cobaltstrike | 338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-12-2024 05:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
Size

6.0MB
MD5

ca286957ccfe75c077dfec21c93aa060
SHA1

283c3cb9cd7518326a0da60b88d67a903a70a13c
SHA256

338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec
SHA512

e74ad4c78161a47b4591f4b8afa9a1566656de0879754551659711feb6e9feded51370c49056105503593d41642e01c662169603a5713e6a130c6ff98a08d524
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUj:eOl56utgpPF8u/7j

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d0000000141df-6.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186f2-12.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186f8-9.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018731-25.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001942c-46.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019438-63.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019456-69.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193ac-50.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193a4-44.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018781-38.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018742-31.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019467-104.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019506-122.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-121.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d0-94.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e6-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194fc-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952f-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019496-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957e-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-109.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ad-106.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018669-85.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-169.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 63 IoCs

miner

resource	yara_rule
behavioral1/memory/2460-0-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/files/0x000d0000000141df-6.dat	xmrig
behavioral1/memory/2492-15-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2052-13-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/files/0x00060000000186f2-12.dat	xmrig
behavioral1/files/0x00060000000186f8-9.dat	xmrig
behavioral1/memory/936-21-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/files/0x0006000000018731-25.dat	xmrig
behavioral1/memory/2296-36-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/files/0x000500000001942c-46.dat	xmrig
behavioral1/memory/2712-53-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2716-58-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019438-63.dat	xmrig
behavioral1/memory/2736-68-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2460-59-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/3004-62-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2460-70-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/files/0x0005000000019456-69.dat	xmrig
behavioral1/memory/2460-61-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/3016-57-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2784-55-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193ac-50.dat	xmrig
behavioral1/files/0x00060000000193a4-44.dat	xmrig
behavioral1/files/0x0008000000018781-38.dat	xmrig
behavioral1/files/0x0008000000018742-31.dat	xmrig
behavioral1/files/0x0005000000019467-104.dat	xmrig
behavioral1/files/0x0005000000019506-122.dat	xmrig
behavioral1/files/0x00050000000194ef-121.dat	xmrig
behavioral1/files/0x00050000000194d0-94.dat	xmrig
behavioral1/files/0x00050000000195e6-140.dat	xmrig
behavioral1/files/0x00050000000194fc-100.dat	xmrig
behavioral1/files/0x00050000000195a7-147.dat	xmrig
behavioral1/files/0x000500000001952f-145.dat	xmrig
behavioral1/files/0x0005000000019496-131.dat	xmrig
behavioral1/memory/2184-128-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/files/0x000500000001957e-125.dat	xmrig
behavioral1/memory/2576-116-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/files/0x000500000001945c-109.dat	xmrig
behavioral1/files/0x00050000000194ad-106.dat	xmrig
behavioral1/memory/2492-86-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/files/0x0009000000018669-85.dat	xmrig
behavioral1/files/0x000500000001961d-151.dat	xmrig
behavioral1/files/0x000500000001961f-158.dat	xmrig
behavioral1/files/0x0005000000019621-164.dat	xmrig
behavioral1/files/0x0005000000019627-183.dat	xmrig
behavioral1/memory/2460-1178-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2736-618-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/files/0x0005000000019629-189.dat	xmrig
behavioral1/files/0x0005000000019623-173.dat	xmrig
behavioral1/files/0x0005000000019625-179.dat	xmrig
behavioral1/files/0x0005000000019622-169.dat	xmrig
behavioral1/memory/2052-3996-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2492-3997-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/936-3998-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2296-3999-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2712-4000-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/3016-4001-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2784-4002-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2716-4003-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/3004-4004-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2736-4005-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2576-4006-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2184-4007-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2052	dvYbZyG.exe
2492	xGPwEOq.exe
936	SYpmVtW.exe
2296	bkrdTsd.exe
2712	AdFnBOK.exe
2784	UHDxNLn.exe
3016	wnNEzny.exe
2716	Qchmngd.exe
3004	FZFPqaQ.exe
2736	ZApYTfk.exe
2576	vsCoSHn.exe
2184	MUQacKt.exe
1624	dkPjOKC.exe
2560	BLsFdOv.exe
1136	qsjYrlj.exe
2972	oTOMoGn.exe
772	IdwFsRC.exe
1992	npePAwU.exe
2956	ftRKGZK.exe
2800	lMRVqHC.exe
2912	hYTnMbf.exe
536	Vtytyqe.exe
1044	iUKsCZz.exe
1944	ekHspyM.exe
2088	FyWosKp.exe
2212	dUuKvit.exe
812	LBTRlpb.exe
1500	POINSWV.exe
1724	lXRwEFu.exe
1360	jEBJfVw.exe
2452	rEzOXnu.exe
1544	QatUQyt.exe
2136	chvCStv.exe
1768	jpfeCtR.exe
848	jvFFRJs.exe
1684	mNjlAeU.exe
2232	PDNPnuV.exe
2440	CGAjuYa.exe
1148	IWjrkxj.exe
1540	mmfPTvT.exe
3064	OoMpYoJ.exe
3052	UfaFMyR.exe
1592	itamGXW.exe
2240	XApNYPM.exe
2236	djDeamA.exe
2160	WXvvGSD.exe
2116	fvKFGRu.exe
1004	DYTqnlo.exe
892	cOHNFUI.exe
1668	MAEPTgk.exe
3040	ZbqFQDf.exe
1584	YMjnsnF.exe
1588	pvSjePC.exe
1160	YQVdvCh.exe
2416	poCEGLb.exe
2728	WXQcNVk.exe
2860	WodVVxF.exe
2292	LPWdhPe.exe
2628	CeuRavG.exe
2616	SaXXhDU.exe
2896	pAxZXuD.exe
2540	HhhuEDi.exe
1720	DXnCiwB.exe
1672	bEFtsTL.exe

Loads dropped DLL 64 IoCs

pid	Process
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe

UPX packed file 60 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2460-0-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/files/0x000d0000000141df-6.dat	upx
behavioral1/memory/2492-15-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2052-13-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/files/0x00060000000186f2-12.dat	upx
behavioral1/files/0x00060000000186f8-9.dat	upx
behavioral1/memory/936-21-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x0006000000018731-25.dat	upx
behavioral1/memory/2296-36-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/files/0x000500000001942c-46.dat	upx
behavioral1/memory/2712-53-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2716-58-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/files/0x0005000000019438-63.dat	upx
behavioral1/memory/2736-68-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/3004-62-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/files/0x0005000000019456-69.dat	upx
behavioral1/memory/2460-61-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/3016-57-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2784-55-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/files/0x00050000000193ac-50.dat	upx
behavioral1/files/0x00060000000193a4-44.dat	upx
behavioral1/files/0x0008000000018781-38.dat	upx
behavioral1/files/0x0008000000018742-31.dat	upx
behavioral1/files/0x0005000000019467-104.dat	upx
behavioral1/files/0x0005000000019506-122.dat	upx
behavioral1/files/0x00050000000194ef-121.dat	upx
behavioral1/files/0x00050000000194d0-94.dat	upx
behavioral1/files/0x00050000000195e6-140.dat	upx
behavioral1/files/0x00050000000194fc-100.dat	upx
behavioral1/files/0x00050000000195a7-147.dat	upx
behavioral1/files/0x000500000001952f-145.dat	upx
behavioral1/files/0x0005000000019496-131.dat	upx
behavioral1/memory/2184-128-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/files/0x000500000001957e-125.dat	upx
behavioral1/memory/2576-116-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/files/0x000500000001945c-109.dat	upx
behavioral1/files/0x00050000000194ad-106.dat	upx
behavioral1/memory/2492-86-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/files/0x0009000000018669-85.dat	upx
behavioral1/files/0x000500000001961d-151.dat	upx
behavioral1/files/0x000500000001961f-158.dat	upx
behavioral1/files/0x0005000000019621-164.dat	upx
behavioral1/files/0x0005000000019627-183.dat	upx
behavioral1/memory/2736-618-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/files/0x0005000000019629-189.dat	upx
behavioral1/files/0x0005000000019623-173.dat	upx
behavioral1/files/0x0005000000019625-179.dat	upx
behavioral1/files/0x0005000000019622-169.dat	upx
behavioral1/memory/2052-3996-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2492-3997-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/936-3998-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2296-3999-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2712-4000-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/3016-4001-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2784-4002-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2716-4003-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/3004-4004-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2736-4005-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2576-4006-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2184-4007-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\AwjIfQc.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\jXwzITa.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\ViQRSqk.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\OpHIocn.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\MdsOLQV.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\xBbznOY.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\GVFQNlT.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\mMCobEz.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\mQKrggU.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\iVZmRgk.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\LDEeiIX.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\fWEbtfi.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\nLdpojF.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\TmKbjCF.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\llrrbDH.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\BjOMHLo.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\pyIemuE.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\YhPHYFg.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\cSZXcxC.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\AUsbmLI.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\OOmkRyD.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\iRcnuqR.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\FZFPqaQ.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\vfWcfla.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\mWRXrcN.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\tJtIFYu.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\nEKBLvq.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\niolWGG.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\ISRzCXV.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\HdYvXkt.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\PAxmfWg.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\NDCyFmz.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\aZVCpFl.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\IwvzdqZ.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\fuQaogt.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\fvPopWV.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\NSYiqhz.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\KtMmYpQ.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\kQtwBbu.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\YEwCwYs.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\wPAHZqL.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\wRAhPNy.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\dvJcHab.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\TyZdqbh.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\hGehsfl.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\VGZDMkb.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\wAvvMgw.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\TIybANl.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\FfyiHRQ.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\dXUMkgY.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\KsqKEps.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\ZIfJckl.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\zujfHFp.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\uLJLRzh.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\cioViNA.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\SRzxRIt.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\NzeNaFa.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\WpWonZC.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\aYGwuVn.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\KfPAIIx.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\PsfBWVN.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\gGWfWEE.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\QPkpMMj.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
File created	C:\Windows\System\NcdGHAb.exe	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 2052	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	33
PID 2460 wrote to memory of 2052	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	33
PID 2460 wrote to memory of 2052	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	33
PID 2460 wrote to memory of 2492	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	34
PID 2460 wrote to memory of 2492	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	34
PID 2460 wrote to memory of 2492	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	34
PID 2460 wrote to memory of 936	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	35
PID 2460 wrote to memory of 936	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	35
PID 2460 wrote to memory of 936	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	35
PID 2460 wrote to memory of 2296	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	36
PID 2460 wrote to memory of 2296	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	36
PID 2460 wrote to memory of 2296	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	36
PID 2460 wrote to memory of 2712	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	37
PID 2460 wrote to memory of 2712	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	37
PID 2460 wrote to memory of 2712	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	37
PID 2460 wrote to memory of 2784	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	38
PID 2460 wrote to memory of 2784	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	38
PID 2460 wrote to memory of 2784	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	38
PID 2460 wrote to memory of 3016	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	39
PID 2460 wrote to memory of 3016	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	39
PID 2460 wrote to memory of 3016	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	39
PID 2460 wrote to memory of 2716	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	40
PID 2460 wrote to memory of 2716	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	40
PID 2460 wrote to memory of 2716	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	40
PID 2460 wrote to memory of 3004	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	41
PID 2460 wrote to memory of 3004	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	41
PID 2460 wrote to memory of 3004	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	41
PID 2460 wrote to memory of 2736	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	42
PID 2460 wrote to memory of 2736	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	42
PID 2460 wrote to memory of 2736	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	42
PID 2460 wrote to memory of 2576	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	43
PID 2460 wrote to memory of 2576	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	43
PID 2460 wrote to memory of 2576	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	43
PID 2460 wrote to memory of 2184	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	44
PID 2460 wrote to memory of 2184	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	44
PID 2460 wrote to memory of 2184	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	44
PID 2460 wrote to memory of 1136	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	45
PID 2460 wrote to memory of 1136	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	45
PID 2460 wrote to memory of 1136	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	45
PID 2460 wrote to memory of 1624	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	46
PID 2460 wrote to memory of 1624	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	46
PID 2460 wrote to memory of 1624	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	46
PID 2460 wrote to memory of 2956	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	47
PID 2460 wrote to memory of 2956	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	47
PID 2460 wrote to memory of 2956	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	47
PID 2460 wrote to memory of 2560	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	48
PID 2460 wrote to memory of 2560	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	48
PID 2460 wrote to memory of 2560	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	48
PID 2460 wrote to memory of 2800	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	49
PID 2460 wrote to memory of 2800	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	49
PID 2460 wrote to memory of 2800	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	49
PID 2460 wrote to memory of 2972	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	50
PID 2460 wrote to memory of 2972	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	50
PID 2460 wrote to memory of 2972	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	50
PID 2460 wrote to memory of 536	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	51
PID 2460 wrote to memory of 536	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	51
PID 2460 wrote to memory of 536	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	51
PID 2460 wrote to memory of 772	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	52
PID 2460 wrote to memory of 772	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	52
PID 2460 wrote to memory of 772	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	52
PID 2460 wrote to memory of 1044	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	53
PID 2460 wrote to memory of 1044	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	53
PID 2460 wrote to memory of 1044	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	53
PID 2460 wrote to memory of 1992	2460	JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe	54

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_338ebea6028570a858f1880ba4a5a8b4426e430240e21f974ea9c208f57273ec.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Windows\System\dvYbZyG.exe
  C:\Windows\System\dvYbZyG.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\xGPwEOq.exe
  C:\Windows\System\xGPwEOq.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\SYpmVtW.exe
  C:\Windows\System\SYpmVtW.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\bkrdTsd.exe
  C:\Windows\System\bkrdTsd.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\AdFnBOK.exe
  C:\Windows\System\AdFnBOK.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\UHDxNLn.exe
  C:\Windows\System\UHDxNLn.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\wnNEzny.exe
  C:\Windows\System\wnNEzny.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\Qchmngd.exe
  C:\Windows\System\Qchmngd.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\FZFPqaQ.exe
  C:\Windows\System\FZFPqaQ.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\ZApYTfk.exe
  C:\Windows\System\ZApYTfk.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\vsCoSHn.exe
  C:\Windows\System\vsCoSHn.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\MUQacKt.exe
  C:\Windows\System\MUQacKt.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\qsjYrlj.exe
  C:\Windows\System\qsjYrlj.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\dkPjOKC.exe
  C:\Windows\System\dkPjOKC.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\ftRKGZK.exe
  C:\Windows\System\ftRKGZK.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\BLsFdOv.exe
  C:\Windows\System\BLsFdOv.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\lMRVqHC.exe
  C:\Windows\System\lMRVqHC.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\oTOMoGn.exe
  C:\Windows\System\oTOMoGn.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\Vtytyqe.exe
  C:\Windows\System\Vtytyqe.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\IdwFsRC.exe
  C:\Windows\System\IdwFsRC.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\iUKsCZz.exe
  C:\Windows\System\iUKsCZz.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\npePAwU.exe
  C:\Windows\System\npePAwU.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\ekHspyM.exe
  C:\Windows\System\ekHspyM.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\hYTnMbf.exe
  C:\Windows\System\hYTnMbf.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\FyWosKp.exe
  C:\Windows\System\FyWosKp.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\dUuKvit.exe
  C:\Windows\System\dUuKvit.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\LBTRlpb.exe
  C:\Windows\System\LBTRlpb.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\POINSWV.exe
  C:\Windows\System\POINSWV.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\lXRwEFu.exe
  C:\Windows\System\lXRwEFu.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\jEBJfVw.exe
  C:\Windows\System\jEBJfVw.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\rEzOXnu.exe
  C:\Windows\System\rEzOXnu.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\QatUQyt.exe
  C:\Windows\System\QatUQyt.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\chvCStv.exe
  C:\Windows\System\chvCStv.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\jpfeCtR.exe
  C:\Windows\System\jpfeCtR.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\jvFFRJs.exe
  C:\Windows\System\jvFFRJs.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\mNjlAeU.exe
  C:\Windows\System\mNjlAeU.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\PDNPnuV.exe
  C:\Windows\System\PDNPnuV.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\CGAjuYa.exe
  C:\Windows\System\CGAjuYa.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\IWjrkxj.exe
  C:\Windows\System\IWjrkxj.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\mmfPTvT.exe
  C:\Windows\System\mmfPTvT.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\OoMpYoJ.exe
  C:\Windows\System\OoMpYoJ.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\UfaFMyR.exe
  C:\Windows\System\UfaFMyR.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\itamGXW.exe
  C:\Windows\System\itamGXW.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\XApNYPM.exe
  C:\Windows\System\XApNYPM.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\djDeamA.exe
  C:\Windows\System\djDeamA.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\WXvvGSD.exe
  C:\Windows\System\WXvvGSD.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\fvKFGRu.exe
  C:\Windows\System\fvKFGRu.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\DYTqnlo.exe
  C:\Windows\System\DYTqnlo.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\cOHNFUI.exe
  C:\Windows\System\cOHNFUI.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\MAEPTgk.exe
  C:\Windows\System\MAEPTgk.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\ZbqFQDf.exe
  C:\Windows\System\ZbqFQDf.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\YMjnsnF.exe
  C:\Windows\System\YMjnsnF.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\pvSjePC.exe
  C:\Windows\System\pvSjePC.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\YQVdvCh.exe
  C:\Windows\System\YQVdvCh.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\poCEGLb.exe
  C:\Windows\System\poCEGLb.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\WXQcNVk.exe
  C:\Windows\System\WXQcNVk.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\WodVVxF.exe
  C:\Windows\System\WodVVxF.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\LPWdhPe.exe
  C:\Windows\System\LPWdhPe.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\CeuRavG.exe
  C:\Windows\System\CeuRavG.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\SaXXhDU.exe
  C:\Windows\System\SaXXhDU.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\pAxZXuD.exe
  C:\Windows\System\pAxZXuD.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\HhhuEDi.exe
  C:\Windows\System\HhhuEDi.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\DXnCiwB.exe
  C:\Windows\System\DXnCiwB.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\bEFtsTL.exe
  C:\Windows\System\bEFtsTL.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\fdEcAxd.exe
  C:\Windows\System\fdEcAxd.exe
  2⤵
  PID:2808
- C:\Windows\System\mNJqfkb.exe
  C:\Windows\System\mNJqfkb.exe
  2⤵
  PID:2000
- C:\Windows\System\MCPBPdo.exe
  C:\Windows\System\MCPBPdo.exe
  2⤵
  PID:2984
- C:\Windows\System\OoVXSlt.exe
  C:\Windows\System\OoVXSlt.exe
  2⤵
  PID:1912
- C:\Windows\System\xkeLKvW.exe
  C:\Windows\System\xkeLKvW.exe
  2⤵
  PID:2328
- C:\Windows\System\RSjPEFv.exe
  C:\Windows\System\RSjPEFv.exe
  2⤵
  PID:2384
- C:\Windows\System\gyznJKm.exe
  C:\Windows\System\gyznJKm.exe
  2⤵
  PID:1892
- C:\Windows\System\cWJTgrC.exe
  C:\Windows\System\cWJTgrC.exe
  2⤵
  PID:2940
- C:\Windows\System\paLWhdp.exe
  C:\Windows\System\paLWhdp.exe
  2⤵
  PID:680
- C:\Windows\System\FzxPIar.exe
  C:\Windows\System\FzxPIar.exe
  2⤵
  PID:956
- C:\Windows\System\yuELbJE.exe
  C:\Windows\System\yuELbJE.exe
  2⤵
  PID:2596
- C:\Windows\System\hGehsfl.exe
  C:\Windows\System\hGehsfl.exe
  2⤵
  PID:2516
- C:\Windows\System\gCPsaat.exe
  C:\Windows\System\gCPsaat.exe
  2⤵
  PID:2076
- C:\Windows\System\ttFxkLo.exe
  C:\Windows\System\ttFxkLo.exe
  2⤵
  PID:1528
- C:\Windows\System\TFfdOLD.exe
  C:\Windows\System\TFfdOLD.exe
  2⤵
  PID:1856
- C:\Windows\System\NfipIQm.exe
  C:\Windows\System\NfipIQm.exe
  2⤵
  PID:740
- C:\Windows\System\FFUdbvI.exe
  C:\Windows\System\FFUdbvI.exe
  2⤵
  PID:1476
- C:\Windows\System\jPDkxEv.exe
  C:\Windows\System\jPDkxEv.exe
  2⤵
  PID:2300
- C:\Windows\System\XrNsksl.exe
  C:\Windows\System\XrNsksl.exe
  2⤵
  PID:612
- C:\Windows\System\aezpoCk.exe
  C:\Windows\System\aezpoCk.exe
  2⤵
  PID:1644
- C:\Windows\System\BoytZNp.exe
  C:\Windows\System\BoytZNp.exe
  2⤵
  PID:356
- C:\Windows\System\YLtYRvj.exe
  C:\Windows\System\YLtYRvj.exe
  2⤵
  PID:3044
- C:\Windows\System\FegvWoB.exe
  C:\Windows\System\FegvWoB.exe
  2⤵
  PID:2032
- C:\Windows\System\ofPyAqo.exe
  C:\Windows\System\ofPyAqo.exe
  2⤵
  PID:1812
- C:\Windows\System\HzkjOQL.exe
  C:\Windows\System\HzkjOQL.exe
  2⤵
  PID:1560
- C:\Windows\System\YKToQvx.exe
  C:\Windows\System\YKToQvx.exe
  2⤵
  PID:2332
- C:\Windows\System\WFdfqsN.exe
  C:\Windows\System\WFdfqsN.exe
  2⤵
  PID:2796
- C:\Windows\System\LBNAWCW.exe
  C:\Windows\System\LBNAWCW.exe
  2⤵
  PID:2792
- C:\Windows\System\hfxRifp.exe
  C:\Windows\System\hfxRifp.exe
  2⤵
  PID:2220
- C:\Windows\System\yOLodVm.exe
  C:\Windows\System\yOLodVm.exe
  2⤵
  PID:2008
- C:\Windows\System\xgwAFOO.exe
  C:\Windows\System\xgwAFOO.exe
  2⤵
  PID:1156
- C:\Windows\System\VGeJZnb.exe
  C:\Windows\System\VGeJZnb.exe
  2⤵
  PID:1436
- C:\Windows\System\DnPkwNq.exe
  C:\Windows\System\DnPkwNq.exe
  2⤵
  PID:2316
- C:\Windows\System\SJFuhNz.exe
  C:\Windows\System\SJFuhNz.exe
  2⤵
  PID:916
- C:\Windows\System\zRPVSAL.exe
  C:\Windows\System\zRPVSAL.exe
  2⤵
  PID:2952
- C:\Windows\System\SBxIixt.exe
  C:\Windows\System\SBxIixt.exe
  2⤵
  PID:2028
- C:\Windows\System\JRhPKvM.exe
  C:\Windows\System\JRhPKvM.exe
  2⤵
  PID:2556
- C:\Windows\System\AZYSXjT.exe
  C:\Windows\System\AZYSXjT.exe
  2⤵
  PID:1732
- C:\Windows\System\sjfRKXO.exe
  C:\Windows\System\sjfRKXO.exe
  2⤵
  PID:1272
- C:\Windows\System\VcwSgIa.exe
  C:\Windows\System\VcwSgIa.exe
  2⤵
  PID:1608
- C:\Windows\System\pkgOQDR.exe
  C:\Windows\System\pkgOQDR.exe
  2⤵
  PID:988
- C:\Windows\System\sVZLHKI.exe
  C:\Windows\System\sVZLHKI.exe
  2⤵
  PID:1680
- C:\Windows\System\KmrBsFj.exe
  C:\Windows\System\KmrBsFj.exe
  2⤵
  PID:580
- C:\Windows\System\MlcvxYw.exe
  C:\Windows\System\MlcvxYw.exe
  2⤵
  PID:2228
- C:\Windows\System\VadLpVF.exe
  C:\Windows\System\VadLpVF.exe
  2⤵
  PID:1484
- C:\Windows\System\yuacVmk.exe
  C:\Windows\System\yuacVmk.exe
  2⤵
  PID:1756
- C:\Windows\System\dXUMkgY.exe
  C:\Windows\System\dXUMkgY.exe
  2⤵
  PID:2268
- C:\Windows\System\YvZNvjX.exe
  C:\Windows\System\YvZNvjX.exe
  2⤵
  PID:1696
- C:\Windows\System\xkJaFpE.exe
  C:\Windows\System\xkJaFpE.exe
  2⤵
  PID:2776
- C:\Windows\System\hJascoC.exe
  C:\Windows\System\hJascoC.exe
  2⤵
  PID:2732
- C:\Windows\System\RheNFDQ.exe
  C:\Windows\System\RheNFDQ.exe
  2⤵
  PID:2308
- C:\Windows\System\XpuvCdQ.exe
  C:\Windows\System\XpuvCdQ.exe
  2⤵
  PID:2928
- C:\Windows\System\UyNYuvg.exe
  C:\Windows\System\UyNYuvg.exe
  2⤵
  PID:2464
- C:\Windows\System\DaFvrWq.exe
  C:\Windows\System\DaFvrWq.exe
  2⤵
  PID:1576
- C:\Windows\System\roiGLce.exe
  C:\Windows\System\roiGLce.exe
  2⤵
  PID:588
- C:\Windows\System\HfFBhOb.exe
  C:\Windows\System\HfFBhOb.exe
  2⤵
  PID:2252
- C:\Windows\System\gIJeUSO.exe
  C:\Windows\System\gIJeUSO.exe
  2⤵
  PID:2744
- C:\Windows\System\GQhCQMi.exe
  C:\Windows\System\GQhCQMi.exe
  2⤵
  PID:676
- C:\Windows\System\NJzvUqU.exe
  C:\Windows\System\NJzvUqU.exe
  2⤵
  PID:1688
- C:\Windows\System\dXXJNfk.exe
  C:\Windows\System\dXXJNfk.exe
  2⤵
  PID:2652
- C:\Windows\System\cQKEttL.exe
  C:\Windows\System\cQKEttL.exe
  2⤵
  PID:1728
- C:\Windows\System\GAFfNaH.exe
  C:\Windows\System\GAFfNaH.exe
  2⤵
  PID:1296
- C:\Windows\System\nufAqtm.exe
  C:\Windows\System\nufAqtm.exe
  2⤵
  PID:2140
- C:\Windows\System\APBUuFN.exe
  C:\Windows\System\APBUuFN.exe
  2⤵
  PID:2992
- C:\Windows\System\IDbmsNO.exe
  C:\Windows\System\IDbmsNO.exe
  2⤵
  PID:2924
- C:\Windows\System\jFkTFKn.exe
  C:\Windows\System\jFkTFKn.exe
  2⤵
  PID:596
- C:\Windows\System\PpCnDiE.exe
  C:\Windows\System\PpCnDiE.exe
  2⤵
  PID:1104
- C:\Windows\System\zQTKGhg.exe
  C:\Windows\System\zQTKGhg.exe
  2⤵
  PID:1816
- C:\Windows\System\spRjGkF.exe
  C:\Windows\System\spRjGkF.exe
  2⤵
  PID:2876
- C:\Windows\System\vOvXAZR.exe
  C:\Windows\System\vOvXAZR.exe
  2⤵
  PID:1356
- C:\Windows\System\fhUHLcA.exe
  C:\Windows\System\fhUHLcA.exe
  2⤵
  PID:3068
- C:\Windows\System\iJYsQib.exe
  C:\Windows\System\iJYsQib.exe
  2⤵
  PID:2944
- C:\Windows\System\rgkVVyU.exe
  C:\Windows\System\rgkVVyU.exe
  2⤵
  PID:3088
- C:\Windows\System\yoLpYaS.exe
  C:\Windows\System\yoLpYaS.exe
  2⤵
  PID:3104
- C:\Windows\System\TdbOuaV.exe
  C:\Windows\System\TdbOuaV.exe
  2⤵
  PID:3120
- C:\Windows\System\mRTpFHk.exe
  C:\Windows\System\mRTpFHk.exe
  2⤵
  PID:3144
- C:\Windows\System\bLpPRcM.exe
  C:\Windows\System\bLpPRcM.exe
  2⤵
  PID:3160
- C:\Windows\System\ZWCVPHD.exe
  C:\Windows\System\ZWCVPHD.exe
  2⤵
  PID:3176
- C:\Windows\System\xCxIWbx.exe
  C:\Windows\System\xCxIWbx.exe
  2⤵
  PID:3236
- C:\Windows\System\dorMaqA.exe
  C:\Windows\System\dorMaqA.exe
  2⤵
  PID:3256
- C:\Windows\System\nuXrttE.exe
  C:\Windows\System\nuXrttE.exe
  2⤵
  PID:3280
- C:\Windows\System\miSzGqT.exe
  C:\Windows\System\miSzGqT.exe
  2⤵
  PID:3300
- C:\Windows\System\uWmyBPM.exe
  C:\Windows\System\uWmyBPM.exe
  2⤵
  PID:3316
- C:\Windows\System\bPZdUaY.exe
  C:\Windows\System\bPZdUaY.exe
  2⤵
  PID:3332
- C:\Windows\System\pxbliNn.exe
  C:\Windows\System\pxbliNn.exe
  2⤵
  PID:3348
- C:\Windows\System\NdwjPIs.exe
  C:\Windows\System\NdwjPIs.exe
  2⤵
  PID:3364
- C:\Windows\System\vCaLnMz.exe
  C:\Windows\System\vCaLnMz.exe
  2⤵
  PID:3388
- C:\Windows\System\IUFIDxY.exe
  C:\Windows\System\IUFIDxY.exe
  2⤵
  PID:3412
- C:\Windows\System\oRKvJba.exe
  C:\Windows\System\oRKvJba.exe
  2⤵
  PID:3428
- C:\Windows\System\AStgsvl.exe
  C:\Windows\System\AStgsvl.exe
  2⤵
  PID:3448
- C:\Windows\System\ZjtYVbj.exe
  C:\Windows\System\ZjtYVbj.exe
  2⤵
  PID:3476
- C:\Windows\System\mYrwHBd.exe
  C:\Windows\System\mYrwHBd.exe
  2⤵
  PID:3504
- C:\Windows\System\qMuqUUz.exe
  C:\Windows\System\qMuqUUz.exe
  2⤵
  PID:3520
- C:\Windows\System\QLgwOXB.exe
  C:\Windows\System\QLgwOXB.exe
  2⤵
  PID:3540
- C:\Windows\System\lfpbPUg.exe
  C:\Windows\System\lfpbPUg.exe
  2⤵
  PID:3560
- C:\Windows\System\LQhAMwd.exe
  C:\Windows\System\LQhAMwd.exe
  2⤵
  PID:3576
- C:\Windows\System\VliHCyA.exe
  C:\Windows\System\VliHCyA.exe
  2⤵
  PID:3592
- C:\Windows\System\FCmtatZ.exe
  C:\Windows\System\FCmtatZ.exe
  2⤵
  PID:3608
- C:\Windows\System\kiEJZvV.exe
  C:\Windows\System\kiEJZvV.exe
  2⤵
  PID:3624
- C:\Windows\System\dRCzAaN.exe
  C:\Windows\System\dRCzAaN.exe
  2⤵
  PID:3640
- C:\Windows\System\bdTGvwX.exe
  C:\Windows\System\bdTGvwX.exe
  2⤵
  PID:3660
- C:\Windows\System\EMcWBTF.exe
  C:\Windows\System\EMcWBTF.exe
  2⤵
  PID:3684
- C:\Windows\System\WguTgkf.exe
  C:\Windows\System\WguTgkf.exe
  2⤵
  PID:3708
- C:\Windows\System\lBIsAhc.exe
  C:\Windows\System\lBIsAhc.exe
  2⤵
  PID:3732
- C:\Windows\System\zbXgkvC.exe
  C:\Windows\System\zbXgkvC.exe
  2⤵
  PID:3752
- C:\Windows\System\VtxkMRP.exe
  C:\Windows\System\VtxkMRP.exe
  2⤵
  PID:3768
- C:\Windows\System\fdBDpWQ.exe
  C:\Windows\System\fdBDpWQ.exe
  2⤵
  PID:3792
- C:\Windows\System\HerhmCN.exe
  C:\Windows\System\HerhmCN.exe
  2⤵
  PID:3828
- C:\Windows\System\qETDqVN.exe
  C:\Windows\System\qETDqVN.exe
  2⤵
  PID:3844
- C:\Windows\System\BdhKwJK.exe
  C:\Windows\System\BdhKwJK.exe
  2⤵
  PID:3860
- C:\Windows\System\xEWQnhb.exe
  C:\Windows\System\xEWQnhb.exe
  2⤵
  PID:3876
- C:\Windows\System\VkwvihG.exe
  C:\Windows\System\VkwvihG.exe
  2⤵
  PID:3896
- C:\Windows\System\lFoIJUs.exe
  C:\Windows\System\lFoIJUs.exe
  2⤵
  PID:3928
- C:\Windows\System\yMuUwog.exe
  C:\Windows\System\yMuUwog.exe
  2⤵
  PID:3948
- C:\Windows\System\XpXlFcp.exe
  C:\Windows\System\XpXlFcp.exe
  2⤵
  PID:3964
- C:\Windows\System\RyooAZc.exe
  C:\Windows\System\RyooAZc.exe
  2⤵
  PID:3980
- C:\Windows\System\AvRsNvW.exe
  C:\Windows\System\AvRsNvW.exe
  2⤵
  PID:3996
- C:\Windows\System\lRrWPFc.exe
  C:\Windows\System\lRrWPFc.exe
  2⤵
  PID:4012
- C:\Windows\System\JixllfI.exe
  C:\Windows\System\JixllfI.exe
  2⤵
  PID:4028
- C:\Windows\System\ZCLgDLR.exe
  C:\Windows\System\ZCLgDLR.exe
  2⤵
  PID:4044
- C:\Windows\System\gTAtDlA.exe
  C:\Windows\System\gTAtDlA.exe
  2⤵
  PID:4060
- C:\Windows\System\zrmutNe.exe
  C:\Windows\System\zrmutNe.exe
  2⤵
  PID:4076
- C:\Windows\System\QuiYkcq.exe
  C:\Windows\System\QuiYkcq.exe
  2⤵
  PID:4092
- C:\Windows\System\oYpvaMd.exe
  C:\Windows\System\oYpvaMd.exe
  2⤵
  PID:2756
- C:\Windows\System\LDEeiIX.exe
  C:\Windows\System\LDEeiIX.exe
  2⤵
  PID:1616
- C:\Windows\System\DTwagDp.exe
  C:\Windows\System\DTwagDp.exe
  2⤵
  PID:1316
- C:\Windows\System\EisjGUh.exe
  C:\Windows\System\EisjGUh.exe
  2⤵
  PID:2488
- C:\Windows\System\WAnTzKK.exe
  C:\Windows\System\WAnTzKK.exe
  2⤵
  PID:3112
- C:\Windows\System\TyWGtAo.exe
  C:\Windows\System\TyWGtAo.exe
  2⤵
  PID:3184
- C:\Windows\System\UgNfZrf.exe
  C:\Windows\System\UgNfZrf.exe
  2⤵
  PID:3208
- C:\Windows\System\fvPopWV.exe
  C:\Windows\System\fvPopWV.exe
  2⤵
  PID:3224
- C:\Windows\System\XUobfrU.exe
  C:\Windows\System\XUobfrU.exe
  2⤵
  PID:3264
- C:\Windows\System\XkKRoBg.exe
  C:\Windows\System\XkKRoBg.exe
  2⤵
  PID:3272
- C:\Windows\System\ZdrzYTk.exe
  C:\Windows\System\ZdrzYTk.exe
  2⤵
  PID:3372
- C:\Windows\System\toRlWzE.exe
  C:\Windows\System\toRlWzE.exe
  2⤵
  PID:3456
- C:\Windows\System\IzkLbZj.exe
  C:\Windows\System\IzkLbZj.exe
  2⤵
  PID:3136
- C:\Windows\System\weWuxhU.exe
  C:\Windows\System\weWuxhU.exe
  2⤵
  PID:3168
- C:\Windows\System\XgLifZA.exe
  C:\Windows\System\XgLifZA.exe
  2⤵
  PID:3408
- C:\Windows\System\fPQvYou.exe
  C:\Windows\System\fPQvYou.exe
  2⤵
  PID:3328
- C:\Windows\System\UMginhI.exe
  C:\Windows\System\UMginhI.exe
  2⤵
  PID:3468
- C:\Windows\System\SdYIqRy.exe
  C:\Windows\System\SdYIqRy.exe
  2⤵
  PID:3360
- C:\Windows\System\bsvOWsg.exe
  C:\Windows\System\bsvOWsg.exe
  2⤵
  PID:3492
- C:\Windows\System\nyWNuxJ.exe
  C:\Windows\System\nyWNuxJ.exe
  2⤵
  PID:3512
- C:\Windows\System\SolFyYf.exe
  C:\Windows\System\SolFyYf.exe
  2⤵
  PID:3552
- C:\Windows\System\owFhYed.exe
  C:\Windows\System\owFhYed.exe
  2⤵
  PID:3528
- C:\Windows\System\iKWBFQL.exe
  C:\Windows\System\iKWBFQL.exe
  2⤵
  PID:1152
- C:\Windows\System\WfpHsyy.exe
  C:\Windows\System\WfpHsyy.exe
  2⤵
  PID:3572
- C:\Windows\System\GIXjQHF.exe
  C:\Windows\System\GIXjQHF.exe
  2⤵
  PID:3532
- C:\Windows\System\ZRCtCNZ.exe
  C:\Windows\System\ZRCtCNZ.exe
  2⤵
  PID:3672
- C:\Windows\System\EQLKWYj.exe
  C:\Windows\System\EQLKWYj.exe
  2⤵
  PID:3720
- C:\Windows\System\INXVxjz.exe
  C:\Windows\System\INXVxjz.exe
  2⤵
  PID:3764
- C:\Windows\System\YEwCwYs.exe
  C:\Windows\System\YEwCwYs.exe
  2⤵
  PID:3852
- C:\Windows\System\YvrUVhD.exe
  C:\Windows\System\YvrUVhD.exe
  2⤵
  PID:2588
- C:\Windows\System\VMdsSYA.exe
  C:\Windows\System\VMdsSYA.exe
  2⤵
  PID:2948
- C:\Windows\System\GrWlfyZ.exe
  C:\Windows\System\GrWlfyZ.exe
  2⤵
  PID:3916
- C:\Windows\System\jyruERV.exe
  C:\Windows\System\jyruERV.exe
  2⤵
  PID:3888
- C:\Windows\System\IclJvaJ.exe
  C:\Windows\System\IclJvaJ.exe
  2⤵
  PID:3912
- C:\Windows\System\txJZlTL.exe
  C:\Windows\System\txJZlTL.exe
  2⤵
  PID:1996
- C:\Windows\System\MetueoI.exe
  C:\Windows\System\MetueoI.exe
  2⤵
  PID:4052
- C:\Windows\System\tgOjGmm.exe
  C:\Windows\System\tgOjGmm.exe
  2⤵
  PID:2884
- C:\Windows\System\isVDROL.exe
  C:\Windows\System\isVDROL.exe
  2⤵
  PID:3152
- C:\Windows\System\FaDiaBv.exe
  C:\Windows\System\FaDiaBv.exe
  2⤵
  PID:1932
- C:\Windows\System\mBBwXNn.exe
  C:\Windows\System\mBBwXNn.exe
  2⤵
  PID:2980
- C:\Windows\System\aNzgHBp.exe
  C:\Windows\System\aNzgHBp.exe
  2⤵
  PID:2456
- C:\Windows\System\vfWcfla.exe
  C:\Windows\System\vfWcfla.exe
  2⤵
  PID:2676
- C:\Windows\System\DcQrYfK.exe
  C:\Windows\System\DcQrYfK.exe
  2⤵
  PID:696
- C:\Windows\System\QhJroaq.exe
  C:\Windows\System\QhJroaq.exe
  2⤵
  PID:4008
- C:\Windows\System\lcktSCK.exe
  C:\Windows\System\lcktSCK.exe
  2⤵
  PID:4068
- C:\Windows\System\jfHbNJW.exe
  C:\Windows\System\jfHbNJW.exe
  2⤵
  PID:3384
- C:\Windows\System\DAgJkhB.exe
  C:\Windows\System\DAgJkhB.exe
  2⤵
  PID:3084
- C:\Windows\System\YhBogEd.exe
  C:\Windows\System\YhBogEd.exe
  2⤵
  PID:3356
- C:\Windows\System\FDFNsbU.exe
  C:\Windows\System\FDFNsbU.exe
  2⤵
  PID:3588
- C:\Windows\System\ojozvcJ.exe
  C:\Windows\System\ojozvcJ.exe
  2⤵
  PID:3696
- C:\Windows\System\yZYhTRW.exe
  C:\Windows\System\yZYhTRW.exe
  2⤵
  PID:3668
- C:\Windows\System\QAvlqgQ.exe
  C:\Windows\System\QAvlqgQ.exe
  2⤵
  PID:3784
- C:\Windows\System\uqVtoss.exe
  C:\Windows\System\uqVtoss.exe
  2⤵
  PID:3780
- C:\Windows\System\fXFbGOz.exe
  C:\Windows\System\fXFbGOz.exe
  2⤵
  PID:3620
- C:\Windows\System\MivMGIG.exe
  C:\Windows\System\MivMGIG.exe
  2⤵
  PID:3812
- C:\Windows\System\hwTDzlJ.exe
  C:\Windows\System\hwTDzlJ.exe
  2⤵
  PID:2640
- C:\Windows\System\eHeesMW.exe
  C:\Windows\System\eHeesMW.exe
  2⤵
  PID:3956
- C:\Windows\System\wNvrqjH.exe
  C:\Windows\System\wNvrqjH.exe
  2⤵
  PID:2068
- C:\Windows\System\lrGOkRD.exe
  C:\Windows\System\lrGOkRD.exe
  2⤵
  PID:3816
- C:\Windows\System\gHUtgAK.exe
  C:\Windows\System\gHUtgAK.exe
  2⤵
  PID:4004
- C:\Windows\System\jSobLMn.exe
  C:\Windows\System\jSobLMn.exe
  2⤵
  PID:3204
- C:\Windows\System\vDrwDOr.exe
  C:\Windows\System\vDrwDOr.exe
  2⤵
  PID:3944
- C:\Windows\System\fYhJQFt.exe
  C:\Windows\System\fYhJQFt.exe
  2⤵
  PID:2900
- C:\Windows\System\BSqTjvz.exe
  C:\Windows\System\BSqTjvz.exe
  2⤵
  PID:3244
- C:\Windows\System\gRUQLfd.exe
  C:\Windows\System\gRUQLfd.exe
  2⤵
  PID:3824
- C:\Windows\System\zYUfgwn.exe
  C:\Windows\System\zYUfgwn.exe
  2⤵
  PID:3940
- C:\Windows\System\LzGZSKu.exe
  C:\Windows\System\LzGZSKu.exe
  2⤵
  PID:3296
- C:\Windows\System\ZNwQMcJ.exe
  C:\Windows\System\ZNwQMcJ.exe
  2⤵
  PID:2868
- C:\Windows\System\tgiNKkL.exe
  C:\Windows\System\tgiNKkL.exe
  2⤵
  PID:3748
- C:\Windows\System\VApKixs.exe
  C:\Windows\System\VApKixs.exe
  2⤵
  PID:3464
- C:\Windows\System\utsbkuy.exe
  C:\Windows\System\utsbkuy.exe
  2⤵
  PID:3496
- C:\Windows\System\TzSBjvp.exe
  C:\Windows\System\TzSBjvp.exe
  2⤵
  PID:3548
- C:\Windows\System\JVkEIPK.exe
  C:\Windows\System\JVkEIPK.exe
  2⤵
  PID:4020
- C:\Windows\System\fWEbtfi.exe
  C:\Windows\System\fWEbtfi.exe
  2⤵
  PID:2376
- C:\Windows\System\xQacBXN.exe
  C:\Windows\System\xQacBXN.exe
  2⤵
  PID:2932
- C:\Windows\System\KvaTBBN.exe
  C:\Windows\System\KvaTBBN.exe
  2⤵
  PID:3800
- C:\Windows\System\aHFKsAa.exe
  C:\Windows\System\aHFKsAa.exe
  2⤵
  PID:4036
- C:\Windows\System\DoWgqnT.exe
  C:\Windows\System\DoWgqnT.exe
  2⤵
  PID:1428
- C:\Windows\System\JlYOkBS.exe
  C:\Windows\System\JlYOkBS.exe
  2⤵
  PID:2840
- C:\Windows\System\VXrUhvW.exe
  C:\Windows\System\VXrUhvW.exe
  2⤵
  PID:3924
- C:\Windows\System\ujIpCRJ.exe
  C:\Windows\System\ujIpCRJ.exe
  2⤵
  PID:3196
- C:\Windows\System\qRpFtPX.exe
  C:\Windows\System\qRpFtPX.exe
  2⤵
  PID:1760
- C:\Windows\System\fFIsGUP.exe
  C:\Windows\System\fFIsGUP.exe
  2⤵
  PID:2668
- C:\Windows\System\nmzaoqn.exe
  C:\Windows\System\nmzaoqn.exe
  2⤵
  PID:3308
- C:\Windows\System\MuQuJfh.exe
  C:\Windows\System\MuQuJfh.exe
  2⤵
  PID:1848
- C:\Windows\System\kmCRjwE.exe
  C:\Windows\System\kmCRjwE.exe
  2⤵
  PID:1808
- C:\Windows\System\OkkqnKm.exe
  C:\Windows\System\OkkqnKm.exe
  2⤵
  PID:3132
- C:\Windows\System\nXRzSJk.exe
  C:\Windows\System\nXRzSJk.exe
  2⤵
  PID:2600
- C:\Windows\System\JukuSDE.exe
  C:\Windows\System\JukuSDE.exe
  2⤵
  PID:3704
- C:\Windows\System\KHTrZWu.exe
  C:\Windows\System\KHTrZWu.exe
  2⤵
  PID:4112
- C:\Windows\System\mORbhhs.exe
  C:\Windows\System\mORbhhs.exe
  2⤵
  PID:4128
- C:\Windows\System\fAPToPl.exe
  C:\Windows\System\fAPToPl.exe
  2⤵
  PID:4144
- C:\Windows\System\glVmMbk.exe
  C:\Windows\System\glVmMbk.exe
  2⤵
  PID:4168
- C:\Windows\System\qdEmxRR.exe
  C:\Windows\System\qdEmxRR.exe
  2⤵
  PID:4184
- C:\Windows\System\GEzXLJv.exe
  C:\Windows\System\GEzXLJv.exe
  2⤵
  PID:4200
- C:\Windows\System\iWhwXpS.exe
  C:\Windows\System\iWhwXpS.exe
  2⤵
  PID:4256
- C:\Windows\System\nmjUZfj.exe
  C:\Windows\System\nmjUZfj.exe
  2⤵
  PID:4272
- C:\Windows\System\ayyslDS.exe
  C:\Windows\System\ayyslDS.exe
  2⤵
  PID:4288
- C:\Windows\System\cSZXcxC.exe
  C:\Windows\System\cSZXcxC.exe
  2⤵
  PID:4308
- C:\Windows\System\SuRTOKh.exe
  C:\Windows\System\SuRTOKh.exe
  2⤵
  PID:4324
- C:\Windows\System\wfjsLvX.exe
  C:\Windows\System\wfjsLvX.exe
  2⤵
  PID:4340
- C:\Windows\System\ZTHIMsb.exe
  C:\Windows\System\ZTHIMsb.exe
  2⤵
  PID:4356
- C:\Windows\System\RMjbJRM.exe
  C:\Windows\System\RMjbJRM.exe
  2⤵
  PID:4372
- C:\Windows\System\RKJOoYF.exe
  C:\Windows\System\RKJOoYF.exe
  2⤵
  PID:4388
- C:\Windows\System\pyIemuE.exe
  C:\Windows\System\pyIemuE.exe
  2⤵
  PID:4404
- C:\Windows\System\DAvypfY.exe
  C:\Windows\System\DAvypfY.exe
  2⤵
  PID:4420
- C:\Windows\System\ITzRAkf.exe
  C:\Windows\System\ITzRAkf.exe
  2⤵
  PID:4436
- C:\Windows\System\nOMsHXC.exe
  C:\Windows\System\nOMsHXC.exe
  2⤵
  PID:4452
- C:\Windows\System\mJLdbfY.exe
  C:\Windows\System\mJLdbfY.exe
  2⤵
  PID:4472
- C:\Windows\System\CzVsaKf.exe
  C:\Windows\System\CzVsaKf.exe
  2⤵
  PID:4488
- C:\Windows\System\hsARjxf.exe
  C:\Windows\System\hsARjxf.exe
  2⤵
  PID:4504
- C:\Windows\System\GxqIvPB.exe
  C:\Windows\System\GxqIvPB.exe
  2⤵
  PID:4572
- C:\Windows\System\qkESXeI.exe
  C:\Windows\System\qkESXeI.exe
  2⤵
  PID:4588
- C:\Windows\System\agWBOwM.exe
  C:\Windows\System\agWBOwM.exe
  2⤵
  PID:4604
- C:\Windows\System\qRLOMsD.exe
  C:\Windows\System\qRLOMsD.exe
  2⤵
  PID:4632
- C:\Windows\System\VlnQRue.exe
  C:\Windows\System\VlnQRue.exe
  2⤵
  PID:4656
- C:\Windows\System\YYLpkCt.exe
  C:\Windows\System\YYLpkCt.exe
  2⤵
  PID:4672
- C:\Windows\System\wUjnIdW.exe
  C:\Windows\System\wUjnIdW.exe
  2⤵
  PID:4692
- C:\Windows\System\zpSLLoH.exe
  C:\Windows\System\zpSLLoH.exe
  2⤵
  PID:4708
- C:\Windows\System\HcQhJOt.exe
  C:\Windows\System\HcQhJOt.exe
  2⤵
  PID:4736
- C:\Windows\System\iIPxXcG.exe
  C:\Windows\System\iIPxXcG.exe
  2⤵
  PID:4752
- C:\Windows\System\eGGROgx.exe
  C:\Windows\System\eGGROgx.exe
  2⤵
  PID:4768
- C:\Windows\System\IRUMucZ.exe
  C:\Windows\System\IRUMucZ.exe
  2⤵
  PID:4788
- C:\Windows\System\bAmmXnH.exe
  C:\Windows\System\bAmmXnH.exe
  2⤵
  PID:4804
- C:\Windows\System\aVlRrCc.exe
  C:\Windows\System\aVlRrCc.exe
  2⤵
  PID:4820
- C:\Windows\System\VPhRnRJ.exe
  C:\Windows\System\VPhRnRJ.exe
  2⤵
  PID:4852
- C:\Windows\System\BrKIuCk.exe
  C:\Windows\System\BrKIuCk.exe
  2⤵
  PID:4872
- C:\Windows\System\iPsuVjg.exe
  C:\Windows\System\iPsuVjg.exe
  2⤵
  PID:4888
- C:\Windows\System\IWWhtZp.exe
  C:\Windows\System\IWWhtZp.exe
  2⤵
  PID:4904
- C:\Windows\System\cflbSsO.exe
  C:\Windows\System\cflbSsO.exe
  2⤵
  PID:4944
- C:\Windows\System\KfFqaXH.exe
  C:\Windows\System\KfFqaXH.exe
  2⤵
  PID:4960
- C:\Windows\System\MFHNFHv.exe
  C:\Windows\System\MFHNFHv.exe
  2⤵
  PID:4984
- C:\Windows\System\YhPHYFg.exe
  C:\Windows\System\YhPHYFg.exe
  2⤵
  PID:5000
- C:\Windows\System\KfPAIIx.exe
  C:\Windows\System\KfPAIIx.exe
  2⤵
  PID:5016
- C:\Windows\System\ZkkBKgZ.exe
  C:\Windows\System\ZkkBKgZ.exe
  2⤵
  PID:5036
- C:\Windows\System\kxWMWIp.exe
  C:\Windows\System\kxWMWIp.exe
  2⤵
  PID:5052
- C:\Windows\System\KNRPapV.exe
  C:\Windows\System\KNRPapV.exe
  2⤵
  PID:5076
- C:\Windows\System\zZoIBYk.exe
  C:\Windows\System\zZoIBYk.exe
  2⤵
  PID:5092
- C:\Windows\System\IkBjzpE.exe
  C:\Windows\System\IkBjzpE.exe
  2⤵
  PID:5108
- C:\Windows\System\VrWaChU.exe
  C:\Windows\System\VrWaChU.exe
  2⤵
  PID:3444
- C:\Windows\System\lhdMoIS.exe
  C:\Windows\System\lhdMoIS.exe
  2⤵
  PID:2208
- C:\Windows\System\mGTDoSS.exe
  C:\Windows\System\mGTDoSS.exe
  2⤵
  PID:4136
- C:\Windows\System\oFfNwpI.exe
  C:\Windows\System\oFfNwpI.exe
  2⤵
  PID:4212
- C:\Windows\System\ztTnFVm.exe
  C:\Windows\System\ztTnFVm.exe
  2⤵
  PID:3992
- C:\Windows\System\CWkAJDM.exe
  C:\Windows\System\CWkAJDM.exe
  2⤵
  PID:3636
- C:\Windows\System\HYcSjxs.exe
  C:\Windows\System\HYcSjxs.exe
  2⤵
  PID:3424
- C:\Windows\System\PHcXzGP.exe
  C:\Windows\System\PHcXzGP.exe
  2⤵
  PID:4236
- C:\Windows\System\BXwFKUi.exe
  C:\Windows\System\BXwFKUi.exe
  2⤵
  PID:4252
- C:\Windows\System\LihiHmW.exe
  C:\Windows\System\LihiHmW.exe
  2⤵
  PID:1424
- C:\Windows\System\iPjCvBB.exe
  C:\Windows\System\iPjCvBB.exe
  2⤵
  PID:4332
- C:\Windows\System\HdYvXkt.exe
  C:\Windows\System\HdYvXkt.exe
  2⤵
  PID:4428
- C:\Windows\System\MQPaPIq.exe
  C:\Windows\System\MQPaPIq.exe
  2⤵
  PID:4468
- C:\Windows\System\RXKVAMx.exe
  C:\Windows\System\RXKVAMx.exe
  2⤵
  PID:4380
- C:\Windows\System\DfVhSCT.exe
  C:\Windows\System\DfVhSCT.exe
  2⤵
  PID:4448
- C:\Windows\System\mlfFZxy.exe
  C:\Windows\System\mlfFZxy.exe
  2⤵
  PID:4520
- C:\Windows\System\cfYjEtc.exe
  C:\Windows\System\cfYjEtc.exe
  2⤵
  PID:4536
- C:\Windows\System\qVYqHjn.exe
  C:\Windows\System\qVYqHjn.exe
  2⤵
  PID:4552
- C:\Windows\System\vLwVGjK.exe
  C:\Windows\System\vLwVGjK.exe
  2⤵
  PID:4496
- C:\Windows\System\MCGxOuG.exe
  C:\Windows\System\MCGxOuG.exe
  2⤵
  PID:4400
- C:\Windows\System\cOaaCwb.exe
  C:\Windows\System\cOaaCwb.exe
  2⤵
  PID:4596
- C:\Windows\System\OpHIocn.exe
  C:\Windows\System\OpHIocn.exe
  2⤵
  PID:4628
- C:\Windows\System\NSYiqhz.exe
  C:\Windows\System\NSYiqhz.exe
  2⤵
  PID:4648
- C:\Windows\System\SEJWMZu.exe
  C:\Windows\System\SEJWMZu.exe
  2⤵
  PID:4688
- C:\Windows\System\aiYZeNX.exe
  C:\Windows\System\aiYZeNX.exe
  2⤵
  PID:4724
- C:\Windows\System\IgntyVD.exe
  C:\Windows\System\IgntyVD.exe
  2⤵
  PID:4764
- C:\Windows\System\DxBOsQZ.exe
  C:\Windows\System\DxBOsQZ.exe
  2⤵
  PID:4704
- C:\Windows\System\OEscaBF.exe
  C:\Windows\System\OEscaBF.exe
  2⤵
  PID:4840
- C:\Windows\System\UdybjjP.exe
  C:\Windows\System\UdybjjP.exe
  2⤵
  PID:4884
- C:\Windows\System\cioViNA.exe
  C:\Windows\System\cioViNA.exe
  2⤵
  PID:4668
- C:\Windows\System\zmuyycm.exe
  C:\Windows\System\zmuyycm.exe
  2⤵
  PID:4936
- C:\Windows\System\sbJYAzj.exe
  C:\Windows\System\sbJYAzj.exe
  2⤵
  PID:4812
- C:\Windows\System\KsiuEyP.exe
  C:\Windows\System\KsiuEyP.exe
  2⤵
  PID:4940
- C:\Windows\System\PsfBWVN.exe
  C:\Windows\System\PsfBWVN.exe
  2⤵
  PID:4972
- C:\Windows\System\HbgxcYV.exe
  C:\Windows\System\HbgxcYV.exe
  2⤵
  PID:5008
- C:\Windows\System\sDJrQFl.exe
  C:\Windows\System\sDJrQFl.exe
  2⤵
  PID:5048
- C:\Windows\System\ASKnHlo.exe
  C:\Windows\System\ASKnHlo.exe
  2⤵
  PID:5084
- C:\Windows\System\OpFUrLq.exe
  C:\Windows\System\OpFUrLq.exe
  2⤵
  PID:4108
- C:\Windows\System\hYZfHMn.exe
  C:\Windows\System\hYZfHMn.exe
  2⤵
  PID:2816
- C:\Windows\System\htdPVtK.exe
  C:\Windows\System\htdPVtK.exe
  2⤵
  PID:3140
- C:\Windows\System\ZlYLCxO.exe
  C:\Windows\System\ZlYLCxO.exe
  2⤵
  PID:4296
- C:\Windows\System\XPbpPBD.exe
  C:\Windows\System\XPbpPBD.exe
  2⤵
  PID:4300
- C:\Windows\System\DeoJOvY.exe
  C:\Windows\System\DeoJOvY.exe
  2⤵
  PID:4464
- C:\Windows\System\evnNbhL.exe
  C:\Windows\System\evnNbhL.exe
  2⤵
  PID:1936
- C:\Windows\System\rLCGADU.exe
  C:\Windows\System\rLCGADU.exe
  2⤵
  PID:4528
- C:\Windows\System\oawyLrs.exe
  C:\Windows\System\oawyLrs.exe
  2⤵
  PID:4584
- C:\Windows\System\HmnCdoN.exe
  C:\Windows\System\HmnCdoN.exe
  2⤵
  PID:4364
- C:\Windows\System\KsqKEps.exe
  C:\Windows\System\KsqKEps.exe
  2⤵
  PID:4616
- C:\Windows\System\UyIESdZ.exe
  C:\Windows\System\UyIESdZ.exe
  2⤵
  PID:4700
- C:\Windows\System\qJxvhHZ.exe
  C:\Windows\System\qJxvhHZ.exe
  2⤵
  PID:4932
- C:\Windows\System\RTQfByY.exe
  C:\Windows\System\RTQfByY.exe
  2⤵
  PID:4896
- C:\Windows\System\fIshXfG.exe
  C:\Windows\System\fIshXfG.exe
  2⤵
  PID:3288
- C:\Windows\System\TrjIquB.exe
  C:\Windows\System\TrjIquB.exe
  2⤵
  PID:5100
- C:\Windows\System\GbMjwJQ.exe
  C:\Windows\System\GbMjwJQ.exe
  2⤵
  PID:4180
- C:\Windows\System\pUYHewh.exe
  C:\Windows\System\pUYHewh.exe
  2⤵
  PID:2504
- C:\Windows\System\LbLQGDr.exe
  C:\Windows\System\LbLQGDr.exe
  2⤵
  PID:4684
- C:\Windows\System\NobMMQy.exe
  C:\Windows\System\NobMMQy.exe
  2⤵
  PID:4776
- C:\Windows\System\gRhjpfQ.exe
  C:\Windows\System\gRhjpfQ.exe
  2⤵
  PID:620
- C:\Windows\System\FKVCehY.exe
  C:\Windows\System\FKVCehY.exe
  2⤵
  PID:4196
- C:\Windows\System\tFSnvCT.exe
  C:\Windows\System\tFSnvCT.exe
  2⤵
  PID:4104
- C:\Windows\System\ZJcPFFI.exe
  C:\Windows\System\ZJcPFFI.exe
  2⤵
  PID:4544
- C:\Windows\System\SRJKoJi.exe
  C:\Windows\System\SRJKoJi.exe
  2⤵
  PID:4160
- C:\Windows\System\EXhErmC.exe
  C:\Windows\System\EXhErmC.exe
  2⤵
  PID:4844
- C:\Windows\System\tbsfeVE.exe
  C:\Windows\System\tbsfeVE.exe
  2⤵
  PID:1620
- C:\Windows\System\GqarKLg.exe
  C:\Windows\System\GqarKLg.exe
  2⤵
  PID:4516
- C:\Windows\System\BaRtrzp.exe
  C:\Windows\System\BaRtrzp.exe
  2⤵
  PID:4560
- C:\Windows\System\ycvrOQA.exe
  C:\Windows\System\ycvrOQA.exe
  2⤵
  PID:4828
- C:\Windows\System\zujfHFp.exe
  C:\Windows\System\zujfHFp.exe
  2⤵
  PID:3568
- C:\Windows\System\emRCLzl.exe
  C:\Windows\System\emRCLzl.exe
  2⤵
  PID:5072
- C:\Windows\System\BRAlBPJ.exe
  C:\Windows\System\BRAlBPJ.exe
  2⤵
  PID:3324
- C:\Windows\System\QtNtoSR.exe
  C:\Windows\System\QtNtoSR.exe
  2⤵
  PID:4284
- C:\Windows\System\JVcrsFJ.exe
  C:\Windows\System\JVcrsFJ.exe
  2⤵
  PID:4624
- C:\Windows\System\PUIJxFn.exe
  C:\Windows\System\PUIJxFn.exe
  2⤵
  PID:1596
- C:\Windows\System\qNYlTsL.exe
  C:\Windows\System\qNYlTsL.exe
  2⤵
  PID:4780
- C:\Windows\System\jtgoAQX.exe
  C:\Windows\System\jtgoAQX.exe
  2⤵
  PID:4240
- C:\Windows\System\gQhuLCf.exe
  C:\Windows\System\gQhuLCf.exe
  2⤵
  PID:4412
- C:\Windows\System\VcGpirv.exe
  C:\Windows\System\VcGpirv.exe
  2⤵
  PID:4640
- C:\Windows\System\xNTuqwv.exe
  C:\Windows\System\xNTuqwv.exe
  2⤵
  PID:4800
- C:\Windows\System\ipxSOPX.exe
  C:\Windows\System\ipxSOPX.exe
  2⤵
  PID:4760
- C:\Windows\System\lvIYOHm.exe
  C:\Windows\System\lvIYOHm.exe
  2⤵
  PID:4744
- C:\Windows\System\hXPIIuB.exe
  C:\Windows\System\hXPIIuB.exe
  2⤵
  PID:4164
- C:\Windows\System\sCQUAeW.exe
  C:\Windows\System\sCQUAeW.exe
  2⤵
  PID:4348
- C:\Windows\System\WNQmrws.exe
  C:\Windows\System\WNQmrws.exe
  2⤵
  PID:1636
- C:\Windows\System\COvypPM.exe
  C:\Windows\System\COvypPM.exe
  2⤵
  PID:1916
- C:\Windows\System\xlMcIor.exe
  C:\Windows\System\xlMcIor.exe
  2⤵
  PID:5116
- C:\Windows\System\AAjNfXw.exe
  C:\Windows\System\AAjNfXw.exe
  2⤵
  PID:4720
- C:\Windows\System\AUsbmLI.exe
  C:\Windows\System\AUsbmLI.exe
  2⤵
  PID:5128
- C:\Windows\System\nyVLIsN.exe
  C:\Windows\System\nyVLIsN.exe
  2⤵
  PID:5148
- C:\Windows\System\dNPNbcw.exe
  C:\Windows\System\dNPNbcw.exe
  2⤵
  PID:5172
- C:\Windows\System\kKodwrn.exe
  C:\Windows\System\kKodwrn.exe
  2⤵
  PID:5192
- C:\Windows\System\cknptTp.exe
  C:\Windows\System\cknptTp.exe
  2⤵
  PID:5208
- C:\Windows\System\YDrbliJ.exe
  C:\Windows\System\YDrbliJ.exe
  2⤵
  PID:5228
- C:\Windows\System\kSpTdCc.exe
  C:\Windows\System\kSpTdCc.exe
  2⤵
  PID:5284
- C:\Windows\System\FvjKDiS.exe
  C:\Windows\System\FvjKDiS.exe
  2⤵
  PID:5300
- C:\Windows\System\NDCyFmz.exe
  C:\Windows\System\NDCyFmz.exe
  2⤵
  PID:5320
- C:\Windows\System\SekEUoM.exe
  C:\Windows\System\SekEUoM.exe
  2⤵
  PID:5340
- C:\Windows\System\PJglFLn.exe
  C:\Windows\System\PJglFLn.exe
  2⤵
  PID:5360
- C:\Windows\System\aZEDMaB.exe
  C:\Windows\System\aZEDMaB.exe
  2⤵
  PID:5376
- C:\Windows\System\nPFMbZG.exe
  C:\Windows\System\nPFMbZG.exe
  2⤵
  PID:5400
- C:\Windows\System\EPAJQdW.exe
  C:\Windows\System\EPAJQdW.exe
  2⤵
  PID:5424
- C:\Windows\System\QNyRfLA.exe
  C:\Windows\System\QNyRfLA.exe
  2⤵
  PID:5444
- C:\Windows\System\gXbbLza.exe
  C:\Windows\System\gXbbLza.exe
  2⤵
  PID:5460
- C:\Windows\System\JSXgbUu.exe
  C:\Windows\System\JSXgbUu.exe
  2⤵
  PID:5476
- C:\Windows\System\eVuuSET.exe
  C:\Windows\System\eVuuSET.exe
  2⤵
  PID:5492
- C:\Windows\System\zeYwvDQ.exe
  C:\Windows\System\zeYwvDQ.exe
  2⤵
  PID:5512
- C:\Windows\System\PINDhMU.exe
  C:\Windows\System\PINDhMU.exe
  2⤵
  PID:5528
- C:\Windows\System\esQXJPr.exe
  C:\Windows\System\esQXJPr.exe
  2⤵
  PID:5544
- C:\Windows\System\eztGiZc.exe
  C:\Windows\System\eztGiZc.exe
  2⤵
  PID:5580
- C:\Windows\System\fEWGnkz.exe
  C:\Windows\System\fEWGnkz.exe
  2⤵
  PID:5600
- C:\Windows\System\QzVLQkT.exe
  C:\Windows\System\QzVLQkT.exe
  2⤵
  PID:5620
- C:\Windows\System\yzKPqNu.exe
  C:\Windows\System\yzKPqNu.exe
  2⤵
  PID:5636
- C:\Windows\System\enzeHcE.exe
  C:\Windows\System\enzeHcE.exe
  2⤵
  PID:5652
- C:\Windows\System\LLWzXQo.exe
  C:\Windows\System\LLWzXQo.exe
  2⤵
  PID:5672
- C:\Windows\System\GkCrhNW.exe
  C:\Windows\System\GkCrhNW.exe
  2⤵
  PID:5692
- C:\Windows\System\UUWyaJB.exe
  C:\Windows\System\UUWyaJB.exe
  2⤵
  PID:5708
- C:\Windows\System\CrHKDxg.exe
  C:\Windows\System\CrHKDxg.exe
  2⤵
  PID:5724
- C:\Windows\System\aZVCpFl.exe
  C:\Windows\System\aZVCpFl.exe
  2⤵
  PID:5748
- C:\Windows\System\PAxmfWg.exe
  C:\Windows\System\PAxmfWg.exe
  2⤵
  PID:5772
- C:\Windows\System\LftZRkw.exe
  C:\Windows\System\LftZRkw.exe
  2⤵
  PID:5788
- C:\Windows\System\PXszLIc.exe
  C:\Windows\System\PXszLIc.exe
  2⤵
  PID:5804
- C:\Windows\System\dYucHPv.exe
  C:\Windows\System\dYucHPv.exe
  2⤵
  PID:5820
- C:\Windows\System\MDJykVU.exe
  C:\Windows\System\MDJykVU.exe
  2⤵
  PID:5836
- C:\Windows\System\jJfexYp.exe
  C:\Windows\System\jJfexYp.exe
  2⤵
  PID:5852
- C:\Windows\System\BdeUyoa.exe
  C:\Windows\System\BdeUyoa.exe
  2⤵
  PID:5904
- C:\Windows\System\TMYVyOf.exe
  C:\Windows\System\TMYVyOf.exe
  2⤵
  PID:5920
- C:\Windows\System\UyATHME.exe
  C:\Windows\System\UyATHME.exe
  2⤵
  PID:5936
- C:\Windows\System\ajkTkgn.exe
  C:\Windows\System\ajkTkgn.exe
  2⤵
  PID:5956
- C:\Windows\System\pvCYxYS.exe
  C:\Windows\System\pvCYxYS.exe
  2⤵
  PID:5972
- C:\Windows\System\nGGRUbq.exe
  C:\Windows\System\nGGRUbq.exe
  2⤵
  PID:5996
- C:\Windows\System\RcwVEnL.exe
  C:\Windows\System\RcwVEnL.exe
  2⤵
  PID:6012
- C:\Windows\System\CiPEVMH.exe
  C:\Windows\System\CiPEVMH.exe
  2⤵
  PID:6028
- C:\Windows\System\PmBlIdW.exe
  C:\Windows\System\PmBlIdW.exe
  2⤵
  PID:6044
- C:\Windows\System\NwlwTqo.exe
  C:\Windows\System\NwlwTqo.exe
  2⤵
  PID:6064
- C:\Windows\System\GtTzdCE.exe
  C:\Windows\System\GtTzdCE.exe
  2⤵
  PID:6088
- C:\Windows\System\aQXnMoS.exe
  C:\Windows\System\aQXnMoS.exe
  2⤵
  PID:6104
- C:\Windows\System\ZDHwSjI.exe
  C:\Windows\System\ZDHwSjI.exe
  2⤵
  PID:6132
- C:\Windows\System\Ptsicbd.exe
  C:\Windows\System\Ptsicbd.exe
  2⤵
  PID:4176
- C:\Windows\System\ZJdHiTw.exe
  C:\Windows\System\ZJdHiTw.exe
  2⤵
  PID:4512
- C:\Windows\System\jXtTNIr.exe
  C:\Windows\System\jXtTNIr.exe
  2⤵
  PID:820
- C:\Windows\System\HwMNExl.exe
  C:\Windows\System\HwMNExl.exe
  2⤵
  PID:4268
- C:\Windows\System\TyvWomE.exe
  C:\Windows\System\TyvWomE.exe
  2⤵
  PID:4416
- C:\Windows\System\mWDwyyP.exe
  C:\Windows\System\mWDwyyP.exe
  2⤵
  PID:4992
- C:\Windows\System\QaKOFAQ.exe
  C:\Windows\System\QaKOFAQ.exe
  2⤵
  PID:5236
- C:\Windows\System\uKZAbDz.exe
  C:\Windows\System\uKZAbDz.exe
  2⤵
  PID:5252
- C:\Windows\System\cXDqskb.exe
  C:\Windows\System\cXDqskb.exe
  2⤵
  PID:5268
- C:\Windows\System\qeiWwaN.exe
  C:\Windows\System\qeiWwaN.exe
  2⤵
  PID:5280
- C:\Windows\System\wPAHZqL.exe
  C:\Windows\System\wPAHZqL.exe
  2⤵
  PID:5312
- C:\Windows\System\BkZGFUq.exe
  C:\Windows\System\BkZGFUq.exe
  2⤵
  PID:2584
- C:\Windows\System\ISUhszD.exe
  C:\Windows\System\ISUhszD.exe
  2⤵
  PID:5356
- C:\Windows\System\AQaTesj.exe
  C:\Windows\System\AQaTesj.exe
  2⤵
  PID:5384
- C:\Windows\System\oFmHMRo.exe
  C:\Windows\System\oFmHMRo.exe
  2⤵
  PID:5408
- C:\Windows\System\eMYIhEI.exe
  C:\Windows\System\eMYIhEI.exe
  2⤵
  PID:5436
- C:\Windows\System\qJapQMG.exe
  C:\Windows\System\qJapQMG.exe
  2⤵
  PID:5500
- C:\Windows\System\VHLohpr.exe
  C:\Windows\System\VHLohpr.exe
  2⤵
  PID:5452
- C:\Windows\System\jHwxHPm.exe
  C:\Windows\System\jHwxHPm.exe
  2⤵
  PID:5568
- C:\Windows\System\uvDRUmp.exe
  C:\Windows\System\uvDRUmp.exe
  2⤵
  PID:5576
- C:\Windows\System\AeNfRKB.exe
  C:\Windows\System\AeNfRKB.exe
  2⤵
  PID:5592
- C:\Windows\System\IwvzdqZ.exe
  C:\Windows\System\IwvzdqZ.exe
  2⤵
  PID:5660
- C:\Windows\System\vSExYAk.exe
  C:\Windows\System\vSExYAk.exe
  2⤵
  PID:5732
- C:\Windows\System\cGOJmQP.exe
  C:\Windows\System\cGOJmQP.exe
  2⤵
  PID:5784
- C:\Windows\System\GjVtTWn.exe
  C:\Windows\System\GjVtTWn.exe
  2⤵
  PID:5832
- C:\Windows\System\gBkhpkS.exe
  C:\Windows\System\gBkhpkS.exe
  2⤵
  PID:5760
- C:\Windows\System\OkzoeAz.exe
  C:\Windows\System\OkzoeAz.exe
  2⤵
  PID:5868
- C:\Windows\System\kOFaiye.exe
  C:\Windows\System\kOFaiye.exe
  2⤵
  PID:5952
- C:\Windows\System\HahbpOn.exe
  C:\Windows\System\HahbpOn.exe
  2⤵
  PID:5988
- C:\Windows\System\YgYTscT.exe
  C:\Windows\System\YgYTscT.exe
  2⤵
  PID:5900
- C:\Windows\System\pqJHOgk.exe
  C:\Windows\System\pqJHOgk.exe
  2⤵
  PID:6056
- C:\Windows\System\GRPRAdp.exe
  C:\Windows\System\GRPRAdp.exe
  2⤵
  PID:4152
- C:\Windows\System\sXLhQaH.exe
  C:\Windows\System\sXLhQaH.exe
  2⤵
  PID:5880
- C:\Windows\System\LnYVJfI.exe
  C:\Windows\System\LnYVJfI.exe
  2⤵
  PID:2788
- C:\Windows\System\ySVfgRU.exe
  C:\Windows\System\ySVfgRU.exe
  2⤵
  PID:6072
- C:\Windows\System\LJoavNY.exe
  C:\Windows\System\LJoavNY.exe
  2⤵
  PID:5968
- C:\Windows\System\jeEFYhK.exe
  C:\Windows\System\jeEFYhK.exe
  2⤵
  PID:5136
- C:\Windows\System\HNJSmKs.exe
  C:\Windows\System\HNJSmKs.exe
  2⤵
  PID:6112
- C:\Windows\System\liimuyS.exe
  C:\Windows\System\liimuyS.exe
  2⤵
  PID:5140
- C:\Windows\System\JSgCqRG.exe
  C:\Windows\System\JSgCqRG.exe
  2⤵
  PID:5260
- C:\Windows\System\eNTUcKy.exe
  C:\Windows\System\eNTUcKy.exe
  2⤵
  PID:5292
- C:\Windows\System\DZpidmC.exe
  C:\Windows\System\DZpidmC.exe
  2⤵
  PID:5396
- C:\Windows\System\lAPilCv.exe
  C:\Windows\System\lAPilCv.exe
  2⤵
  PID:5488
- C:\Windows\System\VBcCxKq.exe
  C:\Windows\System\VBcCxKq.exe
  2⤵
  PID:5668
- C:\Windows\System\ANXWqRl.exe
  C:\Windows\System\ANXWqRl.exe
  2⤵
  PID:3128
- C:\Windows\System\muirHGK.exe
  C:\Windows\System\muirHGK.exe
  2⤵
  PID:5316
- C:\Windows\System\htLnzki.exe
  C:\Windows\System\htLnzki.exe
  2⤵
  PID:5564
- C:\Windows\System\hzNPUou.exe
  C:\Windows\System\hzNPUou.exe
  2⤵
  PID:5632
- C:\Windows\System\McMZPBe.exe
  C:\Windows\System\McMZPBe.exe
  2⤵
  PID:5388
- C:\Windows\System\ynjlyLU.exe
  C:\Windows\System\ynjlyLU.exe
  2⤵
  PID:5332
- C:\Windows\System\fcMHpiD.exe
  C:\Windows\System\fcMHpiD.exe
  2⤵
  PID:5796
- C:\Windows\System\pqDIjLv.exe
  C:\Windows\System\pqDIjLv.exe
  2⤵
  PID:5864
- C:\Windows\System\yURJKUd.exe
  C:\Windows\System\yURJKUd.exe
  2⤵
  PID:5944
- C:\Windows\System\FbXdrIE.exe
  C:\Windows\System\FbXdrIE.exe
  2⤵
  PID:5896
- C:\Windows\System\YdhOAmE.exe
  C:\Windows\System\YdhOAmE.exe
  2⤵
  PID:6140
- C:\Windows\System\TPwmIdi.exe
  C:\Windows\System\TPwmIdi.exe
  2⤵
  PID:5892
- C:\Windows\System\dGRfKla.exe
  C:\Windows\System\dGRfKla.exe
  2⤵
  PID:4460
- C:\Windows\System\qQMwADl.exe
  C:\Windows\System\qQMwADl.exe
  2⤵
  PID:4232
- C:\Windows\System\YUOytik.exe
  C:\Windows\System\YUOytik.exe
  2⤵
  PID:6128
- C:\Windows\System\zktRjyP.exe
  C:\Windows\System\zktRjyP.exe
  2⤵
  PID:5224
- C:\Windows\System\NEmRbQL.exe
  C:\Windows\System\NEmRbQL.exe
  2⤵
  PID:5472
- C:\Windows\System\WcSBWeM.exe
  C:\Windows\System\WcSBWeM.exe
  2⤵
  PID:5536
- C:\Windows\System\ZcGBKHy.exe
  C:\Windows\System\ZcGBKHy.exe
  2⤵
  PID:5844
- C:\Windows\System\cRqesMZ.exe
  C:\Windows\System\cRqesMZ.exe
  2⤵
  PID:5204
- C:\Windows\System\liXhwsq.exe
  C:\Windows\System\liXhwsq.exe
  2⤵
  PID:5352
- C:\Windows\System\mzfxHiU.exe
  C:\Windows\System\mzfxHiU.exe
  2⤵
  PID:5848
- C:\Windows\System\VxxrPXt.exe
  C:\Windows\System\VxxrPXt.exe
  2⤵
  PID:5164
- C:\Windows\System\uvtKgbn.exe
  C:\Windows\System\uvtKgbn.exe
  2⤵
  PID:5336
- C:\Windows\System\KiqXYtg.exe
  C:\Windows\System\KiqXYtg.exe
  2⤵
  PID:6100
- C:\Windows\System\bwTAdqx.exe
  C:\Windows\System\bwTAdqx.exe
  2⤵
  PID:5744
- C:\Windows\System\EYJBSAT.exe
  C:\Windows\System\EYJBSAT.exe
  2⤵
  PID:5916
- C:\Windows\System\XhOlNVm.exe
  C:\Windows\System\XhOlNVm.exe
  2⤵
  PID:6060
- C:\Windows\System\tCyNJNI.exe
  C:\Windows\System\tCyNJNI.exe
  2⤵
  PID:5816
- C:\Windows\System\JQRvnyT.exe
  C:\Windows\System\JQRvnyT.exe
  2⤵
  PID:6020
- C:\Windows\System\tmrqQOA.exe
  C:\Windows\System\tmrqQOA.exe
  2⤵
  PID:5768
- C:\Windows\System\ZVhpRqP.exe
  C:\Windows\System\ZVhpRqP.exe
  2⤵
  PID:4484
- C:\Windows\System\nVuZPvv.exe
  C:\Windows\System\nVuZPvv.exe
  2⤵
  PID:5588
- C:\Windows\System\qTtOunw.exe
  C:\Windows\System\qTtOunw.exe
  2⤵
  PID:5612
- C:\Windows\System\NzRGhTk.exe
  C:\Windows\System\NzRGhTk.exe
  2⤵
  PID:5248
- C:\Windows\System\IajjDjy.exe
  C:\Windows\System\IajjDjy.exe
  2⤵
  PID:5468
- C:\Windows\System\jdEDaqR.exe
  C:\Windows\System\jdEDaqR.exe
  2⤵
  PID:6084
- C:\Windows\System\KaIuMfC.exe
  C:\Windows\System\KaIuMfC.exe
  2⤵
  PID:6008
- C:\Windows\System\tvBPhZy.exe
  C:\Windows\System\tvBPhZy.exe
  2⤵
  PID:5220
- C:\Windows\System\FmJflnh.exe
  C:\Windows\System\FmJflnh.exe
  2⤵
  PID:5504
- C:\Windows\System\xbPhEJZ.exe
  C:\Windows\System\xbPhEJZ.exe
  2⤵
  PID:6180
- C:\Windows\System\nEKBLvq.exe
  C:\Windows\System\nEKBLvq.exe
  2⤵
  PID:6196
- C:\Windows\System\prYOpZB.exe
  C:\Windows\System\prYOpZB.exe
  2⤵
  PID:6216
- C:\Windows\System\giUMYaL.exe
  C:\Windows\System\giUMYaL.exe
  2⤵
  PID:6236
- C:\Windows\System\cpKnxcS.exe
  C:\Windows\System\cpKnxcS.exe
  2⤵
  PID:6252
- C:\Windows\System\smVGACu.exe
  C:\Windows\System\smVGACu.exe
  2⤵
  PID:6268
- C:\Windows\System\jgMpaRL.exe
  C:\Windows\System\jgMpaRL.exe
  2⤵
  PID:6284
- C:\Windows\System\FPsKfab.exe
  C:\Windows\System\FPsKfab.exe
  2⤵
  PID:6320
- C:\Windows\System\MOlbZQl.exe
  C:\Windows\System\MOlbZQl.exe
  2⤵
  PID:6340
- C:\Windows\System\EGBpVIS.exe
  C:\Windows\System\EGBpVIS.exe
  2⤵
  PID:6356
- C:\Windows\System\yciqIkW.exe
  C:\Windows\System\yciqIkW.exe
  2⤵
  PID:6376
- C:\Windows\System\MdsOLQV.exe
  C:\Windows\System\MdsOLQV.exe
  2⤵
  PID:6396
- C:\Windows\System\EgvYOQU.exe
  C:\Windows\System\EgvYOQU.exe
  2⤵
  PID:6412
- C:\Windows\System\PRtCoGY.exe
  C:\Windows\System\PRtCoGY.exe
  2⤵
  PID:6428
- C:\Windows\System\mYtXVVr.exe
  C:\Windows\System\mYtXVVr.exe
  2⤵
  PID:6448
- C:\Windows\System\cxyheCH.exe
  C:\Windows\System\cxyheCH.exe
  2⤵
  PID:6476
- C:\Windows\System\YrDnwWg.exe
  C:\Windows\System\YrDnwWg.exe
  2⤵
  PID:6492
- C:\Windows\System\VbNyEbq.exe
  C:\Windows\System\VbNyEbq.exe
  2⤵
  PID:6508
- C:\Windows\System\ZUQdsjt.exe
  C:\Windows\System\ZUQdsjt.exe
  2⤵
  PID:6524
- C:\Windows\System\nxsoice.exe
  C:\Windows\System\nxsoice.exe
  2⤵
  PID:6544
- C:\Windows\System\GTQWNud.exe
  C:\Windows\System\GTQWNud.exe
  2⤵
  PID:6564
- C:\Windows\System\xMVlPca.exe
  C:\Windows\System\xMVlPca.exe
  2⤵
  PID:6588
- C:\Windows\System\hQovUGv.exe
  C:\Windows\System\hQovUGv.exe
  2⤵
  PID:6608
- C:\Windows\System\NkHJRPb.exe
  C:\Windows\System\NkHJRPb.exe
  2⤵
  PID:6636
- C:\Windows\System\oPwFrlM.exe
  C:\Windows\System\oPwFrlM.exe
  2⤵
  PID:6656
- C:\Windows\System\QTzFUsJ.exe
  C:\Windows\System\QTzFUsJ.exe
  2⤵
  PID:6672
- C:\Windows\System\AwjIfQc.exe
  C:\Windows\System\AwjIfQc.exe
  2⤵
  PID:6688
- C:\Windows\System\ynSsKxb.exe
  C:\Windows\System\ynSsKxb.exe
  2⤵
  PID:6708
- C:\Windows\System\ygGHDgK.exe
  C:\Windows\System\ygGHDgK.exe
  2⤵
  PID:6724
- C:\Windows\System\HZCbmVP.exe
  C:\Windows\System\HZCbmVP.exe
  2⤵
  PID:6740
- C:\Windows\System\bTNptpz.exe
  C:\Windows\System\bTNptpz.exe
  2⤵
  PID:6760
- C:\Windows\System\nGOrcOR.exe
  C:\Windows\System\nGOrcOR.exe
  2⤵
  PID:6780
- C:\Windows\System\BzYiYtH.exe
  C:\Windows\System\BzYiYtH.exe
  2⤵
  PID:6796
- C:\Windows\System\BsuknXe.exe
  C:\Windows\System\BsuknXe.exe
  2⤵
  PID:6812
- C:\Windows\System\LRTbmzA.exe
  C:\Windows\System\LRTbmzA.exe
  2⤵
  PID:6828
- C:\Windows\System\AbxtoXf.exe
  C:\Windows\System\AbxtoXf.exe
  2⤵
  PID:6844
- C:\Windows\System\rpUXJCb.exe
  C:\Windows\System\rpUXJCb.exe
  2⤵
  PID:6860
- C:\Windows\System\kbimHiP.exe
  C:\Windows\System\kbimHiP.exe
  2⤵
  PID:6876
- C:\Windows\System\NvliRSe.exe
  C:\Windows\System\NvliRSe.exe
  2⤵
  PID:6892
- C:\Windows\System\MAupWqT.exe
  C:\Windows\System\MAupWqT.exe
  2⤵
  PID:6908
- C:\Windows\System\KvNdlfd.exe
  C:\Windows\System\KvNdlfd.exe
  2⤵
  PID:6924
- C:\Windows\System\tksxUZy.exe
  C:\Windows\System\tksxUZy.exe
  2⤵
  PID:6988
- C:\Windows\System\kEoNbZm.exe
  C:\Windows\System\kEoNbZm.exe
  2⤵
  PID:7012
- C:\Windows\System\ejVasqE.exe
  C:\Windows\System\ejVasqE.exe
  2⤵
  PID:7032
- C:\Windows\System\CbGYYfz.exe
  C:\Windows\System\CbGYYfz.exe
  2⤵
  PID:7052
- C:\Windows\System\nEylTOY.exe
  C:\Windows\System\nEylTOY.exe
  2⤵
  PID:7068
- C:\Windows\System\dwYcJMg.exe
  C:\Windows\System\dwYcJMg.exe
  2⤵
  PID:7084
- C:\Windows\System\xBbznOY.exe
  C:\Windows\System\xBbznOY.exe
  2⤵
  PID:7100
- C:\Windows\System\GUWTnlZ.exe
  C:\Windows\System\GUWTnlZ.exe
  2⤵
  PID:7116
- C:\Windows\System\qOnkmQE.exe
  C:\Windows\System\qOnkmQE.exe
  2⤵
  PID:7136
- C:\Windows\System\EZmfqSX.exe
  C:\Windows\System\EZmfqSX.exe
  2⤵
  PID:7156
- C:\Windows\System\VAjwjqT.exe
  C:\Windows\System\VAjwjqT.exe
  2⤵
  PID:5144
- C:\Windows\System\BiFdjAF.exe
  C:\Windows\System\BiFdjAF.exe
  2⤵
  PID:6160
- C:\Windows\System\hIzXYuM.exe
  C:\Windows\System\hIzXYuM.exe
  2⤵
  PID:6168
- C:\Windows\System\kcKWPpD.exe
  C:\Windows\System\kcKWPpD.exe
  2⤵
  PID:6208
- C:\Windows\System\lXvETXw.exe
  C:\Windows\System\lXvETXw.exe
  2⤵
  PID:6280
- C:\Windows\System\rWNIVzq.exe
  C:\Windows\System\rWNIVzq.exe
  2⤵
  PID:6228
- C:\Windows\System\zjDCvMe.exe
  C:\Windows\System\zjDCvMe.exe
  2⤵
  PID:6304
- C:\Windows\System\CgBAQmw.exe
  C:\Windows\System\CgBAQmw.exe
  2⤵
  PID:6296
- C:\Windows\System\kpumNQV.exe
  C:\Windows\System\kpumNQV.exe
  2⤵
  PID:6352
- C:\Windows\System\FFeFBGC.exe
  C:\Windows\System\FFeFBGC.exe
  2⤵
  PID:6404
- C:\Windows\System\NTqDudR.exe
  C:\Windows\System\NTqDudR.exe
  2⤵
  PID:6388
- C:\Windows\System\ZaWuPGS.exe
  C:\Windows\System\ZaWuPGS.exe
  2⤵
  PID:6440
- C:\Windows\System\peZvoQk.exe
  C:\Windows\System\peZvoQk.exe
  2⤵
  PID:6552
- C:\Windows\System\rjDLeUh.exe
  C:\Windows\System\rjDLeUh.exe
  2⤵
  PID:6572
- C:\Windows\System\XBsFdjp.exe
  C:\Windows\System\XBsFdjp.exe
  2⤵
  PID:6540
- C:\Windows\System\wmpjMgJ.exe
  C:\Windows\System\wmpjMgJ.exe
  2⤵
  PID:6500
- C:\Windows\System\OSJYiKu.exe
  C:\Windows\System\OSJYiKu.exe
  2⤵
  PID:6680
- C:\Windows\System\Jjrhkbu.exe
  C:\Windows\System\Jjrhkbu.exe
  2⤵
  PID:6752
- C:\Windows\System\wWjOisZ.exe
  C:\Windows\System\wWjOisZ.exe
  2⤵
  PID:6616
- C:\Windows\System\HJBTSUA.exe
  C:\Windows\System\HJBTSUA.exe
  2⤵
  PID:6664
- C:\Windows\System\ajkSzmn.exe
  C:\Windows\System\ajkSzmn.exe
  2⤵
  PID:6824
- C:\Windows\System\cHSnpnj.exe
  C:\Windows\System\cHSnpnj.exe
  2⤵
  PID:6768
- C:\Windows\System\ivxnDZD.exe
  C:\Windows\System\ivxnDZD.exe
  2⤵
  PID:6836
- C:\Windows\System\HEslwdQ.exe
  C:\Windows\System\HEslwdQ.exe
  2⤵
  PID:6696
- C:\Windows\System\VthwmBO.exe
  C:\Windows\System\VthwmBO.exe
  2⤵
  PID:6964
- C:\Windows\System\vKiElkT.exe
  C:\Windows\System\vKiElkT.exe
  2⤵
  PID:6976
- C:\Windows\System\cdHOhNU.exe
  C:\Windows\System\cdHOhNU.exe
  2⤵
  PID:6944
- C:\Windows\System\YTMVdHv.exe
  C:\Windows\System\YTMVdHv.exe
  2⤵
  PID:6904
- C:\Windows\System\hTZQkrS.exe
  C:\Windows\System\hTZQkrS.exe
  2⤵
  PID:7000
- C:\Windows\System\WnIJKIi.exe
  C:\Windows\System\WnIJKIi.exe
  2⤵
  PID:7004
- C:\Windows\System\uFtDfDC.exe
  C:\Windows\System\uFtDfDC.exe
  2⤵
  PID:7028
- C:\Windows\System\dnIHCAo.exe
  C:\Windows\System\dnIHCAo.exe
  2⤵
  PID:5156
- C:\Windows\System\jwdTPaE.exe
  C:\Windows\System\jwdTPaE.exe
  2⤵
  PID:6188
- C:\Windows\System\qhFEfIJ.exe
  C:\Windows\System\qhFEfIJ.exe
  2⤵
  PID:6192
- C:\Windows\System\zZfKzKm.exe
  C:\Windows\System\zZfKzKm.exe
  2⤵
  PID:7128
- C:\Windows\System\wtZRfII.exe
  C:\Windows\System\wtZRfII.exe
  2⤵
  PID:7124
- C:\Windows\System\iawXJJk.exe
  C:\Windows\System\iawXJJk.exe
  2⤵
  PID:6244
- C:\Windows\System\gLGgpIH.exe
  C:\Windows\System\gLGgpIH.exe
  2⤵
  PID:6424
- C:\Windows\System\BhDTZBq.exe
  C:\Windows\System\BhDTZBq.exe
  2⤵
  PID:6348
- C:\Windows\System\DGAURwl.exe
  C:\Windows\System\DGAURwl.exe
  2⤵
  PID:6516
- C:\Windows\System\KHSuMRt.exe
  C:\Windows\System\KHSuMRt.exe
  2⤵
  PID:6464
- C:\Windows\System\KtMmYpQ.exe
  C:\Windows\System\KtMmYpQ.exe
  2⤵
  PID:6436
- C:\Windows\System\uBHvmDN.exe
  C:\Windows\System\uBHvmDN.exe
  2⤵
  PID:6652
- C:\Windows\System\AbFgyXE.exe
  C:\Windows\System\AbFgyXE.exe
  2⤵
  PID:6628
- C:\Windows\System\NzeNaFa.exe
  C:\Windows\System\NzeNaFa.exe
  2⤵
  PID:6888
- C:\Windows\System\lvURpLp.exe
  C:\Windows\System\lvURpLp.exe
  2⤵
  PID:6736
- C:\Windows\System\bBdsgfm.exe
  C:\Windows\System\bBdsgfm.exe
  2⤵
  PID:6804
- C:\Windows\System\mnTkDKM.exe
  C:\Windows\System\mnTkDKM.exe
  2⤵
  PID:6620
- C:\Windows\System\AzWFlka.exe
  C:\Windows\System\AzWFlka.exe
  2⤵
  PID:6980
- C:\Windows\System\rtCEocG.exe
  C:\Windows\System\rtCEocG.exe
  2⤵
  PID:6856
- C:\Windows\System\uclokKN.exe
  C:\Windows\System\uclokKN.exe
  2⤵
  PID:6940
- C:\Windows\System\kyIyyUa.exe
  C:\Windows\System\kyIyyUa.exe
  2⤵
  PID:6156
- C:\Windows\System\CSJQXjm.exe
  C:\Windows\System\CSJQXjm.exe
  2⤵
  PID:6152
- C:\Windows\System\zwtZBuz.exe
  C:\Windows\System\zwtZBuz.exe
  2⤵
  PID:7060
- C:\Windows\System\GcbiqlJ.exe
  C:\Windows\System\GcbiqlJ.exe
  2⤵
  PID:3976
- C:\Windows\System\QJHBOPJ.exe
  C:\Windows\System\QJHBOPJ.exe
  2⤵
  PID:7092
- C:\Windows\System\OOvyLuk.exe
  C:\Windows\System\OOvyLuk.exe
  2⤵
  PID:1740
- C:\Windows\System\SglIhsL.exe
  C:\Windows\System\SglIhsL.exe
  2⤵
  PID:6336
- C:\Windows\System\orIZONo.exe
  C:\Windows\System\orIZONo.exe
  2⤵
  PID:6484
- C:\Windows\System\lOoTQUl.exe
  C:\Windows\System\lOoTQUl.exe
  2⤵
  PID:6520
- C:\Windows\System\FYbvdFx.exe
  C:\Windows\System\FYbvdFx.exe
  2⤵
  PID:6604
- C:\Windows\System\ucoiZkg.exe
  C:\Windows\System\ucoiZkg.exe
  2⤵
  PID:6920
- C:\Windows\System\YcKKboR.exe
  C:\Windows\System\YcKKboR.exe
  2⤵
  PID:6776
- C:\Windows\System\MsZQYLe.exe
  C:\Windows\System\MsZQYLe.exe
  2⤵
  PID:6808
- C:\Windows\System\HXTTaUV.exe
  C:\Windows\System\HXTTaUV.exe
  2⤵
  PID:7044
- C:\Windows\System\gaTrKRB.exe
  C:\Windows\System\gaTrKRB.exe
  2⤵
  PID:6996
- C:\Windows\System\WPRDsiq.exe
  C:\Windows\System\WPRDsiq.exe
  2⤵
  PID:5984
- C:\Windows\System\aztOvWr.exe
  C:\Windows\System\aztOvWr.exe
  2⤵
  PID:6300
- C:\Windows\System\mACOPll.exe
  C:\Windows\System\mACOPll.exe
  2⤵
  PID:1532
- C:\Windows\System\HxGGRyJ.exe
  C:\Windows\System\HxGGRyJ.exe
  2⤵
  PID:6116
- C:\Windows\System\zfhocfp.exe
  C:\Windows\System\zfhocfp.exe
  2⤵
  PID:2036
- C:\Windows\System\YLsGKYX.exe
  C:\Windows\System\YLsGKYX.exe
  2⤵
  PID:6644
- C:\Windows\System\jXwzITa.exe
  C:\Windows\System\jXwzITa.exe
  2⤵
  PID:6884
- C:\Windows\System\TWcZMVV.exe
  C:\Windows\System\TWcZMVV.exe
  2⤵
  PID:5648
- C:\Windows\System\jbtvizU.exe
  C:\Windows\System\jbtvizU.exe
  2⤵
  PID:7096
- C:\Windows\System\MNSZuNQ.exe
  C:\Windows\System\MNSZuNQ.exe
  2⤵
  PID:6384
- C:\Windows\System\RhWbqAL.exe
  C:\Windows\System\RhWbqAL.exe
  2⤵
  PID:7184
- C:\Windows\System\NMgbukE.exe
  C:\Windows\System\NMgbukE.exe
  2⤵
  PID:7200
- C:\Windows\System\DOvqQkV.exe
  C:\Windows\System\DOvqQkV.exe
  2⤵
  PID:7220
- C:\Windows\System\MrPMSCF.exe
  C:\Windows\System\MrPMSCF.exe
  2⤵
  PID:7236
- C:\Windows\System\HSGoZLh.exe
  C:\Windows\System\HSGoZLh.exe
  2⤵
  PID:7292
- C:\Windows\System\VdXdcNg.exe
  C:\Windows\System\VdXdcNg.exe
  2⤵
  PID:7308
- C:\Windows\System\gUXRGCh.exe
  C:\Windows\System\gUXRGCh.exe
  2⤵
  PID:7328
- C:\Windows\System\GpyOLtr.exe
  C:\Windows\System\GpyOLtr.exe
  2⤵
  PID:7344
- C:\Windows\System\kQtwBbu.exe
  C:\Windows\System\kQtwBbu.exe
  2⤵
  PID:7368
- C:\Windows\System\iDFKWyR.exe
  C:\Windows\System\iDFKWyR.exe
  2⤵
  PID:7384
- C:\Windows\System\uhVPxJh.exe
  C:\Windows\System\uhVPxJh.exe
  2⤵
  PID:7400
- C:\Windows\System\liYyyph.exe
  C:\Windows\System\liYyyph.exe
  2⤵
  PID:7416
- C:\Windows\System\tadkWFK.exe
  C:\Windows\System\tadkWFK.exe
  2⤵
  PID:7432
- C:\Windows\System\knYhZyT.exe
  C:\Windows\System\knYhZyT.exe
  2⤵
  PID:7448
- C:\Windows\System\aanRdBY.exe
  C:\Windows\System\aanRdBY.exe
  2⤵
  PID:7464
- C:\Windows\System\FFXArfg.exe
  C:\Windows\System\FFXArfg.exe
  2⤵
  PID:7480
- C:\Windows\System\QrKZVQF.exe
  C:\Windows\System\QrKZVQF.exe
  2⤵
  PID:7496
- C:\Windows\System\hAHpvyn.exe
  C:\Windows\System\hAHpvyn.exe
  2⤵
  PID:7512
- C:\Windows\System\ZDYFSQs.exe
  C:\Windows\System\ZDYFSQs.exe
  2⤵
  PID:7528
- C:\Windows\System\GVFQNlT.exe
  C:\Windows\System\GVFQNlT.exe
  2⤵
  PID:7544
- C:\Windows\System\WvUfwBv.exe
  C:\Windows\System\WvUfwBv.exe
  2⤵
  PID:7560
- C:\Windows\System\gzdkCov.exe
  C:\Windows\System\gzdkCov.exe
  2⤵
  PID:7576
- C:\Windows\System\VZKPSYZ.exe
  C:\Windows\System\VZKPSYZ.exe
  2⤵
  PID:7648
- C:\Windows\System\pGJJwbL.exe
  C:\Windows\System\pGJJwbL.exe
  2⤵
  PID:7668
- C:\Windows\System\biOoLTk.exe
  C:\Windows\System\biOoLTk.exe
  2⤵
  PID:7684
- C:\Windows\System\FNhZToS.exe
  C:\Windows\System\FNhZToS.exe
  2⤵
  PID:7700
- C:\Windows\System\IPPjCLI.exe
  C:\Windows\System\IPPjCLI.exe
  2⤵
  PID:7720
- C:\Windows\System\kmzLnZq.exe
  C:\Windows\System\kmzLnZq.exe
  2⤵
  PID:7740
- C:\Windows\System\scmGnfM.exe
  C:\Windows\System\scmGnfM.exe
  2⤵
  PID:7756
- C:\Windows\System\gxFyWJA.exe
  C:\Windows\System\gxFyWJA.exe
  2⤵
  PID:7772
- C:\Windows\System\pAZDrWE.exe
  C:\Windows\System\pAZDrWE.exe
  2⤵
  PID:7788
- C:\Windows\System\JuZdILb.exe
  C:\Windows\System\JuZdILb.exe
  2⤵
  PID:7828
- C:\Windows\System\rXAiQbz.exe
  C:\Windows\System\rXAiQbz.exe
  2⤵
  PID:7844
- C:\Windows\System\aGmzlQX.exe
  C:\Windows\System\aGmzlQX.exe
  2⤵
  PID:7864
- C:\Windows\System\ouDiWST.exe
  C:\Windows\System\ouDiWST.exe
  2⤵
  PID:7892
- C:\Windows\System\CDJnuYc.exe
  C:\Windows\System\CDJnuYc.exe
  2⤵
  PID:7908
- C:\Windows\System\XHbqjrH.exe
  C:\Windows\System\XHbqjrH.exe
  2⤵
  PID:7932
- C:\Windows\System\aeMvENj.exe
  C:\Windows\System\aeMvENj.exe
  2⤵
  PID:7948
- C:\Windows\System\lfmkQHK.exe
  C:\Windows\System\lfmkQHK.exe
  2⤵
  PID:7964
- C:\Windows\System\mMCobEz.exe
  C:\Windows\System\mMCobEz.exe
  2⤵
  PID:7992
- C:\Windows\System\lDFyWjG.exe
  C:\Windows\System\lDFyWjG.exe
  2⤵
  PID:8008
- C:\Windows\System\NOPrEdN.exe
  C:\Windows\System\NOPrEdN.exe
  2⤵
  PID:8032
- C:\Windows\System\SMkFNUi.exe
  C:\Windows\System\SMkFNUi.exe
  2⤵
  PID:8048
- C:\Windows\System\cIXEoSg.exe
  C:\Windows\System\cIXEoSg.exe
  2⤵
  PID:8064
- C:\Windows\System\tYBoQJO.exe
  C:\Windows\System\tYBoQJO.exe
  2⤵
  PID:8080
- C:\Windows\System\ECTuTfs.exe
  C:\Windows\System\ECTuTfs.exe
  2⤵
  PID:8096
- C:\Windows\System\rYPbPkn.exe
  C:\Windows\System\rYPbPkn.exe
  2⤵
  PID:8136
- C:\Windows\System\PMLaUZs.exe
  C:\Windows\System\PMLaUZs.exe
  2⤵
  PID:8152
- C:\Windows\System\WZcaNMq.exe
  C:\Windows\System\WZcaNMq.exe
  2⤵
  PID:8168
- C:\Windows\System\yGPgBEs.exe
  C:\Windows\System\yGPgBEs.exe
  2⤵
  PID:8188
- C:\Windows\System\QyFgZmb.exe
  C:\Windows\System\QyFgZmb.exe
  2⤵
  PID:6852
- C:\Windows\System\JABtBYR.exe
  C:\Windows\System\JABtBYR.exe
  2⤵
  PID:6316
- C:\Windows\System\DSusqtN.exe
  C:\Windows\System\DSusqtN.exe
  2⤵
  PID:6392
- C:\Windows\System\WuNtxgy.exe
  C:\Windows\System\WuNtxgy.exe
  2⤵
  PID:7232
- C:\Windows\System\HHaBSuz.exe
  C:\Windows\System\HHaBSuz.exe
  2⤵
  PID:7208
- C:\Windows\System\bCjwoBZ.exe
  C:\Windows\System\bCjwoBZ.exe
  2⤵
  PID:6292
- C:\Windows\System\ULHKvGt.exe
  C:\Windows\System\ULHKvGt.exe
  2⤵
  PID:7252
- C:\Windows\System\IfkjUGP.exe
  C:\Windows\System\IfkjUGP.exe
  2⤵
  PID:7300
- C:\Windows\System\GnruyQz.exe
  C:\Windows\System\GnruyQz.exe
  2⤵
  PID:7316
- C:\Windows\System\LHwbnza.exe
  C:\Windows\System\LHwbnza.exe
  2⤵
  PID:7360
- C:\Windows\System\BOqtnYk.exe
  C:\Windows\System\BOqtnYk.exe
  2⤵
  PID:7396
- C:\Windows\System\HiJuwOu.exe
  C:\Windows\System\HiJuwOu.exe
  2⤵
  PID:7460
- C:\Windows\System\PUbPRuC.exe
  C:\Windows\System\PUbPRuC.exe
  2⤵
  PID:7552
- C:\Windows\System\mNGKimc.exe
  C:\Windows\System\mNGKimc.exe
  2⤵
  PID:7408
- C:\Windows\System\ymBqPdB.exe
  C:\Windows\System\ymBqPdB.exe
  2⤵
  PID:7476
- C:\Windows\System\MYrnJUc.exe
  C:\Windows\System\MYrnJUc.exe
  2⤵
  PID:7568
- C:\Windows\System\xsVoYsn.exe
  C:\Windows\System\xsVoYsn.exe
  2⤵
  PID:7600
- C:\Windows\System\ALEXnIh.exe
  C:\Windows\System\ALEXnIh.exe
  2⤵
  PID:7624
- C:\Windows\System\nvSKJUn.exe
  C:\Windows\System\nvSKJUn.exe
  2⤵
  PID:7660
- C:\Windows\System\zTfeAQD.exe
  C:\Windows\System\zTfeAQD.exe
  2⤵
  PID:7716
- C:\Windows\System\poxfxgM.exe
  C:\Windows\System\poxfxgM.exe
  2⤵
  PID:7736
- C:\Windows\System\jmiONVj.exe
  C:\Windows\System\jmiONVj.exe
  2⤵
  PID:7800
- C:\Windows\System\vndaqIt.exe
  C:\Windows\System\vndaqIt.exe
  2⤵
  PID:7808
- C:\Windows\System\UNisThH.exe
  C:\Windows\System\UNisThH.exe
  2⤵
  PID:7824
- C:\Windows\System\NrhwJnR.exe
  C:\Windows\System\NrhwJnR.exe
  2⤵
  PID:7856
- C:\Windows\System\oaFSkCe.exe
  C:\Windows\System\oaFSkCe.exe
  2⤵
  PID:7872
- C:\Windows\System\LqNUfim.exe
  C:\Windows\System\LqNUfim.exe
  2⤵
  PID:7900
- C:\Windows\System\TYKXJWd.exe
  C:\Windows\System\TYKXJWd.exe
  2⤵
  PID:7976
- C:\Windows\System\VGZDMkb.exe
  C:\Windows\System\VGZDMkb.exe
  2⤵
  PID:7972
- C:\Windows\System\skihBFs.exe
  C:\Windows\System\skihBFs.exe
  2⤵
  PID:8016
- C:\Windows\System\fuIeVFA.exe
  C:\Windows\System\fuIeVFA.exe
  2⤵
  PID:8056
- C:\Windows\System\sfPRizJ.exe
  C:\Windows\System\sfPRizJ.exe
  2⤵
  PID:8004
- C:\Windows\System\PduMKLv.exe
  C:\Windows\System\PduMKLv.exe
  2⤵
  PID:8076
- C:\Windows\System\LhwAwzO.exe
  C:\Windows\System\LhwAwzO.exe
  2⤵
  PID:8108
- C:\Windows\System\TKwkCTU.exe
  C:\Windows\System\TKwkCTU.exe
  2⤵
  PID:8176
- C:\Windows\System\tNdRqGT.exe
  C:\Windows\System\tNdRqGT.exe
  2⤵
  PID:5216
- C:\Windows\System\NOcnYPI.exe
  C:\Windows\System\NOcnYPI.exe
  2⤵
  PID:6704
- C:\Windows\System\hXVtQls.exe
  C:\Windows\System\hXVtQls.exe
  2⤵
  PID:7264
- C:\Windows\System\hMmgLkI.exe
  C:\Windows\System\hMmgLkI.exe
  2⤵
  PID:4968
- C:\Windows\System\CibCjgU.exe
  C:\Windows\System\CibCjgU.exe
  2⤵
  PID:7244
- C:\Windows\System\SJOktjN.exe
  C:\Windows\System\SJOktjN.exe
  2⤵
  PID:7456
- C:\Windows\System\xwYhvJf.exe
  C:\Windows\System\xwYhvJf.exe
  2⤵
  PID:7492
- C:\Windows\System\dFeKLHh.exe
  C:\Windows\System\dFeKLHh.exe
  2⤵
  PID:7584
- C:\Windows\System\WhqsELR.exe
  C:\Windows\System\WhqsELR.exe
  2⤵
  PID:7540
- C:\Windows\System\dIdKUci.exe
  C:\Windows\System\dIdKUci.exe
  2⤵
  PID:7356
- C:\Windows\System\UuRayZQ.exe
  C:\Windows\System\UuRayZQ.exe
  2⤵
  PID:7636
- C:\Windows\System\eZoHEST.exe
  C:\Windows\System\eZoHEST.exe
  2⤵
  PID:7592
- C:\Windows\System\TXmgvmw.exe
  C:\Windows\System\TXmgvmw.exe
  2⤵
  PID:7732
- C:\Windows\System\TToUYDF.exe
  C:\Windows\System\TToUYDF.exe
  2⤵
  PID:7748
- C:\Windows\System\vuQysek.exe
  C:\Windows\System\vuQysek.exe
  2⤵
  PID:7884
- C:\Windows\System\QAbBxQZ.exe
  C:\Windows\System\QAbBxQZ.exe
  2⤵
  PID:7712
- C:\Windows\System\TKeKNAd.exe
  C:\Windows\System\TKeKNAd.exe
  2⤵
  PID:7984
- C:\Windows\System\tEtQqvu.exe
  C:\Windows\System\tEtQqvu.exe
  2⤵
  PID:8000
- C:\Windows\System\Ojkvpja.exe
  C:\Windows\System\Ojkvpja.exe
  2⤵
  PID:2420
- C:\Windows\System\oVgDRIF.exe
  C:\Windows\System\oVgDRIF.exe
  2⤵
  PID:8184
- C:\Windows\System\YXzNqEi.exe
  C:\Windows\System\YXzNqEi.exe
  2⤵
  PID:8040
- C:\Windows\System\kkykspV.exe
  C:\Windows\System\kkykspV.exe
  2⤵
  PID:8148
- C:\Windows\System\lRFiJMa.exe
  C:\Windows\System\lRFiJMa.exe
  2⤵
  PID:8144
- C:\Windows\System\vLfjJlO.exe
  C:\Windows\System\vLfjJlO.exe
  2⤵
  PID:7288
- C:\Windows\System\RrpVGkq.exe
  C:\Windows\System\RrpVGkq.exe
  2⤵
  PID:7536
- C:\Windows\System\lnPVzcq.exe
  C:\Windows\System\lnPVzcq.exe
  2⤵
  PID:7444
- C:\Windows\System\fPlLdMc.exe
  C:\Windows\System\fPlLdMc.exe
  2⤵
  PID:7596
- C:\Windows\System\TVgtQLy.exe
  C:\Windows\System\TVgtQLy.exe
  2⤵
  PID:7816
- C:\Windows\System\QPkpMMj.exe
  C:\Windows\System\QPkpMMj.exe
  2⤵
  PID:7556
- C:\Windows\System\QRwIXTv.exe
  C:\Windows\System\QRwIXTv.exe
  2⤵
  PID:7876
- C:\Windows\System\vPmcFJr.exe
  C:\Windows\System\vPmcFJr.exe
  2⤵
  PID:7796
- C:\Windows\System\KaxJGzH.exe
  C:\Windows\System\KaxJGzH.exe
  2⤵
  PID:8028
- C:\Windows\System\mjrlhKc.exe
  C:\Windows\System\mjrlhKc.exe
  2⤵
  PID:7944
- C:\Windows\System\oeACbiP.exe
  C:\Windows\System\oeACbiP.exe
  2⤵
  PID:8124
- C:\Windows\System\WgREpSt.exe
  C:\Windows\System\WgREpSt.exe
  2⤵
  PID:7248
- C:\Windows\System\acpqokF.exe
  C:\Windows\System\acpqokF.exe
  2⤵
  PID:7180
- C:\Windows\System\SaIfdyV.exe
  C:\Windows\System\SaIfdyV.exe
  2⤵
  PID:7020
- C:\Windows\System\XvEStMC.exe
  C:\Windows\System\XvEStMC.exe
  2⤵
  PID:7352
- C:\Windows\System\CSBiaBl.exe
  C:\Windows\System\CSBiaBl.exe
  2⤵
  PID:7696
- C:\Windows\System\lUvgbXI.exe
  C:\Windows\System\lUvgbXI.exe
  2⤵
  PID:7988
- C:\Windows\System\hbuYBtQ.exe
  C:\Windows\System\hbuYBtQ.exe
  2⤵
  PID:7960
- C:\Windows\System\jgCyvEY.exe
  C:\Windows\System\jgCyvEY.exe
  2⤵
  PID:6560
- C:\Windows\System\WpWonZC.exe
  C:\Windows\System\WpWonZC.exe
  2⤵
  PID:7612
- C:\Windows\System\oRVEXjU.exe
  C:\Windows\System\oRVEXjU.exe
  2⤵
  PID:7980
- C:\Windows\System\nKPuKoP.exe
  C:\Windows\System\nKPuKoP.exe
  2⤵
  PID:6488
- C:\Windows\System\iFifhOm.exe
  C:\Windows\System\iFifhOm.exe
  2⤵
  PID:1556
- C:\Windows\System\xYGxuaw.exe
  C:\Windows\System\xYGxuaw.exe
  2⤵
  PID:7928
- C:\Windows\System\lfeVmqd.exe
  C:\Windows\System\lfeVmqd.exe
  2⤵
  PID:8020
- C:\Windows\System\sFyntCQ.exe
  C:\Windows\System\sFyntCQ.exe
  2⤵
  PID:8200
- C:\Windows\System\jmlIfLK.exe
  C:\Windows\System\jmlIfLK.exe
  2⤵
  PID:8220
- C:\Windows\System\DHprfiF.exe
  C:\Windows\System\DHprfiF.exe
  2⤵
  PID:8236
- C:\Windows\System\eVyGuFA.exe
  C:\Windows\System\eVyGuFA.exe
  2⤵
  PID:8252
- C:\Windows\System\zdNpCMY.exe
  C:\Windows\System\zdNpCMY.exe
  2⤵
  PID:8268
- C:\Windows\System\DpcKorm.exe
  C:\Windows\System\DpcKorm.exe
  2⤵
  PID:8292
- C:\Windows\System\XlMCcmu.exe
  C:\Windows\System\XlMCcmu.exe
  2⤵
  PID:8324
- C:\Windows\System\UHIJgel.exe
  C:\Windows\System\UHIJgel.exe
  2⤵
  PID:8348
- C:\Windows\System\SuUeaBw.exe
  C:\Windows\System\SuUeaBw.exe
  2⤵
  PID:8368
- C:\Windows\System\UgFVZsK.exe
  C:\Windows\System\UgFVZsK.exe
  2⤵
  PID:8388
- C:\Windows\System\mmVaXWJ.exe
  C:\Windows\System\mmVaXWJ.exe
  2⤵
  PID:8404
- C:\Windows\System\rqwKTGm.exe
  C:\Windows\System\rqwKTGm.exe
  2⤵
  PID:8420
- C:\Windows\System\LBdApBt.exe
  C:\Windows\System\LBdApBt.exe
  2⤵
  PID:8444
- C:\Windows\System\PMtIHZI.exe
  C:\Windows\System\PMtIHZI.exe
  2⤵
  PID:8460
- C:\Windows\System\ZXQLZMc.exe
  C:\Windows\System\ZXQLZMc.exe
  2⤵
  PID:8496
- C:\Windows\System\bKbLdGi.exe
  C:\Windows\System\bKbLdGi.exe
  2⤵
  PID:8512
- C:\Windows\System\MzYLKfR.exe
  C:\Windows\System\MzYLKfR.exe
  2⤵
  PID:8532
- C:\Windows\System\JOSuoVe.exe
  C:\Windows\System\JOSuoVe.exe
  2⤵
  PID:8548
- C:\Windows\System\PPVDqxT.exe
  C:\Windows\System\PPVDqxT.exe
  2⤵
  PID:8576
- C:\Windows\System\vMDAqaI.exe
  C:\Windows\System\vMDAqaI.exe
  2⤵
  PID:8592
- C:\Windows\System\cMRemtC.exe
  C:\Windows\System\cMRemtC.exe
  2⤵
  PID:8620
- C:\Windows\System\yvRzQee.exe
  C:\Windows\System\yvRzQee.exe
  2⤵
  PID:8636
- C:\Windows\System\esHqNyX.exe
  C:\Windows\System\esHqNyX.exe
  2⤵
  PID:8652
- C:\Windows\System\lpBgUeM.exe
  C:\Windows\System\lpBgUeM.exe
  2⤵
  PID:8672
- C:\Windows\System\GGfiLnc.exe
  C:\Windows\System\GGfiLnc.exe
  2⤵
  PID:8696
- C:\Windows\System\VjHZDDj.exe
  C:\Windows\System\VjHZDDj.exe
  2⤵
  PID:8724
- C:\Windows\System\ZNEFVNq.exe
  C:\Windows\System\ZNEFVNq.exe
  2⤵
  PID:8740
- C:\Windows\System\eJtaTKn.exe
  C:\Windows\System\eJtaTKn.exe
  2⤵
  PID:8760
- C:\Windows\System\ZuTpoIQ.exe
  C:\Windows\System\ZuTpoIQ.exe
  2⤵
  PID:8780
- C:\Windows\System\xlOkLWV.exe
  C:\Windows\System\xlOkLWV.exe
  2⤵
  PID:8800
- C:\Windows\System\EyhQpdn.exe
  C:\Windows\System\EyhQpdn.exe
  2⤵
  PID:8820
- C:\Windows\System\Twzkwst.exe
  C:\Windows\System\Twzkwst.exe
  2⤵
  PID:8840
- C:\Windows\System\jmcyScl.exe
  C:\Windows\System\jmcyScl.exe
  2⤵
  PID:8856
- C:\Windows\System\FvBPPbn.exe
  C:\Windows\System\FvBPPbn.exe
  2⤵
  PID:8872
- C:\Windows\System\BaafQrL.exe
  C:\Windows\System\BaafQrL.exe
  2⤵
  PID:8888
- C:\Windows\System\DKvHRJM.exe
  C:\Windows\System\DKvHRJM.exe
  2⤵
  PID:8904
- C:\Windows\System\vagdTfj.exe
  C:\Windows\System\vagdTfj.exe
  2⤵
  PID:8924
- C:\Windows\System\xoXwpcp.exe
  C:\Windows\System\xoXwpcp.exe
  2⤵
  PID:8952
- C:\Windows\System\zdFLMHh.exe
  C:\Windows\System\zdFLMHh.exe
  2⤵
  PID:8968
- C:\Windows\System\zSALSAP.exe
  C:\Windows\System\zSALSAP.exe
  2⤵
  PID:8988
- C:\Windows\System\xlbYpwT.exe
  C:\Windows\System\xlbYpwT.exe
  2⤵
  PID:9012
- C:\Windows\System\dwdWWrZ.exe
  C:\Windows\System\dwdWWrZ.exe
  2⤵
  PID:9040
- C:\Windows\System\niolWGG.exe
  C:\Windows\System\niolWGG.exe
  2⤵
  PID:9056
- C:\Windows\System\lKEWZCe.exe
  C:\Windows\System\lKEWZCe.exe
  2⤵
  PID:9072
- C:\Windows\System\SRzxRIt.exe
  C:\Windows\System\SRzxRIt.exe
  2⤵
  PID:9092
- C:\Windows\System\BjqRulV.exe
  C:\Windows\System\BjqRulV.exe
  2⤵
  PID:9124
- C:\Windows\System\asRnHnN.exe
  C:\Windows\System\asRnHnN.exe
  2⤵
  PID:9144
- C:\Windows\System\rJooLMO.exe
  C:\Windows\System\rJooLMO.exe
  2⤵
  PID:9160
- C:\Windows\System\YDUhttM.exe
  C:\Windows\System\YDUhttM.exe
  2⤵
  PID:9176
- C:\Windows\System\fCjzfXw.exe
  C:\Windows\System\fCjzfXw.exe
  2⤵
  PID:9192
- C:\Windows\System\UQeMjNe.exe
  C:\Windows\System\UQeMjNe.exe
  2⤵
  PID:9212
- C:\Windows\System\xDytVCJ.exe
  C:\Windows\System\xDytVCJ.exe
  2⤵
  PID:8228
- C:\Windows\System\IEuzJrT.exe
  C:\Windows\System\IEuzJrT.exe
  2⤵
  PID:8312
- C:\Windows\System\TTFXAxG.exe
  C:\Windows\System\TTFXAxG.exe
  2⤵
  PID:8276
- C:\Windows\System\WLwJcUn.exe
  C:\Windows\System\WLwJcUn.exe
  2⤵
  PID:8208
- C:\Windows\System\cLohAkm.exe
  C:\Windows\System\cLohAkm.exe
  2⤵
  PID:8336
- C:\Windows\System\HvuHGFj.exe
  C:\Windows\System\HvuHGFj.exe
  2⤵
  PID:8344
- C:\Windows\System\jZSXnXF.exe
  C:\Windows\System\jZSXnXF.exe
  2⤵
  PID:8400
- C:\Windows\System\NgZjsCd.exe
  C:\Windows\System\NgZjsCd.exe
  2⤵
  PID:8436
- C:\Windows\System\ySHJdIh.exe
  C:\Windows\System\ySHJdIh.exe
  2⤵
  PID:8452
- C:\Windows\System\rWmIPoV.exe
  C:\Windows\System\rWmIPoV.exe
  2⤵
  PID:8484
- C:\Windows\System\BKjnmaL.exe
  C:\Windows\System\BKjnmaL.exe
  2⤵
  PID:8524
- C:\Windows\System\XMmPQBz.exe
  C:\Windows\System\XMmPQBz.exe
  2⤵
  PID:8544
- C:\Windows\System\OgyBfKK.exe
  C:\Windows\System\OgyBfKK.exe
  2⤵
  PID:8584
- C:\Windows\System\XQyibOX.exe
  C:\Windows\System\XQyibOX.exe
  2⤵
  PID:8608
- C:\Windows\System\CWuIDpE.exe
  C:\Windows\System\CWuIDpE.exe
  2⤵
  PID:8644
- C:\Windows\System\qohmWqt.exe
  C:\Windows\System\qohmWqt.exe
  2⤵
  PID:8668
- C:\Windows\System\icgOsWL.exe
  C:\Windows\System\icgOsWL.exe
  2⤵
  PID:8708
- C:\Windows\System\jrdhwEY.exe
  C:\Windows\System\jrdhwEY.exe
  2⤵
  PID:8768
- C:\Windows\System\MnPxZZB.exe
  C:\Windows\System\MnPxZZB.exe
  2⤵
  PID:8776
- C:\Windows\System\XSxQaLa.exe
  C:\Windows\System\XSxQaLa.exe
  2⤵
  PID:8788
- C:\Windows\System\cQDkqEV.exe
  C:\Windows\System\cQDkqEV.exe
  2⤵
  PID:8916
- C:\Windows\System\DgtzfpZ.exe
  C:\Windows\System\DgtzfpZ.exe
  2⤵
  PID:8960
- C:\Windows\System\IxGBhXw.exe
  C:\Windows\System\IxGBhXw.exe
  2⤵
  PID:8996
- C:\Windows\System\eFnsDlL.exe
  C:\Windows\System\eFnsDlL.exe
  2⤵
  PID:8932
- C:\Windows\System\fxVZIPf.exe
  C:\Windows\System\fxVZIPf.exe
  2⤵
  PID:9080
- C:\Windows\System\bkpWlzy.exe
  C:\Windows\System\bkpWlzy.exe
  2⤵
  PID:9032
- C:\Windows\System\SKrCwlC.exe
  C:\Windows\System\SKrCwlC.exe
  2⤵
  PID:8984
- C:\Windows\System\wzidgau.exe
  C:\Windows\System\wzidgau.exe
  2⤵
  PID:9088
- C:\Windows\System\yhmOgQC.exe
  C:\Windows\System\yhmOgQC.exe
  2⤵
  PID:9112
- C:\Windows\System\KOzneZM.exe
  C:\Windows\System\KOzneZM.exe
  2⤵
  PID:9136
- C:\Windows\System\NTnAHQo.exe
  C:\Windows\System\NTnAHQo.exe
  2⤵
  PID:9204
- C:\Windows\System\UpgSILP.exe
  C:\Windows\System\UpgSILP.exe
  2⤵
  PID:9188
- C:\Windows\System\yqqqYMI.exe
  C:\Windows\System\yqqqYMI.exe
  2⤵
  PID:8088
- C:\Windows\System\zJaBbhk.exe
  C:\Windows\System\zJaBbhk.exe
  2⤵
  PID:7780
- C:\Windows\System\VBsuDrG.exe
  C:\Windows\System\VBsuDrG.exe
  2⤵
  PID:8360
- C:\Windows\System\oSHXTfD.exe
  C:\Windows\System\oSHXTfD.exe
  2⤵
  PID:8440
- C:\Windows\System\XusHlCB.exe
  C:\Windows\System\XusHlCB.exe
  2⤵
  PID:8396
- C:\Windows\System\ULjaKVN.exe
  C:\Windows\System\ULjaKVN.exe
  2⤵
  PID:8480
- C:\Windows\System\qPryEul.exe
  C:\Windows\System\qPryEul.exe
  2⤵
  PID:8560
- C:\Windows\System\hVfoovi.exe
  C:\Windows\System\hVfoovi.exe
  2⤵
  PID:8604
- C:\Windows\System\vPMJslP.exe
  C:\Windows\System\vPMJslP.exe
  2⤵
  PID:8720
- C:\Windows\System\bXudTWB.exe
  C:\Windows\System\bXudTWB.exe
  2⤵
  PID:8572
- C:\Windows\System\eqzsKLH.exe
  C:\Windows\System\eqzsKLH.exe
  2⤵
  PID:8472
- C:\Windows\System\GhotEjV.exe
  C:\Windows\System\GhotEjV.exe
  2⤵
  PID:8816
- C:\Windows\System\ilvhvFG.exe
  C:\Windows\System\ilvhvFG.exe
  2⤵
  PID:9000
- C:\Windows\System\aHlIMTC.exe
  C:\Windows\System\aHlIMTC.exe
  2⤵
  PID:8880
- C:\Windows\System\uIXxjQX.exe
  C:\Windows\System\uIXxjQX.exe
  2⤵
  PID:8864
- C:\Windows\System\jBLUnqq.exe
  C:\Windows\System\jBLUnqq.exe
  2⤵
  PID:9048
- C:\Windows\System\QoZPViG.exe
  C:\Windows\System\QoZPViG.exe
  2⤵
  PID:8976
- C:\Windows\System\DULBSmI.exe
  C:\Windows\System\DULBSmI.exe
  2⤵
  PID:9140
- C:\Windows\System\JEzepZf.exe
  C:\Windows\System\JEzepZf.exe
  2⤵
  PID:8308
- C:\Windows\System\tzvbuST.exe
  C:\Windows\System\tzvbuST.exe
  2⤵
  PID:9108
- C:\Windows\System\ilhEgBq.exe
  C:\Windows\System\ilhEgBq.exe
  2⤵
  PID:9152
- C:\Windows\System\rbUpEtx.exe
  C:\Windows\System\rbUpEtx.exe
  2⤵
  PID:8320
- C:\Windows\System\RfZiDDX.exe
  C:\Windows\System\RfZiDDX.exe
  2⤵
  PID:8248
- C:\Windows\System\xZlEfSl.exe
  C:\Windows\System\xZlEfSl.exe
  2⤵
  PID:8288
- C:\Windows\System\oazKNRW.exe
  C:\Windows\System\oazKNRW.exe
  2⤵
  PID:8476
- C:\Windows\System\USrNVkb.exe
  C:\Windows\System\USrNVkb.exe
  2⤵
  PID:8808
- C:\Windows\System\uaIPWqs.exe
  C:\Windows\System\uaIPWqs.exe
  2⤵
  PID:8832
- C:\Windows\System\lkaRkFK.exe
  C:\Windows\System\lkaRkFK.exe
  2⤵
  PID:8384
- C:\Windows\System\rxnEQHX.exe
  C:\Windows\System\rxnEQHX.exe
  2⤵
  PID:7956
- C:\Windows\System\aUNnina.exe
  C:\Windows\System\aUNnina.exe
  2⤵
  PID:8588
- C:\Windows\System\JFtTJzH.exe
  C:\Windows\System\JFtTJzH.exe
  2⤵
  PID:9064
- C:\Windows\System\srfpFCF.exe
  C:\Windows\System\srfpFCF.exe
  2⤵
  PID:8412
- C:\Windows\System\wAvvMgw.exe
  C:\Windows\System\wAvvMgw.exe
  2⤵
  PID:8664
- C:\Windows\System\nLdpojF.exe
  C:\Windows\System\nLdpojF.exe
  2⤵
  PID:8196
- C:\Windows\System\dvGoAtF.exe
  C:\Windows\System\dvGoAtF.exe
  2⤵
  PID:8492
- C:\Windows\System\uLJLRzh.exe
  C:\Windows\System\uLJLRzh.exe
  2⤵
  PID:8752
- C:\Windows\System\KqpupsN.exe
  C:\Windows\System\KqpupsN.exe
  2⤵
  PID:9120
- C:\Windows\System\TIybANl.exe
  C:\Windows\System\TIybANl.exe
  2⤵
  PID:9172
- C:\Windows\System\lZkEqiK.exe
  C:\Windows\System\lZkEqiK.exe
  2⤵
  PID:8628
- C:\Windows\System\mogkmJW.exe
  C:\Windows\System\mogkmJW.exe
  2⤵
  PID:9052
- C:\Windows\System\ZJbJVZf.exe
  C:\Windows\System\ZJbJVZf.exe
  2⤵
  PID:8896
- C:\Windows\System\YpdKlwL.exe
  C:\Windows\System\YpdKlwL.exe
  2⤵
  PID:9200
- C:\Windows\System\josMAdm.exe
  C:\Windows\System\josMAdm.exe
  2⤵
  PID:8416
- C:\Windows\System\hyLnxwB.exe
  C:\Windows\System\hyLnxwB.exe
  2⤵
  PID:8340
- C:\Windows\System\mQKrggU.exe
  C:\Windows\System\mQKrggU.exe
  2⤵
  PID:8836
- C:\Windows\System\luEHNwD.exe
  C:\Windows\System\luEHNwD.exe
  2⤵
  PID:9232
- C:\Windows\System\tcgcWUC.exe
  C:\Windows\System\tcgcWUC.exe
  2⤵
  PID:9248
- C:\Windows\System\LZoFycy.exe
  C:\Windows\System\LZoFycy.exe
  2⤵
  PID:9276
- C:\Windows\System\XSZRpjJ.exe
  C:\Windows\System\XSZRpjJ.exe
  2⤵
  PID:9292
- C:\Windows\System\rkSFYLV.exe
  C:\Windows\System\rkSFYLV.exe
  2⤵
  PID:9312
- C:\Windows\System\HCNNyJm.exe
  C:\Windows\System\HCNNyJm.exe
  2⤵
  PID:9332
- C:\Windows\System\AAvCjYy.exe
  C:\Windows\System\AAvCjYy.exe
  2⤵
  PID:9352
- C:\Windows\System\WlGjdoy.exe
  C:\Windows\System\WlGjdoy.exe
  2⤵
  PID:9368
- C:\Windows\System\mxCQJog.exe
  C:\Windows\System\mxCQJog.exe
  2⤵
  PID:9388
- C:\Windows\System\obMlsDq.exe
  C:\Windows\System\obMlsDq.exe
  2⤵
  PID:9428
- C:\Windows\System\KUAQflb.exe
  C:\Windows\System\KUAQflb.exe
  2⤵
  PID:9448
- C:\Windows\System\UCsHzRJ.exe
  C:\Windows\System\UCsHzRJ.exe
  2⤵
  PID:9464
- C:\Windows\System\ECWXpOG.exe
  C:\Windows\System\ECWXpOG.exe
  2⤵
  PID:9480
- C:\Windows\System\EhxMKGO.exe
  C:\Windows\System\EhxMKGO.exe
  2⤵
  PID:9496
- C:\Windows\System\wOWfDDH.exe
  C:\Windows\System\wOWfDDH.exe
  2⤵
  PID:9516
- C:\Windows\System\jJYLAYD.exe
  C:\Windows\System\jJYLAYD.exe
  2⤵
  PID:9536
- C:\Windows\System\jxKLAqU.exe
  C:\Windows\System\jxKLAqU.exe
  2⤵
  PID:9556
- C:\Windows\System\zLFqZuS.exe
  C:\Windows\System\zLFqZuS.exe
  2⤵
  PID:9584
- C:\Windows\System\MmDuXwc.exe
  C:\Windows\System\MmDuXwc.exe
  2⤵
  PID:9600
- C:\Windows\System\OOmkRyD.exe
  C:\Windows\System\OOmkRyD.exe
  2⤵
  PID:9616
- C:\Windows\System\ewofnNp.exe
  C:\Windows\System\ewofnNp.exe
  2⤵
  PID:9632
- C:\Windows\System\bsuqANP.exe
  C:\Windows\System\bsuqANP.exe
  2⤵
  PID:9648
- C:\Windows\System\nWwqWcP.exe
  C:\Windows\System\nWwqWcP.exe
  2⤵
  PID:9664
- C:\Windows\System\AjLbipb.exe
  C:\Windows\System\AjLbipb.exe
  2⤵
  PID:9680
- C:\Windows\System\isrHrFT.exe
  C:\Windows\System\isrHrFT.exe
  2⤵
  PID:9696
- C:\Windows\System\fuQaogt.exe
  C:\Windows\System\fuQaogt.exe
  2⤵
  PID:9712
- C:\Windows\System\gZGJcXs.exe
  C:\Windows\System\gZGJcXs.exe
  2⤵
  PID:9728
- C:\Windows\System\YUVLoIK.exe
  C:\Windows\System\YUVLoIK.exe
  2⤵
  PID:9744
- C:\Windows\System\SLHDNQp.exe
  C:\Windows\System\SLHDNQp.exe
  2⤵
  PID:9760
- C:\Windows\System\xgvCaHT.exe
  C:\Windows\System\xgvCaHT.exe
  2⤵
  PID:9780
- C:\Windows\System\ViQRSqk.exe
  C:\Windows\System\ViQRSqk.exe
  2⤵
  PID:9796
- C:\Windows\System\nSynrkN.exe
  C:\Windows\System\nSynrkN.exe
  2⤵
  PID:9812
- C:\Windows\System\nHNiqJh.exe
  C:\Windows\System\nHNiqJh.exe
  2⤵
  PID:9828
- C:\Windows\System\vXiahEO.exe
  C:\Windows\System\vXiahEO.exe
  2⤵
  PID:9844
- C:\Windows\System\koPizzm.exe
  C:\Windows\System\koPizzm.exe
  2⤵
  PID:9860
- C:\Windows\System\klUxHPs.exe
  C:\Windows\System\klUxHPs.exe
  2⤵
  PID:9876
- C:\Windows\System\nDrEDCk.exe
  C:\Windows\System\nDrEDCk.exe
  2⤵
  PID:9892
- C:\Windows\System\wRAhPNy.exe
  C:\Windows\System\wRAhPNy.exe
  2⤵
  PID:9908
- C:\Windows\System\szqCGBM.exe
  C:\Windows\System\szqCGBM.exe
  2⤵
  PID:9948
- C:\Windows\System\LEtWrIy.exe
  C:\Windows\System\LEtWrIy.exe
  2⤵
  PID:9964
- C:\Windows\System\kAZvxVY.exe
  C:\Windows\System\kAZvxVY.exe
  2⤵
  PID:9988
- C:\Windows\System\ScTWnjB.exe
  C:\Windows\System\ScTWnjB.exe
  2⤵
  PID:10028
- C:\Windows\System\lkrMpLe.exe
  C:\Windows\System\lkrMpLe.exe
  2⤵
  PID:10080
- C:\Windows\System\zcTGMVR.exe
  C:\Windows\System\zcTGMVR.exe
  2⤵
  PID:10108
- C:\Windows\System\gdFbAoN.exe
  C:\Windows\System\gdFbAoN.exe
  2⤵
  PID:10124
- C:\Windows\System\VcleGVp.exe
  C:\Windows\System\VcleGVp.exe
  2⤵
  PID:10148
- C:\Windows\System\lhlaseo.exe
  C:\Windows\System\lhlaseo.exe
  2⤵
  PID:10168
- C:\Windows\System\JlFlngl.exe
  C:\Windows\System\JlFlngl.exe
  2⤵
  PID:10196
- C:\Windows\System\eoCqzeq.exe
  C:\Windows\System\eoCqzeq.exe
  2⤵
  PID:10212
- C:\Windows\System\tuIKqoX.exe
  C:\Windows\System\tuIKqoX.exe
  2⤵
  PID:10232
- C:\Windows\System\gWwIMdF.exe
  C:\Windows\System\gWwIMdF.exe
  2⤵
  PID:9224
- C:\Windows\System\QEPZezr.exe
  C:\Windows\System\QEPZezr.exe
  2⤵
  PID:9268
- C:\Windows\System\PFOHRgO.exe
  C:\Windows\System\PFOHRgO.exe
  2⤵
  PID:9308
- C:\Windows\System\ucuLNXd.exe
  C:\Windows\System\ucuLNXd.exe
  2⤵
  PID:9240
- C:\Windows\System\rMgMcOS.exe
  C:\Windows\System\rMgMcOS.exe
  2⤵
  PID:9348
- C:\Windows\System\WJRdHJW.exe
  C:\Windows\System\WJRdHJW.exe
  2⤵
  PID:9396
- C:\Windows\System\tFSIqGE.exe
  C:\Windows\System\tFSIqGE.exe
  2⤵
  PID:9288
- C:\Windows\System\KXYMvNz.exe
  C:\Windows\System\KXYMvNz.exe
  2⤵
  PID:9424
- C:\Windows\System\fsqxIyY.exe
  C:\Windows\System\fsqxIyY.exe
  2⤵
  PID:9460
- C:\Windows\System\wLpdJng.exe
  C:\Windows\System\wLpdJng.exe
  2⤵
  PID:9476
- C:\Windows\System\SJDqTgh.exe
  C:\Windows\System\SJDqTgh.exe
  2⤵
  PID:9568
- C:\Windows\System\EiYSyhu.exe
  C:\Windows\System\EiYSyhu.exe
  2⤵
  PID:9576
- C:\Windows\System\sxqfMHs.exe
  C:\Windows\System\sxqfMHs.exe
  2⤵
  PID:9544
- C:\Windows\System\sZhtPdM.exe
  C:\Windows\System\sZhtPdM.exe
  2⤵
  PID:9660
- C:\Windows\System\ZBXQPQN.exe
  C:\Windows\System\ZBXQPQN.exe
  2⤵
  PID:9752
- C:\Windows\System\cFtqoyD.exe
  C:\Windows\System\cFtqoyD.exe
  2⤵
  PID:9644
- C:\Windows\System\eDuOWcF.exe
  C:\Windows\System\eDuOWcF.exe
  2⤵
  PID:9708
- C:\Windows\System\ceKjQUz.exe
  C:\Windows\System\ceKjQUz.exe
  2⤵
  PID:9824
- C:\Windows\System\TmKbjCF.exe
  C:\Windows\System\TmKbjCF.exe
  2⤵
  PID:9888
- C:\Windows\System\YcjSskY.exe
  C:\Windows\System\YcjSskY.exe
  2⤵
  PID:9840
- C:\Windows\System\Nhzjrpx.exe
  C:\Windows\System\Nhzjrpx.exe
  2⤵
  PID:9932
- C:\Windows\System\Lqgscau.exe
  C:\Windows\System\Lqgscau.exe
  2⤵
  PID:9924
- C:\Windows\System\kPPXDJZ.exe
  C:\Windows\System\kPPXDJZ.exe
  2⤵
  PID:9960
- C:\Windows\System\tHwAxTb.exe
  C:\Windows\System\tHwAxTb.exe
  2⤵
  PID:10036
- C:\Windows\System\HruwnAJ.exe
  C:\Windows\System\HruwnAJ.exe
  2⤵
  PID:10004
- C:\Windows\System\RYlwVKW.exe
  C:\Windows\System\RYlwVKW.exe
  2⤵
  PID:10024
- C:\Windows\System\mWRXrcN.exe
  C:\Windows\System\mWRXrcN.exe
  2⤵
  PID:10064
- C:\Windows\System\McmgRKw.exe
  C:\Windows\System\McmgRKw.exe
  2⤵
  PID:10156
- C:\Windows\System\wGDfUhQ.exe
  C:\Windows\System\wGDfUhQ.exe
  2⤵
  PID:10092
- C:\Windows\System\PBGocuv.exe
  C:\Windows\System\PBGocuv.exe
  2⤵
  PID:10208
- C:\Windows\System\OzgpCoz.exe
  C:\Windows\System\OzgpCoz.exe
  2⤵
  PID:8432
- C:\Windows\System\ktVCdBD.exe
  C:\Windows\System\ktVCdBD.exe
  2⤵
  PID:10176
- C:\Windows\System\DbprmWg.exe
  C:\Windows\System\DbprmWg.exe
  2⤵
  PID:7656
- C:\Windows\System\Glxhsxt.exe
  C:\Windows\System\Glxhsxt.exe
  2⤵
  PID:9360
- C:\Windows\System\OcMBGqO.exe
  C:\Windows\System\OcMBGqO.exe
  2⤵
  PID:9328
- C:\Windows\System\XeYskyi.exe
  C:\Windows\System\XeYskyi.exe
  2⤵
  PID:9444
- C:\Windows\System\WZgtFdu.exe
  C:\Windows\System\WZgtFdu.exe
  2⤵
  PID:9532
- C:\Windows\System\bIVQFle.exe
  C:\Windows\System\bIVQFle.exe
  2⤵
  PID:9416
- C:\Windows\System\lZHUPLL.exe
  C:\Windows\System\lZHUPLL.exe
  2⤵
  PID:9408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AdFnBOK.exe

Filesize
6.0MB

MD5
4f846348fbaaef1adf37517096f7ac04

SHA1
73c94e93d6e995daded76bb3bee0e53068621f49

SHA256
03388a645a6b337cde5158a26f1f27a259a0f6630b0a7ab206aee238ceddc5e9

SHA512
1c094f33807fc914ed2915d229420298c2e3daf4b63ccb0cbd5559a06b797d9c780980f5d7f43a1c0a831374e4400f8d7c891caaa07c43dfc67b0f593d2b729d

Download Submit
C:\Windows\system\BLsFdOv.exe

Filesize
6.0MB

MD5
474e224bd48694dd71403fb34ad17a9b

SHA1
8f5ce95f55a3628d124ff089a6457fae58dd4d02

SHA256
bf2a9922470dce9b60d1758062391170f7508927b4d716651efc1b86a670c613

SHA512
b9536cb0e47e9b55dca95bbb307e7da31ca9b9ccb1c6981144583e7d44854727971b279a1e09337e9165196b22145100d1654c80092f7b6c45cb979988aa1d77

Download Submit
C:\Windows\system\IdwFsRC.exe

Filesize
6.0MB

MD5
bf5ca64e58b44b2c3d04bd4d0d66e078

SHA1
8fe830a9faafb4f389d84058c62b5aa1c47382ca

SHA256
e79fb8f1d2ad31f7291a15b06b84b4eac08e1a6aadf9ac8d6d967dbe547ad580

SHA512
add91a969f311ea72ada46f83bf06b3513117680019e70c294097b8ee6c6b653fb034c507fa9aaf24bea02caa836b85eccfd181fb500afb2873cc09a3b5402cb

Download Submit
C:\Windows\system\LBTRlpb.exe

Filesize
6.0MB

MD5
64317b8e77c49d2622813a3e5e48d5ad

SHA1
13ff35e262a1b27791415546d30396109802e3b1

SHA256
0b87d1bc54a18ddab98d0451d79e902268e1f00a51466d52ae43e25dc1d7bc08

SHA512
5e9b3b0445d7117f36ed6ee162b8c8de7ff2bf17496ecb0fc624b755e6f711a3e62f935ffc76cc5d282a3f9852ddc0928a22cd34fbf829532efe2ad3f09d2f5b

Download Submit
C:\Windows\system\MUQacKt.exe

Filesize
6.0MB

MD5
595ad7abcbd73796e7e7130dcdaaf822

SHA1
c3cc9b538c9f81cab245c10d78078fca4dda0ff8

SHA256
dfda2ab5148154bee4f3d2f724b93dc26e6d76b4463b8454667fcc10c3d3fb71

SHA512
77bd95530821552e79aed65821e495897f2c714d17d04676126f26915f19086430b408229e03d3ec2357ae4fa261c695391a4aa16d8f5a3d35b732065f7f8ff4

Download Submit
C:\Windows\system\POINSWV.exe

Filesize
6.0MB

MD5
6b9322138f007c5ef75a881b51ca5ac9

SHA1
8b791e5eefa3195242ab7a3651bfdccc27dc165a

SHA256
11a8a520240827481d3edf84978d86e1bf6bbf1211766f758dfad0c6b42a13c8

SHA512
28e313a068198b4177a0b67202c9a9fa73dfebe68a1087a4e3b0773b89f7dcfeddd5154d63d38ed6b2c735b528fba44979a1bba9057cbf2a6024e6d0981280de

Download Submit
C:\Windows\system\QatUQyt.exe

Filesize
6.0MB

MD5
303d03ab4e3a9b725422231968c6794a

SHA1
bf5cab6d6397544808b50d55fc062f18c3fec0e6

SHA256
858961bb5dc1872815eb6b7912b4e6391c37336cd58993b4b19650232d269ab9

SHA512
86f69f86c1ea71de5a08bf55065e9a1f9d43c8e84c1733e3c7b4352195b43fc4750d31e11c059f0cdcdc35124630f4c98d87dc7279652a742fe9be32794eb7fc

Download Submit
C:\Windows\system\Qchmngd.exe

Filesize
6.0MB

MD5
1f20586f922fcebed94587843ff02e0f

SHA1
7222306365b19f1c83c2016b0d8e3c5e015f8737

SHA256
37d2de9c8fbfa7ff0504f962b07b6c0a43b8dd27838ca25e14b0d63e523cc0b1

SHA512
bb4e452967b9a3ae3160eff762b794a26a55be2d12726198794ed81116145b946cf97ce75c4f46b33d79674405ca62121687dfa0a39927367a5d09aa5690f04b

Download Submit
C:\Windows\system\SYpmVtW.exe

Filesize
6.0MB

MD5
97020ae116b760d4962be8d66ff9018c

SHA1
bbae204ee35f665828963749bbfd71f9f0187127

SHA256
ce9efb52cebe51977578c9c370e70ef413f50a6d8fde7a96f9171ad1022f77a1

SHA512
860562a09e7b429adcdd633318b16345ccf74d1c1f6da50ee818394c0980a29c650e951521f71e4e388469406882157527e40d58ccd427833219d66e1a4861b6

Download Submit
C:\Windows\system\UHDxNLn.exe

Filesize
6.0MB

MD5
286c49d4f8ba02428e33a4df6e8d3461

SHA1
ba899fd70c6ce3d37e4e95fed9717e13c976f2bf

SHA256
12fc50fb32276d7e118e711bf00bba29eb4eb3bd2f543392fb8f692c762d714a

SHA512
81b06ada3954dc332e1f7b811aba859e201026e3c2d685256230a588001a36681ac07b6f7eaf0665843d7a11415b4a0748c4190b2af5c14607a8a4da76274833

Download Submit
C:\Windows\system\bkrdTsd.exe

Filesize
6.0MB

MD5
4db7a343f534cb63fd0f192337b444d7

SHA1
f6d9d2983ea52254677f770f6322e992fbe78047

SHA256
8c473a2b9c675a9cb301b56d8db645b7046b1de1302856bf3e956a3f81ac5be3

SHA512
ef8ae7a2d7ed65e04ef5f4c6e33e996c3ce2c6f68f9bd5e961c126258603d14a7279e32455a4c1d1bf3d0dd3c59737ea5a99f39c5d432188e8abd9532448d91d

Download Submit
C:\Windows\system\dUuKvit.exe

Filesize
6.0MB

MD5
960abb0aa30e8612226e9253f3490566

SHA1
0223039393897ee435aa080d825f8b34e5f13bce

SHA256
26afc4c4e37293c98f4e548e4fe70015d9db29de232a45abf8b3ac82344be4a7

SHA512
07f0c4f012bb96ff33643c918b64d24299fd052563d650f145b53cb35f492bd0ce5a0cc907c848a048618e9d434cd1b8e82582bc7e28906bae1e50a0128cb233

Download Submit
C:\Windows\system\dkPjOKC.exe

Filesize
6.0MB

MD5
f01979dc77dd88db56e2d322ce61dd1f

SHA1
0d5319d594580dbb99cae4d2ef2ad2c5f0937b6a

SHA256
d4455604e65b07ba5fd340896011c816a8d016a593fa8b6b35c5bd7a87824aec

SHA512
bab7f1d846cafc046a3d9e97c39401f1cc5594978497f0f0cfe5234477d94e417d4f8f013084806575f845391d0ccbe7d508b0185782ad0946f2f8068c052890

Download Submit
C:\Windows\system\dvYbZyG.exe

Filesize
6.0MB

MD5
99f28373ab27cf084b81b901b0382cc6

SHA1
52cb3ba3696ca3ce927ff73a3a3509a1b83e9960

SHA256
66b368ce242965e761e2b985d42d24c31e4112b2715c9e6d29b5a88839633e86

SHA512
6365de1084da90ec2c7599414b38fa9a62786a592d23cba3cb0e213e67f8b12c4e4029f9045dd75455fcb096701118849c9d4fb14b8fd2c1f4e373b2a6e63a37

Download Submit
C:\Windows\system\ekHspyM.exe

Filesize
6.0MB

MD5
dced30f71d544643c13f0416c5248a35

SHA1
89867c46604e9cedbedf75ed47bd95be49b3c78d

SHA256
ed87c245723b4d16e20bc2e6c3c91a111bdf427ef64936e671627cdfbfc72717

SHA512
df4ac87626706b46fc11b94e7582066dd4e6c4226f53717ee4c936140b8ec1dbd9a484238e69c497c53f499032d2fa5012b8d2394e918f9c73ba4b3bfb3ed9a7

Download Submit
C:\Windows\system\ftRKGZK.exe

Filesize
6.0MB

MD5
d438593eeb7f4a065de46595d5d8febc

SHA1
ad32d52cbab85e54e0684de7fa710849196455f5

SHA256
9f3b8f1484a146f9f29e34b23bdd4f9232ac43622b1524af784d7cdbb91b067a

SHA512
6bd82251240eff97c96fa1edec4aaeb4124bf2f2453e69f8d125a2798beae969a3c4250104874417e2a3d85bdae4b3d47bce85ae3108df34d876fc7a17944961

Download Submit
C:\Windows\system\hYTnMbf.exe

Filesize
6.0MB

MD5
37cd6aff105fecb8c712def59dbe85b1

SHA1
0f568d1ecc798533d2c73827f027f4f522b1fd6d

SHA256
b430b895fd437895b81b4021e8d9565d452f13643391841ee5dbbefb29c9635b

SHA512
f2d8161cc0e9616282504661a1839fa693ca0e8681785506a05bb7346588f3c7e0d31481ca0b98099d8a0e2dd5cbd7414015c442e6f3a1b1e5538d96f0475729

Download Submit
C:\Windows\system\iUKsCZz.exe

Filesize
6.0MB

MD5
1bd1eb9647769a67b46fe46cd55c7beb

SHA1
d798d3bc50ab249c35d874a0754c2e3ca9b0ef6b

SHA256
010f9a20083b3b90c121cb3056e819ded392318d00f7405a1bdd8221f8a3bbc7

SHA512
1e3c6ac7793fb25d5160fdece31ed2d05433f16e88c51772ea7285b48bca7f406660c21b4beade6cfe594ae5b1671332a7fe0ce7fa3bdd206d911fb18a4f25d4

Download Submit
C:\Windows\system\jEBJfVw.exe

Filesize
6.0MB

MD5
a3933dbdaaaa3488f43d5989c2d82daa

SHA1
15f1fb878060ca4998db4d3d5200221fbb554b49

SHA256
29c09e8f34b779c6e650cbacd152eb3a3b20f1ec7db7e5ec8eb00cad6631bdb3

SHA512
c243a1d12a0e321a5e0829aa03fd188c36763d38d1d2ea01aaa39b8d148b954b2a3d078a2a87519093ff7783bdee6bab2e408ba43863868840036488485260e8

Download Submit
C:\Windows\system\lXRwEFu.exe

Filesize
6.0MB

MD5
aba2cc30bddc4ac097ae670c5f1cf7f4

SHA1
ed0a7026884ec1107561a473b4d1cfa6a74444a7

SHA256
f2c51e90ee104dad6f629c30cf099119712e41e4c658d02728458f839e8e4147

SHA512
14befc619aa9eb270d3042439539a4ca10accc827bb5df21ecb7eb246a9bc8b30b0a7027a4cb93f601174068f6657f21826339828641f302ea457af5d75a2c16

Download Submit
C:\Windows\system\npePAwU.exe

Filesize
6.0MB

MD5
52a668b1cffab8d2e780d15c49904296

SHA1
e005d6c4d64dafdb749a1ac3a38a6a4b2ca2e1d7

SHA256
3a98fc07c2a0863b147ecf78ac97f353a6abe30d8f05fe9c21a15a451cd5c492

SHA512
5d47a7a6e0eb3253c70e9c86aceaf0f83c19f38cf6c6167fcadcb7221c730f2af74ab7b41c64379e92d1bb12372bddf0c018f2fd593494d9b47ca4fdf5523114

Download Submit
C:\Windows\system\oTOMoGn.exe

Filesize
6.0MB

MD5
c1b9cfc17fe2320f6fb867efdafdba8b

SHA1
05b106de916e184a482de08195796d84673b0b86

SHA256
17020a2427e363eee6c45e9049053272958fa0b01197ca9e258504c44d0432ba

SHA512
bb2e3c6c466bfda2b118cbf650a5e9806387611227588fd0b0617e7c479b57edd1838f07f9d3978f191e4eb3ee1726ec1827681a6a21edf0abfee21ae7093543

Download Submit
C:\Windows\system\qsjYrlj.exe

Filesize
6.0MB

MD5
05100fa2df77e3015e56180db3dfd94a

SHA1
4e531989a226913923ec86be2edbbefecfa94393

SHA256
6bafcc3b849cb7df63f8c407d5a32c3a7bed7f46e2576eeb0f19c9e8ce98ccb6

SHA512
1e64388722f8416d7ecc234c627b13b59857ac9b3c0de65a01dbf8dd7a5a5a9bb2e049bb4e39a0a9b433db27e9945385d289a0006ed95d65cd8da13a90b6c2ae

Download Submit
C:\Windows\system\rEzOXnu.exe

Filesize
6.0MB

MD5
0c735f0765d04b5473f754451aa11d15

SHA1
afb93da39626d3785a7befeaf4c9cf75fb8b325b

SHA256
07a874d840eaf45d3f99e5bd7582a44acb2c6180d28b106f37a97866d1d5a60a

SHA512
7ca18677ce0a399291487f51b6ca448e7c9eb0131b0cf088728b0a0093e54668e37a73d2e55dad166b2d95169e440b282f9906b46172252a9d056fca1eb8cdb2

Download Submit
C:\Windows\system\wnNEzny.exe

Filesize
6.0MB

MD5
3736c52ba94b0aafc2d9dd21afc97cd6

SHA1
f756de5e7f3dbea39a9167ef3e2b2afd861f8f89

SHA256
9327c5fd49bf4545d58d66e2b94e41b09c3d69503747ab536911b00f5765a677

SHA512
343875c7bf57f06f3285ee30d9b83bd87f59338ef54ba614737188172797cdc77aad126787cc1523b8f81f53944e63efaad1c907e9bd21a547160f353228e7a6

Download Submit
C:\Windows\system\xGPwEOq.exe

Filesize
6.0MB

MD5
ca247f55c5c9bc983679a7fe8a4c1052

SHA1
8cc7b109225026509734dd1d7854513330a1bdd1

SHA256
1344d84372f9fb3180cac1cc9f08b7aca7797e70db2f856f08a54782761438cd

SHA512
7e574338f6bfc4f9b32cebc91821f46da5b883b0eba5526d290388de568d2093f3c58ef4faaf99b01d068fc01b23bd47e0a55425b04a0c1cc2e3d0b4200a73a4

Download Submit
\Windows\system\FZFPqaQ.exe

Filesize
6.0MB

MD5
f41f002a124c391e2ffc0caf3d79c549

SHA1
2906f41ad6c9321b808834ccace6a26fa1ea7611

SHA256
ee9473ec99d90a7da53a6e3cffcc534e1500f441c0089c73f2b2de031093eebf

SHA512
a5b44c46ef6141ff5580c771d7924a50d24af7834e9979837e681ff578f5e8e23bcaf4c215eea8432f7cd1b272baa1f0653a9f60b223eeebcbe0424558a38baa

Download Submit
\Windows\system\FyWosKp.exe

Filesize
6.0MB

MD5
816504c023c3c758f89ca841a31afc98

SHA1
27b6bd4b37d97ef77df2bab25d4497603163622f

SHA256
02e7636c96bf7495e5221230251fed53d1842e3a545ce465fdf55d92ab980386

SHA512
cc322e3fd6d18a1c7ffba5be175da3245f4a7a397cd731323b336ca940de5f7fe035e5997d382b0d83ae66aa6829e2e3cf42a9d2ff4225f940a626809cd36e7b

Download Submit
\Windows\system\Vtytyqe.exe

Filesize
6.0MB

MD5
cfb9eb9d44a47038286e1715b05ea7c5

SHA1
780eed5819efba38ecb72dc3e4e87bf3137b84af

SHA256
946dae77a7397e15795e4fb7df33e36ab3b62ab14e1508777721e4be34decd78

SHA512
fa8288b5dd03a12afb48681daffd85550d143acfd389103dab9001ef58ff2d7e674b74482a6b9d3979a6027f9b69baa240d015213ef5f48949cc4eed2e0b5d20

Download Submit
\Windows\system\ZApYTfk.exe

Filesize
6.0MB

MD5
9ead9ee21f5f2065a4a9120b166a6635

SHA1
51e019a57eb8cdb0f918208ed4339ff1762f3bfd

SHA256
4d231c45c6e53c5886146bc30fe428ad64a82ec558848be7bf1f15354dce7cc4

SHA512
05214c2efb806fbe3528b8752f8aa962651b676e6b13a535cc5beadadf127f831223a2172f07706e5921e38e0c1bf69cb0053f398437e9b70ac23cc576fa3f77

Download Submit
\Windows\system\lMRVqHC.exe

Filesize
6.0MB

MD5
2fea859eadaf783457bb5051034ee930

SHA1
feab92ffe1157e2037819273412955835cc46aee

SHA256
3a198730c37841b20888d17b710b0de77a2e6b31dc416f762185fd03c3dae479

SHA512
26125eb7b6b440f8432202a5aab903a951f70a012cbe167d4f5bacac1a5f2ad5d609c1ee6520652358c0a199d8e8a417749458dd294cd8c79700bb1c8f5f5e28

Download Submit
\Windows\system\vsCoSHn.exe

Filesize
6.0MB

MD5
df7e225dd0f9037695a3a7e4fff5b5be

SHA1
d45e9ef6e9fd2af1dc1d054bf613a0ab419b29ae

SHA256
501b286627c94a439ab014a5480da646dfd93941467b979171165de82f1bc61a

SHA512
b9208caeec85fc2deedbdaa8ae290faee887a880ac9897c7fcd864e1529b1d532b5ccddd06ffa023a2e6c9fc8b875d9273276618ee28ec3dba8e6e721a513cb6

Download Submit
memory/936-3998-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/936-21-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2052-3996-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2052-13-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2184-4007-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2184-128-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2296-3999-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2296-36-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2460-107-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2460-51-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2460-129-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2460-132-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2460-126-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2460-149-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2460-43-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2460-60-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2460-119-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2460-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2460-130-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2460-66-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2460-10-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2460-61-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2460-59-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2460-1178-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2460-70-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2460-0-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2460-852-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2492-15-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2492-86-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2492-3997-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-116-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2576-4006-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2712-53-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2712-4000-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2716-4003-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-58-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-618-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2736-68-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2736-4005-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2784-55-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-4002-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-4004-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/3004-62-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/3016-4001-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/3016-57-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download