cobaltstrike | f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1

Analysis

max time kernel
83s
max time network
24s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
24-12-2024 10:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
Size

6.0MB
MD5

72ba3a1762be7c64837e70fc2abf5d56
SHA1

afedae77d562b73296627e04f8f38b16a9d82bac
SHA256

f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1
SHA512

962a795714c5f7479c1473f168ba12ed6c17556cba7d270c29578ea3ec82622d839f6d107d01483c184d0d5cdfdd7f22a45a87bf5077d6efe4f500a3c393b5b6
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUS:eOl56utgpPF8u/7S

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120fd-3.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193f7-12.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001949e-10.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000194c4-23.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194d2-39.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194e3-54.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c7-198.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c5-194.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c3-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c1-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bd-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bf-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b9-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a9-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a499-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48d-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48b-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-104.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a427-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-79.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001958e-74.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000194e9-66.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194db-51.dat	cobalt_reflective_dll
behavioral1/files/0x003000000001939b-35.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2128-0-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fd-3.dat	xmrig
behavioral1/memory/2128-7-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/files/0x00070000000193f7-12.dat	xmrig
behavioral1/memory/2148-16-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/788-13-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/files/0x000600000001949e-10.dat	xmrig
behavioral1/files/0x00070000000194c4-23.dat	xmrig
behavioral1/memory/2844-28-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x00060000000194d2-39.dat	xmrig
behavioral1/memory/788-43-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2624-44-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2212-37-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/files/0x00060000000194e3-54.dat	xmrig
behavioral1/memory/2644-60-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2632-68-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2212-75-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2016-87-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2556-1403-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2352-1111-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/1040-800-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/1792-521-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2856-277-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4c7-198.dat	xmrig
behavioral1/files/0x000500000001a4c5-194.dat	xmrig
behavioral1/files/0x000500000001a4c3-188.dat	xmrig
behavioral1/files/0x000500000001a4c1-184.dat	xmrig
behavioral1/files/0x000500000001a4bd-174.dat	xmrig
behavioral1/files/0x000500000001a4bf-178.dat	xmrig
behavioral1/files/0x000500000001a4bb-168.dat	xmrig
behavioral1/files/0x000500000001a4b9-164.dat	xmrig
behavioral1/files/0x000500000001a4b7-158.dat	xmrig
behavioral1/files/0x000500000001a4b5-154.dat	xmrig
behavioral1/files/0x000500000001a4b3-148.dat	xmrig
behavioral1/files/0x000500000001a4b1-144.dat	xmrig
behavioral1/files/0x000500000001a4af-138.dat	xmrig
behavioral1/files/0x000500000001a4a9-133.dat	xmrig
behavioral1/files/0x000500000001a499-124.dat	xmrig
behavioral1/files/0x000500000001a49a-128.dat	xmrig
behavioral1/files/0x000500000001a48d-118.dat	xmrig
behavioral1/files/0x000500000001a48b-113.dat	xmrig
behavioral1/memory/2556-106-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2632-105-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a46f-104.dat	xmrig
behavioral1/memory/2352-97-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2644-96-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a42d-95.dat	xmrig
behavioral1/memory/1040-88-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/files/0x000500000001a427-86.dat	xmrig
behavioral1/memory/2624-80-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41e-79.dat	xmrig
behavioral1/files/0x000700000001958e-74.dat	xmrig
behavioral1/memory/2844-67-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x00080000000194e9-66.dat	xmrig
behavioral1/memory/2692-59-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2016-52-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x00060000000194db-51.dat	xmrig
behavioral1/memory/2128-36-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/files/0x003000000001939b-35.dat	xmrig
behavioral1/memory/2128-33-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2692-22-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2128-20-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/788-3930-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2624-4010-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
788	QUVJpXq.exe
2148	LzuPUKf.exe
2692	TarTuOc.exe
2844	pmJlgLY.exe
2212	zXBpamc.exe
2624	hojfkvh.exe
2016	adriUQC.exe
2644	fvnbJNT.exe
2632	ZOoJoLc.exe
2856	vrHPIzm.exe
1792	TLGeIoG.exe
1040	MiJyHxT.exe
2352	SmpVuSo.exe
2556	deDXIoS.exe
2888	APrwCUQ.exe
1600	lAUAHKe.exe
3032	eiddvRT.exe
2872	yUWCUzn.exe
2904	IRkBJeq.exe
2228	sDOugtI.exe
2072	rrAbRbI.exe
1704	bDucGsx.exe
1684	fGwQpJJ.exe
1208	brhaUNe.exe
1732	yFMJzsr.exe
2988	mbaeynJ.exe
2372	pYxgBQP.exe
1840	fUXxGVV.exe
1100	hKtqvWI.exe
2424	vgTJKaG.exe
2284	LcIZejn.exe
1616	TqkPfTo.exe
1640	FPkjqFq.exe
1828	ZSNtGhA.exe
2032	sxOuRNv.exe
1816	wNpQZzS.exe
1996	PkWXtMR.exe
1872	qXqAIlM.exe
916	zTXGlaG.exe
600	NAIxOJS.exe
2492	bpfRPzQ.exe
2256	SZHGbsr.exe
2476	UnbZeKT.exe
2400	vQOpVAT.exe
1772	JeCDunB.exe
1656	cPWADKl.exe
1516	PYMkGuD.exe
1780	YQQhomj.exe
3020	XfLSrpM.exe
1584	xJjpVVq.exe
348	LjKbANY.exe
2584	cIGGEkO.exe
2708	gkpZGhF.exe
2896	dkEhVES.exe
1496	QEKWwHD.exe
744	vOcuowW.exe
2764	AKUcimI.exe
2900	qAPHqvC.exe
2936	HmalQFA.exe
1132	VIFwwOO.exe
868	SYsOqdS.exe
1784	DFxEPEQ.exe
2484	XuYkcUT.exe
2200	syJvLeB.exe

Loads dropped DLL 64 IoCs

pid	Process
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2128-0-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/files/0x00080000000120fd-3.dat	upx
behavioral1/memory/2128-7-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/files/0x00070000000193f7-12.dat	upx
behavioral1/memory/2148-16-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/788-13-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/files/0x000600000001949e-10.dat	upx
behavioral1/files/0x00070000000194c4-23.dat	upx
behavioral1/memory/2844-28-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x00060000000194d2-39.dat	upx
behavioral1/memory/788-43-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2624-44-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2212-37-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/files/0x00060000000194e3-54.dat	upx
behavioral1/memory/2644-60-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2632-68-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2212-75-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2016-87-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2556-1403-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2352-1111-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/1040-800-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/1792-521-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2856-277-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/files/0x000500000001a4c7-198.dat	upx
behavioral1/files/0x000500000001a4c5-194.dat	upx
behavioral1/files/0x000500000001a4c3-188.dat	upx
behavioral1/files/0x000500000001a4c1-184.dat	upx
behavioral1/files/0x000500000001a4bd-174.dat	upx
behavioral1/files/0x000500000001a4bf-178.dat	upx
behavioral1/files/0x000500000001a4bb-168.dat	upx
behavioral1/files/0x000500000001a4b9-164.dat	upx
behavioral1/files/0x000500000001a4b7-158.dat	upx
behavioral1/files/0x000500000001a4b5-154.dat	upx
behavioral1/files/0x000500000001a4b3-148.dat	upx
behavioral1/files/0x000500000001a4b1-144.dat	upx
behavioral1/files/0x000500000001a4af-138.dat	upx
behavioral1/files/0x000500000001a4a9-133.dat	upx
behavioral1/files/0x000500000001a499-124.dat	upx
behavioral1/files/0x000500000001a49a-128.dat	upx
behavioral1/files/0x000500000001a48d-118.dat	upx
behavioral1/files/0x000500000001a48b-113.dat	upx
behavioral1/memory/2556-106-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2632-105-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x000500000001a46f-104.dat	upx
behavioral1/memory/2352-97-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2644-96-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/files/0x000500000001a42d-95.dat	upx
behavioral1/memory/1040-88-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/files/0x000500000001a427-86.dat	upx
behavioral1/memory/2624-80-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/files/0x000500000001a41e-79.dat	upx
behavioral1/files/0x000700000001958e-74.dat	upx
behavioral1/memory/2844-67-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x00080000000194e9-66.dat	upx
behavioral1/memory/2692-59-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2016-52-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/files/0x00060000000194db-51.dat	upx
behavioral1/memory/2128-36-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/files/0x003000000001939b-35.dat	upx
behavioral1/memory/2692-22-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/788-3930-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2624-4010-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2644-4011-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2016-4012-0x000000013F510000-0x000000013F864000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\StPXoGN.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\BidZHTg.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\cQDLodV.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\SmpVuSo.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\DgpYpeM.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\ReigUKz.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\HReOHtx.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\NwMWeEU.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\NOWzIXk.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\bPAalQg.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\CvYsOXS.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\WVSTczt.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\FDrUnZr.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\tKBtSnY.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\DSpuLEU.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\PvbMqLc.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\DFxEPEQ.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\quFgFVI.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\YqFChik.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\hKtqvWI.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\cSjVfhq.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\etTXgsD.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\xqWDpxd.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\dCdgfGs.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\YQQhomj.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\UDJGVMt.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\DXurwHM.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\rTwFnNI.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\fHZTtAS.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\FVfKSlb.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\SbSdBeB.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\LFouMnS.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\zjcnPGO.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\pcRGzTC.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\pxjCQvw.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\rEFdFle.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\jMQubeo.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\KvBSPJN.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\sQMAUpW.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\kyPPXGg.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\QpBWJYz.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\KtOEIZo.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\LLTOnFP.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\ywYlwYw.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\nDZWNkO.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\hgbYdqF.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\OGzjgMJ.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\FBwHNmf.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\BLtNoUN.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\WarwQCc.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\VManwDX.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\njTIxTL.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\ajvKFpU.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\HGEJvLX.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\HHObDcX.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\QASwULI.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\zTXGlaG.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\QRwzrbd.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\pAICaPL.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\ziEpYPL.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\LRuHQhT.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\DoppqGF.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\dXMFulb.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
File created	C:\Windows\System\WBUxgyR.exe	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 788	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	30
PID 2128 wrote to memory of 788	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	30
PID 2128 wrote to memory of 788	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	30
PID 2128 wrote to memory of 2148	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	31
PID 2128 wrote to memory of 2148	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	31
PID 2128 wrote to memory of 2148	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	31
PID 2128 wrote to memory of 2692	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	32
PID 2128 wrote to memory of 2692	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	32
PID 2128 wrote to memory of 2692	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	32
PID 2128 wrote to memory of 2844	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	33
PID 2128 wrote to memory of 2844	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	33
PID 2128 wrote to memory of 2844	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	33
PID 2128 wrote to memory of 2212	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	34
PID 2128 wrote to memory of 2212	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	34
PID 2128 wrote to memory of 2212	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	34
PID 2128 wrote to memory of 2624	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	35
PID 2128 wrote to memory of 2624	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	35
PID 2128 wrote to memory of 2624	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	35
PID 2128 wrote to memory of 2016	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	36
PID 2128 wrote to memory of 2016	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	36
PID 2128 wrote to memory of 2016	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	36
PID 2128 wrote to memory of 2644	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	37
PID 2128 wrote to memory of 2644	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	37
PID 2128 wrote to memory of 2644	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	37
PID 2128 wrote to memory of 2632	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	38
PID 2128 wrote to memory of 2632	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	38
PID 2128 wrote to memory of 2632	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	38
PID 2128 wrote to memory of 2856	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	39
PID 2128 wrote to memory of 2856	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	39
PID 2128 wrote to memory of 2856	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	39
PID 2128 wrote to memory of 1792	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	40
PID 2128 wrote to memory of 1792	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	40
PID 2128 wrote to memory of 1792	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	40
PID 2128 wrote to memory of 1040	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	41
PID 2128 wrote to memory of 1040	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	41
PID 2128 wrote to memory of 1040	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	41
PID 2128 wrote to memory of 2352	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	42
PID 2128 wrote to memory of 2352	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	42
PID 2128 wrote to memory of 2352	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	42
PID 2128 wrote to memory of 2556	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	43
PID 2128 wrote to memory of 2556	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	43
PID 2128 wrote to memory of 2556	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	43
PID 2128 wrote to memory of 2888	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	44
PID 2128 wrote to memory of 2888	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	44
PID 2128 wrote to memory of 2888	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	44
PID 2128 wrote to memory of 1600	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	45
PID 2128 wrote to memory of 1600	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	45
PID 2128 wrote to memory of 1600	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	45
PID 2128 wrote to memory of 3032	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	46
PID 2128 wrote to memory of 3032	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	46
PID 2128 wrote to memory of 3032	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	46
PID 2128 wrote to memory of 2872	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	47
PID 2128 wrote to memory of 2872	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	47
PID 2128 wrote to memory of 2872	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	47
PID 2128 wrote to memory of 2904	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	48
PID 2128 wrote to memory of 2904	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	48
PID 2128 wrote to memory of 2904	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	48
PID 2128 wrote to memory of 2228	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	49
PID 2128 wrote to memory of 2228	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	49
PID 2128 wrote to memory of 2228	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	49
PID 2128 wrote to memory of 2072	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	50
PID 2128 wrote to memory of 2072	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	50
PID 2128 wrote to memory of 2072	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	50
PID 2128 wrote to memory of 1704	2128	JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe	51

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f4882b2b96cf625b542013920e190ba1e0b974914b085547bbcdddea217d4cc1.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Windows\System\QUVJpXq.exe
  C:\Windows\System\QUVJpXq.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\LzuPUKf.exe
  C:\Windows\System\LzuPUKf.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\TarTuOc.exe
  C:\Windows\System\TarTuOc.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\pmJlgLY.exe
  C:\Windows\System\pmJlgLY.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\zXBpamc.exe
  C:\Windows\System\zXBpamc.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\hojfkvh.exe
  C:\Windows\System\hojfkvh.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\adriUQC.exe
  C:\Windows\System\adriUQC.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\fvnbJNT.exe
  C:\Windows\System\fvnbJNT.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\ZOoJoLc.exe
  C:\Windows\System\ZOoJoLc.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\vrHPIzm.exe
  C:\Windows\System\vrHPIzm.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\TLGeIoG.exe
  C:\Windows\System\TLGeIoG.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\MiJyHxT.exe
  C:\Windows\System\MiJyHxT.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\SmpVuSo.exe
  C:\Windows\System\SmpVuSo.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\deDXIoS.exe
  C:\Windows\System\deDXIoS.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\APrwCUQ.exe
  C:\Windows\System\APrwCUQ.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\lAUAHKe.exe
  C:\Windows\System\lAUAHKe.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\eiddvRT.exe
  C:\Windows\System\eiddvRT.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\yUWCUzn.exe
  C:\Windows\System\yUWCUzn.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\IRkBJeq.exe
  C:\Windows\System\IRkBJeq.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\sDOugtI.exe
  C:\Windows\System\sDOugtI.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\rrAbRbI.exe
  C:\Windows\System\rrAbRbI.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\bDucGsx.exe
  C:\Windows\System\bDucGsx.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\fGwQpJJ.exe
  C:\Windows\System\fGwQpJJ.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\brhaUNe.exe
  C:\Windows\System\brhaUNe.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\yFMJzsr.exe
  C:\Windows\System\yFMJzsr.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\mbaeynJ.exe
  C:\Windows\System\mbaeynJ.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\pYxgBQP.exe
  C:\Windows\System\pYxgBQP.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\fUXxGVV.exe
  C:\Windows\System\fUXxGVV.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\hKtqvWI.exe
  C:\Windows\System\hKtqvWI.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\vgTJKaG.exe
  C:\Windows\System\vgTJKaG.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\LcIZejn.exe
  C:\Windows\System\LcIZejn.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\TqkPfTo.exe
  C:\Windows\System\TqkPfTo.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\FPkjqFq.exe
  C:\Windows\System\FPkjqFq.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\ZSNtGhA.exe
  C:\Windows\System\ZSNtGhA.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\sxOuRNv.exe
  C:\Windows\System\sxOuRNv.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\wNpQZzS.exe
  C:\Windows\System\wNpQZzS.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\PkWXtMR.exe
  C:\Windows\System\PkWXtMR.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\qXqAIlM.exe
  C:\Windows\System\qXqAIlM.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\zTXGlaG.exe
  C:\Windows\System\zTXGlaG.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\NAIxOJS.exe
  C:\Windows\System\NAIxOJS.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\bpfRPzQ.exe
  C:\Windows\System\bpfRPzQ.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\SZHGbsr.exe
  C:\Windows\System\SZHGbsr.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\UnbZeKT.exe
  C:\Windows\System\UnbZeKT.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\vQOpVAT.exe
  C:\Windows\System\vQOpVAT.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\JeCDunB.exe
  C:\Windows\System\JeCDunB.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\cPWADKl.exe
  C:\Windows\System\cPWADKl.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\PYMkGuD.exe
  C:\Windows\System\PYMkGuD.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\YQQhomj.exe
  C:\Windows\System\YQQhomj.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\XfLSrpM.exe
  C:\Windows\System\XfLSrpM.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\xJjpVVq.exe
  C:\Windows\System\xJjpVVq.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\LjKbANY.exe
  C:\Windows\System\LjKbANY.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\cIGGEkO.exe
  C:\Windows\System\cIGGEkO.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\gkpZGhF.exe
  C:\Windows\System\gkpZGhF.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\dkEhVES.exe
  C:\Windows\System\dkEhVES.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\QEKWwHD.exe
  C:\Windows\System\QEKWwHD.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\vOcuowW.exe
  C:\Windows\System\vOcuowW.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\AKUcimI.exe
  C:\Windows\System\AKUcimI.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\qAPHqvC.exe
  C:\Windows\System\qAPHqvC.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\HmalQFA.exe
  C:\Windows\System\HmalQFA.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\VIFwwOO.exe
  C:\Windows\System\VIFwwOO.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\SYsOqdS.exe
  C:\Windows\System\SYsOqdS.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\DFxEPEQ.exe
  C:\Windows\System\DFxEPEQ.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\XuYkcUT.exe
  C:\Windows\System\XuYkcUT.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\syJvLeB.exe
  C:\Windows\System\syJvLeB.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\lqWAFjj.exe
  C:\Windows\System\lqWAFjj.exe
  2⤵
  PID:264
- C:\Windows\System\oXprrpR.exe
  C:\Windows\System\oXprrpR.exe
  2⤵
  PID:1480
- C:\Windows\System\NYLabKf.exe
  C:\Windows\System\NYLabKf.exe
  2⤵
  PID:1464
- C:\Windows\System\JwpjXgT.exe
  C:\Windows\System\JwpjXgT.exe
  2⤵
  PID:1832
- C:\Windows\System\XayxVXM.exe
  C:\Windows\System\XayxVXM.exe
  2⤵
  PID:1220
- C:\Windows\System\rHAEmNE.exe
  C:\Windows\System\rHAEmNE.exe
  2⤵
  PID:904
- C:\Windows\System\YFPxhoe.exe
  C:\Windows\System\YFPxhoe.exe
  2⤵
  PID:1232
- C:\Windows\System\ekUMcBW.exe
  C:\Windows\System\ekUMcBW.exe
  2⤵
  PID:444
- C:\Windows\System\laNpFtX.exe
  C:\Windows\System\laNpFtX.exe
  2⤵
  PID:1800
- C:\Windows\System\ctJeiEq.exe
  C:\Windows\System\ctJeiEq.exe
  2⤵
  PID:864
- C:\Windows\System\dXRaeoH.exe
  C:\Windows\System\dXRaeoH.exe
  2⤵
  PID:664
- C:\Windows\System\TKVLaaw.exe
  C:\Windows\System\TKVLaaw.exe
  2⤵
  PID:2940
- C:\Windows\System\xLHKtSB.exe
  C:\Windows\System\xLHKtSB.exe
  2⤵
  PID:2488
- C:\Windows\System\OWvlzuu.exe
  C:\Windows\System\OWvlzuu.exe
  2⤵
  PID:3092
- C:\Windows\System\UDJGVMt.exe
  C:\Windows\System\UDJGVMt.exe
  2⤵
  PID:3112
- C:\Windows\System\iGGwxoh.exe
  C:\Windows\System\iGGwxoh.exe
  2⤵
  PID:3132
- C:\Windows\System\FuWEZfp.exe
  C:\Windows\System\FuWEZfp.exe
  2⤵
  PID:3152
- C:\Windows\System\QibnslG.exe
  C:\Windows\System\QibnslG.exe
  2⤵
  PID:3172
- C:\Windows\System\ZrAXtXI.exe
  C:\Windows\System\ZrAXtXI.exe
  2⤵
  PID:3192
- C:\Windows\System\NQcrHmH.exe
  C:\Windows\System\NQcrHmH.exe
  2⤵
  PID:3212
- C:\Windows\System\ImKEwuU.exe
  C:\Windows\System\ImKEwuU.exe
  2⤵
  PID:3232
- C:\Windows\System\UkTbzne.exe
  C:\Windows\System\UkTbzne.exe
  2⤵
  PID:3252
- C:\Windows\System\RUsxVEI.exe
  C:\Windows\System\RUsxVEI.exe
  2⤵
  PID:3272
- C:\Windows\System\oaRJsgy.exe
  C:\Windows\System\oaRJsgy.exe
  2⤵
  PID:3292
- C:\Windows\System\afOeawR.exe
  C:\Windows\System\afOeawR.exe
  2⤵
  PID:3312
- C:\Windows\System\ScnLtML.exe
  C:\Windows\System\ScnLtML.exe
  2⤵
  PID:3332
- C:\Windows\System\ODOyAoO.exe
  C:\Windows\System\ODOyAoO.exe
  2⤵
  PID:3352
- C:\Windows\System\maLTYNp.exe
  C:\Windows\System\maLTYNp.exe
  2⤵
  PID:3372
- C:\Windows\System\ylOvzAK.exe
  C:\Windows\System\ylOvzAK.exe
  2⤵
  PID:3392
- C:\Windows\System\cqsxYfi.exe
  C:\Windows\System\cqsxYfi.exe
  2⤵
  PID:3412
- C:\Windows\System\ONejLtN.exe
  C:\Windows\System\ONejLtN.exe
  2⤵
  PID:3432
- C:\Windows\System\RhzHlSC.exe
  C:\Windows\System\RhzHlSC.exe
  2⤵
  PID:3452
- C:\Windows\System\KaTBMzp.exe
  C:\Windows\System\KaTBMzp.exe
  2⤵
  PID:3472
- C:\Windows\System\vASZsfi.exe
  C:\Windows\System\vASZsfi.exe
  2⤵
  PID:3492
- C:\Windows\System\rEFdFle.exe
  C:\Windows\System\rEFdFle.exe
  2⤵
  PID:3512
- C:\Windows\System\pnzNNKs.exe
  C:\Windows\System\pnzNNKs.exe
  2⤵
  PID:3628
- C:\Windows\System\fPraReK.exe
  C:\Windows\System\fPraReK.exe
  2⤵
  PID:3648
- C:\Windows\System\tTxsFlh.exe
  C:\Windows\System\tTxsFlh.exe
  2⤵
  PID:3668
- C:\Windows\System\MKKKRee.exe
  C:\Windows\System\MKKKRee.exe
  2⤵
  PID:3688
- C:\Windows\System\CXgOoAt.exe
  C:\Windows\System\CXgOoAt.exe
  2⤵
  PID:3708
- C:\Windows\System\SATmogM.exe
  C:\Windows\System\SATmogM.exe
  2⤵
  PID:3728
- C:\Windows\System\wLywJWt.exe
  C:\Windows\System\wLywJWt.exe
  2⤵
  PID:3748
- C:\Windows\System\ycqmpWB.exe
  C:\Windows\System\ycqmpWB.exe
  2⤵
  PID:3768
- C:\Windows\System\BjtHAMd.exe
  C:\Windows\System\BjtHAMd.exe
  2⤵
  PID:3788
- C:\Windows\System\HUagwal.exe
  C:\Windows\System\HUagwal.exe
  2⤵
  PID:3808
- C:\Windows\System\DiNnNgu.exe
  C:\Windows\System\DiNnNgu.exe
  2⤵
  PID:3828
- C:\Windows\System\UETpUga.exe
  C:\Windows\System\UETpUga.exe
  2⤵
  PID:3848
- C:\Windows\System\OiaAzwT.exe
  C:\Windows\System\OiaAzwT.exe
  2⤵
  PID:3868
- C:\Windows\System\sEtpuYl.exe
  C:\Windows\System\sEtpuYl.exe
  2⤵
  PID:3888
- C:\Windows\System\WBbLAVg.exe
  C:\Windows\System\WBbLAVg.exe
  2⤵
  PID:3908
- C:\Windows\System\DiZNHgF.exe
  C:\Windows\System\DiZNHgF.exe
  2⤵
  PID:3928
- C:\Windows\System\LiSpVnk.exe
  C:\Windows\System\LiSpVnk.exe
  2⤵
  PID:3948
- C:\Windows\System\VzQkeVH.exe
  C:\Windows\System\VzQkeVH.exe
  2⤵
  PID:3968
- C:\Windows\System\kWSKgpe.exe
  C:\Windows\System\kWSKgpe.exe
  2⤵
  PID:3988
- C:\Windows\System\eGeAUyP.exe
  C:\Windows\System\eGeAUyP.exe
  2⤵
  PID:4008
- C:\Windows\System\WuKIPBV.exe
  C:\Windows\System\WuKIPBV.exe
  2⤵
  PID:4028
- C:\Windows\System\TzaLyvj.exe
  C:\Windows\System\TzaLyvj.exe
  2⤵
  PID:4048
- C:\Windows\System\uQoHydq.exe
  C:\Windows\System\uQoHydq.exe
  2⤵
  PID:4068
- C:\Windows\System\oSsYBdQ.exe
  C:\Windows\System\oSsYBdQ.exe
  2⤵
  PID:4092
- C:\Windows\System\kKlXyZv.exe
  C:\Windows\System\kKlXyZv.exe
  2⤵
  PID:2380
- C:\Windows\System\dNLzlHL.exe
  C:\Windows\System\dNLzlHL.exe
  2⤵
  PID:1768
- C:\Windows\System\zWdEVxJ.exe
  C:\Windows\System\zWdEVxJ.exe
  2⤵
  PID:1752
- C:\Windows\System\fcTtMod.exe
  C:\Windows\System\fcTtMod.exe
  2⤵
  PID:2364
- C:\Windows\System\iAlCmyJ.exe
  C:\Windows\System\iAlCmyJ.exe
  2⤵
  PID:3028
- C:\Windows\System\zWGaQDY.exe
  C:\Windows\System\zWGaQDY.exe
  2⤵
  PID:3080
- C:\Windows\System\Uvhftqi.exe
  C:\Windows\System\Uvhftqi.exe
  2⤵
  PID:3104
- C:\Windows\System\jRERyUR.exe
  C:\Windows\System\jRERyUR.exe
  2⤵
  PID:3124
- C:\Windows\System\PSQnBxf.exe
  C:\Windows\System\PSQnBxf.exe
  2⤵
  PID:3164
- C:\Windows\System\jMQubeo.exe
  C:\Windows\System\jMQubeo.exe
  2⤵
  PID:3224
- C:\Windows\System\DgpYpeM.exe
  C:\Windows\System\DgpYpeM.exe
  2⤵
  PID:3240
- C:\Windows\System\ZOvWGwv.exe
  C:\Windows\System\ZOvWGwv.exe
  2⤵
  PID:3280
- C:\Windows\System\VkybWDx.exe
  C:\Windows\System\VkybWDx.exe
  2⤵
  PID:3308
- C:\Windows\System\ewBwhyL.exe
  C:\Windows\System\ewBwhyL.exe
  2⤵
  PID:3324
- C:\Windows\System\xigKNDl.exe
  C:\Windows\System\xigKNDl.exe
  2⤵
  PID:3368
- C:\Windows\System\fAgOXRy.exe
  C:\Windows\System\fAgOXRy.exe
  2⤵
  PID:3408
- C:\Windows\System\BcnhxaW.exe
  C:\Windows\System\BcnhxaW.exe
  2⤵
  PID:3448
- C:\Windows\System\xPqKrzN.exe
  C:\Windows\System\xPqKrzN.exe
  2⤵
  PID:3488
- C:\Windows\System\APylRso.exe
  C:\Windows\System\APylRso.exe
  2⤵
  PID:3520
- C:\Windows\System\hYiOVbf.exe
  C:\Windows\System\hYiOVbf.exe
  2⤵
  PID:3640
- C:\Windows\System\bAIBezW.exe
  C:\Windows\System\bAIBezW.exe
  2⤵
  PID:3684
- C:\Windows\System\TguDmld.exe
  C:\Windows\System\TguDmld.exe
  2⤵
  PID:3724
- C:\Windows\System\nXaFWgg.exe
  C:\Windows\System\nXaFWgg.exe
  2⤵
  PID:3756
- C:\Windows\System\DsZiehN.exe
  C:\Windows\System\DsZiehN.exe
  2⤵
  PID:3796
- C:\Windows\System\tKBtSnY.exe
  C:\Windows\System\tKBtSnY.exe
  2⤵
  PID:3984
- C:\Windows\System\FWxxZuv.exe
  C:\Windows\System\FWxxZuv.exe
  2⤵
  PID:4016
- C:\Windows\System\QGHgwql.exe
  C:\Windows\System\QGHgwql.exe
  2⤵
  PID:4040
- C:\Windows\System\uYgUdDM.exe
  C:\Windows\System\uYgUdDM.exe
  2⤵
  PID:4088
- C:\Windows\System\dQhwqoM.exe
  C:\Windows\System\dQhwqoM.exe
  2⤵
  PID:1844
- C:\Windows\System\dHXTmxV.exe
  C:\Windows\System\dHXTmxV.exe
  2⤵
  PID:1984
- C:\Windows\System\CMqtWOs.exe
  C:\Windows\System\CMqtWOs.exe
  2⤵
  PID:2288
- C:\Windows\System\DONAKBj.exe
  C:\Windows\System\DONAKBj.exe
  2⤵
  PID:3100
- C:\Windows\System\wWqUacj.exe
  C:\Windows\System\wWqUacj.exe
  2⤵
  PID:3128
- C:\Windows\System\oLnCxMa.exe
  C:\Windows\System\oLnCxMa.exe
  2⤵
  PID:3220
- C:\Windows\System\XWouuUv.exe
  C:\Windows\System\XWouuUv.exe
  2⤵
  PID:3244
- C:\Windows\System\vwmQBrd.exe
  C:\Windows\System\vwmQBrd.exe
  2⤵
  PID:3300
- C:\Windows\System\njTIxTL.exe
  C:\Windows\System\njTIxTL.exe
  2⤵
  PID:4108
- C:\Windows\System\yflitsQ.exe
  C:\Windows\System\yflitsQ.exe
  2⤵
  PID:4128
- C:\Windows\System\qetOhiS.exe
  C:\Windows\System\qetOhiS.exe
  2⤵
  PID:4148
- C:\Windows\System\rTwFnNI.exe
  C:\Windows\System\rTwFnNI.exe
  2⤵
  PID:4168
- C:\Windows\System\cyQVatH.exe
  C:\Windows\System\cyQVatH.exe
  2⤵
  PID:4188
- C:\Windows\System\rddSLuD.exe
  C:\Windows\System\rddSLuD.exe
  2⤵
  PID:4208
- C:\Windows\System\XprQmcw.exe
  C:\Windows\System\XprQmcw.exe
  2⤵
  PID:4228
- C:\Windows\System\jPRAKir.exe
  C:\Windows\System\jPRAKir.exe
  2⤵
  PID:4248
- C:\Windows\System\fNhtxBy.exe
  C:\Windows\System\fNhtxBy.exe
  2⤵
  PID:4268
- C:\Windows\System\iQLCsyk.exe
  C:\Windows\System\iQLCsyk.exe
  2⤵
  PID:4292
- C:\Windows\System\pIJOiaW.exe
  C:\Windows\System\pIJOiaW.exe
  2⤵
  PID:4312
- C:\Windows\System\AUiVfRb.exe
  C:\Windows\System\AUiVfRb.exe
  2⤵
  PID:4332
- C:\Windows\System\msPfbAo.exe
  C:\Windows\System\msPfbAo.exe
  2⤵
  PID:4448
- C:\Windows\System\YXMZByN.exe
  C:\Windows\System\YXMZByN.exe
  2⤵
  PID:4468
- C:\Windows\System\lCUoQSx.exe
  C:\Windows\System\lCUoQSx.exe
  2⤵
  PID:4488
- C:\Windows\System\HbphRVq.exe
  C:\Windows\System\HbphRVq.exe
  2⤵
  PID:4508
- C:\Windows\System\fHZTtAS.exe
  C:\Windows\System\fHZTtAS.exe
  2⤵
  PID:4528
- C:\Windows\System\DmrGKIn.exe
  C:\Windows\System\DmrGKIn.exe
  2⤵
  PID:4548
- C:\Windows\System\LJcpBne.exe
  C:\Windows\System\LJcpBne.exe
  2⤵
  PID:4568
- C:\Windows\System\bldAjWa.exe
  C:\Windows\System\bldAjWa.exe
  2⤵
  PID:4588
- C:\Windows\System\MxEnCKP.exe
  C:\Windows\System\MxEnCKP.exe
  2⤵
  PID:4608
- C:\Windows\System\LGwgEGQ.exe
  C:\Windows\System\LGwgEGQ.exe
  2⤵
  PID:4628
- C:\Windows\System\xRcmKGH.exe
  C:\Windows\System\xRcmKGH.exe
  2⤵
  PID:4648
- C:\Windows\System\idGEUFj.exe
  C:\Windows\System\idGEUFj.exe
  2⤵
  PID:4668
- C:\Windows\System\VmiQgYn.exe
  C:\Windows\System\VmiQgYn.exe
  2⤵
  PID:4688
- C:\Windows\System\geqtRDb.exe
  C:\Windows\System\geqtRDb.exe
  2⤵
  PID:4712
- C:\Windows\System\qYgzMIN.exe
  C:\Windows\System\qYgzMIN.exe
  2⤵
  PID:4732
- C:\Windows\System\thslsrf.exe
  C:\Windows\System\thslsrf.exe
  2⤵
  PID:4752
- C:\Windows\System\IRHtkUR.exe
  C:\Windows\System\IRHtkUR.exe
  2⤵
  PID:4772
- C:\Windows\System\FVfKSlb.exe
  C:\Windows\System\FVfKSlb.exe
  2⤵
  PID:4792
- C:\Windows\System\FZEzaCS.exe
  C:\Windows\System\FZEzaCS.exe
  2⤵
  PID:4812
- C:\Windows\System\KYRGXzv.exe
  C:\Windows\System\KYRGXzv.exe
  2⤵
  PID:4832
- C:\Windows\System\QCtdvUY.exe
  C:\Windows\System\QCtdvUY.exe
  2⤵
  PID:4852
- C:\Windows\System\zYWiUqW.exe
  C:\Windows\System\zYWiUqW.exe
  2⤵
  PID:4872
- C:\Windows\System\RaPhUQz.exe
  C:\Windows\System\RaPhUQz.exe
  2⤵
  PID:4892
- C:\Windows\System\ROCdjUG.exe
  C:\Windows\System\ROCdjUG.exe
  2⤵
  PID:4912
- C:\Windows\System\ErqmMiQ.exe
  C:\Windows\System\ErqmMiQ.exe
  2⤵
  PID:5028
- C:\Windows\System\buHEKfa.exe
  C:\Windows\System\buHEKfa.exe
  2⤵
  PID:5048
- C:\Windows\System\NXUHoPN.exe
  C:\Windows\System\NXUHoPN.exe
  2⤵
  PID:5068
- C:\Windows\System\DSpuLEU.exe
  C:\Windows\System\DSpuLEU.exe
  2⤵
  PID:5088
- C:\Windows\System\oMyZhCW.exe
  C:\Windows\System\oMyZhCW.exe
  2⤵
  PID:5108
- C:\Windows\System\OfYJBvg.exe
  C:\Windows\System\OfYJBvg.exe
  2⤵
  PID:3388
- C:\Windows\System\HYBDzHM.exe
  C:\Windows\System\HYBDzHM.exe
  2⤵
  PID:3428
- C:\Windows\System\lMljdkp.exe
  C:\Windows\System\lMljdkp.exe
  2⤵
  PID:3464
- C:\Windows\System\UPsTpGa.exe
  C:\Windows\System\UPsTpGa.exe
  2⤵
  PID:3644
- C:\Windows\System\MHnwbCY.exe
  C:\Windows\System\MHnwbCY.exe
  2⤵
  PID:3664
- C:\Windows\System\FzpYklr.exe
  C:\Windows\System\FzpYklr.exe
  2⤵
  PID:3744
- C:\Windows\System\FjyJBWx.exe
  C:\Windows\System\FjyJBWx.exe
  2⤵
  PID:4000
- C:\Windows\System\JJgCdQv.exe
  C:\Windows\System\JJgCdQv.exe
  2⤵
  PID:4036
- C:\Windows\System\DHVwAOd.exe
  C:\Windows\System\DHVwAOd.exe
  2⤵
  PID:4044
- C:\Windows\System\ddeLaxV.exe
  C:\Windows\System\ddeLaxV.exe
  2⤵
  PID:2196
- C:\Windows\System\tksBByp.exe
  C:\Windows\System\tksBByp.exe
  2⤵
  PID:1472
- C:\Windows\System\bqdnBcl.exe
  C:\Windows\System\bqdnBcl.exe
  2⤵
  PID:3148
- C:\Windows\System\CYpPAQF.exe
  C:\Windows\System\CYpPAQF.exe
  2⤵
  PID:3268
- C:\Windows\System\arqXcBM.exe
  C:\Windows\System\arqXcBM.exe
  2⤵
  PID:4116
- C:\Windows\System\dqThpRB.exe
  C:\Windows\System\dqThpRB.exe
  2⤵
  PID:4120
- C:\Windows\System\SCTIaOS.exe
  C:\Windows\System\SCTIaOS.exe
  2⤵
  PID:4140
- C:\Windows\System\xdjaJlt.exe
  C:\Windows\System\xdjaJlt.exe
  2⤵
  PID:4196
- C:\Windows\System\TohwFmA.exe
  C:\Windows\System\TohwFmA.exe
  2⤵
  PID:4236
- C:\Windows\System\UltnuDk.exe
  C:\Windows\System\UltnuDk.exe
  2⤵
  PID:4276
- C:\Windows\System\oAcXELu.exe
  C:\Windows\System\oAcXELu.exe
  2⤵
  PID:4556
- C:\Windows\System\lhmsBea.exe
  C:\Windows\System\lhmsBea.exe
  2⤵
  PID:4580
- C:\Windows\System\InvzDQq.exe
  C:\Windows\System\InvzDQq.exe
  2⤵
  PID:4600
- C:\Windows\System\Lwenrke.exe
  C:\Windows\System\Lwenrke.exe
  2⤵
  PID:4640
- C:\Windows\System\qtAGYhc.exe
  C:\Windows\System\qtAGYhc.exe
  2⤵
  PID:4696
- C:\Windows\System\HReOHtx.exe
  C:\Windows\System\HReOHtx.exe
  2⤵
  PID:4740
- C:\Windows\System\ZbZDUQW.exe
  C:\Windows\System\ZbZDUQW.exe
  2⤵
  PID:4744
- C:\Windows\System\vORtfAN.exe
  C:\Windows\System\vORtfAN.exe
  2⤵
  PID:4764
- C:\Windows\System\icvnbUm.exe
  C:\Windows\System\icvnbUm.exe
  2⤵
  PID:4804
- C:\Windows\System\DGZCfwk.exe
  C:\Windows\System\DGZCfwk.exe
  2⤵
  PID:4868
- C:\Windows\System\yRMSvGL.exe
  C:\Windows\System\yRMSvGL.exe
  2⤵
  PID:4888
- C:\Windows\System\QlzujFS.exe
  C:\Windows\System\QlzujFS.exe
  2⤵
  PID:5036
- C:\Windows\System\gvvULzr.exe
  C:\Windows\System\gvvULzr.exe
  2⤵
  PID:5064
- C:\Windows\System\VGJldmW.exe
  C:\Windows\System\VGJldmW.exe
  2⤵
  PID:5096
- C:\Windows\System\XpCBdPS.exe
  C:\Windows\System\XpCBdPS.exe
  2⤵
  PID:5100
- C:\Windows\System\CTXYedP.exe
  C:\Windows\System\CTXYedP.exe
  2⤵
  PID:3480
- C:\Windows\System\cafmyok.exe
  C:\Windows\System\cafmyok.exe
  2⤵
  PID:3504
- C:\Windows\System\WAHHQIE.exe
  C:\Windows\System\WAHHQIE.exe
  2⤵
  PID:3996
- C:\Windows\System\VwZhCbM.exe
  C:\Windows\System\VwZhCbM.exe
  2⤵
  PID:4064
- C:\Windows\System\kyPPXGg.exe
  C:\Windows\System\kyPPXGg.exe
  2⤵
  PID:900
- C:\Windows\System\xkqzNep.exe
  C:\Windows\System\xkqzNep.exe
  2⤵
  PID:2140
- C:\Windows\System\YuYDanr.exe
  C:\Windows\System\YuYDanr.exe
  2⤵
  PID:3204
- C:\Windows\System\rsCsJKy.exe
  C:\Windows\System\rsCsJKy.exe
  2⤵
  PID:4100
- C:\Windows\System\bXerZxd.exe
  C:\Windows\System\bXerZxd.exe
  2⤵
  PID:4144
- C:\Windows\System\PxOwDEj.exe
  C:\Windows\System\PxOwDEj.exe
  2⤵
  PID:5204
- C:\Windows\System\AhEIAtM.exe
  C:\Windows\System\AhEIAtM.exe
  2⤵
  PID:5224
- C:\Windows\System\MGJtVfN.exe
  C:\Windows\System\MGJtVfN.exe
  2⤵
  PID:5244
- C:\Windows\System\oRULAzh.exe
  C:\Windows\System\oRULAzh.exe
  2⤵
  PID:5264
- C:\Windows\System\smmkLtJ.exe
  C:\Windows\System\smmkLtJ.exe
  2⤵
  PID:5284
- C:\Windows\System\TXhZlHQ.exe
  C:\Windows\System\TXhZlHQ.exe
  2⤵
  PID:5304
- C:\Windows\System\XogYZsK.exe
  C:\Windows\System\XogYZsK.exe
  2⤵
  PID:5324
- C:\Windows\System\agICZKS.exe
  C:\Windows\System\agICZKS.exe
  2⤵
  PID:5344
- C:\Windows\System\LtBpSPB.exe
  C:\Windows\System\LtBpSPB.exe
  2⤵
  PID:5364
- C:\Windows\System\gJgNuaz.exe
  C:\Windows\System\gJgNuaz.exe
  2⤵
  PID:5384
- C:\Windows\System\ddfNweJ.exe
  C:\Windows\System\ddfNweJ.exe
  2⤵
  PID:5404
- C:\Windows\System\ixKxbSj.exe
  C:\Windows\System\ixKxbSj.exe
  2⤵
  PID:5424
- C:\Windows\System\LorlLDT.exe
  C:\Windows\System\LorlLDT.exe
  2⤵
  PID:5444
- C:\Windows\System\JTQVItG.exe
  C:\Windows\System\JTQVItG.exe
  2⤵
  PID:5464
- C:\Windows\System\GBJGqIG.exe
  C:\Windows\System\GBJGqIG.exe
  2⤵
  PID:5484
- C:\Windows\System\bqGJqZH.exe
  C:\Windows\System\bqGJqZH.exe
  2⤵
  PID:5504
- C:\Windows\System\apTsjni.exe
  C:\Windows\System\apTsjni.exe
  2⤵
  PID:5524
- C:\Windows\System\HnvLTFI.exe
  C:\Windows\System\HnvLTFI.exe
  2⤵
  PID:5544
- C:\Windows\System\ePbBHPv.exe
  C:\Windows\System\ePbBHPv.exe
  2⤵
  PID:5564
- C:\Windows\System\HDuQMTo.exe
  C:\Windows\System\HDuQMTo.exe
  2⤵
  PID:5584
- C:\Windows\System\jEDdWjS.exe
  C:\Windows\System\jEDdWjS.exe
  2⤵
  PID:5604
- C:\Windows\System\IsSRSkP.exe
  C:\Windows\System\IsSRSkP.exe
  2⤵
  PID:5624
- C:\Windows\System\ssuobJp.exe
  C:\Windows\System\ssuobJp.exe
  2⤵
  PID:5644
- C:\Windows\System\vXiQiBr.exe
  C:\Windows\System\vXiQiBr.exe
  2⤵
  PID:5664
- C:\Windows\System\SwpDcSD.exe
  C:\Windows\System\SwpDcSD.exe
  2⤵
  PID:5780
- C:\Windows\System\ETMuBnX.exe
  C:\Windows\System\ETMuBnX.exe
  2⤵
  PID:5800
- C:\Windows\System\ULCmfuT.exe
  C:\Windows\System\ULCmfuT.exe
  2⤵
  PID:5820
- C:\Windows\System\DMNTphl.exe
  C:\Windows\System\DMNTphl.exe
  2⤵
  PID:5840
- C:\Windows\System\apiRujX.exe
  C:\Windows\System\apiRujX.exe
  2⤵
  PID:5860
- C:\Windows\System\NYffqrn.exe
  C:\Windows\System\NYffqrn.exe
  2⤵
  PID:5880
- C:\Windows\System\cqaOVrR.exe
  C:\Windows\System\cqaOVrR.exe
  2⤵
  PID:5900
- C:\Windows\System\LZjgbvU.exe
  C:\Windows\System\LZjgbvU.exe
  2⤵
  PID:5920
- C:\Windows\System\nDQfMwc.exe
  C:\Windows\System\nDQfMwc.exe
  2⤵
  PID:5940
- C:\Windows\System\gzyqkcH.exe
  C:\Windows\System\gzyqkcH.exe
  2⤵
  PID:5960
- C:\Windows\System\GMRFSgd.exe
  C:\Windows\System\GMRFSgd.exe
  2⤵
  PID:5980
- C:\Windows\System\KKVFRzz.exe
  C:\Windows\System\KKVFRzz.exe
  2⤵
  PID:6000
- C:\Windows\System\XbCxQFn.exe
  C:\Windows\System\XbCxQFn.exe
  2⤵
  PID:6020
- C:\Windows\System\vEOfRcX.exe
  C:\Windows\System\vEOfRcX.exe
  2⤵
  PID:6040
- C:\Windows\System\fAqMXDc.exe
  C:\Windows\System\fAqMXDc.exe
  2⤵
  PID:6060
- C:\Windows\System\qEimIsU.exe
  C:\Windows\System\qEimIsU.exe
  2⤵
  PID:6084
- C:\Windows\System\GYmwidy.exe
  C:\Windows\System\GYmwidy.exe
  2⤵
  PID:6104
- C:\Windows\System\bLiYIdZ.exe
  C:\Windows\System\bLiYIdZ.exe
  2⤵
  PID:6124
- C:\Windows\System\sHhatUt.exe
  C:\Windows\System\sHhatUt.exe
  2⤵
  PID:4256
- C:\Windows\System\YCZKBpl.exe
  C:\Windows\System\YCZKBpl.exe
  2⤵
  PID:4544
- C:\Windows\System\EzSAcdU.exe
  C:\Windows\System\EzSAcdU.exe
  2⤵
  PID:4636
- C:\Windows\System\mBCkJuo.exe
  C:\Windows\System\mBCkJuo.exe
  2⤵
  PID:4676
- C:\Windows\System\scCGwmt.exe
  C:\Windows\System\scCGwmt.exe
  2⤵
  PID:4780
- C:\Windows\System\fonudgg.exe
  C:\Windows\System\fonudgg.exe
  2⤵
  PID:4800
- C:\Windows\System\ReigUKz.exe
  C:\Windows\System\ReigUKz.exe
  2⤵
  PID:3484
- C:\Windows\System\UEBueXP.exe
  C:\Windows\System\UEBueXP.exe
  2⤵
  PID:4080
- C:\Windows\System\gyFvUdg.exe
  C:\Windows\System\gyFvUdg.exe
  2⤵
  PID:1076
- C:\Windows\System\IVTBhsl.exe
  C:\Windows\System\IVTBhsl.exe
  2⤵
  PID:3348
- C:\Windows\System\ygiEvHv.exe
  C:\Windows\System\ygiEvHv.exe
  2⤵
  PID:4180
- C:\Windows\System\OqDGJzF.exe
  C:\Windows\System\OqDGJzF.exe
  2⤵
  PID:5216
- C:\Windows\System\QNYdVWN.exe
  C:\Windows\System\QNYdVWN.exe
  2⤵
  PID:5260
- C:\Windows\System\MDyHImb.exe
  C:\Windows\System\MDyHImb.exe
  2⤵
  PID:5276
- C:\Windows\System\ZugDyfB.exe
  C:\Windows\System\ZugDyfB.exe
  2⤵
  PID:5320
- C:\Windows\System\nufahLO.exe
  C:\Windows\System\nufahLO.exe
  2⤵
  PID:5352
- C:\Windows\System\nUWYBYJ.exe
  C:\Windows\System\nUWYBYJ.exe
  2⤵
  PID:5376
- C:\Windows\System\vETotXy.exe
  C:\Windows\System\vETotXy.exe
  2⤵
  PID:5420
- C:\Windows\System\Odwnjdu.exe
  C:\Windows\System\Odwnjdu.exe
  2⤵
  PID:5460
- C:\Windows\System\DwAdGmz.exe
  C:\Windows\System\DwAdGmz.exe
  2⤵
  PID:5500
- C:\Windows\System\gaODeYu.exe
  C:\Windows\System\gaODeYu.exe
  2⤵
  PID:5532
- C:\Windows\System\nVEXuxM.exe
  C:\Windows\System\nVEXuxM.exe
  2⤵
  PID:5552
- C:\Windows\System\sIqcQCI.exe
  C:\Windows\System\sIqcQCI.exe
  2⤵
  PID:2224
- C:\Windows\System\pHKZKBn.exe
  C:\Windows\System\pHKZKBn.exe
  2⤵
  PID:5596
- C:\Windows\System\lBlXRvQ.exe
  C:\Windows\System\lBlXRvQ.exe
  2⤵
  PID:5652
- C:\Windows\System\MneAAZI.exe
  C:\Windows\System\MneAAZI.exe
  2⤵
  PID:5776
- C:\Windows\System\ElApcfy.exe
  C:\Windows\System\ElApcfy.exe
  2⤵
  PID:5808
- C:\Windows\System\ldoANmq.exe
  C:\Windows\System\ldoANmq.exe
  2⤵
  PID:5812
- C:\Windows\System\MstKPWP.exe
  C:\Windows\System\MstKPWP.exe
  2⤵
  PID:5876
- C:\Windows\System\jKKMMvT.exe
  C:\Windows\System\jKKMMvT.exe
  2⤵
  PID:5892
- C:\Windows\System\kASoxJd.exe
  C:\Windows\System\kASoxJd.exe
  2⤵
  PID:6092
- C:\Windows\System\soWpzoi.exe
  C:\Windows\System\soWpzoi.exe
  2⤵
  PID:6116
- C:\Windows\System\QbRWSiF.exe
  C:\Windows\System\QbRWSiF.exe
  2⤵
  PID:6136
- C:\Windows\System\BkmOfAc.exe
  C:\Windows\System\BkmOfAc.exe
  2⤵
  PID:4660
- C:\Windows\System\eaiOYjo.exe
  C:\Windows\System\eaiOYjo.exe
  2⤵
  PID:4724
- C:\Windows\System\qAWqEcn.exe
  C:\Windows\System\qAWqEcn.exe
  2⤵
  PID:3704
- C:\Windows\System\DoppqGF.exe
  C:\Windows\System\DoppqGF.exe
  2⤵
  PID:4060
- C:\Windows\System\tGquXEi.exe
  C:\Windows\System\tGquXEi.exe
  2⤵
  PID:3168
- C:\Windows\System\LxgQmXa.exe
  C:\Windows\System\LxgQmXa.exe
  2⤵
  PID:5196
- C:\Windows\System\cAUtHBh.exe
  C:\Windows\System\cAUtHBh.exe
  2⤵
  PID:5292
- C:\Windows\System\UVhROjG.exe
  C:\Windows\System\UVhROjG.exe
  2⤵
  PID:5340
- C:\Windows\System\CiHBRis.exe
  C:\Windows\System\CiHBRis.exe
  2⤵
  PID:5412
- C:\Windows\System\bfdpCWq.exe
  C:\Windows\System\bfdpCWq.exe
  2⤵
  PID:6156
- C:\Windows\System\UKgEnYG.exe
  C:\Windows\System\UKgEnYG.exe
  2⤵
  PID:6176
- C:\Windows\System\CpNqRxG.exe
  C:\Windows\System\CpNqRxG.exe
  2⤵
  PID:6196
- C:\Windows\System\aCxqIct.exe
  C:\Windows\System\aCxqIct.exe
  2⤵
  PID:6216
- C:\Windows\System\RXIWjVN.exe
  C:\Windows\System\RXIWjVN.exe
  2⤵
  PID:6236
- C:\Windows\System\cCDJNJc.exe
  C:\Windows\System\cCDJNJc.exe
  2⤵
  PID:6256
- C:\Windows\System\pieKyfR.exe
  C:\Windows\System\pieKyfR.exe
  2⤵
  PID:6276
- C:\Windows\System\fWPHZkG.exe
  C:\Windows\System\fWPHZkG.exe
  2⤵
  PID:6300
- C:\Windows\System\oCAvxza.exe
  C:\Windows\System\oCAvxza.exe
  2⤵
  PID:6320
- C:\Windows\System\RqZRQfu.exe
  C:\Windows\System\RqZRQfu.exe
  2⤵
  PID:6340
- C:\Windows\System\nyQyNLJ.exe
  C:\Windows\System\nyQyNLJ.exe
  2⤵
  PID:6360
- C:\Windows\System\tBYALPi.exe
  C:\Windows\System\tBYALPi.exe
  2⤵
  PID:6380
- C:\Windows\System\NyyKPQE.exe
  C:\Windows\System\NyyKPQE.exe
  2⤵
  PID:6496
- C:\Windows\System\tZBFIxv.exe
  C:\Windows\System\tZBFIxv.exe
  2⤵
  PID:6516
- C:\Windows\System\YbCurFC.exe
  C:\Windows\System\YbCurFC.exe
  2⤵
  PID:6536
- C:\Windows\System\JDTIJxT.exe
  C:\Windows\System\JDTIJxT.exe
  2⤵
  PID:6556
- C:\Windows\System\lQeWomE.exe
  C:\Windows\System\lQeWomE.exe
  2⤵
  PID:6576
- C:\Windows\System\IRcgUwi.exe
  C:\Windows\System\IRcgUwi.exe
  2⤵
  PID:6596
- C:\Windows\System\UDEIaqO.exe
  C:\Windows\System\UDEIaqO.exe
  2⤵
  PID:6616
- C:\Windows\System\HiMbkBT.exe
  C:\Windows\System\HiMbkBT.exe
  2⤵
  PID:6636
- C:\Windows\System\OViFpzP.exe
  C:\Windows\System\OViFpzP.exe
  2⤵
  PID:6656
- C:\Windows\System\kYeIEes.exe
  C:\Windows\System\kYeIEes.exe
  2⤵
  PID:6676
- C:\Windows\System\hbqMrwy.exe
  C:\Windows\System\hbqMrwy.exe
  2⤵
  PID:6696
- C:\Windows\System\cCyiDNw.exe
  C:\Windows\System\cCyiDNw.exe
  2⤵
  PID:6716
- C:\Windows\System\fkynTir.exe
  C:\Windows\System\fkynTir.exe
  2⤵
  PID:6736
- C:\Windows\System\kLZVvbH.exe
  C:\Windows\System\kLZVvbH.exe
  2⤵
  PID:6760
- C:\Windows\System\HoJoHXM.exe
  C:\Windows\System\HoJoHXM.exe
  2⤵
  PID:6780
- C:\Windows\System\XSazdCU.exe
  C:\Windows\System\XSazdCU.exe
  2⤵
  PID:6800
- C:\Windows\System\nTUfGYd.exe
  C:\Windows\System\nTUfGYd.exe
  2⤵
  PID:6820
- C:\Windows\System\UFfYCbR.exe
  C:\Windows\System\UFfYCbR.exe
  2⤵
  PID:6840
- C:\Windows\System\PRgGpna.exe
  C:\Windows\System\PRgGpna.exe
  2⤵
  PID:6860
- C:\Windows\System\yOfgCrS.exe
  C:\Windows\System\yOfgCrS.exe
  2⤵
  PID:6880
- C:\Windows\System\zhWkSkK.exe
  C:\Windows\System\zhWkSkK.exe
  2⤵
  PID:6900
- C:\Windows\System\lboieLN.exe
  C:\Windows\System\lboieLN.exe
  2⤵
  PID:6920
- C:\Windows\System\iunVoyw.exe
  C:\Windows\System\iunVoyw.exe
  2⤵
  PID:6940
- C:\Windows\System\LKRQcOl.exe
  C:\Windows\System\LKRQcOl.exe
  2⤵
  PID:6960
- C:\Windows\System\nXnvZeA.exe
  C:\Windows\System\nXnvZeA.exe
  2⤵
  PID:7076
- C:\Windows\System\lPMhkxj.exe
  C:\Windows\System\lPMhkxj.exe
  2⤵
  PID:7096
- C:\Windows\System\PliRksf.exe
  C:\Windows\System\PliRksf.exe
  2⤵
  PID:7116
- C:\Windows\System\sunAzvG.exe
  C:\Windows\System\sunAzvG.exe
  2⤵
  PID:7136
- C:\Windows\System\MNKtjaT.exe
  C:\Windows\System\MNKtjaT.exe
  2⤵
  PID:7156
- C:\Windows\System\wvjzSwt.exe
  C:\Windows\System\wvjzSwt.exe
  2⤵
  PID:5432
- C:\Windows\System\VFifmrx.exe
  C:\Windows\System\VFifmrx.exe
  2⤵
  PID:5472
- C:\Windows\System\vDPgZoS.exe
  C:\Windows\System\vDPgZoS.exe
  2⤵
  PID:5536
- C:\Windows\System\PUKWVEC.exe
  C:\Windows\System\PUKWVEC.exe
  2⤵
  PID:5600
- C:\Windows\System\XNVGmYJ.exe
  C:\Windows\System\XNVGmYJ.exe
  2⤵
  PID:5616
- C:\Windows\System\wFIvEXI.exe
  C:\Windows\System\wFIvEXI.exe
  2⤵
  PID:5836
- C:\Windows\System\uHnccXc.exe
  C:\Windows\System\uHnccXc.exe
  2⤵
  PID:5832
- C:\Windows\System\DkOWXvi.exe
  C:\Windows\System\DkOWXvi.exe
  2⤵
  PID:5896
- C:\Windows\System\NAJaMda.exe
  C:\Windows\System\NAJaMda.exe
  2⤵
  PID:6120
- C:\Windows\System\xbzYAKj.exe
  C:\Windows\System\xbzYAKj.exe
  2⤵
  PID:4564
- C:\Windows\System\VMMmdeM.exe
  C:\Windows\System\VMMmdeM.exe
  2⤵
  PID:4656
- C:\Windows\System\kDWabzP.exe
  C:\Windows\System\kDWabzP.exe
  2⤵
  PID:3184
- C:\Windows\System\AvSxbPD.exe
  C:\Windows\System\AvSxbPD.exe
  2⤵
  PID:3084
- C:\Windows\System\NjdpkRa.exe
  C:\Windows\System\NjdpkRa.exe
  2⤵
  PID:5272
- C:\Windows\System\qUWivrS.exe
  C:\Windows\System\qUWivrS.exe
  2⤵
  PID:5296
- C:\Windows\System\YzSvsGQ.exe
  C:\Windows\System\YzSvsGQ.exe
  2⤵
  PID:5356
- C:\Windows\System\IffXcaU.exe
  C:\Windows\System\IffXcaU.exe
  2⤵
  PID:6212
- C:\Windows\System\YSakUti.exe
  C:\Windows\System\YSakUti.exe
  2⤵
  PID:6232
- C:\Windows\System\HGoMqhx.exe
  C:\Windows\System\HGoMqhx.exe
  2⤵
  PID:6264
- C:\Windows\System\taXPKqa.exe
  C:\Windows\System\taXPKqa.exe
  2⤵
  PID:6548
- C:\Windows\System\MVWtMuh.exe
  C:\Windows\System\MVWtMuh.exe
  2⤵
  PID:6592
- C:\Windows\System\xlCMVLX.exe
  C:\Windows\System\xlCMVLX.exe
  2⤵
  PID:6632
- C:\Windows\System\fuCtvoF.exe
  C:\Windows\System\fuCtvoF.exe
  2⤵
  PID:6664
- C:\Windows\System\qSkZceM.exe
  C:\Windows\System\qSkZceM.exe
  2⤵
  PID:6692
- C:\Windows\System\muIhAIP.exe
  C:\Windows\System\muIhAIP.exe
  2⤵
  PID:6744
- C:\Windows\System\wNUhRGO.exe
  C:\Windows\System\wNUhRGO.exe
  2⤵
  PID:6752
- C:\Windows\System\MldYdMJ.exe
  C:\Windows\System\MldYdMJ.exe
  2⤵
  PID:6772
- C:\Windows\System\Tffvzgc.exe
  C:\Windows\System\Tffvzgc.exe
  2⤵
  PID:6812
- C:\Windows\System\TVSMrhN.exe
  C:\Windows\System\TVSMrhN.exe
  2⤵
  PID:6856
- C:\Windows\System\wuKRFgX.exe
  C:\Windows\System\wuKRFgX.exe
  2⤵
  PID:6896
- C:\Windows\System\qikuNGl.exe
  C:\Windows\System\qikuNGl.exe
  2⤵
  PID:6948
- C:\Windows\System\Sibvewo.exe
  C:\Windows\System\Sibvewo.exe
  2⤵
  PID:6952
- C:\Windows\System\fiRauwW.exe
  C:\Windows\System\fiRauwW.exe
  2⤵
  PID:7072
- C:\Windows\System\eOLOkFT.exe
  C:\Windows\System\eOLOkFT.exe
  2⤵
  PID:7108
- C:\Windows\System\wMuxJYQ.exe
  C:\Windows\System\wMuxJYQ.exe
  2⤵
  PID:7152
- C:\Windows\System\xDLPerY.exe
  C:\Windows\System\xDLPerY.exe
  2⤵
  PID:5440
- C:\Windows\System\XaUZtkf.exe
  C:\Windows\System\XaUZtkf.exe
  2⤵
  PID:5516
- C:\Windows\System\osTtYDB.exe
  C:\Windows\System\osTtYDB.exe
  2⤵
  PID:5612
- C:\Windows\System\qVHBSOj.exe
  C:\Windows\System\qVHBSOj.exe
  2⤵
  PID:5796
- C:\Windows\System\GdEXihf.exe
  C:\Windows\System\GdEXihf.exe
  2⤵
  PID:5912
- C:\Windows\System\PzpnkSK.exe
  C:\Windows\System\PzpnkSK.exe
  2⤵
  PID:6100
- C:\Windows\System\hanMYPI.exe
  C:\Windows\System\hanMYPI.exe
  2⤵
  PID:4604
- C:\Windows\System\Vcvfvdp.exe
  C:\Windows\System\Vcvfvdp.exe
  2⤵
  PID:2108
- C:\Windows\System\hrCEvNV.exe
  C:\Windows\System\hrCEvNV.exe
  2⤵
  PID:7204
- C:\Windows\System\SVkoPgl.exe
  C:\Windows\System\SVkoPgl.exe
  2⤵
  PID:7224
- C:\Windows\System\xGOtVnD.exe
  C:\Windows\System\xGOtVnD.exe
  2⤵
  PID:7244
- C:\Windows\System\ajvKFpU.exe
  C:\Windows\System\ajvKFpU.exe
  2⤵
  PID:7264
- C:\Windows\System\StPXoGN.exe
  C:\Windows\System\StPXoGN.exe
  2⤵
  PID:7284
- C:\Windows\System\UrrsZLP.exe
  C:\Windows\System\UrrsZLP.exe
  2⤵
  PID:7304
- C:\Windows\System\CoQYRJF.exe
  C:\Windows\System\CoQYRJF.exe
  2⤵
  PID:7324
- C:\Windows\System\wbGNzFC.exe
  C:\Windows\System\wbGNzFC.exe
  2⤵
  PID:7344
- C:\Windows\System\HphpfdI.exe
  C:\Windows\System\HphpfdI.exe
  2⤵
  PID:7364
- C:\Windows\System\Btayxun.exe
  C:\Windows\System\Btayxun.exe
  2⤵
  PID:7384
- C:\Windows\System\FNqgagF.exe
  C:\Windows\System\FNqgagF.exe
  2⤵
  PID:7404
- C:\Windows\System\RNbdrxo.exe
  C:\Windows\System\RNbdrxo.exe
  2⤵
  PID:7424
- C:\Windows\System\FyIFbjI.exe
  C:\Windows\System\FyIFbjI.exe
  2⤵
  PID:7444
- C:\Windows\System\HGEJvLX.exe
  C:\Windows\System\HGEJvLX.exe
  2⤵
  PID:7464
- C:\Windows\System\IRIyaEB.exe
  C:\Windows\System\IRIyaEB.exe
  2⤵
  PID:7484
- C:\Windows\System\eBOAlmj.exe
  C:\Windows\System\eBOAlmj.exe
  2⤵
  PID:7504
- C:\Windows\System\kupeBtz.exe
  C:\Windows\System\kupeBtz.exe
  2⤵
  PID:7524
- C:\Windows\System\vwGUJLT.exe
  C:\Windows\System\vwGUJLT.exe
  2⤵
  PID:7544
- C:\Windows\System\VchVDBi.exe
  C:\Windows\System\VchVDBi.exe
  2⤵
  PID:7564
- C:\Windows\System\HnWaBvv.exe
  C:\Windows\System\HnWaBvv.exe
  2⤵
  PID:7584
- C:\Windows\System\ShiiqpH.exe
  C:\Windows\System\ShiiqpH.exe
  2⤵
  PID:7604
- C:\Windows\System\vHdLCev.exe
  C:\Windows\System\vHdLCev.exe
  2⤵
  PID:7628
- C:\Windows\System\HnksbbX.exe
  C:\Windows\System\HnksbbX.exe
  2⤵
  PID:7648
- C:\Windows\System\PQMVSHP.exe
  C:\Windows\System\PQMVSHP.exe
  2⤵
  PID:7668
- C:\Windows\System\wlRuvOa.exe
  C:\Windows\System\wlRuvOa.exe
  2⤵
  PID:7784
- C:\Windows\System\ZepAAXu.exe
  C:\Windows\System\ZepAAXu.exe
  2⤵
  PID:7804
- C:\Windows\System\xXnyLOx.exe
  C:\Windows\System\xXnyLOx.exe
  2⤵
  PID:7824
- C:\Windows\System\GxzPtsV.exe
  C:\Windows\System\GxzPtsV.exe
  2⤵
  PID:7844
- C:\Windows\System\jraBMxk.exe
  C:\Windows\System\jraBMxk.exe
  2⤵
  PID:7868
- C:\Windows\System\mVKaksq.exe
  C:\Windows\System\mVKaksq.exe
  2⤵
  PID:7888
- C:\Windows\System\hljfygL.exe
  C:\Windows\System\hljfygL.exe
  2⤵
  PID:7908
- C:\Windows\System\zRQtdyL.exe
  C:\Windows\System\zRQtdyL.exe
  2⤵
  PID:7928
- C:\Windows\System\ldxyqhi.exe
  C:\Windows\System\ldxyqhi.exe
  2⤵
  PID:7948
- C:\Windows\System\YCuyBIA.exe
  C:\Windows\System\YCuyBIA.exe
  2⤵
  PID:7968
- C:\Windows\System\TsJfOdR.exe
  C:\Windows\System\TsJfOdR.exe
  2⤵
  PID:7988
- C:\Windows\System\omgdMod.exe
  C:\Windows\System\omgdMod.exe
  2⤵
  PID:8008
- C:\Windows\System\rIzRSig.exe
  C:\Windows\System\rIzRSig.exe
  2⤵
  PID:8028
- C:\Windows\System\JDHNAkP.exe
  C:\Windows\System\JDHNAkP.exe
  2⤵
  PID:8048
- C:\Windows\System\xYMEQCX.exe
  C:\Windows\System\xYMEQCX.exe
  2⤵
  PID:8068
- C:\Windows\System\CxWeYvn.exe
  C:\Windows\System\CxWeYvn.exe
  2⤵
  PID:8088
- C:\Windows\System\GhKoxtU.exe
  C:\Windows\System\GhKoxtU.exe
  2⤵
  PID:8108
- C:\Windows\System\xBqlgeo.exe
  C:\Windows\System\xBqlgeo.exe
  2⤵
  PID:8128
- C:\Windows\System\bWiNtqk.exe
  C:\Windows\System\bWiNtqk.exe
  2⤵
  PID:8148
- C:\Windows\System\uchHkmP.exe
  C:\Windows\System\uchHkmP.exe
  2⤵
  PID:8168
- C:\Windows\System\qQgKAcW.exe
  C:\Windows\System\qQgKAcW.exe
  2⤵
  PID:8188
- C:\Windows\System\KUgZxUV.exe
  C:\Windows\System\KUgZxUV.exe
  2⤵
  PID:6604
- C:\Windows\System\KQNUfBl.exe
  C:\Windows\System\KQNUfBl.exe
  2⤵
  PID:6644
- C:\Windows\System\vkmwMdI.exe
  C:\Windows\System\vkmwMdI.exe
  2⤵
  PID:6668
- C:\Windows\System\fRdHmGM.exe
  C:\Windows\System\fRdHmGM.exe
  2⤵
  PID:7112
- C:\Windows\System\TYnxTzE.exe
  C:\Windows\System\TYnxTzE.exe
  2⤵
  PID:5476
- C:\Windows\System\qDhissW.exe
  C:\Windows\System\qDhissW.exe
  2⤵
  PID:5660
- C:\Windows\System\ifAfhQY.exe
  C:\Windows\System\ifAfhQY.exe
  2⤵
  PID:5856
- C:\Windows\System\sCcfmUO.exe
  C:\Windows\System\sCcfmUO.exe
  2⤵
  PID:5888
- C:\Windows\System\nPJNcfs.exe
  C:\Windows\System\nPJNcfs.exe
  2⤵
  PID:4840
- C:\Windows\System\KSQnwwp.exe
  C:\Windows\System\KSQnwwp.exe
  2⤵
  PID:7192
- C:\Windows\System\eblbhmE.exe
  C:\Windows\System\eblbhmE.exe
  2⤵
  PID:7252
- C:\Windows\System\cxgPqzC.exe
  C:\Windows\System\cxgPqzC.exe
  2⤵
  PID:7272
- C:\Windows\System\FUphoNq.exe
  C:\Windows\System\FUphoNq.exe
  2⤵
  PID:7296
- C:\Windows\System\bLfntUh.exe
  C:\Windows\System\bLfntUh.exe
  2⤵
  PID:7316
- C:\Windows\System\GueFmPp.exe
  C:\Windows\System\GueFmPp.exe
  2⤵
  PID:7360
- C:\Windows\System\cBGiCBi.exe
  C:\Windows\System\cBGiCBi.exe
  2⤵
  PID:7412
- C:\Windows\System\zfRkIZz.exe
  C:\Windows\System\zfRkIZz.exe
  2⤵
  PID:7460
- C:\Windows\System\WILVYlQ.exe
  C:\Windows\System\WILVYlQ.exe
  2⤵
  PID:7480
- C:\Windows\System\iJUxLim.exe
  C:\Windows\System\iJUxLim.exe
  2⤵
  PID:7532
- C:\Windows\System\RAIBOrN.exe
  C:\Windows\System\RAIBOrN.exe
  2⤵
  PID:7536
- C:\Windows\System\AZnVkAR.exe
  C:\Windows\System\AZnVkAR.exe
  2⤵
  PID:7556
- C:\Windows\System\beiAfmq.exe
  C:\Windows\System\beiAfmq.exe
  2⤵
  PID:7624
- C:\Windows\System\qWEsbNW.exe
  C:\Windows\System\qWEsbNW.exe
  2⤵
  PID:7644
- C:\Windows\System\RikvXiO.exe
  C:\Windows\System\RikvXiO.exe
  2⤵
  PID:7780
- C:\Windows\System\lQJOUit.exe
  C:\Windows\System\lQJOUit.exe
  2⤵
  PID:7796
- C:\Windows\System\NUAEwNZ.exe
  C:\Windows\System\NUAEwNZ.exe
  2⤵
  PID:7816
- C:\Windows\System\YwUUkGn.exe
  C:\Windows\System\YwUUkGn.exe
  2⤵
  PID:7856
- C:\Windows\System\RBGeceR.exe
  C:\Windows\System\RBGeceR.exe
  2⤵
  PID:8076
- C:\Windows\System\dtGkmaj.exe
  C:\Windows\System\dtGkmaj.exe
  2⤵
  PID:8116
- C:\Windows\System\dncxwxV.exe
  C:\Windows\System\dncxwxV.exe
  2⤵
  PID:8120
- C:\Windows\System\rqxsZrr.exe
  C:\Windows\System\rqxsZrr.exe
  2⤵
  PID:8160
- C:\Windows\System\iWLiOER.exe
  C:\Windows\System\iWLiOER.exe
  2⤵
  PID:6572
- C:\Windows\System\yjXycWl.exe
  C:\Windows\System\yjXycWl.exe
  2⤵
  PID:6652
- C:\Windows\System\aptXtca.exe
  C:\Windows\System\aptXtca.exe
  2⤵
  PID:7144
- C:\Windows\System\kHTqtVc.exe
  C:\Windows\System\kHTqtVc.exe
  2⤵
  PID:2780
- C:\Windows\System\DXurwHM.exe
  C:\Windows\System\DXurwHM.exe
  2⤵
  PID:5456
- C:\Windows\System\FgeRpgC.exe
  C:\Windows\System\FgeRpgC.exe
  2⤵
  PID:6072
- C:\Windows\System\eIgQjQO.exe
  C:\Windows\System\eIgQjQO.exe
  2⤵
  PID:7200
- C:\Windows\System\RNACsjY.exe
  C:\Windows\System\RNACsjY.exe
  2⤵
  PID:7260
- C:\Windows\System\oAbFOlu.exe
  C:\Windows\System\oAbFOlu.exe
  2⤵
  PID:7276
- C:\Windows\System\oKeaiAn.exe
  C:\Windows\System\oKeaiAn.exe
  2⤵
  PID:7320
- C:\Windows\System\swfZTto.exe
  C:\Windows\System\swfZTto.exe
  2⤵
  PID:7400
- C:\Windows\System\chtfBxr.exe
  C:\Windows\System\chtfBxr.exe
  2⤵
  PID:7476
- C:\Windows\System\AgjOUTS.exe
  C:\Windows\System\AgjOUTS.exe
  2⤵
  PID:7540
- C:\Windows\System\ezLPFZS.exe
  C:\Windows\System\ezLPFZS.exe
  2⤵
  PID:7592
- C:\Windows\System\MyUnjhQ.exe
  C:\Windows\System\MyUnjhQ.exe
  2⤵
  PID:7636
- C:\Windows\System\dIGAtEz.exe
  C:\Windows\System\dIGAtEz.exe
  2⤵
  PID:8204
- C:\Windows\System\etTXgsD.exe
  C:\Windows\System\etTXgsD.exe
  2⤵
  PID:8224
- C:\Windows\System\awqlwKw.exe
  C:\Windows\System\awqlwKw.exe
  2⤵
  PID:8244
- C:\Windows\System\nAXDXTp.exe
  C:\Windows\System\nAXDXTp.exe
  2⤵
  PID:8264
- C:\Windows\System\ITZhWMa.exe
  C:\Windows\System\ITZhWMa.exe
  2⤵
  PID:8284
- C:\Windows\System\dgDpdqa.exe
  C:\Windows\System\dgDpdqa.exe
  2⤵
  PID:8400
- C:\Windows\System\IYkDIvs.exe
  C:\Windows\System\IYkDIvs.exe
  2⤵
  PID:8420
- C:\Windows\System\EnMrovU.exe
  C:\Windows\System\EnMrovU.exe
  2⤵
  PID:8440
- C:\Windows\System\FOuCkex.exe
  C:\Windows\System\FOuCkex.exe
  2⤵
  PID:8460
- C:\Windows\System\eUGAaDz.exe
  C:\Windows\System\eUGAaDz.exe
  2⤵
  PID:8480
- C:\Windows\System\IFuXcWD.exe
  C:\Windows\System\IFuXcWD.exe
  2⤵
  PID:8500
- C:\Windows\System\udXATtH.exe
  C:\Windows\System\udXATtH.exe
  2⤵
  PID:8520
- C:\Windows\System\EMCZjLD.exe
  C:\Windows\System\EMCZjLD.exe
  2⤵
  PID:8540
- C:\Windows\System\JZocZAb.exe
  C:\Windows\System\JZocZAb.exe
  2⤵
  PID:8560
- C:\Windows\System\KNSimKW.exe
  C:\Windows\System\KNSimKW.exe
  2⤵
  PID:8580
- C:\Windows\System\kQBVYFn.exe
  C:\Windows\System\kQBVYFn.exe
  2⤵
  PID:8600
- C:\Windows\System\TvvMuwb.exe
  C:\Windows\System\TvvMuwb.exe
  2⤵
  PID:8620
- C:\Windows\System\CqFISUT.exe
  C:\Windows\System\CqFISUT.exe
  2⤵
  PID:8640
- C:\Windows\System\VbOnSHY.exe
  C:\Windows\System\VbOnSHY.exe
  2⤵
  PID:8660
- C:\Windows\System\ArfbjJP.exe
  C:\Windows\System\ArfbjJP.exe
  2⤵
  PID:8680
- C:\Windows\System\CapHVln.exe
  C:\Windows\System\CapHVln.exe
  2⤵
  PID:8700
- C:\Windows\System\lQKBmAR.exe
  C:\Windows\System\lQKBmAR.exe
  2⤵
  PID:8720
- C:\Windows\System\IKpRayv.exe
  C:\Windows\System\IKpRayv.exe
  2⤵
  PID:8740
- C:\Windows\System\ZqGaHLH.exe
  C:\Windows\System\ZqGaHLH.exe
  2⤵
  PID:8760
- C:\Windows\System\kiobdRk.exe
  C:\Windows\System\kiobdRk.exe
  2⤵
  PID:8780
- C:\Windows\System\SdlMDpK.exe
  C:\Windows\System\SdlMDpK.exe
  2⤵
  PID:8800
- C:\Windows\System\izsELvm.exe
  C:\Windows\System\izsELvm.exe
  2⤵
  PID:8820
- C:\Windows\System\lddpblS.exe
  C:\Windows\System\lddpblS.exe
  2⤵
  PID:8844
- C:\Windows\System\BidZHTg.exe
  C:\Windows\System\BidZHTg.exe
  2⤵
  PID:8864
- C:\Windows\System\oxbCBpi.exe
  C:\Windows\System\oxbCBpi.exe
  2⤵
  PID:8976
- C:\Windows\System\OlbaFTU.exe
  C:\Windows\System\OlbaFTU.exe
  2⤵
  PID:9000
- C:\Windows\System\zXuYnZi.exe
  C:\Windows\System\zXuYnZi.exe
  2⤵
  PID:9020
- C:\Windows\System\XINszws.exe
  C:\Windows\System\XINszws.exe
  2⤵
  PID:9040
- C:\Windows\System\iZqplPL.exe
  C:\Windows\System\iZqplPL.exe
  2⤵
  PID:9064
- C:\Windows\System\mhtYgnd.exe
  C:\Windows\System\mhtYgnd.exe
  2⤵
  PID:9084
- C:\Windows\System\XPkLNVg.exe
  C:\Windows\System\XPkLNVg.exe
  2⤵
  PID:9104
- C:\Windows\System\USVDyFH.exe
  C:\Windows\System\USVDyFH.exe
  2⤵
  PID:9124
- C:\Windows\System\YyWeBMt.exe
  C:\Windows\System\YyWeBMt.exe
  2⤵
  PID:9144
- C:\Windows\System\eSojfSN.exe
  C:\Windows\System\eSojfSN.exe
  2⤵
  PID:9164
- C:\Windows\System\LflRGdG.exe
  C:\Windows\System\LflRGdG.exe
  2⤵
  PID:9184
- C:\Windows\System\QmnJGgx.exe
  C:\Windows\System\QmnJGgx.exe
  2⤵
  PID:9204
- C:\Windows\System\UiTkUxO.exe
  C:\Windows\System\UiTkUxO.exe
  2⤵
  PID:7660
- C:\Windows\System\xKVLWyn.exe
  C:\Windows\System\xKVLWyn.exe
  2⤵
  PID:7840
- C:\Windows\System\NrStRGx.exe
  C:\Windows\System\NrStRGx.exe
  2⤵
  PID:8096
- C:\Windows\System\lZefyZM.exe
  C:\Windows\System\lZefyZM.exe
  2⤵
  PID:8124
- C:\Windows\System\FWtpeTW.exe
  C:\Windows\System\FWtpeTW.exe
  2⤵
  PID:6528
- C:\Windows\System\idPjBrD.exe
  C:\Windows\System\idPjBrD.exe
  2⤵
  PID:6704
- C:\Windows\System\TadkSuC.exe
  C:\Windows\System\TadkSuC.exe
  2⤵
  PID:2084
- C:\Windows\System\rcaziwz.exe
  C:\Windows\System\rcaziwz.exe
  2⤵
  PID:5556
- C:\Windows\System\oiCIfbC.exe
  C:\Windows\System\oiCIfbC.exe
  2⤵
  PID:6140
- C:\Windows\System\PpRiZNZ.exe
  C:\Windows\System\PpRiZNZ.exe
  2⤵
  PID:7212
- C:\Windows\System\IgDpqRF.exe
  C:\Windows\System\IgDpqRF.exe
  2⤵
  PID:7380
- C:\Windows\System\HpOooNA.exe
  C:\Windows\System\HpOooNA.exe
  2⤵
  PID:7416
- C:\Windows\System\ctTDkJa.exe
  C:\Windows\System\ctTDkJa.exe
  2⤵
  PID:8276
- C:\Windows\System\vsaaeqQ.exe
  C:\Windows\System\vsaaeqQ.exe
  2⤵
  PID:8392
- C:\Windows\System\gepBGoL.exe
  C:\Windows\System\gepBGoL.exe
  2⤵
  PID:8432
- C:\Windows\System\gBFuGeH.exe
  C:\Windows\System\gBFuGeH.exe
  2⤵
  PID:8476
- C:\Windows\System\KPZgRnE.exe
  C:\Windows\System\KPZgRnE.exe
  2⤵
  PID:8528
- C:\Windows\System\UWaLXJU.exe
  C:\Windows\System\UWaLXJU.exe
  2⤵
  PID:8548
- C:\Windows\System\xqWDpxd.exe
  C:\Windows\System\xqWDpxd.exe
  2⤵
  PID:8572
- C:\Windows\System\siIFCgG.exe
  C:\Windows\System\siIFCgG.exe
  2⤵
  PID:8616
- C:\Windows\System\ZpUYGLo.exe
  C:\Windows\System\ZpUYGLo.exe
  2⤵
  PID:8636
- C:\Windows\System\IkNyLga.exe
  C:\Windows\System\IkNyLga.exe
  2⤵
  PID:8696
- C:\Windows\System\Sfwjmoz.exe
  C:\Windows\System\Sfwjmoz.exe
  2⤵
  PID:8728
- C:\Windows\System\JpIAetb.exe
  C:\Windows\System\JpIAetb.exe
  2⤵
  PID:8768
- C:\Windows\System\aLhWdNA.exe
  C:\Windows\System\aLhWdNA.exe
  2⤵
  PID:8772
- C:\Windows\System\QpBWJYz.exe
  C:\Windows\System\QpBWJYz.exe
  2⤵
  PID:8792
- C:\Windows\System\EhpbWLm.exe
  C:\Windows\System\EhpbWLm.exe
  2⤵
  PID:8828
- C:\Windows\System\KXjZCQg.exe
  C:\Windows\System\KXjZCQg.exe
  2⤵
  PID:8984
- C:\Windows\System\eZYfHvH.exe
  C:\Windows\System\eZYfHvH.exe
  2⤵
  PID:8876
- C:\Windows\System\YOzNDcw.exe
  C:\Windows\System\YOzNDcw.exe
  2⤵
  PID:9036
- C:\Windows\System\zLTefKA.exe
  C:\Windows\System\zLTefKA.exe
  2⤵
  PID:9080
- C:\Windows\System\YLLecvW.exe
  C:\Windows\System\YLLecvW.exe
  2⤵
  PID:9112
- C:\Windows\System\hkRLQXs.exe
  C:\Windows\System\hkRLQXs.exe
  2⤵
  PID:9116
- C:\Windows\System\tUcnZbg.exe
  C:\Windows\System\tUcnZbg.exe
  2⤵
  PID:9136
- C:\Windows\System\cSjVfhq.exe
  C:\Windows\System\cSjVfhq.exe
  2⤵
  PID:9196
- C:\Windows\System\XrrBZJQ.exe
  C:\Windows\System\XrrBZJQ.exe
  2⤵
  PID:7864
- C:\Windows\System\SzBakHP.exe
  C:\Windows\System\SzBakHP.exe
  2⤵
  PID:8836
- C:\Windows\System\bFMIKNL.exe
  C:\Windows\System\bFMIKNL.exe
  2⤵
  PID:7432
- C:\Windows\System\bRbYYUT.exe
  C:\Windows\System\bRbYYUT.exe
  2⤵
  PID:8396
- C:\Windows\System\uxgIztY.exe
  C:\Windows\System\uxgIztY.exe
  2⤵
  PID:8428
- C:\Windows\System\OYPbKxr.exe
  C:\Windows\System\OYPbKxr.exe
  2⤵
  PID:8516
- C:\Windows\System\BMoUviw.exe
  C:\Windows\System\BMoUviw.exe
  2⤵
  PID:8512
- C:\Windows\System\iOOoWvE.exe
  C:\Windows\System\iOOoWvE.exe
  2⤵
  PID:8552
- C:\Windows\System\ZEAIwyF.exe
  C:\Windows\System\ZEAIwyF.exe
  2⤵
  PID:8656
- C:\Windows\System\lpqPqKz.exe
  C:\Windows\System\lpqPqKz.exe
  2⤵
  PID:8712
- C:\Windows\System\QEwDKjN.exe
  C:\Windows\System\QEwDKjN.exe
  2⤵
  PID:8752
- C:\Windows\System\nrTxfud.exe
  C:\Windows\System\nrTxfud.exe
  2⤵
  PID:3060
- C:\Windows\System\tLqSaWC.exe
  C:\Windows\System\tLqSaWC.exe
  2⤵
  PID:8812
- C:\Windows\System\YwUJTXW.exe
  C:\Windows\System\YwUJTXW.exe
  2⤵
  PID:8992
- C:\Windows\System\iYCclex.exe
  C:\Windows\System\iYCclex.exe
  2⤵
  PID:9092
- C:\Windows\System\hpjvAoq.exe
  C:\Windows\System\hpjvAoq.exe
  2⤵
  PID:2608
- C:\Windows\System\LBGYjRn.exe
  C:\Windows\System\LBGYjRn.exe
  2⤵
  PID:9132
- C:\Windows\System\DfaTxEG.exe
  C:\Windows\System\DfaTxEG.exe
  2⤵
  PID:7820
- C:\Windows\System\IViUxzp.exe
  C:\Windows\System\IViUxzp.exe
  2⤵
  PID:7280
- C:\Windows\System\WVQrtyI.exe
  C:\Windows\System\WVQrtyI.exe
  2⤵
  PID:9228
- C:\Windows\System\XTXpwgY.exe
  C:\Windows\System\XTXpwgY.exe
  2⤵
  PID:9248
- C:\Windows\System\AJOUVPY.exe
  C:\Windows\System\AJOUVPY.exe
  2⤵
  PID:9268
- C:\Windows\System\nETbBlA.exe
  C:\Windows\System\nETbBlA.exe
  2⤵
  PID:9288
- C:\Windows\System\AkLOhGz.exe
  C:\Windows\System\AkLOhGz.exe
  2⤵
  PID:9308
- C:\Windows\System\WDYtLpy.exe
  C:\Windows\System\WDYtLpy.exe
  2⤵
  PID:9328
- C:\Windows\System\AdrgEUb.exe
  C:\Windows\System\AdrgEUb.exe
  2⤵
  PID:9440
- C:\Windows\System\BBZWQtk.exe
  C:\Windows\System\BBZWQtk.exe
  2⤵
  PID:9464
- C:\Windows\System\lDaKcnT.exe
  C:\Windows\System\lDaKcnT.exe
  2⤵
  PID:9480
- C:\Windows\System\UwRwsHZ.exe
  C:\Windows\System\UwRwsHZ.exe
  2⤵
  PID:9504
- C:\Windows\System\LyTdzRN.exe
  C:\Windows\System\LyTdzRN.exe
  2⤵
  PID:9524
- C:\Windows\System\LnJKFVn.exe
  C:\Windows\System\LnJKFVn.exe
  2⤵
  PID:9544
- C:\Windows\System\wqhOhxT.exe
  C:\Windows\System\wqhOhxT.exe
  2⤵
  PID:9564
- C:\Windows\System\SRGzPhr.exe
  C:\Windows\System\SRGzPhr.exe
  2⤵
  PID:9584
- C:\Windows\System\HFgfMgt.exe
  C:\Windows\System\HFgfMgt.exe
  2⤵
  PID:9604
- C:\Windows\System\fJxzOjm.exe
  C:\Windows\System\fJxzOjm.exe
  2⤵
  PID:9624
- C:\Windows\System\PchOnSh.exe
  C:\Windows\System\PchOnSh.exe
  2⤵
  PID:9644
- C:\Windows\System\ywzgwts.exe
  C:\Windows\System\ywzgwts.exe
  2⤵
  PID:9664
- C:\Windows\System\ilvfCvR.exe
  C:\Windows\System\ilvfCvR.exe
  2⤵
  PID:9680
- C:\Windows\System\HQLQzoh.exe
  C:\Windows\System\HQLQzoh.exe
  2⤵
  PID:9704
- C:\Windows\System\WqXMWEk.exe
  C:\Windows\System\WqXMWEk.exe
  2⤵
  PID:9724
- C:\Windows\System\mqajIbA.exe
  C:\Windows\System\mqajIbA.exe
  2⤵
  PID:9744
- C:\Windows\System\DtbpcnB.exe
  C:\Windows\System\DtbpcnB.exe
  2⤵
  PID:9764
- C:\Windows\System\pwwDGym.exe
  C:\Windows\System\pwwDGym.exe
  2⤵
  PID:9784
- C:\Windows\System\FGKBlnB.exe
  C:\Windows\System\FGKBlnB.exe
  2⤵
  PID:9808
- C:\Windows\System\quFgFVI.exe
  C:\Windows\System\quFgFVI.exe
  2⤵
  PID:9828
- C:\Windows\System\QORntqV.exe
  C:\Windows\System\QORntqV.exe
  2⤵
  PID:9848
- C:\Windows\System\BsGTraG.exe
  C:\Windows\System\BsGTraG.exe
  2⤵
  PID:9868
- C:\Windows\System\PaLhpeM.exe
  C:\Windows\System\PaLhpeM.exe
  2⤵
  PID:9888
- C:\Windows\System\RacUtld.exe
  C:\Windows\System\RacUtld.exe
  2⤵
  PID:9908
- C:\Windows\System\RvxkEjX.exe
  C:\Windows\System\RvxkEjX.exe
  2⤵
  PID:10020
- C:\Windows\System\OQpiAER.exe
  C:\Windows\System\OQpiAER.exe
  2⤵
  PID:10044
- C:\Windows\System\axElOOc.exe
  C:\Windows\System\axElOOc.exe
  2⤵
  PID:10064
- C:\Windows\System\UjVnjdr.exe
  C:\Windows\System\UjVnjdr.exe
  2⤵
  PID:10084
- C:\Windows\System\yEsihLQ.exe
  C:\Windows\System\yEsihLQ.exe
  2⤵
  PID:10104
- C:\Windows\System\snbGlJH.exe
  C:\Windows\System\snbGlJH.exe
  2⤵
  PID:10124
- C:\Windows\System\xLsIven.exe
  C:\Windows\System\xLsIven.exe
  2⤵
  PID:10144
- C:\Windows\System\oImGUlR.exe
  C:\Windows\System\oImGUlR.exe
  2⤵
  PID:10164
- C:\Windows\System\eTdXKjN.exe
  C:\Windows\System\eTdXKjN.exe
  2⤵
  PID:10188
- C:\Windows\System\AbfELCm.exe
  C:\Windows\System\AbfELCm.exe
  2⤵
  PID:10208
- C:\Windows\System\cZEkBsa.exe
  C:\Windows\System\cZEkBsa.exe
  2⤵
  PID:10228
- C:\Windows\System\iqnFtQc.exe
  C:\Windows\System\iqnFtQc.exe
  2⤵
  PID:2248
- C:\Windows\System\RESbszx.exe
  C:\Windows\System\RESbszx.exe
  2⤵
  PID:8532
- C:\Windows\System\AdpxdDX.exe
  C:\Windows\System\AdpxdDX.exe
  2⤵
  PID:8468
- C:\Windows\System\BzIDueM.exe
  C:\Windows\System\BzIDueM.exe
  2⤵
  PID:8608
- C:\Windows\System\WJxVpYb.exe
  C:\Windows\System\WJxVpYb.exe
  2⤵
  PID:2436
- C:\Windows\System\mDdEYdw.exe
  C:\Windows\System\mDdEYdw.exe
  2⤵
  PID:8756
- C:\Windows\System\AczCIhE.exe
  C:\Windows\System\AczCIhE.exe
  2⤵
  PID:8796
- C:\Windows\System\hvZNQyQ.exe
  C:\Windows\System\hvZNQyQ.exe
  2⤵
  PID:9076
- C:\Windows\System\bfsyhyx.exe
  C:\Windows\System\bfsyhyx.exe
  2⤵
  PID:9072
- C:\Windows\System\eRrGQMS.exe
  C:\Windows\System\eRrGQMS.exe
  2⤵
  PID:9180
- C:\Windows\System\cWVYwcR.exe
  C:\Windows\System\cWVYwcR.exe
  2⤵
  PID:9236
- C:\Windows\System\FJqFOPt.exe
  C:\Windows\System\FJqFOPt.exe
  2⤵
  PID:9244
- C:\Windows\System\MpgFyst.exe
  C:\Windows\System\MpgFyst.exe
  2⤵
  PID:9280
- C:\Windows\System\rcdOejv.exe
  C:\Windows\System\rcdOejv.exe
  2⤵
  PID:9580
- C:\Windows\System\IBcwxKi.exe
  C:\Windows\System\IBcwxKi.exe
  2⤵
  PID:9612
- C:\Windows\System\WWLGCpY.exe
  C:\Windows\System\WWLGCpY.exe
  2⤵
  PID:9652
- C:\Windows\System\QRwzrbd.exe
  C:\Windows\System\QRwzrbd.exe
  2⤵
  PID:9640
- C:\Windows\System\imoXloB.exe
  C:\Windows\System\imoXloB.exe
  2⤵
  PID:9688
- C:\Windows\System\hmXocQy.exe
  C:\Windows\System\hmXocQy.exe
  2⤵
  PID:9732
- C:\Windows\System\ATPKrYt.exe
  C:\Windows\System\ATPKrYt.exe
  2⤵
  PID:9740
- C:\Windows\System\qnhvdcd.exe
  C:\Windows\System\qnhvdcd.exe
  2⤵
  PID:9760
- C:\Windows\System\cqYvJyH.exe
  C:\Windows\System\cqYvJyH.exe
  2⤵
  PID:9824
- C:\Windows\System\Llaynwd.exe
  C:\Windows\System\Llaynwd.exe
  2⤵
  PID:9844
- C:\Windows\System\eYpBiCr.exe
  C:\Windows\System\eYpBiCr.exe
  2⤵
  PID:9876
- C:\Windows\System\NEoNgUl.exe
  C:\Windows\System\NEoNgUl.exe
  2⤵
  PID:9900
- C:\Windows\System\ywYlwYw.exe
  C:\Windows\System\ywYlwYw.exe
  2⤵
  PID:9916
- C:\Windows\System\ThdYtWF.exe
  C:\Windows\System\ThdYtWF.exe
  2⤵
  PID:10056
- C:\Windows\System\GCmhImm.exe
  C:\Windows\System\GCmhImm.exe
  2⤵
  PID:10100
- C:\Windows\System\QDDIBLp.exe
  C:\Windows\System\QDDIBLp.exe
  2⤵
  PID:10140
- C:\Windows\System\nKveHwp.exe
  C:\Windows\System\nKveHwp.exe
  2⤵
  PID:10204
- C:\Windows\System\DFPlryC.exe
  C:\Windows\System\DFPlryC.exe
  2⤵
  PID:10236
- C:\Windows\System\pIvxLkF.exe
  C:\Windows\System\pIvxLkF.exe
  2⤵
  PID:8408
- C:\Windows\System\aITSXZW.exe
  C:\Windows\System\aITSXZW.exe
  2⤵
  PID:8628
- C:\Windows\System\KpkjoaY.exe
  C:\Windows\System\KpkjoaY.exe
  2⤵
  PID:1956
- C:\Windows\System\EMEknrQ.exe
  C:\Windows\System\EMEknrQ.exe
  2⤵
  PID:8840
- C:\Windows\System\EFlcyBx.exe
  C:\Windows\System\EFlcyBx.exe
  2⤵
  PID:8996
- C:\Windows\System\ulSgmbC.exe
  C:\Windows\System\ulSgmbC.exe
  2⤵
  PID:9192
- C:\Windows\System\LSFgiTs.exe
  C:\Windows\System\LSFgiTs.exe
  2⤵
  PID:9656
- C:\Windows\System\dwEEpvI.exe
  C:\Windows\System\dwEEpvI.exe
  2⤵
  PID:9720
- C:\Windows\System\RLsrNKE.exe
  C:\Windows\System\RLsrNKE.exe
  2⤵
  PID:9816
- C:\Windows\System\mOWTeqb.exe
  C:\Windows\System\mOWTeqb.exe
  2⤵
  PID:9864
- C:\Windows\System\wkFbHgc.exe
  C:\Windows\System\wkFbHgc.exe
  2⤵
  PID:10036
- C:\Windows\System\VaLJcOP.exe
  C:\Windows\System\VaLJcOP.exe
  2⤵
  PID:10072
- C:\Windows\System\dZETvQS.exe
  C:\Windows\System\dZETvQS.exe
  2⤵
  PID:10152
- C:\Windows\System\Ffzemuq.exe
  C:\Windows\System\Ffzemuq.exe
  2⤵
  PID:10256
- C:\Windows\System\BzJCYMd.exe
  C:\Windows\System\BzJCYMd.exe
  2⤵
  PID:10276
- C:\Windows\System\oTmWYjm.exe
  C:\Windows\System\oTmWYjm.exe
  2⤵
  PID:10296
- C:\Windows\System\fXpstqV.exe
  C:\Windows\System\fXpstqV.exe
  2⤵
  PID:10316
- C:\Windows\System\mScQnLV.exe
  C:\Windows\System\mScQnLV.exe
  2⤵
  PID:10336
- C:\Windows\System\jhBXAzB.exe
  C:\Windows\System\jhBXAzB.exe
  2⤵
  PID:10356
- C:\Windows\System\FftOwWx.exe
  C:\Windows\System\FftOwWx.exe
  2⤵
  PID:10376
- C:\Windows\System\tvaordT.exe
  C:\Windows\System\tvaordT.exe
  2⤵
  PID:10400
- C:\Windows\System\yiBErjC.exe
  C:\Windows\System\yiBErjC.exe
  2⤵
  PID:10420
- C:\Windows\System\LHYrhDv.exe
  C:\Windows\System\LHYrhDv.exe
  2⤵
  PID:10440
- C:\Windows\System\ZANHSnm.exe
  C:\Windows\System\ZANHSnm.exe
  2⤵
  PID:10460
- C:\Windows\System\HaXrKEa.exe
  C:\Windows\System\HaXrKEa.exe
  2⤵
  PID:10480
- C:\Windows\System\xjiMwcF.exe
  C:\Windows\System\xjiMwcF.exe
  2⤵
  PID:10500
- C:\Windows\System\LZJvTPj.exe
  C:\Windows\System\LZJvTPj.exe
  2⤵
  PID:10520
- C:\Windows\System\vrAtprM.exe
  C:\Windows\System\vrAtprM.exe
  2⤵
  PID:10540
- C:\Windows\System\ykshieD.exe
  C:\Windows\System\ykshieD.exe
  2⤵
  PID:10560
- C:\Windows\System\egDcEEp.exe
  C:\Windows\System\egDcEEp.exe
  2⤵
  PID:10580
- C:\Windows\System\YzAKyHc.exe
  C:\Windows\System\YzAKyHc.exe
  2⤵
  PID:10696
- C:\Windows\System\lFwYdRz.exe
  C:\Windows\System\lFwYdRz.exe
  2⤵
  PID:10716
- C:\Windows\System\AVMgwJp.exe
  C:\Windows\System\AVMgwJp.exe
  2⤵
  PID:10736
- C:\Windows\System\pOOWiII.exe
  C:\Windows\System\pOOWiII.exe
  2⤵
  PID:10756
- C:\Windows\System\MzPbquB.exe
  C:\Windows\System\MzPbquB.exe
  2⤵
  PID:10776
- C:\Windows\System\KoKficG.exe
  C:\Windows\System\KoKficG.exe
  2⤵
  PID:10796
- C:\Windows\System\TkKdDuG.exe
  C:\Windows\System\TkKdDuG.exe
  2⤵
  PID:10816
- C:\Windows\System\ErEOrst.exe
  C:\Windows\System\ErEOrst.exe
  2⤵
  PID:10836
- C:\Windows\System\XdEwczi.exe
  C:\Windows\System\XdEwczi.exe
  2⤵
  PID:10856
- C:\Windows\System\lTvlxmP.exe
  C:\Windows\System\lTvlxmP.exe
  2⤵
  PID:10880
- C:\Windows\System\srRlAYy.exe
  C:\Windows\System\srRlAYy.exe
  2⤵
  PID:10900
- C:\Windows\System\CMjjXeI.exe
  C:\Windows\System\CMjjXeI.exe
  2⤵
  PID:10920
- C:\Windows\System\uGLRIAc.exe
  C:\Windows\System\uGLRIAc.exe
  2⤵
  PID:10940
- C:\Windows\System\RyJjiyz.exe
  C:\Windows\System\RyJjiyz.exe
  2⤵
  PID:10960
- C:\Windows\System\bPAalQg.exe
  C:\Windows\System\bPAalQg.exe
  2⤵
  PID:10980
- C:\Windows\System\vGWbFlJ.exe
  C:\Windows\System\vGWbFlJ.exe
  2⤵
  PID:11000
- C:\Windows\System\wVPZekn.exe
  C:\Windows\System\wVPZekn.exe
  2⤵
  PID:11020
- C:\Windows\System\tWyTuaK.exe
  C:\Windows\System\tWyTuaK.exe
  2⤵
  PID:11040
- C:\Windows\System\wWzyewg.exe
  C:\Windows\System\wWzyewg.exe
  2⤵
  PID:11060
- C:\Windows\System\lNdzfbg.exe
  C:\Windows\System\lNdzfbg.exe
  2⤵
  PID:11080
- C:\Windows\System\lRtBAGi.exe
  C:\Windows\System\lRtBAGi.exe
  2⤵
  PID:11100
- C:\Windows\System\KSfNbjY.exe
  C:\Windows\System\KSfNbjY.exe
  2⤵
  PID:11120
- C:\Windows\System\MtABZGv.exe
  C:\Windows\System\MtABZGv.exe
  2⤵
  PID:11140
- C:\Windows\System\dEcfeti.exe
  C:\Windows\System\dEcfeti.exe
  2⤵
  PID:11160
- C:\Windows\System\nDZWNkO.exe
  C:\Windows\System\nDZWNkO.exe
  2⤵
  PID:2264
- C:\Windows\System\VRrRfvs.exe
  C:\Windows\System\VRrRfvs.exe
  2⤵
  PID:8436
- C:\Windows\System\pRtuABU.exe
  C:\Windows\System\pRtuABU.exe
  2⤵
  PID:8592
- C:\Windows\System\MPAHlrz.exe
  C:\Windows\System\MPAHlrz.exe
  2⤵
  PID:8852
- C:\Windows\System\EnDKdzn.exe
  C:\Windows\System\EnDKdzn.exe
  2⤵
  PID:9772
- C:\Windows\System\YEGcqTm.exe
  C:\Windows\System\YEGcqTm.exe
  2⤵
  PID:9692
- C:\Windows\System\zHLxgGz.exe
  C:\Windows\System\zHLxgGz.exe
  2⤵
  PID:9800
- C:\Windows\System\CvYsOXS.exe
  C:\Windows\System\CvYsOXS.exe
  2⤵
  PID:10052
- C:\Windows\System\cFmOOcZ.exe
  C:\Windows\System\cFmOOcZ.exe
  2⤵
  PID:10116
- C:\Windows\System\qUjhYQn.exe
  C:\Windows\System\qUjhYQn.exe
  2⤵
  PID:10248
- C:\Windows\System\oOfeZiQ.exe
  C:\Windows\System\oOfeZiQ.exe
  2⤵
  PID:10268
- C:\Windows\System\aNbCinE.exe
  C:\Windows\System\aNbCinE.exe
  2⤵
  PID:10312
- C:\Windows\System\utzezSu.exe
  C:\Windows\System\utzezSu.exe
  2⤵
  PID:10364
- C:\Windows\System\KkeJmZC.exe
  C:\Windows\System\KkeJmZC.exe
  2⤵
  PID:10408
- C:\Windows\System\LTarSoK.exe
  C:\Windows\System\LTarSoK.exe
  2⤵
  PID:10448
- C:\Windows\System\TZYVbXc.exe
  C:\Windows\System\TZYVbXc.exe
  2⤵
  PID:10452
- C:\Windows\System\dcefMrR.exe
  C:\Windows\System\dcefMrR.exe
  2⤵
  PID:10496
- C:\Windows\System\iqRFfGB.exe
  C:\Windows\System\iqRFfGB.exe
  2⤵
  PID:10512
- C:\Windows\System\BDCefuF.exe
  C:\Windows\System\BDCefuF.exe
  2⤵
  PID:10576
- C:\Windows\System\kVdZYCi.exe
  C:\Windows\System\kVdZYCi.exe
  2⤵
  PID:10680
- C:\Windows\System\jXdrfLO.exe
  C:\Windows\System\jXdrfLO.exe
  2⤵
  PID:10744
- C:\Windows\System\pxbFOgC.exe
  C:\Windows\System\pxbFOgC.exe
  2⤵
  PID:10764
- C:\Windows\System\vWWzXaz.exe
  C:\Windows\System\vWWzXaz.exe
  2⤵
  PID:10768
- C:\Windows\System\lkJOvPz.exe
  C:\Windows\System\lkJOvPz.exe
  2⤵
  PID:10804
- C:\Windows\System\AqLGVle.exe
  C:\Windows\System\AqLGVle.exe
  2⤵
  PID:10992
- C:\Windows\System\WOSpbuW.exe
  C:\Windows\System\WOSpbuW.exe
  2⤵
  PID:11032
- C:\Windows\System\ImMxhAZ.exe
  C:\Windows\System\ImMxhAZ.exe
  2⤵
  PID:11068
- C:\Windows\System\oKfAGpf.exe
  C:\Windows\System\oKfAGpf.exe
  2⤵
  PID:11052
- C:\Windows\System\ZDnIRGJ.exe
  C:\Windows\System\ZDnIRGJ.exe
  2⤵
  PID:11088
- C:\Windows\System\DgabdGt.exe
  C:\Windows\System\DgabdGt.exe
  2⤵
  PID:11128
- C:\Windows\System\OHZUcmk.exe
  C:\Windows\System\OHZUcmk.exe
  2⤵
  PID:11156
- C:\Windows\System\nxjYyvv.exe
  C:\Windows\System\nxjYyvv.exe
  2⤵
  PID:8508
- C:\Windows\System\vpjljrs.exe
  C:\Windows\System\vpjljrs.exe
  2⤵
  PID:10220
- C:\Windows\System\bkLwvWX.exe
  C:\Windows\System\bkLwvWX.exe
  2⤵
  PID:8732
- C:\Windows\System\HshyyqB.exe
  C:\Windows\System\HshyyqB.exe
  2⤵
  PID:9012
- C:\Windows\System\sJFohgD.exe
  C:\Windows\System\sJFohgD.exe
  2⤵
  PID:9880
- C:\Windows\System\fmGQHBC.exe
  C:\Windows\System\fmGQHBC.exe
  2⤵
  PID:10080
- C:\Windows\System\jkRCOjy.exe
  C:\Windows\System\jkRCOjy.exe
  2⤵
  PID:10292
- C:\Windows\System\EJlrYXG.exe
  C:\Windows\System\EJlrYXG.exe
  2⤵
  PID:3440
- C:\Windows\System\NwMWeEU.exe
  C:\Windows\System\NwMWeEU.exe
  2⤵
  PID:10508
- C:\Windows\System\cJDjlrt.exe
  C:\Windows\System\cJDjlrt.exe
  2⤵
  PID:11028
- C:\Windows\System\JpisJLw.exe
  C:\Windows\System\JpisJLw.exe
  2⤵
  PID:11056
- C:\Windows\System\VuATjaE.exe
  C:\Windows\System\VuATjaE.exe
  2⤵
  PID:11112
- C:\Windows\System\ucsifkd.exe
  C:\Windows\System\ucsifkd.exe
  2⤵
  PID:10156
- C:\Windows\System\kiekXGR.exe
  C:\Windows\System\kiekXGR.exe
  2⤵
  PID:10556
- C:\Windows\System\pcNaboH.exe
  C:\Windows\System\pcNaboH.exe
  2⤵
  PID:2864
- C:\Windows\System\ZPqkVHq.exe
  C:\Windows\System\ZPqkVHq.exe
  2⤵
  PID:10528
- C:\Windows\System\jwRkzfm.exe
  C:\Windows\System\jwRkzfm.exe
  2⤵
  PID:2788
- C:\Windows\System\WkvKoIN.exe
  C:\Windows\System\WkvKoIN.exe
  2⤵
  PID:2732
- C:\Windows\System\vSwgjOi.exe
  C:\Windows\System\vSwgjOi.exe
  2⤵
  PID:10384
- C:\Windows\System\FMlDolt.exe
  C:\Windows\System\FMlDolt.exe
  2⤵
  PID:11132
- C:\Windows\System\YqFChik.exe
  C:\Windows\System\YqFChik.exe
  2⤵
  PID:8472
- C:\Windows\System\qbxiDup.exe
  C:\Windows\System\qbxiDup.exe
  2⤵
  PID:1448
- C:\Windows\System\UEEATIX.exe
  C:\Windows\System\UEEATIX.exe
  2⤵
  PID:2828
- C:\Windows\System\aciUyvX.exe
  C:\Windows\System\aciUyvX.exe
  2⤵
  PID:2724
- C:\Windows\System\WWVNPmQ.exe
  C:\Windows\System\WWVNPmQ.exe
  2⤵
  PID:2276
- C:\Windows\System\KvBSPJN.exe
  C:\Windows\System\KvBSPJN.exe
  2⤵
  PID:2096
- C:\Windows\System\djMytfW.exe
  C:\Windows\System\djMytfW.exe
  2⤵
  PID:8676
- C:\Windows\System\IcdJqmV.exe
  C:\Windows\System\IcdJqmV.exe
  2⤵
  PID:10532
- C:\Windows\System\QuFyYDN.exe
  C:\Windows\System\QuFyYDN.exe
  2⤵
  PID:11116
- C:\Windows\System\funkuBz.exe
  C:\Windows\System\funkuBz.exe
  2⤵
  PID:9776
- C:\Windows\System\RMuuqNW.exe
  C:\Windows\System\RMuuqNW.exe
  2⤵
  PID:2600
- C:\Windows\System\ATJRAhU.exe
  C:\Windows\System\ATJRAhU.exe
  2⤵
  PID:3064
- C:\Windows\System\IClcwEu.exe
  C:\Windows\System\IClcwEu.exe
  2⤵
  PID:776
- C:\Windows\System\kuhzhZB.exe
  C:\Windows\System\kuhzhZB.exe
  2⤵
  PID:10412
- C:\Windows\System\nMZEpUv.exe
  C:\Windows\System\nMZEpUv.exe
  2⤵
  PID:2020
- C:\Windows\System\eUdNytF.exe
  C:\Windows\System\eUdNytF.exe
  2⤵
  PID:2676
- C:\Windows\System\KcjZTqy.exe
  C:\Windows\System\KcjZTqy.exe
  2⤵
  PID:2932
- C:\Windows\System\OGzjgMJ.exe
  C:\Windows\System\OGzjgMJ.exe
  2⤵
  PID:2920
- C:\Windows\System\vMeXSMl.exe
  C:\Windows\System\vMeXSMl.exe
  2⤵
  PID:2628
- C:\Windows\System\dXMFulb.exe
  C:\Windows\System\dXMFulb.exe
  2⤵
  PID:1820
- C:\Windows\System\NSydxIz.exe
  C:\Windows\System\NSydxIz.exe
  2⤵
  PID:1592
- C:\Windows\System\rFAtCQC.exe
  C:\Windows\System\rFAtCQC.exe
  2⤵
  PID:2964
- C:\Windows\System\UCItEUj.exe
  C:\Windows\System\UCItEUj.exe
  2⤵
  PID:888
- C:\Windows\System\AiKDYHh.exe
  C:\Windows\System\AiKDYHh.exe
  2⤵
  PID:2540
- C:\Windows\System\FUHOpZf.exe
  C:\Windows\System\FUHOpZf.exe
  2⤵
  PID:1460
- C:\Windows\System\aXCJtPO.exe
  C:\Windows\System\aXCJtPO.exe
  2⤵
  PID:11048
- C:\Windows\System\iRHkFzF.exe
  C:\Windows\System\iRHkFzF.exe
  2⤵
  PID:11136
- C:\Windows\System\LFouMnS.exe
  C:\Windows\System\LFouMnS.exe
  2⤵
  PID:1240
- C:\Windows\System\FEHzSAt.exe
  C:\Windows\System\FEHzSAt.exe
  2⤵
  PID:1032
- C:\Windows\System\iEyxyiL.exe
  C:\Windows\System\iEyxyiL.exe
  2⤵
  PID:2480
- C:\Windows\System\vdDOyGh.exe
  C:\Windows\System\vdDOyGh.exe
  2⤵
  PID:1388
- C:\Windows\System\QRLchVT.exe
  C:\Windows\System\QRLchVT.exe
  2⤵
  PID:2572
- C:\Windows\System\ZqDOGWr.exe
  C:\Windows\System\ZqDOGWr.exe
  2⤵
  PID:10472
- C:\Windows\System\JiNrQAj.exe
  C:\Windows\System\JiNrQAj.exe
  2⤵
  PID:1080
- C:\Windows\System\KhyDbtq.exe
  C:\Windows\System\KhyDbtq.exe
  2⤵
  PID:2056
- C:\Windows\System\KQJrBKf.exe
  C:\Windows\System\KQJrBKf.exe
  2⤵
  PID:1072
- C:\Windows\System\gtFTFOo.exe
  C:\Windows\System\gtFTFOo.exe
  2⤵
  PID:1560
- C:\Windows\System\GTYpRxk.exe
  C:\Windows\System\GTYpRxk.exe
  2⤵
  PID:2104
- C:\Windows\System\hgbYdqF.exe
  C:\Windows\System\hgbYdqF.exe
  2⤵
  PID:11268
- C:\Windows\System\HTWNJen.exe
  C:\Windows\System\HTWNJen.exe
  2⤵
  PID:11288
- C:\Windows\System\cZMlNnv.exe
  C:\Windows\System\cZMlNnv.exe
  2⤵
  PID:11304
- C:\Windows\System\IsBuouj.exe
  C:\Windows\System\IsBuouj.exe
  2⤵
  PID:11320
- C:\Windows\System\rqvLhyf.exe
  C:\Windows\System\rqvLhyf.exe
  2⤵
  PID:11336
- C:\Windows\System\gfZUOcd.exe
  C:\Windows\System\gfZUOcd.exe
  2⤵
  PID:11356
- C:\Windows\System\IlylcNr.exe
  C:\Windows\System\IlylcNr.exe
  2⤵
  PID:11380
- C:\Windows\System\xMkqySi.exe
  C:\Windows\System\xMkqySi.exe
  2⤵
  PID:11396
- C:\Windows\System\RniWGoL.exe
  C:\Windows\System\RniWGoL.exe
  2⤵
  PID:11416
- C:\Windows\System\lHepWDV.exe
  C:\Windows\System\lHepWDV.exe
  2⤵
  PID:11436
- C:\Windows\System\pAICaPL.exe
  C:\Windows\System\pAICaPL.exe
  2⤵
  PID:11452
- C:\Windows\System\LGleRco.exe
  C:\Windows\System\LGleRco.exe
  2⤵
  PID:11476
- C:\Windows\System\xzUSDAB.exe
  C:\Windows\System\xzUSDAB.exe
  2⤵
  PID:11500
- C:\Windows\System\ipYGjKo.exe
  C:\Windows\System\ipYGjKo.exe
  2⤵
  PID:11560
- C:\Windows\System\LvnZeCL.exe
  C:\Windows\System\LvnZeCL.exe
  2⤵
  PID:11580
- C:\Windows\System\msxLMae.exe
  C:\Windows\System\msxLMae.exe
  2⤵
  PID:11596
- C:\Windows\System\uOdwAKT.exe
  C:\Windows\System\uOdwAKT.exe
  2⤵
  PID:11612
- C:\Windows\System\FRiFuzp.exe
  C:\Windows\System\FRiFuzp.exe
  2⤵
  PID:11636
- C:\Windows\System\uUBJozK.exe
  C:\Windows\System\uUBJozK.exe
  2⤵
  PID:11656
- C:\Windows\System\zASmqIz.exe
  C:\Windows\System\zASmqIz.exe
  2⤵
  PID:11676
- C:\Windows\System\WyEdkPg.exe
  C:\Windows\System\WyEdkPg.exe
  2⤵
  PID:11692
- C:\Windows\System\PLvguRG.exe
  C:\Windows\System\PLvguRG.exe
  2⤵
  PID:11720
- C:\Windows\System\ntyWNPL.exe
  C:\Windows\System\ntyWNPL.exe
  2⤵
  PID:11736
- C:\Windows\System\MUkTgly.exe
  C:\Windows\System\MUkTgly.exe
  2⤵
  PID:11752
- C:\Windows\System\QASwULI.exe
  C:\Windows\System\QASwULI.exe
  2⤵
  PID:11772
- C:\Windows\System\JXsEMmS.exe
  C:\Windows\System\JXsEMmS.exe
  2⤵
  PID:11792
- C:\Windows\System\zaHogOi.exe
  C:\Windows\System\zaHogOi.exe
  2⤵
  PID:11824
- C:\Windows\System\zjcnPGO.exe
  C:\Windows\System\zjcnPGO.exe
  2⤵
  PID:11840
- C:\Windows\System\FkHfJJL.exe
  C:\Windows\System\FkHfJJL.exe
  2⤵
  PID:11856
- C:\Windows\System\AOaXVwE.exe
  C:\Windows\System\AOaXVwE.exe
  2⤵
  PID:11880
- C:\Windows\System\CnFAmyH.exe
  C:\Windows\System\CnFAmyH.exe
  2⤵
  PID:11900
- C:\Windows\System\viGqnVw.exe
  C:\Windows\System\viGqnVw.exe
  2⤵
  PID:11916
- C:\Windows\System\WvUumzE.exe
  C:\Windows\System\WvUumzE.exe
  2⤵
  PID:11936
- C:\Windows\System\yPuamMj.exe
  C:\Windows\System\yPuamMj.exe
  2⤵
  PID:11952
- C:\Windows\System\FBwHNmf.exe
  C:\Windows\System\FBwHNmf.exe
  2⤵
  PID:11968
- C:\Windows\System\isOMHyb.exe
  C:\Windows\System\isOMHyb.exe
  2⤵
  PID:11992
- C:\Windows\System\ijVpxSe.exe
  C:\Windows\System\ijVpxSe.exe
  2⤵
  PID:12008
- C:\Windows\System\YVEChSY.exe
  C:\Windows\System\YVEChSY.exe
  2⤵
  PID:12028
- C:\Windows\System\zabttcp.exe
  C:\Windows\System\zabttcp.exe
  2⤵
  PID:12052
- C:\Windows\System\PKkWVSq.exe
  C:\Windows\System\PKkWVSq.exe
  2⤵
  PID:12068
- C:\Windows\System\GDVFxit.exe
  C:\Windows\System\GDVFxit.exe
  2⤵
  PID:12092
- C:\Windows\System\tkzjJkg.exe
  C:\Windows\System\tkzjJkg.exe
  2⤵
  PID:12112
- C:\Windows\System\XuZYgRj.exe
  C:\Windows\System\XuZYgRj.exe
  2⤵
  PID:12128
- C:\Windows\System\poodNOC.exe
  C:\Windows\System\poodNOC.exe
  2⤵
  PID:12152
- C:\Windows\System\xyJsbEZ.exe
  C:\Windows\System\xyJsbEZ.exe
  2⤵
  PID:12172
- C:\Windows\System\LLTOnFP.exe
  C:\Windows\System\LLTOnFP.exe
  2⤵
  PID:12196
- C:\Windows\System\rZWuLPT.exe
  C:\Windows\System\rZWuLPT.exe
  2⤵
  PID:12212
- C:\Windows\System\IMiqlrw.exe
  C:\Windows\System\IMiqlrw.exe
  2⤵
  PID:12236
- C:\Windows\System\fkeqZai.exe
  C:\Windows\System\fkeqZai.exe
  2⤵
  PID:12260
- C:\Windows\System\fcAZfwq.exe
  C:\Windows\System\fcAZfwq.exe
  2⤵
  PID:12280
- C:\Windows\System\mUyzcXv.exe
  C:\Windows\System\mUyzcXv.exe
  2⤵
  PID:11300
- C:\Windows\System\NubphFa.exe
  C:\Windows\System\NubphFa.exe
  2⤵
  PID:1088
- C:\Windows\System\ZovaARp.exe
  C:\Windows\System\ZovaARp.exe
  2⤵
  PID:11332
- C:\Windows\System\TiLCsFV.exe
  C:\Windows\System\TiLCsFV.exe
  2⤵
  PID:11376
- C:\Windows\System\GbfFLTZ.exe
  C:\Windows\System\GbfFLTZ.exe
  2⤵
  PID:11352
- C:\Windows\System\dFtRwFW.exe
  C:\Windows\System\dFtRwFW.exe
  2⤵
  PID:11392
- C:\Windows\System\BLtNoUN.exe
  C:\Windows\System\BLtNoUN.exe
  2⤵
  PID:11448
- C:\Windows\System\QVbgvgK.exe
  C:\Windows\System\QVbgvgK.exe
  2⤵
  PID:11492
- C:\Windows\System\MBUpJGR.exe
  C:\Windows\System\MBUpJGR.exe
  2⤵
  PID:11516
- C:\Windows\System\TEGosHT.exe
  C:\Windows\System\TEGosHT.exe
  2⤵
  PID:11528
- C:\Windows\System\DHTkxbv.exe
  C:\Windows\System\DHTkxbv.exe
  2⤵
  PID:11588
- C:\Windows\System\lxlENUP.exe
  C:\Windows\System\lxlENUP.exe
  2⤵
  PID:11624
- C:\Windows\System\TphIaOg.exe
  C:\Windows\System\TphIaOg.exe
  2⤵
  PID:11652
- C:\Windows\System\ZJhylhU.exe
  C:\Windows\System\ZJhylhU.exe
  2⤵
  PID:11684
- C:\Windows\System\MfhQtAj.exe
  C:\Windows\System\MfhQtAj.exe
  2⤵
  PID:11532
- C:\Windows\System\gBfMJnO.exe
  C:\Windows\System\gBfMJnO.exe
  2⤵
  PID:11768
- C:\Windows\System\KAdSgkf.exe
  C:\Windows\System\KAdSgkf.exe
  2⤵
  PID:11784
- C:\Windows\System\uZJUhox.exe
  C:\Windows\System\uZJUhox.exe
  2⤵
  PID:11812
- C:\Windows\System\dmjtDlp.exe
  C:\Windows\System\dmjtDlp.exe
  2⤵
  PID:11836
- C:\Windows\System\GGLdXcx.exe
  C:\Windows\System\GGLdXcx.exe
  2⤵
  PID:11924
- C:\Windows\System\NHKzDod.exe
  C:\Windows\System\NHKzDod.exe
  2⤵
  PID:11964
- C:\Windows\System\pFNtIdV.exe
  C:\Windows\System\pFNtIdV.exe
  2⤵
  PID:12044
- C:\Windows\System\smywXjW.exe
  C:\Windows\System\smywXjW.exe
  2⤵
  PID:11984
- C:\Windows\System\Zcyyyze.exe
  C:\Windows\System\Zcyyyze.exe
  2⤵
  PID:12124
- C:\Windows\System\UNqLoBU.exe
  C:\Windows\System\UNqLoBU.exe
  2⤵
  PID:12168
- C:\Windows\System\ICsYthQ.exe
  C:\Windows\System\ICsYthQ.exe
  2⤵
  PID:12016
- C:\Windows\System\qAvprkx.exe
  C:\Windows\System\qAvprkx.exe
  2⤵
  PID:12184
- C:\Windows\System\UBnJJnN.exe
  C:\Windows\System\UBnJJnN.exe
  2⤵
  PID:12100
- C:\Windows\System\WarwQCc.exe
  C:\Windows\System\WarwQCc.exe
  2⤵
  PID:12144
- C:\Windows\System\CJuekZF.exe
  C:\Windows\System\CJuekZF.exe
  2⤵
  PID:1320
- C:\Windows\System\XOJqgyy.exe
  C:\Windows\System\XOJqgyy.exe
  2⤵
  PID:12192
- C:\Windows\System\eaQJVgL.exe
  C:\Windows\System\eaQJVgL.exe
  2⤵
  PID:12276
- C:\Windows\System\EdaeJHJ.exe
  C:\Windows\System\EdaeJHJ.exe
  2⤵
  PID:11368
- C:\Windows\System\PvbMqLc.exe
  C:\Windows\System\PvbMqLc.exe
  2⤵
  PID:2796
- C:\Windows\System\KCCihPn.exe
  C:\Windows\System\KCCihPn.exe
  2⤵
  PID:11344
- C:\Windows\System\JqMgdGt.exe
  C:\Windows\System\JqMgdGt.exe
  2⤵
  PID:11428
- C:\Windows\System\GiBopAn.exe
  C:\Windows\System\GiBopAn.exe
  2⤵
  PID:11468
- C:\Windows\System\gbRLZSL.exe
  C:\Windows\System\gbRLZSL.exe
  2⤵
  PID:11520
- C:\Windows\System\mtpBmBM.exe
  C:\Windows\System\mtpBmBM.exe
  2⤵
  PID:11572
- C:\Windows\System\unWscTT.exe
  C:\Windows\System\unWscTT.exe
  2⤵
  PID:11668
- C:\Windows\System\VzLRaSc.exe
  C:\Windows\System\VzLRaSc.exe
  2⤵
  PID:11760
- C:\Windows\System\rLIICbR.exe
  C:\Windows\System\rLIICbR.exe
  2⤵
  PID:11748
- C:\Windows\System\QZINvCB.exe
  C:\Windows\System\QZINvCB.exe
  2⤵
  PID:11872
- C:\Windows\System\LbWveqt.exe
  C:\Windows\System\LbWveqt.exe
  2⤵
  PID:11932
- C:\Windows\System\NOWzIXk.exe
  C:\Windows\System\NOWzIXk.exe
  2⤵
  PID:12004
- C:\Windows\System\FANEQpA.exe
  C:\Windows\System\FANEQpA.exe
  2⤵
  PID:12076
- C:\Windows\System\HXQbJUW.exe
  C:\Windows\System\HXQbJUW.exe
  2⤵
  PID:12120
- C:\Windows\System\KUjimVW.exe
  C:\Windows\System\KUjimVW.exe
  2⤵
  PID:11948
- C:\Windows\System\MOCzuJz.exe
  C:\Windows\System\MOCzuJz.exe
  2⤵
  PID:12232
- C:\Windows\System\tlLJBNX.exe
  C:\Windows\System\tlLJBNX.exe
  2⤵
  PID:11424
- C:\Windows\System\VManwDX.exe
  C:\Windows\System\VManwDX.exe
  2⤵
  PID:12248
- C:\Windows\System\EWAnFtU.exe
  C:\Windows\System\EWAnFtU.exe
  2⤵
  PID:11316
- C:\Windows\System\TTmnMuk.exe
  C:\Windows\System\TTmnMuk.exe
  2⤵
  PID:12108
- C:\Windows\System\UnXhtqk.exe
  C:\Windows\System\UnXhtqk.exe
  2⤵
  PID:11644
- C:\Windows\System\QWxVLGh.exe
  C:\Windows\System\QWxVLGh.exe
  2⤵
  PID:11712
- C:\Windows\System\qaFrPGA.exe
  C:\Windows\System\qaFrPGA.exe
  2⤵
  PID:11808
- C:\Windows\System\RCObVTk.exe
  C:\Windows\System\RCObVTk.exe
  2⤵
  PID:11960
- C:\Windows\System\cymYppX.exe
  C:\Windows\System\cymYppX.exe
  2⤵
  PID:12180
- C:\Windows\System\pBHMkUi.exe
  C:\Windows\System\pBHMkUi.exe
  2⤵
  PID:12136
- C:\Windows\System\NnHwxix.exe
  C:\Windows\System\NnHwxix.exe
  2⤵
  PID:1340
- C:\Windows\System\CoKIGbO.exe
  C:\Windows\System\CoKIGbO.exe
  2⤵
  PID:11388
- C:\Windows\System\zDmutyg.exe
  C:\Windows\System\zDmutyg.exe
  2⤵
  PID:11568
- C:\Windows\System\mWZTVmE.exe
  C:\Windows\System\mWZTVmE.exe
  2⤵
  PID:12208
- C:\Windows\System\zjWbGEx.exe
  C:\Windows\System\zjWbGEx.exe
  2⤵
  PID:11464
- C:\Windows\System\kjoQzkF.exe
  C:\Windows\System\kjoQzkF.exe
  2⤵
  PID:11732
- C:\Windows\System\NEgOCBB.exe
  C:\Windows\System\NEgOCBB.exe
  2⤵
  PID:11672
- C:\Windows\System\ysvGLeG.exe
  C:\Windows\System\ysvGLeG.exe
  2⤵
  PID:12036
- C:\Windows\System\ILLWGoU.exe
  C:\Windows\System\ILLWGoU.exe
  2⤵
  PID:12084
- C:\Windows\System\LxQMnrc.exe
  C:\Windows\System\LxQMnrc.exe
  2⤵
  PID:11980
- C:\Windows\System\VhDwyYm.exe
  C:\Windows\System\VhDwyYm.exe
  2⤵
  PID:11328
- C:\Windows\System\iMJIbLP.exe
  C:\Windows\System\iMJIbLP.exe
  2⤵
  PID:11800
- C:\Windows\System\vKvTuSC.exe
  C:\Windows\System\vKvTuSC.exe
  2⤵
  PID:11908
- C:\Windows\System\AtQDfxf.exe
  C:\Windows\System\AtQDfxf.exe
  2⤵
  PID:2220
- C:\Windows\System\WRdCGbC.exe
  C:\Windows\System\WRdCGbC.exe
  2⤵
  PID:12064
- C:\Windows\System\hDYnDLp.exe
  C:\Windows\System\hDYnDLp.exe
  2⤵
  PID:11848
- C:\Windows\System\gaSSTHF.exe
  C:\Windows\System\gaSSTHF.exe
  2⤵
  PID:11896
- C:\Windows\System\zEXOJsL.exe
  C:\Windows\System\zEXOJsL.exe
  2⤵
  PID:12304
- C:\Windows\System\bJERWJw.exe
  C:\Windows\System\bJERWJw.exe
  2⤵
  PID:12320
- C:\Windows\System\LotFcoI.exe
  C:\Windows\System\LotFcoI.exe
  2⤵
  PID:12348
- C:\Windows\System\YFfpdJG.exe
  C:\Windows\System\YFfpdJG.exe
  2⤵
  PID:12364
- C:\Windows\System\GCRhvxR.exe
  C:\Windows\System\GCRhvxR.exe
  2⤵
  PID:12396
- C:\Windows\System\huOXdcS.exe
  C:\Windows\System\huOXdcS.exe
  2⤵
  PID:12412
- C:\Windows\System\JwaCMUB.exe
  C:\Windows\System\JwaCMUB.exe
  2⤵
  PID:12432
- C:\Windows\System\QpdrBtg.exe
  C:\Windows\System\QpdrBtg.exe
  2⤵
  PID:12452
- C:\Windows\System\HmYNlZf.exe
  C:\Windows\System\HmYNlZf.exe
  2⤵
  PID:12472
- C:\Windows\System\jctzuna.exe
  C:\Windows\System\jctzuna.exe
  2⤵
  PID:12492
- C:\Windows\System\rYHYLMV.exe
  C:\Windows\System\rYHYLMV.exe
  2⤵
  PID:12508
- C:\Windows\System\QLhqvEg.exe
  C:\Windows\System\QLhqvEg.exe
  2⤵
  PID:12528
- C:\Windows\System\FQTjVnr.exe
  C:\Windows\System\FQTjVnr.exe
  2⤵
  PID:12552
- C:\Windows\System\IelXHDE.exe
  C:\Windows\System\IelXHDE.exe
  2⤵
  PID:12568
- C:\Windows\System\NexqEDH.exe
  C:\Windows\System\NexqEDH.exe
  2⤵
  PID:12588
- C:\Windows\System\WBUxgyR.exe
  C:\Windows\System\WBUxgyR.exe
  2⤵
  PID:12612
- C:\Windows\System\kcbQxTx.exe
  C:\Windows\System\kcbQxTx.exe
  2⤵
  PID:12632
- C:\Windows\System\MzibrQp.exe
  C:\Windows\System\MzibrQp.exe
  2⤵
  PID:12652
- C:\Windows\System\suPwrkU.exe
  C:\Windows\System\suPwrkU.exe
  2⤵
  PID:12672
- C:\Windows\System\qgJogMj.exe
  C:\Windows\System\qgJogMj.exe
  2⤵
  PID:12692
- C:\Windows\System\QcVWqtl.exe
  C:\Windows\System\QcVWqtl.exe
  2⤵
  PID:12708
- C:\Windows\System\fYyzlcl.exe
  C:\Windows\System\fYyzlcl.exe
  2⤵
  PID:12724
- C:\Windows\System\MfuOmJb.exe
  C:\Windows\System\MfuOmJb.exe
  2⤵
  PID:12748
- C:\Windows\System\zBjArsW.exe
  C:\Windows\System\zBjArsW.exe
  2⤵
  PID:12768
- C:\Windows\System\NCdcMwt.exe
  C:\Windows\System\NCdcMwt.exe
  2⤵
  PID:12788
- C:\Windows\System\ynINhyi.exe
  C:\Windows\System\ynINhyi.exe
  2⤵
  PID:12804
- C:\Windows\System\vHyanZx.exe
  C:\Windows\System\vHyanZx.exe
  2⤵
  PID:12832
- C:\Windows\System\qBHiEXC.exe
  C:\Windows\System\qBHiEXC.exe
  2⤵
  PID:12852
- C:\Windows\System\lyPEIZD.exe
  C:\Windows\System\lyPEIZD.exe
  2⤵
  PID:12872
- C:\Windows\System\sLtbPyk.exe
  C:\Windows\System\sLtbPyk.exe
  2⤵
  PID:12888
- C:\Windows\System\xPduZPw.exe
  C:\Windows\System\xPduZPw.exe
  2⤵
  PID:12916
- C:\Windows\System\mHgPxGJ.exe
  C:\Windows\System\mHgPxGJ.exe
  2⤵
  PID:12932
- C:\Windows\System\VuUYkuY.exe
  C:\Windows\System\VuUYkuY.exe
  2⤵
  PID:12948
- C:\Windows\System\KWAlAEl.exe
  C:\Windows\System\KWAlAEl.exe
  2⤵
  PID:12964
- C:\Windows\System\cLegmKC.exe
  C:\Windows\System\cLegmKC.exe
  2⤵
  PID:12980
- C:\Windows\System\RLfoeGz.exe
  C:\Windows\System\RLfoeGz.exe
  2⤵
  PID:12996
- C:\Windows\System\ZUolAkf.exe
  C:\Windows\System\ZUolAkf.exe
  2⤵
  PID:13012
- C:\Windows\System\cqwCJxN.exe
  C:\Windows\System\cqwCJxN.exe
  2⤵
  PID:13028
- C:\Windows\System\Czzbrge.exe
  C:\Windows\System\Czzbrge.exe
  2⤵
  PID:13048
- C:\Windows\System\oziNbBK.exe
  C:\Windows\System\oziNbBK.exe
  2⤵
  PID:13080
- C:\Windows\System\eLCJhSB.exe
  C:\Windows\System\eLCJhSB.exe
  2⤵
  PID:13096
- C:\Windows\System\nPIuGyv.exe
  C:\Windows\System\nPIuGyv.exe
  2⤵
  PID:13128
- C:\Windows\System\ncnrvsF.exe
  C:\Windows\System\ncnrvsF.exe
  2⤵
  PID:13148
- C:\Windows\System\OmiylIY.exe
  C:\Windows\System\OmiylIY.exe
  2⤵
  PID:13172
- C:\Windows\System\FDrUnZr.exe
  C:\Windows\System\FDrUnZr.exe
  2⤵
  PID:13188
- C:\Windows\System\OLWLKHm.exe
  C:\Windows\System\OLWLKHm.exe
  2⤵
  PID:13204
- C:\Windows\System\TucDlPc.exe
  C:\Windows\System\TucDlPc.exe
  2⤵
  PID:13232
- C:\Windows\System\jXAameD.exe
  C:\Windows\System\jXAameD.exe
  2⤵
  PID:13260
- C:\Windows\System\VOfioRQ.exe
  C:\Windows\System\VOfioRQ.exe
  2⤵
  PID:13280
- C:\Windows\System\NESZgoM.exe
  C:\Windows\System\NESZgoM.exe
  2⤵
  PID:13296
- C:\Windows\System\pgVmLPy.exe
  C:\Windows\System\pgVmLPy.exe
  2⤵
  PID:12300
- C:\Windows\System\mIqrdUV.exe
  C:\Windows\System\mIqrdUV.exe
  2⤵
  PID:12024
- C:\Windows\System\VCFDOAj.exe
  C:\Windows\System\VCFDOAj.exe
  2⤵
  PID:11348
- C:\Windows\System\VNrbKXT.exe
  C:\Windows\System\VNrbKXT.exe
  2⤵
  PID:12360
- C:\Windows\System\xqNBeaF.exe
  C:\Windows\System\xqNBeaF.exe
  2⤵
  PID:12388
- C:\Windows\System\gANDCBJ.exe
  C:\Windows\System\gANDCBJ.exe
  2⤵
  PID:12420
- C:\Windows\System\VDGkkxO.exe
  C:\Windows\System\VDGkkxO.exe
  2⤵
  PID:12440
- C:\Windows\System\QdIutWP.exe
  C:\Windows\System\QdIutWP.exe
  2⤵
  PID:12480
- C:\Windows\System\cBybNsV.exe
  C:\Windows\System\cBybNsV.exe
  2⤵
  PID:12536
- C:\Windows\System\AhdlAZz.exe
  C:\Windows\System\AhdlAZz.exe
  2⤵
  PID:12516
- C:\Windows\System\DKgsyQv.exe
  C:\Windows\System\DKgsyQv.exe
  2⤵
  PID:12564
- C:\Windows\System\hjIhuNs.exe
  C:\Windows\System\hjIhuNs.exe
  2⤵
  PID:12608
- C:\Windows\System\RdxitUx.exe
  C:\Windows\System\RdxitUx.exe
  2⤵
  PID:12664
- C:\Windows\System\ziEpYPL.exe
  C:\Windows\System\ziEpYPL.exe
  2⤵
  PID:12732
- C:\Windows\System\XARsSHx.exe
  C:\Windows\System\XARsSHx.exe
  2⤵
  PID:12688
- C:\Windows\System\vTKnnsS.exe
  C:\Windows\System\vTKnnsS.exe
  2⤵
  PID:12776
- C:\Windows\System\GydmsOR.exe
  C:\Windows\System\GydmsOR.exe
  2⤵
  PID:12756
- C:\Windows\System\RGOgxtr.exe
  C:\Windows\System\RGOgxtr.exe
  2⤵
  PID:12816
- C:\Windows\System\NVUzjqQ.exe
  C:\Windows\System\NVUzjqQ.exe
  2⤵
  PID:12896
- C:\Windows\System\IfYuiNp.exe
  C:\Windows\System\IfYuiNp.exe
  2⤵
  PID:12844
- C:\Windows\System\UAlKlri.exe
  C:\Windows\System\UAlKlri.exe
  2⤵
  PID:12900
- C:\Windows\System\bXJZKoC.exe
  C:\Windows\System\bXJZKoC.exe
  2⤵
  PID:13008
- C:\Windows\System\gcacxzh.exe
  C:\Windows\System\gcacxzh.exe
  2⤵
  PID:13092
- C:\Windows\System\gEErdpr.exe
  C:\Windows\System\gEErdpr.exe
  2⤵
  PID:11508
- C:\Windows\System\VeFTMya.exe
  C:\Windows\System\VeFTMya.exe
  2⤵
  PID:13024
- C:\Windows\System\kzgsLYM.exe
  C:\Windows\System\kzgsLYM.exe
  2⤵
  PID:13072
- C:\Windows\System\hMPFfNq.exe
  C:\Windows\System\hMPFfNq.exe
  2⤵
  PID:13108
- C:\Windows\System\BlvLoDD.exe
  C:\Windows\System\BlvLoDD.exe
  2⤵
  PID:13160
- C:\Windows\System\aSWaZbq.exe
  C:\Windows\System\aSWaZbq.exe
  2⤵
  PID:13212
- C:\Windows\System\EEhyqek.exe
  C:\Windows\System\EEhyqek.exe
  2⤵
  PID:13220
- C:\Windows\System\XTBlnqh.exe
  C:\Windows\System\XTBlnqh.exe
  2⤵
  PID:13248
- C:\Windows\System\tDRvTme.exe
  C:\Windows\System\tDRvTme.exe
  2⤵
  PID:13272
- C:\Windows\System\dhGGEkN.exe
  C:\Windows\System\dhGGEkN.exe
  2⤵
  PID:12332
- C:\Windows\System\cQpNXkn.exe
  C:\Windows\System\cQpNXkn.exe
  2⤵
  PID:12088
- C:\Windows\System\yNUAfIi.exe
  C:\Windows\System\yNUAfIi.exe
  2⤵
  PID:12392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\APrwCUQ.exe

Filesize
6.0MB

MD5
0ef797028f818e12a6f82520895949ed

SHA1
e025ad0be1f05a6438f6067943531cb1ddf9aaf9

SHA256
52a82e5db2d546593570d5f342efb7a8429f260cef411b24862c80ee41b6febd

SHA512
7884e3213cb52faf9f910c4a36436cdde95eeb8075881ef552f8220d42b565a6f92dabdc4236f99ead0b1c983da6233e3a58b45f0292b19d60e9e59dfb839442

Download Submit
C:\Windows\system\IRkBJeq.exe

Filesize
6.0MB

MD5
8309d7b6690d61d05abab38d2765a8bb

SHA1
1f66e221aab32865934c8d2338bb42ed19518f6f

SHA256
113d258ed15fc29a9f06a1e9b97198c4ffac708c92d98efff108b7a6dd6f546a

SHA512
94cf0b7f4b7f256303d70dcf4e2197d52b24612c6c68557b8d75ebfb9978d1f93bda3ab5171fe19e7d4c5d83b2534a9e79e3e1407dd33aa71283c6b8b5d5ffb7

Download Submit
C:\Windows\system\LcIZejn.exe

Filesize
6.0MB

MD5
965ae3aa8c395c70679470a271a47dc8

SHA1
e688cfdf37896b71edca1d097a42bc6aff333aef

SHA256
274a04838571bf5d40d4f74105d7667cc07508527e57e76723abab0be322d309

SHA512
f1091418a2684b18bbb3faf488e58b6a10a0273b742255832e65b07cd7fc05270be17fb1e780d591196ed0a5563b52eacd2a462f9b326d4ca86799abd251f026

Download Submit
C:\Windows\system\LzuPUKf.exe

Filesize
6.0MB

MD5
3fe4c14953e646b32bfa27d9553118d4

SHA1
7721969b3d10bd4d168e4b4f31075d3daca24420

SHA256
7077665169ff82be9f0e915c83c787d41facdfcdec6b5ca1190b78d24f25d6ce

SHA512
0f2974077cbba9edcf01c541667d2829fae7930d93b13ce5a7dd109f37a0354d045cbb89e0405f26200c393bc82811b3fb161ae486670b684f30818b24037909

Download Submit
C:\Windows\system\MiJyHxT.exe

Filesize
6.0MB

MD5
fc482c9c186856638812257fd028624b

SHA1
fde74afe185808eb68b092d3672a54e6cf75de4f

SHA256
d55ff55769d10b2c34f009cbae23756fd6c5807d90f6008799d56f6818c681e5

SHA512
d9996014e7daec04d67987ea211b6c0406f4745fd33aebcf9e85c2cfe39f145fbbd4780f550946f99b51ba78924b2fdc3b832a8beae601b199885a21f875a41b

Download Submit
C:\Windows\system\SmpVuSo.exe

Filesize
6.0MB

MD5
394992ce4dea074227ce64f3c36c2a81

SHA1
76096c98923a60bbb286480f6155eaf8da75c470

SHA256
cf167ed30708a052d00f0c17261535f3d006afb1b1aed4b59a79d4af299bbc85

SHA512
05e349af9a3d4486fee36eb99427db2836689596e1277761ef58b579f58529db12841a4ab598714f9d143a932fff3f10f1aa3a0814cbcbcec9e6b081b5a69e52

Download Submit
C:\Windows\system\TLGeIoG.exe

Filesize
6.0MB

MD5
fccc9bfe08442d2fc032e61b799deab9

SHA1
9e77fd3a74aff9c3e754598d5d9d0c0e889a9d6b

SHA256
85915104a3f6be39ecd1033bb54d2b4034ba796867c4584c35d45a68916ca582

SHA512
c6d577bca17b46c01457015124865cb755aa2e2b84d612623ba55a26603554db7ebd6db9055f5cc7cc65b331adce1586cbbd937c0009298752d5f0753199650f

Download Submit
C:\Windows\system\TarTuOc.exe

Filesize
6.0MB

MD5
fa245e219f297e8054dc278dbfc759c5

SHA1
d05c74a721aca11ad2d08f56cafe090720cac8dd

SHA256
3a50e0a14c1bb750427bee2e61ffedb3efb91737820ebf967f52c85b5f9da1f0

SHA512
26d4b421f7b465e5a2cc4748e39f864875da8396a07ad10832092e81269f832c5d2f36f5dffb9d0e6cfb848605c3ecf1c952c5a25cc161e246225429c0b1b678

Download Submit
C:\Windows\system\TqkPfTo.exe

Filesize
6.0MB

MD5
47e1cdcdf7b1ad22b38736bc38955d2f

SHA1
b2158df7277b06583bc51f045deb09f64d96f6b5

SHA256
47df984647f5c30837511b90bec3febc4c69dc668309b4b4f24e0fea39e9d157

SHA512
281235f78679de0a6989a88c1e1b647bac8706052c221221479fd3be827fec55a0ccf601de228ce2bd5243023132ec0bd4dd70d5886d382333b58830675687b3

Download Submit
C:\Windows\system\ZOoJoLc.exe

Filesize
6.0MB

MD5
15a442fb912c6f7597967861ef7b5ee5

SHA1
5c2ed5af0d5a6b88a793cb2efbfd2dbaee035373

SHA256
0e1789c766098e6204e95f90d95a8686b4ec02e04062060550ea48a532344734

SHA512
70e5a677ac0831f943e57d48e898000539ab1799983b2191352c98c7163a83d6f172cbd5fee6f7cc2185533a45250300650d7c5cfedd2495ad71356a10351303

Download Submit
C:\Windows\system\adriUQC.exe

Filesize
6.0MB

MD5
23ea7d4fe73254cc04065dbf98092d19

SHA1
7a2ef811b686e96c9b6f4b39e1e619cbf2f521c6

SHA256
408decfab5915aceba6a2a42d599b9a5c8322b5345ef1538025d2293a82d6082

SHA512
d174b6d7ba2fa7f0abdf4259f43208fe8018369036c60bcf516c44a7897e281c7d67d6be05e3ac7ea92d0c50b0d415f40dc273bcae4ae33205d32bf304cfc8c0

Download Submit
C:\Windows\system\bDucGsx.exe

Filesize
6.0MB

MD5
4d4f2ee90fb73c2dcae3e6f4efbf6332

SHA1
5ba5c5517b780ddb4a90763a8c3832ec5473a04f

SHA256
b88b1e188ba5529b5e5f71fa51d92fba269cc7f3d122bb0cc9dac0a5d7aa411d

SHA512
15d846c09bfefcc2462258a7f44e883a689b41e8b39b4aed26c95addef4f734c15e6b3a720fd9ed242471c5065c3b1d860f818f7519599d83c20da95a5c1125e

Download Submit
C:\Windows\system\brhaUNe.exe

Filesize
6.0MB

MD5
91822e6070a8a34fcd83ea8f8b3c0513

SHA1
ed12bc01a55dac01c92eda143d8fb8dabc956b0f

SHA256
9c4cb2a6aeb39acda1135cd46adb6e516f8040a8d7c4b811636653f02fe3bbf3

SHA512
dee1ac8d27b9c90a9de4110647d1f2de0c7bb4d13e57724dc14579fcaae26ecee526fe1a19ed3c531ba7fbc98fd0a8ff871648e03b0411e3c53db9fbadb6ced8

Download Submit
C:\Windows\system\deDXIoS.exe

Filesize
6.0MB

MD5
7e60e38edde74378326e0100bda1a9e6

SHA1
9fc15bc89fbf908c792edd1f0be2ca311fcfd2a2

SHA256
374ee92baffde449cb42a52f6a6bf7d695fa741bcb8e5f2e0adc35b16f3f3402

SHA512
e7b4a59a51a010256346db3ea75a9a56265d0a19ea232c8aca1bb9c627b46e7e54077884dc4a4704e78159861a22ae7d42031fb5c69c699dafe29e1f4d1266b3

Download Submit
C:\Windows\system\eiddvRT.exe

Filesize
6.0MB

MD5
dcbba58b70f6d2007ef621dd9f46b1b5

SHA1
3bb5a9dc916efe07709235fb6637c256f4eb5b55

SHA256
8f6cf1362fffbf219e058654a9e7a493be57b03ee70f30754efdee5fdaa489cd

SHA512
06116d3acbd5a9e0155f40feffe21ac88c523996c126032b1d83d4ba4d4cbfe28a6e52b9f7e9e3ca41152d4b832a5a6e9faae3b8d33a5d3eb28698880ceee69e

Download Submit
C:\Windows\system\fGwQpJJ.exe

Filesize
6.0MB

MD5
1b77633074ed7bd0f984c9af89e0016d

SHA1
fe941a399527be3b6fb8c0cd6a869d1d400badb0

SHA256
9c5c64034f95b17236684765f07f31de6cebb2497aff53b0ccdc74efaa7d9eb3

SHA512
29837d805ba1939a9876a1722680168a0d866ba071d6aad92310cf07c8c46e68c3ed006902e237a86f5ef57410b0b86d9f372617b1aad446e3982297c0b6624a

Download Submit
C:\Windows\system\fUXxGVV.exe

Filesize
6.0MB

MD5
e7292187217acd334f0cb0bad81ddda6

SHA1
7078540e5efc4c6ea20b1f8c9ce6d161f0b152f1

SHA256
0ca491bbe0fa3b3096e40edf408352259e560e26c495eaf7c07bd00e1a25fccf

SHA512
4d5343ff83fe5451bddc344641132cde797b79b8b457476ea7570b57ca461199d39f7597db68228e86c338a95e7ff7ab3a4164353f53e1afe9fcbdf8ae371515

Download Submit
C:\Windows\system\hKtqvWI.exe

Filesize
6.0MB

MD5
d4b2709c8e2db1b866137626d876e282

SHA1
74592f8b33fe0cc265242476a8e978116c017065

SHA256
20bf23ab8af3df61ffcd1990441dc6e7456d69b548b5045d58991a2f28dd749f

SHA512
b17ca66c41c65eafc45ff680940950f32ae181d79598ba8fad1bf78489f43a08a28374ee29b7460e46f5b86964cd89d5db214c17618531f3abbd553ee6896a74

Download Submit
C:\Windows\system\lAUAHKe.exe

Filesize
6.0MB

MD5
51505140ca7044924e1edb639bc3103c

SHA1
4cf70f154e3fa7227c120ea9e4f2c9f771dd3a73

SHA256
33955ab3726a4523de9bf4fb2c7b5388e34bd764955b8bebc6ca819eb855f7cb

SHA512
028639ac6bbadc7e8d7b4bb574a06fbfcb1f127231b72608d407831b6640a76174130179a242e774b200221ddce11714ab6463f94599270d1f0262572c158e38

Download Submit
C:\Windows\system\mbaeynJ.exe

Filesize
6.0MB

MD5
ee69b983b0ab97af161aa58b8364fec0

SHA1
c76266a9d9417368ced660e0000dcdc058ed3a57

SHA256
a8632a479f0c98a404c21768aa3c7f6f0e996ed66d6b411a1713d4b161c8bb85

SHA512
c53af6f2513c6f536bb27d1e48a7a4994339fc5a0dcc5a67f036d5a33f1a70cb02d111d55744b9c1f483773d4cfdfd502517df427e2174c934f960f580331631

Download Submit
C:\Windows\system\pYxgBQP.exe

Filesize
6.0MB

MD5
9c25f4673ba4fd7ee1f1469ef8e40d67

SHA1
3f0dcbfbfb79f77a478ea6ca934ac9727e5699d2

SHA256
e736e164bd761076255d045f4d5d0552c9f2a2971f327c0ab2db164adf9c1a17

SHA512
3bc1d21fff640e10ca63f104e79816762e01d78eedae6e6591ffe90ad6c0d1cfd17b3848ddbf05aa4ed09cf75eca4747607351fb6d8990b122cf1e7153328ca3

Download Submit
C:\Windows\system\rrAbRbI.exe

Filesize
6.0MB

MD5
626032eb674c7a1c64e47b445e735048

SHA1
97ae83eb7d6e073e788fad9f3bedbb2276015cc0

SHA256
86174418d0798728e9cab78fe5a28e36a20d282dfefeef4dd521decd7e86c8f5

SHA512
b25d5ff1bc2802e0821f536986ed80d724c893462490db3118415870b72ad05eb2d2a33726cc0bd5506fff6b3e79d943e39ee1cf936012a1013e060df7dfad63

Download Submit
C:\Windows\system\sDOugtI.exe

Filesize
6.0MB

MD5
df798395fa240381b3e9c2f76b6557f6

SHA1
2fd271b5a86a316cfeb67952dc32bf16566e9a12

SHA256
492f02c4977a32890c1844a480cc5fcc023ba6b780aac888fb0f26835c76ff73

SHA512
1cb644df690b52c18aaa75c999dede6d064f4c563f79e275916e36daebae09c5f3df0619682adea8c34b0c0dd8f2e9b01db899eeee11b4bfd8e09acb53b939ac

Download Submit
C:\Windows\system\vgTJKaG.exe

Filesize
6.0MB

MD5
671d04f5b5e2dbf180b4a78891caf82d

SHA1
6385f45c7abca9a741e748f8a72195749cde0ae5

SHA256
8a3f3e0b1302219f593d2d0770f13cc278b9df9cf6716fc39db189d56ebb4df7

SHA512
575c0f21dc7ecfd3f4ba0cc80b9a26a4cdcbb08f568b76fd86f8ea0d54ca49ce477bab4c190c75622978460bad3e6d5c318c230c898565b8d9a54a5c0c519c96

Download Submit
C:\Windows\system\vrHPIzm.exe

Filesize
6.0MB

MD5
98008e5b30cbf476fd2416cbb41b4061

SHA1
709be25ff9136009f2f48c9d24e4ed5e38912469

SHA256
2e37b23a0314a243cd90e7d84c837f19a3fc0be5ed9d08bd4d52f0ae09561393

SHA512
243d891df98e4c2461044527305b8c52681794d8a2eb9109bf256a88ad96f9f47371afb46ffcb9a19bc1aecd1650bfef6ee7876a0c072e9ba597d5b8624ff038

Download Submit
C:\Windows\system\yFMJzsr.exe

Filesize
6.0MB

MD5
9e68fb73eb836f8209a36d0d18b073f8

SHA1
ea52079483aaf706f3c8882c80ecfc920e48b829

SHA256
0ad214a6c2f8d3a5cfc13f486c46e17028714615c14f3ef8db6181699804abf2

SHA512
be93ed8c0c9199f4b9bf89ba1488fd27d2249f6997264d8686d0855fca2e056fc24d966a0d8e928b2d760226f72e9f11de4b8dca2576d512e242e4eb53ff93a7

Download Submit
C:\Windows\system\yUWCUzn.exe

Filesize
6.0MB

MD5
4e7f4f98b1f495d8181ae264485923ca

SHA1
38d195b72a7771a42f26141c35c9858d60104bdd

SHA256
5aba18e5fef5c0b28f4297f14c3a94ffc4684444276603e42fa5edeeef96042b

SHA512
c1e93f4af3f6bf7e5dac0c31f8e1f5318d4130f9d545485ea960cf7fcbfc67391824cc44b65723079abc35a13cfa1b44f0901cf0afdaf6386c812e434e160581

Download Submit
C:\Windows\system\zXBpamc.exe

Filesize
6.0MB

MD5
f42dde56c25ea4788c8239c8cd4202cb

SHA1
288651f1f6e26d7ce17aed673a554af0aaa51b95

SHA256
7f600692a3e6982d02979101e489441fc6a7fab017b1b7b621307fcec85ef1d8

SHA512
72ab094166c5e57608e68bd5c783e82c76c681dd2fb0a86a52d8c88102f9a4220636c2670d9dd0cfd42ed47fd7613a3ce23bf1ff4451e4917dbd5f36b05bba1e

Download Submit
\Windows\system\QUVJpXq.exe

Filesize
6.0MB

MD5
e98e137be41a50234b98838da4a498f4

SHA1
acb92d7340a5e8db6ddd27b195df74a3134db046

SHA256
769c766bc2842e15855f710e02fd3f3b96a5cf9c0efaa7fe82fa4f67cda15052

SHA512
b1fae2318adc29b0c9d1743e8db0a2d49da0885c5609630f7197e3b917ce897802c085e6de80d5e5b382292e87047753f1cd731afd0a71b4ede1962954d436e8

Download Submit
\Windows\system\fvnbJNT.exe

Filesize
6.0MB

MD5
724f79ceb15876ad04714505a3e7b763

SHA1
8ec1de4380d26c3b1419d6bf018fcb2a481e1508

SHA256
593608dda073bbaa3873a4e0fce8526d1566067c3ebe310ea8b207228c0fcb61

SHA512
095827427e39e0d68e579958d6467dd56201ef5302d132a4011e49f8ce2bd698060e78dabb5b50c2fac66badc11fe9e436b6cc27d74acb8e39554be8da946429

Download Submit
\Windows\system\hojfkvh.exe

Filesize
6.0MB

MD5
e091d1bce0f7f90fb650a17e3b60c40f

SHA1
cbfe0da08feb6db26923dfd2824d744b0e5b8abc

SHA256
2afca23d5484f67da91ba874a0abe49284d6338eca2d804956b2902d9023263f

SHA512
cb5dee6d48d9adaaaf225a60453a747f7862d96ee861fb6a43409e1d4a43ab204b674745eb76320160994d8a34e014fa9041af45469cc7922b2c3481e48ddc0c

Download Submit
\Windows\system\pmJlgLY.exe

Filesize
6.0MB

MD5
845e977b2b59864f37f19a451795ce50

SHA1
289a6079166eb67915708070273100b4cc1618c7

SHA256
afe0cf5f619e5ec957455342e210114ee58fb7ab1419521afe4942505ba7800e

SHA512
5d649c8efdfe80d0809ca069c9efe7edf6d14992cf26dfe1443735146a3880abe5a751d909d8a74fa6961dfe41961920bd1fe1f94c6d167abaf4e84a9757f7ff

Download Submit
memory/788-13-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/788-43-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/788-3930-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/1040-88-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/1040-800-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/1040-4016-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/1792-521-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/1792-4015-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2016-52-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2016-87-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2016-4012-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2128-63-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-20-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-657-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2128-953-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2128-111-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-110-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-7-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2128-55-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-1258-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2128-102-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2128-101-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-15-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2128-0-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2128-33-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-93-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-92-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-1549-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-36-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2128-84-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2128-40-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2128-48-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2128-24-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2128-71-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2148-16-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2212-37-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-75-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-4017-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-1111-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-97-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2556-4018-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2556-106-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2556-1403-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2624-80-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2624-4010-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2624-44-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2632-4014-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-105-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-68-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-4011-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-96-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-60-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-4006-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-22-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-59-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-4005-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2844-28-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2844-67-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2856-4013-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-277-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download