

MD5
97df516fb94add6607577600ca27b32b

SHA1
3df8ec782ace277f5ebf214cb9136c24de2d2a9c

SHA256
ed033f3f13996f2f74d40465fe03b858df5ae48c2c1ef085634772de6f5fd6b1

SHA512
48f5321feff76c2e46b61af3f5d7181070d08d07401a975d5e20b1ddaed0c259bcd9d13c14a3b25dc4d3985e22afc3d4518088783d5b173aac4bbde80873f208

Download Submit
\Windows\system\DPZUPou.exe

Filesize
6.0MB

MD5
96bd83766d713bd0c4d0d97f3965486c

SHA1
efe3c13eb8f8e7fe73f324a39d02ef9d6ee8950b

SHA256
8d976f35e18af6fe26ca6f837d34e1f35d3da8e9f81c899bd2d457d254180e4a

SHA512
0781b93381b1e88c1df272d2bb9d4cde28571b62e2203f9b1de671c1b9438427137d469c14217503e9cd272f89822bb92e88349261d9b2d80218fec56a2e1939

Download Submit
\Windows\system\KWrCKlF.exe

Filesize
6.0MB

MD5
965dcb19182229722251c88d8ba537c1

SHA1
383251a754b2b83725f06db7f22575c84766468b

SHA256
aaaa34bd898f6c93f3ce13ee11a34347c553c845e6d7202a1ea67ae3aad9df6c

SHA512
bfe320a989f5e85675a1ef604efe7f0149734a30da938eead7696af1511b812246f9eeb5360fabef40516274e15bd0bc8977adf6abe3b3da006cec4363c5bb6c

Download Submit
\Windows\system\NqLIGjt.exe

Filesize
6.0MB

MD5
160f89f6f2f255801ba71e968bb3126a

SHA1
f6af558397be55534e31e5e9efffee43f985a661

SHA256
b413e1c63e3b775c12aa539a9fdd8bacfb965b2a50c9ee8db49fe8f6594d46b1

SHA512
4cff7a128020feffd933d01a58c4c5b87b1918710ad27b5c7da699b947f2883f0ac51cbeb147aa5ca50757cb06d8ee55881ab253d4a9674a05ddf437d07dedc3

Download Submit
\Windows\system\PgefdmY.exe

Filesize
6.0MB

MD5
ec4a72c51ee632e359c02ac2dd36624c

SHA1
fa859c088f92b5fe3399f6dfad7daaef563000db

SHA256
7a4c695ba5d23372f86f202007b29f5bf3f4411da72796597f29b8a00781d58a

SHA512
a0fe98287c5ed6a41a083cf4c40dc8e3082f89fedeea075a4f1c5b52dfe93f44c39babddfdf762e6b00b551ab8cdd36dd4bca85c6fe761aa1813b2167a9aaf15

Download Submit
\Windows\system\eaDoGJg.exe

Filesize
6.0MB

MD5
0c7cbdb2d63c55d8a1a478ce1e6514bd

SHA1
538d1636b88004dede6e057febbca6cf9ffe18df

SHA256
5c4ebe3de82d5acb6cfc8cebc6dbdb55d98b94bc3f93c6bc4d711e81b5105d72

SHA512
6181f16e0c55a72b126140cfc28bb47cb2c27ba45fc886d34a0f6b43cde417ee3ce3ab0097fac55920d48f53add5bdb03ce66140815398c51912c1ff61f866a2

Download Submit
\Windows\system\wBBlYkn.exe

Filesize
6.0MB

MD5
b6ef6de7faf8242d0efa9598e11b5039

SHA1
6d1312873673b4d2132cd4284cec9eb182ccba5d

SHA256
ce9cf871653191909516c0dc4aad32f3767626aab45805474549ae0f5a05b8e5

SHA512
83e56dea38136b699c1d458d06ecd1bd6bbb2f1bd556f41109ca158a674ac6b443e8b84bad838a0fe358c48cc4246c78916e651cdadf42bd3d38006952bc0793

Download Submit
memory/708-3715-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/708-1021-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/708-100-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/836-3717-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/836-50-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/844-85-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/844-3716-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/844-587-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/1716-44-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/1716-9-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/1716-3732-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/1876-81-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-3714-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-3814-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-73-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-35-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2120-3740-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2120-74-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2140-3719-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2140-95-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2148-66-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2148-3713-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-3718-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-58-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-80-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2580-42-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2580-4542-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2656-3576-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2656-15-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2656-56-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2828-3750-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2828-21-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2828-59-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2980-93-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-94-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2980-65-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-20-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2980-40-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2980-34-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2980-72-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-586-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-45-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2980-815-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2980-388-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-57-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-0-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2980-13-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2980-99-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2980-6-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2980-107-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1201-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2980-1020-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2992-3572-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2992-32-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download