cobaltstrike | 9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
30-12-2024 22:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
Size

6.0MB
MD5

0ba9c2b92e030e078cc857ad0a41590a
SHA1

9207a8f47febf30b12028a2bcb9ec86c97680150
SHA256

9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0
SHA512

eab989afe181e8016992098bdc7ff632502f9e6fa3ce1f03bdcaeb11398e78e06576b8e8fed79fbd6860719164b58832a756b95eb229617bb4bc2304021b62cc
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUI:eOl56utgpPF8u/7I

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012266-3.dat	cobalt_reflective_dll
behavioral1/files/0x0017000000016c92-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cf0-12.dat	cobalt_reflective_dll
behavioral1/files/0x000b000000016cab-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d1c-30.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000016d2c-36.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-50.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d3f-55.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-64.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-147.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-172.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-167.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-153.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-143.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-137.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-133.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-127.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-123.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b1-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-103.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-97.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-93.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-82.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-77.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-71.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-67.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1688-0-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x000c000000012266-3.dat	xmrig
behavioral1/memory/2164-9-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/files/0x0017000000016c92-10.dat	xmrig
behavioral1/memory/1224-16-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016cf0-12.dat	xmrig
behavioral1/files/0x000b000000016cab-21.dat	xmrig
behavioral1/memory/2008-26-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2960-28-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/1688-29-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d1c-30.dat	xmrig
behavioral1/memory/2940-35-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/files/0x000a000000016d2c-36.dat	xmrig
behavioral1/memory/1688-38-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x0002000000018334-50.dat	xmrig
behavioral1/memory/2852-53-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d3f-55.dat	xmrig
behavioral1/memory/2844-42-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2164-45-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/1688-62-0x0000000002490000-0x00000000027E4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194ef-64.dat	xmrig
behavioral1/memory/2960-60-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2976-56-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2008-54-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195a7-85.dat	xmrig
behavioral1/files/0x00050000000195af-105.dat	xmrig
behavioral1/files/0x00050000000195b3-117.dat	xmrig
behavioral1/files/0x00050000000195c3-147.dat	xmrig
behavioral1/files/0x00050000000195c6-155.dat	xmrig
behavioral1/files/0x00050000000195c7-162.dat	xmrig
behavioral1/memory/2856-618-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/1688-619-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2540-621-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/264-623-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/940-625-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/1192-627-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/1688-626-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2880-617-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2844-1446-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2976-1449-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2852-1448-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2856-1450-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/264-1451-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/1192-1452-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2960-1387-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/1224-1363-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/2164-1453-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2008-1454-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2880-882-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2976-842-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2852-808-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/files/0x000500000001975a-177.dat	xmrig
behavioral1/files/0x0005000000019643-172.dat	xmrig
behavioral1/files/0x000500000001960c-167.dat	xmrig
behavioral1/files/0x00050000000195c5-153.dat	xmrig
behavioral1/files/0x00050000000195c1-143.dat	xmrig
behavioral1/files/0x00050000000195bd-137.dat	xmrig
behavioral1/files/0x00050000000195bb-133.dat	xmrig
behavioral1/files/0x00050000000195b7-127.dat	xmrig
behavioral1/files/0x00050000000195b5-123.dat	xmrig
behavioral1/files/0x00050000000195b1-113.dat	xmrig
behavioral1/files/0x00050000000195ad-103.dat	xmrig
behavioral1/files/0x00050000000195ab-97.dat	xmrig
behavioral1/files/0x00050000000195a9-93.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2164	wzMJfNA.exe
1224	bxJQbeS.exe
2008	bHVhglk.exe
2960	ABMGoQu.exe
2940	HnmGSTp.exe
2844	MyGahNM.exe
2852	KkgYMSZ.exe
2976	gIAdlyL.exe
2880	FQqTxzs.exe
2856	UHjNxkI.exe
2540	pStpoUp.exe
264	QeHDKHR.exe
940	doiKymv.exe
1192	KpRUzvJ.exe
2904	LdzYTCR.exe
2908	SKnAeCq.exe
2136	MwOFrUS.exe
3024	ihvPoqX.exe
2792	qTgRAkx.exe
2460	JnCqBBq.exe
1352	NMKRVoS.exe
2088	BrSMXJf.exe
2600	qEjULrw.exe
1400	rPzFlOF.exe
764	bfFAjtc.exe
2268	xHmYQqI.exe
3008	FMPSfub.exe
2656	QMNXhnz.exe
1964	boPrXPM.exe
2452	xAxkjqz.exe
972	wvfpJef.exe
1992	pAdXniP.exe
836	elaRnIw.exe
2000	NmROgqU.exe
2776	WGLUNBd.exe
1080	KpYcJKs.exe
1320	EpaBAUE.exe
1572	fYsHziF.exe
1996	imTWXAw.exe
2400	ItWocEo.exe
2576	pcGHKKr.exe
2520	jKBfBVL.exe
2440	fYupoQm.exe
1088	tmJbGQV.exe
2604	yvBhwNX.exe
2628	dYmONAV.exe
2808	RwOQoSb.exe
2096	dPRvbZK.exe
1020	OoWbFCR.exe
1512	uiNqRSs.exe
2608	TWaudVx.exe
1928	vWRMNbz.exe
888	BcqZcZN.exe
2320	fsKTrhN.exe
1612	RNqkCpC.exe
1616	AQEnVwK.exe
2224	fIApauG.exe
2036	GPvCEql.exe
2324	BwuOIUT.exe
2184	WAucbWh.exe
2304	yfUrRLr.exe
2972	SuGYgez.exe
2484	NrxPodX.exe
1316	vFTSCgK.exe

Loads dropped DLL 64 IoCs

pid	Process
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1688-0-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x000c000000012266-3.dat	upx
behavioral1/memory/2164-9-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/1688-6-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/files/0x0017000000016c92-10.dat	upx
behavioral1/memory/1224-16-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/files/0x0008000000016cf0-12.dat	upx
behavioral1/files/0x000b000000016cab-21.dat	upx
behavioral1/memory/2008-26-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2960-28-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x0007000000016d1c-30.dat	upx
behavioral1/memory/2940-35-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/files/0x000a000000016d2c-36.dat	upx
behavioral1/memory/1688-38-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x0002000000018334-50.dat	upx
behavioral1/memory/2852-53-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/files/0x0009000000016d3f-55.dat	upx
behavioral1/memory/2844-42-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2164-45-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/files/0x00050000000194ef-64.dat	upx
behavioral1/memory/2960-60-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2976-56-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2008-54-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x00050000000195a7-85.dat	upx
behavioral1/files/0x00050000000195af-105.dat	upx
behavioral1/files/0x00050000000195b3-117.dat	upx
behavioral1/files/0x00050000000195c3-147.dat	upx
behavioral1/files/0x00050000000195c6-155.dat	upx
behavioral1/files/0x00050000000195c7-162.dat	upx
behavioral1/memory/2856-618-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2540-621-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/264-623-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/940-625-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/1192-627-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2880-617-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2844-1446-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2976-1449-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2852-1448-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2856-1450-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/264-1451-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/1192-1452-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2960-1387-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/1224-1363-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/memory/2164-1453-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2008-1454-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2880-882-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2976-842-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2852-808-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/files/0x000500000001975a-177.dat	upx
behavioral1/files/0x0005000000019643-172.dat	upx
behavioral1/files/0x000500000001960c-167.dat	upx
behavioral1/files/0x00050000000195c5-153.dat	upx
behavioral1/files/0x00050000000195c1-143.dat	upx
behavioral1/files/0x00050000000195bd-137.dat	upx
behavioral1/files/0x00050000000195bb-133.dat	upx
behavioral1/files/0x00050000000195b7-127.dat	upx
behavioral1/files/0x00050000000195b5-123.dat	upx
behavioral1/files/0x00050000000195b1-113.dat	upx
behavioral1/files/0x00050000000195ad-103.dat	upx
behavioral1/files/0x00050000000195ab-97.dat	upx
behavioral1/files/0x00050000000195a9-93.dat	upx
behavioral1/files/0x000500000001957c-82.dat	upx
behavioral1/files/0x0005000000019547-77.dat	upx
behavioral1/files/0x0005000000019515-71.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\pxQbUHi.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\swNUSow.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\mOhGTVc.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\ZxfeNFg.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\wdvyaQJ.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\AabJQZp.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\aAPuDuL.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\ypfhhZQ.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\BhtyCUZ.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\OnGvDjQ.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\uHyFVCq.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\tcBakHc.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\GDUjmFb.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\vwbkHMn.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\RjAdwWg.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\fnHvsBY.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\wvfpJef.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\XYIxAOz.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\ZodunYV.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\tVRtFgZ.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\YZzQXfO.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\ftUYDmM.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\KEyELxX.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\AZwRPlS.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\lypmOvE.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\FweFffW.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\rrFuCMM.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\MUDGjru.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\tiqLnJX.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\AGoGTSM.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\rHiMevR.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\cdMYLTn.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\fqlHYUZ.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\DLwaTnZ.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\AociIfX.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\XMiDerE.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\rKbIrfy.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\DxhmQGK.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\UkzIUiK.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\iwoKSgt.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\HpWoEME.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\LdzYTCR.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\dPRvbZK.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\KHtpyWx.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\oUTSrvO.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\kDbxoSW.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\BiEzamx.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\tXpbscz.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\qLeKkIC.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\Qemvjgh.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\Woowcwt.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\gfoIUnN.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\QWtpgFO.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\NJTBerp.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\tTvssBW.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\kmPUHHz.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\GlPmkqU.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\UQiHCqE.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\hACYrAP.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\iYxFXcA.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\FHilwZr.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\GfPsvUg.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\LHgyqiw.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
File created	C:\Windows\System\aiXjBaZ.exe	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 2164	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	31
PID 1688 wrote to memory of 2164	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	31
PID 1688 wrote to memory of 2164	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	31
PID 1688 wrote to memory of 1224	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	32
PID 1688 wrote to memory of 1224	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	32
PID 1688 wrote to memory of 1224	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	32
PID 1688 wrote to memory of 2008	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	33
PID 1688 wrote to memory of 2008	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	33
PID 1688 wrote to memory of 2008	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	33
PID 1688 wrote to memory of 2960	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	34
PID 1688 wrote to memory of 2960	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	34
PID 1688 wrote to memory of 2960	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	34
PID 1688 wrote to memory of 2940	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	35
PID 1688 wrote to memory of 2940	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	35
PID 1688 wrote to memory of 2940	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	35
PID 1688 wrote to memory of 2844	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	36
PID 1688 wrote to memory of 2844	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	36
PID 1688 wrote to memory of 2844	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	36
PID 1688 wrote to memory of 2976	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	37
PID 1688 wrote to memory of 2976	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	37
PID 1688 wrote to memory of 2976	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	37
PID 1688 wrote to memory of 2852	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	38
PID 1688 wrote to memory of 2852	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	38
PID 1688 wrote to memory of 2852	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	38
PID 1688 wrote to memory of 2880	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	39
PID 1688 wrote to memory of 2880	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	39
PID 1688 wrote to memory of 2880	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	39
PID 1688 wrote to memory of 2856	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	40
PID 1688 wrote to memory of 2856	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	40
PID 1688 wrote to memory of 2856	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	40
PID 1688 wrote to memory of 2540	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	41
PID 1688 wrote to memory of 2540	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	41
PID 1688 wrote to memory of 2540	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	41
PID 1688 wrote to memory of 264	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	42
PID 1688 wrote to memory of 264	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	42
PID 1688 wrote to memory of 264	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	42
PID 1688 wrote to memory of 940	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	43
PID 1688 wrote to memory of 940	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	43
PID 1688 wrote to memory of 940	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	43
PID 1688 wrote to memory of 1192	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	44
PID 1688 wrote to memory of 1192	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	44
PID 1688 wrote to memory of 1192	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	44
PID 1688 wrote to memory of 2904	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	45
PID 1688 wrote to memory of 2904	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	45
PID 1688 wrote to memory of 2904	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	45
PID 1688 wrote to memory of 2908	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	46
PID 1688 wrote to memory of 2908	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	46
PID 1688 wrote to memory of 2908	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	46
PID 1688 wrote to memory of 2136	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	47
PID 1688 wrote to memory of 2136	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	47
PID 1688 wrote to memory of 2136	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	47
PID 1688 wrote to memory of 3024	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	48
PID 1688 wrote to memory of 3024	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	48
PID 1688 wrote to memory of 3024	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	48
PID 1688 wrote to memory of 2792	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	49
PID 1688 wrote to memory of 2792	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	49
PID 1688 wrote to memory of 2792	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	49
PID 1688 wrote to memory of 2460	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	50
PID 1688 wrote to memory of 2460	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	50
PID 1688 wrote to memory of 2460	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	50
PID 1688 wrote to memory of 1352	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	51
PID 1688 wrote to memory of 1352	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	51
PID 1688 wrote to memory of 1352	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	51
PID 1688 wrote to memory of 2088	1688	JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9f90255758512e6e624254d7751c23225a63f016f829a758a2a62e976c5b5db0.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\System\wzMJfNA.exe
  C:\Windows\System\wzMJfNA.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\bxJQbeS.exe
  C:\Windows\System\bxJQbeS.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\bHVhglk.exe
  C:\Windows\System\bHVhglk.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\ABMGoQu.exe
  C:\Windows\System\ABMGoQu.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\HnmGSTp.exe
  C:\Windows\System\HnmGSTp.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\MyGahNM.exe
  C:\Windows\System\MyGahNM.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\gIAdlyL.exe
  C:\Windows\System\gIAdlyL.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\KkgYMSZ.exe
  C:\Windows\System\KkgYMSZ.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\FQqTxzs.exe
  C:\Windows\System\FQqTxzs.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\UHjNxkI.exe
  C:\Windows\System\UHjNxkI.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\pStpoUp.exe
  C:\Windows\System\pStpoUp.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\QeHDKHR.exe
  C:\Windows\System\QeHDKHR.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\doiKymv.exe
  C:\Windows\System\doiKymv.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\KpRUzvJ.exe
  C:\Windows\System\KpRUzvJ.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\LdzYTCR.exe
  C:\Windows\System\LdzYTCR.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\SKnAeCq.exe
  C:\Windows\System\SKnAeCq.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\MwOFrUS.exe
  C:\Windows\System\MwOFrUS.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\ihvPoqX.exe
  C:\Windows\System\ihvPoqX.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\qTgRAkx.exe
  C:\Windows\System\qTgRAkx.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\JnCqBBq.exe
  C:\Windows\System\JnCqBBq.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\NMKRVoS.exe
  C:\Windows\System\NMKRVoS.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\BrSMXJf.exe
  C:\Windows\System\BrSMXJf.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\qEjULrw.exe
  C:\Windows\System\qEjULrw.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\rPzFlOF.exe
  C:\Windows\System\rPzFlOF.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\bfFAjtc.exe
  C:\Windows\System\bfFAjtc.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\xHmYQqI.exe
  C:\Windows\System\xHmYQqI.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\FMPSfub.exe
  C:\Windows\System\FMPSfub.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\QMNXhnz.exe
  C:\Windows\System\QMNXhnz.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\boPrXPM.exe
  C:\Windows\System\boPrXPM.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\xAxkjqz.exe
  C:\Windows\System\xAxkjqz.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\wvfpJef.exe
  C:\Windows\System\wvfpJef.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\pAdXniP.exe
  C:\Windows\System\pAdXniP.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\elaRnIw.exe
  C:\Windows\System\elaRnIw.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\NmROgqU.exe
  C:\Windows\System\NmROgqU.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\WGLUNBd.exe
  C:\Windows\System\WGLUNBd.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\KpYcJKs.exe
  C:\Windows\System\KpYcJKs.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\EpaBAUE.exe
  C:\Windows\System\EpaBAUE.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\fYsHziF.exe
  C:\Windows\System\fYsHziF.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\imTWXAw.exe
  C:\Windows\System\imTWXAw.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\ItWocEo.exe
  C:\Windows\System\ItWocEo.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\pcGHKKr.exe
  C:\Windows\System\pcGHKKr.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\jKBfBVL.exe
  C:\Windows\System\jKBfBVL.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\fYupoQm.exe
  C:\Windows\System\fYupoQm.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\tmJbGQV.exe
  C:\Windows\System\tmJbGQV.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\yvBhwNX.exe
  C:\Windows\System\yvBhwNX.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\dYmONAV.exe
  C:\Windows\System\dYmONAV.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\RwOQoSb.exe
  C:\Windows\System\RwOQoSb.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\dPRvbZK.exe
  C:\Windows\System\dPRvbZK.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\OoWbFCR.exe
  C:\Windows\System\OoWbFCR.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\uiNqRSs.exe
  C:\Windows\System\uiNqRSs.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\TWaudVx.exe
  C:\Windows\System\TWaudVx.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\vWRMNbz.exe
  C:\Windows\System\vWRMNbz.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\BcqZcZN.exe
  C:\Windows\System\BcqZcZN.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\fsKTrhN.exe
  C:\Windows\System\fsKTrhN.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\RNqkCpC.exe
  C:\Windows\System\RNqkCpC.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\AQEnVwK.exe
  C:\Windows\System\AQEnVwK.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\fIApauG.exe
  C:\Windows\System\fIApauG.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\GPvCEql.exe
  C:\Windows\System\GPvCEql.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\BwuOIUT.exe
  C:\Windows\System\BwuOIUT.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\WAucbWh.exe
  C:\Windows\System\WAucbWh.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\yfUrRLr.exe
  C:\Windows\System\yfUrRLr.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\SuGYgez.exe
  C:\Windows\System\SuGYgez.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\NrxPodX.exe
  C:\Windows\System\NrxPodX.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\vFTSCgK.exe
  C:\Windows\System\vFTSCgK.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\FhsGnaK.exe
  C:\Windows\System\FhsGnaK.exe
  2⤵
  PID:1040
- C:\Windows\System\TrKTKTc.exe
  C:\Windows\System\TrKTKTc.exe
  2⤵
  PID:1248
- C:\Windows\System\exbHFrj.exe
  C:\Windows\System\exbHFrj.exe
  2⤵
  PID:1516
- C:\Windows\System\AReYebb.exe
  C:\Windows\System\AReYebb.exe
  2⤵
  PID:2664
- C:\Windows\System\htbbeOY.exe
  C:\Windows\System\htbbeOY.exe
  2⤵
  PID:1836
- C:\Windows\System\ysiGeRe.exe
  C:\Windows\System\ysiGeRe.exe
  2⤵
  PID:1408
- C:\Windows\System\PhqwwRF.exe
  C:\Windows\System\PhqwwRF.exe
  2⤵
  PID:1496
- C:\Windows\System\JYwqbZy.exe
  C:\Windows\System\JYwqbZy.exe
  2⤵
  PID:2352
- C:\Windows\System\DzAKheN.exe
  C:\Windows\System\DzAKheN.exe
  2⤵
  PID:2508
- C:\Windows\System\QQSSSRt.exe
  C:\Windows\System\QQSSSRt.exe
  2⤵
  PID:520
- C:\Windows\System\QhPUIAI.exe
  C:\Windows\System\QhPUIAI.exe
  2⤵
  PID:2456
- C:\Windows\System\mmgUBPd.exe
  C:\Windows\System\mmgUBPd.exe
  2⤵
  PID:2280
- C:\Windows\System\TSCAjep.exe
  C:\Windows\System\TSCAjep.exe
  2⤵
  PID:912
- C:\Windows\System\UiNuvML.exe
  C:\Windows\System\UiNuvML.exe
  2⤵
  PID:2148
- C:\Windows\System\YGVzTAn.exe
  C:\Windows\System\YGVzTAn.exe
  2⤵
  PID:768
- C:\Windows\System\lxlCqmc.exe
  C:\Windows\System\lxlCqmc.exe
  2⤵
  PID:1972
- C:\Windows\System\VAUsoyf.exe
  C:\Windows\System\VAUsoyf.exe
  2⤵
  PID:2552
- C:\Windows\System\cYDLBqU.exe
  C:\Windows\System\cYDLBqU.exe
  2⤵
  PID:2532
- C:\Windows\System\TnHBsGx.exe
  C:\Windows\System\TnHBsGx.exe
  2⤵
  PID:1308
- C:\Windows\System\nXAVnGr.exe
  C:\Windows\System\nXAVnGr.exe
  2⤵
  PID:1708
- C:\Windows\System\bhtpJJv.exe
  C:\Windows\System\bhtpJJv.exe
  2⤵
  PID:2624
- C:\Windows\System\frQWNWb.exe
  C:\Windows\System\frQWNWb.exe
  2⤵
  PID:2056
- C:\Windows\System\ewUWRsm.exe
  C:\Windows\System\ewUWRsm.exe
  2⤵
  PID:276
- C:\Windows\System\EAWsNYR.exe
  C:\Windows\System\EAWsNYR.exe
  2⤵
  PID:1672
- C:\Windows\System\KpCrgiE.exe
  C:\Windows\System\KpCrgiE.exe
  2⤵
  PID:2616
- C:\Windows\System\CBkzMeE.exe
  C:\Windows\System\CBkzMeE.exe
  2⤵
  PID:1720
- C:\Windows\System\KVgXGOu.exe
  C:\Windows\System\KVgXGOu.exe
  2⤵
  PID:2780
- C:\Windows\System\gbBDTBH.exe
  C:\Windows\System\gbBDTBH.exe
  2⤵
  PID:1620
- C:\Windows\System\vjRxumx.exe
  C:\Windows\System\vjRxumx.exe
  2⤵
  PID:2168
- C:\Windows\System\ZsIBdNx.exe
  C:\Windows\System\ZsIBdNx.exe
  2⤵
  PID:2948
- C:\Windows\System\ulfPShw.exe
  C:\Windows\System\ulfPShw.exe
  2⤵
  PID:2016
- C:\Windows\System\gUEBMQX.exe
  C:\Windows\System\gUEBMQX.exe
  2⤵
  PID:2524
- C:\Windows\System\SywYPgW.exe
  C:\Windows\System\SywYPgW.exe
  2⤵
  PID:2784
- C:\Windows\System\mIldVDC.exe
  C:\Windows\System\mIldVDC.exe
  2⤵
  PID:2868
- C:\Windows\System\xfwhfGg.exe
  C:\Windows\System\xfwhfGg.exe
  2⤵
  PID:1500
- C:\Windows\System\irIBsgY.exe
  C:\Windows\System\irIBsgY.exe
  2⤵
  PID:1436
- C:\Windows\System\JMgjjUI.exe
  C:\Windows\System\JMgjjUI.exe
  2⤵
  PID:580
- C:\Windows\System\kcFiJZt.exe
  C:\Windows\System\kcFiJZt.exe
  2⤵
  PID:2240
- C:\Windows\System\ikwFMMD.exe
  C:\Windows\System\ikwFMMD.exe
  2⤵
  PID:1760
- C:\Windows\System\EUqCwbw.exe
  C:\Windows\System\EUqCwbw.exe
  2⤵
  PID:2472
- C:\Windows\System\gfoIUnN.exe
  C:\Windows\System\gfoIUnN.exe
  2⤵
  PID:2064
- C:\Windows\System\ZjZCpPt.exe
  C:\Windows\System\ZjZCpPt.exe
  2⤵
  PID:1680
- C:\Windows\System\tEECMRn.exe
  C:\Windows\System\tEECMRn.exe
  2⤵
  PID:1600
- C:\Windows\System\ZmKNUBe.exe
  C:\Windows\System\ZmKNUBe.exe
  2⤵
  PID:2764
- C:\Windows\System\VIXOXJQ.exe
  C:\Windows\System\VIXOXJQ.exe
  2⤵
  PID:1232
- C:\Windows\System\IynkSOw.exe
  C:\Windows\System\IynkSOw.exe
  2⤵
  PID:2208
- C:\Windows\System\BuOqRgY.exe
  C:\Windows\System\BuOqRgY.exe
  2⤵
  PID:2556
- C:\Windows\System\mgEqDuu.exe
  C:\Windows\System\mgEqDuu.exe
  2⤵
  PID:1820
- C:\Windows\System\fbRJyfR.exe
  C:\Windows\System\fbRJyfR.exe
  2⤵
  PID:2236
- C:\Windows\System\IkgywqV.exe
  C:\Windows\System\IkgywqV.exe
  2⤵
  PID:2288
- C:\Windows\System\tFjmHfx.exe
  C:\Windows\System\tFjmHfx.exe
  2⤵
  PID:1628
- C:\Windows\System\VAxBPbz.exe
  C:\Windows\System\VAxBPbz.exe
  2⤵
  PID:1492
- C:\Windows\System\OnGvDjQ.exe
  C:\Windows\System\OnGvDjQ.exe
  2⤵
  PID:2864
- C:\Windows\System\dqdIJsQ.exe
  C:\Windows\System\dqdIJsQ.exe
  2⤵
  PID:1660
- C:\Windows\System\LGzSdjc.exe
  C:\Windows\System\LGzSdjc.exe
  2⤵
  PID:2132
- C:\Windows\System\pfadLiJ.exe
  C:\Windows\System\pfadLiJ.exe
  2⤵
  PID:1028
- C:\Windows\System\kqwZiEa.exe
  C:\Windows\System\kqwZiEa.exe
  2⤵
  PID:2700
- C:\Windows\System\mmaDLAI.exe
  C:\Windows\System\mmaDLAI.exe
  2⤵
  PID:1800
- C:\Windows\System\tmYJSOI.exe
  C:\Windows\System\tmYJSOI.exe
  2⤵
  PID:3064
- C:\Windows\System\bAugjda.exe
  C:\Windows\System\bAugjda.exe
  2⤵
  PID:1564
- C:\Windows\System\ZJJRGun.exe
  C:\Windows\System\ZJJRGun.exe
  2⤵
  PID:112
- C:\Windows\System\fvaWgmG.exe
  C:\Windows\System\fvaWgmG.exe
  2⤵
  PID:2432
- C:\Windows\System\GEGXusG.exe
  C:\Windows\System\GEGXusG.exe
  2⤵
  PID:3084
- C:\Windows\System\wdvyaQJ.exe
  C:\Windows\System\wdvyaQJ.exe
  2⤵
  PID:3108
- C:\Windows\System\UjMUXOX.exe
  C:\Windows\System\UjMUXOX.exe
  2⤵
  PID:3128
- C:\Windows\System\sIhuMIa.exe
  C:\Windows\System\sIhuMIa.exe
  2⤵
  PID:3148
- C:\Windows\System\dcvsZYy.exe
  C:\Windows\System\dcvsZYy.exe
  2⤵
  PID:3168
- C:\Windows\System\nBfsCIm.exe
  C:\Windows\System\nBfsCIm.exe
  2⤵
  PID:3188
- C:\Windows\System\sBaTgYy.exe
  C:\Windows\System\sBaTgYy.exe
  2⤵
  PID:3208
- C:\Windows\System\aiVfIve.exe
  C:\Windows\System\aiVfIve.exe
  2⤵
  PID:3228
- C:\Windows\System\AbTbUNB.exe
  C:\Windows\System\AbTbUNB.exe
  2⤵
  PID:3248
- C:\Windows\System\OyGUwkD.exe
  C:\Windows\System\OyGUwkD.exe
  2⤵
  PID:3268
- C:\Windows\System\reBXgEj.exe
  C:\Windows\System\reBXgEj.exe
  2⤵
  PID:3288
- C:\Windows\System\YzrzmBV.exe
  C:\Windows\System\YzrzmBV.exe
  2⤵
  PID:3308
- C:\Windows\System\IKmWLYf.exe
  C:\Windows\System\IKmWLYf.exe
  2⤵
  PID:3328
- C:\Windows\System\LHgyqiw.exe
  C:\Windows\System\LHgyqiw.exe
  2⤵
  PID:3348
- C:\Windows\System\aOntbbq.exe
  C:\Windows\System\aOntbbq.exe
  2⤵
  PID:3368
- C:\Windows\System\VsSRTHc.exe
  C:\Windows\System\VsSRTHc.exe
  2⤵
  PID:3392
- C:\Windows\System\kueUkRz.exe
  C:\Windows\System\kueUkRz.exe
  2⤵
  PID:3412
- C:\Windows\System\oDVPRCi.exe
  C:\Windows\System\oDVPRCi.exe
  2⤵
  PID:3432
- C:\Windows\System\hQddaum.exe
  C:\Windows\System\hQddaum.exe
  2⤵
  PID:3452
- C:\Windows\System\mZcKZix.exe
  C:\Windows\System\mZcKZix.exe
  2⤵
  PID:3472
- C:\Windows\System\pprxcwZ.exe
  C:\Windows\System\pprxcwZ.exe
  2⤵
  PID:3492
- C:\Windows\System\gvloueG.exe
  C:\Windows\System\gvloueG.exe
  2⤵
  PID:3516
- C:\Windows\System\OJtRIps.exe
  C:\Windows\System\OJtRIps.exe
  2⤵
  PID:3536
- C:\Windows\System\oHBWssR.exe
  C:\Windows\System\oHBWssR.exe
  2⤵
  PID:3556
- C:\Windows\System\wRIBrGZ.exe
  C:\Windows\System\wRIBrGZ.exe
  2⤵
  PID:3576
- C:\Windows\System\mHnyNWQ.exe
  C:\Windows\System\mHnyNWQ.exe
  2⤵
  PID:3596
- C:\Windows\System\kXuHKpF.exe
  C:\Windows\System\kXuHKpF.exe
  2⤵
  PID:3616
- C:\Windows\System\FeRKSHU.exe
  C:\Windows\System\FeRKSHU.exe
  2⤵
  PID:3636
- C:\Windows\System\gEDTYGd.exe
  C:\Windows\System\gEDTYGd.exe
  2⤵
  PID:3656
- C:\Windows\System\DeYcNFo.exe
  C:\Windows\System\DeYcNFo.exe
  2⤵
  PID:3676
- C:\Windows\System\eQxXwih.exe
  C:\Windows\System\eQxXwih.exe
  2⤵
  PID:3700
- C:\Windows\System\jpnAnFJ.exe
  C:\Windows\System\jpnAnFJ.exe
  2⤵
  PID:3720
- C:\Windows\System\uHyFVCq.exe
  C:\Windows\System\uHyFVCq.exe
  2⤵
  PID:3740
- C:\Windows\System\DNpZntr.exe
  C:\Windows\System\DNpZntr.exe
  2⤵
  PID:3760
- C:\Windows\System\ZalRoHt.exe
  C:\Windows\System\ZalRoHt.exe
  2⤵
  PID:3780
- C:\Windows\System\LEjvwEE.exe
  C:\Windows\System\LEjvwEE.exe
  2⤵
  PID:3800
- C:\Windows\System\wZPCgvX.exe
  C:\Windows\System\wZPCgvX.exe
  2⤵
  PID:3820
- C:\Windows\System\XRfLgoF.exe
  C:\Windows\System\XRfLgoF.exe
  2⤵
  PID:3840
- C:\Windows\System\eUoVEtl.exe
  C:\Windows\System\eUoVEtl.exe
  2⤵
  PID:3860
- C:\Windows\System\gsuaDSL.exe
  C:\Windows\System\gsuaDSL.exe
  2⤵
  PID:3884
- C:\Windows\System\ouOVSCA.exe
  C:\Windows\System\ouOVSCA.exe
  2⤵
  PID:3904
- C:\Windows\System\RSKTfGB.exe
  C:\Windows\System\RSKTfGB.exe
  2⤵
  PID:3924
- C:\Windows\System\qWFtCBU.exe
  C:\Windows\System\qWFtCBU.exe
  2⤵
  PID:3944
- C:\Windows\System\UTjIkuP.exe
  C:\Windows\System\UTjIkuP.exe
  2⤵
  PID:3964
- C:\Windows\System\jaoqWTD.exe
  C:\Windows\System\jaoqWTD.exe
  2⤵
  PID:3988
- C:\Windows\System\obbzbht.exe
  C:\Windows\System\obbzbht.exe
  2⤵
  PID:4008
- C:\Windows\System\kYfXEyO.exe
  C:\Windows\System\kYfXEyO.exe
  2⤵
  PID:4028
- C:\Windows\System\mUiMpim.exe
  C:\Windows\System\mUiMpim.exe
  2⤵
  PID:4048
- C:\Windows\System\ldBVesW.exe
  C:\Windows\System\ldBVesW.exe
  2⤵
  PID:4068
- C:\Windows\System\rbYtAQa.exe
  C:\Windows\System\rbYtAQa.exe
  2⤵
  PID:4088
- C:\Windows\System\CZoQMKi.exe
  C:\Windows\System\CZoQMKi.exe
  2⤵
  PID:1624
- C:\Windows\System\usMohem.exe
  C:\Windows\System\usMohem.exe
  2⤵
  PID:2332
- C:\Windows\System\AabJQZp.exe
  C:\Windows\System\AabJQZp.exe
  2⤵
  PID:2636
- C:\Windows\System\BiEzamx.exe
  C:\Windows\System\BiEzamx.exe
  2⤵
  PID:2264
- C:\Windows\System\zXjlxei.exe
  C:\Windows\System\zXjlxei.exe
  2⤵
  PID:3080
- C:\Windows\System\xchSJyt.exe
  C:\Windows\System\xchSJyt.exe
  2⤵
  PID:3124
- C:\Windows\System\eCzmKKY.exe
  C:\Windows\System\eCzmKKY.exe
  2⤵
  PID:3164
- C:\Windows\System\HSlnbIs.exe
  C:\Windows\System\HSlnbIs.exe
  2⤵
  PID:3204
- C:\Windows\System\boAuqMR.exe
  C:\Windows\System\boAuqMR.exe
  2⤵
  PID:3200
- C:\Windows\System\LMYfNrN.exe
  C:\Windows\System\LMYfNrN.exe
  2⤵
  PID:3240
- C:\Windows\System\JakirUc.exe
  C:\Windows\System\JakirUc.exe
  2⤵
  PID:3260
- C:\Windows\System\nXBOIyM.exe
  C:\Windows\System\nXBOIyM.exe
  2⤵
  PID:3304
- C:\Windows\System\Ghcydun.exe
  C:\Windows\System\Ghcydun.exe
  2⤵
  PID:3344
- C:\Windows\System\qQENJDb.exe
  C:\Windows\System\qQENJDb.exe
  2⤵
  PID:3400
- C:\Windows\System\CcXlAEP.exe
  C:\Windows\System\CcXlAEP.exe
  2⤵
  PID:3100
- C:\Windows\System\CgAwUgS.exe
  C:\Windows\System\CgAwUgS.exe
  2⤵
  PID:3428
- C:\Windows\System\uyrfYPI.exe
  C:\Windows\System\uyrfYPI.exe
  2⤵
  PID:3464
- C:\Windows\System\mvqjpSc.exe
  C:\Windows\System\mvqjpSc.exe
  2⤵
  PID:3512
- C:\Windows\System\UKAwIZl.exe
  C:\Windows\System\UKAwIZl.exe
  2⤵
  PID:3572
- C:\Windows\System\wWkQCLS.exe
  C:\Windows\System\wWkQCLS.exe
  2⤵
  PID:3604
- C:\Windows\System\zTeisvt.exe
  C:\Windows\System\zTeisvt.exe
  2⤵
  PID:3624
- C:\Windows\System\ZUsCiAn.exe
  C:\Windows\System\ZUsCiAn.exe
  2⤵
  PID:3644
- C:\Windows\System\fENkIof.exe
  C:\Windows\System\fENkIof.exe
  2⤵
  PID:3688
- C:\Windows\System\jziwoDf.exe
  C:\Windows\System\jziwoDf.exe
  2⤵
  PID:3728
- C:\Windows\System\iZSxFLr.exe
  C:\Windows\System\iZSxFLr.exe
  2⤵
  PID:3748
- C:\Windows\System\tYFGMCB.exe
  C:\Windows\System\tYFGMCB.exe
  2⤵
  PID:3772
- C:\Windows\System\ZpjsAAt.exe
  C:\Windows\System\ZpjsAAt.exe
  2⤵
  PID:3812
- C:\Windows\System\DPloHvv.exe
  C:\Windows\System\DPloHvv.exe
  2⤵
  PID:3836
- C:\Windows\System\BdStmLz.exe
  C:\Windows\System\BdStmLz.exe
  2⤵
  PID:3872
- C:\Windows\System\QWtpgFO.exe
  C:\Windows\System\QWtpgFO.exe
  2⤵
  PID:3896
- C:\Windows\System\PzXRCwF.exe
  C:\Windows\System\PzXRCwF.exe
  2⤵
  PID:3936
- C:\Windows\System\UQiHCqE.exe
  C:\Windows\System\UQiHCqE.exe
  2⤵
  PID:4024
- C:\Windows\System\oVCaIIi.exe
  C:\Windows\System\oVCaIIi.exe
  2⤵
  PID:1520
- C:\Windows\System\YZzQXfO.exe
  C:\Windows\System\YZzQXfO.exe
  2⤵
  PID:3020
- C:\Windows\System\MNdcSCQ.exe
  C:\Windows\System\MNdcSCQ.exe
  2⤵
  PID:452
- C:\Windows\System\kAuRRjn.exe
  C:\Windows\System\kAuRRjn.exe
  2⤵
  PID:4080
- C:\Windows\System\eWLMVOk.exe
  C:\Windows\System\eWLMVOk.exe
  2⤵
  PID:4044
- C:\Windows\System\oXOKUVV.exe
  C:\Windows\System\oXOKUVV.exe
  2⤵
  PID:2180
- C:\Windows\System\xCJNezO.exe
  C:\Windows\System\xCJNezO.exe
  2⤵
  PID:1764
- C:\Windows\System\MAdoCQn.exe
  C:\Windows\System\MAdoCQn.exe
  2⤵
  PID:2104
- C:\Windows\System\FBylpaB.exe
  C:\Windows\System\FBylpaB.exe
  2⤵
  PID:2896
- C:\Windows\System\swLnHoY.exe
  C:\Windows\System\swLnHoY.exe
  2⤵
  PID:3144
- C:\Windows\System\HwbDsOP.exe
  C:\Windows\System\HwbDsOP.exe
  2⤵
  PID:3196
- C:\Windows\System\ICPSQHr.exe
  C:\Windows\System\ICPSQHr.exe
  2⤵
  PID:3236
- C:\Windows\System\vjiEIpl.exe
  C:\Windows\System\vjiEIpl.exe
  2⤵
  PID:3384
- C:\Windows\System\UKOfyce.exe
  C:\Windows\System\UKOfyce.exe
  2⤵
  PID:3360
- C:\Windows\System\GyNNIqS.exe
  C:\Windows\System\GyNNIqS.exe
  2⤵
  PID:3448
- C:\Windows\System\jlktZLL.exe
  C:\Windows\System\jlktZLL.exe
  2⤵
  PID:3544
- C:\Windows\System\fayKpjy.exe
  C:\Windows\System\fayKpjy.exe
  2⤵
  PID:3592
- C:\Windows\System\RiukWRG.exe
  C:\Windows\System\RiukWRG.exe
  2⤵
  PID:3684
- C:\Windows\System\ICXNwZp.exe
  C:\Windows\System\ICXNwZp.exe
  2⤵
  PID:3628
- C:\Windows\System\MbyuMuQ.exe
  C:\Windows\System\MbyuMuQ.exe
  2⤵
  PID:2572
- C:\Windows\System\sYhuQiJ.exe
  C:\Windows\System\sYhuQiJ.exe
  2⤵
  PID:3068
- C:\Windows\System\uBTDaZn.exe
  C:\Windows\System\uBTDaZn.exe
  2⤵
  PID:3756
- C:\Windows\System\VHjmJKa.exe
  C:\Windows\System\VHjmJKa.exe
  2⤵
  PID:2928
- C:\Windows\System\iGZjZRQ.exe
  C:\Windows\System\iGZjZRQ.exe
  2⤵
  PID:3796
- C:\Windows\System\LipEkOc.exe
  C:\Windows\System\LipEkOc.exe
  2⤵
  PID:4056
- C:\Windows\System\zNCletx.exe
  C:\Windows\System\zNCletx.exe
  2⤵
  PID:3952
- C:\Windows\System\GemFPib.exe
  C:\Windows\System\GemFPib.exe
  2⤵
  PID:4004
- C:\Windows\System\tzLaiXW.exe
  C:\Windows\System\tzLaiXW.exe
  2⤵
  PID:1508
- C:\Windows\System\nudSAyO.exe
  C:\Windows\System\nudSAyO.exe
  2⤵
  PID:3960
- C:\Windows\System\naKJoUM.exe
  C:\Windows\System\naKJoUM.exe
  2⤵
  PID:2128
- C:\Windows\System\jfQxoaf.exe
  C:\Windows\System\jfQxoaf.exe
  2⤵
  PID:3140
- C:\Windows\System\RwCHlKJ.exe
  C:\Windows\System\RwCHlKJ.exe
  2⤵
  PID:3184
- C:\Windows\System\UAvEKDp.exe
  C:\Windows\System\UAvEKDp.exe
  2⤵
  PID:3324
- C:\Windows\System\BnyKdzG.exe
  C:\Windows\System\BnyKdzG.exe
  2⤵
  PID:3460
- C:\Windows\System\vNbMXwA.exe
  C:\Windows\System\vNbMXwA.exe
  2⤵
  PID:3380
- C:\Windows\System\YMfSWqg.exe
  C:\Windows\System\YMfSWqg.exe
  2⤵
  PID:3548
- C:\Windows\System\lORlGBU.exe
  C:\Windows\System\lORlGBU.exe
  2⤵
  PID:3652
- C:\Windows\System\wqziZOD.exe
  C:\Windows\System\wqziZOD.exe
  2⤵
  PID:2932
- C:\Windows\System\NLLebgK.exe
  C:\Windows\System\NLLebgK.exe
  2⤵
  PID:3672
- C:\Windows\System\hmeEKff.exe
  C:\Windows\System\hmeEKff.exe
  2⤵
  PID:1584
- C:\Windows\System\ZLLkfLl.exe
  C:\Windows\System\ZLLkfLl.exe
  2⤵
  PID:3980
- C:\Windows\System\wbyqpNz.exe
  C:\Windows\System\wbyqpNz.exe
  2⤵
  PID:4000
- C:\Windows\System\iPhPOeQ.exe
  C:\Windows\System\iPhPOeQ.exe
  2⤵
  PID:760
- C:\Windows\System\qTctJNc.exe
  C:\Windows\System\qTctJNc.exe
  2⤵
  PID:3076
- C:\Windows\System\GDUjmFb.exe
  C:\Windows\System\GDUjmFb.exe
  2⤵
  PID:3356
- C:\Windows\System\NJTBerp.exe
  C:\Windows\System\NJTBerp.exe
  2⤵
  PID:3532
- C:\Windows\System\pxQbUHi.exe
  C:\Windows\System\pxQbUHi.exe
  2⤵
  PID:3920
- C:\Windows\System\UgAFFIw.exe
  C:\Windows\System\UgAFFIw.exe
  2⤵
  PID:3776
- C:\Windows\System\XMiDerE.exe
  C:\Windows\System\XMiDerE.exe
  2⤵
  PID:3508
- C:\Windows\System\gcYAIHt.exe
  C:\Windows\System\gcYAIHt.exe
  2⤵
  PID:3552
- C:\Windows\System\BWjLJKH.exe
  C:\Windows\System\BWjLJKH.exe
  2⤵
  PID:3120
- C:\Windows\System\jiFqToo.exe
  C:\Windows\System\jiFqToo.exe
  2⤵
  PID:4116
- C:\Windows\System\bTgZbSz.exe
  C:\Windows\System\bTgZbSz.exe
  2⤵
  PID:4136
- C:\Windows\System\fGHxtKR.exe
  C:\Windows\System\fGHxtKR.exe
  2⤵
  PID:4160
- C:\Windows\System\tKRuVKW.exe
  C:\Windows\System\tKRuVKW.exe
  2⤵
  PID:4180
- C:\Windows\System\siHkvnC.exe
  C:\Windows\System\siHkvnC.exe
  2⤵
  PID:4204
- C:\Windows\System\ssClylg.exe
  C:\Windows\System\ssClylg.exe
  2⤵
  PID:4224
- C:\Windows\System\CzyBtjk.exe
  C:\Windows\System\CzyBtjk.exe
  2⤵
  PID:4240
- C:\Windows\System\qKBFYIb.exe
  C:\Windows\System\qKBFYIb.exe
  2⤵
  PID:4264
- C:\Windows\System\dcYMUhB.exe
  C:\Windows\System\dcYMUhB.exe
  2⤵
  PID:4280
- C:\Windows\System\dCOcToI.exe
  C:\Windows\System\dCOcToI.exe
  2⤵
  PID:4304
- C:\Windows\System\yAJTpEd.exe
  C:\Windows\System\yAJTpEd.exe
  2⤵
  PID:4320
- C:\Windows\System\srYctyA.exe
  C:\Windows\System\srYctyA.exe
  2⤵
  PID:4344
- C:\Windows\System\YOBbyem.exe
  C:\Windows\System\YOBbyem.exe
  2⤵
  PID:4368
- C:\Windows\System\RdnNLMM.exe
  C:\Windows\System\RdnNLMM.exe
  2⤵
  PID:4408
- C:\Windows\System\cSQSwXW.exe
  C:\Windows\System\cSQSwXW.exe
  2⤵
  PID:4428
- C:\Windows\System\PTxqXlg.exe
  C:\Windows\System\PTxqXlg.exe
  2⤵
  PID:4448
- C:\Windows\System\usGfxrJ.exe
  C:\Windows\System\usGfxrJ.exe
  2⤵
  PID:4464
- C:\Windows\System\mKmfVLg.exe
  C:\Windows\System\mKmfVLg.exe
  2⤵
  PID:4488
- C:\Windows\System\CsjEMMy.exe
  C:\Windows\System\CsjEMMy.exe
  2⤵
  PID:4512
- C:\Windows\System\ZvUyRFR.exe
  C:\Windows\System\ZvUyRFR.exe
  2⤵
  PID:4532
- C:\Windows\System\fDxQPrR.exe
  C:\Windows\System\fDxQPrR.exe
  2⤵
  PID:4552
- C:\Windows\System\oExXUdm.exe
  C:\Windows\System\oExXUdm.exe
  2⤵
  PID:4576
- C:\Windows\System\DxCwLMX.exe
  C:\Windows\System\DxCwLMX.exe
  2⤵
  PID:4600
- C:\Windows\System\KHtpyWx.exe
  C:\Windows\System\KHtpyWx.exe
  2⤵
  PID:4620
- C:\Windows\System\UlWNkbw.exe
  C:\Windows\System\UlWNkbw.exe
  2⤵
  PID:4640
- C:\Windows\System\IgpLHFl.exe
  C:\Windows\System\IgpLHFl.exe
  2⤵
  PID:4660
- C:\Windows\System\sHoQGVp.exe
  C:\Windows\System\sHoQGVp.exe
  2⤵
  PID:4680
- C:\Windows\System\wQbKTgP.exe
  C:\Windows\System\wQbKTgP.exe
  2⤵
  PID:4700
- C:\Windows\System\MzEwpti.exe
  C:\Windows\System\MzEwpti.exe
  2⤵
  PID:4720
- C:\Windows\System\eDOVXKc.exe
  C:\Windows\System\eDOVXKc.exe
  2⤵
  PID:4740
- C:\Windows\System\rKbIrfy.exe
  C:\Windows\System\rKbIrfy.exe
  2⤵
  PID:4760
- C:\Windows\System\VFRcSSD.exe
  C:\Windows\System\VFRcSSD.exe
  2⤵
  PID:4780
- C:\Windows\System\jeMOpeJ.exe
  C:\Windows\System\jeMOpeJ.exe
  2⤵
  PID:4800
- C:\Windows\System\SVoOOfp.exe
  C:\Windows\System\SVoOOfp.exe
  2⤵
  PID:4820
- C:\Windows\System\LtcRpaZ.exe
  C:\Windows\System\LtcRpaZ.exe
  2⤵
  PID:4840
- C:\Windows\System\ktAFRgK.exe
  C:\Windows\System\ktAFRgK.exe
  2⤵
  PID:4860
- C:\Windows\System\ULpqBwY.exe
  C:\Windows\System\ULpqBwY.exe
  2⤵
  PID:4880
- C:\Windows\System\yFyUkZX.exe
  C:\Windows\System\yFyUkZX.exe
  2⤵
  PID:4900
- C:\Windows\System\vZruWbC.exe
  C:\Windows\System\vZruWbC.exe
  2⤵
  PID:4916
- C:\Windows\System\ZZhsmsT.exe
  C:\Windows\System\ZZhsmsT.exe
  2⤵
  PID:4944
- C:\Windows\System\ssuHOCQ.exe
  C:\Windows\System\ssuHOCQ.exe
  2⤵
  PID:4964
- C:\Windows\System\LJcRffT.exe
  C:\Windows\System\LJcRffT.exe
  2⤵
  PID:4984
- C:\Windows\System\WoFjwER.exe
  C:\Windows\System\WoFjwER.exe
  2⤵
  PID:5004
- C:\Windows\System\jGmGveo.exe
  C:\Windows\System\jGmGveo.exe
  2⤵
  PID:5028
- C:\Windows\System\wgyfAIx.exe
  C:\Windows\System\wgyfAIx.exe
  2⤵
  PID:5048
- C:\Windows\System\UiqJZKW.exe
  C:\Windows\System\UiqJZKW.exe
  2⤵
  PID:5068
- C:\Windows\System\ZgFbnDO.exe
  C:\Windows\System\ZgFbnDO.exe
  2⤵
  PID:5088
- C:\Windows\System\uvWlpin.exe
  C:\Windows\System\uvWlpin.exe
  2⤵
  PID:5108
- C:\Windows\System\SrZjCdB.exe
  C:\Windows\System\SrZjCdB.exe
  2⤵
  PID:820
- C:\Windows\System\kqtVNUO.exe
  C:\Windows\System\kqtVNUO.exe
  2⤵
  PID:3440
- C:\Windows\System\GQOqloD.exe
  C:\Windows\System\GQOqloD.exe
  2⤵
  PID:3408
- C:\Windows\System\mQXcgni.exe
  C:\Windows\System\mQXcgni.exe
  2⤵
  PID:3708
- C:\Windows\System\cQMwghB.exe
  C:\Windows\System\cQMwghB.exe
  2⤵
  PID:1728
- C:\Windows\System\OtzfMnb.exe
  C:\Windows\System\OtzfMnb.exe
  2⤵
  PID:3732
- C:\Windows\System\eJDkIcs.exe
  C:\Windows\System\eJDkIcs.exe
  2⤵
  PID:3016
- C:\Windows\System\ALwIwRU.exe
  C:\Windows\System\ALwIwRU.exe
  2⤵
  PID:4168
- C:\Windows\System\ziSwAOq.exe
  C:\Windows\System\ziSwAOq.exe
  2⤵
  PID:4220
- C:\Windows\System\MTFWHRm.exe
  C:\Windows\System\MTFWHRm.exe
  2⤵
  PID:4296
- C:\Windows\System\ROZewRt.exe
  C:\Windows\System\ROZewRt.exe
  2⤵
  PID:4200
- C:\Windows\System\uJYbHUK.exe
  C:\Windows\System\uJYbHUK.exe
  2⤵
  PID:4276
- C:\Windows\System\rTJSBUB.exe
  C:\Windows\System\rTJSBUB.exe
  2⤵
  PID:4376
- C:\Windows\System\SDwxsRF.exe
  C:\Windows\System\SDwxsRF.exe
  2⤵
  PID:4356
- C:\Windows\System\zjQoKtq.exe
  C:\Windows\System\zjQoKtq.exe
  2⤵
  PID:4420
- C:\Windows\System\BEwZoUN.exe
  C:\Windows\System\BEwZoUN.exe
  2⤵
  PID:4472
- C:\Windows\System\auFUUcP.exe
  C:\Windows\System\auFUUcP.exe
  2⤵
  PID:4500
- C:\Windows\System\gdoiNNg.exe
  C:\Windows\System\gdoiNNg.exe
  2⤵
  PID:4504
- C:\Windows\System\Phxqxqe.exe
  C:\Windows\System\Phxqxqe.exe
  2⤵
  PID:4572
- C:\Windows\System\iYmYDNH.exe
  C:\Windows\System\iYmYDNH.exe
  2⤵
  PID:4584
- C:\Windows\System\iXyylSK.exe
  C:\Windows\System\iXyylSK.exe
  2⤵
  PID:4648
- C:\Windows\System\cgvxPBb.exe
  C:\Windows\System\cgvxPBb.exe
  2⤵
  PID:4636
- C:\Windows\System\kwTPQLL.exe
  C:\Windows\System\kwTPQLL.exe
  2⤵
  PID:4676
- C:\Windows\System\jyylLgI.exe
  C:\Windows\System\jyylLgI.exe
  2⤵
  PID:4736
- C:\Windows\System\qUMuHyT.exe
  C:\Windows\System\qUMuHyT.exe
  2⤵
  PID:4776
- C:\Windows\System\WkcifVo.exe
  C:\Windows\System\WkcifVo.exe
  2⤵
  PID:4788
- C:\Windows\System\yeUBbRn.exe
  C:\Windows\System\yeUBbRn.exe
  2⤵
  PID:4848
- C:\Windows\System\wQcIkNp.exe
  C:\Windows\System\wQcIkNp.exe
  2⤵
  PID:4852
- C:\Windows\System\ZuhhYCH.exe
  C:\Windows\System\ZuhhYCH.exe
  2⤵
  PID:4876
- C:\Windows\System\hSboeqA.exe
  C:\Windows\System\hSboeqA.exe
  2⤵
  PID:4932
- C:\Windows\System\sSiHwMN.exe
  C:\Windows\System\sSiHwMN.exe
  2⤵
  PID:4960
- C:\Windows\System\Hcazyvy.exe
  C:\Windows\System\Hcazyvy.exe
  2⤵
  PID:5024
- C:\Windows\System\LkuyllN.exe
  C:\Windows\System\LkuyllN.exe
  2⤵
  PID:5056
- C:\Windows\System\vwbkHMn.exe
  C:\Windows\System\vwbkHMn.exe
  2⤵
  PID:5060
- C:\Windows\System\jwbbdtM.exe
  C:\Windows\System\jwbbdtM.exe
  2⤵
  PID:5080
- C:\Windows\System\YIAQxOl.exe
  C:\Windows\System\YIAQxOl.exe
  2⤵
  PID:5116
- C:\Windows\System\KZyXqNs.exe
  C:\Windows\System\KZyXqNs.exe
  2⤵
  PID:3364
- C:\Windows\System\uCErHvc.exe
  C:\Windows\System\uCErHvc.exe
  2⤵
  PID:3940
- C:\Windows\System\MMQHtJW.exe
  C:\Windows\System\MMQHtJW.exe
  2⤵
  PID:3488
- C:\Windows\System\mABzgSO.exe
  C:\Windows\System\mABzgSO.exe
  2⤵
  PID:2876
- C:\Windows\System\DxhmQGK.exe
  C:\Windows\System\DxhmQGK.exe
  2⤵
  PID:4172
- C:\Windows\System\mQpuFJw.exe
  C:\Windows\System\mQpuFJw.exe
  2⤵
  PID:4236
- C:\Windows\System\uoKtewW.exe
  C:\Windows\System\uoKtewW.exe
  2⤵
  PID:4364
- C:\Windows\System\QLucwjn.exe
  C:\Windows\System\QLucwjn.exe
  2⤵
  PID:4416
- C:\Windows\System\BWmaoUt.exe
  C:\Windows\System\BWmaoUt.exe
  2⤵
  PID:4380
- C:\Windows\System\lYqNyLE.exe
  C:\Windows\System\lYqNyLE.exe
  2⤵
  PID:4456
- C:\Windows\System\mwyYSxP.exe
  C:\Windows\System\mwyYSxP.exe
  2⤵
  PID:4568
- C:\Windows\System\WiZaDMt.exe
  C:\Windows\System\WiZaDMt.exe
  2⤵
  PID:4628
- C:\Windows\System\QULAHxj.exe
  C:\Windows\System\QULAHxj.exe
  2⤵
  PID:4692
- C:\Windows\System\BMgxQww.exe
  C:\Windows\System\BMgxQww.exe
  2⤵
  PID:4772
- C:\Windows\System\bxMYZWk.exe
  C:\Windows\System\bxMYZWk.exe
  2⤵
  PID:4756
- C:\Windows\System\njMYJsU.exe
  C:\Windows\System\njMYJsU.exe
  2⤵
  PID:4808
- C:\Windows\System\vXXUTwL.exe
  C:\Windows\System\vXXUTwL.exe
  2⤵
  PID:4896
- C:\Windows\System\bFBMIdz.exe
  C:\Windows\System\bFBMIdz.exe
  2⤵
  PID:5012
- C:\Windows\System\fsSlNSD.exe
  C:\Windows\System\fsSlNSD.exe
  2⤵
  PID:5016
- C:\Windows\System\VhGhMyW.exe
  C:\Windows\System\VhGhMyW.exe
  2⤵
  PID:2824
- C:\Windows\System\atOZqQo.exe
  C:\Windows\System\atOZqQo.exe
  2⤵
  PID:3264
- C:\Windows\System\gPVHEwX.exe
  C:\Windows\System\gPVHEwX.exe
  2⤵
  PID:3136
- C:\Windows\System\wmoGYvP.exe
  C:\Windows\System\wmoGYvP.exe
  2⤵
  PID:4108
- C:\Windows\System\edodvhA.exe
  C:\Windows\System\edodvhA.exe
  2⤵
  PID:4260
- C:\Windows\System\jtLTyjb.exe
  C:\Windows\System\jtLTyjb.exe
  2⤵
  PID:4148
- C:\Windows\System\wJcPBco.exe
  C:\Windows\System\wJcPBco.exe
  2⤵
  PID:4336
- C:\Windows\System\RySYQoJ.exe
  C:\Windows\System\RySYQoJ.exe
  2⤵
  PID:4404
- C:\Windows\System\HqWWFZO.exe
  C:\Windows\System\HqWWFZO.exe
  2⤵
  PID:4528
- C:\Windows\System\GpLILKA.exe
  C:\Windows\System\GpLILKA.exe
  2⤵
  PID:4696
- C:\Windows\System\bVvQTbH.exe
  C:\Windows\System\bVvQTbH.exe
  2⤵
  PID:4928
- C:\Windows\System\CPgfWjJ.exe
  C:\Windows\System\CPgfWjJ.exe
  2⤵
  PID:5144
- C:\Windows\System\KNezipm.exe
  C:\Windows\System\KNezipm.exe
  2⤵
  PID:5164
- C:\Windows\System\EBZvcXX.exe
  C:\Windows\System\EBZvcXX.exe
  2⤵
  PID:5180
- C:\Windows\System\tYRHylS.exe
  C:\Windows\System\tYRHylS.exe
  2⤵
  PID:5204
- C:\Windows\System\dlhaqXR.exe
  C:\Windows\System\dlhaqXR.exe
  2⤵
  PID:5224
- C:\Windows\System\WpgTtvD.exe
  C:\Windows\System\WpgTtvD.exe
  2⤵
  PID:5248
- C:\Windows\System\DahBmSZ.exe
  C:\Windows\System\DahBmSZ.exe
  2⤵
  PID:5268
- C:\Windows\System\aSdtWJd.exe
  C:\Windows\System\aSdtWJd.exe
  2⤵
  PID:5288
- C:\Windows\System\hfPhTlv.exe
  C:\Windows\System\hfPhTlv.exe
  2⤵
  PID:5308
- C:\Windows\System\GeQXcew.exe
  C:\Windows\System\GeQXcew.exe
  2⤵
  PID:5328
- C:\Windows\System\PMvKoEe.exe
  C:\Windows\System\PMvKoEe.exe
  2⤵
  PID:5348
- C:\Windows\System\EuGbzBA.exe
  C:\Windows\System\EuGbzBA.exe
  2⤵
  PID:5368
- C:\Windows\System\qdGrviG.exe
  C:\Windows\System\qdGrviG.exe
  2⤵
  PID:5388
- C:\Windows\System\vQGKvyq.exe
  C:\Windows\System\vQGKvyq.exe
  2⤵
  PID:5408
- C:\Windows\System\HrVkGVw.exe
  C:\Windows\System\HrVkGVw.exe
  2⤵
  PID:5428
- C:\Windows\System\hGRjmEd.exe
  C:\Windows\System\hGRjmEd.exe
  2⤵
  PID:5448
- C:\Windows\System\iDPfZdU.exe
  C:\Windows\System\iDPfZdU.exe
  2⤵
  PID:5468
- C:\Windows\System\WiKkxeJ.exe
  C:\Windows\System\WiKkxeJ.exe
  2⤵
  PID:5488
- C:\Windows\System\ZarAhKM.exe
  C:\Windows\System\ZarAhKM.exe
  2⤵
  PID:5508
- C:\Windows\System\TwSSpjM.exe
  C:\Windows\System\TwSSpjM.exe
  2⤵
  PID:5532
- C:\Windows\System\vIzMfYO.exe
  C:\Windows\System\vIzMfYO.exe
  2⤵
  PID:5552
- C:\Windows\System\iXbEstJ.exe
  C:\Windows\System\iXbEstJ.exe
  2⤵
  PID:5576
- C:\Windows\System\CtTEJBc.exe
  C:\Windows\System\CtTEJBc.exe
  2⤵
  PID:5596
- C:\Windows\System\rNcfGRg.exe
  C:\Windows\System\rNcfGRg.exe
  2⤵
  PID:5616
- C:\Windows\System\udShqhi.exe
  C:\Windows\System\udShqhi.exe
  2⤵
  PID:5636
- C:\Windows\System\qZAprmv.exe
  C:\Windows\System\qZAprmv.exe
  2⤵
  PID:5656
- C:\Windows\System\XRHGpez.exe
  C:\Windows\System\XRHGpez.exe
  2⤵
  PID:5676
- C:\Windows\System\QnDhaLt.exe
  C:\Windows\System\QnDhaLt.exe
  2⤵
  PID:5696
- C:\Windows\System\YQiKWMV.exe
  C:\Windows\System\YQiKWMV.exe
  2⤵
  PID:5712
- C:\Windows\System\gmljgip.exe
  C:\Windows\System\gmljgip.exe
  2⤵
  PID:5736
- C:\Windows\System\LleizdS.exe
  C:\Windows\System\LleizdS.exe
  2⤵
  PID:5756
- C:\Windows\System\IoSIUpC.exe
  C:\Windows\System\IoSIUpC.exe
  2⤵
  PID:5776
- C:\Windows\System\rlPfOcR.exe
  C:\Windows\System\rlPfOcR.exe
  2⤵
  PID:5792
- C:\Windows\System\tlrntxD.exe
  C:\Windows\System\tlrntxD.exe
  2⤵
  PID:5816
- C:\Windows\System\SUZOPAd.exe
  C:\Windows\System\SUZOPAd.exe
  2⤵
  PID:5836
- C:\Windows\System\XlrHkqs.exe
  C:\Windows\System\XlrHkqs.exe
  2⤵
  PID:5856
- C:\Windows\System\hlTWGOc.exe
  C:\Windows\System\hlTWGOc.exe
  2⤵
  PID:5872
- C:\Windows\System\nHikIrr.exe
  C:\Windows\System\nHikIrr.exe
  2⤵
  PID:5896
- C:\Windows\System\ENvvxqm.exe
  C:\Windows\System\ENvvxqm.exe
  2⤵
  PID:5920
- C:\Windows\System\ExnhZZT.exe
  C:\Windows\System\ExnhZZT.exe
  2⤵
  PID:5944
- C:\Windows\System\OqfUzdo.exe
  C:\Windows\System\OqfUzdo.exe
  2⤵
  PID:5964
- C:\Windows\System\TWLjxZP.exe
  C:\Windows\System\TWLjxZP.exe
  2⤵
  PID:5984
- C:\Windows\System\vktMWqr.exe
  C:\Windows\System\vktMWqr.exe
  2⤵
  PID:6004
- C:\Windows\System\qZiuZat.exe
  C:\Windows\System\qZiuZat.exe
  2⤵
  PID:6024
- C:\Windows\System\SFSWYCX.exe
  C:\Windows\System\SFSWYCX.exe
  2⤵
  PID:6044
- C:\Windows\System\sJyXDeW.exe
  C:\Windows\System\sJyXDeW.exe
  2⤵
  PID:6064
- C:\Windows\System\JjQqxNb.exe
  C:\Windows\System\JjQqxNb.exe
  2⤵
  PID:6084
- C:\Windows\System\tiqLnJX.exe
  C:\Windows\System\tiqLnJX.exe
  2⤵
  PID:6108
- C:\Windows\System\puYweXN.exe
  C:\Windows\System\puYweXN.exe
  2⤵
  PID:6128
- C:\Windows\System\jmUhtHT.exe
  C:\Windows\System\jmUhtHT.exe
  2⤵
  PID:4752
- C:\Windows\System\WRSyhnG.exe
  C:\Windows\System\WRSyhnG.exe
  2⤵
  PID:4872
- C:\Windows\System\kItOscw.exe
  C:\Windows\System\kItOscw.exe
  2⤵
  PID:4912
- C:\Windows\System\cEaQmVL.exe
  C:\Windows\System\cEaQmVL.exe
  2⤵
  PID:2256
- C:\Windows\System\SsVCVZh.exe
  C:\Windows\System\SsVCVZh.exe
  2⤵
  PID:3792
- C:\Windows\System\blkjksh.exe
  C:\Windows\System\blkjksh.exe
  2⤵
  PID:2920
- C:\Windows\System\CrsvotX.exe
  C:\Windows\System\CrsvotX.exe
  2⤵
  PID:4132
- C:\Windows\System\IhqOtDr.exe
  C:\Windows\System\IhqOtDr.exe
  2⤵
  PID:4440
- C:\Windows\System\QoCsPFp.exe
  C:\Windows\System\QoCsPFp.exe
  2⤵
  PID:4856
- C:\Windows\System\LRuGKJC.exe
  C:\Windows\System\LRuGKJC.exe
  2⤵
  PID:5152
- C:\Windows\System\aQOzJDQ.exe
  C:\Windows\System\aQOzJDQ.exe
  2⤵
  PID:2276
- C:\Windows\System\CjtLrFM.exe
  C:\Windows\System\CjtLrFM.exe
  2⤵
  PID:5172
- C:\Windows\System\gYbyZwU.exe
  C:\Windows\System\gYbyZwU.exe
  2⤵
  PID:5232
- C:\Windows\System\RwMvsRI.exe
  C:\Windows\System\RwMvsRI.exe
  2⤵
  PID:2404
- C:\Windows\System\vSjmvSA.exe
  C:\Windows\System\vSjmvSA.exe
  2⤵
  PID:5284
- C:\Windows\System\JRZyMqM.exe
  C:\Windows\System\JRZyMqM.exe
  2⤵
  PID:5300
- C:\Windows\System\sidmdZN.exe
  C:\Windows\System\sidmdZN.exe
  2⤵
  PID:5364
- C:\Windows\System\UvmNzWp.exe
  C:\Windows\System\UvmNzWp.exe
  2⤵
  PID:5396
- C:\Windows\System\neQkper.exe
  C:\Windows\System\neQkper.exe
  2⤵
  PID:5400
- C:\Windows\System\EHVqeqx.exe
  C:\Windows\System\EHVqeqx.exe
  2⤵
  PID:5424
- C:\Windows\System\YJCZseO.exe
  C:\Windows\System\YJCZseO.exe
  2⤵
  PID:5464
- C:\Windows\System\FaCLWrm.exe
  C:\Windows\System\FaCLWrm.exe
  2⤵
  PID:5524
- C:\Windows\System\Vemazxo.exe
  C:\Windows\System\Vemazxo.exe
  2⤵
  PID:5560
- C:\Windows\System\Pcooqva.exe
  C:\Windows\System\Pcooqva.exe
  2⤵
  PID:5544
- C:\Windows\System\szgtdvM.exe
  C:\Windows\System\szgtdvM.exe
  2⤵
  PID:5588
- C:\Windows\System\DrIQBNi.exe
  C:\Windows\System\DrIQBNi.exe
  2⤵
  PID:5748
- C:\Windows\System\MFUjzfQ.exe
  C:\Windows\System\MFUjzfQ.exe
  2⤵
  PID:3028
- C:\Windows\System\ecVlGQq.exe
  C:\Windows\System\ecVlGQq.exe
  2⤵
  PID:5788
- C:\Windows\System\VCOvXXk.exe
  C:\Windows\System\VCOvXXk.exe
  2⤵
  PID:5852
- C:\Windows\System\yfERdhv.exe
  C:\Windows\System\yfERdhv.exe
  2⤵
  PID:5888
- C:\Windows\System\LkEbJPe.exe
  C:\Windows\System\LkEbJPe.exe
  2⤵
  PID:5884
- C:\Windows\System\AqBGKRz.exe
  C:\Windows\System\AqBGKRz.exe
  2⤵
  PID:1952
- C:\Windows\System\UJaGkKd.exe
  C:\Windows\System\UJaGkKd.exe
  2⤵
  PID:5916
- C:\Windows\System\FblhjNn.exe
  C:\Windows\System\FblhjNn.exe
  2⤵
  PID:1832
- C:\Windows\System\dbqRIrz.exe
  C:\Windows\System\dbqRIrz.exe
  2⤵
  PID:2272
- C:\Windows\System\ShIFLZg.exe
  C:\Windows\System\ShIFLZg.exe
  2⤵
  PID:6012
- C:\Windows\System\pzXisBm.exe
  C:\Windows\System\pzXisBm.exe
  2⤵
  PID:2848
- C:\Windows\System\wuyDtCG.exe
  C:\Windows\System\wuyDtCG.exe
  2⤵
  PID:6060
- C:\Windows\System\lEBczKD.exe
  C:\Windows\System\lEBczKD.exe
  2⤵
  PID:6100
- C:\Windows\System\HbFiNyy.exe
  C:\Windows\System\HbFiNyy.exe
  2⤵
  PID:6076
- C:\Windows\System\QyPLUCX.exe
  C:\Windows\System\QyPLUCX.exe
  2⤵
  PID:1988
- C:\Windows\System\VBXDpPf.exe
  C:\Windows\System\VBXDpPf.exe
  2⤵
  PID:2504
- C:\Windows\System\VkzLTps.exe
  C:\Windows\System\VkzLTps.exe
  2⤵
  PID:5076
- C:\Windows\System\lMIRzVc.exe
  C:\Windows\System\lMIRzVc.exe
  2⤵
  PID:2360
- C:\Windows\System\tzxKcdr.exe
  C:\Windows\System\tzxKcdr.exe
  2⤵
  PID:4256
- C:\Windows\System\ZyOfQvF.exe
  C:\Windows\System\ZyOfQvF.exe
  2⤵
  PID:4444
- C:\Windows\System\zCmIMKd.exe
  C:\Windows\System\zCmIMKd.exe
  2⤵
  PID:5140
- C:\Windows\System\NNPcMVH.exe
  C:\Windows\System\NNPcMVH.exe
  2⤵
  PID:5188
- C:\Windows\System\JeWEayG.exe
  C:\Windows\System\JeWEayG.exe
  2⤵
  PID:4892
- C:\Windows\System\TqhYUuD.exe
  C:\Windows\System\TqhYUuD.exe
  2⤵
  PID:5256
- C:\Windows\System\KUJtxMu.exe
  C:\Windows\System\KUJtxMu.exe
  2⤵
  PID:5316
- C:\Windows\System\egTAVLW.exe
  C:\Windows\System\egTAVLW.exe
  2⤵
  PID:556
- C:\Windows\System\swNUSow.exe
  C:\Windows\System\swNUSow.exe
  2⤵
  PID:5380
- C:\Windows\System\kpIGHRI.exe
  C:\Windows\System\kpIGHRI.exe
  2⤵
  PID:5480
- C:\Windows\System\jVvOIhN.exe
  C:\Windows\System\jVvOIhN.exe
  2⤵
  PID:5496
- C:\Windows\System\mXxckQQ.exe
  C:\Windows\System\mXxckQQ.exe
  2⤵
  PID:5500
- C:\Windows\System\xVZIOde.exe
  C:\Windows\System\xVZIOde.exe
  2⤵
  PID:5136
- C:\Windows\System\plCQPsd.exe
  C:\Windows\System\plCQPsd.exe
  2⤵
  PID:2124
- C:\Windows\System\uiWBtfZ.exe
  C:\Windows\System\uiWBtfZ.exe
  2⤵
  PID:2548
- C:\Windows\System\yLYANof.exe
  C:\Windows\System\yLYANof.exe
  2⤵
  PID:2560
- C:\Windows\System\iWtfBrv.exe
  C:\Windows\System\iWtfBrv.exe
  2⤵
  PID:1784
- C:\Windows\System\kZeJsQZ.exe
  C:\Windows\System\kZeJsQZ.exe
  2⤵
  PID:3892
- C:\Windows\System\FROBeei.exe
  C:\Windows\System\FROBeei.exe
  2⤵
  PID:3156
- C:\Windows\System\ajnqXLP.exe
  C:\Windows\System\ajnqXLP.exe
  2⤵
  PID:4400
- C:\Windows\System\HUsTrDg.exe
  C:\Windows\System\HUsTrDg.exe
  2⤵
  PID:4156
- C:\Windows\System\OafGcPs.exe
  C:\Windows\System\OafGcPs.exe
  2⤵
  PID:928
- C:\Windows\System\qYkqlBr.exe
  C:\Windows\System\qYkqlBr.exe
  2⤵
  PID:6080
- C:\Windows\System\mnYaGxT.exe
  C:\Windows\System\mnYaGxT.exe
  2⤵
  PID:5652
- C:\Windows\System\XZxVczc.exe
  C:\Windows\System\XZxVczc.exe
  2⤵
  PID:5732
- C:\Windows\System\XmrvNDQ.exe
  C:\Windows\System\XmrvNDQ.exe
  2⤵
  PID:2544
- C:\Windows\System\ENYHKKe.exe
  C:\Windows\System\ENYHKKe.exe
  2⤵
  PID:1260
- C:\Windows\System\zfRHvKo.exe
  C:\Windows\System\zfRHvKo.exe
  2⤵
  PID:2496
- C:\Windows\System\FHjFrYk.exe
  C:\Windows\System\FHjFrYk.exe
  2⤵
  PID:2996
- C:\Windows\System\cOuhlss.exe
  C:\Windows\System\cOuhlss.exe
  2⤵
  PID:2120
- C:\Windows\System\GXTXyNu.exe
  C:\Windows\System\GXTXyNu.exe
  2⤵
  PID:5844
- C:\Windows\System\LCuxOmX.exe
  C:\Windows\System\LCuxOmX.exe
  2⤵
  PID:5880
- C:\Windows\System\RsKtjiS.exe
  C:\Windows\System\RsKtjiS.exe
  2⤵
  PID:5928
- C:\Windows\System\LeOHXCG.exe
  C:\Windows\System\LeOHXCG.exe
  2⤵
  PID:5952
- C:\Windows\System\ThkDaVt.exe
  C:\Windows\System\ThkDaVt.exe
  2⤵
  PID:5996
- C:\Windows\System\DQDuTGN.exe
  C:\Windows\System\DQDuTGN.exe
  2⤵
  PID:6092
- C:\Windows\System\tMAsJPx.exe
  C:\Windows\System\tMAsJPx.exe
  2⤵
  PID:4768
- C:\Windows\System\JweGZNW.exe
  C:\Windows\System\JweGZNW.exe
  2⤵
  PID:6072
- C:\Windows\System\spebssJ.exe
  C:\Windows\System\spebssJ.exe
  2⤵
  PID:4956
- C:\Windows\System\cDGqxZl.exe
  C:\Windows\System\cDGqxZl.exe
  2⤵
  PID:2832
- C:\Windows\System\McynOcB.exe
  C:\Windows\System\McynOcB.exe
  2⤵
  PID:4548
- C:\Windows\System\baknhDo.exe
  C:\Windows\System\baknhDo.exe
  2⤵
  PID:588
- C:\Windows\System\oVEHPFO.exe
  C:\Windows\System\oVEHPFO.exe
  2⤵
  PID:5356
- C:\Windows\System\TmphFjj.exe
  C:\Windows\System\TmphFjj.exe
  2⤵
  PID:5384
- C:\Windows\System\OIHYrvx.exe
  C:\Windows\System\OIHYrvx.exe
  2⤵
  PID:5476
- C:\Windows\System\zMlqABi.exe
  C:\Windows\System\zMlqABi.exe
  2⤵
  PID:5572
- C:\Windows\System\bsFUHXe.exe
  C:\Windows\System\bsFUHXe.exe
  2⤵
  PID:5612
- C:\Windows\System\PiZCMma.exe
  C:\Windows\System\PiZCMma.exe
  2⤵
  PID:840
- C:\Windows\System\cuYrDdQ.exe
  C:\Windows\System\cuYrDdQ.exe
  2⤵
  PID:4388
- C:\Windows\System\dYwnIyr.exe
  C:\Windows\System\dYwnIyr.exe
  2⤵
  PID:4396
- C:\Windows\System\ilUaKuL.exe
  C:\Windows\System\ilUaKuL.exe
  2⤵
  PID:5632
- C:\Windows\System\chaukgI.exe
  C:\Windows\System\chaukgI.exe
  2⤵
  PID:5704
- C:\Windows\System\ITVIsPn.exe
  C:\Windows\System\ITVIsPn.exe
  2⤵
  PID:904
- C:\Windows\System\RixxElV.exe
  C:\Windows\System\RixxElV.exe
  2⤵
  PID:1552
- C:\Windows\System\RHAFktL.exe
  C:\Windows\System\RHAFktL.exe
  2⤵
  PID:5828
- C:\Windows\System\qBTwfri.exe
  C:\Windows\System\qBTwfri.exe
  2⤵
  PID:5992
- C:\Windows\System\gtYPjav.exe
  C:\Windows\System\gtYPjav.exe
  2⤵
  PID:6036
- C:\Windows\System\ZfQEFte.exe
  C:\Windows\System\ZfQEFte.exe
  2⤵
  PID:2308
- C:\Windows\System\DukrjDi.exe
  C:\Windows\System\DukrjDi.exe
  2⤵
  PID:3036
- C:\Windows\System\AhGzNuc.exe
  C:\Windows\System\AhGzNuc.exe
  2⤵
  PID:2564
- C:\Windows\System\rfeGhzU.exe
  C:\Windows\System\rfeGhzU.exe
  2⤵
  PID:4612
- C:\Windows\System\sYonPbf.exe
  C:\Windows\System\sYonPbf.exe
  2⤵
  PID:5192
- C:\Windows\System\RRmmIWY.exe
  C:\Windows\System\RRmmIWY.exe
  2⤵
  PID:5296
- C:\Windows\System\LevbXqG.exe
  C:\Windows\System\LevbXqG.exe
  2⤵
  PID:5220
- C:\Windows\System\fCThYMQ.exe
  C:\Windows\System\fCThYMQ.exe
  2⤵
  PID:5344
- C:\Windows\System\qONuzbS.exe
  C:\Windows\System\qONuzbS.exe
  2⤵
  PID:5548
- C:\Windows\System\ZmUHKYr.exe
  C:\Windows\System\ZmUHKYr.exe
  2⤵
  PID:3976
- C:\Windows\System\iKKSTIe.exe
  C:\Windows\System\iKKSTIe.exe
  2⤵
  PID:5684
- C:\Windows\System\vPYZIVr.exe
  C:\Windows\System\vPYZIVr.exe
  2⤵
  PID:6096
- C:\Windows\System\YdwZTRc.exe
  C:\Windows\System\YdwZTRc.exe
  2⤵
  PID:5812
- C:\Windows\System\EzLQWHp.exe
  C:\Windows\System\EzLQWHp.exe
  2⤵
  PID:5976
- C:\Windows\System\EZdqYto.exe
  C:\Windows\System\EZdqYto.exe
  2⤵
  PID:980
- C:\Windows\System\BwRfIAE.exe
  C:\Windows\System\BwRfIAE.exe
  2⤵
  PID:2924
- C:\Windows\System\eZJadef.exe
  C:\Windows\System\eZJadef.exe
  2⤵
  PID:5216
- C:\Windows\System\DKFuRhT.exe
  C:\Windows\System\DKFuRhT.exe
  2⤵
  PID:5456
- C:\Windows\System\kthKuNC.exe
  C:\Windows\System\kthKuNC.exe
  2⤵
  PID:2060
- C:\Windows\System\ysGhoHK.exe
  C:\Windows\System\ysGhoHK.exe
  2⤵
  PID:5672
- C:\Windows\System\JDxTWPz.exe
  C:\Windows\System\JDxTWPz.exe
  2⤵
  PID:5868
- C:\Windows\System\VvVYlqh.exe
  C:\Windows\System\VvVYlqh.exe
  2⤵
  PID:1840
- C:\Windows\System\XYIxAOz.exe
  C:\Windows\System\XYIxAOz.exe
  2⤵
  PID:1060
- C:\Windows\System\ZixeqFb.exe
  C:\Windows\System\ZixeqFb.exe
  2⤵
  PID:1044
- C:\Windows\System\ZEDeQNQ.exe
  C:\Windows\System\ZEDeQNQ.exe
  2⤵
  PID:2028
- C:\Windows\System\qzTBDMA.exe
  C:\Windows\System\qzTBDMA.exe
  2⤵
  PID:4560
- C:\Windows\System\CHqQhJb.exe
  C:\Windows\System\CHqQhJb.exe
  2⤵
  PID:5444
- C:\Windows\System\FeXClqG.exe
  C:\Windows\System\FeXClqG.exe
  2⤵
  PID:1532
- C:\Windows\System\GsmGrrW.exe
  C:\Windows\System\GsmGrrW.exe
  2⤵
  PID:2888
- C:\Windows\System\YMPqXlE.exe
  C:\Windows\System\YMPqXlE.exe
  2⤵
  PID:4832
- C:\Windows\System\YTsHFof.exe
  C:\Windows\System\YTsHFof.exe
  2⤵
  PID:680
- C:\Windows\System\tEjMGue.exe
  C:\Windows\System\tEjMGue.exe
  2⤵
  PID:5340
- C:\Windows\System\tQZYUTI.exe
  C:\Windows\System\tQZYUTI.exe
  2⤵
  PID:5084
- C:\Windows\System\fCKjgzl.exe
  C:\Windows\System\fCKjgzl.exe
  2⤵
  PID:6148
- C:\Windows\System\Jametnj.exe
  C:\Windows\System\Jametnj.exe
  2⤵
  PID:6172
- C:\Windows\System\kGszwEM.exe
  C:\Windows\System\kGszwEM.exe
  2⤵
  PID:6196
- C:\Windows\System\lmoWnaZ.exe
  C:\Windows\System\lmoWnaZ.exe
  2⤵
  PID:6216
- C:\Windows\System\lCoNMwl.exe
  C:\Windows\System\lCoNMwl.exe
  2⤵
  PID:6240
- C:\Windows\System\RrbrmHV.exe
  C:\Windows\System\RrbrmHV.exe
  2⤵
  PID:6256
- C:\Windows\System\jCPTPdj.exe
  C:\Windows\System\jCPTPdj.exe
  2⤵
  PID:6280
- C:\Windows\System\nFTYpSW.exe
  C:\Windows\System\nFTYpSW.exe
  2⤵
  PID:6296
- C:\Windows\System\cXHPcpZ.exe
  C:\Windows\System\cXHPcpZ.exe
  2⤵
  PID:6312
- C:\Windows\System\jfPuGAv.exe
  C:\Windows\System\jfPuGAv.exe
  2⤵
  PID:6336
- C:\Windows\System\BBSWNLX.exe
  C:\Windows\System\BBSWNLX.exe
  2⤵
  PID:6352
- C:\Windows\System\bzjfxYv.exe
  C:\Windows\System\bzjfxYv.exe
  2⤵
  PID:6372
- C:\Windows\System\TUvqYlq.exe
  C:\Windows\System\TUvqYlq.exe
  2⤵
  PID:6388
- C:\Windows\System\sFZcWhI.exe
  C:\Windows\System\sFZcWhI.exe
  2⤵
  PID:6412
- C:\Windows\System\EgTfXjv.exe
  C:\Windows\System\EgTfXjv.exe
  2⤵
  PID:6428
- C:\Windows\System\GqdbapU.exe
  C:\Windows\System\GqdbapU.exe
  2⤵
  PID:6464
- C:\Windows\System\AWkrSpQ.exe
  C:\Windows\System\AWkrSpQ.exe
  2⤵
  PID:6480
- C:\Windows\System\vPmXuul.exe
  C:\Windows\System\vPmXuul.exe
  2⤵
  PID:6500
- C:\Windows\System\luaMJII.exe
  C:\Windows\System\luaMJII.exe
  2⤵
  PID:6524
- C:\Windows\System\JopTieV.exe
  C:\Windows\System\JopTieV.exe
  2⤵
  PID:6540
- C:\Windows\System\RLCaTFG.exe
  C:\Windows\System\RLCaTFG.exe
  2⤵
  PID:6560
- C:\Windows\System\gBoHxoB.exe
  C:\Windows\System\gBoHxoB.exe
  2⤵
  PID:6576
- C:\Windows\System\ndTNZXd.exe
  C:\Windows\System\ndTNZXd.exe
  2⤵
  PID:6600
- C:\Windows\System\uVWesaB.exe
  C:\Windows\System\uVWesaB.exe
  2⤵
  PID:6620
- C:\Windows\System\RAbsrKP.exe
  C:\Windows\System\RAbsrKP.exe
  2⤵
  PID:6644
- C:\Windows\System\HbfHSFb.exe
  C:\Windows\System\HbfHSFb.exe
  2⤵
  PID:6660
- C:\Windows\System\kmMPAjm.exe
  C:\Windows\System\kmMPAjm.exe
  2⤵
  PID:6680
- C:\Windows\System\lfOZgNj.exe
  C:\Windows\System\lfOZgNj.exe
  2⤵
  PID:6704
- C:\Windows\System\kLflQho.exe
  C:\Windows\System\kLflQho.exe
  2⤵
  PID:6724
- C:\Windows\System\bSjmNQj.exe
  C:\Windows\System\bSjmNQj.exe
  2⤵
  PID:6744
- C:\Windows\System\wtHMQbj.exe
  C:\Windows\System\wtHMQbj.exe
  2⤵
  PID:6760
- C:\Windows\System\IYyliPX.exe
  C:\Windows\System\IYyliPX.exe
  2⤵
  PID:6780
- C:\Windows\System\mtlaldN.exe
  C:\Windows\System\mtlaldN.exe
  2⤵
  PID:6808
- C:\Windows\System\mYQuOAw.exe
  C:\Windows\System\mYQuOAw.exe
  2⤵
  PID:6824
- C:\Windows\System\CgtmKrc.exe
  C:\Windows\System\CgtmKrc.exe
  2⤵
  PID:6852
- C:\Windows\System\DRzGUMv.exe
  C:\Windows\System\DRzGUMv.exe
  2⤵
  PID:6868
- C:\Windows\System\fWlnSZq.exe
  C:\Windows\System\fWlnSZq.exe
  2⤵
  PID:6892
- C:\Windows\System\NGQYBPU.exe
  C:\Windows\System\NGQYBPU.exe
  2⤵
  PID:6908
- C:\Windows\System\SrDCdTW.exe
  C:\Windows\System\SrDCdTW.exe
  2⤵
  PID:6924
- C:\Windows\System\yfLVSGh.exe
  C:\Windows\System\yfLVSGh.exe
  2⤵
  PID:6948
- C:\Windows\System\xsQhrld.exe
  C:\Windows\System\xsQhrld.exe
  2⤵
  PID:6972
- C:\Windows\System\yjQCCKI.exe
  C:\Windows\System\yjQCCKI.exe
  2⤵
  PID:6988
- C:\Windows\System\UhSsvmS.exe
  C:\Windows\System\UhSsvmS.exe
  2⤵
  PID:7004
- C:\Windows\System\eLDBosA.exe
  C:\Windows\System\eLDBosA.exe
  2⤵
  PID:7028
- C:\Windows\System\pCsYtJW.exe
  C:\Windows\System\pCsYtJW.exe
  2⤵
  PID:7048
- C:\Windows\System\PQpaEyK.exe
  C:\Windows\System\PQpaEyK.exe
  2⤵
  PID:7068
- C:\Windows\System\QpDdINY.exe
  C:\Windows\System\QpDdINY.exe
  2⤵
  PID:7088
- C:\Windows\System\nhGuUpg.exe
  C:\Windows\System\nhGuUpg.exe
  2⤵
  PID:7108
- C:\Windows\System\rOIChpd.exe
  C:\Windows\System\rOIChpd.exe
  2⤵
  PID:7132
- C:\Windows\System\cKagpRF.exe
  C:\Windows\System\cKagpRF.exe
  2⤵
  PID:7148
- C:\Windows\System\hACYrAP.exe
  C:\Windows\System\hACYrAP.exe
  2⤵
  PID:5784
- C:\Windows\System\sjtaPSt.exe
  C:\Windows\System\sjtaPSt.exe
  2⤵
  PID:5592
- C:\Windows\System\OozEGMs.exe
  C:\Windows\System\OozEGMs.exe
  2⤵
  PID:5260
- C:\Windows\System\hPJpSQu.exe
  C:\Windows\System\hPJpSQu.exe
  2⤵
  PID:6164
- C:\Windows\System\RTPtpgI.exe
  C:\Windows\System\RTPtpgI.exe
  2⤵
  PID:6232
- C:\Windows\System\FLLQUrN.exe
  C:\Windows\System\FLLQUrN.exe
  2⤵
  PID:6264
- C:\Windows\System\AryZuRW.exe
  C:\Windows\System\AryZuRW.exe
  2⤵
  PID:6308
- C:\Windows\System\AotYbVZ.exe
  C:\Windows\System\AotYbVZ.exe
  2⤵
  PID:6420
- C:\Windows\System\BRWZfXm.exe
  C:\Windows\System\BRWZfXm.exe
  2⤵
  PID:6288
- C:\Windows\System\DAeNQvQ.exe
  C:\Windows\System\DAeNQvQ.exe
  2⤵
  PID:6436
- C:\Windows\System\oQZflCH.exe
  C:\Windows\System\oQZflCH.exe
  2⤵
  PID:6456
- C:\Windows\System\nOhrune.exe
  C:\Windows\System\nOhrune.exe
  2⤵
  PID:6476
- C:\Windows\System\fhniGdY.exe
  C:\Windows\System\fhniGdY.exe
  2⤵
  PID:6492
- C:\Windows\System\OlLubBv.exe
  C:\Windows\System\OlLubBv.exe
  2⤵
  PID:6532
- C:\Windows\System\iYxFXcA.exe
  C:\Windows\System\iYxFXcA.exe
  2⤵
  PID:6556
- C:\Windows\System\NdcBMqE.exe
  C:\Windows\System\NdcBMqE.exe
  2⤵
  PID:6568
- C:\Windows\System\SldSKnq.exe
  C:\Windows\System\SldSKnq.exe
  2⤵
  PID:6612
- C:\Windows\System\TAUqDZX.exe
  C:\Windows\System\TAUqDZX.exe
  2⤵
  PID:6656
- C:\Windows\System\DRoYeeW.exe
  C:\Windows\System\DRoYeeW.exe
  2⤵
  PID:6696
- C:\Windows\System\krfouMP.exe
  C:\Windows\System\krfouMP.exe
  2⤵
  PID:6720
- C:\Windows\System\ayOEqNA.exe
  C:\Windows\System\ayOEqNA.exe
  2⤵
  PID:6792
- C:\Windows\System\GkryJXz.exe
  C:\Windows\System\GkryJXz.exe
  2⤵
  PID:6804
- C:\Windows\System\WmHbEMF.exe
  C:\Windows\System\WmHbEMF.exe
  2⤵
  PID:6820
- C:\Windows\System\OyEYVVn.exe
  C:\Windows\System\OyEYVVn.exe
  2⤵
  PID:6876
- C:\Windows\System\PjwdaSv.exe
  C:\Windows\System\PjwdaSv.exe
  2⤵
  PID:6916
- C:\Windows\System\tcBakHc.exe
  C:\Windows\System\tcBakHc.exe
  2⤵
  PID:6956
- C:\Windows\System\tXpbscz.exe
  C:\Windows\System\tXpbscz.exe
  2⤵
  PID:6944
- C:\Windows\System\FhhquAs.exe
  C:\Windows\System\FhhquAs.exe
  2⤵
  PID:7000
- C:\Windows\System\hjCfGGo.exe
  C:\Windows\System\hjCfGGo.exe
  2⤵
  PID:7012
- C:\Windows\System\FOigTRe.exe
  C:\Windows\System\FOigTRe.exe
  2⤵
  PID:7024
- C:\Windows\System\MoiuLJm.exe
  C:\Windows\System\MoiuLJm.exe
  2⤵
  PID:7104
- C:\Windows\System\ZpOVjuZ.exe
  C:\Windows\System\ZpOVjuZ.exe
  2⤵
  PID:7120
- C:\Windows\System\MrIpMHU.exe
  C:\Windows\System\MrIpMHU.exe
  2⤵
  PID:7144
- C:\Windows\System\vBiwrvF.exe
  C:\Windows\System\vBiwrvF.exe
  2⤵
  PID:2228
- C:\Windows\System\iKCVZJD.exe
  C:\Windows\System\iKCVZJD.exe
  2⤵
  PID:1052
- C:\Windows\System\mHUSgqk.exe
  C:\Windows\System\mHUSgqk.exe
  2⤵
  PID:6204
- C:\Windows\System\DlwTKmd.exe
  C:\Windows\System\DlwTKmd.exe
  2⤵
  PID:6208
- C:\Windows\System\NSBjBcd.exe
  C:\Windows\System\NSBjBcd.exe
  2⤵
  PID:6292
- C:\Windows\System\JhelOBi.exe
  C:\Windows\System\JhelOBi.exe
  2⤵
  PID:6840
- C:\Windows\System\VSTmZAk.exe
  C:\Windows\System\VSTmZAk.exe
  2⤵
  PID:6324
- C:\Windows\System\yEXQVJL.exe
  C:\Windows\System\yEXQVJL.exe
  2⤵
  PID:6548
- C:\Windows\System\DDpHPBI.exe
  C:\Windows\System\DDpHPBI.exe
  2⤵
  PID:6516
- C:\Windows\System\hPxPgED.exe
  C:\Windows\System\hPxPgED.exe
  2⤵
  PID:6640
- C:\Windows\System\MmdMWFE.exe
  C:\Windows\System\MmdMWFE.exe
  2⤵
  PID:6652
- C:\Windows\System\pLvDwgy.exe
  C:\Windows\System\pLvDwgy.exe
  2⤵
  PID:6776
- C:\Windows\System\eRAMDya.exe
  C:\Windows\System\eRAMDya.exe
  2⤵
  PID:6796
- C:\Windows\System\SWTYSOI.exe
  C:\Windows\System\SWTYSOI.exe
  2⤵
  PID:6832
- C:\Windows\System\IftnjoZ.exe
  C:\Windows\System\IftnjoZ.exe
  2⤵
  PID:6888
- C:\Windows\System\vyXcxtA.exe
  C:\Windows\System\vyXcxtA.exe
  2⤵
  PID:6936
- C:\Windows\System\IEnsEJm.exe
  C:\Windows\System\IEnsEJm.exe
  2⤵
  PID:7060
- C:\Windows\System\UkzIUiK.exe
  C:\Windows\System\UkzIUiK.exe
  2⤵
  PID:7084
- C:\Windows\System\RNqxGUi.exe
  C:\Windows\System\RNqxGUi.exe
  2⤵
  PID:7096
- C:\Windows\System\xmsfmKK.exe
  C:\Windows\System\xmsfmKK.exe
  2⤵
  PID:7116
- C:\Windows\System\gIOqWyl.exe
  C:\Windows\System\gIOqWyl.exe
  2⤵
  PID:6252
- C:\Windows\System\NNVOfzD.exe
  C:\Windows\System\NNVOfzD.exe
  2⤵
  PID:6368
- C:\Windows\System\cEbCChW.exe
  C:\Windows\System\cEbCChW.exe
  2⤵
  PID:6400
- C:\Windows\System\svfsuyO.exe
  C:\Windows\System\svfsuyO.exe
  2⤵
  PID:6508
- C:\Windows\System\cfRUMTh.exe
  C:\Windows\System\cfRUMTh.exe
  2⤵
  PID:6584
- C:\Windows\System\sZpJTBt.exe
  C:\Windows\System\sZpJTBt.exe
  2⤵
  PID:6632
- C:\Windows\System\ulypIHL.exe
  C:\Windows\System\ulypIHL.exe
  2⤵
  PID:6844
- C:\Windows\System\jtjmyGI.exe
  C:\Windows\System\jtjmyGI.exe
  2⤵
  PID:6768
- C:\Windows\System\bCLBMeq.exe
  C:\Windows\System\bCLBMeq.exe
  2⤵
  PID:6996
- C:\Windows\System\YIkgEFa.exe
  C:\Windows\System\YIkgEFa.exe
  2⤵
  PID:6968
- C:\Windows\System\gUqXUSK.exe
  C:\Windows\System\gUqXUSK.exe
  2⤵
  PID:6904
- C:\Windows\System\mPPceqL.exe
  C:\Windows\System\mPPceqL.exe
  2⤵
  PID:7140
- C:\Windows\System\FefsXhu.exe
  C:\Windows\System\FefsXhu.exe
  2⤵
  PID:7164
- C:\Windows\System\VWqWQPg.exe
  C:\Windows\System\VWqWQPg.exe
  2⤵
  PID:6168
- C:\Windows\System\LQMwWrw.exe
  C:\Windows\System\LQMwWrw.exe
  2⤵
  PID:2092
- C:\Windows\System\RnLiTCb.exe
  C:\Windows\System\RnLiTCb.exe
  2⤵
  PID:956
- C:\Windows\System\oGLjpZr.exe
  C:\Windows\System\oGLjpZr.exe
  2⤵
  PID:6404
- C:\Windows\System\SNvgJbP.exe
  C:\Windows\System\SNvgJbP.exe
  2⤵
  PID:6328
- C:\Windows\System\ZKPFSrk.exe
  C:\Windows\System\ZKPFSrk.exe
  2⤵
  PID:6360
- C:\Windows\System\RIIfKuQ.exe
  C:\Windows\System\RIIfKuQ.exe
  2⤵
  PID:6688
- C:\Windows\System\dfoXQTV.exe
  C:\Windows\System\dfoXQTV.exe
  2⤵
  PID:6932
- C:\Windows\System\vobusOz.exe
  C:\Windows\System\vobusOz.exe
  2⤵
  PID:6980
- C:\Windows\System\GnACubF.exe
  C:\Windows\System\GnACubF.exe
  2⤵
  PID:7160
- C:\Windows\System\aYwnmsS.exe
  C:\Windows\System\aYwnmsS.exe
  2⤵
  PID:1984
- C:\Windows\System\VCYKySj.exe
  C:\Windows\System\VCYKySj.exe
  2⤵
  PID:6596
- C:\Windows\System\KcOaWiu.exe
  C:\Windows\System\KcOaWiu.exe
  2⤵
  PID:6608
- C:\Windows\System\ALYGrnS.exe
  C:\Windows\System\ALYGrnS.exe
  2⤵
  PID:7080
- C:\Windows\System\KZxSdEa.exe
  C:\Windows\System\KZxSdEa.exe
  2⤵
  PID:6472
- C:\Windows\System\poBSiYs.exe
  C:\Windows\System\poBSiYs.exe
  2⤵
  PID:6588
- C:\Windows\System\TRFzFOB.exe
  C:\Windows\System\TRFzFOB.exe
  2⤵
  PID:6964
- C:\Windows\System\fcwTIpd.exe
  C:\Windows\System\fcwTIpd.exe
  2⤵
  PID:7128
- C:\Windows\System\SYaccgB.exe
  C:\Windows\System\SYaccgB.exe
  2⤵
  PID:6984
- C:\Windows\System\LTbFlve.exe
  C:\Windows\System\LTbFlve.exe
  2⤵
  PID:6756
- C:\Windows\System\NwhdfAE.exe
  C:\Windows\System\NwhdfAE.exe
  2⤵
  PID:7184
- C:\Windows\System\kNMLGPR.exe
  C:\Windows\System\kNMLGPR.exe
  2⤵
  PID:7204
- C:\Windows\System\YAJZLGw.exe
  C:\Windows\System\YAJZLGw.exe
  2⤵
  PID:7220
- C:\Windows\System\MLqpxqg.exe
  C:\Windows\System\MLqpxqg.exe
  2⤵
  PID:7236
- C:\Windows\System\JWCdOJf.exe
  C:\Windows\System\JWCdOJf.exe
  2⤵
  PID:7252
- C:\Windows\System\vMAvBkz.exe
  C:\Windows\System\vMAvBkz.exe
  2⤵
  PID:7276
- C:\Windows\System\yvTGoJy.exe
  C:\Windows\System\yvTGoJy.exe
  2⤵
  PID:7292
- C:\Windows\System\CnmbpXB.exe
  C:\Windows\System\CnmbpXB.exe
  2⤵
  PID:7308
- C:\Windows\System\xhicrOb.exe
  C:\Windows\System\xhicrOb.exe
  2⤵
  PID:7324
- C:\Windows\System\FHilwZr.exe
  C:\Windows\System\FHilwZr.exe
  2⤵
  PID:7344
- C:\Windows\System\dMencVm.exe
  C:\Windows\System\dMencVm.exe
  2⤵
  PID:7360
- C:\Windows\System\RhNjvkf.exe
  C:\Windows\System\RhNjvkf.exe
  2⤵
  PID:7376
- C:\Windows\System\xeyhPca.exe
  C:\Windows\System\xeyhPca.exe
  2⤵
  PID:7392
- C:\Windows\System\ALOphRv.exe
  C:\Windows\System\ALOphRv.exe
  2⤵
  PID:7412
- C:\Windows\System\YcjEZIU.exe
  C:\Windows\System\YcjEZIU.exe
  2⤵
  PID:7428
- C:\Windows\System\fzXYSIS.exe
  C:\Windows\System\fzXYSIS.exe
  2⤵
  PID:7448
- C:\Windows\System\aswZXFO.exe
  C:\Windows\System\aswZXFO.exe
  2⤵
  PID:7472
- C:\Windows\System\RmDFIpG.exe
  C:\Windows\System\RmDFIpG.exe
  2⤵
  PID:7492
- C:\Windows\System\CbJWLRJ.exe
  C:\Windows\System\CbJWLRJ.exe
  2⤵
  PID:7516
- C:\Windows\System\ZMuIYdx.exe
  C:\Windows\System\ZMuIYdx.exe
  2⤵
  PID:7532
- C:\Windows\System\xrHeSAc.exe
  C:\Windows\System\xrHeSAc.exe
  2⤵
  PID:7548
- C:\Windows\System\CkpRBHt.exe
  C:\Windows\System\CkpRBHt.exe
  2⤵
  PID:7564
- C:\Windows\System\zfRqjxa.exe
  C:\Windows\System\zfRqjxa.exe
  2⤵
  PID:7580
- C:\Windows\System\HrBEJkL.exe
  C:\Windows\System\HrBEJkL.exe
  2⤵
  PID:7600
- C:\Windows\System\SaPlKcG.exe
  C:\Windows\System\SaPlKcG.exe
  2⤵
  PID:7624
- C:\Windows\System\caKkhWg.exe
  C:\Windows\System\caKkhWg.exe
  2⤵
  PID:7640
- C:\Windows\System\vXlinVz.exe
  C:\Windows\System\vXlinVz.exe
  2⤵
  PID:7656
- C:\Windows\System\sFttaOo.exe
  C:\Windows\System\sFttaOo.exe
  2⤵
  PID:7672
- C:\Windows\System\QdtuklH.exe
  C:\Windows\System\QdtuklH.exe
  2⤵
  PID:7688
- C:\Windows\System\URaEFeA.exe
  C:\Windows\System\URaEFeA.exe
  2⤵
  PID:7712
- C:\Windows\System\ZXjjJur.exe
  C:\Windows\System\ZXjjJur.exe
  2⤵
  PID:7728
- C:\Windows\System\ZuAcaJW.exe
  C:\Windows\System\ZuAcaJW.exe
  2⤵
  PID:7744
- C:\Windows\System\NfIOxFE.exe
  C:\Windows\System\NfIOxFE.exe
  2⤵
  PID:7760
- C:\Windows\System\tJRIfjv.exe
  C:\Windows\System\tJRIfjv.exe
  2⤵
  PID:7776
- C:\Windows\System\eYRFBHo.exe
  C:\Windows\System\eYRFBHo.exe
  2⤵
  PID:7828
- C:\Windows\System\DxMibXB.exe
  C:\Windows\System\DxMibXB.exe
  2⤵
  PID:7852
- C:\Windows\System\VseYXHd.exe
  C:\Windows\System\VseYXHd.exe
  2⤵
  PID:7868
- C:\Windows\System\mJxQCpH.exe
  C:\Windows\System\mJxQCpH.exe
  2⤵
  PID:7884
- C:\Windows\System\qCIzvvH.exe
  C:\Windows\System\qCIzvvH.exe
  2⤵
  PID:7904
- C:\Windows\System\ZSTkABa.exe
  C:\Windows\System\ZSTkABa.exe
  2⤵
  PID:7920
- C:\Windows\System\hoSCBej.exe
  C:\Windows\System\hoSCBej.exe
  2⤵
  PID:7940
- C:\Windows\System\FKBwYmQ.exe
  C:\Windows\System\FKBwYmQ.exe
  2⤵
  PID:7956
- C:\Windows\System\jffgiHv.exe
  C:\Windows\System\jffgiHv.exe
  2⤵
  PID:7972
- C:\Windows\System\SaDRyEm.exe
  C:\Windows\System\SaDRyEm.exe
  2⤵
  PID:7988
- C:\Windows\System\kLQtqhu.exe
  C:\Windows\System\kLQtqhu.exe
  2⤵
  PID:8004
- C:\Windows\System\uDoylRH.exe
  C:\Windows\System\uDoylRH.exe
  2⤵
  PID:8024
- C:\Windows\System\KpgDEkT.exe
  C:\Windows\System\KpgDEkT.exe
  2⤵
  PID:8048
- C:\Windows\System\iGPjCoD.exe
  C:\Windows\System\iGPjCoD.exe
  2⤵
  PID:8068
- C:\Windows\System\hZxJClZ.exe
  C:\Windows\System\hZxJClZ.exe
  2⤵
  PID:8084
- C:\Windows\System\gfRjCnd.exe
  C:\Windows\System\gfRjCnd.exe
  2⤵
  PID:8100
- C:\Windows\System\XOmxOHj.exe
  C:\Windows\System\XOmxOHj.exe
  2⤵
  PID:8116
- C:\Windows\System\XLnsOvy.exe
  C:\Windows\System\XLnsOvy.exe
  2⤵
  PID:8132
- C:\Windows\System\oJRZYrA.exe
  C:\Windows\System\oJRZYrA.exe
  2⤵
  PID:8156
- C:\Windows\System\XmoQtic.exe
  C:\Windows\System\XmoQtic.exe
  2⤵
  PID:8180
- C:\Windows\System\WZDYnLX.exe
  C:\Windows\System\WZDYnLX.exe
  2⤵
  PID:6488
- C:\Windows\System\rIlKzxE.exe
  C:\Windows\System\rIlKzxE.exe
  2⤵
  PID:7180
- C:\Windows\System\vXRTvXQ.exe
  C:\Windows\System\vXRTvXQ.exe
  2⤵
  PID:7216
- C:\Windows\System\ZSVMXOm.exe
  C:\Windows\System\ZSVMXOm.exe
  2⤵
  PID:7260
- C:\Windows\System\ZsdfYPT.exe
  C:\Windows\System\ZsdfYPT.exe
  2⤵
  PID:7316
- C:\Windows\System\EuAInHw.exe
  C:\Windows\System\EuAInHw.exe
  2⤵
  PID:7304
- C:\Windows\System\SEowkQB.exe
  C:\Windows\System\SEowkQB.exe
  2⤵
  PID:7356
- C:\Windows\System\LsPiVbm.exe
  C:\Windows\System\LsPiVbm.exe
  2⤵
  PID:7424
- C:\Windows\System\WMHPEfJ.exe
  C:\Windows\System\WMHPEfJ.exe
  2⤵
  PID:7460
- C:\Windows\System\kLTZBou.exe
  C:\Windows\System\kLTZBou.exe
  2⤵
  PID:2192
- C:\Windows\System\DzVLpUz.exe
  C:\Windows\System\DzVLpUz.exe
  2⤵
  PID:7504
- C:\Windows\System\sQQUPMA.exe
  C:\Windows\System\sQQUPMA.exe
  2⤵
  PID:7544
- C:\Windows\System\wWOXxdi.exe
  C:\Windows\System\wWOXxdi.exe
  2⤵
  PID:1664
- C:\Windows\System\bYEzFNw.exe
  C:\Windows\System\bYEzFNw.exe
  2⤵
  PID:7588
- C:\Windows\System\wyWjTsk.exe
  C:\Windows\System\wyWjTsk.exe
  2⤵
  PID:7612
- C:\Windows\System\BkrLavN.exe
  C:\Windows\System\BkrLavN.exe
  2⤵
  PID:7652
- C:\Windows\System\kSFgAoz.exe
  C:\Windows\System\kSFgAoz.exe
  2⤵
  PID:7664
- C:\Windows\System\uneHvja.exe
  C:\Windows\System\uneHvja.exe
  2⤵
  PID:7636
- C:\Windows\System\DBjhCmX.exe
  C:\Windows\System\DBjhCmX.exe
  2⤵
  PID:7704
- C:\Windows\System\MZVSvqW.exe
  C:\Windows\System\MZVSvqW.exe
  2⤵
  PID:7788
- C:\Windows\System\keEbMAO.exe
  C:\Windows\System\keEbMAO.exe
  2⤵
  PID:7804
- C:\Windows\System\dfhFphe.exe
  C:\Windows\System\dfhFphe.exe
  2⤵
  PID:7820
- C:\Windows\System\qJemRRb.exe
  C:\Windows\System\qJemRRb.exe
  2⤵
  PID:7840
- C:\Windows\System\HhNeqvx.exe
  C:\Windows\System\HhNeqvx.exe
  2⤵
  PID:7864
- C:\Windows\System\ZRvBbOb.exe
  C:\Windows\System\ZRvBbOb.exe
  2⤵
  PID:7896
- C:\Windows\System\kFcrbTd.exe
  C:\Windows\System\kFcrbTd.exe
  2⤵
  PID:7936
- C:\Windows\System\rtHBUNl.exe
  C:\Windows\System\rtHBUNl.exe
  2⤵
  PID:7952
- C:\Windows\System\TNvtUYF.exe
  C:\Windows\System\TNvtUYF.exe
  2⤵
  PID:8000
- C:\Windows\System\pynYZnB.exe
  C:\Windows\System\pynYZnB.exe
  2⤵
  PID:8016
- C:\Windows\System\TskJMFO.exe
  C:\Windows\System\TskJMFO.exe
  2⤵
  PID:8020
- C:\Windows\System\UgoLQDT.exe
  C:\Windows\System\UgoLQDT.exe
  2⤵
  PID:8064
- C:\Windows\System\MkSRPJx.exe
  C:\Windows\System\MkSRPJx.exe
  2⤵
  PID:8092
- C:\Windows\System\FlMAMGt.exe
  C:\Windows\System\FlMAMGt.exe
  2⤵
  PID:8152
- C:\Windows\System\KIeJIcN.exe
  C:\Windows\System\KIeJIcN.exe
  2⤵
  PID:8168
- C:\Windows\System\fAklEhD.exe
  C:\Windows\System\fAklEhD.exe
  2⤵
  PID:8172
- C:\Windows\System\bdiuvLd.exe
  C:\Windows\System\bdiuvLd.exe
  2⤵
  PID:7172
- C:\Windows\System\dhrCDbP.exe
  C:\Windows\System\dhrCDbP.exe
  2⤵
  PID:7272
- C:\Windows\System\ScxtfzL.exe
  C:\Windows\System\ScxtfzL.exe
  2⤵
  PID:7268
- C:\Windows\System\GXDuXSu.exe
  C:\Windows\System\GXDuXSu.exe
  2⤵
  PID:7300
- C:\Windows\System\hcceDfV.exe
  C:\Windows\System\hcceDfV.exe
  2⤵
  PID:7404
- C:\Windows\System\hGLaytD.exe
  C:\Windows\System\hGLaytD.exe
  2⤵
  PID:7444
- C:\Windows\System\szFSvKh.exe
  C:\Windows\System\szFSvKh.exe
  2⤵
  PID:7488
- C:\Windows\System\jYEhyWV.exe
  C:\Windows\System\jYEhyWV.exe
  2⤵
  PID:7608
- C:\Windows\System\IzOvALl.exe
  C:\Windows\System\IzOvALl.exe
  2⤵
  PID:7576
- C:\Windows\System\jeVLCDr.exe
  C:\Windows\System\jeVLCDr.exe
  2⤵
  PID:7680
- C:\Windows\System\DqxHsqM.exe
  C:\Windows\System\DqxHsqM.exe
  2⤵
  PID:7756
- C:\Windows\System\GPyrrwT.exe
  C:\Windows\System\GPyrrwT.exe
  2⤵
  PID:7768
- C:\Windows\System\bCCRePE.exe
  C:\Windows\System\bCCRePE.exe
  2⤵
  PID:7836
- C:\Windows\System\WGfaXAC.exe
  C:\Windows\System\WGfaXAC.exe
  2⤵
  PID:7848
- C:\Windows\System\KLfgwWE.exe
  C:\Windows\System\KLfgwWE.exe
  2⤵
  PID:7912
- C:\Windows\System\PCinNnc.exe
  C:\Windows\System\PCinNnc.exe
  2⤵
  PID:7388
- C:\Windows\System\uQJNlUI.exe
  C:\Windows\System\uQJNlUI.exe
  2⤵
  PID:7340
- C:\Windows\System\eOyOvNm.exe
  C:\Windows\System\eOyOvNm.exe
  2⤵
  PID:7484
- C:\Windows\System\XRgxQHe.exe
  C:\Windows\System\XRgxQHe.exe
  2⤵
  PID:7420
- C:\Windows\System\xZlppUN.exe
  C:\Windows\System\xZlppUN.exe
  2⤵
  PID:7892
- C:\Windows\System\BovnDTN.exe
  C:\Windows\System\BovnDTN.exe
  2⤵
  PID:7880
- C:\Windows\System\oUTSrvO.exe
  C:\Windows\System\oUTSrvO.exe
  2⤵
  PID:7980
- C:\Windows\System\uFDAhNN.exe
  C:\Windows\System\uFDAhNN.exe
  2⤵
  PID:8040
- C:\Windows\System\YXtWhbx.exe
  C:\Windows\System\YXtWhbx.exe
  2⤵
  PID:8108
- C:\Windows\System\iMCGzdf.exe
  C:\Windows\System\iMCGzdf.exe
  2⤵
  PID:7200
- C:\Windows\System\ftUYDmM.exe
  C:\Windows\System\ftUYDmM.exe
  2⤵
  PID:7684
- C:\Windows\System\yuhEfwS.exe
  C:\Windows\System\yuhEfwS.exe
  2⤵
  PID:7456
- C:\Windows\System\QNCGQbs.exe
  C:\Windows\System\QNCGQbs.exe
  2⤵
  PID:7228
- C:\Windows\System\TXGmuea.exe
  C:\Windows\System\TXGmuea.exe
  2⤵
  PID:7668
- C:\Windows\System\ugvfEGn.exe
  C:\Windows\System\ugvfEGn.exe
  2⤵
  PID:7708
- C:\Windows\System\MxSAwxn.exe
  C:\Windows\System\MxSAwxn.exe
  2⤵
  PID:7332
- C:\Windows\System\YIFmSNh.exe
  C:\Windows\System\YIFmSNh.exe
  2⤵
  PID:7996
- C:\Windows\System\BZpfIcf.exe
  C:\Windows\System\BZpfIcf.exe
  2⤵
  PID:7752
- C:\Windows\System\uIEJcgS.exe
  C:\Windows\System\uIEJcgS.exe
  2⤵
  PID:8196
- C:\Windows\System\QDlKgCg.exe
  C:\Windows\System\QDlKgCg.exe
  2⤵
  PID:8216
- C:\Windows\System\AYIDNxv.exe
  C:\Windows\System\AYIDNxv.exe
  2⤵
  PID:8236
- C:\Windows\System\MlMAwUP.exe
  C:\Windows\System\MlMAwUP.exe
  2⤵
  PID:8272
- C:\Windows\System\zePqHDd.exe
  C:\Windows\System\zePqHDd.exe
  2⤵
  PID:8288
- C:\Windows\System\SuOXeYs.exe
  C:\Windows\System\SuOXeYs.exe
  2⤵
  PID:8312
- C:\Windows\System\DRGAlQW.exe
  C:\Windows\System\DRGAlQW.exe
  2⤵
  PID:8328
- C:\Windows\System\eYrRYPB.exe
  C:\Windows\System\eYrRYPB.exe
  2⤵
  PID:8352
- C:\Windows\System\GcDdjKz.exe
  C:\Windows\System\GcDdjKz.exe
  2⤵
  PID:8368
- C:\Windows\System\TXvkQVj.exe
  C:\Windows\System\TXvkQVj.exe
  2⤵
  PID:8388
- C:\Windows\System\eBebKNv.exe
  C:\Windows\System\eBebKNv.exe
  2⤵
  PID:8404
- C:\Windows\System\EbxiejH.exe
  C:\Windows\System\EbxiejH.exe
  2⤵
  PID:8428
- C:\Windows\System\WHYFjQH.exe
  C:\Windows\System\WHYFjQH.exe
  2⤵
  PID:8444
- C:\Windows\System\sItvTpQ.exe
  C:\Windows\System\sItvTpQ.exe
  2⤵
  PID:8476
- C:\Windows\System\aeJGTXA.exe
  C:\Windows\System\aeJGTXA.exe
  2⤵
  PID:8492
- C:\Windows\System\ObQFuEz.exe
  C:\Windows\System\ObQFuEz.exe
  2⤵
  PID:8508
- C:\Windows\System\PAZndGn.exe
  C:\Windows\System\PAZndGn.exe
  2⤵
  PID:8524
- C:\Windows\System\RCbfSOk.exe
  C:\Windows\System\RCbfSOk.exe
  2⤵
  PID:8544
- C:\Windows\System\rZBwFvx.exe
  C:\Windows\System\rZBwFvx.exe
  2⤵
  PID:8560
- C:\Windows\System\byWfZaD.exe
  C:\Windows\System\byWfZaD.exe
  2⤵
  PID:8576
- C:\Windows\System\PIIIghu.exe
  C:\Windows\System\PIIIghu.exe
  2⤵
  PID:8592
- C:\Windows\System\TKmeKve.exe
  C:\Windows\System\TKmeKve.exe
  2⤵
  PID:8624
- C:\Windows\System\MoHveJT.exe
  C:\Windows\System\MoHveJT.exe
  2⤵
  PID:8640
- C:\Windows\System\xQyHNGz.exe
  C:\Windows\System\xQyHNGz.exe
  2⤵
  PID:8660
- C:\Windows\System\jVBQMvX.exe
  C:\Windows\System\jVBQMvX.exe
  2⤵
  PID:8676
- C:\Windows\System\zyMVeaG.exe
  C:\Windows\System\zyMVeaG.exe
  2⤵
  PID:8700
- C:\Windows\System\REeESov.exe
  C:\Windows\System\REeESov.exe
  2⤵
  PID:8736
- C:\Windows\System\XnBwzfR.exe
  C:\Windows\System\XnBwzfR.exe
  2⤵
  PID:8764
- C:\Windows\System\vCCVXwf.exe
  C:\Windows\System\vCCVXwf.exe
  2⤵
  PID:8780
- C:\Windows\System\gaCbfyl.exe
  C:\Windows\System\gaCbfyl.exe
  2⤵
  PID:8808
- C:\Windows\System\lzzIVvl.exe
  C:\Windows\System\lzzIVvl.exe
  2⤵
  PID:8828
- C:\Windows\System\pAKOiND.exe
  C:\Windows\System\pAKOiND.exe
  2⤵
  PID:8844
- C:\Windows\System\SPAvPzF.exe
  C:\Windows\System\SPAvPzF.exe
  2⤵
  PID:8864
- C:\Windows\System\AqLQqEZ.exe
  C:\Windows\System\AqLQqEZ.exe
  2⤵
  PID:8880
- C:\Windows\System\DpgvcJn.exe
  C:\Windows\System\DpgvcJn.exe
  2⤵
  PID:8900
- C:\Windows\System\dBHkwVh.exe
  C:\Windows\System\dBHkwVh.exe
  2⤵
  PID:8924
- C:\Windows\System\KEyELxX.exe
  C:\Windows\System\KEyELxX.exe
  2⤵
  PID:8944
- C:\Windows\System\KoqOswy.exe
  C:\Windows\System\KoqOswy.exe
  2⤵
  PID:8960
- C:\Windows\System\FTmneke.exe
  C:\Windows\System\FTmneke.exe
  2⤵
  PID:8980
- C:\Windows\System\mADiSBR.exe
  C:\Windows\System\mADiSBR.exe
  2⤵
  PID:8996
- C:\Windows\System\iUGGilh.exe
  C:\Windows\System\iUGGilh.exe
  2⤵
  PID:9020
- C:\Windows\System\jUXogVj.exe
  C:\Windows\System\jUXogVj.exe
  2⤵
  PID:9048
- C:\Windows\System\tTGIwij.exe
  C:\Windows\System\tTGIwij.exe
  2⤵
  PID:9064
- C:\Windows\System\omEWlxP.exe
  C:\Windows\System\omEWlxP.exe
  2⤵
  PID:9080
- C:\Windows\System\LYkxlis.exe
  C:\Windows\System\LYkxlis.exe
  2⤵
  PID:9108
- C:\Windows\System\mHeBmlf.exe
  C:\Windows\System\mHeBmlf.exe
  2⤵
  PID:9128
- C:\Windows\System\unsHoXQ.exe
  C:\Windows\System\unsHoXQ.exe
  2⤵
  PID:9144
- C:\Windows\System\BOUQuQG.exe
  C:\Windows\System\BOUQuQG.exe
  2⤵
  PID:9164
- C:\Windows\System\byVJEiC.exe
  C:\Windows\System\byVJEiC.exe
  2⤵
  PID:9184
- C:\Windows\System\xSHIYWu.exe
  C:\Windows\System\xSHIYWu.exe
  2⤵
  PID:9208
- C:\Windows\System\gzOOkKW.exe
  C:\Windows\System\gzOOkKW.exe
  2⤵
  PID:8060
- C:\Windows\System\BXCrXWa.exe
  C:\Windows\System\BXCrXWa.exe
  2⤵
  PID:8256
- C:\Windows\System\maTFtdg.exe
  C:\Windows\System\maTFtdg.exe
  2⤵
  PID:8248
- C:\Windows\System\MMiqrwQ.exe
  C:\Windows\System\MMiqrwQ.exe
  2⤵
  PID:8308
- C:\Windows\System\UDmrvVC.exe
  C:\Windows\System\UDmrvVC.exe
  2⤵
  PID:8336
- C:\Windows\System\HOTiYSg.exe
  C:\Windows\System\HOTiYSg.exe
  2⤵
  PID:8380
- C:\Windows\System\yYtFQXj.exe
  C:\Windows\System\yYtFQXj.exe
  2⤵
  PID:8424
- C:\Windows\System\tvnrLgm.exe
  C:\Windows\System\tvnrLgm.exe
  2⤵
  PID:8452
- C:\Windows\System\TevYxhY.exe
  C:\Windows\System\TevYxhY.exe
  2⤵
  PID:8504
- C:\Windows\System\ZXOmmqM.exe
  C:\Windows\System\ZXOmmqM.exe
  2⤵
  PID:8568
- C:\Windows\System\PWtlLiM.exe
  C:\Windows\System\PWtlLiM.exe
  2⤵
  PID:8612
- C:\Windows\System\nHyWRAU.exe
  C:\Windows\System\nHyWRAU.exe
  2⤵
  PID:8688
- C:\Windows\System\KLbhgLO.exe
  C:\Windows\System\KLbhgLO.exe
  2⤵
  PID:8556
- C:\Windows\System\kxhTlHe.exe
  C:\Windows\System\kxhTlHe.exe
  2⤵
  PID:8732
- C:\Windows\System\jwLYwcb.exe
  C:\Windows\System\jwLYwcb.exe
  2⤵
  PID:8636
- C:\Windows\System\RxLfCdw.exe
  C:\Windows\System\RxLfCdw.exe
  2⤵
  PID:8720
- C:\Windows\System\wUvqlzy.exe
  C:\Windows\System\wUvqlzy.exe
  2⤵
  PID:8792
- C:\Windows\System\ZhCCeOQ.exe
  C:\Windows\System\ZhCCeOQ.exe
  2⤵
  PID:8824
- C:\Windows\System\MPMDJiZ.exe
  C:\Windows\System\MPMDJiZ.exe
  2⤵
  PID:8872
- C:\Windows\System\gKxNweU.exe
  C:\Windows\System\gKxNweU.exe
  2⤵
  PID:8920
- C:\Windows\System\XRhcsMc.exe
  C:\Windows\System\XRhcsMc.exe
  2⤵
  PID:8888
- C:\Windows\System\UXSnOoY.exe
  C:\Windows\System\UXSnOoY.exe
  2⤵
  PID:8956
- C:\Windows\System\XSjJrQt.exe
  C:\Windows\System\XSjJrQt.exe
  2⤵
  PID:8968
- C:\Windows\System\wZkYVQW.exe
  C:\Windows\System\wZkYVQW.exe
  2⤵
  PID:9028
- C:\Windows\System\aVSlJtD.exe
  C:\Windows\System\aVSlJtD.exe
  2⤵
  PID:9072
- C:\Windows\System\UQgVYzZ.exe
  C:\Windows\System\UQgVYzZ.exe
  2⤵
  PID:9088
- C:\Windows\System\hmiqNPU.exe
  C:\Windows\System\hmiqNPU.exe
  2⤵
  PID:9104
- C:\Windows\System\pBtBmCt.exe
  C:\Windows\System\pBtBmCt.exe
  2⤵
  PID:9156
- C:\Windows\System\VRqhnoc.exe
  C:\Windows\System\VRqhnoc.exe
  2⤵
  PID:9140
- C:\Windows\System\bSfkxNt.exe
  C:\Windows\System\bSfkxNt.exe
  2⤵
  PID:8244
- C:\Windows\System\AmOJjmO.exe
  C:\Windows\System\AmOJjmO.exe
  2⤵
  PID:8096
- C:\Windows\System\ZQvIdzS.exe
  C:\Windows\System\ZQvIdzS.exe
  2⤵
  PID:8304
- C:\Windows\System\BBAQAYR.exe
  C:\Windows\System\BBAQAYR.exe
  2⤵
  PID:8396
- C:\Windows\System\UQIfOQE.exe
  C:\Windows\System\UQIfOQE.exe
  2⤵
  PID:8400
- C:\Windows\System\FNguXMJ.exe
  C:\Windows\System\FNguXMJ.exe
  2⤵
  PID:8536
- C:\Windows\System\RovXFRg.exe
  C:\Windows\System\RovXFRg.exe
  2⤵
  PID:8692
- C:\Windows\System\DJiRsxx.exe
  C:\Windows\System\DJiRsxx.exe
  2⤵
  PID:8608
- C:\Windows\System\RIBGWRm.exe
  C:\Windows\System\RIBGWRm.exe
  2⤵
  PID:8584
- C:\Windows\System\UwqdTCz.exe
  C:\Windows\System\UwqdTCz.exe
  2⤵
  PID:8748
- C:\Windows\System\WqOrLia.exe
  C:\Windows\System\WqOrLia.exe
  2⤵
  PID:8772
- C:\Windows\System\ZJmaNfx.exe
  C:\Windows\System\ZJmaNfx.exe
  2⤵
  PID:8860
- C:\Windows\System\PvRSvVh.exe
  C:\Windows\System\PvRSvVh.exe
  2⤵
  PID:8988
- C:\Windows\System\nIctmVt.exe
  C:\Windows\System\nIctmVt.exe
  2⤵
  PID:8916
- C:\Windows\System\tUmuXSD.exe
  C:\Windows\System\tUmuXSD.exe
  2⤵
  PID:9044
- C:\Windows\System\XxsaZRd.exe
  C:\Windows\System\XxsaZRd.exe
  2⤵
  PID:9124
- C:\Windows\System\prumaOb.exe
  C:\Windows\System\prumaOb.exe
  2⤵
  PID:9200
- C:\Windows\System\hUFpsqw.exe
  C:\Windows\System\hUFpsqw.exe
  2⤵
  PID:8224
- C:\Windows\System\eNKXItS.exe
  C:\Windows\System\eNKXItS.exe
  2⤵
  PID:8212
- C:\Windows\System\riJcNXl.exe
  C:\Windows\System\riJcNXl.exe
  2⤵
  PID:8228
- C:\Windows\System\TbsVXbe.exe
  C:\Windows\System\TbsVXbe.exe
  2⤵
  PID:8648
- C:\Windows\System\cTVNGAu.exe
  C:\Windows\System\cTVNGAu.exe
  2⤵
  PID:8488
- C:\Windows\System\fKvveVt.exe
  C:\Windows\System\fKvveVt.exe
  2⤵
  PID:8724
- C:\Windows\System\zkOREXG.exe
  C:\Windows\System\zkOREXG.exe
  2⤵
  PID:8540
- C:\Windows\System\TSwfpNm.exe
  C:\Windows\System\TSwfpNm.exe
  2⤵
  PID:8744
- C:\Windows\System\gmKiYRz.exe
  C:\Windows\System\gmKiYRz.exe
  2⤵
  PID:9036
- C:\Windows\System\ghrUztu.exe
  C:\Windows\System\ghrUztu.exe
  2⤵
  PID:9016
- C:\Windows\System\uLeiNew.exe
  C:\Windows\System\uLeiNew.exe
  2⤵
  PID:9060
- C:\Windows\System\eEEazvX.exe
  C:\Windows\System\eEEazvX.exe
  2⤵
  PID:8468
- C:\Windows\System\VwKPujC.exe
  C:\Windows\System\VwKPujC.exe
  2⤵
  PID:8324
- C:\Windows\System\MgxQMvU.exe
  C:\Windows\System\MgxQMvU.exe
  2⤵
  PID:8992
- C:\Windows\System\FhvKNMU.exe
  C:\Windows\System\FhvKNMU.exe
  2⤵
  PID:8552
- C:\Windows\System\LlqMUKd.exe
  C:\Windows\System\LlqMUKd.exe
  2⤵
  PID:8752
- C:\Windows\System\biEimVA.exe
  C:\Windows\System\biEimVA.exe
  2⤵
  PID:8840
- C:\Windows\System\QVfiSNm.exe
  C:\Windows\System\QVfiSNm.exe
  2⤵
  PID:8300
- C:\Windows\System\KtPUJeZ.exe
  C:\Windows\System\KtPUJeZ.exe
  2⤵
  PID:8340
- C:\Windows\System\OUQrmhk.exe
  C:\Windows\System\OUQrmhk.exe
  2⤵
  PID:8668
- C:\Windows\System\hqSTywv.exe
  C:\Windows\System\hqSTywv.exe
  2⤵
  PID:9056
- C:\Windows\System\iQYivKB.exe
  C:\Windows\System\iQYivKB.exe
  2⤵
  PID:8364
- C:\Windows\System\ROVWYri.exe
  C:\Windows\System\ROVWYri.exe
  2⤵
  PID:8672
- C:\Windows\System\yjwrlcp.exe
  C:\Windows\System\yjwrlcp.exe
  2⤵
  PID:9176
- C:\Windows\System\QPGixXL.exe
  C:\Windows\System\QPGixXL.exe
  2⤵
  PID:9012
- C:\Windows\System\CWICNVW.exe
  C:\Windows\System\CWICNVW.exe
  2⤵
  PID:8652
- C:\Windows\System\QWznDpf.exe
  C:\Windows\System\QWznDpf.exe
  2⤵
  PID:9232
- C:\Windows\System\rkLuBSt.exe
  C:\Windows\System\rkLuBSt.exe
  2⤵
  PID:9248
- C:\Windows\System\RtNnsRc.exe
  C:\Windows\System\RtNnsRc.exe
  2⤵
  PID:9264
- C:\Windows\System\lRCebhK.exe
  C:\Windows\System\lRCebhK.exe
  2⤵
  PID:9280
- C:\Windows\System\cgTzVRL.exe
  C:\Windows\System\cgTzVRL.exe
  2⤵
  PID:9296
- C:\Windows\System\iAgkDdn.exe
  C:\Windows\System\iAgkDdn.exe
  2⤵
  PID:9312
- C:\Windows\System\KoSJVlR.exe
  C:\Windows\System\KoSJVlR.exe
  2⤵
  PID:9328
- C:\Windows\System\yqLroMc.exe
  C:\Windows\System\yqLroMc.exe
  2⤵
  PID:9344
- C:\Windows\System\fEWyfUf.exe
  C:\Windows\System\fEWyfUf.exe
  2⤵
  PID:9360
- C:\Windows\System\rrFuCMM.exe
  C:\Windows\System\rrFuCMM.exe
  2⤵
  PID:9376
- C:\Windows\System\GNegluA.exe
  C:\Windows\System\GNegluA.exe
  2⤵
  PID:9392
- C:\Windows\System\ohgNXSR.exe
  C:\Windows\System\ohgNXSR.exe
  2⤵
  PID:9408
- C:\Windows\System\YTxLRQW.exe
  C:\Windows\System\YTxLRQW.exe
  2⤵
  PID:9424
- C:\Windows\System\oTFzFLU.exe
  C:\Windows\System\oTFzFLU.exe
  2⤵
  PID:9444
- C:\Windows\System\CNbmDNQ.exe
  C:\Windows\System\CNbmDNQ.exe
  2⤵
  PID:9460
- C:\Windows\System\NcXPRYA.exe
  C:\Windows\System\NcXPRYA.exe
  2⤵
  PID:9480
- C:\Windows\System\pYpjMid.exe
  C:\Windows\System\pYpjMid.exe
  2⤵
  PID:9496
- C:\Windows\System\UzJGWXO.exe
  C:\Windows\System\UzJGWXO.exe
  2⤵
  PID:9512
- C:\Windows\System\pTtRlnA.exe
  C:\Windows\System\pTtRlnA.exe
  2⤵
  PID:9528
- C:\Windows\System\cCzEXAS.exe
  C:\Windows\System\cCzEXAS.exe
  2⤵
  PID:9544
- C:\Windows\System\ArosKdf.exe
  C:\Windows\System\ArosKdf.exe
  2⤵
  PID:9560
- C:\Windows\System\aEJkpph.exe
  C:\Windows\System\aEJkpph.exe
  2⤵
  PID:9576
- C:\Windows\System\zbzUZoP.exe
  C:\Windows\System\zbzUZoP.exe
  2⤵
  PID:9592
- C:\Windows\System\WwwHvIr.exe
  C:\Windows\System\WwwHvIr.exe
  2⤵
  PID:9608
- C:\Windows\System\XFXpJDe.exe
  C:\Windows\System\XFXpJDe.exe
  2⤵
  PID:9624
- C:\Windows\System\xQMSPDp.exe
  C:\Windows\System\xQMSPDp.exe
  2⤵
  PID:9640
- C:\Windows\System\gQRAJSP.exe
  C:\Windows\System\gQRAJSP.exe
  2⤵
  PID:9656
- C:\Windows\System\uBvNYej.exe
  C:\Windows\System\uBvNYej.exe
  2⤵
  PID:9672
- C:\Windows\System\GBSWYNP.exe
  C:\Windows\System\GBSWYNP.exe
  2⤵
  PID:9688
- C:\Windows\System\vDkicXS.exe
  C:\Windows\System\vDkicXS.exe
  2⤵
  PID:9704
- C:\Windows\System\TXrjPCc.exe
  C:\Windows\System\TXrjPCc.exe
  2⤵
  PID:9720
- C:\Windows\System\PQldvzu.exe
  C:\Windows\System\PQldvzu.exe
  2⤵
  PID:9736
- C:\Windows\System\sWfqpoY.exe
  C:\Windows\System\sWfqpoY.exe
  2⤵
  PID:9752
- C:\Windows\System\vNvDgXk.exe
  C:\Windows\System\vNvDgXk.exe
  2⤵
  PID:9768
- C:\Windows\System\DJVMfPL.exe
  C:\Windows\System\DJVMfPL.exe
  2⤵
  PID:9784
- C:\Windows\System\cayWvUG.exe
  C:\Windows\System\cayWvUG.exe
  2⤵
  PID:9800
- C:\Windows\System\ahvInvG.exe
  C:\Windows\System\ahvInvG.exe
  2⤵
  PID:9816
- C:\Windows\System\DDZsGQV.exe
  C:\Windows\System\DDZsGQV.exe
  2⤵
  PID:9832
- C:\Windows\System\XqKkliZ.exe
  C:\Windows\System\XqKkliZ.exe
  2⤵
  PID:9848
- C:\Windows\System\efeklbE.exe
  C:\Windows\System\efeklbE.exe
  2⤵
  PID:9864
- C:\Windows\System\NEVHCWl.exe
  C:\Windows\System\NEVHCWl.exe
  2⤵
  PID:9880
- C:\Windows\System\dIeldha.exe
  C:\Windows\System\dIeldha.exe
  2⤵
  PID:9896
- C:\Windows\System\WNnxHwZ.exe
  C:\Windows\System\WNnxHwZ.exe
  2⤵
  PID:9912
- C:\Windows\System\WcMyxNt.exe
  C:\Windows\System\WcMyxNt.exe
  2⤵
  PID:9928
- C:\Windows\System\uTzNBlR.exe
  C:\Windows\System\uTzNBlR.exe
  2⤵
  PID:9944
- C:\Windows\System\KzxCwrh.exe
  C:\Windows\System\KzxCwrh.exe
  2⤵
  PID:9960
- C:\Windows\System\xlNcmjg.exe
  C:\Windows\System\xlNcmjg.exe
  2⤵
  PID:9976
- C:\Windows\System\qfteoFR.exe
  C:\Windows\System\qfteoFR.exe
  2⤵
  PID:9996
- C:\Windows\System\nmFkrVG.exe
  C:\Windows\System\nmFkrVG.exe
  2⤵
  PID:10016
- C:\Windows\System\ZMetQpi.exe
  C:\Windows\System\ZMetQpi.exe
  2⤵
  PID:10040
- C:\Windows\System\LraoiVs.exe
  C:\Windows\System\LraoiVs.exe
  2⤵
  PID:10060
- C:\Windows\System\tlIjKmz.exe
  C:\Windows\System\tlIjKmz.exe
  2⤵
  PID:10076
- C:\Windows\System\JSYIRZX.exe
  C:\Windows\System\JSYIRZX.exe
  2⤵
  PID:10092
- C:\Windows\System\vXsZiqC.exe
  C:\Windows\System\vXsZiqC.exe
  2⤵
  PID:10108
- C:\Windows\System\imazAez.exe
  C:\Windows\System\imazAez.exe
  2⤵
  PID:10124
- C:\Windows\System\sShEwpR.exe
  C:\Windows\System\sShEwpR.exe
  2⤵
  PID:10148
- C:\Windows\System\vfILdIJ.exe
  C:\Windows\System\vfILdIJ.exe
  2⤵
  PID:10164
- C:\Windows\System\jUimgMs.exe
  C:\Windows\System\jUimgMs.exe
  2⤵
  PID:10180
- C:\Windows\System\ktdYBbB.exe
  C:\Windows\System\ktdYBbB.exe
  2⤵
  PID:10196
- C:\Windows\System\aAPuDuL.exe
  C:\Windows\System\aAPuDuL.exe
  2⤵
  PID:10212
- C:\Windows\System\uauMIFJ.exe
  C:\Windows\System\uauMIFJ.exe
  2⤵
  PID:10228
- C:\Windows\System\sNghodx.exe
  C:\Windows\System\sNghodx.exe
  2⤵
  PID:9224
- C:\Windows\System\orvtQUF.exe
  C:\Windows\System\orvtQUF.exe
  2⤵
  PID:9292
- C:\Windows\System\iPqnWJB.exe
  C:\Windows\System\iPqnWJB.exe
  2⤵
  PID:9308
- C:\Windows\System\wLgbhjr.exe
  C:\Windows\System\wLgbhjr.exe
  2⤵
  PID:9356
- C:\Windows\System\pjudaSa.exe
  C:\Windows\System\pjudaSa.exe
  2⤵
  PID:9404
- C:\Windows\System\DHesNlf.exe
  C:\Windows\System\DHesNlf.exe
  2⤵
  PID:9436
- C:\Windows\System\BvOjGga.exe
  C:\Windows\System\BvOjGga.exe
  2⤵
  PID:9472
- C:\Windows\System\vXQgJXD.exe
  C:\Windows\System\vXQgJXD.exe
  2⤵
  PID:9524
- C:\Windows\System\iwoKSgt.exe
  C:\Windows\System\iwoKSgt.exe
  2⤵
  PID:9540
- C:\Windows\System\LIcWTNN.exe
  C:\Windows\System\LIcWTNN.exe
  2⤵
  PID:9572
- C:\Windows\System\rAACcIv.exe
  C:\Windows\System\rAACcIv.exe
  2⤵
  PID:9588
- C:\Windows\System\cQAsRiu.exe
  C:\Windows\System\cQAsRiu.exe
  2⤵
  PID:9636
- C:\Windows\System\pLnpKtA.exe
  C:\Windows\System\pLnpKtA.exe
  2⤵
  PID:9668
- C:\Windows\System\UCDEoar.exe
  C:\Windows\System\UCDEoar.exe
  2⤵
  PID:9728
- C:\Windows\System\OlCGyww.exe
  C:\Windows\System\OlCGyww.exe
  2⤵
  PID:9748
- C:\Windows\System\GTrBFsQ.exe
  C:\Windows\System\GTrBFsQ.exe
  2⤵
  PID:9796
- C:\Windows\System\CXzYUce.exe
  C:\Windows\System\CXzYUce.exe
  2⤵
  PID:9812
- C:\Windows\System\AHmgXcm.exe
  C:\Windows\System\AHmgXcm.exe
  2⤵
  PID:9844
- C:\Windows\System\PaflcXv.exe
  C:\Windows\System\PaflcXv.exe
  2⤵
  PID:9872
- C:\Windows\System\fAlWRqA.exe
  C:\Windows\System\fAlWRqA.exe
  2⤵
  PID:9956
- C:\Windows\System\NMnnhzL.exe
  C:\Windows\System\NMnnhzL.exe
  2⤵
  PID:9984
- C:\Windows\System\COGjgGf.exe
  C:\Windows\System\COGjgGf.exe
  2⤵
  PID:9476
- C:\Windows\System\mzWpzpG.exe
  C:\Windows\System\mzWpzpG.exe
  2⤵
  PID:10012
- C:\Windows\System\VefGLuT.exe
  C:\Windows\System\VefGLuT.exe
  2⤵
  PID:10056
- C:\Windows\System\vejySuL.exe
  C:\Windows\System\vejySuL.exe
  2⤵
  PID:10104
- C:\Windows\System\hOXAAkV.exe
  C:\Windows\System\hOXAAkV.exe
  2⤵
  PID:10120

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BrSMXJf.exe

Filesize
6.0MB

MD5
a2a1862d933a4f47fdf4a9f527e52ff9

SHA1
63675227350746446b1db1f6ff626b6ddee90e82

SHA256
2131a6a2c1f709098204d320bb6677321563aa53ab6e5093ff155c55454b15e5

SHA512
3b56486a0143d95426e38e3f3dc4bbb201821c57ab3da30ce4e6a04c5d9aa68a2320b54f4af469dbdb9679452e3f1f6fece6b8799e1a69c13ba4d91a1ad38e1f

Download Submit
C:\Windows\system\FMPSfub.exe

Filesize
6.0MB

MD5
a4ba0830ab176bd6aead981c2fbde304

SHA1
dd5c07b5a74c199a856f779563e9db363b9bd763

SHA256
fce079e9d857a9826150a00e4bb625a04d2d9bae572f53b1aa5d84566d4244fe

SHA512
96f928d427ba37933e87b442f8396ad8626406c3039335e4625f99e7db091af9a68c885863f5f99258e68ff33d7a2014204c47d23a056936bdf2a44c1765f6f6

Download Submit
C:\Windows\system\FQqTxzs.exe

Filesize
6.0MB

MD5
fc654720ca44cfe24194f4721b226caf

SHA1
0bf743c5a75d01547b745dbe4262790dd7be735d

SHA256
bedcf8065d009f99cc38fb5bc2cb1da75888d5990ebb2299f34f5f0ab0958ce5

SHA512
828b947027457af48bbd1b6d67f0b018a7e98ee4d6e41c9024c4c75eae779469117b213582fdbefb2aea760b234d8448f02e8659f9287023f78172a308bb393d

Download Submit
C:\Windows\system\JnCqBBq.exe

Filesize
6.0MB

MD5
d21f00743338a1ae85e6bc620e21d564

SHA1
8b55da19e3b931a3ae73e9515afd9c4963bb2bbf

SHA256
4358fed1b9f7a3c1ecabce5ecb493210abf902c23373bb32a585dad942342129

SHA512
9a3c1b4d09b4475a2c924702bffe3da0053e0dacc584a8a00fe985555e048245fe4538055d6f13695cfad259db3909f17a1630e3ec770050df9771f3a06f6725

Download Submit
C:\Windows\system\KkgYMSZ.exe

Filesize
6.0MB

MD5
dcd11a5bb0df26d436923f16589a2f36

SHA1
53b790c3465db5d597d42b127ba318e79da93c05

SHA256
2e114a4ebeb97f5212575c51bfac189039831636cdd3acaab85e3e53897f8eba

SHA512
c7c7871987f12c3d9187cf3826bcc7f372e9a2898e4a8f02ae2b6582514d484ed8ba8178c154bb7459bdddfd4280d49eb45f8268150a3479dfd4efd0e332cf3a

Download Submit
C:\Windows\system\LdzYTCR.exe

Filesize
6.0MB

MD5
d26e4055fc70dab8a61b54601692419f

SHA1
5ef590803193405411d4db31a4ed089fa8ac8020

SHA256
09b6a31f370bfbbfd1b2813a0fe80454d77f41fcc11e9a9f1cbb39515d803039

SHA512
a06250823f0c38a2aee19c236a6ba7ad793a0d88a7124ec92ae00f14d8df35d466444c926335c51b7569104dd3869f4e347d6e4b52e87e2557a978298ec3ff63

Download Submit
C:\Windows\system\MwOFrUS.exe

Filesize
6.0MB

MD5
8dcad40b8c4b7b4a04d2ac89a55f7287

SHA1
cc464c4a4af7decead7fbd28030ba9b87187c89d

SHA256
19e37bc65415cc4f35508f06031b3e1b821245dbcf73b910ec1975d94175bf9a

SHA512
1cf0b6f1207299c2592d653240af47c0dbf86c24ea82ddb416ef4514605f79b675e66ad3be99b1a35a1a4cfd3a34ce2fbf703f1b154187d4f32e7924e897100c

Download Submit
C:\Windows\system\NMKRVoS.exe

Filesize
6.0MB

MD5
8619e2a8c084629fc1e70c9e33aa79b7

SHA1
d1768c18c5a0d8d6213a2a4f04e2fcf42d3f554f

SHA256
22946befb3b9d67020b9f2cb4568c96b5a38ee2e91a4c39db6603415f563fb8f

SHA512
b7d773cb2fa35ded7990e2aa136c69c8f13b041dd6146310ef653a9df386dcbca20e874085ef962b804ada403f7c468a09d5134a49d819c5d197cf0e12b909c2

Download Submit
C:\Windows\system\QeHDKHR.exe

Filesize
6.0MB

MD5
e87c8348df099d521a94a471578612f2

SHA1
9d9bee40862b5550812b33b107c7e7e72669b858

SHA256
6da99264802dcaf94f203c13facbf9a3a735430338bfba3d697f4382be358f8c

SHA512
598e8a0872aeab3f7bd557dece62ce1ffde3ce813e3f5841a321ba94e8902528d7fdb46345afb09ca23d37ce0855f4090cc062813c4311a54ee23f6a3549a878

Download Submit
C:\Windows\system\SKnAeCq.exe

Filesize
6.0MB

MD5
0e3c939addbabc72a8405f38b085d32e

SHA1
e5ac4c05e000b35d1746ebc7efc4d09946887c35

SHA256
d532f172e98c32612b1657e7f5d7494702d126e46315c60b85c2a35bb000a557

SHA512
1b3b978e89ea7def80c39cfce6fd9e176afe0f7bf441bb890e16055419d2ebb2777214075d0bfc51765ae8a175b0dec97493990d8cd93a15ce6ffbe6371064d0

Download Submit
C:\Windows\system\UHjNxkI.exe

Filesize
6.0MB

MD5
cc11095269562beeeb3eba7446d23389

SHA1
0f0432d049e671e52dd01747e5c964c9a8674117

SHA256
8c78a632af4a6b63cba8292247ef6086d351276e840c30b1ae8a0e27c793e571

SHA512
4f983796f79c675ed22e51a93f8d1c67d6542eeecd3efeb1f5613deaf5096e76034a389f0e87eb7bc76b783ed65773db4bcdee1b04a2c63941f062db00dbc1a0

Download Submit
C:\Windows\system\bHVhglk.exe

Filesize
6.0MB

MD5
c70a992334e0b5a06ea0dc9937c920cc

SHA1
f5a2474ef766551b14ecef4056cd6c6b53244f47

SHA256
203fbd9d6c227b7208c4d07eee3a1b9ad009b10505a40b372add8c15ea8de919

SHA512
8eb96d35ba623da9ab6d5132f9a8abd225ef7bf47a21aa04925d4be74aceb81957c4f560daee1ab4f773b008f526c50b79106685c044525fe6e3b025bedda3be

Download Submit
C:\Windows\system\bfFAjtc.exe

Filesize
6.0MB

MD5
ff7537f56bf0c855f161831d9797ccb2

SHA1
c15523ddea3b354e0270a59ad776b6ce722dc0c6

SHA256
b20f4254723b03cbc824cdfc7396c0e31040aaddaf936a9d1bf5a70c9ccb5cb4

SHA512
408b703862e1beb24825ab1d39671c4221f6059f20fd462450471dce6916adb650682a14740327dd11e0a3e1df681bf8fa0907357a3d083690a623af1bed9f63

Download Submit
C:\Windows\system\boPrXPM.exe

Filesize
6.0MB

MD5
f36272889ed865bb703d19f106abdaa7

SHA1
49a12e9b134ddedfd2558ec225e7cbf6f5324df8

SHA256
433d9a241e4d074374a2edfac3bf286f6dd47c9d7a7067ef05eab85bddf80de2

SHA512
3253c18280af3a51595e273b9de9918c47a340a055aa96dbc7c8cc2a79db44fef5835bfdbf6eedc4d7a8d4240b70892a9798a222f006283209aac0760b544823

Download Submit
C:\Windows\system\doiKymv.exe

Filesize
6.0MB

MD5
93d1ae54d426815d4ba38fff81de5e29

SHA1
3671828eb9bf6a5a76ba863eb72c95834a5a3be9

SHA256
304562228382ff1e54a41545e5b1afe1c249c6c048f5268c2e63eeee135f83e7

SHA512
9418ee151afac3a95ed832e005edb3da5a1435dccdfdfae0b87343c3f529c7f58fd9fa00400c886a64af49d10616383124065b891b6f954c764a9d95e299ba66

Download Submit
C:\Windows\system\gIAdlyL.exe

Filesize
6.0MB

MD5
3bb0325fb3d663815e75870a600b21e1

SHA1
dcb578a2ece9a91bbe735c64430142e01fcd44d0

SHA256
f94ea6e115a4bb5827cd61ec65ccd67c789278118ad66d90224c83bd14b011d7

SHA512
4be96d96f1036ddd625df098e7ac18af6881bda8c62a5f09198f1721e06a5979b4cb149618431f9d2a21cda7772d4faa2172b775857a71286706889b538daa8d

Download Submit
C:\Windows\system\pAdXniP.exe

Filesize
6.0MB

MD5
0d7dcb4d4edda8d4ec4982cc2d414881

SHA1
d83aca5c0ee943e1bbf13b3bcb8132792da90944

SHA256
2cc642885234c7d7ef7d116e7c91be5610c8aec2bc4d3d457edc8546b6aec339

SHA512
98fd809b6f9101fda17393f4c982f8f68661cb70a92082e0e9d58a608988cd214345890949641b58103079c77474d810d50f233d285893bfe447a478ebc628ed

Download Submit
C:\Windows\system\pStpoUp.exe

Filesize
6.0MB

MD5
80c69571873003dd8256898013c030d4

SHA1
c6700583649b809532b9506e959497ab4be4e42d

SHA256
9d4cc56ef9f9e5b38c5b706bceb70a53ce220b32a3bf441665282ee6b51e773f

SHA512
5604da7921233d485f6a06de89eb57af825e126960a061106051b8ada9de4f26934f5e233bb9cbcd25c5c898695af12564a2fb7cf77e6399121152734ea1a184

Download Submit
C:\Windows\system\qEjULrw.exe

Filesize
6.0MB

MD5
dcc7869276cb473ff85144f18438ff45

SHA1
0e9a38407604f11f936083a97a76d64697d4386a

SHA256
79424fe657887f32b443fb9a48ea5dab50b9fca50c9442de9df56999f1bcc662

SHA512
3c78315e2885070f4d8227d6704d0a661e85522247cbc4cbc7da530447d937fa7b5a95b13d7bd60fbb0716c30b62bef6cc12b3df22918c9220ac194a8e1c097b

Download Submit
C:\Windows\system\qTgRAkx.exe

Filesize
6.0MB

MD5
adb458fc53913518e61f3bf0ad766852

SHA1
4510814a4bc82d4807179bc669493d1dc00ef6bb

SHA256
08f62e73e5f5d8cd6ca53b10664b6638c6ed9f6fcd6961267216ea30a0aff7b3

SHA512
4282a3c37a3277337efe7f5d9756bbda2f100190188a37fc80c5f214c874e1378906dcfbaae751b48cb31ee6f1d4289673def671babc225f9b0dbc52e23b09aa

Download Submit
C:\Windows\system\rPzFlOF.exe

Filesize
6.0MB

MD5
27465c6aeb8693d18538259291059d80

SHA1
4097d3a08cd3d64bdb3782a1e5421ce82f0f9db2

SHA256
b5324536cac4aa3c2fab6bfc0eabda29f03d87b2a5162a002a27fd93a02d1899

SHA512
2f2c898d0d77676a4c7ca737e1ad81b9eeb224a0f016fbf06c3082f215bf36644a354512aa2e028d44a2d7e05d79149e036896718babefb88957e9ce1be9afe9

Download Submit
C:\Windows\system\wvfpJef.exe

Filesize
6.0MB

MD5
e77f965c7aedcea7bd8d806abba466b6

SHA1
ecc636fa779bca17ee0461d6381a151310c922ca

SHA256
e97844c7a6a283fa59a9430a307fa20c7cb40cc94647c4608200ebb22adf22c4

SHA512
19f6bdb7be5ce9abdba3e418daed362f9f7f4b614c36a29c74d4e42d8b112ce42899576e09e5a6ce27ea6a05aab16d9d977d9509f27fc0ed16711164fe39732e

Download Submit
C:\Windows\system\xAxkjqz.exe

Filesize
6.0MB

MD5
65b589e2968bc8d487cd13232c42069c

SHA1
12a60882db4a04f9ef647e9d90e587e1fce061f3

SHA256
43a73688d658a3495f3a62f94236292786a3043b9a990cbf3814382363f9fe4d

SHA512
1aee08ff87a6cb778713019fafc3dbca881e5dba38d93e333b5da6d1a61b3f31959a52eb3e2e34a73c535c06a9d52ef95e4dfc96a901d7f39d698322b84b1831

Download Submit
C:\Windows\system\xHmYQqI.exe

Filesize
6.0MB

MD5
9c481fc624daa51e5de6bd876e80c84f

SHA1
171453eafe0ae34bfe650371c912c9567b4d1a42

SHA256
e1ca690533969c798e5275a8b20d0f75640ff8392e6f2e363dbb8aa2c95ec379

SHA512
abfc960713ec7a0c5fdd18f1f1c62ff3119b023a2eb5f2ed5f2e45fe3dce1b2a5612d011f97cce169c2130ebe8bd827f33e614d442afedcbd8449b10d4b0ee93

Download Submit
\Windows\system\ABMGoQu.exe

Filesize
6.0MB

MD5
db953aa9c8733e26ca32ae9aac296419

SHA1
73864977368f3f31b04aaea175e4298b9b578fbd

SHA256
251a2fb9812166d260e2e9847be3ee821317b70a7c3c95cf6ed708b80d42e739

SHA512
0ae582774d2c75b80bc9637b2ad519ba76b464fd8b081612f07351b83074f1cb5ae764914f98d4cfbfbf73fbdc25eae766cb9f70aaf3152de7aca44d243c5c62

Download Submit
\Windows\system\HnmGSTp.exe

Filesize
6.0MB

MD5
e1a002a79f602adf24400e3b27062396

SHA1
7ea40b0bd29db0741650295dce2dca5346f4c85c

SHA256
43a51a2b9bd76ba42d94942877a74316e93ac2b529bf6cbde8797d3bea8bb513

SHA512
82bdd14020b0ba7a334dd73facecc8ea8cf1a280fe29fb24eff6c73a13a83f75e218f6378c3de8e132bf85d621ae3d0e0473d39037bac0372b7666adff9d67ae

Download Submit
\Windows\system\KpRUzvJ.exe

Filesize
6.0MB

MD5
0694020ddfef97370f51f84665f03510

SHA1
2160fa02cdae97c212ce8a67dd21722fb975b503

SHA256
b1408c922bf66552257b4f5bcd1dbae4f1e69451f3c2f5fde374f41567a798a7

SHA512
444b09347d28db19ca04762cdfa2840fbf81d7b3ae44e087fe096228e0bb39cb4703d8fa379e8f7552e5e5d3380da8f6a8bb0f13c56af09439dea74c0683f0f9

Download Submit
\Windows\system\MyGahNM.exe

Filesize
6.0MB

MD5
e40505225c4b6e6d91999f6fdb6f8604

SHA1
c3f3bb085650cd2359e5ee7c6f1493176dd6b773

SHA256
097dae8d7846fc1640b152c00c89de1434cfce071541a1b4d627bb8089eb801e

SHA512
052eb310acb2a3235d8e880d2bdee793a402794312aab52313114af49ccf6df64ab4a2894bdc2db8a5794b982ece1953c77bdff4f96f3f11c07865c9b1df7bd3

Download Submit
\Windows\system\QMNXhnz.exe

Filesize
6.0MB

MD5
7349a0a278bdbc7eb047612efee798be

SHA1
3bd9bea220c47ff8032f0c722ce4bf0029b66ed6

SHA256
257c6225d8b84104e04757843cc6e556fd80e2fcc890b9cd8511b9673d1ca925

SHA512
da041889df840d87434d24c16d2066082b358001e9bfc1dd69e2c4eb33067e2ac14102160b73c49265e4a6ed0aac5ac203a909cc23c3f73e467fd5d6b9c07c36

Download Submit
\Windows\system\bxJQbeS.exe

Filesize
6.0MB

MD5
87b683b19b013fe139da63295a1aa1f7

SHA1
a1a63016282d07c15e04a159dfc65b83e83aaceb

SHA256
f6ebcdd6305aa37b1cf007bff0adecd752de326f423a438d324cb9563ce017f9

SHA512
8eebf337da089cc4b2d0af8037d300edc74d9586e565b5e5b0feb473f1758ae6c7aaa45290e688b37abf1e2a645626b1a0c3dd80c08870883cfcdf242c8c4223

Download Submit
\Windows\system\ihvPoqX.exe

Filesize
6.0MB

MD5
b5b1857f087661f474f81822269bafe5

SHA1
b377e7f37f121f94d0dfe35e25cb6eb1c7ec0aff

SHA256
2d61d0d94f54d9a6e889945b8ce6244d7adf0b2609b5538b6a513a4b20d8b75c

SHA512
dae71327732dd004f78ec4852d9f51156b10678cdc1e20569c9401e65bf8d02a4b3d1287abf5da4e344504c5dd1303a1aa9d71838721b8b3fb297921deaeb6a8

Download Submit
\Windows\system\wzMJfNA.exe

Filesize
6.0MB

MD5
8efa294b1f5b17de3f6aa0d241d9bfb9

SHA1
a3bb66278f62372a32c10f74cc1c3936a684457f

SHA256
09386607f08072f205c44b5ce0768928774c575d3f9722f2aaca7f1f9b93cbac

SHA512
6c4f3fc1ebff8fcf32195b9d5de2328204239b852249dd81bdf088b5670674a6e5beb750336cbc3075e0bd1267834dd842f074597505dd9f43385313457f004c

Download Submit
memory/264-1451-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/264-623-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/940-1596-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/940-625-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/1192-627-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/1192-1452-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/1224-1363-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/1224-16-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/1688-14-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/1688-920-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/1688-629-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/1688-626-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/1688-624-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/1688-622-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/1688-881-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/1688-784-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/1688-38-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/1688-29-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/1688-51-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/1688-6-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/1688-43-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/1688-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1688-62-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/1688-619-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/1688-0-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/1688-916-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/1688-949-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/1688-628-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/1688-919-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/1688-918-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/1688-917-0x0000000002490000-0x00000000027E4000-memory.dmp

Filesize
3.3MB

Download
memory/2008-1454-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2008-26-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2008-54-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-45-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-9-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-1453-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-1592-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2540-621-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2844-1446-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-42-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-53-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-808-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-1448-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-1450-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2856-618-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2880-617-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2880-1874-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2880-882-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2940-35-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2940-1586-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2960-1387-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-28-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-60-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1449-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2976-842-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2976-56-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download