cobaltstrike | 5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 20:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
Size

6.0MB
MD5

edd6e5975e95a441621ff61b6725a6ec
SHA1

da11cda20410180e0f049721e6ade431f7d544f5
SHA256

5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020
SHA512

cd3af9b9f7c5b7d0d45cfef1eb7363d30f6390052d4ce19338beea8bc127e93a64bb223e6d46feb0ce84005a8347d653cb139a782f93c128bbcdc80cd1a331e6
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUW:eOl56utgpPF8u/7W

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b00000001225e-3.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001930d-7.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001932d-15.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001933b-21.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019374-26.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001939b-30.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193b3-36.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dbf-45.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f8a-50.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193b5-40.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a075-60.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07e-65.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48d-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a9-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a499-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48b-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a427-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-91.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-85.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a359-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a307-75.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09e-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f94-55.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 43 IoCs

miner

resource	yara_rule
behavioral1/memory/2904-0-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/files/0x000b00000001225e-3.dat	xmrig
behavioral1/files/0x000700000001930d-7.dat	xmrig
behavioral1/files/0x000700000001932d-15.dat	xmrig
behavioral1/files/0x000600000001933b-21.dat	xmrig
behavioral1/files/0x0006000000019374-26.dat	xmrig
behavioral1/files/0x000600000001939b-30.dat	xmrig
behavioral1/files/0x00070000000193b3-36.dat	xmrig
behavioral1/files/0x0005000000019dbf-45.dat	xmrig
behavioral1/files/0x0005000000019f8a-50.dat	xmrig
behavioral1/files/0x00070000000193b5-40.dat	xmrig
behavioral1/files/0x000500000001a075-60.dat	xmrig
behavioral1/files/0x000500000001a07e-65.dat	xmrig
behavioral1/files/0x000500000001a46f-110.dat	xmrig
behavioral1/files/0x000500000001a48d-120.dat	xmrig
behavioral1/files/0x000500000001a4b3-150.dat	xmrig
behavioral1/files/0x000500000001a4b7-160.dat	xmrig
behavioral1/memory/2904-1769-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4b5-156.dat	xmrig
behavioral1/files/0x000500000001a4af-138.dat	xmrig
behavioral1/files/0x000500000001a4b1-144.dat	xmrig
behavioral1/files/0x000500000001a49a-131.dat	xmrig
behavioral1/files/0x000500000001a4a9-135.dat	xmrig
behavioral1/files/0x000500000001a499-126.dat	xmrig
behavioral1/files/0x000500000001a48b-115.dat	xmrig
behavioral1/files/0x000500000001a42d-105.dat	xmrig
behavioral1/files/0x000500000001a427-100.dat	xmrig
behavioral1/files/0x000500000001a41e-95.dat	xmrig
behavioral1/files/0x000500000001a41d-91.dat	xmrig
behavioral1/files/0x000500000001a41b-85.dat	xmrig
behavioral1/files/0x000500000001a359-80.dat	xmrig
behavioral1/files/0x000500000001a307-75.dat	xmrig
behavioral1/files/0x000500000001a09e-70.dat	xmrig
behavioral1/files/0x0005000000019f94-55.dat	xmrig
behavioral1/memory/2732-2073-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2860-2265-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2716-2403-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2904-3157-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2860-3921-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2228-3922-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2744-3920-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2732-3928-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2716-3931-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2228	GvhCxjM.exe
2732	RgCrSaT.exe
2860	vGQxUeH.exe
2716	oCXwbRu.exe
2744	HCNbiTI.exe
2864	kYLHDuI.exe
3020	MslQtTq.exe
2868	tDcfdTV.exe
2056	UusRDXW.exe
2600	FJSEVNW.exe
2752	yCsVAci.exe
2892	BNKzxiw.exe
1228	crNjhzH.exe
3024	AsubLsw.exe
1872	gzjnIeW.exe
3064	tRkURfS.exe
2208	HjaICmQ.exe
2828	PiWzlIc.exe
1588	wBjqqsl.exe
292	SUQUVOy.exe
2816	WzXeSAS.exe
2820	fPlXkSK.exe
1800	ZoZnfNp.exe
1020	DQKAlWp.exe
2124	iRnTRWs.exe
484	HXemuLt.exe
1524	EujCRNZ.exe
848	coPtNRS.exe
2448	bETrrls.exe
2332	sYHPhuP.exe
1164	KlSLGQM.exe
1756	vjiugkX.exe
972	TbnCQSh.exe
600	hJYesgq.exe
1148	thHQKXQ.exe
3016	PAziacn.exe
1624	YFfSAPf.exe
2484	Jxeugup.exe
1704	EDKiHfM.exe
1696	bWYrKzE.exe
1584	dflClIs.exe
1608	UDSWUat.exe
1612	TAOwZBz.exe
1556	sURlFOg.exe
2524	OQvPZro.exe
2272	GzEFIXu.exe
3052	XBshHVD.exe
2492	yVrymjy.exe
380	fyJGLEA.exe
976	cyFLOhG.exe
776	MzHqUSq.exe
2428	dzIHSdI.exe
2404	GMDuOOT.exe
1628	mauNWpc.exe
2068	uZDCEOV.exe
1488	ZcbqwtY.exe
880	NSNdzBz.exe
2112	aROcFmj.exe
1596	vMgVHDt.exe
2728	oKBfQIu.exe
2392	VrhBLEP.exe
2764	Rlnbqam.exe
2724	jbeWsGl.exe
2596	ZXxBsNN.exe

Loads dropped DLL 64 IoCs

pid	Process
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe

UPX packed file 42 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2904-0-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/files/0x000b00000001225e-3.dat	upx
behavioral1/files/0x000700000001930d-7.dat	upx
behavioral1/files/0x000700000001932d-15.dat	upx
behavioral1/files/0x000600000001933b-21.dat	upx
behavioral1/files/0x0006000000019374-26.dat	upx
behavioral1/files/0x000600000001939b-30.dat	upx
behavioral1/files/0x00070000000193b3-36.dat	upx
behavioral1/files/0x0005000000019dbf-45.dat	upx
behavioral1/files/0x0005000000019f8a-50.dat	upx
behavioral1/files/0x00070000000193b5-40.dat	upx
behavioral1/files/0x000500000001a075-60.dat	upx
behavioral1/files/0x000500000001a07e-65.dat	upx
behavioral1/files/0x000500000001a46f-110.dat	upx
behavioral1/files/0x000500000001a48d-120.dat	upx
behavioral1/files/0x000500000001a4b3-150.dat	upx
behavioral1/files/0x000500000001a4b7-160.dat	upx
behavioral1/files/0x000500000001a4b5-156.dat	upx
behavioral1/files/0x000500000001a4af-138.dat	upx
behavioral1/files/0x000500000001a4b1-144.dat	upx
behavioral1/files/0x000500000001a49a-131.dat	upx
behavioral1/files/0x000500000001a4a9-135.dat	upx
behavioral1/files/0x000500000001a499-126.dat	upx
behavioral1/files/0x000500000001a48b-115.dat	upx
behavioral1/files/0x000500000001a42d-105.dat	upx
behavioral1/files/0x000500000001a427-100.dat	upx
behavioral1/files/0x000500000001a41e-95.dat	upx
behavioral1/files/0x000500000001a41d-91.dat	upx
behavioral1/files/0x000500000001a41b-85.dat	upx
behavioral1/files/0x000500000001a359-80.dat	upx
behavioral1/files/0x000500000001a307-75.dat	upx
behavioral1/files/0x000500000001a09e-70.dat	upx
behavioral1/files/0x0005000000019f94-55.dat	upx
behavioral1/memory/2732-2073-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2860-2265-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2716-2403-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2904-3157-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2860-3921-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2228-3922-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2744-3920-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2732-3928-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2716-3931-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\Nuzyypc.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\BblsYHh.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\UBGxsMs.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\GvhCxjM.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\aROcFmj.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\IGPPEEN.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\JCrEQJR.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\OafoeiS.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\ECqfmoy.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\SmCrcnx.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\ILnQcLb.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\HaFRguz.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\rkugPjV.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\EfNZMZX.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\PCBAQan.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\IitpTfl.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\MBdSDFf.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\sURlFOg.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\gAYrxwX.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\rWruLOg.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\VrpvIYG.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\nqfXOsN.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\ddrMqht.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\HFumzZX.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\ysKSTYl.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\pQZSDYo.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\FVyiQLa.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\YSSSqCR.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\HoqTQpl.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\pmlrvJz.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\oByVjOo.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\bvVBUaD.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\VuZmHMi.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\JGUyieQ.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\UBkeGOQ.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\JwjFbDf.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\teJNoXp.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\SmqZFIc.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\jMGtlpS.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\ffcwVAY.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\FvHkzng.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\LGWqefe.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\IzPWKQR.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\sGcVKHK.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\egXqwjR.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\hVQwnWw.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\cVxSBNg.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\awkEzcE.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\OHKFsDH.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\LFechZb.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\SiCJIgl.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\QhQupDa.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\arMnkFK.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\aVkxGeu.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\ZAhHyYz.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\kBUYRcE.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\bYYboYt.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\NxBpKjg.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\GHiCnGO.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\hCCdTYH.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\hoLDTpR.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\MVoHYAY.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\LYYmRqw.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
File created	C:\Windows\System\OknRTtq.exe	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 2228	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	31
PID 2904 wrote to memory of 2228	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	31
PID 2904 wrote to memory of 2228	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	31
PID 2904 wrote to memory of 2732	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	32
PID 2904 wrote to memory of 2732	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	32
PID 2904 wrote to memory of 2732	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	32
PID 2904 wrote to memory of 2860	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	33
PID 2904 wrote to memory of 2860	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	33
PID 2904 wrote to memory of 2860	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	33
PID 2904 wrote to memory of 2716	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	34
PID 2904 wrote to memory of 2716	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	34
PID 2904 wrote to memory of 2716	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	34
PID 2904 wrote to memory of 2744	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	35
PID 2904 wrote to memory of 2744	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	35
PID 2904 wrote to memory of 2744	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	35
PID 2904 wrote to memory of 2864	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	36
PID 2904 wrote to memory of 2864	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	36
PID 2904 wrote to memory of 2864	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	36
PID 2904 wrote to memory of 3020	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	37
PID 2904 wrote to memory of 3020	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	37
PID 2904 wrote to memory of 3020	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	37
PID 2904 wrote to memory of 2868	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	38
PID 2904 wrote to memory of 2868	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	38
PID 2904 wrote to memory of 2868	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	38
PID 2904 wrote to memory of 2056	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	39
PID 2904 wrote to memory of 2056	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	39
PID 2904 wrote to memory of 2056	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	39
PID 2904 wrote to memory of 2600	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	40
PID 2904 wrote to memory of 2600	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	40
PID 2904 wrote to memory of 2600	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	40
PID 2904 wrote to memory of 2752	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	41
PID 2904 wrote to memory of 2752	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	41
PID 2904 wrote to memory of 2752	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	41
PID 2904 wrote to memory of 2892	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	42
PID 2904 wrote to memory of 2892	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	42
PID 2904 wrote to memory of 2892	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	42
PID 2904 wrote to memory of 1228	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	43
PID 2904 wrote to memory of 1228	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	43
PID 2904 wrote to memory of 1228	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	43
PID 2904 wrote to memory of 3024	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	44
PID 2904 wrote to memory of 3024	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	44
PID 2904 wrote to memory of 3024	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	44
PID 2904 wrote to memory of 1872	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	45
PID 2904 wrote to memory of 1872	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	45
PID 2904 wrote to memory of 1872	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	45
PID 2904 wrote to memory of 3064	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	46
PID 2904 wrote to memory of 3064	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	46
PID 2904 wrote to memory of 3064	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	46
PID 2904 wrote to memory of 2208	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	47
PID 2904 wrote to memory of 2208	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	47
PID 2904 wrote to memory of 2208	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	47
PID 2904 wrote to memory of 2828	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	48
PID 2904 wrote to memory of 2828	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	48
PID 2904 wrote to memory of 2828	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	48
PID 2904 wrote to memory of 1588	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	49
PID 2904 wrote to memory of 1588	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	49
PID 2904 wrote to memory of 1588	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	49
PID 2904 wrote to memory of 292	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	50
PID 2904 wrote to memory of 292	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	50
PID 2904 wrote to memory of 292	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	50
PID 2904 wrote to memory of 2816	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	51
PID 2904 wrote to memory of 2816	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	51
PID 2904 wrote to memory of 2816	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	51
PID 2904 wrote to memory of 2820	2904	JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5f7044be2d568e2f26b90d77f8bee8f7bac69e84dde97b15b879db8a70c20020.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Windows\System\GvhCxjM.exe
  C:\Windows\System\GvhCxjM.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\RgCrSaT.exe
  C:\Windows\System\RgCrSaT.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\vGQxUeH.exe
  C:\Windows\System\vGQxUeH.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\oCXwbRu.exe
  C:\Windows\System\oCXwbRu.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\HCNbiTI.exe
  C:\Windows\System\HCNbiTI.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\kYLHDuI.exe
  C:\Windows\System\kYLHDuI.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\MslQtTq.exe
  C:\Windows\System\MslQtTq.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\tDcfdTV.exe
  C:\Windows\System\tDcfdTV.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\UusRDXW.exe
  C:\Windows\System\UusRDXW.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\FJSEVNW.exe
  C:\Windows\System\FJSEVNW.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\yCsVAci.exe
  C:\Windows\System\yCsVAci.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\BNKzxiw.exe
  C:\Windows\System\BNKzxiw.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\crNjhzH.exe
  C:\Windows\System\crNjhzH.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\AsubLsw.exe
  C:\Windows\System\AsubLsw.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\gzjnIeW.exe
  C:\Windows\System\gzjnIeW.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\tRkURfS.exe
  C:\Windows\System\tRkURfS.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\HjaICmQ.exe
  C:\Windows\System\HjaICmQ.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\PiWzlIc.exe
  C:\Windows\System\PiWzlIc.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\wBjqqsl.exe
  C:\Windows\System\wBjqqsl.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\SUQUVOy.exe
  C:\Windows\System\SUQUVOy.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\WzXeSAS.exe
  C:\Windows\System\WzXeSAS.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\fPlXkSK.exe
  C:\Windows\System\fPlXkSK.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\ZoZnfNp.exe
  C:\Windows\System\ZoZnfNp.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\DQKAlWp.exe
  C:\Windows\System\DQKAlWp.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\iRnTRWs.exe
  C:\Windows\System\iRnTRWs.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\HXemuLt.exe
  C:\Windows\System\HXemuLt.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\EujCRNZ.exe
  C:\Windows\System\EujCRNZ.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\bETrrls.exe
  C:\Windows\System\bETrrls.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\coPtNRS.exe
  C:\Windows\System\coPtNRS.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\sYHPhuP.exe
  C:\Windows\System\sYHPhuP.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\KlSLGQM.exe
  C:\Windows\System\KlSLGQM.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\vjiugkX.exe
  C:\Windows\System\vjiugkX.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\TbnCQSh.exe
  C:\Windows\System\TbnCQSh.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\hJYesgq.exe
  C:\Windows\System\hJYesgq.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\thHQKXQ.exe
  C:\Windows\System\thHQKXQ.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\PAziacn.exe
  C:\Windows\System\PAziacn.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\YFfSAPf.exe
  C:\Windows\System\YFfSAPf.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\Jxeugup.exe
  C:\Windows\System\Jxeugup.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\EDKiHfM.exe
  C:\Windows\System\EDKiHfM.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\bWYrKzE.exe
  C:\Windows\System\bWYrKzE.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\dflClIs.exe
  C:\Windows\System\dflClIs.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\UDSWUat.exe
  C:\Windows\System\UDSWUat.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\TAOwZBz.exe
  C:\Windows\System\TAOwZBz.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\sURlFOg.exe
  C:\Windows\System\sURlFOg.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\OQvPZro.exe
  C:\Windows\System\OQvPZro.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\GzEFIXu.exe
  C:\Windows\System\GzEFIXu.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\XBshHVD.exe
  C:\Windows\System\XBshHVD.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\yVrymjy.exe
  C:\Windows\System\yVrymjy.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\fyJGLEA.exe
  C:\Windows\System\fyJGLEA.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\cyFLOhG.exe
  C:\Windows\System\cyFLOhG.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\MzHqUSq.exe
  C:\Windows\System\MzHqUSq.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\mauNWpc.exe
  C:\Windows\System\mauNWpc.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\dzIHSdI.exe
  C:\Windows\System\dzIHSdI.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\NSNdzBz.exe
  C:\Windows\System\NSNdzBz.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\GMDuOOT.exe
  C:\Windows\System\GMDuOOT.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\aROcFmj.exe
  C:\Windows\System\aROcFmj.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\uZDCEOV.exe
  C:\Windows\System\uZDCEOV.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\vMgVHDt.exe
  C:\Windows\System\vMgVHDt.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\ZcbqwtY.exe
  C:\Windows\System\ZcbqwtY.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\oKBfQIu.exe
  C:\Windows\System\oKBfQIu.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\VrhBLEP.exe
  C:\Windows\System\VrhBLEP.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\jbeWsGl.exe
  C:\Windows\System\jbeWsGl.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\Rlnbqam.exe
  C:\Windows\System\Rlnbqam.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\ZXxBsNN.exe
  C:\Windows\System\ZXxBsNN.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\VqgWYti.exe
  C:\Windows\System\VqgWYti.exe
  2⤵
  PID:2268
- C:\Windows\System\pVEPZlt.exe
  C:\Windows\System\pVEPZlt.exe
  2⤵
  PID:1792
- C:\Windows\System\vxXJzkQ.exe
  C:\Windows\System\vxXJzkQ.exe
  2⤵
  PID:1356
- C:\Windows\System\kBvOhWs.exe
  C:\Windows\System\kBvOhWs.exe
  2⤵
  PID:2216
- C:\Windows\System\mSIlIGc.exe
  C:\Windows\System\mSIlIGc.exe
  2⤵
  PID:1052
- C:\Windows\System\YPQXyBO.exe
  C:\Windows\System\YPQXyBO.exe
  2⤵
  PID:1884
- C:\Windows\System\xjcpLpq.exe
  C:\Windows\System\xjcpLpq.exe
  2⤵
  PID:1652
- C:\Windows\System\vZLzYNk.exe
  C:\Windows\System\vZLzYNk.exe
  2⤵
  PID:2084
- C:\Windows\System\hMNZukx.exe
  C:\Windows\System\hMNZukx.exe
  2⤵
  PID:2248
- C:\Windows\System\VUISzLA.exe
  C:\Windows\System\VUISzLA.exe
  2⤵
  PID:2420
- C:\Windows\System\yJDJwvq.exe
  C:\Windows\System\yJDJwvq.exe
  2⤵
  PID:344
- C:\Windows\System\QLKXyAD.exe
  C:\Windows\System\QLKXyAD.exe
  2⤵
  PID:884
- C:\Windows\System\aDzgbdZ.exe
  C:\Windows\System\aDzgbdZ.exe
  2⤵
  PID:2552
- C:\Windows\System\fVkhCxW.exe
  C:\Windows\System\fVkhCxW.exe
  2⤵
  PID:2092
- C:\Windows\System\ymhKhoQ.exe
  C:\Windows\System\ymhKhoQ.exe
  2⤵
  PID:892
- C:\Windows\System\sgdmvzq.exe
  C:\Windows\System\sgdmvzq.exe
  2⤵
  PID:1668
- C:\Windows\System\MxFPbDg.exe
  C:\Windows\System\MxFPbDg.exe
  2⤵
  PID:1432
- C:\Windows\System\EiaCJfS.exe
  C:\Windows\System\EiaCJfS.exe
  2⤵
  PID:796
- C:\Windows\System\PlKLDMU.exe
  C:\Windows\System\PlKLDMU.exe
  2⤵
  PID:1856
- C:\Windows\System\LfBqxVw.exe
  C:\Windows\System\LfBqxVw.exe
  2⤵
  PID:1724
- C:\Windows\System\OiWybSS.exe
  C:\Windows\System\OiWybSS.exe
  2⤵
  PID:2244
- C:\Windows\System\HdmZZES.exe
  C:\Windows\System\HdmZZES.exe
  2⤵
  PID:1604
- C:\Windows\System\OPdbXHX.exe
  C:\Windows\System\OPdbXHX.exe
  2⤵
  PID:2180
- C:\Windows\System\iVvzMoo.exe
  C:\Windows\System\iVvzMoo.exe
  2⤵
  PID:1152
- C:\Windows\System\IKoqTvW.exe
  C:\Windows\System\IKoqTvW.exe
  2⤵
  PID:1720
- C:\Windows\System\bSDQpRw.exe
  C:\Windows\System\bSDQpRw.exe
  2⤵
  PID:748
- C:\Windows\System\rRBdmRP.exe
  C:\Windows\System\rRBdmRP.exe
  2⤵
  PID:2532
- C:\Windows\System\ZuEdjXK.exe
  C:\Windows\System\ZuEdjXK.exe
  2⤵
  PID:1456
- C:\Windows\System\gjeJKDh.exe
  C:\Windows\System\gjeJKDh.exe
  2⤵
  PID:1216
- C:\Windows\System\zACVmvY.exe
  C:\Windows\System\zACVmvY.exe
  2⤵
  PID:876
- C:\Windows\System\zXnsLlQ.exe
  C:\Windows\System\zXnsLlQ.exe
  2⤵
  PID:2604
- C:\Windows\System\nZsRNXe.exe
  C:\Windows\System\nZsRNXe.exe
  2⤵
  PID:2584
- C:\Windows\System\JCrEQJR.exe
  C:\Windows\System\JCrEQJR.exe
  2⤵
  PID:2704
- C:\Windows\System\aHgOZJr.exe
  C:\Windows\System\aHgOZJr.exe
  2⤵
  PID:2564
- C:\Windows\System\pMEkLcT.exe
  C:\Windows\System\pMEkLcT.exe
  2⤵
  PID:2956
- C:\Windows\System\DLEPEzv.exe
  C:\Windows\System\DLEPEzv.exe
  2⤵
  PID:1844
- C:\Windows\System\nlBNlyT.exe
  C:\Windows\System\nlBNlyT.exe
  2⤵
  PID:2840
- C:\Windows\System\mgdBJal.exe
  C:\Windows\System\mgdBJal.exe
  2⤵
  PID:568
- C:\Windows\System\PkronAM.exe
  C:\Windows\System\PkronAM.exe
  2⤵
  PID:340
- C:\Windows\System\pkpTrXt.exe
  C:\Windows\System\pkpTrXt.exe
  2⤵
  PID:2684
- C:\Windows\System\dDEjcXb.exe
  C:\Windows\System\dDEjcXb.exe
  2⤵
  PID:576
- C:\Windows\System\QJgRhYb.exe
  C:\Windows\System\QJgRhYb.exe
  2⤵
  PID:2372
- C:\Windows\System\BKJOJHY.exe
  C:\Windows\System\BKJOJHY.exe
  2⤵
  PID:1436
- C:\Windows\System\AwRxmDO.exe
  C:\Windows\System\AwRxmDO.exe
  2⤵
  PID:1676
- C:\Windows\System\mcfnQPG.exe
  C:\Windows\System\mcfnQPG.exe
  2⤵
  PID:1396
- C:\Windows\System\HBlkGik.exe
  C:\Windows\System\HBlkGik.exe
  2⤵
  PID:2224
- C:\Windows\System\xAniAwH.exe
  C:\Windows\System\xAniAwH.exe
  2⤵
  PID:1684
- C:\Windows\System\gDoVYCD.exe
  C:\Windows\System\gDoVYCD.exe
  2⤵
  PID:2120
- C:\Windows\System\dQIvRCC.exe
  C:\Windows\System\dQIvRCC.exe
  2⤵
  PID:1656
- C:\Windows\System\rSOdMuf.exe
  C:\Windows\System\rSOdMuf.exe
  2⤵
  PID:1492
- C:\Windows\System\xsgrzIY.exe
  C:\Windows\System\xsgrzIY.exe
  2⤵
  PID:1220
- C:\Windows\System\LJQOIFY.exe
  C:\Windows\System\LJQOIFY.exe
  2⤵
  PID:2444
- C:\Windows\System\wwrAbCg.exe
  C:\Windows\System\wwrAbCg.exe
  2⤵
  PID:1004
- C:\Windows\System\gobVFIp.exe
  C:\Windows\System\gobVFIp.exe
  2⤵
  PID:1104
- C:\Windows\System\FxZahfd.exe
  C:\Windows\System\FxZahfd.exe
  2⤵
  PID:904
- C:\Windows\System\ubBPShU.exe
  C:\Windows\System\ubBPShU.exe
  2⤵
  PID:940
- C:\Windows\System\mkmuJKT.exe
  C:\Windows\System\mkmuJKT.exe
  2⤵
  PID:1012
- C:\Windows\System\GONIxyF.exe
  C:\Windows\System\GONIxyF.exe
  2⤵
  PID:1900
- C:\Windows\System\WSVXJse.exe
  C:\Windows\System\WSVXJse.exe
  2⤵
  PID:1852
- C:\Windows\System\BadGvRo.exe
  C:\Windows\System\BadGvRo.exe
  2⤵
  PID:2352
- C:\Windows\System\CTyAXwR.exe
  C:\Windows\System\CTyAXwR.exe
  2⤵
  PID:3084
- C:\Windows\System\cJbIkCG.exe
  C:\Windows\System\cJbIkCG.exe
  2⤵
  PID:3108
- C:\Windows\System\vHCGtoH.exe
  C:\Windows\System\vHCGtoH.exe
  2⤵
  PID:3132
- C:\Windows\System\cojCZnN.exe
  C:\Windows\System\cojCZnN.exe
  2⤵
  PID:3152
- C:\Windows\System\kBUYRcE.exe
  C:\Windows\System\kBUYRcE.exe
  2⤵
  PID:3192
- C:\Windows\System\QjIqZIQ.exe
  C:\Windows\System\QjIqZIQ.exe
  2⤵
  PID:3216
- C:\Windows\System\VOllCCi.exe
  C:\Windows\System\VOllCCi.exe
  2⤵
  PID:3236
- C:\Windows\System\bbrBEaL.exe
  C:\Windows\System\bbrBEaL.exe
  2⤵
  PID:3256
- C:\Windows\System\HFaeNoB.exe
  C:\Windows\System\HFaeNoB.exe
  2⤵
  PID:3280
- C:\Windows\System\xeLrwqo.exe
  C:\Windows\System\xeLrwqo.exe
  2⤵
  PID:3296
- C:\Windows\System\OmICPQp.exe
  C:\Windows\System\OmICPQp.exe
  2⤵
  PID:3324
- C:\Windows\System\iwNCfWw.exe
  C:\Windows\System\iwNCfWw.exe
  2⤵
  PID:3340
- C:\Windows\System\rUPOXOz.exe
  C:\Windows\System\rUPOXOz.exe
  2⤵
  PID:3360
- C:\Windows\System\wFizwpj.exe
  C:\Windows\System\wFizwpj.exe
  2⤵
  PID:3380
- C:\Windows\System\gZCcoBc.exe
  C:\Windows\System\gZCcoBc.exe
  2⤵
  PID:3404
- C:\Windows\System\CNQXxvh.exe
  C:\Windows\System\CNQXxvh.exe
  2⤵
  PID:3420
- C:\Windows\System\CIoMtPh.exe
  C:\Windows\System\CIoMtPh.exe
  2⤵
  PID:3436
- C:\Windows\System\iZMtTnk.exe
  C:\Windows\System\iZMtTnk.exe
  2⤵
  PID:3460
- C:\Windows\System\NJFxnUl.exe
  C:\Windows\System\NJFxnUl.exe
  2⤵
  PID:3480
- C:\Windows\System\VCtLZeg.exe
  C:\Windows\System\VCtLZeg.exe
  2⤵
  PID:3496
- C:\Windows\System\OPEOBST.exe
  C:\Windows\System\OPEOBST.exe
  2⤵
  PID:3512
- C:\Windows\System\YPEfsJx.exe
  C:\Windows\System\YPEfsJx.exe
  2⤵
  PID:3536
- C:\Windows\System\pLcjggd.exe
  C:\Windows\System\pLcjggd.exe
  2⤵
  PID:3564
- C:\Windows\System\TyPpcOO.exe
  C:\Windows\System\TyPpcOO.exe
  2⤵
  PID:3580
- C:\Windows\System\UWJBPPm.exe
  C:\Windows\System\UWJBPPm.exe
  2⤵
  PID:3600
- C:\Windows\System\SzkAIgq.exe
  C:\Windows\System\SzkAIgq.exe
  2⤵
  PID:3616
- C:\Windows\System\sKJwBzt.exe
  C:\Windows\System\sKJwBzt.exe
  2⤵
  PID:3636
- C:\Windows\System\zjTcPFE.exe
  C:\Windows\System\zjTcPFE.exe
  2⤵
  PID:3652
- C:\Windows\System\ZDmCnOz.exe
  C:\Windows\System\ZDmCnOz.exe
  2⤵
  PID:3676
- C:\Windows\System\YHzhXIU.exe
  C:\Windows\System\YHzhXIU.exe
  2⤵
  PID:3696
- C:\Windows\System\DmfoTEK.exe
  C:\Windows\System\DmfoTEK.exe
  2⤵
  PID:3724
- C:\Windows\System\YwSpBGP.exe
  C:\Windows\System\YwSpBGP.exe
  2⤵
  PID:3744
- C:\Windows\System\mvdzghB.exe
  C:\Windows\System\mvdzghB.exe
  2⤵
  PID:3760
- C:\Windows\System\eIxfOew.exe
  C:\Windows\System\eIxfOew.exe
  2⤵
  PID:3780
- C:\Windows\System\BVeiDZr.exe
  C:\Windows\System\BVeiDZr.exe
  2⤵
  PID:3804
- C:\Windows\System\ZktvahH.exe
  C:\Windows\System\ZktvahH.exe
  2⤵
  PID:3824
- C:\Windows\System\sdcIaKo.exe
  C:\Windows\System\sdcIaKo.exe
  2⤵
  PID:3840
- C:\Windows\System\mOisbZY.exe
  C:\Windows\System\mOisbZY.exe
  2⤵
  PID:3864
- C:\Windows\System\MOgnkYg.exe
  C:\Windows\System\MOgnkYg.exe
  2⤵
  PID:3884
- C:\Windows\System\OJhsgHn.exe
  C:\Windows\System\OJhsgHn.exe
  2⤵
  PID:3904
- C:\Windows\System\LayEfsp.exe
  C:\Windows\System\LayEfsp.exe
  2⤵
  PID:3920
- C:\Windows\System\DWYsffU.exe
  C:\Windows\System\DWYsffU.exe
  2⤵
  PID:3940
- C:\Windows\System\iseJWSK.exe
  C:\Windows\System\iseJWSK.exe
  2⤵
  PID:3960
- C:\Windows\System\KgUJweA.exe
  C:\Windows\System\KgUJweA.exe
  2⤵
  PID:3980
- C:\Windows\System\BxhwAwo.exe
  C:\Windows\System\BxhwAwo.exe
  2⤵
  PID:4000
- C:\Windows\System\ysprbRi.exe
  C:\Windows\System\ysprbRi.exe
  2⤵
  PID:4016
- C:\Windows\System\yKnahdb.exe
  C:\Windows\System\yKnahdb.exe
  2⤵
  PID:4032
- C:\Windows\System\xQxtwdA.exe
  C:\Windows\System\xQxtwdA.exe
  2⤵
  PID:4056
- C:\Windows\System\LaBCcao.exe
  C:\Windows\System\LaBCcao.exe
  2⤵
  PID:4076
- C:\Windows\System\krecWfp.exe
  C:\Windows\System\krecWfp.exe
  2⤵
  PID:4092
- C:\Windows\System\cXHwIZK.exe
  C:\Windows\System\cXHwIZK.exe
  2⤵
  PID:664
- C:\Windows\System\QXoPaxF.exe
  C:\Windows\System\QXoPaxF.exe
  2⤵
  PID:2116
- C:\Windows\System\DxNUIWv.exe
  C:\Windows\System\DxNUIWv.exe
  2⤵
  PID:1276
- C:\Windows\System\UVKZRuN.exe
  C:\Windows\System\UVKZRuN.exe
  2⤵
  PID:2696
- C:\Windows\System\fvkyeqH.exe
  C:\Windows\System\fvkyeqH.exe
  2⤵
  PID:900
- C:\Windows\System\skabwiv.exe
  C:\Windows\System\skabwiv.exe
  2⤵
  PID:2740
- C:\Windows\System\RElUzYJ.exe
  C:\Windows\System\RElUzYJ.exe
  2⤵
  PID:3092
- C:\Windows\System\oaGCRBC.exe
  C:\Windows\System\oaGCRBC.exe
  2⤵
  PID:1752
- C:\Windows\System\hZdnPpi.exe
  C:\Windows\System\hZdnPpi.exe
  2⤵
  PID:3080
- C:\Windows\System\UiGTHoP.exe
  C:\Windows\System\UiGTHoP.exe
  2⤵
  PID:3128
- C:\Windows\System\amjzAvf.exe
  C:\Windows\System\amjzAvf.exe
  2⤵
  PID:3180
- C:\Windows\System\muRyDMu.exe
  C:\Windows\System\muRyDMu.exe
  2⤵
  PID:3252
- C:\Windows\System\OuKfiHe.exe
  C:\Windows\System\OuKfiHe.exe
  2⤵
  PID:3288
- C:\Windows\System\GlilUbE.exe
  C:\Windows\System\GlilUbE.exe
  2⤵
  PID:3368
- C:\Windows\System\JwjFbDf.exe
  C:\Windows\System\JwjFbDf.exe
  2⤵
  PID:3276
- C:\Windows\System\SrhfXjR.exe
  C:\Windows\System\SrhfXjR.exe
  2⤵
  PID:3316
- C:\Windows\System\kRNiyUc.exe
  C:\Windows\System\kRNiyUc.exe
  2⤵
  PID:3352
- C:\Windows\System\teLFCtP.exe
  C:\Windows\System\teLFCtP.exe
  2⤵
  PID:3448
- C:\Windows\System\uDeRIao.exe
  C:\Windows\System\uDeRIao.exe
  2⤵
  PID:3488
- C:\Windows\System\UPlLQKg.exe
  C:\Windows\System\UPlLQKg.exe
  2⤵
  PID:3524
- C:\Windows\System\ZkvvZsO.exe
  C:\Windows\System\ZkvvZsO.exe
  2⤵
  PID:3476
- C:\Windows\System\PRmACCs.exe
  C:\Windows\System\PRmACCs.exe
  2⤵
  PID:3572
- C:\Windows\System\PxPSXiw.exe
  C:\Windows\System\PxPSXiw.exe
  2⤵
  PID:3576
- C:\Windows\System\uhYtQMt.exe
  C:\Windows\System\uhYtQMt.exe
  2⤵
  PID:3648
- C:\Windows\System\IEyRFRv.exe
  C:\Windows\System\IEyRFRv.exe
  2⤵
  PID:3632
- C:\Windows\System\cViLWTd.exe
  C:\Windows\System\cViLWTd.exe
  2⤵
  PID:3692
- C:\Windows\System\hJiIvec.exe
  C:\Windows\System\hJiIvec.exe
  2⤵
  PID:3736
- C:\Windows\System\FjfSFiL.exe
  C:\Windows\System\FjfSFiL.exe
  2⤵
  PID:3768
- C:\Windows\System\EcsFxjv.exe
  C:\Windows\System\EcsFxjv.exe
  2⤵
  PID:3720
- C:\Windows\System\lTHjjAj.exe
  C:\Windows\System\lTHjjAj.exe
  2⤵
  PID:3860
- C:\Windows\System\ZTUOWIW.exe
  C:\Windows\System\ZTUOWIW.exe
  2⤵
  PID:3932
- C:\Windows\System\VoMBvTk.exe
  C:\Windows\System\VoMBvTk.exe
  2⤵
  PID:4012
- C:\Windows\System\rsadrRy.exe
  C:\Windows\System\rsadrRy.exe
  2⤵
  PID:4052
- C:\Windows\System\FAxOPJG.exe
  C:\Windows\System\FAxOPJG.exe
  2⤵
  PID:3836
- C:\Windows\System\vctySXB.exe
  C:\Windows\System\vctySXB.exe
  2⤵
  PID:4088
- C:\Windows\System\qGevAcW.exe
  C:\Windows\System\qGevAcW.exe
  2⤵
  PID:3948
- C:\Windows\System\UHCtdEf.exe
  C:\Windows\System\UHCtdEf.exe
  2⤵
  PID:3992
- C:\Windows\System\kdmAukz.exe
  C:\Windows\System\kdmAukz.exe
  2⤵
  PID:988
- C:\Windows\System\UVLGLME.exe
  C:\Windows\System\UVLGLME.exe
  2⤵
  PID:4068
- C:\Windows\System\jccnNSU.exe
  C:\Windows\System\jccnNSU.exe
  2⤵
  PID:3140
- C:\Windows\System\hMDBmcO.exe
  C:\Windows\System\hMDBmcO.exe
  2⤵
  PID:3120
- C:\Windows\System\SjCkqaK.exe
  C:\Windows\System\SjCkqaK.exe
  2⤵
  PID:3212
- C:\Windows\System\rTZjRyv.exe
  C:\Windows\System\rTZjRyv.exe
  2⤵
  PID:3228
- C:\Windows\System\QSngWeR.exe
  C:\Windows\System\QSngWeR.exe
  2⤵
  PID:2364
- C:\Windows\System\GRDxZjm.exe
  C:\Windows\System\GRDxZjm.exe
  2⤵
  PID:3412
- C:\Windows\System\uFFIhHj.exe
  C:\Windows\System\uFFIhHj.exe
  2⤵
  PID:3508
- C:\Windows\System\OafoeiS.exe
  C:\Windows\System\OafoeiS.exe
  2⤵
  PID:1204
- C:\Windows\System\eXynAuD.exe
  C:\Windows\System\eXynAuD.exe
  2⤵
  PID:3608
- C:\Windows\System\OHrMNti.exe
  C:\Windows\System\OHrMNti.exe
  2⤵
  PID:3664
- C:\Windows\System\dZVULHd.exe
  C:\Windows\System\dZVULHd.exe
  2⤵
  PID:3264
- C:\Windows\System\vTqIuUS.exe
  C:\Windows\System\vTqIuUS.exe
  2⤵
  PID:3392
- C:\Windows\System\HykwheD.exe
  C:\Windows\System\HykwheD.exe
  2⤵
  PID:3820
- C:\Windows\System\WdLMFXO.exe
  C:\Windows\System\WdLMFXO.exe
  2⤵
  PID:3432
- C:\Windows\System\yqsRrUN.exe
  C:\Windows\System\yqsRrUN.exe
  2⤵
  PID:3740
- C:\Windows\System\ylPtAiw.exe
  C:\Windows\System\ylPtAiw.exe
  2⤵
  PID:3552
- C:\Windows\System\kdJHkPq.exe
  C:\Windows\System\kdJHkPq.exe
  2⤵
  PID:3976
- C:\Windows\System\yNKYDVI.exe
  C:\Windows\System\yNKYDVI.exe
  2⤵
  PID:3832
- C:\Windows\System\AWXaxsz.exe
  C:\Windows\System\AWXaxsz.exe
  2⤵
  PID:3752
- C:\Windows\System\JYGSvnZ.exe
  C:\Windows\System\JYGSvnZ.exe
  2⤵
  PID:2344
- C:\Windows\System\WVOIQqn.exe
  C:\Windows\System\WVOIQqn.exe
  2⤵
  PID:3996
- C:\Windows\System\eHcNOnu.exe
  C:\Windows\System\eHcNOnu.exe
  2⤵
  PID:3096
- C:\Windows\System\CfDOdAp.exe
  C:\Windows\System\CfDOdAp.exe
  2⤵
  PID:3956
- C:\Windows\System\zSPMohr.exe
  C:\Windows\System\zSPMohr.exe
  2⤵
  PID:2796
- C:\Windows\System\KtlUVKt.exe
  C:\Windows\System\KtlUVKt.exe
  2⤵
  PID:772
- C:\Windows\System\DRhulTp.exe
  C:\Windows\System\DRhulTp.exe
  2⤵
  PID:2464
- C:\Windows\System\zZHXAwE.exe
  C:\Windows\System\zZHXAwE.exe
  2⤵
  PID:3444
- C:\Windows\System\ECqfmoy.exe
  C:\Windows\System\ECqfmoy.exe
  2⤵
  PID:3184
- C:\Windows\System\nlVdnew.exe
  C:\Windows\System\nlVdnew.exe
  2⤵
  PID:4100
- C:\Windows\System\MYKsZbI.exe
  C:\Windows\System\MYKsZbI.exe
  2⤵
  PID:4124
- C:\Windows\System\ZSilaJG.exe
  C:\Windows\System\ZSilaJG.exe
  2⤵
  PID:4144
- C:\Windows\System\EZuTwcb.exe
  C:\Windows\System\EZuTwcb.exe
  2⤵
  PID:4164
- C:\Windows\System\tDWwDvi.exe
  C:\Windows\System\tDWwDvi.exe
  2⤵
  PID:4184
- C:\Windows\System\sltBmqT.exe
  C:\Windows\System\sltBmqT.exe
  2⤵
  PID:4204
- C:\Windows\System\UbTDUKL.exe
  C:\Windows\System\UbTDUKL.exe
  2⤵
  PID:4228
- C:\Windows\System\uRZQlaS.exe
  C:\Windows\System\uRZQlaS.exe
  2⤵
  PID:4248
- C:\Windows\System\JwYmiKA.exe
  C:\Windows\System\JwYmiKA.exe
  2⤵
  PID:4264
- C:\Windows\System\TPaODWK.exe
  C:\Windows\System\TPaODWK.exe
  2⤵
  PID:4280
- C:\Windows\System\uZPRzDc.exe
  C:\Windows\System\uZPRzDc.exe
  2⤵
  PID:4296
- C:\Windows\System\yvOOqOT.exe
  C:\Windows\System\yvOOqOT.exe
  2⤵
  PID:4312
- C:\Windows\System\jVFKgKE.exe
  C:\Windows\System\jVFKgKE.exe
  2⤵
  PID:4332
- C:\Windows\System\SKGPdVs.exe
  C:\Windows\System\SKGPdVs.exe
  2⤵
  PID:4360
- C:\Windows\System\xCrjHTF.exe
  C:\Windows\System\xCrjHTF.exe
  2⤵
  PID:4384
- C:\Windows\System\tRNgJdw.exe
  C:\Windows\System\tRNgJdw.exe
  2⤵
  PID:4404
- C:\Windows\System\bYYboYt.exe
  C:\Windows\System\bYYboYt.exe
  2⤵
  PID:4444
- C:\Windows\System\bQIXcxy.exe
  C:\Windows\System\bQIXcxy.exe
  2⤵
  PID:4460
- C:\Windows\System\nyRsVBA.exe
  C:\Windows\System\nyRsVBA.exe
  2⤵
  PID:4484
- C:\Windows\System\wGvoQkD.exe
  C:\Windows\System\wGvoQkD.exe
  2⤵
  PID:4500
- C:\Windows\System\HflHVoh.exe
  C:\Windows\System\HflHVoh.exe
  2⤵
  PID:4520
- C:\Windows\System\JKEXZnQ.exe
  C:\Windows\System\JKEXZnQ.exe
  2⤵
  PID:4540
- C:\Windows\System\fTvUVHb.exe
  C:\Windows\System\fTvUVHb.exe
  2⤵
  PID:4564
- C:\Windows\System\jlKCRLo.exe
  C:\Windows\System\jlKCRLo.exe
  2⤵
  PID:4580
- C:\Windows\System\FvHkzng.exe
  C:\Windows\System\FvHkzng.exe
  2⤵
  PID:4600
- C:\Windows\System\ivoZVBv.exe
  C:\Windows\System\ivoZVBv.exe
  2⤵
  PID:4620
- C:\Windows\System\wYfJXOP.exe
  C:\Windows\System\wYfJXOP.exe
  2⤵
  PID:4640
- C:\Windows\System\yDDHUxA.exe
  C:\Windows\System\yDDHUxA.exe
  2⤵
  PID:4660
- C:\Windows\System\pAiCsMP.exe
  C:\Windows\System\pAiCsMP.exe
  2⤵
  PID:4684
- C:\Windows\System\SuImWsy.exe
  C:\Windows\System\SuImWsy.exe
  2⤵
  PID:4700
- C:\Windows\System\rZXPFIO.exe
  C:\Windows\System\rZXPFIO.exe
  2⤵
  PID:4716
- C:\Windows\System\ZRjbJde.exe
  C:\Windows\System\ZRjbJde.exe
  2⤵
  PID:4740
- C:\Windows\System\HPTeQeL.exe
  C:\Windows\System\HPTeQeL.exe
  2⤵
  PID:4764
- C:\Windows\System\yACKOzm.exe
  C:\Windows\System\yACKOzm.exe
  2⤵
  PID:4784
- C:\Windows\System\RHDIpMD.exe
  C:\Windows\System\RHDIpMD.exe
  2⤵
  PID:4800
- C:\Windows\System\OhzacBb.exe
  C:\Windows\System\OhzacBb.exe
  2⤵
  PID:4824
- C:\Windows\System\zhwQcJW.exe
  C:\Windows\System\zhwQcJW.exe
  2⤵
  PID:4844
- C:\Windows\System\SmCrcnx.exe
  C:\Windows\System\SmCrcnx.exe
  2⤵
  PID:4864
- C:\Windows\System\vhQfdiQ.exe
  C:\Windows\System\vhQfdiQ.exe
  2⤵
  PID:4880
- C:\Windows\System\GbewBUm.exe
  C:\Windows\System\GbewBUm.exe
  2⤵
  PID:4904
- C:\Windows\System\iGllsgM.exe
  C:\Windows\System\iGllsgM.exe
  2⤵
  PID:4924
- C:\Windows\System\eVzVmJD.exe
  C:\Windows\System\eVzVmJD.exe
  2⤵
  PID:4944
- C:\Windows\System\tLhBTem.exe
  C:\Windows\System\tLhBTem.exe
  2⤵
  PID:4964
- C:\Windows\System\AJkLAbN.exe
  C:\Windows\System\AJkLAbN.exe
  2⤵
  PID:4984
- C:\Windows\System\pfIWgQd.exe
  C:\Windows\System\pfIWgQd.exe
  2⤵
  PID:5004
- C:\Windows\System\gAYrxwX.exe
  C:\Windows\System\gAYrxwX.exe
  2⤵
  PID:5024
- C:\Windows\System\vIVnVxD.exe
  C:\Windows\System\vIVnVxD.exe
  2⤵
  PID:5040
- C:\Windows\System\CRNxNQX.exe
  C:\Windows\System\CRNxNQX.exe
  2⤵
  PID:5060
- C:\Windows\System\btBXTaj.exe
  C:\Windows\System\btBXTaj.exe
  2⤵
  PID:5084
- C:\Windows\System\JudgmGN.exe
  C:\Windows\System\JudgmGN.exe
  2⤵
  PID:5104
- C:\Windows\System\iEYMAUf.exe
  C:\Windows\System\iEYMAUf.exe
  2⤵
  PID:3708
- C:\Windows\System\XZXgaTo.exe
  C:\Windows\System\XZXgaTo.exe
  2⤵
  PID:3732
- C:\Windows\System\NzTvnvY.exe
  C:\Windows\System\NzTvnvY.exe
  2⤵
  PID:2656
- C:\Windows\System\RUDLGns.exe
  C:\Windows\System\RUDLGns.exe
  2⤵
  PID:2160
- C:\Windows\System\NxBpKjg.exe
  C:\Windows\System\NxBpKjg.exe
  2⤵
  PID:1564
- C:\Windows\System\teJNoXp.exe
  C:\Windows\System\teJNoXp.exe
  2⤵
  PID:3416
- C:\Windows\System\dYNbqfZ.exe
  C:\Windows\System\dYNbqfZ.exe
  2⤵
  PID:3224
- C:\Windows\System\jyxOaEP.exe
  C:\Windows\System\jyxOaEP.exe
  2⤵
  PID:3348
- C:\Windows\System\DuJTwJZ.exe
  C:\Windows\System\DuJTwJZ.exe
  2⤵
  PID:3528
- C:\Windows\System\xHEEIYI.exe
  C:\Windows\System\xHEEIYI.exe
  2⤵
  PID:4172
- C:\Windows\System\nuGZlmc.exe
  C:\Windows\System\nuGZlmc.exe
  2⤵
  PID:4212
- C:\Windows\System\CDzdpeu.exe
  C:\Windows\System\CDzdpeu.exe
  2⤵
  PID:3916
- C:\Windows\System\cwhejnM.exe
  C:\Windows\System\cwhejnM.exe
  2⤵
  PID:1992
- C:\Windows\System\mPwyyHZ.exe
  C:\Windows\System\mPwyyHZ.exe
  2⤵
  PID:4260
- C:\Windows\System\NGcedSk.exe
  C:\Windows\System\NGcedSk.exe
  2⤵
  PID:4120
- C:\Windows\System\HGUoQgR.exe
  C:\Windows\System\HGUoQgR.exe
  2⤵
  PID:4368
- C:\Windows\System\KMvPWes.exe
  C:\Windows\System\KMvPWes.exe
  2⤵
  PID:4156
- C:\Windows\System\ZMvkodf.exe
  C:\Windows\System\ZMvkodf.exe
  2⤵
  PID:4244
- C:\Windows\System\FkrGwzR.exe
  C:\Windows\System\FkrGwzR.exe
  2⤵
  PID:4340
- C:\Windows\System\IBqnMvq.exe
  C:\Windows\System\IBqnMvq.exe
  2⤵
  PID:4412
- C:\Windows\System\zWvZlpw.exe
  C:\Windows\System\zWvZlpw.exe
  2⤵
  PID:4272
- C:\Windows\System\CrgBtPR.exe
  C:\Windows\System\CrgBtPR.exe
  2⤵
  PID:4432
- C:\Windows\System\OHKFsDH.exe
  C:\Windows\System\OHKFsDH.exe
  2⤵
  PID:4472
- C:\Windows\System\fCRfxYE.exe
  C:\Windows\System\fCRfxYE.exe
  2⤵
  PID:4516
- C:\Windows\System\zDuSkJb.exe
  C:\Windows\System\zDuSkJb.exe
  2⤵
  PID:4556
- C:\Windows\System\NQVxqwo.exe
  C:\Windows\System\NQVxqwo.exe
  2⤵
  PID:4496
- C:\Windows\System\EStDrfC.exe
  C:\Windows\System\EStDrfC.exe
  2⤵
  PID:4632
- C:\Windows\System\QPUgSgz.exe
  C:\Windows\System\QPUgSgz.exe
  2⤵
  PID:4680
- C:\Windows\System\KviYAxk.exe
  C:\Windows\System\KviYAxk.exe
  2⤵
  PID:4708
- C:\Windows\System\oyBPcxy.exe
  C:\Windows\System\oyBPcxy.exe
  2⤵
  PID:4752
- C:\Windows\System\YDeNYCv.exe
  C:\Windows\System\YDeNYCv.exe
  2⤵
  PID:4696
- C:\Windows\System\rWruLOg.exe
  C:\Windows\System\rWruLOg.exe
  2⤵
  PID:4724
- C:\Windows\System\Prpsvln.exe
  C:\Windows\System\Prpsvln.exe
  2⤵
  PID:4872
- C:\Windows\System\khKduFg.exe
  C:\Windows\System\khKduFg.exe
  2⤵
  PID:4776
- C:\Windows\System\FIPBVdY.exe
  C:\Windows\System\FIPBVdY.exe
  2⤵
  PID:4808
- C:\Windows\System\DkkrLzo.exe
  C:\Windows\System\DkkrLzo.exe
  2⤵
  PID:4852
- C:\Windows\System\xfqCkzq.exe
  C:\Windows\System\xfqCkzq.exe
  2⤵
  PID:4892
- C:\Windows\System\idPRsKL.exe
  C:\Windows\System\idPRsKL.exe
  2⤵
  PID:4932
- C:\Windows\System\yJNFZXy.exe
  C:\Windows\System\yJNFZXy.exe
  2⤵
  PID:4996
- C:\Windows\System\PtAQpqM.exe
  C:\Windows\System\PtAQpqM.exe
  2⤵
  PID:4980
- C:\Windows\System\jJAStGT.exe
  C:\Windows\System\jJAStGT.exe
  2⤵
  PID:5012
- C:\Windows\System\YNxaaNv.exe
  C:\Windows\System\YNxaaNv.exe
  2⤵
  PID:5092
- C:\Windows\System\wjBvkrO.exe
  C:\Windows\System\wjBvkrO.exe
  2⤵
  PID:3504
- C:\Windows\System\FkPretx.exe
  C:\Windows\System\FkPretx.exe
  2⤵
  PID:3596
- C:\Windows\System\TadkkeO.exe
  C:\Windows\System\TadkkeO.exe
  2⤵
  PID:3244
- C:\Windows\System\LFechZb.exe
  C:\Windows\System\LFechZb.exe
  2⤵
  PID:3612
- C:\Windows\System\lCfLofa.exe
  C:\Windows\System\lCfLofa.exe
  2⤵
  PID:4136
- C:\Windows\System\GHiCnGO.exe
  C:\Windows\System\GHiCnGO.exe
  2⤵
  PID:3232
- C:\Windows\System\rtUtiRj.exe
  C:\Windows\System\rtUtiRj.exe
  2⤵
  PID:2168
- C:\Windows\System\aqnBhFH.exe
  C:\Windows\System\aqnBhFH.exe
  2⤵
  PID:4116
- C:\Windows\System\XiOUaaT.exe
  C:\Windows\System\XiOUaaT.exe
  2⤵
  PID:3928
- C:\Windows\System\MfeGhvE.exe
  C:\Windows\System\MfeGhvE.exe
  2⤵
  PID:4152
- C:\Windows\System\rkitQWw.exe
  C:\Windows\System\rkitQWw.exe
  2⤵
  PID:3400
- C:\Windows\System\kHjLTXk.exe
  C:\Windows\System\kHjLTXk.exe
  2⤵
  PID:4400
- C:\Windows\System\OsTVLBf.exe
  C:\Windows\System\OsTVLBf.exe
  2⤵
  PID:4328
- C:\Windows\System\NvqrzvS.exe
  C:\Windows\System\NvqrzvS.exe
  2⤵
  PID:4192
- C:\Windows\System\cvnqjXB.exe
  C:\Windows\System\cvnqjXB.exe
  2⤵
  PID:4352
- C:\Windows\System\JvwNifU.exe
  C:\Windows\System\JvwNifU.exe
  2⤵
  PID:4792
- C:\Windows\System\FGnLijX.exe
  C:\Windows\System\FGnLijX.exe
  2⤵
  PID:4836
- C:\Windows\System\qpGeTXU.exe
  C:\Windows\System\qpGeTXU.exe
  2⤵
  PID:4508
- C:\Windows\System\UgDVmqz.exe
  C:\Windows\System\UgDVmqz.exe
  2⤵
  PID:4860
- C:\Windows\System\ZaiiNJH.exe
  C:\Windows\System\ZaiiNJH.exe
  2⤵
  PID:4888
- C:\Windows\System\ZQYBlpM.exe
  C:\Windows\System\ZQYBlpM.exe
  2⤵
  PID:5000
- C:\Windows\System\qoDCjlu.exe
  C:\Windows\System\qoDCjlu.exe
  2⤵
  PID:2388
- C:\Windows\System\LZxWbEg.exe
  C:\Windows\System\LZxWbEg.exe
  2⤵
  PID:4648
- C:\Windows\System\VrpvIYG.exe
  C:\Windows\System\VrpvIYG.exe
  2⤵
  PID:4956
- C:\Windows\System\eciEQmo.exe
  C:\Windows\System\eciEQmo.exe
  2⤵
  PID:4972
- C:\Windows\System\RIWrzOM.exe
  C:\Windows\System\RIWrzOM.exe
  2⤵
  PID:5072
- C:\Windows\System\MCWDrNG.exe
  C:\Windows\System\MCWDrNG.exe
  2⤵
  PID:5100
- C:\Windows\System\JbdMvZD.exe
  C:\Windows\System\JbdMvZD.exe
  2⤵
  PID:5080
- C:\Windows\System\JQwlwvo.exe
  C:\Windows\System\JQwlwvo.exe
  2⤵
  PID:3044
- C:\Windows\System\GaUmztE.exe
  C:\Windows\System\GaUmztE.exe
  2⤵
  PID:4216
- C:\Windows\System\EIleNEw.exe
  C:\Windows\System\EIleNEw.exe
  2⤵
  PID:2880
- C:\Windows\System\RiQGIuZ.exe
  C:\Windows\System\RiQGIuZ.exe
  2⤵
  PID:4348
- C:\Windows\System\VTTzorG.exe
  C:\Windows\System\VTTzorG.exe
  2⤵
  PID:3972
- C:\Windows\System\NZXxPsi.exe
  C:\Windows\System\NZXxPsi.exe
  2⤵
  PID:4308
- C:\Windows\System\DJyARld.exe
  C:\Windows\System\DJyARld.exe
  2⤵
  PID:3468
- C:\Windows\System\Mnsxssb.exe
  C:\Windows\System\Mnsxssb.exe
  2⤵
  PID:4552
- C:\Windows\System\QWuXzqR.exe
  C:\Windows\System\QWuXzqR.exe
  2⤵
  PID:4656
- C:\Windows\System\EueEHtg.exe
  C:\Windows\System\EueEHtg.exe
  2⤵
  PID:4612
- C:\Windows\System\jOyWRQQ.exe
  C:\Windows\System\jOyWRQQ.exe
  2⤵
  PID:4436
- C:\Windows\System\lYiEdlf.exe
  C:\Windows\System\lYiEdlf.exe
  2⤵
  PID:4676
- C:\Windows\System\lEhhfFn.exe
  C:\Windows\System\lEhhfFn.exe
  2⤵
  PID:3892
- C:\Windows\System\XFFCUuh.exe
  C:\Windows\System\XFFCUuh.exe
  2⤵
  PID:4912
- C:\Windows\System\vmSimiO.exe
  C:\Windows\System\vmSimiO.exe
  2⤵
  PID:4024
- C:\Windows\System\DckwehP.exe
  C:\Windows\System\DckwehP.exe
  2⤵
  PID:4256
- C:\Windows\System\BDwTPZH.exe
  C:\Windows\System\BDwTPZH.exe
  2⤵
  PID:4732
- C:\Windows\System\xjEWeiX.exe
  C:\Windows\System\xjEWeiX.exe
  2⤵
  PID:4832
- C:\Windows\System\omqIoww.exe
  C:\Windows\System\omqIoww.exe
  2⤵
  PID:3936
- C:\Windows\System\LGWqefe.exe
  C:\Windows\System\LGWqefe.exe
  2⤵
  PID:5132
- C:\Windows\System\yGDHEBb.exe
  C:\Windows\System\yGDHEBb.exe
  2⤵
  PID:5152
- C:\Windows\System\GcjSNFR.exe
  C:\Windows\System\GcjSNFR.exe
  2⤵
  PID:5172
- C:\Windows\System\xzYTOOV.exe
  C:\Windows\System\xzYTOOV.exe
  2⤵
  PID:5192
- C:\Windows\System\PARbaYg.exe
  C:\Windows\System\PARbaYg.exe
  2⤵
  PID:5212
- C:\Windows\System\HIYzwTP.exe
  C:\Windows\System\HIYzwTP.exe
  2⤵
  PID:5228
- C:\Windows\System\WFuQaTz.exe
  C:\Windows\System\WFuQaTz.exe
  2⤵
  PID:5248
- C:\Windows\System\kUmWfym.exe
  C:\Windows\System\kUmWfym.exe
  2⤵
  PID:5264
- C:\Windows\System\KGMxgWq.exe
  C:\Windows\System\KGMxgWq.exe
  2⤵
  PID:5288
- C:\Windows\System\aSrccgS.exe
  C:\Windows\System\aSrccgS.exe
  2⤵
  PID:5304
- C:\Windows\System\BJlHnpc.exe
  C:\Windows\System\BJlHnpc.exe
  2⤵
  PID:5340
- C:\Windows\System\hRdcXfT.exe
  C:\Windows\System\hRdcXfT.exe
  2⤵
  PID:5360
- C:\Windows\System\kQZlOLe.exe
  C:\Windows\System\kQZlOLe.exe
  2⤵
  PID:5380
- C:\Windows\System\pwgQqDR.exe
  C:\Windows\System\pwgQqDR.exe
  2⤵
  PID:5396
- C:\Windows\System\RsPtuXG.exe
  C:\Windows\System\RsPtuXG.exe
  2⤵
  PID:5416
- C:\Windows\System\eRztwQN.exe
  C:\Windows\System\eRztwQN.exe
  2⤵
  PID:5436
- C:\Windows\System\BNfcohP.exe
  C:\Windows\System\BNfcohP.exe
  2⤵
  PID:5456
- C:\Windows\System\MRsFVnM.exe
  C:\Windows\System\MRsFVnM.exe
  2⤵
  PID:5476
- C:\Windows\System\gxHlhPH.exe
  C:\Windows\System\gxHlhPH.exe
  2⤵
  PID:5492
- C:\Windows\System\hqinygg.exe
  C:\Windows\System\hqinygg.exe
  2⤵
  PID:5512
- C:\Windows\System\FVyiQLa.exe
  C:\Windows\System\FVyiQLa.exe
  2⤵
  PID:5532
- C:\Windows\System\BSXfcFS.exe
  C:\Windows\System\BSXfcFS.exe
  2⤵
  PID:5548
- C:\Windows\System\wwshAkD.exe
  C:\Windows\System\wwshAkD.exe
  2⤵
  PID:5568
- C:\Windows\System\IzPWKQR.exe
  C:\Windows\System\IzPWKQR.exe
  2⤵
  PID:5584
- C:\Windows\System\xpjSWNw.exe
  C:\Windows\System\xpjSWNw.exe
  2⤵
  PID:5604
- C:\Windows\System\XqJNiUf.exe
  C:\Windows\System\XqJNiUf.exe
  2⤵
  PID:5620
- C:\Windows\System\mtnFwZX.exe
  C:\Windows\System\mtnFwZX.exe
  2⤵
  PID:5640
- C:\Windows\System\oByVjOo.exe
  C:\Windows\System\oByVjOo.exe
  2⤵
  PID:5656
- C:\Windows\System\SiCJIgl.exe
  C:\Windows\System\SiCJIgl.exe
  2⤵
  PID:5672
- C:\Windows\System\kUUYGSc.exe
  C:\Windows\System\kUUYGSc.exe
  2⤵
  PID:5696
- C:\Windows\System\izjUtRp.exe
  C:\Windows\System\izjUtRp.exe
  2⤵
  PID:5712
- C:\Windows\System\rPlHGdO.exe
  C:\Windows\System\rPlHGdO.exe
  2⤵
  PID:5740
- C:\Windows\System\bKzaYnN.exe
  C:\Windows\System\bKzaYnN.exe
  2⤵
  PID:5756
- C:\Windows\System\EcnUekz.exe
  C:\Windows\System\EcnUekz.exe
  2⤵
  PID:5772
- C:\Windows\System\QtumIRU.exe
  C:\Windows\System\QtumIRU.exe
  2⤵
  PID:5796
- C:\Windows\System\mytyMrV.exe
  C:\Windows\System\mytyMrV.exe
  2⤵
  PID:5824
- C:\Windows\System\wTPoTAK.exe
  C:\Windows\System\wTPoTAK.exe
  2⤵
  PID:5844
- C:\Windows\System\diPGPMu.exe
  C:\Windows\System\diPGPMu.exe
  2⤵
  PID:5860
- C:\Windows\System\akPzBLr.exe
  C:\Windows\System\akPzBLr.exe
  2⤵
  PID:5888
- C:\Windows\System\TVHScDA.exe
  C:\Windows\System\TVHScDA.exe
  2⤵
  PID:5916
- C:\Windows\System\KSzvClg.exe
  C:\Windows\System\KSzvClg.exe
  2⤵
  PID:5932
- C:\Windows\System\UxyKXRI.exe
  C:\Windows\System\UxyKXRI.exe
  2⤵
  PID:5960
- C:\Windows\System\lXVnvub.exe
  C:\Windows\System\lXVnvub.exe
  2⤵
  PID:5976
- C:\Windows\System\ZAPcsmx.exe
  C:\Windows\System\ZAPcsmx.exe
  2⤵
  PID:6000
- C:\Windows\System\GYNwkQB.exe
  C:\Windows\System\GYNwkQB.exe
  2⤵
  PID:6016
- C:\Windows\System\vWxyBfv.exe
  C:\Windows\System\vWxyBfv.exe
  2⤵
  PID:6036
- C:\Windows\System\UcfNfCD.exe
  C:\Windows\System\UcfNfCD.exe
  2⤵
  PID:6052
- C:\Windows\System\FHKssVi.exe
  C:\Windows\System\FHKssVi.exe
  2⤵
  PID:6068
- C:\Windows\System\nWbEwgc.exe
  C:\Windows\System\nWbEwgc.exe
  2⤵
  PID:6088
- C:\Windows\System\SndFAjz.exe
  C:\Windows\System\SndFAjz.exe
  2⤵
  PID:6112
- C:\Windows\System\sGcVKHK.exe
  C:\Windows\System\sGcVKHK.exe
  2⤵
  PID:6136
- C:\Windows\System\ILnQcLb.exe
  C:\Windows\System\ILnQcLb.exe
  2⤵
  PID:4596
- C:\Windows\System\bXZpIes.exe
  C:\Windows\System\bXZpIes.exe
  2⤵
  PID:4396
- C:\Windows\System\eziKNRr.exe
  C:\Windows\System\eziKNRr.exe
  2⤵
  PID:4920
- C:\Windows\System\PTuBLFX.exe
  C:\Windows\System\PTuBLFX.exe
  2⤵
  PID:4084
- C:\Windows\System\dYRClwA.exe
  C:\Windows\System\dYRClwA.exe
  2⤵
  PID:1880
- C:\Windows\System\eCdCWIB.exe
  C:\Windows\System\eCdCWIB.exe
  2⤵
  PID:5036
- C:\Windows\System\uIANncN.exe
  C:\Windows\System\uIANncN.exe
  2⤵
  PID:5140
- C:\Windows\System\vHcutDW.exe
  C:\Windows\System\vHcutDW.exe
  2⤵
  PID:5188
- C:\Windows\System\GsUhLIe.exe
  C:\Windows\System\GsUhLIe.exe
  2⤵
  PID:5256
- C:\Windows\System\DZBvaZX.exe
  C:\Windows\System\DZBvaZX.exe
  2⤵
  PID:5300
- C:\Windows\System\KKwrmJY.exe
  C:\Windows\System\KKwrmJY.exe
  2⤵
  PID:3644
- C:\Windows\System\BhRoYPb.exe
  C:\Windows\System\BhRoYPb.exe
  2⤵
  PID:5348
- C:\Windows\System\lsgKBpJ.exe
  C:\Windows\System\lsgKBpJ.exe
  2⤵
  PID:5424
- C:\Windows\System\ayjGnUx.exe
  C:\Windows\System\ayjGnUx.exe
  2⤵
  PID:5468
- C:\Windows\System\wLNNntP.exe
  C:\Windows\System\wLNNntP.exe
  2⤵
  PID:5576
- C:\Windows\System\ssDEnfn.exe
  C:\Windows\System\ssDEnfn.exe
  2⤵
  PID:5284
- C:\Windows\System\bvVBUaD.exe
  C:\Windows\System\bvVBUaD.exe
  2⤵
  PID:5200
- C:\Windows\System\eQkDBvJ.exe
  C:\Windows\System\eQkDBvJ.exe
  2⤵
  PID:5648
- C:\Windows\System\EOsKcco.exe
  C:\Windows\System\EOsKcco.exe
  2⤵
  PID:5688
- C:\Windows\System\KCowmrT.exe
  C:\Windows\System\KCowmrT.exe
  2⤵
  PID:5328
- C:\Windows\System\IYRvBuk.exe
  C:\Windows\System\IYRvBuk.exe
  2⤵
  PID:5376
- C:\Windows\System\uIejKax.exe
  C:\Windows\System\uIejKax.exe
  2⤵
  PID:5720
- C:\Windows\System\cjLEcpn.exe
  C:\Windows\System\cjLEcpn.exe
  2⤵
  PID:2580
- C:\Windows\System\iivIqFy.exe
  C:\Windows\System\iivIqFy.exe
  2⤵
  PID:5816
- C:\Windows\System\PEjAaOs.exe
  C:\Windows\System\PEjAaOs.exe
  2⤵
  PID:5600
- C:\Windows\System\LXJRGtT.exe
  C:\Windows\System\LXJRGtT.exe
  2⤵
  PID:5704
- C:\Windows\System\PNxOUHm.exe
  C:\Windows\System\PNxOUHm.exe
  2⤵
  PID:5632
- C:\Windows\System\Sxehfre.exe
  C:\Windows\System\Sxehfre.exe
  2⤵
  PID:5564
- C:\Windows\System\RBiwHHr.exe
  C:\Windows\System\RBiwHHr.exe
  2⤵
  PID:5484
- C:\Windows\System\QijdbRV.exe
  C:\Windows\System\QijdbRV.exe
  2⤵
  PID:5908
- C:\Windows\System\gDZYxCV.exe
  C:\Windows\System\gDZYxCV.exe
  2⤵
  PID:5792
- C:\Windows\System\bucsWfk.exe
  C:\Windows\System\bucsWfk.exe
  2⤵
  PID:5872
- C:\Windows\System\VTWIddT.exe
  C:\Windows\System\VTWIddT.exe
  2⤵
  PID:5784
- C:\Windows\System\URYURyl.exe
  C:\Windows\System\URYURyl.exe
  2⤵
  PID:5988
- C:\Windows\System\QQptcKT.exe
  C:\Windows\System\QQptcKT.exe
  2⤵
  PID:6032
- C:\Windows\System\YSSSqCR.exe
  C:\Windows\System\YSSSqCR.exe
  2⤵
  PID:6104
- C:\Windows\System\dUXEfNu.exe
  C:\Windows\System\dUXEfNu.exe
  2⤵
  PID:4756
- C:\Windows\System\VuZmHMi.exe
  C:\Windows\System\VuZmHMi.exe
  2⤵
  PID:5924
- C:\Windows\System\MSwTLQK.exe
  C:\Windows\System\MSwTLQK.exe
  2⤵
  PID:4772
- C:\Windows\System\sNRlJxE.exe
  C:\Windows\System\sNRlJxE.exe
  2⤵
  PID:5968
- C:\Windows\System\oEWnzhC.exe
  C:\Windows\System\oEWnzhC.exe
  2⤵
  PID:6048
- C:\Windows\System\hZKJfPB.exe
  C:\Windows\System\hZKJfPB.exe
  2⤵
  PID:5220
- C:\Windows\System\QhQupDa.exe
  C:\Windows\System\QhQupDa.exe
  2⤵
  PID:1996
- C:\Windows\System\RUAoreS.exe
  C:\Windows\System\RUAoreS.exe
  2⤵
  PID:5388
- C:\Windows\System\eHtezkv.exe
  C:\Windows\System\eHtezkv.exe
  2⤵
  PID:5544
- C:\Windows\System\snqimzC.exe
  C:\Windows\System\snqimzC.exe
  2⤵
  PID:2856
- C:\Windows\System\EyZisLX.exe
  C:\Windows\System\EyZisLX.exe
  2⤵
  PID:4572
- C:\Windows\System\itGHeEL.exe
  C:\Windows\System\itGHeEL.exe
  2⤵
  PID:5472
- C:\Windows\System\rCKtxDz.exe
  C:\Windows\System\rCKtxDz.exe
  2⤵
  PID:5236
- C:\Windows\System\HoqTQpl.exe
  C:\Windows\System\HoqTQpl.exe
  2⤵
  PID:5372
- C:\Windows\System\zxqJtLt.exe
  C:\Windows\System\zxqJtLt.exe
  2⤵
  PID:5276
- C:\Windows\System\PKzXmlC.exe
  C:\Windows\System\PKzXmlC.exe
  2⤵
  PID:5320
- C:\Windows\System\PZiiHnY.exe
  C:\Windows\System\PZiiHnY.exe
  2⤵
  PID:5728
- C:\Windows\System\WzErEKo.exe
  C:\Windows\System\WzErEKo.exe
  2⤵
  PID:5528
- C:\Windows\System\FuDkZjz.exe
  C:\Windows\System\FuDkZjz.exe
  2⤵
  PID:2576
- C:\Windows\System\pyJEIMN.exe
  C:\Windows\System\pyJEIMN.exe
  2⤵
  PID:2424
- C:\Windows\System\AoWHOXJ.exe
  C:\Windows\System\AoWHOXJ.exe
  2⤵
  PID:5488
- C:\Windows\System\GtfkHJT.exe
  C:\Windows\System\GtfkHJT.exe
  2⤵
  PID:5948
- C:\Windows\System\UielrHF.exe
  C:\Windows\System\UielrHF.exe
  2⤵
  PID:1932
- C:\Windows\System\LXEygeL.exe
  C:\Windows\System\LXEygeL.exe
  2⤵
  PID:5992
- C:\Windows\System\SksspnM.exe
  C:\Windows\System\SksspnM.exe
  2⤵
  PID:5856
- C:\Windows\System\zYBEgRw.exe
  C:\Windows\System\zYBEgRw.exe
  2⤵
  PID:5868
- C:\Windows\System\EDxAXkU.exe
  C:\Windows\System\EDxAXkU.exe
  2⤵
  PID:6096
- C:\Windows\System\TLGWEHN.exe
  C:\Windows\System\TLGWEHN.exe
  2⤵
  PID:2792
- C:\Windows\System\XLifyYz.exe
  C:\Windows\System\XLifyYz.exe
  2⤵
  PID:4960
- C:\Windows\System\xbnCWOV.exe
  C:\Windows\System\xbnCWOV.exe
  2⤵
  PID:5884
- C:\Windows\System\VFyUcvP.exe
  C:\Windows\System\VFyUcvP.exe
  2⤵
  PID:4536
- C:\Windows\System\AGlqaFk.exe
  C:\Windows\System\AGlqaFk.exe
  2⤵
  PID:2932
- C:\Windows\System\SRBSgqb.exe
  C:\Windows\System\SRBSgqb.exe
  2⤵
  PID:2780
- C:\Windows\System\qlLLLwM.exe
  C:\Windows\System\qlLLLwM.exe
  2⤵
  PID:5164
- C:\Windows\System\GIlxClN.exe
  C:\Windows\System\GIlxClN.exe
  2⤵
  PID:5296
- C:\Windows\System\DWhKFen.exe
  C:\Windows\System\DWhKFen.exe
  2⤵
  PID:4476
- C:\Windows\System\SfRDJRS.exe
  C:\Windows\System\SfRDJRS.exe
  2⤵
  PID:5684
- C:\Windows\System\smnSvfn.exe
  C:\Windows\System\smnSvfn.exe
  2⤵
  PID:4532
- C:\Windows\System\NucytCO.exe
  C:\Windows\System\NucytCO.exe
  2⤵
  PID:5612
- C:\Windows\System\fJNRigh.exe
  C:\Windows\System\fJNRigh.exe
  2⤵
  PID:5820
- C:\Windows\System\DGSYFHC.exe
  C:\Windows\System\DGSYFHC.exe
  2⤵
  PID:5412
- C:\Windows\System\swLBfiZ.exe
  C:\Windows\System\swLBfiZ.exe
  2⤵
  PID:5788
- C:\Windows\System\iWRLhGO.exe
  C:\Windows\System\iWRLhGO.exe
  2⤵
  PID:5880
- C:\Windows\System\yAMLiXb.exe
  C:\Windows\System\yAMLiXb.exe
  2⤵
  PID:5840
- C:\Windows\System\nOyGxGp.exe
  C:\Windows\System\nOyGxGp.exe
  2⤵
  PID:5596
- C:\Windows\System\utbAvtB.exe
  C:\Windows\System\utbAvtB.exe
  2⤵
  PID:3848
- C:\Windows\System\zCMRhNZ.exe
  C:\Windows\System\zCMRhNZ.exe
  2⤵
  PID:2336
- C:\Windows\System\FICzxLg.exe
  C:\Windows\System\FICzxLg.exe
  2⤵
  PID:4320
- C:\Windows\System\loVKhvN.exe
  C:\Windows\System\loVKhvN.exe
  2⤵
  PID:2256
- C:\Windows\System\wsGwgzx.exe
  C:\Windows\System\wsGwgzx.exe
  2⤵
  PID:2736
- C:\Windows\System\djtQevP.exe
  C:\Windows\System\djtQevP.exe
  2⤵
  PID:2024
- C:\Windows\System\AWydWZw.exe
  C:\Windows\System\AWydWZw.exe
  2⤵
  PID:1920
- C:\Windows\System\slQyuJD.exe
  C:\Windows\System\slQyuJD.exe
  2⤵
  PID:5692
- C:\Windows\System\RaNaRRI.exe
  C:\Windows\System\RaNaRRI.exe
  2⤵
  PID:5428
- C:\Windows\System\XPpmTak.exe
  C:\Windows\System\XPpmTak.exe
  2⤵
  PID:5804
- C:\Windows\System\QzbgfLW.exe
  C:\Windows\System\QzbgfLW.exe
  2⤵
  PID:5912
- C:\Windows\System\UJLEzsg.exe
  C:\Windows\System\UJLEzsg.exe
  2⤵
  PID:5112
- C:\Windows\System\CdHhVoD.exe
  C:\Windows\System\CdHhVoD.exe
  2⤵
  PID:5956
- C:\Windows\System\UFUPLph.exe
  C:\Windows\System\UFUPLph.exe
  2⤵
  PID:2848
- C:\Windows\System\GDjDJkw.exe
  C:\Windows\System\GDjDJkw.exe
  2⤵
  PID:5972
- C:\Windows\System\HaFRguz.exe
  C:\Windows\System\HaFRguz.exe
  2⤵
  PID:1716
- C:\Windows\System\eQqPxbj.exe
  C:\Windows\System\eQqPxbj.exe
  2⤵
  PID:6128
- C:\Windows\System\xnWiAat.exe
  C:\Windows\System\xnWiAat.exe
  2⤵
  PID:4652
- C:\Windows\System\eaLxvUN.exe
  C:\Windows\System\eaLxvUN.exe
  2⤵
  PID:1572
- C:\Windows\System\DFcTPTv.exe
  C:\Windows\System\DFcTPTv.exe
  2⤵
  PID:6100
- C:\Windows\System\gASYUnJ.exe
  C:\Windows\System\gASYUnJ.exe
  2⤵
  PID:2076
- C:\Windows\System\xRhyTaI.exe
  C:\Windows\System\xRhyTaI.exe
  2⤵
  PID:2628
- C:\Windows\System\iaQBUOM.exe
  C:\Windows\System\iaQBUOM.exe
  2⤵
  PID:6084
- C:\Windows\System\JMxRigh.exe
  C:\Windows\System\JMxRigh.exe
  2⤵
  PID:5244
- C:\Windows\System\rkugPjV.exe
  C:\Windows\System\rkugPjV.exe
  2⤵
  PID:5280
- C:\Windows\System\egXqwjR.exe
  C:\Windows\System\egXqwjR.exe
  2⤵
  PID:5524
- C:\Windows\System\XzkaNHk.exe
  C:\Windows\System\XzkaNHk.exe
  2⤵
  PID:6152
- C:\Windows\System\WPKRhSi.exe
  C:\Windows\System\WPKRhSi.exe
  2⤵
  PID:6176
- C:\Windows\System\udvoNKF.exe
  C:\Windows\System\udvoNKF.exe
  2⤵
  PID:6196
- C:\Windows\System\gYTklne.exe
  C:\Windows\System\gYTklne.exe
  2⤵
  PID:6216
- C:\Windows\System\FkckvdN.exe
  C:\Windows\System\FkckvdN.exe
  2⤵
  PID:6236
- C:\Windows\System\iTJTnbq.exe
  C:\Windows\System\iTJTnbq.exe
  2⤵
  PID:6256
- C:\Windows\System\iwKKDXO.exe
  C:\Windows\System\iwKKDXO.exe
  2⤵
  PID:6276
- C:\Windows\System\LSHSjBV.exe
  C:\Windows\System\LSHSjBV.exe
  2⤵
  PID:6300
- C:\Windows\System\XFpVcLp.exe
  C:\Windows\System\XFpVcLp.exe
  2⤵
  PID:6320
- C:\Windows\System\QdCLQhi.exe
  C:\Windows\System\QdCLQhi.exe
  2⤵
  PID:6340
- C:\Windows\System\LyERKdM.exe
  C:\Windows\System\LyERKdM.exe
  2⤵
  PID:6360
- C:\Windows\System\LnpGUiN.exe
  C:\Windows\System\LnpGUiN.exe
  2⤵
  PID:6380
- C:\Windows\System\NQLyYMm.exe
  C:\Windows\System\NQLyYMm.exe
  2⤵
  PID:6400
- C:\Windows\System\ROYlnsq.exe
  C:\Windows\System\ROYlnsq.exe
  2⤵
  PID:6420
- C:\Windows\System\navVYAz.exe
  C:\Windows\System\navVYAz.exe
  2⤵
  PID:6436
- C:\Windows\System\rXGfiaL.exe
  C:\Windows\System\rXGfiaL.exe
  2⤵
  PID:6460
- C:\Windows\System\BlRClew.exe
  C:\Windows\System\BlRClew.exe
  2⤵
  PID:6480
- C:\Windows\System\rCnswWA.exe
  C:\Windows\System\rCnswWA.exe
  2⤵
  PID:6500
- C:\Windows\System\pwKfNDt.exe
  C:\Windows\System\pwKfNDt.exe
  2⤵
  PID:6520
- C:\Windows\System\mXSYQeA.exe
  C:\Windows\System\mXSYQeA.exe
  2⤵
  PID:6540
- C:\Windows\System\uzhfcyS.exe
  C:\Windows\System\uzhfcyS.exe
  2⤵
  PID:6560
- C:\Windows\System\UYtxBRc.exe
  C:\Windows\System\UYtxBRc.exe
  2⤵
  PID:6580
- C:\Windows\System\beOTWcw.exe
  C:\Windows\System\beOTWcw.exe
  2⤵
  PID:6600
- C:\Windows\System\TBFUGqo.exe
  C:\Windows\System\TBFUGqo.exe
  2⤵
  PID:6620
- C:\Windows\System\LncNCcm.exe
  C:\Windows\System\LncNCcm.exe
  2⤵
  PID:6640
- C:\Windows\System\UhHLdNh.exe
  C:\Windows\System\UhHLdNh.exe
  2⤵
  PID:6660
- C:\Windows\System\UPjfxmU.exe
  C:\Windows\System\UPjfxmU.exe
  2⤵
  PID:6680
- C:\Windows\System\bzqCXgt.exe
  C:\Windows\System\bzqCXgt.exe
  2⤵
  PID:6700
- C:\Windows\System\HAzrbeP.exe
  C:\Windows\System\HAzrbeP.exe
  2⤵
  PID:6720
- C:\Windows\System\NIlgLVg.exe
  C:\Windows\System\NIlgLVg.exe
  2⤵
  PID:6736
- C:\Windows\System\UKDrPKG.exe
  C:\Windows\System\UKDrPKG.exe
  2⤵
  PID:6768
- C:\Windows\System\uPifEOO.exe
  C:\Windows\System\uPifEOO.exe
  2⤵
  PID:6796
- C:\Windows\System\EfNZMZX.exe
  C:\Windows\System\EfNZMZX.exe
  2⤵
  PID:6812
- C:\Windows\System\wjxDrLd.exe
  C:\Windows\System\wjxDrLd.exe
  2⤵
  PID:6828
- C:\Windows\System\oDKqwHC.exe
  C:\Windows\System\oDKqwHC.exe
  2⤵
  PID:6844
- C:\Windows\System\kOiaAJt.exe
  C:\Windows\System\kOiaAJt.exe
  2⤵
  PID:6860
- C:\Windows\System\BvCvEVP.exe
  C:\Windows\System\BvCvEVP.exe
  2⤵
  PID:6876
- C:\Windows\System\wKxBXCt.exe
  C:\Windows\System\wKxBXCt.exe
  2⤵
  PID:6892
- C:\Windows\System\BRrmzEI.exe
  C:\Windows\System\BRrmzEI.exe
  2⤵
  PID:6912
- C:\Windows\System\IAHeRVA.exe
  C:\Windows\System\IAHeRVA.exe
  2⤵
  PID:6932
- C:\Windows\System\iAmFNii.exe
  C:\Windows\System\iAmFNii.exe
  2⤵
  PID:6948
- C:\Windows\System\tYyNslA.exe
  C:\Windows\System\tYyNslA.exe
  2⤵
  PID:6968
- C:\Windows\System\hmGvmOa.exe
  C:\Windows\System\hmGvmOa.exe
  2⤵
  PID:6992
- C:\Windows\System\TEYJvbv.exe
  C:\Windows\System\TEYJvbv.exe
  2⤵
  PID:7060
- C:\Windows\System\HimrFol.exe
  C:\Windows\System\HimrFol.exe
  2⤵
  PID:7076
- C:\Windows\System\ejUwOcL.exe
  C:\Windows\System\ejUwOcL.exe
  2⤵
  PID:7092
- C:\Windows\System\sUrPFXs.exe
  C:\Windows\System\sUrPFXs.exe
  2⤵
  PID:7116
- C:\Windows\System\VrNCtdy.exe
  C:\Windows\System\VrNCtdy.exe
  2⤵
  PID:7132
- C:\Windows\System\dLjxovo.exe
  C:\Windows\System\dLjxovo.exe
  2⤵
  PID:7148
- C:\Windows\System\zYpAxac.exe
  C:\Windows\System\zYpAxac.exe
  2⤵
  PID:7164
- C:\Windows\System\dSqbgzT.exe
  C:\Windows\System\dSqbgzT.exe
  2⤵
  PID:5520
- C:\Windows\System\UbPHDLg.exe
  C:\Windows\System\UbPHDLg.exe
  2⤵
  PID:1940
- C:\Windows\System\GbyjSfQ.exe
  C:\Windows\System\GbyjSfQ.exe
  2⤵
  PID:5184
- C:\Windows\System\Hybkfrw.exe
  C:\Windows\System\Hybkfrw.exe
  2⤵
  PID:1568
- C:\Windows\System\pDqTqCE.exe
  C:\Windows\System\pDqTqCE.exe
  2⤵
  PID:6172
- C:\Windows\System\YILqJWw.exe
  C:\Windows\System\YILqJWw.exe
  2⤵
  PID:6184
- C:\Windows\System\PEnTllF.exe
  C:\Windows\System\PEnTllF.exe
  2⤵
  PID:6188
- C:\Windows\System\MqqyBbn.exe
  C:\Windows\System\MqqyBbn.exe
  2⤵
  PID:6228
- C:\Windows\System\dEvFxay.exe
  C:\Windows\System\dEvFxay.exe
  2⤵
  PID:6332
- C:\Windows\System\VdUtFOZ.exe
  C:\Windows\System\VdUtFOZ.exe
  2⤵
  PID:6368
- C:\Windows\System\EuNSZpE.exe
  C:\Windows\System\EuNSZpE.exe
  2⤵
  PID:6416
- C:\Windows\System\teSlmmx.exe
  C:\Windows\System\teSlmmx.exe
  2⤵
  PID:6448
- C:\Windows\System\KeUhKFg.exe
  C:\Windows\System\KeUhKFg.exe
  2⤵
  PID:6452
- C:\Windows\System\ioFVDbV.exe
  C:\Windows\System\ioFVDbV.exe
  2⤵
  PID:6496
- C:\Windows\System\eToHTbj.exe
  C:\Windows\System\eToHTbj.exe
  2⤵
  PID:1728
- C:\Windows\System\lGskqQJ.exe
  C:\Windows\System\lGskqQJ.exe
  2⤵
  PID:584
- C:\Windows\System\zNoYzJZ.exe
  C:\Windows\System\zNoYzJZ.exe
  2⤵
  PID:2436
- C:\Windows\System\wNavDBM.exe
  C:\Windows\System\wNavDBM.exe
  2⤵
  PID:6516
- C:\Windows\System\DAHyRsa.exe
  C:\Windows\System\DAHyRsa.exe
  2⤵
  PID:6556
- C:\Windows\System\LmwclLX.exe
  C:\Windows\System\LmwclLX.exe
  2⤵
  PID:6588
- C:\Windows\System\ygnOsXT.exe
  C:\Windows\System\ygnOsXT.exe
  2⤵
  PID:6612
- C:\Windows\System\GgTzOLj.exe
  C:\Windows\System\GgTzOLj.exe
  2⤵
  PID:6636
- C:\Windows\System\hyDmBIq.exe
  C:\Windows\System\hyDmBIq.exe
  2⤵
  PID:6692
- C:\Windows\System\NQXQsEk.exe
  C:\Windows\System\NQXQsEk.exe
  2⤵
  PID:6676
- C:\Windows\System\ezEqAVC.exe
  C:\Windows\System\ezEqAVC.exe
  2⤵
  PID:1000
- C:\Windows\System\NDAqGfy.exe
  C:\Windows\System\NDAqGfy.exe
  2⤵
  PID:6744
- C:\Windows\System\BCuQJJP.exe
  C:\Windows\System\BCuQJJP.exe
  2⤵
  PID:6292
- C:\Windows\System\BByqBsp.exe
  C:\Windows\System\BByqBsp.exe
  2⤵
  PID:2452
- C:\Windows\System\gWznbNW.exe
  C:\Windows\System\gWznbNW.exe
  2⤵
  PID:6792
- C:\Windows\System\oKdToAu.exe
  C:\Windows\System\oKdToAu.exe
  2⤵
  PID:6964
- C:\Windows\System\RzRQKdq.exe
  C:\Windows\System\RzRQKdq.exe
  2⤵
  PID:6872
- C:\Windows\System\BzjxCrU.exe
  C:\Windows\System\BzjxCrU.exe
  2⤵
  PID:6976
- C:\Windows\System\RVKsRjz.exe
  C:\Windows\System\RVKsRjz.exe
  2⤵
  PID:6984
- C:\Windows\System\UufQTjO.exe
  C:\Windows\System\UufQTjO.exe
  2⤵
  PID:7036
- C:\Windows\System\WblNvVb.exe
  C:\Windows\System\WblNvVb.exe
  2⤵
  PID:7056
- C:\Windows\System\YEnZwNV.exe
  C:\Windows\System\YEnZwNV.exe
  2⤵
  PID:7084
- C:\Windows\System\qVixMDD.exe
  C:\Windows\System\qVixMDD.exe
  2⤵
  PID:7108
- C:\Windows\System\PDYHhIF.exe
  C:\Windows\System\PDYHhIF.exe
  2⤵
  PID:5832
- C:\Windows\System\EZRKNnt.exe
  C:\Windows\System\EZRKNnt.exe
  2⤵
  PID:7124
- C:\Windows\System\teJRLOT.exe
  C:\Windows\System\teJRLOT.exe
  2⤵
  PID:6212
- C:\Windows\System\jxXmyld.exe
  C:\Windows\System\jxXmyld.exe
  2⤵
  PID:6288
- C:\Windows\System\ceBTagQ.exe
  C:\Windows\System\ceBTagQ.exe
  2⤵
  PID:6316
- C:\Windows\System\QqqUYMm.exe
  C:\Windows\System\QqqUYMm.exe
  2⤵
  PID:6372
- C:\Windows\System\OHczIyu.exe
  C:\Windows\System\OHczIyu.exe
  2⤵
  PID:5204
- C:\Windows\System\RenoZjB.exe
  C:\Windows\System\RenoZjB.exe
  2⤵
  PID:6432
- C:\Windows\System\arMnkFK.exe
  C:\Windows\System\arMnkFK.exe
  2⤵
  PID:2440
- C:\Windows\System\GyUnKOS.exe
  C:\Windows\System\GyUnKOS.exe
  2⤵
  PID:6616
- C:\Windows\System\NIivjZT.exe
  C:\Windows\System\NIivjZT.exe
  2⤵
  PID:2836
- C:\Windows\System\yTUWcEx.exe
  C:\Windows\System\yTUWcEx.exe
  2⤵
  PID:872
- C:\Windows\System\aVkxGeu.exe
  C:\Windows\System\aVkxGeu.exe
  2⤵
  PID:6756
- C:\Windows\System\TuqLooi.exe
  C:\Windows\System\TuqLooi.exe
  2⤵
  PID:6412
- C:\Windows\System\oHcLBqW.exe
  C:\Windows\System\oHcLBqW.exe
  2⤵
  PID:6508
- C:\Windows\System\Fxwwtlr.exe
  C:\Windows\System\Fxwwtlr.exe
  2⤵
  PID:6696
- C:\Windows\System\EXRlelc.exe
  C:\Windows\System\EXRlelc.exe
  2⤵
  PID:6712
- C:\Windows\System\lSJRZVy.exe
  C:\Windows\System\lSJRZVy.exe
  2⤵
  PID:6836
- C:\Windows\System\SHrBwtI.exe
  C:\Windows\System\SHrBwtI.exe
  2⤵
  PID:6856
- C:\Windows\System\rhRdNik.exe
  C:\Windows\System\rhRdNik.exe
  2⤵
  PID:6900
- C:\Windows\System\VnAjVRO.exe
  C:\Windows\System\VnAjVRO.exe
  2⤵
  PID:7028
- C:\Windows\System\pCLSpMw.exe
  C:\Windows\System\pCLSpMw.exe
  2⤵
  PID:7052
- C:\Windows\System\GfLIBGo.exe
  C:\Windows\System\GfLIBGo.exe
  2⤵
  PID:5952
- C:\Windows\System\DWGpnyz.exe
  C:\Windows\System\DWGpnyz.exe
  2⤵
  PID:6248
- C:\Windows\System\FBDvjIm.exe
  C:\Windows\System\FBDvjIm.exe
  2⤵
  PID:6284
- C:\Windows\System\sJjYOyL.exe
  C:\Windows\System\sJjYOyL.exe
  2⤵
  PID:7156
- C:\Windows\System\XXLByOH.exe
  C:\Windows\System\XXLByOH.exe
  2⤵
  PID:6204
- C:\Windows\System\esQTquj.exe
  C:\Windows\System\esQTquj.exe
  2⤵
  PID:2220
- C:\Windows\System\UUnrBGy.exe
  C:\Windows\System\UUnrBGy.exe
  2⤵
  PID:6352
- C:\Windows\System\dLLLiEC.exe
  C:\Windows\System\dLLLiEC.exe
  2⤵
  PID:6628
- C:\Windows\System\usIFqYb.exe
  C:\Windows\System\usIFqYb.exe
  2⤵
  PID:3068
- C:\Windows\System\TiDvBKY.exe
  C:\Windows\System\TiDvBKY.exe
  2⤵
  PID:1876
- C:\Windows\System\JKTgtWg.exe
  C:\Windows\System\JKTgtWg.exe
  2⤵
  PID:6820
- C:\Windows\System\tHicvyz.exe
  C:\Windows\System\tHicvyz.exe
  2⤵
  PID:6808
- C:\Windows\System\yOhuRUq.exe
  C:\Windows\System\yOhuRUq.exe
  2⤵
  PID:6868
- C:\Windows\System\QaqJfgc.exe
  C:\Windows\System\QaqJfgc.exe
  2⤵
  PID:7044
- C:\Windows\System\enHRiDp.exe
  C:\Windows\System\enHRiDp.exe
  2⤵
  PID:7144
- C:\Windows\System\GFXocKn.exe
  C:\Windows\System\GFXocKn.exe
  2⤵
  PID:6576
- C:\Windows\System\DGPnSsm.exe
  C:\Windows\System\DGPnSsm.exe
  2⤵
  PID:6656
- C:\Windows\System\lsfWXdF.exe
  C:\Windows\System\lsfWXdF.exe
  2⤵
  PID:6268
- C:\Windows\System\ZiTayaK.exe
  C:\Windows\System\ZiTayaK.exe
  2⤵
  PID:6356
- C:\Windows\System\TxmCRMn.exe
  C:\Windows\System\TxmCRMn.exe
  2⤵
  PID:6336
- C:\Windows\System\NNbktdb.exe
  C:\Windows\System\NNbktdb.exe
  2⤵
  PID:6488
- C:\Windows\System\emgwePu.exe
  C:\Windows\System\emgwePu.exe
  2⤵
  PID:6908
- C:\Windows\System\IGPPEEN.exe
  C:\Windows\System\IGPPEEN.exe
  2⤵
  PID:7172
- C:\Windows\System\GKTtuYq.exe
  C:\Windows\System\GKTtuYq.exe
  2⤵
  PID:7196
- C:\Windows\System\SWHjDeg.exe
  C:\Windows\System\SWHjDeg.exe
  2⤵
  PID:7216
- C:\Windows\System\WrZXrpn.exe
  C:\Windows\System\WrZXrpn.exe
  2⤵
  PID:7236
- C:\Windows\System\ugXughJ.exe
  C:\Windows\System\ugXughJ.exe
  2⤵
  PID:7256
- C:\Windows\System\lQMOzdY.exe
  C:\Windows\System\lQMOzdY.exe
  2⤵
  PID:7284
- C:\Windows\System\OTeCVJE.exe
  C:\Windows\System\OTeCVJE.exe
  2⤵
  PID:7300
- C:\Windows\System\cBuVHQd.exe
  C:\Windows\System\cBuVHQd.exe
  2⤵
  PID:7320
- C:\Windows\System\rutpNNu.exe
  C:\Windows\System\rutpNNu.exe
  2⤵
  PID:7392
- C:\Windows\System\WfOrpci.exe
  C:\Windows\System\WfOrpci.exe
  2⤵
  PID:7408
- C:\Windows\System\OCbRfQE.exe
  C:\Windows\System\OCbRfQE.exe
  2⤵
  PID:7424
- C:\Windows\System\pZkZFXh.exe
  C:\Windows\System\pZkZFXh.exe
  2⤵
  PID:7440
- C:\Windows\System\LCzCODH.exe
  C:\Windows\System\LCzCODH.exe
  2⤵
  PID:7456
- C:\Windows\System\rAYpTIS.exe
  C:\Windows\System\rAYpTIS.exe
  2⤵
  PID:7472
- C:\Windows\System\mYlqxKP.exe
  C:\Windows\System\mYlqxKP.exe
  2⤵
  PID:7492
- C:\Windows\System\MkOYmAL.exe
  C:\Windows\System\MkOYmAL.exe
  2⤵
  PID:7508
- C:\Windows\System\GNSAYhc.exe
  C:\Windows\System\GNSAYhc.exe
  2⤵
  PID:7528
- C:\Windows\System\xvOIrfw.exe
  C:\Windows\System\xvOIrfw.exe
  2⤵
  PID:7544
- C:\Windows\System\hVQwnWw.exe
  C:\Windows\System\hVQwnWw.exe
  2⤵
  PID:7560
- C:\Windows\System\hrTcZEw.exe
  C:\Windows\System\hrTcZEw.exe
  2⤵
  PID:7580
- C:\Windows\System\pGVdzVs.exe
  C:\Windows\System\pGVdzVs.exe
  2⤵
  PID:7600
- C:\Windows\System\URqSNGV.exe
  C:\Windows\System\URqSNGV.exe
  2⤵
  PID:7616
- C:\Windows\System\HqNztEP.exe
  C:\Windows\System\HqNztEP.exe
  2⤵
  PID:7632
- C:\Windows\System\GWPTzvX.exe
  C:\Windows\System\GWPTzvX.exe
  2⤵
  PID:7660
- C:\Windows\System\lVBFHGW.exe
  C:\Windows\System\lVBFHGW.exe
  2⤵
  PID:7676
- C:\Windows\System\MoaWyDl.exe
  C:\Windows\System\MoaWyDl.exe
  2⤵
  PID:7692
- C:\Windows\System\lXLZKyu.exe
  C:\Windows\System\lXLZKyu.exe
  2⤵
  PID:7708
- C:\Windows\System\CetZphC.exe
  C:\Windows\System\CetZphC.exe
  2⤵
  PID:7728
- C:\Windows\System\DHFWHZc.exe
  C:\Windows\System\DHFWHZc.exe
  2⤵
  PID:7748
- C:\Windows\System\mHiUUSj.exe
  C:\Windows\System\mHiUUSj.exe
  2⤵
  PID:7764
- C:\Windows\System\DRMkBgx.exe
  C:\Windows\System\DRMkBgx.exe
  2⤵
  PID:7780
- C:\Windows\System\SmqZFIc.exe
  C:\Windows\System\SmqZFIc.exe
  2⤵
  PID:7796
- C:\Windows\System\UsvVBUT.exe
  C:\Windows\System\UsvVBUT.exe
  2⤵
  PID:7812
- C:\Windows\System\adyYVdI.exe
  C:\Windows\System\adyYVdI.exe
  2⤵
  PID:7892
- C:\Windows\System\qLVrjpc.exe
  C:\Windows\System\qLVrjpc.exe
  2⤵
  PID:7908
- C:\Windows\System\pgbnFPk.exe
  C:\Windows\System\pgbnFPk.exe
  2⤵
  PID:7924
- C:\Windows\System\hYOAOgF.exe
  C:\Windows\System\hYOAOgF.exe
  2⤵
  PID:7940
- C:\Windows\System\WVEQJgK.exe
  C:\Windows\System\WVEQJgK.exe
  2⤵
  PID:7956
- C:\Windows\System\DmvFrjq.exe
  C:\Windows\System\DmvFrjq.exe
  2⤵
  PID:7972
- C:\Windows\System\kmjuTZo.exe
  C:\Windows\System\kmjuTZo.exe
  2⤵
  PID:7988
- C:\Windows\System\DHFxOcv.exe
  C:\Windows\System\DHFxOcv.exe
  2⤵
  PID:8004
- C:\Windows\System\HlKVYSb.exe
  C:\Windows\System\HlKVYSb.exe
  2⤵
  PID:8020
- C:\Windows\System\hVNKtwy.exe
  C:\Windows\System\hVNKtwy.exe
  2⤵
  PID:8036
- C:\Windows\System\OgeksTR.exe
  C:\Windows\System\OgeksTR.exe
  2⤵
  PID:8084
- C:\Windows\System\fQxctur.exe
  C:\Windows\System\fQxctur.exe
  2⤵
  PID:8100
- C:\Windows\System\VYavzlX.exe
  C:\Windows\System\VYavzlX.exe
  2⤵
  PID:8124
- C:\Windows\System\rlLvYAa.exe
  C:\Windows\System\rlLvYAa.exe
  2⤵
  PID:8144
- C:\Windows\System\KMJmdkx.exe
  C:\Windows\System\KMJmdkx.exe
  2⤵
  PID:8164
- C:\Windows\System\sIJolLQ.exe
  C:\Windows\System\sIJolLQ.exe
  2⤵
  PID:8180
- C:\Windows\System\hLxAfyU.exe
  C:\Windows\System\hLxAfyU.exe
  2⤵
  PID:6804
- C:\Windows\System\aklxNoK.exe
  C:\Windows\System\aklxNoK.exe
  2⤵
  PID:6956
- C:\Windows\System\ysksHXT.exe
  C:\Windows\System\ysksHXT.exe
  2⤵
  PID:6472
- C:\Windows\System\kTipmlx.exe
  C:\Windows\System\kTipmlx.exe
  2⤵
  PID:7184
- C:\Windows\System\ODJwhri.exe
  C:\Windows\System\ODJwhri.exe
  2⤵
  PID:6784
- C:\Windows\System\spFuTwH.exe
  C:\Windows\System\spFuTwH.exe
  2⤵
  PID:1364
- C:\Windows\System\dNVjgeK.exe
  C:\Windows\System\dNVjgeK.exe
  2⤵
  PID:6164
- C:\Windows\System\DmnBQZt.exe
  C:\Windows\System\DmnBQZt.exe
  2⤵
  PID:7212
- C:\Windows\System\BJxWeQc.exe
  C:\Windows\System\BJxWeQc.exe
  2⤵
  PID:7296
- C:\Windows\System\HzXAaGV.exe
  C:\Windows\System\HzXAaGV.exe
  2⤵
  PID:7272
- C:\Windows\System\gVQcyGa.exe
  C:\Windows\System\gVQcyGa.exe
  2⤵
  PID:7312
- C:\Windows\System\Nuzyypc.exe
  C:\Windows\System\Nuzyypc.exe
  2⤵
  PID:7356
- C:\Windows\System\DBbgHPU.exe
  C:\Windows\System\DBbgHPU.exe
  2⤵
  PID:7376
- C:\Windows\System\MrLVabs.exe
  C:\Windows\System\MrLVabs.exe
  2⤵
  PID:7416
- C:\Windows\System\zOuBlNc.exe
  C:\Windows\System\zOuBlNc.exe
  2⤵
  PID:7464
- C:\Windows\System\RjVPPRF.exe
  C:\Windows\System\RjVPPRF.exe
  2⤵
  PID:7652
- C:\Windows\System\whIYFRi.exe
  C:\Windows\System\whIYFRi.exe
  2⤵
  PID:7720
- C:\Windows\System\fssJtVX.exe
  C:\Windows\System\fssJtVX.exe
  2⤵
  PID:7788
- C:\Windows\System\JqMAwce.exe
  C:\Windows\System\JqMAwce.exe
  2⤵
  PID:7484
- C:\Windows\System\RGJvDSB.exe
  C:\Windows\System\RGJvDSB.exe
  2⤵
  PID:7840
- C:\Windows\System\PVkchdD.exe
  C:\Windows\System\PVkchdD.exe
  2⤵
  PID:7856
- C:\Windows\System\mmGJhDw.exe
  C:\Windows\System\mmGJhDw.exe
  2⤵
  PID:7872
- C:\Windows\System\vkHHBnp.exe
  C:\Windows\System\vkHHBnp.exe
  2⤵
  PID:7624
- C:\Windows\System\dRPGjiF.exe
  C:\Windows\System\dRPGjiF.exe
  2⤵
  PID:7700
- C:\Windows\System\WoLXzhF.exe
  C:\Windows\System\WoLXzhF.exe
  2⤵
  PID:7524
- C:\Windows\System\aQvPtgJ.exe
  C:\Windows\System\aQvPtgJ.exe
  2⤵
  PID:7628
- C:\Windows\System\mFvMsii.exe
  C:\Windows\System\mFvMsii.exe
  2⤵
  PID:7776
- C:\Windows\System\QVAMNhA.exe
  C:\Windows\System\QVAMNhA.exe
  2⤵
  PID:7916
- C:\Windows\System\rObBIvu.exe
  C:\Windows\System\rObBIvu.exe
  2⤵
  PID:7900
- C:\Windows\System\YofIHjo.exe
  C:\Windows\System\YofIHjo.exe
  2⤵
  PID:7968
- C:\Windows\System\hZNuzUb.exe
  C:\Windows\System\hZNuzUb.exe
  2⤵
  PID:8092
- C:\Windows\System\hTKOQAt.exe
  C:\Windows\System\hTKOQAt.exe
  2⤵
  PID:8068
- C:\Windows\System\NuAjNez.exe
  C:\Windows\System\NuAjNez.exe
  2⤵
  PID:8012
- C:\Windows\System\VzoJXBQ.exe
  C:\Windows\System\VzoJXBQ.exe
  2⤵
  PID:8056
- C:\Windows\System\DxuvwDJ.exe
  C:\Windows\System\DxuvwDJ.exe
  2⤵
  PID:8152
- C:\Windows\System\RvxlCew.exe
  C:\Windows\System\RvxlCew.exe
  2⤵
  PID:2896
- C:\Windows\System\uimVFpX.exe
  C:\Windows\System\uimVFpX.exe
  2⤵
  PID:7008
- C:\Windows\System\FVeNAQH.exe
  C:\Windows\System\FVeNAQH.exe
  2⤵
  PID:7292
- C:\Windows\System\KkRiVRy.exe
  C:\Windows\System\KkRiVRy.exe
  2⤵
  PID:7436
- C:\Windows\System\eTGgjhL.exe
  C:\Windows\System\eTGgjhL.exe
  2⤵
  PID:8132
- C:\Windows\System\AZEVzEG.exe
  C:\Windows\System\AZEVzEG.exe
  2⤵
  PID:6960
- C:\Windows\System\uhdNIlj.exe
  C:\Windows\System\uhdNIlj.exe
  2⤵
  PID:6852
- C:\Windows\System\Hpwvnhq.exe
  C:\Windows\System\Hpwvnhq.exe
  2⤵
  PID:7180
- C:\Windows\System\DKxPLnb.exe
  C:\Windows\System\DKxPLnb.exe
  2⤵
  PID:7344
- C:\Windows\System\VmvnOpN.exe
  C:\Windows\System\VmvnOpN.exe
  2⤵
  PID:7644
- C:\Windows\System\xdGNJtC.exe
  C:\Windows\System\xdGNJtC.exe
  2⤵
  PID:7688
- C:\Windows\System\QWCGOEJ.exe
  C:\Windows\System\QWCGOEJ.exe
  2⤵
  PID:7836
- C:\Windows\System\eyMdLAn.exe
  C:\Windows\System\eyMdLAn.exe
  2⤵
  PID:7848
- C:\Windows\System\FLwVNEg.exe
  C:\Windows\System\FLwVNEg.exe
  2⤵
  PID:7736
- C:\Windows\System\nYeyeIE.exe
  C:\Windows\System\nYeyeIE.exe
  2⤵
  PID:7740
- C:\Windows\System\kTfyrnt.exe
  C:\Windows\System\kTfyrnt.exe
  2⤵
  PID:7588
- C:\Windows\System\FSqJPrU.exe
  C:\Windows\System\FSqJPrU.exe
  2⤵
  PID:8048
- C:\Windows\System\NiqRFKo.exe
  C:\Windows\System\NiqRFKo.exe
  2⤵
  PID:8116
- C:\Windows\System\kYTCzGP.exe
  C:\Windows\System\kYTCzGP.exe
  2⤵
  PID:8028
- C:\Windows\System\CoYdqfY.exe
  C:\Windows\System\CoYdqfY.exe
  2⤵
  PID:7884
- C:\Windows\System\VOjsJdI.exe
  C:\Windows\System\VOjsJdI.exe
  2⤵
  PID:7964
- C:\Windows\System\mEdFtGu.exe
  C:\Windows\System\mEdFtGu.exe
  2⤵
  PID:7140
- C:\Windows\System\eobrJZF.exe
  C:\Windows\System\eobrJZF.exe
  2⤵
  PID:7328
- C:\Windows\System\RlHjLJq.exe
  C:\Windows\System\RlHjLJq.exe
  2⤵
  PID:7224
- C:\Windows\System\PNOvsgJ.exe
  C:\Windows\System\PNOvsgJ.exe
  2⤵
  PID:8140
- C:\Windows\System\hpjEsvk.exe
  C:\Windows\System\hpjEsvk.exe
  2⤵
  PID:7716
- C:\Windows\System\GYodVXT.exe
  C:\Windows\System\GYodVXT.exe
  2⤵
  PID:7536
- C:\Windows\System\gxlMcic.exe
  C:\Windows\System\gxlMcic.exe
  2⤵
  PID:8176
- C:\Windows\System\ohjqIJc.exe
  C:\Windows\System\ohjqIJc.exe
  2⤵
  PID:7612
- C:\Windows\System\JGUyieQ.exe
  C:\Windows\System\JGUyieQ.exe
  2⤵
  PID:7832
- C:\Windows\System\BJgAonj.exe
  C:\Windows\System\BJgAonj.exe
  2⤵
  PID:7556
- C:\Windows\System\pSTOvXm.exe
  C:\Windows\System\pSTOvXm.exe
  2⤵
  PID:7596
- C:\Windows\System\ptERvYY.exe
  C:\Windows\System\ptERvYY.exe
  2⤵
  PID:7192
- C:\Windows\System\cSeyLDx.exe
  C:\Windows\System\cSeyLDx.exe
  2⤵
  PID:7572
- C:\Windows\System\GNPwbcB.exe
  C:\Windows\System\GNPwbcB.exe
  2⤵
  PID:7820
- C:\Windows\System\caTwafS.exe
  C:\Windows\System\caTwafS.exe
  2⤵
  PID:8076
- C:\Windows\System\cwteEeM.exe
  C:\Windows\System\cwteEeM.exe
  2⤵
  PID:7904
- C:\Windows\System\jfVpxsl.exe
  C:\Windows\System\jfVpxsl.exe
  2⤵
  PID:7264
- C:\Windows\System\CazEuzU.exe
  C:\Windows\System\CazEuzU.exe
  2⤵
  PID:7952
- C:\Windows\System\XCxOfFO.exe
  C:\Windows\System\XCxOfFO.exe
  2⤵
  PID:7420
- C:\Windows\System\cjPRFQs.exe
  C:\Windows\System\cjPRFQs.exe
  2⤵
  PID:7608
- C:\Windows\System\ZyYhVLG.exe
  C:\Windows\System\ZyYhVLG.exe
  2⤵
  PID:8044
- C:\Windows\System\cVZnKTx.exe
  C:\Windows\System\cVZnKTx.exe
  2⤵
  PID:7864
- C:\Windows\System\DTkmkTr.exe
  C:\Windows\System\DTkmkTr.exe
  2⤵
  PID:7744
- C:\Windows\System\JjAookM.exe
  C:\Windows\System\JjAookM.exe
  2⤵
  PID:7368
- C:\Windows\System\jnmUKtM.exe
  C:\Windows\System\jnmUKtM.exe
  2⤵
  PID:7468
- C:\Windows\System\aMYVEEb.exe
  C:\Windows\System\aMYVEEb.exe
  2⤵
  PID:7388
- C:\Windows\System\ZRslzRI.exe
  C:\Windows\System\ZRslzRI.exe
  2⤵
  PID:8160
- C:\Windows\System\GZzEKLa.exe
  C:\Windows\System\GZzEKLa.exe
  2⤵
  PID:7400
- C:\Windows\System\zmExLmX.exe
  C:\Windows\System\zmExLmX.exe
  2⤵
  PID:8208
- C:\Windows\System\swOcCQP.exe
  C:\Windows\System\swOcCQP.exe
  2⤵
  PID:8224
- C:\Windows\System\dicEsqi.exe
  C:\Windows\System\dicEsqi.exe
  2⤵
  PID:8244
- C:\Windows\System\HgtrfLA.exe
  C:\Windows\System\HgtrfLA.exe
  2⤵
  PID:8272
- C:\Windows\System\rZBbXXy.exe
  C:\Windows\System\rZBbXXy.exe
  2⤵
  PID:8288
- C:\Windows\System\opmbDDe.exe
  C:\Windows\System\opmbDDe.exe
  2⤵
  PID:8304
- C:\Windows\System\TQGEODH.exe
  C:\Windows\System\TQGEODH.exe
  2⤵
  PID:8320
- C:\Windows\System\rwZoTOX.exe
  C:\Windows\System\rwZoTOX.exe
  2⤵
  PID:8340
- C:\Windows\System\VaojiNU.exe
  C:\Windows\System\VaojiNU.exe
  2⤵
  PID:8356
- C:\Windows\System\mErPzFx.exe
  C:\Windows\System\mErPzFx.exe
  2⤵
  PID:8372
- C:\Windows\System\bHuUgTJ.exe
  C:\Windows\System\bHuUgTJ.exe
  2⤵
  PID:8404
- C:\Windows\System\npjchhZ.exe
  C:\Windows\System\npjchhZ.exe
  2⤵
  PID:8436
- C:\Windows\System\xNgnSXp.exe
  C:\Windows\System\xNgnSXp.exe
  2⤵
  PID:8452
- C:\Windows\System\XrrlKRl.exe
  C:\Windows\System\XrrlKRl.exe
  2⤵
  PID:8468
- C:\Windows\System\ibZXsHp.exe
  C:\Windows\System\ibZXsHp.exe
  2⤵
  PID:8484
- C:\Windows\System\zaxMBHR.exe
  C:\Windows\System\zaxMBHR.exe
  2⤵
  PID:8516
- C:\Windows\System\FKFfSHl.exe
  C:\Windows\System\FKFfSHl.exe
  2⤵
  PID:8532
- C:\Windows\System\ncEFVxR.exe
  C:\Windows\System\ncEFVxR.exe
  2⤵
  PID:8604
- C:\Windows\System\AMSRfyr.exe
  C:\Windows\System\AMSRfyr.exe
  2⤵
  PID:8620
- C:\Windows\System\PhEwYOH.exe
  C:\Windows\System\PhEwYOH.exe
  2⤵
  PID:8636
- C:\Windows\System\NlicZzm.exe
  C:\Windows\System\NlicZzm.exe
  2⤵
  PID:8656
- C:\Windows\System\iFZtmIx.exe
  C:\Windows\System\iFZtmIx.exe
  2⤵
  PID:8672
- C:\Windows\System\kUgWbDS.exe
  C:\Windows\System\kUgWbDS.exe
  2⤵
  PID:8688
- C:\Windows\System\NqMnGGj.exe
  C:\Windows\System\NqMnGGj.exe
  2⤵
  PID:8704
- C:\Windows\System\mmvhhAY.exe
  C:\Windows\System\mmvhhAY.exe
  2⤵
  PID:8720
- C:\Windows\System\XNOvTkp.exe
  C:\Windows\System\XNOvTkp.exe
  2⤵
  PID:8736
- C:\Windows\System\wkamDHD.exe
  C:\Windows\System\wkamDHD.exe
  2⤵
  PID:8752
- C:\Windows\System\JotWvRO.exe
  C:\Windows\System\JotWvRO.exe
  2⤵
  PID:8768
- C:\Windows\System\jBvvMYp.exe
  C:\Windows\System\jBvvMYp.exe
  2⤵
  PID:8784
- C:\Windows\System\FmGUUKo.exe
  C:\Windows\System\FmGUUKo.exe
  2⤵
  PID:8800
- C:\Windows\System\cdsSXNc.exe
  C:\Windows\System\cdsSXNc.exe
  2⤵
  PID:8816
- C:\Windows\System\PCBAQan.exe
  C:\Windows\System\PCBAQan.exe
  2⤵
  PID:8832
- C:\Windows\System\OtqJtsy.exe
  C:\Windows\System\OtqJtsy.exe
  2⤵
  PID:8848
- C:\Windows\System\tSwbunX.exe
  C:\Windows\System\tSwbunX.exe
  2⤵
  PID:8864
- C:\Windows\System\PswTYKK.exe
  C:\Windows\System\PswTYKK.exe
  2⤵
  PID:8880
- C:\Windows\System\vFicCYg.exe
  C:\Windows\System\vFicCYg.exe
  2⤵
  PID:8896
- C:\Windows\System\IjedBrj.exe
  C:\Windows\System\IjedBrj.exe
  2⤵
  PID:8912
- C:\Windows\System\oNXTBep.exe
  C:\Windows\System\oNXTBep.exe
  2⤵
  PID:8928
- C:\Windows\System\sZFbnZS.exe
  C:\Windows\System\sZFbnZS.exe
  2⤵
  PID:8944
- C:\Windows\System\BXiQPpx.exe
  C:\Windows\System\BXiQPpx.exe
  2⤵
  PID:8960
- C:\Windows\System\SQAUOVm.exe
  C:\Windows\System\SQAUOVm.exe
  2⤵
  PID:8976
- C:\Windows\System\GJzUYMc.exe
  C:\Windows\System\GJzUYMc.exe
  2⤵
  PID:8992
- C:\Windows\System\nwIJrwo.exe
  C:\Windows\System\nwIJrwo.exe
  2⤵
  PID:9008
- C:\Windows\System\xVnkAVc.exe
  C:\Windows\System\xVnkAVc.exe
  2⤵
  PID:9024
- C:\Windows\System\FtsEAok.exe
  C:\Windows\System\FtsEAok.exe
  2⤵
  PID:9040
- C:\Windows\System\OoPNcCM.exe
  C:\Windows\System\OoPNcCM.exe
  2⤵
  PID:9060
- C:\Windows\System\Qbvcdcv.exe
  C:\Windows\System\Qbvcdcv.exe
  2⤵
  PID:9076
- C:\Windows\System\kARfovM.exe
  C:\Windows\System\kARfovM.exe
  2⤵
  PID:9092
- C:\Windows\System\NiDXdDW.exe
  C:\Windows\System\NiDXdDW.exe
  2⤵
  PID:9108
- C:\Windows\System\UUyJxrJ.exe
  C:\Windows\System\UUyJxrJ.exe
  2⤵
  PID:9124
- C:\Windows\System\JlkAcpr.exe
  C:\Windows\System\JlkAcpr.exe
  2⤵
  PID:9140
- C:\Windows\System\OhDcTgN.exe
  C:\Windows\System\OhDcTgN.exe
  2⤵
  PID:9156
- C:\Windows\System\OqSBPaZ.exe
  C:\Windows\System\OqSBPaZ.exe
  2⤵
  PID:9172
- C:\Windows\System\GmVzSUp.exe
  C:\Windows\System\GmVzSUp.exe
  2⤵
  PID:9188
- C:\Windows\System\HPQxHqV.exe
  C:\Windows\System\HPQxHqV.exe
  2⤵
  PID:9204
- C:\Windows\System\JCiGxms.exe
  C:\Windows\System\JCiGxms.exe
  2⤵
  PID:7348
- C:\Windows\System\RpUYUeu.exe
  C:\Windows\System\RpUYUeu.exe
  2⤵
  PID:7804
- C:\Windows\System\kfjFvAo.exe
  C:\Windows\System\kfjFvAo.exe
  2⤵
  PID:8196
- C:\Windows\System\EJuJDxc.exe
  C:\Windows\System\EJuJDxc.exe
  2⤵
  PID:7684
- C:\Windows\System\afURzUv.exe
  C:\Windows\System\afURzUv.exe
  2⤵
  PID:8264
- C:\Windows\System\adhkRia.exe
  C:\Windows\System\adhkRia.exe
  2⤵
  PID:8080
- C:\Windows\System\PdgcOGE.exe
  C:\Windows\System\PdgcOGE.exe
  2⤵
  PID:8252
- C:\Windows\System\BblsYHh.exe
  C:\Windows\System\BblsYHh.exe
  2⤵
  PID:8268
- C:\Windows\System\wKouVAY.exe
  C:\Windows\System\wKouVAY.exe
  2⤵
  PID:8368
- C:\Windows\System\CqqACRt.exe
  C:\Windows\System\CqqACRt.exe
  2⤵
  PID:8240
- C:\Windows\System\pCgAiGx.exe
  C:\Windows\System\pCgAiGx.exe
  2⤵
  PID:8616
- C:\Windows\System\JFcHDAA.exe
  C:\Windows\System\JFcHDAA.exe
  2⤵
  PID:8664
- C:\Windows\System\RTZZhyF.exe
  C:\Windows\System\RTZZhyF.exe
  2⤵
  PID:8716
- C:\Windows\System\buAcZPX.exe
  C:\Windows\System\buAcZPX.exe
  2⤵
  PID:8796
- C:\Windows\System\AKojVyx.exe
  C:\Windows\System\AKojVyx.exe
  2⤵
  PID:8856
- C:\Windows\System\sqvcmiz.exe
  C:\Windows\System\sqvcmiz.exe
  2⤵
  PID:8840
- C:\Windows\System\luwrikX.exe
  C:\Windows\System\luwrikX.exe
  2⤵
  PID:8904
- C:\Windows\System\KXZIbPG.exe
  C:\Windows\System\KXZIbPG.exe
  2⤵
  PID:8936
- C:\Windows\System\cQsaoVO.exe
  C:\Windows\System\cQsaoVO.exe
  2⤵
  PID:8776
- C:\Windows\System\wzDzlHb.exe
  C:\Windows\System\wzDzlHb.exe
  2⤵
  PID:9084
- C:\Windows\System\GvKvhgw.exe
  C:\Windows\System\GvKvhgw.exe
  2⤵
  PID:9116
- C:\Windows\System\lgUgxFm.exe
  C:\Windows\System\lgUgxFm.exe
  2⤵
  PID:9152
- C:\Windows\System\nVNEZIo.exe
  C:\Windows\System\nVNEZIo.exe
  2⤵
  PID:9100
- C:\Windows\System\ZMusLVw.exe
  C:\Windows\System\ZMusLVw.exe
  2⤵
  PID:9184
- C:\Windows\System\YGndkXD.exe
  C:\Windows\System\YGndkXD.exe
  2⤵
  PID:9200
- C:\Windows\System\nqfXOsN.exe
  C:\Windows\System\nqfXOsN.exe
  2⤵
  PID:7576
- C:\Windows\System\eDbtoVX.exe
  C:\Windows\System\eDbtoVX.exe
  2⤵
  PID:7552
- C:\Windows\System\gpDFhPY.exe
  C:\Windows\System\gpDFhPY.exe
  2⤵
  PID:8364
- C:\Windows\System\sibDgxH.exe
  C:\Windows\System\sibDgxH.exe
  2⤵
  PID:8348
- C:\Windows\System\qqtIKzO.exe
  C:\Windows\System\qqtIKzO.exe
  2⤵
  PID:8312
- C:\Windows\System\PGlugLQ.exe
  C:\Windows\System\PGlugLQ.exe
  2⤵
  PID:8412
- C:\Windows\System\KuZNSSw.exe
  C:\Windows\System\KuZNSSw.exe
  2⤵
  PID:8496
- C:\Windows\System\lgfaewA.exe
  C:\Windows\System\lgfaewA.exe
  2⤵
  PID:8444
- C:\Windows\System\pYyOjXw.exe
  C:\Windows\System\pYyOjXw.exe
  2⤵
  PID:8448
- C:\Windows\System\JsrVYEU.exe
  C:\Windows\System\JsrVYEU.exe
  2⤵
  PID:8540
- C:\Windows\System\GXowQzK.exe
  C:\Windows\System\GXowQzK.exe
  2⤵
  PID:8596
- C:\Windows\System\AScoZRs.exe
  C:\Windows\System\AScoZRs.exe
  2⤵
  PID:8632
- C:\Windows\System\uGfWQGM.exe
  C:\Windows\System\uGfWQGM.exe
  2⤵
  PID:8764
- C:\Windows\System\FmBVyAK.exe
  C:\Windows\System\FmBVyAK.exe
  2⤵
  PID:8892
- C:\Windows\System\ZAhHyYz.exe
  C:\Windows\System\ZAhHyYz.exe
  2⤵
  PID:8780
- C:\Windows\System\DUMyhkU.exe
  C:\Windows\System\DUMyhkU.exe
  2⤵
  PID:8648
- C:\Windows\System\uZyAdRy.exe
  C:\Windows\System\uZyAdRy.exe
  2⤵
  PID:8876
- C:\Windows\System\GwimTCz.exe
  C:\Windows\System\GwimTCz.exe
  2⤵
  PID:9168
- C:\Windows\System\GCfovsF.exe
  C:\Windows\System\GCfovsF.exe
  2⤵
  PID:8260
- C:\Windows\System\OTvMJIL.exe
  C:\Windows\System\OTvMJIL.exe
  2⤵
  PID:8420
- C:\Windows\System\fJEWOZD.exe
  C:\Windows\System\fJEWOZD.exe
  2⤵
  PID:9016
- C:\Windows\System\NQXSajL.exe
  C:\Windows\System\NQXSajL.exe
  2⤵
  PID:8972
- C:\Windows\System\EiNbavW.exe
  C:\Windows\System\EiNbavW.exe
  2⤵
  PID:8216
- C:\Windows\System\GHNoqqN.exe
  C:\Windows\System\GHNoqqN.exe
  2⤵
  PID:8232
- C:\Windows\System\tcoKvrV.exe
  C:\Windows\System\tcoKvrV.exe
  2⤵
  PID:8504
- C:\Windows\System\ajiEdDv.exe
  C:\Windows\System\ajiEdDv.exe
  2⤵
  PID:8524
- C:\Windows\System\ddrMqht.exe
  C:\Windows\System\ddrMqht.exe
  2⤵
  PID:8568
- C:\Windows\System\OwsPLWz.exe
  C:\Windows\System\OwsPLWz.exe
  2⤵
  PID:8580
- C:\Windows\System\RnhXATP.exe
  C:\Windows\System\RnhXATP.exe
  2⤵
  PID:8652
- C:\Windows\System\NxlxvVX.exe
  C:\Windows\System\NxlxvVX.exe
  2⤵
  PID:8888
- C:\Windows\System\XJhrdzs.exe
  C:\Windows\System\XJhrdzs.exe
  2⤵
  PID:8732
- C:\Windows\System\OlBYVlM.exe
  C:\Windows\System\OlBYVlM.exe
  2⤵
  PID:8924
- C:\Windows\System\UrjKoWt.exe
  C:\Windows\System\UrjKoWt.exe
  2⤵
  PID:8988
- C:\Windows\System\fiJMWrU.exe
  C:\Windows\System\fiJMWrU.exe
  2⤵
  PID:9164
- C:\Windows\System\lFYadpl.exe
  C:\Windows\System\lFYadpl.exe
  2⤵
  PID:7268
- C:\Windows\System\jLfanXO.exe
  C:\Windows\System\jLfanXO.exe
  2⤵
  PID:8384
- C:\Windows\System\RYoVLZk.exe
  C:\Windows\System\RYoVLZk.exe
  2⤵
  PID:8548
- C:\Windows\System\BwvUWtn.exe
  C:\Windows\System\BwvUWtn.exe
  2⤵
  PID:8748
- C:\Windows\System\KTbZwQL.exe
  C:\Windows\System\KTbZwQL.exe
  2⤵
  PID:8500
- C:\Windows\System\YDzmJkm.exe
  C:\Windows\System\YDzmJkm.exe
  2⤵
  PID:8560
- C:\Windows\System\vdDuPkq.exe
  C:\Windows\System\vdDuPkq.exe
  2⤵
  PID:8668
- C:\Windows\System\MkTfqLa.exe
  C:\Windows\System\MkTfqLa.exe
  2⤵
  PID:7488
- C:\Windows\System\vBSXqmB.exe
  C:\Windows\System\vBSXqmB.exe
  2⤵
  PID:8968
- C:\Windows\System\GuhLQCg.exe
  C:\Windows\System\GuhLQCg.exe
  2⤵
  PID:8476
- C:\Windows\System\hCCdTYH.exe
  C:\Windows\System\hCCdTYH.exe
  2⤵
  PID:8584
- C:\Windows\System\bsqWVcq.exe
  C:\Windows\System\bsqWVcq.exe
  2⤵
  PID:9232
- C:\Windows\System\uxkfETu.exe
  C:\Windows\System\uxkfETu.exe
  2⤵
  PID:9248
- C:\Windows\System\FYcwoUz.exe
  C:\Windows\System\FYcwoUz.exe
  2⤵
  PID:9264
- C:\Windows\System\qPPqMZD.exe
  C:\Windows\System\qPPqMZD.exe
  2⤵
  PID:9280
- C:\Windows\System\GEbkApi.exe
  C:\Windows\System\GEbkApi.exe
  2⤵
  PID:9296
- C:\Windows\System\rlbBitY.exe
  C:\Windows\System\rlbBitY.exe
  2⤵
  PID:9312
- C:\Windows\System\gZazxve.exe
  C:\Windows\System\gZazxve.exe
  2⤵
  PID:9328
- C:\Windows\System\EWMBOlj.exe
  C:\Windows\System\EWMBOlj.exe
  2⤵
  PID:9344
- C:\Windows\System\OGBIzdR.exe
  C:\Windows\System\OGBIzdR.exe
  2⤵
  PID:9360
- C:\Windows\System\igZhkbi.exe
  C:\Windows\System\igZhkbi.exe
  2⤵
  PID:9380
- C:\Windows\System\YhHNdgU.exe
  C:\Windows\System\YhHNdgU.exe
  2⤵
  PID:9396
- C:\Windows\System\sGsApJq.exe
  C:\Windows\System\sGsApJq.exe
  2⤵
  PID:9412
- C:\Windows\System\OvxupCh.exe
  C:\Windows\System\OvxupCh.exe
  2⤵
  PID:9428
- C:\Windows\System\jZLuiGj.exe
  C:\Windows\System\jZLuiGj.exe
  2⤵
  PID:9444
- C:\Windows\System\sEdiigb.exe
  C:\Windows\System\sEdiigb.exe
  2⤵
  PID:9476
- C:\Windows\System\pWidORb.exe
  C:\Windows\System\pWidORb.exe
  2⤵
  PID:9620
- C:\Windows\System\BgnhFTX.exe
  C:\Windows\System\BgnhFTX.exe
  2⤵
  PID:9640
- C:\Windows\System\ppcNcge.exe
  C:\Windows\System\ppcNcge.exe
  2⤵
  PID:9656
- C:\Windows\System\OkdZDIn.exe
  C:\Windows\System\OkdZDIn.exe
  2⤵
  PID:9688
- C:\Windows\System\jNJBCtm.exe
  C:\Windows\System\jNJBCtm.exe
  2⤵
  PID:9704
- C:\Windows\System\UBkeGOQ.exe
  C:\Windows\System\UBkeGOQ.exe
  2⤵
  PID:9724
- C:\Windows\System\zQvZWMP.exe
  C:\Windows\System\zQvZWMP.exe
  2⤵
  PID:9744
- C:\Windows\System\afPwWdV.exe
  C:\Windows\System\afPwWdV.exe
  2⤵
  PID:9760
- C:\Windows\System\nCiJtZl.exe
  C:\Windows\System\nCiJtZl.exe
  2⤵
  PID:9780
- C:\Windows\System\bJsbTeQ.exe
  C:\Windows\System\bJsbTeQ.exe
  2⤵
  PID:9804
- C:\Windows\System\LFftCrm.exe
  C:\Windows\System\LFftCrm.exe
  2⤵
  PID:9820
- C:\Windows\System\zrMnWKS.exe
  C:\Windows\System\zrMnWKS.exe
  2⤵
  PID:9848
- C:\Windows\System\WfFNGah.exe
  C:\Windows\System\WfFNGah.exe
  2⤵
  PID:9868
- C:\Windows\System\jLOcSWG.exe
  C:\Windows\System\jLOcSWG.exe
  2⤵
  PID:9884
- C:\Windows\System\jMGtlpS.exe
  C:\Windows\System\jMGtlpS.exe
  2⤵
  PID:9904
- C:\Windows\System\mLLnOlJ.exe
  C:\Windows\System\mLLnOlJ.exe
  2⤵
  PID:9924
- C:\Windows\System\eMQiuJu.exe
  C:\Windows\System\eMQiuJu.exe
  2⤵
  PID:9940
- C:\Windows\System\AMLLBRw.exe
  C:\Windows\System\AMLLBRw.exe
  2⤵
  PID:9960
- C:\Windows\System\tplIeZh.exe
  C:\Windows\System\tplIeZh.exe
  2⤵
  PID:9976
- C:\Windows\System\JrNbueF.exe
  C:\Windows\System\JrNbueF.exe
  2⤵
  PID:9996
- C:\Windows\System\fPZqeLH.exe
  C:\Windows\System\fPZqeLH.exe
  2⤵
  PID:10012
- C:\Windows\System\gFGoKOu.exe
  C:\Windows\System\gFGoKOu.exe
  2⤵
  PID:10028
- C:\Windows\System\vKWPuhN.exe
  C:\Windows\System\vKWPuhN.exe
  2⤵
  PID:10044
- C:\Windows\System\UlMEOuK.exe
  C:\Windows\System\UlMEOuK.exe
  2⤵
  PID:10060
- C:\Windows\System\mrDkNij.exe
  C:\Windows\System\mrDkNij.exe
  2⤵
  PID:10076
- C:\Windows\System\lMqHirx.exe
  C:\Windows\System\lMqHirx.exe
  2⤵
  PID:10092
- C:\Windows\System\HedxLyg.exe
  C:\Windows\System\HedxLyg.exe
  2⤵
  PID:10108
- C:\Windows\System\IZHrdzn.exe
  C:\Windows\System\IZHrdzn.exe
  2⤵
  PID:10124
- C:\Windows\System\rSUDxkF.exe
  C:\Windows\System\rSUDxkF.exe
  2⤵
  PID:10140
- C:\Windows\System\vUmoUry.exe
  C:\Windows\System\vUmoUry.exe
  2⤵
  PID:10156
- C:\Windows\System\xTgKlVA.exe
  C:\Windows\System\xTgKlVA.exe
  2⤵
  PID:10172
- C:\Windows\System\OTSLoaB.exe
  C:\Windows\System\OTSLoaB.exe
  2⤵
  PID:10188
- C:\Windows\System\NNceOwC.exe
  C:\Windows\System\NNceOwC.exe
  2⤵
  PID:10204
- C:\Windows\System\afyIfMX.exe
  C:\Windows\System\afyIfMX.exe
  2⤵
  PID:10220
- C:\Windows\System\KxTGHvP.exe
  C:\Windows\System\KxTGHvP.exe
  2⤵
  PID:10236
- C:\Windows\System\RAQPirS.exe
  C:\Windows\System\RAQPirS.exe
  2⤵
  PID:8576
- C:\Windows\System\NPtkaVM.exe
  C:\Windows\System\NPtkaVM.exe
  2⤵
  PID:9272
- C:\Windows\System\tEOTxBX.exe
  C:\Windows\System\tEOTxBX.exe
  2⤵
  PID:9136
- C:\Windows\System\umzXoil.exe
  C:\Windows\System\umzXoil.exe
  2⤵
  PID:8284
- C:\Windows\System\FvAtWwW.exe
  C:\Windows\System\FvAtWwW.exe
  2⤵
  PID:7308
- C:\Windows\System\gijioRL.exe
  C:\Windows\System\gijioRL.exe
  2⤵
  PID:9256
- C:\Windows\System\hoLDTpR.exe
  C:\Windows\System\hoLDTpR.exe
  2⤵
  PID:9324
- C:\Windows\System\GDMxgLl.exe
  C:\Windows\System\GDMxgLl.exe
  2⤵
  PID:9368
- C:\Windows\System\RtQcFmt.exe
  C:\Windows\System\RtQcFmt.exe
  2⤵
  PID:9424
- C:\Windows\System\HIFbpDo.exe
  C:\Windows\System\HIFbpDo.exe
  2⤵
  PID:9560
- C:\Windows\System\MVoHYAY.exe
  C:\Windows\System\MVoHYAY.exe
  2⤵
  PID:9600
- C:\Windows\System\NbpfRGY.exe
  C:\Windows\System\NbpfRGY.exe
  2⤵
  PID:9576
- C:\Windows\System\HtrCHex.exe
  C:\Windows\System\HtrCHex.exe
  2⤵
  PID:9608
- C:\Windows\System\sDwvSMP.exe
  C:\Windows\System\sDwvSMP.exe
  2⤵
  PID:9652
- C:\Windows\System\NlUGvhF.exe
  C:\Windows\System\NlUGvhF.exe
  2⤵
  PID:9668
- C:\Windows\System\eTrGNhl.exe
  C:\Windows\System\eTrGNhl.exe
  2⤵
  PID:9740
- C:\Windows\System\VYzUXsb.exe
  C:\Windows\System\VYzUXsb.exe
  2⤵
  PID:9768
- C:\Windows\System\RZoXPAv.exe
  C:\Windows\System\RZoXPAv.exe
  2⤵
  PID:9816
- C:\Windows\System\EtnOxKS.exe
  C:\Windows\System\EtnOxKS.exe
  2⤵
  PID:9800
- C:\Windows\System\TLZFZfc.exe
  C:\Windows\System\TLZFZfc.exe
  2⤵
  PID:9856
- C:\Windows\System\yXUvwmK.exe
  C:\Windows\System\yXUvwmK.exe
  2⤵
  PID:9880
- C:\Windows\System\tdqrIsW.exe
  C:\Windows\System\tdqrIsW.exe
  2⤵
  PID:9912
- C:\Windows\System\SDOlmDC.exe
  C:\Windows\System\SDOlmDC.exe
  2⤵
  PID:9984
- C:\Windows\System\faMiMFo.exe
  C:\Windows\System\faMiMFo.exe
  2⤵
  PID:10056
- C:\Windows\System\qFplkFC.exe
  C:\Windows\System\qFplkFC.exe
  2⤵
  PID:9972
- C:\Windows\System\FrnOfyb.exe
  C:\Windows\System\FrnOfyb.exe
  2⤵
  PID:10040
- C:\Windows\System\wChiHBL.exe
  C:\Windows\System\wChiHBL.exe
  2⤵
  PID:10132
- C:\Windows\System\gcunbMs.exe
  C:\Windows\System\gcunbMs.exe
  2⤵
  PID:10200
- C:\Windows\System\rdOmymU.exe
  C:\Windows\System\rdOmymU.exe
  2⤵
  PID:10184
- C:\Windows\System\pAhrZfP.exe
  C:\Windows\System\pAhrZfP.exe
  2⤵
  PID:10212
- C:\Windows\System\pVftZVU.exe
  C:\Windows\System\pVftZVU.exe
  2⤵
  PID:9932
- C:\Windows\System\AhzzfyX.exe
  C:\Windows\System\AhzzfyX.exe
  2⤵
  PID:9228
- C:\Windows\System\vQaIaPr.exe
  C:\Windows\System\vQaIaPr.exe
  2⤵
  PID:8920
- C:\Windows\System\qFxXfCv.exe
  C:\Windows\System\qFxXfCv.exe
  2⤵
  PID:9460
- C:\Windows\System\inJbGsY.exe
  C:\Windows\System\inJbGsY.exe
  2⤵
  PID:9420
- C:\Windows\System\zgVHNAf.exe
  C:\Windows\System\zgVHNAf.exe
  2⤵
  PID:9516
- C:\Windows\System\AgpNtDT.exe
  C:\Windows\System\AgpNtDT.exe
  2⤵
  PID:9532
- C:\Windows\System\slUWiBK.exe
  C:\Windows\System\slUWiBK.exe
  2⤵
  PID:9548
- C:\Windows\System\sBXWRwW.exe
  C:\Windows\System\sBXWRwW.exe
  2⤵
  PID:9472
- C:\Windows\System\FWSOldf.exe
  C:\Windows\System\FWSOldf.exe
  2⤵
  PID:9592
- C:\Windows\System\vEFfGzG.exe
  C:\Windows\System\vEFfGzG.exe
  2⤵
  PID:9584
- C:\Windows\System\RAKbhQz.exe
  C:\Windows\System\RAKbhQz.exe
  2⤵
  PID:9684
- C:\Windows\System\pmlrvJz.exe
  C:\Windows\System\pmlrvJz.exe
  2⤵
  PID:9736
- C:\Windows\System\SCjFasT.exe
  C:\Windows\System\SCjFasT.exe
  2⤵
  PID:9844
- C:\Windows\System\ZQcqEIV.exe
  C:\Windows\System\ZQcqEIV.exe
  2⤵
  PID:9988
- C:\Windows\System\FYSunCs.exe
  C:\Windows\System\FYSunCs.exe
  2⤵
  PID:10164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AsubLsw.exe

Filesize
6.0MB

MD5
58c919bb5d6970874693508ce3275fd9

SHA1
47ef0f9e66bc3fc43bfa5bfae6cbee0a622bfe45

SHA256
225ba0e3c5594cea2d079479bbc9fe6ecd57c6547177622ea5d16437dc19cec4

SHA512
80c53d95b9a41c03fcd729525739602caab6b87ce539f9d1c9f81c105119e386c5b1c2f0726c9ea835d58cb4b72d02a72fc3b8e600ba40da245494eed02b5d32

Download Submit
C:\Windows\system\BNKzxiw.exe

Filesize
6.0MB

MD5
d2f6530195edc27a9c6049635b23754f

SHA1
6397803f4311a733d3012d175777580b008cfc89

SHA256
d6bd246835ff3c49f2d216ee0ce983a5a8f815f17c3c090624e4c238dae2df4b

SHA512
92e8738daf85e4b7b55357936cd15e500ff52a9fbb2090466a306ab9332bb3fa41153da30ba39fb72a4f11011cf9dab66dd7dca84811cde26195731a74b55816

Download Submit
C:\Windows\system\DQKAlWp.exe

Filesize
6.0MB

MD5
5c91d4dae377c0a671343079e7712350

SHA1
e43ff8609e6da5edee17509504637e66a3421968

SHA256
42f130d8add397cf23c658ad88abbd5fc9c343c141ca1803572f64091130b949

SHA512
1ae8015929b48e374ec50246b7c5141cb94836547ba9df3ad7801ebf181e8d713ad47112503b0bcffda55ce6526ba520f9892f140fffc7468467f1803ef89a38

Download Submit
C:\Windows\system\EujCRNZ.exe

Filesize
6.0MB

MD5
8eacedf5700ab1ae407261069ef3614b

SHA1
556e014eb6f0e53ffebf44358bb9221347c9a9e1

SHA256
6f430b7fb044d4db257bde0d5d7b8a8085de58a83b815f34864ea848ac08ea51

SHA512
7aa3b65cccb5fc581bc5dae88c08be3379b9a03c8c764665c383f7641c60459937528dfe26b63b0a2738e7dc085c0bcddbdfb4cf2cab579024aa7071917db587

Download Submit
C:\Windows\system\FJSEVNW.exe

Filesize
6.0MB

MD5
52ae3bbd5c9563d6ab2bce8d4f90f121

SHA1
9dca08f5a1b7ad05083141bb03221e085ac18cab

SHA256
b5950e4515639fc443b1c51799e0b4ca100c3dd5a0cd84e15ecd56f950169eb5

SHA512
2a514bc253617d05ea72147893a330c28b9f021c8e7149a951369c34001d769cba17164c5a6a17b6112b9fc5becca12a89ad6c71ec708e7726e9d2a31e7f6c65

Download Submit
C:\Windows\system\HCNbiTI.exe

Filesize
6.0MB

MD5
e8d050e38b1f6e08a1fe5be5eee191b0

SHA1
ae0215bc258e4d718f061758f501f0054f62b464

SHA256
923d2e2fd3e3c2ff3cda4a910d740cab455dcbfc76c81567cec4ea38e52daac9

SHA512
d9432fa7d33e0248418bbcce6f123e70bd2c96e8ab7015d2fa2a7d921ddd37a6df7065ce2088ce77bc4abfd886658adfeb85150a8e86913fc0ceef9920ff0841

Download Submit
C:\Windows\system\HXemuLt.exe

Filesize
6.0MB

MD5
e65bc9943ec2187929469e367c696b76

SHA1
9abbf4bee8e820d520ba3619fc06cf91b9db2e32

SHA256
96f7f61e86c00550f36cd3d77d89ea3ab113e20477bb579b0361300ba2ef7533

SHA512
0755744e62a1755ffb730470bed3e5707f42fa2655314ae172234f40e8d2159028889edafb909963680cb49dfe99d782d9c6e5fd134c0309a2cfdc3f0c3f23b7

Download Submit
C:\Windows\system\HjaICmQ.exe

Filesize
6.0MB

MD5
a033ca2d56f32da24e8e0059a6adcd47

SHA1
d7fba340246b9a9fb587f0a8e91d08ed898bb8e8

SHA256
93362097e3ea769bd8174d1a5dba9ebec80c59f75ea69b3e7332250bff94154a

SHA512
92c899c6ab2331472aeacf9160a9d20bd4bc0408f149008e0fc1b44577f1aa55ccefb09409310f8dc1c2980836b19056ec7372913728da390c9abfd6cf2fc045

Download Submit
C:\Windows\system\KlSLGQM.exe

Filesize
6.0MB

MD5
98067b70d6ea8313236d53efc5f33f6d

SHA1
55ad5088da4fe0c377d2d310fbfc6c3353aae3c6

SHA256
e96d8d7abfa882c1c3b4d1f2c1f0b98eab0f5d722177085b5de4acfebe98215a

SHA512
41e47a7376cce8fec291f23b78620adc481494b2b1632a557d855d106fad5a2082d1bffdb1d8f354119f0e790d200653e21e092b0334238cc21a245e8064e417

Download Submit
C:\Windows\system\MslQtTq.exe

Filesize
6.0MB

MD5
0eb082554624fd86d574f943bb947f7f

SHA1
14ecb73e7c12f480231b3297b4e94424578555f7

SHA256
7be47b67f7ff6cef6f9345dbace10ec3c1d60db894016b4f8f3c478de27d127b

SHA512
949e307d5420aa5287c67b67aff98331b7c93b5d63ee170a6de3708ccaa1161beb95db4a27bd0770a2c37262972b6443ff93493fe6523e09b687eb1ebbb9a21a

Download Submit
C:\Windows\system\PiWzlIc.exe

Filesize
6.0MB

MD5
d40ce1a245c7b3b119e490c6bf68bdca

SHA1
37b3209b4665f9f8a051860d115ae3b05dc686a7

SHA256
af9b2c9831147a60f935cac73b038796c40aafa5ac416a6f1c2abc9b345359b2

SHA512
d8f0d3b8aedefdac5b29ee98406c1f001abec6bd0cfcfdf146954505e8af9df6174f0086239f1252b3d65b620b4b994f0462b3fcadddd089abbf8d1df06e2178

Download Submit
C:\Windows\system\SUQUVOy.exe

Filesize
6.0MB

MD5
be49d0b83485a16e46417d372c95cd68

SHA1
047fb26ca5f7f50770d36e00124481e613e27a31

SHA256
4ac6b9628bd6b9fd9dac40ae6ad1523da9bd7a394655b172493ba6df534ef469

SHA512
df011964459831c464012a415dc4e6d1fc668528f4b4f40dd60dfb287639c558dfd3a2b987c12bb0edac959354afb022468f2254bd10789fd1a2efbf46dfcca4

Download Submit
C:\Windows\system\UusRDXW.exe

Filesize
6.0MB

MD5
4574fa746f86ca39179dbd90b6fdf4bc

SHA1
9d615a11b1b99dcf65121b57cf375260e2fdbe91

SHA256
ffab365b78c2f10ecfcd0dbf0732db5f80e2f782699bb810c52125bada33bfce

SHA512
a6322dd106552a0ac38807754b900ffb576c559dc8f0624108ca68a4d2bcdfb00e30ac15f791525bd70565d72074386ec0a2349741e181bfa3bee3ca81ee6484

Download Submit
C:\Windows\system\WzXeSAS.exe

Filesize
6.0MB

MD5
12927f898aa10257dce977fa8ee4ff65

SHA1
98bfa34db397c665d8a6c0d4c66ee280d90a3e4a

SHA256
eadd082a49d7b05a5de1db08a31f280abffe028ce42b24df6513565acb012839

SHA512
56da04181d87b3dde95b5a3c296a5a3fc7cb62fa922031609fd0d7e650e528a52a9e4c9e13b46bca05c289edc37b17e7fb73c0970c823900727b7e3d67be3613

Download Submit
C:\Windows\system\ZoZnfNp.exe

Filesize
6.0MB

MD5
fd04d647980fd3d3669921936375487a

SHA1
dadd88792473c274b7a8fdf260dfbc1fbabdb476

SHA256
a43ee40fc93ec009e8afed3d4d624bba5b5e8bb77eaaa9118924c9ab0cfaaaae

SHA512
361fdeaf6eef97de57c05e3d94134691fced2a32d72cb67ecb42a4ed05f632a2b1e5bd8bfa7dc1d8578a426399bfdd9a89305e82986cd62bb0d65255d5c9d04f

Download Submit
C:\Windows\system\coPtNRS.exe

Filesize
6.0MB

MD5
56aa7c2efd722b48340168c4c80a6c8b

SHA1
9f4a4bcdbefaf7d5fde93f59ebb257c4e7b458b1

SHA256
3b5d1ead26559cdd27aa863f2e53e16ade6f5dd4959328279838a19aa21f8c26

SHA512
2e0d1e79888abde4e4987e7864b3571f36136493fc82b84a86d80dca0757d5c670ee317a6185742c896324be433904133c4ed134c57a282a4c38b0ea3754782f

Download Submit
C:\Windows\system\crNjhzH.exe

Filesize
6.0MB

MD5
753052df391fca3131a30c594204d54c

SHA1
be8aa46e11f9cd5279b793b63c4a36f1a41c31c3

SHA256
1e7290078b7a6f9a732a0b56b2660c2b7f8d6906c5b9511e7f17d1eb3c300f07

SHA512
bc797c507583f5f11fee0c9ce7709e6b57266aba87886b4866045ea99339ca6f1fa005bbb95e569fb68422f8f13b515ccc3d9f207b7687eeeb154d08ca572a7c

Download Submit
C:\Windows\system\fPlXkSK.exe

Filesize
6.0MB

MD5
40dc56b0b27df58413053c9cc2941658

SHA1
4f3ffe3b0e8790ba067111762806ae2d12bfa0e5

SHA256
4d221b48c70286f76497cfa510edf2c69186ee3820aae53f6e5ceaf39515bbcd

SHA512
9a0e98dd7ff55d44e196bc25d09b8fc76a104cbc72979618ae6d7b033d95ec0c25337281b04e479e0756076bdf87d6ea25c03973ffa399cb5c66e964f2c08996

Download Submit
C:\Windows\system\gzjnIeW.exe

Filesize
6.0MB

MD5
7a3f9492ec591aed2155e93ba1af81f1

SHA1
faa47a730a4f79f71740a2b043fc96a092414c72

SHA256
79ecefd19cd232b0b032408da9a09f1ef2d01841a2dce834723466503292c067

SHA512
4ec20b278ba64ed68ce1eafb973eb619a7722048ee19d3d1f040a320c9fa6f4f40a25f7e764b4e96c160ca9dccbe8bb2bf844aa86a95a03df57b2f77ac874f6d

Download Submit
C:\Windows\system\iRnTRWs.exe

Filesize
6.0MB

MD5
608ad214f5b63e98d2f48a45b4aca9c0

SHA1
69671a0df53e647a2097039224d1554a1c2c6439

SHA256
49f8d5fd89e81bca83d174575d427605a5be4087e39cecae88dd06b4d082a680

SHA512
65392b51fd37fbd7cbef958ff8a38a8f13815bb94d48294df48719860695060f56eb5293c5407bf1c346b5258711bc0faa2a3f7cc02b36cc291cc4599c6b91cc

Download Submit
C:\Windows\system\kYLHDuI.exe

Filesize
6.0MB

MD5
aefa01216d4ab942cec31e419439fec7

SHA1
f81d77a4814a1f38df07e6f36589b375dfc11b80

SHA256
7c8c558f0f3efecb9b28c56c3617a968a6713d7e43c1476a4e30eadf2e72cbaa

SHA512
e8895970292b7d9e2dceff7f91d9075d2edd2f569514eaa3ab64a6ae565a1bee77f02dbaaf3804f1a8bf5d7931ed78a304aa8bc3f3c4a6a88b8ee0d88902191a

Download Submit
C:\Windows\system\oCXwbRu.exe

Filesize
6.0MB

MD5
8953480f264de9a6e187d5c103f00c4c

SHA1
b67895032c1e83f81e62a260733bb3ed4ffda226

SHA256
aafe559c2c2ed2d311d4059814a9f7ae3d851d170e5e7f5db5c068fb74e157da

SHA512
a18003d005cc01c055dd504cd3070b9217ec6c136e36b7a389318e5e16ad03db2eb9cc2ac38fd8605c7272f274f417f22a89895519a66d1ae1c80b7c4fafb413

Download Submit
C:\Windows\system\sYHPhuP.exe

Filesize
6.0MB

MD5
642ac592bd8bf0739aa3985691460006

SHA1
47a1434284a6379179ddb56c4c7783e2ca160965

SHA256
2af0aeb683f9d0aa1a9a72c881017b97490c33cae7fbd0f9aa7b4fa4b1374476

SHA512
34025627ddad7d8f794be43fe18464111bc881b45fa687d3deefa6dd1a9b00a8bafc5c8ca50cf42f29b12f7312f5bd1defd0b594d8a49faf825dbcb142c0744c

Download Submit
C:\Windows\system\tDcfdTV.exe

Filesize
6.0MB

MD5
1ee95b413edcad4ff57e4bdd967c3301

SHA1
aff932a52292a1152672e6b56494c3747a6d972a

SHA256
8573b64b36c014ea4a1dc30ddcedcbcfe09d65d48bce4d782a1762c228ecf3f4

SHA512
42749b5b846044692615cf22c5244991fbc074ab103e0dfc8261de446a598800dbdfc5beba6e8f9846545f8c720302a8e19e52b68a8988efa270252ed25fab60

Download Submit
C:\Windows\system\tRkURfS.exe

Filesize
6.0MB

MD5
77702ee6019a355e52579550693b57c1

SHA1
ed7da2f63454c12245a0335f92bb0f6b4ec46bc0

SHA256
02cd344a37d3fb53355df5fb8d77af612d94315eebe7e72f97d27e7f250a2653

SHA512
b4da9201618518432f57d51dd8bdc767fc2b89c904bfa9bea5119895bceb46a9f6dd14d921f7139d7ef79edf06e245e5e3930e736c2889adaaeaaec3152c5c44

Download Submit
C:\Windows\system\vGQxUeH.exe

Filesize
6.0MB

MD5
308e2285b5363905baeb24eaff5d946b

SHA1
3b7bc0b97b52690dc2528ae8c999538c6feee631

SHA256
3ac74faca4fabd59cf622a8e550f982a2a7e3d55d5194f3a0f867e303fc61dbe

SHA512
b92f4d8295c97fd3a3befcd7400898ba32fce8768f2d9896db0e78213c957f658559f6f9608a04e2aa2ffb44ae3a0dfd13506fb4f5ea8ad45fdc9e27975d668f

Download Submit
C:\Windows\system\vjiugkX.exe

Filesize
6.0MB

MD5
d0dd0d4d6f250684fa4d56a9a4d2cfba

SHA1
63456785814f76531944c5410bc357a19b3652dd

SHA256
f5a2dcd51e48eb3acdd90119ee87cadcf1124b71d508471a906c722fc17b3762

SHA512
edbfed5e9c73efb72ebef86ab5345a77d0aa4156613ec042c77a3fe2f683a746e9f7509bf80e916fd408bac3e95f7371f1a1d5b4cbb3df2cf372ec29381bf48f

Download Submit
C:\Windows\system\wBjqqsl.exe

Filesize
6.0MB

MD5
72271569a81ed9abdc5958db86f35e3b

SHA1
889def9f1bfe46db7ddabcbbae4d402fc8aa881d

SHA256
42453112d14e5ba5d3c4f2d7d9513ccea65bc3e87d48e53d75b529bb61cf2bd2

SHA512
ee0e1b5f223c23da9d17548f2fa60e0c8ca640ab8e2215294937cb4422096c93ae6b563d4740c63e79707f0bed956a58e9ec8f8f855da8ae88bf0ac69d2cd05b

Download Submit
C:\Windows\system\yCsVAci.exe

Filesize
6.0MB

MD5
59c61187f34b6b4c9049f39617c7cd71

SHA1
c040e00b5b6abc3850c7ff323124d1041f40caca

SHA256
0780d4d984653236c49277e49628cdc5e0b6ad0d3c84b7c439dbf3c2a67a9fd5

SHA512
9aef2b58adcc7d9f77e5394406481f6bf22872cf1af7ec6dd30511f8d913838529788152ef45b098b81eb584d4781764566cc2d3bd55a60c46f7b1a3fe42eb53

Download Submit
\Windows\system\GvhCxjM.exe

Filesize
6.0MB

MD5
04cd6f136c2ab175f1726c63a78e6c1c

SHA1
728a36ea9bf8f8956fd27707b187c51f179da1f0

SHA256
34058abd157172850fa37e33fc4f80d938e0371437dbb166f4dc417186f38525

SHA512
97a6097200938c36b1c1a264120d8713bb445584b12c1768d556b5080c727b8cc13a132d2de2adea0309d28dc297b74d2e2e7deba5593b56384857dc7cd029ad

Download Submit
\Windows\system\RgCrSaT.exe

Filesize
6.0MB

MD5
f605b3db2e8878aa95766157c835aaef

SHA1
4f3a72800582f2be506f009fd2e23d06c6eb41db

SHA256
50f90b108ccd2c861c7e305160a8abbece463110029869a47a3b8bc487f1018b

SHA512
1b20a0710d54019c104f6b76f09a45866db5b0ddfd1dae6b52e6c86234617496e35425884242f02dad30b325a94eb3d4f685a25802ac7130dca006ad1e73763b

Download Submit
\Windows\system\bETrrls.exe

Filesize
6.0MB

MD5
60fb14f83c231a9e84a024df4117d7e5

SHA1
5119e1eee853a9420739ccebeb4436e229743681

SHA256
3009cd92be10f22033819ebca0743e5e8bf00807fb6ca65152d94292f48c2662

SHA512
243f7be557feee2f78ba8a49ac33287a67fce057dc0352cb56555c3cb51e5bdefb26f090b87e851af058eb3a0b6a0175616b9296204a6c75a1fe60306f9fd054

Download Submit
memory/2228-3922-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2716-3931-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2716-2403-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2732-3928-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-2073-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3920-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-2265-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3921-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1770-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-2426-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2904-3162-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2904-3157-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2904-3255-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2904-3273-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2904-3260-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2904-3253-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-2273-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2904-2075-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2904-0-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1769-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download