cobaltstrike | 6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
29-12-2024 01:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
Size

6.0MB
MD5

31a3c2f4ab8cf37f5e82a8bd4b632599
SHA1

53794aa02518dc54b48756c6c94adec0304c7bb6
SHA256

6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07
SHA512

3160de9256746d0df6de7f67cdbadf32ad96ecef926dd696c86e2a7d0cdfd413d3adc4668ef5dfef96d7139d24027a80e6462e283b7e4b619a6d6a5f6298a248
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUZ:eOl56utgpPF8u/7Z

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b0000000122cf-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dc6-7.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dc9-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016de6-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016e09-26.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001727e-30.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-35.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001956c-55.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958e-65.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961c-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cca-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cba-184.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c57-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3e-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019926-159.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a1-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961e-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960a-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019606-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019608-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019605-115.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000016d4e-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019604-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d6-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019570-60.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001954e-50.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019524-45.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f3-40.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2232-0-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/files/0x000b0000000122cf-6.dat	xmrig
behavioral1/files/0x0008000000016dc6-7.dat	xmrig
behavioral1/files/0x0008000000016dc9-15.dat	xmrig
behavioral1/files/0x0007000000016de6-21.dat	xmrig
behavioral1/files/0x0007000000016e09-26.dat	xmrig
behavioral1/files/0x000700000001727e-30.dat	xmrig
behavioral1/files/0x00050000000194ef-35.dat	xmrig
behavioral1/files/0x000500000001956c-55.dat	xmrig
behavioral1/files/0x000500000001958e-65.dat	xmrig
behavioral1/memory/2804-76-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2384-99-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/636-98-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2232-97-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2432-96-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2232-95-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2512-94-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2232-93-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/files/0x000500000001961c-140.dat	xmrig
behavioral1/files/0x0005000000019c3c-167.dat	xmrig
behavioral1/memory/2232-666-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/files/0x0005000000019cca-189.dat	xmrig
behavioral1/files/0x0005000000019cba-184.dat	xmrig
behavioral1/files/0x0005000000019c57-179.dat	xmrig
behavioral1/files/0x0005000000019c3e-174.dat	xmrig
behavioral1/files/0x0005000000019c34-164.dat	xmrig
behavioral1/files/0x0005000000019926-159.dat	xmrig
behavioral1/files/0x00050000000196a1-154.dat	xmrig
behavioral1/files/0x0005000000019667-149.dat	xmrig
behavioral1/files/0x000500000001961e-144.dat	xmrig
behavioral1/files/0x000500000001960c-134.dat	xmrig
behavioral1/files/0x000500000001960a-129.dat	xmrig
behavioral1/files/0x0005000000019606-119.dat	xmrig
behavioral1/files/0x0005000000019608-125.dat	xmrig
behavioral1/files/0x0005000000019605-115.dat	xmrig
behavioral1/files/0x000d000000016d4e-110.dat	xmrig
behavioral1/files/0x0005000000019604-105.dat	xmrig
behavioral1/memory/2140-92-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2612-90-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2232-89-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2548-88-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2716-86-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2232-85-0x0000000002270000-0x00000000025C4000-memory.dmp	xmrig
behavioral1/memory/2572-84-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2232-83-0x0000000002270000-0x00000000025C4000-memory.dmp	xmrig
behavioral1/memory/2584-82-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2232-81-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2840-80-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2796-78-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2752-74-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2232-73-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195d6-70.dat	xmrig
behavioral1/files/0x0005000000019570-60.dat	xmrig
behavioral1/files/0x000500000001954e-50.dat	xmrig
behavioral1/files/0x0005000000019524-45.dat	xmrig
behavioral1/files/0x00050000000194f3-40.dat	xmrig
behavioral1/memory/2384-4017-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2716-4069-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2572-4022-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2584-4120-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2432-4016-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2840-4015-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2140-4014-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2548-4013-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2384	QvvytoP.exe
2752	AqdVoPj.exe
2804	oErMfCk.exe
2796	TXubLdY.exe
2840	pRtffKv.exe
2584	UxlfpRk.exe
2572	WapaSiz.exe
2716	iZvuKoQ.exe
2548	ZergWbW.exe
2612	uZpkQgR.exe
2140	hlUBLVW.exe
2512	UjBJlki.exe
2432	tlEkDPh.exe
636	XcwTDcK.exe
868	xocHvSu.exe
2824	UYjvLIf.exe
1732	hpbcmow.exe
2124	oMwqGLW.exe
1136	HEgyoqN.exe
1092	zikARbl.exe
1424	lrTAavi.exe
828	dbNRBLj.exe
1692	jfLYqwi.exe
2968	rEMLejm.exe
1648	fYCwUiA.exe
908	YCaCISR.exe
2400	SaFlqSI.exe
1920	LHWRhXb.exe
1312	rffZpuC.exe
1832	wfsdqmr.exe
836	WDpUPmP.exe
1980	IQLxcOH.exe
556	dgrchtU.exe
2356	aXvNuFp.exe
1796	GXlirpR.exe
1600	gpQEPUv.exe
1932	MOmZCJi.exe
1988	lgHWFPQ.exe
1824	JWcEyxI.exe
2224	LfhBxED.exe
2988	cunispp.exe
860	bfhIrDM.exe
996	UkUtjBl.exe
2444	dvnkiPo.exe
2216	PPfppYY.exe
2336	ZXungNv.exe
888	QlsEMcr.exe
1788	IvEQGuF.exe
2352	MJbfJUg.exe
2996	eVVFBne.exe
1588	duDFqGt.exe
1592	qUauByk.exe
2696	mNovZnm.exe
2948	kkzYTQy.exe
2788	VEpCmAW.exe
1088	wRZwIOo.exe
2036	GXobwXw.exe
2668	KgDNWsl.exe
2360	KBnoRRr.exe
2872	IvyEoOG.exe
1624	QcRcPtf.exe
2648	wDmlfsv.exe
2792	LPxSjbv.exe
760	GszGXhn.exe

Loads dropped DLL 64 IoCs

pid	Process
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2232-0-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/files/0x000b0000000122cf-6.dat	upx
behavioral1/files/0x0008000000016dc6-7.dat	upx
behavioral1/files/0x0008000000016dc9-15.dat	upx
behavioral1/files/0x0007000000016de6-21.dat	upx
behavioral1/files/0x0007000000016e09-26.dat	upx
behavioral1/files/0x000700000001727e-30.dat	upx
behavioral1/files/0x00050000000194ef-35.dat	upx
behavioral1/files/0x000500000001956c-55.dat	upx
behavioral1/files/0x000500000001958e-65.dat	upx
behavioral1/memory/2804-76-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2384-99-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/636-98-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2432-96-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2512-94-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/files/0x000500000001961c-140.dat	upx
behavioral1/files/0x0005000000019c3c-167.dat	upx
behavioral1/memory/2232-666-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/files/0x0005000000019cca-189.dat	upx
behavioral1/files/0x0005000000019cba-184.dat	upx
behavioral1/files/0x0005000000019c57-179.dat	upx
behavioral1/files/0x0005000000019c3e-174.dat	upx
behavioral1/files/0x0005000000019c34-164.dat	upx
behavioral1/files/0x0005000000019926-159.dat	upx
behavioral1/files/0x00050000000196a1-154.dat	upx
behavioral1/files/0x0005000000019667-149.dat	upx
behavioral1/files/0x000500000001961e-144.dat	upx
behavioral1/files/0x000500000001960c-134.dat	upx
behavioral1/files/0x000500000001960a-129.dat	upx
behavioral1/files/0x0005000000019606-119.dat	upx
behavioral1/files/0x0005000000019608-125.dat	upx
behavioral1/files/0x0005000000019605-115.dat	upx
behavioral1/files/0x000d000000016d4e-110.dat	upx
behavioral1/files/0x0005000000019604-105.dat	upx
behavioral1/memory/2140-92-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2612-90-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2548-88-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2716-86-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2572-84-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2584-82-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2840-80-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2796-78-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2752-74-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/files/0x00050000000195d6-70.dat	upx
behavioral1/files/0x0005000000019570-60.dat	upx
behavioral1/files/0x000500000001954e-50.dat	upx
behavioral1/files/0x0005000000019524-45.dat	upx
behavioral1/files/0x00050000000194f3-40.dat	upx
behavioral1/memory/2384-4017-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2716-4069-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2572-4022-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2584-4120-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2432-4016-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2840-4015-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2140-4014-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2548-4013-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2804-4012-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2796-4122-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2612-4121-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2752-4125-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/636-4124-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2512-4123-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\zvssFtA.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\JYPbzbE.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\FKpIFNR.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\aPsABQY.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\UkUtjBl.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\kkzYTQy.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\TAJtLwU.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\URbOECA.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\GbdyehL.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\gfOZBsU.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\EOtXKjW.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\AHYWYfd.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\dZeLUIb.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\FgnoAhb.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\DdysDXe.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\iEDuBKP.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\uqxCyfC.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\GayBbuT.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\vPrHolj.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\UjBJlki.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\GszGXhn.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\gZzsMLp.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\gbEYZup.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\QiunSaE.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\FcuSWRH.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\XYXupNF.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\fuDGbos.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\twoJcmy.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\Vwowmui.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\ADwgeKZ.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\aZCUhOH.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\fqUqzpp.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\fJhwjbO.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\rEMLejm.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\BqEgPJG.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\HFsQrED.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\aqaNlJn.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\jrUNiMK.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\PIXjfwV.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\ZYkTSgC.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\UYjvLIf.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\IamFmQU.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\dHHOQSJ.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\MbWAWCn.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\kwtfbIU.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\ITnVPQd.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\TrYJLlO.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\yBbLXLj.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\rFQTjsa.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\SSZpuzH.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\dCWpkhl.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\qcYnAOe.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\sbaIcsb.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\QmDCjEY.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\yJaDEYA.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\KCAwPlC.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\ZTRcwiD.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\hyOJSEE.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\uphuogJ.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\NdjulVJ.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\XyqWTrt.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\NSsQcNf.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\viurIvI.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
File created	C:\Windows\System\XJnbENc.exe	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2384	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	32
PID 2232 wrote to memory of 2384	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	32
PID 2232 wrote to memory of 2384	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	32
PID 2232 wrote to memory of 2752	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	33
PID 2232 wrote to memory of 2752	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	33
PID 2232 wrote to memory of 2752	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	33
PID 2232 wrote to memory of 2804	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	34
PID 2232 wrote to memory of 2804	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	34
PID 2232 wrote to memory of 2804	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	34
PID 2232 wrote to memory of 2796	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	35
PID 2232 wrote to memory of 2796	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	35
PID 2232 wrote to memory of 2796	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	35
PID 2232 wrote to memory of 2840	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	36
PID 2232 wrote to memory of 2840	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	36
PID 2232 wrote to memory of 2840	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	36
PID 2232 wrote to memory of 2584	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	37
PID 2232 wrote to memory of 2584	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	37
PID 2232 wrote to memory of 2584	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	37
PID 2232 wrote to memory of 2572	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	38
PID 2232 wrote to memory of 2572	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	38
PID 2232 wrote to memory of 2572	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	38
PID 2232 wrote to memory of 2716	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	39
PID 2232 wrote to memory of 2716	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	39
PID 2232 wrote to memory of 2716	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	39
PID 2232 wrote to memory of 2548	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	40
PID 2232 wrote to memory of 2548	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	40
PID 2232 wrote to memory of 2548	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	40
PID 2232 wrote to memory of 2612	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	41
PID 2232 wrote to memory of 2612	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	41
PID 2232 wrote to memory of 2612	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	41
PID 2232 wrote to memory of 2140	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	42
PID 2232 wrote to memory of 2140	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	42
PID 2232 wrote to memory of 2140	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	42
PID 2232 wrote to memory of 2512	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	43
PID 2232 wrote to memory of 2512	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	43
PID 2232 wrote to memory of 2512	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	43
PID 2232 wrote to memory of 2432	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	44
PID 2232 wrote to memory of 2432	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	44
PID 2232 wrote to memory of 2432	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	44
PID 2232 wrote to memory of 636	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	45
PID 2232 wrote to memory of 636	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	45
PID 2232 wrote to memory of 636	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	45
PID 2232 wrote to memory of 868	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	46
PID 2232 wrote to memory of 868	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	46
PID 2232 wrote to memory of 868	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	46
PID 2232 wrote to memory of 2824	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	47
PID 2232 wrote to memory of 2824	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	47
PID 2232 wrote to memory of 2824	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	47
PID 2232 wrote to memory of 1732	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	48
PID 2232 wrote to memory of 1732	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	48
PID 2232 wrote to memory of 1732	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	48
PID 2232 wrote to memory of 2124	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	49
PID 2232 wrote to memory of 2124	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	49
PID 2232 wrote to memory of 2124	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	49
PID 2232 wrote to memory of 1136	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	50
PID 2232 wrote to memory of 1136	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	50
PID 2232 wrote to memory of 1136	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	50
PID 2232 wrote to memory of 1092	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	51
PID 2232 wrote to memory of 1092	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	51
PID 2232 wrote to memory of 1092	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	51
PID 2232 wrote to memory of 1424	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	52
PID 2232 wrote to memory of 1424	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	52
PID 2232 wrote to memory of 1424	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	52
PID 2232 wrote to memory of 828	2232	JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe	53

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6ff2960351e685211457128c122f487b787bc49d219e474e7cdd40cf454c3e07.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\System\QvvytoP.exe
  C:\Windows\System\QvvytoP.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\AqdVoPj.exe
  C:\Windows\System\AqdVoPj.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\oErMfCk.exe
  C:\Windows\System\oErMfCk.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\TXubLdY.exe
  C:\Windows\System\TXubLdY.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\pRtffKv.exe
  C:\Windows\System\pRtffKv.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\UxlfpRk.exe
  C:\Windows\System\UxlfpRk.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\WapaSiz.exe
  C:\Windows\System\WapaSiz.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\iZvuKoQ.exe
  C:\Windows\System\iZvuKoQ.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\ZergWbW.exe
  C:\Windows\System\ZergWbW.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\uZpkQgR.exe
  C:\Windows\System\uZpkQgR.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\hlUBLVW.exe
  C:\Windows\System\hlUBLVW.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\UjBJlki.exe
  C:\Windows\System\UjBJlki.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\tlEkDPh.exe
  C:\Windows\System\tlEkDPh.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\XcwTDcK.exe
  C:\Windows\System\XcwTDcK.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\xocHvSu.exe
  C:\Windows\System\xocHvSu.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\UYjvLIf.exe
  C:\Windows\System\UYjvLIf.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\hpbcmow.exe
  C:\Windows\System\hpbcmow.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\oMwqGLW.exe
  C:\Windows\System\oMwqGLW.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\HEgyoqN.exe
  C:\Windows\System\HEgyoqN.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\zikARbl.exe
  C:\Windows\System\zikARbl.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\lrTAavi.exe
  C:\Windows\System\lrTAavi.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\dbNRBLj.exe
  C:\Windows\System\dbNRBLj.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\jfLYqwi.exe
  C:\Windows\System\jfLYqwi.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\rEMLejm.exe
  C:\Windows\System\rEMLejm.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\fYCwUiA.exe
  C:\Windows\System\fYCwUiA.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\YCaCISR.exe
  C:\Windows\System\YCaCISR.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\SaFlqSI.exe
  C:\Windows\System\SaFlqSI.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\LHWRhXb.exe
  C:\Windows\System\LHWRhXb.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\rffZpuC.exe
  C:\Windows\System\rffZpuC.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\wfsdqmr.exe
  C:\Windows\System\wfsdqmr.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\WDpUPmP.exe
  C:\Windows\System\WDpUPmP.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\IQLxcOH.exe
  C:\Windows\System\IQLxcOH.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\dgrchtU.exe
  C:\Windows\System\dgrchtU.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\aXvNuFp.exe
  C:\Windows\System\aXvNuFp.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\GXlirpR.exe
  C:\Windows\System\GXlirpR.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\gpQEPUv.exe
  C:\Windows\System\gpQEPUv.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\MOmZCJi.exe
  C:\Windows\System\MOmZCJi.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\lgHWFPQ.exe
  C:\Windows\System\lgHWFPQ.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\JWcEyxI.exe
  C:\Windows\System\JWcEyxI.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\LfhBxED.exe
  C:\Windows\System\LfhBxED.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\cunispp.exe
  C:\Windows\System\cunispp.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\bfhIrDM.exe
  C:\Windows\System\bfhIrDM.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\UkUtjBl.exe
  C:\Windows\System\UkUtjBl.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\dvnkiPo.exe
  C:\Windows\System\dvnkiPo.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\PPfppYY.exe
  C:\Windows\System\PPfppYY.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\ZXungNv.exe
  C:\Windows\System\ZXungNv.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\QlsEMcr.exe
  C:\Windows\System\QlsEMcr.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\IvEQGuF.exe
  C:\Windows\System\IvEQGuF.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\MJbfJUg.exe
  C:\Windows\System\MJbfJUg.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\eVVFBne.exe
  C:\Windows\System\eVVFBne.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\duDFqGt.exe
  C:\Windows\System\duDFqGt.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\qUauByk.exe
  C:\Windows\System\qUauByk.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\mNovZnm.exe
  C:\Windows\System\mNovZnm.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\kkzYTQy.exe
  C:\Windows\System\kkzYTQy.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\VEpCmAW.exe
  C:\Windows\System\VEpCmAW.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\wRZwIOo.exe
  C:\Windows\System\wRZwIOo.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\GXobwXw.exe
  C:\Windows\System\GXobwXw.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\KgDNWsl.exe
  C:\Windows\System\KgDNWsl.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\KBnoRRr.exe
  C:\Windows\System\KBnoRRr.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\IvyEoOG.exe
  C:\Windows\System\IvyEoOG.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\QcRcPtf.exe
  C:\Windows\System\QcRcPtf.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\wDmlfsv.exe
  C:\Windows\System\wDmlfsv.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\LPxSjbv.exe
  C:\Windows\System\LPxSjbv.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\GszGXhn.exe
  C:\Windows\System\GszGXhn.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\DMknIpM.exe
  C:\Windows\System\DMknIpM.exe
  2⤵
  PID:2972
- C:\Windows\System\IzUoqtl.exe
  C:\Windows\System\IzUoqtl.exe
  2⤵
  PID:2176
- C:\Windows\System\XsSbsrn.exe
  C:\Windows\System\XsSbsrn.exe
  2⤵
  PID:2388
- C:\Windows\System\wiiWGiC.exe
  C:\Windows\System\wiiWGiC.exe
  2⤵
  PID:1764
- C:\Windows\System\pJulyXR.exe
  C:\Windows\System\pJulyXR.exe
  2⤵
  PID:2588
- C:\Windows\System\uEjLXIr.exe
  C:\Windows\System\uEjLXIr.exe
  2⤵
  PID:1268
- C:\Windows\System\ZTRcwiD.exe
  C:\Windows\System\ZTRcwiD.exe
  2⤵
  PID:1628
- C:\Windows\System\uFgwKBG.exe
  C:\Windows\System\uFgwKBG.exe
  2⤵
  PID:372
- C:\Windows\System\tqZAHrn.exe
  C:\Windows\System\tqZAHrn.exe
  2⤵
  PID:1544
- C:\Windows\System\cBhvWpy.exe
  C:\Windows\System\cBhvWpy.exe
  2⤵
  PID:2004
- C:\Windows\System\BNviDrg.exe
  C:\Windows\System\BNviDrg.exe
  2⤵
  PID:2424
- C:\Windows\System\VVhvCQQ.exe
  C:\Windows\System\VVhvCQQ.exe
  2⤵
  PID:568
- C:\Windows\System\MgcnAsp.exe
  C:\Windows\System\MgcnAsp.exe
  2⤵
  PID:1972
- C:\Windows\System\xhiHKFs.exe
  C:\Windows\System\xhiHKFs.exe
  2⤵
  PID:2312
- C:\Windows\System\qWrJFDR.exe
  C:\Windows\System\qWrJFDR.exe
  2⤵
  PID:988
- C:\Windows\System\UmGQPom.exe
  C:\Windows\System\UmGQPom.exe
  2⤵
  PID:1740
- C:\Windows\System\CSyRVtt.exe
  C:\Windows\System\CSyRVtt.exe
  2⤵
  PID:1752
- C:\Windows\System\BqEgPJG.exe
  C:\Windows\System\BqEgPJG.exe
  2⤵
  PID:2440
- C:\Windows\System\LOafvbV.exe
  C:\Windows\System\LOafvbV.exe
  2⤵
  PID:1584
- C:\Windows\System\LrnjeJF.exe
  C:\Windows\System\LrnjeJF.exe
  2⤵
  PID:2672
- C:\Windows\System\QyUgbrh.exe
  C:\Windows\System\QyUgbrh.exe
  2⤵
  PID:2420
- C:\Windows\System\tGZDPxH.exe
  C:\Windows\System\tGZDPxH.exe
  2⤵
  PID:2720
- C:\Windows\System\FcuSWRH.exe
  C:\Windows\System\FcuSWRH.exe
  2⤵
  PID:2580
- C:\Windows\System\TUFPEhs.exe
  C:\Windows\System\TUFPEhs.exe
  2⤵
  PID:1876
- C:\Windows\System\NgrLaTG.exe
  C:\Windows\System\NgrLaTG.exe
  2⤵
  PID:2724
- C:\Windows\System\rvSRJEi.exe
  C:\Windows\System\rvSRJEi.exe
  2⤵
  PID:596
- C:\Windows\System\GPGCCZK.exe
  C:\Windows\System\GPGCCZK.exe
  2⤵
  PID:580
- C:\Windows\System\fGkzrQJ.exe
  C:\Windows\System\fGkzrQJ.exe
  2⤵
  PID:2088
- C:\Windows\System\LSDHoTU.exe
  C:\Windows\System\LSDHoTU.exe
  2⤵
  PID:2268
- C:\Windows\System\oAINSoK.exe
  C:\Windows\System\oAINSoK.exe
  2⤵
  PID:2368
- C:\Windows\System\JtNBxLK.exe
  C:\Windows\System\JtNBxLK.exe
  2⤵
  PID:628
- C:\Windows\System\fuZYOGw.exe
  C:\Windows\System\fuZYOGw.exe
  2⤵
  PID:1528
- C:\Windows\System\hyOJSEE.exe
  C:\Windows\System\hyOJSEE.exe
  2⤵
  PID:1892
- C:\Windows\System\keZgIdj.exe
  C:\Windows\System\keZgIdj.exe
  2⤵
  PID:1904
- C:\Windows\System\iVjOnNo.exe
  C:\Windows\System\iVjOnNo.exe
  2⤵
  PID:2484
- C:\Windows\System\eJFqYys.exe
  C:\Windows\System\eJFqYys.exe
  2⤵
  PID:1084
- C:\Windows\System\MJYdDXR.exe
  C:\Windows\System\MJYdDXR.exe
  2⤵
  PID:1192
- C:\Windows\System\sgbRdIG.exe
  C:\Windows\System\sgbRdIG.exe
  2⤵
  PID:1928
- C:\Windows\System\bCTssNo.exe
  C:\Windows\System\bCTssNo.exe
  2⤵
  PID:2664
- C:\Windows\System\uphuogJ.exe
  C:\Windows\System\uphuogJ.exe
  2⤵
  PID:3016
- C:\Windows\System\bdlQJxG.exe
  C:\Windows\System\bdlQJxG.exe
  2⤵
  PID:3096
- C:\Windows\System\dDVuyon.exe
  C:\Windows\System\dDVuyon.exe
  2⤵
  PID:3116
- C:\Windows\System\rAApMcs.exe
  C:\Windows\System\rAApMcs.exe
  2⤵
  PID:3136
- C:\Windows\System\BZLnLDK.exe
  C:\Windows\System\BZLnLDK.exe
  2⤵
  PID:3156
- C:\Windows\System\lwtkFfr.exe
  C:\Windows\System\lwtkFfr.exe
  2⤵
  PID:3176
- C:\Windows\System\iWPNHtB.exe
  C:\Windows\System\iWPNHtB.exe
  2⤵
  PID:3196
- C:\Windows\System\XvVeMvY.exe
  C:\Windows\System\XvVeMvY.exe
  2⤵
  PID:3216
- C:\Windows\System\MKvATuW.exe
  C:\Windows\System\MKvATuW.exe
  2⤵
  PID:3236
- C:\Windows\System\ifEuvnw.exe
  C:\Windows\System\ifEuvnw.exe
  2⤵
  PID:3256
- C:\Windows\System\AYMXZge.exe
  C:\Windows\System\AYMXZge.exe
  2⤵
  PID:3276
- C:\Windows\System\LmXCLJo.exe
  C:\Windows\System\LmXCLJo.exe
  2⤵
  PID:3296
- C:\Windows\System\rRPMYuX.exe
  C:\Windows\System\rRPMYuX.exe
  2⤵
  PID:3316
- C:\Windows\System\tzpNHAr.exe
  C:\Windows\System\tzpNHAr.exe
  2⤵
  PID:3336
- C:\Windows\System\pbNtgow.exe
  C:\Windows\System\pbNtgow.exe
  2⤵
  PID:3356
- C:\Windows\System\OYopVVI.exe
  C:\Windows\System\OYopVVI.exe
  2⤵
  PID:3376
- C:\Windows\System\yfRVOPV.exe
  C:\Windows\System\yfRVOPV.exe
  2⤵
  PID:3396
- C:\Windows\System\HClEKsj.exe
  C:\Windows\System\HClEKsj.exe
  2⤵
  PID:3416
- C:\Windows\System\FkYXBXT.exe
  C:\Windows\System\FkYXBXT.exe
  2⤵
  PID:3432
- C:\Windows\System\LKYolmz.exe
  C:\Windows\System\LKYolmz.exe
  2⤵
  PID:3452
- C:\Windows\System\PcgMdrt.exe
  C:\Windows\System\PcgMdrt.exe
  2⤵
  PID:3472
- C:\Windows\System\GJDatxh.exe
  C:\Windows\System\GJDatxh.exe
  2⤵
  PID:3496
- C:\Windows\System\AnCurtD.exe
  C:\Windows\System\AnCurtD.exe
  2⤵
  PID:3512
- C:\Windows\System\HtfafGM.exe
  C:\Windows\System\HtfafGM.exe
  2⤵
  PID:3532
- C:\Windows\System\tmGfiFl.exe
  C:\Windows\System\tmGfiFl.exe
  2⤵
  PID:3556
- C:\Windows\System\ketEPGP.exe
  C:\Windows\System\ketEPGP.exe
  2⤵
  PID:3576
- C:\Windows\System\gsFDDhO.exe
  C:\Windows\System\gsFDDhO.exe
  2⤵
  PID:3592
- C:\Windows\System\FMTMUza.exe
  C:\Windows\System\FMTMUza.exe
  2⤵
  PID:3616
- C:\Windows\System\POUwNyp.exe
  C:\Windows\System\POUwNyp.exe
  2⤵
  PID:3636
- C:\Windows\System\NwtjPCS.exe
  C:\Windows\System\NwtjPCS.exe
  2⤵
  PID:3656
- C:\Windows\System\ORIcyjY.exe
  C:\Windows\System\ORIcyjY.exe
  2⤵
  PID:3672
- C:\Windows\System\KWhIiqU.exe
  C:\Windows\System\KWhIiqU.exe
  2⤵
  PID:3688
- C:\Windows\System\iOzpYFg.exe
  C:\Windows\System\iOzpYFg.exe
  2⤵
  PID:3712
- C:\Windows\System\jfrqAOd.exe
  C:\Windows\System\jfrqAOd.exe
  2⤵
  PID:3732
- C:\Windows\System\uJFzJMP.exe
  C:\Windows\System\uJFzJMP.exe
  2⤵
  PID:3756
- C:\Windows\System\AdHBRjZ.exe
  C:\Windows\System\AdHBRjZ.exe
  2⤵
  PID:3776
- C:\Windows\System\QiYsqBq.exe
  C:\Windows\System\QiYsqBq.exe
  2⤵
  PID:3796
- C:\Windows\System\QiZSzKX.exe
  C:\Windows\System\QiZSzKX.exe
  2⤵
  PID:3812
- C:\Windows\System\wXvyhJb.exe
  C:\Windows\System\wXvyhJb.exe
  2⤵
  PID:3836
- C:\Windows\System\CVlGXMM.exe
  C:\Windows\System\CVlGXMM.exe
  2⤵
  PID:3856
- C:\Windows\System\UlRmSNw.exe
  C:\Windows\System\UlRmSNw.exe
  2⤵
  PID:3876
- C:\Windows\System\gcNclGM.exe
  C:\Windows\System\gcNclGM.exe
  2⤵
  PID:3892
- C:\Windows\System\lPhzCZm.exe
  C:\Windows\System\lPhzCZm.exe
  2⤵
  PID:3912
- C:\Windows\System\TAJtLwU.exe
  C:\Windows\System\TAJtLwU.exe
  2⤵
  PID:3936
- C:\Windows\System\SsFRTfG.exe
  C:\Windows\System\SsFRTfG.exe
  2⤵
  PID:3956
- C:\Windows\System\eIyZChs.exe
  C:\Windows\System\eIyZChs.exe
  2⤵
  PID:3972
- C:\Windows\System\zeAXGAH.exe
  C:\Windows\System\zeAXGAH.exe
  2⤵
  PID:3992
- C:\Windows\System\QAcyZlS.exe
  C:\Windows\System\QAcyZlS.exe
  2⤵
  PID:4012
- C:\Windows\System\gdowhRI.exe
  C:\Windows\System\gdowhRI.exe
  2⤵
  PID:4036
- C:\Windows\System\ZGjNoXK.exe
  C:\Windows\System\ZGjNoXK.exe
  2⤵
  PID:4056
- C:\Windows\System\GkExcUq.exe
  C:\Windows\System\GkExcUq.exe
  2⤵
  PID:4072
- C:\Windows\System\XcnFnOi.exe
  C:\Windows\System\XcnFnOi.exe
  2⤵
  PID:4092
- C:\Windows\System\sKmLYSt.exe
  C:\Windows\System\sKmLYSt.exe
  2⤵
  PID:2536
- C:\Windows\System\XpddJlN.exe
  C:\Windows\System\XpddJlN.exe
  2⤵
  PID:2808
- C:\Windows\System\TXoAmxD.exe
  C:\Windows\System\TXoAmxD.exe
  2⤵
  PID:2392
- C:\Windows\System\GYxEfXx.exe
  C:\Windows\System\GYxEfXx.exe
  2⤵
  PID:2976
- C:\Windows\System\FXEMejk.exe
  C:\Windows\System\FXEMejk.exe
  2⤵
  PID:1320
- C:\Windows\System\rtVovjt.exe
  C:\Windows\System\rtVovjt.exe
  2⤵
  PID:1096
- C:\Windows\System\HFsQrED.exe
  C:\Windows\System\HFsQrED.exe
  2⤵
  PID:1944
- C:\Windows\System\GHWzGMi.exe
  C:\Windows\System\GHWzGMi.exe
  2⤵
  PID:2452
- C:\Windows\System\Ceprlce.exe
  C:\Windows\System\Ceprlce.exe
  2⤵
  PID:808
- C:\Windows\System\kcAOlTo.exe
  C:\Windows\System\kcAOlTo.exe
  2⤵
  PID:2756
- C:\Windows\System\lxqeSAV.exe
  C:\Windows\System\lxqeSAV.exe
  2⤵
  PID:3084
- C:\Windows\System\kYqCPoK.exe
  C:\Windows\System\kYqCPoK.exe
  2⤵
  PID:3132
- C:\Windows\System\srahNiz.exe
  C:\Windows\System\srahNiz.exe
  2⤵
  PID:3184
- C:\Windows\System\EFyjyoV.exe
  C:\Windows\System\EFyjyoV.exe
  2⤵
  PID:3168
- C:\Windows\System\TvecfXZ.exe
  C:\Windows\System\TvecfXZ.exe
  2⤵
  PID:3232
- C:\Windows\System\bYwJHxv.exe
  C:\Windows\System\bYwJHxv.exe
  2⤵
  PID:3248
- C:\Windows\System\nkFGDwJ.exe
  C:\Windows\System\nkFGDwJ.exe
  2⤵
  PID:3304
- C:\Windows\System\DURzjgx.exe
  C:\Windows\System\DURzjgx.exe
  2⤵
  PID:3352
- C:\Windows\System\RLwNGpF.exe
  C:\Windows\System\RLwNGpF.exe
  2⤵
  PID:3364
- C:\Windows\System\UIcegRK.exe
  C:\Windows\System\UIcegRK.exe
  2⤵
  PID:3388
- C:\Windows\System\PEQEDJe.exe
  C:\Windows\System\PEQEDJe.exe
  2⤵
  PID:3412
- C:\Windows\System\KVElcGB.exe
  C:\Windows\System\KVElcGB.exe
  2⤵
  PID:3464
- C:\Windows\System\CCLebvu.exe
  C:\Windows\System\CCLebvu.exe
  2⤵
  PID:3504
- C:\Windows\System\daFQSFP.exe
  C:\Windows\System\daFQSFP.exe
  2⤵
  PID:3508
- C:\Windows\System\jkXOHib.exe
  C:\Windows\System\jkXOHib.exe
  2⤵
  PID:3544
- C:\Windows\System\cZMcXXD.exe
  C:\Windows\System\cZMcXXD.exe
  2⤵
  PID:3572
- C:\Windows\System\EcVxMcT.exe
  C:\Windows\System\EcVxMcT.exe
  2⤵
  PID:3608
- C:\Windows\System\BLlKVKA.exe
  C:\Windows\System\BLlKVKA.exe
  2⤵
  PID:3668
- C:\Windows\System\NdjulVJ.exe
  C:\Windows\System\NdjulVJ.exe
  2⤵
  PID:3704
- C:\Windows\System\LSwzIgr.exe
  C:\Windows\System\LSwzIgr.exe
  2⤵
  PID:3724
- C:\Windows\System\AtzBhYt.exe
  C:\Windows\System\AtzBhYt.exe
  2⤵
  PID:3784
- C:\Windows\System\jPSwcMx.exe
  C:\Windows\System\jPSwcMx.exe
  2⤵
  PID:3764
- C:\Windows\System\XwhifAu.exe
  C:\Windows\System\XwhifAu.exe
  2⤵
  PID:3828
- C:\Windows\System\YtHVZaq.exe
  C:\Windows\System\YtHVZaq.exe
  2⤵
  PID:3872
- C:\Windows\System\VoZarao.exe
  C:\Windows\System\VoZarao.exe
  2⤵
  PID:3888
- C:\Windows\System\VBsRXEy.exe
  C:\Windows\System\VBsRXEy.exe
  2⤵
  PID:3884
- C:\Windows\System\AjlBzTv.exe
  C:\Windows\System\AjlBzTv.exe
  2⤵
  PID:3968
- C:\Windows\System\PDpPvOe.exe
  C:\Windows\System\PDpPvOe.exe
  2⤵
  PID:4028
- C:\Windows\System\QFTEGim.exe
  C:\Windows\System\QFTEGim.exe
  2⤵
  PID:4048
- C:\Windows\System\DAtMaIj.exe
  C:\Windows\System\DAtMaIj.exe
  2⤵
  PID:1884
- C:\Windows\System\JUuspVW.exe
  C:\Windows\System\JUuspVW.exe
  2⤵
  PID:4088
- C:\Windows\System\VbtyvaK.exe
  C:\Windows\System\VbtyvaK.exe
  2⤵
  PID:2252
- C:\Windows\System\NYcZIRt.exe
  C:\Windows\System\NYcZIRt.exe
  2⤵
  PID:444
- C:\Windows\System\NXLoFpf.exe
  C:\Windows\System\NXLoFpf.exe
  2⤵
  PID:1688
- C:\Windows\System\rOrItBd.exe
  C:\Windows\System\rOrItBd.exe
  2⤵
  PID:2556
- C:\Windows\System\binjhdQ.exe
  C:\Windows\System\binjhdQ.exe
  2⤵
  PID:1052
- C:\Windows\System\scXUngu.exe
  C:\Windows\System\scXUngu.exe
  2⤵
  PID:3088
- C:\Windows\System\AxMzOVp.exe
  C:\Windows\System\AxMzOVp.exe
  2⤵
  PID:3152
- C:\Windows\System\lkCMSZu.exe
  C:\Windows\System\lkCMSZu.exe
  2⤵
  PID:3224
- C:\Windows\System\RhTuoVd.exe
  C:\Windows\System\RhTuoVd.exe
  2⤵
  PID:3244
- C:\Windows\System\mLHTUhz.exe
  C:\Windows\System\mLHTUhz.exe
  2⤵
  PID:3308
- C:\Windows\System\IamFmQU.exe
  C:\Windows\System\IamFmQU.exe
  2⤵
  PID:3424
- C:\Windows\System\jjvgHdG.exe
  C:\Windows\System\jjvgHdG.exe
  2⤵
  PID:3468
- C:\Windows\System\pjHdgib.exe
  C:\Windows\System\pjHdgib.exe
  2⤵
  PID:3444
- C:\Windows\System\dHHOQSJ.exe
  C:\Windows\System\dHHOQSJ.exe
  2⤵
  PID:3588
- C:\Windows\System\cNuDBIO.exe
  C:\Windows\System\cNuDBIO.exe
  2⤵
  PID:3604
- C:\Windows\System\XYXupNF.exe
  C:\Windows\System\XYXupNF.exe
  2⤵
  PID:3700
- C:\Windows\System\deFCbxa.exe
  C:\Windows\System\deFCbxa.exe
  2⤵
  PID:3684
- C:\Windows\System\vvOmIeZ.exe
  C:\Windows\System\vvOmIeZ.exe
  2⤵
  PID:3728
- C:\Windows\System\iNVFcCy.exe
  C:\Windows\System\iNVFcCy.exe
  2⤵
  PID:3788
- C:\Windows\System\sBMmYOk.exe
  C:\Windows\System\sBMmYOk.exe
  2⤵
  PID:3904
- C:\Windows\System\YlOSKnm.exe
  C:\Windows\System\YlOSKnm.exe
  2⤵
  PID:3964
- C:\Windows\System\ZwveSCx.exe
  C:\Windows\System\ZwveSCx.exe
  2⤵
  PID:4032
- C:\Windows\System\DFaTPFm.exe
  C:\Windows\System\DFaTPFm.exe
  2⤵
  PID:4000
- C:\Windows\System\IJeHyKu.exe
  C:\Windows\System\IJeHyKu.exe
  2⤵
  PID:4080
- C:\Windows\System\DzTspBG.exe
  C:\Windows\System\DzTspBG.exe
  2⤵
  PID:1612
- C:\Windows\System\fbTVftE.exe
  C:\Windows\System\fbTVftE.exe
  2⤵
  PID:764
- C:\Windows\System\dcwTJTq.exe
  C:\Windows\System\dcwTJTq.exe
  2⤵
  PID:2264
- C:\Windows\System\ccdcIaj.exe
  C:\Windows\System\ccdcIaj.exe
  2⤵
  PID:3188
- C:\Windows\System\YOSrVpe.exe
  C:\Windows\System\YOSrVpe.exe
  2⤵
  PID:3108
- C:\Windows\System\pfxplvL.exe
  C:\Windows\System\pfxplvL.exe
  2⤵
  PID:3392
- C:\Windows\System\Lsvcjnn.exe
  C:\Windows\System\Lsvcjnn.exe
  2⤵
  PID:3344
- C:\Windows\System\ggMuHiF.exe
  C:\Windows\System\ggMuHiF.exe
  2⤵
  PID:3624
- C:\Windows\System\gjIXBwd.exe
  C:\Windows\System\gjIXBwd.exe
  2⤵
  PID:3696
- C:\Windows\System\lYgFmQh.exe
  C:\Windows\System\lYgFmQh.exe
  2⤵
  PID:3748
- C:\Windows\System\yAEeJPG.exe
  C:\Windows\System\yAEeJPG.exe
  2⤵
  PID:3808
- C:\Windows\System\XlITkiD.exe
  C:\Windows\System\XlITkiD.exe
  2⤵
  PID:3864
- C:\Windows\System\XyqWTrt.exe
  C:\Windows\System\XyqWTrt.exe
  2⤵
  PID:3928
- C:\Windows\System\VGEjqca.exe
  C:\Windows\System\VGEjqca.exe
  2⤵
  PID:1736
- C:\Windows\System\qwSmlXE.exe
  C:\Windows\System\qwSmlXE.exe
  2⤵
  PID:4020
- C:\Windows\System\HRzPovl.exe
  C:\Windows\System\HRzPovl.exe
  2⤵
  PID:3112
- C:\Windows\System\NopvLyu.exe
  C:\Windows\System\NopvLyu.exe
  2⤵
  PID:3124
- C:\Windows\System\euMMOYe.exe
  C:\Windows\System\euMMOYe.exe
  2⤵
  PID:4112
- C:\Windows\System\byTcMPF.exe
  C:\Windows\System\byTcMPF.exe
  2⤵
  PID:4132
- C:\Windows\System\nyqoxxd.exe
  C:\Windows\System\nyqoxxd.exe
  2⤵
  PID:4152
- C:\Windows\System\IaUSlUH.exe
  C:\Windows\System\IaUSlUH.exe
  2⤵
  PID:4172
- C:\Windows\System\hdUOLTE.exe
  C:\Windows\System\hdUOLTE.exe
  2⤵
  PID:4192
- C:\Windows\System\QpcacMJ.exe
  C:\Windows\System\QpcacMJ.exe
  2⤵
  PID:4212
- C:\Windows\System\RUeyvZE.exe
  C:\Windows\System\RUeyvZE.exe
  2⤵
  PID:4232
- C:\Windows\System\jHTbtTD.exe
  C:\Windows\System\jHTbtTD.exe
  2⤵
  PID:4252
- C:\Windows\System\dblvNsM.exe
  C:\Windows\System\dblvNsM.exe
  2⤵
  PID:4268
- C:\Windows\System\lPKfMCs.exe
  C:\Windows\System\lPKfMCs.exe
  2⤵
  PID:4284
- C:\Windows\System\LrtwHGk.exe
  C:\Windows\System\LrtwHGk.exe
  2⤵
  PID:4300
- C:\Windows\System\UYfdaoc.exe
  C:\Windows\System\UYfdaoc.exe
  2⤵
  PID:4320
- C:\Windows\System\Tdionyp.exe
  C:\Windows\System\Tdionyp.exe
  2⤵
  PID:4340
- C:\Windows\System\cjVCRTG.exe
  C:\Windows\System\cjVCRTG.exe
  2⤵
  PID:4356
- C:\Windows\System\GlqGoBj.exe
  C:\Windows\System\GlqGoBj.exe
  2⤵
  PID:4376
- C:\Windows\System\CJMsIRC.exe
  C:\Windows\System\CJMsIRC.exe
  2⤵
  PID:4392
- C:\Windows\System\RnEcoWH.exe
  C:\Windows\System\RnEcoWH.exe
  2⤵
  PID:4412
- C:\Windows\System\CKsSnCZ.exe
  C:\Windows\System\CKsSnCZ.exe
  2⤵
  PID:4428
- C:\Windows\System\jIygaXo.exe
  C:\Windows\System\jIygaXo.exe
  2⤵
  PID:4456
- C:\Windows\System\Vwowmui.exe
  C:\Windows\System\Vwowmui.exe
  2⤵
  PID:4472
- C:\Windows\System\tpOonxV.exe
  C:\Windows\System\tpOonxV.exe
  2⤵
  PID:4512
- C:\Windows\System\WLkqmGQ.exe
  C:\Windows\System\WLkqmGQ.exe
  2⤵
  PID:4532
- C:\Windows\System\sHfbEJX.exe
  C:\Windows\System\sHfbEJX.exe
  2⤵
  PID:4552
- C:\Windows\System\JJumoQV.exe
  C:\Windows\System\JJumoQV.exe
  2⤵
  PID:4572
- C:\Windows\System\tckwfeU.exe
  C:\Windows\System\tckwfeU.exe
  2⤵
  PID:4596
- C:\Windows\System\eChGzQP.exe
  C:\Windows\System\eChGzQP.exe
  2⤵
  PID:4612
- C:\Windows\System\MdfPnUR.exe
  C:\Windows\System\MdfPnUR.exe
  2⤵
  PID:4632
- C:\Windows\System\xaXLWUJ.exe
  C:\Windows\System\xaXLWUJ.exe
  2⤵
  PID:4652
- C:\Windows\System\LvGlXtY.exe
  C:\Windows\System\LvGlXtY.exe
  2⤵
  PID:4676
- C:\Windows\System\TxDTMMM.exe
  C:\Windows\System\TxDTMMM.exe
  2⤵
  PID:4696
- C:\Windows\System\tLvmfgX.exe
  C:\Windows\System\tLvmfgX.exe
  2⤵
  PID:4712
- C:\Windows\System\JWrfPmS.exe
  C:\Windows\System\JWrfPmS.exe
  2⤵
  PID:4736
- C:\Windows\System\KAyLrIh.exe
  C:\Windows\System\KAyLrIh.exe
  2⤵
  PID:4760
- C:\Windows\System\kJKLcfe.exe
  C:\Windows\System\kJKLcfe.exe
  2⤵
  PID:4776
- C:\Windows\System\DFpbeuG.exe
  C:\Windows\System\DFpbeuG.exe
  2⤵
  PID:4792
- C:\Windows\System\URbOECA.exe
  C:\Windows\System\URbOECA.exe
  2⤵
  PID:4816
- C:\Windows\System\mTqyXaP.exe
  C:\Windows\System\mTqyXaP.exe
  2⤵
  PID:4832
- C:\Windows\System\QOvxqtr.exe
  C:\Windows\System\QOvxqtr.exe
  2⤵
  PID:4848
- C:\Windows\System\RMYlqGB.exe
  C:\Windows\System\RMYlqGB.exe
  2⤵
  PID:4868
- C:\Windows\System\MbWAWCn.exe
  C:\Windows\System\MbWAWCn.exe
  2⤵
  PID:4884
- C:\Windows\System\tzDQbfU.exe
  C:\Windows\System\tzDQbfU.exe
  2⤵
  PID:4904
- C:\Windows\System\GYBPABb.exe
  C:\Windows\System\GYBPABb.exe
  2⤵
  PID:4928
- C:\Windows\System\VIVoMly.exe
  C:\Windows\System\VIVoMly.exe
  2⤵
  PID:4956
- C:\Windows\System\sVgxkHU.exe
  C:\Windows\System\sVgxkHU.exe
  2⤵
  PID:4980
- C:\Windows\System\kwnnFdf.exe
  C:\Windows\System\kwnnFdf.exe
  2⤵
  PID:4996
- C:\Windows\System\MdhnVil.exe
  C:\Windows\System\MdhnVil.exe
  2⤵
  PID:5016
- C:\Windows\System\uRSxXHc.exe
  C:\Windows\System\uRSxXHc.exe
  2⤵
  PID:5036
- C:\Windows\System\fgnIiHR.exe
  C:\Windows\System\fgnIiHR.exe
  2⤵
  PID:5056
- C:\Windows\System\GtFcnCv.exe
  C:\Windows\System\GtFcnCv.exe
  2⤵
  PID:5076
- C:\Windows\System\viurIvI.exe
  C:\Windows\System\viurIvI.exe
  2⤵
  PID:5092
- C:\Windows\System\ztqpNem.exe
  C:\Windows\System\ztqpNem.exe
  2⤵
  PID:5108
- C:\Windows\System\nBawCjF.exe
  C:\Windows\System\nBawCjF.exe
  2⤵
  PID:3524
- C:\Windows\System\sRWKVRO.exe
  C:\Windows\System\sRWKVRO.exe
  2⤵
  PID:3584
- C:\Windows\System\vFcCyln.exe
  C:\Windows\System\vFcCyln.exe
  2⤵
  PID:3752
- C:\Windows\System\gZzsMLp.exe
  C:\Windows\System\gZzsMLp.exe
  2⤵
  PID:4052
- C:\Windows\System\kJGVAOq.exe
  C:\Windows\System\kJGVAOq.exe
  2⤵
  PID:3020
- C:\Windows\System\utlrnbW.exe
  C:\Windows\System\utlrnbW.exe
  2⤵
  PID:4140
- C:\Windows\System\SlhiIeS.exe
  C:\Windows\System\SlhiIeS.exe
  2⤵
  PID:3988
- C:\Windows\System\BKoXdLm.exe
  C:\Windows\System\BKoXdLm.exe
  2⤵
  PID:4180
- C:\Windows\System\QBdPhJl.exe
  C:\Windows\System\QBdPhJl.exe
  2⤵
  PID:4228
- C:\Windows\System\wIniPHW.exe
  C:\Windows\System\wIniPHW.exe
  2⤵
  PID:4292
- C:\Windows\System\WPhQcfB.exe
  C:\Windows\System\WPhQcfB.exe
  2⤵
  PID:2488
- C:\Windows\System\CbLqozP.exe
  C:\Windows\System\CbLqozP.exe
  2⤵
  PID:4120
- C:\Windows\System\THfUlGz.exe
  C:\Windows\System\THfUlGz.exe
  2⤵
  PID:4168
- C:\Windows\System\dqyBhsY.exe
  C:\Windows\System\dqyBhsY.exe
  2⤵
  PID:4368
- C:\Windows\System\gtEKIMF.exe
  C:\Windows\System\gtEKIMF.exe
  2⤵
  PID:4408
- C:\Windows\System\PcAVxnn.exe
  C:\Windows\System\PcAVxnn.exe
  2⤵
  PID:4452
- C:\Windows\System\UUitTub.exe
  C:\Windows\System\UUitTub.exe
  2⤵
  PID:4492
- C:\Windows\System\rrmeyVu.exe
  C:\Windows\System\rrmeyVu.exe
  2⤵
  PID:4508
- C:\Windows\System\uIPpzwe.exe
  C:\Windows\System\uIPpzwe.exe
  2⤵
  PID:4592
- C:\Windows\System\BCYxKAG.exe
  C:\Windows\System\BCYxKAG.exe
  2⤵
  PID:4240
- C:\Windows\System\uYYzBlJ.exe
  C:\Windows\System\uYYzBlJ.exe
  2⤵
  PID:4348
- C:\Windows\System\ILYwaXl.exe
  C:\Windows\System\ILYwaXl.exe
  2⤵
  PID:4524
- C:\Windows\System\IseCkZi.exe
  C:\Windows\System\IseCkZi.exe
  2⤵
  PID:4520
- C:\Windows\System\KwFCzHy.exe
  C:\Windows\System\KwFCzHy.exe
  2⤵
  PID:4640
- C:\Windows\System\UQdWEbq.exe
  C:\Windows\System\UQdWEbq.exe
  2⤵
  PID:4704
- C:\Windows\System\iwHsAih.exe
  C:\Windows\System\iwHsAih.exe
  2⤵
  PID:4688
- C:\Windows\System\JTizgxj.exe
  C:\Windows\System\JTizgxj.exe
  2⤵
  PID:4728
- C:\Windows\System\HARRqNa.exe
  C:\Windows\System\HARRqNa.exe
  2⤵
  PID:4784
- C:\Windows\System\FozAdmt.exe
  C:\Windows\System\FozAdmt.exe
  2⤵
  PID:4860
- C:\Windows\System\iQFpALi.exe
  C:\Windows\System\iQFpALi.exe
  2⤵
  PID:4800
- C:\Windows\System\EtMmXva.exe
  C:\Windows\System\EtMmXva.exe
  2⤵
  PID:4936
- C:\Windows\System\iEcbgQs.exe
  C:\Windows\System\iEcbgQs.exe
  2⤵
  PID:4952
- C:\Windows\System\NMuJyGM.exe
  C:\Windows\System\NMuJyGM.exe
  2⤵
  PID:4880
- C:\Windows\System\pxmiupg.exe
  C:\Windows\System\pxmiupg.exe
  2⤵
  PID:4988
- C:\Windows\System\UaokQHL.exe
  C:\Windows\System\UaokQHL.exe
  2⤵
  PID:5028
- C:\Windows\System\BszUPgV.exe
  C:\Windows\System\BszUPgV.exe
  2⤵
  PID:5100
- C:\Windows\System\JfkSofD.exe
  C:\Windows\System\JfkSofD.exe
  2⤵
  PID:4968
- C:\Windows\System\gtPtOwv.exe
  C:\Windows\System\gtPtOwv.exe
  2⤵
  PID:5004
- C:\Windows\System\yFZOSKr.exe
  C:\Windows\System\yFZOSKr.exe
  2⤵
  PID:3332
- C:\Windows\System\kwtfbIU.exe
  C:\Windows\System\kwtfbIU.exe
  2⤵
  PID:3868
- C:\Windows\System\dYJhHKy.exe
  C:\Windows\System\dYJhHKy.exe
  2⤵
  PID:1768
- C:\Windows\System\JmGXtdy.exe
  C:\Windows\System\JmGXtdy.exe
  2⤵
  PID:4044
- C:\Windows\System\zkivVZb.exe
  C:\Windows\System\zkivVZb.exe
  2⤵
  PID:4124
- C:\Windows\System\SkHTUfl.exe
  C:\Windows\System\SkHTUfl.exe
  2⤵
  PID:3628
- C:\Windows\System\xYrwQJd.exe
  C:\Windows\System\xYrwQJd.exe
  2⤵
  PID:4448
- C:\Windows\System\wnImDHr.exe
  C:\Windows\System\wnImDHr.exe
  2⤵
  PID:4628
- C:\Windows\System\quBgCOB.exe
  C:\Windows\System\quBgCOB.exe
  2⤵
  PID:2740
- C:\Windows\System\bKwjXUO.exe
  C:\Windows\System\bKwjXUO.exe
  2⤵
  PID:4644
- C:\Windows\System\asvpXKm.exe
  C:\Windows\System\asvpXKm.exe
  2⤵
  PID:4748
- C:\Windows\System\iPqPJGg.exe
  C:\Windows\System\iPqPJGg.exe
  2⤵
  PID:4220
- C:\Windows\System\VDNdwko.exe
  C:\Windows\System\VDNdwko.exe
  2⤵
  PID:4404
- C:\Windows\System\SbTTMnl.exe
  C:\Windows\System\SbTTMnl.exe
  2⤵
  PID:4312
- C:\Windows\System\HwXmLJb.exe
  C:\Windows\System\HwXmLJb.exe
  2⤵
  PID:4732
- C:\Windows\System\xIXoRkM.exe
  C:\Windows\System\xIXoRkM.exe
  2⤵
  PID:4768
- C:\Windows\System\EgNHIJZ.exe
  C:\Windows\System\EgNHIJZ.exe
  2⤵
  PID:4672
- C:\Windows\System\eTrHTpA.exe
  C:\Windows\System\eTrHTpA.exe
  2⤵
  PID:4948
- C:\Windows\System\roebiib.exe
  C:\Windows\System\roebiib.exe
  2⤵
  PID:5012
- C:\Windows\System\LDwlrFk.exe
  C:\Windows\System\LDwlrFk.exe
  2⤵
  PID:4692
- C:\Windows\System\RZWDtIT.exe
  C:\Windows\System\RZWDtIT.exe
  2⤵
  PID:4828
- C:\Windows\System\KaZJRvr.exe
  C:\Windows\System\KaZJRvr.exe
  2⤵
  PID:4912
- C:\Windows\System\XdkgOeo.exe
  C:\Windows\System\XdkgOeo.exe
  2⤵
  PID:5024
- C:\Windows\System\mEmDItz.exe
  C:\Windows\System\mEmDItz.exe
  2⤵
  PID:4104
- C:\Windows\System\CKLPKiH.exe
  C:\Windows\System\CKLPKiH.exe
  2⤵
  PID:3284
- C:\Windows\System\GVlvDMf.exe
  C:\Windows\System\GVlvDMf.exe
  2⤵
  PID:4336
- C:\Windows\System\zxuXQMq.exe
  C:\Windows\System\zxuXQMq.exe
  2⤵
  PID:4504
- C:\Windows\System\CnVAXYM.exe
  C:\Windows\System\CnVAXYM.exe
  2⤵
  PID:4440
- C:\Windows\System\kyDEbIC.exe
  C:\Windows\System\kyDEbIC.exe
  2⤵
  PID:4204
- C:\Windows\System\jrUNiMK.exe
  C:\Windows\System\jrUNiMK.exe
  2⤵
  PID:2596
- C:\Windows\System\gbEYZup.exe
  C:\Windows\System\gbEYZup.exe
  2⤵
  PID:4248
- C:\Windows\System\ycRUgqA.exe
  C:\Windows\System\ycRUgqA.exe
  2⤵
  PID:5136
- C:\Windows\System\xwZkCND.exe
  C:\Windows\System\xwZkCND.exe
  2⤵
  PID:5156
- C:\Windows\System\YbEfJOp.exe
  C:\Windows\System\YbEfJOp.exe
  2⤵
  PID:5176
- C:\Windows\System\DibzWIn.exe
  C:\Windows\System\DibzWIn.exe
  2⤵
  PID:5196
- C:\Windows\System\eXYuCLx.exe
  C:\Windows\System\eXYuCLx.exe
  2⤵
  PID:5216
- C:\Windows\System\aOVeuAB.exe
  C:\Windows\System\aOVeuAB.exe
  2⤵
  PID:5236
- C:\Windows\System\CrDRZil.exe
  C:\Windows\System\CrDRZil.exe
  2⤵
  PID:5256
- C:\Windows\System\KDqVdIq.exe
  C:\Windows\System\KDqVdIq.exe
  2⤵
  PID:5276
- C:\Windows\System\ygUFlCj.exe
  C:\Windows\System\ygUFlCj.exe
  2⤵
  PID:5296
- C:\Windows\System\zOtyJBm.exe
  C:\Windows\System\zOtyJBm.exe
  2⤵
  PID:5316
- C:\Windows\System\jFQrjeI.exe
  C:\Windows\System\jFQrjeI.exe
  2⤵
  PID:5332
- C:\Windows\System\CsfkxHD.exe
  C:\Windows\System\CsfkxHD.exe
  2⤵
  PID:5352
- C:\Windows\System\SwIHnJL.exe
  C:\Windows\System\SwIHnJL.exe
  2⤵
  PID:5372
- C:\Windows\System\ZTsZxJK.exe
  C:\Windows\System\ZTsZxJK.exe
  2⤵
  PID:5392
- C:\Windows\System\DhGGGTa.exe
  C:\Windows\System\DhGGGTa.exe
  2⤵
  PID:5412
- C:\Windows\System\FhSwEdn.exe
  C:\Windows\System\FhSwEdn.exe
  2⤵
  PID:5432
- C:\Windows\System\ZFqvKGk.exe
  C:\Windows\System\ZFqvKGk.exe
  2⤵
  PID:5448
- C:\Windows\System\KvJToNo.exe
  C:\Windows\System\KvJToNo.exe
  2⤵
  PID:5472
- C:\Windows\System\JNddVfQ.exe
  C:\Windows\System\JNddVfQ.exe
  2⤵
  PID:5488
- C:\Windows\System\iBKZPah.exe
  C:\Windows\System\iBKZPah.exe
  2⤵
  PID:5516
- C:\Windows\System\OgEkWfw.exe
  C:\Windows\System\OgEkWfw.exe
  2⤵
  PID:5536
- C:\Windows\System\yPzOtAv.exe
  C:\Windows\System\yPzOtAv.exe
  2⤵
  PID:5552
- C:\Windows\System\GMjrAty.exe
  C:\Windows\System\GMjrAty.exe
  2⤵
  PID:5572
- C:\Windows\System\HzCMLMD.exe
  C:\Windows\System\HzCMLMD.exe
  2⤵
  PID:5592
- C:\Windows\System\CuKFZKK.exe
  C:\Windows\System\CuKFZKK.exe
  2⤵
  PID:5612
- C:\Windows\System\BamlQYP.exe
  C:\Windows\System\BamlQYP.exe
  2⤵
  PID:5632
- C:\Windows\System\xsIPbnX.exe
  C:\Windows\System\xsIPbnX.exe
  2⤵
  PID:5652
- C:\Windows\System\CBXIaRj.exe
  C:\Windows\System\CBXIaRj.exe
  2⤵
  PID:5672
- C:\Windows\System\GAXADvl.exe
  C:\Windows\System\GAXADvl.exe
  2⤵
  PID:5692
- C:\Windows\System\bwlTMpK.exe
  C:\Windows\System\bwlTMpK.exe
  2⤵
  PID:5712
- C:\Windows\System\lPScbql.exe
  C:\Windows\System\lPScbql.exe
  2⤵
  PID:5732
- C:\Windows\System\RFPXWIV.exe
  C:\Windows\System\RFPXWIV.exe
  2⤵
  PID:5752
- C:\Windows\System\QEExhgA.exe
  C:\Windows\System\QEExhgA.exe
  2⤵
  PID:5772
- C:\Windows\System\ErFWltZ.exe
  C:\Windows\System\ErFWltZ.exe
  2⤵
  PID:5788
- C:\Windows\System\hfwHWSy.exe
  C:\Windows\System\hfwHWSy.exe
  2⤵
  PID:5812
- C:\Windows\System\XbzaBAd.exe
  C:\Windows\System\XbzaBAd.exe
  2⤵
  PID:5828
- C:\Windows\System\XgbldGr.exe
  C:\Windows\System\XgbldGr.exe
  2⤵
  PID:5848
- C:\Windows\System\PmbDDLM.exe
  C:\Windows\System\PmbDDLM.exe
  2⤵
  PID:5864
- C:\Windows\System\OnGfpOg.exe
  C:\Windows\System\OnGfpOg.exe
  2⤵
  PID:5880
- C:\Windows\System\OdJlYCQ.exe
  C:\Windows\System\OdJlYCQ.exe
  2⤵
  PID:5896
- C:\Windows\System\lcOvDqf.exe
  C:\Windows\System\lcOvDqf.exe
  2⤵
  PID:5912
- C:\Windows\System\iwILRhd.exe
  C:\Windows\System\iwILRhd.exe
  2⤵
  PID:5928
- C:\Windows\System\bLJTSxV.exe
  C:\Windows\System\bLJTSxV.exe
  2⤵
  PID:5944
- C:\Windows\System\xkuWbdp.exe
  C:\Windows\System\xkuWbdp.exe
  2⤵
  PID:5964
- C:\Windows\System\HWIUQpp.exe
  C:\Windows\System\HWIUQpp.exe
  2⤵
  PID:5980
- C:\Windows\System\CjJBpYf.exe
  C:\Windows\System\CjJBpYf.exe
  2⤵
  PID:6004
- C:\Windows\System\CreIBYT.exe
  C:\Windows\System\CreIBYT.exe
  2⤵
  PID:6032
- C:\Windows\System\rBplndi.exe
  C:\Windows\System\rBplndi.exe
  2⤵
  PID:6052
- C:\Windows\System\PHHbgxt.exe
  C:\Windows\System\PHHbgxt.exe
  2⤵
  PID:6072
- C:\Windows\System\QmDCjEY.exe
  C:\Windows\System\QmDCjEY.exe
  2⤵
  PID:6096
- C:\Windows\System\TKHGFst.exe
  C:\Windows\System\TKHGFst.exe
  2⤵
  PID:6112
- C:\Windows\System\IUiYlhm.exe
  C:\Windows\System\IUiYlhm.exe
  2⤵
  PID:4468
- C:\Windows\System\varkjwl.exe
  C:\Windows\System\varkjwl.exe
  2⤵
  PID:4384
- C:\Windows\System\KJwkEIh.exe
  C:\Windows\System\KJwkEIh.exe
  2⤵
  PID:4944
- C:\Windows\System\sxvsHTg.exe
  C:\Windows\System\sxvsHTg.exe
  2⤵
  PID:5084
- C:\Windows\System\kOOBMHq.exe
  C:\Windows\System\kOOBMHq.exe
  2⤵
  PID:4976
- C:\Windows\System\dRCAUtU.exe
  C:\Windows\System\dRCAUtU.exe
  2⤵
  PID:4724
- C:\Windows\System\AcDFdFv.exe
  C:\Windows\System\AcDFdFv.exe
  2⤵
  PID:2592
- C:\Windows\System\txlJcMQ.exe
  C:\Windows\System\txlJcMQ.exe
  2⤵
  PID:4624
- C:\Windows\System\GbdyehL.exe
  C:\Windows\System\GbdyehL.exe
  2⤵
  PID:3948
- C:\Windows\System\JgoCcxt.exe
  C:\Windows\System\JgoCcxt.exe
  2⤵
  PID:5124
- C:\Windows\System\RqbXjpE.exe
  C:\Windows\System\RqbXjpE.exe
  2⤵
  PID:4580
- C:\Windows\System\YWlMvMc.exe
  C:\Windows\System\YWlMvMc.exe
  2⤵
  PID:4480
- C:\Windows\System\EVczAAY.exe
  C:\Windows\System\EVczAAY.exe
  2⤵
  PID:5152
- C:\Windows\System\oQQkohg.exe
  C:\Windows\System\oQQkohg.exe
  2⤵
  PID:5248
- C:\Windows\System\CwtUxXS.exe
  C:\Windows\System\CwtUxXS.exe
  2⤵
  PID:5184
- C:\Windows\System\HgGnrbn.exe
  C:\Windows\System\HgGnrbn.exe
  2⤵
  PID:5284
- C:\Windows\System\FQltcVn.exe
  C:\Windows\System\FQltcVn.exe
  2⤵
  PID:5360
- C:\Windows\System\xdGfLBz.exe
  C:\Windows\System\xdGfLBz.exe
  2⤵
  PID:5404
- C:\Windows\System\SYHxOMQ.exe
  C:\Windows\System\SYHxOMQ.exe
  2⤵
  PID:5308
- C:\Windows\System\JQmFCgJ.exe
  C:\Windows\System\JQmFCgJ.exe
  2⤵
  PID:5444
- C:\Windows\System\QZvTffV.exe
  C:\Windows\System\QZvTffV.exe
  2⤵
  PID:1176
- C:\Windows\System\BLtkgVX.exe
  C:\Windows\System\BLtkgVX.exe
  2⤵
  PID:1644
- C:\Windows\System\INtEOyA.exe
  C:\Windows\System\INtEOyA.exe
  2⤵
  PID:5560
- C:\Windows\System\YOtGfvs.exe
  C:\Windows\System\YOtGfvs.exe
  2⤵
  PID:1304
- C:\Windows\System\iBYQLMs.exe
  C:\Windows\System\iBYQLMs.exe
  2⤵
  PID:5428
- C:\Windows\System\ZtQVtCT.exe
  C:\Windows\System\ZtQVtCT.exe
  2⤵
  PID:776
- C:\Windows\System\IZClxMF.exe
  C:\Windows\System\IZClxMF.exe
  2⤵
  PID:1076
- C:\Windows\System\vGquyxC.exe
  C:\Windows\System\vGquyxC.exe
  2⤵
  PID:5496
- C:\Windows\System\ghFVAmH.exe
  C:\Windows\System\ghFVAmH.exe
  2⤵
  PID:5460
- C:\Windows\System\Ugbujhz.exe
  C:\Windows\System\Ugbujhz.exe
  2⤵
  PID:5508
- C:\Windows\System\JYPbzbE.exe
  C:\Windows\System\JYPbzbE.exe
  2⤵
  PID:5640
- C:\Windows\System\QyXZlIM.exe
  C:\Windows\System\QyXZlIM.exe
  2⤵
  PID:5684
- C:\Windows\System\usKzxBe.exe
  C:\Windows\System\usKzxBe.exe
  2⤵
  PID:5768
- C:\Windows\System\VOvZXTm.exe
  C:\Windows\System\VOvZXTm.exe
  2⤵
  PID:5808
- C:\Windows\System\TOJRVst.exe
  C:\Windows\System\TOJRVst.exe
  2⤵
  PID:5876
- C:\Windows\System\PGhwCUO.exe
  C:\Windows\System\PGhwCUO.exe
  2⤵
  PID:5544
- C:\Windows\System\GGmSkDI.exe
  C:\Windows\System\GGmSkDI.exe
  2⤵
  PID:5620
- C:\Windows\System\QiunSaE.exe
  C:\Windows\System\QiunSaE.exe
  2⤵
  PID:5664
- C:\Windows\System\rEwWBBC.exe
  C:\Windows\System\rEwWBBC.exe
  2⤵
  PID:6020
- C:\Windows\System\kAIsJbh.exe
  C:\Windows\System\kAIsJbh.exe
  2⤵
  PID:5748
- C:\Windows\System\OoDxlYa.exe
  C:\Windows\System\OoDxlYa.exe
  2⤵
  PID:6024
- C:\Windows\System\jbhrGmS.exe
  C:\Windows\System\jbhrGmS.exe
  2⤵
  PID:5824
- C:\Windows\System\iaLmiAk.exe
  C:\Windows\System\iaLmiAk.exe
  2⤵
  PID:6108
- C:\Windows\System\HUJKfpm.exe
  C:\Windows\System\HUJKfpm.exe
  2⤵
  PID:6044
- C:\Windows\System\pzHJWTJ.exe
  C:\Windows\System\pzHJWTJ.exe
  2⤵
  PID:6088
- C:\Windows\System\DptkYlu.exe
  C:\Windows\System\DptkYlu.exe
  2⤵
  PID:5952
- C:\Windows\System\zakfAiM.exe
  C:\Windows\System\zakfAiM.exe
  2⤵
  PID:6128
- C:\Windows\System\uGREbdL.exe
  C:\Windows\System\uGREbdL.exe
  2⤵
  PID:4564
- C:\Windows\System\EFQyCKx.exe
  C:\Windows\System\EFQyCKx.exe
  2⤵
  PID:5072
- C:\Windows\System\SWFkoMC.exe
  C:\Windows\System\SWFkoMC.exe
  2⤵
  PID:4896
- C:\Windows\System\nohQkXV.exe
  C:\Windows\System\nohQkXV.exe
  2⤵
  PID:3328
- C:\Windows\System\nDpBCdE.exe
  C:\Windows\System\nDpBCdE.exe
  2⤵
  PID:4208
- C:\Windows\System\edUwBov.exe
  C:\Windows\System\edUwBov.exe
  2⤵
  PID:3644
- C:\Windows\System\vyyTSkU.exe
  C:\Windows\System\vyyTSkU.exe
  2⤵
  PID:1104
- C:\Windows\System\QfplHcS.exe
  C:\Windows\System\QfplHcS.exe
  2⤵
  PID:5252
- C:\Windows\System\EsOYnOj.exe
  C:\Windows\System\EsOYnOj.exe
  2⤵
  PID:5228
- C:\Windows\System\SeoOjsp.exe
  C:\Windows\System\SeoOjsp.exe
  2⤵
  PID:2708
- C:\Windows\System\kxuKqFw.exe
  C:\Windows\System\kxuKqFw.exe
  2⤵
  PID:5288
- C:\Windows\System\ijNhMSy.exe
  C:\Windows\System\ijNhMSy.exe
  2⤵
  PID:5440
- C:\Windows\System\rFQTjsa.exe
  C:\Windows\System\rFQTjsa.exe
  2⤵
  PID:5264
- C:\Windows\System\GJdFYDg.exe
  C:\Windows\System\GJdFYDg.exe
  2⤵
  PID:2308
- C:\Windows\System\IPysXin.exe
  C:\Windows\System\IPysXin.exe
  2⤵
  PID:5532
- C:\Windows\System\jqFIHvU.exe
  C:\Windows\System\jqFIHvU.exe
  2⤵
  PID:440
- C:\Windows\System\gErOQfN.exe
  C:\Windows\System\gErOQfN.exe
  2⤵
  PID:1572
- C:\Windows\System\HVOPUnj.exe
  C:\Windows\System\HVOPUnj.exe
  2⤵
  PID:844
- C:\Windows\System\yJaDEYA.exe
  C:\Windows\System\yJaDEYA.exe
  2⤵
  PID:1568
- C:\Windows\System\PszJAdR.exe
  C:\Windows\System\PszJAdR.exe
  2⤵
  PID:5608
- C:\Windows\System\syNOFKt.exe
  C:\Windows\System\syNOFKt.exe
  2⤵
  PID:5728
- C:\Windows\System\VTJOsFO.exe
  C:\Windows\System\VTJOsFO.exe
  2⤵
  PID:5940
- C:\Windows\System\KwdLhAa.exe
  C:\Windows\System\KwdLhAa.exe
  2⤵
  PID:5660
- C:\Windows\System\onKBbzE.exe
  C:\Windows\System\onKBbzE.exe
  2⤵
  PID:2776
- C:\Windows\System\RxRYmxH.exe
  C:\Windows\System\RxRYmxH.exe
  2⤵
  PID:6012
- C:\Windows\System\PDLWsWl.exe
  C:\Windows\System\PDLWsWl.exe
  2⤵
  PID:6060
- C:\Windows\System\YNVhaDx.exe
  C:\Windows\System\YNVhaDx.exe
  2⤵
  PID:972
- C:\Windows\System\uGcfUTK.exe
  C:\Windows\System\uGcfUTK.exe
  2⤵
  PID:5996
- C:\Windows\System\mnBWRQD.exe
  C:\Windows\System\mnBWRQD.exe
  2⤵
  PID:5892
- C:\Windows\System\ZSdfNsq.exe
  C:\Windows\System\ZSdfNsq.exe
  2⤵
  PID:2600
- C:\Windows\System\wFTmWsM.exe
  C:\Windows\System\wFTmWsM.exe
  2⤵
  PID:5988
- C:\Windows\System\oKjTYox.exe
  C:\Windows\System\oKjTYox.exe
  2⤵
  PID:4756
- C:\Windows\System\moRoaZU.exe
  C:\Windows\System\moRoaZU.exe
  2⤵
  PID:3900
- C:\Windows\System\QIFWhDX.exe
  C:\Windows\System\QIFWhDX.exe
  2⤵
  PID:4924
- C:\Windows\System\feksmEZ.exe
  C:\Windows\System\feksmEZ.exe
  2⤵
  PID:5132
- C:\Windows\System\CWJxTki.exe
  C:\Windows\System\CWJxTki.exe
  2⤵
  PID:4604
- C:\Windows\System\mQAVbjC.exe
  C:\Windows\System\mQAVbjC.exe
  2⤵
  PID:5208
- C:\Windows\System\TgoKEIC.exe
  C:\Windows\System\TgoKEIC.exe
  2⤵
  PID:5292
- C:\Windows\System\DMdNgDJ.exe
  C:\Windows\System\DMdNgDJ.exe
  2⤵
  PID:5268
- C:\Windows\System\LScuauw.exe
  C:\Windows\System\LScuauw.exe
  2⤵
  PID:2044
- C:\Windows\System\cqDlJSU.exe
  C:\Windows\System\cqDlJSU.exe
  2⤵
  PID:5524
- C:\Windows\System\FgnoAhb.exe
  C:\Windows\System\FgnoAhb.exe
  2⤵
  PID:268
- C:\Windows\System\cGCzyBa.exe
  C:\Windows\System\cGCzyBa.exe
  2⤵
  PID:2288
- C:\Windows\System\GrWSHhX.exe
  C:\Windows\System\GrWSHhX.exe
  2⤵
  PID:5796
- C:\Windows\System\lVugxbQ.exe
  C:\Windows\System\lVugxbQ.exe
  2⤵
  PID:5724
- C:\Windows\System\EdVLHxb.exe
  C:\Windows\System\EdVLHxb.exe
  2⤵
  PID:5936
- C:\Windows\System\qOjOgXM.exe
  C:\Windows\System\qOjOgXM.exe
  2⤵
  PID:5588
- C:\Windows\System\CDUKXml.exe
  C:\Windows\System\CDUKXml.exe
  2⤵
  PID:5708
- C:\Windows\System\XSSSwaE.exe
  C:\Windows\System\XSSSwaE.exe
  2⤵
  PID:5820
- C:\Windows\System\UsyoAXX.exe
  C:\Windows\System\UsyoAXX.exe
  2⤵
  PID:6084
- C:\Windows\System\FFLTuTL.exe
  C:\Windows\System\FFLTuTL.exe
  2⤵
  PID:1772
- C:\Windows\System\UFxhWuT.exe
  C:\Windows\System\UFxhWuT.exe
  2⤵
  PID:2888
- C:\Windows\System\ztaLEME.exe
  C:\Windows\System\ztaLEME.exe
  2⤵
  PID:6120
- C:\Windows\System\FMQfbNR.exe
  C:\Windows\System\FMQfbNR.exe
  2⤵
  PID:4772
- C:\Windows\System\kwVgWQf.exe
  C:\Windows\System\kwVgWQf.exe
  2⤵
  PID:4856
- C:\Windows\System\owZipti.exe
  C:\Windows\System\owZipti.exe
  2⤵
  PID:3664
- C:\Windows\System\nbFpZBO.exe
  C:\Windows\System\nbFpZBO.exe
  2⤵
  PID:5304
- C:\Windows\System\gYnRVzH.exe
  C:\Windows\System\gYnRVzH.exe
  2⤵
  PID:672
- C:\Windows\System\EGUqTcy.exe
  C:\Windows\System\EGUqTcy.exe
  2⤵
  PID:2000
- C:\Windows\System\NQTyTFV.exe
  C:\Windows\System\NQTyTFV.exe
  2⤵
  PID:5580
- C:\Windows\System\HyGUXSM.exe
  C:\Windows\System\HyGUXSM.exe
  2⤵
  PID:6124
- C:\Windows\System\KIpLYXZ.exe
  C:\Windows\System\KIpLYXZ.exe
  2⤵
  PID:6152
- C:\Windows\System\gAderJB.exe
  C:\Windows\System\gAderJB.exe
  2⤵
  PID:6168
- C:\Windows\System\hnSsbkV.exe
  C:\Windows\System\hnSsbkV.exe
  2⤵
  PID:6184
- C:\Windows\System\TYmNBCE.exe
  C:\Windows\System\TYmNBCE.exe
  2⤵
  PID:6200
- C:\Windows\System\ancAgjR.exe
  C:\Windows\System\ancAgjR.exe
  2⤵
  PID:6216
- C:\Windows\System\Bvkkgol.exe
  C:\Windows\System\Bvkkgol.exe
  2⤵
  PID:6232
- C:\Windows\System\fuDGbos.exe
  C:\Windows\System\fuDGbos.exe
  2⤵
  PID:6248
- C:\Windows\System\vNSCDvl.exe
  C:\Windows\System\vNSCDvl.exe
  2⤵
  PID:6264
- C:\Windows\System\jVDPRYc.exe
  C:\Windows\System\jVDPRYc.exe
  2⤵
  PID:6280
- C:\Windows\System\wiWxKeq.exe
  C:\Windows\System\wiWxKeq.exe
  2⤵
  PID:6296
- C:\Windows\System\Vxyuaic.exe
  C:\Windows\System\Vxyuaic.exe
  2⤵
  PID:6312
- C:\Windows\System\IUpZySY.exe
  C:\Windows\System\IUpZySY.exe
  2⤵
  PID:6328
- C:\Windows\System\WutVLGa.exe
  C:\Windows\System\WutVLGa.exe
  2⤵
  PID:6344
- C:\Windows\System\dEatyef.exe
  C:\Windows\System\dEatyef.exe
  2⤵
  PID:6360
- C:\Windows\System\frrOVlk.exe
  C:\Windows\System\frrOVlk.exe
  2⤵
  PID:6376
- C:\Windows\System\Ggaxdzj.exe
  C:\Windows\System\Ggaxdzj.exe
  2⤵
  PID:6392
- C:\Windows\System\GVKFEzN.exe
  C:\Windows\System\GVKFEzN.exe
  2⤵
  PID:6408
- C:\Windows\System\mdDAHOS.exe
  C:\Windows\System\mdDAHOS.exe
  2⤵
  PID:6424
- C:\Windows\System\rLdkzxi.exe
  C:\Windows\System\rLdkzxi.exe
  2⤵
  PID:6440
- C:\Windows\System\JaNjFBx.exe
  C:\Windows\System\JaNjFBx.exe
  2⤵
  PID:6456
- C:\Windows\System\McptqNG.exe
  C:\Windows\System\McptqNG.exe
  2⤵
  PID:6472
- C:\Windows\System\evPfYJz.exe
  C:\Windows\System\evPfYJz.exe
  2⤵
  PID:6488
- C:\Windows\System\wrXfqok.exe
  C:\Windows\System\wrXfqok.exe
  2⤵
  PID:6504
- C:\Windows\System\rUhTvtQ.exe
  C:\Windows\System\rUhTvtQ.exe
  2⤵
  PID:6520
- C:\Windows\System\hDJxmmq.exe
  C:\Windows\System\hDJxmmq.exe
  2⤵
  PID:6556
- C:\Windows\System\pAspyfB.exe
  C:\Windows\System\pAspyfB.exe
  2⤵
  PID:6620
- C:\Windows\System\yvNQOZn.exe
  C:\Windows\System\yvNQOZn.exe
  2⤵
  PID:6640
- C:\Windows\System\Uwfjfgq.exe
  C:\Windows\System\Uwfjfgq.exe
  2⤵
  PID:6656
- C:\Windows\System\GMoCCiN.exe
  C:\Windows\System\GMoCCiN.exe
  2⤵
  PID:6672
- C:\Windows\System\vWrZyPJ.exe
  C:\Windows\System\vWrZyPJ.exe
  2⤵
  PID:6688
- C:\Windows\System\DdysDXe.exe
  C:\Windows\System\DdysDXe.exe
  2⤵
  PID:6704
- C:\Windows\System\nKcnHos.exe
  C:\Windows\System\nKcnHos.exe
  2⤵
  PID:6720
- C:\Windows\System\JLjngFY.exe
  C:\Windows\System\JLjngFY.exe
  2⤵
  PID:6736
- C:\Windows\System\CZwXnNC.exe
  C:\Windows\System\CZwXnNC.exe
  2⤵
  PID:6752
- C:\Windows\System\VuhlXNe.exe
  C:\Windows\System\VuhlXNe.exe
  2⤵
  PID:6768
- C:\Windows\System\SkdCMZw.exe
  C:\Windows\System\SkdCMZw.exe
  2⤵
  PID:6784
- C:\Windows\System\OWdxLkQ.exe
  C:\Windows\System\OWdxLkQ.exe
  2⤵
  PID:6800
- C:\Windows\System\ukMecRx.exe
  C:\Windows\System\ukMecRx.exe
  2⤵
  PID:6816
- C:\Windows\System\bQQpbjb.exe
  C:\Windows\System\bQQpbjb.exe
  2⤵
  PID:6832
- C:\Windows\System\NQFPFgX.exe
  C:\Windows\System\NQFPFgX.exe
  2⤵
  PID:6848
- C:\Windows\System\qSORLzf.exe
  C:\Windows\System\qSORLzf.exe
  2⤵
  PID:6864
- C:\Windows\System\uXglIAj.exe
  C:\Windows\System\uXglIAj.exe
  2⤵
  PID:6880
- C:\Windows\System\RIzWziV.exe
  C:\Windows\System\RIzWziV.exe
  2⤵
  PID:6896
- C:\Windows\System\sOvouyj.exe
  C:\Windows\System\sOvouyj.exe
  2⤵
  PID:6912
- C:\Windows\System\ecWiPJr.exe
  C:\Windows\System\ecWiPJr.exe
  2⤵
  PID:6928
- C:\Windows\System\HTUCxBk.exe
  C:\Windows\System\HTUCxBk.exe
  2⤵
  PID:6944
- C:\Windows\System\xgebrPN.exe
  C:\Windows\System\xgebrPN.exe
  2⤵
  PID:6960
- C:\Windows\System\yZQSxNz.exe
  C:\Windows\System\yZQSxNz.exe
  2⤵
  PID:6976
- C:\Windows\System\fZvSzpq.exe
  C:\Windows\System\fZvSzpq.exe
  2⤵
  PID:6992
- C:\Windows\System\pAjqWtK.exe
  C:\Windows\System\pAjqWtK.exe
  2⤵
  PID:7008
- C:\Windows\System\qTBsPEP.exe
  C:\Windows\System\qTBsPEP.exe
  2⤵
  PID:7024
- C:\Windows\System\OJPfsPv.exe
  C:\Windows\System\OJPfsPv.exe
  2⤵
  PID:7040
- C:\Windows\System\cCsrzVq.exe
  C:\Windows\System\cCsrzVq.exe
  2⤵
  PID:7056
- C:\Windows\System\hnIBDKU.exe
  C:\Windows\System\hnIBDKU.exe
  2⤵
  PID:7072
- C:\Windows\System\NQiRSiU.exe
  C:\Windows\System\NQiRSiU.exe
  2⤵
  PID:7088
- C:\Windows\System\UHuhaiI.exe
  C:\Windows\System\UHuhaiI.exe
  2⤵
  PID:7104
- C:\Windows\System\HmvmpEw.exe
  C:\Windows\System\HmvmpEw.exe
  2⤵
  PID:7120
- C:\Windows\System\ybfkbnG.exe
  C:\Windows\System\ybfkbnG.exe
  2⤵
  PID:7136
- C:\Windows\System\nBNNGhb.exe
  C:\Windows\System\nBNNGhb.exe
  2⤵
  PID:7152
- C:\Windows\System\PCwjLFn.exe
  C:\Windows\System\PCwjLFn.exe
  2⤵
  PID:2944
- C:\Windows\System\FKpIFNR.exe
  C:\Windows\System\FKpIFNR.exe
  2⤵
  PID:2864
- C:\Windows\System\NANGXPp.exe
  C:\Windows\System\NANGXPp.exe
  2⤵
  PID:5328
- C:\Windows\System\EJEjOsV.exe
  C:\Windows\System\EJEjOsV.exe
  2⤵
  PID:2248
- C:\Windows\System\xVbDfYf.exe
  C:\Windows\System\xVbDfYf.exe
  2⤵
  PID:5888
- C:\Windows\System\jkjJglf.exe
  C:\Windows\System\jkjJglf.exe
  2⤵
  PID:6192
- C:\Windows\System\rsAymtV.exe
  C:\Windows\System\rsAymtV.exe
  2⤵
  PID:6176
- C:\Windows\System\lGDnqRe.exe
  C:\Windows\System\lGDnqRe.exe
  2⤵
  PID:4920
- C:\Windows\System\ZxUgeBj.exe
  C:\Windows\System\ZxUgeBj.exe
  2⤵
  PID:6000
- C:\Windows\System\nkrdOgf.exe
  C:\Windows\System\nkrdOgf.exe
  2⤵
  PID:6244
- C:\Windows\System\TgkMHOg.exe
  C:\Windows\System\TgkMHOg.exe
  2⤵
  PID:6320
- C:\Windows\System\woPREML.exe
  C:\Windows\System\woPREML.exe
  2⤵
  PID:1484
- C:\Windows\System\dNPBwIQ.exe
  C:\Windows\System\dNPBwIQ.exe
  2⤵
  PID:6352
- C:\Windows\System\sdYqqRo.exe
  C:\Windows\System\sdYqqRo.exe
  2⤵
  PID:6480
- C:\Windows\System\CMFHmbp.exe
  C:\Windows\System\CMFHmbp.exe
  2⤵
  PID:6468
- C:\Windows\System\DniFpAL.exe
  C:\Windows\System\DniFpAL.exe
  2⤵
  PID:6532
- C:\Windows\System\ZQRfQLw.exe
  C:\Windows\System\ZQRfQLw.exe
  2⤵
  PID:6548
- C:\Windows\System\YDSTLkl.exe
  C:\Windows\System\YDSTLkl.exe
  2⤵
  PID:6568
- C:\Windows\System\CqzkYmc.exe
  C:\Windows\System\CqzkYmc.exe
  2⤵
  PID:6584
- C:\Windows\System\hqyYEvZ.exe
  C:\Windows\System\hqyYEvZ.exe
  2⤵
  PID:6600
- C:\Windows\System\gFKyXrU.exe
  C:\Windows\System\gFKyXrU.exe
  2⤵
  PID:6648
- C:\Windows\System\BBoaVYu.exe
  C:\Windows\System\BBoaVYu.exe
  2⤵
  PID:6712
- C:\Windows\System\LYMryNn.exe
  C:\Windows\System\LYMryNn.exe
  2⤵
  PID:6776
- C:\Windows\System\OidbETw.exe
  C:\Windows\System\OidbETw.exe
  2⤵
  PID:7000
- C:\Windows\System\uUggNon.exe
  C:\Windows\System\uUggNon.exe
  2⤵
  PID:7036
- C:\Windows\System\XlfSNfZ.exe
  C:\Windows\System\XlfSNfZ.exe
  2⤵
  PID:6628
- C:\Windows\System\KZsEvVp.exe
  C:\Windows\System\KZsEvVp.exe
  2⤵
  PID:6668
- C:\Windows\System\aBNSrNr.exe
  C:\Windows\System\aBNSrNr.exe
  2⤵
  PID:6728
- C:\Windows\System\PYcKCkQ.exe
  C:\Windows\System\PYcKCkQ.exe
  2⤵
  PID:7100
- C:\Windows\System\SviTubO.exe
  C:\Windows\System\SviTubO.exe
  2⤵
  PID:6956
- C:\Windows\System\eWtWPRW.exe
  C:\Windows\System\eWtWPRW.exe
  2⤵
  PID:7048
- C:\Windows\System\KyeGBfW.exe
  C:\Windows\System\KyeGBfW.exe
  2⤵
  PID:7112
- C:\Windows\System\AXDQeEg.exe
  C:\Windows\System\AXDQeEg.exe
  2⤵
  PID:6764
- C:\Windows\System\PHgcYaJ.exe
  C:\Windows\System\PHgcYaJ.exe
  2⤵
  PID:6924
- C:\Windows\System\aqaNlJn.exe
  C:\Windows\System\aqaNlJn.exe
  2⤵
  PID:6860
- C:\Windows\System\kIBgZRC.exe
  C:\Windows\System\kIBgZRC.exe
  2⤵
  PID:6796
- C:\Windows\System\qHuehPh.exe
  C:\Windows\System\qHuehPh.exe
  2⤵
  PID:5192
- C:\Windows\System\OfGBJEM.exe
  C:\Windows\System\OfGBJEM.exe
  2⤵
  PID:6068
- C:\Windows\System\SKxicvh.exe
  C:\Windows\System\SKxicvh.exe
  2⤵
  PID:5628
- C:\Windows\System\dzVuWCw.exe
  C:\Windows\System\dzVuWCw.exe
  2⤵
  PID:5908
- C:\Windows\System\BIyRkGr.exe
  C:\Windows\System\BIyRkGr.exe
  2⤵
  PID:6016
- C:\Windows\System\FBochIz.exe
  C:\Windows\System\FBochIz.exe
  2⤵
  PID:5600
- C:\Windows\System\BwplQQp.exe
  C:\Windows\System\BwplQQp.exe
  2⤵
  PID:6256
- C:\Windows\System\fhBWSXI.exe
  C:\Windows\System\fhBWSXI.exe
  2⤵
  PID:1616
- C:\Windows\System\ufZgKKa.exe
  C:\Windows\System\ufZgKKa.exe
  2⤵
  PID:6324
- C:\Windows\System\xnSJTjT.exe
  C:\Windows\System\xnSJTjT.exe
  2⤵
  PID:1576
- C:\Windows\System\gIjDUWX.exe
  C:\Windows\System\gIjDUWX.exe
  2⤵
  PID:2276
- C:\Windows\System\QoUkkqS.exe
  C:\Windows\System\QoUkkqS.exe
  2⤵
  PID:6304
- C:\Windows\System\BCHNkQE.exe
  C:\Windows\System\BCHNkQE.exe
  2⤵
  PID:1912
- C:\Windows\System\wzsfVpM.exe
  C:\Windows\System\wzsfVpM.exe
  2⤵
  PID:6340
- C:\Windows\System\iDHtSvV.exe
  C:\Windows\System\iDHtSvV.exe
  2⤵
  PID:6372
- C:\Windows\System\pdjhpvV.exe
  C:\Windows\System\pdjhpvV.exe
  2⤵
  PID:6516
- C:\Windows\System\QXipliX.exe
  C:\Windows\System\QXipliX.exe
  2⤵
  PID:6544
- C:\Windows\System\bgNJeos.exe
  C:\Windows\System\bgNJeos.exe
  2⤵
  PID:6680
- C:\Windows\System\DtZEjLF.exe
  C:\Windows\System\DtZEjLF.exe
  2⤵
  PID:6612
- C:\Windows\System\zEcsUSe.exe
  C:\Windows\System\zEcsUSe.exe
  2⤵
  PID:2960
- C:\Windows\System\adkULgt.exe
  C:\Windows\System\adkULgt.exe
  2⤵
  PID:6812
- C:\Windows\System\KWGpiTC.exe
  C:\Windows\System\KWGpiTC.exe
  2⤵
  PID:5680
- C:\Windows\System\RFzXWGH.exe
  C:\Windows\System\RFzXWGH.exe
  2⤵
  PID:5484
- C:\Windows\System\vKoebUJ.exe
  C:\Windows\System\vKoebUJ.exe
  2⤵
  PID:5164
- C:\Windows\System\UdhVBdo.exe
  C:\Windows\System\UdhVBdo.exe
  2⤵
  PID:6208
- C:\Windows\System\mAWZcAH.exe
  C:\Windows\System\mAWZcAH.exe
  2⤵
  PID:1356
- C:\Windows\System\GYwKEdn.exe
  C:\Windows\System\GYwKEdn.exe
  2⤵
  PID:2728
- C:\Windows\System\YEsyzIB.exe
  C:\Windows\System\YEsyzIB.exe
  2⤵
  PID:6452
- C:\Windows\System\yJIlzeO.exe
  C:\Windows\System\yJIlzeO.exe
  2⤵
  PID:6684
- C:\Windows\System\vuTGGLR.exe
  C:\Windows\System\vuTGGLR.exe
  2⤵
  PID:6608
- C:\Windows\System\eSLHNLD.exe
  C:\Windows\System\eSLHNLD.exe
  2⤵
  PID:6748
- C:\Windows\System\TetkuUJ.exe
  C:\Windows\System\TetkuUJ.exe
  2⤵
  PID:6876
- C:\Windows\System\FbumjVX.exe
  C:\Windows\System\FbumjVX.exe
  2⤵
  PID:6968
- C:\Windows\System\TQndOJp.exe
  C:\Windows\System\TQndOJp.exe
  2⤵
  PID:6636
- C:\Windows\System\xiDsNgH.exe
  C:\Windows\System\xiDsNgH.exe
  2⤵
  PID:2964
- C:\Windows\System\fCrBpas.exe
  C:\Windows\System\fCrBpas.exe
  2⤵
  PID:7084
- C:\Windows\System\WTIWGRi.exe
  C:\Windows\System\WTIWGRi.exe
  2⤵
  PID:7144
- C:\Windows\System\WOedMdr.exe
  C:\Windows\System\WOedMdr.exe
  2⤵
  PID:1604
- C:\Windows\System\qtuRLWV.exe
  C:\Windows\System\qtuRLWV.exe
  2⤵
  PID:1044
- C:\Windows\System\sRhUvFp.exe
  C:\Windows\System\sRhUvFp.exe
  2⤵
  PID:6952
- C:\Windows\System\RObzGWP.exe
  C:\Windows\System\RObzGWP.exe
  2⤵
  PID:2684
- C:\Windows\System\NdufaMs.exe
  C:\Windows\System\NdufaMs.exe
  2⤵
  PID:2476
- C:\Windows\System\XrfOqYB.exe
  C:\Windows\System\XrfOqYB.exe
  2⤵
  PID:5960
- C:\Windows\System\sEZrEFX.exe
  C:\Windows\System\sEZrEFX.exe
  2⤵
  PID:6288
- C:\Windows\System\tcyyvmr.exe
  C:\Windows\System\tcyyvmr.exe
  2⤵
  PID:1072
- C:\Windows\System\AWBPrmk.exe
  C:\Windows\System\AWBPrmk.exe
  2⤵
  PID:1428
- C:\Windows\System\PElrcnN.exe
  C:\Windows\System\PElrcnN.exe
  2⤵
  PID:6596
- C:\Windows\System\GpWLBxx.exe
  C:\Windows\System\GpWLBxx.exe
  2⤵
  PID:2616
- C:\Windows\System\bgCFNiC.exe
  C:\Windows\System\bgCFNiC.exe
  2⤵
  PID:6892
- C:\Windows\System\FgHQZvl.exe
  C:\Windows\System\FgHQZvl.exe
  2⤵
  PID:348
- C:\Windows\System\OhUctxI.exe
  C:\Windows\System\OhUctxI.exe
  2⤵
  PID:2292
- C:\Windows\System\eaokwBU.exe
  C:\Windows\System\eaokwBU.exe
  2⤵
  PID:6984
- C:\Windows\System\Ixvqics.exe
  C:\Windows\System\Ixvqics.exe
  2⤵
  PID:2860
- C:\Windows\System\NEohkox.exe
  C:\Windows\System\NEohkox.exe
  2⤵
  PID:1432
- C:\Windows\System\enPdLdW.exe
  C:\Windows\System\enPdLdW.exe
  2⤵
  PID:2316
- C:\Windows\System\vXbJGLd.exe
  C:\Windows\System\vXbJGLd.exe
  2⤵
  PID:6276
- C:\Windows\System\uyHHACU.exe
  C:\Windows\System\uyHHACU.exe
  2⤵
  PID:6908
- C:\Windows\System\zWULZLE.exe
  C:\Windows\System\zWULZLE.exe
  2⤵
  PID:5408
- C:\Windows\System\JKOmQLH.exe
  C:\Windows\System\JKOmQLH.exe
  2⤵
  PID:7172
- C:\Windows\System\AqvrMgj.exe
  C:\Windows\System\AqvrMgj.exe
  2⤵
  PID:7188
- C:\Windows\System\nRjIfyh.exe
  C:\Windows\System\nRjIfyh.exe
  2⤵
  PID:7208
- C:\Windows\System\XnbJWiP.exe
  C:\Windows\System\XnbJWiP.exe
  2⤵
  PID:7264
- C:\Windows\System\dCuiqQJ.exe
  C:\Windows\System\dCuiqQJ.exe
  2⤵
  PID:7284
- C:\Windows\System\xHJqRUl.exe
  C:\Windows\System\xHJqRUl.exe
  2⤵
  PID:7300
- C:\Windows\System\PdHYYyU.exe
  C:\Windows\System\PdHYYyU.exe
  2⤵
  PID:7316
- C:\Windows\System\zHWGYEf.exe
  C:\Windows\System\zHWGYEf.exe
  2⤵
  PID:7332
- C:\Windows\System\MgRAxQw.exe
  C:\Windows\System\MgRAxQw.exe
  2⤵
  PID:7352
- C:\Windows\System\SSZpuzH.exe
  C:\Windows\System\SSZpuzH.exe
  2⤵
  PID:7372
- C:\Windows\System\ADwgeKZ.exe
  C:\Windows\System\ADwgeKZ.exe
  2⤵
  PID:7392
- C:\Windows\System\TGOELdW.exe
  C:\Windows\System\TGOELdW.exe
  2⤵
  PID:7408
- C:\Windows\System\MtbslIf.exe
  C:\Windows\System\MtbslIf.exe
  2⤵
  PID:7424
- C:\Windows\System\zWHvuhv.exe
  C:\Windows\System\zWHvuhv.exe
  2⤵
  PID:7440
- C:\Windows\System\BfxbzHD.exe
  C:\Windows\System\BfxbzHD.exe
  2⤵
  PID:7460
- C:\Windows\System\oFaqSBW.exe
  C:\Windows\System\oFaqSBW.exe
  2⤵
  PID:7480
- C:\Windows\System\AiwUkrw.exe
  C:\Windows\System\AiwUkrw.exe
  2⤵
  PID:7500
- C:\Windows\System\GxgRJtB.exe
  C:\Windows\System\GxgRJtB.exe
  2⤵
  PID:7516
- C:\Windows\System\qdhKhMN.exe
  C:\Windows\System\qdhKhMN.exe
  2⤵
  PID:7536
- C:\Windows\System\pmhqzEK.exe
  C:\Windows\System\pmhqzEK.exe
  2⤵
  PID:7552
- C:\Windows\System\heIiuPh.exe
  C:\Windows\System\heIiuPh.exe
  2⤵
  PID:7572
- C:\Windows\System\oeGcVxd.exe
  C:\Windows\System\oeGcVxd.exe
  2⤵
  PID:7588
- C:\Windows\System\FSDQybo.exe
  C:\Windows\System\FSDQybo.exe
  2⤵
  PID:7604
- C:\Windows\System\rPhhXvV.exe
  C:\Windows\System\rPhhXvV.exe
  2⤵
  PID:7620
- C:\Windows\System\zzPRMoR.exe
  C:\Windows\System\zzPRMoR.exe
  2⤵
  PID:7636
- C:\Windows\System\TQrrYfy.exe
  C:\Windows\System\TQrrYfy.exe
  2⤵
  PID:7660
- C:\Windows\System\ZAOPrEm.exe
  C:\Windows\System\ZAOPrEm.exe
  2⤵
  PID:7680
- C:\Windows\System\ffiNVsL.exe
  C:\Windows\System\ffiNVsL.exe
  2⤵
  PID:7696
- C:\Windows\System\VSWTwLy.exe
  C:\Windows\System\VSWTwLy.exe
  2⤵
  PID:7712
- C:\Windows\System\AYXLXfw.exe
  C:\Windows\System\AYXLXfw.exe
  2⤵
  PID:7728
- C:\Windows\System\JuLUrzV.exe
  C:\Windows\System\JuLUrzV.exe
  2⤵
  PID:7748
- C:\Windows\System\xJvJBHl.exe
  C:\Windows\System\xJvJBHl.exe
  2⤵
  PID:7768
- C:\Windows\System\cesWybZ.exe
  C:\Windows\System\cesWybZ.exe
  2⤵
  PID:7792
- C:\Windows\System\YpuKwXQ.exe
  C:\Windows\System\YpuKwXQ.exe
  2⤵
  PID:7808
- C:\Windows\System\KHUVNxx.exe
  C:\Windows\System\KHUVNxx.exe
  2⤵
  PID:7824
- C:\Windows\System\DLIaSYB.exe
  C:\Windows\System\DLIaSYB.exe
  2⤵
  PID:7848
- C:\Windows\System\XMdUQJg.exe
  C:\Windows\System\XMdUQJg.exe
  2⤵
  PID:7864
- C:\Windows\System\KLIapKb.exe
  C:\Windows\System\KLIapKb.exe
  2⤵
  PID:7884
- C:\Windows\System\LFNHDCc.exe
  C:\Windows\System\LFNHDCc.exe
  2⤵
  PID:7900
- C:\Windows\System\YsYtbmu.exe
  C:\Windows\System\YsYtbmu.exe
  2⤵
  PID:7916
- C:\Windows\System\kxAihzN.exe
  C:\Windows\System\kxAihzN.exe
  2⤵
  PID:7932
- C:\Windows\System\MDPVwyY.exe
  C:\Windows\System\MDPVwyY.exe
  2⤵
  PID:7952
- C:\Windows\System\AohmDrc.exe
  C:\Windows\System\AohmDrc.exe
  2⤵
  PID:7976
- C:\Windows\System\bWXTuVb.exe
  C:\Windows\System\bWXTuVb.exe
  2⤵
  PID:7996
- C:\Windows\System\dJVbqPh.exe
  C:\Windows\System\dJVbqPh.exe
  2⤵
  PID:8084
- C:\Windows\System\VqPzJvO.exe
  C:\Windows\System\VqPzJvO.exe
  2⤵
  PID:8100
- C:\Windows\System\EtiMjPs.exe
  C:\Windows\System\EtiMjPs.exe
  2⤵
  PID:8120
- C:\Windows\System\CwOTMJO.exe
  C:\Windows\System\CwOTMJO.exe
  2⤵
  PID:8136
- C:\Windows\System\CEglTBT.exe
  C:\Windows\System\CEglTBT.exe
  2⤵
  PID:8156
- C:\Windows\System\DWbPDSp.exe
  C:\Windows\System\DWbPDSp.exe
  2⤵
  PID:8172
- C:\Windows\System\uHIxhuS.exe
  C:\Windows\System\uHIxhuS.exe
  2⤵
  PID:8188
- C:\Windows\System\CLEZAPF.exe
  C:\Windows\System\CLEZAPF.exe
  2⤵
  PID:7216
- C:\Windows\System\MlIQThN.exe
  C:\Windows\System\MlIQThN.exe
  2⤵
  PID:7232
- C:\Windows\System\XHjCoec.exe
  C:\Windows\System\XHjCoec.exe
  2⤵
  PID:7248
- C:\Windows\System\lgwLPBm.exe
  C:\Windows\System\lgwLPBm.exe
  2⤵
  PID:6196
- C:\Windows\System\NPLKTEM.exe
  C:\Windows\System\NPLKTEM.exe
  2⤵
  PID:2348
- C:\Windows\System\zQEkZIX.exe
  C:\Windows\System\zQEkZIX.exe
  2⤵
  PID:6404
- C:\Windows\System\BITwIuh.exe
  C:\Windows\System\BITwIuh.exe
  2⤵
  PID:1040
- C:\Windows\System\ZuEhibp.exe
  C:\Windows\System\ZuEhibp.exe
  2⤵
  PID:7200
- C:\Windows\System\AQMbMtz.exe
  C:\Windows\System\AQMbMtz.exe
  2⤵
  PID:7220
- C:\Windows\System\qsLaVcy.exe
  C:\Windows\System\qsLaVcy.exe
  2⤵
  PID:7296
- C:\Windows\System\JlHRvHW.exe
  C:\Windows\System\JlHRvHW.exe
  2⤵
  PID:7364
- C:\Windows\System\zlNMXAy.exe
  C:\Windows\System\zlNMXAy.exe
  2⤵
  PID:7468
- C:\Windows\System\RNgfJwp.exe
  C:\Windows\System\RNgfJwp.exe
  2⤵
  PID:7512
- C:\Windows\System\nrqMtpy.exe
  C:\Windows\System\nrqMtpy.exe
  2⤵
  PID:7548
- C:\Windows\System\gnDGDdp.exe
  C:\Windows\System\gnDGDdp.exe
  2⤵
  PID:7656
- C:\Windows\System\HDMSjWB.exe
  C:\Windows\System\HDMSjWB.exe
  2⤵
  PID:7724
- C:\Windows\System\wFWQxJa.exe
  C:\Windows\System\wFWQxJa.exe
  2⤵
  PID:7804
- C:\Windows\System\JhMExFl.exe
  C:\Windows\System\JhMExFl.exe
  2⤵
  PID:7844
- C:\Windows\System\mRfkfhP.exe
  C:\Windows\System\mRfkfhP.exe
  2⤵
  PID:7912
- C:\Windows\System\ThocmEs.exe
  C:\Windows\System\ThocmEs.exe
  2⤵
  PID:7988
- C:\Windows\System\EDEdOCq.exe
  C:\Windows\System\EDEdOCq.exe
  2⤵
  PID:7344
- C:\Windows\System\tMgtbJZ.exe
  C:\Windows\System\tMgtbJZ.exe
  2⤵
  PID:7380
- C:\Windows\System\Bigexvz.exe
  C:\Windows\System\Bigexvz.exe
  2⤵
  PID:8004
- C:\Windows\System\MifYfKe.exe
  C:\Windows\System\MifYfKe.exe
  2⤵
  PID:7456
- C:\Windows\System\DEfYthH.exe
  C:\Windows\System\DEfYthH.exe
  2⤵
  PID:8092
- C:\Windows\System\TdOgFed.exe
  C:\Windows\System\TdOgFed.exe
  2⤵
  PID:7596
- C:\Windows\System\QfNRcci.exe
  C:\Windows\System\QfNRcci.exe
  2⤵
  PID:7672
- C:\Windows\System\iIvRhgA.exe
  C:\Windows\System\iIvRhgA.exe
  2⤵
  PID:7736
- C:\Windows\System\nKcbDcE.exe
  C:\Windows\System\nKcbDcE.exe
  2⤵
  PID:7788
- C:\Windows\System\uNhMtDK.exe
  C:\Windows\System\uNhMtDK.exe
  2⤵
  PID:7896
- C:\Windows\System\KQkRCUN.exe
  C:\Windows\System\KQkRCUN.exe
  2⤵
  PID:7972
- C:\Windows\System\jIHHstd.exe
  C:\Windows\System\jIHHstd.exe
  2⤵
  PID:8032
- C:\Windows\System\IwBsWLB.exe
  C:\Windows\System\IwBsWLB.exe
  2⤵
  PID:7240
- C:\Windows\System\xGxKrkp.exe
  C:\Windows\System\xGxKrkp.exe
  2⤵
  PID:8044
- C:\Windows\System\zainDob.exe
  C:\Windows\System\zainDob.exe
  2⤵
  PID:8072
- C:\Windows\System\kLwVOPS.exe
  C:\Windows\System\kLwVOPS.exe
  2⤵
  PID:6940
- C:\Windows\System\LSdmOxK.exe
  C:\Windows\System\LSdmOxK.exe
  2⤵
  PID:8108
- C:\Windows\System\RCjkSUu.exe
  C:\Windows\System\RCjkSUu.exe
  2⤵
  PID:8116
- C:\Windows\System\VVIsJYQ.exe
  C:\Windows\System\VVIsJYQ.exe
  2⤵
  PID:7224
- C:\Windows\System\hTStOla.exe
  C:\Windows\System\hTStOla.exe
  2⤵
  PID:2056
- C:\Windows\System\dCWpkhl.exe
  C:\Windows\System\dCWpkhl.exe
  2⤵
  PID:6696
- C:\Windows\System\FjrPvjz.exe
  C:\Windows\System\FjrPvjz.exe
  2⤵
  PID:6528
- C:\Windows\System\OxDGNDS.exe
  C:\Windows\System\OxDGNDS.exe
  2⤵
  PID:7324
- C:\Windows\System\JUQWqkc.exe
  C:\Windows\System\JUQWqkc.exe
  2⤵
  PID:7648
- C:\Windows\System\xuFptqq.exe
  C:\Windows\System\xuFptqq.exe
  2⤵
  PID:7800
- C:\Windows\System\BefKDVB.exe
  C:\Windows\System\BefKDVB.exe
  2⤵
  PID:7528
- C:\Windows\System\hAwcOac.exe
  C:\Windows\System\hAwcOac.exe
  2⤵
  PID:7276
- C:\Windows\System\aZCUhOH.exe
  C:\Windows\System\aZCUhOH.exe
  2⤵
  PID:7432
- C:\Windows\System\KCAwPlC.exe
  C:\Windows\System\KCAwPlC.exe
  2⤵
  PID:7692
- C:\Windows\System\JZxeKxg.exe
  C:\Windows\System\JZxeKxg.exe
  2⤵
  PID:7836
- C:\Windows\System\ujspOqd.exe
  C:\Windows\System\ujspOqd.exe
  2⤵
  PID:7744
- C:\Windows\System\rCHjEWj.exe
  C:\Windows\System\rCHjEWj.exe
  2⤵
  PID:7928
- C:\Windows\System\homCWRi.exe
  C:\Windows\System\homCWRi.exe
  2⤵
  PID:7416
- C:\Windows\System\WmZCkaR.exe
  C:\Windows\System\WmZCkaR.exe
  2⤵
  PID:7448
- C:\Windows\System\WvBIEaV.exe
  C:\Windows\System\WvBIEaV.exe
  2⤵
  PID:8048
- C:\Windows\System\FkieKPF.exe
  C:\Windows\System\FkieKPF.exe
  2⤵
  PID:8128
- C:\Windows\System\aPsABQY.exe
  C:\Windows\System\aPsABQY.exe
  2⤵
  PID:8168
- C:\Windows\System\pVgRPdw.exe
  C:\Windows\System\pVgRPdw.exe
  2⤵
  PID:8060
- C:\Windows\System\tquAoHm.exe
  C:\Windows\System\tquAoHm.exe
  2⤵
  PID:8148
- C:\Windows\System\EZsLpnO.exe
  C:\Windows\System\EZsLpnO.exe
  2⤵
  PID:7260
- C:\Windows\System\LimJAnk.exe
  C:\Windows\System\LimJAnk.exe
  2⤵
  PID:7348
- C:\Windows\System\fqUqzpp.exe
  C:\Windows\System\fqUqzpp.exe
  2⤵
  PID:7776
- C:\Windows\System\QakinPL.exe
  C:\Windows\System\QakinPL.exe
  2⤵
  PID:7496
- C:\Windows\System\DxzRRAD.exe
  C:\Windows\System\DxzRRAD.exe
  2⤵
  PID:7256
- C:\Windows\System\yBCfcsn.exe
  C:\Windows\System\yBCfcsn.exe
  2⤵
  PID:7132
- C:\Windows\System\qLgFLZY.exe
  C:\Windows\System\qLgFLZY.exe
  2⤵
  PID:7508
- C:\Windows\System\ZByJCkb.exe
  C:\Windows\System\ZByJCkb.exe
  2⤵
  PID:7400
- C:\Windows\System\xySnarj.exe
  C:\Windows\System\xySnarj.exe
  2⤵
  PID:7944
- C:\Windows\System\NdkpDyC.exe
  C:\Windows\System\NdkpDyC.exe
  2⤵
  PID:7708
- C:\Windows\System\qxGvEun.exe
  C:\Windows\System\qxGvEun.exe
  2⤵
  PID:7160
- C:\Windows\System\ikorxbH.exe
  C:\Windows\System\ikorxbH.exe
  2⤵
  PID:7860
- C:\Windows\System\HSyUAXt.exe
  C:\Windows\System\HSyUAXt.exe
  2⤵
  PID:8064
- C:\Windows\System\KiobTqV.exe
  C:\Windows\System\KiobTqV.exe
  2⤵
  PID:4328
- C:\Windows\System\ehIVOYt.exe
  C:\Windows\System\ehIVOYt.exe
  2⤵
  PID:7560
- C:\Windows\System\XaHNmgK.exe
  C:\Windows\System\XaHNmgK.exe
  2⤵
  PID:7020
- C:\Windows\System\VOKnNtG.exe
  C:\Windows\System\VOKnNtG.exe
  2⤵
  PID:7568
- C:\Windows\System\qcYnAOe.exe
  C:\Windows\System\qcYnAOe.exe
  2⤵
  PID:7628
- C:\Windows\System\qKlUfmO.exe
  C:\Windows\System\qKlUfmO.exe
  2⤵
  PID:7476
- C:\Windows\System\jmSEDyL.exe
  C:\Windows\System\jmSEDyL.exe
  2⤵
  PID:7180
- C:\Windows\System\fNfYcAt.exe
  C:\Windows\System\fNfYcAt.exe
  2⤵
  PID:7312
- C:\Windows\System\EFDiPkW.exe
  C:\Windows\System\EFDiPkW.exe
  2⤵
  PID:7272
- C:\Windows\System\MEeuycZ.exe
  C:\Windows\System\MEeuycZ.exe
  2⤵
  PID:7760
- C:\Windows\System\ArhHfHU.exe
  C:\Windows\System\ArhHfHU.exe
  2⤵
  PID:7532
- C:\Windows\System\gOTHwbZ.exe
  C:\Windows\System\gOTHwbZ.exe
  2⤵
  PID:6872
- C:\Windows\System\hueAaKX.exe
  C:\Windows\System\hueAaKX.exe
  2⤵
  PID:7856
- C:\Windows\System\vqqktus.exe
  C:\Windows\System\vqqktus.exe
  2⤵
  PID:8208
- C:\Windows\System\SoeDBTM.exe
  C:\Windows\System\SoeDBTM.exe
  2⤵
  PID:8224
- C:\Windows\System\QYLgFdb.exe
  C:\Windows\System\QYLgFdb.exe
  2⤵
  PID:8240
- C:\Windows\System\VBHiwMF.exe
  C:\Windows\System\VBHiwMF.exe
  2⤵
  PID:8260
- C:\Windows\System\WVXhvlu.exe
  C:\Windows\System\WVXhvlu.exe
  2⤵
  PID:8276
- C:\Windows\System\JzJQBhc.exe
  C:\Windows\System\JzJQBhc.exe
  2⤵
  PID:8292
- C:\Windows\System\lUtGzYm.exe
  C:\Windows\System\lUtGzYm.exe
  2⤵
  PID:8308
- C:\Windows\System\XSbBWZV.exe
  C:\Windows\System\XSbBWZV.exe
  2⤵
  PID:8324
- C:\Windows\System\ayoKJbh.exe
  C:\Windows\System\ayoKJbh.exe
  2⤵
  PID:8344
- C:\Windows\System\cILPweK.exe
  C:\Windows\System\cILPweK.exe
  2⤵
  PID:8360
- C:\Windows\System\EXDxBAs.exe
  C:\Windows\System\EXDxBAs.exe
  2⤵
  PID:8376
- C:\Windows\System\JjRlsGt.exe
  C:\Windows\System\JjRlsGt.exe
  2⤵
  PID:8400
- C:\Windows\System\AsAMbfY.exe
  C:\Windows\System\AsAMbfY.exe
  2⤵
  PID:8420
- C:\Windows\System\TyfTodd.exe
  C:\Windows\System\TyfTodd.exe
  2⤵
  PID:8436
- C:\Windows\System\FenRDjF.exe
  C:\Windows\System\FenRDjF.exe
  2⤵
  PID:8460
- C:\Windows\System\rUDHHcZ.exe
  C:\Windows\System\rUDHHcZ.exe
  2⤵
  PID:8476
- C:\Windows\System\NfXWwFN.exe
  C:\Windows\System\NfXWwFN.exe
  2⤵
  PID:8492
- C:\Windows\System\ZXJoBtW.exe
  C:\Windows\System\ZXJoBtW.exe
  2⤵
  PID:8512
- C:\Windows\System\QxGZnUp.exe
  C:\Windows\System\QxGZnUp.exe
  2⤵
  PID:8528
- C:\Windows\System\uWRegJQ.exe
  C:\Windows\System\uWRegJQ.exe
  2⤵
  PID:8544
- C:\Windows\System\FcUYFUI.exe
  C:\Windows\System\FcUYFUI.exe
  2⤵
  PID:8568
- C:\Windows\System\QvMEBCQ.exe
  C:\Windows\System\QvMEBCQ.exe
  2⤵
  PID:8588
- C:\Windows\System\PMFOVms.exe
  C:\Windows\System\PMFOVms.exe
  2⤵
  PID:8648
- C:\Windows\System\IedGywu.exe
  C:\Windows\System\IedGywu.exe
  2⤵
  PID:8664
- C:\Windows\System\ksOQJiN.exe
  C:\Windows\System\ksOQJiN.exe
  2⤵
  PID:8680
- C:\Windows\System\BEIVXAi.exe
  C:\Windows\System\BEIVXAi.exe
  2⤵
  PID:8736
- C:\Windows\System\WLNNQYQ.exe
  C:\Windows\System\WLNNQYQ.exe
  2⤵
  PID:8760
- C:\Windows\System\PinarCJ.exe
  C:\Windows\System\PinarCJ.exe
  2⤵
  PID:8776
- C:\Windows\System\uKeoCKk.exe
  C:\Windows\System\uKeoCKk.exe
  2⤵
  PID:8796
- C:\Windows\System\NvpUhzJ.exe
  C:\Windows\System\NvpUhzJ.exe
  2⤵
  PID:8812
- C:\Windows\System\WootwCG.exe
  C:\Windows\System\WootwCG.exe
  2⤵
  PID:8828
- C:\Windows\System\ujVjeJx.exe
  C:\Windows\System\ujVjeJx.exe
  2⤵
  PID:8844
- C:\Windows\System\JdcwQUK.exe
  C:\Windows\System\JdcwQUK.exe
  2⤵
  PID:8860
- C:\Windows\System\vUXWIlj.exe
  C:\Windows\System\vUXWIlj.exe
  2⤵
  PID:8876
- C:\Windows\System\bkVfjYV.exe
  C:\Windows\System\bkVfjYV.exe
  2⤵
  PID:8892
- C:\Windows\System\vWzfzID.exe
  C:\Windows\System\vWzfzID.exe
  2⤵
  PID:8908
- C:\Windows\System\oohQaCP.exe
  C:\Windows\System\oohQaCP.exe
  2⤵
  PID:8924
- C:\Windows\System\aenNSBS.exe
  C:\Windows\System\aenNSBS.exe
  2⤵
  PID:8940
- C:\Windows\System\urtJDvl.exe
  C:\Windows\System\urtJDvl.exe
  2⤵
  PID:8956
- C:\Windows\System\hNLbafZ.exe
  C:\Windows\System\hNLbafZ.exe
  2⤵
  PID:8972
- C:\Windows\System\GCDNbVx.exe
  C:\Windows\System\GCDNbVx.exe
  2⤵
  PID:8988
- C:\Windows\System\rrsAmrD.exe
  C:\Windows\System\rrsAmrD.exe
  2⤵
  PID:9004
- C:\Windows\System\YsPxzAc.exe
  C:\Windows\System\YsPxzAc.exe
  2⤵
  PID:9020
- C:\Windows\System\QBezxVx.exe
  C:\Windows\System\QBezxVx.exe
  2⤵
  PID:9036
- C:\Windows\System\bTJmmHT.exe
  C:\Windows\System\bTJmmHT.exe
  2⤵
  PID:9056
- C:\Windows\System\qbRuyIw.exe
  C:\Windows\System\qbRuyIw.exe
  2⤵
  PID:9072
- C:\Windows\System\nmnSslh.exe
  C:\Windows\System\nmnSslh.exe
  2⤵
  PID:9088
- C:\Windows\System\BHKURef.exe
  C:\Windows\System\BHKURef.exe
  2⤵
  PID:9104
- C:\Windows\System\XHTswIc.exe
  C:\Windows\System\XHTswIc.exe
  2⤵
  PID:9124
- C:\Windows\System\pKwwiXe.exe
  C:\Windows\System\pKwwiXe.exe
  2⤵
  PID:9140
- C:\Windows\System\ZqaEkMz.exe
  C:\Windows\System\ZqaEkMz.exe
  2⤵
  PID:9156
- C:\Windows\System\lNOauON.exe
  C:\Windows\System\lNOauON.exe
  2⤵
  PID:9172
- C:\Windows\System\nxakcuI.exe
  C:\Windows\System\nxakcuI.exe
  2⤵
  PID:9188
- C:\Windows\System\JPBvvzJ.exe
  C:\Windows\System\JPBvvzJ.exe
  2⤵
  PID:9208
- C:\Windows\System\mFSIoCC.exe
  C:\Windows\System\mFSIoCC.exe
  2⤵
  PID:7616
- C:\Windows\System\niChpTh.exe
  C:\Windows\System\niChpTh.exe
  2⤵
  PID:8252
- C:\Windows\System\QbbgYXm.exe
  C:\Windows\System\QbbgYXm.exe
  2⤵
  PID:8356
- C:\Windows\System\jvsUiqv.exe
  C:\Windows\System\jvsUiqv.exe
  2⤵
  PID:8372
- C:\Windows\System\XOiTMfr.exe
  C:\Windows\System\XOiTMfr.exe
  2⤵
  PID:7452
- C:\Windows\System\GSwbCmb.exe
  C:\Windows\System\GSwbCmb.exe
  2⤵
  PID:8368
- C:\Windows\System\gfOZBsU.exe
  C:\Windows\System\gfOZBsU.exe
  2⤵
  PID:8432
- C:\Windows\System\FRFrxDZ.exe
  C:\Windows\System\FRFrxDZ.exe
  2⤵
  PID:8444
- C:\Windows\System\ExOJvgn.exe
  C:\Windows\System\ExOJvgn.exe
  2⤵
  PID:8484
- C:\Windows\System\GZObDLQ.exe
  C:\Windows\System\GZObDLQ.exe
  2⤵
  PID:8552
- C:\Windows\System\wyDmXiz.exe
  C:\Windows\System\wyDmXiz.exe
  2⤵
  PID:8576
- C:\Windows\System\iEDuBKP.exe
  C:\Windows\System\iEDuBKP.exe
  2⤵
  PID:8596
- C:\Windows\System\rqRdSdr.exe
  C:\Windows\System\rqRdSdr.exe
  2⤵
  PID:8612
- C:\Windows\System\OuqzGnA.exe
  C:\Windows\System\OuqzGnA.exe
  2⤵
  PID:8628
- C:\Windows\System\KAYKLab.exe
  C:\Windows\System\KAYKLab.exe
  2⤵
  PID:8644
- C:\Windows\System\ibWPPnR.exe
  C:\Windows\System\ibWPPnR.exe
  2⤵
  PID:8660
- C:\Windows\System\vBxpIgK.exe
  C:\Windows\System\vBxpIgK.exe
  2⤵
  PID:8700
- C:\Windows\System\qKDjEQG.exe
  C:\Windows\System\qKDjEQG.exe
  2⤵
  PID:8720
- C:\Windows\System\YhLrufx.exe
  C:\Windows\System\YhLrufx.exe
  2⤵
  PID:8744
- C:\Windows\System\MPwQBlR.exe
  C:\Windows\System\MPwQBlR.exe
  2⤵
  PID:8756
- C:\Windows\System\JpkEkUb.exe
  C:\Windows\System\JpkEkUb.exe
  2⤵
  PID:8808
- C:\Windows\System\dIHcbcv.exe
  C:\Windows\System\dIHcbcv.exe
  2⤵
  PID:8836
- C:\Windows\System\QjgmsUp.exe
  C:\Windows\System\QjgmsUp.exe
  2⤵
  PID:8840
- C:\Windows\System\fJhwjbO.exe
  C:\Windows\System\fJhwjbO.exe
  2⤵
  PID:8772
- C:\Windows\System\cKxDnfp.exe
  C:\Windows\System\cKxDnfp.exe
  2⤵
  PID:8904
- C:\Windows\System\LqChess.exe
  C:\Windows\System\LqChess.exe
  2⤵
  PID:8968
- C:\Windows\System\HSGaqds.exe
  C:\Windows\System\HSGaqds.exe
  2⤵
  PID:9044
- C:\Windows\System\rTxqeNi.exe
  C:\Windows\System\rTxqeNi.exe
  2⤵
  PID:9052
- C:\Windows\System\gLohiMI.exe
  C:\Windows\System\gLohiMI.exe
  2⤵
  PID:8996
- C:\Windows\System\EBzrPJM.exe
  C:\Windows\System\EBzrPJM.exe
  2⤵
  PID:9064
- C:\Windows\System\mwbdgCM.exe
  C:\Windows\System\mwbdgCM.exe
  2⤵
  PID:9148
- C:\Windows\System\dPOkjGc.exe
  C:\Windows\System\dPOkjGc.exe
  2⤵
  PID:9096
- C:\Windows\System\vpwVPHo.exe
  C:\Windows\System\vpwVPHo.exe
  2⤵
  PID:9136
- C:\Windows\System\EitnqXh.exe
  C:\Windows\System\EitnqXh.exe
  2⤵
  PID:8752
- C:\Windows\System\EvrkqWi.exe
  C:\Windows\System\EvrkqWi.exe
  2⤵
  PID:8216
- C:\Windows\System\WNohtqc.exe
  C:\Windows\System\WNohtqc.exe
  2⤵
  PID:8288
- C:\Windows\System\CYNeMMc.exe
  C:\Windows\System\CYNeMMc.exe
  2⤵
  PID:7492
- C:\Windows\System\xkhecut.exe
  C:\Windows\System\xkhecut.exe
  2⤵
  PID:8036
- C:\Windows\System\cmkDZVe.exe
  C:\Windows\System\cmkDZVe.exe
  2⤵
  PID:8236
- C:\Windows\System\NaUHyyx.exe
  C:\Windows\System\NaUHyyx.exe
  2⤵
  PID:8332
- C:\Windows\System\KwkeZub.exe
  C:\Windows\System\KwkeZub.exe
  2⤵
  PID:8456
- C:\Windows\System\gqNRxXU.exe
  C:\Windows\System\gqNRxXU.exe
  2⤵
  PID:8340
- C:\Windows\System\DFntECH.exe
  C:\Windows\System\DFntECH.exe
  2⤵
  PID:8396
- C:\Windows\System\NmEmnNl.exe
  C:\Windows\System\NmEmnNl.exe
  2⤵
  PID:8540
- C:\Windows\System\lUdYrnE.exe
  C:\Windows\System\lUdYrnE.exe
  2⤵
  PID:8524
- C:\Windows\System\umyhxzm.exe
  C:\Windows\System\umyhxzm.exe
  2⤵
  PID:8640
- C:\Windows\System\PIXjfwV.exe
  C:\Windows\System\PIXjfwV.exe
  2⤵
  PID:8248
- C:\Windows\System\TWEGOUE.exe
  C:\Windows\System\TWEGOUE.exe
  2⤵
  PID:8676
- C:\Windows\System\bPWSgjR.exe
  C:\Windows\System\bPWSgjR.exe
  2⤵
  PID:8656
- C:\Windows\System\GPOKHMF.exe
  C:\Windows\System\GPOKHMF.exe
  2⤵
  PID:8788
- C:\Windows\System\zwpYEJl.exe
  C:\Windows\System\zwpYEJl.exe
  2⤵
  PID:8888
- C:\Windows\System\kaIQiTw.exe
  C:\Windows\System\kaIQiTw.exe
  2⤵
  PID:8984
- C:\Windows\System\hWBSzxU.exe
  C:\Windows\System\hWBSzxU.exe
  2⤵
  PID:9116
- C:\Windows\System\QvGlCZl.exe
  C:\Windows\System\QvGlCZl.exe
  2⤵
  PID:9012
- C:\Windows\System\VMoFyag.exe
  C:\Windows\System\VMoFyag.exe
  2⤵
  PID:9032
- C:\Windows\System\wYxjrVF.exe
  C:\Windows\System\wYxjrVF.exe
  2⤵
  PID:9196
- C:\Windows\System\XbPDzCk.exe
  C:\Windows\System\XbPDzCk.exe
  2⤵
  PID:8020
- C:\Windows\System\BRGcuDL.exe
  C:\Windows\System\BRGcuDL.exe
  2⤵
  PID:8696
- C:\Windows\System\GaoAgae.exe
  C:\Windows\System\GaoAgae.exe
  2⤵
  PID:8284
- C:\Windows\System\ylwkKTS.exe
  C:\Windows\System\ylwkKTS.exe
  2⤵
  PID:9068
- C:\Windows\System\PCuoSzJ.exe
  C:\Windows\System\PCuoSzJ.exe
  2⤵
  PID:8300
- C:\Windows\System\vGUYSqa.exe
  C:\Windows\System\vGUYSqa.exe
  2⤵
  PID:9204
- C:\Windows\System\fJubZFR.exe
  C:\Windows\System\fJubZFR.exe
  2⤵
  PID:8872
- C:\Windows\System\GfYcWsD.exe
  C:\Windows\System\GfYcWsD.exe
  2⤵
  PID:8536
- C:\Windows\System\iZlcvfj.exe
  C:\Windows\System\iZlcvfj.exe
  2⤵
  PID:8336
- C:\Windows\System\ZsJKnNA.exe
  C:\Windows\System\ZsJKnNA.exe
  2⤵
  PID:8804
- C:\Windows\System\ERMmaPU.exe
  C:\Windows\System\ERMmaPU.exe
  2⤵
  PID:8964
- C:\Windows\System\KmRrCaN.exe
  C:\Windows\System\KmRrCaN.exe
  2⤵
  PID:8604
- C:\Windows\System\rLrelLl.exe
  C:\Windows\System\rLrelLl.exe
  2⤵
  PID:8272
- C:\Windows\System\ulfaRcV.exe
  C:\Windows\System\ulfaRcV.exe
  2⤵
  PID:8500
- C:\Windows\System\zJaoKCW.exe
  C:\Windows\System\zJaoKCW.exe
  2⤵
  PID:7580
- C:\Windows\System\nWyPttM.exe
  C:\Windows\System\nWyPttM.exe
  2⤵
  PID:8884
- C:\Windows\System\RxolGmq.exe
  C:\Windows\System\RxolGmq.exe
  2⤵
  PID:8204
- C:\Windows\System\HITXfGk.exe
  C:\Windows\System\HITXfGk.exe
  2⤵
  PID:9228
- C:\Windows\System\vPrHolj.exe
  C:\Windows\System\vPrHolj.exe
  2⤵
  PID:9256
- C:\Windows\System\YGojEhq.exe
  C:\Windows\System\YGojEhq.exe
  2⤵
  PID:9272
- C:\Windows\System\fkHjkaF.exe
  C:\Windows\System\fkHjkaF.exe
  2⤵
  PID:9292
- C:\Windows\System\MeAKJyA.exe
  C:\Windows\System\MeAKJyA.exe
  2⤵
  PID:9308
- C:\Windows\System\VnTQWxe.exe
  C:\Windows\System\VnTQWxe.exe
  2⤵
  PID:9324
- C:\Windows\System\HeVDATZ.exe
  C:\Windows\System\HeVDATZ.exe
  2⤵
  PID:9344
- C:\Windows\System\HnZTOMW.exe
  C:\Windows\System\HnZTOMW.exe
  2⤵
  PID:9364
- C:\Windows\System\eaEifQx.exe
  C:\Windows\System\eaEifQx.exe
  2⤵
  PID:9388
- C:\Windows\System\EOtXKjW.exe
  C:\Windows\System\EOtXKjW.exe
  2⤵
  PID:9408
- C:\Windows\System\CjFIfic.exe
  C:\Windows\System\CjFIfic.exe
  2⤵
  PID:9424
- C:\Windows\System\GnesdeM.exe
  C:\Windows\System\GnesdeM.exe
  2⤵
  PID:9444
- C:\Windows\System\OWFGWih.exe
  C:\Windows\System\OWFGWih.exe
  2⤵
  PID:9464
- C:\Windows\System\vRJEMSK.exe
  C:\Windows\System\vRJEMSK.exe
  2⤵
  PID:9484
- C:\Windows\System\SocRTcj.exe
  C:\Windows\System\SocRTcj.exe
  2⤵
  PID:9504
- C:\Windows\System\tUnwYSb.exe
  C:\Windows\System\tUnwYSb.exe
  2⤵
  PID:9524
- C:\Windows\System\ocijkbd.exe
  C:\Windows\System\ocijkbd.exe
  2⤵
  PID:9540
- C:\Windows\System\vjcmkQF.exe
  C:\Windows\System\vjcmkQF.exe
  2⤵
  PID:9560
- C:\Windows\System\fNkszpL.exe
  C:\Windows\System\fNkszpL.exe
  2⤵
  PID:9612
- C:\Windows\System\gUbWLmt.exe
  C:\Windows\System\gUbWLmt.exe
  2⤵
  PID:9628
- C:\Windows\System\pMsyrly.exe
  C:\Windows\System\pMsyrly.exe
  2⤵
  PID:9644
- C:\Windows\System\OIvTiOL.exe
  C:\Windows\System\OIvTiOL.exe
  2⤵
  PID:9660
- C:\Windows\System\QomQMTc.exe
  C:\Windows\System\QomQMTc.exe
  2⤵
  PID:9688
- C:\Windows\System\ZIjCqjC.exe
  C:\Windows\System\ZIjCqjC.exe
  2⤵
  PID:9708
- C:\Windows\System\raWWAAj.exe
  C:\Windows\System\raWWAAj.exe
  2⤵
  PID:9724
- C:\Windows\System\zIYgUTx.exe
  C:\Windows\System\zIYgUTx.exe
  2⤵
  PID:9740
- C:\Windows\System\axvfGIw.exe
  C:\Windows\System\axvfGIw.exe
  2⤵
  PID:9756
- C:\Windows\System\eAvDfdP.exe
  C:\Windows\System\eAvDfdP.exe
  2⤵
  PID:9772
- C:\Windows\System\eUSsROW.exe
  C:\Windows\System\eUSsROW.exe
  2⤵
  PID:9788
- C:\Windows\System\KvQrNys.exe
  C:\Windows\System\KvQrNys.exe
  2⤵
  PID:9804
- C:\Windows\System\hFbgavc.exe
  C:\Windows\System\hFbgavc.exe
  2⤵
  PID:9820
- C:\Windows\System\RlAepBt.exe
  C:\Windows\System\RlAepBt.exe
  2⤵
  PID:9840
- C:\Windows\System\ZUiLGPR.exe
  C:\Windows\System\ZUiLGPR.exe
  2⤵
  PID:9860
- C:\Windows\System\DfxhYcq.exe
  C:\Windows\System\DfxhYcq.exe
  2⤵
  PID:9876
- C:\Windows\System\qSDpvLa.exe
  C:\Windows\System\qSDpvLa.exe
  2⤵
  PID:9896
- C:\Windows\System\XEHmpTu.exe
  C:\Windows\System\XEHmpTu.exe
  2⤵
  PID:9916
- C:\Windows\System\AksCQxf.exe
  C:\Windows\System\AksCQxf.exe
  2⤵
  PID:9932
- C:\Windows\System\HWmTDru.exe
  C:\Windows\System\HWmTDru.exe
  2⤵
  PID:9952
- C:\Windows\System\IFzBLRC.exe
  C:\Windows\System\IFzBLRC.exe
  2⤵
  PID:9984
- C:\Windows\System\SZxlqDi.exe
  C:\Windows\System\SZxlqDi.exe
  2⤵
  PID:10000
- C:\Windows\System\MAiRdwg.exe
  C:\Windows\System\MAiRdwg.exe
  2⤵
  PID:10016
- C:\Windows\System\zzjpNMj.exe
  C:\Windows\System\zzjpNMj.exe
  2⤵
  PID:10036
- C:\Windows\System\DnmLliC.exe
  C:\Windows\System\DnmLliC.exe
  2⤵
  PID:10052
- C:\Windows\System\TIrgtcH.exe
  C:\Windows\System\TIrgtcH.exe
  2⤵
  PID:10112
- C:\Windows\System\TWSGHlv.exe
  C:\Windows\System\TWSGHlv.exe
  2⤵
  PID:10128
- C:\Windows\System\fYjcZrY.exe
  C:\Windows\System\fYjcZrY.exe
  2⤵
  PID:10144
- C:\Windows\System\ChbQfsk.exe
  C:\Windows\System\ChbQfsk.exe
  2⤵
  PID:10164
- C:\Windows\System\lSWYeDY.exe
  C:\Windows\System\lSWYeDY.exe
  2⤵
  PID:10180
- C:\Windows\System\uWuZYSu.exe
  C:\Windows\System\uWuZYSu.exe
  2⤵
  PID:10196
- C:\Windows\System\PUwXYYV.exe
  C:\Windows\System\PUwXYYV.exe
  2⤵
  PID:10212
- C:\Windows\System\etOKnbY.exe
  C:\Windows\System\etOKnbY.exe
  2⤵
  PID:10228
- C:\Windows\System\hFwWqsb.exe
  C:\Windows\System\hFwWqsb.exe
  2⤵
  PID:8920
- C:\Windows\System\jYdAJKk.exe
  C:\Windows\System\jYdAJKk.exe
  2⤵
  PID:9236
- C:\Windows\System\oJODoKm.exe
  C:\Windows\System\oJODoKm.exe
  2⤵
  PID:9248
- C:\Windows\System\dgkrTvg.exe
  C:\Windows\System\dgkrTvg.exe
  2⤵
  PID:8792
- C:\Windows\System\DybPazi.exe
  C:\Windows\System\DybPazi.exe
  2⤵
  PID:9268
- C:\Windows\System\qhpJYwe.exe
  C:\Windows\System\qhpJYwe.exe
  2⤵
  PID:9336
- C:\Windows\System\GsAqQUj.exe
  C:\Windows\System\GsAqQUj.exe
  2⤵
  PID:9380
- C:\Windows\System\jKhZCdn.exe
  C:\Windows\System\jKhZCdn.exe
  2⤵
  PID:9456
- C:\Windows\System\wMVeJCK.exe
  C:\Windows\System\wMVeJCK.exe
  2⤵
  PID:9500
- C:\Windows\System\gGWcMuV.exe
  C:\Windows\System\gGWcMuV.exe
  2⤵
  PID:9472
- C:\Windows\System\zvssFtA.exe
  C:\Windows\System\zvssFtA.exe
  2⤵
  PID:9316
- C:\Windows\System\VboLgMe.exe
  C:\Windows\System\VboLgMe.exe
  2⤵
  PID:9396
- C:\Windows\System\FMAQorH.exe
  C:\Windows\System\FMAQorH.exe
  2⤵
  PID:9440
- C:\Windows\System\RSlglCb.exe
  C:\Windows\System\RSlglCb.exe
  2⤵
  PID:9520
- C:\Windows\System\IxbyyJV.exe
  C:\Windows\System\IxbyyJV.exe
  2⤵
  PID:9600
- C:\Windows\System\kxrzoMz.exe
  C:\Windows\System\kxrzoMz.exe
  2⤵
  PID:9584
- C:\Windows\System\vJDtxRT.exe
  C:\Windows\System\vJDtxRT.exe
  2⤵
  PID:9620
- C:\Windows\System\JziUjIa.exe
  C:\Windows\System\JziUjIa.exe
  2⤵
  PID:9684
- C:\Windows\System\JiKOKqQ.exe
  C:\Windows\System\JiKOKqQ.exe
  2⤵
  PID:9720
- C:\Windows\System\gpcvDts.exe
  C:\Windows\System\gpcvDts.exe
  2⤵
  PID:9812
- C:\Windows\System\oHQTpPE.exe
  C:\Windows\System\oHQTpPE.exe
  2⤵
  PID:9856
- C:\Windows\System\FqvyJGo.exe
  C:\Windows\System\FqvyJGo.exe
  2⤵
  PID:9892
- C:\Windows\System\nUaVHyc.exe
  C:\Windows\System\nUaVHyc.exe
  2⤵
  PID:9972
- C:\Windows\System\iYFmxUF.exe
  C:\Windows\System\iYFmxUF.exe
  2⤵
  PID:10008
- C:\Windows\System\LQtoAOF.exe
  C:\Windows\System\LQtoAOF.exe
  2⤵
  PID:9764
- C:\Windows\System\myZTJkN.exe
  C:\Windows\System\myZTJkN.exe
  2⤵
  PID:9828
- C:\Windows\System\bjXrKOW.exe
  C:\Windows\System\bjXrKOW.exe
  2⤵
  PID:9908
- C:\Windows\System\yrojOhy.exe
  C:\Windows\System\yrojOhy.exe
  2⤵
  PID:9944
- C:\Windows\System\ssLbRxm.exe
  C:\Windows\System\ssLbRxm.exe
  2⤵
  PID:10032
- C:\Windows\System\AdjiTfe.exe
  C:\Windows\System\AdjiTfe.exe
  2⤵
  PID:10072
- C:\Windows\System\mxWnKMD.exe
  C:\Windows\System\mxWnKMD.exe
  2⤵
  PID:10088
- C:\Windows\System\ilWIUxl.exe
  C:\Windows\System\ilWIUxl.exe
  2⤵
  PID:10120
- C:\Windows\System\wdvzTyS.exe
  C:\Windows\System\wdvzTyS.exe
  2⤵
  PID:10188
- C:\Windows\System\MyVXCMM.exe
  C:\Windows\System\MyVXCMM.exe
  2⤵
  PID:9516
- C:\Windows\System\bwkNOoZ.exe
  C:\Windows\System\bwkNOoZ.exe
  2⤵
  PID:9680
- C:\Windows\System\mQKRKyj.exe
  C:\Windows\System\mQKRKyj.exe
  2⤵
  PID:9976
- C:\Windows\System\WItDSjR.exe
  C:\Windows\System\WItDSjR.exe
  2⤵
  PID:9800
- C:\Windows\System\HFVgAaF.exe
  C:\Windows\System\HFVgAaF.exe
  2⤵
  PID:10064
- C:\Windows\System\ASYqiPI.exe
  C:\Windows\System\ASYqiPI.exe
  2⤵
  PID:9512
- C:\Windows\System\cBQAkVR.exe
  C:\Windows\System\cBQAkVR.exe
  2⤵
  PID:10140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\HEgyoqN.exe

Filesize
6.0MB

MD5
eb887e6a77d1dd9b5c518736a9c24e46

SHA1
a3158452727d728cf67aa70c023ba5208da34df3

SHA256
028e45778c30817837914d84518b27ff2aaac2c8b2457f02f783a4d2690d158f

SHA512
714c3a0e06fce5bd3d135220c0578d7c335ce31b68372a7a343bd56326c6f4de4886811611e097f3e2804b14a98f0202bfb13a5802abe5091d7abb55b18ff21c

Download Submit
C:\Windows\system\IQLxcOH.exe

Filesize
6.0MB

MD5
e7e91103337918a2aae740d901590622

SHA1
a7978f3e0040845398d830b2e1a9931673c8ec4c

SHA256
da27f4ffb7f1b5810b96a1d7729478df9aff3083dfe1c4bdf669c54c69916eb7

SHA512
7eab3cbecdd64dd7e12d9068c73c5fb0eb8a04128be79f7172055f6d7f9d382962fdd5c0a74d419cd43f5ed7190c491db764b119048b900923ef175e5c861ded

Download Submit
C:\Windows\system\QvvytoP.exe

Filesize
6.0MB

MD5
ae4398fe130a03a5ebfbe6cbb7ff5221

SHA1
93f15e61f2ac492dc5bfbe4721ff45ec3fd5657e

SHA256
b58ede3204e770e9db6d0bbcb440f4e18252c49e2220ebe31050c8b7772dabd9

SHA512
6d734dbdd269ed855f1b9810eb677a54cfda94490d4cfcb4f479aa12219601f2fb3d2ec3b4b6a7ffaea8c473919c05b7023b6a1f8b3e5a0b9d656319e81bafd7

Download Submit
C:\Windows\system\SaFlqSI.exe

Filesize
6.0MB

MD5
9112cfcdedf4ba51252a7adf518eb050

SHA1
8216438e9a67a5debad0a2e46f3bd5be4f6c3e42

SHA256
44a5f6ff1a5ebd5544b59e784de235d2077f0b6c8c789c79293cef54a4aa0629

SHA512
2109189d63e7d9ae0b7f82badaf2922fe4732d4486adeb6dc085dc3fdd7acfc5ea2d656ed881df6748901e72e350c21e7a677c1c5117b9402ef7bebb38159dd7

Download Submit
C:\Windows\system\TXubLdY.exe

Filesize
6.0MB

MD5
cf65b67b91ef5d8f7e694fe2c0dbe4c9

SHA1
066040a22e24d192ea4812f3d76d9feaa489c943

SHA256
cde8fc07b23bfb399b34e8d997830190bde2bf8e7d58e828ffcfcb7fb566354e

SHA512
acb0fdbe343077c48ca4244a26c56cba84fd7278a0920d3b3c6ef98af45c4d68ddb8492797df62a010833a7fd0750309185abd0d2840571610f4955ce0d5007a

Download Submit
C:\Windows\system\UYjvLIf.exe

Filesize
6.0MB

MD5
188e066c38bb47ae9b4b48ef3c876fbd

SHA1
a05aeff8c26a339912eaeae08b4ae7197bbc887c

SHA256
62e5218855e5beb2b18c0d16aa417d8a8bb8f0d0d82d881a32b040a789eda989

SHA512
dbe0ac306e9c0eafbbe18ea023666813a127f0cf8c481e36bb2baf950fef210fe7e645cfe0262af478301f4cd853034f74f358014fbbc6d2d1bc6934b668cddd

Download Submit
C:\Windows\system\UjBJlki.exe

Filesize
6.0MB

MD5
64cb50907db48b5f29e6522c5421f90b

SHA1
7c793141457e97fd988cf53bdf25b3cc445cbc91

SHA256
d4d40df3f5291443d213ca9187d9a5dfbf1cea8c556be8f133dfae248ac43412

SHA512
dab3399eea05d4301f07c1c049a9653805d21f5fd3fd64838d3f4e7451025b1d8e8267b03ef5f52aab66c0965786ed8e07f607beba60faabcbbbcd74dd472cd0

Download Submit
C:\Windows\system\UxlfpRk.exe

Filesize
6.0MB

MD5
b1d176ea49453267dbb4baa26f1366a6

SHA1
005e9200b683fa0220b898bb7156e08844d828e6

SHA256
118bdcb4e600502e4c0310e7a9acc2a4d15efa0fd33fb30294b46cddbc0685d5

SHA512
d00b5453d8eecf8a52b38943520fa297d7b2326112fa03877665dfc7306af226d37fb309906fd4a3536078be8f754e0862c07c5e2697ed47ff5b2329c496c42f

Download Submit
C:\Windows\system\WDpUPmP.exe

Filesize
6.0MB

MD5
8615c6f82dc2cc62d2240bbb700c165d

SHA1
249f3773ec8b02136a1c47d0d1a1a89110285eca

SHA256
fc6b79b2b952793ba2eda2c9c9383d51d07e3056aab5318f1e5a957bbea2241e

SHA512
135d7f6306876aae0cd4f2848db2365322ff445f5182775d5b4bd603d7ee1bcf329871b19187d0e3ed12ee60bb3bda96aab8150510d10d2a7292162ec5bb0d5b

Download Submit
C:\Windows\system\WapaSiz.exe

Filesize
6.0MB

MD5
1abff9e872940ae9638323661ac8a421

SHA1
bca991d9497025e14185529ff8bc5b926ee2ac49

SHA256
5807f2224a43128fed4e0fe6d2127ef04b5659f0cb49084e0c192c8308c29b98

SHA512
8775220652488f4f12138402e83b91e35cd07aa9387bd19992b51cc33d19851d811a7980264c2791f08215066cf28b659f99848347125c4d11b2fc440ca73340

Download Submit
C:\Windows\system\XcwTDcK.exe

Filesize
6.0MB

MD5
afc782243698f56219f6724ce0d2bfd6

SHA1
0631eb76c2e97fd4bb7ebe9d89c8ed08e5609590

SHA256
a926c1545ed958545a4464b3a94938cfeb7f66268f06b4d81a57f4e17cbd7ef6

SHA512
9195f0bed46890e6fb3b4384fa247b080cadd1f7018713408f6c67735595dc5577e707514224fd8b997e2020f024b01385b34bd7d407796816e64f7381627841

Download Submit
C:\Windows\system\YCaCISR.exe

Filesize
6.0MB

MD5
0cb9f4a41ea900545a2e1b509d5a0d14

SHA1
e76d57fffb79868d87c79c9e23d06428e3dd2e5d

SHA256
f65989e856be105c6763d8cee62dc21b15973a6eaf132189ff09c44ca3fbbd51

SHA512
54e6db19f0253e1a623a211bb7e652fd4fbe4c0af86aca356bae5cc5a9f0d9b396fdc1b262a5d4dd74d34d733f50b2001a229b15dc8e2e03a936a34664cd7515

Download Submit
C:\Windows\system\ZergWbW.exe

Filesize
6.0MB

MD5
ffaf61db0cb6c23386d1ec3eb03c653c

SHA1
875d7a6b581deb38d84afe8389b8c0ffadb5568b

SHA256
a18168c24241a018a7586183ca3457bcdc1cc106501d9f5859a65e5972339e20

SHA512
3ccc90b021389fb25a51dcc86d551e7a26785cb31601932aeb334776714a173286a4c38be5cda57240a8fc48af5d7298ce75e57b918d91278003791c025c22c3

Download Submit
C:\Windows\system\dbNRBLj.exe

Filesize
6.0MB

MD5
bd974293f5c0cb3263f05a6252fc8e77

SHA1
515332d0147deb168e2642c2140b3dc7069abcf5

SHA256
42b097160935d1e5913fcf5ebc25b34bea59586ede9649b84ae29323842c0ff1

SHA512
47948fa9c8cbeb29fd822328e54274399668c89ddaa2df593c6ead22a481faad7e3ebdd08f24fb8b79be6704d5e5e689fc43074b4690168946acf402c53bfbd1

Download Submit
C:\Windows\system\fYCwUiA.exe

Filesize
6.0MB

MD5
a4b4e379d8b94185f5ccb7921b55d54f

SHA1
98192480bf5a5dfb93c76750d02d8db4bb430c20

SHA256
564e6e94cba4006d31348b010167e48f94c3aeb457e0a6f51b4f373bde900536

SHA512
c9a62befc0216a6706399f18d4d63f27b8755b77eba28246e9fc203d2b6ab53b4520c7383e4bb8fcf75515bb59eb80335211aa90df30aaaa050edad1b92325f5

Download Submit
C:\Windows\system\hlUBLVW.exe

Filesize
6.0MB

MD5
d9f21a2ca1fa3db09c720e57c0515137

SHA1
09b6cbdf1aeaa9217bf0ed6292542aa769102a6c

SHA256
6d6027cf547a15c7514dce35041c58ff8c9aada63dca19b5a1635eb9286d2385

SHA512
a27d2105d811c0355d08b2bf84ae8fe713d64e24595934ebcd42c2bd49e02f30d39cf0e9db87b95069aa46ac82a96e0f90886823c85175f12b93bc8a8466d052

Download Submit
C:\Windows\system\hpbcmow.exe

Filesize
6.0MB

MD5
a9addf26b4a786482d03da8be9d030cb

SHA1
fee14a479f8b97aa6f119591eb2e5d1d4876f627

SHA256
cde620b911451980f7d10567241569698fdf2e4e085bfb11fb00a5ed6cbb1354

SHA512
2b89ca3230542b0fd4d6502e5b50ec87ef34065ce578a44347017c463fdf38daef29ad949d9a698787820e60ac11d107cc5adde91f41f18429c5fea596ef22c2

Download Submit
C:\Windows\system\iZvuKoQ.exe

Filesize
6.0MB

MD5
02d5b9ddac35fa3b7da5e0b3a7511b2d

SHA1
be588cee6e8831bf3f039fe1204cee92bdb90746

SHA256
74402ff759d42a1183fe0effddffeb07b764efade1b83835f7580cb0f616e773

SHA512
04f1a11ae76c48ef85ff884625623fd90d2fae16c616a20d8e51e42a196b492c146afc201c88acd4aac3e4e22bb9199689c805d68acdcf1299be1342dd1bc874

Download Submit
C:\Windows\system\jfLYqwi.exe

Filesize
6.0MB

MD5
a16c2df80d1d02cfa1d061a8129f06e3

SHA1
08a2e455fcffad0b0de464308a7d22081e4ac039

SHA256
841a5fdd0a5d274ee6922012e4374f616ce9ddb445a77100f06c2d7d343cabce

SHA512
4a9fbc29e2ba19ed58d63f9763dadf1df9c57cbee1a00e9d57f3f96ecedd8435465f458bb34f5e357105e22b6ef218f7056f9aa70badcd2585001ddc66f9ffc4

Download Submit
C:\Windows\system\lrTAavi.exe

Filesize
6.0MB

MD5
efefff1d53495950cc47387178e9a48a

SHA1
72c1339482ca82c1d8193a0a75e410a3f0e0896e

SHA256
5e1889fd2c2099a5c6ace081f1f5cb1ac787eb8933a6c7a02f4f7d6849102a78

SHA512
e9bcf0afdf01088ad1ada807a08c435abd52c1e315c38de3396b0ff4d6395258616aafd3ae96131786bfbd4abd55997999dcf3cb83b4159381d7f7d27fd376ce

Download Submit
C:\Windows\system\oErMfCk.exe

Filesize
6.0MB

MD5
1e9acd1f6a853bc9522ae83b5f3fff98

SHA1
77308698c9e85083713b7089c3480976aad08399

SHA256
913e3073af08712115b6fc337f1d598ddda5364f4bf0dca98e08d17b243f709c

SHA512
988a01e950f8faf2d241a68940e141f763cac7d24f691e9ce9cd5c8a340e897156f0ad094dee5d968d39cb1566a8df462e821513e58a898cd6e0b4d026de3bf8

Download Submit
C:\Windows\system\oMwqGLW.exe

Filesize
6.0MB

MD5
2905195c95c9671b503d9cd52f7cf638

SHA1
202512d0fa98bda5fcc03c15cebc2e1bf504cf57

SHA256
379ce752d31b282a402aeacc808bab5f94a71b5272a8dd9f51230068632d003f

SHA512
dd052625eef8be514c1b13a9f8ab8380023f156754a981e43ca07743633de9ff7678bc77f476abc4bc55f4ac0d92a2fed3c57bbfa8098cc4b598ac0bb6fa85b4

Download Submit
C:\Windows\system\pRtffKv.exe

Filesize
6.0MB

MD5
5c2841ad1c597f1a4781a6236aac4617

SHA1
ea963a0be3e0a3636901dc6eea7392f369993cd4

SHA256
9c52ac100b84cc5d1abe80bc4fbea43983c299a9fc80675af932967dd2343f14

SHA512
3845a22d58b713405642d20059df353589c8d54ab61e14b64acf6bf4e7eec60ee84420624cfcd4e41b6ceb743bdfd7dc5b2b95ed2654564f93732c188ea138bc

Download Submit
C:\Windows\system\rEMLejm.exe

Filesize
6.0MB

MD5
4060892517a2d8e3c1ab20bb34ecfbb6

SHA1
f4f3af39066aa1fe421ccaef17dc6ac81be54947

SHA256
5ddec3a33d97bb8b62cdf305620022cb17f64296604b0b0a1b30f890e2d0c1eb

SHA512
a1fc91c6568323ac47e8810dea107d3fbfb27549d8b57f6d43f9490566f16fc39143f174a106d6f5f204250bbfec1d139f8b7a2564e8eddf882b90ac48b57bc6

Download Submit
C:\Windows\system\rffZpuC.exe

Filesize
6.0MB

MD5
ab35a0869fcb3066f331fbdd15413bee

SHA1
ad042790a3b9e0024c5ecd6726752e03230e7fc6

SHA256
a72aa9dd3d6d2f72b45dccda1b5cc9056f48155a369b6cdbb4fbdd29b395c426

SHA512
fa1ff36531173090c8af59ea144816a5ad4ba8b1c142df2c560922c5034c48e29bd0c1449b609544c8f163e7ee243ab11322fb275f1143e8b51250aa95daf69b

Download Submit
C:\Windows\system\tlEkDPh.exe

Filesize
6.0MB

MD5
2b851aa31a173dcbd884ccddc4b472a6

SHA1
c2352654724bc65d652d2b882405594c669a6360

SHA256
6b71da0612d2490a87875594d5fd28b73d2a26803cd638ecba30a3c27b69ea3f

SHA512
eb40d02d21da0d00a904979f5681850c926cd8536c0970dc87d0790ea91d36aae1bac01fdbbf13e2092ddb8b6b22d0dd173d78db242f03b22b37146bebd3327f

Download Submit
C:\Windows\system\uZpkQgR.exe

Filesize
6.0MB

MD5
6dabef6fe9e85fcf32e07b335d64dce0

SHA1
8deb018505ead3680df218324fc04a6194792e80

SHA256
c7b93ac0abcd255b9920c9de0174880786a95bbeb57b5f82a33b54c25a2d04e8

SHA512
59cb7bfccb85fb887dbf033db38faf3e023307c0e0b640f544230691a688412f8987ebdfc275b65a3024f6b2c8fc0d64f7e24d710298efadcc666b0e616607aa

Download Submit
C:\Windows\system\wfsdqmr.exe

Filesize
6.0MB

MD5
4954c47b834a0f9b70a9aff87bd75fad

SHA1
d965d4dec5a56d5bd3209eade6589cb90d922f97

SHA256
4c7a069e6851e2efb3e4154a971adb7725b2cbb994a2a9355c75371f08df41d8

SHA512
5405ec555a8437f090ade1aba64ce884dbfb5c2c3a96418665018f8a62357075619674860af9ef9c447f9cc7d2a9d4fb14eebf2ab564daa175153532d13174d1

Download Submit
C:\Windows\system\xocHvSu.exe

Filesize
6.0MB

MD5
046ccd3a8e822af553036fe19b46afaa

SHA1
084d38d9bf84868b8aadd8e7841dfc27f4def2f8

SHA256
7597d141883fd42fc86d701f77bdc15dd65d09010da82f5164906762e70d95f1

SHA512
3ea109df7e02cef3dcdafeca1b9b6bc891c73ef78e21d0ef42d1d37e29cedf80653065fd506cc1d45bb23e7dfeca7360dc63f23a2b7e6865539e3d8d5e462bcb

Download Submit
C:\Windows\system\zikARbl.exe

Filesize
6.0MB

MD5
dcd091c9824afeef2e78663c4a2d92f6

SHA1
f8aeff1bdc02d714fd2c54682b14e7aaaa52e3e3

SHA256
dd35e4166474220d3e7dc10aa783d947dca6d89d27cd7ebc8f5922e644cd0897

SHA512
f64c391e2f9f0f6cd82c3c674bf996c0ed8cb031e262019126d955da228712f62772e6d15991a2578f07eca62beb775ee776e854a22421ef74a88a7a54eb0da2

Download Submit
\Windows\system\AqdVoPj.exe

Filesize
6.0MB

MD5
3b90a385ecd8dd30d73401fafbb57cc0

SHA1
cd30fe558b6cca4a280d0bb47601db016cb765cf

SHA256
305b759b9cfec832aa17ce0098cff01fda0491f435d5ff5e1e712a9922f9aa98

SHA512
ceeaa804cfa5198204fc11e7896fe1706c0586457937603dadf5dd1382b30382f44e4a5d642f7c292dcd853e6e74a37966ada318729887747245571466c38aa6

Download Submit
\Windows\system\LHWRhXb.exe

Filesize
6.0MB

MD5
e4d1b82135bffa97a2aa8279e4a1547b

SHA1
b51d4fa5b3600dc16dc431b36d15af2af013ca04

SHA256
4a8132307ebc9d04661396fa57856be17fabf8d27203c6492289cab1f5a07d37

SHA512
9b3fb674fb634a980462bf95276204b207719feae218b57f2583157eaf441ce3168ae0d670ae67214af64aa87adfdaeb82a526ca22a30e95f7ea7ce1236a3d23

Download Submit
memory/636-98-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/636-4124-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2140-92-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2140-4014-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2232-89-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-0-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2232-73-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-100-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2232-87-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-97-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-77-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-91-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2232-79-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2232-666-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2232-887-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-93-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2232-95-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-85-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-102-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-83-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-75-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-81-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2232-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2384-4017-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-99-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-96-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-4016-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-4123-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2512-94-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2548-4013-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2548-88-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2572-84-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2572-4022-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2584-82-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2584-4120-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2612-4121-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-90-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-86-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-4069-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-74-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2752-4125-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2796-4122-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2796-78-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2804-4012-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-76-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-4015-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2840-80-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download