cobaltstrike | a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-12-2024 06:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
Size

6.0MB
MD5

d0ad7da3202a829d99e3f799a3312959
SHA1

c7ba5d12da79e436326721e7e69f2e77fe63ac6c
SHA256

a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4
SHA512

03ee203421f2aa7928142cc6079cdc096307ffb2288bc835cf5c514481a1fa702a778f238607c2711a41b9a75ffe0153c857173063798806fd5473948f69fae0
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUQ:eOl56utgpPF8u/7Q

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a0000000120d6-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dd5-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dd9-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016de9-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016df5-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016df8-41.dat	cobalt_reflective_dll
behavioral1/files/0x0032000000016d68-49.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016f02-53.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018be7-56.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d7b-72.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d83-78.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018fdf-93.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019203-92.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019237-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924f-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001927a-127.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939f-159.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193dc-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-184.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ad-194.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019428-189.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f9-179.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d0-169.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019358-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019354-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019299-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-119.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019056-107.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2648-0-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/files/0x000a0000000120d6-3.dat	xmrig
behavioral1/memory/2648-6-0x0000000002230000-0x0000000002584000-memory.dmp	xmrig
behavioral1/files/0x0008000000016dd5-9.dat	xmrig
behavioral1/memory/2812-14-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016dd9-11.dat	xmrig
behavioral1/memory/2648-12-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2896-21-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/files/0x0007000000016de9-22.dat	xmrig
behavioral1/memory/2768-27-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2584-34-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/2648-33-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/files/0x0007000000016df5-32.dat	xmrig
behavioral1/memory/2704-36-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x0007000000016df8-41.dat	xmrig
behavioral1/memory/2628-48-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2812-44-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/files/0x0032000000016d68-49.dat	xmrig
behavioral1/files/0x0009000000016f02-53.dat	xmrig
behavioral1/files/0x0007000000018be7-56.dat	xmrig
behavioral1/memory/2896-52-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/1476-71-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2584-68-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/1224-67-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/1092-66-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018d7b-72.dat	xmrig
behavioral1/memory/2156-76-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2768-65-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018d83-78.dat	xmrig
behavioral1/files/0x0006000000018fdf-93.dat	xmrig
behavioral1/files/0x0005000000019203-92.dat	xmrig
behavioral1/memory/2648-88-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2064-81-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/files/0x0005000000019237-109.dat	xmrig
behavioral1/files/0x000500000001924f-114.dat	xmrig
behavioral1/files/0x0005000000019274-124.dat	xmrig
behavioral1/files/0x000500000001927a-127.dat	xmrig
behavioral1/files/0x00050000000192a1-139.dat	xmrig
behavioral1/files/0x000500000001938e-154.dat	xmrig
behavioral1/files/0x000500000001939f-159.dat	xmrig
behavioral1/files/0x00050000000193dc-174.dat	xmrig
behavioral1/files/0x0005000000019426-184.dat	xmrig
behavioral1/memory/2460-967-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2648-605-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2064-604-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2156-399-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/1476-217-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194ad-194.dat	xmrig
behavioral1/files/0x0005000000019428-189.dat	xmrig
behavioral1/files/0x00050000000193f9-179.dat	xmrig
behavioral1/files/0x00050000000193d0-169.dat	xmrig
behavioral1/files/0x00050000000193cc-164.dat	xmrig
behavioral1/files/0x0005000000019358-149.dat	xmrig
behavioral1/files/0x0005000000019354-144.dat	xmrig
behavioral1/files/0x0005000000019299-134.dat	xmrig
behavioral1/files/0x0005000000019261-119.dat	xmrig
behavioral1/memory/2460-108-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x0006000000019056-107.dat	xmrig
behavioral1/memory/2224-104-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2648-103-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2200-101-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2628-86-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2812-3461-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2768-3462-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2704	UMqbKPJ.exe
2812	DjgJEen.exe
2896	aFWOmQx.exe
2768	XHrBYyv.exe
2584	oyQPMIi.exe
2628	jMCyskE.exe
1092	YXZqPin.exe
1224	gIJrmmx.exe
1476	wReMHlJ.exe
2156	ZsniJYb.exe
2064	aIooqWf.exe
2200	vyacAlD.exe
2224	QSgkAHf.exe
2460	SwAWwbJ.exe
1628	lEUTpON.exe
1384	eUlBAfX.exe
2644	QSNYnmW.exe
2428	NFiDOKx.exe
2444	umqzLJT.exe
1968	abHmmtY.exe
2344	KvrJyeh.exe
2872	JTFSmTW.exe
532	XpGjQOa.exe
2472	XDDnySg.exe
2088	IECqpKf.exe
1812	JsfvBvk.exe
1804	tiYIIYN.exe
1132	tAUJtFN.exe
1784	IRXqXoR.exe
2336	eRxBveH.exe
2220	SSGCtkk.exe
836	kdzRIYc.exe
1324	hUsOHVm.exe
236	ULckFEp.exe
1956	VFhCvzh.exe
1660	dlSwyvx.exe
1760	UkmgDiG.exe
1708	wRULKcr.exe
2016	dAAZZdT.exe
916	LHybIjM.exe
1600	HrkhJwF.exe
684	mIyWWuv.exe
2212	sUujtUO.exe
1636	VfjDqes.exe
2292	krEOnxb.exe
3020	RvCkwKH.exe
2416	IBVlnkr.exe
2360	FFixQRA.exe
1496	dQQeMzv.exe
3000	eDzfpWH.exe
2520	CtTeGrY.exe
1576	hRFhlls.exe
2468	mJNaaox.exe
2684	eClqZSi.exe
2776	EBDTkKJ.exe
2264	ulhhVRV.exe
2800	cgfAyAy.exe
2744	VWcxGtm.exe
2760	nZNOLdC.exe
2716	JYsgiph.exe
2740	XaQtQZq.exe
2588	GPJkkaV.exe
2608	ZotkLMi.exe
608	nioheWk.exe

Loads dropped DLL 64 IoCs

pid	Process
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2648-0-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/files/0x000a0000000120d6-3.dat	upx
behavioral1/memory/2648-6-0x0000000002230000-0x0000000002584000-memory.dmp	upx
behavioral1/files/0x0008000000016dd5-9.dat	upx
behavioral1/memory/2812-14-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/files/0x0007000000016dd9-11.dat	upx
behavioral1/memory/2896-21-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/files/0x0007000000016de9-22.dat	upx
behavioral1/memory/2768-27-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2584-34-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2648-33-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/files/0x0007000000016df5-32.dat	upx
behavioral1/memory/2704-36-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x0007000000016df8-41.dat	upx
behavioral1/memory/2628-48-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2812-44-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/files/0x0032000000016d68-49.dat	upx
behavioral1/files/0x0009000000016f02-53.dat	upx
behavioral1/files/0x0007000000018be7-56.dat	upx
behavioral1/memory/2896-52-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/1476-71-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2584-68-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/1224-67-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/1092-66-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/files/0x0006000000018d7b-72.dat	upx
behavioral1/memory/2156-76-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2768-65-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/files/0x0006000000018d83-78.dat	upx
behavioral1/files/0x0006000000018fdf-93.dat	upx
behavioral1/files/0x0005000000019203-92.dat	upx
behavioral1/memory/2064-81-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/files/0x0005000000019237-109.dat	upx
behavioral1/files/0x000500000001924f-114.dat	upx
behavioral1/files/0x0005000000019274-124.dat	upx
behavioral1/files/0x000500000001927a-127.dat	upx
behavioral1/files/0x00050000000192a1-139.dat	upx
behavioral1/files/0x000500000001938e-154.dat	upx
behavioral1/files/0x000500000001939f-159.dat	upx
behavioral1/files/0x00050000000193dc-174.dat	upx
behavioral1/files/0x0005000000019426-184.dat	upx
behavioral1/memory/2460-967-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2064-604-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2156-399-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/1476-217-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/files/0x00050000000194ad-194.dat	upx
behavioral1/files/0x0005000000019428-189.dat	upx
behavioral1/files/0x00050000000193f9-179.dat	upx
behavioral1/files/0x00050000000193d0-169.dat	upx
behavioral1/files/0x00050000000193cc-164.dat	upx
behavioral1/files/0x0005000000019358-149.dat	upx
behavioral1/files/0x0005000000019354-144.dat	upx
behavioral1/files/0x0005000000019299-134.dat	upx
behavioral1/files/0x0005000000019261-119.dat	upx
behavioral1/memory/2460-108-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x0006000000019056-107.dat	upx
behavioral1/memory/2224-104-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2200-101-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2628-86-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2812-3461-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2768-3462-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2704-3472-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2628-3675-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2896-3713-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2584-3716-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\OjXDBVo.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\xxNmUOP.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\ioVTpob.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\oUnROTJ.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\QMeouAm.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\oAWOCdK.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\NszShre.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\lVbcvCa.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\xDcDnuT.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\hxqyAWc.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\yhclBAW.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\BzYDvlf.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\dQQeMzv.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\UBAmmjj.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\jtMRczP.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\TslmPfj.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\ZBCLrtF.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\CGGhBts.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\XaQtQZq.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\jqkltHu.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\AAhezYW.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\VevgJqd.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\TfUYQLY.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\vOYuExE.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\VXjxZqF.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\xibVEOj.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\ThJcNtw.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\JDuyaCo.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\WStEcWM.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\eppLmtN.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\rwagbbr.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\vmACCIV.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\rdpFFEP.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\UguVTKw.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\nUZYxJQ.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\uccntfg.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\gdBQYdK.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\AQrjYAE.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\TQaGOIU.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\KybIuDr.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\zzWenKW.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\QRmbhZi.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\JwGhkuO.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\lcahhwK.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\KQijdDC.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\DouRezR.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\eOCPVJF.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\eJigEBg.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\axbdYif.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\AmCBkMZ.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\rxLOhiI.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\LZJuzVG.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\DmlDxpk.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\fjbPPpa.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\kTJFVCS.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\RVPdMpF.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\YWUybXM.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\GBnkmos.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\EjruLsT.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\OhQsHtW.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\eVbFYkL.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\agXcwBG.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\CacxcAz.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
File created	C:\Windows\System\wCVwFYB.exe	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 2704	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	31
PID 2648 wrote to memory of 2704	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	31
PID 2648 wrote to memory of 2704	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	31
PID 2648 wrote to memory of 2812	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	32
PID 2648 wrote to memory of 2812	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	32
PID 2648 wrote to memory of 2812	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	32
PID 2648 wrote to memory of 2896	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	33
PID 2648 wrote to memory of 2896	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	33
PID 2648 wrote to memory of 2896	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	33
PID 2648 wrote to memory of 2768	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	34
PID 2648 wrote to memory of 2768	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	34
PID 2648 wrote to memory of 2768	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	34
PID 2648 wrote to memory of 2584	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	35
PID 2648 wrote to memory of 2584	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	35
PID 2648 wrote to memory of 2584	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	35
PID 2648 wrote to memory of 2628	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	36
PID 2648 wrote to memory of 2628	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	36
PID 2648 wrote to memory of 2628	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	36
PID 2648 wrote to memory of 1224	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	37
PID 2648 wrote to memory of 1224	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	37
PID 2648 wrote to memory of 1224	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	37
PID 2648 wrote to memory of 1092	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	38
PID 2648 wrote to memory of 1092	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	38
PID 2648 wrote to memory of 1092	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	38
PID 2648 wrote to memory of 1476	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	39
PID 2648 wrote to memory of 1476	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	39
PID 2648 wrote to memory of 1476	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	39
PID 2648 wrote to memory of 2156	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	40
PID 2648 wrote to memory of 2156	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	40
PID 2648 wrote to memory of 2156	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	40
PID 2648 wrote to memory of 2064	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	41
PID 2648 wrote to memory of 2064	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	41
PID 2648 wrote to memory of 2064	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	41
PID 2648 wrote to memory of 2200	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	42
PID 2648 wrote to memory of 2200	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	42
PID 2648 wrote to memory of 2200	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	42
PID 2648 wrote to memory of 2460	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	43
PID 2648 wrote to memory of 2460	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	43
PID 2648 wrote to memory of 2460	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	43
PID 2648 wrote to memory of 2224	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	44
PID 2648 wrote to memory of 2224	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	44
PID 2648 wrote to memory of 2224	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	44
PID 2648 wrote to memory of 1628	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	45
PID 2648 wrote to memory of 1628	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	45
PID 2648 wrote to memory of 1628	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	45
PID 2648 wrote to memory of 1384	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	46
PID 2648 wrote to memory of 1384	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	46
PID 2648 wrote to memory of 1384	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	46
PID 2648 wrote to memory of 2644	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	47
PID 2648 wrote to memory of 2644	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	47
PID 2648 wrote to memory of 2644	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	47
PID 2648 wrote to memory of 2428	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	48
PID 2648 wrote to memory of 2428	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	48
PID 2648 wrote to memory of 2428	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	48
PID 2648 wrote to memory of 2444	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	49
PID 2648 wrote to memory of 2444	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	49
PID 2648 wrote to memory of 2444	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	49
PID 2648 wrote to memory of 1968	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	50
PID 2648 wrote to memory of 1968	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	50
PID 2648 wrote to memory of 1968	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	50
PID 2648 wrote to memory of 2344	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	51
PID 2648 wrote to memory of 2344	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	51
PID 2648 wrote to memory of 2344	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	51
PID 2648 wrote to memory of 2872	2648	JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a1aee38440309605bf1d056780eaae678d9500ff131f2013d1057d76806708f4.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Windows\System\UMqbKPJ.exe
  C:\Windows\System\UMqbKPJ.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\DjgJEen.exe
  C:\Windows\System\DjgJEen.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\aFWOmQx.exe
  C:\Windows\System\aFWOmQx.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\XHrBYyv.exe
  C:\Windows\System\XHrBYyv.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\oyQPMIi.exe
  C:\Windows\System\oyQPMIi.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\jMCyskE.exe
  C:\Windows\System\jMCyskE.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\gIJrmmx.exe
  C:\Windows\System\gIJrmmx.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\YXZqPin.exe
  C:\Windows\System\YXZqPin.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\wReMHlJ.exe
  C:\Windows\System\wReMHlJ.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\ZsniJYb.exe
  C:\Windows\System\ZsniJYb.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\aIooqWf.exe
  C:\Windows\System\aIooqWf.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\vyacAlD.exe
  C:\Windows\System\vyacAlD.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\SwAWwbJ.exe
  C:\Windows\System\SwAWwbJ.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\QSgkAHf.exe
  C:\Windows\System\QSgkAHf.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\lEUTpON.exe
  C:\Windows\System\lEUTpON.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\eUlBAfX.exe
  C:\Windows\System\eUlBAfX.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\QSNYnmW.exe
  C:\Windows\System\QSNYnmW.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\NFiDOKx.exe
  C:\Windows\System\NFiDOKx.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\umqzLJT.exe
  C:\Windows\System\umqzLJT.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\abHmmtY.exe
  C:\Windows\System\abHmmtY.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\KvrJyeh.exe
  C:\Windows\System\KvrJyeh.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\JTFSmTW.exe
  C:\Windows\System\JTFSmTW.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\XpGjQOa.exe
  C:\Windows\System\XpGjQOa.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\XDDnySg.exe
  C:\Windows\System\XDDnySg.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\IECqpKf.exe
  C:\Windows\System\IECqpKf.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\JsfvBvk.exe
  C:\Windows\System\JsfvBvk.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\tiYIIYN.exe
  C:\Windows\System\tiYIIYN.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\tAUJtFN.exe
  C:\Windows\System\tAUJtFN.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\IRXqXoR.exe
  C:\Windows\System\IRXqXoR.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\eRxBveH.exe
  C:\Windows\System\eRxBveH.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\SSGCtkk.exe
  C:\Windows\System\SSGCtkk.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\kdzRIYc.exe
  C:\Windows\System\kdzRIYc.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\hUsOHVm.exe
  C:\Windows\System\hUsOHVm.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\ULckFEp.exe
  C:\Windows\System\ULckFEp.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\VFhCvzh.exe
  C:\Windows\System\VFhCvzh.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\dlSwyvx.exe
  C:\Windows\System\dlSwyvx.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\UkmgDiG.exe
  C:\Windows\System\UkmgDiG.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\wRULKcr.exe
  C:\Windows\System\wRULKcr.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\dAAZZdT.exe
  C:\Windows\System\dAAZZdT.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\LHybIjM.exe
  C:\Windows\System\LHybIjM.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\HrkhJwF.exe
  C:\Windows\System\HrkhJwF.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\mIyWWuv.exe
  C:\Windows\System\mIyWWuv.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\sUujtUO.exe
  C:\Windows\System\sUujtUO.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\VfjDqes.exe
  C:\Windows\System\VfjDqes.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\krEOnxb.exe
  C:\Windows\System\krEOnxb.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\RvCkwKH.exe
  C:\Windows\System\RvCkwKH.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\IBVlnkr.exe
  C:\Windows\System\IBVlnkr.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\FFixQRA.exe
  C:\Windows\System\FFixQRA.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\dQQeMzv.exe
  C:\Windows\System\dQQeMzv.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\eDzfpWH.exe
  C:\Windows\System\eDzfpWH.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\CtTeGrY.exe
  C:\Windows\System\CtTeGrY.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\hRFhlls.exe
  C:\Windows\System\hRFhlls.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\mJNaaox.exe
  C:\Windows\System\mJNaaox.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\eClqZSi.exe
  C:\Windows\System\eClqZSi.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\EBDTkKJ.exe
  C:\Windows\System\EBDTkKJ.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\ulhhVRV.exe
  C:\Windows\System\ulhhVRV.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\cgfAyAy.exe
  C:\Windows\System\cgfAyAy.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\VWcxGtm.exe
  C:\Windows\System\VWcxGtm.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\nZNOLdC.exe
  C:\Windows\System\nZNOLdC.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\JYsgiph.exe
  C:\Windows\System\JYsgiph.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\XaQtQZq.exe
  C:\Windows\System\XaQtQZq.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\GPJkkaV.exe
  C:\Windows\System\GPJkkaV.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\ZotkLMi.exe
  C:\Windows\System\ZotkLMi.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\nioheWk.exe
  C:\Windows\System\nioheWk.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\vllaKty.exe
  C:\Windows\System\vllaKty.exe
  2⤵
  PID:1040
- C:\Windows\System\agnbzwD.exe
  C:\Windows\System\agnbzwD.exe
  2⤵
  PID:2968
- C:\Windows\System\VbbrzrO.exe
  C:\Windows\System\VbbrzrO.exe
  2⤵
  PID:2452
- C:\Windows\System\cmqHCpp.exe
  C:\Windows\System\cmqHCpp.exe
  2⤵
  PID:1892
- C:\Windows\System\QfeOlYm.exe
  C:\Windows\System\QfeOlYm.exe
  2⤵
  PID:1608
- C:\Windows\System\pkeEnPw.exe
  C:\Windows\System\pkeEnPw.exe
  2⤵
  PID:2152
- C:\Windows\System\BwNDQdu.exe
  C:\Windows\System\BwNDQdu.exe
  2⤵
  PID:1920
- C:\Windows\System\dqIyzco.exe
  C:\Windows\System\dqIyzco.exe
  2⤵
  PID:1912
- C:\Windows\System\JbDwWdn.exe
  C:\Windows\System\JbDwWdn.exe
  2⤵
  PID:772
- C:\Windows\System\zCTsdPY.exe
  C:\Windows\System\zCTsdPY.exe
  2⤵
  PID:2252
- C:\Windows\System\YZuGAUo.exe
  C:\Windows\System\YZuGAUo.exe
  2⤵
  PID:1032
- C:\Windows\System\pgPtFra.exe
  C:\Windows\System\pgPtFra.exe
  2⤵
  PID:3044
- C:\Windows\System\MExNfGB.exe
  C:\Windows\System\MExNfGB.exe
  2⤵
  PID:1096
- C:\Windows\System\LrdSCgD.exe
  C:\Windows\System\LrdSCgD.exe
  2⤵
  PID:2288
- C:\Windows\System\yQcCNdd.exe
  C:\Windows\System\yQcCNdd.exe
  2⤵
  PID:964
- C:\Windows\System\HEHQSeX.exe
  C:\Windows\System\HEHQSeX.exe
  2⤵
  PID:1048
- C:\Windows\System\otIQavy.exe
  C:\Windows\System\otIQavy.exe
  2⤵
  PID:1696
- C:\Windows\System\nMYSTvj.exe
  C:\Windows\System\nMYSTvj.exe
  2⤵
  PID:2364
- C:\Windows\System\aAwUbJD.exe
  C:\Windows\System\aAwUbJD.exe
  2⤵
  PID:540
- C:\Windows\System\hKoDthc.exe
  C:\Windows\System\hKoDthc.exe
  2⤵
  PID:2272
- C:\Windows\System\tmTdHUK.exe
  C:\Windows\System\tmTdHUK.exe
  2⤵
  PID:564
- C:\Windows\System\UdmNwFy.exe
  C:\Windows\System\UdmNwFy.exe
  2⤵
  PID:2636
- C:\Windows\System\VtEBbpv.exe
  C:\Windows\System\VtEBbpv.exe
  2⤵
  PID:2836
- C:\Windows\System\btNZwjv.exe
  C:\Windows\System\btNZwjv.exe
  2⤵
  PID:1928
- C:\Windows\System\jqkltHu.exe
  C:\Windows\System\jqkltHu.exe
  2⤵
  PID:1836
- C:\Windows\System\jGfYnvo.exe
  C:\Windows\System\jGfYnvo.exe
  2⤵
  PID:612
- C:\Windows\System\juCyrXR.exe
  C:\Windows\System\juCyrXR.exe
  2⤵
  PID:1688
- C:\Windows\System\tuuMSro.exe
  C:\Windows\System\tuuMSro.exe
  2⤵
  PID:2808
- C:\Windows\System\REwfsrm.exe
  C:\Windows\System\REwfsrm.exe
  2⤵
  PID:2988
- C:\Windows\System\WlYypXc.exe
  C:\Windows\System\WlYypXc.exe
  2⤵
  PID:2680
- C:\Windows\System\LcvrTqX.exe
  C:\Windows\System\LcvrTqX.exe
  2⤵
  PID:2892
- C:\Windows\System\vDbOTWh.exe
  C:\Windows\System\vDbOTWh.exe
  2⤵
  PID:2832
- C:\Windows\System\MvSDLXc.exe
  C:\Windows\System\MvSDLXc.exe
  2⤵
  PID:2828
- C:\Windows\System\PXrXpGn.exe
  C:\Windows\System\PXrXpGn.exe
  2⤵
  PID:1296
- C:\Windows\System\YOvlFWX.exe
  C:\Windows\System\YOvlFWX.exe
  2⤵
  PID:1948
- C:\Windows\System\lvkTUFA.exe
  C:\Windows\System\lvkTUFA.exe
  2⤵
  PID:1764
- C:\Windows\System\ezObfMm.exe
  C:\Windows\System\ezObfMm.exe
  2⤵
  PID:1020
- C:\Windows\System\pkAZqUA.exe
  C:\Windows\System\pkAZqUA.exe
  2⤵
  PID:2772
- C:\Windows\System\LJpINqW.exe
  C:\Windows\System\LJpINqW.exe
  2⤵
  PID:1944
- C:\Windows\System\kxixNaD.exe
  C:\Windows\System\kxixNaD.exe
  2⤵
  PID:3064
- C:\Windows\System\pGvduOZ.exe
  C:\Windows\System\pGvduOZ.exe
  2⤵
  PID:3052
- C:\Windows\System\zoooEkn.exe
  C:\Windows\System\zoooEkn.exe
  2⤵
  PID:748
- C:\Windows\System\wnKmaqr.exe
  C:\Windows\System\wnKmaqr.exe
  2⤵
  PID:2108
- C:\Windows\System\MKRndya.exe
  C:\Windows\System\MKRndya.exe
  2⤵
  PID:1652
- C:\Windows\System\irxoodQ.exe
  C:\Windows\System\irxoodQ.exe
  2⤵
  PID:1184
- C:\Windows\System\ZhZxvdP.exe
  C:\Windows\System\ZhZxvdP.exe
  2⤵
  PID:1540
- C:\Windows\System\YQMBfjj.exe
  C:\Windows\System\YQMBfjj.exe
  2⤵
  PID:1336
- C:\Windows\System\JvvtJET.exe
  C:\Windows\System\JvvtJET.exe
  2⤵
  PID:2020
- C:\Windows\System\oOacYMs.exe
  C:\Windows\System\oOacYMs.exe
  2⤵
  PID:2640
- C:\Windows\System\guxVHTe.exe
  C:\Windows\System\guxVHTe.exe
  2⤵
  PID:3024
- C:\Windows\System\iDhtcju.exe
  C:\Windows\System\iDhtcju.exe
  2⤵
  PID:3032
- C:\Windows\System\XbKoUpo.exe
  C:\Windows\System\XbKoUpo.exe
  2⤵
  PID:2820
- C:\Windows\System\jqzamFp.exe
  C:\Windows\System\jqzamFp.exe
  2⤵
  PID:3028
- C:\Windows\System\jndGfAC.exe
  C:\Windows\System\jndGfAC.exe
  2⤵
  PID:1840
- C:\Windows\System\LmiUhzx.exe
  C:\Windows\System\LmiUhzx.exe
  2⤵
  PID:2488
- C:\Windows\System\SyghPoe.exe
  C:\Windows\System\SyghPoe.exe
  2⤵
  PID:2856
- C:\Windows\System\kDbGIyP.exe
  C:\Windows\System\kDbGIyP.exe
  2⤵
  PID:2544
- C:\Windows\System\CfLifbq.exe
  C:\Windows\System\CfLifbq.exe
  2⤵
  PID:2420
- C:\Windows\System\aPeYizx.exe
  C:\Windows\System\aPeYizx.exe
  2⤵
  PID:2148
- C:\Windows\System\SGsPFdr.exe
  C:\Windows\System\SGsPFdr.exe
  2⤵
  PID:2012
- C:\Windows\System\wFBcWVd.exe
  C:\Windows\System\wFBcWVd.exe
  2⤵
  PID:2676
- C:\Windows\System\wAaIzxB.exe
  C:\Windows\System\wAaIzxB.exe
  2⤵
  PID:1768
- C:\Windows\System\VypOWWe.exe
  C:\Windows\System\VypOWWe.exe
  2⤵
  PID:2008
- C:\Windows\System\dKvKbvg.exe
  C:\Windows\System\dKvKbvg.exe
  2⤵
  PID:2532
- C:\Windows\System\YXPsfnk.exe
  C:\Windows\System\YXPsfnk.exe
  2⤵
  PID:1736
- C:\Windows\System\NkaJQGr.exe
  C:\Windows\System\NkaJQGr.exe
  2⤵
  PID:2304
- C:\Windows\System\JgodHTq.exe
  C:\Windows\System\JgodHTq.exe
  2⤵
  PID:2784
- C:\Windows\System\mGjMwIR.exe
  C:\Windows\System\mGjMwIR.exe
  2⤵
  PID:2764
- C:\Windows\System\VkUxEqC.exe
  C:\Windows\System\VkUxEqC.exe
  2⤵
  PID:2992
- C:\Windows\System\VBRgqXy.exe
  C:\Windows\System\VBRgqXy.exe
  2⤵
  PID:2000
- C:\Windows\System\guwZfjg.exe
  C:\Windows\System\guwZfjg.exe
  2⤵
  PID:1016
- C:\Windows\System\CIgbVYB.exe
  C:\Windows\System\CIgbVYB.exe
  2⤵
  PID:3076
- C:\Windows\System\FvLzSiP.exe
  C:\Windows\System\FvLzSiP.exe
  2⤵
  PID:3096
- C:\Windows\System\ZcoeyMg.exe
  C:\Windows\System\ZcoeyMg.exe
  2⤵
  PID:3116
- C:\Windows\System\aSAtDkh.exe
  C:\Windows\System\aSAtDkh.exe
  2⤵
  PID:3136
- C:\Windows\System\qcyhCqD.exe
  C:\Windows\System\qcyhCqD.exe
  2⤵
  PID:3156
- C:\Windows\System\SDAkRDb.exe
  C:\Windows\System\SDAkRDb.exe
  2⤵
  PID:3176
- C:\Windows\System\QVpaEkd.exe
  C:\Windows\System\QVpaEkd.exe
  2⤵
  PID:3196
- C:\Windows\System\wWDIZsG.exe
  C:\Windows\System\wWDIZsG.exe
  2⤵
  PID:3216
- C:\Windows\System\doaYSkS.exe
  C:\Windows\System\doaYSkS.exe
  2⤵
  PID:3236
- C:\Windows\System\OifrJoT.exe
  C:\Windows\System\OifrJoT.exe
  2⤵
  PID:3256
- C:\Windows\System\OjXDBVo.exe
  C:\Windows\System\OjXDBVo.exe
  2⤵
  PID:3276
- C:\Windows\System\iarGCCb.exe
  C:\Windows\System\iarGCCb.exe
  2⤵
  PID:3296
- C:\Windows\System\rDZzcwB.exe
  C:\Windows\System\rDZzcwB.exe
  2⤵
  PID:3316
- C:\Windows\System\sdbVXVC.exe
  C:\Windows\System\sdbVXVC.exe
  2⤵
  PID:3336
- C:\Windows\System\QVOOWjG.exe
  C:\Windows\System\QVOOWjG.exe
  2⤵
  PID:3356
- C:\Windows\System\WuIxyjN.exe
  C:\Windows\System\WuIxyjN.exe
  2⤵
  PID:3376
- C:\Windows\System\TqNjzCK.exe
  C:\Windows\System\TqNjzCK.exe
  2⤵
  PID:3396
- C:\Windows\System\ABSnEDB.exe
  C:\Windows\System\ABSnEDB.exe
  2⤵
  PID:3416
- C:\Windows\System\KMYJbJH.exe
  C:\Windows\System\KMYJbJH.exe
  2⤵
  PID:3436
- C:\Windows\System\JvtQhLw.exe
  C:\Windows\System\JvtQhLw.exe
  2⤵
  PID:3456
- C:\Windows\System\XFDffGV.exe
  C:\Windows\System\XFDffGV.exe
  2⤵
  PID:3476
- C:\Windows\System\HKqoDHm.exe
  C:\Windows\System\HKqoDHm.exe
  2⤵
  PID:3496
- C:\Windows\System\RjChHYC.exe
  C:\Windows\System\RjChHYC.exe
  2⤵
  PID:3516
- C:\Windows\System\rULObPo.exe
  C:\Windows\System\rULObPo.exe
  2⤵
  PID:3536
- C:\Windows\System\HNlbnKk.exe
  C:\Windows\System\HNlbnKk.exe
  2⤵
  PID:3552
- C:\Windows\System\UIXFYNC.exe
  C:\Windows\System\UIXFYNC.exe
  2⤵
  PID:3576
- C:\Windows\System\OWAgPpw.exe
  C:\Windows\System\OWAgPpw.exe
  2⤵
  PID:3596
- C:\Windows\System\TflRNnR.exe
  C:\Windows\System\TflRNnR.exe
  2⤵
  PID:3616
- C:\Windows\System\PLiFfAY.exe
  C:\Windows\System\PLiFfAY.exe
  2⤵
  PID:3636
- C:\Windows\System\hRDnZNB.exe
  C:\Windows\System\hRDnZNB.exe
  2⤵
  PID:3660
- C:\Windows\System\MsqHdLO.exe
  C:\Windows\System\MsqHdLO.exe
  2⤵
  PID:3676
- C:\Windows\System\vIZRaWT.exe
  C:\Windows\System\vIZRaWT.exe
  2⤵
  PID:3700
- C:\Windows\System\hLrwcKy.exe
  C:\Windows\System\hLrwcKy.exe
  2⤵
  PID:3724
- C:\Windows\System\pHgnkMX.exe
  C:\Windows\System\pHgnkMX.exe
  2⤵
  PID:3748
- C:\Windows\System\zYQGxwz.exe
  C:\Windows\System\zYQGxwz.exe
  2⤵
  PID:3768
- C:\Windows\System\ElLxkNC.exe
  C:\Windows\System\ElLxkNC.exe
  2⤵
  PID:3788
- C:\Windows\System\mvqCUml.exe
  C:\Windows\System\mvqCUml.exe
  2⤵
  PID:3808
- C:\Windows\System\YWUybXM.exe
  C:\Windows\System\YWUybXM.exe
  2⤵
  PID:3828
- C:\Windows\System\UwjdLjL.exe
  C:\Windows\System\UwjdLjL.exe
  2⤵
  PID:3848
- C:\Windows\System\OsLYPRt.exe
  C:\Windows\System\OsLYPRt.exe
  2⤵
  PID:3868
- C:\Windows\System\JNUhoQi.exe
  C:\Windows\System\JNUhoQi.exe
  2⤵
  PID:3888
- C:\Windows\System\lhEtHRe.exe
  C:\Windows\System\lhEtHRe.exe
  2⤵
  PID:3908
- C:\Windows\System\HkJHiul.exe
  C:\Windows\System\HkJHiul.exe
  2⤵
  PID:3928
- C:\Windows\System\zhltwCn.exe
  C:\Windows\System\zhltwCn.exe
  2⤵
  PID:3948
- C:\Windows\System\QfSxwQO.exe
  C:\Windows\System\QfSxwQO.exe
  2⤵
  PID:3968
- C:\Windows\System\bSDSxgZ.exe
  C:\Windows\System\bSDSxgZ.exe
  2⤵
  PID:3988
- C:\Windows\System\DCBlKGT.exe
  C:\Windows\System\DCBlKGT.exe
  2⤵
  PID:4008
- C:\Windows\System\pAgAaqh.exe
  C:\Windows\System\pAgAaqh.exe
  2⤵
  PID:4028
- C:\Windows\System\uQICgvW.exe
  C:\Windows\System\uQICgvW.exe
  2⤵
  PID:4048
- C:\Windows\System\WEzDZcd.exe
  C:\Windows\System\WEzDZcd.exe
  2⤵
  PID:4068
- C:\Windows\System\KufIuwM.exe
  C:\Windows\System\KufIuwM.exe
  2⤵
  PID:4088
- C:\Windows\System\uaTurLY.exe
  C:\Windows\System\uaTurLY.exe
  2⤵
  PID:1748
- C:\Windows\System\VbHIwRS.exe
  C:\Windows\System\VbHIwRS.exe
  2⤵
  PID:1672
- C:\Windows\System\uXjQDSS.exe
  C:\Windows\System\uXjQDSS.exe
  2⤵
  PID:2696
- C:\Windows\System\cGFOPHp.exe
  C:\Windows\System\cGFOPHp.exe
  2⤵
  PID:2672
- C:\Windows\System\kVsCJHT.exe
  C:\Windows\System\kVsCJHT.exe
  2⤵
  PID:2620
- C:\Windows\System\DeHzjKQ.exe
  C:\Windows\System\DeHzjKQ.exe
  2⤵
  PID:2244
- C:\Windows\System\AnfwXZz.exe
  C:\Windows\System\AnfwXZz.exe
  2⤵
  PID:784
- C:\Windows\System\NbrcnTN.exe
  C:\Windows\System\NbrcnTN.exe
  2⤵
  PID:3108
- C:\Windows\System\YkXnMdh.exe
  C:\Windows\System\YkXnMdh.exe
  2⤵
  PID:3164
- C:\Windows\System\EAMHHiF.exe
  C:\Windows\System\EAMHHiF.exe
  2⤵
  PID:3184
- C:\Windows\System\qYQRVNA.exe
  C:\Windows\System\qYQRVNA.exe
  2⤵
  PID:3252
- C:\Windows\System\vQjaaON.exe
  C:\Windows\System\vQjaaON.exe
  2⤵
  PID:3224
- C:\Windows\System\dSmJaVb.exe
  C:\Windows\System\dSmJaVb.exe
  2⤵
  PID:3292
- C:\Windows\System\kiCgxdR.exe
  C:\Windows\System\kiCgxdR.exe
  2⤵
  PID:3324
- C:\Windows\System\OBGJdWn.exe
  C:\Windows\System\OBGJdWn.exe
  2⤵
  PID:3312
- C:\Windows\System\kmvAezf.exe
  C:\Windows\System\kmvAezf.exe
  2⤵
  PID:3368
- C:\Windows\System\sakRJKU.exe
  C:\Windows\System\sakRJKU.exe
  2⤵
  PID:3412
- C:\Windows\System\IyczjYI.exe
  C:\Windows\System\IyczjYI.exe
  2⤵
  PID:3392
- C:\Windows\System\FevkVlt.exe
  C:\Windows\System\FevkVlt.exe
  2⤵
  PID:3428
- C:\Windows\System\DdVOhNA.exe
  C:\Windows\System\DdVOhNA.exe
  2⤵
  PID:3528
- C:\Windows\System\taVctyM.exe
  C:\Windows\System\taVctyM.exe
  2⤵
  PID:3572
- C:\Windows\System\jEGowLg.exe
  C:\Windows\System\jEGowLg.exe
  2⤵
  PID:3544
- C:\Windows\System\iAkBItR.exe
  C:\Windows\System\iAkBItR.exe
  2⤵
  PID:3644
- C:\Windows\System\AdXMqwh.exe
  C:\Windows\System\AdXMqwh.exe
  2⤵
  PID:3588
- C:\Windows\System\PzngfWu.exe
  C:\Windows\System\PzngfWu.exe
  2⤵
  PID:3692
- C:\Windows\System\SScSrAL.exe
  C:\Windows\System\SScSrAL.exe
  2⤵
  PID:3732
- C:\Windows\System\uvViQKl.exe
  C:\Windows\System\uvViQKl.exe
  2⤵
  PID:3712
- C:\Windows\System\DmlDxpk.exe
  C:\Windows\System\DmlDxpk.exe
  2⤵
  PID:3780
- C:\Windows\System\YxsANlN.exe
  C:\Windows\System\YxsANlN.exe
  2⤵
  PID:3800
- C:\Windows\System\PnGzpbv.exe
  C:\Windows\System\PnGzpbv.exe
  2⤵
  PID:3844
- C:\Windows\System\rGSPIzu.exe
  C:\Windows\System\rGSPIzu.exe
  2⤵
  PID:3896
- C:\Windows\System\AmTDZEZ.exe
  C:\Windows\System\AmTDZEZ.exe
  2⤵
  PID:3880
- C:\Windows\System\vXBzKBC.exe
  C:\Windows\System\vXBzKBC.exe
  2⤵
  PID:3920
- C:\Windows\System\fCTroAn.exe
  C:\Windows\System\fCTroAn.exe
  2⤵
  PID:3980
- C:\Windows\System\QUwvZBd.exe
  C:\Windows\System\QUwvZBd.exe
  2⤵
  PID:4020
- C:\Windows\System\dibrsYW.exe
  C:\Windows\System\dibrsYW.exe
  2⤵
  PID:4064
- C:\Windows\System\gqqkWUZ.exe
  C:\Windows\System\gqqkWUZ.exe
  2⤵
  PID:1788
- C:\Windows\System\TDvAqnP.exe
  C:\Windows\System\TDvAqnP.exe
  2⤵
  PID:2456
- C:\Windows\System\PXrfUXK.exe
  C:\Windows\System\PXrfUXK.exe
  2⤵
  PID:2972
- C:\Windows\System\hGttfiM.exe
  C:\Windows\System\hGttfiM.exe
  2⤵
  PID:1896
- C:\Windows\System\TzwugqW.exe
  C:\Windows\System\TzwugqW.exe
  2⤵
  PID:3092
- C:\Windows\System\TIeJlqp.exe
  C:\Windows\System\TIeJlqp.exe
  2⤵
  PID:3128
- C:\Windows\System\EExPpTj.exe
  C:\Windows\System\EExPpTj.exe
  2⤵
  PID:3244
- C:\Windows\System\pGYjBKR.exe
  C:\Windows\System\pGYjBKR.exe
  2⤵
  PID:3168
- C:\Windows\System\tkpJjxU.exe
  C:\Windows\System\tkpJjxU.exe
  2⤵
  PID:3264
- C:\Windows\System\SNtXRAD.exe
  C:\Windows\System\SNtXRAD.exe
  2⤵
  PID:3272
- C:\Windows\System\UKNIhOu.exe
  C:\Windows\System\UKNIhOu.exe
  2⤵
  PID:3348
- C:\Windows\System\orBVclO.exe
  C:\Windows\System\orBVclO.exe
  2⤵
  PID:3484
- C:\Windows\System\cXZJtBh.exe
  C:\Windows\System\cXZJtBh.exe
  2⤵
  PID:3488
- C:\Windows\System\BtGnbOJ.exe
  C:\Windows\System\BtGnbOJ.exe
  2⤵
  PID:3464
- C:\Windows\System\zhsooCL.exe
  C:\Windows\System\zhsooCL.exe
  2⤵
  PID:576
- C:\Windows\System\MpkknZp.exe
  C:\Windows\System\MpkknZp.exe
  2⤵
  PID:3512
- C:\Windows\System\CSRyszk.exe
  C:\Windows\System\CSRyszk.exe
  2⤵
  PID:3584
- C:\Windows\System\tOvKBqj.exe
  C:\Windows\System\tOvKBqj.exe
  2⤵
  PID:3668
- C:\Windows\System\gmqwOVR.exe
  C:\Windows\System\gmqwOVR.exe
  2⤵
  PID:3820
- C:\Windows\System\VXOXMvv.exe
  C:\Windows\System\VXOXMvv.exe
  2⤵
  PID:3856
- C:\Windows\System\zGVCGen.exe
  C:\Windows\System\zGVCGen.exe
  2⤵
  PID:3944
- C:\Windows\System\eYxtfXQ.exe
  C:\Windows\System\eYxtfXQ.exe
  2⤵
  PID:3924
- C:\Windows\System\IePINwo.exe
  C:\Windows\System\IePINwo.exe
  2⤵
  PID:3984
- C:\Windows\System\ZuHrkku.exe
  C:\Windows\System\ZuHrkku.exe
  2⤵
  PID:4040
- C:\Windows\System\kwNqvWD.exe
  C:\Windows\System\kwNqvWD.exe
  2⤵
  PID:4076
- C:\Windows\System\acdsuNl.exe
  C:\Windows\System\acdsuNl.exe
  2⤵
  PID:3084
- C:\Windows\System\mqpLbWk.exe
  C:\Windows\System\mqpLbWk.exe
  2⤵
  PID:1704
- C:\Windows\System\bOsiLKi.exe
  C:\Windows\System\bOsiLKi.exe
  2⤵
  PID:3112
- C:\Windows\System\XMVFyot.exe
  C:\Windows\System\XMVFyot.exe
  2⤵
  PID:3152
- C:\Windows\System\OhQsHtW.exe
  C:\Windows\System\OhQsHtW.exe
  2⤵
  PID:3328
- C:\Windows\System\TxqlCsn.exe
  C:\Windows\System\TxqlCsn.exe
  2⤵
  PID:3404
- C:\Windows\System\RGAsLBn.exe
  C:\Windows\System\RGAsLBn.exe
  2⤵
  PID:3532
- C:\Windows\System\gNvZMgS.exe
  C:\Windows\System\gNvZMgS.exe
  2⤵
  PID:3628
- C:\Windows\System\BpodwWO.exe
  C:\Windows\System\BpodwWO.exe
  2⤵
  PID:3508
- C:\Windows\System\tJPqHPv.exe
  C:\Windows\System\tJPqHPv.exe
  2⤵
  PID:3744
- C:\Windows\System\QKBzokP.exe
  C:\Windows\System\QKBzokP.exe
  2⤵
  PID:3840
- C:\Windows\System\fAzeAon.exe
  C:\Windows\System\fAzeAon.exe
  2⤵
  PID:2788
- C:\Windows\System\XYoQNAf.exe
  C:\Windows\System\XYoQNAf.exe
  2⤵
  PID:3940
- C:\Windows\System\XMgJgam.exe
  C:\Windows\System\XMgJgam.exe
  2⤵
  PID:3900
- C:\Windows\System\TFpwyoo.exe
  C:\Windows\System\TFpwyoo.exe
  2⤵
  PID:2380
- C:\Windows\System\sTrsprf.exe
  C:\Windows\System\sTrsprf.exe
  2⤵
  PID:3212
- C:\Windows\System\xYsFbIQ.exe
  C:\Windows\System\xYsFbIQ.exe
  2⤵
  PID:3232
- C:\Windows\System\epstdBl.exe
  C:\Windows\System\epstdBl.exe
  2⤵
  PID:3332
- C:\Windows\System\fXWsrPC.exe
  C:\Windows\System\fXWsrPC.exe
  2⤵
  PID:3452
- C:\Windows\System\mqIVgKS.exe
  C:\Windows\System\mqIVgKS.exe
  2⤵
  PID:3560
- C:\Windows\System\hZeLEBn.exe
  C:\Windows\System\hZeLEBn.exe
  2⤵
  PID:3672
- C:\Windows\System\HhcBIZl.exe
  C:\Windows\System\HhcBIZl.exe
  2⤵
  PID:3876
- C:\Windows\System\ZXfILEY.exe
  C:\Windows\System\ZXfILEY.exe
  2⤵
  PID:3996
- C:\Windows\System\xXiWKfM.exe
  C:\Windows\System\xXiWKfM.exe
  2⤵
  PID:1984
- C:\Windows\System\BTYyQop.exe
  C:\Windows\System\BTYyQop.exe
  2⤵
  PID:2140
- C:\Windows\System\kEtZwFF.exe
  C:\Windows\System\kEtZwFF.exe
  2⤵
  PID:444
- C:\Windows\System\qkUJVyY.exe
  C:\Windows\System\qkUJVyY.exe
  2⤵
  PID:3448
- C:\Windows\System\nIIzDjk.exe
  C:\Windows\System\nIIzDjk.exe
  2⤵
  PID:4112
- C:\Windows\System\Yannjey.exe
  C:\Windows\System\Yannjey.exe
  2⤵
  PID:4132
- C:\Windows\System\hhsAwKs.exe
  C:\Windows\System\hhsAwKs.exe
  2⤵
  PID:4152
- C:\Windows\System\oivWTrb.exe
  C:\Windows\System\oivWTrb.exe
  2⤵
  PID:4172
- C:\Windows\System\dNfKEit.exe
  C:\Windows\System\dNfKEit.exe
  2⤵
  PID:4192
- C:\Windows\System\PcrDIhg.exe
  C:\Windows\System\PcrDIhg.exe
  2⤵
  PID:4212
- C:\Windows\System\YBWuPOI.exe
  C:\Windows\System\YBWuPOI.exe
  2⤵
  PID:4232
- C:\Windows\System\nnTxxxK.exe
  C:\Windows\System\nnTxxxK.exe
  2⤵
  PID:4248
- C:\Windows\System\JbGOgBD.exe
  C:\Windows\System\JbGOgBD.exe
  2⤵
  PID:4272
- C:\Windows\System\etODOhd.exe
  C:\Windows\System\etODOhd.exe
  2⤵
  PID:4292
- C:\Windows\System\qBcuZwM.exe
  C:\Windows\System\qBcuZwM.exe
  2⤵
  PID:4312
- C:\Windows\System\sfgkGzm.exe
  C:\Windows\System\sfgkGzm.exe
  2⤵
  PID:4332
- C:\Windows\System\QuokhRw.exe
  C:\Windows\System\QuokhRw.exe
  2⤵
  PID:4352
- C:\Windows\System\rcvKHfJ.exe
  C:\Windows\System\rcvKHfJ.exe
  2⤵
  PID:4376
- C:\Windows\System\szbPscm.exe
  C:\Windows\System\szbPscm.exe
  2⤵
  PID:4396
- C:\Windows\System\JJEzSRH.exe
  C:\Windows\System\JJEzSRH.exe
  2⤵
  PID:4416
- C:\Windows\System\izEjBid.exe
  C:\Windows\System\izEjBid.exe
  2⤵
  PID:4436
- C:\Windows\System\miKIAsn.exe
  C:\Windows\System\miKIAsn.exe
  2⤵
  PID:4456
- C:\Windows\System\nVdAHHQ.exe
  C:\Windows\System\nVdAHHQ.exe
  2⤵
  PID:4476
- C:\Windows\System\xZRVgYR.exe
  C:\Windows\System\xZRVgYR.exe
  2⤵
  PID:4496
- C:\Windows\System\dOzDwFP.exe
  C:\Windows\System\dOzDwFP.exe
  2⤵
  PID:4516
- C:\Windows\System\PbwnYQg.exe
  C:\Windows\System\PbwnYQg.exe
  2⤵
  PID:4536
- C:\Windows\System\lGUAvwX.exe
  C:\Windows\System\lGUAvwX.exe
  2⤵
  PID:4556
- C:\Windows\System\JPnMcJU.exe
  C:\Windows\System\JPnMcJU.exe
  2⤵
  PID:4572
- C:\Windows\System\QBxqcDr.exe
  C:\Windows\System\QBxqcDr.exe
  2⤵
  PID:4596
- C:\Windows\System\nSprXam.exe
  C:\Windows\System\nSprXam.exe
  2⤵
  PID:4616
- C:\Windows\System\yXdTEqF.exe
  C:\Windows\System\yXdTEqF.exe
  2⤵
  PID:4636
- C:\Windows\System\qTUVHPz.exe
  C:\Windows\System\qTUVHPz.exe
  2⤵
  PID:4656
- C:\Windows\System\EGlmgAE.exe
  C:\Windows\System\EGlmgAE.exe
  2⤵
  PID:4676
- C:\Windows\System\trTrBqU.exe
  C:\Windows\System\trTrBqU.exe
  2⤵
  PID:4696
- C:\Windows\System\ZdONpCZ.exe
  C:\Windows\System\ZdONpCZ.exe
  2⤵
  PID:4716
- C:\Windows\System\cQwLkFo.exe
  C:\Windows\System\cQwLkFo.exe
  2⤵
  PID:4736
- C:\Windows\System\YjjPmcP.exe
  C:\Windows\System\YjjPmcP.exe
  2⤵
  PID:4756
- C:\Windows\System\LHbwvGD.exe
  C:\Windows\System\LHbwvGD.exe
  2⤵
  PID:4776
- C:\Windows\System\xuJisna.exe
  C:\Windows\System\xuJisna.exe
  2⤵
  PID:4796
- C:\Windows\System\hotvLpV.exe
  C:\Windows\System\hotvLpV.exe
  2⤵
  PID:4816
- C:\Windows\System\OlaUoZm.exe
  C:\Windows\System\OlaUoZm.exe
  2⤵
  PID:4836
- C:\Windows\System\vlcmLUg.exe
  C:\Windows\System\vlcmLUg.exe
  2⤵
  PID:4856
- C:\Windows\System\NpKdNkB.exe
  C:\Windows\System\NpKdNkB.exe
  2⤵
  PID:4880
- C:\Windows\System\gVmgWpu.exe
  C:\Windows\System\gVmgWpu.exe
  2⤵
  PID:4900
- C:\Windows\System\fBlRnma.exe
  C:\Windows\System\fBlRnma.exe
  2⤵
  PID:4920
- C:\Windows\System\RclfLYE.exe
  C:\Windows\System\RclfLYE.exe
  2⤵
  PID:4940
- C:\Windows\System\tWuCioj.exe
  C:\Windows\System\tWuCioj.exe
  2⤵
  PID:4960
- C:\Windows\System\poSwXvK.exe
  C:\Windows\System\poSwXvK.exe
  2⤵
  PID:4980
- C:\Windows\System\XUUjEMh.exe
  C:\Windows\System\XUUjEMh.exe
  2⤵
  PID:5000
- C:\Windows\System\vIfQgUL.exe
  C:\Windows\System\vIfQgUL.exe
  2⤵
  PID:5020
- C:\Windows\System\NoWkQYE.exe
  C:\Windows\System\NoWkQYE.exe
  2⤵
  PID:5040
- C:\Windows\System\YBoXzQw.exe
  C:\Windows\System\YBoXzQw.exe
  2⤵
  PID:5060
- C:\Windows\System\TccuWmk.exe
  C:\Windows\System\TccuWmk.exe
  2⤵
  PID:5080
- C:\Windows\System\sOntAeW.exe
  C:\Windows\System\sOntAeW.exe
  2⤵
  PID:5096
- C:\Windows\System\oAWOCdK.exe
  C:\Windows\System\oAWOCdK.exe
  2⤵
  PID:3684
- C:\Windows\System\qfxgVyt.exe
  C:\Windows\System\qfxgVyt.exe
  2⤵
  PID:3824
- C:\Windows\System\lGjOAUA.exe
  C:\Windows\System\lGjOAUA.exe
  2⤵
  PID:3884
- C:\Windows\System\GhEgbAi.exe
  C:\Windows\System\GhEgbAi.exe
  2⤵
  PID:2424
- C:\Windows\System\QitIAJb.exe
  C:\Windows\System\QitIAJb.exe
  2⤵
  PID:1776
- C:\Windows\System\iYDvbdP.exe
  C:\Windows\System\iYDvbdP.exe
  2⤵
  PID:2072
- C:\Windows\System\QduOSLb.exe
  C:\Windows\System\QduOSLb.exe
  2⤵
  PID:4124
- C:\Windows\System\QWLzGjP.exe
  C:\Windows\System\QWLzGjP.exe
  2⤵
  PID:4180
- C:\Windows\System\WjZiMSN.exe
  C:\Windows\System\WjZiMSN.exe
  2⤵
  PID:4220
- C:\Windows\System\wCVwFYB.exe
  C:\Windows\System\wCVwFYB.exe
  2⤵
  PID:4224
- C:\Windows\System\yJCAWhY.exe
  C:\Windows\System\yJCAWhY.exe
  2⤵
  PID:4244
- C:\Windows\System\zuSvXCJ.exe
  C:\Windows\System\zuSvXCJ.exe
  2⤵
  PID:4288
- C:\Windows\System\oWFIjZl.exe
  C:\Windows\System\oWFIjZl.exe
  2⤵
  PID:4324
- C:\Windows\System\lBnrFln.exe
  C:\Windows\System\lBnrFln.exe
  2⤵
  PID:4384
- C:\Windows\System\oFuTIVl.exe
  C:\Windows\System\oFuTIVl.exe
  2⤵
  PID:4424
- C:\Windows\System\IUNHzdW.exe
  C:\Windows\System\IUNHzdW.exe
  2⤵
  PID:4428
- C:\Windows\System\cSEqWvR.exe
  C:\Windows\System\cSEqWvR.exe
  2⤵
  PID:4448
- C:\Windows\System\zKZzmQz.exe
  C:\Windows\System\zKZzmQz.exe
  2⤵
  PID:4512
- C:\Windows\System\QvRPjze.exe
  C:\Windows\System\QvRPjze.exe
  2⤵
  PID:4548
- C:\Windows\System\wYSXONY.exe
  C:\Windows\System\wYSXONY.exe
  2⤵
  PID:4580
- C:\Windows\System\HChkvuL.exe
  C:\Windows\System\HChkvuL.exe
  2⤵
  PID:4584
- C:\Windows\System\KUUczzW.exe
  C:\Windows\System\KUUczzW.exe
  2⤵
  PID:4632
- C:\Windows\System\InsiIPn.exe
  C:\Windows\System\InsiIPn.exe
  2⤵
  PID:4648
- C:\Windows\System\atxRDKJ.exe
  C:\Windows\System\atxRDKJ.exe
  2⤵
  PID:4704
- C:\Windows\System\MHRtjFh.exe
  C:\Windows\System\MHRtjFh.exe
  2⤵
  PID:4752
- C:\Windows\System\VyvzYfk.exe
  C:\Windows\System\VyvzYfk.exe
  2⤵
  PID:4764
- C:\Windows\System\qLZrwZc.exe
  C:\Windows\System\qLZrwZc.exe
  2⤵
  PID:4768
- C:\Windows\System\cNwNBfu.exe
  C:\Windows\System\cNwNBfu.exe
  2⤵
  PID:4828
- C:\Windows\System\eluNpxQ.exe
  C:\Windows\System\eluNpxQ.exe
  2⤵
  PID:4868
- C:\Windows\System\wDLRGBZ.exe
  C:\Windows\System\wDLRGBZ.exe
  2⤵
  PID:4888
- C:\Windows\System\OviVgcI.exe
  C:\Windows\System\OviVgcI.exe
  2⤵
  PID:4892
- C:\Windows\System\evcCeFj.exe
  C:\Windows\System\evcCeFj.exe
  2⤵
  PID:4932
- C:\Windows\System\uvtFIkI.exe
  C:\Windows\System\uvtFIkI.exe
  2⤵
  PID:4996
- C:\Windows\System\aexncuX.exe
  C:\Windows\System\aexncuX.exe
  2⤵
  PID:5036
- C:\Windows\System\sitIFMn.exe
  C:\Windows\System\sitIFMn.exe
  2⤵
  PID:5068
- C:\Windows\System\FEEYNVf.exe
  C:\Windows\System\FEEYNVf.exe
  2⤵
  PID:5088
- C:\Windows\System\ckzGVVU.exe
  C:\Windows\System\ckzGVVU.exe
  2⤵
  PID:5108
- C:\Windows\System\GNONjyp.exe
  C:\Windows\System\GNONjyp.exe
  2⤵
  PID:2076
- C:\Windows\System\xWtLAvE.exe
  C:\Windows\System\xWtLAvE.exe
  2⤵
  PID:3384
- C:\Windows\System\nTzuaVg.exe
  C:\Windows\System\nTzuaVg.exe
  2⤵
  PID:3960
- C:\Windows\System\xpkftBi.exe
  C:\Windows\System\xpkftBi.exe
  2⤵
  PID:4184
- C:\Windows\System\zsflLsf.exe
  C:\Windows\System\zsflLsf.exe
  2⤵
  PID:4208
- C:\Windows\System\ZktUcFF.exe
  C:\Windows\System\ZktUcFF.exe
  2⤵
  PID:4204
- C:\Windows\System\hsxdaTY.exe
  C:\Windows\System\hsxdaTY.exe
  2⤵
  PID:4876
- C:\Windows\System\FuVKFFy.exe
  C:\Windows\System\FuVKFFy.exe
  2⤵
  PID:4328
- C:\Windows\System\WaSfiFg.exe
  C:\Windows\System\WaSfiFg.exe
  2⤵
  PID:4472
- C:\Windows\System\QTOhUfi.exe
  C:\Windows\System\QTOhUfi.exe
  2⤵
  PID:4104
- C:\Windows\System\WQRNzcM.exe
  C:\Windows\System\WQRNzcM.exe
  2⤵
  PID:4504
- C:\Windows\System\WZvcBeX.exe
  C:\Windows\System\WZvcBeX.exe
  2⤵
  PID:4528
- C:\Windows\System\vkKmyGy.exe
  C:\Windows\System\vkKmyGy.exe
  2⤵
  PID:4672
- C:\Windows\System\CIdrRcu.exe
  C:\Windows\System\CIdrRcu.exe
  2⤵
  PID:4652
- C:\Windows\System\LVTxSVd.exe
  C:\Windows\System\LVTxSVd.exe
  2⤵
  PID:4788
- C:\Windows\System\pzPOKFO.exe
  C:\Windows\System\pzPOKFO.exe
  2⤵
  PID:4812
- C:\Windows\System\lgmAcXC.exe
  C:\Windows\System\lgmAcXC.exe
  2⤵
  PID:1716
- C:\Windows\System\rvyFjKW.exe
  C:\Windows\System\rvyFjKW.exe
  2⤵
  PID:4852
- C:\Windows\System\DJRoibi.exe
  C:\Windows\System\DJRoibi.exe
  2⤵
  PID:4956
- C:\Windows\System\zLYgxOC.exe
  C:\Windows\System\zLYgxOC.exe
  2⤵
  PID:5016
- C:\Windows\System\XkfGLUm.exe
  C:\Windows\System\XkfGLUm.exe
  2⤵
  PID:5008
- C:\Windows\System\wYhovwJ.exe
  C:\Windows\System\wYhovwJ.exe
  2⤵
  PID:5052
- C:\Windows\System\JXejKsc.exe
  C:\Windows\System\JXejKsc.exe
  2⤵
  PID:4024
- C:\Windows\System\LIRkQkz.exe
  C:\Windows\System\LIRkQkz.exe
  2⤵
  PID:4148
- C:\Windows\System\jftAZhc.exe
  C:\Windows\System\jftAZhc.exe
  2⤵
  PID:4268
- C:\Windows\System\jEaqiwV.exe
  C:\Windows\System\jEaqiwV.exe
  2⤵
  PID:4164
- C:\Windows\System\oFhcrjm.exe
  C:\Windows\System\oFhcrjm.exe
  2⤵
  PID:4344
- C:\Windows\System\FTtQdlS.exe
  C:\Windows\System\FTtQdlS.exe
  2⤵
  PID:4408
- C:\Windows\System\CvFWpkH.exe
  C:\Windows\System\CvFWpkH.exe
  2⤵
  PID:4592
- C:\Windows\System\YKCyTUi.exe
  C:\Windows\System\YKCyTUi.exe
  2⤵
  PID:4628
- C:\Windows\System\kGJvmbr.exe
  C:\Windows\System\kGJvmbr.exe
  2⤵
  PID:4612
- C:\Windows\System\AZOKMgv.exe
  C:\Windows\System\AZOKMgv.exe
  2⤵
  PID:4692
- C:\Windows\System\ZpcwJxg.exe
  C:\Windows\System\ZpcwJxg.exe
  2⤵
  PID:4864
- C:\Windows\System\fIBEmdA.exe
  C:\Windows\System\fIBEmdA.exe
  2⤵
  PID:4992
- C:\Windows\System\hJzZbcL.exe
  C:\Windows\System\hJzZbcL.exe
  2⤵
  PID:4928
- C:\Windows\System\thgAyic.exe
  C:\Windows\System\thgAyic.exe
  2⤵
  PID:4972
- C:\Windows\System\CTyzrvc.exe
  C:\Windows\System\CTyzrvc.exe
  2⤵
  PID:4004
- C:\Windows\System\tSWsPWC.exe
  C:\Windows\System\tSWsPWC.exe
  2⤵
  PID:4240
- C:\Windows\System\ORGGvOA.exe
  C:\Windows\System\ORGGvOA.exe
  2⤵
  PID:1644
- C:\Windows\System\TpwOfJH.exe
  C:\Windows\System\TpwOfJH.exe
  2⤵
  PID:4412
- C:\Windows\System\ALaakJJ.exe
  C:\Windows\System\ALaakJJ.exe
  2⤵
  PID:4524
- C:\Windows\System\ZBCLrtF.exe
  C:\Windows\System\ZBCLrtF.exe
  2⤵
  PID:5136
- C:\Windows\System\SLauCXH.exe
  C:\Windows\System\SLauCXH.exe
  2⤵
  PID:5156
- C:\Windows\System\DjhdqRS.exe
  C:\Windows\System\DjhdqRS.exe
  2⤵
  PID:5176
- C:\Windows\System\ohJQdRl.exe
  C:\Windows\System\ohJQdRl.exe
  2⤵
  PID:5196
- C:\Windows\System\RjmWaIB.exe
  C:\Windows\System\RjmWaIB.exe
  2⤵
  PID:5216
- C:\Windows\System\QYTgyjr.exe
  C:\Windows\System\QYTgyjr.exe
  2⤵
  PID:5236
- C:\Windows\System\BkTQnEX.exe
  C:\Windows\System\BkTQnEX.exe
  2⤵
  PID:5256
- C:\Windows\System\tQdUALS.exe
  C:\Windows\System\tQdUALS.exe
  2⤵
  PID:5276
- C:\Windows\System\mifPDGq.exe
  C:\Windows\System\mifPDGq.exe
  2⤵
  PID:5296
- C:\Windows\System\QHTZxfD.exe
  C:\Windows\System\QHTZxfD.exe
  2⤵
  PID:5316
- C:\Windows\System\KPLBzoy.exe
  C:\Windows\System\KPLBzoy.exe
  2⤵
  PID:5336
- C:\Windows\System\kKKVbiq.exe
  C:\Windows\System\kKKVbiq.exe
  2⤵
  PID:5356
- C:\Windows\System\WuptwhV.exe
  C:\Windows\System\WuptwhV.exe
  2⤵
  PID:5376
- C:\Windows\System\UKGNquu.exe
  C:\Windows\System\UKGNquu.exe
  2⤵
  PID:5396
- C:\Windows\System\HhnfKyb.exe
  C:\Windows\System\HhnfKyb.exe
  2⤵
  PID:5416
- C:\Windows\System\gKscYLb.exe
  C:\Windows\System\gKscYLb.exe
  2⤵
  PID:5436
- C:\Windows\System\ZOpMtDi.exe
  C:\Windows\System\ZOpMtDi.exe
  2⤵
  PID:5456
- C:\Windows\System\xVCONqj.exe
  C:\Windows\System\xVCONqj.exe
  2⤵
  PID:5476
- C:\Windows\System\RUDDOrs.exe
  C:\Windows\System\RUDDOrs.exe
  2⤵
  PID:5496
- C:\Windows\System\uxAyAAd.exe
  C:\Windows\System\uxAyAAd.exe
  2⤵
  PID:5516
- C:\Windows\System\orKcjun.exe
  C:\Windows\System\orKcjun.exe
  2⤵
  PID:5536
- C:\Windows\System\nIatVYy.exe
  C:\Windows\System\nIatVYy.exe
  2⤵
  PID:5556
- C:\Windows\System\tjZTzRK.exe
  C:\Windows\System\tjZTzRK.exe
  2⤵
  PID:5576
- C:\Windows\System\TkSJkAR.exe
  C:\Windows\System\TkSJkAR.exe
  2⤵
  PID:5596
- C:\Windows\System\JXjRXhE.exe
  C:\Windows\System\JXjRXhE.exe
  2⤵
  PID:5616
- C:\Windows\System\hjpPujU.exe
  C:\Windows\System\hjpPujU.exe
  2⤵
  PID:5636
- C:\Windows\System\jXzTUJX.exe
  C:\Windows\System\jXzTUJX.exe
  2⤵
  PID:5656
- C:\Windows\System\NtprLRc.exe
  C:\Windows\System\NtprLRc.exe
  2⤵
  PID:5676
- C:\Windows\System\PDsCpqX.exe
  C:\Windows\System\PDsCpqX.exe
  2⤵
  PID:5696
- C:\Windows\System\ZNjAWaj.exe
  C:\Windows\System\ZNjAWaj.exe
  2⤵
  PID:5716
- C:\Windows\System\egcRFFs.exe
  C:\Windows\System\egcRFFs.exe
  2⤵
  PID:5736
- C:\Windows\System\FTvMuWs.exe
  C:\Windows\System\FTvMuWs.exe
  2⤵
  PID:5756
- C:\Windows\System\xcCkBcr.exe
  C:\Windows\System\xcCkBcr.exe
  2⤵
  PID:5776
- C:\Windows\System\jmlZOWi.exe
  C:\Windows\System\jmlZOWi.exe
  2⤵
  PID:5796
- C:\Windows\System\zUjbYoP.exe
  C:\Windows\System\zUjbYoP.exe
  2⤵
  PID:5816
- C:\Windows\System\DhqQxfc.exe
  C:\Windows\System\DhqQxfc.exe
  2⤵
  PID:5836
- C:\Windows\System\UBAmmjj.exe
  C:\Windows\System\UBAmmjj.exe
  2⤵
  PID:5856
- C:\Windows\System\skAhTjW.exe
  C:\Windows\System\skAhTjW.exe
  2⤵
  PID:5876
- C:\Windows\System\zaXFEJh.exe
  C:\Windows\System\zaXFEJh.exe
  2⤵
  PID:5896
- C:\Windows\System\KeqEHll.exe
  C:\Windows\System\KeqEHll.exe
  2⤵
  PID:5916
- C:\Windows\System\MvMSsEV.exe
  C:\Windows\System\MvMSsEV.exe
  2⤵
  PID:5936
- C:\Windows\System\rEQMqqO.exe
  C:\Windows\System\rEQMqqO.exe
  2⤵
  PID:5956
- C:\Windows\System\RoTiWqZ.exe
  C:\Windows\System\RoTiWqZ.exe
  2⤵
  PID:5976
- C:\Windows\System\jBrLHgP.exe
  C:\Windows\System\jBrLHgP.exe
  2⤵
  PID:5996
- C:\Windows\System\DZtrHgD.exe
  C:\Windows\System\DZtrHgD.exe
  2⤵
  PID:6016
- C:\Windows\System\IlLbaZo.exe
  C:\Windows\System\IlLbaZo.exe
  2⤵
  PID:6036
- C:\Windows\System\LLeOZdK.exe
  C:\Windows\System\LLeOZdK.exe
  2⤵
  PID:6056
- C:\Windows\System\vOuVokL.exe
  C:\Windows\System\vOuVokL.exe
  2⤵
  PID:6072
- C:\Windows\System\uXRDYFA.exe
  C:\Windows\System\uXRDYFA.exe
  2⤵
  PID:6088
- C:\Windows\System\BaXJGYj.exe
  C:\Windows\System\BaXJGYj.exe
  2⤵
  PID:6112
- C:\Windows\System\uetSTnB.exe
  C:\Windows\System\uetSTnB.exe
  2⤵
  PID:6128
- C:\Windows\System\BpIzxaS.exe
  C:\Windows\System\BpIzxaS.exe
  2⤵
  PID:4744
- C:\Windows\System\yoBeTJi.exe
  C:\Windows\System\yoBeTJi.exe
  2⤵
  PID:4772
- C:\Windows\System\pfTSCCE.exe
  C:\Windows\System\pfTSCCE.exe
  2⤵
  PID:4896
- C:\Windows\System\qJZGgaE.exe
  C:\Windows\System\qJZGgaE.exe
  2⤵
  PID:5104
- C:\Windows\System\IlDFBqH.exe
  C:\Windows\System\IlDFBqH.exe
  2⤵
  PID:5116
- C:\Windows\System\JnhyISU.exe
  C:\Windows\System\JnhyISU.exe
  2⤵
  PID:1852
- C:\Windows\System\UROxtkt.exe
  C:\Windows\System\UROxtkt.exe
  2⤵
  PID:4300
- C:\Windows\System\kfwjnqe.exe
  C:\Windows\System\kfwjnqe.exe
  2⤵
  PID:4304
- C:\Windows\System\pWmpSqP.exe
  C:\Windows\System\pWmpSqP.exe
  2⤵
  PID:5164
- C:\Windows\System\HspqTix.exe
  C:\Windows\System\HspqTix.exe
  2⤵
  PID:5168
- C:\Windows\System\wHXVagH.exe
  C:\Windows\System\wHXVagH.exe
  2⤵
  PID:5204
- C:\Windows\System\jSmifoe.exe
  C:\Windows\System\jSmifoe.exe
  2⤵
  PID:5188
- C:\Windows\System\fvniFPF.exe
  C:\Windows\System\fvniFPF.exe
  2⤵
  PID:2400
- C:\Windows\System\ZdSkRvk.exe
  C:\Windows\System\ZdSkRvk.exe
  2⤵
  PID:5272
- C:\Windows\System\moabGBp.exe
  C:\Windows\System\moabGBp.exe
  2⤵
  PID:5308
- C:\Windows\System\jkIcEiF.exe
  C:\Windows\System\jkIcEiF.exe
  2⤵
  PID:5348
- C:\Windows\System\XtNawNr.exe
  C:\Windows\System\XtNawNr.exe
  2⤵
  PID:5412
- C:\Windows\System\IJSveQd.exe
  C:\Windows\System\IJSveQd.exe
  2⤵
  PID:3716
- C:\Windows\System\BXguMid.exe
  C:\Windows\System\BXguMid.exe
  2⤵
  PID:5444
- C:\Windows\System\AEVTLPM.exe
  C:\Windows\System\AEVTLPM.exe
  2⤵
  PID:5472
- C:\Windows\System\gohAidA.exe
  C:\Windows\System\gohAidA.exe
  2⤵
  PID:2908
- C:\Windows\System\JszQzyF.exe
  C:\Windows\System\JszQzyF.exe
  2⤵
  PID:5532
- C:\Windows\System\dfbluoZ.exe
  C:\Windows\System\dfbluoZ.exe
  2⤵
  PID:5544
- C:\Windows\System\sQmyZoi.exe
  C:\Windows\System\sQmyZoi.exe
  2⤵
  PID:5572
- C:\Windows\System\lYcdlce.exe
  C:\Windows\System\lYcdlce.exe
  2⤵
  PID:5612
- C:\Windows\System\QKtJItv.exe
  C:\Windows\System\QKtJItv.exe
  2⤵
  PID:5644
- C:\Windows\System\oalhiyV.exe
  C:\Windows\System\oalhiyV.exe
  2⤵
  PID:5664
- C:\Windows\System\KOMPqWb.exe
  C:\Windows\System\KOMPqWb.exe
  2⤵
  PID:5668
- C:\Windows\System\EHCchzc.exe
  C:\Windows\System\EHCchzc.exe
  2⤵
  PID:5732
- C:\Windows\System\hFsbkgL.exe
  C:\Windows\System\hFsbkgL.exe
  2⤵
  PID:5752
- C:\Windows\System\lUvhsfx.exe
  C:\Windows\System\lUvhsfx.exe
  2⤵
  PID:5784
- C:\Windows\System\AAhezYW.exe
  C:\Windows\System\AAhezYW.exe
  2⤵
  PID:2044
- C:\Windows\System\ktHtwhx.exe
  C:\Windows\System\ktHtwhx.exe
  2⤵
  PID:1276
- C:\Windows\System\HGaDEIR.exe
  C:\Windows\System\HGaDEIR.exe
  2⤵
  PID:1980
- C:\Windows\System\UhwDfNU.exe
  C:\Windows\System\UhwDfNU.exe
  2⤵
  PID:5884
- C:\Windows\System\YhiSNmK.exe
  C:\Windows\System\YhiSNmK.exe
  2⤵
  PID:5888
- C:\Windows\System\ImrTLso.exe
  C:\Windows\System\ImrTLso.exe
  2⤵
  PID:5928
- C:\Windows\System\ioVTpob.exe
  C:\Windows\System\ioVTpob.exe
  2⤵
  PID:5952
- C:\Windows\System\xMBfZGE.exe
  C:\Windows\System\xMBfZGE.exe
  2⤵
  PID:5948
- C:\Windows\System\zwYQOyv.exe
  C:\Windows\System\zwYQOyv.exe
  2⤵
  PID:5992
- C:\Windows\System\ORfYXBC.exe
  C:\Windows\System\ORfYXBC.exe
  2⤵
  PID:2096
- C:\Windows\System\UgfGmSH.exe
  C:\Windows\System\UgfGmSH.exe
  2⤵
  PID:6032
- C:\Windows\System\eVODLSV.exe
  C:\Windows\System\eVODLSV.exe
  2⤵
  PID:2112
- C:\Windows\System\ePFGtkE.exe
  C:\Windows\System\ePFGtkE.exe
  2⤵
  PID:5132
- C:\Windows\System\MosWoVK.exe
  C:\Windows\System\MosWoVK.exe
  2⤵
  PID:6124
- C:\Windows\System\mnLfYuM.exe
  C:\Windows\System\mnLfYuM.exe
  2⤵
  PID:4368
- C:\Windows\System\KCZMKXl.exe
  C:\Windows\System\KCZMKXl.exe
  2⤵
  PID:4912
- C:\Windows\System\lLkDJnK.exe
  C:\Windows\System\lLkDJnK.exe
  2⤵
  PID:6140
- C:\Windows\System\xYZMAPT.exe
  C:\Windows\System\xYZMAPT.exe
  2⤵
  PID:5056
- C:\Windows\System\YLiLcNd.exe
  C:\Windows\System\YLiLcNd.exe
  2⤵
  PID:4392
- C:\Windows\System\gjuhuLZ.exe
  C:\Windows\System\gjuhuLZ.exe
  2⤵
  PID:1800
- C:\Windows\System\ESdHyZV.exe
  C:\Windows\System\ESdHyZV.exe
  2⤵
  PID:5208
- C:\Windows\System\LIEIBun.exe
  C:\Windows\System\LIEIBun.exe
  2⤵
  PID:5284
- C:\Windows\System\RobQUQf.exe
  C:\Windows\System\RobQUQf.exe
  2⤵
  PID:5288
- C:\Windows\System\EEbPuwP.exe
  C:\Windows\System\EEbPuwP.exe
  2⤵
  PID:5184
- C:\Windows\System\LIqFGfK.exe
  C:\Windows\System\LIqFGfK.exe
  2⤵
  PID:5384
- C:\Windows\System\GEXbwFe.exe
  C:\Windows\System\GEXbwFe.exe
  2⤵
  PID:5448
- C:\Windows\System\ckQkDLp.exe
  C:\Windows\System\ckQkDLp.exe
  2⤵
  PID:5464
- C:\Windows\System\GbATAsq.exe
  C:\Windows\System\GbATAsq.exe
  2⤵
  PID:5508
- C:\Windows\System\lzaUCRv.exe
  C:\Windows\System\lzaUCRv.exe
  2⤵
  PID:5524
- C:\Windows\System\TXdfWwx.exe
  C:\Windows\System\TXdfWwx.exe
  2⤵
  PID:1972
- C:\Windows\System\CFaIwqT.exe
  C:\Windows\System\CFaIwqT.exe
  2⤵
  PID:5584
- C:\Windows\System\poHhtAV.exe
  C:\Windows\System\poHhtAV.exe
  2⤵
  PID:5712
- C:\Windows\System\XsOJmvr.exe
  C:\Windows\System\XsOJmvr.exe
  2⤵
  PID:5788
- C:\Windows\System\KQijdDC.exe
  C:\Windows\System\KQijdDC.exe
  2⤵
  PID:5832
- C:\Windows\System\uIOXOBS.exe
  C:\Windows\System\uIOXOBS.exe
  2⤵
  PID:5868
- C:\Windows\System\PvOLxgb.exe
  C:\Windows\System\PvOLxgb.exe
  2⤵
  PID:5904
- C:\Windows\System\GbAlAUO.exe
  C:\Windows\System\GbAlAUO.exe
  2⤵
  PID:1976
- C:\Windows\System\TxzzLBu.exe
  C:\Windows\System\TxzzLBu.exe
  2⤵
  PID:5944
- C:\Windows\System\IeTNwbb.exe
  C:\Windows\System\IeTNwbb.exe
  2⤵
  PID:6012
- C:\Windows\System\dbYdXoM.exe
  C:\Windows\System\dbYdXoM.exe
  2⤵
  PID:5984
- C:\Windows\System\jMxqeFY.exe
  C:\Windows\System\jMxqeFY.exe
  2⤵
  PID:2540
- C:\Windows\System\nehdoEo.exe
  C:\Windows\System\nehdoEo.exe
  2⤵
  PID:3068
- C:\Windows\System\mzmUIOJ.exe
  C:\Windows\System\mzmUIOJ.exe
  2⤵
  PID:4664
- C:\Windows\System\LpRsqTg.exe
  C:\Windows\System\LpRsqTg.exe
  2⤵
  PID:4120
- C:\Windows\System\uovJbna.exe
  C:\Windows\System\uovJbna.exe
  2⤵
  PID:5328
- C:\Windows\System\mYNGtnt.exe
  C:\Windows\System\mYNGtnt.exe
  2⤵
  PID:5264
- C:\Windows\System\eNsGJuX.exe
  C:\Windows\System\eNsGJuX.exe
  2⤵
  PID:5312
- C:\Windows\System\EvFvuWx.exe
  C:\Windows\System\EvFvuWx.exe
  2⤵
  PID:4848
- C:\Windows\System\SwXIwoQ.exe
  C:\Windows\System\SwXIwoQ.exe
  2⤵
  PID:5484
- C:\Windows\System\saTAHtf.exe
  C:\Windows\System\saTAHtf.exe
  2⤵
  PID:5488
- C:\Windows\System\JQagFom.exe
  C:\Windows\System\JQagFom.exe
  2⤵
  PID:5628
- C:\Windows\System\WGahRye.exe
  C:\Windows\System\WGahRye.exe
  2⤵
  PID:5352
- C:\Windows\System\GRxMndj.exe
  C:\Windows\System\GRxMndj.exe
  2⤵
  PID:5692
- C:\Windows\System\HQBZzsC.exe
  C:\Windows\System\HQBZzsC.exe
  2⤵
  PID:5872
- C:\Windows\System\rfJeOtC.exe
  C:\Windows\System\rfJeOtC.exe
  2⤵
  PID:1316
- C:\Windows\System\AwXHcUg.exe
  C:\Windows\System\AwXHcUg.exe
  2⤵
  PID:6024
- C:\Windows\System\iMbYROV.exe
  C:\Windows\System\iMbYROV.exe
  2⤵
  PID:5232
- C:\Windows\System\twQsnKX.exe
  C:\Windows\System\twQsnKX.exe
  2⤵
  PID:6084
- C:\Windows\System\MwXwroe.exe
  C:\Windows\System\MwXwroe.exe
  2⤵
  PID:1728
- C:\Windows\System\pqtmbsg.exe
  C:\Windows\System\pqtmbsg.exe
  2⤵
  PID:5428
- C:\Windows\System\ElsZvmp.exe
  C:\Windows\System\ElsZvmp.exe
  2⤵
  PID:1468
- C:\Windows\System\YlFEEYb.exe
  C:\Windows\System\YlFEEYb.exe
  2⤵
  PID:1280
- C:\Windows\System\xYhGRTw.exe
  C:\Windows\System\xYhGRTw.exe
  2⤵
  PID:5564
- C:\Windows\System\EtnCzfP.exe
  C:\Windows\System\EtnCzfP.exe
  2⤵
  PID:5792
- C:\Windows\System\zNpRdiw.exe
  C:\Windows\System\zNpRdiw.exe
  2⤵
  PID:5924
- C:\Windows\System\LwomgKG.exe
  C:\Windows\System\LwomgKG.exe
  2⤵
  PID:5152
- C:\Windows\System\nqZYuON.exe
  C:\Windows\System\nqZYuON.exe
  2⤵
  PID:5744
- C:\Windows\System\CZMyizZ.exe
  C:\Windows\System\CZMyizZ.exe
  2⤵
  PID:3796
- C:\Windows\System\lvqsnqa.exe
  C:\Windows\System\lvqsnqa.exe
  2⤵
  PID:5864
- C:\Windows\System\RXqxZGm.exe
  C:\Windows\System\RXqxZGm.exe
  2⤵
  PID:5912
- C:\Windows\System\fsdOMZe.exe
  C:\Windows\System\fsdOMZe.exe
  2⤵
  PID:6108
- C:\Windows\System\IaxGJIy.exe
  C:\Windows\System\IaxGJIy.exe
  2⤵
  PID:4280
- C:\Windows\System\uptyGmN.exe
  C:\Windows\System\uptyGmN.exe
  2⤵
  PID:5148
- C:\Windows\System\JmEEMFp.exe
  C:\Windows\System\JmEEMFp.exe
  2⤵
  PID:5968
- C:\Windows\System\emEUWGH.exe
  C:\Windows\System\emEUWGH.exe
  2⤵
  PID:5408
- C:\Windows\System\CAbPTUy.exe
  C:\Windows\System\CAbPTUy.exe
  2⤵
  PID:4708
- C:\Windows\System\fIOGtyM.exe
  C:\Windows\System\fIOGtyM.exe
  2⤵
  PID:2100
- C:\Windows\System\XgGRcWQ.exe
  C:\Windows\System\XgGRcWQ.exe
  2⤵
  PID:1036
- C:\Windows\System\HDVLMGY.exe
  C:\Windows\System\HDVLMGY.exe
  2⤵
  PID:2596
- C:\Windows\System\IgslTNF.exe
  C:\Windows\System\IgslTNF.exe
  2⤵
  PID:2920
- C:\Windows\System\yNqYtYc.exe
  C:\Windows\System\yNqYtYc.exe
  2⤵
  PID:5124
- C:\Windows\System\NAjaLXL.exe
  C:\Windows\System\NAjaLXL.exe
  2⤵
  PID:6160
- C:\Windows\System\ODzChKJ.exe
  C:\Windows\System\ODzChKJ.exe
  2⤵
  PID:6188
- C:\Windows\System\hKhBcIQ.exe
  C:\Windows\System\hKhBcIQ.exe
  2⤵
  PID:6204
- C:\Windows\System\bQXYlhe.exe
  C:\Windows\System\bQXYlhe.exe
  2⤵
  PID:6220
- C:\Windows\System\otHelMU.exe
  C:\Windows\System\otHelMU.exe
  2⤵
  PID:6244
- C:\Windows\System\ZcrmaJc.exe
  C:\Windows\System\ZcrmaJc.exe
  2⤵
  PID:6260
- C:\Windows\System\YaokKGh.exe
  C:\Windows\System\YaokKGh.exe
  2⤵
  PID:6280
- C:\Windows\System\xozpTdv.exe
  C:\Windows\System\xozpTdv.exe
  2⤵
  PID:6304
- C:\Windows\System\msphEhF.exe
  C:\Windows\System\msphEhF.exe
  2⤵
  PID:6324
- C:\Windows\System\zhqAKSN.exe
  C:\Windows\System\zhqAKSN.exe
  2⤵
  PID:6340
- C:\Windows\System\xdnkdNM.exe
  C:\Windows\System\xdnkdNM.exe
  2⤵
  PID:6360
- C:\Windows\System\uNWbrAV.exe
  C:\Windows\System\uNWbrAV.exe
  2⤵
  PID:6376
- C:\Windows\System\HsEumuW.exe
  C:\Windows\System\HsEumuW.exe
  2⤵
  PID:6396
- C:\Windows\System\GwTqWGN.exe
  C:\Windows\System\GwTqWGN.exe
  2⤵
  PID:6416
- C:\Windows\System\XMnMYMo.exe
  C:\Windows\System\XMnMYMo.exe
  2⤵
  PID:6432
- C:\Windows\System\hKlZAUI.exe
  C:\Windows\System\hKlZAUI.exe
  2⤵
  PID:6456
- C:\Windows\System\NFfyWoo.exe
  C:\Windows\System\NFfyWoo.exe
  2⤵
  PID:6472
- C:\Windows\System\TRjnCwg.exe
  C:\Windows\System\TRjnCwg.exe
  2⤵
  PID:6496
- C:\Windows\System\JTiESbW.exe
  C:\Windows\System\JTiESbW.exe
  2⤵
  PID:6516
- C:\Windows\System\wKFmhaW.exe
  C:\Windows\System\wKFmhaW.exe
  2⤵
  PID:6532
- C:\Windows\System\qpchEqo.exe
  C:\Windows\System\qpchEqo.exe
  2⤵
  PID:6548
- C:\Windows\System\nYRYLvw.exe
  C:\Windows\System\nYRYLvw.exe
  2⤵
  PID:6564
- C:\Windows\System\FyxPxwh.exe
  C:\Windows\System\FyxPxwh.exe
  2⤵
  PID:6580
- C:\Windows\System\OUsGitk.exe
  C:\Windows\System\OUsGitk.exe
  2⤵
  PID:6596
- C:\Windows\System\rcvQzym.exe
  C:\Windows\System\rcvQzym.exe
  2⤵
  PID:6612
- C:\Windows\System\wUvEBiC.exe
  C:\Windows\System\wUvEBiC.exe
  2⤵
  PID:6628
- C:\Windows\System\BTIwRIZ.exe
  C:\Windows\System\BTIwRIZ.exe
  2⤵
  PID:6644
- C:\Windows\System\DsbOHGj.exe
  C:\Windows\System\DsbOHGj.exe
  2⤵
  PID:6660
- C:\Windows\System\xUsSiZh.exe
  C:\Windows\System\xUsSiZh.exe
  2⤵
  PID:6676
- C:\Windows\System\HEfQjTg.exe
  C:\Windows\System\HEfQjTg.exe
  2⤵
  PID:6692
- C:\Windows\System\FAYpXDF.exe
  C:\Windows\System\FAYpXDF.exe
  2⤵
  PID:6712
- C:\Windows\System\NMctvfu.exe
  C:\Windows\System\NMctvfu.exe
  2⤵
  PID:6728
- C:\Windows\System\wZVwDNL.exe
  C:\Windows\System\wZVwDNL.exe
  2⤵
  PID:6784
- C:\Windows\System\sMYrlUM.exe
  C:\Windows\System\sMYrlUM.exe
  2⤵
  PID:6836
- C:\Windows\System\vRSgLRv.exe
  C:\Windows\System\vRSgLRv.exe
  2⤵
  PID:6852
- C:\Windows\System\GQYYXLq.exe
  C:\Windows\System\GQYYXLq.exe
  2⤵
  PID:6876
- C:\Windows\System\TUaKelX.exe
  C:\Windows\System\TUaKelX.exe
  2⤵
  PID:6892
- C:\Windows\System\uBMFDNz.exe
  C:\Windows\System\uBMFDNz.exe
  2⤵
  PID:6912
- C:\Windows\System\RrqrWrR.exe
  C:\Windows\System\RrqrWrR.exe
  2⤵
  PID:6932
- C:\Windows\System\oYoKXdj.exe
  C:\Windows\System\oYoKXdj.exe
  2⤵
  PID:6948
- C:\Windows\System\etkmesZ.exe
  C:\Windows\System\etkmesZ.exe
  2⤵
  PID:6964
- C:\Windows\System\GEJhPGn.exe
  C:\Windows\System\GEJhPGn.exe
  2⤵
  PID:6980
- C:\Windows\System\aZLfWzV.exe
  C:\Windows\System\aZLfWzV.exe
  2⤵
  PID:7000
- C:\Windows\System\rxriMZP.exe
  C:\Windows\System\rxriMZP.exe
  2⤵
  PID:7020
- C:\Windows\System\cSJhpPu.exe
  C:\Windows\System\cSJhpPu.exe
  2⤵
  PID:7072
- C:\Windows\System\pSXPgbb.exe
  C:\Windows\System\pSXPgbb.exe
  2⤵
  PID:7092
- C:\Windows\System\ZkiKKvv.exe
  C:\Windows\System\ZkiKKvv.exe
  2⤵
  PID:7108
- C:\Windows\System\jIeZuOd.exe
  C:\Windows\System\jIeZuOd.exe
  2⤵
  PID:7128
- C:\Windows\System\tnJKZDo.exe
  C:\Windows\System\tnJKZDo.exe
  2⤵
  PID:7144
- C:\Windows\System\CgIfHPd.exe
  C:\Windows\System\CgIfHPd.exe
  2⤵
  PID:7160
- C:\Windows\System\cQllADx.exe
  C:\Windows\System\cQllADx.exe
  2⤵
  PID:5812
- C:\Windows\System\UINFFJA.exe
  C:\Windows\System\UINFFJA.exe
  2⤵
  PID:6156
- C:\Windows\System\CdJMAJE.exe
  C:\Windows\System\CdJMAJE.exe
  2⤵
  PID:6196
- C:\Windows\System\cEiyJPb.exe
  C:\Windows\System\cEiyJPb.exe
  2⤵
  PID:6228
- C:\Windows\System\IHgzBZx.exe
  C:\Windows\System\IHgzBZx.exe
  2⤵
  PID:6252
- C:\Windows\System\laokMKr.exe
  C:\Windows\System\laokMKr.exe
  2⤵
  PID:6296
- C:\Windows\System\aovSoVx.exe
  C:\Windows\System\aovSoVx.exe
  2⤵
  PID:6372
- C:\Windows\System\byItDKd.exe
  C:\Windows\System\byItDKd.exe
  2⤵
  PID:6320
- C:\Windows\System\nUMERcm.exe
  C:\Windows\System\nUMERcm.exe
  2⤵
  PID:6492
- C:\Windows\System\HHSlJVy.exe
  C:\Windows\System\HHSlJVy.exe
  2⤵
  PID:6392
- C:\Windows\System\KwagbYU.exe
  C:\Windows\System\KwagbYU.exe
  2⤵
  PID:6544
- C:\Windows\System\YupkjQj.exe
  C:\Windows\System\YupkjQj.exe
  2⤵
  PID:6524
- C:\Windows\System\PjNhzVC.exe
  C:\Windows\System\PjNhzVC.exe
  2⤵
  PID:6700
- C:\Windows\System\kfFFuGi.exe
  C:\Windows\System\kfFFuGi.exe
  2⤵
  PID:6624
- C:\Windows\System\gqpYeao.exe
  C:\Windows\System\gqpYeao.exe
  2⤵
  PID:6688
- C:\Windows\System\vAnNTod.exe
  C:\Windows\System\vAnNTod.exe
  2⤵
  PID:6588
- C:\Windows\System\eVNXfIu.exe
  C:\Windows\System\eVNXfIu.exe
  2⤵
  PID:6748
- C:\Windows\System\kssMnZI.exe
  C:\Windows\System\kssMnZI.exe
  2⤵
  PID:6464
- C:\Windows\System\qXzfXkd.exe
  C:\Windows\System\qXzfXkd.exe
  2⤵
  PID:6772
- C:\Windows\System\KoMduoI.exe
  C:\Windows\System\KoMduoI.exe
  2⤵
  PID:6792
- C:\Windows\System\OqpMafc.exe
  C:\Windows\System\OqpMafc.exe
  2⤵
  PID:6832
- C:\Windows\System\THRdelq.exe
  C:\Windows\System\THRdelq.exe
  2⤵
  PID:1796
- C:\Windows\System\paSmNFK.exe
  C:\Windows\System\paSmNFK.exe
  2⤵
  PID:6904
- C:\Windows\System\tcbfGhu.exe
  C:\Windows\System\tcbfGhu.exe
  2⤵
  PID:6924
- C:\Windows\System\YObizzR.exe
  C:\Windows\System\YObizzR.exe
  2⤵
  PID:6972
- C:\Windows\System\IsQGozk.exe
  C:\Windows\System\IsQGozk.exe
  2⤵
  PID:7028
- C:\Windows\System\bFpBQCf.exe
  C:\Windows\System\bFpBQCf.exe
  2⤵
  PID:7008
- C:\Windows\System\nuuNzHW.exe
  C:\Windows\System\nuuNzHW.exe
  2⤵
  PID:7068
- C:\Windows\System\XGpdvIh.exe
  C:\Windows\System\XGpdvIh.exe
  2⤵
  PID:7104
- C:\Windows\System\eQkpISh.exe
  C:\Windows\System\eQkpISh.exe
  2⤵
  PID:6136
- C:\Windows\System\OfzLisi.exe
  C:\Windows\System\OfzLisi.exe
  2⤵
  PID:6184
- C:\Windows\System\vAbeeof.exe
  C:\Windows\System\vAbeeof.exe
  2⤵
  PID:7152
- C:\Windows\System\XWAZNTn.exe
  C:\Windows\System\XWAZNTn.exe
  2⤵
  PID:6440
- C:\Windows\System\BgGmJzW.exe
  C:\Windows\System\BgGmJzW.exe
  2⤵
  PID:6452
- C:\Windows\System\yYmQSsd.exe
  C:\Windows\System\yYmQSsd.exe
  2⤵
  PID:6368
- C:\Windows\System\iZEYnYG.exe
  C:\Windows\System\iZEYnYG.exe
  2⤵
  PID:6668
- C:\Windows\System\anpnLTm.exe
  C:\Windows\System\anpnLTm.exe
  2⤵
  PID:6384
- C:\Windows\System\OVjDdrD.exe
  C:\Windows\System\OVjDdrD.exe
  2⤵
  PID:6556
- C:\Windows\System\tjUGtTU.exe
  C:\Windows\System\tjUGtTU.exe
  2⤵
  PID:6604
- C:\Windows\System\AvrKKuo.exe
  C:\Windows\System\AvrKKuo.exe
  2⤵
  PID:6768
- C:\Windows\System\YwwhCTB.exe
  C:\Windows\System\YwwhCTB.exe
  2⤵
  PID:6816
- C:\Windows\System\CujnHol.exe
  C:\Windows\System\CujnHol.exe
  2⤵
  PID:6828
- C:\Windows\System\wswMasn.exe
  C:\Windows\System\wswMasn.exe
  2⤵
  PID:6592
- C:\Windows\System\lHbHHOx.exe
  C:\Windows\System\lHbHHOx.exe
  2⤵
  PID:6764
- C:\Windows\System\nqFaPIT.exe
  C:\Windows\System\nqFaPIT.exe
  2⤵
  PID:6996
- C:\Windows\System\FwyOjkD.exe
  C:\Windows\System\FwyOjkD.exe
  2⤵
  PID:6884
- C:\Windows\System\NOiDWIV.exe
  C:\Windows\System\NOiDWIV.exe
  2⤵
  PID:7060
- C:\Windows\System\ufSwVPj.exe
  C:\Windows\System\ufSwVPj.exe
  2⤵
  PID:7116
- C:\Windows\System\kLiHIVy.exe
  C:\Windows\System\kLiHIVy.exe
  2⤵
  PID:7120
- C:\Windows\System\UNDvgwf.exe
  C:\Windows\System\UNDvgwf.exe
  2⤵
  PID:6444
- C:\Windows\System\mbQNvce.exe
  C:\Windows\System\mbQNvce.exe
  2⤵
  PID:6336
- C:\Windows\System\ZSDcOiP.exe
  C:\Windows\System\ZSDcOiP.exe
  2⤵
  PID:6428
- C:\Windows\System\kwIuAnm.exe
  C:\Windows\System\kwIuAnm.exe
  2⤵
  PID:6708
- C:\Windows\System\TPzcAmA.exe
  C:\Windows\System\TPzcAmA.exe
  2⤵
  PID:6804
- C:\Windows\System\usjORGE.exe
  C:\Windows\System\usjORGE.exe
  2⤵
  PID:6940
- C:\Windows\System\bNeCTNs.exe
  C:\Windows\System\bNeCTNs.exe
  2⤵
  PID:6508
- C:\Windows\System\qgdJwsy.exe
  C:\Windows\System\qgdJwsy.exe
  2⤵
  PID:6956
- C:\Windows\System\oAxmJcD.exe
  C:\Windows\System\oAxmJcD.exe
  2⤵
  PID:6272
- C:\Windows\System\MjLikgU.exe
  C:\Windows\System\MjLikgU.exe
  2⤵
  PID:6300
- C:\Windows\System\mcqcGpJ.exe
  C:\Windows\System\mcqcGpJ.exe
  2⤵
  PID:6900
- C:\Windows\System\wEMpGWQ.exe
  C:\Windows\System\wEMpGWQ.exe
  2⤵
  PID:6988
- C:\Windows\System\bIIRFQB.exe
  C:\Windows\System\bIIRFQB.exe
  2⤵
  PID:6824
- C:\Windows\System\NwlwNXT.exe
  C:\Windows\System\NwlwNXT.exe
  2⤵
  PID:6412
- C:\Windows\System\nUFxJsa.exe
  C:\Windows\System\nUFxJsa.exe
  2⤵
  PID:6576
- C:\Windows\System\enLBAQw.exe
  C:\Windows\System\enLBAQw.exe
  2⤵
  PID:6960
- C:\Windows\System\eKAYcAb.exe
  C:\Windows\System\eKAYcAb.exe
  2⤵
  PID:7176
- C:\Windows\System\YaaLaKt.exe
  C:\Windows\System\YaaLaKt.exe
  2⤵
  PID:7192
- C:\Windows\System\REoCpbo.exe
  C:\Windows\System\REoCpbo.exe
  2⤵
  PID:7208
- C:\Windows\System\XYFHVuw.exe
  C:\Windows\System\XYFHVuw.exe
  2⤵
  PID:7264
- C:\Windows\System\MSgzEBk.exe
  C:\Windows\System\MSgzEBk.exe
  2⤵
  PID:7284
- C:\Windows\System\Bkqntoz.exe
  C:\Windows\System\Bkqntoz.exe
  2⤵
  PID:7304
- C:\Windows\System\aUQJYZI.exe
  C:\Windows\System\aUQJYZI.exe
  2⤵
  PID:7324
- C:\Windows\System\crXlNJt.exe
  C:\Windows\System\crXlNJt.exe
  2⤵
  PID:7340
- C:\Windows\System\VEJLFrl.exe
  C:\Windows\System\VEJLFrl.exe
  2⤵
  PID:7356
- C:\Windows\System\uAGfjgk.exe
  C:\Windows\System\uAGfjgk.exe
  2⤵
  PID:7376
- C:\Windows\System\ZwddcEO.exe
  C:\Windows\System\ZwddcEO.exe
  2⤵
  PID:7396
- C:\Windows\System\pcqzDKg.exe
  C:\Windows\System\pcqzDKg.exe
  2⤵
  PID:7420
- C:\Windows\System\ZwxmxWf.exe
  C:\Windows\System\ZwxmxWf.exe
  2⤵
  PID:7436
- C:\Windows\System\IOJYOdm.exe
  C:\Windows\System\IOJYOdm.exe
  2⤵
  PID:7452
- C:\Windows\System\xbmdldX.exe
  C:\Windows\System\xbmdldX.exe
  2⤵
  PID:7476
- C:\Windows\System\cXadlwf.exe
  C:\Windows\System\cXadlwf.exe
  2⤵
  PID:7508
- C:\Windows\System\PyUWxcz.exe
  C:\Windows\System\PyUWxcz.exe
  2⤵
  PID:7524
- C:\Windows\System\TEsGbVM.exe
  C:\Windows\System\TEsGbVM.exe
  2⤵
  PID:7544
- C:\Windows\System\fvuNcwP.exe
  C:\Windows\System\fvuNcwP.exe
  2⤵
  PID:7564
- C:\Windows\System\OLEWqtg.exe
  C:\Windows\System\OLEWqtg.exe
  2⤵
  PID:7580
- C:\Windows\System\aWlKIDh.exe
  C:\Windows\System\aWlKIDh.exe
  2⤵
  PID:7596
- C:\Windows\System\BmPGVgX.exe
  C:\Windows\System\BmPGVgX.exe
  2⤵
  PID:7612
- C:\Windows\System\kYopzbQ.exe
  C:\Windows\System\kYopzbQ.exe
  2⤵
  PID:7628
- C:\Windows\System\qzYgszi.exe
  C:\Windows\System\qzYgszi.exe
  2⤵
  PID:7644
- C:\Windows\System\NJCfluo.exe
  C:\Windows\System\NJCfluo.exe
  2⤵
  PID:7660
- C:\Windows\System\MWbJEPu.exe
  C:\Windows\System\MWbJEPu.exe
  2⤵
  PID:7676
- C:\Windows\System\rbCkdmO.exe
  C:\Windows\System\rbCkdmO.exe
  2⤵
  PID:7692
- C:\Windows\System\dRPlqHq.exe
  C:\Windows\System\dRPlqHq.exe
  2⤵
  PID:7752
- C:\Windows\System\ANtmCrY.exe
  C:\Windows\System\ANtmCrY.exe
  2⤵
  PID:7768
- C:\Windows\System\tfmWycS.exe
  C:\Windows\System\tfmWycS.exe
  2⤵
  PID:7788
- C:\Windows\System\dIewuan.exe
  C:\Windows\System\dIewuan.exe
  2⤵
  PID:7812
- C:\Windows\System\RRCzOVI.exe
  C:\Windows\System\RRCzOVI.exe
  2⤵
  PID:7836
- C:\Windows\System\LTuVlcL.exe
  C:\Windows\System\LTuVlcL.exe
  2⤵
  PID:7852
- C:\Windows\System\NzVoHwy.exe
  C:\Windows\System\NzVoHwy.exe
  2⤵
  PID:7876
- C:\Windows\System\BLNpirK.exe
  C:\Windows\System\BLNpirK.exe
  2⤵
  PID:7892
- C:\Windows\System\eKxCZmU.exe
  C:\Windows\System\eKxCZmU.exe
  2⤵
  PID:7912
- C:\Windows\System\FBPUiOG.exe
  C:\Windows\System\FBPUiOG.exe
  2⤵
  PID:7928
- C:\Windows\System\lUFioEo.exe
  C:\Windows\System\lUFioEo.exe
  2⤵
  PID:7944
- C:\Windows\System\GImzzlX.exe
  C:\Windows\System\GImzzlX.exe
  2⤵
  PID:7960
- C:\Windows\System\zQWLdLE.exe
  C:\Windows\System\zQWLdLE.exe
  2⤵
  PID:7976
- C:\Windows\System\flVprRE.exe
  C:\Windows\System\flVprRE.exe
  2⤵
  PID:7992
- C:\Windows\System\HnFWHZk.exe
  C:\Windows\System\HnFWHZk.exe
  2⤵
  PID:8016
- C:\Windows\System\GWgOJGh.exe
  C:\Windows\System\GWgOJGh.exe
  2⤵
  PID:8044
- C:\Windows\System\ohmeLky.exe
  C:\Windows\System\ohmeLky.exe
  2⤵
  PID:8076
- C:\Windows\System\tfsYivo.exe
  C:\Windows\System\tfsYivo.exe
  2⤵
  PID:8092
- C:\Windows\System\lJuUuLI.exe
  C:\Windows\System\lJuUuLI.exe
  2⤵
  PID:8116
- C:\Windows\System\haTMkBb.exe
  C:\Windows\System\haTMkBb.exe
  2⤵
  PID:8132
- C:\Windows\System\BVYgKKZ.exe
  C:\Windows\System\BVYgKKZ.exe
  2⤵
  PID:8148
- C:\Windows\System\sXBIAhg.exe
  C:\Windows\System\sXBIAhg.exe
  2⤵
  PID:8164
- C:\Windows\System\qJsTaEN.exe
  C:\Windows\System\qJsTaEN.exe
  2⤵
  PID:8180
- C:\Windows\System\UPsYHdK.exe
  C:\Windows\System\UPsYHdK.exe
  2⤵
  PID:6848
- C:\Windows\System\ZiBsaVV.exe
  C:\Windows\System\ZiBsaVV.exe
  2⤵
  PID:6864
- C:\Windows\System\xeDsOBN.exe
  C:\Windows\System\xeDsOBN.exe
  2⤵
  PID:6276
- C:\Windows\System\PAKhHvo.exe
  C:\Windows\System\PAKhHvo.exe
  2⤵
  PID:7220
- C:\Windows\System\FQSIYfb.exe
  C:\Windows\System\FQSIYfb.exe
  2⤵
  PID:7244
- C:\Windows\System\LDdgrjt.exe
  C:\Windows\System\LDdgrjt.exe
  2⤵
  PID:6780
- C:\Windows\System\sfHofPL.exe
  C:\Windows\System\sfHofPL.exe
  2⤵
  PID:7172
- C:\Windows\System\FrxRtml.exe
  C:\Windows\System\FrxRtml.exe
  2⤵
  PID:7300
- C:\Windows\System\uljpmNX.exe
  C:\Windows\System\uljpmNX.exe
  2⤵
  PID:7316
- C:\Windows\System\dbOGhSL.exe
  C:\Windows\System\dbOGhSL.exe
  2⤵
  PID:7352
- C:\Windows\System\enPGuLE.exe
  C:\Windows\System\enPGuLE.exe
  2⤵
  PID:7404
- C:\Windows\System\kzDdefb.exe
  C:\Windows\System\kzDdefb.exe
  2⤵
  PID:7444
- C:\Windows\System\CFOmrlF.exe
  C:\Windows\System\CFOmrlF.exe
  2⤵
  PID:7428
- C:\Windows\System\kKuhuDz.exe
  C:\Windows\System\kKuhuDz.exe
  2⤵
  PID:7496
- C:\Windows\System\lWJGKbD.exe
  C:\Windows\System\lWJGKbD.exe
  2⤵
  PID:7472
- C:\Windows\System\iGgfdVs.exe
  C:\Windows\System\iGgfdVs.exe
  2⤵
  PID:7516
- C:\Windows\System\GfjzKEv.exe
  C:\Windows\System\GfjzKEv.exe
  2⤵
  PID:7572
- C:\Windows\System\ngbhqHe.exe
  C:\Windows\System\ngbhqHe.exe
  2⤵
  PID:7636
- C:\Windows\System\gGxiytk.exe
  C:\Windows\System\gGxiytk.exe
  2⤵
  PID:7700
- C:\Windows\System\CuEjaDh.exe
  C:\Windows\System\CuEjaDh.exe
  2⤵
  PID:7656
- C:\Windows\System\LvPImof.exe
  C:\Windows\System\LvPImof.exe
  2⤵
  PID:7556
- C:\Windows\System\VVzbXAI.exe
  C:\Windows\System\VVzbXAI.exe
  2⤵
  PID:7716
- C:\Windows\System\tKnfNQp.exe
  C:\Windows\System\tKnfNQp.exe
  2⤵
  PID:7732
- C:\Windows\System\ljUsGmb.exe
  C:\Windows\System\ljUsGmb.exe
  2⤵
  PID:7776
- C:\Windows\System\PbjjgJz.exe
  C:\Windows\System\PbjjgJz.exe
  2⤵
  PID:7848
- C:\Windows\System\EKrwkiM.exe
  C:\Windows\System\EKrwkiM.exe
  2⤵
  PID:7920
- C:\Windows\System\XpPlPTK.exe
  C:\Windows\System\XpPlPTK.exe
  2⤵
  PID:7924
- C:\Windows\System\XDtzRwe.exe
  C:\Windows\System\XDtzRwe.exe
  2⤵
  PID:8024
- C:\Windows\System\OoodXZS.exe
  C:\Windows\System\OoodXZS.exe
  2⤵
  PID:8084
- C:\Windows\System\VNwvALP.exe
  C:\Windows\System\VNwvALP.exe
  2⤵
  PID:8108
- C:\Windows\System\UVcaQXn.exe
  C:\Windows\System\UVcaQXn.exe
  2⤵
  PID:5252
- C:\Windows\System\dIixNIj.exe
  C:\Windows\System\dIixNIj.exe
  2⤵
  PID:6408
- C:\Windows\System\wKydwWy.exe
  C:\Windows\System\wKydwWy.exe
  2⤵
  PID:6468
- C:\Windows\System\IiDzudZ.exe
  C:\Windows\System\IiDzudZ.exe
  2⤵
  PID:8156
- C:\Windows\System\QNtAPvH.exe
  C:\Windows\System\QNtAPvH.exe
  2⤵
  PID:7416
- C:\Windows\System\YLjYGni.exe
  C:\Windows\System\YLjYGni.exe
  2⤵
  PID:7460
- C:\Windows\System\OpfFvRX.exe
  C:\Windows\System\OpfFvRX.exe
  2⤵
  PID:7592
- C:\Windows\System\NvibrgZ.exe
  C:\Windows\System\NvibrgZ.exe
  2⤵
  PID:8124
- C:\Windows\System\XznHOdZ.exe
  C:\Windows\System\XznHOdZ.exe
  2⤵
  PID:7236
- C:\Windows\System\QyqhGyB.exe
  C:\Windows\System\QyqhGyB.exe
  2⤵
  PID:7532
- C:\Windows\System\flicymR.exe
  C:\Windows\System\flicymR.exe
  2⤵
  PID:7672
- C:\Windows\System\pugMuGd.exe
  C:\Windows\System\pugMuGd.exe
  2⤵
  PID:6684
- C:\Windows\System\eaOXidr.exe
  C:\Windows\System\eaOXidr.exe
  2⤵
  PID:7256
- C:\Windows\System\uFhdXvW.exe
  C:\Windows\System\uFhdXvW.exe
  2⤵
  PID:7216
- C:\Windows\System\VSocSdY.exe
  C:\Windows\System\VSocSdY.exe
  2⤵
  PID:7868
- C:\Windows\System\sQaCdtQ.exe
  C:\Windows\System\sQaCdtQ.exe
  2⤵
  PID:7884
- C:\Windows\System\QXlmadW.exe
  C:\Windows\System\QXlmadW.exe
  2⤵
  PID:7972
- C:\Windows\System\pdiEpdR.exe
  C:\Windows\System\pdiEpdR.exe
  2⤵
  PID:8012
- C:\Windows\System\QUzGWTl.exe
  C:\Windows\System\QUzGWTl.exe
  2⤵
  PID:7988
- C:\Windows\System\byXUnZQ.exe
  C:\Windows\System\byXUnZQ.exe
  2⤵
  PID:8176
- C:\Windows\System\pIZKCjA.exe
  C:\Windows\System\pIZKCjA.exe
  2⤵
  PID:7492
- C:\Windows\System\HvQBjlW.exe
  C:\Windows\System\HvQBjlW.exe
  2⤵
  PID:7740
- C:\Windows\System\aipfwvo.exe
  C:\Windows\System\aipfwvo.exe
  2⤵
  PID:7392
- C:\Windows\System\adYVfdG.exe
  C:\Windows\System\adYVfdG.exe
  2⤵
  PID:7468
- C:\Windows\System\WGbHnrp.exe
  C:\Windows\System\WGbHnrp.exe
  2⤵
  PID:8072
- C:\Windows\System\TXjoLXh.exe
  C:\Windows\System\TXjoLXh.exe
  2⤵
  PID:7252
- C:\Windows\System\HsWeRcA.exe
  C:\Windows\System\HsWeRcA.exe
  2⤵
  PID:7412
- C:\Windows\System\HmtUQcq.exe
  C:\Windows\System\HmtUQcq.exe
  2⤵
  PID:7652
- C:\Windows\System\NCIrCbL.exe
  C:\Windows\System\NCIrCbL.exe
  2⤵
  PID:7904
- C:\Windows\System\ThJcNtw.exe
  C:\Windows\System\ThJcNtw.exe
  2⤵
  PID:8188
- C:\Windows\System\nQDbUQA.exe
  C:\Windows\System\nQDbUQA.exe
  2⤵
  PID:7828
- C:\Windows\System\yyrMnam.exe
  C:\Windows\System\yyrMnam.exe
  2⤵
  PID:8064
- C:\Windows\System\enqkhFj.exe
  C:\Windows\System\enqkhFj.exe
  2⤵
  PID:7504
- C:\Windows\System\xQFbnWY.exe
  C:\Windows\System\xQFbnWY.exe
  2⤵
  PID:7296
- C:\Windows\System\cwGUaCk.exe
  C:\Windows\System\cwGUaCk.exe
  2⤵
  PID:7292
- C:\Windows\System\sNisFEB.exe
  C:\Windows\System\sNisFEB.exe
  2⤵
  PID:7372
- C:\Windows\System\kUPEPFw.exe
  C:\Windows\System\kUPEPFw.exe
  2⤵
  PID:7728
- C:\Windows\System\fmzuqsu.exe
  C:\Windows\System\fmzuqsu.exe
  2⤵
  PID:7624
- C:\Windows\System\SMZmsgG.exe
  C:\Windows\System\SMZmsgG.exe
  2⤵
  PID:7388
- C:\Windows\System\hFtHdrs.exe
  C:\Windows\System\hFtHdrs.exe
  2⤵
  PID:6268
- C:\Windows\System\uNXhspJ.exe
  C:\Windows\System\uNXhspJ.exe
  2⤵
  PID:8040
- C:\Windows\System\pHFvkRW.exe
  C:\Windows\System\pHFvkRW.exe
  2⤵
  PID:7984
- C:\Windows\System\niIYnew.exe
  C:\Windows\System\niIYnew.exe
  2⤵
  PID:6212
- C:\Windows\System\wauqVIG.exe
  C:\Windows\System\wauqVIG.exe
  2⤵
  PID:7956
- C:\Windows\System\aOroOgG.exe
  C:\Windows\System\aOroOgG.exe
  2⤵
  PID:8128
- C:\Windows\System\ssdZyGI.exe
  C:\Windows\System\ssdZyGI.exe
  2⤵
  PID:7188
- C:\Windows\System\HAdWBpQ.exe
  C:\Windows\System\HAdWBpQ.exe
  2⤵
  PID:8088
- C:\Windows\System\XBGmvww.exe
  C:\Windows\System\XBGmvww.exe
  2⤵
  PID:7228
- C:\Windows\System\nXiLJis.exe
  C:\Windows\System\nXiLJis.exe
  2⤵
  PID:7860
- C:\Windows\System\jmrcjpD.exe
  C:\Windows\System\jmrcjpD.exe
  2⤵
  PID:8208
- C:\Windows\System\rxwNKAG.exe
  C:\Windows\System\rxwNKAG.exe
  2⤵
  PID:8228
- C:\Windows\System\GBXKuoY.exe
  C:\Windows\System\GBXKuoY.exe
  2⤵
  PID:8248
- C:\Windows\System\IRnOmPo.exe
  C:\Windows\System\IRnOmPo.exe
  2⤵
  PID:8272
- C:\Windows\System\NOJFLqR.exe
  C:\Windows\System\NOJFLqR.exe
  2⤵
  PID:8300
- C:\Windows\System\noQVzzY.exe
  C:\Windows\System\noQVzzY.exe
  2⤵
  PID:8320
- C:\Windows\System\eLklgtm.exe
  C:\Windows\System\eLklgtm.exe
  2⤵
  PID:8348
- C:\Windows\System\YWpxqhi.exe
  C:\Windows\System\YWpxqhi.exe
  2⤵
  PID:8368
- C:\Windows\System\tGvAeVl.exe
  C:\Windows\System\tGvAeVl.exe
  2⤵
  PID:8384
- C:\Windows\System\kBFlNXA.exe
  C:\Windows\System\kBFlNXA.exe
  2⤵
  PID:8400
- C:\Windows\System\uueMkNg.exe
  C:\Windows\System\uueMkNg.exe
  2⤵
  PID:8416
- C:\Windows\System\taRbHPN.exe
  C:\Windows\System\taRbHPN.exe
  2⤵
  PID:8432
- C:\Windows\System\UyAEFKm.exe
  C:\Windows\System\UyAEFKm.exe
  2⤵
  PID:8472
- C:\Windows\System\UeWzJtu.exe
  C:\Windows\System\UeWzJtu.exe
  2⤵
  PID:8504
- C:\Windows\System\GCszaTn.exe
  C:\Windows\System\GCszaTn.exe
  2⤵
  PID:8524
- C:\Windows\System\zFmebZB.exe
  C:\Windows\System\zFmebZB.exe
  2⤵
  PID:8540
- C:\Windows\System\TgNpNpw.exe
  C:\Windows\System\TgNpNpw.exe
  2⤵
  PID:8564
- C:\Windows\System\GNSiqGE.exe
  C:\Windows\System\GNSiqGE.exe
  2⤵
  PID:8640
- C:\Windows\System\dXxDOqw.exe
  C:\Windows\System\dXxDOqw.exe
  2⤵
  PID:8656
- C:\Windows\System\bbCaFQc.exe
  C:\Windows\System\bbCaFQc.exe
  2⤵
  PID:8672
- C:\Windows\System\pqWNPtC.exe
  C:\Windows\System\pqWNPtC.exe
  2⤵
  PID:8696
- C:\Windows\System\SBWbHKk.exe
  C:\Windows\System\SBWbHKk.exe
  2⤵
  PID:8716
- C:\Windows\System\pXOTXXf.exe
  C:\Windows\System\pXOTXXf.exe
  2⤵
  PID:8752
- C:\Windows\System\IHzhArT.exe
  C:\Windows\System\IHzhArT.exe
  2⤵
  PID:8768
- C:\Windows\System\VGGeXzv.exe
  C:\Windows\System\VGGeXzv.exe
  2⤵
  PID:8784
- C:\Windows\System\gpkdpln.exe
  C:\Windows\System\gpkdpln.exe
  2⤵
  PID:8800
- C:\Windows\System\LYAhCNd.exe
  C:\Windows\System\LYAhCNd.exe
  2⤵
  PID:8816
- C:\Windows\System\AXNJVYg.exe
  C:\Windows\System\AXNJVYg.exe
  2⤵
  PID:8832
- C:\Windows\System\lUClMvQ.exe
  C:\Windows\System\lUClMvQ.exe
  2⤵
  PID:8860
- C:\Windows\System\YGZXuni.exe
  C:\Windows\System\YGZXuni.exe
  2⤵
  PID:8880
- C:\Windows\System\CSGZPnH.exe
  C:\Windows\System\CSGZPnH.exe
  2⤵
  PID:8896
- C:\Windows\System\jNHaXJi.exe
  C:\Windows\System\jNHaXJi.exe
  2⤵
  PID:8920
- C:\Windows\System\xnvlSEP.exe
  C:\Windows\System\xnvlSEP.exe
  2⤵
  PID:8956
- C:\Windows\System\PUqsFdX.exe
  C:\Windows\System\PUqsFdX.exe
  2⤵
  PID:8972
- C:\Windows\System\jQxgqjB.exe
  C:\Windows\System\jQxgqjB.exe
  2⤵
  PID:8996
- C:\Windows\System\xUwsfxU.exe
  C:\Windows\System\xUwsfxU.exe
  2⤵
  PID:9012
- C:\Windows\System\gPreimw.exe
  C:\Windows\System\gPreimw.exe
  2⤵
  PID:9028
- C:\Windows\System\wmWpOWd.exe
  C:\Windows\System\wmWpOWd.exe
  2⤵
  PID:9044
- C:\Windows\System\ZFsvGsL.exe
  C:\Windows\System\ZFsvGsL.exe
  2⤵
  PID:9072
- C:\Windows\System\rtgXEYP.exe
  C:\Windows\System\rtgXEYP.exe
  2⤵
  PID:9096
- C:\Windows\System\iRDsNDw.exe
  C:\Windows\System\iRDsNDw.exe
  2⤵
  PID:9116
- C:\Windows\System\NGlPrvK.exe
  C:\Windows\System\NGlPrvK.exe
  2⤵
  PID:9132
- C:\Windows\System\nBwpJfH.exe
  C:\Windows\System\nBwpJfH.exe
  2⤵
  PID:9152
- C:\Windows\System\pwlKptd.exe
  C:\Windows\System\pwlKptd.exe
  2⤵
  PID:9168
- C:\Windows\System\zrMKhfZ.exe
  C:\Windows\System\zrMKhfZ.exe
  2⤵
  PID:9184
- C:\Windows\System\CbexZiT.exe
  C:\Windows\System\CbexZiT.exe
  2⤵
  PID:9204
- C:\Windows\System\IIfCuvH.exe
  C:\Windows\System\IIfCuvH.exe
  2⤵
  PID:7936
- C:\Windows\System\vcmnGtT.exe
  C:\Windows\System\vcmnGtT.exe
  2⤵
  PID:8220
- C:\Windows\System\JJLPjlt.exe
  C:\Windows\System\JJLPjlt.exe
  2⤵
  PID:8256
- C:\Windows\System\fxhdvMZ.exe
  C:\Windows\System\fxhdvMZ.exe
  2⤵
  PID:8292
- C:\Windows\System\mrVvHqG.exe
  C:\Windows\System\mrVvHqG.exe
  2⤵
  PID:8312
- C:\Windows\System\zbRwKjn.exe
  C:\Windows\System\zbRwKjn.exe
  2⤵
  PID:8340
- C:\Windows\System\peXfxUs.exe
  C:\Windows\System\peXfxUs.exe
  2⤵
  PID:8380
- C:\Windows\System\NuXicJT.exe
  C:\Windows\System\NuXicJT.exe
  2⤵
  PID:8440
- C:\Windows\System\KLbzhBa.exe
  C:\Windows\System\KLbzhBa.exe
  2⤵
  PID:8452
- C:\Windows\System\igTRyng.exe
  C:\Windows\System\igTRyng.exe
  2⤵
  PID:8488
- C:\Windows\System\SPKXJvV.exe
  C:\Windows\System\SPKXJvV.exe
  2⤵
  PID:8500
- C:\Windows\System\TXHPnNE.exe
  C:\Windows\System\TXHPnNE.exe
  2⤵
  PID:8560
- C:\Windows\System\SfmpBjO.exe
  C:\Windows\System\SfmpBjO.exe
  2⤵
  PID:8576
- C:\Windows\System\esVHfCv.exe
  C:\Windows\System\esVHfCv.exe
  2⤵
  PID:8604
- C:\Windows\System\iuqHbVr.exe
  C:\Windows\System\iuqHbVr.exe
  2⤵
  PID:8624
- C:\Windows\System\HpAMbNh.exe
  C:\Windows\System\HpAMbNh.exe
  2⤵
  PID:8680
- C:\Windows\System\JTnQpyB.exe
  C:\Windows\System\JTnQpyB.exe
  2⤵
  PID:8688
- C:\Windows\System\rWOaYkm.exe
  C:\Windows\System\rWOaYkm.exe
  2⤵
  PID:8712
- C:\Windows\System\NefVDHd.exe
  C:\Windows\System\NefVDHd.exe
  2⤵
  PID:8748
- C:\Windows\System\MwtPsAE.exe
  C:\Windows\System\MwtPsAE.exe
  2⤵
  PID:8808
- C:\Windows\System\HcqSiID.exe
  C:\Windows\System\HcqSiID.exe
  2⤵
  PID:8852
- C:\Windows\System\zUGPcWe.exe
  C:\Windows\System\zUGPcWe.exe
  2⤵
  PID:8824
- C:\Windows\System\fDRGocO.exe
  C:\Windows\System\fDRGocO.exe
  2⤵
  PID:8892
- C:\Windows\System\UfpAUdD.exe
  C:\Windows\System\UfpAUdD.exe
  2⤵
  PID:8916
- C:\Windows\System\fFqwmTS.exe
  C:\Windows\System\fFqwmTS.exe
  2⤵
  PID:8944
- C:\Windows\System\AvpDCqA.exe
  C:\Windows\System\AvpDCqA.exe
  2⤵
  PID:8984
- C:\Windows\System\QszapZS.exe
  C:\Windows\System\QszapZS.exe
  2⤵
  PID:9008
- C:\Windows\System\eWdoQAr.exe
  C:\Windows\System\eWdoQAr.exe
  2⤵
  PID:9064
- C:\Windows\System\qokGBde.exe
  C:\Windows\System\qokGBde.exe
  2⤵
  PID:9092
- C:\Windows\System\bidPdDX.exe
  C:\Windows\System\bidPdDX.exe
  2⤵
  PID:9140
- C:\Windows\System\XbRodkQ.exe
  C:\Windows\System\XbRodkQ.exe
  2⤵
  PID:9212
- C:\Windows\System\pGGEvRT.exe
  C:\Windows\System\pGGEvRT.exe
  2⤵
  PID:8224
- C:\Windows\System\oTomCdp.exe
  C:\Windows\System\oTomCdp.exe
  2⤵
  PID:9124
- C:\Windows\System\dwIrWDP.exe
  C:\Windows\System\dwIrWDP.exe
  2⤵
  PID:9192
- C:\Windows\System\FARZovt.exe
  C:\Windows\System\FARZovt.exe
  2⤵
  PID:8364
- C:\Windows\System\zHszGXo.exe
  C:\Windows\System\zHszGXo.exe
  2⤵
  PID:8336
- C:\Windows\System\rFGFXKL.exe
  C:\Windows\System\rFGFXKL.exe
  2⤵
  PID:8268
- C:\Windows\System\iJdpZLg.exe
  C:\Windows\System\iJdpZLg.exe
  2⤵
  PID:8468
- C:\Windows\System\gmUcojX.exe
  C:\Windows\System\gmUcojX.exe
  2⤵
  PID:8512
- C:\Windows\System\PSXZIPB.exe
  C:\Windows\System\PSXZIPB.exe
  2⤵
  PID:8548
- C:\Windows\System\YHmrygJ.exe
  C:\Windows\System\YHmrygJ.exe
  2⤵
  PID:8612
- C:\Windows\System\bZWSSQH.exe
  C:\Windows\System\bZWSSQH.exe
  2⤵
  PID:8616
- C:\Windows\System\ttXsBJQ.exe
  C:\Windows\System\ttXsBJQ.exe
  2⤵
  PID:8652
- C:\Windows\System\JKfimQl.exe
  C:\Windows\System\JKfimQl.exe
  2⤵
  PID:8668
- C:\Windows\System\EAzVZvC.exe
  C:\Windows\System\EAzVZvC.exe
  2⤵
  PID:1004
- C:\Windows\System\ivtsxyt.exe
  C:\Windows\System\ivtsxyt.exe
  2⤵
  PID:8796
- C:\Windows\System\rpzVJGb.exe
  C:\Windows\System\rpzVJGb.exe
  2⤵
  PID:8828
- C:\Windows\System\EAmwaZJ.exe
  C:\Windows\System\EAmwaZJ.exe
  2⤵
  PID:8968
- C:\Windows\System\RQQBGCl.exe
  C:\Windows\System\RQQBGCl.exe
  2⤵
  PID:9068
- C:\Windows\System\gdBQYdK.exe
  C:\Windows\System\gdBQYdK.exe
  2⤵
  PID:9084
- C:\Windows\System\dYmXxBt.exe
  C:\Windows\System\dYmXxBt.exe
  2⤵
  PID:9108
- C:\Windows\System\LcqCqhV.exe
  C:\Windows\System\LcqCqhV.exe
  2⤵
  PID:8308
- C:\Windows\System\NUKnYdu.exe
  C:\Windows\System\NUKnYdu.exe
  2⤵
  PID:8360
- C:\Windows\System\MjLbWRA.exe
  C:\Windows\System\MjLbWRA.exe
  2⤵
  PID:9164
- C:\Windows\System\iZBzBeL.exe
  C:\Windows\System\iZBzBeL.exe
  2⤵
  PID:8484
- C:\Windows\System\VnHmfcY.exe
  C:\Windows\System\VnHmfcY.exe
  2⤵
  PID:8240
- C:\Windows\System\NsEfzVj.exe
  C:\Windows\System\NsEfzVj.exe
  2⤵
  PID:8584
- C:\Windows\System\bhQBskV.exe
  C:\Windows\System\bhQBskV.exe
  2⤵
  PID:8708
- C:\Windows\System\OYzzpUj.exe
  C:\Windows\System\OYzzpUj.exe
  2⤵
  PID:8888
- C:\Windows\System\jrpxcUX.exe
  C:\Windows\System\jrpxcUX.exe
  2⤵
  PID:8764
- C:\Windows\System\qyyFBKN.exe
  C:\Windows\System\qyyFBKN.exe
  2⤵
  PID:8940
- C:\Windows\System\lrgeGBD.exe
  C:\Windows\System\lrgeGBD.exe
  2⤵
  PID:9060
- C:\Windows\System\deVspdL.exe
  C:\Windows\System\deVspdL.exe
  2⤵
  PID:8980
- C:\Windows\System\MYMVhfW.exe
  C:\Windows\System\MYMVhfW.exe
  2⤵
  PID:9200
- C:\Windows\System\hoUsTpr.exe
  C:\Windows\System\hoUsTpr.exe
  2⤵
  PID:9040
- C:\Windows\System\tQxkHRs.exe
  C:\Windows\System\tQxkHRs.exe
  2⤵
  PID:8580
- C:\Windows\System\FfGYcKN.exe
  C:\Windows\System\FfGYcKN.exe
  2⤵
  PID:8596
- C:\Windows\System\GpuTzNq.exe
  C:\Windows\System\GpuTzNq.exe
  2⤵
  PID:8664
- C:\Windows\System\NiMpKgE.exe
  C:\Windows\System\NiMpKgE.exe
  2⤵
  PID:8792
- C:\Windows\System\ZQBlrbh.exe
  C:\Windows\System\ZQBlrbh.exe
  2⤵
  PID:9112
- C:\Windows\System\dLfpdAg.exe
  C:\Windows\System\dLfpdAg.exe
  2⤵
  PID:8236
- C:\Windows\System\SGsQFWF.exe
  C:\Windows\System\SGsQFWF.exe
  2⤵
  PID:8244
- C:\Windows\System\jQKHPkD.exe
  C:\Windows\System\jQKHPkD.exe
  2⤵
  PID:8620
- C:\Windows\System\kESHbsM.exe
  C:\Windows\System\kESHbsM.exe
  2⤵
  PID:8848
- C:\Windows\System\burnZis.exe
  C:\Windows\System\burnZis.exe
  2⤵
  PID:8948
- C:\Windows\System\kbaSpyX.exe
  C:\Windows\System\kbaSpyX.exe
  2⤵
  PID:8260
- C:\Windows\System\tOpegBE.exe
  C:\Windows\System\tOpegBE.exe
  2⤵
  PID:8780
- C:\Windows\System\PmTCWub.exe
  C:\Windows\System\PmTCWub.exe
  2⤵
  PID:8912
- C:\Windows\System\XKfgcoS.exe
  C:\Windows\System\XKfgcoS.exe
  2⤵
  PID:8552
- C:\Windows\System\IjOAClH.exe
  C:\Windows\System\IjOAClH.exe
  2⤵
  PID:9224
- C:\Windows\System\AdBGqWF.exe
  C:\Windows\System\AdBGqWF.exe
  2⤵
  PID:9240
- C:\Windows\System\dmcEruq.exe
  C:\Windows\System\dmcEruq.exe
  2⤵
  PID:9256
- C:\Windows\System\DqQvpWO.exe
  C:\Windows\System\DqQvpWO.exe
  2⤵
  PID:9272
- C:\Windows\System\uSQOUzd.exe
  C:\Windows\System\uSQOUzd.exe
  2⤵
  PID:9288
- C:\Windows\System\iEMsbnr.exe
  C:\Windows\System\iEMsbnr.exe
  2⤵
  PID:9312
- C:\Windows\System\HXTsNng.exe
  C:\Windows\System\HXTsNng.exe
  2⤵
  PID:9336
- C:\Windows\System\SBhtRag.exe
  C:\Windows\System\SBhtRag.exe
  2⤵
  PID:9356
- C:\Windows\System\zHtXuyG.exe
  C:\Windows\System\zHtXuyG.exe
  2⤵
  PID:9376
- C:\Windows\System\tmKQjHW.exe
  C:\Windows\System\tmKQjHW.exe
  2⤵
  PID:9392
- C:\Windows\System\fuZfjCH.exe
  C:\Windows\System\fuZfjCH.exe
  2⤵
  PID:9412
- C:\Windows\System\knIsWQm.exe
  C:\Windows\System\knIsWQm.exe
  2⤵
  PID:9436
- C:\Windows\System\MzqUqae.exe
  C:\Windows\System\MzqUqae.exe
  2⤵
  PID:9452
- C:\Windows\System\wPSrCwB.exe
  C:\Windows\System\wPSrCwB.exe
  2⤵
  PID:9472
- C:\Windows\System\WCCPRqV.exe
  C:\Windows\System\WCCPRqV.exe
  2⤵
  PID:9492
- C:\Windows\System\IZyyFej.exe
  C:\Windows\System\IZyyFej.exe
  2⤵
  PID:9508
- C:\Windows\System\YMKzeRt.exe
  C:\Windows\System\YMKzeRt.exe
  2⤵
  PID:9528
- C:\Windows\System\pMunoUK.exe
  C:\Windows\System\pMunoUK.exe
  2⤵
  PID:9580
- C:\Windows\System\owwkVFr.exe
  C:\Windows\System\owwkVFr.exe
  2⤵
  PID:9596
- C:\Windows\System\vPbOYvR.exe
  C:\Windows\System\vPbOYvR.exe
  2⤵
  PID:9620
- C:\Windows\System\ddPllqw.exe
  C:\Windows\System\ddPllqw.exe
  2⤵
  PID:9636
- C:\Windows\System\YlSCods.exe
  C:\Windows\System\YlSCods.exe
  2⤵
  PID:9652
- C:\Windows\System\NvpRDPg.exe
  C:\Windows\System\NvpRDPg.exe
  2⤵
  PID:9668
- C:\Windows\System\VUVaWVt.exe
  C:\Windows\System\VUVaWVt.exe
  2⤵
  PID:9696
- C:\Windows\System\TEApEYY.exe
  C:\Windows\System\TEApEYY.exe
  2⤵
  PID:9712
- C:\Windows\System\rGEsfOG.exe
  C:\Windows\System\rGEsfOG.exe
  2⤵
  PID:9736
- C:\Windows\System\gZZiTCH.exe
  C:\Windows\System\gZZiTCH.exe
  2⤵
  PID:9756
- C:\Windows\System\esCeCJo.exe
  C:\Windows\System\esCeCJo.exe
  2⤵
  PID:9772
- C:\Windows\System\dGEoRqN.exe
  C:\Windows\System\dGEoRqN.exe
  2⤵
  PID:9788
- C:\Windows\System\WiastJM.exe
  C:\Windows\System\WiastJM.exe
  2⤵
  PID:9804
- C:\Windows\System\wfGnkkR.exe
  C:\Windows\System\wfGnkkR.exe
  2⤵
  PID:9820
- C:\Windows\System\LAOXagv.exe
  C:\Windows\System\LAOXagv.exe
  2⤵
  PID:9836
- C:\Windows\System\avZcCyC.exe
  C:\Windows\System\avZcCyC.exe
  2⤵
  PID:9856
- C:\Windows\System\nFrGwLj.exe
  C:\Windows\System\nFrGwLj.exe
  2⤵
  PID:9896
- C:\Windows\System\rSlmJhU.exe
  C:\Windows\System\rSlmJhU.exe
  2⤵
  PID:9916
- C:\Windows\System\ZOilKbW.exe
  C:\Windows\System\ZOilKbW.exe
  2⤵
  PID:9932
- C:\Windows\System\mMHxBme.exe
  C:\Windows\System\mMHxBme.exe
  2⤵
  PID:9956
- C:\Windows\System\VRaVLzR.exe
  C:\Windows\System\VRaVLzR.exe
  2⤵
  PID:9972
- C:\Windows\System\stgDIbM.exe
  C:\Windows\System\stgDIbM.exe
  2⤵
  PID:9988
- C:\Windows\System\TEOVElE.exe
  C:\Windows\System\TEOVElE.exe
  2⤵
  PID:10008
- C:\Windows\System\fmOmhlw.exe
  C:\Windows\System\fmOmhlw.exe
  2⤵
  PID:10028
- C:\Windows\System\EvSnDYn.exe
  C:\Windows\System\EvSnDYn.exe
  2⤵
  PID:10056
- C:\Windows\System\gbDjNtR.exe
  C:\Windows\System\gbDjNtR.exe
  2⤵
  PID:10072
- C:\Windows\System\CNpgrYl.exe
  C:\Windows\System\CNpgrYl.exe
  2⤵
  PID:10104
- C:\Windows\System\xULeCDE.exe
  C:\Windows\System\xULeCDE.exe
  2⤵
  PID:10120
- C:\Windows\System\EwLvmRM.exe
  C:\Windows\System\EwLvmRM.exe
  2⤵
  PID:10136
- C:\Windows\System\VsDuxac.exe
  C:\Windows\System\VsDuxac.exe
  2⤵
  PID:10156
- C:\Windows\System\RLSrdLS.exe
  C:\Windows\System\RLSrdLS.exe
  2⤵
  PID:10176
- C:\Windows\System\oqpXhNT.exe
  C:\Windows\System\oqpXhNT.exe
  2⤵
  PID:10196
- C:\Windows\System\nBKnyBu.exe
  C:\Windows\System\nBKnyBu.exe
  2⤵
  PID:10220
- C:\Windows\System\iAfcAxX.exe
  C:\Windows\System\iAfcAxX.exe
  2⤵
  PID:9232
- C:\Windows\System\BkWJAdp.exe
  C:\Windows\System\BkWJAdp.exe
  2⤵
  PID:9304
- C:\Windows\System\WALlRmx.exe
  C:\Windows\System\WALlRmx.exe
  2⤵
  PID:9348
- C:\Windows\System\vWSlIBH.exe
  C:\Windows\System\vWSlIBH.exe
  2⤵
  PID:9420
- C:\Windows\System\gqxfuMO.exe
  C:\Windows\System\gqxfuMO.exe
  2⤵
  PID:9428
- C:\Windows\System\reOnkrE.exe
  C:\Windows\System\reOnkrE.exe
  2⤵
  PID:9464
- C:\Windows\System\VPMKGLg.exe
  C:\Windows\System\VPMKGLg.exe
  2⤵
  PID:9540
- C:\Windows\System\xheIXRA.exe
  C:\Windows\System\xheIXRA.exe
  2⤵
  PID:9516
- C:\Windows\System\YGAsVBV.exe
  C:\Windows\System\YGAsVBV.exe
  2⤵
  PID:9484
- C:\Windows\System\EBCrLeF.exe
  C:\Windows\System\EBCrLeF.exe
  2⤵
  PID:8464
- C:\Windows\System\dPvyJsp.exe
  C:\Windows\System\dPvyJsp.exe
  2⤵
  PID:9448
- C:\Windows\System\TbSmICe.exe
  C:\Windows\System\TbSmICe.exe
  2⤵
  PID:9548
- C:\Windows\System\DsDFIsX.exe
  C:\Windows\System\DsDFIsX.exe
  2⤵
  PID:9576
- C:\Windows\System\mbODtGf.exe
  C:\Windows\System\mbODtGf.exe
  2⤵
  PID:9644
- C:\Windows\System\ovrswQu.exe
  C:\Windows\System\ovrswQu.exe
  2⤵
  PID:9684
- C:\Windows\System\HSppMAn.exe
  C:\Windows\System\HSppMAn.exe
  2⤵
  PID:9660
- C:\Windows\System\pQCRyPW.exe
  C:\Windows\System\pQCRyPW.exe
  2⤵
  PID:9724
- C:\Windows\System\dhnNBHL.exe
  C:\Windows\System\dhnNBHL.exe
  2⤵
  PID:9796
- C:\Windows\System\YznJqTm.exe
  C:\Windows\System\YznJqTm.exe
  2⤵
  PID:9868
- C:\Windows\System\rWuBQXx.exe
  C:\Windows\System\rWuBQXx.exe
  2⤵
  PID:9876
- C:\Windows\System\XpEScCc.exe
  C:\Windows\System\XpEScCc.exe
  2⤵
  PID:9892
- C:\Windows\System\UyDrnwr.exe
  C:\Windows\System\UyDrnwr.exe
  2⤵
  PID:9752
- C:\Windows\System\hAdwwsO.exe
  C:\Windows\System\hAdwwsO.exe
  2⤵
  PID:9848
- C:\Windows\System\WvuMpdd.exe
  C:\Windows\System\WvuMpdd.exe
  2⤵
  PID:9940
- C:\Windows\System\nfLVIHv.exe
  C:\Windows\System\nfLVIHv.exe
  2⤵
  PID:9984
- C:\Windows\System\MAKPqUK.exe
  C:\Windows\System\MAKPqUK.exe
  2⤵
  PID:10024
- C:\Windows\System\NcQgJNc.exe
  C:\Windows\System\NcQgJNc.exe
  2⤵
  PID:10052
- C:\Windows\System\kUTKbSN.exe
  C:\Windows\System\kUTKbSN.exe
  2⤵
  PID:10084
- C:\Windows\System\ACEEbCZ.exe
  C:\Windows\System\ACEEbCZ.exe
  2⤵
  PID:10132
- C:\Windows\System\XpGbJzb.exe
  C:\Windows\System\XpGbJzb.exe
  2⤵
  PID:10216
- C:\Windows\System\NPlxwso.exe
  C:\Windows\System\NPlxwso.exe
  2⤵
  PID:10112
- C:\Windows\System\zoFYUhD.exe
  C:\Windows\System\zoFYUhD.exe
  2⤵
  PID:10188
- C:\Windows\System\GBEfACA.exe
  C:\Windows\System\GBEfACA.exe
  2⤵
  PID:10236
- C:\Windows\System\BKGkvEE.exe
  C:\Windows\System\BKGkvEE.exe
  2⤵
  PID:9384
- C:\Windows\System\ynDjWan.exe
  C:\Windows\System\ynDjWan.exe
  2⤵
  PID:9520
- C:\Windows\System\aeeGkIy.exe
  C:\Windows\System\aeeGkIy.exe
  2⤵
  PID:9524
- C:\Windows\System\cslpnda.exe
  C:\Windows\System\cslpnda.exe
  2⤵
  PID:9344
- C:\Windows\System\cIpTzPp.exe
  C:\Windows\System\cIpTzPp.exe
  2⤵
  PID:9468
- C:\Windows\System\JAMLRcX.exe
  C:\Windows\System\JAMLRcX.exe
  2⤵
  PID:9996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\HsIWuLO.exe

Filesize
8B

MD5
2cb3bd8bbd4016dbbdc0a75c39f991d0

SHA1
f724dbe6aaa9acfc27f3afe38ce169602fa30f1e

SHA256
ffc546b25bd595eccb470d68e6113b9fb4f098e969e5b568a15069ffdf21f6f1

SHA512
fef60c5a03938ab6cb6fd9bb433acb698950f128352534e08e85320688288143df4ad339cd3c88d24f873d1f7eb2442275740054ecb48589b7d36064d363b647

Download Submit
C:\Windows\system\IECqpKf.exe

Filesize
6.0MB

MD5
48e62dd0b094fb4337f9f0b4204e9fa4

SHA1
1ea697cde65dcd94f2491629d5173a1f0486b9bf

SHA256
b54a2caf52f786e8e042af92381f1bdf965bb84417699d9f418766cb69c3b462

SHA512
a8b063756903891d5659006be234d4f2f89e918b5d85783a0beec6d4f46b35617a4d9df24d699228195e882aeafc2e912fd28e956d503fc1b295c8a5187e6833

Download Submit
C:\Windows\system\IRXqXoR.exe

Filesize
6.0MB

MD5
c8694742b1f9459e0ad97114c31e5fc4

SHA1
b4cd03ed2d443ca35c64dc0de7cdf36bd786e72f

SHA256
d395b3fa159ccffef244334b2deb6788b9866a99128153e52bdccaab6beb80ea

SHA512
c13b3bd3e8f48ac7ddfbf549e5db24aec9c398c449411454c92a8de8af3649ac8af6e84d793467d464d4acd618a2d43bb4f36c20d139acb478f5654e31da050b

Download Submit
C:\Windows\system\JTFSmTW.exe

Filesize
6.0MB

MD5
f4312a84ebbb4c2afea5452876497fae

SHA1
2ecc8588a4105d612bd918c1f0cedf11951466eb

SHA256
33d811b1b422d3d734aa0e501dc7d96ceec9a3bad4ca80746d0667f93697208e

SHA512
5d304f6dc947f956ef90449474e1ac5dd53ded9e7ebd0765ef286fccf508ff9f1e7b8e04b7a89b16922362da0fc92687e460056e76db44be76d6c99449ef1759

Download Submit
C:\Windows\system\JsfvBvk.exe

Filesize
6.0MB

MD5
a47e01b07cb1dc48719739c99f8af2cf

SHA1
5b4605982149f4c5d358f5d8a19b6570870aeebd

SHA256
04093e35e632f68bac368a5710902f9a14f41e86298f251f9e4b4caee812116a

SHA512
12cb6568dfb81bf703271f22311510899022fad9ffcf2ef2e7a0bfa9872d5615100e3579fa2a7baca30f503aaf326bdb8b55545fa6caf5a52b82567bb447f001

Download Submit
C:\Windows\system\KvrJyeh.exe

Filesize
6.0MB

MD5
afb3ee985d53a71a51859c0ffb964a66

SHA1
f7cbb48725c3ae837d5f33c433a7176f731728ef

SHA256
e94d41e62fd52212c7ff603f18d9bb797e8d71cfa73e4b58fa171d3c5568215e

SHA512
d7f8e64522f1ffded96cd579ec1cc358caeeca19c0a4690e9424f55f92744eaee2151c4d36ff6af3c4b47ee698d1bcb3840aab69e185e3eb9ba76f54b5ad585e

Download Submit
C:\Windows\system\NFiDOKx.exe

Filesize
6.0MB

MD5
75df4e9e0f48d4ab03d34f9edde2b9a6

SHA1
641df3f10c8a2331f82416d2ab078cc7980a89ab

SHA256
048267bcf5124e8a5e1c43d35dce2c582423040c9d681a9355b91f393f934601

SHA512
f292ae408a8cd783e9f6308d23aa3bc2d1c7315e24ee46135361b160a23cf19b61516682cb89c3bf4253536d6703fb460a8e2c747a7a981152cce07140f1353b

Download Submit
C:\Windows\system\QSNYnmW.exe

Filesize
6.0MB

MD5
13c5c1c962abba203ff698c3f415a537

SHA1
4406b0f4a2e0106eefa7b863e75890e3af3bf015

SHA256
a5408e3c6b031e80275b804abb9f3df9a16406498665a171e514e468840be4e0

SHA512
50774ca06063a938f353a2c25ba1bbc5c75680e8814da84cea17ebf82724985b29b22661822aff5ff68d1fb7837c9b6c64821833151c92e32a9f303a3accb143

Download Submit
C:\Windows\system\SSGCtkk.exe

Filesize
6.0MB

MD5
876709f94e3cdaafe784f25bfed85038

SHA1
c97839fc618d8956522f164c9ed3962f984439ec

SHA256
f7c62bb87a40b17fc8c99d80547f605b996516585b719232045c07b1d385a98e

SHA512
d9d7a0ef029928657f64c4ef0fc3067177bcb115b430fa1e2eae272906dff982ab62617305b45f395a7148106de15ab243a7b47df3f059271ed8430e34225678

Download Submit
C:\Windows\system\SwAWwbJ.exe

Filesize
6.0MB

MD5
e3faec8e6a7cab83db48fc29b15a3215

SHA1
c303b3f647ffe804acb6bc3788d3b451d240b339

SHA256
b4b2acd31583eb8cafedaf8ad573b4ba7fa874316229fbdb40d3840138071b30

SHA512
968b707c31184a9162db0c162870435a4d9ce168e636adf539543073e521096a74537d898a8768b2df4ee0980b60740462f548f7b20148d47462d86c2d09aa09

Download Submit
C:\Windows\system\XDDnySg.exe

Filesize
6.0MB

MD5
b3f81f4b07a52ab8ec2b8077dd085f0f

SHA1
8193acbd0fc040e05766ed30bff1cdab3c50a27d

SHA256
20cdb35b5d2b521e4a03af787d4bdc4aed82e64f51253346ee78bfc0f7f9ad7a

SHA512
27b218d8dca8d9ba0e71e137e978e4b7297f3154467bddda98b70debd5480a1ce461e70465d7e6530c31669916cdd9c2d1d3c28ab4ecb9f4c8569397f65a19b3

Download Submit
C:\Windows\system\XpGjQOa.exe

Filesize
6.0MB

MD5
657f90fe88eb20a56b06fe8c68af81ff

SHA1
8cc9616eeac2b2118a66e2edc4ca659228ccc3c4

SHA256
a5e177d56d424ec78a90fbbd4240a12f25bf93d2d76d98dda12e6f12857c8aa2

SHA512
4ad72cf934c3e27f1709c8051ba8a78fc0f535eacaa534c5ce3ab4a35d0b00baf475ef75248c0370f9f0daccf120e23f4da8a9f8f422c78200c46c2cebff6a64

Download Submit
C:\Windows\system\aFWOmQx.exe

Filesize
6.0MB

MD5
bfca19c38866a5e0f31381246fcd6551

SHA1
852c1052f14345fdb141d3878cc2d6f3719a9500

SHA256
1352891e2916d5ece61f1c16703a2dc23a78c8bdf607992a0fb1e47dc51cc749

SHA512
adf1040220a08d0f68bc9c6051bae7f8aa8bcc2d6f0d840313d9862c91c7be10f492ff13ab6c8913739db2981aa79f6c46ffa233f581d3bcafdf620dc6617acb

Download Submit
C:\Windows\system\abHmmtY.exe

Filesize
6.0MB

MD5
0cdb1cdad00accadbf2bdf056c8ed1f7

SHA1
25817bbfcf541abc7560ad15a5a474b2f6a47ea8

SHA256
4d6d7db99cb6ae6d982f8ed0f568ddfe474e4661dc6e6c0cb37f56eb45a3fddf

SHA512
671263c47e085a16840609a760e2b2ec23afda6d706f5c92bebcaa2d9c24ec2266aa2e851e4b2b64d926016f971f33d073ab970dadc5e682e9a0d09bd4cc2598

Download Submit
C:\Windows\system\eRxBveH.exe

Filesize
6.0MB

MD5
dbc74a425d91b55ea8603e1ad4ecda2c

SHA1
2a905eb0224df415020316047ce729779d740f1d

SHA256
3d5347a1aa1048f94d000c6d1ce19312ed46277f49fbad00f19786d693d23e1f

SHA512
d938457bb345b83eb55c2e378fb256eb709e60beddfb1a08fbccc994330c833dd51740a3413d7fb374c2b45e7e0a9274da71dc1e2e710ab425754098c672f260

Download Submit
C:\Windows\system\eUlBAfX.exe

Filesize
6.0MB

MD5
ec32687446cb137777559f3513aae5b0

SHA1
a44945ba4687e99ec6f56bf1478082854903dcbf

SHA256
256140fd3f1ff562f296377c24520123c75f369fe564f0900ccd46180c701972

SHA512
e58ca00cd530c526eb0201cc61acd1e047e78e771764826cc4298a5a063847acc3f431d447b56d10d14f31dc60b42a4370ea0b586fa12b1251264eedc0b47815

Download Submit
C:\Windows\system\kdzRIYc.exe

Filesize
6.0MB

MD5
3bccf67b0ef7b88cea7413bba0b9425e

SHA1
11f86922a3e7f1c0534f493f2bcf26ffa27d1612

SHA256
1123d0801cfb67fccbcfda921f40036501d14f9aed94b84a0fec05add114f923

SHA512
006addfa16b05aa1d83de3829979df3edc6b6cd97052854de8177f8b1e4a317e6300b22dcfb09865f6c3f43424103b13ee76bc8f51d4feba93a7bbd3260bc9e1

Download Submit
C:\Windows\system\lEUTpON.exe

Filesize
6.0MB

MD5
f50e9a23c90dc58363c7304f13cb65da

SHA1
7e9ca16659bcdd13546640a11ae492cb08505ed8

SHA256
f8c37f80143bbe9920ba37033f69c8147bcccf48fd3a16cdedca0b69f1a572ae

SHA512
37a76606458e7158869813e504bb552214f331faefff64ea0fb88990c4acc6fc509cc391b5ed995116d439979894d1e6d240099a9db0c2842c50bec56a87ea5d

Download Submit
C:\Windows\system\oyQPMIi.exe

Filesize
6.0MB

MD5
6477776cc941180fed07804c475fa655

SHA1
7916c4b0f5beac5f3e81f8e9b3cab52f3c5cc46f

SHA256
c892d7d26aad635805eb1801446feb07a6be8948d16f5a2e749b6886b3be2181

SHA512
249b092cc578114991e36d1c631d482af4c3071865679642c3cf173099aa2820df72fdda10952574e109aabe47aeec72f87bec6565cccb3eacbfa717bf3cdeb9

Download Submit
C:\Windows\system\tAUJtFN.exe

Filesize
6.0MB

MD5
9aea50231186f93dc7ed172babff545b

SHA1
f011949cc7b8aa7f59a961a0b7e7fcf651b4c8fe

SHA256
1828b036c48e67604d0208f6a949e40c8f6ffe12b612416ef53c86ecddb270e1

SHA512
1af646e33fe39b94656aca322c061d81597674fb7f1d91154c7c6ad714a5adb95782089c3b1b0de75254d150e3d6ca22680a9f9fe05fb95e878b5ee439eff13d

Download Submit
C:\Windows\system\tiYIIYN.exe

Filesize
6.0MB

MD5
753fbfa95f809e295b2dad4059b82c5f

SHA1
d07172ea93dc0fbfeb21d89592e23f923a21120e

SHA256
8b4c375f8237f596ac83b8b68367a96cc0041d46c71eec80d780ff88110bd3a8

SHA512
e782649ea1fa04dc7b4a93d039b7a900edf5d92908a206aca5c89729aefd4f07d1b09fbdfe6bddd351a2d9414b69020a90036a44c04aac2018639a9eaffa1d22

Download Submit
C:\Windows\system\vyacAlD.exe

Filesize
6.0MB

MD5
f5a77b79a41019f86fc1a40e53515a8d

SHA1
53aac486ca7fc1e3f121c2794b94758ccf014290

SHA256
e85424cef6a694f0da6028f29708960353165de51267e60f1ea78825e6353fbd

SHA512
f508165ffe1f2f64ee84eca4e2de70d5ac002e06eb44ac747a160dd1c890f330a047ad45237993f03aaee7a31d307f6b449f747d8132e21d64f42a0cb97eada1

Download Submit
\Windows\system\DjgJEen.exe

Filesize
6.0MB

MD5
1e2a18c44953405899a5bc7b8a5d3c86

SHA1
a087320e87b3abfa290d13149bf811f0fda2e6e1

SHA256
25330e913e7ff12c9c8625b17e2314b486ad67110d5a37d7e86ad20a0dd6e15e

SHA512
b2985173c85eb2b8abd474d0fb6e28ed4c8920a81ddb468c818d32d4c5e64d383bcce472f7af2d21be873b7ac3768804e40f04989793d1be042b4efd1bd5f058

Download Submit
\Windows\system\QSgkAHf.exe

Filesize
6.0MB

MD5
0a8c1d6316001d58abc60ccf1d9086ec

SHA1
fae2f50fece8d19c1c84869759755f6c06d5c687

SHA256
45f3ed623e6706b1a8672a529ab582a1fb3a3c92cb325281d74dc609dad4c1b0

SHA512
ea131e4e835e675c782122b435abf0ac06997092972b413b1bce4081a9b2b8a0c2ad38387aabd72c19e1bdea09c83425aa90baa184bc4067ad24bf7c57f27d82

Download Submit
\Windows\system\UMqbKPJ.exe

Filesize
6.0MB

MD5
828db30135a488edcca2a0efdc617809

SHA1
49f4e245e9e0c09cea0faf5bf351940675cbeec0

SHA256
c9150de1777e3555e41954b576eabbb5128beb9b1ceb88f8ae016bd72d02c749

SHA512
4a1b18c9fc01f611e42fb1c83ddb53d45e05f1dbbf6e5de2a496a0e0093b9d9a643d547691408211ef31d33d7ef3b29fce684acdfdb6467e6311d43edfa348bc

Download Submit
\Windows\system\XHrBYyv.exe

Filesize
6.0MB

MD5
9e75d99185347330752df72806646c48

SHA1
95e9ade9caccbab6ad7936161e459ed43d478bb0

SHA256
be9caef7c5174c45efa54fc0bcd28c2d0785bcac6d5b0718a4dff3a020be766d

SHA512
1f30425297f82421db58c3f2a5b4ed103bc7769b3a22b187dc381589091a0c7fcdc169a871ad42e1b86a80b8024a6157cf276551e66bdedb3884dae680761993

Download Submit
\Windows\system\YXZqPin.exe

Filesize
6.0MB

MD5
56e620b98c6e8d12d87af8a4863ae305

SHA1
cecfe857def6ed8a7d4bf3f013434ea5cc860fa0

SHA256
34fa5fd97e228ca45613f93f65d8daae870bb574e840daebbeeaac895348955e

SHA512
44f883656f0cbfd208ac1823d5600f801ce9f8fc63d0989cc881ed21a81c28d6b802e17cf4341e9f257e1e6323a9c8ac0934608de55721ba389e7e428d4b0c96

Download Submit
\Windows\system\ZsniJYb.exe

Filesize
6.0MB

MD5
9fe12bbaffa427c79087899b00e86ccd

SHA1
3353e3009db779d65dd969c69a3165378e5aad45

SHA256
c4bdbf1a4ea17cb6ee1482f1bc98fa324d29e2443483fbe2060494ded9bc9467

SHA512
f7ea31043d3086afb20728216ae1625951e51dd5c5621077d02cf4824b067b714cdbc0ac4d71f6edf6c50ff741f6597548ecf4f9896979c97452521a056c0018

Download Submit
\Windows\system\aIooqWf.exe

Filesize
6.0MB

MD5
c46726269273a6c1aebb99217be882c9

SHA1
385258d76d77d84256914824ae585c9f499f61b2

SHA256
362b85804b78782a22821234add99c351576996a5fadb6619108d1f9cbdfa036

SHA512
36c610f6a6f0f526ad104d4202acce437bf3423b98f971cef59faf64b6b65b1b2ff6db0e0e5ddffb1f0f5d42ebbe50a2980197403602ba3ad037e0ee54bb5441

Download Submit
\Windows\system\gIJrmmx.exe

Filesize
6.0MB

MD5
33a7f5d6145f17bdd64f586ea9868903

SHA1
8dc783bd42af8a2d79e178bc538da516804fbcf1

SHA256
dbbad485cc53ea5927f8fe09d880b588f5dded74885f68e0c9981a9376e2ac9b

SHA512
522e91c2218e28ece04ec99d7171e8cada6a0aae55dd5398ae46987c0493d26a3cd7cefcc76a2367121084495294c4999bb6422919434460b6d1fc2eaadfaee9

Download Submit
\Windows\system\jMCyskE.exe

Filesize
6.0MB

MD5
17ed37f9cf172078b72ef9551ec7dbcb

SHA1
a7815b94991677a1aa9d8912fc294295e1b06f12

SHA256
4446ddeb179674ffb241a15b66d6044043e87b3bbb50cb2327e2b010c98faa06

SHA512
537daac1887ede2c40366a3f7ba4f259427c60b14cff73519404e3c6758cff1bbfef668f7b367e3773e644efca53cf60e55e4cfae696f3134d3b9fa84b981d75

Download Submit
\Windows\system\umqzLJT.exe

Filesize
6.0MB

MD5
e230941565cdcf5b81f9807e3c48ab96

SHA1
ec8d6c8e5373cff9be8e877957d1ec2f59dda04d

SHA256
4f4e89e84e09536c0a0185e06eea190102065eb5ec89692327615bbe6568d0cd

SHA512
61351bbecc07437f5d2f3003f7fdb3ad5d96cb7b547b10fbe24e99a8a5bbcfdc68efad5aff53df1be669675cd04cc941877467e8ce9619120feec93fd0b6f218

Download Submit
\Windows\system\wReMHlJ.exe

Filesize
6.0MB

MD5
fc66cd70bae46e088bfe715abba4e628

SHA1
b8ebd3ee5c65da43474932934b4dcd7f4e1a490c

SHA256
b1f188c219a2e4ad0856555b47abc056a3b2d1b8ba5f4d6b73dbe08c06742c0b

SHA512
7e590e2d1dfed11cefaa8a9157576f33b8d7d7855023143be8b2f568a6e70861df92687b47c23f98003f145c9200175b64bc5b19143c96e0fbbe2c4e0d6277fa

Download Submit
memory/1092-3743-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/1092-66-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/1224-3751-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/1224-67-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/1476-217-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/1476-3756-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/1476-71-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-604-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2064-3767-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2064-81-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2156-399-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2156-76-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2156-3746-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2200-101-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2200-3766-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2224-3773-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2224-104-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2460-108-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2460-967-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2460-3780-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2584-34-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2584-68-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2584-3716-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2628-48-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2628-86-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2628-3675-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2648-910-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2648-0-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2648-496-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2648-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2648-12-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-35-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2648-605-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2648-6-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2648-19-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2648-23-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-106-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2648-105-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-33-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2648-103-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2648-31-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2648-37-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-45-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2648-63-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-60-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-88-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2704-3472-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2704-36-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2768-3462-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-65-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-27-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-44-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-3461-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-14-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-3713-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2896-52-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2896-21-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download