cobaltstrike | 15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
30-12-2024 02:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
Size

6.0MB
MD5

f181c493616cce3be6171db45f476b56
SHA1

d688ef2cf1b2c909c83f30584ffdf643df356e19
SHA256

15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b
SHA512

093edb2420322e933fabc5ce9e790fd16dc3b82fdae45c64a622df16b6451cee3fbb8c3ecec20cdbaf0e59835de27adf50e63ed46226248d4f48510f84c61f23
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUX:eOl56utgpPF8u/7X

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000e000000012267-3.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000016d64-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d69-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016fc9-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016fe5-35.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d3f-33.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001756e-57.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000170f8-49.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-76.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-82.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-137.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-121.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-106.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-101.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-95.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-71.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-63.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2324-0-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x000e000000012267-3.dat	xmrig
behavioral1/files/0x000a000000016d64-11.dat	xmrig
behavioral1/memory/2620-10-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/3044-14-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d69-12.dat	xmrig
behavioral1/memory/1384-22-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/files/0x0007000000016fc9-23.dat	xmrig
behavioral1/memory/368-34-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/files/0x0007000000016fe5-35.dat	xmrig
behavioral1/memory/2324-39-0x0000000002220000-0x0000000002574000-memory.dmp	xmrig
behavioral1/memory/2068-43-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2488-44-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2324-42-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d3f-33.dat	xmrig
behavioral1/memory/2620-54-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/3044-59-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2936-60-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x000800000001756e-57.dat	xmrig
behavioral1/memory/3068-50-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/files/0x00070000000170f8-49.dat	xmrig
behavioral1/memory/2324-46-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2728-72-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2696-77-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195b7-76.dat	xmrig
behavioral1/memory/3068-80-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195bd-85.dat	xmrig
behavioral1/memory/1960-89-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2204-83-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/files/0x00050000000195bb-82.dat	xmrig
behavioral1/memory/2568-96-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x000500000001960c-117.dat	xmrig
behavioral1/files/0x000500000001975a-125.dat	xmrig
behavioral1/files/0x0005000000019761-127.dat	xmrig
behavioral1/memory/2324-252-0x0000000002220000-0x0000000002574000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d6d-170.dat	xmrig
behavioral1/files/0x0005000000019d61-163.dat	xmrig
behavioral1/files/0x0005000000019d62-166.dat	xmrig
behavioral1/memory/2324-159-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c3c-157.dat	xmrig
behavioral1/files/0x0005000000019bf9-153.dat	xmrig
behavioral1/memory/2620-1057-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/3044-1050-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019bf6-149.dat	xmrig
behavioral1/files/0x0005000000019bf5-146.dat	xmrig
behavioral1/files/0x000500000001998d-141.dat	xmrig
behavioral1/files/0x0005000000019820-137.dat	xmrig
behavioral1/memory/368-1059-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2068-1061-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2488-1062-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/1384-1060-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/3068-1081-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/files/0x00050000000197fd-133.dat	xmrig
behavioral1/memory/2936-1093-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x0005000000019643-121.dat	xmrig
behavioral1/files/0x00050000000195c7-113.dat	xmrig
behavioral1/files/0x00050000000195c6-110.dat	xmrig
behavioral1/files/0x00050000000195c5-106.dat	xmrig
behavioral1/files/0x00050000000195c3-101.dat	xmrig
behavioral1/files/0x00050000000195c1-95.dat	xmrig
behavioral1/files/0x00050000000195b5-71.dat	xmrig
behavioral1/memory/2856-66-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/1384-64-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/files/0x00050000000195b3-63.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2620	MVYmmfb.exe
3044	UwtQQPM.exe
1384	wzCRsuy.exe
368	GysCNRT.exe
2068	vzZFVNS.exe
2488	OyncDCC.exe
3068	AIPjGaK.exe
2936	KKUwwrX.exe
2856	ficrBaG.exe
2728	ExDxgFL.exe
2696	oHxbFwt.exe
2204	TDRPYiD.exe
1960	HXKXqbX.exe
2568	mSjDNKP.exe
1496	SsEAtkO.exe
1880	liSENQI.exe
1948	mSWGbSO.exe
2944	NfQFxjX.exe
2368	jclBcIQ.exe
1640	oRTwQFe.exe
2056	acSWShD.exe
1660	vIOlzYe.exe
2016	kmiVNhr.exe
1764	DiPZyfC.exe
2968	aSAUxPq.exe
3004	JSPJJiE.exe
2416	RkCGuvs.exe
2276	mqQvCKo.exe
1612	PxfCmGO.exe
2464	eAtZvnV.exe
1652	SDriKOn.exe
1876	tggEXmo.exe
432	ngnVund.exe
1816	xfTzoxV.exe
1352	jJzFojh.exe
1512	iFMjJxo.exe
744	jQhRIMg.exe
992	FXwpsju.exe
1068	hmRUMod.exe
1828	TSfonEt.exe
1728	PzdewKl.exe
1732	krWPmau.exe
1184	OMSxgYR.exe
864	TpZfHSc.exe
1932	CiqzEsC.exe
296	QwwULFC.exe
1556	aGDXDUR.exe
2216	qwqnbhg.exe
2164	EMpMeWD.exe
1820	JZkNNLs.exe
2564	SZCyRox.exe
2312	IxFNgBj.exe
552	egqZKaD.exe
2520	JxQhLgh.exe
2612	TVLFvGP.exe
2480	byNyLeZ.exe
288	ZNNxrNF.exe
2472	XPGyRRp.exe
2148	QKemzQN.exe
2096	qaiVMUk.exe
1576	VAeawlW.exe
1704	sDpdyvV.exe
2080	NNbYnEc.exe
2104	fkHnCCu.exe

Loads dropped DLL 64 IoCs

pid	Process
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2324-0-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x000e000000012267-3.dat	upx
behavioral1/files/0x000a000000016d64-11.dat	upx
behavioral1/memory/2620-10-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/3044-14-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/files/0x0008000000016d69-12.dat	upx
behavioral1/memory/1384-22-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/files/0x0007000000016fc9-23.dat	upx
behavioral1/memory/368-34-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/files/0x0007000000016fe5-35.dat	upx
behavioral1/memory/2324-39-0x0000000002220000-0x0000000002574000-memory.dmp	upx
behavioral1/memory/2068-43-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2488-44-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/files/0x0009000000016d3f-33.dat	upx
behavioral1/memory/2620-54-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/3044-59-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2936-60-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x000800000001756e-57.dat	upx
behavioral1/memory/3068-50-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/files/0x00070000000170f8-49.dat	upx
behavioral1/memory/2324-46-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2728-72-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2696-77-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/files/0x00050000000195b7-76.dat	upx
behavioral1/memory/3068-80-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/files/0x00050000000195bd-85.dat	upx
behavioral1/memory/1960-89-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2204-83-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/files/0x00050000000195bb-82.dat	upx
behavioral1/memory/2568-96-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/files/0x000500000001960c-117.dat	upx
behavioral1/files/0x000500000001975a-125.dat	upx
behavioral1/files/0x0005000000019761-127.dat	upx
behavioral1/files/0x0005000000019d6d-170.dat	upx
behavioral1/files/0x0005000000019d61-163.dat	upx
behavioral1/files/0x0005000000019d62-166.dat	upx
behavioral1/files/0x0005000000019c3c-157.dat	upx
behavioral1/files/0x0005000000019bf9-153.dat	upx
behavioral1/memory/2620-1057-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/3044-1050-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/files/0x0005000000019bf6-149.dat	upx
behavioral1/files/0x0005000000019bf5-146.dat	upx
behavioral1/files/0x000500000001998d-141.dat	upx
behavioral1/files/0x0005000000019820-137.dat	upx
behavioral1/memory/368-1059-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2068-1061-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2488-1062-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/1384-1060-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/3068-1081-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/files/0x00050000000197fd-133.dat	upx
behavioral1/memory/2936-1093-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x0005000000019643-121.dat	upx
behavioral1/files/0x00050000000195c7-113.dat	upx
behavioral1/files/0x00050000000195c6-110.dat	upx
behavioral1/files/0x00050000000195c5-106.dat	upx
behavioral1/files/0x00050000000195c3-101.dat	upx
behavioral1/files/0x00050000000195c1-95.dat	upx
behavioral1/files/0x00050000000195b5-71.dat	upx
behavioral1/memory/2856-66-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/1384-64-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/files/0x00050000000195b3-63.dat	upx
behavioral1/memory/1960-2658-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2696-2659-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/2856-2660-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\YsVRpEV.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\AsxCfPC.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\aqCPapQ.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\fRQFUvA.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\XofXSlS.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\HNUmjJb.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\rErudZB.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\oNQnFla.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\WGRGceH.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\KzeOAsa.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\sirrugt.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\ieKEPpS.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\wmKekbY.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\YDAQLyu.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\uPkuPcA.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\IVETogI.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\cunntBF.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\NzGjCzP.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\dkpswAx.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\hyhIzKk.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\EgFepUY.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\LyoVmsM.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\RJRGyzY.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\pimTaVw.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\XsbgmBf.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\IPaPoZY.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\FTnbwbx.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\pprSdEu.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\HMXrRhP.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\CQhdyka.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\LGpcSOO.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\zcoBQYZ.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\kcVVKBC.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\qyNfsdS.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\VuDoTTt.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\HsGhzhG.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\lpujTNM.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\FtgKSMT.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\UQneSgw.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\wogSWMg.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\rMspzUc.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\TPWSEYg.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\GZDyFch.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\RvRajpQ.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\xsIParN.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\edgRase.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\KBhBOvR.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\oFbCpqr.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\wPKzlAg.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\TLwkCjW.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\JZEvvQz.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\BLoqMCN.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\exdyGQx.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\SYrSeWN.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\kDKOUzr.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\arXDief.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\SDriKOn.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\usDqFLC.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\pPmCtKR.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\zmCYKeD.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\eqjeObz.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\VJYxIAg.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\zBIKaMy.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
File created	C:\Windows\System\UwRClGE.exe	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 2620	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	31
PID 2324 wrote to memory of 2620	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	31
PID 2324 wrote to memory of 2620	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	31
PID 2324 wrote to memory of 3044	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	32
PID 2324 wrote to memory of 3044	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	32
PID 2324 wrote to memory of 3044	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	32
PID 2324 wrote to memory of 1384	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	33
PID 2324 wrote to memory of 1384	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	33
PID 2324 wrote to memory of 1384	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	33
PID 2324 wrote to memory of 368	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	34
PID 2324 wrote to memory of 368	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	34
PID 2324 wrote to memory of 368	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	34
PID 2324 wrote to memory of 2068	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	35
PID 2324 wrote to memory of 2068	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	35
PID 2324 wrote to memory of 2068	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	35
PID 2324 wrote to memory of 2488	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	36
PID 2324 wrote to memory of 2488	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	36
PID 2324 wrote to memory of 2488	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	36
PID 2324 wrote to memory of 3068	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	37
PID 2324 wrote to memory of 3068	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	37
PID 2324 wrote to memory of 3068	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	37
PID 2324 wrote to memory of 2936	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	38
PID 2324 wrote to memory of 2936	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	38
PID 2324 wrote to memory of 2936	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	38
PID 2324 wrote to memory of 2856	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	39
PID 2324 wrote to memory of 2856	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	39
PID 2324 wrote to memory of 2856	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	39
PID 2324 wrote to memory of 2728	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	41
PID 2324 wrote to memory of 2728	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	41
PID 2324 wrote to memory of 2728	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	41
PID 2324 wrote to memory of 2696	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	42
PID 2324 wrote to memory of 2696	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	42
PID 2324 wrote to memory of 2696	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	42
PID 2324 wrote to memory of 2204	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	43
PID 2324 wrote to memory of 2204	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	43
PID 2324 wrote to memory of 2204	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	43
PID 2324 wrote to memory of 1960	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	44
PID 2324 wrote to memory of 1960	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	44
PID 2324 wrote to memory of 1960	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	44
PID 2324 wrote to memory of 2568	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	45
PID 2324 wrote to memory of 2568	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	45
PID 2324 wrote to memory of 2568	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	45
PID 2324 wrote to memory of 1496	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	46
PID 2324 wrote to memory of 1496	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	46
PID 2324 wrote to memory of 1496	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	46
PID 2324 wrote to memory of 1880	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	47
PID 2324 wrote to memory of 1880	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	47
PID 2324 wrote to memory of 1880	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	47
PID 2324 wrote to memory of 1948	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	48
PID 2324 wrote to memory of 1948	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	48
PID 2324 wrote to memory of 1948	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	48
PID 2324 wrote to memory of 2944	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	49
PID 2324 wrote to memory of 2944	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	49
PID 2324 wrote to memory of 2944	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	49
PID 2324 wrote to memory of 2368	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	50
PID 2324 wrote to memory of 2368	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	50
PID 2324 wrote to memory of 2368	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	50
PID 2324 wrote to memory of 1640	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	51
PID 2324 wrote to memory of 1640	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	51
PID 2324 wrote to memory of 1640	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	51
PID 2324 wrote to memory of 2056	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	52
PID 2324 wrote to memory of 2056	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	52
PID 2324 wrote to memory of 2056	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	52
PID 2324 wrote to memory of 1660	2324	JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe	53

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_15c56555d3199474785ddb2d172f4d1bba7f908272633f068161a415f41df67b.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Windows\System\MVYmmfb.exe
  C:\Windows\System\MVYmmfb.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\UwtQQPM.exe
  C:\Windows\System\UwtQQPM.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\wzCRsuy.exe
  C:\Windows\System\wzCRsuy.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\GysCNRT.exe
  C:\Windows\System\GysCNRT.exe
  2⤵
  - Executes dropped EXE
  PID:368
- C:\Windows\System\vzZFVNS.exe
  C:\Windows\System\vzZFVNS.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\OyncDCC.exe
  C:\Windows\System\OyncDCC.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\AIPjGaK.exe
  C:\Windows\System\AIPjGaK.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\KKUwwrX.exe
  C:\Windows\System\KKUwwrX.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\ficrBaG.exe
  C:\Windows\System\ficrBaG.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\ExDxgFL.exe
  C:\Windows\System\ExDxgFL.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\oHxbFwt.exe
  C:\Windows\System\oHxbFwt.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\TDRPYiD.exe
  C:\Windows\System\TDRPYiD.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\HXKXqbX.exe
  C:\Windows\System\HXKXqbX.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\mSjDNKP.exe
  C:\Windows\System\mSjDNKP.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\SsEAtkO.exe
  C:\Windows\System\SsEAtkO.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\liSENQI.exe
  C:\Windows\System\liSENQI.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\mSWGbSO.exe
  C:\Windows\System\mSWGbSO.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\NfQFxjX.exe
  C:\Windows\System\NfQFxjX.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\jclBcIQ.exe
  C:\Windows\System\jclBcIQ.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\oRTwQFe.exe
  C:\Windows\System\oRTwQFe.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\acSWShD.exe
  C:\Windows\System\acSWShD.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\vIOlzYe.exe
  C:\Windows\System\vIOlzYe.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\kmiVNhr.exe
  C:\Windows\System\kmiVNhr.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\DiPZyfC.exe
  C:\Windows\System\DiPZyfC.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\aSAUxPq.exe
  C:\Windows\System\aSAUxPq.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\JSPJJiE.exe
  C:\Windows\System\JSPJJiE.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\RkCGuvs.exe
  C:\Windows\System\RkCGuvs.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\mqQvCKo.exe
  C:\Windows\System\mqQvCKo.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\PxfCmGO.exe
  C:\Windows\System\PxfCmGO.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\eAtZvnV.exe
  C:\Windows\System\eAtZvnV.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\SDriKOn.exe
  C:\Windows\System\SDriKOn.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\tggEXmo.exe
  C:\Windows\System\tggEXmo.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\ngnVund.exe
  C:\Windows\System\ngnVund.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\xfTzoxV.exe
  C:\Windows\System\xfTzoxV.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\jJzFojh.exe
  C:\Windows\System\jJzFojh.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\iFMjJxo.exe
  C:\Windows\System\iFMjJxo.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\jQhRIMg.exe
  C:\Windows\System\jQhRIMg.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\FXwpsju.exe
  C:\Windows\System\FXwpsju.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\hmRUMod.exe
  C:\Windows\System\hmRUMod.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\TSfonEt.exe
  C:\Windows\System\TSfonEt.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\PzdewKl.exe
  C:\Windows\System\PzdewKl.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\krWPmau.exe
  C:\Windows\System\krWPmau.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\OMSxgYR.exe
  C:\Windows\System\OMSxgYR.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\TpZfHSc.exe
  C:\Windows\System\TpZfHSc.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\CiqzEsC.exe
  C:\Windows\System\CiqzEsC.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\QwwULFC.exe
  C:\Windows\System\QwwULFC.exe
  2⤵
  - Executes dropped EXE
  PID:296
- C:\Windows\System\aGDXDUR.exe
  C:\Windows\System\aGDXDUR.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\qwqnbhg.exe
  C:\Windows\System\qwqnbhg.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\EMpMeWD.exe
  C:\Windows\System\EMpMeWD.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\JZkNNLs.exe
  C:\Windows\System\JZkNNLs.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\SZCyRox.exe
  C:\Windows\System\SZCyRox.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\IxFNgBj.exe
  C:\Windows\System\IxFNgBj.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\egqZKaD.exe
  C:\Windows\System\egqZKaD.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\JxQhLgh.exe
  C:\Windows\System\JxQhLgh.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\TVLFvGP.exe
  C:\Windows\System\TVLFvGP.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\byNyLeZ.exe
  C:\Windows\System\byNyLeZ.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\ZNNxrNF.exe
  C:\Windows\System\ZNNxrNF.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\QKemzQN.exe
  C:\Windows\System\QKemzQN.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\XPGyRRp.exe
  C:\Windows\System\XPGyRRp.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\qaiVMUk.exe
  C:\Windows\System\qaiVMUk.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\VAeawlW.exe
  C:\Windows\System\VAeawlW.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\sDpdyvV.exe
  C:\Windows\System\sDpdyvV.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\NNbYnEc.exe
  C:\Windows\System\NNbYnEc.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\fkHnCCu.exe
  C:\Windows\System\fkHnCCu.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\EYfDdrN.exe
  C:\Windows\System\EYfDdrN.exe
  2⤵
  PID:2140
- C:\Windows\System\lpujTNM.exe
  C:\Windows\System\lpujTNM.exe
  2⤵
  PID:2532
- C:\Windows\System\JVTKcKf.exe
  C:\Windows\System\JVTKcKf.exe
  2⤵
  PID:2872
- C:\Windows\System\hpyPwQw.exe
  C:\Windows\System\hpyPwQw.exe
  2⤵
  PID:2796
- C:\Windows\System\wQGlpsI.exe
  C:\Windows\System\wQGlpsI.exe
  2⤵
  PID:2704
- C:\Windows\System\zYSpJLA.exe
  C:\Windows\System\zYSpJLA.exe
  2⤵
  PID:2648
- C:\Windows\System\Qogvvwx.exe
  C:\Windows\System\Qogvvwx.exe
  2⤵
  PID:2748
- C:\Windows\System\JgCYqQo.exe
  C:\Windows\System\JgCYqQo.exe
  2⤵
  PID:2720
- C:\Windows\System\qxgCKac.exe
  C:\Windows\System\qxgCKac.exe
  2⤵
  PID:2664
- C:\Windows\System\cSUfmCq.exe
  C:\Windows\System\cSUfmCq.exe
  2⤵
  PID:1964
- C:\Windows\System\dIIHaVK.exe
  C:\Windows\System\dIIHaVK.exe
  2⤵
  PID:1104
- C:\Windows\System\aivlnMB.exe
  C:\Windows\System\aivlnMB.exe
  2⤵
  PID:1032
- C:\Windows\System\EGjwSjo.exe
  C:\Windows\System\EGjwSjo.exe
  2⤵
  PID:2008
- C:\Windows\System\ULjRxqc.exe
  C:\Windows\System\ULjRxqc.exe
  2⤵
  PID:1976
- C:\Windows\System\qPCLyBs.exe
  C:\Windows\System\qPCLyBs.exe
  2⤵
  PID:3020
- C:\Windows\System\XiUQiCn.exe
  C:\Windows\System\XiUQiCn.exe
  2⤵
  PID:2636
- C:\Windows\System\GOLjlLX.exe
  C:\Windows\System\GOLjlLX.exe
  2⤵
  PID:112
- C:\Windows\System\uwcjJTH.exe
  C:\Windows\System\uwcjJTH.exe
  2⤵
  PID:1344
- C:\Windows\System\eYYnTMz.exe
  C:\Windows\System\eYYnTMz.exe
  2⤵
  PID:776
- C:\Windows\System\ssCuFGs.exe
  C:\Windows\System\ssCuFGs.exe
  2⤵
  PID:1160
- C:\Windows\System\eglaSuf.exe
  C:\Windows\System\eglaSuf.exe
  2⤵
  PID:1752
- C:\Windows\System\rUluNhg.exe
  C:\Windows\System\rUluNhg.exe
  2⤵
  PID:1324
- C:\Windows\System\FtgKSMT.exe
  C:\Windows\System\FtgKSMT.exe
  2⤵
  PID:968
- C:\Windows\System\uJRAQfL.exe
  C:\Windows\System\uJRAQfL.exe
  2⤵
  PID:1412
- C:\Windows\System\lckYbxh.exe
  C:\Windows\System\lckYbxh.exe
  2⤵
  PID:1968
- C:\Windows\System\VExDgTv.exe
  C:\Windows\System\VExDgTv.exe
  2⤵
  PID:1884
- C:\Windows\System\IOKVQBJ.exe
  C:\Windows\System\IOKVQBJ.exe
  2⤵
  PID:1432
- C:\Windows\System\lLWCCGf.exe
  C:\Windows\System\lLWCCGf.exe
  2⤵
  PID:580
- C:\Windows\System\HNUmjJb.exe
  C:\Windows\System\HNUmjJb.exe
  2⤵
  PID:1584
- C:\Windows\System\QthkzRD.exe
  C:\Windows\System\QthkzRD.exe
  2⤵
  PID:2924
- C:\Windows\System\evYpnur.exe
  C:\Windows\System\evYpnur.exe
  2⤵
  PID:1912
- C:\Windows\System\SPMyXKi.exe
  C:\Windows\System\SPMyXKi.exe
  2⤵
  PID:1620
- C:\Windows\System\YAAgeer.exe
  C:\Windows\System\YAAgeer.exe
  2⤵
  PID:900
- C:\Windows\System\TLAxyeW.exe
  C:\Windows\System\TLAxyeW.exe
  2⤵
  PID:948
- C:\Windows\System\KVFIAWn.exe
  C:\Windows\System\KVFIAWn.exe
  2⤵
  PID:1604
- C:\Windows\System\ydKqGDB.exe
  C:\Windows\System\ydKqGDB.exe
  2⤵
  PID:2584
- C:\Windows\System\cxQhlBy.exe
  C:\Windows\System\cxQhlBy.exe
  2⤵
  PID:2600
- C:\Windows\System\jfDEAeY.exe
  C:\Windows\System\jfDEAeY.exe
  2⤵
  PID:2900
- C:\Windows\System\caorgTT.exe
  C:\Windows\System\caorgTT.exe
  2⤵
  PID:3036
- C:\Windows\System\MrufnVT.exe
  C:\Windows\System\MrufnVT.exe
  2⤵
  PID:2676
- C:\Windows\System\RyfBlya.exe
  C:\Windows\System\RyfBlya.exe
  2⤵
  PID:2028
- C:\Windows\System\nBOqVMk.exe
  C:\Windows\System\nBOqVMk.exe
  2⤵
  PID:1096
- C:\Windows\System\LyoVmsM.exe
  C:\Windows\System\LyoVmsM.exe
  2⤵
  PID:1644
- C:\Windows\System\ZHwdBVc.exe
  C:\Windows\System\ZHwdBVc.exe
  2⤵
  PID:2252
- C:\Windows\System\QErufAs.exe
  C:\Windows\System\QErufAs.exe
  2⤵
  PID:560
- C:\Windows\System\Bpyuiua.exe
  C:\Windows\System\Bpyuiua.exe
  2⤵
  PID:1980
- C:\Windows\System\TDUEWTb.exe
  C:\Windows\System\TDUEWTb.exe
  2⤵
  PID:1788
- C:\Windows\System\XEmwMdy.exe
  C:\Windows\System\XEmwMdy.exe
  2⤵
  PID:964
- C:\Windows\System\hilreNg.exe
  C:\Windows\System\hilreNg.exe
  2⤵
  PID:1716
- C:\Windows\System\QlJyDLZ.exe
  C:\Windows\System\QlJyDLZ.exe
  2⤵
  PID:272
- C:\Windows\System\LYdzjwZ.exe
  C:\Windows\System\LYdzjwZ.exe
  2⤵
  PID:1648
- C:\Windows\System\FJLdbhx.exe
  C:\Windows\System\FJLdbhx.exe
  2⤵
  PID:2172
- C:\Windows\System\eBLLzcj.exe
  C:\Windows\System\eBLLzcj.exe
  2⤵
  PID:2320
- C:\Windows\System\uOlwbQP.exe
  C:\Windows\System\uOlwbQP.exe
  2⤵
  PID:2492
- C:\Windows\System\GgyOZPJ.exe
  C:\Windows\System\GgyOZPJ.exe
  2⤵
  PID:1216
- C:\Windows\System\cHzXYSs.exe
  C:\Windows\System\cHzXYSs.exe
  2⤵
  PID:3084
- C:\Windows\System\jLXtxfG.exe
  C:\Windows\System\jLXtxfG.exe
  2⤵
  PID:3100
- C:\Windows\System\ApelYyD.exe
  C:\Windows\System\ApelYyD.exe
  2⤵
  PID:3116
- C:\Windows\System\omEeQwx.exe
  C:\Windows\System\omEeQwx.exe
  2⤵
  PID:3132
- C:\Windows\System\IzMMIYl.exe
  C:\Windows\System\IzMMIYl.exe
  2⤵
  PID:3148
- C:\Windows\System\jmGhrUk.exe
  C:\Windows\System\jmGhrUk.exe
  2⤵
  PID:3164
- C:\Windows\System\GPyEeFe.exe
  C:\Windows\System\GPyEeFe.exe
  2⤵
  PID:3184
- C:\Windows\System\lPbWusN.exe
  C:\Windows\System\lPbWusN.exe
  2⤵
  PID:3200
- C:\Windows\System\vIWiGvA.exe
  C:\Windows\System\vIWiGvA.exe
  2⤵
  PID:3216
- C:\Windows\System\HBwRbgA.exe
  C:\Windows\System\HBwRbgA.exe
  2⤵
  PID:3236
- C:\Windows\System\RgYBESn.exe
  C:\Windows\System\RgYBESn.exe
  2⤵
  PID:3252
- C:\Windows\System\CQhdyka.exe
  C:\Windows\System\CQhdyka.exe
  2⤵
  PID:3268
- C:\Windows\System\aaPQucx.exe
  C:\Windows\System\aaPQucx.exe
  2⤵
  PID:3284
- C:\Windows\System\NxzqbSx.exe
  C:\Windows\System\NxzqbSx.exe
  2⤵
  PID:3300
- C:\Windows\System\ZOEebhD.exe
  C:\Windows\System\ZOEebhD.exe
  2⤵
  PID:3316
- C:\Windows\System\WYZyTQV.exe
  C:\Windows\System\WYZyTQV.exe
  2⤵
  PID:3336
- C:\Windows\System\LjNmOJo.exe
  C:\Windows\System\LjNmOJo.exe
  2⤵
  PID:3352
- C:\Windows\System\fUblPbr.exe
  C:\Windows\System\fUblPbr.exe
  2⤵
  PID:3368
- C:\Windows\System\jwfESqz.exe
  C:\Windows\System\jwfESqz.exe
  2⤵
  PID:3384
- C:\Windows\System\SWgUQnt.exe
  C:\Windows\System\SWgUQnt.exe
  2⤵
  PID:3400
- C:\Windows\System\unXHiMJ.exe
  C:\Windows\System\unXHiMJ.exe
  2⤵
  PID:3416
- C:\Windows\System\YiFvLXP.exe
  C:\Windows\System\YiFvLXP.exe
  2⤵
  PID:3432
- C:\Windows\System\IoTfgLL.exe
  C:\Windows\System\IoTfgLL.exe
  2⤵
  PID:3452
- C:\Windows\System\YZaWDeC.exe
  C:\Windows\System\YZaWDeC.exe
  2⤵
  PID:3468
- C:\Windows\System\cjDbobp.exe
  C:\Windows\System\cjDbobp.exe
  2⤵
  PID:3484
- C:\Windows\System\cCvdQYl.exe
  C:\Windows\System\cCvdQYl.exe
  2⤵
  PID:3500
- C:\Windows\System\mnVLevN.exe
  C:\Windows\System\mnVLevN.exe
  2⤵
  PID:3516
- C:\Windows\System\QRDOwrI.exe
  C:\Windows\System\QRDOwrI.exe
  2⤵
  PID:3536
- C:\Windows\System\atAKKJu.exe
  C:\Windows\System\atAKKJu.exe
  2⤵
  PID:3552
- C:\Windows\System\KCkhIBj.exe
  C:\Windows\System\KCkhIBj.exe
  2⤵
  PID:3568
- C:\Windows\System\dLRYXku.exe
  C:\Windows\System\dLRYXku.exe
  2⤵
  PID:3584
- C:\Windows\System\nIQeHhK.exe
  C:\Windows\System\nIQeHhK.exe
  2⤵
  PID:3600
- C:\Windows\System\FRzQYvf.exe
  C:\Windows\System\FRzQYvf.exe
  2⤵
  PID:3616
- C:\Windows\System\elvAdrQ.exe
  C:\Windows\System\elvAdrQ.exe
  2⤵
  PID:3632
- C:\Windows\System\xsIParN.exe
  C:\Windows\System\xsIParN.exe
  2⤵
  PID:3648
- C:\Windows\System\Zqtewih.exe
  C:\Windows\System\Zqtewih.exe
  2⤵
  PID:3664
- C:\Windows\System\qwaKNji.exe
  C:\Windows\System\qwaKNji.exe
  2⤵
  PID:3680
- C:\Windows\System\bNVzBHe.exe
  C:\Windows\System\bNVzBHe.exe
  2⤵
  PID:3696
- C:\Windows\System\QIIHUfZ.exe
  C:\Windows\System\QIIHUfZ.exe
  2⤵
  PID:3716
- C:\Windows\System\bLPZIgl.exe
  C:\Windows\System\bLPZIgl.exe
  2⤵
  PID:3732
- C:\Windows\System\ljBGUxj.exe
  C:\Windows\System\ljBGUxj.exe
  2⤵
  PID:3748
- C:\Windows\System\bwdYXSO.exe
  C:\Windows\System\bwdYXSO.exe
  2⤵
  PID:3764
- C:\Windows\System\usDqFLC.exe
  C:\Windows\System\usDqFLC.exe
  2⤵
  PID:3780
- C:\Windows\System\suDaQoT.exe
  C:\Windows\System\suDaQoT.exe
  2⤵
  PID:3796
- C:\Windows\System\YgWJKhP.exe
  C:\Windows\System\YgWJKhP.exe
  2⤵
  PID:3812
- C:\Windows\System\FcPnoYm.exe
  C:\Windows\System\FcPnoYm.exe
  2⤵
  PID:3828
- C:\Windows\System\yJErUro.exe
  C:\Windows\System\yJErUro.exe
  2⤵
  PID:3844
- C:\Windows\System\tVmfwbF.exe
  C:\Windows\System\tVmfwbF.exe
  2⤵
  PID:3860
- C:\Windows\System\QNBgSJc.exe
  C:\Windows\System\QNBgSJc.exe
  2⤵
  PID:3876
- C:\Windows\System\sMDMuwv.exe
  C:\Windows\System\sMDMuwv.exe
  2⤵
  PID:3892
- C:\Windows\System\CsbcCKB.exe
  C:\Windows\System\CsbcCKB.exe
  2⤵
  PID:3908
- C:\Windows\System\DBWfNWP.exe
  C:\Windows\System\DBWfNWP.exe
  2⤵
  PID:3928
- C:\Windows\System\xkqbole.exe
  C:\Windows\System\xkqbole.exe
  2⤵
  PID:3944
- C:\Windows\System\WHxYTfx.exe
  C:\Windows\System\WHxYTfx.exe
  2⤵
  PID:3960
- C:\Windows\System\nZyQeQm.exe
  C:\Windows\System\nZyQeQm.exe
  2⤵
  PID:3976
- C:\Windows\System\OWASBXF.exe
  C:\Windows\System\OWASBXF.exe
  2⤵
  PID:3992
- C:\Windows\System\UGIgbMY.exe
  C:\Windows\System\UGIgbMY.exe
  2⤵
  PID:4008
- C:\Windows\System\ncwfedW.exe
  C:\Windows\System\ncwfedW.exe
  2⤵
  PID:4024
- C:\Windows\System\CeGJvGN.exe
  C:\Windows\System\CeGJvGN.exe
  2⤵
  PID:4044
- C:\Windows\System\rAcpOqr.exe
  C:\Windows\System\rAcpOqr.exe
  2⤵
  PID:4060
- C:\Windows\System\MQcTJyU.exe
  C:\Windows\System\MQcTJyU.exe
  2⤵
  PID:4076
- C:\Windows\System\iLYDVtW.exe
  C:\Windows\System\iLYDVtW.exe
  2⤵
  PID:4092
- C:\Windows\System\EPBMXdB.exe
  C:\Windows\System\EPBMXdB.exe
  2⤵
  PID:2220
- C:\Windows\System\rJkGGsP.exe
  C:\Windows\System\rJkGGsP.exe
  2⤵
  PID:1988
- C:\Windows\System\weGnDlU.exe
  C:\Windows\System\weGnDlU.exe
  2⤵
  PID:2496
- C:\Windows\System\bUTiXSf.exe
  C:\Windows\System\bUTiXSf.exe
  2⤵
  PID:3008
- C:\Windows\System\QJyeywV.exe
  C:\Windows\System\QJyeywV.exe
  2⤵
  PID:2884
- C:\Windows\System\iyWYRvw.exe
  C:\Windows\System\iyWYRvw.exe
  2⤵
  PID:772
- C:\Windows\System\ojmXzCi.exe
  C:\Windows\System\ojmXzCi.exe
  2⤵
  PID:2516
- C:\Windows\System\tVolgSt.exe
  C:\Windows\System\tVolgSt.exe
  2⤵
  PID:3076
- C:\Windows\System\gWqMzzm.exe
  C:\Windows\System\gWqMzzm.exe
  2⤵
  PID:3096
- C:\Windows\System\AEFDZgb.exe
  C:\Windows\System\AEFDZgb.exe
  2⤵
  PID:3124
- C:\Windows\System\KACXdkD.exe
  C:\Windows\System\KACXdkD.exe
  2⤵
  PID:3172
- C:\Windows\System\iubutKv.exe
  C:\Windows\System\iubutKv.exe
  2⤵
  PID:3208
- C:\Windows\System\xfXACaQ.exe
  C:\Windows\System\xfXACaQ.exe
  2⤵
  PID:3224
- C:\Windows\System\WYUqOqU.exe
  C:\Windows\System\WYUqOqU.exe
  2⤵
  PID:2700
- C:\Windows\System\MTXBcJj.exe
  C:\Windows\System\MTXBcJj.exe
  2⤵
  PID:3292
- C:\Windows\System\SkMGrvY.exe
  C:\Windows\System\SkMGrvY.exe
  2⤵
  PID:3312
- C:\Windows\System\NOZIUIz.exe
  C:\Windows\System\NOZIUIz.exe
  2⤵
  PID:3344
- C:\Windows\System\dKsejVF.exe
  C:\Windows\System\dKsejVF.exe
  2⤵
  PID:3376
- C:\Windows\System\qkVCHZm.exe
  C:\Windows\System\qkVCHZm.exe
  2⤵
  PID:3412
- C:\Windows\System\JxFAsNu.exe
  C:\Windows\System\JxFAsNu.exe
  2⤵
  PID:3444
- C:\Windows\System\CIaCzNv.exe
  C:\Windows\System\CIaCzNv.exe
  2⤵
  PID:2092
- C:\Windows\System\SeszYrL.exe
  C:\Windows\System\SeszYrL.exe
  2⤵
  PID:3512
- C:\Windows\System\IcqSYgo.exe
  C:\Windows\System\IcqSYgo.exe
  2⤵
  PID:3576
- C:\Windows\System\YDAQLyu.exe
  C:\Windows\System\YDAQLyu.exe
  2⤵
  PID:3608
- C:\Windows\System\pUolbtB.exe
  C:\Windows\System\pUolbtB.exe
  2⤵
  PID:3612
- C:\Windows\System\UCNKcJZ.exe
  C:\Windows\System\UCNKcJZ.exe
  2⤵
  PID:3640
- C:\Windows\System\gVPwPPO.exe
  C:\Windows\System\gVPwPPO.exe
  2⤵
  PID:3672
- C:\Windows\System\bwxGGTP.exe
  C:\Windows\System\bwxGGTP.exe
  2⤵
  PID:3692
- C:\Windows\System\qzTKhOa.exe
  C:\Windows\System\qzTKhOa.exe
  2⤵
  PID:3728
- C:\Windows\System\qzGTmxn.exe
  C:\Windows\System\qzGTmxn.exe
  2⤵
  PID:3760
- C:\Windows\System\edgRase.exe
  C:\Windows\System\edgRase.exe
  2⤵
  PID:3792
- C:\Windows\System\BYQyfUN.exe
  C:\Windows\System\BYQyfUN.exe
  2⤵
  PID:3824
- C:\Windows\System\IZhZInJ.exe
  C:\Windows\System\IZhZInJ.exe
  2⤵
  PID:3872
- C:\Windows\System\PNynAzb.exe
  C:\Windows\System\PNynAzb.exe
  2⤵
  PID:3968
- C:\Windows\System\nWKfGVd.exe
  C:\Windows\System\nWKfGVd.exe
  2⤵
  PID:4032
- C:\Windows\System\NeIVnfb.exe
  C:\Windows\System\NeIVnfb.exe
  2⤵
  PID:3888
- C:\Windows\System\ddHZoeC.exe
  C:\Windows\System\ddHZoeC.exe
  2⤵
  PID:3956
- C:\Windows\System\qjelmmg.exe
  C:\Windows\System\qjelmmg.exe
  2⤵
  PID:4068
- C:\Windows\System\dgMRBhK.exe
  C:\Windows\System\dgMRBhK.exe
  2⤵
  PID:1144
- C:\Windows\System\TzWHctg.exe
  C:\Windows\System\TzWHctg.exe
  2⤵
  PID:4052
- C:\Windows\System\mzNiMqE.exe
  C:\Windows\System\mzNiMqE.exe
  2⤵
  PID:2836
- C:\Windows\System\aadUhHv.exe
  C:\Windows\System\aadUhHv.exe
  2⤵
  PID:1152
- C:\Windows\System\tUXcHjK.exe
  C:\Windows\System\tUXcHjK.exe
  2⤵
  PID:3040
- C:\Windows\System\Mukvqfu.exe
  C:\Windows\System\Mukvqfu.exe
  2⤵
  PID:1028
- C:\Windows\System\fKhVTnl.exe
  C:\Windows\System\fKhVTnl.exe
  2⤵
  PID:2712
- C:\Windows\System\CBGSXpX.exe
  C:\Windows\System\CBGSXpX.exe
  2⤵
  PID:2948
- C:\Windows\System\byZAetF.exe
  C:\Windows\System\byZAetF.exe
  2⤵
  PID:3144
- C:\Windows\System\JXLMdXE.exe
  C:\Windows\System\JXLMdXE.exe
  2⤵
  PID:3244
- C:\Windows\System\aLsDPFM.exe
  C:\Windows\System\aLsDPFM.exe
  2⤵
  PID:3280
- C:\Windows\System\rPuKcMf.exe
  C:\Windows\System\rPuKcMf.exe
  2⤵
  PID:3308
- C:\Windows\System\UYFvWwg.exe
  C:\Windows\System\UYFvWwg.exe
  2⤵
  PID:3396
- C:\Windows\System\tZWoSrp.exe
  C:\Windows\System\tZWoSrp.exe
  2⤵
  PID:3480
- C:\Windows\System\hQUTojY.exe
  C:\Windows\System\hQUTojY.exe
  2⤵
  PID:3544
- C:\Windows\System\zdggOEw.exe
  C:\Windows\System\zdggOEw.exe
  2⤵
  PID:3592
- C:\Windows\System\GYyiCuI.exe
  C:\Windows\System\GYyiCuI.exe
  2⤵
  PID:3656
- C:\Windows\System\AfgNVWh.exe
  C:\Windows\System\AfgNVWh.exe
  2⤵
  PID:3724
- C:\Windows\System\HlxuNKI.exe
  C:\Windows\System\HlxuNKI.exe
  2⤵
  PID:3772
- C:\Windows\System\SZyjnsc.exe
  C:\Windows\System\SZyjnsc.exe
  2⤵
  PID:3836
- C:\Windows\System\gIeSEOY.exe
  C:\Windows\System\gIeSEOY.exe
  2⤵
  PID:3936
- C:\Windows\System\roeiCOB.exe
  C:\Windows\System\roeiCOB.exe
  2⤵
  PID:3920
- C:\Windows\System\HFAqphf.exe
  C:\Windows\System\HFAqphf.exe
  2⤵
  PID:2964
- C:\Windows\System\PkUKnck.exe
  C:\Windows\System\PkUKnck.exe
  2⤵
  PID:3924
- C:\Windows\System\EWroHwP.exe
  C:\Windows\System\EWroHwP.exe
  2⤵
  PID:2928
- C:\Windows\System\NRSJhiz.exe
  C:\Windows\System\NRSJhiz.exe
  2⤵
  PID:2240
- C:\Windows\System\MCsDmjo.exe
  C:\Windows\System\MCsDmjo.exe
  2⤵
  PID:940
- C:\Windows\System\eyAjOKG.exe
  C:\Windows\System\eyAjOKG.exe
  2⤵
  PID:3156
- C:\Windows\System\xNZoEDQ.exe
  C:\Windows\System\xNZoEDQ.exe
  2⤵
  PID:3052
- C:\Windows\System\pPmCtKR.exe
  C:\Windows\System\pPmCtKR.exe
  2⤵
  PID:3392
- C:\Windows\System\AXERhYA.exe
  C:\Windows\System\AXERhYA.exe
  2⤵
  PID:3508
- C:\Windows\System\XvtQbwi.exe
  C:\Windows\System\XvtQbwi.exe
  2⤵
  PID:3596
- C:\Windows\System\Zqazmgh.exe
  C:\Windows\System\Zqazmgh.exe
  2⤵
  PID:3688
- C:\Windows\System\uGqQODk.exe
  C:\Windows\System\uGqQODk.exe
  2⤵
  PID:3788
- C:\Windows\System\lIBjLww.exe
  C:\Windows\System\lIBjLww.exe
  2⤵
  PID:3904
- C:\Windows\System\AdWcvFF.exe
  C:\Windows\System\AdWcvFF.exe
  2⤵
  PID:2304
- C:\Windows\System\VKCqpPC.exe
  C:\Windows\System\VKCqpPC.exe
  2⤵
  PID:4036
- C:\Windows\System\kCSkXiz.exe
  C:\Windows\System\kCSkXiz.exe
  2⤵
  PID:1760
- C:\Windows\System\BcqGatY.exe
  C:\Windows\System\BcqGatY.exe
  2⤵
  PID:2284
- C:\Windows\System\iBzZrOc.exe
  C:\Windows\System\iBzZrOc.exe
  2⤵
  PID:3140
- C:\Windows\System\wfBHKki.exe
  C:\Windows\System\wfBHKki.exe
  2⤵
  PID:4108
- C:\Windows\System\OofrMMe.exe
  C:\Windows\System\OofrMMe.exe
  2⤵
  PID:4124
- C:\Windows\System\WtAFhxD.exe
  C:\Windows\System\WtAFhxD.exe
  2⤵
  PID:4140
- C:\Windows\System\qQhNHfL.exe
  C:\Windows\System\qQhNHfL.exe
  2⤵
  PID:4160
- C:\Windows\System\AmGMyTz.exe
  C:\Windows\System\AmGMyTz.exe
  2⤵
  PID:4176
- C:\Windows\System\JiiAhdy.exe
  C:\Windows\System\JiiAhdy.exe
  2⤵
  PID:4192
- C:\Windows\System\kJVTifR.exe
  C:\Windows\System\kJVTifR.exe
  2⤵
  PID:4484
- C:\Windows\System\euxNqWj.exe
  C:\Windows\System\euxNqWj.exe
  2⤵
  PID:4512
- C:\Windows\System\IsAsOGh.exe
  C:\Windows\System\IsAsOGh.exe
  2⤵
  PID:4560
- C:\Windows\System\TarzvQr.exe
  C:\Windows\System\TarzvQr.exe
  2⤵
  PID:4580
- C:\Windows\System\oLZXucJ.exe
  C:\Windows\System\oLZXucJ.exe
  2⤵
  PID:4596
- C:\Windows\System\xXrdAZs.exe
  C:\Windows\System\xXrdAZs.exe
  2⤵
  PID:4616
- C:\Windows\System\ooTCNTN.exe
  C:\Windows\System\ooTCNTN.exe
  2⤵
  PID:4636
- C:\Windows\System\YGucvTC.exe
  C:\Windows\System\YGucvTC.exe
  2⤵
  PID:4652
- C:\Windows\System\aUmSCAN.exe
  C:\Windows\System\aUmSCAN.exe
  2⤵
  PID:4668
- C:\Windows\System\gTDHNTl.exe
  C:\Windows\System\gTDHNTl.exe
  2⤵
  PID:4684
- C:\Windows\System\nFCwhpR.exe
  C:\Windows\System\nFCwhpR.exe
  2⤵
  PID:4700
- C:\Windows\System\gnoasyl.exe
  C:\Windows\System\gnoasyl.exe
  2⤵
  PID:4716
- C:\Windows\System\BSjfloE.exe
  C:\Windows\System\BSjfloE.exe
  2⤵
  PID:4732
- C:\Windows\System\QBfLJeE.exe
  C:\Windows\System\QBfLJeE.exe
  2⤵
  PID:4748
- C:\Windows\System\VkirNrC.exe
  C:\Windows\System\VkirNrC.exe
  2⤵
  PID:4764
- C:\Windows\System\VJYxIAg.exe
  C:\Windows\System\VJYxIAg.exe
  2⤵
  PID:4780
- C:\Windows\System\MTyulkB.exe
  C:\Windows\System\MTyulkB.exe
  2⤵
  PID:4796
- C:\Windows\System\LYnetlt.exe
  C:\Windows\System\LYnetlt.exe
  2⤵
  PID:4812
- C:\Windows\System\daSFzwS.exe
  C:\Windows\System\daSFzwS.exe
  2⤵
  PID:4828
- C:\Windows\System\mCJgKVZ.exe
  C:\Windows\System\mCJgKVZ.exe
  2⤵
  PID:4848
- C:\Windows\System\lJthjzo.exe
  C:\Windows\System\lJthjzo.exe
  2⤵
  PID:4864
- C:\Windows\System\bgtHdPp.exe
  C:\Windows\System\bgtHdPp.exe
  2⤵
  PID:4880
- C:\Windows\System\EiiEYsA.exe
  C:\Windows\System\EiiEYsA.exe
  2⤵
  PID:4896
- C:\Windows\System\OAVvqVq.exe
  C:\Windows\System\OAVvqVq.exe
  2⤵
  PID:4912
- C:\Windows\System\JFhRRdC.exe
  C:\Windows\System\JFhRRdC.exe
  2⤵
  PID:4928
- C:\Windows\System\Elqcjhk.exe
  C:\Windows\System\Elqcjhk.exe
  2⤵
  PID:4944
- C:\Windows\System\fEKYZmQ.exe
  C:\Windows\System\fEKYZmQ.exe
  2⤵
  PID:4960
- C:\Windows\System\pUTPnlt.exe
  C:\Windows\System\pUTPnlt.exe
  2⤵
  PID:4976
- C:\Windows\System\MQPyecM.exe
  C:\Windows\System\MQPyecM.exe
  2⤵
  PID:5056
- C:\Windows\System\bEVmbzT.exe
  C:\Windows\System\bEVmbzT.exe
  2⤵
  PID:5072
- C:\Windows\System\koOMEzT.exe
  C:\Windows\System\koOMEzT.exe
  2⤵
  PID:5088
- C:\Windows\System\olAvfzf.exe
  C:\Windows\System\olAvfzf.exe
  2⤵
  PID:5104
- C:\Windows\System\rVydEja.exe
  C:\Windows\System\rVydEja.exe
  2⤵
  PID:3212
- C:\Windows\System\jmkbNtQ.exe
  C:\Windows\System\jmkbNtQ.exe
  2⤵
  PID:2656
- C:\Windows\System\oIlkwkX.exe
  C:\Windows\System\oIlkwkX.exe
  2⤵
  PID:3532
- C:\Windows\System\RgIPdHP.exe
  C:\Windows\System\RgIPdHP.exe
  2⤵
  PID:3756
- C:\Windows\System\hDHcTGB.exe
  C:\Windows\System\hDHcTGB.exe
  2⤵
  PID:4156
- C:\Windows\System\pTfgWGo.exe
  C:\Windows\System\pTfgWGo.exe
  2⤵
  PID:4952
- C:\Windows\System\gIoRCbC.exe
  C:\Windows\System\gIoRCbC.exe
  2⤵
  PID:3440
- C:\Windows\System\hnyihBM.exe
  C:\Windows\System\hnyihBM.exe
  2⤵
  PID:3988
- C:\Windows\System\JgrhwGs.exe
  C:\Windows\System\JgrhwGs.exe
  2⤵
  PID:2716
- C:\Windows\System\uGlkFJL.exe
  C:\Windows\System\uGlkFJL.exe
  2⤵
  PID:4132
- C:\Windows\System\mfJdgrj.exe
  C:\Windows\System\mfJdgrj.exe
  2⤵
  PID:3248
- C:\Windows\System\oBtNrpP.exe
  C:\Windows\System\oBtNrpP.exe
  2⤵
  PID:4152
- C:\Windows\System\SFtjlWE.exe
  C:\Windows\System\SFtjlWE.exe
  2⤵
  PID:4224
- C:\Windows\System\iyeIzuK.exe
  C:\Windows\System\iyeIzuK.exe
  2⤵
  PID:4240
- C:\Windows\System\UFNYWcy.exe
  C:\Windows\System\UFNYWcy.exe
  2⤵
  PID:4260
- C:\Windows\System\oTjuqbz.exe
  C:\Windows\System\oTjuqbz.exe
  2⤵
  PID:4288
- C:\Windows\System\PNezTYr.exe
  C:\Windows\System\PNezTYr.exe
  2⤵
  PID:4308
- C:\Windows\System\EmYWrFT.exe
  C:\Windows\System\EmYWrFT.exe
  2⤵
  PID:276
- C:\Windows\System\QEcHxoU.exe
  C:\Windows\System\QEcHxoU.exe
  2⤵
  PID:4344
- C:\Windows\System\HHwZyXa.exe
  C:\Windows\System\HHwZyXa.exe
  2⤵
  PID:4368
- C:\Windows\System\bJmaCxK.exe
  C:\Windows\System\bJmaCxK.exe
  2⤵
  PID:4388
- C:\Windows\System\hgGedQE.exe
  C:\Windows\System\hgGedQE.exe
  2⤵
  PID:4420
- C:\Windows\System\MVafOeL.exe
  C:\Windows\System\MVafOeL.exe
  2⤵
  PID:4440
- C:\Windows\System\fivpETr.exe
  C:\Windows\System\fivpETr.exe
  2⤵
  PID:4456
- C:\Windows\System\oeWqgzn.exe
  C:\Windows\System\oeWqgzn.exe
  2⤵
  PID:4476
- C:\Windows\System\BjieSOT.exe
  C:\Windows\System\BjieSOT.exe
  2⤵
  PID:4528
- C:\Windows\System\lONUIfJ.exe
  C:\Windows\System\lONUIfJ.exe
  2⤵
  PID:4544
- C:\Windows\System\yyqToXa.exe
  C:\Windows\System\yyqToXa.exe
  2⤵
  PID:4504
- C:\Windows\System\JQCXGGo.exe
  C:\Windows\System\JQCXGGo.exe
  2⤵
  PID:4604
- C:\Windows\System\dceRmVo.exe
  C:\Windows\System\dceRmVo.exe
  2⤵
  PID:4624
- C:\Windows\System\JwbIbhX.exe
  C:\Windows\System\JwbIbhX.exe
  2⤵
  PID:4664
- C:\Windows\System\vKhboZX.exe
  C:\Windows\System\vKhboZX.exe
  2⤵
  PID:4696
- C:\Windows\System\uKBSfRO.exe
  C:\Windows\System\uKBSfRO.exe
  2⤵
  PID:3016
- C:\Windows\System\awPZyNu.exe
  C:\Windows\System\awPZyNu.exe
  2⤵
  PID:4772
- C:\Windows\System\WborANG.exe
  C:\Windows\System\WborANG.exe
  2⤵
  PID:2152
- C:\Windows\System\GRXcCZe.exe
  C:\Windows\System\GRXcCZe.exe
  2⤵
  PID:4836
- C:\Windows\System\stwFgJV.exe
  C:\Windows\System\stwFgJV.exe
  2⤵
  PID:4872
- C:\Windows\System\oCrJMJo.exe
  C:\Windows\System\oCrJMJo.exe
  2⤵
  PID:4904
- C:\Windows\System\sskrgxj.exe
  C:\Windows\System\sskrgxj.exe
  2⤵
  PID:2912
- C:\Windows\System\HvOJYMG.exe
  C:\Windows\System\HvOJYMG.exe
  2⤵
  PID:4908
- C:\Windows\System\pqxEwBw.exe
  C:\Windows\System\pqxEwBw.exe
  2⤵
  PID:3332
- C:\Windows\System\RnQVPsq.exe
  C:\Windows\System\RnQVPsq.exe
  2⤵
  PID:5008
- C:\Windows\System\SQILgea.exe
  C:\Windows\System\SQILgea.exe
  2⤵
  PID:5028
- C:\Windows\System\fIBvSvk.exe
  C:\Windows\System\fIBvSvk.exe
  2⤵
  PID:2832
- C:\Windows\System\LnXgliM.exe
  C:\Windows\System\LnXgliM.exe
  2⤵
  PID:5112
- C:\Windows\System\npPElCm.exe
  C:\Windows\System\npPElCm.exe
  2⤵
  PID:5064
- C:\Windows\System\ufCuaoB.exe
  C:\Windows\System\ufCuaoB.exe
  2⤵
  PID:2956
- C:\Windows\System\rErudZB.exe
  C:\Windows\System\rErudZB.exe
  2⤵
  PID:4104
- C:\Windows\System\vOXkrhz.exe
  C:\Windows\System\vOXkrhz.exe
  2⤵
  PID:4168
- C:\Windows\System\kDVBuPJ.exe
  C:\Windows\System\kDVBuPJ.exe
  2⤵
  PID:4216
- C:\Windows\System\XAiQOsQ.exe
  C:\Windows\System\XAiQOsQ.exe
  2⤵
  PID:4256
- C:\Windows\System\BxIYRJE.exe
  C:\Windows\System\BxIYRJE.exe
  2⤵
  PID:4252
- C:\Windows\System\WuklfFw.exe
  C:\Windows\System\WuklfFw.exe
  2⤵
  PID:4276
- C:\Windows\System\WlITJkg.exe
  C:\Windows\System\WlITJkg.exe
  2⤵
  PID:4316
- C:\Windows\System\rqJXOto.exe
  C:\Windows\System\rqJXOto.exe
  2⤵
  PID:4320
- C:\Windows\System\OYZflsy.exe
  C:\Windows\System\OYZflsy.exe
  2⤵
  PID:4380
- C:\Windows\System\WudMeLS.exe
  C:\Windows\System\WudMeLS.exe
  2⤵
  PID:4364
- C:\Windows\System\JNSVVRx.exe
  C:\Windows\System\JNSVVRx.exe
  2⤵
  PID:2996
- C:\Windows\System\mgufdEw.exe
  C:\Windows\System\mgufdEw.exe
  2⤵
  PID:1984
- C:\Windows\System\MGRYjGB.exe
  C:\Windows\System\MGRYjGB.exe
  2⤵
  PID:2672
- C:\Windows\System\UwMSwwp.exe
  C:\Windows\System\UwMSwwp.exe
  2⤵
  PID:524
- C:\Windows\System\IdbKOiv.exe
  C:\Windows\System\IdbKOiv.exe
  2⤵
  PID:1692
- C:\Windows\System\nmTUrcg.exe
  C:\Windows\System\nmTUrcg.exe
  2⤵
  PID:4472
- C:\Windows\System\QgkbmAy.exe
  C:\Windows\System\QgkbmAy.exe
  2⤵
  PID:4540
- C:\Windows\System\VwsRaWG.exe
  C:\Windows\System\VwsRaWG.exe
  2⤵
  PID:4492
- C:\Windows\System\PonzNNv.exe
  C:\Windows\System\PonzNNv.exe
  2⤵
  PID:4500
- C:\Windows\System\hezrtom.exe
  C:\Windows\System\hezrtom.exe
  2⤵
  PID:4408
- C:\Windows\System\iqUzmok.exe
  C:\Windows\System\iqUzmok.exe
  2⤵
  PID:2916
- C:\Windows\System\ABbHxbg.exe
  C:\Windows\System\ABbHxbg.exe
  2⤵
  PID:676
- C:\Windows\System\FUbWfWw.exe
  C:\Windows\System\FUbWfWw.exe
  2⤵
  PID:4608
- C:\Windows\System\sMLjCPb.exe
  C:\Windows\System\sMLjCPb.exe
  2⤵
  PID:4776
- C:\Windows\System\oWBGoUk.exe
  C:\Windows\System\oWBGoUk.exe
  2⤵
  PID:4756
- C:\Windows\System\eZCLtvY.exe
  C:\Windows\System\eZCLtvY.exe
  2⤵
  PID:4744
- C:\Windows\System\NROtpdh.exe
  C:\Windows\System\NROtpdh.exe
  2⤵
  PID:4804
- C:\Windows\System\aXinVHo.exe
  C:\Windows\System\aXinVHo.exe
  2⤵
  PID:4988
- C:\Windows\System\maUQeIp.exe
  C:\Windows\System\maUQeIp.exe
  2⤵
  PID:4920
- C:\Windows\System\dHdjbTU.exe
  C:\Windows\System\dHdjbTU.exe
  2⤵
  PID:4844
- C:\Windows\System\cxnILna.exe
  C:\Windows\System\cxnILna.exe
  2⤵
  PID:5024
- C:\Windows\System\PbKexFP.exe
  C:\Windows\System\PbKexFP.exe
  2⤵
  PID:4996
- C:\Windows\System\AZbjmuP.exe
  C:\Windows\System\AZbjmuP.exe
  2⤵
  PID:5100
- C:\Windows\System\RJRGyzY.exe
  C:\Windows\System\RJRGyzY.exe
  2⤵
  PID:3660
- C:\Windows\System\oNQnFla.exe
  C:\Windows\System\oNQnFla.exe
  2⤵
  PID:4172
- C:\Windows\System\tWKGTQP.exe
  C:\Windows\System\tWKGTQP.exe
  2⤵
  PID:4272
- C:\Windows\System\INvQYzH.exe
  C:\Windows\System\INvQYzH.exe
  2⤵
  PID:4148
- C:\Windows\System\mySCdXU.exe
  C:\Windows\System\mySCdXU.exe
  2⤵
  PID:1504
- C:\Windows\System\trADTQn.exe
  C:\Windows\System\trADTQn.exe
  2⤵
  PID:4324
- C:\Windows\System\TNYbFYH.exe
  C:\Windows\System\TNYbFYH.exe
  2⤵
  PID:2780
- C:\Windows\System\sACztFU.exe
  C:\Windows\System\sACztFU.exe
  2⤵
  PID:2792
- C:\Windows\System\bFrAPhM.exe
  C:\Windows\System\bFrAPhM.exe
  2⤵
  PID:4448
- C:\Windows\System\kLzdnJl.exe
  C:\Windows\System\kLzdnJl.exe
  2⤵
  PID:1492
- C:\Windows\System\YsVRpEV.exe
  C:\Windows\System\YsVRpEV.exe
  2⤵
  PID:4452
- C:\Windows\System\xIBFURJ.exe
  C:\Windows\System\xIBFURJ.exe
  2⤵
  PID:2980
- C:\Windows\System\ilncahx.exe
  C:\Windows\System\ilncahx.exe
  2⤵
  PID:2428
- C:\Windows\System\VINxpCi.exe
  C:\Windows\System\VINxpCi.exe
  2⤵
  PID:2396
- C:\Windows\System\uEsjNyB.exe
  C:\Windows\System\uEsjNyB.exe
  2⤵
  PID:4724
- C:\Windows\System\mFejsnI.exe
  C:\Windows\System\mFejsnI.exe
  2⤵
  PID:2440
- C:\Windows\System\DJCfxVu.exe
  C:\Windows\System\DJCfxVu.exe
  2⤵
  PID:4692
- C:\Windows\System\FmpWeis.exe
  C:\Windows\System\FmpWeis.exe
  2⤵
  PID:4824
- C:\Windows\System\lNvqxdg.exe
  C:\Windows\System\lNvqxdg.exe
  2⤵
  PID:4808
- C:\Windows\System\MCLsGNc.exe
  C:\Windows\System\MCLsGNc.exe
  2⤵
  PID:1456
- C:\Windows\System\LGpcSOO.exe
  C:\Windows\System\LGpcSOO.exe
  2⤵
  PID:4212
- C:\Windows\System\pVicrXh.exe
  C:\Windows\System\pVicrXh.exe
  2⤵
  PID:4268
- C:\Windows\System\TNaqYLT.exe
  C:\Windows\System\TNaqYLT.exe
  2⤵
  PID:4336
- C:\Windows\System\THwDZOO.exe
  C:\Windows\System\THwDZOO.exe
  2⤵
  PID:2044
- C:\Windows\System\XZAhsZl.exe
  C:\Windows\System\XZAhsZl.exe
  2⤵
  PID:4508
- C:\Windows\System\KBhBOvR.exe
  C:\Windows\System\KBhBOvR.exe
  2⤵
  PID:4360
- C:\Windows\System\btsjTNP.exe
  C:\Windows\System\btsjTNP.exe
  2⤵
  PID:4432
- C:\Windows\System\dpvDCgS.exe
  C:\Windows\System\dpvDCgS.exe
  2⤵
  PID:1928
- C:\Windows\System\rWCqRhg.exe
  C:\Windows\System\rWCqRhg.exe
  2⤵
  PID:2020
- C:\Windows\System\oHChUgM.exe
  C:\Windows\System\oHChUgM.exe
  2⤵
  PID:2280
- C:\Windows\System\jDrXgnD.exe
  C:\Windows\System\jDrXgnD.exe
  2⤵
  PID:4648
- C:\Windows\System\zBIKaMy.exe
  C:\Windows\System\zBIKaMy.exe
  2⤵
  PID:4968
- C:\Windows\System\xKIpLFb.exe
  C:\Windows\System\xKIpLFb.exe
  2⤵
  PID:4416
- C:\Windows\System\ArbnMdX.exe
  C:\Windows\System\ArbnMdX.exe
  2⤵
  PID:5020
- C:\Windows\System\eJEIgBi.exe
  C:\Windows\System\eJEIgBi.exe
  2⤵
  PID:4248
- C:\Windows\System\EKjyFom.exe
  C:\Windows\System\EKjyFom.exe
  2⤵
  PID:1664
- C:\Windows\System\UWhApot.exe
  C:\Windows\System\UWhApot.exe
  2⤵
  PID:2192
- C:\Windows\System\CeuXkGo.exe
  C:\Windows\System\CeuXkGo.exe
  2⤵
  PID:4552
- C:\Windows\System\Bngzakv.exe
  C:\Windows\System\Bngzakv.exe
  2⤵
  PID:4428
- C:\Windows\System\AUAnEAo.exe
  C:\Windows\System\AUAnEAo.exe
  2⤵
  PID:4788
- C:\Windows\System\GzGScQg.exe
  C:\Windows\System\GzGScQg.exe
  2⤵
  PID:5040
- C:\Windows\System\iLybMvY.exe
  C:\Windows\System\iLybMvY.exe
  2⤵
  PID:4856
- C:\Windows\System\eQRfDvk.exe
  C:\Windows\System\eQRfDvk.exe
  2⤵
  PID:4232
- C:\Windows\System\QhzrgGz.exe
  C:\Windows\System\QhzrgGz.exe
  2⤵
  PID:3856
- C:\Windows\System\uXISCBX.exe
  C:\Windows\System\uXISCBX.exe
  2⤵
  PID:4524
- C:\Windows\System\TobeNTj.exe
  C:\Windows\System\TobeNTj.exe
  2⤵
  PID:2988
- C:\Windows\System\WghVkNv.exe
  C:\Windows\System\WghVkNv.exe
  2⤵
  PID:2752
- C:\Windows\System\ivnXmCy.exe
  C:\Windows\System\ivnXmCy.exe
  2⤵
  PID:4356
- C:\Windows\System\SXrbhca.exe
  C:\Windows\System\SXrbhca.exe
  2⤵
  PID:4572
- C:\Windows\System\uPkuPcA.exe
  C:\Windows\System\uPkuPcA.exe
  2⤵
  PID:2236
- C:\Windows\System\bQjamUi.exe
  C:\Windows\System\bQjamUi.exe
  2⤵
  PID:1180
- C:\Windows\System\atEOdrH.exe
  C:\Windows\System\atEOdrH.exe
  2⤵
  PID:2012
- C:\Windows\System\FiCtzBD.exe
  C:\Windows\System\FiCtzBD.exe
  2⤵
  PID:5128
- C:\Windows\System\OQBcxCp.exe
  C:\Windows\System\OQBcxCp.exe
  2⤵
  PID:5144
- C:\Windows\System\bCffjOX.exe
  C:\Windows\System\bCffjOX.exe
  2⤵
  PID:5168
- C:\Windows\System\priqndI.exe
  C:\Windows\System\priqndI.exe
  2⤵
  PID:5184
- C:\Windows\System\mziLUPW.exe
  C:\Windows\System\mziLUPW.exe
  2⤵
  PID:5212
- C:\Windows\System\cqsIbNq.exe
  C:\Windows\System\cqsIbNq.exe
  2⤵
  PID:5228
- C:\Windows\System\LDNECIS.exe
  C:\Windows\System\LDNECIS.exe
  2⤵
  PID:5248
- C:\Windows\System\kckkPaK.exe
  C:\Windows\System\kckkPaK.exe
  2⤵
  PID:5272
- C:\Windows\System\ugICZcx.exe
  C:\Windows\System\ugICZcx.exe
  2⤵
  PID:5296
- C:\Windows\System\zbvtyNO.exe
  C:\Windows\System\zbvtyNO.exe
  2⤵
  PID:5312
- C:\Windows\System\OGnmjse.exe
  C:\Windows\System\OGnmjse.exe
  2⤵
  PID:5336
- C:\Windows\System\fuSEvRa.exe
  C:\Windows\System\fuSEvRa.exe
  2⤵
  PID:5352
- C:\Windows\System\LxIsyhU.exe
  C:\Windows\System\LxIsyhU.exe
  2⤵
  PID:5368
- C:\Windows\System\AOZJEYk.exe
  C:\Windows\System\AOZJEYk.exe
  2⤵
  PID:5388
- C:\Windows\System\XCJaRSj.exe
  C:\Windows\System\XCJaRSj.exe
  2⤵
  PID:5408
- C:\Windows\System\EhTBbVa.exe
  C:\Windows\System\EhTBbVa.exe
  2⤵
  PID:5428
- C:\Windows\System\MplFcOf.exe
  C:\Windows\System\MplFcOf.exe
  2⤵
  PID:5444
- C:\Windows\System\dtdRUkL.exe
  C:\Windows\System\dtdRUkL.exe
  2⤵
  PID:5472
- C:\Windows\System\xWOEyZB.exe
  C:\Windows\System\xWOEyZB.exe
  2⤵
  PID:5492
- C:\Windows\System\epMBxES.exe
  C:\Windows\System\epMBxES.exe
  2⤵
  PID:5512
- C:\Windows\System\JtkMkNI.exe
  C:\Windows\System\JtkMkNI.exe
  2⤵
  PID:5528
- C:\Windows\System\zDsLtnp.exe
  C:\Windows\System\zDsLtnp.exe
  2⤵
  PID:5544
- C:\Windows\System\FVXXdxF.exe
  C:\Windows\System\FVXXdxF.exe
  2⤵
  PID:5568
- C:\Windows\System\cjxFLLf.exe
  C:\Windows\System\cjxFLLf.exe
  2⤵
  PID:5588
- C:\Windows\System\kOCaaVD.exe
  C:\Windows\System\kOCaaVD.exe
  2⤵
  PID:5608
- C:\Windows\System\XbSRrfx.exe
  C:\Windows\System\XbSRrfx.exe
  2⤵
  PID:5628
- C:\Windows\System\PlDPdPu.exe
  C:\Windows\System\PlDPdPu.exe
  2⤵
  PID:5648
- C:\Windows\System\PLWynee.exe
  C:\Windows\System\PLWynee.exe
  2⤵
  PID:5672
- C:\Windows\System\oxYKZNJ.exe
  C:\Windows\System\oxYKZNJ.exe
  2⤵
  PID:5692
- C:\Windows\System\siUSBHd.exe
  C:\Windows\System\siUSBHd.exe
  2⤵
  PID:5712
- C:\Windows\System\KnowaOG.exe
  C:\Windows\System\KnowaOG.exe
  2⤵
  PID:5736
- C:\Windows\System\zcoBQYZ.exe
  C:\Windows\System\zcoBQYZ.exe
  2⤵
  PID:5752
- C:\Windows\System\yTGrIdL.exe
  C:\Windows\System\yTGrIdL.exe
  2⤵
  PID:5768
- C:\Windows\System\nSYEPum.exe
  C:\Windows\System\nSYEPum.exe
  2⤵
  PID:5784
- C:\Windows\System\qEoffoe.exe
  C:\Windows\System\qEoffoe.exe
  2⤵
  PID:5800
- C:\Windows\System\ciRxKxX.exe
  C:\Windows\System\ciRxKxX.exe
  2⤵
  PID:5836
- C:\Windows\System\aKwQhMk.exe
  C:\Windows\System\aKwQhMk.exe
  2⤵
  PID:5852
- C:\Windows\System\rcjXyqD.exe
  C:\Windows\System\rcjXyqD.exe
  2⤵
  PID:5868
- C:\Windows\System\pimTaVw.exe
  C:\Windows\System\pimTaVw.exe
  2⤵
  PID:5888
- C:\Windows\System\fIxYILK.exe
  C:\Windows\System\fIxYILK.exe
  2⤵
  PID:5904
- C:\Windows\System\ZxIwVVK.exe
  C:\Windows\System\ZxIwVVK.exe
  2⤵
  PID:5928
- C:\Windows\System\iZXeQqA.exe
  C:\Windows\System\iZXeQqA.exe
  2⤵
  PID:5952
- C:\Windows\System\UwRClGE.exe
  C:\Windows\System\UwRClGE.exe
  2⤵
  PID:5968
- C:\Windows\System\MWcradk.exe
  C:\Windows\System\MWcradk.exe
  2⤵
  PID:5984
- C:\Windows\System\zfJHMZG.exe
  C:\Windows\System\zfJHMZG.exe
  2⤵
  PID:6012
- C:\Windows\System\AcGCAxA.exe
  C:\Windows\System\AcGCAxA.exe
  2⤵
  PID:6036
- C:\Windows\System\vNNIufg.exe
  C:\Windows\System\vNNIufg.exe
  2⤵
  PID:6056
- C:\Windows\System\KJDqLmO.exe
  C:\Windows\System\KJDqLmO.exe
  2⤵
  PID:6072
- C:\Windows\System\Zlxoswr.exe
  C:\Windows\System\Zlxoswr.exe
  2⤵
  PID:6092
- C:\Windows\System\DNyfnak.exe
  C:\Windows\System\DNyfnak.exe
  2⤵
  PID:6108
- C:\Windows\System\LQJeInJ.exe
  C:\Windows\System\LQJeInJ.exe
  2⤵
  PID:6136
- C:\Windows\System\rLinGaW.exe
  C:\Windows\System\rLinGaW.exe
  2⤵
  PID:1908
- C:\Windows\System\bqrRgkC.exe
  C:\Windows\System\bqrRgkC.exe
  2⤵
  PID:5156
- C:\Windows\System\OaYkxtt.exe
  C:\Windows\System\OaYkxtt.exe
  2⤵
  PID:5196
- C:\Windows\System\fzWKGnV.exe
  C:\Windows\System\fzWKGnV.exe
  2⤵
  PID:5208
- C:\Windows\System\LFpYjxZ.exe
  C:\Windows\System\LFpYjxZ.exe
  2⤵
  PID:5260
- C:\Windows\System\hGeSgUl.exe
  C:\Windows\System\hGeSgUl.exe
  2⤵
  PID:5264
- C:\Windows\System\EvKijxx.exe
  C:\Windows\System\EvKijxx.exe
  2⤵
  PID:5308
- C:\Windows\System\BcMZzsu.exe
  C:\Windows\System\BcMZzsu.exe
  2⤵
  PID:5332
- C:\Windows\System\SpluRWO.exe
  C:\Windows\System\SpluRWO.exe
  2⤵
  PID:5344
- C:\Windows\System\XsbgmBf.exe
  C:\Windows\System\XsbgmBf.exe
  2⤵
  PID:5480
- C:\Windows\System\QQZrOiP.exe
  C:\Windows\System\QQZrOiP.exe
  2⤵
  PID:5424
- C:\Windows\System\KBKVvuf.exe
  C:\Windows\System\KBKVvuf.exe
  2⤵
  PID:5468
- C:\Windows\System\eWmCWaK.exe
  C:\Windows\System\eWmCWaK.exe
  2⤵
  PID:5520
- C:\Windows\System\baUssdP.exe
  C:\Windows\System\baUssdP.exe
  2⤵
  PID:5596
- C:\Windows\System\BDWqtoL.exe
  C:\Windows\System\BDWqtoL.exe
  2⤵
  PID:5640
- C:\Windows\System\CNktKoB.exe
  C:\Windows\System\CNktKoB.exe
  2⤵
  PID:5580
- C:\Windows\System\owmqdzd.exe
  C:\Windows\System\owmqdzd.exe
  2⤵
  PID:5620
- C:\Windows\System\yKjoAKv.exe
  C:\Windows\System\yKjoAKv.exe
  2⤵
  PID:5684
- C:\Windows\System\TTfBXPp.exe
  C:\Windows\System\TTfBXPp.exe
  2⤵
  PID:5704
- C:\Windows\System\GlHqCDT.exe
  C:\Windows\System\GlHqCDT.exe
  2⤵
  PID:5816
- C:\Windows\System\OMFHJTm.exe
  C:\Windows\System\OMFHJTm.exe
  2⤵
  PID:5832
- C:\Windows\System\AsxCfPC.exe
  C:\Windows\System\AsxCfPC.exe
  2⤵
  PID:5728
- C:\Windows\System\kFSjxsc.exe
  C:\Windows\System\kFSjxsc.exe
  2⤵
  PID:5896
- C:\Windows\System\NWocuOU.exe
  C:\Windows\System\NWocuOU.exe
  2⤵
  PID:5880
- C:\Windows\System\jaLFjOz.exe
  C:\Windows\System\jaLFjOz.exe
  2⤵
  PID:5920
- C:\Windows\System\FfYMUGC.exe
  C:\Windows\System\FfYMUGC.exe
  2⤵
  PID:5976
- C:\Windows\System\sUmORmc.exe
  C:\Windows\System\sUmORmc.exe
  2⤵
  PID:6008
- C:\Windows\System\vuYaSVM.exe
  C:\Windows\System\vuYaSVM.exe
  2⤵
  PID:6024
- C:\Windows\System\MCsMsfL.exe
  C:\Windows\System\MCsMsfL.exe
  2⤵
  PID:6048
- C:\Windows\System\jEuhmXL.exe
  C:\Windows\System\jEuhmXL.exe
  2⤵
  PID:6064
- C:\Windows\System\ECIDduY.exe
  C:\Windows\System\ECIDduY.exe
  2⤵
  PID:6120
- C:\Windows\System\XFscdNC.exe
  C:\Windows\System\XFscdNC.exe
  2⤵
  PID:5140
- C:\Windows\System\KuxTKgw.exe
  C:\Windows\System\KuxTKgw.exe
  2⤵
  PID:5200
- C:\Windows\System\vKNLPVW.exe
  C:\Windows\System\vKNLPVW.exe
  2⤵
  PID:5268
- C:\Windows\System\NpCeJYQ.exe
  C:\Windows\System\NpCeJYQ.exe
  2⤵
  PID:5244
- C:\Windows\System\UNjpxYi.exe
  C:\Windows\System\UNjpxYi.exe
  2⤵
  PID:5440
- C:\Windows\System\vYqXysQ.exe
  C:\Windows\System\vYqXysQ.exe
  2⤵
  PID:5364
- C:\Windows\System\IuEIhWa.exe
  C:\Windows\System\IuEIhWa.exe
  2⤵
  PID:5456
- C:\Windows\System\WZSdtJB.exe
  C:\Windows\System\WZSdtJB.exe
  2⤵
  PID:5500
- C:\Windows\System\soOeiyO.exe
  C:\Windows\System\soOeiyO.exe
  2⤵
  PID:5600
- C:\Windows\System\tgRCquR.exe
  C:\Windows\System\tgRCquR.exe
  2⤵
  PID:5576
- C:\Windows\System\tSakDgG.exe
  C:\Windows\System\tSakDgG.exe
  2⤵
  PID:5616
- C:\Windows\System\HbzhprQ.exe
  C:\Windows\System\HbzhprQ.exe
  2⤵
  PID:5776
- C:\Windows\System\UTpzewF.exe
  C:\Windows\System\UTpzewF.exe
  2⤵
  PID:5828
- C:\Windows\System\hrGpvWB.exe
  C:\Windows\System\hrGpvWB.exe
  2⤵
  PID:5848
- C:\Windows\System\gyNVRZp.exe
  C:\Windows\System\gyNVRZp.exe
  2⤵
  PID:5912
- C:\Windows\System\PLgMBXQ.exe
  C:\Windows\System\PLgMBXQ.exe
  2⤵
  PID:5936
- C:\Windows\System\pXbOSgM.exe
  C:\Windows\System\pXbOSgM.exe
  2⤵
  PID:6044
- C:\Windows\System\gZMsKVs.exe
  C:\Windows\System\gZMsKVs.exe
  2⤵
  PID:6128
- C:\Windows\System\UvdMcDy.exe
  C:\Windows\System\UvdMcDy.exe
  2⤵
  PID:6100
- C:\Windows\System\zYmPMII.exe
  C:\Windows\System\zYmPMII.exe
  2⤵
  PID:5220
- C:\Windows\System\wTcGImX.exe
  C:\Windows\System\wTcGImX.exe
  2⤵
  PID:5324
- C:\Windows\System\FUMcbql.exe
  C:\Windows\System\FUMcbql.exe
  2⤵
  PID:5380
- C:\Windows\System\EyNqFOP.exe
  C:\Windows\System\EyNqFOP.exe
  2⤵
  PID:5284
- C:\Windows\System\mCTzDaf.exe
  C:\Windows\System\mCTzDaf.exe
  2⤵
  PID:5524
- C:\Windows\System\xPLUeEb.exe
  C:\Windows\System\xPLUeEb.exe
  2⤵
  PID:5636
- C:\Windows\System\zmCYKeD.exe
  C:\Windows\System\zmCYKeD.exe
  2⤵
  PID:5664
- C:\Windows\System\dSbMTDM.exe
  C:\Windows\System\dSbMTDM.exe
  2⤵
  PID:5760
- C:\Windows\System\XDucKRY.exe
  C:\Windows\System\XDucKRY.exe
  2⤵
  PID:5940
- C:\Windows\System\usVoHvP.exe
  C:\Windows\System\usVoHvP.exe
  2⤵
  PID:6020
- C:\Windows\System\sActnLh.exe
  C:\Windows\System\sActnLh.exe
  2⤵
  PID:5944
- C:\Windows\System\SzMEmxF.exe
  C:\Windows\System\SzMEmxF.exe
  2⤵
  PID:6104
- C:\Windows\System\vsxyWiF.exe
  C:\Windows\System\vsxyWiF.exe
  2⤵
  PID:5124
- C:\Windows\System\wfhGvtl.exe
  C:\Windows\System\wfhGvtl.exe
  2⤵
  PID:5744
- C:\Windows\System\IJyLINw.exe
  C:\Windows\System\IJyLINw.exe
  2⤵
  PID:5420
- C:\Windows\System\TGxCFol.exe
  C:\Windows\System\TGxCFol.exe
  2⤵
  PID:5824
- C:\Windows\System\KnuOsKR.exe
  C:\Windows\System\KnuOsKR.exe
  2⤵
  PID:5292
- C:\Windows\System\GBeOoIe.exe
  C:\Windows\System\GBeOoIe.exe
  2⤵
  PID:5796
- C:\Windows\System\RSQPovs.exe
  C:\Windows\System\RSQPovs.exe
  2⤵
  PID:6132
- C:\Windows\System\NDHWtbc.exe
  C:\Windows\System\NDHWtbc.exe
  2⤵
  PID:5624
- C:\Windows\System\CYbCtwy.exe
  C:\Windows\System\CYbCtwy.exe
  2⤵
  PID:5748
- C:\Windows\System\zhHLPTi.exe
  C:\Windows\System\zhHLPTi.exe
  2⤵
  PID:6000
- C:\Windows\System\HhtCbGX.exe
  C:\Windows\System\HhtCbGX.exe
  2⤵
  PID:2116
- C:\Windows\System\EBbCEVA.exe
  C:\Windows\System\EBbCEVA.exe
  2⤵
  PID:5844
- C:\Windows\System\jZzWDcy.exe
  C:\Windows\System\jZzWDcy.exe
  2⤵
  PID:5236
- C:\Windows\System\rFkArVo.exe
  C:\Windows\System\rFkArVo.exe
  2⤵
  PID:5964
- C:\Windows\System\KzAxskm.exe
  C:\Windows\System\KzAxskm.exe
  2⤵
  PID:6164
- C:\Windows\System\HFILOhz.exe
  C:\Windows\System\HFILOhz.exe
  2⤵
  PID:6184
- C:\Windows\System\mRWgmrh.exe
  C:\Windows\System\mRWgmrh.exe
  2⤵
  PID:6204
- C:\Windows\System\USFOXme.exe
  C:\Windows\System\USFOXme.exe
  2⤵
  PID:6224
- C:\Windows\System\AAxWfqf.exe
  C:\Windows\System\AAxWfqf.exe
  2⤵
  PID:6244
- C:\Windows\System\KuocKku.exe
  C:\Windows\System\KuocKku.exe
  2⤵
  PID:6260
- C:\Windows\System\VVOUwlH.exe
  C:\Windows\System\VVOUwlH.exe
  2⤵
  PID:6276
- C:\Windows\System\TLwkCjW.exe
  C:\Windows\System\TLwkCjW.exe
  2⤵
  PID:6296
- C:\Windows\System\okysFbs.exe
  C:\Windows\System\okysFbs.exe
  2⤵
  PID:6312
- C:\Windows\System\gDJOknp.exe
  C:\Windows\System\gDJOknp.exe
  2⤵
  PID:6328
- C:\Windows\System\PRrIsoC.exe
  C:\Windows\System\PRrIsoC.exe
  2⤵
  PID:6344
- C:\Windows\System\HXjYaUg.exe
  C:\Windows\System\HXjYaUg.exe
  2⤵
  PID:6360
- C:\Windows\System\NOjOugw.exe
  C:\Windows\System\NOjOugw.exe
  2⤵
  PID:6376
- C:\Windows\System\XyoNAin.exe
  C:\Windows\System\XyoNAin.exe
  2⤵
  PID:6392
- C:\Windows\System\XGssPrT.exe
  C:\Windows\System\XGssPrT.exe
  2⤵
  PID:6424
- C:\Windows\System\JtlaMVt.exe
  C:\Windows\System\JtlaMVt.exe
  2⤵
  PID:6440
- C:\Windows\System\crNtzXk.exe
  C:\Windows\System\crNtzXk.exe
  2⤵
  PID:6456
- C:\Windows\System\fumVQVA.exe
  C:\Windows\System\fumVQVA.exe
  2⤵
  PID:6472
- C:\Windows\System\AyHRidN.exe
  C:\Windows\System\AyHRidN.exe
  2⤵
  PID:6488
- C:\Windows\System\ogcWBJK.exe
  C:\Windows\System\ogcWBJK.exe
  2⤵
  PID:6504
- C:\Windows\System\YqMqhpn.exe
  C:\Windows\System\YqMqhpn.exe
  2⤵
  PID:6520
- C:\Windows\System\JZEvvQz.exe
  C:\Windows\System\JZEvvQz.exe
  2⤵
  PID:6536
- C:\Windows\System\HggECdK.exe
  C:\Windows\System\HggECdK.exe
  2⤵
  PID:6556
- C:\Windows\System\sBmrRYI.exe
  C:\Windows\System\sBmrRYI.exe
  2⤵
  PID:6572
- C:\Windows\System\hSfgMvD.exe
  C:\Windows\System\hSfgMvD.exe
  2⤵
  PID:6592
- C:\Windows\System\VZhSIEd.exe
  C:\Windows\System\VZhSIEd.exe
  2⤵
  PID:6612
- C:\Windows\System\jLRZPlh.exe
  C:\Windows\System\jLRZPlh.exe
  2⤵
  PID:6632
- C:\Windows\System\QXJDlQM.exe
  C:\Windows\System\QXJDlQM.exe
  2⤵
  PID:6648
- C:\Windows\System\JkPOdnY.exe
  C:\Windows\System\JkPOdnY.exe
  2⤵
  PID:6664
- C:\Windows\System\etkXOSN.exe
  C:\Windows\System\etkXOSN.exe
  2⤵
  PID:6684
- C:\Windows\System\NVUVvGh.exe
  C:\Windows\System\NVUVvGh.exe
  2⤵
  PID:6700
- C:\Windows\System\ETTHiHs.exe
  C:\Windows\System\ETTHiHs.exe
  2⤵
  PID:6716
- C:\Windows\System\ajorIsb.exe
  C:\Windows\System\ajorIsb.exe
  2⤵
  PID:6732
- C:\Windows\System\zxKAiSQ.exe
  C:\Windows\System\zxKAiSQ.exe
  2⤵
  PID:6748
- C:\Windows\System\lfrsMYS.exe
  C:\Windows\System\lfrsMYS.exe
  2⤵
  PID:6764
- C:\Windows\System\DQiggLY.exe
  C:\Windows\System\DQiggLY.exe
  2⤵
  PID:6780
- C:\Windows\System\VyeShzK.exe
  C:\Windows\System\VyeShzK.exe
  2⤵
  PID:6796
- C:\Windows\System\huvTFMH.exe
  C:\Windows\System\huvTFMH.exe
  2⤵
  PID:6812
- C:\Windows\System\HpFhspn.exe
  C:\Windows\System\HpFhspn.exe
  2⤵
  PID:6832
- C:\Windows\System\OCgKmca.exe
  C:\Windows\System\OCgKmca.exe
  2⤵
  PID:6848
- C:\Windows\System\mpoiATb.exe
  C:\Windows\System\mpoiATb.exe
  2⤵
  PID:6864
- C:\Windows\System\NrIsMlm.exe
  C:\Windows\System\NrIsMlm.exe
  2⤵
  PID:6880
- C:\Windows\System\zixRNjI.exe
  C:\Windows\System\zixRNjI.exe
  2⤵
  PID:6896
- C:\Windows\System\AixjGqx.exe
  C:\Windows\System\AixjGqx.exe
  2⤵
  PID:6932
- C:\Windows\System\TBstVIC.exe
  C:\Windows\System\TBstVIC.exe
  2⤵
  PID:6952
- C:\Windows\System\ihqPABs.exe
  C:\Windows\System\ihqPABs.exe
  2⤵
  PID:6968
- C:\Windows\System\mCiXlEG.exe
  C:\Windows\System\mCiXlEG.exe
  2⤵
  PID:6984
- C:\Windows\System\TDMoADr.exe
  C:\Windows\System\TDMoADr.exe
  2⤵
  PID:7008
- C:\Windows\System\NoBxQXX.exe
  C:\Windows\System\NoBxQXX.exe
  2⤵
  PID:7024
- C:\Windows\System\WhlwcTY.exe
  C:\Windows\System\WhlwcTY.exe
  2⤵
  PID:7040
- C:\Windows\System\MZCfQQz.exe
  C:\Windows\System\MZCfQQz.exe
  2⤵
  PID:7056
- C:\Windows\System\aHrJUpE.exe
  C:\Windows\System\aHrJUpE.exe
  2⤵
  PID:7076
- C:\Windows\System\GXNjCcn.exe
  C:\Windows\System\GXNjCcn.exe
  2⤵
  PID:7092
- C:\Windows\System\WTsqwGM.exe
  C:\Windows\System\WTsqwGM.exe
  2⤵
  PID:7108
- C:\Windows\System\uQAHkGQ.exe
  C:\Windows\System\uQAHkGQ.exe
  2⤵
  PID:7124
- C:\Windows\System\rypGJrw.exe
  C:\Windows\System\rypGJrw.exe
  2⤵
  PID:7144
- C:\Windows\System\jUgwuVX.exe
  C:\Windows\System\jUgwuVX.exe
  2⤵
  PID:7160
- C:\Windows\System\UQneSgw.exe
  C:\Windows\System\UQneSgw.exe
  2⤵
  PID:6088
- C:\Windows\System\eVznnEV.exe
  C:\Windows\System\eVznnEV.exe
  2⤵
  PID:6156
- C:\Windows\System\lqnmldy.exe
  C:\Windows\System\lqnmldy.exe
  2⤵
  PID:6180
- C:\Windows\System\atLieIx.exe
  C:\Windows\System\atLieIx.exe
  2⤵
  PID:6196
- C:\Windows\System\AoAfgRj.exe
  C:\Windows\System\AoAfgRj.exe
  2⤵
  PID:6240
- C:\Windows\System\hQdoGIr.exe
  C:\Windows\System\hQdoGIr.exe
  2⤵
  PID:6256
- C:\Windows\System\ygAbjES.exe
  C:\Windows\System\ygAbjES.exe
  2⤵
  PID:6308
- C:\Windows\System\peyuINO.exe
  C:\Windows\System\peyuINO.exe
  2⤵
  PID:6320
- C:\Windows\System\xvnKerE.exe
  C:\Windows\System\xvnKerE.exe
  2⤵
  PID:6384
- C:\Windows\System\ozYOaXo.exe
  C:\Windows\System\ozYOaXo.exe
  2⤵
  PID:6432
- C:\Windows\System\WjSkNey.exe
  C:\Windows\System\WjSkNey.exe
  2⤵
  PID:6496
- C:\Windows\System\aHfvQKx.exe
  C:\Windows\System\aHfvQKx.exe
  2⤵
  PID:6416
- C:\Windows\System\eLqWRZw.exe
  C:\Windows\System\eLqWRZw.exe
  2⤵
  PID:6484
- C:\Windows\System\yNtZGJv.exe
  C:\Windows\System\yNtZGJv.exe
  2⤵
  PID:6532
- C:\Windows\System\NsLyCPx.exe
  C:\Windows\System\NsLyCPx.exe
  2⤵
  PID:6548
- C:\Windows\System\VCMSbCN.exe
  C:\Windows\System\VCMSbCN.exe
  2⤵
  PID:6588
- C:\Windows\System\OSjLZkr.exe
  C:\Windows\System\OSjLZkr.exe
  2⤵
  PID:6604
- C:\Windows\System\XNihLNY.exe
  C:\Windows\System\XNihLNY.exe
  2⤵
  PID:6640
- C:\Windows\System\xdujhhg.exe
  C:\Windows\System\xdujhhg.exe
  2⤵
  PID:6708
- C:\Windows\System\UZtflPW.exe
  C:\Windows\System\UZtflPW.exe
  2⤵
  PID:6696
- C:\Windows\System\MiZhhtb.exe
  C:\Windows\System\MiZhhtb.exe
  2⤵
  PID:6772
- C:\Windows\System\mmPxbvZ.exe
  C:\Windows\System\mmPxbvZ.exe
  2⤵
  PID:6728
- C:\Windows\System\knZPcWb.exe
  C:\Windows\System\knZPcWb.exe
  2⤵
  PID:6804
- C:\Windows\System\vqSdDTX.exe
  C:\Windows\System\vqSdDTX.exe
  2⤵
  PID:6840
- C:\Windows\System\VLBFuDJ.exe
  C:\Windows\System\VLBFuDJ.exe
  2⤵
  PID:6876
- C:\Windows\System\iVrnOCP.exe
  C:\Windows\System\iVrnOCP.exe
  2⤵
  PID:6908
- C:\Windows\System\RBzaybc.exe
  C:\Windows\System\RBzaybc.exe
  2⤵
  PID:6924
- C:\Windows\System\TUTAxny.exe
  C:\Windows\System\TUTAxny.exe
  2⤵
  PID:6948
- C:\Windows\System\yoLyJGn.exe
  C:\Windows\System\yoLyJGn.exe
  2⤵
  PID:7000
- C:\Windows\System\ckLsFMq.exe
  C:\Windows\System\ckLsFMq.exe
  2⤵
  PID:7020
- C:\Windows\System\BHURRJu.exe
  C:\Windows\System\BHURRJu.exe
  2⤵
  PID:7016
- C:\Windows\System\rFRqjCI.exe
  C:\Windows\System\rFRqjCI.exe
  2⤵
  PID:7072
- C:\Windows\System\IPMlXzZ.exe
  C:\Windows\System\IPMlXzZ.exe
  2⤵
  PID:7120
- C:\Windows\System\yXeqolS.exe
  C:\Windows\System\yXeqolS.exe
  2⤵
  PID:5780
- C:\Windows\System\LLVqmmh.exe
  C:\Windows\System\LLVqmmh.exe
  2⤵
  PID:7156
- C:\Windows\System\HcDyTxM.exe
  C:\Windows\System\HcDyTxM.exe
  2⤵
  PID:6176
- C:\Windows\System\mwQFbHX.exe
  C:\Windows\System\mwQFbHX.exe
  2⤵
  PID:6272
- C:\Windows\System\XZAzfoW.exe
  C:\Windows\System\XZAzfoW.exe
  2⤵
  PID:6292
- C:\Windows\System\exdyGQx.exe
  C:\Windows\System\exdyGQx.exe
  2⤵
  PID:6372
- C:\Windows\System\TEbzrAD.exe
  C:\Windows\System\TEbzrAD.exe
  2⤵
  PID:6468
- C:\Windows\System\vnuzGMj.exe
  C:\Windows\System\vnuzGMj.exe
  2⤵
  PID:6512
- C:\Windows\System\YeYYuap.exe
  C:\Windows\System\YeYYuap.exe
  2⤵
  PID:6580
- C:\Windows\System\RiqvjFj.exe
  C:\Windows\System\RiqvjFj.exe
  2⤵
  PID:6624
- C:\Windows\System\frDAZSZ.exe
  C:\Windows\System\frDAZSZ.exe
  2⤵
  PID:6760
- C:\Windows\System\vKRZbxO.exe
  C:\Windows\System\vKRZbxO.exe
  2⤵
  PID:5564
- C:\Windows\System\mDFBKFJ.exe
  C:\Windows\System\mDFBKFJ.exe
  2⤵
  PID:6860
- C:\Windows\System\JMGyjct.exe
  C:\Windows\System\JMGyjct.exe
  2⤵
  PID:6916
- C:\Windows\System\rnEuDkr.exe
  C:\Windows\System\rnEuDkr.exe
  2⤵
  PID:7032
- C:\Windows\System\YrKyagd.exe
  C:\Windows\System\YrKyagd.exe
  2⤵
  PID:7052
- C:\Windows\System\OhueUMw.exe
  C:\Windows\System\OhueUMw.exe
  2⤵
  PID:7116
- C:\Windows\System\IjJIXCV.exe
  C:\Windows\System\IjJIXCV.exe
  2⤵
  PID:7152
- C:\Windows\System\WonecQO.exe
  C:\Windows\System\WonecQO.exe
  2⤵
  PID:6288
- C:\Windows\System\bySEeeH.exe
  C:\Windows\System\bySEeeH.exe
  2⤵
  PID:6352
- C:\Windows\System\RPjtWZz.exe
  C:\Windows\System\RPjtWZz.exe
  2⤵
  PID:6464
- C:\Windows\System\NYtRpxL.exe
  C:\Windows\System\NYtRpxL.exe
  2⤵
  PID:6608
- C:\Windows\System\aSTYPXb.exe
  C:\Windows\System\aSTYPXb.exe
  2⤵
  PID:6672
- C:\Windows\System\DxVAhKn.exe
  C:\Windows\System\DxVAhKn.exe
  2⤵
  PID:6744
- C:\Windows\System\GuaTCvl.exe
  C:\Windows\System\GuaTCvl.exe
  2⤵
  PID:6340
- C:\Windows\System\KctaTVm.exe
  C:\Windows\System\KctaTVm.exe
  2⤵
  PID:6940
- C:\Windows\System\mnGQrBT.exe
  C:\Windows\System\mnGQrBT.exe
  2⤵
  PID:7136
- C:\Windows\System\JFfDFDV.exe
  C:\Windows\System\JFfDFDV.exe
  2⤵
  PID:6220
- C:\Windows\System\KmXGaVa.exe
  C:\Windows\System\KmXGaVa.exe
  2⤵
  PID:6236
- C:\Windows\System\SuKevjX.exe
  C:\Windows\System\SuKevjX.exe
  2⤵
  PID:7104
- C:\Windows\System\VfQQmND.exe
  C:\Windows\System\VfQQmND.exe
  2⤵
  PID:6692
- C:\Windows\System\YfuazOI.exe
  C:\Windows\System\YfuazOI.exe
  2⤵
  PID:6452
- C:\Windows\System\QBebYlU.exe
  C:\Windows\System\QBebYlU.exe
  2⤵
  PID:6824
- C:\Windows\System\PxccoOU.exe
  C:\Windows\System\PxccoOU.exe
  2⤵
  PID:6964
- C:\Windows\System\rclXMLL.exe
  C:\Windows\System\rclXMLL.exe
  2⤵
  PID:6996
- C:\Windows\System\YwOxaws.exe
  C:\Windows\System\YwOxaws.exe
  2⤵
  PID:6904
- C:\Windows\System\qEwTGEO.exe
  C:\Windows\System\qEwTGEO.exe
  2⤵
  PID:6980
- C:\Windows\System\aqCPapQ.exe
  C:\Windows\System\aqCPapQ.exe
  2⤵
  PID:7180
- C:\Windows\System\QeFJhxQ.exe
  C:\Windows\System\QeFJhxQ.exe
  2⤵
  PID:7196
- C:\Windows\System\oMgBKdF.exe
  C:\Windows\System\oMgBKdF.exe
  2⤵
  PID:7224
- C:\Windows\System\UAFEKov.exe
  C:\Windows\System\UAFEKov.exe
  2⤵
  PID:7244
- C:\Windows\System\EttZxqU.exe
  C:\Windows\System\EttZxqU.exe
  2⤵
  PID:7260
- C:\Windows\System\ZRfDurE.exe
  C:\Windows\System\ZRfDurE.exe
  2⤵
  PID:7280
- C:\Windows\System\lmQaWVt.exe
  C:\Windows\System\lmQaWVt.exe
  2⤵
  PID:7296
- C:\Windows\System\XCWBypD.exe
  C:\Windows\System\XCWBypD.exe
  2⤵
  PID:7312
- C:\Windows\System\lnVoNRd.exe
  C:\Windows\System\lnVoNRd.exe
  2⤵
  PID:7328
- C:\Windows\System\VMTffUZ.exe
  C:\Windows\System\VMTffUZ.exe
  2⤵
  PID:7344
- C:\Windows\System\RjMnhCP.exe
  C:\Windows\System\RjMnhCP.exe
  2⤵
  PID:7360
- C:\Windows\System\JIZbVQg.exe
  C:\Windows\System\JIZbVQg.exe
  2⤵
  PID:7376
- C:\Windows\System\SgGPpVR.exe
  C:\Windows\System\SgGPpVR.exe
  2⤵
  PID:7392
- C:\Windows\System\VCGAwvQ.exe
  C:\Windows\System\VCGAwvQ.exe
  2⤵
  PID:7412
- C:\Windows\System\FAbIwEh.exe
  C:\Windows\System\FAbIwEh.exe
  2⤵
  PID:7432
- C:\Windows\System\cjiYJLB.exe
  C:\Windows\System\cjiYJLB.exe
  2⤵
  PID:7448
- C:\Windows\System\RADLtMW.exe
  C:\Windows\System\RADLtMW.exe
  2⤵
  PID:7464
- C:\Windows\System\KKtedyx.exe
  C:\Windows\System\KKtedyx.exe
  2⤵
  PID:7480
- C:\Windows\System\RDGxfbK.exe
  C:\Windows\System\RDGxfbK.exe
  2⤵
  PID:7496
- C:\Windows\System\RoHttfS.exe
  C:\Windows\System\RoHttfS.exe
  2⤵
  PID:7512
- C:\Windows\System\iaAISNd.exe
  C:\Windows\System\iaAISNd.exe
  2⤵
  PID:7528
- C:\Windows\System\omPDwza.exe
  C:\Windows\System\omPDwza.exe
  2⤵
  PID:7544
- C:\Windows\System\nVeORjJ.exe
  C:\Windows\System\nVeORjJ.exe
  2⤵
  PID:7560
- C:\Windows\System\aIWCWrx.exe
  C:\Windows\System\aIWCWrx.exe
  2⤵
  PID:7576
- C:\Windows\System\NZRPcrB.exe
  C:\Windows\System\NZRPcrB.exe
  2⤵
  PID:7592
- C:\Windows\System\IVETogI.exe
  C:\Windows\System\IVETogI.exe
  2⤵
  PID:7608
- C:\Windows\System\xYhjenN.exe
  C:\Windows\System\xYhjenN.exe
  2⤵
  PID:7624
- C:\Windows\System\OPKGlLH.exe
  C:\Windows\System\OPKGlLH.exe
  2⤵
  PID:7640
- C:\Windows\System\jZOvQLQ.exe
  C:\Windows\System\jZOvQLQ.exe
  2⤵
  PID:7656
- C:\Windows\System\CTOTMcZ.exe
  C:\Windows\System\CTOTMcZ.exe
  2⤵
  PID:7672
- C:\Windows\System\NNcwNvE.exe
  C:\Windows\System\NNcwNvE.exe
  2⤵
  PID:7688
- C:\Windows\System\kBKAspQ.exe
  C:\Windows\System\kBKAspQ.exe
  2⤵
  PID:7704
- C:\Windows\System\dTVJRJV.exe
  C:\Windows\System\dTVJRJV.exe
  2⤵
  PID:7720
- C:\Windows\System\ISaRvAH.exe
  C:\Windows\System\ISaRvAH.exe
  2⤵
  PID:7736
- C:\Windows\System\NIJqKbD.exe
  C:\Windows\System\NIJqKbD.exe
  2⤵
  PID:7752
- C:\Windows\System\dcpdzmZ.exe
  C:\Windows\System\dcpdzmZ.exe
  2⤵
  PID:7768
- C:\Windows\System\PxjFAeh.exe
  C:\Windows\System\PxjFAeh.exe
  2⤵
  PID:7784
- C:\Windows\System\IPaPoZY.exe
  C:\Windows\System\IPaPoZY.exe
  2⤵
  PID:7800
- C:\Windows\System\LrcEDxs.exe
  C:\Windows\System\LrcEDxs.exe
  2⤵
  PID:7816
- C:\Windows\System\xemYltF.exe
  C:\Windows\System\xemYltF.exe
  2⤵
  PID:7832
- C:\Windows\System\eCjKQUR.exe
  C:\Windows\System\eCjKQUR.exe
  2⤵
  PID:7848
- C:\Windows\System\zuVgPYm.exe
  C:\Windows\System\zuVgPYm.exe
  2⤵
  PID:7864
- C:\Windows\System\IKeJRFN.exe
  C:\Windows\System\IKeJRFN.exe
  2⤵
  PID:7880
- C:\Windows\System\XYKjtzC.exe
  C:\Windows\System\XYKjtzC.exe
  2⤵
  PID:7896
- C:\Windows\System\rlNoiFM.exe
  C:\Windows\System\rlNoiFM.exe
  2⤵
  PID:7912
- C:\Windows\System\JVewjcb.exe
  C:\Windows\System\JVewjcb.exe
  2⤵
  PID:7928
- C:\Windows\System\IYGouKF.exe
  C:\Windows\System\IYGouKF.exe
  2⤵
  PID:7944
- C:\Windows\System\XogxwuS.exe
  C:\Windows\System\XogxwuS.exe
  2⤵
  PID:7960
- C:\Windows\System\IdQJlUw.exe
  C:\Windows\System\IdQJlUw.exe
  2⤵
  PID:7976
- C:\Windows\System\XoWEUNO.exe
  C:\Windows\System\XoWEUNO.exe
  2⤵
  PID:7992
- C:\Windows\System\ZpTEODv.exe
  C:\Windows\System\ZpTEODv.exe
  2⤵
  PID:8012
- C:\Windows\System\qqFvwuI.exe
  C:\Windows\System\qqFvwuI.exe
  2⤵
  PID:8028
- C:\Windows\System\HKgRvRO.exe
  C:\Windows\System\HKgRvRO.exe
  2⤵
  PID:8044
- C:\Windows\System\MPSQYzA.exe
  C:\Windows\System\MPSQYzA.exe
  2⤵
  PID:6404
- C:\Windows\System\cUHLbAw.exe
  C:\Windows\System\cUHLbAw.exe
  2⤵
  PID:7240
- C:\Windows\System\dKrrdvC.exe
  C:\Windows\System\dKrrdvC.exe
  2⤵
  PID:7320
- C:\Windows\System\yBNisLW.exe
  C:\Windows\System\yBNisLW.exe
  2⤵
  PID:7568
- C:\Windows\System\WsxuoVP.exe
  C:\Windows\System\WsxuoVP.exe
  2⤵
  PID:7636
- C:\Windows\System\puPHzEx.exe
  C:\Windows\System\puPHzEx.exe
  2⤵
  PID:7712
- C:\Windows\System\LsXQZLk.exe
  C:\Windows\System\LsXQZLk.exe
  2⤵
  PID:7776
- C:\Windows\System\caRhBHN.exe
  C:\Windows\System\caRhBHN.exe
  2⤵
  PID:7840
- C:\Windows\System\RWVHhzK.exe
  C:\Windows\System\RWVHhzK.exe
  2⤵
  PID:8020
- C:\Windows\System\ftYqRtU.exe
  C:\Windows\System\ftYqRtU.exe
  2⤵
  PID:8136
- C:\Windows\System\fRQFUvA.exe
  C:\Windows\System\fRQFUvA.exe
  2⤵
  PID:8152
- C:\Windows\System\wogSWMg.exe
  C:\Windows\System\wogSWMg.exe
  2⤵
  PID:8164
- C:\Windows\System\HrdOwZw.exe
  C:\Windows\System\HrdOwZw.exe
  2⤵
  PID:8184
- C:\Windows\System\RJJsCBU.exe
  C:\Windows\System\RJJsCBU.exe
  2⤵
  PID:8000
- C:\Windows\System\qzQGGyH.exe
  C:\Windows\System\qzQGGyH.exe
  2⤵
  PID:7192
- C:\Windows\System\FlMLHlR.exe
  C:\Windows\System\FlMLHlR.exe
  2⤵
  PID:7188
- C:\Windows\System\ODlAadg.exe
  C:\Windows\System\ODlAadg.exe
  2⤵
  PID:2256
- C:\Windows\System\XJjZlxU.exe
  C:\Windows\System\XJjZlxU.exe
  2⤵
  PID:1524
- C:\Windows\System\IILyYsg.exe
  C:\Windows\System\IILyYsg.exe
  2⤵
  PID:7232
- C:\Windows\System\TGBKogS.exe
  C:\Windows\System\TGBKogS.exe
  2⤵
  PID:7268
- C:\Windows\System\hombkaz.exe
  C:\Windows\System\hombkaz.exe
  2⤵
  PID:7272
- C:\Windows\System\KwkHtRr.exe
  C:\Windows\System\KwkHtRr.exe
  2⤵
  PID:7308
- C:\Windows\System\Bxysqvk.exe
  C:\Windows\System\Bxysqvk.exe
  2⤵
  PID:7356
- C:\Windows\System\zdCayAe.exe
  C:\Windows\System\zdCayAe.exe
  2⤵
  PID:7372
- C:\Windows\System\HHuRzUX.exe
  C:\Windows\System\HHuRzUX.exe
  2⤵
  PID:7808
- C:\Windows\System\FiGcdJq.exe
  C:\Windows\System\FiGcdJq.exe
  2⤵
  PID:7476
- C:\Windows\System\iyOJQRs.exe
  C:\Windows\System\iyOJQRs.exe
  2⤵
  PID:7488
- C:\Windows\System\HEEXNwV.exe
  C:\Windows\System\HEEXNwV.exe
  2⤵
  PID:7552
- C:\Windows\System\EQAedgJ.exe
  C:\Windows\System\EQAedgJ.exe
  2⤵
  PID:7536
- C:\Windows\System\nCplggJ.exe
  C:\Windows\System\nCplggJ.exe
  2⤵
  PID:7648
- C:\Windows\System\KlFExJh.exe
  C:\Windows\System\KlFExJh.exe
  2⤵
  PID:7664
- C:\Windows\System\CpBIbpF.exe
  C:\Windows\System\CpBIbpF.exe
  2⤵
  PID:7828
- C:\Windows\System\OTCRivn.exe
  C:\Windows\System\OTCRivn.exe
  2⤵
  PID:7604
- C:\Windows\System\wDHpiTm.exe
  C:\Windows\System\wDHpiTm.exe
  2⤵
  PID:7696
- C:\Windows\System\KzeOAsa.exe
  C:\Windows\System\KzeOAsa.exe
  2⤵
  PID:7748
- C:\Windows\System\hawhbjB.exe
  C:\Windows\System\hawhbjB.exe
  2⤵
  PID:7872
- C:\Windows\System\KmPliyz.exe
  C:\Windows\System\KmPliyz.exe
  2⤵
  PID:7952
- C:\Windows\System\kBOpYRr.exe
  C:\Windows\System\kBOpYRr.exe
  2⤵
  PID:7904
- C:\Windows\System\MpBvCSV.exe
  C:\Windows\System\MpBvCSV.exe
  2⤵
  PID:7940
- C:\Windows\System\GEoWkqK.exe
  C:\Windows\System\GEoWkqK.exe
  2⤵
  PID:8040
- C:\Windows\System\XofXSlS.exe
  C:\Windows\System\XofXSlS.exe
  2⤵
  PID:8072
- C:\Windows\System\dmQutaU.exe
  C:\Windows\System\dmQutaU.exe
  2⤵
  PID:8076
- C:\Windows\System\pzUSOte.exe
  C:\Windows\System\pzUSOte.exe
  2⤵
  PID:8104
- C:\Windows\System\yUrVgUP.exe
  C:\Windows\System\yUrVgUP.exe
  2⤵
  PID:8144
- C:\Windows\System\cKOdFzV.exe
  C:\Windows\System\cKOdFzV.exe
  2⤵
  PID:8124
- C:\Windows\System\dMjiCvT.exe
  C:\Windows\System\dMjiCvT.exe
  2⤵
  PID:8160
- C:\Windows\System\PRrFdnJ.exe
  C:\Windows\System\PRrFdnJ.exe
  2⤵
  PID:7176
- C:\Windows\System\wBYISDp.exe
  C:\Windows\System\wBYISDp.exe
  2⤵
  PID:7220
- C:\Windows\System\ClwVSyg.exe
  C:\Windows\System\ClwVSyg.exe
  2⤵
  PID:6992
- C:\Windows\System\wRnJQsJ.exe
  C:\Windows\System\wRnJQsJ.exe
  2⤵
  PID:1740
- C:\Windows\System\Eajwxvc.exe
  C:\Windows\System\Eajwxvc.exe
  2⤵
  PID:7292
- C:\Windows\System\wivfBiG.exe
  C:\Windows\System\wivfBiG.exe
  2⤵
  PID:7388
- C:\Windows\System\rPuYFPk.exe
  C:\Windows\System\rPuYFPk.exe
  2⤵
  PID:7456
- C:\Windows\System\RsZHTqt.exe
  C:\Windows\System\RsZHTqt.exe
  2⤵
  PID:7668
- C:\Windows\System\RJMdfYI.exe
  C:\Windows\System\RJMdfYI.exe
  2⤵
  PID:7892
- C:\Windows\System\SMVmaQW.exe
  C:\Windows\System\SMVmaQW.exe
  2⤵
  PID:7936
- C:\Windows\System\HWDNhWA.exe
  C:\Windows\System\HWDNhWA.exe
  2⤵
  PID:7744
- C:\Windows\System\gTHtDJl.exe
  C:\Windows\System\gTHtDJl.exe
  2⤵
  PID:7236
- C:\Windows\System\FTnbwbx.exe
  C:\Windows\System\FTnbwbx.exe
  2⤵
  PID:8116
- C:\Windows\System\pprSdEu.exe
  C:\Windows\System\pprSdEu.exe
  2⤵
  PID:8088
- C:\Windows\System\DgxnmXA.exe
  C:\Windows\System\DgxnmXA.exe
  2⤵
  PID:7172
- C:\Windows\System\pMggbcY.exe
  C:\Windows\System\pMggbcY.exe
  2⤵
  PID:6172
- C:\Windows\System\UBCLVbM.exe
  C:\Windows\System\UBCLVbM.exe
  2⤵
  PID:2128
- C:\Windows\System\LWHPVnF.exe
  C:\Windows\System\LWHPVnF.exe
  2⤵
  PID:3048
- C:\Windows\System\LRZdYet.exe
  C:\Windows\System\LRZdYet.exe
  2⤵
  PID:1404
- C:\Windows\System\SUUhnkD.exe
  C:\Windows\System\SUUhnkD.exe
  2⤵
  PID:7472
- C:\Windows\System\LjQCeAh.exe
  C:\Windows\System\LjQCeAh.exe
  2⤵
  PID:7616
- C:\Windows\System\cXovQNG.exe
  C:\Windows\System\cXovQNG.exe
  2⤵
  PID:7620
- C:\Windows\System\TKvFfbl.exe
  C:\Windows\System\TKvFfbl.exe
  2⤵
  PID:7652
- C:\Windows\System\kcqvPYW.exe
  C:\Windows\System\kcqvPYW.exe
  2⤵
  PID:7988
- C:\Windows\System\nOzopys.exe
  C:\Windows\System\nOzopys.exe
  2⤵
  PID:7924
- C:\Windows\System\oHqjwSU.exe
  C:\Windows\System\oHqjwSU.exe
  2⤵
  PID:8096
- C:\Windows\System\RYsPSIV.exe
  C:\Windows\System\RYsPSIV.exe
  2⤵
  PID:6892
- C:\Windows\System\iDPBqyL.exe
  C:\Windows\System\iDPBqyL.exe
  2⤵
  PID:8180
- C:\Windows\System\QzEMPFV.exe
  C:\Windows\System\QzEMPFV.exe
  2⤵
  PID:7408
- C:\Windows\System\oMMmMDr.exe
  C:\Windows\System\oMMmMDr.exe
  2⤵
  PID:7424
- C:\Windows\System\xdNiVXo.exe
  C:\Windows\System\xdNiVXo.exe
  2⤵
  PID:7876
- C:\Windows\System\AwLLSWW.exe
  C:\Windows\System\AwLLSWW.exe
  2⤵
  PID:7520
- C:\Windows\System\xKKZhZo.exe
  C:\Windows\System\xKKZhZo.exe
  2⤵
  PID:7920
- C:\Windows\System\mRzEKfo.exe
  C:\Windows\System\mRzEKfo.exe
  2⤵
  PID:7860
- C:\Windows\System\tnbMPMg.exe
  C:\Windows\System\tnbMPMg.exe
  2⤵
  PID:7584
- C:\Windows\System\WmXZJbe.exe
  C:\Windows\System\WmXZJbe.exe
  2⤵
  PID:8068
- C:\Windows\System\BLoqMCN.exe
  C:\Windows\System\BLoqMCN.exe
  2⤵
  PID:1500
- C:\Windows\System\apUMmcr.exe
  C:\Windows\System\apUMmcr.exe
  2⤵
  PID:2356
- C:\Windows\System\xpeQmao.exe
  C:\Windows\System\xpeQmao.exe
  2⤵
  PID:8208
- C:\Windows\System\FjacVVv.exe
  C:\Windows\System\FjacVVv.exe
  2⤵
  PID:8228
- C:\Windows\System\yetyTsQ.exe
  C:\Windows\System\yetyTsQ.exe
  2⤵
  PID:8244
- C:\Windows\System\YKPHJaF.exe
  C:\Windows\System\YKPHJaF.exe
  2⤵
  PID:8260
- C:\Windows\System\zLcbtuX.exe
  C:\Windows\System\zLcbtuX.exe
  2⤵
  PID:8276
- C:\Windows\System\BlRurGt.exe
  C:\Windows\System\BlRurGt.exe
  2⤵
  PID:8292
- C:\Windows\System\gpOYxPx.exe
  C:\Windows\System\gpOYxPx.exe
  2⤵
  PID:8316
- C:\Windows\System\nfYMIoZ.exe
  C:\Windows\System\nfYMIoZ.exe
  2⤵
  PID:8340
- C:\Windows\System\uKLkORM.exe
  C:\Windows\System\uKLkORM.exe
  2⤵
  PID:8364
- C:\Windows\System\WxANwLE.exe
  C:\Windows\System\WxANwLE.exe
  2⤵
  PID:8384
- C:\Windows\System\xOOygth.exe
  C:\Windows\System\xOOygth.exe
  2⤵
  PID:8404
- C:\Windows\System\ihvGJhb.exe
  C:\Windows\System\ihvGJhb.exe
  2⤵
  PID:8424
- C:\Windows\System\SMMIFdF.exe
  C:\Windows\System\SMMIFdF.exe
  2⤵
  PID:8440
- C:\Windows\System\opvaUaC.exe
  C:\Windows\System\opvaUaC.exe
  2⤵
  PID:8456
- C:\Windows\System\TmPYwdO.exe
  C:\Windows\System\TmPYwdO.exe
  2⤵
  PID:8472
- C:\Windows\System\YuivJXF.exe
  C:\Windows\System\YuivJXF.exe
  2⤵
  PID:8492
- C:\Windows\System\SYrSeWN.exe
  C:\Windows\System\SYrSeWN.exe
  2⤵
  PID:8512
- C:\Windows\System\wcVYBDA.exe
  C:\Windows\System\wcVYBDA.exe
  2⤵
  PID:8528
- C:\Windows\System\crqsOmQ.exe
  C:\Windows\System\crqsOmQ.exe
  2⤵
  PID:8544
- C:\Windows\System\cDiXxdf.exe
  C:\Windows\System\cDiXxdf.exe
  2⤵
  PID:8560
- C:\Windows\System\elXQfTX.exe
  C:\Windows\System\elXQfTX.exe
  2⤵
  PID:8576
- C:\Windows\System\cddKLpu.exe
  C:\Windows\System\cddKLpu.exe
  2⤵
  PID:8592
- C:\Windows\System\tFmfnpm.exe
  C:\Windows\System\tFmfnpm.exe
  2⤵
  PID:8608
- C:\Windows\System\Uodsjkd.exe
  C:\Windows\System\Uodsjkd.exe
  2⤵
  PID:8624
- C:\Windows\System\cunntBF.exe
  C:\Windows\System\cunntBF.exe
  2⤵
  PID:8640
- C:\Windows\System\TTvlSNR.exe
  C:\Windows\System\TTvlSNR.exe
  2⤵
  PID:8656
- C:\Windows\System\bytqOBO.exe
  C:\Windows\System\bytqOBO.exe
  2⤵
  PID:8672
- C:\Windows\System\tSqeGij.exe
  C:\Windows\System\tSqeGij.exe
  2⤵
  PID:8688
- C:\Windows\System\FLNcwoR.exe
  C:\Windows\System\FLNcwoR.exe
  2⤵
  PID:8704
- C:\Windows\System\ogTxjas.exe
  C:\Windows\System\ogTxjas.exe
  2⤵
  PID:8720
- C:\Windows\System\yMFDwpK.exe
  C:\Windows\System\yMFDwpK.exe
  2⤵
  PID:8740
- C:\Windows\System\ouJPlAn.exe
  C:\Windows\System\ouJPlAn.exe
  2⤵
  PID:8756
- C:\Windows\System\DEUSsVE.exe
  C:\Windows\System\DEUSsVE.exe
  2⤵
  PID:8772
- C:\Windows\System\RizaAxe.exe
  C:\Windows\System\RizaAxe.exe
  2⤵
  PID:8788
- C:\Windows\System\RCBDAJT.exe
  C:\Windows\System\RCBDAJT.exe
  2⤵
  PID:8804
- C:\Windows\System\pYqikau.exe
  C:\Windows\System\pYqikau.exe
  2⤵
  PID:8820
- C:\Windows\System\WxWmzhe.exe
  C:\Windows\System\WxWmzhe.exe
  2⤵
  PID:8836
- C:\Windows\System\YXMAuDU.exe
  C:\Windows\System\YXMAuDU.exe
  2⤵
  PID:8852
- C:\Windows\System\jrFMmyl.exe
  C:\Windows\System\jrFMmyl.exe
  2⤵
  PID:8868
- C:\Windows\System\cPIGQVY.exe
  C:\Windows\System\cPIGQVY.exe
  2⤵
  PID:8892
- C:\Windows\System\zZNAqws.exe
  C:\Windows\System\zZNAqws.exe
  2⤵
  PID:8916
- C:\Windows\System\vKoRPDB.exe
  C:\Windows\System\vKoRPDB.exe
  2⤵
  PID:8932
- C:\Windows\System\ovaUiCo.exe
  C:\Windows\System\ovaUiCo.exe
  2⤵
  PID:8948
- C:\Windows\System\GWvOsQG.exe
  C:\Windows\System\GWvOsQG.exe
  2⤵
  PID:8964
- C:\Windows\System\kDKOUzr.exe
  C:\Windows\System\kDKOUzr.exe
  2⤵
  PID:8984
- C:\Windows\System\UGxtlXH.exe
  C:\Windows\System\UGxtlXH.exe
  2⤵
  PID:9000
- C:\Windows\System\hURrJgy.exe
  C:\Windows\System\hURrJgy.exe
  2⤵
  PID:9016
- C:\Windows\System\HFNHAsP.exe
  C:\Windows\System\HFNHAsP.exe
  2⤵
  PID:9032
- C:\Windows\System\EYpzgdS.exe
  C:\Windows\System\EYpzgdS.exe
  2⤵
  PID:9096
- C:\Windows\System\BVdcayB.exe
  C:\Windows\System\BVdcayB.exe
  2⤵
  PID:9112
- C:\Windows\System\qQiZljZ.exe
  C:\Windows\System\qQiZljZ.exe
  2⤵
  PID:9128
- C:\Windows\System\RRZrwde.exe
  C:\Windows\System\RRZrwde.exe
  2⤵
  PID:9144
- C:\Windows\System\aMtEHyV.exe
  C:\Windows\System\aMtEHyV.exe
  2⤵
  PID:9160
- C:\Windows\System\ZrvKkat.exe
  C:\Windows\System\ZrvKkat.exe
  2⤵
  PID:9176
- C:\Windows\System\ZSRWlCt.exe
  C:\Windows\System\ZSRWlCt.exe
  2⤵
  PID:9192
- C:\Windows\System\NIWRbzk.exe
  C:\Windows\System\NIWRbzk.exe
  2⤵
  PID:9208
- C:\Windows\System\mQyHXEi.exe
  C:\Windows\System\mQyHXEi.exe
  2⤵
  PID:8196
- C:\Windows\System\YLBTBsO.exe
  C:\Windows\System\YLBTBsO.exe
  2⤵
  PID:8216
- C:\Windows\System\uknrXdl.exe
  C:\Windows\System\uknrXdl.exe
  2⤵
  PID:8412
- C:\Windows\System\rjjLbQy.exe
  C:\Windows\System\rjjLbQy.exe
  2⤵
  PID:8452
- C:\Windows\System\pHqVLFR.exe
  C:\Windows\System\pHqVLFR.exe
  2⤵
  PID:8484
- C:\Windows\System\HDbsPVz.exe
  C:\Windows\System\HDbsPVz.exe
  2⤵
  PID:8432
- C:\Windows\System\RLHYpfc.exe
  C:\Windows\System\RLHYpfc.exe
  2⤵
  PID:8520
- C:\Windows\System\KuijVik.exe
  C:\Windows\System\KuijVik.exe
  2⤵
  PID:8680
- C:\Windows\System\NPKXvKU.exe
  C:\Windows\System\NPKXvKU.exe
  2⤵
  PID:8716
- C:\Windows\System\xuTRgPx.exe
  C:\Windows\System\xuTRgPx.exe
  2⤵
  PID:8508
- C:\Windows\System\FmXUIml.exe
  C:\Windows\System\FmXUIml.exe
  2⤵
  PID:8604
- C:\Windows\System\sJkuSLW.exe
  C:\Windows\System\sJkuSLW.exe
  2⤵
  PID:8736
- C:\Windows\System\dfZoqKL.exe
  C:\Windows\System\dfZoqKL.exe
  2⤵
  PID:8816
- C:\Windows\System\pagnzCU.exe
  C:\Windows\System\pagnzCU.exe
  2⤵
  PID:8796
- C:\Windows\System\thrKAYJ.exe
  C:\Windows\System\thrKAYJ.exe
  2⤵
  PID:8904
- C:\Windows\System\JeWlgWO.exe
  C:\Windows\System\JeWlgWO.exe
  2⤵
  PID:8944
- C:\Windows\System\UJjDEaB.exe
  C:\Windows\System\UJjDEaB.exe
  2⤵
  PID:9008
- C:\Windows\System\WGRGceH.exe
  C:\Windows\System\WGRGceH.exe
  2⤵
  PID:9044
- C:\Windows\System\lBdVKSd.exe
  C:\Windows\System\lBdVKSd.exe
  2⤵
  PID:9104
- C:\Windows\System\NelrRwf.exe
  C:\Windows\System\NelrRwf.exe
  2⤵
  PID:9092
- C:\Windows\System\kbhDuob.exe
  C:\Windows\System\kbhDuob.exe
  2⤵
  PID:9172
- C:\Windows\System\cxNNdxE.exe
  C:\Windows\System\cxNNdxE.exe
  2⤵
  PID:8728
- C:\Windows\System\fOUIBVt.exe
  C:\Windows\System\fOUIBVt.exe
  2⤵
  PID:8284
- C:\Windows\System\YhimzVi.exe
  C:\Windows\System\YhimzVi.exe
  2⤵
  PID:8220
- C:\Windows\System\HnEdoBR.exe
  C:\Windows\System\HnEdoBR.exe
  2⤵
  PID:8332
- C:\Windows\System\NzGjCzP.exe
  C:\Windows\System\NzGjCzP.exe
  2⤵
  PID:8468
- C:\Windows\System\ZcOlKfn.exe
  C:\Windows\System\ZcOlKfn.exe
  2⤵
  PID:8584
- C:\Windows\System\mYMPEDC.exe
  C:\Windows\System\mYMPEDC.exe
  2⤵
  PID:8752
- C:\Windows\System\uxygfZe.exe
  C:\Windows\System\uxygfZe.exe
  2⤵
  PID:8636
- C:\Windows\System\OlDkiib.exe
  C:\Windows\System\OlDkiib.exe
  2⤵
  PID:8572
- C:\Windows\System\OVVmlrB.exe
  C:\Windows\System\OVVmlrB.exe
  2⤵
  PID:8924
- C:\Windows\System\UYdAlVA.exe
  C:\Windows\System\UYdAlVA.exe
  2⤵
  PID:8732
- C:\Windows\System\IkUAyic.exe
  C:\Windows\System\IkUAyic.exe
  2⤵
  PID:8940
- C:\Windows\System\CdRhMPi.exe
  C:\Windows\System\CdRhMPi.exe
  2⤵
  PID:8876
- C:\Windows\System\xBYGiwM.exe
  C:\Windows\System\xBYGiwM.exe
  2⤵
  PID:8864
- C:\Windows\System\BAkKIRN.exe
  C:\Windows\System\BAkKIRN.exe
  2⤵
  PID:9028
- C:\Windows\System\OlMvOzG.exe
  C:\Windows\System\OlMvOzG.exe
  2⤵
  PID:9040
- C:\Windows\System\wIYyQPC.exe
  C:\Windows\System\wIYyQPC.exe
  2⤵
  PID:9072
- C:\Windows\System\wjcwkWe.exe
  C:\Windows\System\wjcwkWe.exe
  2⤵
  PID:8352
- C:\Windows\System\RZucdcd.exe
  C:\Windows\System\RZucdcd.exe
  2⤵
  PID:9184
- C:\Windows\System\KLrDVWH.exe
  C:\Windows\System\KLrDVWH.exe
  2⤵
  PID:9204
- C:\Windows\System\GevlJhs.exe
  C:\Windows\System\GevlJhs.exe
  2⤵
  PID:2788
- C:\Windows\System\rlJVxXC.exe
  C:\Windows\System\rlJVxXC.exe
  2⤵
  PID:8240
- C:\Windows\System\TVYYvzN.exe
  C:\Windows\System\TVYYvzN.exe
  2⤵
  PID:8268
- C:\Windows\System\yIdYgNx.exe
  C:\Windows\System\yIdYgNx.exe
  2⤵
  PID:8392
- C:\Windows\System\PkOqTRx.exe
  C:\Windows\System\PkOqTRx.exe
  2⤵
  PID:8300
- C:\Windows\System\kYhyecV.exe
  C:\Windows\System\kYhyecV.exe
  2⤵
  PID:8500
- C:\Windows\System\BVrLrLL.exe
  C:\Windows\System\BVrLrLL.exe
  2⤵
  PID:8524
- C:\Windows\System\GnunMEL.exe
  C:\Windows\System\GnunMEL.exe
  2⤵
  PID:8536
- C:\Windows\System\nLiNTrj.exe
  C:\Windows\System\nLiNTrj.exe
  2⤵
  PID:8848
- C:\Windows\System\dBtJqNV.exe
  C:\Windows\System\dBtJqNV.exe
  2⤵
  PID:8860
- C:\Windows\System\CUgoVNq.exe
  C:\Windows\System\CUgoVNq.exe
  2⤵
  PID:8976
- C:\Windows\System\nYSrksJ.exe
  C:\Windows\System\nYSrksJ.exe
  2⤵
  PID:8888
- C:\Windows\System\KYfTYpf.exe
  C:\Windows\System\KYfTYpf.exe
  2⤵
  PID:9140
- C:\Windows\System\vzuDNwe.exe
  C:\Windows\System\vzuDNwe.exe
  2⤵
  PID:928
- C:\Windows\System\wlVYAoo.exe
  C:\Windows\System\wlVYAoo.exe
  2⤵
  PID:8696
- C:\Windows\System\wQYHLmV.exe
  C:\Windows\System\wQYHLmV.exe
  2⤵
  PID:8376
- C:\Windows\System\EalNdUj.exe
  C:\Windows\System\EalNdUj.exe
  2⤵
  PID:8668
- C:\Windows\System\KETuFhr.exe
  C:\Windows\System\KETuFhr.exe
  2⤵
  PID:8960
- C:\Windows\System\NRYaqiX.exe
  C:\Windows\System\NRYaqiX.exe
  2⤵
  PID:9068
- C:\Windows\System\FcptHpS.exe
  C:\Windows\System\FcptHpS.exe
  2⤵
  PID:8356
- C:\Windows\System\HbrFUBF.exe
  C:\Windows\System\HbrFUBF.exe
  2⤵
  PID:9188
- C:\Windows\System\xyHmzqX.exe
  C:\Windows\System\xyHmzqX.exe
  2⤵
  PID:8272
- C:\Windows\System\szUdJVl.exe
  C:\Windows\System\szUdJVl.exe
  2⤵
  PID:8780
- C:\Windows\System\IscCDli.exe
  C:\Windows\System\IscCDli.exe
  2⤵
  PID:9088
- C:\Windows\System\yBFWsrG.exe
  C:\Windows\System\yBFWsrG.exe
  2⤵
  PID:8288
- C:\Windows\System\EZCCWfr.exe
  C:\Windows\System\EZCCWfr.exe
  2⤵
  PID:9048
- C:\Windows\System\bewoxAj.exe
  C:\Windows\System\bewoxAj.exe
  2⤵
  PID:8304
- C:\Windows\System\bJhCirX.exe
  C:\Windows\System\bJhCirX.exe
  2⤵
  PID:9228
- C:\Windows\System\hOAQDyi.exe
  C:\Windows\System\hOAQDyi.exe
  2⤵
  PID:9248
- C:\Windows\System\dkpswAx.exe
  C:\Windows\System\dkpswAx.exe
  2⤵
  PID:9264
- C:\Windows\System\VGmKyQz.exe
  C:\Windows\System\VGmKyQz.exe
  2⤵
  PID:9284
- C:\Windows\System\AGXdsVW.exe
  C:\Windows\System\AGXdsVW.exe
  2⤵
  PID:9304
- C:\Windows\System\rYeeXlT.exe
  C:\Windows\System\rYeeXlT.exe
  2⤵
  PID:9324
- C:\Windows\System\FOAKNNn.exe
  C:\Windows\System\FOAKNNn.exe
  2⤵
  PID:9344
- C:\Windows\System\kByfUoH.exe
  C:\Windows\System\kByfUoH.exe
  2⤵
  PID:9360
- C:\Windows\System\txVCIWk.exe
  C:\Windows\System\txVCIWk.exe
  2⤵
  PID:9380
- C:\Windows\System\ckxGZZA.exe
  C:\Windows\System\ckxGZZA.exe
  2⤵
  PID:9400
- C:\Windows\System\irxBAvw.exe
  C:\Windows\System\irxBAvw.exe
  2⤵
  PID:9416
- C:\Windows\System\YHjqbRT.exe
  C:\Windows\System\YHjqbRT.exe
  2⤵
  PID:9476
- C:\Windows\System\ZmYeJxe.exe
  C:\Windows\System\ZmYeJxe.exe
  2⤵
  PID:9504
- C:\Windows\System\dHlnIiw.exe
  C:\Windows\System\dHlnIiw.exe
  2⤵
  PID:9528
- C:\Windows\System\Lojodne.exe
  C:\Windows\System\Lojodne.exe
  2⤵
  PID:9544
- C:\Windows\System\MUotXGL.exe
  C:\Windows\System\MUotXGL.exe
  2⤵
  PID:9576
- C:\Windows\System\DBgKgkh.exe
  C:\Windows\System\DBgKgkh.exe
  2⤵
  PID:9592
- C:\Windows\System\TbDSvKJ.exe
  C:\Windows\System\TbDSvKJ.exe
  2⤵
  PID:9612
- C:\Windows\System\WITDEMm.exe
  C:\Windows\System\WITDEMm.exe
  2⤵
  PID:9640
- C:\Windows\System\iXBRgrU.exe
  C:\Windows\System\iXBRgrU.exe
  2⤵
  PID:9656
- C:\Windows\System\XkhSvkY.exe
  C:\Windows\System\XkhSvkY.exe
  2⤵
  PID:9676
- C:\Windows\System\wdmWzwS.exe
  C:\Windows\System\wdmWzwS.exe
  2⤵
  PID:9696
- C:\Windows\System\gUsydJX.exe
  C:\Windows\System\gUsydJX.exe
  2⤵
  PID:9712
- C:\Windows\System\wukAFJw.exe
  C:\Windows\System\wukAFJw.exe
  2⤵
  PID:9732
- C:\Windows\System\MofJUdF.exe
  C:\Windows\System\MofJUdF.exe
  2⤵
  PID:9756
- C:\Windows\System\UOeMvXS.exe
  C:\Windows\System\UOeMvXS.exe
  2⤵
  PID:9784
- C:\Windows\System\qyNfsdS.exe
  C:\Windows\System\qyNfsdS.exe
  2⤵
  PID:9808
- C:\Windows\System\KmrwTrb.exe
  C:\Windows\System\KmrwTrb.exe
  2⤵
  PID:9828
- C:\Windows\System\HfeKYqu.exe
  C:\Windows\System\HfeKYqu.exe
  2⤵
  PID:9844
- C:\Windows\System\yrLkPjx.exe
  C:\Windows\System\yrLkPjx.exe
  2⤵
  PID:9864
- C:\Windows\System\UgvbGIW.exe
  C:\Windows\System\UgvbGIW.exe
  2⤵
  PID:9880
- C:\Windows\System\ZYbQHnx.exe
  C:\Windows\System\ZYbQHnx.exe
  2⤵
  PID:9896
- C:\Windows\System\tNOKTHz.exe
  C:\Windows\System\tNOKTHz.exe
  2⤵
  PID:9916
- C:\Windows\System\HSFCfsm.exe
  C:\Windows\System\HSFCfsm.exe
  2⤵
  PID:9936
- C:\Windows\System\KqbDNhF.exe
  C:\Windows\System\KqbDNhF.exe
  2⤵
  PID:9952
- C:\Windows\System\xTKgEZc.exe
  C:\Windows\System\xTKgEZc.exe
  2⤵
  PID:9972
- C:\Windows\System\NSyJMOY.exe
  C:\Windows\System\NSyJMOY.exe
  2⤵
  PID:9992
- C:\Windows\System\dFSQOqy.exe
  C:\Windows\System\dFSQOqy.exe
  2⤵
  PID:10020
- C:\Windows\System\SUrbFfz.exe
  C:\Windows\System\SUrbFfz.exe
  2⤵
  PID:10044
- C:\Windows\System\ozPgRPj.exe
  C:\Windows\System\ozPgRPj.exe
  2⤵
  PID:10060
- C:\Windows\System\sCOGBik.exe
  C:\Windows\System\sCOGBik.exe
  2⤵
  PID:10080
- C:\Windows\System\yaoipNp.exe
  C:\Windows\System\yaoipNp.exe
  2⤵
  PID:10104
- C:\Windows\System\FGVznab.exe
  C:\Windows\System\FGVznab.exe
  2⤵
  PID:10120
- C:\Windows\System\DHtEmfO.exe
  C:\Windows\System\DHtEmfO.exe
  2⤵
  PID:10136
- C:\Windows\System\VuDoTTt.exe
  C:\Windows\System\VuDoTTt.exe
  2⤵
  PID:10152
- C:\Windows\System\EzfeaAt.exe
  C:\Windows\System\EzfeaAt.exe
  2⤵
  PID:10168
- C:\Windows\System\jRqemZi.exe
  C:\Windows\System\jRqemZi.exe
  2⤵
  PID:10184
- C:\Windows\System\NDZDAUt.exe
  C:\Windows\System\NDZDAUt.exe
  2⤵
  PID:10204
- C:\Windows\System\PMkArTU.exe
  C:\Windows\System\PMkArTU.exe
  2⤵
  PID:10220
- C:\Windows\System\TMpXhqJ.exe
  C:\Windows\System\TMpXhqJ.exe
  2⤵
  PID:8380
- C:\Windows\System\tfJUPOB.exe
  C:\Windows\System\tfJUPOB.exe
  2⤵
  PID:9240
- C:\Windows\System\mxDsopW.exe
  C:\Windows\System\mxDsopW.exe
  2⤵
  PID:9260
- C:\Windows\System\MVHVDjA.exe
  C:\Windows\System\MVHVDjA.exe
  2⤵
  PID:9292
- C:\Windows\System\UNFKwLb.exe
  C:\Windows\System\UNFKwLb.exe
  2⤵
  PID:9356
- C:\Windows\System\ncHPgXJ.exe
  C:\Windows\System\ncHPgXJ.exe
  2⤵
  PID:9388
- C:\Windows\System\oNPaOza.exe
  C:\Windows\System\oNPaOza.exe
  2⤵
  PID:9424
- C:\Windows\System\mqDpMtb.exe
  C:\Windows\System\mqDpMtb.exe
  2⤵
  PID:9428
- C:\Windows\System\JpoOKgr.exe
  C:\Windows\System\JpoOKgr.exe
  2⤵
  PID:9464
- C:\Windows\System\oENMkdD.exe
  C:\Windows\System\oENMkdD.exe
  2⤵
  PID:9520
- C:\Windows\System\NJTRaTK.exe
  C:\Windows\System\NJTRaTK.exe
  2⤵
  PID:9568
- C:\Windows\System\plaMdVV.exe
  C:\Windows\System\plaMdVV.exe
  2⤵
  PID:9604
- C:\Windows\System\eqjeObz.exe
  C:\Windows\System\eqjeObz.exe
  2⤵
  PID:9540
- C:\Windows\System\YNQtoGt.exe
  C:\Windows\System\YNQtoGt.exe
  2⤵
  PID:9484
- C:\Windows\System\HaefZUC.exe
  C:\Windows\System\HaefZUC.exe
  2⤵
  PID:9684
- C:\Windows\System\LveXmZV.exe
  C:\Windows\System\LveXmZV.exe
  2⤵
  PID:9636
- C:\Windows\System\eaGHEJk.exe
  C:\Windows\System\eaGHEJk.exe
  2⤵
  PID:9692
- C:\Windows\System\ceJasvG.exe
  C:\Windows\System\ceJasvG.exe
  2⤵
  PID:9708
- C:\Windows\System\NulUgQe.exe
  C:\Windows\System\NulUgQe.exe
  2⤵
  PID:9748
- C:\Windows\System\fPUUMnC.exe
  C:\Windows\System\fPUUMnC.exe
  2⤵
  PID:9772
- C:\Windows\System\SNNfGZN.exe
  C:\Windows\System\SNNfGZN.exe
  2⤵
  PID:9804
- C:\Windows\System\DYwkVhh.exe
  C:\Windows\System\DYwkVhh.exe
  2⤵
  PID:9840
- C:\Windows\System\ACtisHi.exe
  C:\Windows\System\ACtisHi.exe
  2⤵
  PID:9876
- C:\Windows\System\yenMBgd.exe
  C:\Windows\System\yenMBgd.exe
  2⤵
  PID:9932
- C:\Windows\System\LjtWwLI.exe
  C:\Windows\System\LjtWwLI.exe
  2⤵
  PID:9964
- C:\Windows\System\PeXvubt.exe
  C:\Windows\System\PeXvubt.exe
  2⤵
  PID:10000
- C:\Windows\System\VQSLphJ.exe
  C:\Windows\System\VQSLphJ.exe
  2⤵
  PID:10028
- C:\Windows\System\msiSzgE.exe
  C:\Windows\System\msiSzgE.exe
  2⤵
  PID:10040
- C:\Windows\System\VHzfPUA.exe
  C:\Windows\System\VHzfPUA.exe
  2⤵
  PID:10076
- C:\Windows\System\qefriGY.exe
  C:\Windows\System\qefriGY.exe
  2⤵
  PID:9820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AIPjGaK.exe

Filesize
6.0MB

MD5
1ad51cb3ba0e0ce231b36d3aa4a81eaa

SHA1
2ac2a8935f3540a0e33721095eaedb02ab41e2ca

SHA256
77c48f5d875eace123d3946b346e89b778c8694a619e38fc5ccfa2d4f07e8f3b

SHA512
7b3ed2c48e03583dc4f0de6d030513066e8515d582e3f75dafe92eeab23871a593062b82b828dbe107d8a9f2ec7ad8403714b70e41fd4c4caac0bdce938b4392

Download Submit
C:\Windows\system\DiPZyfC.exe

Filesize
6.0MB

MD5
28cb5be82e56ce2c2548c6a4ab8b10a2

SHA1
8f233ac1854c3f5abf5539584f58ee7e2f014950

SHA256
e495dcc7ee08627d699e64be82d4ec6578d4a6f7db8cc1bc78d90436e1d790cd

SHA512
f57a1f7e1fb93889dc24b1fdc7cfd41cb9a1a7fa12c5a6c6fec3c54886e19dfe4441dda77c690ad6f0fb3bee13531eb1b6e1e53fddc9f491d51d4de025bf7116

Download Submit
C:\Windows\system\ExDxgFL.exe

Filesize
6.0MB

MD5
6b1bff8ad97d373a556c956aa6a63cf6

SHA1
b813b39a569212c5ca6858cd7c1eb5246a9addf6

SHA256
d5b9b09da67e235611d842f6f15953c330e224235de8165bc8177fa51646e27e

SHA512
187ba424e6a765fe6e160354e6decfdc4a1fc3402ce5e993e59e09476da37454e91dd2c9e723b5af9886b9b580c73a2bd2f1623cb9edcdcec74219d09ba2e8df

Download Submit
C:\Windows\system\JSPJJiE.exe

Filesize
6.0MB

MD5
639841bd5e193ce9acb7519c3259db14

SHA1
f06a57d5a3a6cbe8b447ed0e80d04a05b9c899f1

SHA256
c8ac1d6b5ffc0c19bc54baf3aeadc0cc104a10aad1cb91d4bd2af408f65f6bea

SHA512
40f8358662306e32683b4f8ccef9c11a0cac482f53aa0fe3349be047e2f5182081324b4f26a62ce82b7b0626e0b56b29e6ba2759956e2dd3fc7283d58501c595

Download Submit
C:\Windows\system\KKUwwrX.exe

Filesize
6.0MB

MD5
1f4cbd9930b8adcfd768fdc851bf8df7

SHA1
1da450d06495a03db3805933039a5b50c915daf5

SHA256
e2b833eddef2b5b8c2030b1406a5f2b29941d6ebcae0024a8c502dfde2cdae76

SHA512
fb59bf8f1d67e0f83c70720c9120bfa76b428a7c1f09156c6925137f8c3ed686cdaa2b867c5a307941e290098e8cb0569eeacf19dc0c2ac387c958529ac509f6

Download Submit
C:\Windows\system\NfQFxjX.exe

Filesize
6.0MB

MD5
7530a4e4f234a65e84083f1f31530e06

SHA1
ee208956b3c9f1005e146c48b7dc4e875cb57c2e

SHA256
a9cc41c5460cfdd557bbaefc6f8c12ebbb9d50ddf8e3659a68da680811f3f32e

SHA512
42c1bf7735179ba6947d1d0f99fd18eb655fac386c942e49c78c0c90328ea49709d0b3b834522b5bbad849f4bcd7d87017d130f213b588a6c085ddcb2f76e700

Download Submit
C:\Windows\system\PxfCmGO.exe

Filesize
6.0MB

MD5
3934f2f123bb8fb6d3367c5dafec2425

SHA1
ecaaad2865db5b5e55d397b91c4fb2e0068d917f

SHA256
3015d5d16e8397d48979606362d7608a06ebad33273f86774696b5f0a097ea0a

SHA512
430dbda4be1ca0a25698103da1f149757de72417803bc51052aa5904f24c496281fcb9b49fb32c1c8ed47287e405ce7c552a051cd77fab49b9dff0b5c419fa67

Download Submit
C:\Windows\system\RkCGuvs.exe

Filesize
6.0MB

MD5
7e180576fcf1a03559c0b7b8b6517cc3

SHA1
8fad02594baab73084c25f67b3f8e704c091778e

SHA256
22d449ff82785b0cd5a71aba4be4e7547468d8a7a0020c23f9355dfda5590d6a

SHA512
08a8f3ee9041a9833bacc27a67a9da755b4c8b69b3599a29bd0a9b68d554e3dc9c4390389adf595051b4a861666d088aa0988e820ba0766fb0c72553ccd32da0

Download Submit
C:\Windows\system\SDriKOn.exe

Filesize
6.0MB

MD5
f473b7e892fb49a1795ad2ddd833dab7

SHA1
5053a58e9c5a9010a72dbda4519cb23a312a2240

SHA256
d2fd6bcc2b74c8d8b4a1341f2114a15b3804b062bb5d5a78a35036b9eba679a3

SHA512
e64a32aa34411e6eee3cd9a5bdb2613d7d4a7f3197c9e8398414b8162843fd7a1f5f62c6f31d9c8e93fe6fd2caa22adf589702280e08e8e98725c011d94fe9bd

Download Submit
C:\Windows\system\SsEAtkO.exe

Filesize
6.0MB

MD5
440e3b8c4f420db68b1f55d76312e8a0

SHA1
2bee0deeb1d2f2336b3403efe90a3bd728fcd555

SHA256
c1eacc1ac7f0cea774162ceebdb7d8eeea9fb06050137fc72afa1045cd7fbd13

SHA512
44c44acfb0f1d4ea099867a64b271142f6eac3a83e4cd3e1fdc7b478f1d3b7b22557eba7264f255edbf19b0ca7d45745de72378a6b7cf4eed7ea2d43e29e1f19

Download Submit
C:\Windows\system\TDRPYiD.exe

Filesize
6.0MB

MD5
ee7746b936a8e782d10418e59adcf872

SHA1
72d8e7a96ed254bc50ca9c0711eb71add316de9f

SHA256
da9b1580154b5d7621d53a114cff92980a194887828c083a35720a517a13deed

SHA512
6904a79805144197326714cb8cbf457100efae2bffc2deb5a7c0ac3a9058b7530b1017108087ef91266fd88f5819bf20f3cb653a16dfadfff5d6fe21618e576b

Download Submit
C:\Windows\system\UwtQQPM.exe

Filesize
6.0MB

MD5
2014385fd88106bb4c8029a95e6ccd8f

SHA1
58c923598f2a2a72ef4f88d26854faabedb40884

SHA256
b33a73ced6b86475d99cb90d7bfb2b9cd6853e8e996ad316645fcd5d1694a632

SHA512
3ee6da2254974041e2289cf66d96597e069ad0829ddf8aca5f0480a4fa8f7271a9063be66f3abb07e0831603a1ddbd104b95ed565fdab16d781cd6420a6965db

Download Submit
C:\Windows\system\aSAUxPq.exe

Filesize
6.0MB

MD5
94769d7e355153878ece6ba3d46129ab

SHA1
3de259da72084ea4024e330dda9c58158656a053

SHA256
a488bb8698ed83ed0413a5cbb15035a7da8be1cfd144f7358f8b09f1e609ece6

SHA512
7d5feafc6e34e08d5d5f10d3b29f9780ca3b27b65c89cece4d8fbde32582268220507e2a4a737d055466499247fd2c6dfbe89ffbe18caf822bb07512e12befad

Download Submit
C:\Windows\system\acSWShD.exe

Filesize
6.0MB

MD5
5eedbe6c80b0911445c14e98badf27dc

SHA1
8ac9e74c7131978989c55cfa4eb6d20b47c38b4d

SHA256
4a98c67f57488ce9461adbe9bb4ec1424adeaa3cfbd2f2e16b6455b6b42f51d1

SHA512
3692876cd1d5e59212ad952db3ad46c0fc413104ad5959e32c12afac3cc28ec48f58f1d93f5cdfa57c33a9ca57961caf32725e3dd73b6529bc51fddfbcd97ec6

Download Submit
C:\Windows\system\eAtZvnV.exe

Filesize
6.0MB

MD5
39da8555cb720d3db27e6d63cd2c2837

SHA1
c1c6faa2d01f176241cfbe7c4006ff3460cd5b78

SHA256
e2f19944bb9a928d3f3f0909dc757a6a2d2f359cd8121b293f195c472c0f4997

SHA512
c1e765404770d709ba696b69a798c131f895fa485a0519c69d384f3c093467abc7af2da0fa0e45876aefd1eb4c5ba7779b0c2d2f0087cc292d17ec9a404d5163

Download Submit
C:\Windows\system\ficrBaG.exe

Filesize
6.0MB

MD5
04e603223879e6f8a233cb8925844333

SHA1
82999671dea47d77e332b95a106e57569791ecbf

SHA256
5e059aac2e99e88a47609043369cec70b99d85575c38d9a41ad4ca43043d1d1d

SHA512
d857f393cf92a4b254319b6d46e840c5df9d902d8cf041109fed76e606dab3456c6f527c48e930c6a915a035c5ced1d86e72b811e731706ed173fd449f08e5d5

Download Submit
C:\Windows\system\jclBcIQ.exe

Filesize
6.0MB

MD5
b8b6222f8121b25d416d9d9623bfbe6f

SHA1
8818cfe2a0bccf8ebbc1cb7a5dc0b7a232fa2a70

SHA256
1ba4f3d3363f358a4dc04fc4964ec5db798fb19dd973f80bff83995c796b9a8a

SHA512
f52cfd97bc22fcfb0e787844a1da58c6b8a598789e0a40302453f4f0757d006d508281f743fce8cd1a69682351e1c5f29b68554b1e2c5c51efddea581a4f83ec

Download Submit
C:\Windows\system\kmiVNhr.exe

Filesize
6.0MB

MD5
4b8f458f0052c39d34ccc64ab0a22138

SHA1
f27160f9218ce773ed0676f101ebd50658511c3f

SHA256
123304174ffe0efb2a22179ddec6a968299e4caae6728bcc33da8356fa88d9d8

SHA512
d72423393d5468bc844bcf445f7e39761218d6655350b15efec2b05032d2ed56196ae414f5b522f596c73585a12c91aa0c3c4a025267f43d78e59b4cf53c4afc

Download Submit
C:\Windows\system\liSENQI.exe

Filesize
6.0MB

MD5
c49de5bba83e9627e9430be28b9c9d40

SHA1
cd25fed2632d6bead0dcfb4a734e18b24eee4498

SHA256
ad32e30d402febbd1126153c7da75591b1d2e52e87ca200b9211f11e3c0ca125

SHA512
05e772a250865be141180861a775081c22f7d27f94f85810296575c147b1b1f4171d3b0ccc55447b6215deb0fb89ebfe82202a31f45a4e543ded76e9911d4424

Download Submit
C:\Windows\system\mSWGbSO.exe

Filesize
6.0MB

MD5
568ece823e983c7d4bdad855fbec63ab

SHA1
e46fc4d759d4248d36e7be3f56e5fdbf2a5381b1

SHA256
98faab493131c016b29f2e32ba5f0f1e73ec907b8e2edec5755700d6fe8ea99f

SHA512
ab11f6555c428c055a21f88f3a4e06fc2a48ca30c967071dc4e39cdbf274007ec0317a106c32a6b9d05d1cd8bcf5761b2aea17a7cc5e3a4fcb66fe8123fcb646

Download Submit
C:\Windows\system\mSjDNKP.exe

Filesize
6.0MB

MD5
d689f80fa38dbf3e314321b696163c17

SHA1
310596e2b0660c919a87a5dda2c7f97b3bbfec32

SHA256
614c693a1f30e9ad1fe3ea6f399b31dccb9887c88735fe4793bacb1c5c77bc79

SHA512
5b4b5462b7db3bf34fd64a7a1118ec12f19be636375db8d70814d23b9d1ade7c608ecc890bdc7f5dc924a8ae4ea4acc788b80cfc38334dd638179344297f2880

Download Submit
C:\Windows\system\mqQvCKo.exe

Filesize
6.0MB

MD5
e25fb33022a4582a7db313358a53ca43

SHA1
6f7ccc65cfb53361aee3096b4e2826c5b86d9fe5

SHA256
d0c66152cc8cdd4dc03404719ebbbb7515ad1dcee4f6cb667c39690bf1592cd9

SHA512
83951c9c6f3851a04009e40c7d437d0401daffe88170d1d184e0724f475fba033f0882e2b4e98725ec31d4fde3f70a75ce4ad2c33c34667e8708f3c63d2d0f5e

Download Submit
C:\Windows\system\oHxbFwt.exe

Filesize
6.0MB

MD5
2755b4afa41339d0b4b1c486265555cf

SHA1
80294ed334bf0468be639b318841782d1471e979

SHA256
9867f9ceba159d831b2bda53680096b24757bb739035c816ee3be0364e4b3714

SHA512
98c4bb46f863e571b63a1656bf398d40b3a1cf3b9d3e1e34e48c8ffaa4f8bd436a029a875ef54a0c38a264a9e6ed23a351d2772fe54c4870cf0029f583dbb829

Download Submit
C:\Windows\system\oRTwQFe.exe

Filesize
6.0MB

MD5
6da1dd965abe4de67b7a8c39e2ce64b6

SHA1
4f614d7bb15625638bb186d4a6665cc1476f2447

SHA256
60d05fe7e57de17622e512744a5a3ef91470cc123bd285eef0e3d3aa480485f0

SHA512
f68fe762de68a903cb2ddf279c62eeda6d627d8e6899e84699273c644dc528581d8e83236f12d76ec583164390f037c8100a857762803052e6885546972e3d0b

Download Submit
C:\Windows\system\tggEXmo.exe

Filesize
6.0MB

MD5
35342192e797de595de507e272477bdf

SHA1
4bfd9cfcfdfca04f8c73ac2d8ee2e3d8bd3b8be2

SHA256
86df115d6215cfa2a370088827c22da9f8f36f57d87cb5f68549de98d47b8e14

SHA512
2fe69020dc7208b8bd620d1b304214ddc891cd026ab18bb656d50fbbb626087dd9853c34492d34f8719fa26c3a89fc902d2b3e0c36ee76cd6200ee4c3015653b

Download Submit
C:\Windows\system\vzZFVNS.exe

Filesize
6.0MB

MD5
3c5430ff927ac061862e87ecdfcc624e

SHA1
f5d20e0dca88a6ee0f9f5eb42d2077a762803541

SHA256
4c937fb82afe9c2e966608b8e72f102fd3e5afbb5ed873ad06b7b96311ae1716

SHA512
eba6125a3770da30abd86091b0bfdf01ced59b4f8ddf744e499eb4ad02a108226619ba2e139e4468e1d88bac1ebcddb0f6466bb8a344c6d290aacdc7726b55db

Download Submit
C:\Windows\system\wzCRsuy.exe

Filesize
6.0MB

MD5
9aca49ffde11540ba211822e16a133ff

SHA1
5f5a96321bbf23894a658971c842cf4cc5d0b9f5

SHA256
aa664defb5e1d4d1b058ab4328e4b58ac086f6c5b10e2dc08b2407ae320d483c

SHA512
15a7db9783476f831997a9a547147e0311ab3d8f1b82c5f19b9e53639f2e3599d0599c3e945083bc8de0ef82a1bee1594604543e32b0de0bc06b4eef0a88a067

Download Submit
\Windows\system\GysCNRT.exe

Filesize
6.0MB

MD5
8025fd32041e3171da0adc065af62616

SHA1
2f8b5551f60cad625084130ad53be6330f07d4fc

SHA256
6a1257cbd2a3f6935807b340e70450977584ae666a06c81367dc72c452780bea

SHA512
705217e4e78c7bb36eb6865a7fb7e2358c0c72e6d4978dfa1de1c5e6b5e6027dc1ceddd472b89a88e7d5cf7935670a9e0ae3c856ddd7a9eb5ac08393b0ae9d44

Download Submit
\Windows\system\HXKXqbX.exe

Filesize
6.0MB

MD5
00ff51373067bfaaa0747984c5d7f963

SHA1
bf121ecf1b710d12671a50a75fda29f9988fa15f

SHA256
86d5b98edd9fc9091a3459a0322737725d269a4e5ebd6b985c6b78cf18dab964

SHA512
f7413895e82ab327c6f88bf03a3fab17d732cde0404c050ada677057e9d4a096ecb4c833193dde474de8bf919b2c64e1422ffe3cf9297cb6148861d9968163c3

Download Submit
\Windows\system\MVYmmfb.exe

Filesize
6.0MB

MD5
fca3394dbb9f3bdf08340e4a95bfc115

SHA1
ad30deeab3606439bf1eee695d6e8d0a67cd74ce

SHA256
2d13b3f6e68d5538ca6dbc3b684529ba3f2b1375c1d96e1b34f4519aa4ff7754

SHA512
a83307e1f93fba68804a677950db7368811ee2f86f271b6dabd1845fcfb1bc0142d6608c1cb0618ac60fc8ca0d91e452d2862eab87559ff7a09e7520cb42f0b5

Download Submit
\Windows\system\OyncDCC.exe

Filesize
6.0MB

MD5
95516f24c695de6b94cf767e282a37eb

SHA1
4d827a7f0ae42c02a9dd1d5f2ed0b9bfe1228fb7

SHA256
380fc07298c9caa273e7a2e00bbf1f53ee641a43754d73beeb6190fb564912d9

SHA512
a4b198f1ab3adfb92084e650f5dbb8716841ab987f1e8d0abfc00c848ae28b0daa4d210785186c49eef1b4d30a7395bd8d9658764bedf9ccc59c034a0d27407f

Download Submit
\Windows\system\vIOlzYe.exe

Filesize
6.0MB

MD5
b870e8ebe3be7d82608390cede8e6496

SHA1
a0073a07bf1696254c58a85fabbfb13008bc2b77

SHA256
dbf9ca1eec4f9d6a698e34d6d2716f8c05cab5e8a77a9e682b13c8ee4ec6d311

SHA512
7386ffb890a804ea88a95277e0da1ec60d24282e8d6c944a1c99e3d70c041b1290c1fa5bba0a34a63cdcb99282f8ef56ca40195b6595494dcb1c2d60b9f0f4cd

Download Submit
memory/368-34-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/368-1059-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/1384-1060-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/1384-64-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/1384-22-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/1960-89-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-2658-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2068-43-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2068-1061-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-83-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2204-2662-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2324-305-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2324-42-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2324-0-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2324-159-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2324-378-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2324-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2324-15-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2324-68-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2324-6-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2324-74-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2324-86-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2324-46-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2324-92-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2324-53-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2324-20-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2324-98-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2324-99-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2324-39-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2324-252-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2324-30-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2488-44-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2488-1062-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-96-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2568-2661-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2620-1057-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-54-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-10-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-77-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-2659-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-2663-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-72-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-2660-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-66-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-60-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2936-1093-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/3044-14-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-1050-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-59-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-80-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-50-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1081-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download