cobaltstrike | fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-12-2024 03:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
Size

6.0MB
MD5

6b64d818548d0df447a0362b008b74fe
SHA1

cc138997978d655bc9850b8abd01225a1eb0e444
SHA256

fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91
SHA512

c7614c0824615a419c5a2655fdc3a173c01198935c2a83c52ab7cd54d210c47e00e7a1102e70e7386384515a95d36a764b63b6d41e3bb4aff21f94d83e52b58d
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUU:eOl56utgpPF8u/7U

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015689-9.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000156a8-11.dat	cobalt_reflective_dll
behavioral1/files/0x003800000001506e-25.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015cb9-29.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ccf-33.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ce4-46.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015cfd-55.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d0a-64.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015f4e-68.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000015fa6-75.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000160da-82.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016141-88.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000162e4-94.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016399-99.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000164de-103.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016689-116.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016890-121.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016b86-126.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c89-131.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ca0-136.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cf0-146.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4c-156.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6f-166.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd9-181.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de9-186.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd5-176.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d73-171.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d68-161.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d22-151.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cab-141.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001660e-111.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2984-0-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x0008000000012117-3.dat	xmrig
behavioral1/memory/2724-8-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/files/0x0008000000015689-9.dat	xmrig
behavioral1/memory/2840-13-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x00080000000156a8-11.dat	xmrig
behavioral1/memory/2792-26-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/files/0x003800000001506e-25.dat	xmrig
behavioral1/memory/2704-23-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015cb9-29.dat	xmrig
behavioral1/files/0x0007000000015ccf-33.dat	xmrig
behavioral1/memory/2588-49-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2724-47-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/files/0x0007000000015ce4-46.dat	xmrig
behavioral1/memory/2864-45-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2824-44-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2984-42-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x0008000000015cfd-55.dat	xmrig
behavioral1/memory/2420-58-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/2840-56-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2704-59-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2984-65-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d0a-64.dat	xmrig
behavioral1/memory/2792-62-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/1784-67-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000015f4e-68.dat	xmrig
behavioral1/memory/1968-74-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/files/0x0006000000015fa6-75.dat	xmrig
behavioral1/memory/2052-81-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2984-80-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/files/0x00060000000160da-82.dat	xmrig
behavioral1/files/0x0006000000016141-88.dat	xmrig
behavioral1/memory/2588-90-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x00060000000162e4-94.dat	xmrig
behavioral1/files/0x0006000000016399-99.dat	xmrig
behavioral1/files/0x00060000000164de-103.dat	xmrig
behavioral1/memory/2984-106-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016689-116.dat	xmrig
behavioral1/files/0x0006000000016890-121.dat	xmrig
behavioral1/files/0x0006000000016b86-126.dat	xmrig
behavioral1/files/0x0006000000016c89-131.dat	xmrig
behavioral1/files/0x0006000000016ca0-136.dat	xmrig
behavioral1/files/0x0006000000016cf0-146.dat	xmrig
behavioral1/files/0x0006000000016d4c-156.dat	xmrig
behavioral1/files/0x0006000000016d6f-166.dat	xmrig
behavioral1/files/0x0006000000016dd9-181.dat	xmrig
behavioral1/memory/660-953-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2788-942-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2960-941-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/files/0x0006000000016de9-186.dat	xmrig
behavioral1/files/0x0006000000016dd5-176.dat	xmrig
behavioral1/files/0x0006000000016d73-171.dat	xmrig
behavioral1/files/0x0006000000016d68-161.dat	xmrig
behavioral1/files/0x0006000000016d22-151.dat	xmrig
behavioral1/files/0x0006000000016cab-141.dat	xmrig
behavioral1/files/0x000600000001660e-111.dat	xmrig
behavioral1/memory/2984-2327-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2984-2412-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2724-3312-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2840-3327-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2792-3341-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2704-3379-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2824-3515-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2864-3508-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2724	ZoptWqE.exe
2840	bOqoPsL.exe
2704	pOPyINb.exe
2792	WiimWTo.exe
2824	oITIGBC.exe
2864	mdtAUCE.exe
2588	NpClXBl.exe
2420	IGVcEfM.exe
1784	birFJWA.exe
1968	tZEcgNX.exe
2052	sSPFxlb.exe
660	njuAVuQ.exe
2960	DiPcvYj.exe
2788	yBDNhKe.exe
2776	dCjJtxi.exe
1880	ORYCkva.exe
2764	mxBCMlH.exe
2028	ECDsdxT.exe
3056	trJOTRo.exe
760	cNfEBGs.exe
680	QhcWoZR.exe
1296	XaqQMyd.exe
1308	QUTQPMU.exe
1356	sgZFwBU.exe
1984	azZdpBi.exe
2248	FSseSvz.exe
2560	ndUkrld.exe
1780	jxWxMSW.exe
1344	JwsuiUO.exe
708	fjmAWMS.exe
1704	TGECHku.exe
2172	fLFKuhX.exe
2404	XvnKVLk.exe
1340	liKUOZR.exe
2060	mzdcobH.exe
1624	axqdODy.exe
344	yykKxCR.exe
1900	joPEaBq.exe
1204	XkreBas.exe
1288	HnFnvYe.exe
892	uxxqxPR.exe
864	AdNQbkl.exe
3044	aUYegRl.exe
3064	ZXHmmqt.exe
2320	yGwQKRJ.exe
1748	ajjpylu.exe
1736	XfSjCXN.exe
300	YPcQyLn.exe
1040	TsSAPth.exe
2056	DhJIkZV.exe
1508	etycleJ.exe
1512	JyLRmKd.exe
1700	IiwWUdm.exe
2128	cZjuOMI.exe
1596	BnCGXQz.exe
1716	UkGmbRR.exe
2804	uVHZCsR.exe
2844	JTkgZHa.exe
2740	FgDKHlE.exe
2880	xMHPGPC.exe
2716	dATQttY.exe
2852	uqgGWGD.exe
2572	NqnBdyX.exe
2188	nkobDbt.exe

Loads dropped DLL 64 IoCs

pid	Process
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2984-0-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x0008000000012117-3.dat	upx
behavioral1/memory/2724-8-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/files/0x0008000000015689-9.dat	upx
behavioral1/memory/2840-13-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/files/0x00080000000156a8-11.dat	upx
behavioral1/memory/2792-26-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/files/0x003800000001506e-25.dat	upx
behavioral1/memory/2704-23-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/files/0x0007000000015cb9-29.dat	upx
behavioral1/files/0x0007000000015ccf-33.dat	upx
behavioral1/memory/2588-49-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2724-47-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/files/0x0007000000015ce4-46.dat	upx
behavioral1/memory/2864-45-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2824-44-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2984-42-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x0008000000015cfd-55.dat	upx
behavioral1/memory/2420-58-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2840-56-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2704-59-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/files/0x0008000000015d0a-64.dat	upx
behavioral1/memory/2792-62-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/1784-67-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/files/0x0006000000015f4e-68.dat	upx
behavioral1/memory/1968-74-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/files/0x0006000000015fa6-75.dat	upx
behavioral1/memory/2052-81-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/files/0x00060000000160da-82.dat	upx
behavioral1/files/0x0006000000016141-88.dat	upx
behavioral1/memory/2588-90-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x00060000000162e4-94.dat	upx
behavioral1/files/0x0006000000016399-99.dat	upx
behavioral1/files/0x00060000000164de-103.dat	upx
behavioral1/files/0x0006000000016689-116.dat	upx
behavioral1/files/0x0006000000016890-121.dat	upx
behavioral1/files/0x0006000000016b86-126.dat	upx
behavioral1/files/0x0006000000016c89-131.dat	upx
behavioral1/files/0x0006000000016ca0-136.dat	upx
behavioral1/files/0x0006000000016cf0-146.dat	upx
behavioral1/files/0x0006000000016d4c-156.dat	upx
behavioral1/files/0x0006000000016d6f-166.dat	upx
behavioral1/files/0x0006000000016dd9-181.dat	upx
behavioral1/memory/660-953-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2788-942-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2960-941-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/files/0x0006000000016de9-186.dat	upx
behavioral1/files/0x0006000000016dd5-176.dat	upx
behavioral1/files/0x0006000000016d73-171.dat	upx
behavioral1/files/0x0006000000016d68-161.dat	upx
behavioral1/files/0x0006000000016d22-151.dat	upx
behavioral1/files/0x0006000000016cab-141.dat	upx
behavioral1/files/0x000600000001660e-111.dat	upx
behavioral1/memory/2724-3312-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2840-3327-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2792-3341-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2704-3379-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2824-3515-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2864-3508-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2420-3548-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2588-3559-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/1784-3673-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/1968-3695-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2052-3805-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\tnORboz.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\AtnQGvZ.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\qvecgmT.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\jFZWwaK.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\njiUwhI.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\uXbsQzZ.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\ikOWuXy.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\gwaGmdm.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\iRNHGJw.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\XfNubaU.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\aBZhGLO.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\BRmJLVa.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\pRveuiS.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\aTWqlBV.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\RRIoqZD.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\GSpnlBT.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\jZkxSRa.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\OppFWmy.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\yEndYtA.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\tcjxzXc.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\NFHdLPE.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\CptIURj.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\aALPRRu.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\xDFUQQN.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\IASRinW.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\pjDdtfr.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\ZYXdFvt.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\zCWbcTh.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\HaHGtyD.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\tgVbulM.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\mhozAWg.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\NJzMsnW.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\WNoFIPB.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\TKJkpGU.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\qozKvhs.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\ZdjhXdr.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\aZUBPiz.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\KZafdwU.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\jeTHgLM.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\AHZWNyc.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\LxJYgcK.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\uCKhlDK.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\nexBcqd.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\mCJuWOb.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\zJoVokh.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\aHkwqGH.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\dmHIlSO.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\EuzaRve.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\qQHiORd.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\pWvawVu.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\EHqrOyU.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\xcJKjlH.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\obPUIhZ.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\oyxIOmP.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\Ehdhlqc.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\xeRYQdk.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\AWZGVUN.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\EvKjjAu.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\shRxleI.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\YSaLJDf.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\VbECVwv.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\mhWJbbf.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\ZFxOKUF.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
File created	C:\Windows\System\BOEsTjq.exe	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 2724	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	31
PID 2984 wrote to memory of 2724	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	31
PID 2984 wrote to memory of 2724	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	31
PID 2984 wrote to memory of 2840	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	32
PID 2984 wrote to memory of 2840	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	32
PID 2984 wrote to memory of 2840	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	32
PID 2984 wrote to memory of 2704	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	33
PID 2984 wrote to memory of 2704	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	33
PID 2984 wrote to memory of 2704	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	33
PID 2984 wrote to memory of 2792	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	34
PID 2984 wrote to memory of 2792	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	34
PID 2984 wrote to memory of 2792	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	34
PID 2984 wrote to memory of 2824	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	35
PID 2984 wrote to memory of 2824	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	35
PID 2984 wrote to memory of 2824	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	35
PID 2984 wrote to memory of 2864	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	36
PID 2984 wrote to memory of 2864	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	36
PID 2984 wrote to memory of 2864	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	36
PID 2984 wrote to memory of 2588	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	37
PID 2984 wrote to memory of 2588	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	37
PID 2984 wrote to memory of 2588	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	37
PID 2984 wrote to memory of 2420	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	38
PID 2984 wrote to memory of 2420	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	38
PID 2984 wrote to memory of 2420	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	38
PID 2984 wrote to memory of 1784	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	39
PID 2984 wrote to memory of 1784	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	39
PID 2984 wrote to memory of 1784	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	39
PID 2984 wrote to memory of 1968	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	40
PID 2984 wrote to memory of 1968	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	40
PID 2984 wrote to memory of 1968	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	40
PID 2984 wrote to memory of 2052	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	41
PID 2984 wrote to memory of 2052	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	41
PID 2984 wrote to memory of 2052	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	41
PID 2984 wrote to memory of 660	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	42
PID 2984 wrote to memory of 660	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	42
PID 2984 wrote to memory of 660	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	42
PID 2984 wrote to memory of 2960	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	43
PID 2984 wrote to memory of 2960	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	43
PID 2984 wrote to memory of 2960	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	43
PID 2984 wrote to memory of 2788	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	44
PID 2984 wrote to memory of 2788	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	44
PID 2984 wrote to memory of 2788	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	44
PID 2984 wrote to memory of 2776	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	45
PID 2984 wrote to memory of 2776	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	45
PID 2984 wrote to memory of 2776	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	45
PID 2984 wrote to memory of 1880	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	46
PID 2984 wrote to memory of 1880	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	46
PID 2984 wrote to memory of 1880	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	46
PID 2984 wrote to memory of 2764	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	47
PID 2984 wrote to memory of 2764	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	47
PID 2984 wrote to memory of 2764	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	47
PID 2984 wrote to memory of 2028	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	48
PID 2984 wrote to memory of 2028	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	48
PID 2984 wrote to memory of 2028	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	48
PID 2984 wrote to memory of 3056	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	49
PID 2984 wrote to memory of 3056	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	49
PID 2984 wrote to memory of 3056	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	49
PID 2984 wrote to memory of 760	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	50
PID 2984 wrote to memory of 760	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	50
PID 2984 wrote to memory of 760	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	50
PID 2984 wrote to memory of 680	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	51
PID 2984 wrote to memory of 680	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	51
PID 2984 wrote to memory of 680	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	51
PID 2984 wrote to memory of 1296	2984	JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_fc95ad8d3f46767131843048572a2e20820f2b75751ac61265b5be7a5881aa91.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Windows\System\ZoptWqE.exe
  C:\Windows\System\ZoptWqE.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\bOqoPsL.exe
  C:\Windows\System\bOqoPsL.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\pOPyINb.exe
  C:\Windows\System\pOPyINb.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\WiimWTo.exe
  C:\Windows\System\WiimWTo.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\oITIGBC.exe
  C:\Windows\System\oITIGBC.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\mdtAUCE.exe
  C:\Windows\System\mdtAUCE.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\NpClXBl.exe
  C:\Windows\System\NpClXBl.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\IGVcEfM.exe
  C:\Windows\System\IGVcEfM.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\birFJWA.exe
  C:\Windows\System\birFJWA.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\tZEcgNX.exe
  C:\Windows\System\tZEcgNX.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\sSPFxlb.exe
  C:\Windows\System\sSPFxlb.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\njuAVuQ.exe
  C:\Windows\System\njuAVuQ.exe
  2⤵
  - Executes dropped EXE
  PID:660
- C:\Windows\System\DiPcvYj.exe
  C:\Windows\System\DiPcvYj.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\yBDNhKe.exe
  C:\Windows\System\yBDNhKe.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\dCjJtxi.exe
  C:\Windows\System\dCjJtxi.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\ORYCkva.exe
  C:\Windows\System\ORYCkva.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\mxBCMlH.exe
  C:\Windows\System\mxBCMlH.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\ECDsdxT.exe
  C:\Windows\System\ECDsdxT.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\trJOTRo.exe
  C:\Windows\System\trJOTRo.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\cNfEBGs.exe
  C:\Windows\System\cNfEBGs.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\QhcWoZR.exe
  C:\Windows\System\QhcWoZR.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\XaqQMyd.exe
  C:\Windows\System\XaqQMyd.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\QUTQPMU.exe
  C:\Windows\System\QUTQPMU.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\sgZFwBU.exe
  C:\Windows\System\sgZFwBU.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\azZdpBi.exe
  C:\Windows\System\azZdpBi.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\FSseSvz.exe
  C:\Windows\System\FSseSvz.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\ndUkrld.exe
  C:\Windows\System\ndUkrld.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\jxWxMSW.exe
  C:\Windows\System\jxWxMSW.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\JwsuiUO.exe
  C:\Windows\System\JwsuiUO.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\fjmAWMS.exe
  C:\Windows\System\fjmAWMS.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\TGECHku.exe
  C:\Windows\System\TGECHku.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\fLFKuhX.exe
  C:\Windows\System\fLFKuhX.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\XvnKVLk.exe
  C:\Windows\System\XvnKVLk.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\liKUOZR.exe
  C:\Windows\System\liKUOZR.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\mzdcobH.exe
  C:\Windows\System\mzdcobH.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\axqdODy.exe
  C:\Windows\System\axqdODy.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\yykKxCR.exe
  C:\Windows\System\yykKxCR.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\joPEaBq.exe
  C:\Windows\System\joPEaBq.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\XkreBas.exe
  C:\Windows\System\XkreBas.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\HnFnvYe.exe
  C:\Windows\System\HnFnvYe.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\uxxqxPR.exe
  C:\Windows\System\uxxqxPR.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\AdNQbkl.exe
  C:\Windows\System\AdNQbkl.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\aUYegRl.exe
  C:\Windows\System\aUYegRl.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\ZXHmmqt.exe
  C:\Windows\System\ZXHmmqt.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\yGwQKRJ.exe
  C:\Windows\System\yGwQKRJ.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\ajjpylu.exe
  C:\Windows\System\ajjpylu.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\XfSjCXN.exe
  C:\Windows\System\XfSjCXN.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\YPcQyLn.exe
  C:\Windows\System\YPcQyLn.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\TsSAPth.exe
  C:\Windows\System\TsSAPth.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\DhJIkZV.exe
  C:\Windows\System\DhJIkZV.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\etycleJ.exe
  C:\Windows\System\etycleJ.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\JyLRmKd.exe
  C:\Windows\System\JyLRmKd.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\IiwWUdm.exe
  C:\Windows\System\IiwWUdm.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\cZjuOMI.exe
  C:\Windows\System\cZjuOMI.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\BnCGXQz.exe
  C:\Windows\System\BnCGXQz.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\UkGmbRR.exe
  C:\Windows\System\UkGmbRR.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\uVHZCsR.exe
  C:\Windows\System\uVHZCsR.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\JTkgZHa.exe
  C:\Windows\System\JTkgZHa.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\FgDKHlE.exe
  C:\Windows\System\FgDKHlE.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\xMHPGPC.exe
  C:\Windows\System\xMHPGPC.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\dATQttY.exe
  C:\Windows\System\dATQttY.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\uqgGWGD.exe
  C:\Windows\System\uqgGWGD.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\NqnBdyX.exe
  C:\Windows\System\NqnBdyX.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\nkobDbt.exe
  C:\Windows\System\nkobDbt.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\RABfcok.exe
  C:\Windows\System\RABfcok.exe
  2⤵
  PID:2312
- C:\Windows\System\gtCLjpQ.exe
  C:\Windows\System\gtCLjpQ.exe
  2⤵
  PID:1904
- C:\Windows\System\wIDhCjM.exe
  C:\Windows\System\wIDhCjM.exe
  2⤵
  PID:2200
- C:\Windows\System\jmZcrOc.exe
  C:\Windows\System\jmZcrOc.exe
  2⤵
  PID:2644
- C:\Windows\System\ZPtpAZZ.exe
  C:\Windows\System\ZPtpAZZ.exe
  2⤵
  PID:2540
- C:\Windows\System\dgutlkE.exe
  C:\Windows\System\dgutlkE.exe
  2⤵
  PID:2212
- C:\Windows\System\uTQtvBQ.exe
  C:\Windows\System\uTQtvBQ.exe
  2⤵
  PID:2516
- C:\Windows\System\zpbSxla.exe
  C:\Windows\System\zpbSxla.exe
  2⤵
  PID:2224
- C:\Windows\System\rLgbzRT.exe
  C:\Windows\System\rLgbzRT.exe
  2⤵
  PID:1412
- C:\Windows\System\ulLcoGW.exe
  C:\Windows\System\ulLcoGW.exe
  2⤵
  PID:2912
- C:\Windows\System\sQtoNeT.exe
  C:\Windows\System\sQtoNeT.exe
  2⤵
  PID:1532
- C:\Windows\System\CfkaYxa.exe
  C:\Windows\System\CfkaYxa.exe
  2⤵
  PID:2904
- C:\Windows\System\YnBqmVY.exe
  C:\Windows\System\YnBqmVY.exe
  2⤵
  PID:2096
- C:\Windows\System\LEIBCnV.exe
  C:\Windows\System\LEIBCnV.exe
  2⤵
  PID:1956
- C:\Windows\System\cqAevvG.exe
  C:\Windows\System\cqAevvG.exe
  2⤵
  PID:1096
- C:\Windows\System\FNBSwuC.exe
  C:\Windows\System\FNBSwuC.exe
  2⤵
  PID:604
- C:\Windows\System\AjBMkUd.exe
  C:\Windows\System\AjBMkUd.exe
  2⤵
  PID:2244
- C:\Windows\System\omtzbKG.exe
  C:\Windows\System\omtzbKG.exe
  2⤵
  PID:844
- C:\Windows\System\nsWKeAO.exe
  C:\Windows\System\nsWKeAO.exe
  2⤵
  PID:2152
- C:\Windows\System\thZNbAx.exe
  C:\Windows\System\thZNbAx.exe
  2⤵
  PID:1484
- C:\Windows\System\afSGwod.exe
  C:\Windows\System\afSGwod.exe
  2⤵
  PID:2328
- C:\Windows\System\szTOgJv.exe
  C:\Windows\System\szTOgJv.exe
  2⤵
  PID:1324
- C:\Windows\System\gxnluVl.exe
  C:\Windows\System\gxnluVl.exe
  2⤵
  PID:828
- C:\Windows\System\KbsKHTU.exe
  C:\Windows\System\KbsKHTU.exe
  2⤵
  PID:1852
- C:\Windows\System\BDIYbqk.exe
  C:\Windows\System\BDIYbqk.exe
  2⤵
  PID:748
- C:\Windows\System\CfDXxoS.exe
  C:\Windows\System\CfDXxoS.exe
  2⤵
  PID:2364
- C:\Windows\System\SEwDKZd.exe
  C:\Windows\System\SEwDKZd.exe
  2⤵
  PID:596
- C:\Windows\System\FoiFGGz.exe
  C:\Windows\System\FoiFGGz.exe
  2⤵
  PID:1728
- C:\Windows\System\cCYPECx.exe
  C:\Windows\System\cCYPECx.exe
  2⤵
  PID:1876
- C:\Windows\System\YZlCCnT.exe
  C:\Windows\System\YZlCCnT.exe
  2⤵
  PID:576
- C:\Windows\System\HgbYULo.exe
  C:\Windows\System\HgbYULo.exe
  2⤵
  PID:2444
- C:\Windows\System\jLLAYeg.exe
  C:\Windows\System\jLLAYeg.exe
  2⤵
  PID:548
- C:\Windows\System\ZxHfRxJ.exe
  C:\Windows\System\ZxHfRxJ.exe
  2⤵
  PID:2024
- C:\Windows\System\NlvohPU.exe
  C:\Windows\System\NlvohPU.exe
  2⤵
  PID:2508
- C:\Windows\System\HpSDSpT.exe
  C:\Windows\System\HpSDSpT.exe
  2⤵
  PID:1592
- C:\Windows\System\lnNbSNE.exe
  C:\Windows\System\lnNbSNE.exe
  2⤵
  PID:2816
- C:\Windows\System\kuxiEBg.exe
  C:\Windows\System\kuxiEBg.exe
  2⤵
  PID:3008
- C:\Windows\System\kpxBrGn.exe
  C:\Windows\System\kpxBrGn.exe
  2⤵
  PID:2728
- C:\Windows\System\oeDaefj.exe
  C:\Windows\System\oeDaefj.exe
  2⤵
  PID:2112
- C:\Windows\System\NpsYbHG.exe
  C:\Windows\System\NpsYbHG.exe
  2⤵
  PID:2656
- C:\Windows\System\eyocsDv.exe
  C:\Windows\System\eyocsDv.exe
  2⤵
  PID:2796
- C:\Windows\System\emMbsnY.exe
  C:\Windows\System\emMbsnY.exe
  2⤵
  PID:2668
- C:\Windows\System\qTpvSkC.exe
  C:\Windows\System\qTpvSkC.exe
  2⤵
  PID:2640
- C:\Windows\System\XXvhqia.exe
  C:\Windows\System\XXvhqia.exe
  2⤵
  PID:1576
- C:\Windows\System\CbryAEM.exe
  C:\Windows\System\CbryAEM.exe
  2⤵
  PID:1264
- C:\Windows\System\vOeCUTo.exe
  C:\Windows\System\vOeCUTo.exe
  2⤵
  PID:2488
- C:\Windows\System\zGDjHdH.exe
  C:\Windows\System\zGDjHdH.exe
  2⤵
  PID:468
- C:\Windows\System\QIYDkZb.exe
  C:\Windows\System\QIYDkZb.exe
  2⤵
  PID:2124
- C:\Windows\System\XUrZycT.exe
  C:\Windows\System\XUrZycT.exe
  2⤵
  PID:1776
- C:\Windows\System\FVwaKny.exe
  C:\Windows\System\FVwaKny.exe
  2⤵
  PID:2088
- C:\Windows\System\IZUgkKl.exe
  C:\Windows\System\IZUgkKl.exe
  2⤵
  PID:348
- C:\Windows\System\kUaSTjT.exe
  C:\Windows\System\kUaSTjT.exe
  2⤵
  PID:1048
- C:\Windows\System\GGqgqam.exe
  C:\Windows\System\GGqgqam.exe
  2⤵
  PID:1292
- C:\Windows\System\WhSfdfv.exe
  C:\Windows\System\WhSfdfv.exe
  2⤵
  PID:1680
- C:\Windows\System\pUwpEfM.exe
  C:\Windows\System\pUwpEfM.exe
  2⤵
  PID:1668
- C:\Windows\System\FrnDGPk.exe
  C:\Windows\System\FrnDGPk.exe
  2⤵
  PID:1080
- C:\Windows\System\kNttsCz.exe
  C:\Windows\System\kNttsCz.exe
  2⤵
  PID:2192
- C:\Windows\System\fCxiaDV.exe
  C:\Windows\System\fCxiaDV.exe
  2⤵
  PID:556
- C:\Windows\System\VZXodBg.exe
  C:\Windows\System\VZXodBg.exe
  2⤵
  PID:284
- C:\Windows\System\CfRHhRC.exe
  C:\Windows\System\CfRHhRC.exe
  2⤵
  PID:868
- C:\Windows\System\PGwlyXF.exe
  C:\Windows\System\PGwlyXF.exe
  2⤵
  PID:2504
- C:\Windows\System\CNCpXyY.exe
  C:\Windows\System\CNCpXyY.exe
  2⤵
  PID:2720
- C:\Windows\System\XgWiYci.exe
  C:\Windows\System\XgWiYci.exe
  2⤵
  PID:1992
- C:\Windows\System\PqxfnzK.exe
  C:\Windows\System\PqxfnzK.exe
  2⤵
  PID:2784
- C:\Windows\System\VAZWMdv.exe
  C:\Windows\System\VAZWMdv.exe
  2⤵
  PID:2616
- C:\Windows\System\LUZSGAy.exe
  C:\Windows\System\LUZSGAy.exe
  2⤵
  PID:2576
- C:\Windows\System\nFGowGm.exe
  C:\Windows\System\nFGowGm.exe
  2⤵
  PID:1844
- C:\Windows\System\QiJpmgw.exe
  C:\Windows\System\QiJpmgw.exe
  2⤵
  PID:484
- C:\Windows\System\XNyLtac.exe
  C:\Windows\System\XNyLtac.exe
  2⤵
  PID:2676
- C:\Windows\System\cInMddz.exe
  C:\Windows\System\cInMddz.exe
  2⤵
  PID:2936
- C:\Windows\System\utWihIl.exe
  C:\Windows\System\utWihIl.exe
  2⤵
  PID:2428
- C:\Windows\System\DWkrVhV.exe
  C:\Windows\System\DWkrVhV.exe
  2⤵
  PID:2556
- C:\Windows\System\rglWDOR.exe
  C:\Windows\System\rglWDOR.exe
  2⤵
  PID:1584
- C:\Windows\System\BnytDoZ.exe
  C:\Windows\System\BnytDoZ.exe
  2⤵
  PID:2332
- C:\Windows\System\FFBgoPF.exe
  C:\Windows\System\FFBgoPF.exe
  2⤵
  PID:1260
- C:\Windows\System\MUybpCz.exe
  C:\Windows\System\MUybpCz.exe
  2⤵
  PID:2132
- C:\Windows\System\unePDRh.exe
  C:\Windows\System\unePDRh.exe
  2⤵
  PID:1652
- C:\Windows\System\VjRIAAS.exe
  C:\Windows\System\VjRIAAS.exe
  2⤵
  PID:1828
- C:\Windows\System\SgVqrkN.exe
  C:\Windows\System\SgVqrkN.exe
  2⤵
  PID:872
- C:\Windows\System\Rshbvfi.exe
  C:\Windows\System\Rshbvfi.exe
  2⤵
  PID:2872
- C:\Windows\System\iirAbSF.exe
  C:\Windows\System\iirAbSF.exe
  2⤵
  PID:2116
- C:\Windows\System\qlNtdEy.exe
  C:\Windows\System\qlNtdEy.exe
  2⤵
  PID:2756
- C:\Windows\System\HwUOFsI.exe
  C:\Windows\System\HwUOFsI.exe
  2⤵
  PID:1820
- C:\Windows\System\eCAcuQY.exe
  C:\Windows\System\eCAcuQY.exe
  2⤵
  PID:1156
- C:\Windows\System\VFMdrbB.exe
  C:\Windows\System\VFMdrbB.exe
  2⤵
  PID:3020
- C:\Windows\System\ExmqGej.exe
  C:\Windows\System\ExmqGej.exe
  2⤵
  PID:2552
- C:\Windows\System\knnosiN.exe
  C:\Windows\System\knnosiN.exe
  2⤵
  PID:1804
- C:\Windows\System\BuKLGCZ.exe
  C:\Windows\System\BuKLGCZ.exe
  2⤵
  PID:1604
- C:\Windows\System\YUkxaBF.exe
  C:\Windows\System\YUkxaBF.exe
  2⤵
  PID:2680
- C:\Windows\System\YDvfkaY.exe
  C:\Windows\System\YDvfkaY.exe
  2⤵
  PID:2924
- C:\Windows\System\feDLOLq.exe
  C:\Windows\System\feDLOLq.exe
  2⤵
  PID:2628
- C:\Windows\System\GhifGha.exe
  C:\Windows\System\GhifGha.exe
  2⤵
  PID:832
- C:\Windows\System\xDvHccF.exe
  C:\Windows\System\xDvHccF.exe
  2⤵
  PID:1772
- C:\Windows\System\cxZOcZn.exe
  C:\Windows\System\cxZOcZn.exe
  2⤵
  PID:2732
- C:\Windows\System\EUxImlA.exe
  C:\Windows\System\EUxImlA.exe
  2⤵
  PID:3080
- C:\Windows\System\AyLXWhZ.exe
  C:\Windows\System\AyLXWhZ.exe
  2⤵
  PID:3100
- C:\Windows\System\PhzKceJ.exe
  C:\Windows\System\PhzKceJ.exe
  2⤵
  PID:3120
- C:\Windows\System\jeTHgLM.exe
  C:\Windows\System\jeTHgLM.exe
  2⤵
  PID:3140
- C:\Windows\System\NxDqYBr.exe
  C:\Windows\System\NxDqYBr.exe
  2⤵
  PID:3160
- C:\Windows\System\QjdbQrp.exe
  C:\Windows\System\QjdbQrp.exe
  2⤵
  PID:3176
- C:\Windows\System\LSKBLYY.exe
  C:\Windows\System\LSKBLYY.exe
  2⤵
  PID:3196
- C:\Windows\System\ksGzNbH.exe
  C:\Windows\System\ksGzNbH.exe
  2⤵
  PID:3216
- C:\Windows\System\sRUJUsn.exe
  C:\Windows\System\sRUJUsn.exe
  2⤵
  PID:3240
- C:\Windows\System\JaGeXzn.exe
  C:\Windows\System\JaGeXzn.exe
  2⤵
  PID:3256
- C:\Windows\System\hcgFsWx.exe
  C:\Windows\System\hcgFsWx.exe
  2⤵
  PID:3276
- C:\Windows\System\CWteFMk.exe
  C:\Windows\System\CWteFMk.exe
  2⤵
  PID:3296
- C:\Windows\System\ktlxLMU.exe
  C:\Windows\System\ktlxLMU.exe
  2⤵
  PID:3320
- C:\Windows\System\FNAPINK.exe
  C:\Windows\System\FNAPINK.exe
  2⤵
  PID:3340
- C:\Windows\System\YPOTljY.exe
  C:\Windows\System\YPOTljY.exe
  2⤵
  PID:3360
- C:\Windows\System\wnWWPRB.exe
  C:\Windows\System\wnWWPRB.exe
  2⤵
  PID:3380
- C:\Windows\System\jixyqRD.exe
  C:\Windows\System\jixyqRD.exe
  2⤵
  PID:3400
- C:\Windows\System\htjmKkD.exe
  C:\Windows\System\htjmKkD.exe
  2⤵
  PID:3420
- C:\Windows\System\PatYbyN.exe
  C:\Windows\System\PatYbyN.exe
  2⤵
  PID:3440
- C:\Windows\System\ZjJZAhI.exe
  C:\Windows\System\ZjJZAhI.exe
  2⤵
  PID:3460
- C:\Windows\System\XNAQKTm.exe
  C:\Windows\System\XNAQKTm.exe
  2⤵
  PID:3480
- C:\Windows\System\HPRYhYL.exe
  C:\Windows\System\HPRYhYL.exe
  2⤵
  PID:3500
- C:\Windows\System\fZbimQr.exe
  C:\Windows\System\fZbimQr.exe
  2⤵
  PID:3520
- C:\Windows\System\pqxWOwB.exe
  C:\Windows\System\pqxWOwB.exe
  2⤵
  PID:3540
- C:\Windows\System\YXfNCCr.exe
  C:\Windows\System\YXfNCCr.exe
  2⤵
  PID:3560
- C:\Windows\System\eVuUpuj.exe
  C:\Windows\System\eVuUpuj.exe
  2⤵
  PID:3580
- C:\Windows\System\HHnDQLn.exe
  C:\Windows\System\HHnDQLn.exe
  2⤵
  PID:3600
- C:\Windows\System\SHxJHrw.exe
  C:\Windows\System\SHxJHrw.exe
  2⤵
  PID:3616
- C:\Windows\System\fNxVGxt.exe
  C:\Windows\System\fNxVGxt.exe
  2⤵
  PID:3640
- C:\Windows\System\vAMCaac.exe
  C:\Windows\System\vAMCaac.exe
  2⤵
  PID:3660
- C:\Windows\System\juoajev.exe
  C:\Windows\System\juoajev.exe
  2⤵
  PID:3684
- C:\Windows\System\udQyiWH.exe
  C:\Windows\System\udQyiWH.exe
  2⤵
  PID:3704
- C:\Windows\System\taZBlqs.exe
  C:\Windows\System\taZBlqs.exe
  2⤵
  PID:3724
- C:\Windows\System\qChsOEb.exe
  C:\Windows\System\qChsOEb.exe
  2⤵
  PID:3740
- C:\Windows\System\BiqMxKE.exe
  C:\Windows\System\BiqMxKE.exe
  2⤵
  PID:3760
- C:\Windows\System\YteaMgc.exe
  C:\Windows\System\YteaMgc.exe
  2⤵
  PID:3784
- C:\Windows\System\hJUPyCB.exe
  C:\Windows\System\hJUPyCB.exe
  2⤵
  PID:3804
- C:\Windows\System\dgBMrhW.exe
  C:\Windows\System\dgBMrhW.exe
  2⤵
  PID:3820
- C:\Windows\System\HSVRaEA.exe
  C:\Windows\System\HSVRaEA.exe
  2⤵
  PID:3840
- C:\Windows\System\CVlqqZU.exe
  C:\Windows\System\CVlqqZU.exe
  2⤵
  PID:3860
- C:\Windows\System\OJNWsqh.exe
  C:\Windows\System\OJNWsqh.exe
  2⤵
  PID:3880
- C:\Windows\System\abHRoBk.exe
  C:\Windows\System\abHRoBk.exe
  2⤵
  PID:3900
- C:\Windows\System\irnAUXy.exe
  C:\Windows\System\irnAUXy.exe
  2⤵
  PID:3920
- C:\Windows\System\edWmuLq.exe
  C:\Windows\System\edWmuLq.exe
  2⤵
  PID:3944
- C:\Windows\System\oNcYHiH.exe
  C:\Windows\System\oNcYHiH.exe
  2⤵
  PID:3964
- C:\Windows\System\maRhnPG.exe
  C:\Windows\System\maRhnPG.exe
  2⤵
  PID:3980
- C:\Windows\System\XvWVldr.exe
  C:\Windows\System\XvWVldr.exe
  2⤵
  PID:4004
- C:\Windows\System\BxwUVXW.exe
  C:\Windows\System\BxwUVXW.exe
  2⤵
  PID:4020
- C:\Windows\System\cjUgggz.exe
  C:\Windows\System\cjUgggz.exe
  2⤵
  PID:4044
- C:\Windows\System\zzbDTcm.exe
  C:\Windows\System\zzbDTcm.exe
  2⤵
  PID:4060
- C:\Windows\System\DWBymzT.exe
  C:\Windows\System\DWBymzT.exe
  2⤵
  PID:4080
- C:\Windows\System\xHkIzbG.exe
  C:\Windows\System\xHkIzbG.exe
  2⤵
  PID:2100
- C:\Windows\System\VfqCclv.exe
  C:\Windows\System\VfqCclv.exe
  2⤵
  PID:2352
- C:\Windows\System\vYTCUgO.exe
  C:\Windows\System\vYTCUgO.exe
  2⤵
  PID:1124
- C:\Windows\System\PeQJVYW.exe
  C:\Windows\System\PeQJVYW.exe
  2⤵
  PID:2372
- C:\Windows\System\QlNAaTC.exe
  C:\Windows\System\QlNAaTC.exe
  2⤵
  PID:3148
- C:\Windows\System\PCIKHys.exe
  C:\Windows\System\PCIKHys.exe
  2⤵
  PID:3184
- C:\Windows\System\lzbAJaS.exe
  C:\Windows\System\lzbAJaS.exe
  2⤵
  PID:3132
- C:\Windows\System\eipwffU.exe
  C:\Windows\System\eipwffU.exe
  2⤵
  PID:3236
- C:\Windows\System\IaLgHqM.exe
  C:\Windows\System\IaLgHqM.exe
  2⤵
  PID:3212
- C:\Windows\System\VgBnpmn.exe
  C:\Windows\System\VgBnpmn.exe
  2⤵
  PID:3252
- C:\Windows\System\zmILAQQ.exe
  C:\Windows\System\zmILAQQ.exe
  2⤵
  PID:3284
- C:\Windows\System\QgccdLx.exe
  C:\Windows\System\QgccdLx.exe
  2⤵
  PID:3356
- C:\Windows\System\IROYgOq.exe
  C:\Windows\System\IROYgOq.exe
  2⤵
  PID:3332
- C:\Windows\System\HNtGaqM.exe
  C:\Windows\System\HNtGaqM.exe
  2⤵
  PID:3408
- C:\Windows\System\TtuuztK.exe
  C:\Windows\System\TtuuztK.exe
  2⤵
  PID:3436
- C:\Windows\System\ExNKYaH.exe
  C:\Windows\System\ExNKYaH.exe
  2⤵
  PID:3472
- C:\Windows\System\SbqDWPV.exe
  C:\Windows\System\SbqDWPV.exe
  2⤵
  PID:3516
- C:\Windows\System\OpqZVxk.exe
  C:\Windows\System\OpqZVxk.exe
  2⤵
  PID:3556
- C:\Windows\System\GLRlUEA.exe
  C:\Windows\System\GLRlUEA.exe
  2⤵
  PID:3532
- C:\Windows\System\fARRSdE.exe
  C:\Windows\System\fARRSdE.exe
  2⤵
  PID:3636
- C:\Windows\System\wohMpOu.exe
  C:\Windows\System\wohMpOu.exe
  2⤵
  PID:3648
- C:\Windows\System\QSFBIvS.exe
  C:\Windows\System\QSFBIvS.exe
  2⤵
  PID:3656
- C:\Windows\System\qaXUeMN.exe
  C:\Windows\System\qaXUeMN.exe
  2⤵
  PID:3692
- C:\Windows\System\xsAwWcg.exe
  C:\Windows\System\xsAwWcg.exe
  2⤵
  PID:3752
- C:\Windows\System\YhZdShJ.exe
  C:\Windows\System\YhZdShJ.exe
  2⤵
  PID:3768
- C:\Windows\System\oTrbEVG.exe
  C:\Windows\System\oTrbEVG.exe
  2⤵
  PID:3836
- C:\Windows\System\LcVOXEp.exe
  C:\Windows\System\LcVOXEp.exe
  2⤵
  PID:3812
- C:\Windows\System\LHXdeoI.exe
  C:\Windows\System\LHXdeoI.exe
  2⤵
  PID:3912
- C:\Windows\System\BcPPEOA.exe
  C:\Windows\System\BcPPEOA.exe
  2⤵
  PID:3856
- C:\Windows\System\vnczqZO.exe
  C:\Windows\System\vnczqZO.exe
  2⤵
  PID:3932
- C:\Windows\System\nBVoDsw.exe
  C:\Windows\System\nBVoDsw.exe
  2⤵
  PID:3992
- C:\Windows\System\SVDNlGh.exe
  C:\Windows\System\SVDNlGh.exe
  2⤵
  PID:4032
- C:\Windows\System\ThinldD.exe
  C:\Windows\System\ThinldD.exe
  2⤵
  PID:4076
- C:\Windows\System\jnvcRcr.exe
  C:\Windows\System\jnvcRcr.exe
  2⤵
  PID:1212
- C:\Windows\System\ZIwZtTK.exe
  C:\Windows\System\ZIwZtTK.exe
  2⤵
  PID:1712
- C:\Windows\System\hnvMLjI.exe
  C:\Windows\System\hnvMLjI.exe
  2⤵
  PID:4092
- C:\Windows\System\WQcHgQF.exe
  C:\Windows\System\WQcHgQF.exe
  2⤵
  PID:3116
- C:\Windows\System\DbHHKfB.exe
  C:\Windows\System\DbHHKfB.exe
  2⤵
  PID:3096
- C:\Windows\System\imJdrfL.exe
  C:\Windows\System\imJdrfL.exe
  2⤵
  PID:3128
- C:\Windows\System\JpBPeHR.exe
  C:\Windows\System\JpBPeHR.exe
  2⤵
  PID:3268
- C:\Windows\System\rUIkYVs.exe
  C:\Windows\System\rUIkYVs.exe
  2⤵
  PID:3348
- C:\Windows\System\CUqvHvL.exe
  C:\Windows\System\CUqvHvL.exe
  2⤵
  PID:3396
- C:\Windows\System\wewjMmJ.exe
  C:\Windows\System\wewjMmJ.exe
  2⤵
  PID:3336
- C:\Windows\System\IWSCvNS.exe
  C:\Windows\System\IWSCvNS.exe
  2⤵
  PID:3468
- C:\Windows\System\pezlCYY.exe
  C:\Windows\System\pezlCYY.exe
  2⤵
  PID:3508
- C:\Windows\System\bipHUGU.exe
  C:\Windows\System\bipHUGU.exe
  2⤵
  PID:3592
- C:\Windows\System\RiPdNbZ.exe
  C:\Windows\System\RiPdNbZ.exe
  2⤵
  PID:3572
- C:\Windows\System\YZDocyn.exe
  C:\Windows\System\YZDocyn.exe
  2⤵
  PID:3696
- C:\Windows\System\myieeQv.exe
  C:\Windows\System\myieeQv.exe
  2⤵
  PID:3748
- C:\Windows\System\otxyvTE.exe
  C:\Windows\System\otxyvTE.exe
  2⤵
  PID:3772
- C:\Windows\System\JHqluuT.exe
  C:\Windows\System\JHqluuT.exe
  2⤵
  PID:3868
- C:\Windows\System\YqrLGjY.exe
  C:\Windows\System\YqrLGjY.exe
  2⤵
  PID:3940
- C:\Windows\System\fbEhxoM.exe
  C:\Windows\System\fbEhxoM.exe
  2⤵
  PID:1640
- C:\Windows\System\CekcFbk.exe
  C:\Windows\System\CekcFbk.exe
  2⤵
  PID:3928
- C:\Windows\System\xzJPfTA.exe
  C:\Windows\System\xzJPfTA.exe
  2⤵
  PID:988
- C:\Windows\System\JvqsLzh.exe
  C:\Windows\System\JvqsLzh.exe
  2⤵
  PID:3976
- C:\Windows\System\YlyDcjK.exe
  C:\Windows\System\YlyDcjK.exe
  2⤵
  PID:4052
- C:\Windows\System\YAKneSq.exe
  C:\Windows\System\YAKneSq.exe
  2⤵
  PID:272
- C:\Windows\System\zNVibPU.exe
  C:\Windows\System\zNVibPU.exe
  2⤵
  PID:3092
- C:\Windows\System\QKszSym.exe
  C:\Windows\System\QKszSym.exe
  2⤵
  PID:3136
- C:\Windows\System\qbPvWZk.exe
  C:\Windows\System\qbPvWZk.exe
  2⤵
  PID:2396
- C:\Windows\System\RbHAzYH.exe
  C:\Windows\System\RbHAzYH.exe
  2⤵
  PID:3292
- C:\Windows\System\qowUqbP.exe
  C:\Windows\System\qowUqbP.exe
  2⤵
  PID:3448
- C:\Windows\System\YvEOkEt.exe
  C:\Windows\System\YvEOkEt.exe
  2⤵
  PID:3624
- C:\Windows\System\VRifIrT.exe
  C:\Windows\System\VRifIrT.exe
  2⤵
  PID:3668
- C:\Windows\System\RZqqesi.exe
  C:\Windows\System\RZqqesi.exe
  2⤵
  PID:2920
- C:\Windows\System\nTbdqHi.exe
  C:\Windows\System\nTbdqHi.exe
  2⤵
  PID:3780
- C:\Windows\System\qeXdEls.exe
  C:\Windows\System\qeXdEls.exe
  2⤵
  PID:3896
- C:\Windows\System\EdVILbv.exe
  C:\Windows\System\EdVILbv.exe
  2⤵
  PID:3716
- C:\Windows\System\ZKSZXxV.exe
  C:\Windows\System\ZKSZXxV.exe
  2⤵
  PID:2156
- C:\Windows\System\AQTdLvQ.exe
  C:\Windows\System\AQTdLvQ.exe
  2⤵
  PID:1792
- C:\Windows\System\MRWplRe.exe
  C:\Windows\System\MRWplRe.exe
  2⤵
  PID:3852
- C:\Windows\System\OdtJCyw.exe
  C:\Windows\System\OdtJCyw.exe
  2⤵
  PID:2648
- C:\Windows\System\JFlfQfV.exe
  C:\Windows\System\JFlfQfV.exe
  2⤵
  PID:2400
- C:\Windows\System\vhxxDKJ.exe
  C:\Windows\System\vhxxDKJ.exe
  2⤵
  PID:3272
- C:\Windows\System\AbglBQS.exe
  C:\Windows\System\AbglBQS.exe
  2⤵
  PID:3088
- C:\Windows\System\DWLQdWf.exe
  C:\Windows\System\DWLQdWf.exe
  2⤵
  PID:3316
- C:\Windows\System\bThnDGO.exe
  C:\Windows\System\bThnDGO.exe
  2⤵
  PID:3512
- C:\Windows\System\sybtQul.exe
  C:\Windows\System\sybtQul.exe
  2⤵
  PID:2164
- C:\Windows\System\pHOhaps.exe
  C:\Windows\System\pHOhaps.exe
  2⤵
  PID:3908
- C:\Windows\System\MTvrwcW.exe
  C:\Windows\System\MTvrwcW.exe
  2⤵
  PID:3720
- C:\Windows\System\oogUefi.exe
  C:\Windows\System\oogUefi.exe
  2⤵
  PID:2340
- C:\Windows\System\kUaRJQG.exe
  C:\Windows\System\kUaRJQG.exe
  2⤵
  PID:4056
- C:\Windows\System\iyKewLs.exe
  C:\Windows\System\iyKewLs.exe
  2⤵
  PID:876
- C:\Windows\System\oUYiaxj.exe
  C:\Windows\System\oUYiaxj.exe
  2⤵
  PID:1076
- C:\Windows\System\UHnkGqg.exe
  C:\Windows\System\UHnkGqg.exe
  2⤵
  PID:2276
- C:\Windows\System\YSaLJDf.exe
  C:\Windows\System\YSaLJDf.exe
  2⤵
  PID:3376
- C:\Windows\System\zkOdmur.exe
  C:\Windows\System\zkOdmur.exe
  2⤵
  PID:3416
- C:\Windows\System\LnMAqEW.exe
  C:\Windows\System\LnMAqEW.exe
  2⤵
  PID:1488
- C:\Windows\System\VToVBoJ.exe
  C:\Windows\System\VToVBoJ.exe
  2⤵
  PID:2964
- C:\Windows\System\MMzQvte.exe
  C:\Windows\System\MMzQvte.exe
  2⤵
  PID:3672
- C:\Windows\System\oJOnzet.exe
  C:\Windows\System\oJOnzet.exe
  2⤵
  PID:4016
- C:\Windows\System\hHsfXtK.exe
  C:\Windows\System\hHsfXtK.exe
  2⤵
  PID:4088
- C:\Windows\System\DGvWEkD.exe
  C:\Windows\System\DGvWEkD.exe
  2⤵
  PID:3536
- C:\Windows\System\HoNbTBJ.exe
  C:\Windows\System\HoNbTBJ.exe
  2⤵
  PID:3492
- C:\Windows\System\JBKVVKr.exe
  C:\Windows\System\JBKVVKr.exe
  2⤵
  PID:3800
- C:\Windows\System\LyMqCdf.exe
  C:\Windows\System\LyMqCdf.exe
  2⤵
  PID:1208
- C:\Windows\System\mhIcDnR.exe
  C:\Windows\System\mhIcDnR.exe
  2⤵
  PID:2768
- C:\Windows\System\ryBfLuk.exe
  C:\Windows\System\ryBfLuk.exe
  2⤵
  PID:3988
- C:\Windows\System\FlJSbTm.exe
  C:\Windows\System\FlJSbTm.exe
  2⤵
  PID:3996
- C:\Windows\System\EDQuYIc.exe
  C:\Windows\System\EDQuYIc.exe
  2⤵
  PID:624
- C:\Windows\System\WErnTMy.exe
  C:\Windows\System\WErnTMy.exe
  2⤵
  PID:2092
- C:\Windows\System\vKdGRZf.exe
  C:\Windows\System\vKdGRZf.exe
  2⤵
  PID:3872
- C:\Windows\System\aRxmZWu.exe
  C:\Windows\System\aRxmZWu.exe
  2⤵
  PID:4100
- C:\Windows\System\RAabQwU.exe
  C:\Windows\System\RAabQwU.exe
  2⤵
  PID:4116
- C:\Windows\System\nexBcqd.exe
  C:\Windows\System\nexBcqd.exe
  2⤵
  PID:4136
- C:\Windows\System\chQLwGd.exe
  C:\Windows\System\chQLwGd.exe
  2⤵
  PID:4152
- C:\Windows\System\DCMHnHV.exe
  C:\Windows\System\DCMHnHV.exe
  2⤵
  PID:4176
- C:\Windows\System\QsayYed.exe
  C:\Windows\System\QsayYed.exe
  2⤵
  PID:4196
- C:\Windows\System\EKVmEiH.exe
  C:\Windows\System\EKVmEiH.exe
  2⤵
  PID:4212
- C:\Windows\System\PpgKoCw.exe
  C:\Windows\System\PpgKoCw.exe
  2⤵
  PID:4228
- C:\Windows\System\PJyWlky.exe
  C:\Windows\System\PJyWlky.exe
  2⤵
  PID:4244
- C:\Windows\System\mRBqQuH.exe
  C:\Windows\System\mRBqQuH.exe
  2⤵
  PID:4264
- C:\Windows\System\JbcZgJY.exe
  C:\Windows\System\JbcZgJY.exe
  2⤵
  PID:4284
- C:\Windows\System\JvfkKVS.exe
  C:\Windows\System\JvfkKVS.exe
  2⤵
  PID:4300
- C:\Windows\System\rhohGkZ.exe
  C:\Windows\System\rhohGkZ.exe
  2⤵
  PID:4316
- C:\Windows\System\RjDbdCz.exe
  C:\Windows\System\RjDbdCz.exe
  2⤵
  PID:4332
- C:\Windows\System\msJwooV.exe
  C:\Windows\System\msJwooV.exe
  2⤵
  PID:4380
- C:\Windows\System\XyxmOSA.exe
  C:\Windows\System\XyxmOSA.exe
  2⤵
  PID:4408
- C:\Windows\System\HgOyAJD.exe
  C:\Windows\System\HgOyAJD.exe
  2⤵
  PID:4424
- C:\Windows\System\sVkkygA.exe
  C:\Windows\System\sVkkygA.exe
  2⤵
  PID:4440
- C:\Windows\System\TyOzdfN.exe
  C:\Windows\System\TyOzdfN.exe
  2⤵
  PID:4480
- C:\Windows\System\sytAESE.exe
  C:\Windows\System\sytAESE.exe
  2⤵
  PID:4496
- C:\Windows\System\MMVVLYd.exe
  C:\Windows\System\MMVVLYd.exe
  2⤵
  PID:4512
- C:\Windows\System\GOWTaXt.exe
  C:\Windows\System\GOWTaXt.exe
  2⤵
  PID:4528
- C:\Windows\System\XAyRgWK.exe
  C:\Windows\System\XAyRgWK.exe
  2⤵
  PID:4552
- C:\Windows\System\fRrtkfZ.exe
  C:\Windows\System\fRrtkfZ.exe
  2⤵
  PID:4588
- C:\Windows\System\tJLlvjx.exe
  C:\Windows\System\tJLlvjx.exe
  2⤵
  PID:4604
- C:\Windows\System\UJGWFsh.exe
  C:\Windows\System\UJGWFsh.exe
  2⤵
  PID:4620
- C:\Windows\System\yWFCbzC.exe
  C:\Windows\System\yWFCbzC.exe
  2⤵
  PID:4636
- C:\Windows\System\iwgDDyF.exe
  C:\Windows\System\iwgDDyF.exe
  2⤵
  PID:4652
- C:\Windows\System\aVkiRcK.exe
  C:\Windows\System\aVkiRcK.exe
  2⤵
  PID:4672
- C:\Windows\System\TXlGmyP.exe
  C:\Windows\System\TXlGmyP.exe
  2⤵
  PID:4692
- C:\Windows\System\EDoOhDZ.exe
  C:\Windows\System\EDoOhDZ.exe
  2⤵
  PID:4708
- C:\Windows\System\AsZWRdj.exe
  C:\Windows\System\AsZWRdj.exe
  2⤵
  PID:4728
- C:\Windows\System\xpDRZRH.exe
  C:\Windows\System\xpDRZRH.exe
  2⤵
  PID:4760
- C:\Windows\System\NCSeXIU.exe
  C:\Windows\System\NCSeXIU.exe
  2⤵
  PID:4784
- C:\Windows\System\jZUjOED.exe
  C:\Windows\System\jZUjOED.exe
  2⤵
  PID:4804
- C:\Windows\System\DUclICs.exe
  C:\Windows\System\DUclICs.exe
  2⤵
  PID:4824
- C:\Windows\System\KGWOYyz.exe
  C:\Windows\System\KGWOYyz.exe
  2⤵
  PID:4840
- C:\Windows\System\ORxaodX.exe
  C:\Windows\System\ORxaodX.exe
  2⤵
  PID:4856
- C:\Windows\System\mLupGCO.exe
  C:\Windows\System\mLupGCO.exe
  2⤵
  PID:4884
- C:\Windows\System\qSkYcgg.exe
  C:\Windows\System\qSkYcgg.exe
  2⤵
  PID:4904
- C:\Windows\System\elhuBLc.exe
  C:\Windows\System\elhuBLc.exe
  2⤵
  PID:4932
- C:\Windows\System\SzXfKjU.exe
  C:\Windows\System\SzXfKjU.exe
  2⤵
  PID:4952
- C:\Windows\System\HyIIHhU.exe
  C:\Windows\System\HyIIHhU.exe
  2⤵
  PID:4968
- C:\Windows\System\yXYTkar.exe
  C:\Windows\System\yXYTkar.exe
  2⤵
  PID:4988
- C:\Windows\System\tPKeeOG.exe
  C:\Windows\System\tPKeeOG.exe
  2⤵
  PID:5004
- C:\Windows\System\XavXGTP.exe
  C:\Windows\System\XavXGTP.exe
  2⤵
  PID:5020
- C:\Windows\System\beKlSkR.exe
  C:\Windows\System\beKlSkR.exe
  2⤵
  PID:5040
- C:\Windows\System\lYftEuJ.exe
  C:\Windows\System\lYftEuJ.exe
  2⤵
  PID:5056
- C:\Windows\System\OqHAzGM.exe
  C:\Windows\System\OqHAzGM.exe
  2⤵
  PID:5072
- C:\Windows\System\oEOXWcw.exe
  C:\Windows\System\oEOXWcw.exe
  2⤵
  PID:5088
- C:\Windows\System\wXsvNEp.exe
  C:\Windows\System\wXsvNEp.exe
  2⤵
  PID:5104
- C:\Windows\System\llasCGK.exe
  C:\Windows\System\llasCGK.exe
  2⤵
  PID:1860
- C:\Windows\System\SqERodT.exe
  C:\Windows\System\SqERodT.exe
  2⤵
  PID:4108
- C:\Windows\System\FvehPRy.exe
  C:\Windows\System\FvehPRy.exe
  2⤵
  PID:4224
- C:\Windows\System\ZlPTDWr.exe
  C:\Windows\System\ZlPTDWr.exe
  2⤵
  PID:4240
- C:\Windows\System\JnwOcwP.exe
  C:\Windows\System\JnwOcwP.exe
  2⤵
  PID:4308
- C:\Windows\System\AVaCHtB.exe
  C:\Windows\System\AVaCHtB.exe
  2⤵
  PID:4344
- C:\Windows\System\sWapfHb.exe
  C:\Windows\System\sWapfHb.exe
  2⤵
  PID:4260
- C:\Windows\System\KeUQYvL.exe
  C:\Windows\System\KeUQYvL.exe
  2⤵
  PID:4376
- C:\Windows\System\xtOIuzk.exe
  C:\Windows\System\xtOIuzk.exe
  2⤵
  PID:4220
- C:\Windows\System\yResnEo.exe
  C:\Windows\System\yResnEo.exe
  2⤵
  PID:4452
- C:\Windows\System\VrBMCfh.exe
  C:\Windows\System\VrBMCfh.exe
  2⤵
  PID:4404
- C:\Windows\System\wBHSOcB.exe
  C:\Windows\System\wBHSOcB.exe
  2⤵
  PID:4460
- C:\Windows\System\uFpoicc.exe
  C:\Windows\System\uFpoicc.exe
  2⤵
  PID:4476
- C:\Windows\System\UaJWOUC.exe
  C:\Windows\System\UaJWOUC.exe
  2⤵
  PID:4548
- C:\Windows\System\FPWzYVZ.exe
  C:\Windows\System\FPWzYVZ.exe
  2⤵
  PID:4560
- C:\Windows\System\hwXPQGQ.exe
  C:\Windows\System\hwXPQGQ.exe
  2⤵
  PID:4564
- C:\Windows\System\oiFsucM.exe
  C:\Windows\System\oiFsucM.exe
  2⤵
  PID:4660
- C:\Windows\System\YYYcmlJ.exe
  C:\Windows\System\YYYcmlJ.exe
  2⤵
  PID:4612
- C:\Windows\System\brGdojg.exe
  C:\Windows\System\brGdojg.exe
  2⤵
  PID:4740
- C:\Windows\System\lwSgOlt.exe
  C:\Windows\System\lwSgOlt.exe
  2⤵
  PID:4684
- C:\Windows\System\KDHvSLL.exe
  C:\Windows\System\KDHvSLL.exe
  2⤵
  PID:4832
- C:\Windows\System\NzIivOW.exe
  C:\Windows\System\NzIivOW.exe
  2⤵
  PID:4716
- C:\Windows\System\ccymyZX.exe
  C:\Windows\System\ccymyZX.exe
  2⤵
  PID:4816
- C:\Windows\System\ndGUcQJ.exe
  C:\Windows\System\ndGUcQJ.exe
  2⤵
  PID:4892
- C:\Windows\System\MYxlXIA.exe
  C:\Windows\System\MYxlXIA.exe
  2⤵
  PID:4928
- C:\Windows\System\wvYLaNz.exe
  C:\Windows\System\wvYLaNz.exe
  2⤵
  PID:5000
- C:\Windows\System\WfjzrMU.exe
  C:\Windows\System\WfjzrMU.exe
  2⤵
  PID:4944
- C:\Windows\System\BMduozN.exe
  C:\Windows\System\BMduozN.exe
  2⤵
  PID:5048
- C:\Windows\System\WUkghzi.exe
  C:\Windows\System\WUkghzi.exe
  2⤵
  PID:5064
- C:\Windows\System\KmyqCvL.exe
  C:\Windows\System\KmyqCvL.exe
  2⤵
  PID:5100
- C:\Windows\System\ikhZIbm.exe
  C:\Windows\System\ikhZIbm.exe
  2⤵
  PID:4160
- C:\Windows\System\CzFwrRZ.exe
  C:\Windows\System\CzFwrRZ.exe
  2⤵
  PID:5084
- C:\Windows\System\tnORboz.exe
  C:\Windows\System\tnORboz.exe
  2⤵
  PID:4208
- C:\Windows\System\RlsvnwN.exe
  C:\Windows\System\RlsvnwN.exe
  2⤵
  PID:4296
- C:\Windows\System\CaXmrXt.exe
  C:\Windows\System\CaXmrXt.exe
  2⤵
  PID:4388
- C:\Windows\System\vmymmoH.exe
  C:\Windows\System\vmymmoH.exe
  2⤵
  PID:4148
- C:\Windows\System\dFyeSMT.exe
  C:\Windows\System\dFyeSMT.exe
  2⤵
  PID:4596
- C:\Windows\System\NBrifmH.exe
  C:\Windows\System\NBrifmH.exe
  2⤵
  PID:4276
- C:\Windows\System\Ehdhlqc.exe
  C:\Windows\System\Ehdhlqc.exe
  2⤵
  PID:4420
- C:\Windows\System\hPabFsn.exe
  C:\Windows\System\hPabFsn.exe
  2⤵
  PID:4396
- C:\Windows\System\KpZLBzr.exe
  C:\Windows\System\KpZLBzr.exe
  2⤵
  PID:4628
- C:\Windows\System\sHNCDwB.exe
  C:\Windows\System\sHNCDwB.exe
  2⤵
  PID:4752
- C:\Windows\System\emSPShq.exe
  C:\Windows\System\emSPShq.exe
  2⤵
  PID:4864
- C:\Windows\System\SyrCVdj.exe
  C:\Windows\System\SyrCVdj.exe
  2⤵
  PID:4780
- C:\Windows\System\BDBzuIq.exe
  C:\Windows\System\BDBzuIq.exe
  2⤵
  PID:4996
- C:\Windows\System\Svxnmda.exe
  C:\Windows\System\Svxnmda.exe
  2⤵
  PID:4912
- C:\Windows\System\yvxQdnS.exe
  C:\Windows\System\yvxQdnS.exe
  2⤵
  PID:4920
- C:\Windows\System\WYhrESm.exe
  C:\Windows\System\WYhrESm.exe
  2⤵
  PID:4940
- C:\Windows\System\yFrDDGB.exe
  C:\Windows\System\yFrDDGB.exe
  2⤵
  PID:1152
- C:\Windows\System\eEbzIMp.exe
  C:\Windows\System\eEbzIMp.exe
  2⤵
  PID:5096
- C:\Windows\System\ENPjMoF.exe
  C:\Windows\System\ENPjMoF.exe
  2⤵
  PID:4508
- C:\Windows\System\hrreLEZ.exe
  C:\Windows\System\hrreLEZ.exe
  2⤵
  PID:4328
- C:\Windows\System\WiWvgEL.exe
  C:\Windows\System\WiWvgEL.exe
  2⤵
  PID:3428
- C:\Windows\System\GNYRKdC.exe
  C:\Windows\System\GNYRKdC.exe
  2⤵
  PID:4448
- C:\Windows\System\bFpPXej.exe
  C:\Windows\System\bFpPXej.exe
  2⤵
  PID:4576
- C:\Windows\System\kHzjHlX.exe
  C:\Windows\System\kHzjHlX.exe
  2⤵
  PID:4520
- C:\Windows\System\vvvnQlG.exe
  C:\Windows\System\vvvnQlG.exe
  2⤵
  PID:4648
- C:\Windows\System\XfNubaU.exe
  C:\Windows\System\XfNubaU.exe
  2⤵
  PID:4880
- C:\Windows\System\CmjOycp.exe
  C:\Windows\System\CmjOycp.exe
  2⤵
  PID:4916
- C:\Windows\System\KGZsLhI.exe
  C:\Windows\System\KGZsLhI.exe
  2⤵
  PID:3452
- C:\Windows\System\vOwjOvp.exe
  C:\Windows\System\vOwjOvp.exe
  2⤵
  PID:5016
- C:\Windows\System\DsWZyWI.exe
  C:\Windows\System\DsWZyWI.exe
  2⤵
  PID:4340
- C:\Windows\System\apWbNJe.exe
  C:\Windows\System\apWbNJe.exe
  2⤵
  PID:4800
- C:\Windows\System\VCSdtwl.exe
  C:\Windows\System\VCSdtwl.exe
  2⤵
  PID:4768
- C:\Windows\System\dvlNqqc.exe
  C:\Windows\System\dvlNqqc.exe
  2⤵
  PID:4964
- C:\Windows\System\uLFjMxN.exe
  C:\Windows\System\uLFjMxN.exe
  2⤵
  PID:4700
- C:\Windows\System\UMAFBbR.exe
  C:\Windows\System\UMAFBbR.exe
  2⤵
  PID:4980
- C:\Windows\System\YSYWMIO.exe
  C:\Windows\System\YSYWMIO.exe
  2⤵
  PID:5136
- C:\Windows\System\UQxCUXG.exe
  C:\Windows\System\UQxCUXG.exe
  2⤵
  PID:5152
- C:\Windows\System\yEiWjIx.exe
  C:\Windows\System\yEiWjIx.exe
  2⤵
  PID:5172
- C:\Windows\System\vZKofGY.exe
  C:\Windows\System\vZKofGY.exe
  2⤵
  PID:5192
- C:\Windows\System\viLlNEi.exe
  C:\Windows\System\viLlNEi.exe
  2⤵
  PID:5208
- C:\Windows\System\qdHLjkT.exe
  C:\Windows\System\qdHLjkT.exe
  2⤵
  PID:5260
- C:\Windows\System\lxpHyHv.exe
  C:\Windows\System\lxpHyHv.exe
  2⤵
  PID:5284
- C:\Windows\System\GIKDVoh.exe
  C:\Windows\System\GIKDVoh.exe
  2⤵
  PID:5300
- C:\Windows\System\WFFjWvD.exe
  C:\Windows\System\WFFjWvD.exe
  2⤵
  PID:5316
- C:\Windows\System\GUPtMAN.exe
  C:\Windows\System\GUPtMAN.exe
  2⤵
  PID:5332
- C:\Windows\System\ModxcZl.exe
  C:\Windows\System\ModxcZl.exe
  2⤵
  PID:5360
- C:\Windows\System\zOMifee.exe
  C:\Windows\System\zOMifee.exe
  2⤵
  PID:5380
- C:\Windows\System\lkwWEbv.exe
  C:\Windows\System\lkwWEbv.exe
  2⤵
  PID:5396
- C:\Windows\System\zHWnqxd.exe
  C:\Windows\System\zHWnqxd.exe
  2⤵
  PID:5420
- C:\Windows\System\vlaJlYV.exe
  C:\Windows\System\vlaJlYV.exe
  2⤵
  PID:5436
- C:\Windows\System\qzHDZzG.exe
  C:\Windows\System\qzHDZzG.exe
  2⤵
  PID:5452
- C:\Windows\System\hvEXWve.exe
  C:\Windows\System\hvEXWve.exe
  2⤵
  PID:5472
- C:\Windows\System\TQRckZz.exe
  C:\Windows\System\TQRckZz.exe
  2⤵
  PID:5492
- C:\Windows\System\jFsAHTq.exe
  C:\Windows\System\jFsAHTq.exe
  2⤵
  PID:5524
- C:\Windows\System\zKRKbyE.exe
  C:\Windows\System\zKRKbyE.exe
  2⤵
  PID:5540
- C:\Windows\System\bVGAUZW.exe
  C:\Windows\System\bVGAUZW.exe
  2⤵
  PID:5556
- C:\Windows\System\PCkFnBt.exe
  C:\Windows\System\PCkFnBt.exe
  2⤵
  PID:5576
- C:\Windows\System\eZKmVwd.exe
  C:\Windows\System\eZKmVwd.exe
  2⤵
  PID:5600
- C:\Windows\System\qNsdDsP.exe
  C:\Windows\System\qNsdDsP.exe
  2⤵
  PID:5620
- C:\Windows\System\gMzGSGH.exe
  C:\Windows\System\gMzGSGH.exe
  2⤵
  PID:5636
- C:\Windows\System\bxKzHgb.exe
  C:\Windows\System\bxKzHgb.exe
  2⤵
  PID:5652
- C:\Windows\System\zBvMdtu.exe
  C:\Windows\System\zBvMdtu.exe
  2⤵
  PID:5676
- C:\Windows\System\digvBWV.exe
  C:\Windows\System\digvBWV.exe
  2⤵
  PID:5696
- C:\Windows\System\wPyMdVR.exe
  C:\Windows\System\wPyMdVR.exe
  2⤵
  PID:5712
- C:\Windows\System\ZangYKZ.exe
  C:\Windows\System\ZangYKZ.exe
  2⤵
  PID:5736
- C:\Windows\System\MdilHEa.exe
  C:\Windows\System\MdilHEa.exe
  2⤵
  PID:5764
- C:\Windows\System\hIHHZfL.exe
  C:\Windows\System\hIHHZfL.exe
  2⤵
  PID:5780
- C:\Windows\System\ABrQKZP.exe
  C:\Windows\System\ABrQKZP.exe
  2⤵
  PID:5796
- C:\Windows\System\eAKgsiO.exe
  C:\Windows\System\eAKgsiO.exe
  2⤵
  PID:5812
- C:\Windows\System\dKwsGrQ.exe
  C:\Windows\System\dKwsGrQ.exe
  2⤵
  PID:5840
- C:\Windows\System\hbiwBur.exe
  C:\Windows\System\hbiwBur.exe
  2⤵
  PID:5860
- C:\Windows\System\NamfGxF.exe
  C:\Windows\System\NamfGxF.exe
  2⤵
  PID:5876
- C:\Windows\System\xAnRJPL.exe
  C:\Windows\System\xAnRJPL.exe
  2⤵
  PID:5892
- C:\Windows\System\YoLSkpk.exe
  C:\Windows\System\YoLSkpk.exe
  2⤵
  PID:5908
- C:\Windows\System\EyUFEKz.exe
  C:\Windows\System\EyUFEKz.exe
  2⤵
  PID:5932
- C:\Windows\System\vSbsyFc.exe
  C:\Windows\System\vSbsyFc.exe
  2⤵
  PID:5952
- C:\Windows\System\AZdhvBi.exe
  C:\Windows\System\AZdhvBi.exe
  2⤵
  PID:5968
- C:\Windows\System\nRsSmAv.exe
  C:\Windows\System\nRsSmAv.exe
  2⤵
  PID:5988
- C:\Windows\System\lDPdebf.exe
  C:\Windows\System\lDPdebf.exe
  2⤵
  PID:6016
- C:\Windows\System\OGFnCqy.exe
  C:\Windows\System\OGFnCqy.exe
  2⤵
  PID:6032
- C:\Windows\System\mruYblW.exe
  C:\Windows\System\mruYblW.exe
  2⤵
  PID:6048
- C:\Windows\System\LcHoaAM.exe
  C:\Windows\System\LcHoaAM.exe
  2⤵
  PID:6064
- C:\Windows\System\jKuFSNe.exe
  C:\Windows\System\jKuFSNe.exe
  2⤵
  PID:6104
- C:\Windows\System\vZZZlGT.exe
  C:\Windows\System\vZZZlGT.exe
  2⤵
  PID:6120
- C:\Windows\System\sxwGQIf.exe
  C:\Windows\System\sxwGQIf.exe
  2⤵
  PID:6140
- C:\Windows\System\KiEDtlL.exe
  C:\Windows\System\KiEDtlL.exe
  2⤵
  PID:4272
- C:\Windows\System\hSurgXK.exe
  C:\Windows\System\hSurgXK.exe
  2⤵
  PID:4572
- C:\Windows\System\HfxTnyb.exe
  C:\Windows\System\HfxTnyb.exe
  2⤵
  PID:4900
- C:\Windows\System\EIqKamo.exe
  C:\Windows\System\EIqKamo.exe
  2⤵
  PID:5128
- C:\Windows\System\KOavAgC.exe
  C:\Windows\System\KOavAgC.exe
  2⤵
  PID:4736
- C:\Windows\System\QOwvtMi.exe
  C:\Windows\System\QOwvtMi.exe
  2⤵
  PID:5240
- C:\Windows\System\BTgmaeC.exe
  C:\Windows\System\BTgmaeC.exe
  2⤵
  PID:5148
- C:\Windows\System\uvrSUVd.exe
  C:\Windows\System\uvrSUVd.exe
  2⤵
  PID:5252
- C:\Windows\System\xcZAbQS.exe
  C:\Windows\System\xcZAbQS.exe
  2⤵
  PID:5272
- C:\Windows\System\ecUawDR.exe
  C:\Windows\System\ecUawDR.exe
  2⤵
  PID:5296
- C:\Windows\System\rAWgpuC.exe
  C:\Windows\System\rAWgpuC.exe
  2⤵
  PID:5340
- C:\Windows\System\FullPcJ.exe
  C:\Windows\System\FullPcJ.exe
  2⤵
  PID:5388
- C:\Windows\System\TXltACw.exe
  C:\Windows\System\TXltACw.exe
  2⤵
  PID:5432
- C:\Windows\System\rygncMb.exe
  C:\Windows\System\rygncMb.exe
  2⤵
  PID:5500
- C:\Windows\System\CghfvEX.exe
  C:\Windows\System\CghfvEX.exe
  2⤵
  PID:5484
- C:\Windows\System\REphnAB.exe
  C:\Windows\System\REphnAB.exe
  2⤵
  PID:5512
- C:\Windows\System\wDjEAVj.exe
  C:\Windows\System\wDjEAVj.exe
  2⤵
  PID:5532
- C:\Windows\System\nrVAbet.exe
  C:\Windows\System\nrVAbet.exe
  2⤵
  PID:5564
- C:\Windows\System\SZEBCza.exe
  C:\Windows\System\SZEBCza.exe
  2⤵
  PID:5592
- C:\Windows\System\zuNgVcJ.exe
  C:\Windows\System\zuNgVcJ.exe
  2⤵
  PID:5660
- C:\Windows\System\NUTtdCH.exe
  C:\Windows\System\NUTtdCH.exe
  2⤵
  PID:5616
- C:\Windows\System\OvYlyZU.exe
  C:\Windows\System\OvYlyZU.exe
  2⤵
  PID:5672
- C:\Windows\System\zFPBMJz.exe
  C:\Windows\System\zFPBMJz.exe
  2⤵
  PID:5684
- C:\Windows\System\YtjrYdU.exe
  C:\Windows\System\YtjrYdU.exe
  2⤵
  PID:5748
- C:\Windows\System\pvnCAuG.exe
  C:\Windows\System\pvnCAuG.exe
  2⤵
  PID:5772
- C:\Windows\System\LHWxKEh.exe
  C:\Windows\System\LHWxKEh.exe
  2⤵
  PID:5820
- C:\Windows\System\mgAcbFf.exe
  C:\Windows\System\mgAcbFf.exe
  2⤵
  PID:5852
- C:\Windows\System\qOQlmqs.exe
  C:\Windows\System\qOQlmqs.exe
  2⤵
  PID:5920
- C:\Windows\System\DWLbkhG.exe
  C:\Windows\System\DWLbkhG.exe
  2⤵
  PID:5976
- C:\Windows\System\wUgaAuW.exe
  C:\Windows\System\wUgaAuW.exe
  2⤵
  PID:5960
- C:\Windows\System\ljOZrgl.exe
  C:\Windows\System\ljOZrgl.exe
  2⤵
  PID:6008
- C:\Windows\System\xQSNNEU.exe
  C:\Windows\System\xQSNNEU.exe
  2⤵
  PID:6028
- C:\Windows\System\NowRMjI.exe
  C:\Windows\System\NowRMjI.exe
  2⤵
  PID:6072
- C:\Windows\System\cHAiwDy.exe
  C:\Windows\System\cHAiwDy.exe
  2⤵
  PID:6092
- C:\Windows\System\MhBvYeo.exe
  C:\Windows\System\MhBvYeo.exe
  2⤵
  PID:6112
- C:\Windows\System\SCHCTqg.exe
  C:\Windows\System\SCHCTqg.exe
  2⤵
  PID:5204
- C:\Windows\System\WxyYgUM.exe
  C:\Windows\System\WxyYgUM.exe
  2⤵
  PID:4812
- C:\Windows\System\XAVlMgq.exe
  C:\Windows\System\XAVlMgq.exe
  2⤵
  PID:4852
- C:\Windows\System\etJcOUc.exe
  C:\Windows\System\etJcOUc.exe
  2⤵
  PID:5228
- C:\Windows\System\xOWZFGa.exe
  C:\Windows\System\xOWZFGa.exe
  2⤵
  PID:5224
- C:\Windows\System\pqsVTtk.exe
  C:\Windows\System\pqsVTtk.exe
  2⤵
  PID:5268
- C:\Windows\System\RzSsWXU.exe
  C:\Windows\System\RzSsWXU.exe
  2⤵
  PID:5276
- C:\Windows\System\nbCYiRb.exe
  C:\Windows\System\nbCYiRb.exe
  2⤵
  PID:5372
- C:\Windows\System\lCiZCeF.exe
  C:\Windows\System\lCiZCeF.exe
  2⤵
  PID:5444
- C:\Windows\System\csTvPaj.exe
  C:\Windows\System\csTvPaj.exe
  2⤵
  PID:5588
- C:\Windows\System\AHZWNyc.exe
  C:\Windows\System\AHZWNyc.exe
  2⤵
  PID:5728
- C:\Windows\System\QNgYwtm.exe
  C:\Windows\System\QNgYwtm.exe
  2⤵
  PID:5760
- C:\Windows\System\XmCldlS.exe
  C:\Windows\System\XmCldlS.exe
  2⤵
  PID:5720
- C:\Windows\System\NPRlNYo.exe
  C:\Windows\System\NPRlNYo.exe
  2⤵
  PID:5632
- C:\Windows\System\lFWDZDq.exe
  C:\Windows\System\lFWDZDq.exe
  2⤵
  PID:5848
- C:\Windows\System\rdtsqwn.exe
  C:\Windows\System\rdtsqwn.exe
  2⤵
  PID:5948
- C:\Windows\System\LLKFSby.exe
  C:\Windows\System\LLKFSby.exe
  2⤵
  PID:5924
- C:\Windows\System\VdlDBrs.exe
  C:\Windows\System\VdlDBrs.exe
  2⤵
  PID:6004
- C:\Windows\System\fHymUbP.exe
  C:\Windows\System\fHymUbP.exe
  2⤵
  PID:6076
- C:\Windows\System\NWDwBNU.exe
  C:\Windows\System\NWDwBNU.exe
  2⤵
  PID:6080
- C:\Windows\System\JezncbK.exe
  C:\Windows\System\JezncbK.exe
  2⤵
  PID:5164
- C:\Windows\System\bZoMvqw.exe
  C:\Windows\System\bZoMvqw.exe
  2⤵
  PID:4668
- C:\Windows\System\tCcfTYm.exe
  C:\Windows\System\tCcfTYm.exe
  2⤵
  PID:5220
- C:\Windows\System\xvcoDTu.exe
  C:\Windows\System\xvcoDTu.exe
  2⤵
  PID:5248
- C:\Windows\System\oKPWxgR.exe
  C:\Windows\System\oKPWxgR.exe
  2⤵
  PID:5356
- C:\Windows\System\mpuFlBr.exe
  C:\Windows\System\mpuFlBr.exe
  2⤵
  PID:5708
- C:\Windows\System\tHOKaCZ.exe
  C:\Windows\System\tHOKaCZ.exe
  2⤵
  PID:5516
- C:\Windows\System\pjDdtfr.exe
  C:\Windows\System\pjDdtfr.exe
  2⤵
  PID:5692
- C:\Windows\System\jTACHec.exe
  C:\Windows\System\jTACHec.exe
  2⤵
  PID:5776
- C:\Windows\System\FIUeFta.exe
  C:\Windows\System\FIUeFta.exe
  2⤵
  PID:5824
- C:\Windows\System\sPaDFNu.exe
  C:\Windows\System\sPaDFNu.exe
  2⤵
  PID:5868
- C:\Windows\System\HvNmXEj.exe
  C:\Windows\System\HvNmXEj.exe
  2⤵
  PID:6024
- C:\Windows\System\lVpOmOU.exe
  C:\Windows\System\lVpOmOU.exe
  2⤵
  PID:5996
- C:\Windows\System\DQaHBCd.exe
  C:\Windows\System\DQaHBCd.exe
  2⤵
  PID:6136
- C:\Windows\System\KrKqBMO.exe
  C:\Windows\System\KrKqBMO.exe
  2⤵
  PID:5732
- C:\Windows\System\PVNlGtS.exe
  C:\Windows\System\PVNlGtS.exe
  2⤵
  PID:6000
- C:\Windows\System\HfEcBEJ.exe
  C:\Windows\System\HfEcBEJ.exe
  2⤵
  PID:5480
- C:\Windows\System\iNJSRiv.exe
  C:\Windows\System\iNJSRiv.exe
  2⤵
  PID:5036
- C:\Windows\System\DjCSTSR.exe
  C:\Windows\System\DjCSTSR.exe
  2⤵
  PID:1568
- C:\Windows\System\HlGKgBM.exe
  C:\Windows\System\HlGKgBM.exe
  2⤵
  PID:5328
- C:\Windows\System\JORfOKx.exe
  C:\Windows\System\JORfOKx.exe
  2⤵
  PID:5836
- C:\Windows\System\jJDAHZf.exe
  C:\Windows\System\jJDAHZf.exe
  2⤵
  PID:5872
- C:\Windows\System\GdPDhkT.exe
  C:\Windows\System\GdPDhkT.exe
  2⤵
  PID:5464
- C:\Windows\System\svGzMfL.exe
  C:\Windows\System\svGzMfL.exe
  2⤵
  PID:6160
- C:\Windows\System\gQoEWCR.exe
  C:\Windows\System\gQoEWCR.exe
  2⤵
  PID:6180
- C:\Windows\System\NjBUiRg.exe
  C:\Windows\System\NjBUiRg.exe
  2⤵
  PID:6196
- C:\Windows\System\lVuzWzL.exe
  C:\Windows\System\lVuzWzL.exe
  2⤵
  PID:6224
- C:\Windows\System\fngaaOe.exe
  C:\Windows\System\fngaaOe.exe
  2⤵
  PID:6248
- C:\Windows\System\vckPqbJ.exe
  C:\Windows\System\vckPqbJ.exe
  2⤵
  PID:6264
- C:\Windows\System\kicIkrj.exe
  C:\Windows\System\kicIkrj.exe
  2⤵
  PID:6324
- C:\Windows\System\WKTshhx.exe
  C:\Windows\System\WKTshhx.exe
  2⤵
  PID:6356
- C:\Windows\System\IuxywSi.exe
  C:\Windows\System\IuxywSi.exe
  2⤵
  PID:6376
- C:\Windows\System\kabkVje.exe
  C:\Windows\System\kabkVje.exe
  2⤵
  PID:6392
- C:\Windows\System\NLgVKtp.exe
  C:\Windows\System\NLgVKtp.exe
  2⤵
  PID:6408
- C:\Windows\System\QcyVpwv.exe
  C:\Windows\System\QcyVpwv.exe
  2⤵
  PID:6440
- C:\Windows\System\GDGyOIk.exe
  C:\Windows\System\GDGyOIk.exe
  2⤵
  PID:6456
- C:\Windows\System\NtrsRmH.exe
  C:\Windows\System\NtrsRmH.exe
  2⤵
  PID:6472
- C:\Windows\System\ENjAeik.exe
  C:\Windows\System\ENjAeik.exe
  2⤵
  PID:6488
- C:\Windows\System\pXOoscd.exe
  C:\Windows\System\pXOoscd.exe
  2⤵
  PID:6504
- C:\Windows\System\BFdRZNq.exe
  C:\Windows\System\BFdRZNq.exe
  2⤵
  PID:6520
- C:\Windows\System\tgdnaQp.exe
  C:\Windows\System\tgdnaQp.exe
  2⤵
  PID:6536
- C:\Windows\System\mFBrkmR.exe
  C:\Windows\System\mFBrkmR.exe
  2⤵
  PID:6568
- C:\Windows\System\uvpnIVA.exe
  C:\Windows\System\uvpnIVA.exe
  2⤵
  PID:6596
- C:\Windows\System\QoOvHhP.exe
  C:\Windows\System\QoOvHhP.exe
  2⤵
  PID:6616
- C:\Windows\System\MaDWSOO.exe
  C:\Windows\System\MaDWSOO.exe
  2⤵
  PID:6632
- C:\Windows\System\MtCvKtn.exe
  C:\Windows\System\MtCvKtn.exe
  2⤵
  PID:6648
- C:\Windows\System\DkzfbbH.exe
  C:\Windows\System\DkzfbbH.exe
  2⤵
  PID:6664
- C:\Windows\System\QIEpXZE.exe
  C:\Windows\System\QIEpXZE.exe
  2⤵
  PID:6680
- C:\Windows\System\FtxAump.exe
  C:\Windows\System\FtxAump.exe
  2⤵
  PID:6696
- C:\Windows\System\CbWjegA.exe
  C:\Windows\System\CbWjegA.exe
  2⤵
  PID:6716
- C:\Windows\System\UMbOrVM.exe
  C:\Windows\System\UMbOrVM.exe
  2⤵
  PID:6744
- C:\Windows\System\nhJhjnl.exe
  C:\Windows\System\nhJhjnl.exe
  2⤵
  PID:6768
- C:\Windows\System\FTkYKqk.exe
  C:\Windows\System\FTkYKqk.exe
  2⤵
  PID:6796
- C:\Windows\System\aCvOWRd.exe
  C:\Windows\System\aCvOWRd.exe
  2⤵
  PID:6812
- C:\Windows\System\uqzcDwv.exe
  C:\Windows\System\uqzcDwv.exe
  2⤵
  PID:6836
- C:\Windows\System\LruXHMD.exe
  C:\Windows\System\LruXHMD.exe
  2⤵
  PID:6860
- C:\Windows\System\jLIjKai.exe
  C:\Windows\System\jLIjKai.exe
  2⤵
  PID:6876
- C:\Windows\System\QqzUPMH.exe
  C:\Windows\System\QqzUPMH.exe
  2⤵
  PID:6892
- C:\Windows\System\FWVbwcr.exe
  C:\Windows\System\FWVbwcr.exe
  2⤵
  PID:6912
- C:\Windows\System\OjeVKoV.exe
  C:\Windows\System\OjeVKoV.exe
  2⤵
  PID:6936
- C:\Windows\System\WAJbRNL.exe
  C:\Windows\System\WAJbRNL.exe
  2⤵
  PID:6952
- C:\Windows\System\EIIQFqp.exe
  C:\Windows\System\EIIQFqp.exe
  2⤵
  PID:6976
- C:\Windows\System\sdBMpeO.exe
  C:\Windows\System\sdBMpeO.exe
  2⤵
  PID:6992
- C:\Windows\System\SYQNioO.exe
  C:\Windows\System\SYQNioO.exe
  2⤵
  PID:7012
- C:\Windows\System\LWfUUiP.exe
  C:\Windows\System\LWfUUiP.exe
  2⤵
  PID:7044
- C:\Windows\System\fecUVHL.exe
  C:\Windows\System\fecUVHL.exe
  2⤵
  PID:7064
- C:\Windows\System\nUjEsWF.exe
  C:\Windows\System\nUjEsWF.exe
  2⤵
  PID:7080
- C:\Windows\System\FsVoAtn.exe
  C:\Windows\System\FsVoAtn.exe
  2⤵
  PID:7096
- C:\Windows\System\zysHsVC.exe
  C:\Windows\System\zysHsVC.exe
  2⤵
  PID:7112
- C:\Windows\System\agXPjAj.exe
  C:\Windows\System\agXPjAj.exe
  2⤵
  PID:7128
- C:\Windows\System\avusDyU.exe
  C:\Windows\System\avusDyU.exe
  2⤵
  PID:7152
- C:\Windows\System\ifWAfGu.exe
  C:\Windows\System\ifWAfGu.exe
  2⤵
  PID:4128
- C:\Windows\System\srnNqES.exe
  C:\Windows\System\srnNqES.exe
  2⤵
  PID:5668
- C:\Windows\System\kjZMjos.exe
  C:\Windows\System\kjZMjos.exe
  2⤵
  PID:6176
- C:\Windows\System\OzMkBoi.exe
  C:\Windows\System\OzMkBoi.exe
  2⤵
  PID:5144
- C:\Windows\System\FhIOCsI.exe
  C:\Windows\System\FhIOCsI.exe
  2⤵
  PID:5940
- C:\Windows\System\phadTtU.exe
  C:\Windows\System\phadTtU.exe
  2⤵
  PID:6156
- C:\Windows\System\phBsdKh.exe
  C:\Windows\System\phBsdKh.exe
  2⤵
  PID:6280
- C:\Windows\System\QWQjTuY.exe
  C:\Windows\System\QWQjTuY.exe
  2⤵
  PID:6296
- C:\Windows\System\BoCLkbV.exe
  C:\Windows\System\BoCLkbV.exe
  2⤵
  PID:6336
- C:\Windows\System\WCtrWEf.exe
  C:\Windows\System\WCtrWEf.exe
  2⤵
  PID:6400
- C:\Windows\System\TTRRBzL.exe
  C:\Windows\System\TTRRBzL.exe
  2⤵
  PID:6424
- C:\Windows\System\zhuVtLB.exe
  C:\Windows\System\zhuVtLB.exe
  2⤵
  PID:6464
- C:\Windows\System\ApURXFC.exe
  C:\Windows\System\ApURXFC.exe
  2⤵
  PID:6528
- C:\Windows\System\AAegnnr.exe
  C:\Windows\System\AAegnnr.exe
  2⤵
  PID:6576
- C:\Windows\System\ETjquUg.exe
  C:\Windows\System\ETjquUg.exe
  2⤵
  PID:6592
- C:\Windows\System\FictMwq.exe
  C:\Windows\System\FictMwq.exe
  2⤵
  PID:6624
- C:\Windows\System\ynBIRWC.exe
  C:\Windows\System\ynBIRWC.exe
  2⤵
  PID:6688
- C:\Windows\System\UHNEJFC.exe
  C:\Windows\System\UHNEJFC.exe
  2⤵
  PID:6484
- C:\Windows\System\GVXeXJw.exe
  C:\Windows\System\GVXeXJw.exe
  2⤵
  PID:6776
- C:\Windows\System\BhOeJSi.exe
  C:\Windows\System\BhOeJSi.exe
  2⤵
  PID:6792
- C:\Windows\System\NszvqXf.exe
  C:\Windows\System\NszvqXf.exe
  2⤵
  PID:6828
- C:\Windows\System\LLrEXBY.exe
  C:\Windows\System\LLrEXBY.exe
  2⤵
  PID:6908
- C:\Windows\System\jPHbSdY.exe
  C:\Windows\System\jPHbSdY.exe
  2⤵
  PID:6948
- C:\Windows\System\ijKWBZJ.exe
  C:\Windows\System\ijKWBZJ.exe
  2⤵
  PID:6708
- C:\Windows\System\BNcdumk.exe
  C:\Windows\System\BNcdumk.exe
  2⤵
  PID:6764
- C:\Windows\System\NydeNSW.exe
  C:\Windows\System\NydeNSW.exe
  2⤵
  PID:6932
- C:\Windows\System\VsHSlYw.exe
  C:\Windows\System\VsHSlYw.exe
  2⤵
  PID:6848
- C:\Windows\System\CPAlTtv.exe
  C:\Windows\System\CPAlTtv.exe
  2⤵
  PID:6884
- C:\Windows\System\fRmpdkx.exe
  C:\Windows\System\fRmpdkx.exe
  2⤵
  PID:6928
- C:\Windows\System\zSuqdJX.exe
  C:\Windows\System\zSuqdJX.exe
  2⤵
  PID:7108
- C:\Windows\System\PkZGIZu.exe
  C:\Windows\System\PkZGIZu.exe
  2⤵
  PID:7144
- C:\Windows\System\TjJkGOe.exe
  C:\Windows\System\TjJkGOe.exe
  2⤵
  PID:7052
- C:\Windows\System\FXAHmgL.exe
  C:\Windows\System\FXAHmgL.exe
  2⤵
  PID:7092
- C:\Windows\System\bansbNG.exe
  C:\Windows\System\bansbNG.exe
  2⤵
  PID:6040
- C:\Windows\System\njiUwhI.exe
  C:\Windows\System\njiUwhI.exe
  2⤵
  PID:5508
- C:\Windows\System\aWVjAdy.exe
  C:\Windows\System\aWVjAdy.exe
  2⤵
  PID:5256
- C:\Windows\System\QODLORS.exe
  C:\Windows\System\QODLORS.exe
  2⤵
  PID:6244
- C:\Windows\System\uUMYWlO.exe
  C:\Windows\System\uUMYWlO.exe
  2⤵
  PID:6236
- C:\Windows\System\LAzCVDv.exe
  C:\Windows\System\LAzCVDv.exe
  2⤵
  PID:6288
- C:\Windows\System\OZFXYBK.exe
  C:\Windows\System\OZFXYBK.exe
  2⤵
  PID:6304
- C:\Windows\System\tkjTSdu.exe
  C:\Windows\System\tkjTSdu.exe
  2⤵
  PID:6404
- C:\Windows\System\zMbvnqA.exe
  C:\Windows\System\zMbvnqA.exe
  2⤵
  PID:6516
- C:\Windows\System\uSJEnbT.exe
  C:\Windows\System\uSJEnbT.exe
  2⤵
  PID:6552
- C:\Windows\System\AXiknIQ.exe
  C:\Windows\System\AXiknIQ.exe
  2⤵
  PID:6544
- C:\Windows\System\GDKRcxX.exe
  C:\Windows\System\GDKRcxX.exe
  2⤵
  PID:6724
- C:\Windows\System\clQCAsl.exe
  C:\Windows\System\clQCAsl.exe
  2⤵
  PID:6740
- C:\Windows\System\yUtsFNX.exe
  C:\Windows\System\yUtsFNX.exe
  2⤵
  PID:6788
- C:\Windows\System\FDGvjhy.exe
  C:\Windows\System\FDGvjhy.exe
  2⤵
  PID:6676
- C:\Windows\System\DONLoqD.exe
  C:\Windows\System\DONLoqD.exe
  2⤵
  PID:6988
- C:\Windows\System\IzoMnjz.exe
  C:\Windows\System\IzoMnjz.exe
  2⤵
  PID:7032
- C:\Windows\System\zuhFqYg.exe
  C:\Windows\System\zuhFqYg.exe
  2⤵
  PID:6972
- C:\Windows\System\YaeqjrI.exe
  C:\Windows\System\YaeqjrI.exe
  2⤵
  PID:7008
- C:\Windows\System\IDqVKJx.exe
  C:\Windows\System\IDqVKJx.exe
  2⤵
  PID:6844
- C:\Windows\System\PuEzBHX.exe
  C:\Windows\System\PuEzBHX.exe
  2⤵
  PID:5236
- C:\Windows\System\JDnMZPe.exe
  C:\Windows\System\JDnMZPe.exe
  2⤵
  PID:7060
- C:\Windows\System\WBFlQBD.exe
  C:\Windows\System\WBFlQBD.exe
  2⤵
  PID:6240
- C:\Windows\System\SHCmwpT.exe
  C:\Windows\System\SHCmwpT.exe
  2⤵
  PID:6500
- C:\Windows\System\zSzachd.exe
  C:\Windows\System\zSzachd.exe
  2⤵
  PID:6256
- C:\Windows\System\OIhmhAE.exe
  C:\Windows\System\OIhmhAE.exe
  2⤵
  PID:6548
- C:\Windows\System\WtlKkBF.exe
  C:\Windows\System\WtlKkBF.exe
  2⤵
  PID:6560
- C:\Windows\System\rzldxsF.exe
  C:\Windows\System\rzldxsF.exe
  2⤵
  PID:6900
- C:\Windows\System\FotqlVq.exe
  C:\Windows\System\FotqlVq.exe
  2⤵
  PID:6924
- C:\Windows\System\MOKgRTc.exe
  C:\Windows\System\MOKgRTc.exe
  2⤵
  PID:6192
- C:\Windows\System\PDjdGol.exe
  C:\Windows\System\PDjdGol.exe
  2⤵
  PID:6784
- C:\Windows\System\wcShyhI.exe
  C:\Windows\System\wcShyhI.exe
  2⤵
  PID:6452
- C:\Windows\System\uMgdhEU.exe
  C:\Windows\System\uMgdhEU.exe
  2⤵
  PID:7124
- C:\Windows\System\vrvjHWB.exe
  C:\Windows\System\vrvjHWB.exe
  2⤵
  PID:6496
- C:\Windows\System\cCtApgz.exe
  C:\Windows\System\cCtApgz.exe
  2⤵
  PID:6604
- C:\Windows\System\lXCGIcJ.exe
  C:\Windows\System\lXCGIcJ.exe
  2⤵
  PID:7164
- C:\Windows\System\QlOaCEN.exe
  C:\Windows\System\QlOaCEN.exe
  2⤵
  PID:6756
- C:\Windows\System\xWaNdSq.exe
  C:\Windows\System\xWaNdSq.exe
  2⤵
  PID:6232
- C:\Windows\System\VRKfivJ.exe
  C:\Windows\System\VRKfivJ.exe
  2⤵
  PID:6660
- C:\Windows\System\aQfastn.exe
  C:\Windows\System\aQfastn.exe
  2⤵
  PID:6728
- C:\Windows\System\jQbuXpp.exe
  C:\Windows\System\jQbuXpp.exe
  2⤵
  PID:6432
- C:\Windows\System\nqmXDTx.exe
  C:\Windows\System\nqmXDTx.exe
  2⤵
  PID:6752
- C:\Windows\System\EqYNDsu.exe
  C:\Windows\System\EqYNDsu.exe
  2⤵
  PID:6480
- C:\Windows\System\LcwvNjo.exe
  C:\Windows\System\LcwvNjo.exe
  2⤵
  PID:7216
- C:\Windows\System\nKgqGEY.exe
  C:\Windows\System\nKgqGEY.exe
  2⤵
  PID:7232
- C:\Windows\System\ikzxNVw.exe
  C:\Windows\System\ikzxNVw.exe
  2⤵
  PID:7248
- C:\Windows\System\XzpNovT.exe
  C:\Windows\System\XzpNovT.exe
  2⤵
  PID:7264
- C:\Windows\System\zQQQFsf.exe
  C:\Windows\System\zQQQFsf.exe
  2⤵
  PID:7280
- C:\Windows\System\CptIURj.exe
  C:\Windows\System\CptIURj.exe
  2⤵
  PID:7296
- C:\Windows\System\jTuWpYe.exe
  C:\Windows\System\jTuWpYe.exe
  2⤵
  PID:7320
- C:\Windows\System\idJWABZ.exe
  C:\Windows\System\idJWABZ.exe
  2⤵
  PID:7340
- C:\Windows\System\VNQEawF.exe
  C:\Windows\System\VNQEawF.exe
  2⤵
  PID:7356
- C:\Windows\System\zATgjXJ.exe
  C:\Windows\System\zATgjXJ.exe
  2⤵
  PID:7380
- C:\Windows\System\FPJtgUS.exe
  C:\Windows\System\FPJtgUS.exe
  2⤵
  PID:7400
- C:\Windows\System\tNCCKHc.exe
  C:\Windows\System\tNCCKHc.exe
  2⤵
  PID:7416
- C:\Windows\System\ZEYqBdY.exe
  C:\Windows\System\ZEYqBdY.exe
  2⤵
  PID:7456
- C:\Windows\System\UlNUpnK.exe
  C:\Windows\System\UlNUpnK.exe
  2⤵
  PID:7472
- C:\Windows\System\oHGVWSx.exe
  C:\Windows\System\oHGVWSx.exe
  2⤵
  PID:7496
- C:\Windows\System\qyORJzv.exe
  C:\Windows\System\qyORJzv.exe
  2⤵
  PID:7516
- C:\Windows\System\NmJMjqj.exe
  C:\Windows\System\NmJMjqj.exe
  2⤵
  PID:7532
- C:\Windows\System\hUuyLXn.exe
  C:\Windows\System\hUuyLXn.exe
  2⤵
  PID:7552
- C:\Windows\System\wGazhxt.exe
  C:\Windows\System\wGazhxt.exe
  2⤵
  PID:7568
- C:\Windows\System\vTkKuiS.exe
  C:\Windows\System\vTkKuiS.exe
  2⤵
  PID:7588
- C:\Windows\System\sCwzUvF.exe
  C:\Windows\System\sCwzUvF.exe
  2⤵
  PID:7604
- C:\Windows\System\GUwqbgN.exe
  C:\Windows\System\GUwqbgN.exe
  2⤵
  PID:7624
- C:\Windows\System\AecmTuy.exe
  C:\Windows\System\AecmTuy.exe
  2⤵
  PID:7644
- C:\Windows\System\YlTsruK.exe
  C:\Windows\System\YlTsruK.exe
  2⤵
  PID:7660
- C:\Windows\System\bAZjxuu.exe
  C:\Windows\System\bAZjxuu.exe
  2⤵
  PID:7696
- C:\Windows\System\gfJscnN.exe
  C:\Windows\System\gfJscnN.exe
  2⤵
  PID:7712
- C:\Windows\System\oWkBCes.exe
  C:\Windows\System\oWkBCes.exe
  2⤵
  PID:7728
- C:\Windows\System\VrEKuKw.exe
  C:\Windows\System\VrEKuKw.exe
  2⤵
  PID:7748
- C:\Windows\System\TtDkmwf.exe
  C:\Windows\System\TtDkmwf.exe
  2⤵
  PID:7768
- C:\Windows\System\eWPebYA.exe
  C:\Windows\System\eWPebYA.exe
  2⤵
  PID:7788
- C:\Windows\System\XVgyhgx.exe
  C:\Windows\System\XVgyhgx.exe
  2⤵
  PID:7804
- C:\Windows\System\miIybgm.exe
  C:\Windows\System\miIybgm.exe
  2⤵
  PID:7820
- C:\Windows\System\lkySYZy.exe
  C:\Windows\System\lkySYZy.exe
  2⤵
  PID:7840
- C:\Windows\System\DoAVXWy.exe
  C:\Windows\System\DoAVXWy.exe
  2⤵
  PID:7856
- C:\Windows\System\ftpHPGe.exe
  C:\Windows\System\ftpHPGe.exe
  2⤵
  PID:7884
- C:\Windows\System\KJVckNW.exe
  C:\Windows\System\KJVckNW.exe
  2⤵
  PID:7900
- C:\Windows\System\WJEquju.exe
  C:\Windows\System\WJEquju.exe
  2⤵
  PID:7920
- C:\Windows\System\zbMujuZ.exe
  C:\Windows\System\zbMujuZ.exe
  2⤵
  PID:7936
- C:\Windows\System\dHktjGX.exe
  C:\Windows\System\dHktjGX.exe
  2⤵
  PID:7952
- C:\Windows\System\IlCKNLp.exe
  C:\Windows\System\IlCKNLp.exe
  2⤵
  PID:7976
- C:\Windows\System\CvwySnc.exe
  C:\Windows\System\CvwySnc.exe
  2⤵
  PID:8000
- C:\Windows\System\BNFaAQm.exe
  C:\Windows\System\BNFaAQm.exe
  2⤵
  PID:8020
- C:\Windows\System\rFcBBcI.exe
  C:\Windows\System\rFcBBcI.exe
  2⤵
  PID:8048
- C:\Windows\System\vdxIYDn.exe
  C:\Windows\System\vdxIYDn.exe
  2⤵
  PID:8068
- C:\Windows\System\OfoEwmf.exe
  C:\Windows\System\OfoEwmf.exe
  2⤵
  PID:8100
- C:\Windows\System\hEQITKY.exe
  C:\Windows\System\hEQITKY.exe
  2⤵
  PID:8124
- C:\Windows\System\OriHLDB.exe
  C:\Windows\System\OriHLDB.exe
  2⤵
  PID:8144
- C:\Windows\System\vJaMTlp.exe
  C:\Windows\System\vJaMTlp.exe
  2⤵
  PID:8160
- C:\Windows\System\yywiVUX.exe
  C:\Windows\System\yywiVUX.exe
  2⤵
  PID:8180
- C:\Windows\System\DCHXUht.exe
  C:\Windows\System\DCHXUht.exe
  2⤵
  PID:6384
- C:\Windows\System\EPgGabp.exe
  C:\Windows\System\EPgGabp.exe
  2⤵
  PID:7004
- C:\Windows\System\oAwkeOs.exe
  C:\Windows\System\oAwkeOs.exe
  2⤵
  PID:6824
- C:\Windows\System\QWTVvkg.exe
  C:\Windows\System\QWTVvkg.exe
  2⤵
  PID:7188
- C:\Windows\System\bPYMDBW.exe
  C:\Windows\System\bPYMDBW.exe
  2⤵
  PID:7184
- C:\Windows\System\JlhpIHk.exe
  C:\Windows\System\JlhpIHk.exe
  2⤵
  PID:7244
- C:\Windows\System\ZIdhMih.exe
  C:\Windows\System\ZIdhMih.exe
  2⤵
  PID:7256
- C:\Windows\System\usqSTBj.exe
  C:\Windows\System\usqSTBj.exe
  2⤵
  PID:7292
- C:\Windows\System\EWkRDOu.exe
  C:\Windows\System\EWkRDOu.exe
  2⤵
  PID:7372
- C:\Windows\System\LVaOhYT.exe
  C:\Windows\System\LVaOhYT.exe
  2⤵
  PID:7352
- C:\Windows\System\iKusbQV.exe
  C:\Windows\System\iKusbQV.exe
  2⤵
  PID:7436
- C:\Windows\System\XCKgJKT.exe
  C:\Windows\System\XCKgJKT.exe
  2⤵
  PID:7464
- C:\Windows\System\NxBpoTn.exe
  C:\Windows\System\NxBpoTn.exe
  2⤵
  PID:7480
- C:\Windows\System\orzLiae.exe
  C:\Windows\System\orzLiae.exe
  2⤵
  PID:7492
- C:\Windows\System\CGtRxvv.exe
  C:\Windows\System\CGtRxvv.exe
  2⤵
  PID:7560
- C:\Windows\System\ILYuHFo.exe
  C:\Windows\System\ILYuHFo.exe
  2⤵
  PID:7668
- C:\Windows\System\eianOjn.exe
  C:\Windows\System\eianOjn.exe
  2⤵
  PID:7636
- C:\Windows\System\SZMPDKa.exe
  C:\Windows\System\SZMPDKa.exe
  2⤵
  PID:7692
- C:\Windows\System\kOScuEj.exe
  C:\Windows\System\kOScuEj.exe
  2⤵
  PID:7708
- C:\Windows\System\TmDpSJL.exe
  C:\Windows\System\TmDpSJL.exe
  2⤵
  PID:7812
- C:\Windows\System\qywjWqt.exe
  C:\Windows\System\qywjWqt.exe
  2⤵
  PID:7892
- C:\Windows\System\HvJYEyT.exe
  C:\Windows\System\HvJYEyT.exe
  2⤵
  PID:7932
- C:\Windows\System\dEuOeil.exe
  C:\Windows\System\dEuOeil.exe
  2⤵
  PID:8008
- C:\Windows\System\nEgtdHX.exe
  C:\Windows\System\nEgtdHX.exe
  2⤵
  PID:8064
- C:\Windows\System\WNoFIPB.exe
  C:\Windows\System\WNoFIPB.exe
  2⤵
  PID:7828
- C:\Windows\System\cfVQNEA.exe
  C:\Windows\System\cfVQNEA.exe
  2⤵
  PID:7796
- C:\Windows\System\AICMiYl.exe
  C:\Windows\System\AICMiYl.exe
  2⤵
  PID:7864
- C:\Windows\System\ZZkeVgX.exe
  C:\Windows\System\ZZkeVgX.exe
  2⤵
  PID:8040
- C:\Windows\System\gHYCAUu.exe
  C:\Windows\System\gHYCAUu.exe
  2⤵
  PID:7916
- C:\Windows\System\LuOXALg.exe
  C:\Windows\System\LuOXALg.exe
  2⤵
  PID:8084
- C:\Windows\System\UQlBTpv.exe
  C:\Windows\System\UQlBTpv.exe
  2⤵
  PID:8108
- C:\Windows\System\dCXrBFK.exe
  C:\Windows\System\dCXrBFK.exe
  2⤵
  PID:8112
- C:\Windows\System\aLqwTcl.exe
  C:\Windows\System\aLqwTcl.exe
  2⤵
  PID:8176
- C:\Windows\System\vrGhLGJ.exe
  C:\Windows\System\vrGhLGJ.exe
  2⤵
  PID:7196
- C:\Windows\System\UtgeLqp.exe
  C:\Windows\System\UtgeLqp.exe
  2⤵
  PID:7024
- C:\Windows\System\aHVyHAj.exe
  C:\Windows\System\aHVyHAj.exe
  2⤵
  PID:7180
- C:\Windows\System\zUnITfI.exe
  C:\Windows\System\zUnITfI.exe
  2⤵
  PID:7332
- C:\Windows\System\cGynDXT.exe
  C:\Windows\System\cGynDXT.exe
  2⤵
  PID:7288
- C:\Windows\System\DOoEXkW.exe
  C:\Windows\System\DOoEXkW.exe
  2⤵
  PID:7348
- C:\Windows\System\TYXHPQq.exe
  C:\Windows\System\TYXHPQq.exe
  2⤵
  PID:7392
- C:\Windows\System\NvnSTcf.exe
  C:\Windows\System\NvnSTcf.exe
  2⤵
  PID:7544
- C:\Windows\System\uXbsQzZ.exe
  C:\Windows\System\uXbsQzZ.exe
  2⤵
  PID:7584
- C:\Windows\System\EiYqZOx.exe
  C:\Windows\System\EiYqZOx.exe
  2⤵
  PID:7704
- C:\Windows\System\cnLDoSn.exe
  C:\Windows\System\cnLDoSn.exe
  2⤵
  PID:7744
- C:\Windows\System\rvqVMvR.exe
  C:\Windows\System\rvqVMvR.exe
  2⤵
  PID:7964
- C:\Windows\System\OuoDdht.exe
  C:\Windows\System\OuoDdht.exe
  2⤵
  PID:7996
- C:\Windows\System\VbEcaxj.exe
  C:\Windows\System\VbEcaxj.exe
  2⤵
  PID:8028
- C:\Windows\System\vUtnwOi.exe
  C:\Windows\System\vUtnwOi.exe
  2⤵
  PID:8012
- C:\Windows\System\JoYvwTQ.exe
  C:\Windows\System\JoYvwTQ.exe
  2⤵
  PID:8056
- C:\Windows\System\CcEuJBu.exe
  C:\Windows\System\CcEuJBu.exe
  2⤵
  PID:7764
- C:\Windows\System\khJcPUa.exe
  C:\Windows\System\khJcPUa.exe
  2⤵
  PID:7212
- C:\Windows\System\EmkHGAX.exe
  C:\Windows\System\EmkHGAX.exe
  2⤵
  PID:7880
- C:\Windows\System\rRZwnqL.exe
  C:\Windows\System\rRZwnqL.exe
  2⤵
  PID:8120
- C:\Windows\System\LWkeFTa.exe
  C:\Windows\System\LWkeFTa.exe
  2⤵
  PID:7312
- C:\Windows\System\qIRqjof.exe
  C:\Windows\System\qIRqjof.exe
  2⤵
  PID:7228
- C:\Windows\System\bvdsVzp.exe
  C:\Windows\System\bvdsVzp.exe
  2⤵
  PID:7368
- C:\Windows\System\WJiyfMI.exe
  C:\Windows\System\WJiyfMI.exe
  2⤵
  PID:7600
- C:\Windows\System\jdYiArr.exe
  C:\Windows\System\jdYiArr.exe
  2⤵
  PID:7508
- C:\Windows\System\LvGpzoK.exe
  C:\Windows\System\LvGpzoK.exe
  2⤵
  PID:7848
- C:\Windows\System\yZOodip.exe
  C:\Windows\System\yZOodip.exe
  2⤵
  PID:7992
- C:\Windows\System\MaxqWFr.exe
  C:\Windows\System\MaxqWFr.exe
  2⤵
  PID:6168
- C:\Windows\System\QzkBOKM.exe
  C:\Windows\System\QzkBOKM.exe
  2⤵
  PID:8096
- C:\Windows\System\yJtOXvO.exe
  C:\Windows\System\yJtOXvO.exe
  2⤵
  PID:8116
- C:\Windows\System\zoBDIhu.exe
  C:\Windows\System\zoBDIhu.exe
  2⤵
  PID:7424
- C:\Windows\System\cGeyEcv.exe
  C:\Windows\System\cGeyEcv.exe
  2⤵
  PID:7076
- C:\Windows\System\ZYtEDpz.exe
  C:\Windows\System\ZYtEDpz.exe
  2⤵
  PID:6968
- C:\Windows\System\QfmZkkG.exe
  C:\Windows\System\QfmZkkG.exe
  2⤵
  PID:7596
- C:\Windows\System\xREmJNX.exe
  C:\Windows\System\xREmJNX.exe
  2⤵
  PID:7784
- C:\Windows\System\slSwtHy.exe
  C:\Windows\System\slSwtHy.exe
  2⤵
  PID:7908
- C:\Windows\System\TXsFDvu.exe
  C:\Windows\System\TXsFDvu.exe
  2⤵
  PID:7928
- C:\Windows\System\nlvqfwv.exe
  C:\Windows\System\nlvqfwv.exe
  2⤵
  PID:7540
- C:\Windows\System\RwVKhMW.exe
  C:\Windows\System\RwVKhMW.exe
  2⤵
  PID:8156
- C:\Windows\System\blmCNbB.exe
  C:\Windows\System\blmCNbB.exe
  2⤵
  PID:7308
- C:\Windows\System\eAEjYjg.exe
  C:\Windows\System\eAEjYjg.exe
  2⤵
  PID:7224
- C:\Windows\System\TEGYdcn.exe
  C:\Windows\System\TEGYdcn.exe
  2⤵
  PID:7688
- C:\Windows\System\kkFgsua.exe
  C:\Windows\System\kkFgsua.exe
  2⤵
  PID:7800
- C:\Windows\System\AehEsfO.exe
  C:\Windows\System\AehEsfO.exe
  2⤵
  PID:7760
- C:\Windows\System\rQSwKJW.exe
  C:\Windows\System\rQSwKJW.exe
  2⤵
  PID:8168
- C:\Windows\System\aBZhGLO.exe
  C:\Windows\System\aBZhGLO.exe
  2⤵
  PID:8196
- C:\Windows\System\WkZhpAI.exe
  C:\Windows\System\WkZhpAI.exe
  2⤵
  PID:8216
- C:\Windows\System\cTJJDVx.exe
  C:\Windows\System\cTJJDVx.exe
  2⤵
  PID:8240
- C:\Windows\System\sERKFFw.exe
  C:\Windows\System\sERKFFw.exe
  2⤵
  PID:8256
- C:\Windows\System\NClttNy.exe
  C:\Windows\System\NClttNy.exe
  2⤵
  PID:8272
- C:\Windows\System\gyjNxZG.exe
  C:\Windows\System\gyjNxZG.exe
  2⤵
  PID:8292
- C:\Windows\System\LmxDgdn.exe
  C:\Windows\System\LmxDgdn.exe
  2⤵
  PID:8308
- C:\Windows\System\HIBBdnD.exe
  C:\Windows\System\HIBBdnD.exe
  2⤵
  PID:8336
- C:\Windows\System\WGuuUDB.exe
  C:\Windows\System\WGuuUDB.exe
  2⤵
  PID:8360
- C:\Windows\System\anmmMrC.exe
  C:\Windows\System\anmmMrC.exe
  2⤵
  PID:8380
- C:\Windows\System\lUJJabg.exe
  C:\Windows\System\lUJJabg.exe
  2⤵
  PID:8396
- C:\Windows\System\RRIoqZD.exe
  C:\Windows\System\RRIoqZD.exe
  2⤵
  PID:8416
- C:\Windows\System\yEHUrNB.exe
  C:\Windows\System\yEHUrNB.exe
  2⤵
  PID:8440
- C:\Windows\System\xXJDkmt.exe
  C:\Windows\System\xXJDkmt.exe
  2⤵
  PID:8472
- C:\Windows\System\ykOQXPM.exe
  C:\Windows\System\ykOQXPM.exe
  2⤵
  PID:8492
- C:\Windows\System\CPuqEvv.exe
  C:\Windows\System\CPuqEvv.exe
  2⤵
  PID:8508
- C:\Windows\System\kRwdkCx.exe
  C:\Windows\System\kRwdkCx.exe
  2⤵
  PID:8524
- C:\Windows\System\fScmPUh.exe
  C:\Windows\System\fScmPUh.exe
  2⤵
  PID:8540
- C:\Windows\System\HTrEkoC.exe
  C:\Windows\System\HTrEkoC.exe
  2⤵
  PID:8556
- C:\Windows\System\DnwDbcd.exe
  C:\Windows\System\DnwDbcd.exe
  2⤵
  PID:8576
- C:\Windows\System\oMYcCMP.exe
  C:\Windows\System\oMYcCMP.exe
  2⤵
  PID:8604
- C:\Windows\System\lxeullz.exe
  C:\Windows\System\lxeullz.exe
  2⤵
  PID:8628
- C:\Windows\System\GYJOvYX.exe
  C:\Windows\System\GYJOvYX.exe
  2⤵
  PID:8644
- C:\Windows\System\sDGuYLe.exe
  C:\Windows\System\sDGuYLe.exe
  2⤵
  PID:8668
- C:\Windows\System\MLPdCry.exe
  C:\Windows\System\MLPdCry.exe
  2⤵
  PID:8696
- C:\Windows\System\gPDLofn.exe
  C:\Windows\System\gPDLofn.exe
  2⤵
  PID:8712
- C:\Windows\System\uwxSIVr.exe
  C:\Windows\System\uwxSIVr.exe
  2⤵
  PID:8728
- C:\Windows\System\uHNThAv.exe
  C:\Windows\System\uHNThAv.exe
  2⤵
  PID:8744
- C:\Windows\System\OTEtjhR.exe
  C:\Windows\System\OTEtjhR.exe
  2⤵
  PID:8768
- C:\Windows\System\IKZYoMx.exe
  C:\Windows\System\IKZYoMx.exe
  2⤵
  PID:8784
- C:\Windows\System\ZXHYfnf.exe
  C:\Windows\System\ZXHYfnf.exe
  2⤵
  PID:8808
- C:\Windows\System\mQEySJE.exe
  C:\Windows\System\mQEySJE.exe
  2⤵
  PID:8824
- C:\Windows\System\OsrmdsG.exe
  C:\Windows\System\OsrmdsG.exe
  2⤵
  PID:8844
- C:\Windows\System\OzeUHge.exe
  C:\Windows\System\OzeUHge.exe
  2⤵
  PID:8868
- C:\Windows\System\rGSWLDa.exe
  C:\Windows\System\rGSWLDa.exe
  2⤵
  PID:8884
- C:\Windows\System\nHCNjEr.exe
  C:\Windows\System\nHCNjEr.exe
  2⤵
  PID:8912
- C:\Windows\System\tZSSDPE.exe
  C:\Windows\System\tZSSDPE.exe
  2⤵
  PID:8928
- C:\Windows\System\KIRiEXH.exe
  C:\Windows\System\KIRiEXH.exe
  2⤵
  PID:8944
- C:\Windows\System\NfqqLnG.exe
  C:\Windows\System\NfqqLnG.exe
  2⤵
  PID:8964
- C:\Windows\System\RdExtUv.exe
  C:\Windows\System\RdExtUv.exe
  2⤵
  PID:8980
- C:\Windows\System\hpqqBOm.exe
  C:\Windows\System\hpqqBOm.exe
  2⤵
  PID:9004
- C:\Windows\System\lFptnDm.exe
  C:\Windows\System\lFptnDm.exe
  2⤵
  PID:9028
- C:\Windows\System\PnLFhnU.exe
  C:\Windows\System\PnLFhnU.exe
  2⤵
  PID:9044
- C:\Windows\System\glSkvXq.exe
  C:\Windows\System\glSkvXq.exe
  2⤵
  PID:9060
- C:\Windows\System\AlvtKAX.exe
  C:\Windows\System\AlvtKAX.exe
  2⤵
  PID:9084
- C:\Windows\System\FTyrYem.exe
  C:\Windows\System\FTyrYem.exe
  2⤵
  PID:9116
- C:\Windows\System\lbcVJAe.exe
  C:\Windows\System\lbcVJAe.exe
  2⤵
  PID:9136
- C:\Windows\System\DMXyLfx.exe
  C:\Windows\System\DMXyLfx.exe
  2⤵
  PID:9152
- C:\Windows\System\WQLcKxg.exe
  C:\Windows\System\WQLcKxg.exe
  2⤵
  PID:9180
- C:\Windows\System\doBgYPa.exe
  C:\Windows\System\doBgYPa.exe
  2⤵
  PID:9196
- C:\Windows\System\xGeDmpv.exe
  C:\Windows\System\xGeDmpv.exe
  2⤵
  PID:7432
- C:\Windows\System\EQJSILe.exe
  C:\Windows\System\EQJSILe.exe
  2⤵
  PID:8232
- C:\Windows\System\YqpFEkX.exe
  C:\Windows\System\YqpFEkX.exe
  2⤵
  PID:8300
- C:\Windows\System\lpBSNJY.exe
  C:\Windows\System\lpBSNJY.exe
  2⤵
  PID:8344
- C:\Windows\System\UivgmWS.exe
  C:\Windows\System\UivgmWS.exe
  2⤵
  PID:8348
- C:\Windows\System\drXPzmn.exe
  C:\Windows\System\drXPzmn.exe
  2⤵
  PID:8152
- C:\Windows\System\jJEfODG.exe
  C:\Windows\System\jJEfODG.exe
  2⤵
  PID:8392
- C:\Windows\System\RrmCSoB.exe
  C:\Windows\System\RrmCSoB.exe
  2⤵
  PID:8316
- C:\Windows\System\isdtNDy.exe
  C:\Windows\System\isdtNDy.exe
  2⤵
  PID:8408
- C:\Windows\System\jylUXvr.exe
  C:\Windows\System\jylUXvr.exe
  2⤵
  PID:8452
- C:\Windows\System\rjOiybo.exe
  C:\Windows\System\rjOiybo.exe
  2⤵
  PID:8468
- C:\Windows\System\EMUGABs.exe
  C:\Windows\System\EMUGABs.exe
  2⤵
  PID:8548
- C:\Windows\System\GlEcPfy.exe
  C:\Windows\System\GlEcPfy.exe
  2⤵
  PID:8600
- C:\Windows\System\jDYtlec.exe
  C:\Windows\System\jDYtlec.exe
  2⤵
  PID:8536
- C:\Windows\System\soMVHIo.exe
  C:\Windows\System\soMVHIo.exe
  2⤵
  PID:8620
- C:\Windows\System\GJWsqNE.exe
  C:\Windows\System\GJWsqNE.exe
  2⤵
  PID:8640
- C:\Windows\System\OpBiLbm.exe
  C:\Windows\System\OpBiLbm.exe
  2⤵
  PID:8664
- C:\Windows\System\rGYxzhK.exe
  C:\Windows\System\rGYxzhK.exe
  2⤵
  PID:8720
- C:\Windows\System\SWcXLpr.exe
  C:\Windows\System\SWcXLpr.exe
  2⤵
  PID:8796
- C:\Windows\System\ACEHOsf.exe
  C:\Windows\System\ACEHOsf.exe
  2⤵
  PID:8840
- C:\Windows\System\dhtbFIe.exe
  C:\Windows\System\dhtbFIe.exe
  2⤵
  PID:8876
- C:\Windows\System\qieHcDJ.exe
  C:\Windows\System\qieHcDJ.exe
  2⤵
  PID:8920
- C:\Windows\System\QLIGGyW.exe
  C:\Windows\System\QLIGGyW.exe
  2⤵
  PID:8952
- C:\Windows\System\TtbIDYF.exe
  C:\Windows\System\TtbIDYF.exe
  2⤵
  PID:8992
- C:\Windows\System\bIzuLKm.exe
  C:\Windows\System\bIzuLKm.exe
  2⤵
  PID:8900
- C:\Windows\System\rzWjHwz.exe
  C:\Windows\System\rzWjHwz.exe
  2⤵
  PID:8972
- C:\Windows\System\MCJzJNj.exe
  C:\Windows\System\MCJzJNj.exe
  2⤵
  PID:9016
- C:\Windows\System\YynXgmt.exe
  C:\Windows\System\YynXgmt.exe
  2⤵
  PID:9072
- C:\Windows\System\eRybdjq.exe
  C:\Windows\System\eRybdjq.exe
  2⤵
  PID:9056
- C:\Windows\System\UtvMyqf.exe
  C:\Windows\System\UtvMyqf.exe
  2⤵
  PID:9112
- C:\Windows\System\JddZAHr.exe
  C:\Windows\System\JddZAHr.exe
  2⤵
  PID:9160
- C:\Windows\System\KYXxUNt.exe
  C:\Windows\System\KYXxUNt.exe
  2⤵
  PID:9168
- C:\Windows\System\ggdemrB.exe
  C:\Windows\System\ggdemrB.exe
  2⤵
  PID:9208
- C:\Windows\System\NuFNMja.exe
  C:\Windows\System\NuFNMja.exe
  2⤵
  PID:8228
- C:\Windows\System\kcNIrif.exe
  C:\Windows\System\kcNIrif.exe
  2⤵
  PID:992
- C:\Windows\System\SQwRgVu.exe
  C:\Windows\System\SQwRgVu.exe
  2⤵
  PID:8356
- C:\Windows\System\WXRUCGY.exe
  C:\Windows\System\WXRUCGY.exe
  2⤵
  PID:8424
- C:\Windows\System\vltjHGA.exe
  C:\Windows\System\vltjHGA.exe
  2⤵
  PID:8376
- C:\Windows\System\zbtuwjI.exe
  C:\Windows\System\zbtuwjI.exe
  2⤵
  PID:8448
- C:\Windows\System\YiukGrZ.exe
  C:\Windows\System\YiukGrZ.exe
  2⤵
  PID:8500
- C:\Windows\System\GGUgrAi.exe
  C:\Windows\System\GGUgrAi.exe
  2⤵
  PID:8568
- C:\Windows\System\cTtOxfq.exe
  C:\Windows\System\cTtOxfq.exe
  2⤵
  PID:8680
- C:\Windows\System\QYJWigv.exe
  C:\Windows\System\QYJWigv.exe
  2⤵
  PID:8764
- C:\Windows\System\sSiPBwO.exe
  C:\Windows\System\sSiPBwO.exe
  2⤵
  PID:8832
- C:\Windows\System\xCfrPMx.exe
  C:\Windows\System\xCfrPMx.exe
  2⤵
  PID:8816
- C:\Windows\System\BjKjqYq.exe
  C:\Windows\System\BjKjqYq.exe
  2⤵
  PID:8960
- C:\Windows\System\AMJowTp.exe
  C:\Windows\System\AMJowTp.exe
  2⤵
  PID:8896
- C:\Windows\System\bxSFGvr.exe
  C:\Windows\System\bxSFGvr.exe
  2⤵
  PID:9036
- C:\Windows\System\ZsMIfmK.exe
  C:\Windows\System\ZsMIfmK.exe
  2⤵
  PID:9068
- C:\Windows\System\xVjskwf.exe
  C:\Windows\System\xVjskwf.exe
  2⤵
  PID:9128
- C:\Windows\System\CyDyBJt.exe
  C:\Windows\System\CyDyBJt.exe
  2⤵
  PID:9192
- C:\Windows\System\EbyLTil.exe
  C:\Windows\System\EbyLTil.exe
  2⤵
  PID:8460
- C:\Windows\System\scpUmxR.exe
  C:\Windows\System\scpUmxR.exe
  2⤵
  PID:7448
- C:\Windows\System\altfHjO.exe
  C:\Windows\System\altfHjO.exe
  2⤵
  PID:8596
- C:\Windows\System\aiOyXud.exe
  C:\Windows\System\aiOyXud.exe
  2⤵
  PID:8760
- C:\Windows\System\ByMmmVg.exe
  C:\Windows\System\ByMmmVg.exe
  2⤵
  PID:8484
- C:\Windows\System\DJKiwKW.exe
  C:\Windows\System\DJKiwKW.exe
  2⤵
  PID:6704
- C:\Windows\System\oBvxqQS.exe
  C:\Windows\System\oBvxqQS.exe
  2⤵
  PID:8368
- C:\Windows\System\IRdScnD.exe
  C:\Windows\System\IRdScnD.exe
  2⤵
  PID:8708
- C:\Windows\System\MiyrNgy.exe
  C:\Windows\System\MiyrNgy.exe
  2⤵
  PID:8776
- C:\Windows\System\YjaLncK.exe
  C:\Windows\System\YjaLncK.exe
  2⤵
  PID:8856
- C:\Windows\System\JKmUyAl.exe
  C:\Windows\System\JKmUyAl.exe
  2⤵
  PID:9176
- C:\Windows\System\wBDXsBW.exe
  C:\Windows\System\wBDXsBW.exe
  2⤵
  PID:8328
- C:\Windows\System\JgfFnPS.exe
  C:\Windows\System\JgfFnPS.exe
  2⤵
  PID:9104
- C:\Windows\System\lMyaJOR.exe
  C:\Windows\System\lMyaJOR.exe
  2⤵
  PID:8332
- C:\Windows\System\NWPgUrd.exe
  C:\Windows\System\NWPgUrd.exe
  2⤵
  PID:8752
- C:\Windows\System\QrtiSPq.exe
  C:\Windows\System\QrtiSPq.exe
  2⤵
  PID:8692
- C:\Windows\System\NjMffVk.exe
  C:\Windows\System\NjMffVk.exe
  2⤵
  PID:8372
- C:\Windows\System\BrPZvzi.exe
  C:\Windows\System\BrPZvzi.exe
  2⤵
  PID:8988
- C:\Windows\System\aALPRRu.exe
  C:\Windows\System\aALPRRu.exe
  2⤵
  PID:8464
- C:\Windows\System\ocEsQwW.exe
  C:\Windows\System\ocEsQwW.exe
  2⤵
  PID:8792
- C:\Windows\System\YdODjJN.exe
  C:\Windows\System\YdODjJN.exe
  2⤵
  PID:8780
- C:\Windows\System\kZEajiH.exe
  C:\Windows\System\kZEajiH.exe
  2⤵
  PID:9024
- C:\Windows\System\WbNJlkm.exe
  C:\Windows\System\WbNJlkm.exe
  2⤵
  PID:8432
- C:\Windows\System\LbzuHRv.exe
  C:\Windows\System\LbzuHRv.exe
  2⤵
  PID:8504
- C:\Windows\System\IBMGzXI.exe
  C:\Windows\System\IBMGzXI.exe
  2⤵
  PID:9040
- C:\Windows\System\RkNLSBi.exe
  C:\Windows\System\RkNLSBi.exe
  2⤵
  PID:8324
- C:\Windows\System\RiUPtjJ.exe
  C:\Windows\System\RiUPtjJ.exe
  2⤵
  PID:8280
- C:\Windows\System\blBWYiI.exe
  C:\Windows\System\blBWYiI.exe
  2⤵
  PID:6364
- C:\Windows\System\UJhrvTe.exe
  C:\Windows\System\UJhrvTe.exe
  2⤵
  PID:9188
- C:\Windows\System\noRZXUF.exe
  C:\Windows\System\noRZXUF.exe
  2⤵
  PID:9224
- C:\Windows\System\oUOAMym.exe
  C:\Windows\System\oUOAMym.exe
  2⤵
  PID:9240
- C:\Windows\System\LEHolVT.exe
  C:\Windows\System\LEHolVT.exe
  2⤵
  PID:9256
- C:\Windows\System\bcabsOe.exe
  C:\Windows\System\bcabsOe.exe
  2⤵
  PID:9272
- C:\Windows\System\SHzHqpW.exe
  C:\Windows\System\SHzHqpW.exe
  2⤵
  PID:9296
- C:\Windows\System\VdnIlKO.exe
  C:\Windows\System\VdnIlKO.exe
  2⤵
  PID:9316
- C:\Windows\System\QDuiDqY.exe
  C:\Windows\System\QDuiDqY.exe
  2⤵
  PID:9336
- C:\Windows\System\qmbRNeW.exe
  C:\Windows\System\qmbRNeW.exe
  2⤵
  PID:9360
- C:\Windows\System\qZGWFbl.exe
  C:\Windows\System\qZGWFbl.exe
  2⤵
  PID:9376
- C:\Windows\System\XLHyLvP.exe
  C:\Windows\System\XLHyLvP.exe
  2⤵
  PID:9408
- C:\Windows\System\WoozujI.exe
  C:\Windows\System\WoozujI.exe
  2⤵
  PID:9424
- C:\Windows\System\TKJkpGU.exe
  C:\Windows\System\TKJkpGU.exe
  2⤵
  PID:9444
- C:\Windows\System\LQdNHUo.exe
  C:\Windows\System\LQdNHUo.exe
  2⤵
  PID:9464
- C:\Windows\System\qQNnBRP.exe
  C:\Windows\System\qQNnBRP.exe
  2⤵
  PID:9484
- C:\Windows\System\golZpNd.exe
  C:\Windows\System\golZpNd.exe
  2⤵
  PID:9504
- C:\Windows\System\PytcRPJ.exe
  C:\Windows\System\PytcRPJ.exe
  2⤵
  PID:9528
- C:\Windows\System\ELwbHeP.exe
  C:\Windows\System\ELwbHeP.exe
  2⤵
  PID:9544
- C:\Windows\System\wIAnEMj.exe
  C:\Windows\System\wIAnEMj.exe
  2⤵
  PID:9564
- C:\Windows\System\zaLDRTF.exe
  C:\Windows\System\zaLDRTF.exe
  2⤵
  PID:9580
- C:\Windows\System\EDfJUwz.exe
  C:\Windows\System\EDfJUwz.exe
  2⤵
  PID:9600
- C:\Windows\System\AWxWNxB.exe
  C:\Windows\System\AWxWNxB.exe
  2⤵
  PID:9620
- C:\Windows\System\qMqHQER.exe
  C:\Windows\System\qMqHQER.exe
  2⤵
  PID:9640
- C:\Windows\System\DCWzKkp.exe
  C:\Windows\System\DCWzKkp.exe
  2⤵
  PID:9664
- C:\Windows\System\pwfgnYf.exe
  C:\Windows\System\pwfgnYf.exe
  2⤵
  PID:9684
- C:\Windows\System\ipAELjk.exe
  C:\Windows\System\ipAELjk.exe
  2⤵
  PID:9712
- C:\Windows\System\vJEGiDt.exe
  C:\Windows\System\vJEGiDt.exe
  2⤵
  PID:9732
- C:\Windows\System\CzmZrSg.exe
  C:\Windows\System\CzmZrSg.exe
  2⤵
  PID:9748
- C:\Windows\System\MrFIUYR.exe
  C:\Windows\System\MrFIUYR.exe
  2⤵
  PID:9772
- C:\Windows\System\DQuXqin.exe
  C:\Windows\System\DQuXqin.exe
  2⤵
  PID:9792
- C:\Windows\System\wcfjSOG.exe
  C:\Windows\System\wcfjSOG.exe
  2⤵
  PID:9808
- C:\Windows\System\cDCCOAh.exe
  C:\Windows\System\cDCCOAh.exe
  2⤵
  PID:9824
- C:\Windows\System\NvcKxcJ.exe
  C:\Windows\System\NvcKxcJ.exe
  2⤵
  PID:9852
- C:\Windows\System\aoCchol.exe
  C:\Windows\System\aoCchol.exe
  2⤵
  PID:9868
- C:\Windows\System\JuSjhOh.exe
  C:\Windows\System\JuSjhOh.exe
  2⤵
  PID:9884
- C:\Windows\System\KpFgYBY.exe
  C:\Windows\System\KpFgYBY.exe
  2⤵
  PID:9900
- C:\Windows\System\mscKQUm.exe
  C:\Windows\System\mscKQUm.exe
  2⤵
  PID:9928
- C:\Windows\System\OAPyJkd.exe
  C:\Windows\System\OAPyJkd.exe
  2⤵
  PID:9944
- C:\Windows\System\DfPLGGc.exe
  C:\Windows\System\DfPLGGc.exe
  2⤵
  PID:9964
- C:\Windows\System\hRwKkyp.exe
  C:\Windows\System\hRwKkyp.exe
  2⤵
  PID:9980
- C:\Windows\System\OLZocza.exe
  C:\Windows\System\OLZocza.exe
  2⤵
  PID:9996
- C:\Windows\System\PwoJlLn.exe
  C:\Windows\System\PwoJlLn.exe
  2⤵
  PID:10016
- C:\Windows\System\wLnyEWW.exe
  C:\Windows\System\wLnyEWW.exe
  2⤵
  PID:10032
- C:\Windows\System\jaMxvah.exe
  C:\Windows\System\jaMxvah.exe
  2⤵
  PID:10048
- C:\Windows\System\vvaubFo.exe
  C:\Windows\System\vvaubFo.exe
  2⤵
  PID:10068
- C:\Windows\System\QeOdFyb.exe
  C:\Windows\System\QeOdFyb.exe
  2⤵
  PID:10084
- C:\Windows\System\uqmdqgs.exe
  C:\Windows\System\uqmdqgs.exe
  2⤵
  PID:10100
- C:\Windows\System\keixWqZ.exe
  C:\Windows\System\keixWqZ.exe
  2⤵
  PID:10120
- C:\Windows\System\DgYWGvK.exe
  C:\Windows\System\DgYWGvK.exe
  2⤵
  PID:10140
- C:\Windows\System\CPukqyz.exe
  C:\Windows\System\CPukqyz.exe
  2⤵
  PID:10164
- C:\Windows\System\boUWAkQ.exe
  C:\Windows\System\boUWAkQ.exe
  2⤵
  PID:10180
- C:\Windows\System\nthGxyI.exe
  C:\Windows\System\nthGxyI.exe
  2⤵
  PID:10196
- C:\Windows\System\ANDribT.exe
  C:\Windows\System\ANDribT.exe
  2⤵
  PID:10224
- C:\Windows\System\zLmhkgT.exe
  C:\Windows\System\zLmhkgT.exe
  2⤵
  PID:8264
- C:\Windows\System\vOkpBSU.exe
  C:\Windows\System\vOkpBSU.exe
  2⤵
  PID:9280
- C:\Windows\System\vLmtGCq.exe
  C:\Windows\System\vLmtGCq.exe
  2⤵
  PID:9312
- C:\Windows\System\HSpbUje.exe
  C:\Windows\System\HSpbUje.exe
  2⤵
  PID:9268
- C:\Windows\System\ynMmKUu.exe
  C:\Windows\System\ynMmKUu.exe
  2⤵
  PID:9344
- C:\Windows\System\uHfLnrZ.exe
  C:\Windows\System\uHfLnrZ.exe
  2⤵
  PID:9392
- C:\Windows\System\CMhAPSV.exe
  C:\Windows\System\CMhAPSV.exe
  2⤵
  PID:9416
- C:\Windows\System\IedAeQX.exe
  C:\Windows\System\IedAeQX.exe
  2⤵
  PID:9436
- C:\Windows\System\NeZDVMP.exe
  C:\Windows\System\NeZDVMP.exe
  2⤵
  PID:9512
- C:\Windows\System\QvMrCKI.exe
  C:\Windows\System\QvMrCKI.exe
  2⤵
  PID:9496
- C:\Windows\System\gKwaQlM.exe
  C:\Windows\System\gKwaQlM.exe
  2⤵
  PID:9608
- C:\Windows\System\HoLDMyQ.exe
  C:\Windows\System\HoLDMyQ.exe
  2⤵
  PID:9588
- C:\Windows\System\dQqmOMb.exe
  C:\Windows\System\dQqmOMb.exe
  2⤵
  PID:9636
- C:\Windows\System\XBeUMIy.exe
  C:\Windows\System\XBeUMIy.exe
  2⤵
  PID:9676
- C:\Windows\System\vwvrene.exe
  C:\Windows\System\vwvrene.exe
  2⤵
  PID:9728
- C:\Windows\System\bPciDfx.exe
  C:\Windows\System\bPciDfx.exe
  2⤵
  PID:9764
- C:\Windows\System\QxAsreO.exe
  C:\Windows\System\QxAsreO.exe
  2⤵
  PID:9784
- C:\Windows\System\sVRjHwq.exe
  C:\Windows\System\sVRjHwq.exe
  2⤵
  PID:9832
- C:\Windows\System\RGtqgLa.exe
  C:\Windows\System\RGtqgLa.exe
  2⤵
  PID:9844
- C:\Windows\System\SeVjCVC.exe
  C:\Windows\System\SeVjCVC.exe
  2⤵
  PID:9860
- C:\Windows\System\HHVkwAA.exe
  C:\Windows\System\HHVkwAA.exe
  2⤵
  PID:9908
- C:\Windows\System\sbuqjEv.exe
  C:\Windows\System\sbuqjEv.exe
  2⤵
  PID:10004
- C:\Windows\System\rnfhDNM.exe
  C:\Windows\System\rnfhDNM.exe
  2⤵
  PID:10112
- C:\Windows\System\VLIwcRd.exe
  C:\Windows\System\VLIwcRd.exe
  2⤵
  PID:9952
- C:\Windows\System\ifHkFSb.exe
  C:\Windows\System\ifHkFSb.exe
  2⤵
  PID:9988
- C:\Windows\System\DIPxSad.exe
  C:\Windows\System\DIPxSad.exe
  2⤵
  PID:10152
- C:\Windows\System\IPvClwU.exe
  C:\Windows\System\IPvClwU.exe
  2⤵
  PID:10192
- C:\Windows\System\meZfdSy.exe
  C:\Windows\System\meZfdSy.exe
  2⤵
  PID:9324
- C:\Windows\System\MCPtJkw.exe
  C:\Windows\System\MCPtJkw.exe
  2⤵
  PID:9388
- C:\Windows\System\tWWNgZt.exe
  C:\Windows\System\tWWNgZt.exe
  2⤵
  PID:9476
- C:\Windows\System\iwhvBrr.exe
  C:\Windows\System\iwhvBrr.exe
  2⤵
  PID:9232
- C:\Windows\System\RBmgGWH.exe
  C:\Windows\System\RBmgGWH.exe
  2⤵
  PID:10064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DiPcvYj.exe

Filesize
6.0MB

MD5
d75183bfe3ac9baf0cb4a0fe4276b1e9

SHA1
bbc6615dd8ea6aff88819bd81e0c7dde99cfb955

SHA256
adca4aac128525e0ea86bd77ebfe103d55cff2d0fde5f5703c0bf7ebbb2d372f

SHA512
47bde9272cc970fa862acc6694667bc57397f29e6d8d0ecc5c5b1c17db3ca572a2eccd9488075a587ed4126b45b6b4979a474db353fb06918ce408c9e857c209

Download Submit
C:\Windows\system\ECDsdxT.exe

Filesize
6.0MB

MD5
0797454a3a498a7821f9b1f864e071d3

SHA1
146a45fc4517cac404f62293a48d4b9ffe3d14ff

SHA256
da87114a8d9a279541266c375cc88b2b78d454b510f81525a9a716fcc3f644f7

SHA512
6e037df3c63864e70cabefecf59888aef26347c0fcbc946610bc01d57d2cdcb7cfe1f279dd5cb9d57be381c9e7a5ae1c0ef18a5d021d15776ccdb4ccbec66b71

Download Submit
C:\Windows\system\FSseSvz.exe

Filesize
6.0MB

MD5
9eb3a50e55e5139877241057749193bb

SHA1
d6c32a8b631ad8b0c0ace3d7c7b3b1587e8bf1bf

SHA256
99e6d88448412fa21eb9351dd60133e390ec019388c0bf29d7c71b37670b39d1

SHA512
8c83218d404e4dd02915842b922b0d11224bde589c9222f283e85b521422f596eb0ecbbb1837c82e95ba8072fca8d7c711badf5fdd262afc1c2f4e3004a90be3

Download Submit
C:\Windows\system\IGVcEfM.exe

Filesize
6.0MB

MD5
1547598725fb3a1a5522e31251422d94

SHA1
5d2ad9898d406ec07d2d2d00d810d773ef25034d

SHA256
ea57404a6ebeb7b7b0c213b718716da200532b7d1de7ceb92aefcea83e68ab71

SHA512
8dcfa6dfd54c4573fbfb866b9b8aa409a32478651315e64503f1b7f2b0b8b7be6efacc2f348ca15e3e68244c2d24b3cd23c5b0512eef74f19516e4cd1820ca3d

Download Submit
C:\Windows\system\JwsuiUO.exe

Filesize
6.0MB

MD5
1f5432c6fecf973488e037cfde67e16c

SHA1
da465f46a51791df200bb8abaf6173bd63865fff

SHA256
ffd08458c76a20ff7d58339e27af2c2e07ddabdac2f79b27eed8c272ffdae7cf

SHA512
01927232f4034f724b40272cf3ca1b77dd90dbccd4110bdd8c9c777258594cdde4dae1a9daf61107ba84abc9d5f9077a0a6e196d44afff7dcb7cb7d60936c982

Download Submit
C:\Windows\system\MZQtcSG.exe

Filesize
8B

MD5
5342a025f8bd5574ac2cfd9e7a4e1a1e

SHA1
9f1b90df5a8274ef7445fea6637ca12533fa5eda

SHA256
5df3c16bf5eb50478afb42b9a1b740a4bbb6a0ec7f3fb1569d9f84db23074d12

SHA512
21847a0abe5dffb8b892449f0f12b0b52fc34755614f25002fdfc6e194189e673744fe24e0c0acc3030ac5dc097fb7518e2a6974535fe98f0c7bb3d12a16a418

Download Submit
C:\Windows\system\NpClXBl.exe

Filesize
6.0MB

MD5
f36723753c6bb0b349dc67f9257b18d4

SHA1
b1ab6e24044d5ad2ff0810314eb0da0539188f24

SHA256
5ea84d57e1262595d409f0aa5079a2e1e9b5e2e08039dafc3f569a22de9378a1

SHA512
aeb3a5975b4698284e7035ac32c30838dfeca7ce365cfc215e15e2b0909f20d5aafc0bea642c86e13b7f2d9985c81c319d703c228713956f19036e2b77c591f7

Download Submit
C:\Windows\system\ORYCkva.exe

Filesize
6.0MB

MD5
25d5c384a989770a1692aeb87568c7d6

SHA1
7735add758756122f9c1135a06401d5aedf87b53

SHA256
209939a6d6839ccfcd1b6ed153883ddfdb8426427ab6dc1f30fcff46141fb454

SHA512
e1576c0fda08acca9023b4ffb9529ab6bc396178b4a9e34a3af460c6561c6f9bd06696839ac742146ad17254e93b4e58a72ba1dbb7eea03d5e7c1d8fa26a9665

Download Submit
C:\Windows\system\QUTQPMU.exe

Filesize
6.0MB

MD5
9ab1c6d26be10666ec6ad16b99e65d0e

SHA1
e5699544109a095d87fa08750bb8ba167b63be2a

SHA256
865103d9c3c2ecf6cab247960f252a8202fc49f21d7ae2dc3651d50b937c6055

SHA512
a678c5a35ea5506f7cbc637f4c680bb61ff90e13a74bc77ca9173b30177018e2fb827e9fbdeebfc32d874e6cb948664c46a9a6135397067f1af6077b2ac4b86e

Download Submit
C:\Windows\system\QhcWoZR.exe

Filesize
6.0MB

MD5
8e2c0f2b19165c7c37d50018f21a53e5

SHA1
6bc0ccba6b3448d3bd50167e11e44f3936120b9b

SHA256
37b18ad489abac834f66bb27967752935063480a89eeedd1239bbc3480995256

SHA512
011b317a604ced5934ff1bf18624c5db9e322e51a3a069ff6faf25f1e861850a7d05582dee1f4519cf30e606987fc3222ba1c22038781bf74e096b015b3a624b

Download Submit
C:\Windows\system\TGECHku.exe

Filesize
6.0MB

MD5
304a1dc2b99077ec984d10042241a4af

SHA1
c7e07a4a0eaabd237db29c1a36f4dae30831a874

SHA256
ddbd410ab16f739b8ad8866b2dacbaefd87ac62add3c3805049fc41e31a7315c

SHA512
cac85ede44528efb2aa14efda7c3af5e012733a1858d47745ee09c79067c571811900614dea8f9f5588ab3443c08a3a17aba8fc3547c80c542a81fc6832c163f

Download Submit
C:\Windows\system\WiimWTo.exe

Filesize
6.0MB

MD5
aeb92db486ab6bbfdde22f5e75398a96

SHA1
6c988a4c0b2f3a714f6eb40158b814dbcc8cf5cb

SHA256
6b14fcd1491dba8ed06121a0d4c80d45464c41316917e10bc1197f8bd4cb3546

SHA512
70a215ef92a0b2f93252351d8f72668e8d2f72b38548addb1fc19d2989256f6e91d444384f49c32627da67aad63e7123ac25a4489be8b3209073f7f5a3cf798c

Download Submit
C:\Windows\system\XaqQMyd.exe

Filesize
6.0MB

MD5
6b75da59e4469dadac33b57abba1113c

SHA1
b3aa7e5343b7a73e0e90212ed0ea71e4baa5b970

SHA256
986ad7cb35f3b1576cfed25ec8f0b84544eb2ce2b6a51f7e2a4c1f0384225156

SHA512
e264618ad21c665ccacfc4893872beb13a8f6a53e949aa10fdc4b851c5932490c956dc780e9177b51b0db50587b234a9128b481e05352e7f0515d158e38f4038

Download Submit
C:\Windows\system\azZdpBi.exe

Filesize
6.0MB

MD5
82b744a9642fbe3fc30c42d189524102

SHA1
a3d431ec3dfad49e40457b5730b34b763f14f7da

SHA256
49f03fea2745e9d96c8547fb9892711ad9766311c03ec34be7d5a468890c51ca

SHA512
28ce4dcf2c187d66da3343b9e9086d4519eb5b792a7565b2b6d8c034bd3debaa486877f26752ae2e844cb2b8d20e9279769bc32fa16265c23e05f37a0eff5191

Download Submit
C:\Windows\system\birFJWA.exe

Filesize
6.0MB

MD5
f204cad016ef4aa7f52be466c371ea81

SHA1
ce93623a7c67eda33dc2049b218c72026c19f46c

SHA256
0f37569acce40add59181c6ac46fd7f09f5a6cb0affc767b248243fb29db1af4

SHA512
ff159215b671d9052999d58e3876596ffa1f9cff807c9441302ca02d1dd0ece2d847870cf09cb9be8e575733c1125b28acb2521f5694002c2445420de2b0f605

Download Submit
C:\Windows\system\cNfEBGs.exe

Filesize
6.0MB

MD5
e79186f7ab0b2cebd35bd15ade0da86c

SHA1
43c892562abd372c77469047b212946754435b9e

SHA256
bfbd9eafb5de3687adab792de68e0056a86b2c78dabafc2d7929972b198db4ea

SHA512
6a014124ad7914a1b0bf6e3bde13a10d4e6ae236b106b5cbe772427121872f940f6c6091f18fabe3cecf01101d44ea8f46c85037fa4e155a2c19fd0c3fec41b5

Download Submit
C:\Windows\system\dCjJtxi.exe

Filesize
6.0MB

MD5
a66e94b4093cf9041cac7938c7790ab4

SHA1
ec22d0408d880d741dac777dfa89f2ab21397442

SHA256
b7b5ec6061f54dd7094ea584cb0e1475e505c61f74a4129670c6178f947f0326

SHA512
a0c337a0cb7f0e80dd9eecb9b4b79a26808109ad3ab87b3ac6c1393c9a90c3aa1225b4a3ade127d3d37ba05c35ab446c1f7b429d223d229225738f2d704f0c81

Download Submit
C:\Windows\system\fLFKuhX.exe

Filesize
6.0MB

MD5
36029f1e7e7ab8464431cb2c380dc3e3

SHA1
8c5027ca6393956287e31af3995e78ab5ec6998b

SHA256
8bdbbabfe8466a3f0be4a4e79d8674f8ac52e6a904686fe38bcc71c768d96923

SHA512
20fe4ae81b7a29db6c162a3d921b142f64e3aed95a1d4c2ea8be644e2e09b333b505119bb878bd8eb547330aa277cc08b3431c98073733cadf7d353c14bd6af2

Download Submit
C:\Windows\system\fjmAWMS.exe

Filesize
6.0MB

MD5
0faf4175efa76c1a6e26be0425f48e78

SHA1
320994996de0e1d4d47d86de1ec44f2783a927b8

SHA256
a1f95d61965db5c9fd1933e958039ba08cbb6a91d94fc64bae7f7b0c888f1202

SHA512
50ac93d72efb4ad912973f9e33ec4c63f1008f7fc61729ef1115b428d3760050594924608fd6baacf3486a00ec91e7b5dddc0d17c8fb77aa984040fc6c5bfd15

Download Submit
C:\Windows\system\jxWxMSW.exe

Filesize
6.0MB

MD5
fe66e4bd0e3142cb0a671cbcdc7a30c3

SHA1
89541d0e99895f6bb1b81d91e64832bec1cd8edf

SHA256
3d8bcc0a501651dc55fcf5466c41e1ef3710748fcf56b95d3018b7fc13a19894

SHA512
257054bbfcb1617d45343477e61591cf7770d90da4d0fc9424b77d3a4390757a2c46c884053111e49add824cc99ab347754a4085785b64903a6c4e19f8f296e9

Download Submit
C:\Windows\system\mxBCMlH.exe

Filesize
6.0MB

MD5
354857184c3bc96052fc0dedb983e532

SHA1
a425c23a06dfdd878fa28d4b47606600904b81d5

SHA256
015450522106fe17c8de03183316b7c851e09dff0ff384d77a11bdb937cf5ef7

SHA512
e0ed64e932dbf929f4901283c5692d48b76ff95b2a470a9c00f19b14450f1164be833e7da439f0814b57c02fe4dab1733996b120acb78d237208e52a6186e8be

Download Submit
C:\Windows\system\ndUkrld.exe

Filesize
6.0MB

MD5
3982cee8af8a23087978fabcb89db60e

SHA1
93d84a56d2906465f19a137fbd1223f8133e26a4

SHA256
bcd1eb636c0126fb805b2625472519bb15ade2c5319a26b104f36732eeeaca3d

SHA512
224b98aef57f84219378f286e63d54fd436b225e9404d8aec62b1730c77cbc08becfda2b5bdbecd5199efd27f05008cae9ff0a44839a6c70971aead4314c6d4d

Download Submit
C:\Windows\system\pOPyINb.exe

Filesize
6.0MB

MD5
4c9e5e80231cce6f7a806d7d3da8367e

SHA1
5979bb533876572deee961192db611dd338c2ec7

SHA256
c4415bb76d48eb388029d11196bbcf622afa74b0e1c75440d0149ac72d0b61e5

SHA512
56a1354e5fb42201e0394e6b66ce587c3a0c58d5f70ca41a768a58f3a5de10072e6e38ce66f5b43e0ffee7c5a90d2e9bec07bd6a1ef2a5ace1fb6414ec9bbcd7

Download Submit
C:\Windows\system\sgZFwBU.exe

Filesize
6.0MB

MD5
d546f41bca25e54322d91fbbe285a8a0

SHA1
5e486498d50c390e26fa018c550869c7eae75f1c

SHA256
3adecef9c09d6ef05f7c3fe203a3631acdab2a17eecc4fe602d705b9ce4ab504

SHA512
30519dbd1a5b09addd447b6a67b8b00dcc20233f7524ccf8813c375a5854b0302a7c29dfd0d48a336869ca0cd7375dcf3f010e3496a08709264ca0980cc864e0

Download Submit
C:\Windows\system\trJOTRo.exe

Filesize
6.0MB

MD5
94a852f02a93925ab0ea1162f098b991

SHA1
a3e0cd68882179da7284fabb6ebc37e0bfcbc34d

SHA256
2b5729113fd9361ddd9240e657e64796dd378acab4b9fa4fda655f8986876b0b

SHA512
a7c80ae8cafaf4f003b046d67d9d80e209c65d899504fdf18954651e817ae09adbf8f4cca0a9f6d9c9cc51f4864927771aa359550e887098c59ee8f13803207d

Download Submit
C:\Windows\system\yBDNhKe.exe

Filesize
6.0MB

MD5
78e274a839808f411d2b365de0467dfc

SHA1
a4a01119101c4f6961ef35c6a11da323708bffb3

SHA256
7c7e6732072f759b832ce5fd2a9ff55a72cfa58e2b135ee674eaa0c4f428bb38

SHA512
224414cb43e6fc425256081f28dfadd6903c7dc44597e45714a3887e07038aeb317a15ed7d64b2e132db54fd16ba7fee84ddbb84a19f81ae68d72812fe3404fe

Download Submit
\Windows\system\ZoptWqE.exe

Filesize
6.0MB

MD5
53665e3b9f0dfe940ee5b848ccdd2af7

SHA1
f45a2cc05d9f3a0fee68a575c5f56ea0e0aab724

SHA256
f3b61c739ed637552465ddbea19e5660cd545a4d6a42aa978890be2584c2f24c

SHA512
5339c93fbc79ba39355d44be19383af5f061675b23a0b2517d6babe23d3ca41234ed89504e2c07f01c027f8781e640b79928a97f2f92a899ab458f2c28bf6b81

Download Submit
\Windows\system\bOqoPsL.exe

Filesize
6.0MB

MD5
09241061007e4d0e77739b8ec91c1ed3

SHA1
dcaff2922b275f7042334e55d7642758a228a51e

SHA256
f32f6bc1fad4c1a10c6982853fa235d1bdccc298936ba23527ea0709ca868dd0

SHA512
c653d51e26c9d61c4d3c75b8ccedc92a9a80609366e01bd5c8ced11e400f4cb8d88e754851f2d0d980a53d663efc1b3624e72e739be299880ab83e51cdafc963

Download Submit
\Windows\system\mdtAUCE.exe

Filesize
6.0MB

MD5
8236000cec02c1c1ecf087e4c34bb279

SHA1
1ca89061a301d722c3105262f80aa63289f67079

SHA256
53cd2f68b9cbc58ce62c7dfca1c46a58f691a5f0aacd5c6ad6bcedc85a4a587b

SHA512
0d6bb8e40743dad895dc3b548a60299e0041067d8799523333d93114a93e258aa26ef1c8c1ba72e108a5d5af8f607b26caa03d2a440b6beee24cfe6be9abe727

Download Submit
\Windows\system\njuAVuQ.exe

Filesize
6.0MB

MD5
af64ac281dbb024f426a9552446c1f12

SHA1
da09bec17814677ced4be2427e21e1807f370409

SHA256
6b7dc7aac0b91c0a225c96f484f6dccbeef9b65d37e64c1ca2c1161cae1e29bd

SHA512
220eb37a1ddfb7da66894b82c8c8eb65124378fc0aeccc4925dc03adddd24565b4169aee8e8faa3d9e271d430314eb18497b0883d08e5063921316b9d5463fca

Download Submit
\Windows\system\oITIGBC.exe

Filesize
6.0MB

MD5
064a1f7f7fb7b5a2b1ff662b6ee86369

SHA1
cbcca87616d0e7831435f31793402443c93d3e5a

SHA256
6315f962e92c4c91f17205f7679ae99ed5f63e3d578ed842a3aa6a26210601e8

SHA512
c0efd75281d3d0ac0976b64c2003beae284de60cd9556c91fffe013be055d6bf1532fbc430c437430521ae049140a4e8bd90ab38b50730bb07e421487cbd425d

Download Submit
\Windows\system\sSPFxlb.exe

Filesize
6.0MB

MD5
c427cfd3076d1967587df2475232b97e

SHA1
3c5541330f3004a4ece3383ca11a11dd5b4a2d9e

SHA256
07fead2de84701e610f846be40920ecc60da0ad9a6a830209c76884f7794cb96

SHA512
7159a35eada6afc1bd1454a5502e43904d0ba13d5ff90c8b9cbd5a46d48543a93190172310f24749fc8326264afcd2a15d17b646ae09a3de2e8b1ccf9be2a994

Download Submit
\Windows\system\tZEcgNX.exe

Filesize
6.0MB

MD5
f286062eeac671849e378c22fc2b1981

SHA1
7706f637848551840d94bce4341d50baee9068fd

SHA256
213f38dcb68fee843de3791c7ed81615c6369588aeccc10412f7a6ad221bac0a

SHA512
8ef098b1fce9ce34b5e365cc35da9e3d45a22c5a37ad50853e3dca8cc8cfea36be6d4534308c08368bbba140ac094b18c8d8e1deebd8a2eeab1e94c989789b35

Download Submit
memory/660-953-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/660-3830-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/1784-67-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/1784-3673-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-74-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1968-3695-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2052-81-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2052-3805-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2420-58-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-3548-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-49-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2588-3559-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2588-90-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2704-3379-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-23-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-59-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3312-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2724-47-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2724-8-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2788-942-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-3833-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-62-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-26-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-3341-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-44-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3515-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2840-13-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2840-3327-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2840-56-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2864-3508-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-45-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-941-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2960-3879-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2984-954-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-51-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2984-2327-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-2412-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-2435-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-27-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-925-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2984-54-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-955-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-1795-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-947-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-80-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2984-106-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-42-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2984-65-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-32-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-18-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-0-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2984-71-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download