cobaltstrike | 003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0

Analysis

max time kernel
150s
max time network
27s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 00:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
Size

6.0MB
MD5

1f6627022e00d447ac1bcf9a8e5e643c
SHA1

ea0b2d57dc33cc692a1c9598021c43a77e8de94c
SHA256

003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0
SHA512

2ab63c1e90328fcd530dce8356a4f6b62163a3a12ef099bd92f35c1aaf8c71b81f7e186e5283a6019c5cc8ef0671359dffe5b14047575edd5f849cc27af485dc
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUX:eOl56utgpPF8u/7X

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0009000000012238-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000193b8-10.dat	cobalt_reflective_dll
behavioral1/files/0x0030000000019326-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019470-25.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019480-42.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019489-39.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001948c-47.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019490-54.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000194eb-70.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000194a3-65.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ab-82.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f8-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a404-111.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a438-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44d-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46b-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a479-172.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a477-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a475-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a473-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a471-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46d-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a469-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a459-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a457-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44f-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a400-107.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3fd-103.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f6-93.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a309-78.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2060-0-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/files/0x0009000000012238-3.dat	xmrig
behavioral1/memory/2396-8-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x00080000000193b8-10.dat	xmrig
behavioral1/files/0x0030000000019326-12.dat	xmrig
behavioral1/memory/2828-22-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2256-17-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2060-24-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/files/0x0007000000019470-25.dat	xmrig
behavioral1/memory/2256-41-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2060-44-0x00000000023B0000-0x0000000002704000-memory.dmp	xmrig
behavioral1/memory/2844-45-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2524-46-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/files/0x0006000000019480-42.dat	xmrig
behavioral1/memory/2396-33-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019489-39.dat	xmrig
behavioral1/files/0x000600000001948c-47.dat	xmrig
behavioral1/memory/2820-53-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/files/0x0006000000019490-54.dat	xmrig
behavioral1/memory/2900-59-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2828-52-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/files/0x00080000000194eb-70.dat	xmrig
behavioral1/memory/336-73-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2060-72-0x00000000023B0000-0x0000000002704000-memory.dmp	xmrig
behavioral1/memory/2744-66-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/files/0x00080000000194a3-65.dat	xmrig
behavioral1/files/0x000500000001a3ab-82.dat	xmrig
behavioral1/memory/2660-80-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2524-79-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3f8-95.dat	xmrig
behavioral1/memory/2444-94-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2084-98-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a404-111.dat	xmrig
behavioral1/files/0x000500000001a438-115.dat	xmrig
behavioral1/files/0x000500000001a44d-120.dat	xmrig
behavioral1/files/0x000500000001a46b-141.dat	xmrig
behavioral1/memory/2256-1129-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/files/0x000500000001a479-172.dat	xmrig
behavioral1/files/0x000500000001a477-167.dat	xmrig
behavioral1/files/0x000500000001a475-164.dat	xmrig
behavioral1/files/0x000500000001a473-159.dat	xmrig
behavioral1/files/0x000500000001a471-156.dat	xmrig
behavioral1/files/0x000500000001a46f-152.dat	xmrig
behavioral1/files/0x000500000001a46d-148.dat	xmrig
behavioral1/files/0x000500000001a469-140.dat	xmrig
behavioral1/files/0x000500000001a463-135.dat	xmrig
behavioral1/files/0x000500000001a459-131.dat	xmrig
behavioral1/files/0x000500000001a457-127.dat	xmrig
behavioral1/files/0x000500000001a44f-123.dat	xmrig
behavioral1/files/0x000500000001a400-107.dat	xmrig
behavioral1/files/0x000500000001a3fd-103.dat	xmrig
behavioral1/files/0x000500000001a3f6-93.dat	xmrig
behavioral1/files/0x000500000001a309-78.dat	xmrig
behavioral1/memory/2164-87-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2836-37-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2396-1587-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2836-1588-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2524-1589-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2828-1591-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2844-1590-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2900-3038-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2164-3079-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2744-3077-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2084-3076-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2396	QbtMMRH.exe
2256	eFxMQRs.exe
2828	rkAQSXl.exe
2836	yWQlpWR.exe
2844	KTvmhAp.exe
2524	EUrXDMa.exe
2820	ZQcueuB.exe
2900	COFWaXF.exe
2744	ignvkcu.exe
336	RHQEjsR.exe
2660	CPfeCzu.exe
2164	YHrCWCU.exe
2444	IRVpxPF.exe
2084	FnfTnWm.exe
2748	Fzdoztg.exe
2080	xJuxJxe.exe
948	ilBTyFe.exe
1292	BtIKFRW.exe
1764	FWCNjCO.exe
2472	QeEFQVv.exe
2928	ElcBjQD.exe
2952	CGzzHHJ.exe
1996	HyYDCvU.exe
1652	DsEMrWk.exe
1612	zqnQSsq.exe
1688	fURxXDn.exe
3028	EUFtsBb.exe
3040	LUtJJgG.exe
840	YMhjsHD.exe
2176	NLCYdtX.exe
2264	TXbXRQM.exe
2504	gTZgcKS.exe
2404	Tppsxsg.exe
1508	AFXqqWf.exe
2460	Pvmnqum.exe
2636	XvSumDM.exe
2656	ypXAsuq.exe
2424	YRXwIVE.exe
2408	zWTkBgx.exe
288	xzBfFGt.exe
1536	KgsWaus.exe
1604	ULfXWZf.exe
1860	sMRnUfA.exe
2468	aEzHgto.exe
1464	FsPMUKm.exe
1616	uunnKjB.exe
1956	utawQsH.exe
1668	VMSwvZt.exe
964	vATUojb.exe
920	QYCVfXO.exe
2120	zVpTjHw.exe
1944	DVRgjVI.exe
1752	CiXtYMU.exe
932	pViSjCn.exe
2168	DHSFptg.exe
1364	KEgWyXJ.exe
844	bMcVCqS.exe
1880	svWehlR.exe
1928	JohpcGk.exe
876	tGuQmmH.exe
1648	OybULvl.exe
3052	gxBnBQG.exe
2112	Vavcvum.exe
1500	tKwedOd.exe

Loads dropped DLL 64 IoCs

pid	Process
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2060-0-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/files/0x0009000000012238-3.dat	upx
behavioral1/memory/2396-8-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x00080000000193b8-10.dat	upx
behavioral1/files/0x0030000000019326-12.dat	upx
behavioral1/memory/2828-22-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2256-17-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2060-24-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/files/0x0007000000019470-25.dat	upx
behavioral1/memory/2256-41-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2844-45-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2524-46-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/files/0x0006000000019480-42.dat	upx
behavioral1/memory/2396-33-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x0006000000019489-39.dat	upx
behavioral1/files/0x000600000001948c-47.dat	upx
behavioral1/memory/2820-53-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/files/0x0006000000019490-54.dat	upx
behavioral1/memory/2900-59-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2828-52-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/files/0x00080000000194eb-70.dat	upx
behavioral1/memory/336-73-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2744-66-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/files/0x00080000000194a3-65.dat	upx
behavioral1/files/0x000500000001a3ab-82.dat	upx
behavioral1/memory/2660-80-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2524-79-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/files/0x000500000001a3f8-95.dat	upx
behavioral1/memory/2444-94-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2084-98-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/files/0x000500000001a404-111.dat	upx
behavioral1/files/0x000500000001a438-115.dat	upx
behavioral1/files/0x000500000001a44d-120.dat	upx
behavioral1/files/0x000500000001a46b-141.dat	upx
behavioral1/memory/2256-1129-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/files/0x000500000001a479-172.dat	upx
behavioral1/files/0x000500000001a477-167.dat	upx
behavioral1/files/0x000500000001a475-164.dat	upx
behavioral1/files/0x000500000001a473-159.dat	upx
behavioral1/files/0x000500000001a471-156.dat	upx
behavioral1/files/0x000500000001a46f-152.dat	upx
behavioral1/files/0x000500000001a46d-148.dat	upx
behavioral1/files/0x000500000001a469-140.dat	upx
behavioral1/files/0x000500000001a463-135.dat	upx
behavioral1/files/0x000500000001a459-131.dat	upx
behavioral1/files/0x000500000001a457-127.dat	upx
behavioral1/files/0x000500000001a44f-123.dat	upx
behavioral1/files/0x000500000001a400-107.dat	upx
behavioral1/files/0x000500000001a3fd-103.dat	upx
behavioral1/files/0x000500000001a3f6-93.dat	upx
behavioral1/files/0x000500000001a309-78.dat	upx
behavioral1/memory/2164-87-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2836-37-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2396-1587-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2836-1588-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2524-1589-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2828-1591-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2844-1590-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2900-3038-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2164-3079-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2744-3077-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2084-3076-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/2820-3074-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/336-3032-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jOGeOhP.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\cNGTohM.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\USpFJuW.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\BYDgjVF.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\JVexkIV.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\TeRnxqO.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\ZtybeGE.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\THMBpgA.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\YHrCWCU.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\WBJAfRQ.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\JnQMtnz.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\OLTnqvq.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\OoJNvNX.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\zZFHwxx.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\qxbszaX.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\UDGhAcL.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\SdaKQPA.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\nleislw.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\uTzMTsE.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\LTcHvvf.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\YXGFFCw.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\aqYcwDQ.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\zWTkBgx.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\fypVffC.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\gRRuVOi.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\mnppMse.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\YjeMFag.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\ypXAsuq.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\AMLXYED.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\LculSpP.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\Ujefbrw.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\zOmeRSk.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\gLbXEFv.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\RfaVdoD.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\NqFWXKg.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\NSokFMx.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\xKrWecd.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\rdYkbCB.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\lMjIWJs.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\jnECLCD.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\FijnrZj.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\ovEHrYD.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\pKhHMXK.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\htvdbUr.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\SPTFcrS.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\gdDqsMl.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\EOvzktF.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\FiHKiNh.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\pUYXauA.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\JcYsJxc.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\xkwvEsE.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\lxjtEWa.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\gfKRGvw.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\kadltsi.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\eNqQiif.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\ZcmOKEG.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\JyUSjNu.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\ArKHLSA.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\UFhLphI.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\vGxszMT.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\PPhPfqo.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\rmJeZFt.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\hlqumVI.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
File created	C:\Windows\System\CnzzQnB.exe	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2396	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	30
PID 2060 wrote to memory of 2396	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	30
PID 2060 wrote to memory of 2396	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	30
PID 2060 wrote to memory of 2256	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	31
PID 2060 wrote to memory of 2256	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	31
PID 2060 wrote to memory of 2256	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	31
PID 2060 wrote to memory of 2828	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	32
PID 2060 wrote to memory of 2828	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	32
PID 2060 wrote to memory of 2828	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	32
PID 2060 wrote to memory of 2836	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	33
PID 2060 wrote to memory of 2836	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	33
PID 2060 wrote to memory of 2836	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	33
PID 2060 wrote to memory of 2524	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	34
PID 2060 wrote to memory of 2524	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	34
PID 2060 wrote to memory of 2524	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	34
PID 2060 wrote to memory of 2844	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	35
PID 2060 wrote to memory of 2844	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	35
PID 2060 wrote to memory of 2844	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	35
PID 2060 wrote to memory of 2820	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	36
PID 2060 wrote to memory of 2820	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	36
PID 2060 wrote to memory of 2820	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	36
PID 2060 wrote to memory of 2900	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	37
PID 2060 wrote to memory of 2900	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	37
PID 2060 wrote to memory of 2900	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	37
PID 2060 wrote to memory of 2744	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	38
PID 2060 wrote to memory of 2744	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	38
PID 2060 wrote to memory of 2744	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	38
PID 2060 wrote to memory of 336	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	39
PID 2060 wrote to memory of 336	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	39
PID 2060 wrote to memory of 336	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	39
PID 2060 wrote to memory of 2660	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	40
PID 2060 wrote to memory of 2660	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	40
PID 2060 wrote to memory of 2660	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	40
PID 2060 wrote to memory of 2164	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	41
PID 2060 wrote to memory of 2164	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	41
PID 2060 wrote to memory of 2164	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	41
PID 2060 wrote to memory of 2444	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	42
PID 2060 wrote to memory of 2444	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	42
PID 2060 wrote to memory of 2444	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	42
PID 2060 wrote to memory of 2084	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	43
PID 2060 wrote to memory of 2084	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	43
PID 2060 wrote to memory of 2084	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	43
PID 2060 wrote to memory of 2748	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	44
PID 2060 wrote to memory of 2748	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	44
PID 2060 wrote to memory of 2748	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	44
PID 2060 wrote to memory of 2080	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	45
PID 2060 wrote to memory of 2080	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	45
PID 2060 wrote to memory of 2080	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	45
PID 2060 wrote to memory of 948	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	46
PID 2060 wrote to memory of 948	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	46
PID 2060 wrote to memory of 948	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	46
PID 2060 wrote to memory of 1292	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	47
PID 2060 wrote to memory of 1292	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	47
PID 2060 wrote to memory of 1292	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	47
PID 2060 wrote to memory of 1764	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	48
PID 2060 wrote to memory of 1764	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	48
PID 2060 wrote to memory of 1764	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	48
PID 2060 wrote to memory of 2472	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	49
PID 2060 wrote to memory of 2472	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	49
PID 2060 wrote to memory of 2472	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	49
PID 2060 wrote to memory of 2928	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	50
PID 2060 wrote to memory of 2928	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	50
PID 2060 wrote to memory of 2928	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	50
PID 2060 wrote to memory of 2952	2060	JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe	51

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_003ad22d964ee9a81fda8f1262f306ac36ca09df726be80205859c22cb2e33b0.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Windows\System\QbtMMRH.exe
  C:\Windows\System\QbtMMRH.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\eFxMQRs.exe
  C:\Windows\System\eFxMQRs.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\rkAQSXl.exe
  C:\Windows\System\rkAQSXl.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\yWQlpWR.exe
  C:\Windows\System\yWQlpWR.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\EUrXDMa.exe
  C:\Windows\System\EUrXDMa.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\KTvmhAp.exe
  C:\Windows\System\KTvmhAp.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\ZQcueuB.exe
  C:\Windows\System\ZQcueuB.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\COFWaXF.exe
  C:\Windows\System\COFWaXF.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\ignvkcu.exe
  C:\Windows\System\ignvkcu.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\RHQEjsR.exe
  C:\Windows\System\RHQEjsR.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\CPfeCzu.exe
  C:\Windows\System\CPfeCzu.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\YHrCWCU.exe
  C:\Windows\System\YHrCWCU.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\IRVpxPF.exe
  C:\Windows\System\IRVpxPF.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\FnfTnWm.exe
  C:\Windows\System\FnfTnWm.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\Fzdoztg.exe
  C:\Windows\System\Fzdoztg.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\xJuxJxe.exe
  C:\Windows\System\xJuxJxe.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\ilBTyFe.exe
  C:\Windows\System\ilBTyFe.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\BtIKFRW.exe
  C:\Windows\System\BtIKFRW.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\FWCNjCO.exe
  C:\Windows\System\FWCNjCO.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\QeEFQVv.exe
  C:\Windows\System\QeEFQVv.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\ElcBjQD.exe
  C:\Windows\System\ElcBjQD.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\CGzzHHJ.exe
  C:\Windows\System\CGzzHHJ.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\HyYDCvU.exe
  C:\Windows\System\HyYDCvU.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\DsEMrWk.exe
  C:\Windows\System\DsEMrWk.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\zqnQSsq.exe
  C:\Windows\System\zqnQSsq.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\fURxXDn.exe
  C:\Windows\System\fURxXDn.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\EUFtsBb.exe
  C:\Windows\System\EUFtsBb.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\LUtJJgG.exe
  C:\Windows\System\LUtJJgG.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\YMhjsHD.exe
  C:\Windows\System\YMhjsHD.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\NLCYdtX.exe
  C:\Windows\System\NLCYdtX.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\TXbXRQM.exe
  C:\Windows\System\TXbXRQM.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\gTZgcKS.exe
  C:\Windows\System\gTZgcKS.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\Tppsxsg.exe
  C:\Windows\System\Tppsxsg.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\AFXqqWf.exe
  C:\Windows\System\AFXqqWf.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\Pvmnqum.exe
  C:\Windows\System\Pvmnqum.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\XvSumDM.exe
  C:\Windows\System\XvSumDM.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\ypXAsuq.exe
  C:\Windows\System\ypXAsuq.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\YRXwIVE.exe
  C:\Windows\System\YRXwIVE.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\zWTkBgx.exe
  C:\Windows\System\zWTkBgx.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\xzBfFGt.exe
  C:\Windows\System\xzBfFGt.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\KgsWaus.exe
  C:\Windows\System\KgsWaus.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\ULfXWZf.exe
  C:\Windows\System\ULfXWZf.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\sMRnUfA.exe
  C:\Windows\System\sMRnUfA.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\aEzHgto.exe
  C:\Windows\System\aEzHgto.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\FsPMUKm.exe
  C:\Windows\System\FsPMUKm.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\uunnKjB.exe
  C:\Windows\System\uunnKjB.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\utawQsH.exe
  C:\Windows\System\utawQsH.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\VMSwvZt.exe
  C:\Windows\System\VMSwvZt.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\vATUojb.exe
  C:\Windows\System\vATUojb.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\QYCVfXO.exe
  C:\Windows\System\QYCVfXO.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\zVpTjHw.exe
  C:\Windows\System\zVpTjHw.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\DVRgjVI.exe
  C:\Windows\System\DVRgjVI.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\CiXtYMU.exe
  C:\Windows\System\CiXtYMU.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\pViSjCn.exe
  C:\Windows\System\pViSjCn.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\DHSFptg.exe
  C:\Windows\System\DHSFptg.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\KEgWyXJ.exe
  C:\Windows\System\KEgWyXJ.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\bMcVCqS.exe
  C:\Windows\System\bMcVCqS.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\svWehlR.exe
  C:\Windows\System\svWehlR.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\JohpcGk.exe
  C:\Windows\System\JohpcGk.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\tGuQmmH.exe
  C:\Windows\System\tGuQmmH.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\OybULvl.exe
  C:\Windows\System\OybULvl.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\gxBnBQG.exe
  C:\Windows\System\gxBnBQG.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\Vavcvum.exe
  C:\Windows\System\Vavcvum.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\tKwedOd.exe
  C:\Windows\System\tKwedOd.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\KxHTcim.exe
  C:\Windows\System\KxHTcim.exe
  2⤵
  PID:324
- C:\Windows\System\YRmzMDB.exe
  C:\Windows\System\YRmzMDB.exe
  2⤵
  PID:2964
- C:\Windows\System\eVFTeDE.exe
  C:\Windows\System\eVFTeDE.exe
  2⤵
  PID:2904
- C:\Windows\System\zOmeRSk.exe
  C:\Windows\System\zOmeRSk.exe
  2⤵
  PID:2056
- C:\Windows\System\hDOoOqh.exe
  C:\Windows\System\hDOoOqh.exe
  2⤵
  PID:2892
- C:\Windows\System\oSSeWoD.exe
  C:\Windows\System\oSSeWoD.exe
  2⤵
  PID:2068
- C:\Windows\System\otGNovU.exe
  C:\Windows\System\otGNovU.exe
  2⤵
  PID:2916
- C:\Windows\System\nYONyHR.exe
  C:\Windows\System\nYONyHR.exe
  2⤵
  PID:2932
- C:\Windows\System\yILCiZT.exe
  C:\Windows\System\yILCiZT.exe
  2⤵
  PID:3016
- C:\Windows\System\lPHErVd.exe
  C:\Windows\System\lPHErVd.exe
  2⤵
  PID:2724
- C:\Windows\System\iOKsVcc.exe
  C:\Windows\System\iOKsVcc.exe
  2⤵
  PID:2872
- C:\Windows\System\HrZGXFG.exe
  C:\Windows\System\HrZGXFG.exe
  2⤵
  PID:2452
- C:\Windows\System\kRBjzgy.exe
  C:\Windows\System\kRBjzgy.exe
  2⤵
  PID:2664
- C:\Windows\System\ooeroJR.exe
  C:\Windows\System\ooeroJR.exe
  2⤵
  PID:2044
- C:\Windows\System\kgnKsYI.exe
  C:\Windows\System\kgnKsYI.exe
  2⤵
  PID:1512
- C:\Windows\System\ITzATrE.exe
  C:\Windows\System\ITzATrE.exe
  2⤵
  PID:956
- C:\Windows\System\wmqWqxG.exe
  C:\Windows\System\wmqWqxG.exe
  2⤵
  PID:2096
- C:\Windows\System\eMqKnHC.exe
  C:\Windows\System\eMqKnHC.exe
  2⤵
  PID:316
- C:\Windows\System\phyXdhe.exe
  C:\Windows\System\phyXdhe.exe
  2⤵
  PID:3000
- C:\Windows\System\AEWRlHa.exe
  C:\Windows\System\AEWRlHa.exe
  2⤵
  PID:1324
- C:\Windows\System\vvrufJg.exe
  C:\Windows\System\vvrufJg.exe
  2⤵
  PID:3044
- C:\Windows\System\dgBDfKI.exe
  C:\Windows\System\dgBDfKI.exe
  2⤵
  PID:2220
- C:\Windows\System\cjacAvC.exe
  C:\Windows\System\cjacAvC.exe
  2⤵
  PID:2556
- C:\Windows\System\XSfTZaY.exe
  C:\Windows\System\XSfTZaY.exe
  2⤵
  PID:2520
- C:\Windows\System\YnGZzCZ.exe
  C:\Windows\System\YnGZzCZ.exe
  2⤵
  PID:1532
- C:\Windows\System\eJLyNRB.exe
  C:\Windows\System\eJLyNRB.exe
  2⤵
  PID:2400
- C:\Windows\System\cImVGzl.exe
  C:\Windows\System\cImVGzl.exe
  2⤵
  PID:2268
- C:\Windows\System\rAuWBPZ.exe
  C:\Windows\System\rAuWBPZ.exe
  2⤵
  PID:1424
- C:\Windows\System\DQnKHEf.exe
  C:\Windows\System\DQnKHEf.exe
  2⤵
  PID:1744
- C:\Windows\System\JXdRppg.exe
  C:\Windows\System\JXdRppg.exe
  2⤵
  PID:1672
- C:\Windows\System\ybbJhGN.exe
  C:\Windows\System\ybbJhGN.exe
  2⤵
  PID:1656
- C:\Windows\System\OTJbSTy.exe
  C:\Windows\System\OTJbSTy.exe
  2⤵
  PID:2124
- C:\Windows\System\TTPZJmn.exe
  C:\Windows\System\TTPZJmn.exe
  2⤵
  PID:1984
- C:\Windows\System\OiQwTXC.exe
  C:\Windows\System\OiQwTXC.exe
  2⤵
  PID:1844
- C:\Windows\System\OqMOGIe.exe
  C:\Windows\System\OqMOGIe.exe
  2⤵
  PID:2340
- C:\Windows\System\PELmKMQ.exe
  C:\Windows\System\PELmKMQ.exe
  2⤵
  PID:1932
- C:\Windows\System\JPAPCQh.exe
  C:\Windows\System\JPAPCQh.exe
  2⤵
  PID:2508
- C:\Windows\System\IgyjJGB.exe
  C:\Windows\System\IgyjJGB.exe
  2⤵
  PID:2592
- C:\Windows\System\jFapBTn.exe
  C:\Windows\System\jFapBTn.exe
  2⤵
  PID:1600
- C:\Windows\System\FiGxCoW.exe
  C:\Windows\System\FiGxCoW.exe
  2⤵
  PID:944
- C:\Windows\System\KzJTNDv.exe
  C:\Windows\System\KzJTNDv.exe
  2⤵
  PID:2528
- C:\Windows\System\ofRFFib.exe
  C:\Windows\System\ofRFFib.exe
  2⤵
  PID:2052
- C:\Windows\System\pnWzKoR.exe
  C:\Windows\System\pnWzKoR.exe
  2⤵
  PID:3020
- C:\Windows\System\RXrjvST.exe
  C:\Windows\System\RXrjvST.exe
  2⤵
  PID:2728
- C:\Windows\System\xhPOmNs.exe
  C:\Windows\System\xhPOmNs.exe
  2⤵
  PID:1876
- C:\Windows\System\KwojwWt.exe
  C:\Windows\System\KwojwWt.exe
  2⤵
  PID:1692
- C:\Windows\System\UDGhAcL.exe
  C:\Windows\System\UDGhAcL.exe
  2⤵
  PID:1684
- C:\Windows\System\XCJpYga.exe
  C:\Windows\System\XCJpYga.exe
  2⤵
  PID:1136
- C:\Windows\System\bFYqroL.exe
  C:\Windows\System\bFYqroL.exe
  2⤵
  PID:1232
- C:\Windows\System\wlUsxcP.exe
  C:\Windows\System\wlUsxcP.exe
  2⤵
  PID:2632
- C:\Windows\System\DdBRiEx.exe
  C:\Windows\System\DdBRiEx.exe
  2⤵
  PID:2196
- C:\Windows\System\qvKaroO.exe
  C:\Windows\System\qvKaroO.exe
  2⤵
  PID:2620
- C:\Windows\System\zTUnKxw.exe
  C:\Windows\System\zTUnKxw.exe
  2⤵
  PID:868
- C:\Windows\System\uLzJunG.exe
  C:\Windows\System\uLzJunG.exe
  2⤵
  PID:776
- C:\Windows\System\gWNbhVU.exe
  C:\Windows\System\gWNbhVU.exe
  2⤵
  PID:3024
- C:\Windows\System\xPulgJW.exe
  C:\Windows\System\xPulgJW.exe
  2⤵
  PID:2628
- C:\Windows\System\IrUzBLr.exe
  C:\Windows\System\IrUzBLr.exe
  2⤵
  PID:1448
- C:\Windows\System\dPOeCHJ.exe
  C:\Windows\System\dPOeCHJ.exe
  2⤵
  PID:872
- C:\Windows\System\ezoyQkm.exe
  C:\Windows\System\ezoyQkm.exe
  2⤵
  PID:1504
- C:\Windows\System\yVxtgEB.exe
  C:\Windows\System\yVxtgEB.exe
  2⤵
  PID:2788
- C:\Windows\System\hHUnSHP.exe
  C:\Windows\System\hHUnSHP.exe
  2⤵
  PID:2368
- C:\Windows\System\VTlBzfI.exe
  C:\Windows\System\VTlBzfI.exe
  2⤵
  PID:3088
- C:\Windows\System\jOGeOhP.exe
  C:\Windows\System\jOGeOhP.exe
  2⤵
  PID:3108
- C:\Windows\System\cGSHPDU.exe
  C:\Windows\System\cGSHPDU.exe
  2⤵
  PID:3124
- C:\Windows\System\gPkzAJl.exe
  C:\Windows\System\gPkzAJl.exe
  2⤵
  PID:3140
- C:\Windows\System\tfLBxhI.exe
  C:\Windows\System\tfLBxhI.exe
  2⤵
  PID:3156
- C:\Windows\System\MdCGmNx.exe
  C:\Windows\System\MdCGmNx.exe
  2⤵
  PID:3172
- C:\Windows\System\usGZBZs.exe
  C:\Windows\System\usGZBZs.exe
  2⤵
  PID:3192
- C:\Windows\System\NJZEupi.exe
  C:\Windows\System\NJZEupi.exe
  2⤵
  PID:3208
- C:\Windows\System\ghPPFmQ.exe
  C:\Windows\System\ghPPFmQ.exe
  2⤵
  PID:3228
- C:\Windows\System\pyLeGZY.exe
  C:\Windows\System\pyLeGZY.exe
  2⤵
  PID:3244
- C:\Windows\System\nhfjIbk.exe
  C:\Windows\System\nhfjIbk.exe
  2⤵
  PID:3260
- C:\Windows\System\WBJAfRQ.exe
  C:\Windows\System\WBJAfRQ.exe
  2⤵
  PID:3276
- C:\Windows\System\PibrQXo.exe
  C:\Windows\System\PibrQXo.exe
  2⤵
  PID:3292
- C:\Windows\System\VwtdNyA.exe
  C:\Windows\System\VwtdNyA.exe
  2⤵
  PID:3308
- C:\Windows\System\TQNvghD.exe
  C:\Windows\System\TQNvghD.exe
  2⤵
  PID:3324
- C:\Windows\System\ccFZiWR.exe
  C:\Windows\System\ccFZiWR.exe
  2⤵
  PID:3340
- C:\Windows\System\MwwkYen.exe
  C:\Windows\System\MwwkYen.exe
  2⤵
  PID:3356
- C:\Windows\System\kViOQhc.exe
  C:\Windows\System\kViOQhc.exe
  2⤵
  PID:3376
- C:\Windows\System\vokivpH.exe
  C:\Windows\System\vokivpH.exe
  2⤵
  PID:3392
- C:\Windows\System\vIpLgUq.exe
  C:\Windows\System\vIpLgUq.exe
  2⤵
  PID:3408
- C:\Windows\System\OuVRhKp.exe
  C:\Windows\System\OuVRhKp.exe
  2⤵
  PID:3424
- C:\Windows\System\kiiRJER.exe
  C:\Windows\System\kiiRJER.exe
  2⤵
  PID:3440
- C:\Windows\System\xXCSVXA.exe
  C:\Windows\System\xXCSVXA.exe
  2⤵
  PID:3460
- C:\Windows\System\dPqmfuU.exe
  C:\Windows\System\dPqmfuU.exe
  2⤵
  PID:3476
- C:\Windows\System\kadltsi.exe
  C:\Windows\System\kadltsi.exe
  2⤵
  PID:3492
- C:\Windows\System\ZoOClXs.exe
  C:\Windows\System\ZoOClXs.exe
  2⤵
  PID:3508
- C:\Windows\System\evpiULm.exe
  C:\Windows\System\evpiULm.exe
  2⤵
  PID:3524
- C:\Windows\System\KgTLUal.exe
  C:\Windows\System\KgTLUal.exe
  2⤵
  PID:3540
- C:\Windows\System\IMwYJcQ.exe
  C:\Windows\System\IMwYJcQ.exe
  2⤵
  PID:3556
- C:\Windows\System\CqTMYmG.exe
  C:\Windows\System\CqTMYmG.exe
  2⤵
  PID:3572
- C:\Windows\System\cWSFVYV.exe
  C:\Windows\System\cWSFVYV.exe
  2⤵
  PID:3588
- C:\Windows\System\uaQBPSy.exe
  C:\Windows\System\uaQBPSy.exe
  2⤵
  PID:3604
- C:\Windows\System\HAikZPc.exe
  C:\Windows\System\HAikZPc.exe
  2⤵
  PID:3620
- C:\Windows\System\LAdGtfq.exe
  C:\Windows\System\LAdGtfq.exe
  2⤵
  PID:3636
- C:\Windows\System\DLGKCBA.exe
  C:\Windows\System\DLGKCBA.exe
  2⤵
  PID:3652
- C:\Windows\System\smvYxHO.exe
  C:\Windows\System\smvYxHO.exe
  2⤵
  PID:3668
- C:\Windows\System\PCCOwIW.exe
  C:\Windows\System\PCCOwIW.exe
  2⤵
  PID:3692
- C:\Windows\System\ILRxTIk.exe
  C:\Windows\System\ILRxTIk.exe
  2⤵
  PID:3708
- C:\Windows\System\sqmzVML.exe
  C:\Windows\System\sqmzVML.exe
  2⤵
  PID:3724
- C:\Windows\System\yEuVIzV.exe
  C:\Windows\System\yEuVIzV.exe
  2⤵
  PID:3744
- C:\Windows\System\qUufMpf.exe
  C:\Windows\System\qUufMpf.exe
  2⤵
  PID:3760
- C:\Windows\System\QwEqnht.exe
  C:\Windows\System\QwEqnht.exe
  2⤵
  PID:3776
- C:\Windows\System\ZIDmsDe.exe
  C:\Windows\System\ZIDmsDe.exe
  2⤵
  PID:3792
- C:\Windows\System\HCXRMKm.exe
  C:\Windows\System\HCXRMKm.exe
  2⤵
  PID:3808
- C:\Windows\System\wZuuRch.exe
  C:\Windows\System\wZuuRch.exe
  2⤵
  PID:3824
- C:\Windows\System\awrCNeQ.exe
  C:\Windows\System\awrCNeQ.exe
  2⤵
  PID:3840
- C:\Windows\System\ybgRxOa.exe
  C:\Windows\System\ybgRxOa.exe
  2⤵
  PID:3856
- C:\Windows\System\FlbsqRF.exe
  C:\Windows\System\FlbsqRF.exe
  2⤵
  PID:3872
- C:\Windows\System\PziBWzy.exe
  C:\Windows\System\PziBWzy.exe
  2⤵
  PID:3888
- C:\Windows\System\jFZEILj.exe
  C:\Windows\System\jFZEILj.exe
  2⤵
  PID:3904
- C:\Windows\System\DKEZfnU.exe
  C:\Windows\System\DKEZfnU.exe
  2⤵
  PID:3920
- C:\Windows\System\RfaVdoD.exe
  C:\Windows\System\RfaVdoD.exe
  2⤵
  PID:3936
- C:\Windows\System\IwPTThf.exe
  C:\Windows\System\IwPTThf.exe
  2⤵
  PID:3984
- C:\Windows\System\mQBLetx.exe
  C:\Windows\System\mQBLetx.exe
  2⤵
  PID:4000
- C:\Windows\System\NqFWXKg.exe
  C:\Windows\System\NqFWXKg.exe
  2⤵
  PID:4016
- C:\Windows\System\TPOtxTv.exe
  C:\Windows\System\TPOtxTv.exe
  2⤵
  PID:4032
- C:\Windows\System\UyyRMGU.exe
  C:\Windows\System\UyyRMGU.exe
  2⤵
  PID:4048
- C:\Windows\System\jWGurkw.exe
  C:\Windows\System\jWGurkw.exe
  2⤵
  PID:4064
- C:\Windows\System\wFkLkQV.exe
  C:\Windows\System\wFkLkQV.exe
  2⤵
  PID:4080
- C:\Windows\System\Seeyfzx.exe
  C:\Windows\System\Seeyfzx.exe
  2⤵
  PID:3032
- C:\Windows\System\Aultwek.exe
  C:\Windows\System\Aultwek.exe
  2⤵
  PID:2448
- C:\Windows\System\edjfybR.exe
  C:\Windows\System\edjfybR.exe
  2⤵
  PID:2388
- C:\Windows\System\UlylOcS.exe
  C:\Windows\System\UlylOcS.exe
  2⤵
  PID:2280
- C:\Windows\System\fypVffC.exe
  C:\Windows\System\fypVffC.exe
  2⤵
  PID:1576
- C:\Windows\System\DqPVYxb.exe
  C:\Windows\System\DqPVYxb.exe
  2⤵
  PID:236
- C:\Windows\System\ebfJZgk.exe
  C:\Windows\System\ebfJZgk.exe
  2⤵
  PID:1456
- C:\Windows\System\CJJThVJ.exe
  C:\Windows\System\CJJThVJ.exe
  2⤵
  PID:3012
- C:\Windows\System\gPnlvDY.exe
  C:\Windows\System\gPnlvDY.exe
  2⤵
  PID:2484
- C:\Windows\System\CHErTlC.exe
  C:\Windows\System\CHErTlC.exe
  2⤵
  PID:3096
- C:\Windows\System\dzEcsCg.exe
  C:\Windows\System\dzEcsCg.exe
  2⤵
  PID:3132
- C:\Windows\System\CqrpXmH.exe
  C:\Windows\System\CqrpXmH.exe
  2⤵
  PID:3164
- C:\Windows\System\EFBcXct.exe
  C:\Windows\System\EFBcXct.exe
  2⤵
  PID:3200
- C:\Windows\System\MpTucjF.exe
  C:\Windows\System\MpTucjF.exe
  2⤵
  PID:3236
- C:\Windows\System\CENxKHA.exe
  C:\Windows\System\CENxKHA.exe
  2⤵
  PID:3252
- C:\Windows\System\PgVAjYV.exe
  C:\Windows\System\PgVAjYV.exe
  2⤵
  PID:3364
- C:\Windows\System\kSFaLzx.exe
  C:\Windows\System\kSFaLzx.exe
  2⤵
  PID:3316
- C:\Windows\System\cjSqLhp.exe
  C:\Windows\System\cjSqLhp.exe
  2⤵
  PID:3348
- C:\Windows\System\PtIyzcu.exe
  C:\Windows\System\PtIyzcu.exe
  2⤵
  PID:3384
- C:\Windows\System\MSrVzdk.exe
  C:\Windows\System\MSrVzdk.exe
  2⤵
  PID:3432
- C:\Windows\System\rpJOqUq.exe
  C:\Windows\System\rpJOqUq.exe
  2⤵
  PID:3448
- C:\Windows\System\qGvPzbm.exe
  C:\Windows\System\qGvPzbm.exe
  2⤵
  PID:3500
- C:\Windows\System\iEIosJo.exe
  C:\Windows\System\iEIosJo.exe
  2⤵
  PID:3532
- C:\Windows\System\tgZpYIF.exe
  C:\Windows\System\tgZpYIF.exe
  2⤵
  PID:3564
- C:\Windows\System\XnGZypa.exe
  C:\Windows\System\XnGZypa.exe
  2⤵
  PID:3580
- C:\Windows\System\tTfoAJy.exe
  C:\Windows\System\tTfoAJy.exe
  2⤵
  PID:3612
- C:\Windows\System\fKfiCUe.exe
  C:\Windows\System\fKfiCUe.exe
  2⤵
  PID:3632
- C:\Windows\System\PiwoRmT.exe
  C:\Windows\System\PiwoRmT.exe
  2⤵
  PID:3644
- C:\Windows\System\jaSlogm.exe
  C:\Windows\System\jaSlogm.exe
  2⤵
  PID:3700
- C:\Windows\System\hiXwbUs.exe
  C:\Windows\System\hiXwbUs.exe
  2⤵
  PID:3732
- C:\Windows\System\QaoOVpq.exe
  C:\Windows\System\QaoOVpq.exe
  2⤵
  PID:3768
- C:\Windows\System\cGjEksa.exe
  C:\Windows\System\cGjEksa.exe
  2⤵
  PID:3784
- C:\Windows\System\VxuYkxI.exe
  C:\Windows\System\VxuYkxI.exe
  2⤵
  PID:3836
- C:\Windows\System\xKilqzZ.exe
  C:\Windows\System\xKilqzZ.exe
  2⤵
  PID:3816
- C:\Windows\System\ogADMlJ.exe
  C:\Windows\System\ogADMlJ.exe
  2⤵
  PID:3868
- C:\Windows\System\LYcBJoY.exe
  C:\Windows\System\LYcBJoY.exe
  2⤵
  PID:3900
- C:\Windows\System\gvdvVxT.exe
  C:\Windows\System\gvdvVxT.exe
  2⤵
  PID:3928
- C:\Windows\System\RKFAcMR.exe
  C:\Windows\System\RKFAcMR.exe
  2⤵
  PID:3960
- C:\Windows\System\EttkvDr.exe
  C:\Windows\System\EttkvDr.exe
  2⤵
  PID:3992
- C:\Windows\System\qRwwHAk.exe
  C:\Windows\System\qRwwHAk.exe
  2⤵
  PID:4012
- C:\Windows\System\zeFxvOt.exe
  C:\Windows\System\zeFxvOt.exe
  2⤵
  PID:4056
- C:\Windows\System\OsbQntM.exe
  C:\Windows\System\OsbQntM.exe
  2⤵
  PID:4076
- C:\Windows\System\FaiLloc.exe
  C:\Windows\System\FaiLloc.exe
  2⤵
  PID:1680
- C:\Windows\System\LgzuTTb.exe
  C:\Windows\System\LgzuTTb.exe
  2⤵
  PID:2548
- C:\Windows\System\LEreMCH.exe
  C:\Windows\System\LEreMCH.exe
  2⤵
  PID:1980
- C:\Windows\System\NcdgOjM.exe
  C:\Windows\System\NcdgOjM.exe
  2⤵
  PID:556
- C:\Windows\System\uJHuJOv.exe
  C:\Windows\System\uJHuJOv.exe
  2⤵
  PID:3080
- C:\Windows\System\wpRQUSY.exe
  C:\Windows\System\wpRQUSY.exe
  2⤵
  PID:2712
- C:\Windows\System\NSokFMx.exe
  C:\Windows\System\NSokFMx.exe
  2⤵
  PID:3184
- C:\Windows\System\Dtsbuut.exe
  C:\Windows\System\Dtsbuut.exe
  2⤵
  PID:3268
- C:\Windows\System\RLNlJsx.exe
  C:\Windows\System\RLNlJsx.exe
  2⤵
  PID:3304
- C:\Windows\System\cXbAqhJ.exe
  C:\Windows\System\cXbAqhJ.exe
  2⤵
  PID:3320
- C:\Windows\System\zQkJGyb.exe
  C:\Windows\System\zQkJGyb.exe
  2⤵
  PID:3436
- C:\Windows\System\NTjpyyj.exe
  C:\Windows\System\NTjpyyj.exe
  2⤵
  PID:3484
- C:\Windows\System\zDGxfoH.exe
  C:\Windows\System\zDGxfoH.exe
  2⤵
  PID:3548
- C:\Windows\System\LhnFWOd.exe
  C:\Windows\System\LhnFWOd.exe
  2⤵
  PID:864
- C:\Windows\System\jmSiOPT.exe
  C:\Windows\System\jmSiOPT.exe
  2⤵
  PID:3676
- C:\Windows\System\eOxmDnR.exe
  C:\Windows\System\eOxmDnR.exe
  2⤵
  PID:3720
- C:\Windows\System\nZKEYEz.exe
  C:\Windows\System\nZKEYEz.exe
  2⤵
  PID:3832
- C:\Windows\System\eNqQiif.exe
  C:\Windows\System\eNqQiif.exe
  2⤵
  PID:3852
- C:\Windows\System\llrfVWs.exe
  C:\Windows\System\llrfVWs.exe
  2⤵
  PID:2816
- C:\Windows\System\QBzoFDz.exe
  C:\Windows\System\QBzoFDz.exe
  2⤵
  PID:3952
- C:\Windows\System\WOBnpuM.exe
  C:\Windows\System\WOBnpuM.exe
  2⤵
  PID:4024
- C:\Windows\System\ZlSykbK.exe
  C:\Windows\System\ZlSykbK.exe
  2⤵
  PID:4088
- C:\Windows\System\uezfNRe.exe
  C:\Windows\System\uezfNRe.exe
  2⤵
  PID:1988
- C:\Windows\System\PPhPfqo.exe
  C:\Windows\System\PPhPfqo.exe
  2⤵
  PID:2832
- C:\Windows\System\xCqooHT.exe
  C:\Windows\System\xCqooHT.exe
  2⤵
  PID:3284
- C:\Windows\System\LxIViEP.exe
  C:\Windows\System\LxIViEP.exe
  2⤵
  PID:3240
- C:\Windows\System\AtrHVYI.exe
  C:\Windows\System\AtrHVYI.exe
  2⤵
  PID:2208
- C:\Windows\System\CCrKNly.exe
  C:\Windows\System\CCrKNly.exe
  2⤵
  PID:4108
- C:\Windows\System\GNGCvlq.exe
  C:\Windows\System\GNGCvlq.exe
  2⤵
  PID:4128
- C:\Windows\System\fjpTRoZ.exe
  C:\Windows\System\fjpTRoZ.exe
  2⤵
  PID:4144
- C:\Windows\System\JnQMtnz.exe
  C:\Windows\System\JnQMtnz.exe
  2⤵
  PID:4160
- C:\Windows\System\JLqwCVe.exe
  C:\Windows\System\JLqwCVe.exe
  2⤵
  PID:4176
- C:\Windows\System\OAJmiVS.exe
  C:\Windows\System\OAJmiVS.exe
  2⤵
  PID:4192
- C:\Windows\System\rsLnBSf.exe
  C:\Windows\System\rsLnBSf.exe
  2⤵
  PID:4208
- C:\Windows\System\DYBnFbH.exe
  C:\Windows\System\DYBnFbH.exe
  2⤵
  PID:4224
- C:\Windows\System\aekauOr.exe
  C:\Windows\System\aekauOr.exe
  2⤵
  PID:4244
- C:\Windows\System\xCqNFLY.exe
  C:\Windows\System\xCqNFLY.exe
  2⤵
  PID:4260
- C:\Windows\System\piORTec.exe
  C:\Windows\System\piORTec.exe
  2⤵
  PID:4276
- C:\Windows\System\LUDnKsX.exe
  C:\Windows\System\LUDnKsX.exe
  2⤵
  PID:4292
- C:\Windows\System\hTixOAg.exe
  C:\Windows\System\hTixOAg.exe
  2⤵
  PID:4308
- C:\Windows\System\YAwjmny.exe
  C:\Windows\System\YAwjmny.exe
  2⤵
  PID:4324
- C:\Windows\System\qtPayHO.exe
  C:\Windows\System\qtPayHO.exe
  2⤵
  PID:4340
- C:\Windows\System\JhqvbDe.exe
  C:\Windows\System\JhqvbDe.exe
  2⤵
  PID:4356
- C:\Windows\System\oDBzxyB.exe
  C:\Windows\System\oDBzxyB.exe
  2⤵
  PID:4372
- C:\Windows\System\MrPzags.exe
  C:\Windows\System\MrPzags.exe
  2⤵
  PID:4388
- C:\Windows\System\SSGyhUp.exe
  C:\Windows\System\SSGyhUp.exe
  2⤵
  PID:4404
- C:\Windows\System\waKVTtW.exe
  C:\Windows\System\waKVTtW.exe
  2⤵
  PID:4420
- C:\Windows\System\rmJeZFt.exe
  C:\Windows\System\rmJeZFt.exe
  2⤵
  PID:4436
- C:\Windows\System\EBLzEpk.exe
  C:\Windows\System\EBLzEpk.exe
  2⤵
  PID:4452
- C:\Windows\System\eJUNcwO.exe
  C:\Windows\System\eJUNcwO.exe
  2⤵
  PID:4468
- C:\Windows\System\XkWZXnS.exe
  C:\Windows\System\XkWZXnS.exe
  2⤵
  PID:4484
- C:\Windows\System\rNTdAbD.exe
  C:\Windows\System\rNTdAbD.exe
  2⤵
  PID:4500
- C:\Windows\System\QJcwgiw.exe
  C:\Windows\System\QJcwgiw.exe
  2⤵
  PID:4516
- C:\Windows\System\JrGHRZx.exe
  C:\Windows\System\JrGHRZx.exe
  2⤵
  PID:4532
- C:\Windows\System\poUtvDP.exe
  C:\Windows\System\poUtvDP.exe
  2⤵
  PID:4548
- C:\Windows\System\hjbNIbl.exe
  C:\Windows\System\hjbNIbl.exe
  2⤵
  PID:4564
- C:\Windows\System\dfFqVVx.exe
  C:\Windows\System\dfFqVVx.exe
  2⤵
  PID:4580
- C:\Windows\System\zWQfrzU.exe
  C:\Windows\System\zWQfrzU.exe
  2⤵
  PID:4596
- C:\Windows\System\lzPNncK.exe
  C:\Windows\System\lzPNncK.exe
  2⤵
  PID:4612
- C:\Windows\System\ZcmOKEG.exe
  C:\Windows\System\ZcmOKEG.exe
  2⤵
  PID:4628
- C:\Windows\System\fjEMklx.exe
  C:\Windows\System\fjEMklx.exe
  2⤵
  PID:4644
- C:\Windows\System\ReJCxnn.exe
  C:\Windows\System\ReJCxnn.exe
  2⤵
  PID:4660
- C:\Windows\System\mCdXRAQ.exe
  C:\Windows\System\mCdXRAQ.exe
  2⤵
  PID:4676
- C:\Windows\System\lxIJWDt.exe
  C:\Windows\System\lxIJWDt.exe
  2⤵
  PID:4692
- C:\Windows\System\phAhsxa.exe
  C:\Windows\System\phAhsxa.exe
  2⤵
  PID:4712
- C:\Windows\System\CjZLpwH.exe
  C:\Windows\System\CjZLpwH.exe
  2⤵
  PID:4728
- C:\Windows\System\TepjRus.exe
  C:\Windows\System\TepjRus.exe
  2⤵
  PID:4744
- C:\Windows\System\CNiskoi.exe
  C:\Windows\System\CNiskoi.exe
  2⤵
  PID:4760
- C:\Windows\System\JZJDaud.exe
  C:\Windows\System\JZJDaud.exe
  2⤵
  PID:4776
- C:\Windows\System\ScKlAOw.exe
  C:\Windows\System\ScKlAOw.exe
  2⤵
  PID:4792
- C:\Windows\System\xKrWecd.exe
  C:\Windows\System\xKrWecd.exe
  2⤵
  PID:4808
- C:\Windows\System\FEBXMhP.exe
  C:\Windows\System\FEBXMhP.exe
  2⤵
  PID:4824
- C:\Windows\System\oeiHWbN.exe
  C:\Windows\System\oeiHWbN.exe
  2⤵
  PID:4840
- C:\Windows\System\DLEuCmB.exe
  C:\Windows\System\DLEuCmB.exe
  2⤵
  PID:4856
- C:\Windows\System\dFAWsDk.exe
  C:\Windows\System\dFAWsDk.exe
  2⤵
  PID:4872
- C:\Windows\System\oruqSVY.exe
  C:\Windows\System\oruqSVY.exe
  2⤵
  PID:4888
- C:\Windows\System\gmoXRMM.exe
  C:\Windows\System\gmoXRMM.exe
  2⤵
  PID:4904
- C:\Windows\System\lSWRKyA.exe
  C:\Windows\System\lSWRKyA.exe
  2⤵
  PID:4920
- C:\Windows\System\PJZVXMb.exe
  C:\Windows\System\PJZVXMb.exe
  2⤵
  PID:4936
- C:\Windows\System\EunQMde.exe
  C:\Windows\System\EunQMde.exe
  2⤵
  PID:4952
- C:\Windows\System\IVbUyLn.exe
  C:\Windows\System\IVbUyLn.exe
  2⤵
  PID:4968
- C:\Windows\System\QtiHJxa.exe
  C:\Windows\System\QtiHJxa.exe
  2⤵
  PID:4984
- C:\Windows\System\HSBwKNH.exe
  C:\Windows\System\HSBwKNH.exe
  2⤵
  PID:5000
- C:\Windows\System\EJWLegR.exe
  C:\Windows\System\EJWLegR.exe
  2⤵
  PID:5016
- C:\Windows\System\uPqiCud.exe
  C:\Windows\System\uPqiCud.exe
  2⤵
  PID:5032
- C:\Windows\System\WMVjGfu.exe
  C:\Windows\System\WMVjGfu.exe
  2⤵
  PID:5048
- C:\Windows\System\mvmahWo.exe
  C:\Windows\System\mvmahWo.exe
  2⤵
  PID:5064
- C:\Windows\System\BrRiomr.exe
  C:\Windows\System\BrRiomr.exe
  2⤵
  PID:5080
- C:\Windows\System\sJpgznz.exe
  C:\Windows\System\sJpgznz.exe
  2⤵
  PID:5096
- C:\Windows\System\LSVASWx.exe
  C:\Windows\System\LSVASWx.exe
  2⤵
  PID:5112
- C:\Windows\System\pCEpgxF.exe
  C:\Windows\System\pCEpgxF.exe
  2⤵
  PID:1804
- C:\Windows\System\zmGskgR.exe
  C:\Windows\System\zmGskgR.exe
  2⤵
  PID:3772
- C:\Windows\System\nwHFsJb.exe
  C:\Windows\System\nwHFsJb.exe
  2⤵
  PID:3848
- C:\Windows\System\UzsHNbi.exe
  C:\Windows\System\UzsHNbi.exe
  2⤵
  PID:1168
- C:\Windows\System\HHXpSKi.exe
  C:\Windows\System\HHXpSKi.exe
  2⤵
  PID:1708
- C:\Windows\System\XJjSbRr.exe
  C:\Windows\System\XJjSbRr.exe
  2⤵
  PID:2740
- C:\Windows\System\BYDbicJ.exe
  C:\Windows\System\BYDbicJ.exe
  2⤵
  PID:2544
- C:\Windows\System\hPRaKRP.exe
  C:\Windows\System\hPRaKRP.exe
  2⤵
  PID:2700
- C:\Windows\System\ZWtScEH.exe
  C:\Windows\System\ZWtScEH.exe
  2⤵
  PID:4152
- C:\Windows\System\Vjckgsg.exe
  C:\Windows\System\Vjckgsg.exe
  2⤵
  PID:4168
- C:\Windows\System\QuFfwec.exe
  C:\Windows\System\QuFfwec.exe
  2⤵
  PID:2716
- C:\Windows\System\LLcecQB.exe
  C:\Windows\System\LLcecQB.exe
  2⤵
  PID:4200
- C:\Windows\System\HTTFpYQ.exe
  C:\Windows\System\HTTFpYQ.exe
  2⤵
  PID:4236
- C:\Windows\System\omOLbbu.exe
  C:\Windows\System\omOLbbu.exe
  2⤵
  PID:4288
- C:\Windows\System\kxPLhuh.exe
  C:\Windows\System\kxPLhuh.exe
  2⤵
  PID:4304
- C:\Windows\System\uUKwnrD.exe
  C:\Windows\System\uUKwnrD.exe
  2⤵
  PID:4352
- C:\Windows\System\XIScZvg.exe
  C:\Windows\System\XIScZvg.exe
  2⤵
  PID:4380
- C:\Windows\System\EChpOHE.exe
  C:\Windows\System\EChpOHE.exe
  2⤵
  PID:4400
- C:\Windows\System\YStMEFd.exe
  C:\Windows\System\YStMEFd.exe
  2⤵
  PID:2284
- C:\Windows\System\DrnAIdv.exe
  C:\Windows\System\DrnAIdv.exe
  2⤵
  PID:4476
- C:\Windows\System\nFIjDoW.exe
  C:\Windows\System\nFIjDoW.exe
  2⤵
  PID:4480
- C:\Windows\System\cTYoSan.exe
  C:\Windows\System\cTYoSan.exe
  2⤵
  PID:4512
- C:\Windows\System\cKELXid.exe
  C:\Windows\System\cKELXid.exe
  2⤵
  PID:4528
- C:\Windows\System\yyzfZIY.exe
  C:\Windows\System\yyzfZIY.exe
  2⤵
  PID:4604
- C:\Windows\System\CUeEbTI.exe
  C:\Windows\System\CUeEbTI.exe
  2⤵
  PID:4668
- C:\Windows\System\umhPoNS.exe
  C:\Windows\System\umhPoNS.exe
  2⤵
  PID:4736
- C:\Windows\System\lsjMKRG.exe
  C:\Windows\System\lsjMKRG.exe
  2⤵
  PID:4588
- C:\Windows\System\lgwcIEl.exe
  C:\Windows\System\lgwcIEl.exe
  2⤵
  PID:4624
- C:\Windows\System\WLEBlHT.exe
  C:\Windows\System\WLEBlHT.exe
  2⤵
  PID:4656
- C:\Windows\System\ZOJFnrX.exe
  C:\Windows\System\ZOJFnrX.exe
  2⤵
  PID:2300
- C:\Windows\System\BCXsLFs.exe
  C:\Windows\System\BCXsLFs.exe
  2⤵
  PID:4724
- C:\Windows\System\jhyuMAX.exe
  C:\Windows\System\jhyuMAX.exe
  2⤵
  PID:4864
- C:\Windows\System\dFMnPMb.exe
  C:\Windows\System\dFMnPMb.exe
  2⤵
  PID:4788
- C:\Windows\System\OKxxjKf.exe
  C:\Windows\System\OKxxjKf.exe
  2⤵
  PID:4896
- C:\Windows\System\rWAtRey.exe
  C:\Windows\System\rWAtRey.exe
  2⤵
  PID:4852
- C:\Windows\System\PRCfluL.exe
  C:\Windows\System\PRCfluL.exe
  2⤵
  PID:4916
- C:\Windows\System\juXvdQY.exe
  C:\Windows\System\juXvdQY.exe
  2⤵
  PID:4948
- C:\Windows\System\vgySzmk.exe
  C:\Windows\System\vgySzmk.exe
  2⤵
  PID:5008
- C:\Windows\System\QSmStmz.exe
  C:\Windows\System\QSmStmz.exe
  2⤵
  PID:5028
- C:\Windows\System\XeDxZsH.exe
  C:\Windows\System\XeDxZsH.exe
  2⤵
  PID:5044
- C:\Windows\System\rfTcrPT.exe
  C:\Windows\System\rfTcrPT.exe
  2⤵
  PID:308
- C:\Windows\System\vXMAJHD.exe
  C:\Windows\System\vXMAJHD.exe
  2⤵
  PID:5092
- C:\Windows\System\WrtyGIb.exe
  C:\Windows\System\WrtyGIb.exe
  2⤵
  PID:5108
- C:\Windows\System\HqARWiy.exe
  C:\Windows\System\HqARWiy.exe
  2⤵
  PID:3684
- C:\Windows\System\NvFhCzt.exe
  C:\Windows\System\NvFhCzt.exe
  2⤵
  PID:3944
- C:\Windows\System\mqnDDln.exe
  C:\Windows\System\mqnDDln.exe
  2⤵
  PID:2184
- C:\Windows\System\SPTFcrS.exe
  C:\Windows\System\SPTFcrS.exe
  2⤵
  PID:4120
- C:\Windows\System\DhIgVik.exe
  C:\Windows\System\DhIgVik.exe
  2⤵
  PID:4188
- C:\Windows\System\WFlmTxa.exe
  C:\Windows\System\WFlmTxa.exe
  2⤵
  PID:4256
- C:\Windows\System\skGZhtZ.exe
  C:\Windows\System\skGZhtZ.exe
  2⤵
  PID:4284
- C:\Windows\System\WCpjjTQ.exe
  C:\Windows\System\WCpjjTQ.exe
  2⤵
  PID:2864
- C:\Windows\System\jCqIoHN.exe
  C:\Windows\System\jCqIoHN.exe
  2⤵
  PID:4384
- C:\Windows\System\UNmJKlz.exe
  C:\Windows\System\UNmJKlz.exe
  2⤵
  PID:4396
- C:\Windows\System\Bpeeyow.exe
  C:\Windows\System\Bpeeyow.exe
  2⤵
  PID:4432
- C:\Windows\System\QoPxual.exe
  C:\Windows\System\QoPxual.exe
  2⤵
  PID:4496
- C:\Windows\System\PmTQizN.exe
  C:\Windows\System\PmTQizN.exe
  2⤵
  PID:4576
- C:\Windows\System\sWPlsVl.exe
  C:\Windows\System\sWPlsVl.exe
  2⤵
  PID:4768
- C:\Windows\System\yCghhDY.exe
  C:\Windows\System\yCghhDY.exe
  2⤵
  PID:4620
- C:\Windows\System\wJSqmNp.exe
  C:\Windows\System\wJSqmNp.exe
  2⤵
  PID:2212
- C:\Windows\System\iSkRJQL.exe
  C:\Windows\System\iSkRJQL.exe
  2⤵
  PID:2752
- C:\Windows\System\EMSqpmF.exe
  C:\Windows\System\EMSqpmF.exe
  2⤵
  PID:4928
- C:\Windows\System\uOsgZHk.exe
  C:\Windows\System\uOsgZHk.exe
  2⤵
  PID:4944
- C:\Windows\System\NKdMkgp.exe
  C:\Windows\System\NKdMkgp.exe
  2⤵
  PID:4992
- C:\Windows\System\QwZItyG.exe
  C:\Windows\System\QwZItyG.exe
  2⤵
  PID:5040
- C:\Windows\System\xpavkjr.exe
  C:\Windows\System\xpavkjr.exe
  2⤵
  PID:5072
- C:\Windows\System\wrGMjus.exe
  C:\Windows\System\wrGMjus.exe
  2⤵
  PID:3896
- C:\Windows\System\WDDlwvh.exe
  C:\Windows\System\WDDlwvh.exe
  2⤵
  PID:4040
- C:\Windows\System\PtXaPfy.exe
  C:\Windows\System\PtXaPfy.exe
  2⤵
  PID:3116
- C:\Windows\System\SMkAawS.exe
  C:\Windows\System\SMkAawS.exe
  2⤵
  PID:1968
- C:\Windows\System\dxxWMLj.exe
  C:\Windows\System\dxxWMLj.exe
  2⤵
  PID:4320
- C:\Windows\System\IaRlbnz.exe
  C:\Windows\System\IaRlbnz.exe
  2⤵
  PID:4416
- C:\Windows\System\cvRLeSv.exe
  C:\Windows\System\cvRLeSv.exe
  2⤵
  PID:4508
- C:\Windows\System\xaUthcc.exe
  C:\Windows\System\xaUthcc.exe
  2⤵
  PID:4700
- C:\Windows\System\dVqYYEa.exe
  C:\Windows\System\dVqYYEa.exe
  2⤵
  PID:4652
- C:\Windows\System\ZqOnaPR.exe
  C:\Windows\System\ZqOnaPR.exe
  2⤵
  PID:2984
- C:\Windows\System\kWKPuio.exe
  C:\Windows\System\kWKPuio.exe
  2⤵
  PID:4960
- C:\Windows\System\YrFhaqO.exe
  C:\Windows\System\YrFhaqO.exe
  2⤵
  PID:5056
- C:\Windows\System\ffZdZDR.exe
  C:\Windows\System\ffZdZDR.exe
  2⤵
  PID:3664
- C:\Windows\System\ounfyGN.exe
  C:\Windows\System\ounfyGN.exe
  2⤵
  PID:4136
- C:\Windows\System\CnzzQnB.exe
  C:\Windows\System\CnzzQnB.exe
  2⤵
  PID:4232
- C:\Windows\System\LZnYRvD.exe
  C:\Windows\System\LZnYRvD.exe
  2⤵
  PID:5132
- C:\Windows\System\xhLNLbX.exe
  C:\Windows\System\xhLNLbX.exe
  2⤵
  PID:5148
- C:\Windows\System\pOdblBS.exe
  C:\Windows\System\pOdblBS.exe
  2⤵
  PID:5164
- C:\Windows\System\yOlFJeX.exe
  C:\Windows\System\yOlFJeX.exe
  2⤵
  PID:5180
- C:\Windows\System\GtDKOiz.exe
  C:\Windows\System\GtDKOiz.exe
  2⤵
  PID:5196
- C:\Windows\System\FwiOBEa.exe
  C:\Windows\System\FwiOBEa.exe
  2⤵
  PID:5212
- C:\Windows\System\EaVYjUo.exe
  C:\Windows\System\EaVYjUo.exe
  2⤵
  PID:5228
- C:\Windows\System\kLAeGXj.exe
  C:\Windows\System\kLAeGXj.exe
  2⤵
  PID:5244
- C:\Windows\System\VLamznl.exe
  C:\Windows\System\VLamznl.exe
  2⤵
  PID:5260
- C:\Windows\System\CzmHvhg.exe
  C:\Windows\System\CzmHvhg.exe
  2⤵
  PID:5276
- C:\Windows\System\vMHVYvl.exe
  C:\Windows\System\vMHVYvl.exe
  2⤵
  PID:5296
- C:\Windows\System\dTjOfXA.exe
  C:\Windows\System\dTjOfXA.exe
  2⤵
  PID:5312
- C:\Windows\System\USRiWij.exe
  C:\Windows\System\USRiWij.exe
  2⤵
  PID:5328
- C:\Windows\System\DIbRDpf.exe
  C:\Windows\System\DIbRDpf.exe
  2⤵
  PID:5344
- C:\Windows\System\ojEqOjV.exe
  C:\Windows\System\ojEqOjV.exe
  2⤵
  PID:5360
- C:\Windows\System\BJmvhsD.exe
  C:\Windows\System\BJmvhsD.exe
  2⤵
  PID:5376
- C:\Windows\System\YqCUrIP.exe
  C:\Windows\System\YqCUrIP.exe
  2⤵
  PID:5392
- C:\Windows\System\IOLuHDk.exe
  C:\Windows\System\IOLuHDk.exe
  2⤵
  PID:5408
- C:\Windows\System\UlDwges.exe
  C:\Windows\System\UlDwges.exe
  2⤵
  PID:5424
- C:\Windows\System\AvsslqK.exe
  C:\Windows\System\AvsslqK.exe
  2⤵
  PID:5440
- C:\Windows\System\poHhtzP.exe
  C:\Windows\System\poHhtzP.exe
  2⤵
  PID:5456
- C:\Windows\System\xunahKV.exe
  C:\Windows\System\xunahKV.exe
  2⤵
  PID:5472
- C:\Windows\System\GlTfKgx.exe
  C:\Windows\System\GlTfKgx.exe
  2⤵
  PID:5488
- C:\Windows\System\RyCZJSz.exe
  C:\Windows\System\RyCZJSz.exe
  2⤵
  PID:5504
- C:\Windows\System\tKBpiMw.exe
  C:\Windows\System\tKBpiMw.exe
  2⤵
  PID:5520
- C:\Windows\System\RFpfdZF.exe
  C:\Windows\System\RFpfdZF.exe
  2⤵
  PID:5536
- C:\Windows\System\zlPiuMW.exe
  C:\Windows\System\zlPiuMW.exe
  2⤵
  PID:5552
- C:\Windows\System\wvlulMO.exe
  C:\Windows\System\wvlulMO.exe
  2⤵
  PID:5568
- C:\Windows\System\PNwldtM.exe
  C:\Windows\System\PNwldtM.exe
  2⤵
  PID:5584
- C:\Windows\System\jvZjYeG.exe
  C:\Windows\System\jvZjYeG.exe
  2⤵
  PID:5600
- C:\Windows\System\XyJHfzS.exe
  C:\Windows\System\XyJHfzS.exe
  2⤵
  PID:5616
- C:\Windows\System\cnyJzJs.exe
  C:\Windows\System\cnyJzJs.exe
  2⤵
  PID:5632
- C:\Windows\System\KEtnrID.exe
  C:\Windows\System\KEtnrID.exe
  2⤵
  PID:5648
- C:\Windows\System\xmFhTxq.exe
  C:\Windows\System\xmFhTxq.exe
  2⤵
  PID:5664
- C:\Windows\System\JPssbsp.exe
  C:\Windows\System\JPssbsp.exe
  2⤵
  PID:5680
- C:\Windows\System\ohpDDtA.exe
  C:\Windows\System\ohpDDtA.exe
  2⤵
  PID:5696
- C:\Windows\System\uOdHtTA.exe
  C:\Windows\System\uOdHtTA.exe
  2⤵
  PID:5712
- C:\Windows\System\BzlvGoM.exe
  C:\Windows\System\BzlvGoM.exe
  2⤵
  PID:5732
- C:\Windows\System\rdYkbCB.exe
  C:\Windows\System\rdYkbCB.exe
  2⤵
  PID:5748
- C:\Windows\System\vTjmqzA.exe
  C:\Windows\System\vTjmqzA.exe
  2⤵
  PID:5764
- C:\Windows\System\oUNtcFw.exe
  C:\Windows\System\oUNtcFw.exe
  2⤵
  PID:5780
- C:\Windows\System\AMLXYED.exe
  C:\Windows\System\AMLXYED.exe
  2⤵
  PID:5796
- C:\Windows\System\XLTgRux.exe
  C:\Windows\System\XLTgRux.exe
  2⤵
  PID:5812
- C:\Windows\System\ZueylBz.exe
  C:\Windows\System\ZueylBz.exe
  2⤵
  PID:5828
- C:\Windows\System\DOtwcIP.exe
  C:\Windows\System\DOtwcIP.exe
  2⤵
  PID:5844
- C:\Windows\System\OfIZUob.exe
  C:\Windows\System\OfIZUob.exe
  2⤵
  PID:5860
- C:\Windows\System\yDRYShV.exe
  C:\Windows\System\yDRYShV.exe
  2⤵
  PID:5876
- C:\Windows\System\zaKqneY.exe
  C:\Windows\System\zaKqneY.exe
  2⤵
  PID:5892
- C:\Windows\System\LIkwlaD.exe
  C:\Windows\System\LIkwlaD.exe
  2⤵
  PID:5908
- C:\Windows\System\flwaBCP.exe
  C:\Windows\System\flwaBCP.exe
  2⤵
  PID:5924
- C:\Windows\System\KqwyvAz.exe
  C:\Windows\System\KqwyvAz.exe
  2⤵
  PID:5940
- C:\Windows\System\SrrNmQQ.exe
  C:\Windows\System\SrrNmQQ.exe
  2⤵
  PID:5956
- C:\Windows\System\SGAlaQF.exe
  C:\Windows\System\SGAlaQF.exe
  2⤵
  PID:5972
- C:\Windows\System\WRiDTQN.exe
  C:\Windows\System\WRiDTQN.exe
  2⤵
  PID:5988
- C:\Windows\System\GjexRIu.exe
  C:\Windows\System\GjexRIu.exe
  2⤵
  PID:6004
- C:\Windows\System\ZfQqyuT.exe
  C:\Windows\System\ZfQqyuT.exe
  2⤵
  PID:6020
- C:\Windows\System\JZtrnmE.exe
  C:\Windows\System\JZtrnmE.exe
  2⤵
  PID:6036
- C:\Windows\System\mzaRrAk.exe
  C:\Windows\System\mzaRrAk.exe
  2⤵
  PID:6052
- C:\Windows\System\LyJIqTF.exe
  C:\Windows\System\LyJIqTF.exe
  2⤵
  PID:6068
- C:\Windows\System\HUTPWWV.exe
  C:\Windows\System\HUTPWWV.exe
  2⤵
  PID:6084
- C:\Windows\System\SnxifDE.exe
  C:\Windows\System\SnxifDE.exe
  2⤵
  PID:6100
- C:\Windows\System\VrFiwsC.exe
  C:\Windows\System\VrFiwsC.exe
  2⤵
  PID:6116
- C:\Windows\System\SdaKQPA.exe
  C:\Windows\System\SdaKQPA.exe
  2⤵
  PID:6132
- C:\Windows\System\MHRUUNP.exe
  C:\Windows\System\MHRUUNP.exe
  2⤵
  PID:4636
- C:\Windows\System\nZUglQx.exe
  C:\Windows\System\nZUglQx.exe
  2⤵
  PID:4772
- C:\Windows\System\nFTeemK.exe
  C:\Windows\System\nFTeemK.exe
  2⤵
  PID:4932
- C:\Windows\System\HPvzpMm.exe
  C:\Windows\System\HPvzpMm.exe
  2⤵
  PID:2428
- C:\Windows\System\RQGiSYh.exe
  C:\Windows\System\RQGiSYh.exe
  2⤵
  PID:2688
- C:\Windows\System\zmpGEVD.exe
  C:\Windows\System\zmpGEVD.exe
  2⤵
  PID:5144
- C:\Windows\System\wWBnVKz.exe
  C:\Windows\System\wWBnVKz.exe
  2⤵
  PID:5188
- C:\Windows\System\WlCPtuq.exe
  C:\Windows\System\WlCPtuq.exe
  2⤵
  PID:5220
- C:\Windows\System\PQaHmMC.exe
  C:\Windows\System\PQaHmMC.exe
  2⤵
  PID:2760
- C:\Windows\System\qZOIZXf.exe
  C:\Windows\System\qZOIZXf.exe
  2⤵
  PID:5284
- C:\Windows\System\kUAZhkn.exe
  C:\Windows\System\kUAZhkn.exe
  2⤵
  PID:5304
- C:\Windows\System\fNibAcT.exe
  C:\Windows\System\fNibAcT.exe
  2⤵
  PID:5336
- C:\Windows\System\YECzMGJ.exe
  C:\Windows\System\YECzMGJ.exe
  2⤵
  PID:5368
- C:\Windows\System\gGFpOkP.exe
  C:\Windows\System\gGFpOkP.exe
  2⤵
  PID:5400
- C:\Windows\System\NoxFcml.exe
  C:\Windows\System\NoxFcml.exe
  2⤵
  PID:5432
- C:\Windows\System\TWuvmMp.exe
  C:\Windows\System\TWuvmMp.exe
  2⤵
  PID:5464
- C:\Windows\System\cNwScLT.exe
  C:\Windows\System\cNwScLT.exe
  2⤵
  PID:5496
- C:\Windows\System\iOQhJJU.exe
  C:\Windows\System\iOQhJJU.exe
  2⤵
  PID:5516
- C:\Windows\System\fmbFvul.exe
  C:\Windows\System\fmbFvul.exe
  2⤵
  PID:5532
- C:\Windows\System\ydjUncZ.exe
  C:\Windows\System\ydjUncZ.exe
  2⤵
  PID:5576
- C:\Windows\System\tYtZvfv.exe
  C:\Windows\System\tYtZvfv.exe
  2⤵
  PID:5608
- C:\Windows\System\XCiIIhb.exe
  C:\Windows\System\XCiIIhb.exe
  2⤵
  PID:5624
- C:\Windows\System\dOJzIGY.exe
  C:\Windows\System\dOJzIGY.exe
  2⤵
  PID:5656
- C:\Windows\System\oLxcdLe.exe
  C:\Windows\System\oLxcdLe.exe
  2⤵
  PID:5688
- C:\Windows\System\oDDvEAn.exe
  C:\Windows\System\oDDvEAn.exe
  2⤵
  PID:5720
- C:\Windows\System\msDRCOT.exe
  C:\Windows\System\msDRCOT.exe
  2⤵
  PID:5756
- C:\Windows\System\VsRLYdX.exe
  C:\Windows\System\VsRLYdX.exe
  2⤵
  PID:5788
- C:\Windows\System\monQwcU.exe
  C:\Windows\System\monQwcU.exe
  2⤵
  PID:5820
- C:\Windows\System\nGTRldU.exe
  C:\Windows\System\nGTRldU.exe
  2⤵
  PID:5852
- C:\Windows\System\FfxDbpQ.exe
  C:\Windows\System\FfxDbpQ.exe
  2⤵
  PID:5884
- C:\Windows\System\aSHiJzy.exe
  C:\Windows\System\aSHiJzy.exe
  2⤵
  PID:3180
- C:\Windows\System\jpPsowP.exe
  C:\Windows\System\jpPsowP.exe
  2⤵
  PID:5728
- C:\Windows\System\mpCHdGk.exe
  C:\Windows\System\mpCHdGk.exe
  2⤵
  PID:5968
- C:\Windows\System\tRmaAvy.exe
  C:\Windows\System\tRmaAvy.exe
  2⤵
  PID:5984
- C:\Windows\System\kYfTUDL.exe
  C:\Windows\System\kYfTUDL.exe
  2⤵
  PID:2516
- C:\Windows\System\yUCnzAq.exe
  C:\Windows\System\yUCnzAq.exe
  2⤵
  PID:6064
- C:\Windows\System\IWZieLi.exe
  C:\Windows\System\IWZieLi.exe
  2⤵
  PID:6080
- C:\Windows\System\BPKnPMV.exe
  C:\Windows\System\BPKnPMV.exe
  2⤵
  PID:1920
- C:\Windows\System\MHfQaEL.exe
  C:\Windows\System\MHfQaEL.exe
  2⤵
  PID:4544
- C:\Windows\System\tJhgdDn.exe
  C:\Windows\System\tJhgdDn.exe
  2⤵
  PID:4980
- C:\Windows\System\cZBemir.exe
  C:\Windows\System\cZBemir.exe
  2⤵
  PID:4008
- C:\Windows\System\AxLBgad.exe
  C:\Windows\System\AxLBgad.exe
  2⤵
  PID:5160
- C:\Windows\System\wJZQSIe.exe
  C:\Windows\System\wJZQSIe.exe
  2⤵
  PID:5204
- C:\Windows\System\DaTrnCW.exe
  C:\Windows\System\DaTrnCW.exe
  2⤵
  PID:5256
- C:\Windows\System\IZpXqHp.exe
  C:\Windows\System\IZpXqHp.exe
  2⤵
  PID:5308
- C:\Windows\System\bQaoNZF.exe
  C:\Windows\System\bQaoNZF.exe
  2⤵
  PID:5388
- C:\Windows\System\pzorArg.exe
  C:\Windows\System\pzorArg.exe
  2⤵
  PID:5452
- C:\Windows\System\eKELYvU.exe
  C:\Windows\System\eKELYvU.exe
  2⤵
  PID:4720
- C:\Windows\System\qkJxMUi.exe
  C:\Windows\System\qkJxMUi.exe
  2⤵
  PID:5544
- C:\Windows\System\JAyIAFy.exe
  C:\Windows\System\JAyIAFy.exe
  2⤵
  PID:5776
- C:\Windows\System\arZSSsq.exe
  C:\Windows\System\arZSSsq.exe
  2⤵
  PID:5888
- C:\Windows\System\meMitno.exe
  C:\Windows\System\meMitno.exe
  2⤵
  PID:5952
- C:\Windows\System\QbDIOZn.exe
  C:\Windows\System\QbDIOZn.exe
  2⤵
  PID:6044
- C:\Windows\System\kAlfArZ.exe
  C:\Windows\System\kAlfArZ.exe
  2⤵
  PID:6108
- C:\Windows\System\aDsHGTl.exe
  C:\Windows\System\aDsHGTl.exe
  2⤵
  PID:6112
- C:\Windows\System\HbMektE.exe
  C:\Windows\System\HbMektE.exe
  2⤵
  PID:2004
- C:\Windows\System\SxonYsL.exe
  C:\Windows\System\SxonYsL.exe
  2⤵
  PID:5224
- C:\Windows\System\wipNVoy.exe
  C:\Windows\System\wipNVoy.exe
  2⤵
  PID:5372
- C:\Windows\System\QeIkOpq.exe
  C:\Windows\System\QeIkOpq.exe
  2⤵
  PID:5580
- C:\Windows\System\PXCfKWu.exe
  C:\Windows\System\PXCfKWu.exe
  2⤵
  PID:5176
- C:\Windows\System\OBpCaKU.exe
  C:\Windows\System\OBpCaKU.exe
  2⤵
  PID:5420
- C:\Windows\System\ZnAdqOu.exe
  C:\Windows\System\ZnAdqOu.exe
  2⤵
  PID:2064
- C:\Windows\System\epSAsdu.exe
  C:\Windows\System\epSAsdu.exe
  2⤵
  PID:5640
- C:\Windows\System\syqlrUR.exe
  C:\Windows\System\syqlrUR.exe
  2⤵
  PID:2856
- C:\Windows\System\nAOTvtp.exe
  C:\Windows\System\nAOTvtp.exe
  2⤵
  PID:5596
- C:\Windows\System\hotEzJx.exe
  C:\Windows\System\hotEzJx.exe
  2⤵
  PID:2736
- C:\Windows\System\adZRFvh.exe
  C:\Windows\System\adZRFvh.exe
  2⤵
  PID:2216
- C:\Windows\System\WlkZMxz.exe
  C:\Windows\System\WlkZMxz.exe
  2⤵
  PID:2536
- C:\Windows\System\GwIyUCu.exe
  C:\Windows\System\GwIyUCu.exe
  2⤵
  PID:972
- C:\Windows\System\UYFRVIs.exe
  C:\Windows\System\UYFRVIs.exe
  2⤵
  PID:1468
- C:\Windows\System\nckkiMD.exe
  C:\Windows\System\nckkiMD.exe
  2⤵
  PID:4316
- C:\Windows\System\AWfrPNl.exe
  C:\Windows\System\AWfrPNl.exe
  2⤵
  PID:1244
- C:\Windows\System\GebqhgO.exe
  C:\Windows\System\GebqhgO.exe
  2⤵
  PID:2200
- C:\Windows\System\nleislw.exe
  C:\Windows\System\nleislw.exe
  2⤵
  PID:1116
- C:\Windows\System\iPNkqRW.exe
  C:\Windows\System\iPNkqRW.exe
  2⤵
  PID:5288
- C:\Windows\System\veGroHi.exe
  C:\Windows\System\veGroHi.exe
  2⤵
  PID:2296
- C:\Windows\System\xYFbZCw.exe
  C:\Windows\System\xYFbZCw.exe
  2⤵
  PID:2316
- C:\Windows\System\ADnxygL.exe
  C:\Windows\System\ADnxygL.exe
  2⤵
  PID:2116
- C:\Windows\System\OzzAeVR.exe
  C:\Windows\System\OzzAeVR.exe
  2⤵
  PID:2456
- C:\Windows\System\AEUQkbe.exe
  C:\Windows\System\AEUQkbe.exe
  2⤵
  PID:5840
- C:\Windows\System\gWRqDMP.exe
  C:\Windows\System\gWRqDMP.exe
  2⤵
  PID:5936
- C:\Windows\System\IYSGALo.exe
  C:\Windows\System\IYSGALo.exe
  2⤵
  PID:6164
- C:\Windows\System\AacNNki.exe
  C:\Windows\System\AacNNki.exe
  2⤵
  PID:6192
- C:\Windows\System\OWKrBNn.exe
  C:\Windows\System\OWKrBNn.exe
  2⤵
  PID:6232
- C:\Windows\System\ILrZxlG.exe
  C:\Windows\System\ILrZxlG.exe
  2⤵
  PID:6276
- C:\Windows\System\LculSpP.exe
  C:\Windows\System\LculSpP.exe
  2⤵
  PID:6292
- C:\Windows\System\oqPOdbZ.exe
  C:\Windows\System\oqPOdbZ.exe
  2⤵
  PID:6312
- C:\Windows\System\ggowIyZ.exe
  C:\Windows\System\ggowIyZ.exe
  2⤵
  PID:6328
- C:\Windows\System\ccKSevX.exe
  C:\Windows\System\ccKSevX.exe
  2⤵
  PID:6344
- C:\Windows\System\XdpFgYw.exe
  C:\Windows\System\XdpFgYw.exe
  2⤵
  PID:6360
- C:\Windows\System\iTmRioZ.exe
  C:\Windows\System\iTmRioZ.exe
  2⤵
  PID:6376
- C:\Windows\System\qLWkCSz.exe
  C:\Windows\System\qLWkCSz.exe
  2⤵
  PID:6396
- C:\Windows\System\ysxRmAB.exe
  C:\Windows\System\ysxRmAB.exe
  2⤵
  PID:6532
- C:\Windows\System\ZiNjkUI.exe
  C:\Windows\System\ZiNjkUI.exe
  2⤵
  PID:6552
- C:\Windows\System\VMFlgEx.exe
  C:\Windows\System\VMFlgEx.exe
  2⤵
  PID:6568
- C:\Windows\System\CCVhmWn.exe
  C:\Windows\System\CCVhmWn.exe
  2⤵
  PID:6588
- C:\Windows\System\KYYCtSk.exe
  C:\Windows\System\KYYCtSk.exe
  2⤵
  PID:6616
- C:\Windows\System\LlvWCbH.exe
  C:\Windows\System\LlvWCbH.exe
  2⤵
  PID:6640
- C:\Windows\System\XimDBgs.exe
  C:\Windows\System\XimDBgs.exe
  2⤵
  PID:6664
- C:\Windows\System\zShQdTL.exe
  C:\Windows\System\zShQdTL.exe
  2⤵
  PID:6696
- C:\Windows\System\ryxQPRl.exe
  C:\Windows\System\ryxQPRl.exe
  2⤵
  PID:6720
- C:\Windows\System\ldxEYoN.exe
  C:\Windows\System\ldxEYoN.exe
  2⤵
  PID:6740
- C:\Windows\System\KGaBoxA.exe
  C:\Windows\System\KGaBoxA.exe
  2⤵
  PID:6776
- C:\Windows\System\HPiLwQr.exe
  C:\Windows\System\HPiLwQr.exe
  2⤵
  PID:6796
- C:\Windows\System\mMNMFHG.exe
  C:\Windows\System\mMNMFHG.exe
  2⤵
  PID:6820
- C:\Windows\System\qoSlGQd.exe
  C:\Windows\System\qoSlGQd.exe
  2⤵
  PID:6848
- C:\Windows\System\tEBabjJ.exe
  C:\Windows\System\tEBabjJ.exe
  2⤵
  PID:6876
- C:\Windows\System\QKtUEIH.exe
  C:\Windows\System\QKtUEIH.exe
  2⤵
  PID:6904
- C:\Windows\System\RWUnRxx.exe
  C:\Windows\System\RWUnRxx.exe
  2⤵
  PID:6928
- C:\Windows\System\IPxJacf.exe
  C:\Windows\System\IPxJacf.exe
  2⤵
  PID:6952
- C:\Windows\System\Pllvstv.exe
  C:\Windows\System\Pllvstv.exe
  2⤵
  PID:6976
- C:\Windows\System\pbsuQCU.exe
  C:\Windows\System\pbsuQCU.exe
  2⤵
  PID:7000
- C:\Windows\System\HQrPdsI.exe
  C:\Windows\System\HQrPdsI.exe
  2⤵
  PID:7024
- C:\Windows\System\OIgtnFC.exe
  C:\Windows\System\OIgtnFC.exe
  2⤵
  PID:7048
- C:\Windows\System\PWofWmi.exe
  C:\Windows\System\PWofWmi.exe
  2⤵
  PID:7072
- C:\Windows\System\ETajrWi.exe
  C:\Windows\System\ETajrWi.exe
  2⤵
  PID:7092
- C:\Windows\System\BtCOwDF.exe
  C:\Windows\System\BtCOwDF.exe
  2⤵
  PID:7116
- C:\Windows\System\uLZyShV.exe
  C:\Windows\System\uLZyShV.exe
  2⤵
  PID:7140
- C:\Windows\System\hvSSPCH.exe
  C:\Windows\System\hvSSPCH.exe
  2⤵
  PID:7164
- C:\Windows\System\HdjGZig.exe
  C:\Windows\System\HdjGZig.exe
  2⤵
  PID:1992
- C:\Windows\System\pWqJdZv.exe
  C:\Windows\System\pWqJdZv.exe
  2⤵
  PID:6204
- C:\Windows\System\WWNftTe.exe
  C:\Windows\System\WWNftTe.exe
  2⤵
  PID:6220
- C:\Windows\System\HOlpnas.exe
  C:\Windows\System\HOlpnas.exe
  2⤵
  PID:1884
- C:\Windows\System\LpRLWzn.exe
  C:\Windows\System\LpRLWzn.exe
  2⤵
  PID:6176
- C:\Windows\System\lIXKIrK.exe
  C:\Windows\System\lIXKIrK.exe
  2⤵
  PID:5340
- C:\Windows\System\mRpVdcA.exe
  C:\Windows\System\mRpVdcA.exe
  2⤵
  PID:1544
- C:\Windows\System\uSmUFXk.exe
  C:\Windows\System\uSmUFXk.exe
  2⤵
  PID:6180
- C:\Windows\System\BHSEvGr.exe
  C:\Windows\System\BHSEvGr.exe
  2⤵
  PID:1664
- C:\Windows\System\nWRUZwv.exe
  C:\Windows\System\nWRUZwv.exe
  2⤵
  PID:6252
- C:\Windows\System\rFGbaLo.exe
  C:\Windows\System\rFGbaLo.exe
  2⤵
  PID:6356
- C:\Windows\System\iHRebjh.exe
  C:\Windows\System\iHRebjh.exe
  2⤵
  PID:6544
- C:\Windows\System\aDukKtc.exe
  C:\Windows\System\aDukKtc.exe
  2⤵
  PID:6404
- C:\Windows\System\PcaCkps.exe
  C:\Windows\System\PcaCkps.exe
  2⤵
  PID:6428
- C:\Windows\System\PuklKlB.exe
  C:\Windows\System\PuklKlB.exe
  2⤵
  PID:6444
- C:\Windows\System\hAbgQPR.exe
  C:\Windows\System\hAbgQPR.exe
  2⤵
  PID:6460
- C:\Windows\System\JyUSjNu.exe
  C:\Windows\System\JyUSjNu.exe
  2⤵
  PID:6480
- C:\Windows\System\XRGyQjJ.exe
  C:\Windows\System\XRGyQjJ.exe
  2⤵
  PID:6496
- C:\Windows\System\vrSkdjO.exe
  C:\Windows\System\vrSkdjO.exe
  2⤵
  PID:6520
- C:\Windows\System\WCgBXNO.exe
  C:\Windows\System\WCgBXNO.exe
  2⤵
  PID:6584
- C:\Windows\System\JsJxPdk.exe
  C:\Windows\System\JsJxPdk.exe
  2⤵
  PID:6600
- C:\Windows\System\SPUDoLZ.exe
  C:\Windows\System\SPUDoLZ.exe
  2⤵
  PID:672
- C:\Windows\System\KJgvAHL.exe
  C:\Windows\System\KJgvAHL.exe
  2⤵
  PID:6632
- C:\Windows\System\upFmGsf.exe
  C:\Windows\System\upFmGsf.exe
  2⤵
  PID:6660
- C:\Windows\System\RxKFCSV.exe
  C:\Windows\System\RxKFCSV.exe
  2⤵
  PID:6704
- C:\Windows\System\aAvwVAz.exe
  C:\Windows\System\aAvwVAz.exe
  2⤵
  PID:6736
- C:\Windows\System\shgCwtl.exe
  C:\Windows\System\shgCwtl.exe
  2⤵
  PID:6804
- C:\Windows\System\VXwLfdY.exe
  C:\Windows\System\VXwLfdY.exe
  2⤵
  PID:6856
- C:\Windows\System\WHrLKFB.exe
  C:\Windows\System\WHrLKFB.exe
  2⤵
  PID:6916
- C:\Windows\System\zxlRxjf.exe
  C:\Windows\System\zxlRxjf.exe
  2⤵
  PID:6988
- C:\Windows\System\IIBXTsb.exe
  C:\Windows\System\IIBXTsb.exe
  2⤵
  PID:7020
- C:\Windows\System\PrBWSoM.exe
  C:\Windows\System\PrBWSoM.exe
  2⤵
  PID:6752
- C:\Windows\System\AEeohSm.exe
  C:\Windows\System\AEeohSm.exe
  2⤵
  PID:6788
- C:\Windows\System\NWYTDOH.exe
  C:\Windows\System\NWYTDOH.exe
  2⤵
  PID:6884
- C:\Windows\System\nlcweAr.exe
  C:\Windows\System\nlcweAr.exe
  2⤵
  PID:6896
- C:\Windows\System\DHhMTuz.exe
  C:\Windows\System\DHhMTuz.exe
  2⤵
  PID:6940
- C:\Windows\System\qTKxGey.exe
  C:\Windows\System\qTKxGey.exe
  2⤵
  PID:7012
- C:\Windows\System\nkzYYvb.exe
  C:\Windows\System\nkzYYvb.exe
  2⤵
  PID:6808
- C:\Windows\System\uyrMJJo.exe
  C:\Windows\System\uyrMJJo.exe
  2⤵
  PID:6732
- C:\Windows\System\uUEEXSW.exe
  C:\Windows\System\uUEEXSW.exe
  2⤵
  PID:6844
- C:\Windows\System\gdDqsMl.exe
  C:\Windows\System\gdDqsMl.exe
  2⤵
  PID:6920
- C:\Windows\System\OMoIVIw.exe
  C:\Windows\System\OMoIVIw.exe
  2⤵
  PID:5808
- C:\Windows\System\xHRBWrK.exe
  C:\Windows\System\xHRBWrK.exe
  2⤵
  PID:7104
- C:\Windows\System\YeLxknO.exe
  C:\Windows\System\YeLxknO.exe
  2⤵
  PID:7152
- C:\Windows\System\OgSWHMM.exe
  C:\Windows\System\OgSWHMM.exe
  2⤵
  PID:1588
- C:\Windows\System\iZwOVpX.exe
  C:\Windows\System\iZwOVpX.exe
  2⤵
  PID:6156
- C:\Windows\System\mfmvEXW.exe
  C:\Windows\System\mfmvEXW.exe
  2⤵
  PID:6216
- C:\Windows\System\bXqdSXK.exe
  C:\Windows\System\bXqdSXK.exe
  2⤵
  PID:1728
- C:\Windows\System\LIMyMeO.exe
  C:\Windows\System\LIMyMeO.exe
  2⤵
  PID:2192
- C:\Windows\System\OLTnqvq.exe
  C:\Windows\System\OLTnqvq.exe
  2⤵
  PID:2956
- C:\Windows\System\PKoYxmT.exe
  C:\Windows\System\PKoYxmT.exe
  2⤵
  PID:3568
- C:\Windows\System\PbjKvYc.exe
  C:\Windows\System\PbjKvYc.exe
  2⤵
  PID:5872
- C:\Windows\System\eaFTBiT.exe
  C:\Windows\System\eaFTBiT.exe
  2⤵
  PID:6716
- C:\Windows\System\pXnTAgv.exe
  C:\Windows\System\pXnTAgv.exe
  2⤵
  PID:6240
- C:\Windows\System\qHXArKV.exe
  C:\Windows\System\qHXArKV.exe
  2⤵
  PID:6300
- C:\Windows\System\RSNAONx.exe
  C:\Windows\System\RSNAONx.exe
  2⤵
  PID:6272
- C:\Windows\System\jbMFJpG.exe
  C:\Windows\System\jbMFJpG.exe
  2⤵
  PID:6336
- C:\Windows\System\VcWlYna.exe
  C:\Windows\System\VcWlYna.exe
  2⤵
  PID:6340
- C:\Windows\System\mWGVsit.exe
  C:\Windows\System\mWGVsit.exe
  2⤵
  PID:6416
- C:\Windows\System\NqRqRGl.exe
  C:\Windows\System\NqRqRGl.exe
  2⤵
  PID:6472
- C:\Windows\System\TFyiPqY.exe
  C:\Windows\System\TFyiPqY.exe
  2⤵
  PID:6452
- C:\Windows\System\hKePKZO.exe
  C:\Windows\System\hKePKZO.exe
  2⤵
  PID:6516
- C:\Windows\System\CfTPvhN.exe
  C:\Windows\System\CfTPvhN.exe
  2⤵
  PID:6488
- C:\Windows\System\vKgRBKY.exe
  C:\Windows\System\vKgRBKY.exe
  2⤵
  PID:6612
- C:\Windows\System\ORtmuUm.exe
  C:\Windows\System\ORtmuUm.exe
  2⤵
  PID:6680
- C:\Windows\System\lMjIWJs.exe
  C:\Windows\System\lMjIWJs.exe
  2⤵
  PID:6792
- C:\Windows\System\QBagaOJ.exe
  C:\Windows\System\QBagaOJ.exe
  2⤵
  PID:6652
- C:\Windows\System\vCXHotD.exe
  C:\Windows\System\vCXHotD.exe
  2⤵
  PID:6892
- C:\Windows\System\knDaAbH.exe
  C:\Windows\System\knDaAbH.exe
  2⤵
  PID:6864
- C:\Windows\System\GaCYWUN.exe
  C:\Windows\System\GaCYWUN.exe
  2⤵
  PID:6912
- C:\Windows\System\nzvsPFG.exe
  C:\Windows\System\nzvsPFG.exe
  2⤵
  PID:7016
- C:\Windows\System\aeytXuo.exe
  C:\Windows\System\aeytXuo.exe
  2⤵
  PID:7088
- C:\Windows\System\dJGHRIZ.exe
  C:\Windows\System\dJGHRIZ.exe
  2⤵
  PID:7100
- C:\Windows\System\sgKGWmV.exe
  C:\Windows\System\sgKGWmV.exe
  2⤵
  PID:7040
- C:\Windows\System\YJviWOw.exe
  C:\Windows\System\YJviWOw.exe
  2⤵
  PID:6060
- C:\Windows\System\rYcUYeU.exe
  C:\Windows\System\rYcUYeU.exe
  2⤵
  PID:6224
- C:\Windows\System\DJmRMnV.exe
  C:\Windows\System\DJmRMnV.exe
  2⤵
  PID:5792
- C:\Windows\System\TuIiwZR.exe
  C:\Windows\System\TuIiwZR.exe
  2⤵
  PID:6288
- C:\Windows\System\PVAvthW.exe
  C:\Windows\System\PVAvthW.exe
  2⤵
  PID:6188
- C:\Windows\System\KHGAXfd.exe
  C:\Windows\System\KHGAXfd.exe
  2⤵
  PID:6392
- C:\Windows\System\doZgDpC.exe
  C:\Windows\System\doZgDpC.exe
  2⤵
  PID:6540
- C:\Windows\System\RBzNlEI.exe
  C:\Windows\System\RBzNlEI.exe
  2⤵
  PID:6468
- C:\Windows\System\CJjBqRf.exe
  C:\Windows\System\CJjBqRf.exe
  2⤵
  PID:6508
- C:\Windows\System\OpFAyEd.exe
  C:\Windows\System\OpFAyEd.exe
  2⤵
  PID:6500
- C:\Windows\System\PPahNWj.exe
  C:\Windows\System\PPahNWj.exe
  2⤵
  PID:6624
- C:\Windows\System\mtjLwRM.exe
  C:\Windows\System\mtjLwRM.exe
  2⤵
  PID:6692
- C:\Windows\System\pXKzaMH.exe
  C:\Windows\System\pXKzaMH.exe
  2⤵
  PID:6992
- C:\Windows\System\NBYFOQs.exe
  C:\Windows\System\NBYFOQs.exe
  2⤵
  PID:6076
- C:\Windows\System\spwVGNb.exe
  C:\Windows\System\spwVGNb.exe
  2⤵
  PID:6412
- C:\Windows\System\kGgLiOL.exe
  C:\Windows\System\kGgLiOL.exe
  2⤵
  PID:6684
- C:\Windows\System\gcyGCAt.exe
  C:\Windows\System\gcyGCAt.exe
  2⤵
  PID:6596
- C:\Windows\System\stiTAId.exe
  C:\Windows\System\stiTAId.exe
  2⤵
  PID:6248
- C:\Windows\System\wlaEajo.exe
  C:\Windows\System\wlaEajo.exe
  2⤵
  PID:6936
- C:\Windows\System\IiLpOmG.exe
  C:\Windows\System\IiLpOmG.exe
  2⤵
  PID:6960
- C:\Windows\System\zQiLkpL.exe
  C:\Windows\System\zQiLkpL.exe
  2⤵
  PID:2968
- C:\Windows\System\twTZIeW.exe
  C:\Windows\System\twTZIeW.exe
  2⤵
  PID:6984
- C:\Windows\System\DCYrral.exe
  C:\Windows\System\DCYrral.exe
  2⤵
  PID:6388
- C:\Windows\System\TlMtXzc.exe
  C:\Windows\System\TlMtXzc.exe
  2⤵
  PID:6284
- C:\Windows\System\ifGbqLA.exe
  C:\Windows\System\ifGbqLA.exe
  2⤵
  PID:6200
- C:\Windows\System\iULpHyy.exe
  C:\Windows\System\iULpHyy.exe
  2⤵
  PID:7112
- C:\Windows\System\cQsUeFg.exe
  C:\Windows\System\cQsUeFg.exe
  2⤵
  PID:6512
- C:\Windows\System\ArKHLSA.exe
  C:\Windows\System\ArKHLSA.exe
  2⤵
  PID:7188
- C:\Windows\System\EOvzktF.exe
  C:\Windows\System\EOvzktF.exe
  2⤵
  PID:7204
- C:\Windows\System\nvCOIxh.exe
  C:\Windows\System\nvCOIxh.exe
  2⤵
  PID:7228
- C:\Windows\System\KTteQjZ.exe
  C:\Windows\System\KTteQjZ.exe
  2⤵
  PID:7260
- C:\Windows\System\EFWDoBc.exe
  C:\Windows\System\EFWDoBc.exe
  2⤵
  PID:7280
- C:\Windows\System\hNWnqwY.exe
  C:\Windows\System\hNWnqwY.exe
  2⤵
  PID:7316
- C:\Windows\System\uqHoSVL.exe
  C:\Windows\System\uqHoSVL.exe
  2⤵
  PID:7344
- C:\Windows\System\iDWOIsZ.exe
  C:\Windows\System\iDWOIsZ.exe
  2⤵
  PID:7364
- C:\Windows\System\zWNbVZm.exe
  C:\Windows\System\zWNbVZm.exe
  2⤵
  PID:7380
- C:\Windows\System\ledbrgT.exe
  C:\Windows\System\ledbrgT.exe
  2⤵
  PID:7396
- C:\Windows\System\cLtJqhn.exe
  C:\Windows\System\cLtJqhn.exe
  2⤵
  PID:7416
- C:\Windows\System\fIZUBpm.exe
  C:\Windows\System\fIZUBpm.exe
  2⤵
  PID:7436
- C:\Windows\System\STngHmF.exe
  C:\Windows\System\STngHmF.exe
  2⤵
  PID:7480
- C:\Windows\System\gLbXEFv.exe
  C:\Windows\System\gLbXEFv.exe
  2⤵
  PID:7496
- C:\Windows\System\qDjkaxY.exe
  C:\Windows\System\qDjkaxY.exe
  2⤵
  PID:7524
- C:\Windows\System\JrTTUic.exe
  C:\Windows\System\JrTTUic.exe
  2⤵
  PID:7540
- C:\Windows\System\dNrDVMz.exe
  C:\Windows\System\dNrDVMz.exe
  2⤵
  PID:7572
- C:\Windows\System\mUKAOnY.exe
  C:\Windows\System\mUKAOnY.exe
  2⤵
  PID:7588
- C:\Windows\System\aCBoWxw.exe
  C:\Windows\System\aCBoWxw.exe
  2⤵
  PID:7620
- C:\Windows\System\sSsTwZT.exe
  C:\Windows\System\sSsTwZT.exe
  2⤵
  PID:7636
- C:\Windows\System\YwUtLZl.exe
  C:\Windows\System\YwUtLZl.exe
  2⤵
  PID:7656
- C:\Windows\System\KDQQCHq.exe
  C:\Windows\System\KDQQCHq.exe
  2⤵
  PID:7672
- C:\Windows\System\QCEavUJ.exe
  C:\Windows\System\QCEavUJ.exe
  2⤵
  PID:7688
- C:\Windows\System\jnECLCD.exe
  C:\Windows\System\jnECLCD.exe
  2⤵
  PID:7704
- C:\Windows\System\saONxgU.exe
  C:\Windows\System\saONxgU.exe
  2⤵
  PID:7720
- C:\Windows\System\LvjiTEZ.exe
  C:\Windows\System\LvjiTEZ.exe
  2⤵
  PID:7736
- C:\Windows\System\Eknosua.exe
  C:\Windows\System\Eknosua.exe
  2⤵
  PID:7752
- C:\Windows\System\NxHhdbq.exe
  C:\Windows\System\NxHhdbq.exe
  2⤵
  PID:7768
- C:\Windows\System\NHqZuvI.exe
  C:\Windows\System\NHqZuvI.exe
  2⤵
  PID:7784
- C:\Windows\System\YmGVEyh.exe
  C:\Windows\System\YmGVEyh.exe
  2⤵
  PID:7808
- C:\Windows\System\FjwbwvR.exe
  C:\Windows\System\FjwbwvR.exe
  2⤵
  PID:7824
- C:\Windows\System\DCXVBeM.exe
  C:\Windows\System\DCXVBeM.exe
  2⤵
  PID:7840
- C:\Windows\System\iiwnmqn.exe
  C:\Windows\System\iiwnmqn.exe
  2⤵
  PID:7856
- C:\Windows\System\yxgLwFU.exe
  C:\Windows\System\yxgLwFU.exe
  2⤵
  PID:7880
- C:\Windows\System\EsbpDpC.exe
  C:\Windows\System\EsbpDpC.exe
  2⤵
  PID:7896
- C:\Windows\System\AzeZLDE.exe
  C:\Windows\System\AzeZLDE.exe
  2⤵
  PID:7916
- C:\Windows\System\uXGqSKr.exe
  C:\Windows\System\uXGqSKr.exe
  2⤵
  PID:7932
- C:\Windows\System\gvtNrFi.exe
  C:\Windows\System\gvtNrFi.exe
  2⤵
  PID:7952
- C:\Windows\System\NbgsILU.exe
  C:\Windows\System\NbgsILU.exe
  2⤵
  PID:7988
- C:\Windows\System\mRZokJi.exe
  C:\Windows\System\mRZokJi.exe
  2⤵
  PID:8008
- C:\Windows\System\OyatCRc.exe
  C:\Windows\System\OyatCRc.exe
  2⤵
  PID:8024
- C:\Windows\System\IgWWMcf.exe
  C:\Windows\System\IgWWMcf.exe
  2⤵
  PID:8044
- C:\Windows\System\OUdoTEj.exe
  C:\Windows\System\OUdoTEj.exe
  2⤵
  PID:8064
- C:\Windows\System\AJPapSg.exe
  C:\Windows\System\AJPapSg.exe
  2⤵
  PID:8092
- C:\Windows\System\kBnousw.exe
  C:\Windows\System\kBnousw.exe
  2⤵
  PID:8116
- C:\Windows\System\cdftMoK.exe
  C:\Windows\System\cdftMoK.exe
  2⤵
  PID:8140
- C:\Windows\System\gZIMJSs.exe
  C:\Windows\System\gZIMJSs.exe
  2⤵
  PID:8156
- C:\Windows\System\jKBiyVi.exe
  C:\Windows\System\jKBiyVi.exe
  2⤵
  PID:7172
- C:\Windows\System\dtSDSPN.exe
  C:\Windows\System\dtSDSPN.exe
  2⤵
  PID:7300
- C:\Windows\System\NhSkzUf.exe
  C:\Windows\System\NhSkzUf.exe
  2⤵
  PID:7432
- C:\Windows\System\fcGXwsy.exe
  C:\Windows\System\fcGXwsy.exe
  2⤵
  PID:7464
- C:\Windows\System\zfitHqn.exe
  C:\Windows\System\zfitHqn.exe
  2⤵
  PID:7448
- C:\Windows\System\AdzoOfb.exe
  C:\Windows\System\AdzoOfb.exe
  2⤵
  PID:7492
- C:\Windows\System\DutJwcj.exe
  C:\Windows\System\DutJwcj.exe
  2⤵
  PID:7520
- C:\Windows\System\PYeEPOz.exe
  C:\Windows\System\PYeEPOz.exe
  2⤵
  PID:7560
- C:\Windows\System\qjLzhEO.exe
  C:\Windows\System\qjLzhEO.exe
  2⤵
  PID:7564
- C:\Windows\System\hBJEURz.exe
  C:\Windows\System\hBJEURz.exe
  2⤵
  PID:7600
- C:\Windows\System\OoJNvNX.exe
  C:\Windows\System\OoJNvNX.exe
  2⤵
  PID:7616
- C:\Windows\System\hXKXYZV.exe
  C:\Windows\System\hXKXYZV.exe
  2⤵
  PID:7652
- C:\Windows\System\BqzSOXG.exe
  C:\Windows\System\BqzSOXG.exe
  2⤵
  PID:7680
- C:\Windows\System\jYCJiGU.exe
  C:\Windows\System\jYCJiGU.exe
  2⤵
  PID:7728
- C:\Windows\System\fjVZick.exe
  C:\Windows\System\fjVZick.exe
  2⤵
  PID:7748
- C:\Windows\System\CViQrKw.exe
  C:\Windows\System\CViQrKw.exe
  2⤵
  PID:6688
- C:\Windows\System\jRVJFrj.exe
  C:\Windows\System\jRVJFrj.exe
  2⤵
  PID:7296
- C:\Windows\System\YpwBMSj.exe
  C:\Windows\System\YpwBMSj.exe
  2⤵
  PID:7360
- C:\Windows\System\ULJMvYF.exe
  C:\Windows\System\ULJMvYF.exe
  2⤵
  PID:7356
- C:\Windows\System\fBZMetu.exe
  C:\Windows\System\fBZMetu.exe
  2⤵
  PID:7424
- C:\Windows\System\uIHGNak.exe
  C:\Windows\System\uIHGNak.exe
  2⤵
  PID:7488
- C:\Windows\System\jWiXOJJ.exe
  C:\Windows\System\jWiXOJJ.exe
  2⤵
  PID:7516
- C:\Windows\System\VkrqseT.exe
  C:\Windows\System\VkrqseT.exe
  2⤵
  PID:7508
- C:\Windows\System\lWooket.exe
  C:\Windows\System\lWooket.exe
  2⤵
  PID:7580
- C:\Windows\System\nHYfECi.exe
  C:\Windows\System\nHYfECi.exe
  2⤵
  PID:7628
- C:\Windows\System\AaRURBs.exe
  C:\Windows\System\AaRURBs.exe
  2⤵
  PID:2764
- C:\Windows\System\NqTKFcp.exe
  C:\Windows\System\NqTKFcp.exe
  2⤵
  PID:3064
- C:\Windows\System\nGIFTQK.exe
  C:\Windows\System\nGIFTQK.exe
  2⤵
  PID:2232
- C:\Windows\System\ibCqkMd.exe
  C:\Windows\System\ibCqkMd.exe
  2⤵
  PID:7644
- C:\Windows\System\EveKsrp.exe
  C:\Windows\System\EveKsrp.exe
  2⤵
  PID:952
- C:\Windows\System\cSVxJcZ.exe
  C:\Windows\System\cSVxJcZ.exe
  2⤵
  PID:7832
- C:\Windows\System\rAprAfD.exe
  C:\Windows\System\rAprAfD.exe
  2⤵
  PID:7864
- C:\Windows\System\dUbtjwt.exe
  C:\Windows\System\dUbtjwt.exe
  2⤵
  PID:7876
- C:\Windows\System\obaCqVK.exe
  C:\Windows\System\obaCqVK.exe
  2⤵
  PID:7912
- C:\Windows\System\WlHaEim.exe
  C:\Windows\System\WlHaEim.exe
  2⤵
  PID:7928
- C:\Windows\System\xAGQixK.exe
  C:\Windows\System\xAGQixK.exe
  2⤵
  PID:7968
- C:\Windows\System\RXFknum.exe
  C:\Windows\System\RXFknum.exe
  2⤵
  PID:7980
- C:\Windows\System\YhcHVlH.exe
  C:\Windows\System\YhcHVlH.exe
  2⤵
  PID:8032
- C:\Windows\System\MqTgIpN.exe
  C:\Windows\System\MqTgIpN.exe
  2⤵
  PID:8080
- C:\Windows\System\JrBwAec.exe
  C:\Windows\System\JrBwAec.exe
  2⤵
  PID:8128
- C:\Windows\System\pysQugl.exe
  C:\Windows\System\pysQugl.exe
  2⤵
  PID:8088
- C:\Windows\System\rtvWGcM.exe
  C:\Windows\System\rtvWGcM.exe
  2⤵
  PID:8020
- C:\Windows\System\hMZPGhJ.exe
  C:\Windows\System\hMZPGhJ.exe
  2⤵
  PID:8132
- C:\Windows\System\kMhrcrz.exe
  C:\Windows\System\kMhrcrz.exe
  2⤵
  PID:8168
- C:\Windows\System\yXysYCt.exe
  C:\Windows\System\yXysYCt.exe
  2⤵
  PID:8184
- C:\Windows\System\vnvQxAx.exe
  C:\Windows\System\vnvQxAx.exe
  2⤵
  PID:6560
- C:\Windows\System\UOTZsHE.exe
  C:\Windows\System\UOTZsHE.exe
  2⤵
  PID:6268
- C:\Windows\System\fdKsXDs.exe
  C:\Windows\System\fdKsXDs.exe
  2⤵
  PID:7200
- C:\Windows\System\eyMHqHO.exe
  C:\Windows\System\eyMHqHO.exe
  2⤵
  PID:7248
- C:\Windows\System\mpiNHoj.exe
  C:\Windows\System\mpiNHoj.exe
  2⤵
  PID:7256
- C:\Windows\System\mMTFwjT.exe
  C:\Windows\System\mMTFwjT.exe
  2⤵
  PID:7276
- C:\Windows\System\dVrQvNO.exe
  C:\Windows\System\dVrQvNO.exe
  2⤵
  PID:7308
- C:\Windows\System\GDraPDZ.exe
  C:\Windows\System\GDraPDZ.exe
  2⤵
  PID:7392
- C:\Windows\System\umfDeda.exe
  C:\Windows\System\umfDeda.exe
  2⤵
  PID:7468
- C:\Windows\System\zMGXVtb.exe
  C:\Windows\System\zMGXVtb.exe
  2⤵
  PID:7964
- C:\Windows\System\JxbdHrY.exe
  C:\Windows\System\JxbdHrY.exe
  2⤵
  PID:7608
- C:\Windows\System\xRykQkE.exe
  C:\Windows\System\xRykQkE.exe
  2⤵
  PID:2332
- C:\Windows\System\UZMMleU.exe
  C:\Windows\System\UZMMleU.exe
  2⤵
  PID:7684
- C:\Windows\System\KsXretM.exe
  C:\Windows\System\KsXretM.exe
  2⤵
  PID:2948
- C:\Windows\System\NwFTphT.exe
  C:\Windows\System\NwFTphT.exe
  2⤵
  PID:2652
- C:\Windows\System\ntgoAcv.exe
  C:\Windows\System\ntgoAcv.exe
  2⤵
  PID:7944
- C:\Windows\System\ZtwhhXU.exe
  C:\Windows\System\ZtwhhXU.exe
  2⤵
  PID:7328
- C:\Windows\System\evoGogb.exe
  C:\Windows\System\evoGogb.exe
  2⤵
  PID:8040
- C:\Windows\System\bydqXJE.exe
  C:\Windows\System\bydqXJE.exe
  2⤵
  PID:7336
- C:\Windows\System\sqTZmrV.exe
  C:\Windows\System\sqTZmrV.exe
  2⤵
  PID:8152
- C:\Windows\System\YLKycVp.exe
  C:\Windows\System\YLKycVp.exe
  2⤵
  PID:8060
- C:\Windows\System\utJHDjA.exe
  C:\Windows\System\utJHDjA.exe
  2⤵
  PID:8180
- C:\Windows\System\kuJwzdD.exe
  C:\Windows\System\kuJwzdD.exe
  2⤵
  PID:6972
- C:\Windows\System\RsoRITp.exe
  C:\Windows\System\RsoRITp.exe
  2⤵
  PID:7240
- C:\Windows\System\YlYDSrc.exe
  C:\Windows\System\YlYDSrc.exe
  2⤵
  PID:7252
- C:\Windows\System\lLjUbUX.exe
  C:\Windows\System\lLjUbUX.exe
  2⤵
  PID:7312
- C:\Windows\System\cbQnqfx.exe
  C:\Windows\System\cbQnqfx.exe
  2⤵
  PID:7460
- C:\Windows\System\SKqIYfE.exe
  C:\Windows\System\SKqIYfE.exe
  2⤵
  PID:7476
- C:\Windows\System\FijnrZj.exe
  C:\Windows\System\FijnrZj.exe
  2⤵
  PID:2188
- C:\Windows\System\GpaASAf.exe
  C:\Windows\System\GpaASAf.exe
  2⤵
  PID:7820
- C:\Windows\System\RRoGhcj.exe
  C:\Windows\System\RRoGhcj.exe
  2⤵
  PID:7892
- C:\Windows\System\SGpFPBN.exe
  C:\Windows\System\SGpFPBN.exe
  2⤵
  PID:8084
- C:\Windows\System\HgxPpFF.exe
  C:\Windows\System\HgxPpFF.exe
  2⤵
  PID:8148
- C:\Windows\System\JCUYsFp.exe
  C:\Windows\System\JCUYsFp.exe
  2⤵
  PID:7220
- C:\Windows\System\QPgomnT.exe
  C:\Windows\System\QPgomnT.exe
  2⤵
  PID:7372
- C:\Windows\System\ovEHrYD.exe
  C:\Windows\System\ovEHrYD.exe
  2⤵
  PID:7792
- C:\Windows\System\zZfrhvg.exe
  C:\Windows\System\zZfrhvg.exe
  2⤵
  PID:7292
- C:\Windows\System\MlVyMVO.exe
  C:\Windows\System\MlVyMVO.exe
  2⤵
  PID:7456
- C:\Windows\System\ipPSNpB.exe
  C:\Windows\System\ipPSNpB.exe
  2⤵
  PID:8172
- C:\Windows\System\OnNBnmU.exe
  C:\Windows\System\OnNBnmU.exe
  2⤵
  PID:8384
- C:\Windows\System\rHxtvrp.exe
  C:\Windows\System\rHxtvrp.exe
  2⤵
  PID:8412
- C:\Windows\System\rvtUmgF.exe
  C:\Windows\System\rvtUmgF.exe
  2⤵
  PID:8428
- C:\Windows\System\tYAOFBD.exe
  C:\Windows\System\tYAOFBD.exe
  2⤵
  PID:8444
- C:\Windows\System\ZLHeHnQ.exe
  C:\Windows\System\ZLHeHnQ.exe
  2⤵
  PID:8460
- C:\Windows\System\XopZSqU.exe
  C:\Windows\System\XopZSqU.exe
  2⤵
  PID:8476
- C:\Windows\System\hCyxWKG.exe
  C:\Windows\System\hCyxWKG.exe
  2⤵
  PID:8492
- C:\Windows\System\GLzMJTw.exe
  C:\Windows\System\GLzMJTw.exe
  2⤵
  PID:8508
- C:\Windows\System\fzAQbUq.exe
  C:\Windows\System\fzAQbUq.exe
  2⤵
  PID:8524
- C:\Windows\System\vcmurvp.exe
  C:\Windows\System\vcmurvp.exe
  2⤵
  PID:8600
- C:\Windows\System\vMQvwsV.exe
  C:\Windows\System\vMQvwsV.exe
  2⤵
  PID:8704
- C:\Windows\System\stBXKcL.exe
  C:\Windows\System\stBXKcL.exe
  2⤵
  PID:8756
- C:\Windows\System\TWpJRhT.exe
  C:\Windows\System\TWpJRhT.exe
  2⤵
  PID:8788
- C:\Windows\System\GfmBpGa.exe
  C:\Windows\System\GfmBpGa.exe
  2⤵
  PID:8824
- C:\Windows\System\QObKCIZ.exe
  C:\Windows\System\QObKCIZ.exe
  2⤵
  PID:8840
- C:\Windows\System\MNnXXHt.exe
  C:\Windows\System\MNnXXHt.exe
  2⤵
  PID:8864
- C:\Windows\System\QzhaHzP.exe
  C:\Windows\System\QzhaHzP.exe
  2⤵
  PID:8900
- C:\Windows\System\VryvpQa.exe
  C:\Windows\System\VryvpQa.exe
  2⤵
  PID:8920
- C:\Windows\System\SkxKcgW.exe
  C:\Windows\System\SkxKcgW.exe
  2⤵
  PID:8944
- C:\Windows\System\SMsYpmw.exe
  C:\Windows\System\SMsYpmw.exe
  2⤵
  PID:8960
- C:\Windows\System\LNKvcJn.exe
  C:\Windows\System\LNKvcJn.exe
  2⤵
  PID:8976
- C:\Windows\System\oefektH.exe
  C:\Windows\System\oefektH.exe
  2⤵
  PID:9000
- C:\Windows\System\wphBktp.exe
  C:\Windows\System\wphBktp.exe
  2⤵
  PID:9016
- C:\Windows\System\QHzleNK.exe
  C:\Windows\System\QHzleNK.exe
  2⤵
  PID:9036
- C:\Windows\System\nvkGBiR.exe
  C:\Windows\System\nvkGBiR.exe
  2⤵
  PID:9088
- C:\Windows\System\HfilXES.exe
  C:\Windows\System\HfilXES.exe
  2⤵
  PID:9104
- C:\Windows\System\idctMsE.exe
  C:\Windows\System\idctMsE.exe
  2⤵
  PID:9128
- C:\Windows\System\jffUlmq.exe
  C:\Windows\System\jffUlmq.exe
  2⤵
  PID:9144
- C:\Windows\System\LCQiRez.exe
  C:\Windows\System\LCQiRez.exe
  2⤵
  PID:9188
- C:\Windows\System\YnRfBsB.exe
  C:\Windows\System\YnRfBsB.exe
  2⤵
  PID:9208
- C:\Windows\System\WAEovXt.exe
  C:\Windows\System\WAEovXt.exe
  2⤵
  PID:7948
- C:\Windows\System\WtAUxJQ.exe
  C:\Windows\System\WtAUxJQ.exe
  2⤵
  PID:7596
- C:\Windows\System\DGvjHbk.exe
  C:\Windows\System\DGvjHbk.exe
  2⤵
  PID:8204
- C:\Windows\System\iGfuFTY.exe
  C:\Windows\System\iGfuFTY.exe
  2⤵
  PID:8220
- C:\Windows\System\RkQoMOV.exe
  C:\Windows\System\RkQoMOV.exe
  2⤵
  PID:8248
- C:\Windows\System\WFAYNmA.exe
  C:\Windows\System\WFAYNmA.exe
  2⤵
  PID:8228
- C:\Windows\System\qNBCKXR.exe
  C:\Windows\System\qNBCKXR.exe
  2⤵
  PID:8252
- C:\Windows\System\BDneNbj.exe
  C:\Windows\System\BDneNbj.exe
  2⤵
  PID:8380
- C:\Windows\System\mBpNTkO.exe
  C:\Windows\System\mBpNTkO.exe
  2⤵
  PID:8452
- C:\Windows\System\XvMevfh.exe
  C:\Windows\System\XvMevfh.exe
  2⤵
  PID:8436
- C:\Windows\System\kHaGoit.exe
  C:\Windows\System\kHaGoit.exe
  2⤵
  PID:8404
- C:\Windows\System\OPIwsgM.exe
  C:\Windows\System\OPIwsgM.exe
  2⤵
  PID:8468
- C:\Windows\System\akxWVdm.exe
  C:\Windows\System\akxWVdm.exe
  2⤵
  PID:8568
- C:\Windows\System\rztiQsk.exe
  C:\Windows\System\rztiQsk.exe
  2⤵
  PID:8548
- C:\Windows\System\qOSNaLF.exe
  C:\Windows\System\qOSNaLF.exe
  2⤵
  PID:8564
- C:\Windows\System\VlqYXVe.exe
  C:\Windows\System\VlqYXVe.exe
  2⤵
  PID:8536
- C:\Windows\System\sJafyAg.exe
  C:\Windows\System\sJafyAg.exe
  2⤵
  PID:8632
- C:\Windows\System\BWQxnvx.exe
  C:\Windows\System\BWQxnvx.exe
  2⤵
  PID:8648
- C:\Windows\System\uTzMTsE.exe
  C:\Windows\System\uTzMTsE.exe
  2⤵
  PID:8668
- C:\Windows\System\uxXnYFo.exe
  C:\Windows\System\uxXnYFo.exe
  2⤵
  PID:8688
- C:\Windows\System\COmbAUB.exe
  C:\Windows\System\COmbAUB.exe
  2⤵
  PID:8700
- C:\Windows\System\SXRfAOD.exe
  C:\Windows\System\SXRfAOD.exe
  2⤵
  PID:8736
- C:\Windows\System\DKwqNRj.exe
  C:\Windows\System\DKwqNRj.exe
  2⤵
  PID:8780
- C:\Windows\System\QnWZwOY.exe
  C:\Windows\System\QnWZwOY.exe
  2⤵
  PID:8820
- C:\Windows\System\QDdhfxX.exe
  C:\Windows\System\QDdhfxX.exe
  2⤵
  PID:8836
- C:\Windows\System\sFDHfIT.exe
  C:\Windows\System\sFDHfIT.exe
  2⤵
  PID:8856
- C:\Windows\System\KMUHITX.exe
  C:\Windows\System\KMUHITX.exe
  2⤵
  PID:8896
- C:\Windows\System\NkUyOlG.exe
  C:\Windows\System\NkUyOlG.exe
  2⤵
  PID:8932
- C:\Windows\System\poXazmp.exe
  C:\Windows\System\poXazmp.exe
  2⤵
  PID:8968
- C:\Windows\System\iCEenbm.exe
  C:\Windows\System\iCEenbm.exe
  2⤵
  PID:8996
- C:\Windows\System\pKhHMXK.exe
  C:\Windows\System\pKhHMXK.exe
  2⤵
  PID:9048
- C:\Windows\System\BEVBUxX.exe
  C:\Windows\System\BEVBUxX.exe
  2⤵
  PID:9056
- C:\Windows\System\hXzOJZO.exe
  C:\Windows\System\hXzOJZO.exe
  2⤵
  PID:9064
- C:\Windows\System\RIWDquy.exe
  C:\Windows\System\RIWDquy.exe
  2⤵
  PID:9112
- C:\Windows\System\xdYYPry.exe
  C:\Windows\System\xdYYPry.exe
  2⤵
  PID:9120
- C:\Windows\System\YyJhrAu.exe
  C:\Windows\System\YyJhrAu.exe
  2⤵
  PID:9156
- C:\Windows\System\tIqdiPh.exe
  C:\Windows\System\tIqdiPh.exe
  2⤵
  PID:9172
- C:\Windows\System\GyuKtXV.exe
  C:\Windows\System\GyuKtXV.exe
  2⤵
  PID:9196
- C:\Windows\System\EYBTerB.exe
  C:\Windows\System\EYBTerB.exe
  2⤵
  PID:8200
- C:\Windows\System\SBptdEO.exe
  C:\Windows\System\SBptdEO.exe
  2⤵
  PID:6528
- C:\Windows\System\LTcHvvf.exe
  C:\Windows\System\LTcHvvf.exe
  2⤵
  PID:8240
- C:\Windows\System\EXPjMXL.exe
  C:\Windows\System\EXPjMXL.exe
  2⤵
  PID:8264
- C:\Windows\System\gjWlcdN.exe
  C:\Windows\System\gjWlcdN.exe
  2⤵
  PID:8292
- C:\Windows\System\fWxAliU.exe
  C:\Windows\System\fWxAliU.exe
  2⤵
  PID:8308
- C:\Windows\System\JBfVfFr.exe
  C:\Windows\System\JBfVfFr.exe
  2⤵
  PID:8312
- C:\Windows\System\fqvWaYr.exe
  C:\Windows\System\fqvWaYr.exe
  2⤵
  PID:8336
- C:\Windows\System\hlqumVI.exe
  C:\Windows\System\hlqumVI.exe
  2⤵
  PID:8360
- C:\Windows\System\mtFcRvh.exe
  C:\Windows\System\mtFcRvh.exe
  2⤵
  PID:8420
- C:\Windows\System\XkpHSZD.exe
  C:\Windows\System\XkpHSZD.exe
  2⤵
  PID:8520
- C:\Windows\System\GlEiyRv.exe
  C:\Windows\System\GlEiyRv.exe
  2⤵
  PID:8400
- C:\Windows\System\XqanNFm.exe
  C:\Windows\System\XqanNFm.exe
  2⤵
  PID:8532
- C:\Windows\System\rWSgtes.exe
  C:\Windows\System\rWSgtes.exe
  2⤵
  PID:8288
- C:\Windows\System\yFwVuXV.exe
  C:\Windows\System\yFwVuXV.exe
  2⤵
  PID:8544
- C:\Windows\System\sqiBJkY.exe
  C:\Windows\System\sqiBJkY.exe
  2⤵
  PID:8624
- C:\Windows\System\yFvktUu.exe
  C:\Windows\System\yFvktUu.exe
  2⤵
  PID:8640
- C:\Windows\System\lprqHdL.exe
  C:\Windows\System\lprqHdL.exe
  2⤵
  PID:8772
- C:\Windows\System\APDlRcy.exe
  C:\Windows\System\APDlRcy.exe
  2⤵
  PID:8720
- C:\Windows\System\jVqmYDC.exe
  C:\Windows\System\jVqmYDC.exe
  2⤵
  PID:8804
- C:\Windows\System\PHXJrLr.exe
  C:\Windows\System\PHXJrLr.exe
  2⤵
  PID:8880
- C:\Windows\System\nEffwKG.exe
  C:\Windows\System\nEffwKG.exe
  2⤵
  PID:8852
- C:\Windows\System\QSdlSWX.exe
  C:\Windows\System\QSdlSWX.exe
  2⤵
  PID:9012
- C:\Windows\System\cCyUvcJ.exe
  C:\Windows\System\cCyUvcJ.exe
  2⤵
  PID:8928
- C:\Windows\System\ZPCachM.exe
  C:\Windows\System\ZPCachM.exe
  2⤵
  PID:9044
- C:\Windows\System\yPQEtnZ.exe
  C:\Windows\System\yPQEtnZ.exe
  2⤵
  PID:9100
- C:\Windows\System\tIEFKbI.exe
  C:\Windows\System\tIEFKbI.exe
  2⤵
  PID:9152
- C:\Windows\System\KfdqYCk.exe
  C:\Windows\System\KfdqYCk.exe
  2⤵
  PID:9140
- C:\Windows\System\TrMMNUS.exe
  C:\Windows\System\TrMMNUS.exe
  2⤵
  PID:8076
- C:\Windows\System\ELYamnv.exe
  C:\Windows\System\ELYamnv.exe
  2⤵
  PID:8280
- C:\Windows\System\LiVaBDW.exe
  C:\Windows\System\LiVaBDW.exe
  2⤵
  PID:8352
- C:\Windows\System\PhXtzHY.exe
  C:\Windows\System\PhXtzHY.exe
  2⤵
  PID:8556
- C:\Windows\System\kaWKQkH.exe
  C:\Windows\System\kaWKQkH.exe
  2⤵
  PID:9072
- C:\Windows\System\WHFxSBB.exe
  C:\Windows\System\WHFxSBB.exe
  2⤵
  PID:8272
- C:\Windows\System\KiqBffb.exe
  C:\Windows\System\KiqBffb.exe
  2⤵
  PID:8364
- C:\Windows\System\JQQFDBZ.exe
  C:\Windows\System\JQQFDBZ.exe
  2⤵
  PID:8396
- C:\Windows\System\dkczelt.exe
  C:\Windows\System\dkczelt.exe
  2⤵
  PID:8596
- C:\Windows\System\lVZZuYD.exe
  C:\Windows\System\lVZZuYD.exe
  2⤵
  PID:8692
- C:\Windows\System\SgeNKGH.exe
  C:\Windows\System\SgeNKGH.exe
  2⤵
  PID:8732
- C:\Windows\System\cNGTohM.exe
  C:\Windows\System\cNGTohM.exe
  2⤵
  PID:8876
- C:\Windows\System\tTUXYWw.exe
  C:\Windows\System\tTUXYWw.exe
  2⤵
  PID:8940
- C:\Windows\System\KlxvoZW.exe
  C:\Windows\System\KlxvoZW.exe
  2⤵
  PID:8956
- C:\Windows\System\XlExYEl.exe
  C:\Windows\System\XlExYEl.exe
  2⤵
  PID:8988
- C:\Windows\System\wdbiMxK.exe
  C:\Windows\System\wdbiMxK.exe
  2⤵
  PID:9024
- C:\Windows\System\uJdHYqP.exe
  C:\Windows\System\uJdHYqP.exe
  2⤵
  PID:8056
- C:\Windows\System\BOUFxuV.exe
  C:\Windows\System\BOUFxuV.exe
  2⤵
  PID:9084
- C:\Windows\System\OEMhGym.exe
  C:\Windows\System\OEMhGym.exe
  2⤵
  PID:8748
- C:\Windows\System\FDHViAJ.exe
  C:\Windows\System\FDHViAJ.exe
  2⤵
  PID:8212
- C:\Windows\System\FiHKiNh.exe
  C:\Windows\System\FiHKiNh.exe
  2⤵
  PID:8224
- C:\Windows\System\aGYvdPc.exe
  C:\Windows\System\aGYvdPc.exe
  2⤵
  PID:8660
- C:\Windows\System\nFqEchU.exe
  C:\Windows\System\nFqEchU.exe
  2⤵
  PID:8676
- C:\Windows\System\bMNJqNl.exe
  C:\Windows\System\bMNJqNl.exe
  2⤵
  PID:8728
- C:\Windows\System\xcLpPCf.exe
  C:\Windows\System\xcLpPCf.exe
  2⤵
  PID:8916
- C:\Windows\System\kWwzvZj.exe
  C:\Windows\System\kWwzvZj.exe
  2⤵
  PID:8424
- C:\Windows\System\slGzvcX.exe
  C:\Windows\System\slGzvcX.exe
  2⤵
  PID:8284
- C:\Windows\System\pVumkWc.exe
  C:\Windows\System\pVumkWc.exe
  2⤵
  PID:8628
- C:\Windows\System\LZEAMJp.exe
  C:\Windows\System\LZEAMJp.exe
  2⤵
  PID:8744
- C:\Windows\System\HOYKQnM.exe
  C:\Windows\System\HOYKQnM.exe
  2⤵
  PID:9164
- C:\Windows\System\oxroBwf.exe
  C:\Windows\System\oxroBwf.exe
  2⤵
  PID:8832
- C:\Windows\System\mulfbbq.exe
  C:\Windows\System\mulfbbq.exe
  2⤵
  PID:8696
- C:\Windows\System\LyWvHgP.exe
  C:\Windows\System\LyWvHgP.exe
  2⤵
  PID:8768
- C:\Windows\System\SBcCKkP.exe
  C:\Windows\System\SBcCKkP.exe
  2⤵
  PID:8952
- C:\Windows\System\ansurTG.exe
  C:\Windows\System\ansurTG.exe
  2⤵
  PID:8488
- C:\Windows\System\BomAQXT.exe
  C:\Windows\System\BomAQXT.exe
  2⤵
  PID:9232
- C:\Windows\System\MFVNLtr.exe
  C:\Windows\System\MFVNLtr.exe
  2⤵
  PID:9252
- C:\Windows\System\INihpPG.exe
  C:\Windows\System\INihpPG.exe
  2⤵
  PID:9268
- C:\Windows\System\OZwGmHV.exe
  C:\Windows\System\OZwGmHV.exe
  2⤵
  PID:9288
- C:\Windows\System\JmXtosc.exe
  C:\Windows\System\JmXtosc.exe
  2⤵
  PID:9304
- C:\Windows\System\cRAOyCW.exe
  C:\Windows\System\cRAOyCW.exe
  2⤵
  PID:9320
- C:\Windows\System\gsNLGjc.exe
  C:\Windows\System\gsNLGjc.exe
  2⤵
  PID:9336
- C:\Windows\System\uUyGfrn.exe
  C:\Windows\System\uUyGfrn.exe
  2⤵
  PID:9352
- C:\Windows\System\rxEOSjS.exe
  C:\Windows\System\rxEOSjS.exe
  2⤵
  PID:9368
- C:\Windows\System\NQMtGnB.exe
  C:\Windows\System\NQMtGnB.exe
  2⤵
  PID:9384
- C:\Windows\System\vrVSqdd.exe
  C:\Windows\System\vrVSqdd.exe
  2⤵
  PID:9400
- C:\Windows\System\nvBqagW.exe
  C:\Windows\System\nvBqagW.exe
  2⤵
  PID:9416
- C:\Windows\System\vDxhmDb.exe
  C:\Windows\System\vDxhmDb.exe
  2⤵
  PID:9432
- C:\Windows\System\svqDQLn.exe
  C:\Windows\System\svqDQLn.exe
  2⤵
  PID:9448
- C:\Windows\System\XRozwWv.exe
  C:\Windows\System\XRozwWv.exe
  2⤵
  PID:9468
- C:\Windows\System\GwjvYCz.exe
  C:\Windows\System\GwjvYCz.exe
  2⤵
  PID:9484
- C:\Windows\System\QJdkENt.exe
  C:\Windows\System\QJdkENt.exe
  2⤵
  PID:9500
- C:\Windows\System\DCFzVWl.exe
  C:\Windows\System\DCFzVWl.exe
  2⤵
  PID:9516
- C:\Windows\System\dooiPni.exe
  C:\Windows\System\dooiPni.exe
  2⤵
  PID:9532
- C:\Windows\System\ZuPOxFy.exe
  C:\Windows\System\ZuPOxFy.exe
  2⤵
  PID:9548
- C:\Windows\System\YBNsISR.exe
  C:\Windows\System\YBNsISR.exe
  2⤵
  PID:9564
- C:\Windows\System\iAKuKcQ.exe
  C:\Windows\System\iAKuKcQ.exe
  2⤵
  PID:9580
- C:\Windows\System\wJOPwvA.exe
  C:\Windows\System\wJOPwvA.exe
  2⤵
  PID:9596
- C:\Windows\System\xKmgQto.exe
  C:\Windows\System\xKmgQto.exe
  2⤵
  PID:9612
- C:\Windows\System\SKTbrkM.exe
  C:\Windows\System\SKTbrkM.exe
  2⤵
  PID:9628
- C:\Windows\System\goSUSSe.exe
  C:\Windows\System\goSUSSe.exe
  2⤵
  PID:9652
- C:\Windows\System\vmaptUn.exe
  C:\Windows\System\vmaptUn.exe
  2⤵
  PID:9672
- C:\Windows\System\UiNXnED.exe
  C:\Windows\System\UiNXnED.exe
  2⤵
  PID:9688
- C:\Windows\System\xwuVQYv.exe
  C:\Windows\System\xwuVQYv.exe
  2⤵
  PID:9704
- C:\Windows\System\rHEJQuq.exe
  C:\Windows\System\rHEJQuq.exe
  2⤵
  PID:9720
- C:\Windows\System\jUklrmu.exe
  C:\Windows\System\jUklrmu.exe
  2⤵
  PID:9736
- C:\Windows\System\DnfPuBh.exe
  C:\Windows\System\DnfPuBh.exe
  2⤵
  PID:9756
- C:\Windows\System\OecTnvI.exe
  C:\Windows\System\OecTnvI.exe
  2⤵
  PID:9772
- C:\Windows\System\ekhvVjF.exe
  C:\Windows\System\ekhvVjF.exe
  2⤵
  PID:9788
- C:\Windows\System\lWkCAII.exe
  C:\Windows\System\lWkCAII.exe
  2⤵
  PID:9804
- C:\Windows\System\YQVTeMZ.exe
  C:\Windows\System\YQVTeMZ.exe
  2⤵
  PID:9820
- C:\Windows\System\hAgzEEk.exe
  C:\Windows\System\hAgzEEk.exe
  2⤵
  PID:9836
- C:\Windows\System\ITiXcIg.exe
  C:\Windows\System\ITiXcIg.exe
  2⤵
  PID:9852
- C:\Windows\System\UzNrfiQ.exe
  C:\Windows\System\UzNrfiQ.exe
  2⤵
  PID:9868
- C:\Windows\System\sLHUtnf.exe
  C:\Windows\System\sLHUtnf.exe
  2⤵
  PID:9884
- C:\Windows\System\WMyezZv.exe
  C:\Windows\System\WMyezZv.exe
  2⤵
  PID:9904
- C:\Windows\System\ppDLaAk.exe
  C:\Windows\System\ppDLaAk.exe
  2⤵
  PID:9920
- C:\Windows\System\ZnFtxpw.exe
  C:\Windows\System\ZnFtxpw.exe
  2⤵
  PID:9936
- C:\Windows\System\USpFJuW.exe
  C:\Windows\System\USpFJuW.exe
  2⤵
  PID:9952
- C:\Windows\System\LbyiSId.exe
  C:\Windows\System\LbyiSId.exe
  2⤵
  PID:9968
- C:\Windows\System\GGIJRtX.exe
  C:\Windows\System\GGIJRtX.exe
  2⤵
  PID:9984
- C:\Windows\System\RrTdGWq.exe
  C:\Windows\System\RrTdGWq.exe
  2⤵
  PID:10000
- C:\Windows\System\lQvzkcE.exe
  C:\Windows\System\lQvzkcE.exe
  2⤵
  PID:10016
- C:\Windows\System\RgsVyor.exe
  C:\Windows\System\RgsVyor.exe
  2⤵
  PID:10032
- C:\Windows\System\oTtEuBM.exe
  C:\Windows\System\oTtEuBM.exe
  2⤵
  PID:10048
- C:\Windows\System\IjDRnlu.exe
  C:\Windows\System\IjDRnlu.exe
  2⤵
  PID:10064
- C:\Windows\System\mdaEQEl.exe
  C:\Windows\System\mdaEQEl.exe
  2⤵
  PID:10080
- C:\Windows\System\IxgWqmh.exe
  C:\Windows\System\IxgWqmh.exe
  2⤵
  PID:10100
- C:\Windows\System\ULKHWWE.exe
  C:\Windows\System\ULKHWWE.exe
  2⤵
  PID:10116
- C:\Windows\System\oDquzjE.exe
  C:\Windows\System\oDquzjE.exe
  2⤵
  PID:10132
- C:\Windows\System\TkxwxzD.exe
  C:\Windows\System\TkxwxzD.exe
  2⤵
  PID:10148
- C:\Windows\System\CVSXEAf.exe
  C:\Windows\System\CVSXEAf.exe
  2⤵
  PID:10164
- C:\Windows\System\zZFHwxx.exe
  C:\Windows\System\zZFHwxx.exe
  2⤵
  PID:10184
- C:\Windows\System\XOjnJSP.exe
  C:\Windows\System\XOjnJSP.exe
  2⤵
  PID:10228
- C:\Windows\System\YtuPoNY.exe
  C:\Windows\System\YtuPoNY.exe
  2⤵
  PID:9224
- C:\Windows\System\muIQiNn.exe
  C:\Windows\System\muIQiNn.exe
  2⤵
  PID:9260
- C:\Windows\System\gRRuVOi.exe
  C:\Windows\System\gRRuVOi.exe
  2⤵
  PID:9264
- C:\Windows\System\pYxRdaA.exe
  C:\Windows\System\pYxRdaA.exe
  2⤵
  PID:9300
- C:\Windows\System\ipybNrW.exe
  C:\Windows\System\ipybNrW.exe
  2⤵
  PID:9316
- C:\Windows\System\MbcHaep.exe
  C:\Windows\System\MbcHaep.exe
  2⤵
  PID:9392
- C:\Windows\System\qzXxTeF.exe
  C:\Windows\System\qzXxTeF.exe
  2⤵
  PID:9376
- C:\Windows\System\dTaxhWN.exe
  C:\Windows\System\dTaxhWN.exe
  2⤵
  PID:9476
- C:\Windows\System\iDWyBxn.exe
  C:\Windows\System\iDWyBxn.exe
  2⤵
  PID:9512
- C:\Windows\System\ZHrvGRk.exe
  C:\Windows\System\ZHrvGRk.exe
  2⤵
  PID:9492
- C:\Windows\System\geCjVjR.exe
  C:\Windows\System\geCjVjR.exe
  2⤵
  PID:8752
- C:\Windows\System\WfwobfN.exe
  C:\Windows\System\WfwobfN.exe
  2⤵
  PID:9592
- C:\Windows\System\ixhnNla.exe
  C:\Windows\System\ixhnNla.exe
  2⤵
  PID:9572
- C:\Windows\System\rwrbwka.exe
  C:\Windows\System\rwrbwka.exe
  2⤵
  PID:9624
- C:\Windows\System\CchVZYf.exe
  C:\Windows\System\CchVZYf.exe
  2⤵
  PID:9644
- C:\Windows\System\eGpoxwk.exe
  C:\Windows\System\eGpoxwk.exe
  2⤵
  PID:9684
- C:\Windows\System\IPTvFWF.exe
  C:\Windows\System\IPTvFWF.exe
  2⤵
  PID:9752
- C:\Windows\System\HMybiux.exe
  C:\Windows\System\HMybiux.exe
  2⤵
  PID:10156
- C:\Windows\System\pzbgvLq.exe
  C:\Windows\System\pzbgvLq.exe
  2⤵
  PID:1260
- C:\Windows\System\nxYTfFO.exe
  C:\Windows\System\nxYTfFO.exe
  2⤵
  PID:10400
- C:\Windows\System\NSuFTDC.exe
  C:\Windows\System\NSuFTDC.exe
  2⤵
  PID:10416
- C:\Windows\System\hcXNBNR.exe
  C:\Windows\System\hcXNBNR.exe
  2⤵
  PID:10436
- C:\Windows\System\NDugoik.exe
  C:\Windows\System\NDugoik.exe
  2⤵
  PID:10456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BtIKFRW.exe

Filesize
6.0MB

MD5
9d6ecec00473ea7d46cedceb5da93631

SHA1
91582fcddd22626806c5b83e433b1b3e7a6d21e4

SHA256
af3b1d48dce9a9ceabd3485089f04e65735e3674655c652ac20c1a6ad0fd7a38

SHA512
200ca00400972f73ac4289a318fc6f73755c5598a41f7b566ba996be6b5b79fb133cf92b3ebbb57cca82ece54adf66902f3a7a65391c937820c59c840ff41c76

Download Submit
C:\Windows\system\CGzzHHJ.exe

Filesize
6.0MB

MD5
e93eedc2006ffbfe8e5f6a04625ae457

SHA1
f44a0a5c082fbe18a05f4e528d3984ba1b686cbe

SHA256
2146dbfb9b5e6865ccf66afde73bb35436d700ea583795ce0d97f08ae89adf47

SHA512
981ab435d9536ffa450a45f276a3913ea205562c6f4f28c51e5e0fa7c672739d87236dd761e92ea4c66689d2df8cc4705346a12be081d5d7a88d9d6244262dc7

Download Submit
C:\Windows\system\CPfeCzu.exe

Filesize
6.0MB

MD5
ce26ebd7d63b812a7b75c8037a0058a4

SHA1
dfc3f94d6007d2126c68710d263f7fe1707a9b9f

SHA256
c1c4104f44f8167774a1d343a0e680ef3c88bba9e5681e0f78b337dccc4b90d4

SHA512
027179f2e27287153d19f9938102a83da6cf4216a9d142858944d0f1d42b2df94e952e53bfd06cb51050c11233f5a95f34f1ad7a5ae2208f52186de52d42b8d6

Download Submit
C:\Windows\system\DsEMrWk.exe

Filesize
6.0MB

MD5
ef2c2be1923098081f774ca3c47c8a53

SHA1
a479cf7066a5b2fdced503b2082e5d5a7adec5d4

SHA256
5cff766cc2512d26bf3e9ec845eae062a51ef26954899166ddd990c372ba8de1

SHA512
296d36160872b605f8359610e16305366ab503f2a3ce61c9c6be5949f3ac9cccd66e5ce03c8ec8a1184ce3eaeef7865fe1810c189bb850b159a0f6a0c86143bc

Download Submit
C:\Windows\system\EUFtsBb.exe

Filesize
6.0MB

MD5
02496138fe6de3a7de743674a5ff708c

SHA1
be0d4e98d1fe3607c7aa86b5bec3a13e9817a4be

SHA256
4cb83478257960510b012e45eeb7a881a733d587598e8057f852790070079fa4

SHA512
4a9fad684e0ad055a1dcf3d69c029140de50392b906bd322994b9a2c2bf0f46a488b238302c8f5ed9af0f8c85d8d398eedc3e8fd08f400dfb16e97e1c9da82cd

Download Submit
C:\Windows\system\EUrXDMa.exe

Filesize
6.0MB

MD5
071b7c5d7fd47ad12cd20e433ecc20cd

SHA1
f072fc17cdd93d8e6e1c2df45f7938450bdd2926

SHA256
1006d2413b123fd1a6c303c14f750b0bdfd1a59fc2a1b85a5e229b56a1a5ac20

SHA512
ada2e04496a54d15426463c8d783fc2f9d983d55b66f728a53f13d51525d56ef28d4699c3c8c876a001d1b3e3ef9f5941bdce8ba3c0473b32bd65bd44f76c561

Download Submit
C:\Windows\system\ElcBjQD.exe

Filesize
6.0MB

MD5
d7b574901e04fe95d3ee2597c115d29c

SHA1
130b55c7cbe48705dcb4714e8fde37795a8539b4

SHA256
0b7c9416b4f824191592f9d4222e6b84efae65082e22dfb72253b5eff1ac446c

SHA512
59db1bc3014161d04f7cc06e7a18b0646472a9509cbe36377ad7bb2aedadbed9b7519479a986bb7b0da79c80f5ec9edbafa3df26a93878b5280e796372106846

Download Submit
C:\Windows\system\FWCNjCO.exe

Filesize
6.0MB

MD5
957f4261d740e5d56465fb69174900cb

SHA1
b4a3c6f056730dbb1dd0dbd73dd487846a050d93

SHA256
a50241d674bef652199ea2d22a52ba3da90581f00f3a4e5e841cd870527a04fd

SHA512
313f00477a5ef41c04e44975cf23c08c077055db1a3a15b2cda82f0ccd8e343f729876d262993ec2db2adabb0d2d255bd3a7614ccc5551bfa62a36843d6c67f2

Download Submit
C:\Windows\system\Fzdoztg.exe

Filesize
6.0MB

MD5
49c8d6903fdc7c94a4f9b0599e151476

SHA1
e45e5e88a44c624037e2471d18bb9254490d14ca

SHA256
9b3e716e02776f5e5f590e20253c220aeae46669bc5b872c2243fa7b795055ad

SHA512
7325dce80469ca78f8740345362341cd1ddbdda3d172aa810ef8c613c21c12a144bd2dce0a834843837704ab9aaf09ccb4f862f91be6f9f072ace99d07fab93e

Download Submit
C:\Windows\system\HyYDCvU.exe

Filesize
6.0MB

MD5
fb7c548fe3b3090613902bf7fc70a4c3

SHA1
18cb61ac99ab24e2ff550e58ed5f3bbfad7fc4c3

SHA256
98df1316d0e6c7a3b42e512fcdca3c1a7759b18721b6f20f2a183ae88f69c406

SHA512
e9f3d2e1987251d557a2f131084ea01a6f92a3d2235fee340d2b1c24f6b072e633cfc04734130511520743216f9d3733a868c47ad2d0e838ffcb085facd18dc6

Download Submit
C:\Windows\system\IRVpxPF.exe

Filesize
6.0MB

MD5
a2c5655da1f7e386de155390202381db

SHA1
a5288bbf385acc0d470f1f3b19dcf879dee82502

SHA256
b322151fabe26226f86801ccfc045c0c289c0afd95a394328756f3840da226e2

SHA512
3e8b35429f36b84add4c0f848fdff76811bce98ec5fc37bce8ba69f46d2c40aa1379c86e0e484d0515bd28259ea46928a12b02e5d1eefd11672d0de2bcbe7239

Download Submit
C:\Windows\system\KTvmhAp.exe

Filesize
6.0MB

MD5
5ced9428c7a30b596ff89b8835d20cae

SHA1
613211c9647635df9358f709e02c611c72b318af

SHA256
be1b2d4a66e41755a9fd96a1951c77d9036b3dfd06aee66e31752170968f73f0

SHA512
8ca1caa79653f3c4bef866ef38a1a72c659ba91e66d011b40a483ad41ee670f0144e625f5b8c319752936bcded4e16da5d9f2ba56dfba91cf7f6ddf76d6d9e49

Download Submit
C:\Windows\system\LUtJJgG.exe

Filesize
6.0MB

MD5
b27d63679b88a815003dce0df6161a31

SHA1
ab8fe35077e6326a484021c0aa5c7cb13fc99d37

SHA256
04e432efbd793ce75f651c5b3c3439978f553894295ea9a1d2a54397bb495741

SHA512
a56dcf267b63236743d06a121765de1a3d9ef94173d50edae19f4f75f69eb28e34c0b09a52fc9bd2b513c45bc771bfc371ba561a13df6e93d0ae50f5e396f218

Download Submit
C:\Windows\system\NLCYdtX.exe

Filesize
6.0MB

MD5
6fab1edf9aa146f804ef438f4ba476fc

SHA1
f9ff32f3f6ea77d042555d6ea1da5e3387d160a9

SHA256
b4259f1d375278e434e252e6e964bbce5b8e2d79966fa810e43fdfa93bedf50e

SHA512
c118a220b55a839a287a1ca8e6c96d1a233f76bf748f06afb704c6a3332f96394f6d25a83c31328038e0ff5401459f5e2cdb87326ffce34b352f1a805058623a

Download Submit
C:\Windows\system\QeEFQVv.exe

Filesize
6.0MB

MD5
5c120c6ea72f90f75d3688dac46c6437

SHA1
80e13f90e3ddc0d380bb7821e6c7085546399c59

SHA256
7f5e09e83e3d677e1c99ae9c1cf3129d930de987731320cbe1822bd52828ad11

SHA512
86be32281bde26205c251562f6ae2e8022c7ce1e35259936be78f86090b6c410947dc583432dd18289ef717d9ed442c8a2e2b063af0ff6e80c2947c6ab84decf

Download Submit
C:\Windows\system\RHQEjsR.exe

Filesize
6.0MB

MD5
fb0721010502cb9b638ca55924beb502

SHA1
f8621a81cf718b0cdaab93279eeed52c4885baa6

SHA256
3eb75449dc551ef7c0f19f10b208905f3d74647eacbb36ab15ea378e2c8b6fd3

SHA512
6673985a2444d495dbf61ca6a0d9425e1919110a677a95f3422c2192baed393c6e0f65287a19ca94dba68b02ecd0adb72258a1cca68216eaa10b451168c70237

Download Submit
C:\Windows\system\TXbXRQM.exe

Filesize
6.0MB

MD5
669b977caa9ebb5ded6f64002637dd95

SHA1
47a9cc4d6cdc6470c86eab4c392f7eb8e793314c

SHA256
36582271364b187ca8d5ef46b7ccff290b09e5535f973fcbe78463a86f657ce8

SHA512
7da5bc36c0d7beee9751400fc42c0b27c4fbf1b2f768c3165ca86b769afcec45a67a4477338364be8c950981251a33874b63a158bbb4a0e7fa1d2aa6cafb70f1

Download Submit
C:\Windows\system\YMhjsHD.exe

Filesize
6.0MB

MD5
c6526b05c84e9eb1a3e351d6adc58f8a

SHA1
c8278e965991044c963ed812751f6a51721547dc

SHA256
c160ebaf9eb90710120f8267c0b78ef96d0fa31bd6aef73d094bc0b9f91a5e5a

SHA512
b6cf204bfe30439fc8cc47b1410f8c809e03e2caac915d7ed2db1f280904ffdface571074859a02954a25c0c950df2ba87fec4096738b3cd84093957e9ea728d

Download Submit
C:\Windows\system\fURxXDn.exe

Filesize
6.0MB

MD5
87a4590fbf770fe81cca1207573d6246

SHA1
0bf57cdbcf9a652f2248afaffc24be540f29c29a

SHA256
ebaff383c75b67eed87a8ac1beaffad970303169567a3f3a542d8aac19eca0e7

SHA512
3460e0ea4577fef2d82eb4bf2335e057fa02eb2d40112c0b6d203eee3edbaf1f28770ad80b4e32bfd3136c558f2a9a2aac38ee8f796694a288bd6d4718ac73bc

Download Submit
C:\Windows\system\gTZgcKS.exe

Filesize
6.0MB

MD5
1b167db168681e0a0db6a40d7302bb4f

SHA1
c75cc121588170d550b313b5532fdd859c3106be

SHA256
93999c7438e18c9a34d8e7af72f7471baf962286a24fe2a7189686fa9ebe7a50

SHA512
51ae79c938cc684f9f6bbe3e8fa04d5993239cd248d61ffd118bf70b6ce1aae2d6293d0dd89c5215ab7625611276aa9c438cf3e6c326d9d3e8188cde6fd4d4c7

Download Submit
C:\Windows\system\ignvkcu.exe

Filesize
6.0MB

MD5
40765ee40f2a215e6f3e753a3298094b

SHA1
652646fc46b1e19115a749bb6d623eec7d5cf504

SHA256
27f1ebbd630be5e434dc1e2608adc46d990f6967d62dae44cdb863909bc7b8e4

SHA512
41e1e8e6cfee379c73a0539b053b427f644e2b746fa12fe7dd7eeb07a50d933d774a4846805bce36aded61e2f937bc7f7d29d49321f85694985e4e567dd96937

Download Submit
C:\Windows\system\ilBTyFe.exe

Filesize
6.0MB

MD5
3d79952a5ef5d8ef8619f2ef08d78ab8

SHA1
576ebca7a465ef7c448617adfc93954a7a5c4ab3

SHA256
4ceba3b063140e397c289e95126df858d3b4743daf2e06cfe1c4ea7a2426ce07

SHA512
f3bbb2b94fe8802bbc40e8ad1fe030109b1e7522d2e593cb6ffdf72b02ca612f94570b47adfcae7a6e860c971132a264e72f9f13973bbb022428a880633369bf

Download Submit
C:\Windows\system\rkAQSXl.exe

Filesize
6.0MB

MD5
7a85190e0b238971cb7e80194b1255ef

SHA1
6abfc00733c0dc1dcbb2b3577ebb041d9bb1b3c2

SHA256
5ff1c1c5eb273dea73446dc2134ab0eb9e7231d816a4b099f28173769f3a68bd

SHA512
d64b780c5bdde54446b7b3619b13552e399e67f8bca05cb26347db9e720886e642bb7feff2fa35d37b535c6eef5ae1b2592311e75c4167e6125105e183175242

Download Submit
C:\Windows\system\xJuxJxe.exe

Filesize
6.0MB

MD5
0eb2bcf293e67d061fcff10b38d5ae16

SHA1
940bdecd38338ec093db3cc5baeefdaed9c28a92

SHA256
c5c85311c6acc91a8bb465892038299a4c6b818d34104fd5461b7ee1a7071cb9

SHA512
af7537712ef63c88dad8a60abe22ea30380a780f21d701bd35dd19bcf333d8cf0b2b51d68038d13b0adc08a437b40163649484c92e55fc701fc069e34322155e

Download Submit
\Windows\system\COFWaXF.exe

Filesize
6.0MB

MD5
bc5bc297fc7011172e094896d12256a3

SHA1
dba1d10457c8cd4ebb8dc0fe3ee64687ad8fb4a6

SHA256
099fadf2b59410d9922f67f90c1bbdcb301f870a08bf30df063baf99572cc871

SHA512
94f5969a2718c6dd0da1c1a3eef3df944c7ec74631671269716444427efe126151fec2b08351e0cde2dc7ed54f334390e2c39d0ec8d58a97aed49ceb96e61a0d

Download Submit
\Windows\system\FnfTnWm.exe

Filesize
6.0MB

MD5
2d83f154a6e2d4954416c2042928a1b6

SHA1
a2a698319d8838e67499d2250eef25725b43a2ee

SHA256
7d44c7b286358d619c0eac575e9e4e34137d479c38db6607ddecc35b36a0b73a

SHA512
d0c23dcfad3e0a9b3de708ff7214edd7ca2d552c6df78bdcc6a840624575df2ec65f0b77d76ec94a3770c0412ee570b132bed0bd14801424385a02a78eee769d

Download Submit
\Windows\system\QbtMMRH.exe

Filesize
6.0MB

MD5
3ccb046159c77e62c95711aaefb8d0bc

SHA1
37fc4c99d72e3ac9959941eb82d9c6dfab3cb113

SHA256
a6844b4f3f66b9a8fe2421436c2acf9a545c904791704ec89fd061b0d4ca7449

SHA512
18a6eb6db9378cd6be28d028773cef8af8ce4592c818a2b8b83fadfc572f269a04f26c4c73878b222fdd2696d2fcabc2327aea0a82494963bf01f0aafc464872

Download Submit
\Windows\system\YHrCWCU.exe

Filesize
6.0MB

MD5
5e60c07f99d562945c0d85c83419c508

SHA1
c95254afae3715d69ccf00ffdb38d20a05bb099f

SHA256
b5fb2dbb25cc6d53453bea58646549df0f4079ba77ba91a20b7b95e963372647

SHA512
b860517250afc785031ee53fff63375dd9bd67ed38704f550442cacb47d74dddd73fd79084cc12fcaab764e1ea6a846ceb43c8d2d95e12c936499f165d476d50

Download Submit
\Windows\system\ZQcueuB.exe

Filesize
6.0MB

MD5
02dc853af82af61a7c85631c07bcf1b5

SHA1
eaecd4f7bcd982c1363d97d2606f25740d85ad76

SHA256
3c0fac803fcaad5662499b4ed28a3fc62711d1e7be5218670fc462639b905b08

SHA512
5efa41f5e3b192780199ef2bd8b9b492f29e9eeb6a72a0bdac336aa2f1e711359e2077f39073c38287e822ac26bbf69492e40659777a3ea7f64e55c99f24bb78

Download Submit
\Windows\system\eFxMQRs.exe

Filesize
6.0MB

MD5
fe4857b5ef44197d61232e0c74e450b4

SHA1
a3137c5c023dabb31f888f388729d7c69ef3fd62

SHA256
f212ff9232e4a87d0f3a8fff094c388dfca12d3c12cafcb7f4a2802294f2173c

SHA512
531a80b288448f2093984ad05f2638640fd853c28e42e2d4e26560108207bc6c9092663a4c6819362f24a9af0786455939fb70bc532153063d89c9da3ffde403

Download Submit
\Windows\system\yWQlpWR.exe

Filesize
6.0MB

MD5
0a06c29ca4c0f6b7b2d00abcb9ffd43a

SHA1
dc041bde854f01fd150a59c1c95ac6c70c71250c

SHA256
a7d2c3c4793596db35c4b459e4a817c92540099b31d264a4b8e19c124ce72b70

SHA512
cb5d9202bf947a5b9ec1e4002d9efb371429964f9efad18d3ffc73a2eb569c22d10b78d39cc3def8529afb274598114df1673172a9ed1d7097c805357cb61e04

Download Submit
\Windows\system\zqnQSsq.exe

Filesize
6.0MB

MD5
d422c41b6996bfb471d70167accb2c9c

SHA1
f0002f96acb61355a0d3717d6865cd72bf105a87

SHA256
3ca85cc47d680f5a0bb96cf052cb28cfacbe2db05a294dba2a1eaa2312309333

SHA512
23c1c0fe0bb369bce13397a34e22a1799605795169ebc60fd2e84d0e5cfacdc1817705508a736ba1c2e4db0c3b2d88ff130729f10d1675c7fbd45c1804cf87fd

Download Submit
memory/336-3032-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/336-73-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2060-434-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2060-62-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-0-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2060-90-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2060-5-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-101-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2060-72-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2060-48-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2060-68-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2060-306-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2060-58-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-14-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2060-371-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-233-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2060-71-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2060-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2060-83-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2060-84-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2060-20-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2060-44-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2060-76-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2060-40-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2060-28-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-24-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2084-98-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-3076-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-87-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-3079-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-17-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2256-41-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2256-1129-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2396-33-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-8-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-1587-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-3182-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2444-94-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2524-1589-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2524-46-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2524-79-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2660-3181-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2660-80-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3077-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-66-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-53-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3074-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2828-1591-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2828-52-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2828-22-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2836-1588-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2836-37-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2844-1590-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2844-45-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2900-3038-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-59-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download