cobaltstrike | bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-12-2024 12:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
Size

6.0MB
MD5

df05ed392695d915723eef9cc35dd5d4
SHA1

d49199d08e47ffcd2155da0446811ac834338959
SHA256

bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef
SHA512

b89ce7e0a1d71d4cddfa47180a9090b4040e10b8589298ee68325988ec359434205dade14ebde816db241758c37d5840bbe39732753b9062f83608327435a545
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUN:eOl56utgpPF8u/7N

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b0000000122ea-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016db5-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dd0-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016de4-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016edb-37.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017400-53.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f6-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019268-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946a-198.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019465-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945b-188.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019450-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019446-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019433-173.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-163.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019387-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-104.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-95.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d58-79.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-73.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000190e1-64.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001707c-49.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016eb8-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/540-0-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x000b0000000122ea-3.dat	xmrig
behavioral1/memory/2316-8-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016db5-9.dat	xmrig
behavioral1/memory/2320-13-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/files/0x0008000000016dd0-11.dat	xmrig
behavioral1/memory/1740-20-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/files/0x0008000000016de4-21.dat	xmrig
behavioral1/memory/2604-26-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016edb-37.dat	xmrig
behavioral1/memory/2316-41-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2772-42-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/files/0x0008000000017400-53.dat	xmrig
behavioral1/memory/1740-58-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2804-59-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2640-74-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000191f6-86.dat	xmrig
behavioral1/files/0x0005000000019268-118.dat	xmrig
behavioral1/files/0x000500000001929a-138.dat	xmrig
behavioral1/files/0x0005000000019377-153.dat	xmrig
behavioral1/memory/1744-956-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/1792-799-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2972-598-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2576-418-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2568-229-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/files/0x000500000001946a-198.dat	xmrig
behavioral1/files/0x0005000000019465-193.dat	xmrig
behavioral1/files/0x000500000001945b-188.dat	xmrig
behavioral1/files/0x0005000000019450-183.dat	xmrig
behavioral1/files/0x0005000000019446-178.dat	xmrig
behavioral1/files/0x0005000000019433-173.dat	xmrig
behavioral1/files/0x00050000000193a4-163.dat	xmrig
behavioral1/files/0x00050000000193c1-168.dat	xmrig
behavioral1/files/0x0005000000019319-143.dat	xmrig
behavioral1/files/0x0005000000019387-158.dat	xmrig
behavioral1/files/0x0005000000019365-148.dat	xmrig
behavioral1/files/0x0005000000019278-133.dat	xmrig
behavioral1/files/0x0005000000019275-128.dat	xmrig
behavioral1/files/0x000500000001926c-123.dat	xmrig
behavioral1/files/0x0005000000019259-113.dat	xmrig
behavioral1/memory/1744-106-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2540-105-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019240-104.dat	xmrig
behavioral1/memory/1792-97-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2804-96-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/files/0x0005000000019217-95.dat	xmrig
behavioral1/memory/2972-88-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2780-87-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2576-81-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2772-80-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d58-79.dat	xmrig
behavioral1/memory/2568-75-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/files/0x00050000000191d2-73.dat	xmrig
behavioral1/memory/2540-66-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/2604-65-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/files/0x00080000000190e1-64.dat	xmrig
behavioral1/memory/2780-51-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2320-50-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/files/0x000700000001707c-49.dat	xmrig
behavioral1/memory/2640-35-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/540-34-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x0007000000016eb8-33.dat	xmrig
behavioral1/memory/540-30-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/540-18-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2316	XXAnFXS.exe
2320	gGMRxYn.exe
1740	yQALPiN.exe
2604	JUnhEFU.exe
2640	YuSUyJT.exe
2772	vFFUkXL.exe
2780	PKqPiBa.exe
2804	ahVRUNg.exe
2540	CBAlyZG.exe
2568	pjRwujN.exe
2576	QvmYsKp.exe
2972	lauHTso.exe
1792	SrIFYKP.exe
1744	OufvgAy.exe
2500	OWBoeSN.exe
580	HvRltrh.exe
1600	HFoHjnl.exe
856	bxakRLj.exe
1816	VvYauDV.exe
952	utIrQYr.exe
1724	gUTpHLJ.exe
1584	bhBCkiV.exe
2964	OeQttRi.exe
2704	bETVBnm.exe
1148	cLabOSp.exe
2372	ykrNbxc.exe
700	lLdVYXa.exe
1516	cQbxATe.exe
1620	KujzRUE.exe
1732	RUOrcpp.exe
960	TEzyTkf.exe
644	hWiuTRY.exe
572	gTBiRLP.exe
1376	xkQwIUm.exe
2080	INWpfQo.exe
1016	qVTBuZs.exe
1936	gOVRVYD.exe
2440	KNXsXMi.exe
2216	VqJULJA.exe
316	fhIoTIz.exe
2068	WZoJDXp.exe
2072	jcHTiMT.exe
2208	ycPVUDx.exe
1236	cNmPKfk.exe
1076	Hpzastd.exe
2476	dShABKB.exe
2436	UZNoVWm.exe
2928	iXfbFiJ.exe
2040	zSdGdrQ.exe
2420	yYoZbfD.exe
3024	CCRzuCG.exe
2748	CxxtSCL.exe
2752	kEWeClz.exe
2520	MLIQFHj.exe
2624	xkWaLCl.exe
2992	HMXGCWp.exe
308	DfpyuPy.exe
1628	vsXMWFG.exe
1292	uCdKYCn.exe
2608	WjwoeNp.exe
600	hIAOMka.exe
2852	ZCqVaJc.exe
1616	rsDftNm.exe
2600	wqANosl.exe

Loads dropped DLL 64 IoCs

pid	Process
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/540-0-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x000b0000000122ea-3.dat	upx
behavioral1/memory/2316-8-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/files/0x0009000000016db5-9.dat	upx
behavioral1/memory/2320-13-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/files/0x0008000000016dd0-11.dat	upx
behavioral1/memory/1740-20-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/files/0x0008000000016de4-21.dat	upx
behavioral1/memory/2604-26-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/files/0x0007000000016edb-37.dat	upx
behavioral1/memory/2316-41-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2772-42-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/files/0x0008000000017400-53.dat	upx
behavioral1/memory/1740-58-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2804-59-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2640-74-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/files/0x00050000000191f6-86.dat	upx
behavioral1/files/0x0005000000019268-118.dat	upx
behavioral1/files/0x000500000001929a-138.dat	upx
behavioral1/files/0x0005000000019377-153.dat	upx
behavioral1/memory/1744-956-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/1792-799-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2972-598-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2576-418-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2568-229-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/files/0x000500000001946a-198.dat	upx
behavioral1/files/0x0005000000019465-193.dat	upx
behavioral1/files/0x000500000001945b-188.dat	upx
behavioral1/files/0x0005000000019450-183.dat	upx
behavioral1/files/0x0005000000019446-178.dat	upx
behavioral1/files/0x0005000000019433-173.dat	upx
behavioral1/files/0x00050000000193a4-163.dat	upx
behavioral1/files/0x00050000000193c1-168.dat	upx
behavioral1/files/0x0005000000019319-143.dat	upx
behavioral1/files/0x0005000000019387-158.dat	upx
behavioral1/files/0x0005000000019365-148.dat	upx
behavioral1/files/0x0005000000019278-133.dat	upx
behavioral1/files/0x0005000000019275-128.dat	upx
behavioral1/files/0x000500000001926c-123.dat	upx
behavioral1/files/0x0005000000019259-113.dat	upx
behavioral1/memory/1744-106-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2540-105-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/files/0x0005000000019240-104.dat	upx
behavioral1/memory/1792-97-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2804-96-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/files/0x0005000000019217-95.dat	upx
behavioral1/memory/2972-88-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2780-87-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2576-81-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2772-80-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/files/0x0009000000016d58-79.dat	upx
behavioral1/memory/2568-75-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/files/0x00050000000191d2-73.dat	upx
behavioral1/memory/2540-66-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/memory/2604-65-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/files/0x00080000000190e1-64.dat	upx
behavioral1/memory/2780-51-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2320-50-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/files/0x000700000001707c-49.dat	upx
behavioral1/memory/2640-35-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/540-34-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x0007000000016eb8-33.dat	upx
behavioral1/memory/2316-3757-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2320-3759-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\iTmZmNY.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\TpCzfuc.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\GJgoccI.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\WcClnwT.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\jpvFHny.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\KyrSrmh.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\UZpsyhh.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\GIiTSBO.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\OfyCBTa.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\bKgWwmy.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\JmhHIoY.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\fmAgAPb.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\kbLJzyV.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\aZMCrhY.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\ItpqZxg.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\TAahdIF.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\wIiBXkr.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\JnUooPE.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\ckYOnaS.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\SIBrChs.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\gOVRVYD.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\ZrnWurV.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\BZaULXb.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\rIIUGKM.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\QQdXglu.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\HorfjTK.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\FzhiXit.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\VGXDRMI.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\RrFJiip.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\LZHQSYF.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\JKldvts.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\hCNMNFZ.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\kUcZfLs.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\NhvsrnW.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\Wxjrzqq.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\dqHCMLh.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\MgjMJDo.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\ohpguEY.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\tLOWdip.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\YFEfMOp.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\eoqMnmS.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\wcCUFIM.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\EEQHKDz.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\UJHlnjA.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\achaIhM.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\cSCCwwn.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\ENqykJt.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\hLHEesn.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\YMJEHIh.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\dhtqocH.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\nGrDQJd.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\ButEOiC.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\CIayrLg.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\qjFbyta.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\atsEkMi.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\zCYptwP.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\RJJsuRX.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\xkJFMyz.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\BMdfJqa.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\XCPUEFb.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\sGIdLYX.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\MYhQHpS.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\jOcLhwA.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
File created	C:\Windows\System\bvqHqwS.exe	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 540 wrote to memory of 2316	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	32
PID 540 wrote to memory of 2316	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	32
PID 540 wrote to memory of 2316	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	32
PID 540 wrote to memory of 2320	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	33
PID 540 wrote to memory of 2320	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	33
PID 540 wrote to memory of 2320	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	33
PID 540 wrote to memory of 1740	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	34
PID 540 wrote to memory of 1740	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	34
PID 540 wrote to memory of 1740	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	34
PID 540 wrote to memory of 2604	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	35
PID 540 wrote to memory of 2604	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	35
PID 540 wrote to memory of 2604	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	35
PID 540 wrote to memory of 2640	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	36
PID 540 wrote to memory of 2640	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	36
PID 540 wrote to memory of 2640	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	36
PID 540 wrote to memory of 2772	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	37
PID 540 wrote to memory of 2772	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	37
PID 540 wrote to memory of 2772	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	37
PID 540 wrote to memory of 2780	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	38
PID 540 wrote to memory of 2780	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	38
PID 540 wrote to memory of 2780	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	38
PID 540 wrote to memory of 2804	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	39
PID 540 wrote to memory of 2804	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	39
PID 540 wrote to memory of 2804	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	39
PID 540 wrote to memory of 2540	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	40
PID 540 wrote to memory of 2540	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	40
PID 540 wrote to memory of 2540	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	40
PID 540 wrote to memory of 2568	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	41
PID 540 wrote to memory of 2568	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	41
PID 540 wrote to memory of 2568	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	41
PID 540 wrote to memory of 2576	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	42
PID 540 wrote to memory of 2576	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	42
PID 540 wrote to memory of 2576	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	42
PID 540 wrote to memory of 2972	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	43
PID 540 wrote to memory of 2972	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	43
PID 540 wrote to memory of 2972	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	43
PID 540 wrote to memory of 1792	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	44
PID 540 wrote to memory of 1792	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	44
PID 540 wrote to memory of 1792	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	44
PID 540 wrote to memory of 1744	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	45
PID 540 wrote to memory of 1744	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	45
PID 540 wrote to memory of 1744	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	45
PID 540 wrote to memory of 2500	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	46
PID 540 wrote to memory of 2500	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	46
PID 540 wrote to memory of 2500	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	46
PID 540 wrote to memory of 580	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	47
PID 540 wrote to memory of 580	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	47
PID 540 wrote to memory of 580	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	47
PID 540 wrote to memory of 1600	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	48
PID 540 wrote to memory of 1600	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	48
PID 540 wrote to memory of 1600	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	48
PID 540 wrote to memory of 856	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	49
PID 540 wrote to memory of 856	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	49
PID 540 wrote to memory of 856	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	49
PID 540 wrote to memory of 1816	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	50
PID 540 wrote to memory of 1816	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	50
PID 540 wrote to memory of 1816	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	50
PID 540 wrote to memory of 952	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	51
PID 540 wrote to memory of 952	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	51
PID 540 wrote to memory of 952	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	51
PID 540 wrote to memory of 1724	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	52
PID 540 wrote to memory of 1724	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	52
PID 540 wrote to memory of 1724	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	52
PID 540 wrote to memory of 1584	540	JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe	53

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bb23c913373c497a7fddfc01d2080c0d5b17b05030b0a27e6c7104316c861bef.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:540
- C:\Windows\System\XXAnFXS.exe
  C:\Windows\System\XXAnFXS.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\gGMRxYn.exe
  C:\Windows\System\gGMRxYn.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\yQALPiN.exe
  C:\Windows\System\yQALPiN.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\JUnhEFU.exe
  C:\Windows\System\JUnhEFU.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\YuSUyJT.exe
  C:\Windows\System\YuSUyJT.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\vFFUkXL.exe
  C:\Windows\System\vFFUkXL.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\PKqPiBa.exe
  C:\Windows\System\PKqPiBa.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\ahVRUNg.exe
  C:\Windows\System\ahVRUNg.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\CBAlyZG.exe
  C:\Windows\System\CBAlyZG.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\pjRwujN.exe
  C:\Windows\System\pjRwujN.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\QvmYsKp.exe
  C:\Windows\System\QvmYsKp.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\lauHTso.exe
  C:\Windows\System\lauHTso.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\SrIFYKP.exe
  C:\Windows\System\SrIFYKP.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\OufvgAy.exe
  C:\Windows\System\OufvgAy.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\OWBoeSN.exe
  C:\Windows\System\OWBoeSN.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\HvRltrh.exe
  C:\Windows\System\HvRltrh.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\HFoHjnl.exe
  C:\Windows\System\HFoHjnl.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\bxakRLj.exe
  C:\Windows\System\bxakRLj.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\VvYauDV.exe
  C:\Windows\System\VvYauDV.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\utIrQYr.exe
  C:\Windows\System\utIrQYr.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\gUTpHLJ.exe
  C:\Windows\System\gUTpHLJ.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\bhBCkiV.exe
  C:\Windows\System\bhBCkiV.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\OeQttRi.exe
  C:\Windows\System\OeQttRi.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\bETVBnm.exe
  C:\Windows\System\bETVBnm.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\cLabOSp.exe
  C:\Windows\System\cLabOSp.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\ykrNbxc.exe
  C:\Windows\System\ykrNbxc.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\lLdVYXa.exe
  C:\Windows\System\lLdVYXa.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\cQbxATe.exe
  C:\Windows\System\cQbxATe.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\KujzRUE.exe
  C:\Windows\System\KujzRUE.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\RUOrcpp.exe
  C:\Windows\System\RUOrcpp.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\TEzyTkf.exe
  C:\Windows\System\TEzyTkf.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\hWiuTRY.exe
  C:\Windows\System\hWiuTRY.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\gTBiRLP.exe
  C:\Windows\System\gTBiRLP.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\xkQwIUm.exe
  C:\Windows\System\xkQwIUm.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\INWpfQo.exe
  C:\Windows\System\INWpfQo.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\qVTBuZs.exe
  C:\Windows\System\qVTBuZs.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\gOVRVYD.exe
  C:\Windows\System\gOVRVYD.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\KNXsXMi.exe
  C:\Windows\System\KNXsXMi.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\VqJULJA.exe
  C:\Windows\System\VqJULJA.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\fhIoTIz.exe
  C:\Windows\System\fhIoTIz.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\WZoJDXp.exe
  C:\Windows\System\WZoJDXp.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\jcHTiMT.exe
  C:\Windows\System\jcHTiMT.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\ycPVUDx.exe
  C:\Windows\System\ycPVUDx.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\cNmPKfk.exe
  C:\Windows\System\cNmPKfk.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\Hpzastd.exe
  C:\Windows\System\Hpzastd.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\dShABKB.exe
  C:\Windows\System\dShABKB.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\UZNoVWm.exe
  C:\Windows\System\UZNoVWm.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\iXfbFiJ.exe
  C:\Windows\System\iXfbFiJ.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\zSdGdrQ.exe
  C:\Windows\System\zSdGdrQ.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\yYoZbfD.exe
  C:\Windows\System\yYoZbfD.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\CCRzuCG.exe
  C:\Windows\System\CCRzuCG.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\CxxtSCL.exe
  C:\Windows\System\CxxtSCL.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\kEWeClz.exe
  C:\Windows\System\kEWeClz.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\MLIQFHj.exe
  C:\Windows\System\MLIQFHj.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\xkWaLCl.exe
  C:\Windows\System\xkWaLCl.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\HMXGCWp.exe
  C:\Windows\System\HMXGCWp.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\DfpyuPy.exe
  C:\Windows\System\DfpyuPy.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\vsXMWFG.exe
  C:\Windows\System\vsXMWFG.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\uCdKYCn.exe
  C:\Windows\System\uCdKYCn.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\WjwoeNp.exe
  C:\Windows\System\WjwoeNp.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\hIAOMka.exe
  C:\Windows\System\hIAOMka.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\ZCqVaJc.exe
  C:\Windows\System\ZCqVaJc.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\rsDftNm.exe
  C:\Windows\System\rsDftNm.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\wqANosl.exe
  C:\Windows\System\wqANosl.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\PCvDfsO.exe
  C:\Windows\System\PCvDfsO.exe
  2⤵
  PID:1100
- C:\Windows\System\soZMqpY.exe
  C:\Windows\System\soZMqpY.exe
  2⤵
  PID:1232
- C:\Windows\System\XNqIlPF.exe
  C:\Windows\System\XNqIlPF.exe
  2⤵
  PID:1660
- C:\Windows\System\IqsbbwK.exe
  C:\Windows\System\IqsbbwK.exe
  2⤵
  PID:1684
- C:\Windows\System\RrFJiip.exe
  C:\Windows\System\RrFJiip.exe
  2⤵
  PID:2788
- C:\Windows\System\KRynYXT.exe
  C:\Windows\System\KRynYXT.exe
  2⤵
  PID:1524
- C:\Windows\System\fJdqJmu.exe
  C:\Windows\System\fJdqJmu.exe
  2⤵
  PID:1044
- C:\Windows\System\IAJFKWh.exe
  C:\Windows\System\IAJFKWh.exe
  2⤵
  PID:1804
- C:\Windows\System\pWVsnjW.exe
  C:\Windows\System\pWVsnjW.exe
  2⤵
  PID:2084
- C:\Windows\System\HArsysg.exe
  C:\Windows\System\HArsysg.exe
  2⤵
  PID:2004
- C:\Windows\System\dpciGjh.exe
  C:\Windows\System\dpciGjh.exe
  2⤵
  PID:328
- C:\Windows\System\nmzkqzI.exe
  C:\Windows\System\nmzkqzI.exe
  2⤵
  PID:1680
- C:\Windows\System\xxroDFE.exe
  C:\Windows\System\xxroDFE.exe
  2⤵
  PID:2940
- C:\Windows\System\OzRQhIq.exe
  C:\Windows\System\OzRQhIq.exe
  2⤵
  PID:1720
- C:\Windows\System\OaEYRaP.exe
  C:\Windows\System\OaEYRaP.exe
  2⤵
  PID:2284
- C:\Windows\System\ntcSNDY.exe
  C:\Windows\System\ntcSNDY.exe
  2⤵
  PID:2656
- C:\Windows\System\rEcSwXX.exe
  C:\Windows\System\rEcSwXX.exe
  2⤵
  PID:2652
- C:\Windows\System\OzyEyqG.exe
  C:\Windows\System\OzyEyqG.exe
  2⤵
  PID:2800
- C:\Windows\System\IJNvOAK.exe
  C:\Windows\System\IJNvOAK.exe
  2⤵
  PID:2564
- C:\Windows\System\pWlawwF.exe
  C:\Windows\System\pWlawwF.exe
  2⤵
  PID:2580
- C:\Windows\System\TrXyFkI.exe
  C:\Windows\System\TrXyFkI.exe
  2⤵
  PID:2028
- C:\Windows\System\JKldvts.exe
  C:\Windows\System\JKldvts.exe
  2⤵
  PID:2708
- C:\Windows\System\GPaXcaS.exe
  C:\Windows\System\GPaXcaS.exe
  2⤵
  PID:1920
- C:\Windows\System\oiFXiue.exe
  C:\Windows\System\oiFXiue.exe
  2⤵
  PID:1956
- C:\Windows\System\KitunVc.exe
  C:\Windows\System\KitunVc.exe
  2⤵
  PID:680
- C:\Windows\System\IkcPflu.exe
  C:\Windows\System\IkcPflu.exe
  2⤵
  PID:1820
- C:\Windows\System\aUblnHu.exe
  C:\Windows\System\aUblnHu.exe
  2⤵
  PID:1548
- C:\Windows\System\KyrSrmh.exe
  C:\Windows\System\KyrSrmh.exe
  2⤵
  PID:2212
- C:\Windows\System\UKccntH.exe
  C:\Windows\System\UKccntH.exe
  2⤵
  PID:1188
- C:\Windows\System\pvCUlCX.exe
  C:\Windows\System\pvCUlCX.exe
  2⤵
  PID:2344
- C:\Windows\System\NAzlFsb.exe
  C:\Windows\System\NAzlFsb.exe
  2⤵
  PID:1004
- C:\Windows\System\onGEZuw.exe
  C:\Windows\System\onGEZuw.exe
  2⤵
  PID:3008
- C:\Windows\System\AVqybgO.exe
  C:\Windows\System\AVqybgO.exe
  2⤵
  PID:3080
- C:\Windows\System\trcImya.exe
  C:\Windows\System\trcImya.exe
  2⤵
  PID:3100
- C:\Windows\System\hSuMiLD.exe
  C:\Windows\System\hSuMiLD.exe
  2⤵
  PID:3120
- C:\Windows\System\AvCjFYh.exe
  C:\Windows\System\AvCjFYh.exe
  2⤵
  PID:3136
- C:\Windows\System\fmAgAPb.exe
  C:\Windows\System\fmAgAPb.exe
  2⤵
  PID:3160
- C:\Windows\System\JNesidN.exe
  C:\Windows\System\JNesidN.exe
  2⤵
  PID:3180
- C:\Windows\System\qHUFQws.exe
  C:\Windows\System\qHUFQws.exe
  2⤵
  PID:3200
- C:\Windows\System\yIeQynr.exe
  C:\Windows\System\yIeQynr.exe
  2⤵
  PID:3220
- C:\Windows\System\yDbnhbR.exe
  C:\Windows\System\yDbnhbR.exe
  2⤵
  PID:3244
- C:\Windows\System\nOduZBn.exe
  C:\Windows\System\nOduZBn.exe
  2⤵
  PID:3264
- C:\Windows\System\dbGSlfC.exe
  C:\Windows\System\dbGSlfC.exe
  2⤵
  PID:3284
- C:\Windows\System\TyTSKJw.exe
  C:\Windows\System\TyTSKJw.exe
  2⤵
  PID:3304
- C:\Windows\System\qzsDQSJ.exe
  C:\Windows\System\qzsDQSJ.exe
  2⤵
  PID:3324
- C:\Windows\System\idGUMOp.exe
  C:\Windows\System\idGUMOp.exe
  2⤵
  PID:3344
- C:\Windows\System\LotoEHL.exe
  C:\Windows\System\LotoEHL.exe
  2⤵
  PID:3364
- C:\Windows\System\sXvAkqh.exe
  C:\Windows\System\sXvAkqh.exe
  2⤵
  PID:3384
- C:\Windows\System\lQadPwx.exe
  C:\Windows\System\lQadPwx.exe
  2⤵
  PID:3404
- C:\Windows\System\hiOaNjO.exe
  C:\Windows\System\hiOaNjO.exe
  2⤵
  PID:3424
- C:\Windows\System\podlzQi.exe
  C:\Windows\System\podlzQi.exe
  2⤵
  PID:3444
- C:\Windows\System\UaMkZaQ.exe
  C:\Windows\System\UaMkZaQ.exe
  2⤵
  PID:3464
- C:\Windows\System\dimXXBs.exe
  C:\Windows\System\dimXXBs.exe
  2⤵
  PID:3484
- C:\Windows\System\ZrIqQMg.exe
  C:\Windows\System\ZrIqQMg.exe
  2⤵
  PID:3504
- C:\Windows\System\NjXbXiB.exe
  C:\Windows\System\NjXbXiB.exe
  2⤵
  PID:3524
- C:\Windows\System\MnsYhDk.exe
  C:\Windows\System\MnsYhDk.exe
  2⤵
  PID:3544
- C:\Windows\System\GnUPlYC.exe
  C:\Windows\System\GnUPlYC.exe
  2⤵
  PID:3564
- C:\Windows\System\PWgZpNa.exe
  C:\Windows\System\PWgZpNa.exe
  2⤵
  PID:3584
- C:\Windows\System\dKbtyVn.exe
  C:\Windows\System\dKbtyVn.exe
  2⤵
  PID:3604
- C:\Windows\System\kWzzebU.exe
  C:\Windows\System\kWzzebU.exe
  2⤵
  PID:3620
- C:\Windows\System\LlHELyo.exe
  C:\Windows\System\LlHELyo.exe
  2⤵
  PID:3644
- C:\Windows\System\qyyVdtj.exe
  C:\Windows\System\qyyVdtj.exe
  2⤵
  PID:3664
- C:\Windows\System\ZoxGClF.exe
  C:\Windows\System\ZoxGClF.exe
  2⤵
  PID:3684
- C:\Windows\System\UhtTJov.exe
  C:\Windows\System\UhtTJov.exe
  2⤵
  PID:3700
- C:\Windows\System\hkRntSf.exe
  C:\Windows\System\hkRntSf.exe
  2⤵
  PID:3724
- C:\Windows\System\AUIZMob.exe
  C:\Windows\System\AUIZMob.exe
  2⤵
  PID:3744
- C:\Windows\System\MajotjU.exe
  C:\Windows\System\MajotjU.exe
  2⤵
  PID:3764
- C:\Windows\System\ZkFdGbK.exe
  C:\Windows\System\ZkFdGbK.exe
  2⤵
  PID:3784
- C:\Windows\System\Gqwootx.exe
  C:\Windows\System\Gqwootx.exe
  2⤵
  PID:3804
- C:\Windows\System\gAPGTpQ.exe
  C:\Windows\System\gAPGTpQ.exe
  2⤵
  PID:3824
- C:\Windows\System\ZAbkPUP.exe
  C:\Windows\System\ZAbkPUP.exe
  2⤵
  PID:3844
- C:\Windows\System\XhWLeDE.exe
  C:\Windows\System\XhWLeDE.exe
  2⤵
  PID:3864
- C:\Windows\System\NlQYLPL.exe
  C:\Windows\System\NlQYLPL.exe
  2⤵
  PID:3884
- C:\Windows\System\elFdbYt.exe
  C:\Windows\System\elFdbYt.exe
  2⤵
  PID:3904
- C:\Windows\System\qjjZOLz.exe
  C:\Windows\System\qjjZOLz.exe
  2⤵
  PID:3924
- C:\Windows\System\nFixkcY.exe
  C:\Windows\System\nFixkcY.exe
  2⤵
  PID:3944
- C:\Windows\System\lPuWkwn.exe
  C:\Windows\System\lPuWkwn.exe
  2⤵
  PID:3968
- C:\Windows\System\xnmeBqW.exe
  C:\Windows\System\xnmeBqW.exe
  2⤵
  PID:3988
- C:\Windows\System\kJVobMu.exe
  C:\Windows\System\kJVobMu.exe
  2⤵
  PID:4008
- C:\Windows\System\HVcOzOt.exe
  C:\Windows\System\HVcOzOt.exe
  2⤵
  PID:4028
- C:\Windows\System\HHHJZQG.exe
  C:\Windows\System\HHHJZQG.exe
  2⤵
  PID:4048
- C:\Windows\System\paurwzA.exe
  C:\Windows\System\paurwzA.exe
  2⤵
  PID:4068
- C:\Windows\System\dkPGEvm.exe
  C:\Windows\System\dkPGEvm.exe
  2⤵
  PID:4088
- C:\Windows\System\ePmGbMF.exe
  C:\Windows\System\ePmGbMF.exe
  2⤵
  PID:896
- C:\Windows\System\eMLBhkK.exe
  C:\Windows\System\eMLBhkK.exe
  2⤵
  PID:1544
- C:\Windows\System\RKabVuv.exe
  C:\Windows\System\RKabVuv.exe
  2⤵
  PID:2524
- C:\Windows\System\XceGCom.exe
  C:\Windows\System\XceGCom.exe
  2⤵
  PID:536
- C:\Windows\System\qKMitVA.exe
  C:\Windows\System\qKMitVA.exe
  2⤵
  PID:2012
- C:\Windows\System\mHKFjgb.exe
  C:\Windows\System\mHKFjgb.exe
  2⤵
  PID:2712
- C:\Windows\System\qmZHZAz.exe
  C:\Windows\System\qmZHZAz.exe
  2⤵
  PID:1196
- C:\Windows\System\aPFLMlU.exe
  C:\Windows\System\aPFLMlU.exe
  2⤵
  PID:1536
- C:\Windows\System\tjVLhTN.exe
  C:\Windows\System\tjVLhTN.exe
  2⤵
  PID:2364
- C:\Windows\System\fEuzzCV.exe
  C:\Windows\System\fEuzzCV.exe
  2⤵
  PID:1588
- C:\Windows\System\DtOWila.exe
  C:\Windows\System\DtOWila.exe
  2⤵
  PID:1568
- C:\Windows\System\RAzwqkM.exe
  C:\Windows\System\RAzwqkM.exe
  2⤵
  PID:3116
- C:\Windows\System\SszFxZa.exe
  C:\Windows\System\SszFxZa.exe
  2⤵
  PID:3128
- C:\Windows\System\pOseFLR.exe
  C:\Windows\System\pOseFLR.exe
  2⤵
  PID:3168
- C:\Windows\System\BHMyRzN.exe
  C:\Windows\System\BHMyRzN.exe
  2⤵
  PID:3228
- C:\Windows\System\KRKMPUV.exe
  C:\Windows\System\KRKMPUV.exe
  2⤵
  PID:3272
- C:\Windows\System\HNAxYIv.exe
  C:\Windows\System\HNAxYIv.exe
  2⤵
  PID:3280
- C:\Windows\System\pncClKs.exe
  C:\Windows\System\pncClKs.exe
  2⤵
  PID:3316
- C:\Windows\System\RjEraXA.exe
  C:\Windows\System\RjEraXA.exe
  2⤵
  PID:3360
- C:\Windows\System\cgFxUBS.exe
  C:\Windows\System\cgFxUBS.exe
  2⤵
  PID:3376
- C:\Windows\System\UZpsyhh.exe
  C:\Windows\System\UZpsyhh.exe
  2⤵
  PID:3432
- C:\Windows\System\vlewQpG.exe
  C:\Windows\System\vlewQpG.exe
  2⤵
  PID:3480
- C:\Windows\System\jCviNdS.exe
  C:\Windows\System\jCviNdS.exe
  2⤵
  PID:3512
- C:\Windows\System\DlZowLu.exe
  C:\Windows\System\DlZowLu.exe
  2⤵
  PID:3516
- C:\Windows\System\AnVRLYB.exe
  C:\Windows\System\AnVRLYB.exe
  2⤵
  PID:3556
- C:\Windows\System\dKSymSv.exe
  C:\Windows\System\dKSymSv.exe
  2⤵
  PID:3596
- C:\Windows\System\uuyfyWt.exe
  C:\Windows\System\uuyfyWt.exe
  2⤵
  PID:3640
- C:\Windows\System\snoYKho.exe
  C:\Windows\System\snoYKho.exe
  2⤵
  PID:3656
- C:\Windows\System\KBHzhEv.exe
  C:\Windows\System\KBHzhEv.exe
  2⤵
  PID:3652
- C:\Windows\System\durYQNO.exe
  C:\Windows\System\durYQNO.exe
  2⤵
  PID:3696
- C:\Windows\System\wehiDaX.exe
  C:\Windows\System\wehiDaX.exe
  2⤵
  PID:3740
- C:\Windows\System\igdRpVp.exe
  C:\Windows\System\igdRpVp.exe
  2⤵
  PID:3776
- C:\Windows\System\IamTlrt.exe
  C:\Windows\System\IamTlrt.exe
  2⤵
  PID:3832
- C:\Windows\System\hJylOds.exe
  C:\Windows\System\hJylOds.exe
  2⤵
  PID:3872
- C:\Windows\System\cPfgmlV.exe
  C:\Windows\System\cPfgmlV.exe
  2⤵
  PID:3912
- C:\Windows\System\kVLgTaq.exe
  C:\Windows\System\kVLgTaq.exe
  2⤵
  PID:3952
- C:\Windows\System\tzlJYfJ.exe
  C:\Windows\System\tzlJYfJ.exe
  2⤵
  PID:3940
- C:\Windows\System\WypYfCm.exe
  C:\Windows\System\WypYfCm.exe
  2⤵
  PID:4000
- C:\Windows\System\XSyIlPs.exe
  C:\Windows\System\XSyIlPs.exe
  2⤵
  PID:4020
- C:\Windows\System\vHhuZYj.exe
  C:\Windows\System\vHhuZYj.exe
  2⤵
  PID:4080
- C:\Windows\System\NtNWLGw.exe
  C:\Windows\System\NtNWLGw.exe
  2⤵
  PID:3032
- C:\Windows\System\ubfBEkx.exe
  C:\Windows\System\ubfBEkx.exe
  2⤵
  PID:2676
- C:\Windows\System\FmxUzuu.exe
  C:\Windows\System\FmxUzuu.exe
  2⤵
  PID:2352
- C:\Windows\System\wMJlLaE.exe
  C:\Windows\System\wMJlLaE.exe
  2⤵
  PID:1964
- C:\Windows\System\QJmmvrL.exe
  C:\Windows\System\QJmmvrL.exe
  2⤵
  PID:3048
- C:\Windows\System\FYRfflM.exe
  C:\Windows\System\FYRfflM.exe
  2⤵
  PID:2376
- C:\Windows\System\MBegNrY.exe
  C:\Windows\System\MBegNrY.exe
  2⤵
  PID:3088
- C:\Windows\System\hRGVLOh.exe
  C:\Windows\System\hRGVLOh.exe
  2⤵
  PID:3076
- C:\Windows\System\rRQoQkt.exe
  C:\Windows\System\rRQoQkt.exe
  2⤵
  PID:3188
- C:\Windows\System\KBUFbzw.exe
  C:\Windows\System\KBUFbzw.exe
  2⤵
  PID:3232
- C:\Windows\System\riFGerW.exe
  C:\Windows\System\riFGerW.exe
  2⤵
  PID:3276
- C:\Windows\System\cSfLpbx.exe
  C:\Windows\System\cSfLpbx.exe
  2⤵
  PID:3380
- C:\Windows\System\RSPLjzO.exe
  C:\Windows\System\RSPLjzO.exe
  2⤵
  PID:3440
- C:\Windows\System\zAZDzzo.exe
  C:\Windows\System\zAZDzzo.exe
  2⤵
  PID:3500
- C:\Windows\System\PHzNmXN.exe
  C:\Windows\System\PHzNmXN.exe
  2⤵
  PID:3456
- C:\Windows\System\GfnHIvQ.exe
  C:\Windows\System\GfnHIvQ.exe
  2⤵
  PID:3560
- C:\Windows\System\hYwmuxV.exe
  C:\Windows\System\hYwmuxV.exe
  2⤵
  PID:3576
- C:\Windows\System\oynKWFx.exe
  C:\Windows\System\oynKWFx.exe
  2⤵
  PID:3692
- C:\Windows\System\lOlwali.exe
  C:\Windows\System\lOlwali.exe
  2⤵
  PID:3792
- C:\Windows\System\gLREJiF.exe
  C:\Windows\System\gLREJiF.exe
  2⤵
  PID:2020
- C:\Windows\System\fJwlqUI.exe
  C:\Windows\System\fJwlqUI.exe
  2⤵
  PID:3820
- C:\Windows\System\doVImDd.exe
  C:\Windows\System\doVImDd.exe
  2⤵
  PID:3892
- C:\Windows\System\LKLXgPN.exe
  C:\Windows\System\LKLXgPN.exe
  2⤵
  PID:3984
- C:\Windows\System\XcaHvGk.exe
  C:\Windows\System\XcaHvGk.exe
  2⤵
  PID:4084
- C:\Windows\System\RuQZaWR.exe
  C:\Windows\System\RuQZaWR.exe
  2⤵
  PID:2292
- C:\Windows\System\oaQfrEr.exe
  C:\Windows\System\oaQfrEr.exe
  2⤵
  PID:2768
- C:\Windows\System\SJLKvoD.exe
  C:\Windows\System\SJLKvoD.exe
  2⤵
  PID:2572
- C:\Windows\System\aYiRYIf.exe
  C:\Windows\System\aYiRYIf.exe
  2⤵
  PID:3056
- C:\Windows\System\PDbEmeY.exe
  C:\Windows\System\PDbEmeY.exe
  2⤵
  PID:1596
- C:\Windows\System\zcLJLtM.exe
  C:\Windows\System\zcLJLtM.exe
  2⤵
  PID:3208
- C:\Windows\System\Qwjpcie.exe
  C:\Windows\System\Qwjpcie.exe
  2⤵
  PID:3192
- C:\Windows\System\qrEvOLY.exe
  C:\Windows\System\qrEvOLY.exe
  2⤵
  PID:3300
- C:\Windows\System\inKBbJp.exe
  C:\Windows\System\inKBbJp.exe
  2⤵
  PID:3412
- C:\Windows\System\RiEVZVR.exe
  C:\Windows\System\RiEVZVR.exe
  2⤵
  PID:3592
- C:\Windows\System\LyPcCcq.exe
  C:\Windows\System\LyPcCcq.exe
  2⤵
  PID:3612
- C:\Windows\System\bbogfeS.exe
  C:\Windows\System\bbogfeS.exe
  2⤵
  PID:4104
- C:\Windows\System\rXRjnIs.exe
  C:\Windows\System\rXRjnIs.exe
  2⤵
  PID:4124
- C:\Windows\System\HiSPbmI.exe
  C:\Windows\System\HiSPbmI.exe
  2⤵
  PID:4144
- C:\Windows\System\YRxSibu.exe
  C:\Windows\System\YRxSibu.exe
  2⤵
  PID:4168
- C:\Windows\System\GIiTSBO.exe
  C:\Windows\System\GIiTSBO.exe
  2⤵
  PID:4188
- C:\Windows\System\YFQASJZ.exe
  C:\Windows\System\YFQASJZ.exe
  2⤵
  PID:4208
- C:\Windows\System\IJoivkt.exe
  C:\Windows\System\IJoivkt.exe
  2⤵
  PID:4228
- C:\Windows\System\zRYTMWs.exe
  C:\Windows\System\zRYTMWs.exe
  2⤵
  PID:4248
- C:\Windows\System\VLZeras.exe
  C:\Windows\System\VLZeras.exe
  2⤵
  PID:4272
- C:\Windows\System\CzgZYHb.exe
  C:\Windows\System\CzgZYHb.exe
  2⤵
  PID:4292
- C:\Windows\System\ORzOakA.exe
  C:\Windows\System\ORzOakA.exe
  2⤵
  PID:4312
- C:\Windows\System\nPGpGLL.exe
  C:\Windows\System\nPGpGLL.exe
  2⤵
  PID:4332
- C:\Windows\System\GXpxtWM.exe
  C:\Windows\System\GXpxtWM.exe
  2⤵
  PID:4352
- C:\Windows\System\OXDZegu.exe
  C:\Windows\System\OXDZegu.exe
  2⤵
  PID:4372
- C:\Windows\System\ceUXFpk.exe
  C:\Windows\System\ceUXFpk.exe
  2⤵
  PID:4392
- C:\Windows\System\CXRDkcW.exe
  C:\Windows\System\CXRDkcW.exe
  2⤵
  PID:4412
- C:\Windows\System\GNlkgDa.exe
  C:\Windows\System\GNlkgDa.exe
  2⤵
  PID:4432
- C:\Windows\System\bwMUTZs.exe
  C:\Windows\System\bwMUTZs.exe
  2⤵
  PID:4452
- C:\Windows\System\iACcowg.exe
  C:\Windows\System\iACcowg.exe
  2⤵
  PID:4472
- C:\Windows\System\WiwYwne.exe
  C:\Windows\System\WiwYwne.exe
  2⤵
  PID:4492
- C:\Windows\System\oMqjpuW.exe
  C:\Windows\System\oMqjpuW.exe
  2⤵
  PID:4512
- C:\Windows\System\FJqnsJX.exe
  C:\Windows\System\FJqnsJX.exe
  2⤵
  PID:4532
- C:\Windows\System\JCEKfwm.exe
  C:\Windows\System\JCEKfwm.exe
  2⤵
  PID:4552
- C:\Windows\System\AhlDErj.exe
  C:\Windows\System\AhlDErj.exe
  2⤵
  PID:4572
- C:\Windows\System\XLCpjcf.exe
  C:\Windows\System\XLCpjcf.exe
  2⤵
  PID:4592
- C:\Windows\System\udCnCGR.exe
  C:\Windows\System\udCnCGR.exe
  2⤵
  PID:4612
- C:\Windows\System\tgUKNhC.exe
  C:\Windows\System\tgUKNhC.exe
  2⤵
  PID:4632
- C:\Windows\System\GIMpndx.exe
  C:\Windows\System\GIMpndx.exe
  2⤵
  PID:4652
- C:\Windows\System\liopSxg.exe
  C:\Windows\System\liopSxg.exe
  2⤵
  PID:4672
- C:\Windows\System\KXZGKCZ.exe
  C:\Windows\System\KXZGKCZ.exe
  2⤵
  PID:4692
- C:\Windows\System\POgUuVx.exe
  C:\Windows\System\POgUuVx.exe
  2⤵
  PID:4712
- C:\Windows\System\xtKkVbi.exe
  C:\Windows\System\xtKkVbi.exe
  2⤵
  PID:4732
- C:\Windows\System\QuEgoYk.exe
  C:\Windows\System\QuEgoYk.exe
  2⤵
  PID:4752
- C:\Windows\System\jOgAIVx.exe
  C:\Windows\System\jOgAIVx.exe
  2⤵
  PID:4772
- C:\Windows\System\TsYIBJu.exe
  C:\Windows\System\TsYIBJu.exe
  2⤵
  PID:4792
- C:\Windows\System\DrCFvsZ.exe
  C:\Windows\System\DrCFvsZ.exe
  2⤵
  PID:4812
- C:\Windows\System\thMRzkV.exe
  C:\Windows\System\thMRzkV.exe
  2⤵
  PID:4832
- C:\Windows\System\XRxmGtu.exe
  C:\Windows\System\XRxmGtu.exe
  2⤵
  PID:4852
- C:\Windows\System\myUEoNS.exe
  C:\Windows\System\myUEoNS.exe
  2⤵
  PID:4872
- C:\Windows\System\EQWVFXQ.exe
  C:\Windows\System\EQWVFXQ.exe
  2⤵
  PID:4892
- C:\Windows\System\dTzqWHr.exe
  C:\Windows\System\dTzqWHr.exe
  2⤵
  PID:4916
- C:\Windows\System\PxZRqyT.exe
  C:\Windows\System\PxZRqyT.exe
  2⤵
  PID:4936
- C:\Windows\System\vSCPLZK.exe
  C:\Windows\System\vSCPLZK.exe
  2⤵
  PID:4960
- C:\Windows\System\BWbauGz.exe
  C:\Windows\System\BWbauGz.exe
  2⤵
  PID:4980
- C:\Windows\System\ugTCLRc.exe
  C:\Windows\System\ugTCLRc.exe
  2⤵
  PID:5000
- C:\Windows\System\YxxAQQr.exe
  C:\Windows\System\YxxAQQr.exe
  2⤵
  PID:5020
- C:\Windows\System\qrzNyuR.exe
  C:\Windows\System\qrzNyuR.exe
  2⤵
  PID:5040
- C:\Windows\System\mhzWdpn.exe
  C:\Windows\System\mhzWdpn.exe
  2⤵
  PID:5060
- C:\Windows\System\xUoBHdN.exe
  C:\Windows\System\xUoBHdN.exe
  2⤵
  PID:5080
- C:\Windows\System\bGFlThC.exe
  C:\Windows\System\bGFlThC.exe
  2⤵
  PID:5100
- C:\Windows\System\dBxnemx.exe
  C:\Windows\System\dBxnemx.exe
  2⤵
  PID:3672
- C:\Windows\System\hPliRrg.exe
  C:\Windows\System\hPliRrg.exe
  2⤵
  PID:3760
- C:\Windows\System\gJZGQAY.exe
  C:\Windows\System\gJZGQAY.exe
  2⤵
  PID:3916
- C:\Windows\System\RtGxZZh.exe
  C:\Windows\System\RtGxZZh.exe
  2⤵
  PID:4024
- C:\Windows\System\ypdjeyz.exe
  C:\Windows\System\ypdjeyz.exe
  2⤵
  PID:4060
- C:\Windows\System\aPZQELH.exe
  C:\Windows\System\aPZQELH.exe
  2⤵
  PID:4044
- C:\Windows\System\TzzwNYx.exe
  C:\Windows\System\TzzwNYx.exe
  2⤵
  PID:2724
- C:\Windows\System\LxjHoHk.exe
  C:\Windows\System\LxjHoHk.exe
  2⤵
  PID:2872
- C:\Windows\System\WMOsnjl.exe
  C:\Windows\System\WMOsnjl.exe
  2⤵
  PID:3312
- C:\Windows\System\xsxtNnQ.exe
  C:\Windows\System\xsxtNnQ.exe
  2⤵
  PID:3452
- C:\Windows\System\GYndCBH.exe
  C:\Windows\System\GYndCBH.exe
  2⤵
  PID:3572
- C:\Windows\System\Jjpywfm.exe
  C:\Windows\System\Jjpywfm.exe
  2⤵
  PID:4140
- C:\Windows\System\GuLtcsY.exe
  C:\Windows\System\GuLtcsY.exe
  2⤵
  PID:4152
- C:\Windows\System\kKACdgy.exe
  C:\Windows\System\kKACdgy.exe
  2⤵
  PID:4180
- C:\Windows\System\nhRPAJw.exe
  C:\Windows\System\nhRPAJw.exe
  2⤵
  PID:4204
- C:\Windows\System\gzXQaSD.exe
  C:\Windows\System\gzXQaSD.exe
  2⤵
  PID:4260
- C:\Windows\System\QmKbgrY.exe
  C:\Windows\System\QmKbgrY.exe
  2⤵
  PID:4304
- C:\Windows\System\vQnwRCC.exe
  C:\Windows\System\vQnwRCC.exe
  2⤵
  PID:4348
- C:\Windows\System\OEQXeNF.exe
  C:\Windows\System\OEQXeNF.exe
  2⤵
  PID:4380
- C:\Windows\System\nlbCEIQ.exe
  C:\Windows\System\nlbCEIQ.exe
  2⤵
  PID:4364
- C:\Windows\System\loMNPNA.exe
  C:\Windows\System\loMNPNA.exe
  2⤵
  PID:4156
- C:\Windows\System\mWKmnax.exe
  C:\Windows\System\mWKmnax.exe
  2⤵
  PID:4444
- C:\Windows\System\zyEHTJO.exe
  C:\Windows\System\zyEHTJO.exe
  2⤵
  PID:4488
- C:\Windows\System\jqIcQPL.exe
  C:\Windows\System\jqIcQPL.exe
  2⤵
  PID:4540
- C:\Windows\System\CtqfDsG.exe
  C:\Windows\System\CtqfDsG.exe
  2⤵
  PID:4524
- C:\Windows\System\atFFJNW.exe
  C:\Windows\System\atFFJNW.exe
  2⤵
  PID:4568
- C:\Windows\System\fiecfgl.exe
  C:\Windows\System\fiecfgl.exe
  2⤵
  PID:4608
- C:\Windows\System\mKDMyto.exe
  C:\Windows\System\mKDMyto.exe
  2⤵
  PID:4664
- C:\Windows\System\nbffZUQ.exe
  C:\Windows\System\nbffZUQ.exe
  2⤵
  PID:4708
- C:\Windows\System\hvWLKeH.exe
  C:\Windows\System\hvWLKeH.exe
  2⤵
  PID:4748
- C:\Windows\System\CGGJCLg.exe
  C:\Windows\System\CGGJCLg.exe
  2⤵
  PID:4788
- C:\Windows\System\JEZXqqI.exe
  C:\Windows\System\JEZXqqI.exe
  2⤵
  PID:4764
- C:\Windows\System\sMcrUIy.exe
  C:\Windows\System\sMcrUIy.exe
  2⤵
  PID:4824
- C:\Windows\System\sgYDiFV.exe
  C:\Windows\System\sgYDiFV.exe
  2⤵
  PID:4864
- C:\Windows\System\cCLEfxu.exe
  C:\Windows\System\cCLEfxu.exe
  2⤵
  PID:4912
- C:\Windows\System\dLQvXVS.exe
  C:\Windows\System\dLQvXVS.exe
  2⤵
  PID:4928
- C:\Windows\System\FrylxOW.exe
  C:\Windows\System\FrylxOW.exe
  2⤵
  PID:4968
- C:\Windows\System\uzhSdHK.exe
  C:\Windows\System\uzhSdHK.exe
  2⤵
  PID:4992
- C:\Windows\System\ZrnWurV.exe
  C:\Windows\System\ZrnWurV.exe
  2⤵
  PID:5036
- C:\Windows\System\erdApYY.exe
  C:\Windows\System\erdApYY.exe
  2⤵
  PID:5052
- C:\Windows\System\MOTgCuz.exe
  C:\Windows\System\MOTgCuz.exe
  2⤵
  PID:5096
- C:\Windows\System\JuKEzBk.exe
  C:\Windows\System\JuKEzBk.exe
  2⤵
  PID:3836
- C:\Windows\System\vlsGtup.exe
  C:\Windows\System\vlsGtup.exe
  2⤵
  PID:3956
- C:\Windows\System\agfZmcy.exe
  C:\Windows\System\agfZmcy.exe
  2⤵
  PID:2432
- C:\Windows\System\JPhIqlv.exe
  C:\Windows\System\JPhIqlv.exe
  2⤵
  PID:1172
- C:\Windows\System\HrOAnqv.exe
  C:\Windows\System\HrOAnqv.exe
  2⤵
  PID:1944
- C:\Windows\System\bEusxLd.exe
  C:\Windows\System\bEusxLd.exe
  2⤵
  PID:3212
- C:\Windows\System\iAnQibi.exe
  C:\Windows\System\iAnQibi.exe
  2⤵
  PID:3420
- C:\Windows\System\aDdIODc.exe
  C:\Windows\System\aDdIODc.exe
  2⤵
  PID:4132
- C:\Windows\System\SSmkKdM.exe
  C:\Windows\System\SSmkKdM.exe
  2⤵
  PID:4164
- C:\Windows\System\pGEjQKM.exe
  C:\Windows\System\pGEjQKM.exe
  2⤵
  PID:4300
- C:\Windows\System\wIiBXkr.exe
  C:\Windows\System\wIiBXkr.exe
  2⤵
  PID:4328
- C:\Windows\System\uslBTaL.exe
  C:\Windows\System\uslBTaL.exe
  2⤵
  PID:4420
- C:\Windows\System\WcClnwT.exe
  C:\Windows\System\WcClnwT.exe
  2⤵
  PID:4368
- C:\Windows\System\AUEKkcS.exe
  C:\Windows\System\AUEKkcS.exe
  2⤵
  PID:4460
- C:\Windows\System\EEvZvkW.exe
  C:\Windows\System\EEvZvkW.exe
  2⤵
  PID:4484
- C:\Windows\System\YcZrWPs.exe
  C:\Windows\System\YcZrWPs.exe
  2⤵
  PID:4624
- C:\Windows\System\iHSGUrQ.exe
  C:\Windows\System\iHSGUrQ.exe
  2⤵
  PID:4680
- C:\Windows\System\mSsAsCG.exe
  C:\Windows\System\mSsAsCG.exe
  2⤵
  PID:4688
- C:\Windows\System\FGotdnR.exe
  C:\Windows\System\FGotdnR.exe
  2⤵
  PID:4820
- C:\Windows\System\hRhtHmQ.exe
  C:\Windows\System\hRhtHmQ.exe
  2⤵
  PID:4308
- C:\Windows\System\KzHwpPV.exe
  C:\Windows\System\KzHwpPV.exe
  2⤵
  PID:4900
- C:\Windows\System\nxutwmO.exe
  C:\Windows\System\nxutwmO.exe
  2⤵
  PID:4952
- C:\Windows\System\WpPDBRn.exe
  C:\Windows\System\WpPDBRn.exe
  2⤵
  PID:4944
- C:\Windows\System\LlsLSfm.exe
  C:\Windows\System\LlsLSfm.exe
  2⤵
  PID:5028
- C:\Windows\System\nGrDQJd.exe
  C:\Windows\System\nGrDQJd.exe
  2⤵
  PID:5108
- C:\Windows\System\JPcUmRP.exe
  C:\Windows\System\JPcUmRP.exe
  2⤵
  PID:3900
- C:\Windows\System\nbBsgdT.exe
  C:\Windows\System\nbBsgdT.exe
  2⤵
  PID:3876
- C:\Windows\System\nBUUffx.exe
  C:\Windows\System\nBUUffx.exe
  2⤵
  PID:3960
- C:\Windows\System\qJHTBfo.exe
  C:\Windows\System\qJHTBfo.exe
  2⤵
  PID:3352
- C:\Windows\System\FlUHCCT.exe
  C:\Windows\System\FlUHCCT.exe
  2⤵
  PID:4116
- C:\Windows\System\vwDdADm.exe
  C:\Windows\System\vwDdADm.exe
  2⤵
  PID:4224
- C:\Windows\System\bPjAKmi.exe
  C:\Windows\System\bPjAKmi.exe
  2⤵
  PID:4360
- C:\Windows\System\qxAXbvp.exe
  C:\Windows\System\qxAXbvp.exe
  2⤵
  PID:4284
- C:\Windows\System\CKfFvdN.exe
  C:\Windows\System\CKfFvdN.exe
  2⤵
  PID:4500
- C:\Windows\System\NlfnePM.exe
  C:\Windows\System\NlfnePM.exe
  2⤵
  PID:4604
- C:\Windows\System\znffVdK.exe
  C:\Windows\System\znffVdK.exe
  2⤵
  PID:4668
- C:\Windows\System\OmHYhij.exe
  C:\Windows\System\OmHYhij.exe
  2⤵
  PID:4768
- C:\Windows\System\EuAKwcP.exe
  C:\Windows\System\EuAKwcP.exe
  2⤵
  PID:4724
- C:\Windows\System\VAKXrnW.exe
  C:\Windows\System\VAKXrnW.exe
  2⤵
  PID:2960
- C:\Windows\System\KtRMRVF.exe
  C:\Windows\System\KtRMRVF.exe
  2⤵
  PID:5016
- C:\Windows\System\iTmZmNY.exe
  C:\Windows\System\iTmZmNY.exe
  2⤵
  PID:5068
- C:\Windows\System\ymyScAL.exe
  C:\Windows\System\ymyScAL.exe
  2⤵
  PID:876
- C:\Windows\System\XfxFZLz.exe
  C:\Windows\System\XfxFZLz.exe
  2⤵
  PID:2268
- C:\Windows\System\vNCNQmi.exe
  C:\Windows\System\vNCNQmi.exe
  2⤵
  PID:5140
- C:\Windows\System\XibOtHm.exe
  C:\Windows\System\XibOtHm.exe
  2⤵
  PID:5156
- C:\Windows\System\motJhlu.exe
  C:\Windows\System\motJhlu.exe
  2⤵
  PID:5180
- C:\Windows\System\ELRtJPd.exe
  C:\Windows\System\ELRtJPd.exe
  2⤵
  PID:5200
- C:\Windows\System\QDxJwCw.exe
  C:\Windows\System\QDxJwCw.exe
  2⤵
  PID:5220
- C:\Windows\System\NkSYGyF.exe
  C:\Windows\System\NkSYGyF.exe
  2⤵
  PID:5240
- C:\Windows\System\daDdrFo.exe
  C:\Windows\System\daDdrFo.exe
  2⤵
  PID:5260
- C:\Windows\System\IdKzpvL.exe
  C:\Windows\System\IdKzpvL.exe
  2⤵
  PID:5276
- C:\Windows\System\xJLIkBW.exe
  C:\Windows\System\xJLIkBW.exe
  2⤵
  PID:5300
- C:\Windows\System\hPOnvSJ.exe
  C:\Windows\System\hPOnvSJ.exe
  2⤵
  PID:5320
- C:\Windows\System\YNUZHhn.exe
  C:\Windows\System\YNUZHhn.exe
  2⤵
  PID:5340
- C:\Windows\System\lpnpjuW.exe
  C:\Windows\System\lpnpjuW.exe
  2⤵
  PID:5356
- C:\Windows\System\VLonEJN.exe
  C:\Windows\System\VLonEJN.exe
  2⤵
  PID:5380
- C:\Windows\System\Cbtxehe.exe
  C:\Windows\System\Cbtxehe.exe
  2⤵
  PID:5404
- C:\Windows\System\NRpOCUZ.exe
  C:\Windows\System\NRpOCUZ.exe
  2⤵
  PID:5424
- C:\Windows\System\BtFSFSu.exe
  C:\Windows\System\BtFSFSu.exe
  2⤵
  PID:5444
- C:\Windows\System\EiYeBDi.exe
  C:\Windows\System\EiYeBDi.exe
  2⤵
  PID:5464
- C:\Windows\System\SIglegG.exe
  C:\Windows\System\SIglegG.exe
  2⤵
  PID:5480
- C:\Windows\System\kbafdLn.exe
  C:\Windows\System\kbafdLn.exe
  2⤵
  PID:5504
- C:\Windows\System\OPPzGOd.exe
  C:\Windows\System\OPPzGOd.exe
  2⤵
  PID:5524
- C:\Windows\System\SyjyXTZ.exe
  C:\Windows\System\SyjyXTZ.exe
  2⤵
  PID:5544
- C:\Windows\System\wJaCohG.exe
  C:\Windows\System\wJaCohG.exe
  2⤵
  PID:5560
- C:\Windows\System\wCcKdSs.exe
  C:\Windows\System\wCcKdSs.exe
  2⤵
  PID:5584
- C:\Windows\System\vMRxRGU.exe
  C:\Windows\System\vMRxRGU.exe
  2⤵
  PID:5604
- C:\Windows\System\ywzLkAs.exe
  C:\Windows\System\ywzLkAs.exe
  2⤵
  PID:5624
- C:\Windows\System\qEIkAao.exe
  C:\Windows\System\qEIkAao.exe
  2⤵
  PID:5644
- C:\Windows\System\TceDpca.exe
  C:\Windows\System\TceDpca.exe
  2⤵
  PID:5664
- C:\Windows\System\JwWWSDe.exe
  C:\Windows\System\JwWWSDe.exe
  2⤵
  PID:5684
- C:\Windows\System\rNhlSFM.exe
  C:\Windows\System\rNhlSFM.exe
  2⤵
  PID:5704
- C:\Windows\System\QjXSvpO.exe
  C:\Windows\System\QjXSvpO.exe
  2⤵
  PID:5724
- C:\Windows\System\QIgnGqJ.exe
  C:\Windows\System\QIgnGqJ.exe
  2⤵
  PID:5744
- C:\Windows\System\zGxLFQp.exe
  C:\Windows\System\zGxLFQp.exe
  2⤵
  PID:5764
- C:\Windows\System\VjDtXpm.exe
  C:\Windows\System\VjDtXpm.exe
  2⤵
  PID:5784
- C:\Windows\System\GsxhVmf.exe
  C:\Windows\System\GsxhVmf.exe
  2⤵
  PID:5804
- C:\Windows\System\RPhVAaC.exe
  C:\Windows\System\RPhVAaC.exe
  2⤵
  PID:5824
- C:\Windows\System\hVCoJRE.exe
  C:\Windows\System\hVCoJRE.exe
  2⤵
  PID:5844
- C:\Windows\System\aQiqdzX.exe
  C:\Windows\System\aQiqdzX.exe
  2⤵
  PID:5864
- C:\Windows\System\CtvQsAs.exe
  C:\Windows\System\CtvQsAs.exe
  2⤵
  PID:5884
- C:\Windows\System\BZaULXb.exe
  C:\Windows\System\BZaULXb.exe
  2⤵
  PID:5904
- C:\Windows\System\EiSjiwU.exe
  C:\Windows\System\EiSjiwU.exe
  2⤵
  PID:5924
- C:\Windows\System\jADfPlK.exe
  C:\Windows\System\jADfPlK.exe
  2⤵
  PID:5944
- C:\Windows\System\vHmysJU.exe
  C:\Windows\System\vHmysJU.exe
  2⤵
  PID:5964
- C:\Windows\System\csWBxsA.exe
  C:\Windows\System\csWBxsA.exe
  2⤵
  PID:5984
- C:\Windows\System\kphsRkX.exe
  C:\Windows\System\kphsRkX.exe
  2⤵
  PID:6004
- C:\Windows\System\WEKjusr.exe
  C:\Windows\System\WEKjusr.exe
  2⤵
  PID:6024
- C:\Windows\System\IhuycDC.exe
  C:\Windows\System\IhuycDC.exe
  2⤵
  PID:6044
- C:\Windows\System\JXBHOdt.exe
  C:\Windows\System\JXBHOdt.exe
  2⤵
  PID:6064
- C:\Windows\System\rIIUGKM.exe
  C:\Windows\System\rIIUGKM.exe
  2⤵
  PID:6084
- C:\Windows\System\guLwuIN.exe
  C:\Windows\System\guLwuIN.exe
  2⤵
  PID:6104
- C:\Windows\System\lVTuOca.exe
  C:\Windows\System\lVTuOca.exe
  2⤵
  PID:6124
- C:\Windows\System\ZajWHol.exe
  C:\Windows\System\ZajWHol.exe
  2⤵
  PID:3964
- C:\Windows\System\PsZZeuu.exe
  C:\Windows\System\PsZZeuu.exe
  2⤵
  PID:3144
- C:\Windows\System\xFvElWg.exe
  C:\Windows\System\xFvElWg.exe
  2⤵
  PID:4216
- C:\Windows\System\fjMwjzI.exe
  C:\Windows\System\fjMwjzI.exe
  2⤵
  PID:4264
- C:\Windows\System\VFggeAy.exe
  C:\Windows\System\VFggeAy.exe
  2⤵
  PID:4504
- C:\Windows\System\PvYpydK.exe
  C:\Windows\System\PvYpydK.exe
  2⤵
  PID:4644
- C:\Windows\System\ctvTQOa.exe
  C:\Windows\System\ctvTQOa.exe
  2⤵
  PID:4660
- C:\Windows\System\HgdWwIF.exe
  C:\Windows\System\HgdWwIF.exe
  2⤵
  PID:4860
- C:\Windows\System\PGlagRj.exe
  C:\Windows\System\PGlagRj.exe
  2⤵
  PID:2952
- C:\Windows\System\maGExjr.exe
  C:\Windows\System\maGExjr.exe
  2⤵
  PID:3660
- C:\Windows\System\peyEVor.exe
  C:\Windows\System\peyEVor.exe
  2⤵
  PID:4064
- C:\Windows\System\UUpLIah.exe
  C:\Windows\System\UUpLIah.exe
  2⤵
  PID:5152
- C:\Windows\System\dMozbJE.exe
  C:\Windows\System\dMozbJE.exe
  2⤵
  PID:5196
- C:\Windows\System\xtlEykn.exe
  C:\Windows\System\xtlEykn.exe
  2⤵
  PID:2988
- C:\Windows\System\cuoQPFu.exe
  C:\Windows\System\cuoQPFu.exe
  2⤵
  PID:5232
- C:\Windows\System\GmnSPOE.exe
  C:\Windows\System\GmnSPOE.exe
  2⤵
  PID:5296
- C:\Windows\System\zNEmwyG.exe
  C:\Windows\System\zNEmwyG.exe
  2⤵
  PID:5332
- C:\Windows\System\hAGRkur.exe
  C:\Windows\System\hAGRkur.exe
  2⤵
  PID:5308
- C:\Windows\System\LlZTtMc.exe
  C:\Windows\System\LlZTtMc.exe
  2⤵
  PID:5372
- C:\Windows\System\LMWZBnG.exe
  C:\Windows\System\LMWZBnG.exe
  2⤵
  PID:5392
- C:\Windows\System\WkZYYtm.exe
  C:\Windows\System\WkZYYtm.exe
  2⤵
  PID:5436
- C:\Windows\System\kCjnYHK.exe
  C:\Windows\System\kCjnYHK.exe
  2⤵
  PID:5496
- C:\Windows\System\CYfLcGX.exe
  C:\Windows\System\CYfLcGX.exe
  2⤵
  PID:5536
- C:\Windows\System\ntoDIfo.exe
  C:\Windows\System\ntoDIfo.exe
  2⤵
  PID:5568
- C:\Windows\System\DJpqXbz.exe
  C:\Windows\System\DJpqXbz.exe
  2⤵
  PID:5592
- C:\Windows\System\OsyQiRr.exe
  C:\Windows\System\OsyQiRr.exe
  2⤵
  PID:5616
- C:\Windows\System\fmDuQEV.exe
  C:\Windows\System\fmDuQEV.exe
  2⤵
  PID:5640
- C:\Windows\System\bHetboZ.exe
  C:\Windows\System\bHetboZ.exe
  2⤵
  PID:5700
- C:\Windows\System\lxITvCa.exe
  C:\Windows\System\lxITvCa.exe
  2⤵
  PID:5720
- C:\Windows\System\YRhurrG.exe
  C:\Windows\System\YRhurrG.exe
  2⤵
  PID:5736
- C:\Windows\System\zGzZyrw.exe
  C:\Windows\System\zGzZyrw.exe
  2⤵
  PID:5760
- C:\Windows\System\bAJIalK.exe
  C:\Windows\System\bAJIalK.exe
  2⤵
  PID:5812
- C:\Windows\System\AplRvcS.exe
  C:\Windows\System\AplRvcS.exe
  2⤵
  PID:5832
- C:\Windows\System\CzngUCl.exe
  C:\Windows\System\CzngUCl.exe
  2⤵
  PID:5860
- C:\Windows\System\QyHEHGQ.exe
  C:\Windows\System\QyHEHGQ.exe
  2⤵
  PID:5900
- C:\Windows\System\uueVfAz.exe
  C:\Windows\System\uueVfAz.exe
  2⤵
  PID:5920
- C:\Windows\System\VkxfLMq.exe
  C:\Windows\System\VkxfLMq.exe
  2⤵
  PID:5936
- C:\Windows\System\WfZwnSe.exe
  C:\Windows\System\WfZwnSe.exe
  2⤵
  PID:5980
- C:\Windows\System\GTucQms.exe
  C:\Windows\System\GTucQms.exe
  2⤵
  PID:6000
- C:\Windows\System\fcVVgsC.exe
  C:\Windows\System\fcVVgsC.exe
  2⤵
  PID:6036
- C:\Windows\System\cUNbMZs.exe
  C:\Windows\System\cUNbMZs.exe
  2⤵
  PID:6080
- C:\Windows\System\HEqKfvJ.exe
  C:\Windows\System\HEqKfvJ.exe
  2⤵
  PID:6112
- C:\Windows\System\ZLfGbhr.exe
  C:\Windows\System\ZLfGbhr.exe
  2⤵
  PID:6136
- C:\Windows\System\iMMVCQq.exe
  C:\Windows\System\iMMVCQq.exe
  2⤵
  PID:3260
- C:\Windows\System\PjNJfmh.exe
  C:\Windows\System\PjNJfmh.exe
  2⤵
  PID:4480
- C:\Windows\System\AUCmtBH.exe
  C:\Windows\System\AUCmtBH.exe
  2⤵
  PID:4580
- C:\Windows\System\ETZuNAT.exe
  C:\Windows\System\ETZuNAT.exe
  2⤵
  PID:4804
- C:\Windows\System\MXeJuxT.exe
  C:\Windows\System\MXeJuxT.exe
  2⤵
  PID:4884
- C:\Windows\System\rJEUlyq.exe
  C:\Windows\System\rJEUlyq.exe
  2⤵
  PID:5048
- C:\Windows\System\pPWoAdZ.exe
  C:\Windows\System\pPWoAdZ.exe
  2⤵
  PID:5136
- C:\Windows\System\PPuqfoH.exe
  C:\Windows\System\PPuqfoH.exe
  2⤵
  PID:5192
- C:\Windows\System\jvAgJni.exe
  C:\Windows\System\jvAgJni.exe
  2⤵
  PID:356
- C:\Windows\System\vdQmjzu.exe
  C:\Windows\System\vdQmjzu.exe
  2⤵
  PID:5268
- C:\Windows\System\IFvUaGU.exe
  C:\Windows\System\IFvUaGU.exe
  2⤵
  PID:484
- C:\Windows\System\YXlQrrO.exe
  C:\Windows\System\YXlQrrO.exe
  2⤵
  PID:5352
- C:\Windows\System\lDwoigD.exe
  C:\Windows\System\lDwoigD.exe
  2⤵
  PID:5452
- C:\Windows\System\KHEOCOK.exe
  C:\Windows\System\KHEOCOK.exe
  2⤵
  PID:812
- C:\Windows\System\yiIaPnx.exe
  C:\Windows\System\yiIaPnx.exe
  2⤵
  PID:5540
- C:\Windows\System\TyquxHh.exe
  C:\Windows\System\TyquxHh.exe
  2⤵
  PID:5576
- C:\Windows\System\tyZfzcJ.exe
  C:\Windows\System\tyZfzcJ.exe
  2⤵
  PID:5632
- C:\Windows\System\dvaRENy.exe
  C:\Windows\System\dvaRENy.exe
  2⤵
  PID:2532
- C:\Windows\System\AwJgoFL.exe
  C:\Windows\System\AwJgoFL.exe
  2⤵
  PID:5680
- C:\Windows\System\xRSGmct.exe
  C:\Windows\System\xRSGmct.exe
  2⤵
  PID:5772
- C:\Windows\System\pVqhvLR.exe
  C:\Windows\System\pVqhvLR.exe
  2⤵
  PID:5800
- C:\Windows\System\OmhizwJ.exe
  C:\Windows\System\OmhizwJ.exe
  2⤵
  PID:5796
- C:\Windows\System\HJCnFQR.exe
  C:\Windows\System\HJCnFQR.exe
  2⤵
  PID:5892
- C:\Windows\System\Zmmorrv.exe
  C:\Windows\System\Zmmorrv.exe
  2⤵
  PID:2628
- C:\Windows\System\TOYiRBC.exe
  C:\Windows\System\TOYiRBC.exe
  2⤵
  PID:5992
- C:\Windows\System\bGNMznx.exe
  C:\Windows\System\bGNMznx.exe
  2⤵
  PID:6060
- C:\Windows\System\vELXPjt.exe
  C:\Windows\System\vELXPjt.exe
  2⤵
  PID:6092
- C:\Windows\System\UFLxEuV.exe
  C:\Windows\System\UFLxEuV.exe
  2⤵
  PID:6132
- C:\Windows\System\lqlUagn.exe
  C:\Windows\System\lqlUagn.exe
  2⤵
  PID:4408
- C:\Windows\System\jamurEn.exe
  C:\Windows\System\jamurEn.exe
  2⤵
  PID:4528
- C:\Windows\System\ClajeaP.exe
  C:\Windows\System\ClajeaP.exe
  2⤵
  PID:5072
- C:\Windows\System\rXGlWMV.exe
  C:\Windows\System\rXGlWMV.exe
  2⤵
  PID:5148
- C:\Windows\System\OGcsjzs.exe
  C:\Windows\System\OGcsjzs.exe
  2⤵
  PID:5176
- C:\Windows\System\MAHqNbj.exe
  C:\Windows\System\MAHqNbj.exe
  2⤵
  PID:5288
- C:\Windows\System\YmYjHlY.exe
  C:\Windows\System\YmYjHlY.exe
  2⤵
  PID:5316
- C:\Windows\System\wNPcInt.exe
  C:\Windows\System\wNPcInt.exe
  2⤵
  PID:5456
- C:\Windows\System\uwyesiX.exe
  C:\Windows\System\uwyesiX.exe
  2⤵
  PID:5472
- C:\Windows\System\uFXrWMC.exe
  C:\Windows\System\uFXrWMC.exe
  2⤵
  PID:2732
- C:\Windows\System\JPovhou.exe
  C:\Windows\System\JPovhou.exe
  2⤵
  PID:5660
- C:\Windows\System\wOhNtwI.exe
  C:\Windows\System\wOhNtwI.exe
  2⤵
  PID:2516
- C:\Windows\System\NaspNGG.exe
  C:\Windows\System\NaspNGG.exe
  2⤵
  PID:5792
- C:\Windows\System\KzvJwAv.exe
  C:\Windows\System\KzvJwAv.exe
  2⤵
  PID:5876
- C:\Windows\System\lDLfCfm.exe
  C:\Windows\System\lDLfCfm.exe
  2⤵
  PID:2700
- C:\Windows\System\YFEVdFz.exe
  C:\Windows\System\YFEVdFz.exe
  2⤵
  PID:6160
- C:\Windows\System\yXpYMto.exe
  C:\Windows\System\yXpYMto.exe
  2⤵
  PID:6180
- C:\Windows\System\cbZqMun.exe
  C:\Windows\System\cbZqMun.exe
  2⤵
  PID:6200
- C:\Windows\System\CDlavjm.exe
  C:\Windows\System\CDlavjm.exe
  2⤵
  PID:6220
- C:\Windows\System\evQyfPp.exe
  C:\Windows\System\evQyfPp.exe
  2⤵
  PID:6240
- C:\Windows\System\IJoLiek.exe
  C:\Windows\System\IJoLiek.exe
  2⤵
  PID:6260
- C:\Windows\System\BWPBmHq.exe
  C:\Windows\System\BWPBmHq.exe
  2⤵
  PID:6280
- C:\Windows\System\HdACQWz.exe
  C:\Windows\System\HdACQWz.exe
  2⤵
  PID:6300
- C:\Windows\System\GzPeNKs.exe
  C:\Windows\System\GzPeNKs.exe
  2⤵
  PID:6320
- C:\Windows\System\GHVbPEX.exe
  C:\Windows\System\GHVbPEX.exe
  2⤵
  PID:6340
- C:\Windows\System\KraGSHO.exe
  C:\Windows\System\KraGSHO.exe
  2⤵
  PID:6360
- C:\Windows\System\NFXbYeT.exe
  C:\Windows\System\NFXbYeT.exe
  2⤵
  PID:6380
- C:\Windows\System\JJpCkmr.exe
  C:\Windows\System\JJpCkmr.exe
  2⤵
  PID:6400
- C:\Windows\System\EDmrAOO.exe
  C:\Windows\System\EDmrAOO.exe
  2⤵
  PID:6420
- C:\Windows\System\hrzHmmS.exe
  C:\Windows\System\hrzHmmS.exe
  2⤵
  PID:6440
- C:\Windows\System\OdLsRHB.exe
  C:\Windows\System\OdLsRHB.exe
  2⤵
  PID:6460
- C:\Windows\System\fjNklkS.exe
  C:\Windows\System\fjNklkS.exe
  2⤵
  PID:6480
- C:\Windows\System\qflpFuU.exe
  C:\Windows\System\qflpFuU.exe
  2⤵
  PID:6500
- C:\Windows\System\fjvSEgP.exe
  C:\Windows\System\fjvSEgP.exe
  2⤵
  PID:6520
- C:\Windows\System\NmGoOyO.exe
  C:\Windows\System\NmGoOyO.exe
  2⤵
  PID:6540
- C:\Windows\System\VDFnLFQ.exe
  C:\Windows\System\VDFnLFQ.exe
  2⤵
  PID:6560
- C:\Windows\System\ImennGd.exe
  C:\Windows\System\ImennGd.exe
  2⤵
  PID:6584
- C:\Windows\System\KsyBRYb.exe
  C:\Windows\System\KsyBRYb.exe
  2⤵
  PID:6604
- C:\Windows\System\moGlCjC.exe
  C:\Windows\System\moGlCjC.exe
  2⤵
  PID:6624
- C:\Windows\System\WggWUWY.exe
  C:\Windows\System\WggWUWY.exe
  2⤵
  PID:6644
- C:\Windows\System\TtaBfxc.exe
  C:\Windows\System\TtaBfxc.exe
  2⤵
  PID:6664
- C:\Windows\System\aXpsxWL.exe
  C:\Windows\System\aXpsxWL.exe
  2⤵
  PID:6684
- C:\Windows\System\VuWXWNA.exe
  C:\Windows\System\VuWXWNA.exe
  2⤵
  PID:6704
- C:\Windows\System\xqhjWmL.exe
  C:\Windows\System\xqhjWmL.exe
  2⤵
  PID:6724
- C:\Windows\System\KzmCcqT.exe
  C:\Windows\System\KzmCcqT.exe
  2⤵
  PID:6744
- C:\Windows\System\aKPLFpc.exe
  C:\Windows\System\aKPLFpc.exe
  2⤵
  PID:6764
- C:\Windows\System\irmKvZk.exe
  C:\Windows\System\irmKvZk.exe
  2⤵
  PID:6784
- C:\Windows\System\NxFrKsZ.exe
  C:\Windows\System\NxFrKsZ.exe
  2⤵
  PID:6804
- C:\Windows\System\RSMShxS.exe
  C:\Windows\System\RSMShxS.exe
  2⤵
  PID:6824
- C:\Windows\System\BMRDGac.exe
  C:\Windows\System\BMRDGac.exe
  2⤵
  PID:6844
- C:\Windows\System\cUojKci.exe
  C:\Windows\System\cUojKci.exe
  2⤵
  PID:6864
- C:\Windows\System\lPluATc.exe
  C:\Windows\System\lPluATc.exe
  2⤵
  PID:6884
- C:\Windows\System\ushKWUO.exe
  C:\Windows\System\ushKWUO.exe
  2⤵
  PID:6904
- C:\Windows\System\VljwLHp.exe
  C:\Windows\System\VljwLHp.exe
  2⤵
  PID:6924
- C:\Windows\System\PjNctwq.exe
  C:\Windows\System\PjNctwq.exe
  2⤵
  PID:6944
- C:\Windows\System\xcCjwvL.exe
  C:\Windows\System\xcCjwvL.exe
  2⤵
  PID:6964
- C:\Windows\System\Gjbwrqo.exe
  C:\Windows\System\Gjbwrqo.exe
  2⤵
  PID:6984
- C:\Windows\System\FlhJXBN.exe
  C:\Windows\System\FlhJXBN.exe
  2⤵
  PID:7004
- C:\Windows\System\OfBoqVz.exe
  C:\Windows\System\OfBoqVz.exe
  2⤵
  PID:7024
- C:\Windows\System\eGUMZKz.exe
  C:\Windows\System\eGUMZKz.exe
  2⤵
  PID:7044
- C:\Windows\System\qqZrgrX.exe
  C:\Windows\System\qqZrgrX.exe
  2⤵
  PID:7064
- C:\Windows\System\iDLrxcn.exe
  C:\Windows\System\iDLrxcn.exe
  2⤵
  PID:7084
- C:\Windows\System\EUZorqw.exe
  C:\Windows\System\EUZorqw.exe
  2⤵
  PID:7104
- C:\Windows\System\glJxCpP.exe
  C:\Windows\System\glJxCpP.exe
  2⤵
  PID:7124
- C:\Windows\System\IrIvQZi.exe
  C:\Windows\System\IrIvQZi.exe
  2⤵
  PID:7144
- C:\Windows\System\tYRVKXg.exe
  C:\Windows\System\tYRVKXg.exe
  2⤵
  PID:7164
- C:\Windows\System\GhiMbNZ.exe
  C:\Windows\System\GhiMbNZ.exe
  2⤵
  PID:6032
- C:\Windows\System\JjgytVw.exe
  C:\Windows\System\JjgytVw.exe
  2⤵
  PID:6100
- C:\Windows\System\cRwSQrX.exe
  C:\Windows\System\cRwSQrX.exe
  2⤵
  PID:4428
- C:\Windows\System\uxvUjTB.exe
  C:\Windows\System\uxvUjTB.exe
  2⤵
  PID:2900
- C:\Windows\System\CydqrQF.exe
  C:\Windows\System\CydqrQF.exe
  2⤵
  PID:4924
- C:\Windows\System\dZqXOlf.exe
  C:\Windows\System\dZqXOlf.exe
  2⤵
  PID:5272
- C:\Windows\System\QJzOpOS.exe
  C:\Windows\System\QJzOpOS.exe
  2⤵
  PID:5400
- C:\Windows\System\nksJMHr.exe
  C:\Windows\System\nksJMHr.exe
  2⤵
  PID:5520
- C:\Windows\System\dWLyvth.exe
  C:\Windows\System\dWLyvth.exe
  2⤵
  PID:5692
- C:\Windows\System\TCXLtMI.exe
  C:\Windows\System\TCXLtMI.exe
  2⤵
  PID:2008
- C:\Windows\System\fkumOEs.exe
  C:\Windows\System\fkumOEs.exe
  2⤵
  PID:5396
- C:\Windows\System\aGOgoWO.exe
  C:\Windows\System\aGOgoWO.exe
  2⤵
  PID:6176
- C:\Windows\System\PGxbkdv.exe
  C:\Windows\System\PGxbkdv.exe
  2⤵
  PID:6228
- C:\Windows\System\BzaRNUB.exe
  C:\Windows\System\BzaRNUB.exe
  2⤵
  PID:6248
- C:\Windows\System\jDFMIsE.exe
  C:\Windows\System\jDFMIsE.exe
  2⤵
  PID:6272
- C:\Windows\System\OscXkLA.exe
  C:\Windows\System\OscXkLA.exe
  2⤵
  PID:6292
- C:\Windows\System\BUtytME.exe
  C:\Windows\System\BUtytME.exe
  2⤵
  PID:6332
- C:\Windows\System\QEhyBwe.exe
  C:\Windows\System\QEhyBwe.exe
  2⤵
  PID:6388
- C:\Windows\System\kzmUTME.exe
  C:\Windows\System\kzmUTME.exe
  2⤵
  PID:6416
- C:\Windows\System\kMTqyXc.exe
  C:\Windows\System\kMTqyXc.exe
  2⤵
  PID:6448
- C:\Windows\System\pfNGJaY.exe
  C:\Windows\System\pfNGJaY.exe
  2⤵
  PID:6472
- C:\Windows\System\MVTNiVQ.exe
  C:\Windows\System\MVTNiVQ.exe
  2⤵
  PID:6512
- C:\Windows\System\yRsmywI.exe
  C:\Windows\System\yRsmywI.exe
  2⤵
  PID:3016
- C:\Windows\System\eoqMnmS.exe
  C:\Windows\System\eoqMnmS.exe
  2⤵
  PID:6592
- C:\Windows\System\YcoRSFl.exe
  C:\Windows\System\YcoRSFl.exe
  2⤵
  PID:6632
- C:\Windows\System\jbCcUvv.exe
  C:\Windows\System\jbCcUvv.exe
  2⤵
  PID:6652
- C:\Windows\System\CSYjGTA.exe
  C:\Windows\System\CSYjGTA.exe
  2⤵
  PID:6676
- C:\Windows\System\FHdBYUB.exe
  C:\Windows\System\FHdBYUB.exe
  2⤵
  PID:6696
- C:\Windows\System\UrRcnlZ.exe
  C:\Windows\System\UrRcnlZ.exe
  2⤵
  PID:6736
- C:\Windows\System\ukwRrQT.exe
  C:\Windows\System\ukwRrQT.exe
  2⤵
  PID:6792
- C:\Windows\System\HyzVFhY.exe
  C:\Windows\System\HyzVFhY.exe
  2⤵
  PID:6812
- C:\Windows\System\wNHWDwq.exe
  C:\Windows\System\wNHWDwq.exe
  2⤵
  PID:6836
- C:\Windows\System\LZHQSYF.exe
  C:\Windows\System\LZHQSYF.exe
  2⤵
  PID:6880
- C:\Windows\System\LPgXObJ.exe
  C:\Windows\System\LPgXObJ.exe
  2⤵
  PID:6896
- C:\Windows\System\ZOUjtEW.exe
  C:\Windows\System\ZOUjtEW.exe
  2⤵
  PID:6960
- C:\Windows\System\dtRzAOw.exe
  C:\Windows\System\dtRzAOw.exe
  2⤵
  PID:6992
- C:\Windows\System\CQRFaXJ.exe
  C:\Windows\System\CQRFaXJ.exe
  2⤵
  PID:7012
- C:\Windows\System\QSYYlwS.exe
  C:\Windows\System\QSYYlwS.exe
  2⤵
  PID:7036
- C:\Windows\System\QqIpwOC.exe
  C:\Windows\System\QqIpwOC.exe
  2⤵
  PID:7080
- C:\Windows\System\bUyzsos.exe
  C:\Windows\System\bUyzsos.exe
  2⤵
  PID:7100
- C:\Windows\System\heLMlnG.exe
  C:\Windows\System\heLMlnG.exe
  2⤵
  PID:7160
- C:\Windows\System\gIzfnyg.exe
  C:\Windows\System\gIzfnyg.exe
  2⤵
  PID:5960
- C:\Windows\System\qkQvAcX.exe
  C:\Windows\System\qkQvAcX.exe
  2⤵
  PID:6072
- C:\Windows\System\wMWxNzR.exe
  C:\Windows\System\wMWxNzR.exe
  2⤵
  PID:4112
- C:\Windows\System\FMkYqCJ.exe
  C:\Windows\System\FMkYqCJ.exe
  2⤵
  PID:1364
- C:\Windows\System\SXdbWpu.exe
  C:\Windows\System\SXdbWpu.exe
  2⤵
  PID:5312
- C:\Windows\System\PVjNjLD.exe
  C:\Windows\System\PVjNjLD.exe
  2⤵
  PID:1752
- C:\Windows\System\ixtoWjU.exe
  C:\Windows\System\ixtoWjU.exe
  2⤵
  PID:5752
- C:\Windows\System\iTMqrxB.exe
  C:\Windows\System\iTMqrxB.exe
  2⤵
  PID:6168
- C:\Windows\System\VfTWmIr.exe
  C:\Windows\System\VfTWmIr.exe
  2⤵
  PID:6208
- C:\Windows\System\uHagkXi.exe
  C:\Windows\System\uHagkXi.exe
  2⤵
  PID:6316
- C:\Windows\System\AUlqkBH.exe
  C:\Windows\System\AUlqkBH.exe
  2⤵
  PID:6336
- C:\Windows\System\LOjoypu.exe
  C:\Windows\System\LOjoypu.exe
  2⤵
  PID:6348
- C:\Windows\System\ZBDNUlH.exe
  C:\Windows\System\ZBDNUlH.exe
  2⤵
  PID:6408
- C:\Windows\System\JFkoGfj.exe
  C:\Windows\System\JFkoGfj.exe
  2⤵
  PID:6516
- C:\Windows\System\WEQhqnN.exe
  C:\Windows\System\WEQhqnN.exe
  2⤵
  PID:6532
- C:\Windows\System\UPYSwBo.exe
  C:\Windows\System\UPYSwBo.exe
  2⤵
  PID:6600
- C:\Windows\System\xuUlHdv.exe
  C:\Windows\System\xuUlHdv.exe
  2⤵
  PID:5820
- C:\Windows\System\OfyCBTa.exe
  C:\Windows\System\OfyCBTa.exe
  2⤵
  PID:6656
- C:\Windows\System\ESSkFlv.exe
  C:\Windows\System\ESSkFlv.exe
  2⤵
  PID:6732
- C:\Windows\System\TTuCrrU.exe
  C:\Windows\System\TTuCrrU.exe
  2⤵
  PID:6796
- C:\Windows\System\EOXjRXP.exe
  C:\Windows\System\EOXjRXP.exe
  2⤵
  PID:6860
- C:\Windows\System\RjCtmrB.exe
  C:\Windows\System\RjCtmrB.exe
  2⤵
  PID:6940
- C:\Windows\System\JGudhXx.exe
  C:\Windows\System\JGudhXx.exe
  2⤵
  PID:6980
- C:\Windows\System\tKkYHGK.exe
  C:\Windows\System\tKkYHGK.exe
  2⤵
  PID:7040
- C:\Windows\System\uaNHNAL.exe
  C:\Windows\System\uaNHNAL.exe
  2⤵
  PID:7092
- C:\Windows\System\RdVDHWj.exe
  C:\Windows\System\RdVDHWj.exe
  2⤵
  PID:7140
- C:\Windows\System\tDPLEax.exe
  C:\Windows\System\tDPLEax.exe
  2⤵
  PID:6140
- C:\Windows\System\ghNtfQz.exe
  C:\Windows\System\ghNtfQz.exe
  2⤵
  PID:5012
- C:\Windows\System\ZiGIaCH.exe
  C:\Windows\System\ZiGIaCH.exe
  2⤵
  PID:5460
- C:\Windows\System\MOmzhky.exe
  C:\Windows\System\MOmzhky.exe
  2⤵
  PID:5620
- C:\Windows\System\NarjdnV.exe
  C:\Windows\System\NarjdnV.exe
  2⤵
  PID:6232
- C:\Windows\System\dbmMLVm.exe
  C:\Windows\System\dbmMLVm.exe
  2⤵
  PID:6308
- C:\Windows\System\YaAmxCC.exe
  C:\Windows\System\YaAmxCC.exe
  2⤵
  PID:6396
- C:\Windows\System\gQddqqh.exe
  C:\Windows\System\gQddqqh.exe
  2⤵
  PID:6476
- C:\Windows\System\WTSZHss.exe
  C:\Windows\System\WTSZHss.exe
  2⤵
  PID:6568
- C:\Windows\System\fJLGywg.exe
  C:\Windows\System\fJLGywg.exe
  2⤵
  PID:6636
- C:\Windows\System\lpwXuOx.exe
  C:\Windows\System\lpwXuOx.exe
  2⤵
  PID:6680
- C:\Windows\System\WHDhwUk.exe
  C:\Windows\System\WHDhwUk.exe
  2⤵
  PID:6856
- C:\Windows\System\aApsvwe.exe
  C:\Windows\System\aApsvwe.exe
  2⤵
  PID:6936
- C:\Windows\System\FRaAhMJ.exe
  C:\Windows\System\FRaAhMJ.exe
  2⤵
  PID:7016
- C:\Windows\System\bUrGMNf.exe
  C:\Windows\System\bUrGMNf.exe
  2⤵
  PID:7060
- C:\Windows\System\QTRahNE.exe
  C:\Windows\System\QTRahNE.exe
  2⤵
  PID:6016
- C:\Windows\System\kbLJzyV.exe
  C:\Windows\System\kbLJzyV.exe
  2⤵
  PID:5208
- C:\Windows\System\QFpSuPO.exe
  C:\Windows\System\QFpSuPO.exe
  2⤵
  PID:7184
- C:\Windows\System\OAgSteG.exe
  C:\Windows\System\OAgSteG.exe
  2⤵
  PID:7204
- C:\Windows\System\gbGFSpK.exe
  C:\Windows\System\gbGFSpK.exe
  2⤵
  PID:7224
- C:\Windows\System\oUYpNfL.exe
  C:\Windows\System\oUYpNfL.exe
  2⤵
  PID:7244
- C:\Windows\System\qIBgpng.exe
  C:\Windows\System\qIBgpng.exe
  2⤵
  PID:7264
- C:\Windows\System\XglSbxj.exe
  C:\Windows\System\XglSbxj.exe
  2⤵
  PID:7284
- C:\Windows\System\XedhtTR.exe
  C:\Windows\System\XedhtTR.exe
  2⤵
  PID:7304
- C:\Windows\System\ZsgFegL.exe
  C:\Windows\System\ZsgFegL.exe
  2⤵
  PID:7324
- C:\Windows\System\oLkMFAB.exe
  C:\Windows\System\oLkMFAB.exe
  2⤵
  PID:7344
- C:\Windows\System\eapskMq.exe
  C:\Windows\System\eapskMq.exe
  2⤵
  PID:7364
- C:\Windows\System\BfMmpGn.exe
  C:\Windows\System\BfMmpGn.exe
  2⤵
  PID:7384
- C:\Windows\System\nWaqpdi.exe
  C:\Windows\System\nWaqpdi.exe
  2⤵
  PID:7404
- C:\Windows\System\YdlTgJA.exe
  C:\Windows\System\YdlTgJA.exe
  2⤵
  PID:7424
- C:\Windows\System\ClnRFKH.exe
  C:\Windows\System\ClnRFKH.exe
  2⤵
  PID:7444
- C:\Windows\System\GXshcEi.exe
  C:\Windows\System\GXshcEi.exe
  2⤵
  PID:7464
- C:\Windows\System\qkTYNfY.exe
  C:\Windows\System\qkTYNfY.exe
  2⤵
  PID:7484
- C:\Windows\System\YyPIGzh.exe
  C:\Windows\System\YyPIGzh.exe
  2⤵
  PID:7504
- C:\Windows\System\uyMQwos.exe
  C:\Windows\System\uyMQwos.exe
  2⤵
  PID:7524
- C:\Windows\System\imhqUFU.exe
  C:\Windows\System\imhqUFU.exe
  2⤵
  PID:7544
- C:\Windows\System\uApnXHy.exe
  C:\Windows\System\uApnXHy.exe
  2⤵
  PID:7564
- C:\Windows\System\EcwXZpW.exe
  C:\Windows\System\EcwXZpW.exe
  2⤵
  PID:7584
- C:\Windows\System\epPPNad.exe
  C:\Windows\System\epPPNad.exe
  2⤵
  PID:7604
- C:\Windows\System\tarxPVR.exe
  C:\Windows\System\tarxPVR.exe
  2⤵
  PID:7624
- C:\Windows\System\qUWlOYU.exe
  C:\Windows\System\qUWlOYU.exe
  2⤵
  PID:7648
- C:\Windows\System\WNdiifH.exe
  C:\Windows\System\WNdiifH.exe
  2⤵
  PID:7668
- C:\Windows\System\mKBycES.exe
  C:\Windows\System\mKBycES.exe
  2⤵
  PID:7688
- C:\Windows\System\zuBssao.exe
  C:\Windows\System\zuBssao.exe
  2⤵
  PID:7708
- C:\Windows\System\FZAZJCL.exe
  C:\Windows\System\FZAZJCL.exe
  2⤵
  PID:7728
- C:\Windows\System\LXVLGVv.exe
  C:\Windows\System\LXVLGVv.exe
  2⤵
  PID:7748
- C:\Windows\System\XjTCdHj.exe
  C:\Windows\System\XjTCdHj.exe
  2⤵
  PID:7768
- C:\Windows\System\uLDHHFJ.exe
  C:\Windows\System\uLDHHFJ.exe
  2⤵
  PID:7788
- C:\Windows\System\XTgezOv.exe
  C:\Windows\System\XTgezOv.exe
  2⤵
  PID:7808
- C:\Windows\System\VjNRqSO.exe
  C:\Windows\System\VjNRqSO.exe
  2⤵
  PID:7832
- C:\Windows\System\BGkVpqf.exe
  C:\Windows\System\BGkVpqf.exe
  2⤵
  PID:7852
- C:\Windows\System\eGKvVMA.exe
  C:\Windows\System\eGKvVMA.exe
  2⤵
  PID:7868
- C:\Windows\System\kWBBymH.exe
  C:\Windows\System\kWBBymH.exe
  2⤵
  PID:7892
- C:\Windows\System\rnUfQxb.exe
  C:\Windows\System\rnUfQxb.exe
  2⤵
  PID:7912
- C:\Windows\System\iouRQuv.exe
  C:\Windows\System\iouRQuv.exe
  2⤵
  PID:7932
- C:\Windows\System\dKlDDvw.exe
  C:\Windows\System\dKlDDvw.exe
  2⤵
  PID:7952
- C:\Windows\System\BmhDrhi.exe
  C:\Windows\System\BmhDrhi.exe
  2⤵
  PID:7972
- C:\Windows\System\TlpsukV.exe
  C:\Windows\System\TlpsukV.exe
  2⤵
  PID:7992
- C:\Windows\System\PxOwCUe.exe
  C:\Windows\System\PxOwCUe.exe
  2⤵
  PID:8012
- C:\Windows\System\UiuwUCm.exe
  C:\Windows\System\UiuwUCm.exe
  2⤵
  PID:8032
- C:\Windows\System\CbGJXlD.exe
  C:\Windows\System\CbGJXlD.exe
  2⤵
  PID:8052
- C:\Windows\System\kFaJQrm.exe
  C:\Windows\System\kFaJQrm.exe
  2⤵
  PID:8072
- C:\Windows\System\wspgkXP.exe
  C:\Windows\System\wspgkXP.exe
  2⤵
  PID:8092
- C:\Windows\System\VTXmsMX.exe
  C:\Windows\System\VTXmsMX.exe
  2⤵
  PID:8112
- C:\Windows\System\eCkROxI.exe
  C:\Windows\System\eCkROxI.exe
  2⤵
  PID:8132
- C:\Windows\System\RLcRKdt.exe
  C:\Windows\System\RLcRKdt.exe
  2⤵
  PID:8152
- C:\Windows\System\wECTbei.exe
  C:\Windows\System\wECTbei.exe
  2⤵
  PID:8172
- C:\Windows\System\tupfhLa.exe
  C:\Windows\System\tupfhLa.exe
  2⤵
  PID:5940
- C:\Windows\System\UsKoCQf.exe
  C:\Windows\System\UsKoCQf.exe
  2⤵
  PID:6188
- C:\Windows\System\ghmwMAi.exe
  C:\Windows\System\ghmwMAi.exe
  2⤵
  PID:6276
- C:\Windows\System\mYrIwRn.exe
  C:\Windows\System\mYrIwRn.exe
  2⤵
  PID:6468
- C:\Windows\System\VYAXraE.exe
  C:\Windows\System\VYAXraE.exe
  2⤵
  PID:6712
- C:\Windows\System\eNupXxZ.exe
  C:\Windows\System\eNupXxZ.exe
  2⤵
  PID:6820
- C:\Windows\System\RfeHLXO.exe
  C:\Windows\System\RfeHLXO.exe
  2⤵
  PID:6996
- C:\Windows\System\RtHLkjl.exe
  C:\Windows\System\RtHLkjl.exe
  2⤵
  PID:6952
- C:\Windows\System\mqINTGx.exe
  C:\Windows\System\mqINTGx.exe
  2⤵
  PID:5256
- C:\Windows\System\YgJlHXc.exe
  C:\Windows\System\YgJlHXc.exe
  2⤵
  PID:7180
- C:\Windows\System\AMLwOsc.exe
  C:\Windows\System\AMLwOsc.exe
  2⤵
  PID:7212
- C:\Windows\System\TrpfBEi.exe
  C:\Windows\System\TrpfBEi.exe
  2⤵
  PID:7236
- C:\Windows\System\QHdnlsW.exe
  C:\Windows\System\QHdnlsW.exe
  2⤵
  PID:7256
- C:\Windows\System\aclmrMV.exe
  C:\Windows\System\aclmrMV.exe
  2⤵
  PID:7296
- C:\Windows\System\ZynDrSt.exe
  C:\Windows\System\ZynDrSt.exe
  2⤵
  PID:7360
- C:\Windows\System\foGOErm.exe
  C:\Windows\System\foGOErm.exe
  2⤵
  PID:7392
- C:\Windows\System\YTeRBcl.exe
  C:\Windows\System\YTeRBcl.exe
  2⤵
  PID:7396
- C:\Windows\System\voVjeEU.exe
  C:\Windows\System\voVjeEU.exe
  2⤵
  PID:7420
- C:\Windows\System\plLeuoD.exe
  C:\Windows\System\plLeuoD.exe
  2⤵
  PID:7472
- C:\Windows\System\JUrtScg.exe
  C:\Windows\System\JUrtScg.exe
  2⤵
  PID:7520
- C:\Windows\System\MXMlfzE.exe
  C:\Windows\System\MXMlfzE.exe
  2⤵
  PID:7552
- C:\Windows\System\cHgLjDP.exe
  C:\Windows\System\cHgLjDP.exe
  2⤵
  PID:7592
- C:\Windows\System\xHnoioS.exe
  C:\Windows\System\xHnoioS.exe
  2⤵
  PID:7576
- C:\Windows\System\ppWSNXZ.exe
  C:\Windows\System\ppWSNXZ.exe
  2⤵
  PID:7616
- C:\Windows\System\AIwDsEo.exe
  C:\Windows\System\AIwDsEo.exe
  2⤵
  PID:7664
- C:\Windows\System\PbnOfPy.exe
  C:\Windows\System\PbnOfPy.exe
  2⤵
  PID:7704
- C:\Windows\System\JGTvcZV.exe
  C:\Windows\System\JGTvcZV.exe
  2⤵
  PID:7764
- C:\Windows\System\HTomYqZ.exe
  C:\Windows\System\HTomYqZ.exe
  2⤵
  PID:7776
- C:\Windows\System\XxbdCYJ.exe
  C:\Windows\System\XxbdCYJ.exe
  2⤵
  PID:7780
- C:\Windows\System\MnjCQzC.exe
  C:\Windows\System\MnjCQzC.exe
  2⤵
  PID:7828
- C:\Windows\System\fALbVBC.exe
  C:\Windows\System\fALbVBC.exe
  2⤵
  PID:7888
- C:\Windows\System\XutiQTw.exe
  C:\Windows\System\XutiQTw.exe
  2⤵
  PID:7920
- C:\Windows\System\uNNuwsS.exe
  C:\Windows\System\uNNuwsS.exe
  2⤵
  PID:7924
- C:\Windows\System\zDOzOPB.exe
  C:\Windows\System\zDOzOPB.exe
  2⤵
  PID:7944
- C:\Windows\System\ASjczOB.exe
  C:\Windows\System\ASjczOB.exe
  2⤵
  PID:8000
- C:\Windows\System\UcVkOHo.exe
  C:\Windows\System\UcVkOHo.exe
  2⤵
  PID:8020
- C:\Windows\System\UGTWGFa.exe
  C:\Windows\System\UGTWGFa.exe
  2⤵
  PID:8044
- C:\Windows\System\HMroZFO.exe
  C:\Windows\System\HMroZFO.exe
  2⤵
  PID:8068
- C:\Windows\System\xwMcJJJ.exe
  C:\Windows\System\xwMcJJJ.exe
  2⤵
  PID:8104
- C:\Windows\System\KDaLjPd.exe
  C:\Windows\System\KDaLjPd.exe
  2⤵
  PID:8140
- C:\Windows\System\wqdOpid.exe
  C:\Windows\System\wqdOpid.exe
  2⤵
  PID:8188
- C:\Windows\System\achaIhM.exe
  C:\Windows\System\achaIhM.exe
  2⤵
  PID:6268
- C:\Windows\System\Tsauuos.exe
  C:\Windows\System\Tsauuos.exe
  2⤵
  PID:6432
- C:\Windows\System\ydxTuer.exe
  C:\Windows\System\ydxTuer.exe
  2⤵
  PID:6700
- C:\Windows\System\xkJFMyz.exe
  C:\Windows\System\xkJFMyz.exe
  2⤵
  PID:7076
- C:\Windows\System\lswsvNe.exe
  C:\Windows\System\lswsvNe.exe
  2⤵
  PID:5132
- C:\Windows\System\BQIhvVv.exe
  C:\Windows\System\BQIhvVv.exe
  2⤵
  PID:7240
- C:\Windows\System\ItSckaQ.exe
  C:\Windows\System\ItSckaQ.exe
  2⤵
  PID:7216
- C:\Windows\System\haoyYnl.exe
  C:\Windows\System\haoyYnl.exe
  2⤵
  PID:7320
- C:\Windows\System\EOqtUWA.exe
  C:\Windows\System\EOqtUWA.exe
  2⤵
  PID:7440
- C:\Windows\System\IBQBGTY.exe
  C:\Windows\System\IBQBGTY.exe
  2⤵
  PID:7512
- C:\Windows\System\QewJNnl.exe
  C:\Windows\System\QewJNnl.exe
  2⤵
  PID:7556
- C:\Windows\System\jhfyMSd.exe
  C:\Windows\System\jhfyMSd.exe
  2⤵
  PID:7596
- C:\Windows\System\LTRsWMb.exe
  C:\Windows\System\LTRsWMb.exe
  2⤵
  PID:7676
- C:\Windows\System\dqnPBPm.exe
  C:\Windows\System\dqnPBPm.exe
  2⤵
  PID:7716
- C:\Windows\System\uFNaNpb.exe
  C:\Windows\System\uFNaNpb.exe
  2⤵
  PID:7720
- C:\Windows\System\BMdfJqa.exe
  C:\Windows\System\BMdfJqa.exe
  2⤵
  PID:7784
- C:\Windows\System\RjNZFrq.exe
  C:\Windows\System\RjNZFrq.exe
  2⤵
  PID:7876
- C:\Windows\System\fEEFqPo.exe
  C:\Windows\System\fEEFqPo.exe
  2⤵
  PID:7908
- C:\Windows\System\EiglOII.exe
  C:\Windows\System\EiglOII.exe
  2⤵
  PID:7964
- C:\Windows\System\itJXuNd.exe
  C:\Windows\System\itJXuNd.exe
  2⤵
  PID:8004
- C:\Windows\System\wrSIBSK.exe
  C:\Windows\System\wrSIBSK.exe
  2⤵
  PID:8060
- C:\Windows\System\XZmUhfs.exe
  C:\Windows\System\XZmUhfs.exe
  2⤵
  PID:8088
- C:\Windows\System\fLzEHxX.exe
  C:\Windows\System\fLzEHxX.exe
  2⤵
  PID:8108
- C:\Windows\System\wtuYtnz.exe
  C:\Windows\System\wtuYtnz.exe
  2⤵
  PID:8180
- C:\Windows\System\ugGSXrC.exe
  C:\Windows\System\ugGSXrC.exe
  2⤵
  PID:6328
- C:\Windows\System\PMyOPmA.exe
  C:\Windows\System\PMyOPmA.exe
  2⤵
  PID:6616
- C:\Windows\System\tOxiLhW.exe
  C:\Windows\System\tOxiLhW.exe
  2⤵
  PID:7152
- C:\Windows\System\JeEadaL.exe
  C:\Windows\System\JeEadaL.exe
  2⤵
  PID:7824
- C:\Windows\System\txTqoIs.exe
  C:\Windows\System\txTqoIs.exe
  2⤵
  PID:7292
- C:\Windows\System\VAhHgEk.exe
  C:\Windows\System\VAhHgEk.exe
  2⤵
  PID:3716
- C:\Windows\System\ZWihwfH.exe
  C:\Windows\System\ZWihwfH.exe
  2⤵
  PID:2688
- C:\Windows\System\swwOKwj.exe
  C:\Windows\System\swwOKwj.exe
  2⤵
  PID:1096
- C:\Windows\System\LXLHqrP.exe
  C:\Windows\System\LXLHqrP.exe
  2⤵
  PID:576
- C:\Windows\System\aYAmpGG.exe
  C:\Windows\System\aYAmpGG.exe
  2⤵
  PID:1340
- C:\Windows\System\xNxPjkg.exe
  C:\Windows\System\xNxPjkg.exe
  2⤵
  PID:2304
- C:\Windows\System\TlFtHTL.exe
  C:\Windows\System\TlFtHTL.exe
  2⤵
  PID:2416
- C:\Windows\System\RJaNcln.exe
  C:\Windows\System\RJaNcln.exe
  2⤵
  PID:1756
- C:\Windows\System\sbgzDdA.exe
  C:\Windows\System\sbgzDdA.exe
  2⤵
  PID:1924
- C:\Windows\System\MJAEazh.exe
  C:\Windows\System\MJAEazh.exe
  2⤵
  PID:2024
- C:\Windows\System\JnUooPE.exe
  C:\Windows\System\JnUooPE.exe
  2⤵
  PID:2716
- C:\Windows\System\QOApaDT.exe
  C:\Windows\System\QOApaDT.exe
  2⤵
  PID:7316
- C:\Windows\System\ygeZkIA.exe
  C:\Windows\System\ygeZkIA.exe
  2⤵
  PID:7500
- C:\Windows\System\EzsjpMa.exe
  C:\Windows\System\EzsjpMa.exe
  2⤵
  PID:7460
- C:\Windows\System\MNXDutq.exe
  C:\Windows\System\MNXDutq.exe
  2⤵
  PID:7756
- C:\Windows\System\UGIjxOS.exe
  C:\Windows\System\UGIjxOS.exe
  2⤵
  PID:7860
- C:\Windows\System\kyQoPpQ.exe
  C:\Windows\System\kyQoPpQ.exe
  2⤵
  PID:2664
- C:\Windows\System\AtPRBdZ.exe
  C:\Windows\System\AtPRBdZ.exe
  2⤵
  PID:3028
- C:\Windows\System\pLegHWd.exe
  C:\Windows\System\pLegHWd.exe
  2⤵
  PID:8024
- C:\Windows\System\YWzTxKT.exe
  C:\Windows\System\YWzTxKT.exe
  2⤵
  PID:8100
- C:\Windows\System\tUCSqUM.exe
  C:\Windows\System\tUCSqUM.exe
  2⤵
  PID:6916
- C:\Windows\System\OMAnTbc.exe
  C:\Windows\System\OMAnTbc.exe
  2⤵
  PID:7196
- C:\Windows\System\fQgjZvn.exe
  C:\Windows\System\fQgjZvn.exe
  2⤵
  PID:7220
- C:\Windows\System\pgODhir.exe
  C:\Windows\System\pgODhir.exe
  2⤵
  PID:6368
- C:\Windows\System\oNZDIDo.exe
  C:\Windows\System\oNZDIDo.exe
  2⤵
  PID:1500
- C:\Windows\System\EcKaSeH.exe
  C:\Windows\System\EcKaSeH.exe
  2⤵
  PID:3736
- C:\Windows\System\QQvjgZS.exe
  C:\Windows\System\QQvjgZS.exe
  2⤵
  PID:900
- C:\Windows\System\xZCTJAE.exe
  C:\Windows\System\xZCTJAE.exe
  2⤵
  PID:2328
- C:\Windows\System\eutjfCz.exe
  C:\Windows\System\eutjfCz.exe
  2⤵
  PID:7436
- C:\Windows\System\NYTQSau.exe
  C:\Windows\System\NYTQSau.exe
  2⤵
  PID:748
- C:\Windows\System\WejcEJy.exe
  C:\Windows\System\WejcEJy.exe
  2⤵
  PID:8128
- C:\Windows\System\MGQhVUr.exe
  C:\Windows\System\MGQhVUr.exe
  2⤵
  PID:2280
- C:\Windows\System\ZDFGLJU.exe
  C:\Windows\System\ZDFGLJU.exe
  2⤵
  PID:2528
- C:\Windows\System\ywsbQsH.exe
  C:\Windows\System\ywsbQsH.exe
  2⤵
  PID:2264
- C:\Windows\System\KigdObI.exe
  C:\Windows\System\KigdObI.exe
  2⤵
  PID:7560
- C:\Windows\System\IzNjHJh.exe
  C:\Windows\System\IzNjHJh.exe
  2⤵
  PID:7760
- C:\Windows\System\szJzkKH.exe
  C:\Windows\System\szJzkKH.exe
  2⤵
  PID:8048
- C:\Windows\System\nLrfgyd.exe
  C:\Windows\System\nLrfgyd.exe
  2⤵
  PID:7800
- C:\Windows\System\MuUUSLf.exe
  C:\Windows\System\MuUUSLf.exe
  2⤵
  PID:7632
- C:\Windows\System\oTIlpYo.exe
  C:\Windows\System\oTIlpYo.exe
  2⤵
  PID:2584
- C:\Windows\System\mjjyfJd.exe
  C:\Windows\System\mjjyfJd.exe
  2⤵
  PID:2056
- C:\Windows\System\jZxtcJB.exe
  C:\Windows\System\jZxtcJB.exe
  2⤵
  PID:8028
- C:\Windows\System\xRYifnW.exe
  C:\Windows\System\xRYifnW.exe
  2⤵
  PID:1156
- C:\Windows\System\lKspHDb.exe
  C:\Windows\System\lKspHDb.exe
  2⤵
  PID:7580
- C:\Windows\System\SAZmpxV.exe
  C:\Windows\System\SAZmpxV.exe
  2⤵
  PID:7380
- C:\Windows\System\oXcyWGP.exe
  C:\Windows\System\oXcyWGP.exe
  2⤵
  PID:5552
- C:\Windows\System\COfPtcE.exe
  C:\Windows\System\COfPtcE.exe
  2⤵
  PID:800
- C:\Windows\System\bpFfPqY.exe
  C:\Windows\System\bpFfPqY.exe
  2⤵
  PID:2548
- C:\Windows\System\JCfxvHg.exe
  C:\Windows\System\JCfxvHg.exe
  2⤵
  PID:2340
- C:\Windows\System\RWNnxsf.exe
  C:\Windows\System\RWNnxsf.exe
  2⤵
  PID:7260
- C:\Windows\System\naHydIE.exe
  C:\Windows\System\naHydIE.exe
  2⤵
  PID:7844
- C:\Windows\System\BeyyvTR.exe
  C:\Windows\System\BeyyvTR.exe
  2⤵
  PID:7496
- C:\Windows\System\VVAfKJV.exe
  C:\Windows\System\VVAfKJV.exe
  2⤵
  PID:8212
- C:\Windows\System\pqFLFNt.exe
  C:\Windows\System\pqFLFNt.exe
  2⤵
  PID:8240
- C:\Windows\System\yNwnGJu.exe
  C:\Windows\System\yNwnGJu.exe
  2⤵
  PID:8256
- C:\Windows\System\RkYSLTm.exe
  C:\Windows\System\RkYSLTm.exe
  2⤵
  PID:8272
- C:\Windows\System\rtOMYqg.exe
  C:\Windows\System\rtOMYqg.exe
  2⤵
  PID:8288
- C:\Windows\System\iLlHnjP.exe
  C:\Windows\System\iLlHnjP.exe
  2⤵
  PID:8312
- C:\Windows\System\hCNMNFZ.exe
  C:\Windows\System\hCNMNFZ.exe
  2⤵
  PID:8332
- C:\Windows\System\FEyYTOW.exe
  C:\Windows\System\FEyYTOW.exe
  2⤵
  PID:8348
- C:\Windows\System\xkDbAwB.exe
  C:\Windows\System\xkDbAwB.exe
  2⤵
  PID:8376
- C:\Windows\System\TeiRlqF.exe
  C:\Windows\System\TeiRlqF.exe
  2⤵
  PID:8392
- C:\Windows\System\eNhcBxP.exe
  C:\Windows\System\eNhcBxP.exe
  2⤵
  PID:8420
- C:\Windows\System\gVVCrzi.exe
  C:\Windows\System\gVVCrzi.exe
  2⤵
  PID:8436
- C:\Windows\System\OYebIPD.exe
  C:\Windows\System\OYebIPD.exe
  2⤵
  PID:8452
- C:\Windows\System\VELtWqE.exe
  C:\Windows\System\VELtWqE.exe
  2⤵
  PID:8476
- C:\Windows\System\rVKDFoK.exe
  C:\Windows\System\rVKDFoK.exe
  2⤵
  PID:8508
- C:\Windows\System\kVUcsEW.exe
  C:\Windows\System\kVUcsEW.exe
  2⤵
  PID:8524
- C:\Windows\System\sZHWuwa.exe
  C:\Windows\System\sZHWuwa.exe
  2⤵
  PID:8544
- C:\Windows\System\JbovYFo.exe
  C:\Windows\System\JbovYFo.exe
  2⤵
  PID:8560
- C:\Windows\System\qIayqRC.exe
  C:\Windows\System\qIayqRC.exe
  2⤵
  PID:8592
- C:\Windows\System\agBOPCA.exe
  C:\Windows\System\agBOPCA.exe
  2⤵
  PID:8612
- C:\Windows\System\gSsIuuo.exe
  C:\Windows\System\gSsIuuo.exe
  2⤵
  PID:8632
- C:\Windows\System\RgrPdGL.exe
  C:\Windows\System\RgrPdGL.exe
  2⤵
  PID:8648
- C:\Windows\System\kGxwmkQ.exe
  C:\Windows\System\kGxwmkQ.exe
  2⤵
  PID:8668
- C:\Windows\System\ynCnarR.exe
  C:\Windows\System\ynCnarR.exe
  2⤵
  PID:8692
- C:\Windows\System\oflTMbr.exe
  C:\Windows\System\oflTMbr.exe
  2⤵
  PID:8708
- C:\Windows\System\guzuruk.exe
  C:\Windows\System\guzuruk.exe
  2⤵
  PID:8724
- C:\Windows\System\EYnnWjK.exe
  C:\Windows\System\EYnnWjK.exe
  2⤵
  PID:8740
- C:\Windows\System\WvkdoIg.exe
  C:\Windows\System\WvkdoIg.exe
  2⤵
  PID:8756
- C:\Windows\System\RMUpvkK.exe
  C:\Windows\System\RMUpvkK.exe
  2⤵
  PID:8772
- C:\Windows\System\GXGnmGx.exe
  C:\Windows\System\GXGnmGx.exe
  2⤵
  PID:8788
- C:\Windows\System\MKbRJOP.exe
  C:\Windows\System\MKbRJOP.exe
  2⤵
  PID:8812
- C:\Windows\System\cdafyaB.exe
  C:\Windows\System\cdafyaB.exe
  2⤵
  PID:8836
- C:\Windows\System\RLmLhzP.exe
  C:\Windows\System\RLmLhzP.exe
  2⤵
  PID:8852
- C:\Windows\System\WAChRmT.exe
  C:\Windows\System\WAChRmT.exe
  2⤵
  PID:8884
- C:\Windows\System\rsNrxgz.exe
  C:\Windows\System\rsNrxgz.exe
  2⤵
  PID:8900
- C:\Windows\System\mCPWHNf.exe
  C:\Windows\System\mCPWHNf.exe
  2⤵
  PID:8920
- C:\Windows\System\iFrKaji.exe
  C:\Windows\System\iFrKaji.exe
  2⤵
  PID:8948
- C:\Windows\System\BDgUOok.exe
  C:\Windows\System\BDgUOok.exe
  2⤵
  PID:8964
- C:\Windows\System\DNYojLq.exe
  C:\Windows\System\DNYojLq.exe
  2⤵
  PID:8984
- C:\Windows\System\tyFbjaA.exe
  C:\Windows\System\tyFbjaA.exe
  2⤵
  PID:9016
- C:\Windows\System\kCtBBdf.exe
  C:\Windows\System\kCtBBdf.exe
  2⤵
  PID:9032
- C:\Windows\System\LaepjCe.exe
  C:\Windows\System\LaepjCe.exe
  2⤵
  PID:9048
- C:\Windows\System\kUcZfLs.exe
  C:\Windows\System\kUcZfLs.exe
  2⤵
  PID:9064
- C:\Windows\System\wVGzjGW.exe
  C:\Windows\System\wVGzjGW.exe
  2⤵
  PID:9080
- C:\Windows\System\zkmZiWz.exe
  C:\Windows\System\zkmZiWz.exe
  2⤵
  PID:9096
- C:\Windows\System\VLywSBL.exe
  C:\Windows\System\VLywSBL.exe
  2⤵
  PID:9112
- C:\Windows\System\mJCYndW.exe
  C:\Windows\System\mJCYndW.exe
  2⤵
  PID:9140
- C:\Windows\System\gUfFljP.exe
  C:\Windows\System\gUfFljP.exe
  2⤵
  PID:9176
- C:\Windows\System\MmTarLF.exe
  C:\Windows\System\MmTarLF.exe
  2⤵
  PID:9192
- C:\Windows\System\OMrExIS.exe
  C:\Windows\System\OMrExIS.exe
  2⤵
  PID:9212
- C:\Windows\System\bKTWqDt.exe
  C:\Windows\System\bKTWqDt.exe
  2⤵
  PID:8196
- C:\Windows\System\FqJzReo.exe
  C:\Windows\System\FqJzReo.exe
  2⤵
  PID:8220
- C:\Windows\System\BSDuGWf.exe
  C:\Windows\System\BSDuGWf.exe
  2⤵
  PID:8236
- C:\Windows\System\yiwYqIw.exe
  C:\Windows\System\yiwYqIw.exe
  2⤵
  PID:8300
- C:\Windows\System\TAiSdkk.exe
  C:\Windows\System\TAiSdkk.exe
  2⤵
  PID:8320
- C:\Windows\System\hJCxVui.exe
  C:\Windows\System\hJCxVui.exe
  2⤵
  PID:8356
- C:\Windows\System\nsuhOCY.exe
  C:\Windows\System\nsuhOCY.exe
  2⤵
  PID:8372
- C:\Windows\System\FjiXSGN.exe
  C:\Windows\System\FjiXSGN.exe
  2⤵
  PID:8416
- C:\Windows\System\gwPLBSC.exe
  C:\Windows\System\gwPLBSC.exe
  2⤵
  PID:8460
- C:\Windows\System\koKZVLa.exe
  C:\Windows\System\koKZVLa.exe
  2⤵
  PID:8488
- C:\Windows\System\XqiXSoP.exe
  C:\Windows\System\XqiXSoP.exe
  2⤵
  PID:8540
- C:\Windows\System\jshirPy.exe
  C:\Windows\System\jshirPy.exe
  2⤵
  PID:8568
- C:\Windows\System\OqPpKiC.exe
  C:\Windows\System\OqPpKiC.exe
  2⤵
  PID:8600
- C:\Windows\System\Hcumskt.exe
  C:\Windows\System\Hcumskt.exe
  2⤵
  PID:8624
- C:\Windows\System\vjITYzx.exe
  C:\Windows\System\vjITYzx.exe
  2⤵
  PID:8660
- C:\Windows\System\wqcUyIb.exe
  C:\Windows\System\wqcUyIb.exe
  2⤵
  PID:8700
- C:\Windows\System\dtbYrYF.exe
  C:\Windows\System\dtbYrYF.exe
  2⤵
  PID:8748
- C:\Windows\System\RLjGdHB.exe
  C:\Windows\System\RLjGdHB.exe
  2⤵
  PID:8824
- C:\Windows\System\sdMvnnt.exe
  C:\Windows\System\sdMvnnt.exe
  2⤵
  PID:8868
- C:\Windows\System\cMTwyUO.exe
  C:\Windows\System\cMTwyUO.exe
  2⤵
  PID:8764
- C:\Windows\System\vUUtcnT.exe
  C:\Windows\System\vUUtcnT.exe
  2⤵
  PID:8732
- C:\Windows\System\tnEXXHC.exe
  C:\Windows\System\tnEXXHC.exe
  2⤵
  PID:8800
- C:\Windows\System\nBVdWZp.exe
  C:\Windows\System\nBVdWZp.exe
  2⤵
  PID:8896
- C:\Windows\System\SWdAfMJ.exe
  C:\Windows\System\SWdAfMJ.exe
  2⤵
  PID:8936
- C:\Windows\System\hhKYHLT.exe
  C:\Windows\System\hhKYHLT.exe
  2⤵
  PID:8992
- C:\Windows\System\WuHskhP.exe
  C:\Windows\System\WuHskhP.exe
  2⤵
  PID:9000
- C:\Windows\System\hfNYwiH.exe
  C:\Windows\System\hfNYwiH.exe
  2⤵
  PID:9040
- C:\Windows\System\wgLvJJH.exe
  C:\Windows\System\wgLvJJH.exe
  2⤵
  PID:9108
- C:\Windows\System\gJLkXZd.exe
  C:\Windows\System\gJLkXZd.exe
  2⤵
  PID:9132
- C:\Windows\System\qREpCab.exe
  C:\Windows\System\qREpCab.exe
  2⤵
  PID:9156
- C:\Windows\System\mDaAAtO.exe
  C:\Windows\System\mDaAAtO.exe
  2⤵
  PID:9172
- C:\Windows\System\KHhMlXw.exe
  C:\Windows\System\KHhMlXw.exe
  2⤵
  PID:9208
- C:\Windows\System\AQfdXHc.exe
  C:\Windows\System\AQfdXHc.exe
  2⤵
  PID:8264
- C:\Windows\System\UMwSrec.exe
  C:\Windows\System\UMwSrec.exe
  2⤵
  PID:8284
- C:\Windows\System\VoaZCLd.exe
  C:\Windows\System\VoaZCLd.exe
  2⤵
  PID:8364
- C:\Windows\System\JkbtCgb.exe
  C:\Windows\System\JkbtCgb.exe
  2⤵
  PID:8384
- C:\Windows\System\VnNgkpQ.exe
  C:\Windows\System\VnNgkpQ.exe
  2⤵
  PID:8444
- C:\Windows\System\ucvWKsR.exe
  C:\Windows\System\ucvWKsR.exe
  2⤵
  PID:8484
- C:\Windows\System\dfhTSuS.exe
  C:\Windows\System\dfhTSuS.exe
  2⤵
  PID:8536
- C:\Windows\System\jTRptsn.exe
  C:\Windows\System\jTRptsn.exe
  2⤵
  PID:8684
- C:\Windows\System\YJrmBkp.exe
  C:\Windows\System\YJrmBkp.exe
  2⤵
  PID:8876
- C:\Windows\System\gweqiAA.exe
  C:\Windows\System\gweqiAA.exe
  2⤵
  PID:8928
- C:\Windows\System\TtWdPnh.exe
  C:\Windows\System\TtWdPnh.exe
  2⤵
  PID:8980
- C:\Windows\System\UhgThev.exe
  C:\Windows\System\UhgThev.exe
  2⤵
  PID:9104
- C:\Windows\System\dgOSLXB.exe
  C:\Windows\System\dgOSLXB.exe
  2⤵
  PID:8656
- C:\Windows\System\wPbXjEL.exe
  C:\Windows\System\wPbXjEL.exe
  2⤵
  PID:9128
- C:\Windows\System\tUGmRUr.exe
  C:\Windows\System\tUGmRUr.exe
  2⤵
  PID:8804
- C:\Windows\System\ITfyyFU.exe
  C:\Windows\System\ITfyyFU.exe
  2⤵
  PID:9028
- C:\Windows\System\OtPuzxh.exe
  C:\Windows\System\OtPuzxh.exe
  2⤵
  PID:8828
- C:\Windows\System\nhYjGeh.exe
  C:\Windows\System\nhYjGeh.exe
  2⤵
  PID:9188
- C:\Windows\System\ngaiRwk.exe
  C:\Windows\System\ngaiRwk.exe
  2⤵
  PID:7476
- C:\Windows\System\pbLsPgg.exe
  C:\Windows\System\pbLsPgg.exe
  2⤵
  PID:8228
- C:\Windows\System\QqktWeq.exe
  C:\Windows\System\QqktWeq.exe
  2⤵
  PID:8340
- C:\Windows\System\WKvnJpt.exe
  C:\Windows\System\WKvnJpt.exe
  2⤵
  PID:8432
- C:\Windows\System\SElUcTW.exe
  C:\Windows\System\SElUcTW.exe
  2⤵
  PID:8588
- C:\Windows\System\LLJKDSW.exe
  C:\Windows\System\LLJKDSW.exe
  2⤵
  PID:8680
- C:\Windows\System\GCeEDFI.exe
  C:\Windows\System\GCeEDFI.exe
  2⤵
  PID:8916
- C:\Windows\System\VBgITgg.exe
  C:\Windows\System\VBgITgg.exe
  2⤵
  PID:9012
- C:\Windows\System\vRdHEHr.exe
  C:\Windows\System\vRdHEHr.exe
  2⤵
  PID:8676
- C:\Windows\System\MrJTDxh.exe
  C:\Windows\System\MrJTDxh.exe
  2⤵
  PID:9136
- C:\Windows\System\omWvjcO.exe
  C:\Windows\System\omWvjcO.exe
  2⤵
  PID:2632
- C:\Windows\System\tFkKjOF.exe
  C:\Windows\System\tFkKjOF.exe
  2⤵
  PID:8720
- C:\Windows\System\PbjIEsF.exe
  C:\Windows\System\PbjIEsF.exe
  2⤵
  PID:8200
- C:\Windows\System\SENshfN.exe
  C:\Windows\System\SENshfN.exe
  2⤵
  PID:8844
- C:\Windows\System\ZabuUdT.exe
  C:\Windows\System\ZabuUdT.exe
  2⤵
  PID:8944
- C:\Windows\System\TCCTSsv.exe
  C:\Windows\System\TCCTSsv.exe
  2⤵
  PID:8520
- C:\Windows\System\hULbxNW.exe
  C:\Windows\System\hULbxNW.exe
  2⤵
  PID:8976
- C:\Windows\System\AQsVWhq.exe
  C:\Windows\System\AQsVWhq.exe
  2⤵
  PID:1976
- C:\Windows\System\KRraLHz.exe
  C:\Windows\System\KRraLHz.exe
  2⤵
  PID:8628
- C:\Windows\System\pjGBulm.exe
  C:\Windows\System\pjGBulm.exe
  2⤵
  PID:8860
- C:\Windows\System\MBUqoiJ.exe
  C:\Windows\System\MBUqoiJ.exe
  2⤵
  PID:8956
- C:\Windows\System\EerQebM.exe
  C:\Windows\System\EerQebM.exe
  2⤵
  PID:8768
- C:\Windows\System\RjYsmSq.exe
  C:\Windows\System\RjYsmSq.exe
  2⤵
  PID:9024
- C:\Windows\System\YgAotLg.exe
  C:\Windows\System\YgAotLg.exe
  2⤵
  PID:9056
- C:\Windows\System\RskGXeu.exe
  C:\Windows\System\RskGXeu.exe
  2⤵
  PID:8620
- C:\Windows\System\RTLLTIH.exe
  C:\Windows\System\RTLLTIH.exe
  2⤵
  PID:8848
- C:\Windows\System\ICqgaOo.exe
  C:\Windows\System\ICqgaOo.exe
  2⤵
  PID:9228
- C:\Windows\System\TRlDFqW.exe
  C:\Windows\System\TRlDFqW.exe
  2⤵
  PID:9248
- C:\Windows\System\AykRYFD.exe
  C:\Windows\System\AykRYFD.exe
  2⤵
  PID:9264
- C:\Windows\System\lVHugcR.exe
  C:\Windows\System\lVHugcR.exe
  2⤵
  PID:9288
- C:\Windows\System\FTHoOff.exe
  C:\Windows\System\FTHoOff.exe
  2⤵
  PID:9304
- C:\Windows\System\OeLAKaX.exe
  C:\Windows\System\OeLAKaX.exe
  2⤵
  PID:9328
- C:\Windows\System\HAtXRYC.exe
  C:\Windows\System\HAtXRYC.exe
  2⤵
  PID:9344
- C:\Windows\System\KPaIyRv.exe
  C:\Windows\System\KPaIyRv.exe
  2⤵
  PID:9368
- C:\Windows\System\zYYqqfm.exe
  C:\Windows\System\zYYqqfm.exe
  2⤵
  PID:9388
- C:\Windows\System\PpJVHZP.exe
  C:\Windows\System\PpJVHZP.exe
  2⤵
  PID:9412
- C:\Windows\System\tQMSyMf.exe
  C:\Windows\System\tQMSyMf.exe
  2⤵
  PID:9428
- C:\Windows\System\KJnfNIp.exe
  C:\Windows\System\KJnfNIp.exe
  2⤵
  PID:9452
- C:\Windows\System\tXYqnwF.exe
  C:\Windows\System\tXYqnwF.exe
  2⤵
  PID:9472
- C:\Windows\System\YBuQDKG.exe
  C:\Windows\System\YBuQDKG.exe
  2⤵
  PID:9488
- C:\Windows\System\tCQIUSb.exe
  C:\Windows\System\tCQIUSb.exe
  2⤵
  PID:9512
- C:\Windows\System\vItgaGp.exe
  C:\Windows\System\vItgaGp.exe
  2⤵
  PID:9528
- C:\Windows\System\HYqKhvN.exe
  C:\Windows\System\HYqKhvN.exe
  2⤵
  PID:9544
- C:\Windows\System\TGmzcVr.exe
  C:\Windows\System\TGmzcVr.exe
  2⤵
  PID:9568
- C:\Windows\System\IaGBMof.exe
  C:\Windows\System\IaGBMof.exe
  2⤵
  PID:9592
- C:\Windows\System\VaxphCF.exe
  C:\Windows\System\VaxphCF.exe
  2⤵
  PID:9608
- C:\Windows\System\GtaaRLJ.exe
  C:\Windows\System\GtaaRLJ.exe
  2⤵
  PID:9624
- C:\Windows\System\txPnlMm.exe
  C:\Windows\System\txPnlMm.exe
  2⤵
  PID:9652
- C:\Windows\System\NqHSdKS.exe
  C:\Windows\System\NqHSdKS.exe
  2⤵
  PID:9668
- C:\Windows\System\BIjlAFm.exe
  C:\Windows\System\BIjlAFm.exe
  2⤵
  PID:9688
- C:\Windows\System\DEEwZAN.exe
  C:\Windows\System\DEEwZAN.exe
  2⤵
  PID:9712
- C:\Windows\System\nMesuSl.exe
  C:\Windows\System\nMesuSl.exe
  2⤵
  PID:9728
- C:\Windows\System\ZNlJZrq.exe
  C:\Windows\System\ZNlJZrq.exe
  2⤵
  PID:9748
- C:\Windows\System\nYWQHUq.exe
  C:\Windows\System\nYWQHUq.exe
  2⤵
  PID:9768
- C:\Windows\System\TWEaJYr.exe
  C:\Windows\System\TWEaJYr.exe
  2⤵
  PID:9784
- C:\Windows\System\OToEUcP.exe
  C:\Windows\System\OToEUcP.exe
  2⤵
  PID:9812
- C:\Windows\System\vxbSPQd.exe
  C:\Windows\System\vxbSPQd.exe
  2⤵
  PID:9828
- C:\Windows\System\StYNNJL.exe
  C:\Windows\System\StYNNJL.exe
  2⤵
  PID:9844
- C:\Windows\System\PSsLpyg.exe
  C:\Windows\System\PSsLpyg.exe
  2⤵
  PID:9864
- C:\Windows\System\XvDEwCi.exe
  C:\Windows\System\XvDEwCi.exe
  2⤵
  PID:9888
- C:\Windows\System\IlHPMdH.exe
  C:\Windows\System\IlHPMdH.exe
  2⤵
  PID:9904
- C:\Windows\System\TensgCw.exe
  C:\Windows\System\TensgCw.exe
  2⤵
  PID:9924
- C:\Windows\System\VglWTtK.exe
  C:\Windows\System\VglWTtK.exe
  2⤵
  PID:9944
- C:\Windows\System\nGeaUvq.exe
  C:\Windows\System\nGeaUvq.exe
  2⤵
  PID:9964
- C:\Windows\System\oDteCKU.exe
  C:\Windows\System\oDteCKU.exe
  2⤵
  PID:9988
- C:\Windows\System\loyPOEf.exe
  C:\Windows\System\loyPOEf.exe
  2⤵
  PID:10008
- C:\Windows\System\LGOCwWk.exe
  C:\Windows\System\LGOCwWk.exe
  2⤵
  PID:10024
- C:\Windows\System\lKrYCmS.exe
  C:\Windows\System\lKrYCmS.exe
  2⤵
  PID:10044
- C:\Windows\System\QfRihgc.exe
  C:\Windows\System\QfRihgc.exe
  2⤵
  PID:10064
- C:\Windows\System\cPKHCga.exe
  C:\Windows\System\cPKHCga.exe
  2⤵
  PID:10084
- C:\Windows\System\DGENaSg.exe
  C:\Windows\System\DGENaSg.exe
  2⤵
  PID:10108
- C:\Windows\System\sOnnodg.exe
  C:\Windows\System\sOnnodg.exe
  2⤵
  PID:10124
- C:\Windows\System\MNmmxew.exe
  C:\Windows\System\MNmmxew.exe
  2⤵
  PID:10140
- C:\Windows\System\nsRhMcK.exe
  C:\Windows\System\nsRhMcK.exe
  2⤵
  PID:10160
- C:\Windows\System\wXtfKlG.exe
  C:\Windows\System\wXtfKlG.exe
  2⤵
  PID:10176
- C:\Windows\System\QYAsJBo.exe
  C:\Windows\System\QYAsJBo.exe
  2⤵
  PID:10192
- C:\Windows\System\PpjoLPE.exe
  C:\Windows\System\PpjoLPE.exe
  2⤵
  PID:10208
- C:\Windows\System\ELnxdrE.exe
  C:\Windows\System\ELnxdrE.exe
  2⤵
  PID:10224
- C:\Windows\System\fsDYLvX.exe
  C:\Windows\System\fsDYLvX.exe
  2⤵
  PID:8552
- C:\Windows\System\MEAKUIY.exe
  C:\Windows\System\MEAKUIY.exe
  2⤵
  PID:9236
- C:\Windows\System\rtJAowZ.exe
  C:\Windows\System\rtJAowZ.exe
  2⤵
  PID:9280
- C:\Windows\System\hIggnSi.exe
  C:\Windows\System\hIggnSi.exe
  2⤵
  PID:9320
- C:\Windows\System\HibGAOa.exe
  C:\Windows\System\HibGAOa.exe
  2⤵
  PID:9360
- C:\Windows\System\oZxycue.exe
  C:\Windows\System\oZxycue.exe
  2⤵
  PID:9408
- C:\Windows\System\oTDBItZ.exe
  C:\Windows\System\oTDBItZ.exe
  2⤵
  PID:9436
- C:\Windows\System\lIntdSY.exe
  C:\Windows\System\lIntdSY.exe
  2⤵
  PID:9468
- C:\Windows\System\KHFABmh.exe
  C:\Windows\System\KHFABmh.exe
  2⤵
  PID:9504
- C:\Windows\System\wBWObXU.exe
  C:\Windows\System\wBWObXU.exe
  2⤵
  PID:9552
- C:\Windows\System\uWoVpxW.exe
  C:\Windows\System\uWoVpxW.exe
  2⤵
  PID:9576
- C:\Windows\System\GXEqQJn.exe
  C:\Windows\System\GXEqQJn.exe
  2⤵
  PID:9604
- C:\Windows\System\PITzZDg.exe
  C:\Windows\System\PITzZDg.exe
  2⤵
  PID:9616
- C:\Windows\System\MSmjRBD.exe
  C:\Windows\System\MSmjRBD.exe
  2⤵
  PID:9660
- C:\Windows\System\xeRtFpA.exe
  C:\Windows\System\xeRtFpA.exe
  2⤵
  PID:9684
- C:\Windows\System\XvfUphZ.exe
  C:\Windows\System\XvfUphZ.exe
  2⤵
  PID:9720
- C:\Windows\System\nmgVXxw.exe
  C:\Windows\System\nmgVXxw.exe
  2⤵
  PID:9740
- C:\Windows\System\SHTskMv.exe
  C:\Windows\System\SHTskMv.exe
  2⤵
  PID:9836
- C:\Windows\System\TBJXKTn.exe
  C:\Windows\System\TBJXKTn.exe
  2⤵
  PID:9872
- C:\Windows\System\cSCCwwn.exe
  C:\Windows\System\cSCCwwn.exe
  2⤵
  PID:9856
- C:\Windows\System\grcvdXy.exe
  C:\Windows\System\grcvdXy.exe
  2⤵
  PID:9896
- C:\Windows\System\fSQXOUR.exe
  C:\Windows\System\fSQXOUR.exe
  2⤵
  PID:9932
- C:\Windows\System\CLqgIzQ.exe
  C:\Windows\System\CLqgIzQ.exe
  2⤵
  PID:9980
- C:\Windows\System\sbfqmEy.exe
  C:\Windows\System\sbfqmEy.exe
  2⤵
  PID:10032
- C:\Windows\System\IFiOQFR.exe
  C:\Windows\System\IFiOQFR.exe
  2⤵
  PID:10016
- C:\Windows\System\KpZeTrL.exe
  C:\Windows\System\KpZeTrL.exe
  2⤵
  PID:10148
- C:\Windows\System\PDJhbko.exe
  C:\Windows\System\PDJhbko.exe
  2⤵
  PID:10220
- C:\Windows\System\pZbjhDl.exe
  C:\Windows\System\pZbjhDl.exe
  2⤵
  PID:9312
- C:\Windows\System\HzoDDSB.exe
  C:\Windows\System\HzoDDSB.exe
  2⤵
  PID:10168
- C:\Windows\System\gtPlxCZ.exe
  C:\Windows\System\gtPlxCZ.exe
  2⤵
  PID:9400
- C:\Windows\System\VPSIRAs.exe
  C:\Windows\System\VPSIRAs.exe
  2⤵
  PID:9500
- C:\Windows\System\mRjBtPm.exe
  C:\Windows\System\mRjBtPm.exe
  2⤵
  PID:9540
- C:\Windows\System\EncpBWM.exe
  C:\Windows\System\EncpBWM.exe
  2⤵
  PID:9704
- C:\Windows\System\qLUzcST.exe
  C:\Windows\System\qLUzcST.exe
  2⤵
  PID:10092
- C:\Windows\System\SnmTDWY.exe
  C:\Windows\System\SnmTDWY.exe
  2⤵
  PID:9352
- C:\Windows\System\FaknBNk.exe
  C:\Windows\System\FaknBNk.exe
  2⤵
  PID:9736
- C:\Windows\System\fRNoXIv.exe
  C:\Windows\System\fRNoXIv.exe
  2⤵
  PID:10204
- C:\Windows\System\XWYqtdK.exe
  C:\Windows\System\XWYqtdK.exe
  2⤵
  PID:9680
- C:\Windows\System\dQmhmoa.exe
  C:\Windows\System\dQmhmoa.exe
  2⤵
  PID:9580
- C:\Windows\System\QQdXglu.exe
  C:\Windows\System\QQdXglu.exe
  2⤵
  PID:9760
- C:\Windows\System\SVKFCvb.exe
  C:\Windows\System\SVKFCvb.exe
  2⤵
  PID:9796
- C:\Windows\System\IPWNtzw.exe
  C:\Windows\System\IPWNtzw.exe
  2⤵
  PID:9820
- C:\Windows\System\McmXGih.exe
  C:\Windows\System\McmXGih.exe
  2⤵
  PID:9852
- C:\Windows\System\ryYBfEW.exe
  C:\Windows\System\ryYBfEW.exe
  2⤵
  PID:9952
- C:\Windows\System\bqJsHFj.exe
  C:\Windows\System\bqJsHFj.exe
  2⤵
  PID:10080
- C:\Windows\System\jXmtsCp.exe
  C:\Windows\System\jXmtsCp.exe
  2⤵
  PID:9940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CBAlyZG.exe

Filesize
6.0MB

MD5
22ba0d3aad19220679273f36a8e49c79

SHA1
18795e56415b256d59922835d5473a4d0c7e099d

SHA256
d92a55b84e7cedc59cb2d0d1036ffacb4302390ea8a25857778a02a6f8699d88

SHA512
22da3efe6916b0f09a050d1beddc098c5fb8f3d9eb4b424df097050333c72b1228197b2a2f96da32740552f425954abdee7d3f8163ab3830304e77a4b1694ddd

Download Submit
C:\Windows\system\HFoHjnl.exe

Filesize
6.0MB

MD5
1c77ccbe80b724fc1a648ae0237610fc

SHA1
e73b9594ba7627cbff9489331816e9c3a2ace68c

SHA256
c63362a260676ec7c97bb32ec7a6000d760155acb3f05f85ac91ba440895f94c

SHA512
373039e1eb8a096d672127b5916035f4ae0eb8d88daf37aa3bcfcc72f4b22e94fe575586a97ccb15037342d239c2122429668393a8303a2d26a54695dee1cf63

Download Submit
C:\Windows\system\HvRltrh.exe

Filesize
6.0MB

MD5
9a639ce2d86514b17d51aac803139bcf

SHA1
984395b3702b1817904b81cb05049400c4e9fb67

SHA256
c2362a2624537e5ac1589b1ec9f11376572e24986e605fc14d178ee27c9ac62a

SHA512
e642fb011584632b6d7afc8133f965fc0c615fc8ebf822c0f960efaf77de6b735212bac37c77eb430149cf016fab4b7898148cb06e5c555f2334d569e9e0c198

Download Submit
C:\Windows\system\KujzRUE.exe

Filesize
6.0MB

MD5
6393548100f843488c15dd72d030a4d7

SHA1
c1fa92de6f147a3a5ae636fd58e67cd02c9b046c

SHA256
0e086030a1d2560e6763a5b984c49ba651c60944eb36f0846fc5721680276cb5

SHA512
2bf0ab9287baee331b52168549946550ad5cdd03397a0b4527dde63fe02271743932665d9d2a9f516f25d4ac4b6e85cf22b7b7f4107c547495d340ba3eed8c98

Download Submit
C:\Windows\system\OWBoeSN.exe

Filesize
6.0MB

MD5
287d027cfd7dbd67fbb67a41d5959ba4

SHA1
639e5ed26a6074114cf9f33b642fb9ee663fef04

SHA256
2fac747b8e3293c0f14719ed4bede11a267f703c553cb368c3db68ec12b99135

SHA512
3486d4267a4cca895a32710c18a6adc8f8e62d1ab4aadb99a13922f0ccc1b9d268320f9c6c63a99d224ae1ebe5a469e44e1a85d2fe7ba8ac7018eb0ceecc1264

Download Submit
C:\Windows\system\OeQttRi.exe

Filesize
6.0MB

MD5
b1d8bdbd1262b1d6921091a2f0616cc7

SHA1
6a01b299b00e168525f133930b1a40ccd8022012

SHA256
47e8a8e633c009726d1777ac78339ee92485c559922ef1099a93b24c12e9056a

SHA512
46390411468593bc3daeb094452023743a84d842ff4be1519cccf97b2dedca957220a8d203479d5ec03ec553ac84071a572addf08393782681037d6b3523525b

Download Submit
C:\Windows\system\OufvgAy.exe

Filesize
6.0MB

MD5
3e16e8dbd28e6134ff7aac4ec6e4b471

SHA1
415577358948c96678a7c26aa0a91dd02f57d704

SHA256
7d6c80a1bed01eef450f1e6f9b1e0cf896966a37dc1e727652c3229ba53985c0

SHA512
4c2951ac004930af0e7e0cb53085800ea8dd2490fb621604ee0ed63591ce38ed573811cc11b2491184ff8b0fdd91a060cd4cce20941eae9963f001b60952d029

Download Submit
C:\Windows\system\PKqPiBa.exe

Filesize
6.0MB

MD5
33e74d820fba3093b8c7de354357c949

SHA1
8982963350f7b3658eb5e4b25ad1b0ffbc400569

SHA256
364f845b110f42fc93771a41b10b2250cf04ae2727ff9e3265be19f6028d888c

SHA512
f530ea60bfdb5971b6aea6e0959adc077067a806065f7978a6194ebc51f3264afa6590b8797fde4c1a5e943a0868f7483ed3507a4daa6e24e1a30f658ea3690f

Download Submit
C:\Windows\system\QvmYsKp.exe

Filesize
6.0MB

MD5
75fefa0a19c368c7140ac550c929607b

SHA1
1b77b979b1972cc91f91fa666a692bc5627d120b

SHA256
3403675aa5febb10d33f8e350684f92fbf18c28226337e0d411f7b2d54679635

SHA512
8fdc839714c713c6beeb830a1d4802e90ae53f28ec86658dc9e93e755d72d355ede04661396db9a90bd938244701397030d70e6ceb3246dd533b4890873d8cd3

Download Submit
C:\Windows\system\RUOrcpp.exe

Filesize
6.0MB

MD5
70e77e12db8d326895736e9f1330baab

SHA1
9d95a3f686a3548e25e7a4e47ffeb9576e232e47

SHA256
e8d3b96a73521e43eac4e44d8fb0024c395ebe4bb363102f093075bb88c33f7e

SHA512
2855c632bcded302f9a00dbb74ca409eb01edce91ec7bf137bdfc46a9b9af636ee40a58ba1f65ce7455bb1f6a8c0e2ab4f2ea534565e7fee8dc3414c91ced3bb

Download Submit
C:\Windows\system\SrIFYKP.exe

Filesize
6.0MB

MD5
a3b063838035b5bdf7dd7445eaa2c090

SHA1
436dba624210d9f529ddd72ead29b7a1e8fc99d8

SHA256
939e651fc9a398c190f14640ad7109585785e1604d9384f6df9a88019ff93da9

SHA512
0ed08f45af93f6659f0e0fc8c8151d30f79421720a551f4d22a2716535e8bfea3c7c0e88c8dcf971f1aa9c0b74c2991bd6a6bfdce9bd84496f7ddfe8653ba77a

Download Submit
C:\Windows\system\TEzyTkf.exe

Filesize
6.0MB

MD5
6773d706fca37d432895da7383528f16

SHA1
c28e264e30908cc19051c47d797251abbf04d78d

SHA256
87f05f6ee9eaa7243d1ad9f6546cd71acbbe92eded3fdc18567c4f58bf93564e

SHA512
ed4160f845472909d2c7b4aad80487a3da55db4c210215d59a5e714fb297e000a81c370df9d98b7efc03586553fcdc01568c202e3be6aae9d98da49f6cd7a1d8

Download Submit
C:\Windows\system\VvYauDV.exe

Filesize
6.0MB

MD5
7da4cc30fa2578af23d40a54bff739f5

SHA1
05177c6a2be14e3e8444b89ecf5463b0d797e1c2

SHA256
6225f96c2190a5c1f64fc92e02c5e49e26814f2cee67075f518c9172b6c906fe

SHA512
a08c8ba9f01d51cdadb3e74b496b5cc4eb29f08fdc1ce33cf3f8dee8e43845944aea68b36c62ccb862029659c8d5fb4eba7e5796f8073a0433fed9b52171b51e

Download Submit
C:\Windows\system\YuSUyJT.exe

Filesize
6.0MB

MD5
24cccf36f46e9330352ae7bdcc032ec7

SHA1
9bdd3a47e291db0e356e5f15f460662a1e088d9b

SHA256
391682128fcec0f572a08c82343a659263c73efbe8c79f68a9e047b73eb66117

SHA512
cfc8d9e5fb1337a54d052803845c8d038c28f2169ed374e321fb551e4ff444141cff2e0e48c9499db5137fef307420efc978056a3764bf6f380d5c0dbaa44f4d

Download Submit
C:\Windows\system\aWVpSvV.exe

Filesize
8B

MD5
233ad0a93050b25a2933161cb0c1e844

SHA1
5d6abe11c440f202c3cf2e62a3e4ba6946f74e62

SHA256
7643fddf26c35443f4dedd19782d6d957601204192a2428e51f79b4879dac5a3

SHA512
7b51090ab0576ffe5a381c5f0cdc84b682c329ca9b1f4b13d42098cb71d1bea23c62d21a34381636472df37accc2c4412ebd72bb849e579fc9265a9a12f9d485

Download Submit
C:\Windows\system\bETVBnm.exe

Filesize
6.0MB

MD5
dd84b4d5e3c74da6704fcd0627ed0dde

SHA1
2408ccb096659972ae76607a4e6b37ddaa62698c

SHA256
e5fc328d8f2c25765a828d7754c985f7312f529cd4387af6c783de66421ebae4

SHA512
861bf454caba15c243bd86b660039924972cfe1a57105026ff7aa8ca8a42169659d0e51d709ec081c2e8ca8419612b01e10efa8c28469683feda5a94b438c3c9

Download Submit
C:\Windows\system\bhBCkiV.exe

Filesize
6.0MB

MD5
87f8790cb4c6d7e0e49dccf7eeb7092d

SHA1
b3389959728d0451aef8ab195dbf74341f33489f

SHA256
b55478444fb674311df0324dfe6efe0d57d6b5ab86b352b7d3c0c3ffe98dc93a

SHA512
40932d6bee5a0f94009f029b61792e332184ad0b141073e360a1af28c41a9ec5335a7ad9fc26729097b99cb6c576d8d4ec86bbbcf289bf52288e3a40d33a1dda

Download Submit
C:\Windows\system\bxakRLj.exe

Filesize
6.0MB

MD5
0732db360e0a6f7b8e5f3e94ed6a885c

SHA1
bddcc600f1b164eea972dd8479103175c76593de

SHA256
e566be3371f2d3d6293c6cc9e71c71dd8656879cb7e69ba79a6088dfeeda6611

SHA512
cb2439e2947ef9942bb1c598e7e8f8b80aff1cbdadf99030d44d393585ea34cc3597203b3c521f2428c84657128bb051c6033fa2680758dca6b3433a3571b7b6

Download Submit
C:\Windows\system\cLabOSp.exe

Filesize
6.0MB

MD5
1517f383ffa3f464f05303f27c090e11

SHA1
392700d58853d33b1b8f9989fdf80c65cf91c46d

SHA256
40771742e9b1090e3f858d4a8a3b363e2a40ceed4e7ced08a79d3a2d5fa7743f

SHA512
a693e649dc4691a2b510659f32825c66d0e945042d98da17f4eccc4c5a0e47890e80f16f9d15ad875b37c4a25ebfeaee3c905ea9ccc8ff3659661a1046c336a8

Download Submit
C:\Windows\system\cQbxATe.exe

Filesize
6.0MB

MD5
1de6b6c3a93d3841908b8cec09244554

SHA1
ff80439ba4c78f3e8dcf00cafa46ef2185839986

SHA256
c181eb966824244664ae32295017c2f5fcac5fa4d12d93280ed02a90b8862ec6

SHA512
6ac2801ddbb485e457939b6fb0d7c16ba3c0e727d88513ca87dc7dc06d0d90cca34baacc32c81ad0ba2460767aac728a7b11e3b79dc43588eb7a0f1aa151495e

Download Submit
C:\Windows\system\gUTpHLJ.exe

Filesize
6.0MB

MD5
c21a6737a070ca991630f31c44d96f24

SHA1
1a014cbab7ab25a1f7de98f11e69b0a5b9d85987

SHA256
f44baf3f313feb5c99a723b30ffb36e7725bbb152b0dee713f981189e0212da8

SHA512
9b500db35fea51b32da4fb5761750d874bdc696f1fc069488d56a427ef01ca4682dc1a345c7005746b11946c0da1922e1b52d150dc35dba0ad3e96018d1fa4e9

Download Submit
C:\Windows\system\hWiuTRY.exe

Filesize
6.0MB

MD5
beac5f31411969cb2dee9ec246924f26

SHA1
1ff49e7bc0c69197c064eee7c840e86af5c8a57c

SHA256
2410382451b8380c427cd3d2fa1cf2f8dd1c7b6c5d1b94e76f50d7a048c510b8

SHA512
88b274f02dad8c1ee907a24303d97c20557be71b8ef2700f0f0d7dfa6b07f990490d5079f231a074a5733a0766e65f8db2aa2ca610240e7d469548a7b47aa49b

Download Submit
C:\Windows\system\lLdVYXa.exe

Filesize
6.0MB

MD5
ffdecd37d6dc08f54d96f0d7f5c483bc

SHA1
e0616953db585261f353c1a83f70744bae9f1987

SHA256
5dcf16f5f195c94aa0527e7c632c22c61dffabced15b0969efe5b8e125385c5e

SHA512
9972ca97b5c48479bae21c9324fa548c1cc1b30cf1ce55d255d147b6cbef43cda17300efd5f30fe5216db6d86c888d4ff04fcfd0cfc3584b2afb2c167fd6dafa

Download Submit
C:\Windows\system\lauHTso.exe

Filesize
6.0MB

MD5
6d79dd54b04300808978206e9318a501

SHA1
66a9c9930bf69410b60a0dda4ceae5b73a914d03

SHA256
6e67a91959feeeaf95566cb34c87cf51c928a9b31d46f40de55f64bc02e01756

SHA512
ef2f98a0e685e6a9aea81fb3a584ce0cdcc5d30749ec193eddd15f175c6855b4c1ea6f2485e9b631a74d7d6169e4deecff9f1d39dab4d722f4b7b06fee8ee98e

Download Submit
C:\Windows\system\pjRwujN.exe

Filesize
6.0MB

MD5
c064e82a9fd1f4645e87572421d7e07c

SHA1
4845dbf10f013b8454d13b735b7e4c53eb1ee091

SHA256
c29b10578b0ada9fb82f8d848124425599506fe6d329a096596b013086736b9f

SHA512
298ba54302398fa310c51e6cd19db8547c953f779341793399b16cfd4ec93f1d4e531b03ad16d76658b8ba223b9c9bf381f97838520287935fdbd192e0984b2c

Download Submit
C:\Windows\system\utIrQYr.exe

Filesize
6.0MB

MD5
2f4da8f029eab8d1d9f2a33c777277d7

SHA1
9d5e7d308e9587c1bf7d4590c639c75000483aa2

SHA256
9f907d5a00607f924883b6311cc3df42aab0e3020e59448a3ba8ce7319f2206e

SHA512
9cda2feac9cbea9a98a8ee23e707b466f12e479bdb90f17807074561733ed725900d893bdf4269b69c021b15cc3dbfc2e03e7b0d8b8de84a29b4d8289f2fc2b7

Download Submit
C:\Windows\system\yQALPiN.exe

Filesize
6.0MB

MD5
64fbdb6be420cb4157ba4dca3fdd786b

SHA1
88d0671ce78dabfec32c02bc257ccb90c8077c0a

SHA256
e72a2d10a3e0232ea1fd936b138b2767b5168ab66a29dcbaaba57bc9e86a4597

SHA512
77d00de086e386f53d66bdbb462f410fe545377aa16c6e306f17a2fbbafb8d831d7ec7e3730e8c5c788de3d7f8fd693e6de0477dbc6410a9fa5581ca5320f90d

Download Submit
C:\Windows\system\ykrNbxc.exe

Filesize
6.0MB

MD5
9307e8819bfbf9ef04b21222875bbd2b

SHA1
ddf95cb4d7fcbe23236d9c47ee40b37ace81df44

SHA256
4ffeac74cb0b9db273d40b66659e47ad45040262ec3a0580e88b42409478215d

SHA512
645096f4c13b885a16ac8edf66c3323ef32bf86dc5ea6418bf71919c935278ea9da9503c8dde6326560eddab505c43b98b3ad885312ee05a2e17fdbd2eee8235

Download Submit
\Windows\system\JUnhEFU.exe

Filesize
6.0MB

MD5
dfb90700ec4cf261ecc4339748dc7235

SHA1
55e36cf376a5b4354ff884d30a8be969c3aafd8c

SHA256
366632298642ab3fb9fdd668d20c460dc4669e0c818711854636c33259677cab

SHA512
70e374f40d8eef4b1087a805a52c7b85d26cca2d16f86a2378bcc3c93f4617464c0f888e486d48e1e61803719addab6df49d7af1aeeedbbe44463e31e74fd651

Download Submit
\Windows\system\XXAnFXS.exe

Filesize
6.0MB

MD5
e822ffce00fc7bbc8fec6f326b1764eb

SHA1
1c8d6a530a4886f04c7775bd49c376d00ba06d34

SHA256
dd83ac393d6e94bdd762f997c9cdf1c71a1009fe09016184ad93ac9663190241

SHA512
86dbf32af8afc20b455211e5ceb9a43ff75991da5e31618c6bd07b3c99387a3e3d62471efd590e1a8792c7fda815f45c75e4afbbe35b415e34953abc8e845474

Download Submit
\Windows\system\ahVRUNg.exe

Filesize
6.0MB

MD5
0ae39c6ea5fd17e337381ca4821e8e9b

SHA1
080ccaeb97972245aa3c7c5109080a57e4a3bb23

SHA256
4e490972ecb2034ae1423cbb775f84f5d240831b3310649f21af99aaa072029b

SHA512
95fdd98449f4ab2f265c89ee6bf691738e0abb3d3e142f5b06d6d9fb674073eb8a10c17dc79d37b9b022c784dc5612fb2146167f4873a53ee7ceebe9e61d87ca

Download Submit
\Windows\system\gGMRxYn.exe

Filesize
6.0MB

MD5
d1677d08461b96db7213303d3c452b3d

SHA1
0dadc73a33d5917d57df5a9bb73ec979f7f9a7e4

SHA256
11fdded03cb88b85cff2f09a6d64b855d4439c414aca49ab4d1bb24335f74097

SHA512
7e3785cd88b9bf39420b4c8b99b16eae0d191094070edfa99c4404c5bf2d7e5d141d2ca618cf0249795d1cc39bd222d0cdff4b4dcd3664422d6ffa9ba51b7a12

Download Submit
\Windows\system\vFFUkXL.exe

Filesize
6.0MB

MD5
2f079827ca5a2e8a1e37a9f9dcc73452

SHA1
b55c85bbac9e168e330bf856793c68b3c5c61a86

SHA256
673f6ab37413e20b40934ad96768636b0540da4b5d34ca88c0764c71cdf7d562

SHA512
832247b62fc004ead4eca0ee03add87110950ebbccdb908d76b767d0e55dff2938c623be575a14c10fba66e396ce7096f38f51624b622838123054bc6889a907

Download Submit
memory/540-110-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/540-30-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/540-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/540-70-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/540-702-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/540-46-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/540-895-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/540-54-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/540-1051-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/540-22-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/540-34-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/540-62-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/540-111-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/540-0-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/540-38-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/540-92-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/540-93-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/540-102-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/540-101-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/540-18-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/1740-20-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/1740-58-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/1740-3829-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/1744-956-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1744-106-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1744-3825-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1792-3910-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/1792-799-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/1792-97-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2316-8-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-3757-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-41-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-3759-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2320-13-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2320-50-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2540-105-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-66-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-3915-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-3828-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-229-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-75-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-418-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2576-81-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2576-3911-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2604-26-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-65-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-3774-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-35-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-74-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-3827-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-80-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2772-42-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2772-3824-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3916-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-87-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-51-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-59-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2804-3826-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2804-96-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2972-3830-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2972-88-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2972-598-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download