cobaltstrike | 1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-12-2024 17:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
Size

6.0MB
MD5

f06f9795b6250f788d784215ea28ce33
SHA1

3b0286cd76864fab2166c3757a9d5320857d3a2d
SHA256

1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d
SHA512

e224d00e5278032a81d828700142b69d25fb42c617de3d2b1dc33d0b1f2903389130b48bbd35670ec65ff5d102805926dbb3004e28fbbeda8af1359749f4f16f
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lU4:eOl56utgpPF8u/74

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000700000001211a-3.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001706d-9.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173da-11.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173f1-21.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ea4-29.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017472-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017487-45.dat	cobalt_reflective_dll
behavioral1/files/0x0016000000018663-65.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001928c-99.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019353-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001937b-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946b-162.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194df-178.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c9-174.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ae-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946e-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019458-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944d-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019442-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019438-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019423-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a5-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019397-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001936b-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019356-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-70.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017525-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019266-79.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000174a2-51.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2108-0-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/files/0x000700000001211a-3.dat	xmrig
behavioral1/memory/1708-8-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/files/0x000900000001706d-9.dat	xmrig
behavioral1/memory/2372-13-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/files/0x00080000000173da-11.dat	xmrig
behavioral1/memory/1972-20-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/files/0x00070000000173f1-21.dat	xmrig
behavioral1/memory/2108-17-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2340-27-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016ea4-29.dat	xmrig
behavioral1/memory/2804-34-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2108-33-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000017472-36.dat	xmrig
behavioral1/memory/1708-40-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2860-41-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2372-43-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/files/0x0007000000017487-45.dat	xmrig
behavioral1/files/0x0016000000018663-65.dat	xmrig
behavioral1/memory/2340-69-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2772-80-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2204-81-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2644-88-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2632-90-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x000500000001928c-99.dat	xmrig
behavioral1/memory/2900-97-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/files/0x0005000000019353-110.dat	xmrig
behavioral1/files/0x000500000001937b-122.dat	xmrig
behavioral1/files/0x000500000001946b-162.dat	xmrig
behavioral1/memory/2108-505-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2204-268-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2772-203-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x00050000000194df-178.dat	xmrig
behavioral1/files/0x00050000000194c9-174.dat	xmrig
behavioral1/files/0x00050000000194ae-170.dat	xmrig
behavioral1/files/0x000500000001946e-166.dat	xmrig
behavioral1/files/0x000500000001945c-158.dat	xmrig
behavioral1/files/0x0005000000019458-154.dat	xmrig
behavioral1/files/0x000500000001944d-150.dat	xmrig
behavioral1/files/0x0005000000019442-146.dat	xmrig
behavioral1/files/0x0005000000019438-142.dat	xmrig
behavioral1/files/0x0005000000019426-138.dat	xmrig
behavioral1/files/0x0005000000019423-134.dat	xmrig
behavioral1/files/0x00050000000193a5-130.dat	xmrig
behavioral1/files/0x0005000000019397-126.dat	xmrig
behavioral1/files/0x000500000001936b-118.dat	xmrig
behavioral1/files/0x0005000000019356-114.dat	xmrig
behavioral1/memory/2108-108-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/1484-106-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2108-96-0x00000000023B0000-0x0000000002704000-memory.dmp	xmrig
behavioral1/files/0x0005000000019284-95.dat	xmrig
behavioral1/memory/2840-92-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2108-104-0x00000000023B0000-0x0000000002704000-memory.dmp	xmrig
behavioral1/memory/2804-76-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/files/0x0005000000019263-70.dat	xmrig
behavioral1/memory/3008-63-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2860-87-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/files/0x0008000000017525-85.dat	xmrig
behavioral1/files/0x0005000000019266-79.dat	xmrig
behavioral1/memory/1972-59-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2840-58-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x00070000000174a2-51.dat	xmrig
behavioral1/memory/2340-3767-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2644-3777-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1708	PgHTxIa.exe
2372	mEizGSk.exe
1972	EEcIRNF.exe
2340	pdxUDHH.exe
2804	vDYdryd.exe
2860	HDIDDWV.exe
2840	OijeQNL.exe
3008	kCOcVIc.exe
2772	IJzGZoc.exe
2204	HOVgzRO.exe
2644	xUbXAVE.exe
2632	mgBvdsG.exe
2900	jfTaJmY.exe
1484	EtKCrKe.exe
2112	YLKWoCJ.exe
2776	SokITek.exe
2968	PVneIuu.exe
3064	JIbYCmn.exe
2028	kGDdMBz.exe
2020	mPYbekj.exe
2956	QnriMsG.exe
2456	nGhYhln.exe
1180	SUlsbab.exe
1392	wEaRlOV.exe
2528	iVuRfBo.exe
2272	evftTiQ.exe
816	WIechvZ.exe
596	ZhSWybk.exe
1104	gWjvvld.exe
2536	PNlMOta.exe
2136	YgatNAO.exe
1620	vAoYUZv.exe
2244	yoPZNIx.exe
3024	ScHceDu.exe
3032	gtJQSBf.exe
1084	iKVouQx.exe
1960	MsPrPSB.exe
968	qpEcXIO.exe
304	gAazJhD.exe
1764	wbxAsAs.exe
2424	yKOvlsY.exe
1348	NFIkpEh.exe
1520	IDZjXqy.exe
1676	LsSiRUs.exe
1088	EPftLjP.exe
908	IQpGMnR.exe
2188	EXvZQcG.exe
2284	vIabXic.exe
728	GiAFjVs.exe
3056	sjmLEoN.exe
2072	EQbIQQJ.exe
3052	wallGJR.exe
2044	rtydmDc.exe
988	ZOafYjF.exe
2156	qWzgakZ.exe
1740	JJVVyyC.exe
856	WtgjNRo.exe
772	tbNWPUH.exe
768	pvybPeW.exe
1760	GQCfaWR.exe
2276	oVgwPrI.exe
2336	HXhBqLE.exe
1948	booaAWV.exe
1556	vJLSeRt.exe

Loads dropped DLL 64 IoCs

pid	Process
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2108-0-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/files/0x000700000001211a-3.dat	upx
behavioral1/memory/1708-8-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/files/0x000900000001706d-9.dat	upx
behavioral1/memory/2372-13-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/files/0x00080000000173da-11.dat	upx
behavioral1/memory/1972-20-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/files/0x00070000000173f1-21.dat	upx
behavioral1/memory/2340-27-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/files/0x0009000000016ea4-29.dat	upx
behavioral1/memory/2804-34-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2108-33-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/files/0x0007000000017472-36.dat	upx
behavioral1/memory/1708-40-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2860-41-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2372-43-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/files/0x0007000000017487-45.dat	upx
behavioral1/files/0x0016000000018663-65.dat	upx
behavioral1/memory/2340-69-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2772-80-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2204-81-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2644-88-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2632-90-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x000500000001928c-99.dat	upx
behavioral1/memory/2900-97-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/files/0x0005000000019353-110.dat	upx
behavioral1/files/0x000500000001937b-122.dat	upx
behavioral1/files/0x000500000001946b-162.dat	upx
behavioral1/memory/2204-268-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2772-203-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x00050000000194df-178.dat	upx
behavioral1/files/0x00050000000194c9-174.dat	upx
behavioral1/files/0x00050000000194ae-170.dat	upx
behavioral1/files/0x000500000001946e-166.dat	upx
behavioral1/files/0x000500000001945c-158.dat	upx
behavioral1/files/0x0005000000019458-154.dat	upx
behavioral1/files/0x000500000001944d-150.dat	upx
behavioral1/files/0x0005000000019442-146.dat	upx
behavioral1/files/0x0005000000019438-142.dat	upx
behavioral1/files/0x0005000000019426-138.dat	upx
behavioral1/files/0x0005000000019423-134.dat	upx
behavioral1/files/0x00050000000193a5-130.dat	upx
behavioral1/files/0x0005000000019397-126.dat	upx
behavioral1/files/0x000500000001936b-118.dat	upx
behavioral1/files/0x0005000000019356-114.dat	upx
behavioral1/memory/1484-106-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/files/0x0005000000019284-95.dat	upx
behavioral1/memory/2840-92-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2804-76-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/files/0x0005000000019263-70.dat	upx
behavioral1/memory/3008-63-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2860-87-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/files/0x0008000000017525-85.dat	upx
behavioral1/files/0x0005000000019266-79.dat	upx
behavioral1/memory/1972-59-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2840-58-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x00070000000174a2-51.dat	upx
behavioral1/memory/2340-3767-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2644-3777-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2840-3774-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2860-3773-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2772-3795-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2804-3793-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/3008-3786-0x000000013F710000-0x000000013FA64000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\NFIkpEh.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\LdiqGgy.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\RJpMDhE.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\MBrEBdN.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\gocnlgu.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\BYaLcdd.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\twJjfkh.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\qKbjyVc.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\HLIwtgX.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\CWEdYhL.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\OMGvGHF.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\cQzWWqX.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\rClshKu.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\IYwDDTS.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\MyItaAW.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\jFMDEHj.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\mKtYTvf.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\QHshTHI.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\pHCXPMn.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\nSHTUAO.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\XQLHlYB.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\gkXcnrn.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\QSfLHXc.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\QFtrpdE.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\HsnjdLQ.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\EwONlTU.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\GgsdarL.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\UsWvquN.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\VdxkhqB.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\lRLkmfm.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\zVIZvnB.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\AeQKMUp.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\QzEqJKb.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\RYPivwS.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\yoPZNIx.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\GLLUefl.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\hVgFqhM.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\cvMRdao.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\VBSukyc.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\AAUUbtM.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\VoFOUmM.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\bmYZjog.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\BbzvyBl.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\vQCpxyv.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\qNAbmSh.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\lIzUvoc.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\faqCaxm.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\SiHdiDN.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\pWMKpfS.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\BTcSVdb.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\JlOxzos.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\bzYEych.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\pySCikB.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\zdSNLtc.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\ivcJXdp.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\iKnjAel.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\ALYSdvt.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\ZZwHbDI.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\zapWIfm.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\TWCdiFK.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\LgKlLpD.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\BpLhshj.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\ZcrrOiE.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
File created	C:\Windows\System\IJzGZoc.exe	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 1708	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	31
PID 2108 wrote to memory of 1708	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	31
PID 2108 wrote to memory of 1708	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	31
PID 2108 wrote to memory of 2372	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	32
PID 2108 wrote to memory of 2372	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	32
PID 2108 wrote to memory of 2372	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	32
PID 2108 wrote to memory of 1972	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	33
PID 2108 wrote to memory of 1972	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	33
PID 2108 wrote to memory of 1972	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	33
PID 2108 wrote to memory of 2340	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	34
PID 2108 wrote to memory of 2340	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	34
PID 2108 wrote to memory of 2340	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	34
PID 2108 wrote to memory of 2804	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	35
PID 2108 wrote to memory of 2804	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	35
PID 2108 wrote to memory of 2804	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	35
PID 2108 wrote to memory of 2860	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	36
PID 2108 wrote to memory of 2860	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	36
PID 2108 wrote to memory of 2860	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	36
PID 2108 wrote to memory of 3008	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	37
PID 2108 wrote to memory of 3008	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	37
PID 2108 wrote to memory of 3008	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	37
PID 2108 wrote to memory of 2840	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	38
PID 2108 wrote to memory of 2840	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	38
PID 2108 wrote to memory of 2840	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	38
PID 2108 wrote to memory of 2644	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	39
PID 2108 wrote to memory of 2644	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	39
PID 2108 wrote to memory of 2644	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	39
PID 2108 wrote to memory of 2772	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	40
PID 2108 wrote to memory of 2772	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	40
PID 2108 wrote to memory of 2772	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	40
PID 2108 wrote to memory of 2632	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	41
PID 2108 wrote to memory of 2632	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	41
PID 2108 wrote to memory of 2632	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	41
PID 2108 wrote to memory of 2204	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	42
PID 2108 wrote to memory of 2204	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	42
PID 2108 wrote to memory of 2204	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	42
PID 2108 wrote to memory of 2900	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	43
PID 2108 wrote to memory of 2900	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	43
PID 2108 wrote to memory of 2900	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	43
PID 2108 wrote to memory of 1484	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	44
PID 2108 wrote to memory of 1484	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	44
PID 2108 wrote to memory of 1484	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	44
PID 2108 wrote to memory of 2112	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	45
PID 2108 wrote to memory of 2112	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	45
PID 2108 wrote to memory of 2112	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	45
PID 2108 wrote to memory of 2776	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	46
PID 2108 wrote to memory of 2776	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	46
PID 2108 wrote to memory of 2776	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	46
PID 2108 wrote to memory of 2968	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	47
PID 2108 wrote to memory of 2968	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	47
PID 2108 wrote to memory of 2968	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	47
PID 2108 wrote to memory of 3064	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	48
PID 2108 wrote to memory of 3064	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	48
PID 2108 wrote to memory of 3064	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	48
PID 2108 wrote to memory of 2028	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	49
PID 2108 wrote to memory of 2028	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	49
PID 2108 wrote to memory of 2028	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	49
PID 2108 wrote to memory of 2020	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	50
PID 2108 wrote to memory of 2020	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	50
PID 2108 wrote to memory of 2020	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	50
PID 2108 wrote to memory of 2956	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	51
PID 2108 wrote to memory of 2956	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	51
PID 2108 wrote to memory of 2956	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	51
PID 2108 wrote to memory of 2456	2108	JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1a4d820acf457d5d10804416ca1d86632dcb6c8e47f277c6201ff607f191849d.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Windows\System\PgHTxIa.exe
  C:\Windows\System\PgHTxIa.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\mEizGSk.exe
  C:\Windows\System\mEizGSk.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\EEcIRNF.exe
  C:\Windows\System\EEcIRNF.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\pdxUDHH.exe
  C:\Windows\System\pdxUDHH.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\vDYdryd.exe
  C:\Windows\System\vDYdryd.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\HDIDDWV.exe
  C:\Windows\System\HDIDDWV.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\kCOcVIc.exe
  C:\Windows\System\kCOcVIc.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\OijeQNL.exe
  C:\Windows\System\OijeQNL.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\xUbXAVE.exe
  C:\Windows\System\xUbXAVE.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\IJzGZoc.exe
  C:\Windows\System\IJzGZoc.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\mgBvdsG.exe
  C:\Windows\System\mgBvdsG.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\HOVgzRO.exe
  C:\Windows\System\HOVgzRO.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\jfTaJmY.exe
  C:\Windows\System\jfTaJmY.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\EtKCrKe.exe
  C:\Windows\System\EtKCrKe.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\YLKWoCJ.exe
  C:\Windows\System\YLKWoCJ.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\SokITek.exe
  C:\Windows\System\SokITek.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\PVneIuu.exe
  C:\Windows\System\PVneIuu.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\JIbYCmn.exe
  C:\Windows\System\JIbYCmn.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\kGDdMBz.exe
  C:\Windows\System\kGDdMBz.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\mPYbekj.exe
  C:\Windows\System\mPYbekj.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\QnriMsG.exe
  C:\Windows\System\QnriMsG.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\nGhYhln.exe
  C:\Windows\System\nGhYhln.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\SUlsbab.exe
  C:\Windows\System\SUlsbab.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\wEaRlOV.exe
  C:\Windows\System\wEaRlOV.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\iVuRfBo.exe
  C:\Windows\System\iVuRfBo.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\evftTiQ.exe
  C:\Windows\System\evftTiQ.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\WIechvZ.exe
  C:\Windows\System\WIechvZ.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\ZhSWybk.exe
  C:\Windows\System\ZhSWybk.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\gWjvvld.exe
  C:\Windows\System\gWjvvld.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\PNlMOta.exe
  C:\Windows\System\PNlMOta.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\YgatNAO.exe
  C:\Windows\System\YgatNAO.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\vAoYUZv.exe
  C:\Windows\System\vAoYUZv.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\yoPZNIx.exe
  C:\Windows\System\yoPZNIx.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\ScHceDu.exe
  C:\Windows\System\ScHceDu.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\gtJQSBf.exe
  C:\Windows\System\gtJQSBf.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\iKVouQx.exe
  C:\Windows\System\iKVouQx.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\MsPrPSB.exe
  C:\Windows\System\MsPrPSB.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\qpEcXIO.exe
  C:\Windows\System\qpEcXIO.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\gAazJhD.exe
  C:\Windows\System\gAazJhD.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\wbxAsAs.exe
  C:\Windows\System\wbxAsAs.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\yKOvlsY.exe
  C:\Windows\System\yKOvlsY.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\NFIkpEh.exe
  C:\Windows\System\NFIkpEh.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\IDZjXqy.exe
  C:\Windows\System\IDZjXqy.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\LsSiRUs.exe
  C:\Windows\System\LsSiRUs.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\EPftLjP.exe
  C:\Windows\System\EPftLjP.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\IQpGMnR.exe
  C:\Windows\System\IQpGMnR.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\EXvZQcG.exe
  C:\Windows\System\EXvZQcG.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\vIabXic.exe
  C:\Windows\System\vIabXic.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\GiAFjVs.exe
  C:\Windows\System\GiAFjVs.exe
  2⤵
  - Executes dropped EXE
  PID:728
- C:\Windows\System\sjmLEoN.exe
  C:\Windows\System\sjmLEoN.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\EQbIQQJ.exe
  C:\Windows\System\EQbIQQJ.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\wallGJR.exe
  C:\Windows\System\wallGJR.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\rtydmDc.exe
  C:\Windows\System\rtydmDc.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\ZOafYjF.exe
  C:\Windows\System\ZOafYjF.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\qWzgakZ.exe
  C:\Windows\System\qWzgakZ.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\JJVVyyC.exe
  C:\Windows\System\JJVVyyC.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\WtgjNRo.exe
  C:\Windows\System\WtgjNRo.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\tbNWPUH.exe
  C:\Windows\System\tbNWPUH.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\pvybPeW.exe
  C:\Windows\System\pvybPeW.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\GQCfaWR.exe
  C:\Windows\System\GQCfaWR.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\oVgwPrI.exe
  C:\Windows\System\oVgwPrI.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\HXhBqLE.exe
  C:\Windows\System\HXhBqLE.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\booaAWV.exe
  C:\Windows\System\booaAWV.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\vJLSeRt.exe
  C:\Windows\System\vJLSeRt.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\PKFvDXe.exe
  C:\Windows\System\PKFvDXe.exe
  2⤵
  PID:2436
- C:\Windows\System\UnFPoHA.exe
  C:\Windows\System\UnFPoHA.exe
  2⤵
  PID:1644
- C:\Windows\System\rBrqhCh.exe
  C:\Windows\System\rBrqhCh.exe
  2⤵
  PID:2092
- C:\Windows\System\MBrEBdN.exe
  C:\Windows\System\MBrEBdN.exe
  2⤵
  PID:2516
- C:\Windows\System\WIpaHRH.exe
  C:\Windows\System\WIpaHRH.exe
  2⤵
  PID:1716
- C:\Windows\System\xLXtOqf.exe
  C:\Windows\System\xLXtOqf.exe
  2⤵
  PID:2180
- C:\Windows\System\XlkePoe.exe
  C:\Windows\System\XlkePoe.exe
  2⤵
  PID:2832
- C:\Windows\System\IWxcawD.exe
  C:\Windows\System\IWxcawD.exe
  2⤵
  PID:1940
- C:\Windows\System\lJFsSVF.exe
  C:\Windows\System\lJFsSVF.exe
  2⤵
  PID:2544
- C:\Windows\System\KZfAXNW.exe
  C:\Windows\System\KZfAXNW.exe
  2⤵
  PID:2752
- C:\Windows\System\sBoDQaA.exe
  C:\Windows\System\sBoDQaA.exe
  2⤵
  PID:2608
- C:\Windows\System\GHhbhlp.exe
  C:\Windows\System\GHhbhlp.exe
  2⤵
  PID:2624
- C:\Windows\System\kmnJeAa.exe
  C:\Windows\System\kmnJeAa.exe
  2⤵
  PID:2852
- C:\Windows\System\qPcUpfr.exe
  C:\Windows\System\qPcUpfr.exe
  2⤵
  PID:2648
- C:\Windows\System\JgZbcIa.exe
  C:\Windows\System\JgZbcIa.exe
  2⤵
  PID:1856
- C:\Windows\System\URNvVUM.exe
  C:\Windows\System\URNvVUM.exe
  2⤵
  PID:2672
- C:\Windows\System\AINnCeY.exe
  C:\Windows\System\AINnCeY.exe
  2⤵
  PID:1488
- C:\Windows\System\XzEirkk.exe
  C:\Windows\System\XzEirkk.exe
  2⤵
  PID:2880
- C:\Windows\System\YfeWcZR.exe
  C:\Windows\System\YfeWcZR.exe
  2⤵
  PID:2236
- C:\Windows\System\ZKDGjsF.exe
  C:\Windows\System\ZKDGjsF.exe
  2⤵
  PID:2932
- C:\Windows\System\GgsdarL.exe
  C:\Windows\System\GgsdarL.exe
  2⤵
  PID:1720
- C:\Windows\System\GyTzwzu.exe
  C:\Windows\System\GyTzwzu.exe
  2⤵
  PID:1152
- C:\Windows\System\rRHheDE.exe
  C:\Windows\System\rRHheDE.exe
  2⤵
  PID:2552
- C:\Windows\System\hxSdVOu.exe
  C:\Windows\System\hxSdVOu.exe
  2⤵
  PID:2924
- C:\Windows\System\JPEEOjM.exe
  C:\Windows\System\JPEEOjM.exe
  2⤵
  PID:336
- C:\Windows\System\BxyuABE.exe
  C:\Windows\System\BxyuABE.exe
  2⤵
  PID:2580
- C:\Windows\System\lCsUDzo.exe
  C:\Windows\System\lCsUDzo.exe
  2⤵
  PID:1672
- C:\Windows\System\SPfMNht.exe
  C:\Windows\System\SPfMNht.exe
  2⤵
  PID:696
- C:\Windows\System\ZONMToQ.exe
  C:\Windows\System\ZONMToQ.exe
  2⤵
  PID:1092
- C:\Windows\System\uIbYcYm.exe
  C:\Windows\System\uIbYcYm.exe
  2⤵
  PID:620
- C:\Windows\System\uARMtzZ.exe
  C:\Windows\System\uARMtzZ.exe
  2⤵
  PID:776
- C:\Windows\System\NEWAcUu.exe
  C:\Windows\System\NEWAcUu.exe
  2⤵
  PID:1664
- C:\Windows\System\vQCpxyv.exe
  C:\Windows\System\vQCpxyv.exe
  2⤵
  PID:852
- C:\Windows\System\CSgKwwl.exe
  C:\Windows\System\CSgKwwl.exe
  2⤵
  PID:2348
- C:\Windows\System\AiqEVLe.exe
  C:\Windows\System\AiqEVLe.exe
  2⤵
  PID:1048
- C:\Windows\System\OQEVbVu.exe
  C:\Windows\System\OQEVbVu.exe
  2⤵
  PID:3044
- C:\Windows\System\iDnpESv.exe
  C:\Windows\System\iDnpESv.exe
  2⤵
  PID:2212
- C:\Windows\System\AkAKQYx.exe
  C:\Windows\System\AkAKQYx.exe
  2⤵
  PID:2252
- C:\Windows\System\VsnQjuV.exe
  C:\Windows\System\VsnQjuV.exe
  2⤵
  PID:1624
- C:\Windows\System\oDdLMHM.exe
  C:\Windows\System\oDdLMHM.exe
  2⤵
  PID:1728
- C:\Windows\System\pHLHfCA.exe
  C:\Windows\System\pHLHfCA.exe
  2⤵
  PID:2384
- C:\Windows\System\qWAWHGc.exe
  C:\Windows\System\qWAWHGc.exe
  2⤵
  PID:2404
- C:\Windows\System\qNAbmSh.exe
  C:\Windows\System\qNAbmSh.exe
  2⤵
  PID:1988
- C:\Windows\System\VRGISiK.exe
  C:\Windows\System\VRGISiK.exe
  2⤵
  PID:2412
- C:\Windows\System\rNIOjdI.exe
  C:\Windows\System\rNIOjdI.exe
  2⤵
  PID:344
- C:\Windows\System\MyxvRpO.exe
  C:\Windows\System\MyxvRpO.exe
  2⤵
  PID:1800
- C:\Windows\System\RqnjVSN.exe
  C:\Windows\System\RqnjVSN.exe
  2⤵
  PID:2800
- C:\Windows\System\SiHdiDN.exe
  C:\Windows\System\SiHdiDN.exe
  2⤵
  PID:2936
- C:\Windows\System\UqnXLcv.exe
  C:\Windows\System\UqnXLcv.exe
  2⤵
  PID:2612
- C:\Windows\System\wexPout.exe
  C:\Windows\System\wexPout.exe
  2⤵
  PID:2888
- C:\Windows\System\qooLHxD.exe
  C:\Windows\System\qooLHxD.exe
  2⤵
  PID:2904
- C:\Windows\System\HTZScRF.exe
  C:\Windows\System\HTZScRF.exe
  2⤵
  PID:2660
- C:\Windows\System\FfITQQC.exe
  C:\Windows\System\FfITQQC.exe
  2⤵
  PID:2708
- C:\Windows\System\tkxuUwy.exe
  C:\Windows\System\tkxuUwy.exe
  2⤵
  PID:2060
- C:\Windows\System\xbgXlvu.exe
  C:\Windows\System\xbgXlvu.exe
  2⤵
  PID:2400
- C:\Windows\System\oZwaNPu.exe
  C:\Windows\System\oZwaNPu.exe
  2⤵
  PID:2256
- C:\Windows\System\XzaVoYL.exe
  C:\Windows\System\XzaVoYL.exe
  2⤵
  PID:2232
- C:\Windows\System\vGESFFo.exe
  C:\Windows\System\vGESFFo.exe
  2⤵
  PID:1324
- C:\Windows\System\UOMDtly.exe
  C:\Windows\System\UOMDtly.exe
  2⤵
  PID:2468
- C:\Windows\System\GOvjMNz.exe
  C:\Windows\System\GOvjMNz.exe
  2⤵
  PID:2640
- C:\Windows\System\LIMoNzl.exe
  C:\Windows\System\LIMoNzl.exe
  2⤵
  PID:1932
- C:\Windows\System\FzmQIjk.exe
  C:\Windows\System\FzmQIjk.exe
  2⤵
  PID:1756
- C:\Windows\System\SLIiZYq.exe
  C:\Windows\System\SLIiZYq.exe
  2⤵
  PID:784
- C:\Windows\System\ATdyiqW.exe
  C:\Windows\System\ATdyiqW.exe
  2⤵
  PID:2096
- C:\Windows\System\ktikhVq.exe
  C:\Windows\System\ktikhVq.exe
  2⤵
  PID:2872
- C:\Windows\System\WJgHwRu.exe
  C:\Windows\System\WJgHwRu.exe
  2⤵
  PID:2568
- C:\Windows\System\pimrfYT.exe
  C:\Windows\System\pimrfYT.exe
  2⤵
  PID:2792
- C:\Windows\System\cDLKPZX.exe
  C:\Windows\System\cDLKPZX.exe
  2⤵
  PID:2000
- C:\Windows\System\oERXEge.exe
  C:\Windows\System\oERXEge.exe
  2⤵
  PID:1952
- C:\Windows\System\PgoEkiI.exe
  C:\Windows\System\PgoEkiI.exe
  2⤵
  PID:1540
- C:\Windows\System\qyzpZuY.exe
  C:\Windows\System\qyzpZuY.exe
  2⤵
  PID:292
- C:\Windows\System\VZoKpJO.exe
  C:\Windows\System\VZoKpJO.exe
  2⤵
  PID:2288
- C:\Windows\System\zapWIfm.exe
  C:\Windows\System\zapWIfm.exe
  2⤵
  PID:3076
- C:\Windows\System\LLDymWn.exe
  C:\Windows\System\LLDymWn.exe
  2⤵
  PID:3092
- C:\Windows\System\CgkjcBs.exe
  C:\Windows\System\CgkjcBs.exe
  2⤵
  PID:3108
- C:\Windows\System\mlcotok.exe
  C:\Windows\System\mlcotok.exe
  2⤵
  PID:3124
- C:\Windows\System\kEXlRLG.exe
  C:\Windows\System\kEXlRLG.exe
  2⤵
  PID:3140
- C:\Windows\System\UOzDmvg.exe
  C:\Windows\System\UOzDmvg.exe
  2⤵
  PID:3156
- C:\Windows\System\TxKCzJj.exe
  C:\Windows\System\TxKCzJj.exe
  2⤵
  PID:3172
- C:\Windows\System\aYSCFvr.exe
  C:\Windows\System\aYSCFvr.exe
  2⤵
  PID:3188
- C:\Windows\System\HKpZkEW.exe
  C:\Windows\System\HKpZkEW.exe
  2⤵
  PID:3204
- C:\Windows\System\VZZEVTT.exe
  C:\Windows\System\VZZEVTT.exe
  2⤵
  PID:3220
- C:\Windows\System\wiyXqfK.exe
  C:\Windows\System\wiyXqfK.exe
  2⤵
  PID:3236
- C:\Windows\System\cdkcyPE.exe
  C:\Windows\System\cdkcyPE.exe
  2⤵
  PID:3252
- C:\Windows\System\XDKzcGK.exe
  C:\Windows\System\XDKzcGK.exe
  2⤵
  PID:3268
- C:\Windows\System\GLLUefl.exe
  C:\Windows\System\GLLUefl.exe
  2⤵
  PID:3284
- C:\Windows\System\ZiTLAPq.exe
  C:\Windows\System\ZiTLAPq.exe
  2⤵
  PID:3300
- C:\Windows\System\ixXsbEe.exe
  C:\Windows\System\ixXsbEe.exe
  2⤵
  PID:3316
- C:\Windows\System\JyFFATP.exe
  C:\Windows\System\JyFFATP.exe
  2⤵
  PID:3332
- C:\Windows\System\HdJrygC.exe
  C:\Windows\System\HdJrygC.exe
  2⤵
  PID:3348
- C:\Windows\System\bHTvmEN.exe
  C:\Windows\System\bHTvmEN.exe
  2⤵
  PID:3364
- C:\Windows\System\cmSfLir.exe
  C:\Windows\System\cmSfLir.exe
  2⤵
  PID:3380
- C:\Windows\System\ZYaiHQI.exe
  C:\Windows\System\ZYaiHQI.exe
  2⤵
  PID:3396
- C:\Windows\System\rAHGxBG.exe
  C:\Windows\System\rAHGxBG.exe
  2⤵
  PID:3412
- C:\Windows\System\lKSAwpA.exe
  C:\Windows\System\lKSAwpA.exe
  2⤵
  PID:3428
- C:\Windows\System\CoooEXQ.exe
  C:\Windows\System\CoooEXQ.exe
  2⤵
  PID:3444
- C:\Windows\System\ZtMLQjV.exe
  C:\Windows\System\ZtMLQjV.exe
  2⤵
  PID:3460
- C:\Windows\System\FjxgGOr.exe
  C:\Windows\System\FjxgGOr.exe
  2⤵
  PID:3476
- C:\Windows\System\geXGldf.exe
  C:\Windows\System\geXGldf.exe
  2⤵
  PID:3492
- C:\Windows\System\DUtoexS.exe
  C:\Windows\System\DUtoexS.exe
  2⤵
  PID:3508
- C:\Windows\System\gYoqBUM.exe
  C:\Windows\System\gYoqBUM.exe
  2⤵
  PID:3524
- C:\Windows\System\bfmKzzI.exe
  C:\Windows\System\bfmKzzI.exe
  2⤵
  PID:3540
- C:\Windows\System\HxlacNQ.exe
  C:\Windows\System\HxlacNQ.exe
  2⤵
  PID:3556
- C:\Windows\System\ehSLeIq.exe
  C:\Windows\System\ehSLeIq.exe
  2⤵
  PID:3572
- C:\Windows\System\axiowqh.exe
  C:\Windows\System\axiowqh.exe
  2⤵
  PID:3588
- C:\Windows\System\jOYrCOi.exe
  C:\Windows\System\jOYrCOi.exe
  2⤵
  PID:3604
- C:\Windows\System\nhMXmQR.exe
  C:\Windows\System\nhMXmQR.exe
  2⤵
  PID:3624
- C:\Windows\System\rzEHfSl.exe
  C:\Windows\System\rzEHfSl.exe
  2⤵
  PID:3640
- C:\Windows\System\gaSMsAX.exe
  C:\Windows\System\gaSMsAX.exe
  2⤵
  PID:3656
- C:\Windows\System\hVgFqhM.exe
  C:\Windows\System\hVgFqhM.exe
  2⤵
  PID:3672
- C:\Windows\System\bZhDCXk.exe
  C:\Windows\System\bZhDCXk.exe
  2⤵
  PID:3688
- C:\Windows\System\LbgQigt.exe
  C:\Windows\System\LbgQigt.exe
  2⤵
  PID:3704
- C:\Windows\System\LnsiWVI.exe
  C:\Windows\System\LnsiWVI.exe
  2⤵
  PID:3720
- C:\Windows\System\GDYjFeC.exe
  C:\Windows\System\GDYjFeC.exe
  2⤵
  PID:3736
- C:\Windows\System\XCmqQOf.exe
  C:\Windows\System\XCmqQOf.exe
  2⤵
  PID:3752
- C:\Windows\System\PZMYNXq.exe
  C:\Windows\System\PZMYNXq.exe
  2⤵
  PID:3768
- C:\Windows\System\lARBrZK.exe
  C:\Windows\System\lARBrZK.exe
  2⤵
  PID:3784
- C:\Windows\System\qcmsgPs.exe
  C:\Windows\System\qcmsgPs.exe
  2⤵
  PID:3800
- C:\Windows\System\FFnoPMr.exe
  C:\Windows\System\FFnoPMr.exe
  2⤵
  PID:3816
- C:\Windows\System\KoPchpN.exe
  C:\Windows\System\KoPchpN.exe
  2⤵
  PID:3832
- C:\Windows\System\CuqJRdn.exe
  C:\Windows\System\CuqJRdn.exe
  2⤵
  PID:3848
- C:\Windows\System\wTvrASW.exe
  C:\Windows\System\wTvrASW.exe
  2⤵
  PID:3864
- C:\Windows\System\NAbCRJE.exe
  C:\Windows\System\NAbCRJE.exe
  2⤵
  PID:3880
- C:\Windows\System\vBRRlzJ.exe
  C:\Windows\System\vBRRlzJ.exe
  2⤵
  PID:3896
- C:\Windows\System\QeUPhHV.exe
  C:\Windows\System\QeUPhHV.exe
  2⤵
  PID:3912
- C:\Windows\System\kDtVNtQ.exe
  C:\Windows\System\kDtVNtQ.exe
  2⤵
  PID:3928
- C:\Windows\System\JvGPOVf.exe
  C:\Windows\System\JvGPOVf.exe
  2⤵
  PID:3944
- C:\Windows\System\FnjCDHp.exe
  C:\Windows\System\FnjCDHp.exe
  2⤵
  PID:3960
- C:\Windows\System\CAwWeFe.exe
  C:\Windows\System\CAwWeFe.exe
  2⤵
  PID:3976
- C:\Windows\System\qJLyVDD.exe
  C:\Windows\System\qJLyVDD.exe
  2⤵
  PID:3996
- C:\Windows\System\qRZLhvr.exe
  C:\Windows\System\qRZLhvr.exe
  2⤵
  PID:4012
- C:\Windows\System\lYVCoMq.exe
  C:\Windows\System\lYVCoMq.exe
  2⤵
  PID:4028
- C:\Windows\System\SbmEjfg.exe
  C:\Windows\System\SbmEjfg.exe
  2⤵
  PID:4048
- C:\Windows\System\rmTtJoi.exe
  C:\Windows\System\rmTtJoi.exe
  2⤵
  PID:4064
- C:\Windows\System\LGdPNzr.exe
  C:\Windows\System\LGdPNzr.exe
  2⤵
  PID:4080
- C:\Windows\System\lvbruiD.exe
  C:\Windows\System\lvbruiD.exe
  2⤵
  PID:1984
- C:\Windows\System\GwjeEFn.exe
  C:\Windows\System\GwjeEFn.exe
  2⤵
  PID:2388
- C:\Windows\System\jQHraTh.exe
  C:\Windows\System\jQHraTh.exe
  2⤵
  PID:2756
- C:\Windows\System\yVrrRtJ.exe
  C:\Windows\System\yVrrRtJ.exe
  2⤵
  PID:2892
- C:\Windows\System\vndqByW.exe
  C:\Windows\System\vndqByW.exe
  2⤵
  PID:3012
- C:\Windows\System\gEqjEOI.exe
  C:\Windows\System\gEqjEOI.exe
  2⤵
  PID:1596
- C:\Windows\System\XRYhRdd.exe
  C:\Windows\System\XRYhRdd.exe
  2⤵
  PID:3084
- C:\Windows\System\GzRbhNU.exe
  C:\Windows\System\GzRbhNU.exe
  2⤵
  PID:3116
- C:\Windows\System\wnngtXz.exe
  C:\Windows\System\wnngtXz.exe
  2⤵
  PID:3148
- C:\Windows\System\qGjBIZk.exe
  C:\Windows\System\qGjBIZk.exe
  2⤵
  PID:3196
- C:\Windows\System\RmiFgaE.exe
  C:\Windows\System\RmiFgaE.exe
  2⤵
  PID:3212
- C:\Windows\System\XsdIxwx.exe
  C:\Windows\System\XsdIxwx.exe
  2⤵
  PID:3244
- C:\Windows\System\ZxELtFG.exe
  C:\Windows\System\ZxELtFG.exe
  2⤵
  PID:3264
- C:\Windows\System\fGbIAKD.exe
  C:\Windows\System\fGbIAKD.exe
  2⤵
  PID:3296
- C:\Windows\System\DdeebZZ.exe
  C:\Windows\System\DdeebZZ.exe
  2⤵
  PID:3328
- C:\Windows\System\sgOCJlf.exe
  C:\Windows\System\sgOCJlf.exe
  2⤵
  PID:3360
- C:\Windows\System\eborZOL.exe
  C:\Windows\System\eborZOL.exe
  2⤵
  PID:3392
- C:\Windows\System\KNUkBeH.exe
  C:\Windows\System\KNUkBeH.exe
  2⤵
  PID:3424
- C:\Windows\System\gocnlgu.exe
  C:\Windows\System\gocnlgu.exe
  2⤵
  PID:3456
- C:\Windows\System\IatWSGo.exe
  C:\Windows\System\IatWSGo.exe
  2⤵
  PID:3488
- C:\Windows\System\HVoojdh.exe
  C:\Windows\System\HVoojdh.exe
  2⤵
  PID:3520
- C:\Windows\System\stQaFRb.exe
  C:\Windows\System\stQaFRb.exe
  2⤵
  PID:3536
- C:\Windows\System\JAxOuwe.exe
  C:\Windows\System\JAxOuwe.exe
  2⤵
  PID:3584
- C:\Windows\System\eHAimBM.exe
  C:\Windows\System\eHAimBM.exe
  2⤵
  PID:3616
- C:\Windows\System\BBqvyjs.exe
  C:\Windows\System\BBqvyjs.exe
  2⤵
  PID:3636
- C:\Windows\System\EHMOKPf.exe
  C:\Windows\System\EHMOKPf.exe
  2⤵
  PID:3684
- C:\Windows\System\TWCdiFK.exe
  C:\Windows\System\TWCdiFK.exe
  2⤵
  PID:3716
- C:\Windows\System\XEchCgL.exe
  C:\Windows\System\XEchCgL.exe
  2⤵
  PID:3748
- C:\Windows\System\QUwsgHv.exe
  C:\Windows\System\QUwsgHv.exe
  2⤵
  PID:3780
- C:\Windows\System\BYQysOL.exe
  C:\Windows\System\BYQysOL.exe
  2⤵
  PID:3812
- C:\Windows\System\ALCQmYo.exe
  C:\Windows\System\ALCQmYo.exe
  2⤵
  PID:3844
- C:\Windows\System\eGeCoPa.exe
  C:\Windows\System\eGeCoPa.exe
  2⤵
  PID:3620
- C:\Windows\System\kGjGddm.exe
  C:\Windows\System\kGjGddm.exe
  2⤵
  PID:3904
- C:\Windows\System\brIjMUi.exe
  C:\Windows\System\brIjMUi.exe
  2⤵
  PID:3936
- C:\Windows\System\fogITqR.exe
  C:\Windows\System\fogITqR.exe
  2⤵
  PID:3956
- C:\Windows\System\HwTvMlM.exe
  C:\Windows\System\HwTvMlM.exe
  2⤵
  PID:4004
- C:\Windows\System\rhQlaNw.exe
  C:\Windows\System\rhQlaNw.exe
  2⤵
  PID:4036
- C:\Windows\System\NqkwyYQ.exe
  C:\Windows\System\NqkwyYQ.exe
  2⤵
  PID:4072
- C:\Windows\System\TpQVZBR.exe
  C:\Windows\System\TpQVZBR.exe
  2⤵
  PID:4092
- C:\Windows\System\DpVdqeD.exe
  C:\Windows\System\DpVdqeD.exe
  2⤵
  PID:1700
- C:\Windows\System\QPhuTOm.exe
  C:\Windows\System\QPhuTOm.exe
  2⤵
  PID:1912
- C:\Windows\System\YxHLItM.exe
  C:\Windows\System\YxHLItM.exe
  2⤵
  PID:3060
- C:\Windows\System\gzoCLdq.exe
  C:\Windows\System\gzoCLdq.exe
  2⤵
  PID:3136
- C:\Windows\System\MXHgRpJ.exe
  C:\Windows\System\MXHgRpJ.exe
  2⤵
  PID:3200
- C:\Windows\System\ELIcVIW.exe
  C:\Windows\System\ELIcVIW.exe
  2⤵
  PID:3280
- C:\Windows\System\lwzyDjh.exe
  C:\Windows\System\lwzyDjh.exe
  2⤵
  PID:3344
- C:\Windows\System\DcGPyRt.exe
  C:\Windows\System\DcGPyRt.exe
  2⤵
  PID:3408
- C:\Windows\System\LssmMnV.exe
  C:\Windows\System\LssmMnV.exe
  2⤵
  PID:3440
- C:\Windows\System\UuKwyDp.exe
  C:\Windows\System\UuKwyDp.exe
  2⤵
  PID:3548
- C:\Windows\System\ZqfCKFD.exe
  C:\Windows\System\ZqfCKFD.exe
  2⤵
  PID:3600
- C:\Windows\System\pHCXPMn.exe
  C:\Windows\System\pHCXPMn.exe
  2⤵
  PID:3648
- C:\Windows\System\iBlASFR.exe
  C:\Windows\System\iBlASFR.exe
  2⤵
  PID:3700
- C:\Windows\System\ZNydZDb.exe
  C:\Windows\System\ZNydZDb.exe
  2⤵
  PID:3764
- C:\Windows\System\hOMBpIj.exe
  C:\Windows\System\hOMBpIj.exe
  2⤵
  PID:3840
- C:\Windows\System\ocCThCs.exe
  C:\Windows\System\ocCThCs.exe
  2⤵
  PID:3876
- C:\Windows\System\GbyqBph.exe
  C:\Windows\System\GbyqBph.exe
  2⤵
  PID:3940
- C:\Windows\System\ICpNaVq.exe
  C:\Windows\System\ICpNaVq.exe
  2⤵
  PID:4008
- C:\Windows\System\eItKqgu.exe
  C:\Windows\System\eItKqgu.exe
  2⤵
  PID:4060
- C:\Windows\System\qDDZnKJ.exe
  C:\Windows\System\qDDZnKJ.exe
  2⤵
  PID:2628
- C:\Windows\System\mfxgJeC.exe
  C:\Windows\System\mfxgJeC.exe
  2⤵
  PID:3100
- C:\Windows\System\oXpXgGZ.exe
  C:\Windows\System\oXpXgGZ.exe
  2⤵
  PID:3184
- C:\Windows\System\OkXACfw.exe
  C:\Windows\System\OkXACfw.exe
  2⤵
  PID:2176
- C:\Windows\System\ZQsnKkr.exe
  C:\Windows\System\ZQsnKkr.exe
  2⤵
  PID:3472
- C:\Windows\System\gklKZWx.exe
  C:\Windows\System\gklKZWx.exe
  2⤵
  PID:3484
- C:\Windows\System\krePHPK.exe
  C:\Windows\System\krePHPK.exe
  2⤵
  PID:3668
- C:\Windows\System\SnXUkEA.exe
  C:\Windows\System\SnXUkEA.exe
  2⤵
  PID:3796
- C:\Windows\System\eovcXat.exe
  C:\Windows\System\eovcXat.exe
  2⤵
  PID:3920
- C:\Windows\System\VqnDPBF.exe
  C:\Windows\System\VqnDPBF.exe
  2⤵
  PID:4108
- C:\Windows\System\luMqdiZ.exe
  C:\Windows\System\luMqdiZ.exe
  2⤵
  PID:4124
- C:\Windows\System\qzeaRKs.exe
  C:\Windows\System\qzeaRKs.exe
  2⤵
  PID:4140
- C:\Windows\System\MVQHEhb.exe
  C:\Windows\System\MVQHEhb.exe
  2⤵
  PID:4156
- C:\Windows\System\GxmJDYV.exe
  C:\Windows\System\GxmJDYV.exe
  2⤵
  PID:4172
- C:\Windows\System\ULcCPby.exe
  C:\Windows\System\ULcCPby.exe
  2⤵
  PID:4188
- C:\Windows\System\nSHTUAO.exe
  C:\Windows\System\nSHTUAO.exe
  2⤵
  PID:4204
- C:\Windows\System\gikulXP.exe
  C:\Windows\System\gikulXP.exe
  2⤵
  PID:4220
- C:\Windows\System\pcMQVfG.exe
  C:\Windows\System\pcMQVfG.exe
  2⤵
  PID:4236
- C:\Windows\System\iupfnFZ.exe
  C:\Windows\System\iupfnFZ.exe
  2⤵
  PID:4252
- C:\Windows\System\PPViwCH.exe
  C:\Windows\System\PPViwCH.exe
  2⤵
  PID:4268
- C:\Windows\System\WHiaPTp.exe
  C:\Windows\System\WHiaPTp.exe
  2⤵
  PID:4288
- C:\Windows\System\nbCAyyF.exe
  C:\Windows\System\nbCAyyF.exe
  2⤵
  PID:4304
- C:\Windows\System\RstWNQn.exe
  C:\Windows\System\RstWNQn.exe
  2⤵
  PID:4320
- C:\Windows\System\QRQUFkT.exe
  C:\Windows\System\QRQUFkT.exe
  2⤵
  PID:4336
- C:\Windows\System\wFbqOAs.exe
  C:\Windows\System\wFbqOAs.exe
  2⤵
  PID:4352
- C:\Windows\System\IMYkcgy.exe
  C:\Windows\System\IMYkcgy.exe
  2⤵
  PID:4368
- C:\Windows\System\MVDbbHf.exe
  C:\Windows\System\MVDbbHf.exe
  2⤵
  PID:4384
- C:\Windows\System\nJGLISw.exe
  C:\Windows\System\nJGLISw.exe
  2⤵
  PID:4400
- C:\Windows\System\HhRTKzX.exe
  C:\Windows\System\HhRTKzX.exe
  2⤵
  PID:4416
- C:\Windows\System\jaZaDln.exe
  C:\Windows\System\jaZaDln.exe
  2⤵
  PID:4432
- C:\Windows\System\pWMKpfS.exe
  C:\Windows\System\pWMKpfS.exe
  2⤵
  PID:4448
- C:\Windows\System\MxZfoNy.exe
  C:\Windows\System\MxZfoNy.exe
  2⤵
  PID:4464
- C:\Windows\System\gcQaiUc.exe
  C:\Windows\System\gcQaiUc.exe
  2⤵
  PID:4480
- C:\Windows\System\UhKzlYk.exe
  C:\Windows\System\UhKzlYk.exe
  2⤵
  PID:4496
- C:\Windows\System\vptKKsP.exe
  C:\Windows\System\vptKKsP.exe
  2⤵
  PID:4512
- C:\Windows\System\dHZOEgr.exe
  C:\Windows\System\dHZOEgr.exe
  2⤵
  PID:4528
- C:\Windows\System\qIcPwQg.exe
  C:\Windows\System\qIcPwQg.exe
  2⤵
  PID:4544
- C:\Windows\System\iQFUAod.exe
  C:\Windows\System\iQFUAod.exe
  2⤵
  PID:4560
- C:\Windows\System\ANoMpzc.exe
  C:\Windows\System\ANoMpzc.exe
  2⤵
  PID:4576
- C:\Windows\System\BnbbnZP.exe
  C:\Windows\System\BnbbnZP.exe
  2⤵
  PID:4592
- C:\Windows\System\ZdktZfW.exe
  C:\Windows\System\ZdktZfW.exe
  2⤵
  PID:4608
- C:\Windows\System\SiHyTAx.exe
  C:\Windows\System\SiHyTAx.exe
  2⤵
  PID:4624
- C:\Windows\System\EYiYNmH.exe
  C:\Windows\System\EYiYNmH.exe
  2⤵
  PID:4640
- C:\Windows\System\uImZCgU.exe
  C:\Windows\System\uImZCgU.exe
  2⤵
  PID:4656
- C:\Windows\System\utznIrX.exe
  C:\Windows\System\utznIrX.exe
  2⤵
  PID:4672
- C:\Windows\System\naQQhHf.exe
  C:\Windows\System\naQQhHf.exe
  2⤵
  PID:4688
- C:\Windows\System\QdCwpJq.exe
  C:\Windows\System\QdCwpJq.exe
  2⤵
  PID:4704
- C:\Windows\System\xsENVcQ.exe
  C:\Windows\System\xsENVcQ.exe
  2⤵
  PID:4720
- C:\Windows\System\xSrJWCo.exe
  C:\Windows\System\xSrJWCo.exe
  2⤵
  PID:4736
- C:\Windows\System\fHxCYbh.exe
  C:\Windows\System\fHxCYbh.exe
  2⤵
  PID:4752
- C:\Windows\System\mePlhUb.exe
  C:\Windows\System\mePlhUb.exe
  2⤵
  PID:4768
- C:\Windows\System\AelrsqB.exe
  C:\Windows\System\AelrsqB.exe
  2⤵
  PID:4784
- C:\Windows\System\ykHDMKP.exe
  C:\Windows\System\ykHDMKP.exe
  2⤵
  PID:4800
- C:\Windows\System\RbMbMaW.exe
  C:\Windows\System\RbMbMaW.exe
  2⤵
  PID:4816
- C:\Windows\System\IOJNsOM.exe
  C:\Windows\System\IOJNsOM.exe
  2⤵
  PID:4832
- C:\Windows\System\qynZygX.exe
  C:\Windows\System\qynZygX.exe
  2⤵
  PID:4848
- C:\Windows\System\sqdmkHi.exe
  C:\Windows\System\sqdmkHi.exe
  2⤵
  PID:4864
- C:\Windows\System\ucEWMZT.exe
  C:\Windows\System\ucEWMZT.exe
  2⤵
  PID:4880
- C:\Windows\System\kFBedPd.exe
  C:\Windows\System\kFBedPd.exe
  2⤵
  PID:4896
- C:\Windows\System\FVEkvOy.exe
  C:\Windows\System\FVEkvOy.exe
  2⤵
  PID:4912
- C:\Windows\System\GBVjgCZ.exe
  C:\Windows\System\GBVjgCZ.exe
  2⤵
  PID:4932
- C:\Windows\System\cwDXgYe.exe
  C:\Windows\System\cwDXgYe.exe
  2⤵
  PID:4948
- C:\Windows\System\XQLHlYB.exe
  C:\Windows\System\XQLHlYB.exe
  2⤵
  PID:4964
- C:\Windows\System\rZYYNZO.exe
  C:\Windows\System\rZYYNZO.exe
  2⤵
  PID:4980
- C:\Windows\System\ZdWIXue.exe
  C:\Windows\System\ZdWIXue.exe
  2⤵
  PID:4996
- C:\Windows\System\RjEjymO.exe
  C:\Windows\System\RjEjymO.exe
  2⤵
  PID:5012
- C:\Windows\System\bebqXaj.exe
  C:\Windows\System\bebqXaj.exe
  2⤵
  PID:5028
- C:\Windows\System\yMnIDAu.exe
  C:\Windows\System\yMnIDAu.exe
  2⤵
  PID:5044
- C:\Windows\System\XiTnRAl.exe
  C:\Windows\System\XiTnRAl.exe
  2⤵
  PID:5060
- C:\Windows\System\LSHWwMM.exe
  C:\Windows\System\LSHWwMM.exe
  2⤵
  PID:5076
- C:\Windows\System\mylkNlY.exe
  C:\Windows\System\mylkNlY.exe
  2⤵
  PID:5092
- C:\Windows\System\vOerSfp.exe
  C:\Windows\System\vOerSfp.exe
  2⤵
  PID:5108
- C:\Windows\System\IvngZtE.exe
  C:\Windows\System\IvngZtE.exe
  2⤵
  PID:3952
- C:\Windows\System\cQzWWqX.exe
  C:\Windows\System\cQzWWqX.exe
  2⤵
  PID:3984
- C:\Windows\System\NhmkXFs.exe
  C:\Windows\System\NhmkXFs.exe
  2⤵
  PID:920
- C:\Windows\System\gkXcnrn.exe
  C:\Windows\System\gkXcnrn.exe
  2⤵
  PID:3216
- C:\Windows\System\FeBsWhQ.exe
  C:\Windows\System\FeBsWhQ.exe
  2⤵
  PID:3504
- C:\Windows\System\LgKlLpD.exe
  C:\Windows\System\LgKlLpD.exe
  2⤵
  PID:3000
- C:\Windows\System\jTSQqMi.exe
  C:\Windows\System\jTSQqMi.exe
  2⤵
  PID:4100
- C:\Windows\System\FjKiHSx.exe
  C:\Windows\System\FjKiHSx.exe
  2⤵
  PID:4132
- C:\Windows\System\jsObyno.exe
  C:\Windows\System\jsObyno.exe
  2⤵
  PID:4164
- C:\Windows\System\WPIACSl.exe
  C:\Windows\System\WPIACSl.exe
  2⤵
  PID:4196
- C:\Windows\System\ZjVGAYk.exe
  C:\Windows\System\ZjVGAYk.exe
  2⤵
  PID:4228
- C:\Windows\System\xiDXaDM.exe
  C:\Windows\System\xiDXaDM.exe
  2⤵
  PID:4260
- C:\Windows\System\FKpnWGo.exe
  C:\Windows\System\FKpnWGo.exe
  2⤵
  PID:4296
- C:\Windows\System\dWZDaWy.exe
  C:\Windows\System\dWZDaWy.exe
  2⤵
  PID:4312
- C:\Windows\System\TgOsxMx.exe
  C:\Windows\System\TgOsxMx.exe
  2⤵
  PID:4332
- C:\Windows\System\npTFJgr.exe
  C:\Windows\System\npTFJgr.exe
  2⤵
  PID:4348
- C:\Windows\System\bVTizFM.exe
  C:\Windows\System\bVTizFM.exe
  2⤵
  PID:4396
- C:\Windows\System\fNTuuLl.exe
  C:\Windows\System\fNTuuLl.exe
  2⤵
  PID:4412
- C:\Windows\System\lFxHWXZ.exe
  C:\Windows\System\lFxHWXZ.exe
  2⤵
  PID:4460
- C:\Windows\System\MjgLBQn.exe
  C:\Windows\System\MjgLBQn.exe
  2⤵
  PID:4492
- C:\Windows\System\HHfKJUr.exe
  C:\Windows\System\HHfKJUr.exe
  2⤵
  PID:4524
- C:\Windows\System\VxsAAGC.exe
  C:\Windows\System\VxsAAGC.exe
  2⤵
  PID:4536
- C:\Windows\System\fdncZAb.exe
  C:\Windows\System\fdncZAb.exe
  2⤵
  PID:4584
- C:\Windows\System\BgVScRs.exe
  C:\Windows\System\BgVScRs.exe
  2⤵
  PID:4284
- C:\Windows\System\gxODUIX.exe
  C:\Windows\System\gxODUIX.exe
  2⤵
  PID:4604
- C:\Windows\System\VVXRMYs.exe
  C:\Windows\System\VVXRMYs.exe
  2⤵
  PID:4652
- C:\Windows\System\TKcuiTw.exe
  C:\Windows\System\TKcuiTw.exe
  2⤵
  PID:4684
- C:\Windows\System\AoyWNXK.exe
  C:\Windows\System\AoyWNXK.exe
  2⤵
  PID:4716
- C:\Windows\System\YpoEVzP.exe
  C:\Windows\System\YpoEVzP.exe
  2⤵
  PID:4748
- C:\Windows\System\viKIqbz.exe
  C:\Windows\System\viKIqbz.exe
  2⤵
  PID:4780
- C:\Windows\System\cUdqKdE.exe
  C:\Windows\System\cUdqKdE.exe
  2⤵
  PID:4812
- C:\Windows\System\JisFJFc.exe
  C:\Windows\System\JisFJFc.exe
  2⤵
  PID:4828
- C:\Windows\System\LRMtroq.exe
  C:\Windows\System\LRMtroq.exe
  2⤵
  PID:2676
- C:\Windows\System\YuTFyvM.exe
  C:\Windows\System\YuTFyvM.exe
  2⤵
  PID:4860
- C:\Windows\System\lgncHKe.exe
  C:\Windows\System\lgncHKe.exe
  2⤵
  PID:2964
- C:\Windows\System\FVsdGBF.exe
  C:\Windows\System\FVsdGBF.exe
  2⤵
  PID:4920
- C:\Windows\System\aywSNfw.exe
  C:\Windows\System\aywSNfw.exe
  2⤵
  PID:4944
- C:\Windows\System\RfwZXgi.exe
  C:\Windows\System\RfwZXgi.exe
  2⤵
  PID:4976
- C:\Windows\System\HRcptQQ.exe
  C:\Windows\System\HRcptQQ.exe
  2⤵
  PID:4992
- C:\Windows\System\cvMRdao.exe
  C:\Windows\System\cvMRdao.exe
  2⤵
  PID:5020
- C:\Windows\System\lbfniXR.exe
  C:\Windows\System\lbfniXR.exe
  2⤵
  PID:5040
- C:\Windows\System\elaYzzP.exe
  C:\Windows\System\elaYzzP.exe
  2⤵
  PID:5072
- C:\Windows\System\iJkEDSU.exe
  C:\Windows\System\iJkEDSU.exe
  2⤵
  PID:5104
- C:\Windows\System\WXbkzlT.exe
  C:\Windows\System\WXbkzlT.exe
  2⤵
  PID:4044
- C:\Windows\System\uSjuRxl.exe
  C:\Windows\System\uSjuRxl.exe
  2⤵
  PID:2152
- C:\Windows\System\taxgnDo.exe
  C:\Windows\System\taxgnDo.exe
  2⤵
  PID:3564
- C:\Windows\System\ANolAqV.exe
  C:\Windows\System\ANolAqV.exe
  2⤵
  PID:3860
- C:\Windows\System\QLtBtaI.exe
  C:\Windows\System\QLtBtaI.exe
  2⤵
  PID:4152
- C:\Windows\System\LLVBGjU.exe
  C:\Windows\System\LLVBGjU.exe
  2⤵
  PID:4232
- C:\Windows\System\ZCHkHTU.exe
  C:\Windows\System\ZCHkHTU.exe
  2⤵
  PID:4300
- C:\Windows\System\UKVhPkf.exe
  C:\Windows\System\UKVhPkf.exe
  2⤵
  PID:4360
- C:\Windows\System\ECglSwQ.exe
  C:\Windows\System\ECglSwQ.exe
  2⤵
  PID:4424
- C:\Windows\System\IDuxTgW.exe
  C:\Windows\System\IDuxTgW.exe
  2⤵
  PID:4444
- C:\Windows\System\zJUVKpM.exe
  C:\Windows\System\zJUVKpM.exe
  2⤵
  PID:900
- C:\Windows\System\YIutGzz.exe
  C:\Windows\System\YIutGzz.exe
  2⤵
  PID:4556
- C:\Windows\System\sOZobBP.exe
  C:\Windows\System\sOZobBP.exe
  2⤵
  PID:4648
- C:\Windows\System\aJOKnqA.exe
  C:\Windows\System\aJOKnqA.exe
  2⤵
  PID:4680
- C:\Windows\System\wqkLgfZ.exe
  C:\Windows\System\wqkLgfZ.exe
  2⤵
  PID:4732
- C:\Windows\System\UyAWVRG.exe
  C:\Windows\System\UyAWVRG.exe
  2⤵
  PID:4796
- C:\Windows\System\MrIoAmu.exe
  C:\Windows\System\MrIoAmu.exe
  2⤵
  PID:4856
- C:\Windows\System\mWYdcdz.exe
  C:\Windows\System\mWYdcdz.exe
  2⤵
  PID:4888
- C:\Windows\System\PFTAqhf.exe
  C:\Windows\System\PFTAqhf.exe
  2⤵
  PID:2296
- C:\Windows\System\HLIwtgX.exe
  C:\Windows\System\HLIwtgX.exe
  2⤵
  PID:584
- C:\Windows\System\tOeYYgq.exe
  C:\Windows\System\tOeYYgq.exe
  2⤵
  PID:5056
- C:\Windows\System\CkksEEh.exe
  C:\Windows\System\CkksEEh.exe
  2⤵
  PID:3872
- C:\Windows\System\tCzIzvc.exe
  C:\Windows\System\tCzIzvc.exe
  2⤵
  PID:2392
- C:\Windows\System\FNFUsyP.exe
  C:\Windows\System\FNFUsyP.exe
  2⤵
  PID:3732
- C:\Windows\System\dVfiaov.exe
  C:\Windows\System\dVfiaov.exe
  2⤵
  PID:4212
- C:\Windows\System\EPlqQfm.exe
  C:\Windows\System\EPlqQfm.exe
  2⤵
  PID:2264
- C:\Windows\System\VwrDfAI.exe
  C:\Windows\System\VwrDfAI.exe
  2⤵
  PID:5132
- C:\Windows\System\GJflalR.exe
  C:\Windows\System\GJflalR.exe
  2⤵
  PID:5148
- C:\Windows\System\MkurBrb.exe
  C:\Windows\System\MkurBrb.exe
  2⤵
  PID:5164
- C:\Windows\System\wMTPdhn.exe
  C:\Windows\System\wMTPdhn.exe
  2⤵
  PID:5180
- C:\Windows\System\vtEroSC.exe
  C:\Windows\System\vtEroSC.exe
  2⤵
  PID:5196
- C:\Windows\System\BpLhshj.exe
  C:\Windows\System\BpLhshj.exe
  2⤵
  PID:5212
- C:\Windows\System\iUtjFBE.exe
  C:\Windows\System\iUtjFBE.exe
  2⤵
  PID:5228
- C:\Windows\System\amqOUJc.exe
  C:\Windows\System\amqOUJc.exe
  2⤵
  PID:5244
- C:\Windows\System\zSdDcUY.exe
  C:\Windows\System\zSdDcUY.exe
  2⤵
  PID:5260
- C:\Windows\System\gWjyrwM.exe
  C:\Windows\System\gWjyrwM.exe
  2⤵
  PID:5276
- C:\Windows\System\YfohziQ.exe
  C:\Windows\System\YfohziQ.exe
  2⤵
  PID:5292
- C:\Windows\System\ZEWVafK.exe
  C:\Windows\System\ZEWVafK.exe
  2⤵
  PID:5308
- C:\Windows\System\yQOgyHP.exe
  C:\Windows\System\yQOgyHP.exe
  2⤵
  PID:5324
- C:\Windows\System\UDhlomX.exe
  C:\Windows\System\UDhlomX.exe
  2⤵
  PID:5340
- C:\Windows\System\ZcrrOiE.exe
  C:\Windows\System\ZcrrOiE.exe
  2⤵
  PID:5356
- C:\Windows\System\QSfLHXc.exe
  C:\Windows\System\QSfLHXc.exe
  2⤵
  PID:5372
- C:\Windows\System\ppdHLzS.exe
  C:\Windows\System\ppdHLzS.exe
  2⤵
  PID:5388
- C:\Windows\System\seBKvCV.exe
  C:\Windows\System\seBKvCV.exe
  2⤵
  PID:5404
- C:\Windows\System\sfzCEFv.exe
  C:\Windows\System\sfzCEFv.exe
  2⤵
  PID:5420
- C:\Windows\System\EELvnFl.exe
  C:\Windows\System\EELvnFl.exe
  2⤵
  PID:5436
- C:\Windows\System\RTBeddO.exe
  C:\Windows\System\RTBeddO.exe
  2⤵
  PID:5452
- C:\Windows\System\UsWvquN.exe
  C:\Windows\System\UsWvquN.exe
  2⤵
  PID:5468
- C:\Windows\System\egjuYnr.exe
  C:\Windows\System\egjuYnr.exe
  2⤵
  PID:5484
- C:\Windows\System\kWHyhkz.exe
  C:\Windows\System\kWHyhkz.exe
  2⤵
  PID:5500
- C:\Windows\System\CaVZgtG.exe
  C:\Windows\System\CaVZgtG.exe
  2⤵
  PID:5516
- C:\Windows\System\vQGwMsD.exe
  C:\Windows\System\vQGwMsD.exe
  2⤵
  PID:5532
- C:\Windows\System\yfQlXkS.exe
  C:\Windows\System\yfQlXkS.exe
  2⤵
  PID:5548
- C:\Windows\System\ATNJnCM.exe
  C:\Windows\System\ATNJnCM.exe
  2⤵
  PID:5564
- C:\Windows\System\hJbwHTy.exe
  C:\Windows\System\hJbwHTy.exe
  2⤵
  PID:5580
- C:\Windows\System\RIFCzpV.exe
  C:\Windows\System\RIFCzpV.exe
  2⤵
  PID:5596
- C:\Windows\System\nIeYozR.exe
  C:\Windows\System\nIeYozR.exe
  2⤵
  PID:5612
- C:\Windows\System\fcizCry.exe
  C:\Windows\System\fcizCry.exe
  2⤵
  PID:5628
- C:\Windows\System\kVPbMDO.exe
  C:\Windows\System\kVPbMDO.exe
  2⤵
  PID:5644
- C:\Windows\System\JZhmxQI.exe
  C:\Windows\System\JZhmxQI.exe
  2⤵
  PID:5660
- C:\Windows\System\viJDZqh.exe
  C:\Windows\System\viJDZqh.exe
  2⤵
  PID:5676
- C:\Windows\System\wTXFjxT.exe
  C:\Windows\System\wTXFjxT.exe
  2⤵
  PID:5692
- C:\Windows\System\UucxEfP.exe
  C:\Windows\System\UucxEfP.exe
  2⤵
  PID:5708
- C:\Windows\System\mavNtfx.exe
  C:\Windows\System\mavNtfx.exe
  2⤵
  PID:5724
- C:\Windows\System\natMqpc.exe
  C:\Windows\System\natMqpc.exe
  2⤵
  PID:5740
- C:\Windows\System\UHNOgfP.exe
  C:\Windows\System\UHNOgfP.exe
  2⤵
  PID:5756
- C:\Windows\System\qOxElWC.exe
  C:\Windows\System\qOxElWC.exe
  2⤵
  PID:5772
- C:\Windows\System\XSbJkWs.exe
  C:\Windows\System\XSbJkWs.exe
  2⤵
  PID:5788
- C:\Windows\System\rcpDLmI.exe
  C:\Windows\System\rcpDLmI.exe
  2⤵
  PID:5804
- C:\Windows\System\BvUcJnP.exe
  C:\Windows\System\BvUcJnP.exe
  2⤵
  PID:5820
- C:\Windows\System\rWmxXkj.exe
  C:\Windows\System\rWmxXkj.exe
  2⤵
  PID:5836
- C:\Windows\System\WXweNJJ.exe
  C:\Windows\System\WXweNJJ.exe
  2⤵
  PID:5852
- C:\Windows\System\COkvyPJ.exe
  C:\Windows\System\COkvyPJ.exe
  2⤵
  PID:5868
- C:\Windows\System\QWGYohu.exe
  C:\Windows\System\QWGYohu.exe
  2⤵
  PID:5884
- C:\Windows\System\XISFjgt.exe
  C:\Windows\System\XISFjgt.exe
  2⤵
  PID:5904
- C:\Windows\System\JHMLAnK.exe
  C:\Windows\System\JHMLAnK.exe
  2⤵
  PID:5920
- C:\Windows\System\nYYhEUr.exe
  C:\Windows\System\nYYhEUr.exe
  2⤵
  PID:5936
- C:\Windows\System\ffGoxjN.exe
  C:\Windows\System\ffGoxjN.exe
  2⤵
  PID:5956
- C:\Windows\System\KwMejwu.exe
  C:\Windows\System\KwMejwu.exe
  2⤵
  PID:5972
- C:\Windows\System\Jiugael.exe
  C:\Windows\System\Jiugael.exe
  2⤵
  PID:5988
- C:\Windows\System\CApLHwI.exe
  C:\Windows\System\CApLHwI.exe
  2⤵
  PID:6004
- C:\Windows\System\TWwcZOV.exe
  C:\Windows\System\TWwcZOV.exe
  2⤵
  PID:6020
- C:\Windows\System\MItUDYJ.exe
  C:\Windows\System\MItUDYJ.exe
  2⤵
  PID:6036
- C:\Windows\System\ILjbqLo.exe
  C:\Windows\System\ILjbqLo.exe
  2⤵
  PID:6056
- C:\Windows\System\IHpTxwT.exe
  C:\Windows\System\IHpTxwT.exe
  2⤵
  PID:6072
- C:\Windows\System\THcQpEM.exe
  C:\Windows\System\THcQpEM.exe
  2⤵
  PID:6088
- C:\Windows\System\aKDvAJq.exe
  C:\Windows\System\aKDvAJq.exe
  2⤵
  PID:6104
- C:\Windows\System\DCTtpeD.exe
  C:\Windows\System\DCTtpeD.exe
  2⤵
  PID:6120
- C:\Windows\System\ZfPzGaW.exe
  C:\Windows\System\ZfPzGaW.exe
  2⤵
  PID:6136
- C:\Windows\System\YxriMLo.exe
  C:\Windows\System\YxriMLo.exe
  2⤵
  PID:4508
- C:\Windows\System\hATWybi.exe
  C:\Windows\System\hATWybi.exe
  2⤵
  PID:4620
- C:\Windows\System\XdFtTkm.exe
  C:\Windows\System\XdFtTkm.exe
  2⤵
  PID:4764
- C:\Windows\System\kOFaamK.exe
  C:\Windows\System\kOFaamK.exe
  2⤵
  PID:2208
- C:\Windows\System\xHZzdLo.exe
  C:\Windows\System\xHZzdLo.exe
  2⤵
  PID:5008
- C:\Windows\System\yZfmcSB.exe
  C:\Windows\System\yZfmcSB.exe
  2⤵
  PID:5088
- C:\Windows\System\KXXjTOa.exe
  C:\Windows\System\KXXjTOa.exe
  2⤵
  PID:4120
- C:\Windows\System\ftvHdnh.exe
  C:\Windows\System\ftvHdnh.exe
  2⤵
  PID:4392
- C:\Windows\System\IipLiyA.exe
  C:\Windows\System\IipLiyA.exe
  2⤵
  PID:5144
- C:\Windows\System\GLkduxS.exe
  C:\Windows\System\GLkduxS.exe
  2⤵
  PID:5176
- C:\Windows\System\EmIoWsO.exe
  C:\Windows\System\EmIoWsO.exe
  2⤵
  PID:5220
- C:\Windows\System\RwcaRcQ.exe
  C:\Windows\System\RwcaRcQ.exe
  2⤵
  PID:5252
- C:\Windows\System\uheTFJi.exe
  C:\Windows\System\uheTFJi.exe
  2⤵
  PID:5272
- C:\Windows\System\DuRdyzL.exe
  C:\Windows\System\DuRdyzL.exe
  2⤵
  PID:5304
- C:\Windows\System\scbYysx.exe
  C:\Windows\System\scbYysx.exe
  2⤵
  PID:5336
- C:\Windows\System\NPVyQhz.exe
  C:\Windows\System\NPVyQhz.exe
  2⤵
  PID:5380
- C:\Windows\System\GRmlQWZ.exe
  C:\Windows\System\GRmlQWZ.exe
  2⤵
  PID:5412
- C:\Windows\System\qVpDVll.exe
  C:\Windows\System\qVpDVll.exe
  2⤵
  PID:5444
- C:\Windows\System\kLIAxUm.exe
  C:\Windows\System\kLIAxUm.exe
  2⤵
  PID:5476
- C:\Windows\System\XzgQDfR.exe
  C:\Windows\System\XzgQDfR.exe
  2⤵
  PID:5496
- C:\Windows\System\uWZrned.exe
  C:\Windows\System\uWZrned.exe
  2⤵
  PID:5556
- C:\Windows\System\NkLnOjZ.exe
  C:\Windows\System\NkLnOjZ.exe
  2⤵
  PID:5588
- C:\Windows\System\bPBGBmS.exe
  C:\Windows\System\bPBGBmS.exe
  2⤵
  PID:5620
- C:\Windows\System\ousdLIr.exe
  C:\Windows\System\ousdLIr.exe
  2⤵
  PID:5652
- C:\Windows\System\xJvmEoc.exe
  C:\Windows\System\xJvmEoc.exe
  2⤵
  PID:5684
- C:\Windows\System\JZXjgBx.exe
  C:\Windows\System\JZXjgBx.exe
  2⤵
  PID:5716
- C:\Windows\System\psEFrgb.exe
  C:\Windows\System\psEFrgb.exe
  2⤵
  PID:5748
- C:\Windows\System\MjaKflL.exe
  C:\Windows\System\MjaKflL.exe
  2⤵
  PID:5780
- C:\Windows\System\pcCtYMQ.exe
  C:\Windows\System\pcCtYMQ.exe
  2⤵
  PID:5828
- C:\Windows\System\dWDWJPR.exe
  C:\Windows\System\dWDWJPR.exe
  2⤵
  PID:5860
- C:\Windows\System\VBSukyc.exe
  C:\Windows\System\VBSukyc.exe
  2⤵
  PID:5892
- C:\Windows\System\ZutcuhK.exe
  C:\Windows\System\ZutcuhK.exe
  2⤵
  PID:5928
- C:\Windows\System\eWfmKlk.exe
  C:\Windows\System\eWfmKlk.exe
  2⤵
  PID:5948
- C:\Windows\System\IogHkoV.exe
  C:\Windows\System\IogHkoV.exe
  2⤵
  PID:5996
- C:\Windows\System\efffrwy.exe
  C:\Windows\System\efffrwy.exe
  2⤵
  PID:6016
- C:\Windows\System\IbBmcQy.exe
  C:\Windows\System\IbBmcQy.exe
  2⤵
  PID:6048
- C:\Windows\System\XVfnRrD.exe
  C:\Windows\System\XVfnRrD.exe
  2⤵
  PID:6084
- C:\Windows\System\pySCikB.exe
  C:\Windows\System\pySCikB.exe
  2⤵
  PID:6128
- C:\Windows\System\EusTBGC.exe
  C:\Windows\System\EusTBGC.exe
  2⤵
  PID:4476
- C:\Windows\System\TJfIryD.exe
  C:\Windows\System\TJfIryD.exe
  2⤵
  PID:4700
- C:\Windows\System\GehfkDd.exe
  C:\Windows\System\GehfkDd.exe
  2⤵
  PID:5024
- C:\Windows\System\ILTVDwk.exe
  C:\Windows\System\ILTVDwk.exe
  2⤵
  PID:4248
- C:\Windows\System\oSTwKXx.exe
  C:\Windows\System\oSTwKXx.exe
  2⤵
  PID:5160
- C:\Windows\System\DfsvgoU.exe
  C:\Windows\System\DfsvgoU.exe
  2⤵
  PID:5224
- C:\Windows\System\ayMGWHM.exe
  C:\Windows\System\ayMGWHM.exe
  2⤵
  PID:5288
- C:\Windows\System\EJRXwvI.exe
  C:\Windows\System\EJRXwvI.exe
  2⤵
  PID:5352
- C:\Windows\System\IGBwyMY.exe
  C:\Windows\System\IGBwyMY.exe
  2⤵
  PID:5416
- C:\Windows\System\UxtAjeL.exe
  C:\Windows\System\UxtAjeL.exe
  2⤵
  PID:5480
- C:\Windows\System\FJvlplv.exe
  C:\Windows\System\FJvlplv.exe
  2⤵
  PID:5572
- C:\Windows\System\UuaGzmn.exe
  C:\Windows\System\UuaGzmn.exe
  2⤵
  PID:5636
- C:\Windows\System\xpXxvEo.exe
  C:\Windows\System\xpXxvEo.exe
  2⤵
  PID:5700
- C:\Windows\System\fGmLVZw.exe
  C:\Windows\System\fGmLVZw.exe
  2⤵
  PID:5764
- C:\Windows\System\kUSGvJk.exe
  C:\Windows\System\kUSGvJk.exe
  2⤵
  PID:5832
- C:\Windows\System\uEDxLil.exe
  C:\Windows\System\uEDxLil.exe
  2⤵
  PID:5912
- C:\Windows\System\QTXYfWI.exe
  C:\Windows\System\QTXYfWI.exe
  2⤵
  PID:5980
- C:\Windows\System\LUbaXXo.exe
  C:\Windows\System\LUbaXXo.exe
  2⤵
  PID:6032
- C:\Windows\System\gPtNuVX.exe
  C:\Windows\System\gPtNuVX.exe
  2⤵
  PID:6080
- C:\Windows\System\Gciejak.exe
  C:\Windows\System\Gciejak.exe
  2⤵
  PID:4616
- C:\Windows\System\nSDKUzg.exe
  C:\Windows\System\nSDKUzg.exe
  2⤵
  PID:5004
- C:\Windows\System\lcerBWd.exe
  C:\Windows\System\lcerBWd.exe
  2⤵
  PID:5140
- C:\Windows\System\KGNfyht.exe
  C:\Windows\System\KGNfyht.exe
  2⤵
  PID:5268
- C:\Windows\System\mBPlLYK.exe
  C:\Windows\System\mBPlLYK.exe
  2⤵
  PID:5900
- C:\Windows\System\eXWLEdm.exe
  C:\Windows\System\eXWLEdm.exe
  2⤵
  PID:5524
- C:\Windows\System\gVoZQlT.exe
  C:\Windows\System\gVoZQlT.exe
  2⤵
  PID:6160
- C:\Windows\System\lTnXnOG.exe
  C:\Windows\System\lTnXnOG.exe
  2⤵
  PID:6176
- C:\Windows\System\hxtfTMA.exe
  C:\Windows\System\hxtfTMA.exe
  2⤵
  PID:6192
- C:\Windows\System\cJqmhSh.exe
  C:\Windows\System\cJqmhSh.exe
  2⤵
  PID:6208
- C:\Windows\System\CoOSCAp.exe
  C:\Windows\System\CoOSCAp.exe
  2⤵
  PID:6224
- C:\Windows\System\NRDOuZs.exe
  C:\Windows\System\NRDOuZs.exe
  2⤵
  PID:6240
- C:\Windows\System\VwXlsbX.exe
  C:\Windows\System\VwXlsbX.exe
  2⤵
  PID:6256
- C:\Windows\System\EeNuRkx.exe
  C:\Windows\System\EeNuRkx.exe
  2⤵
  PID:6272
- C:\Windows\System\jZNvqyJ.exe
  C:\Windows\System\jZNvqyJ.exe
  2⤵
  PID:6288
- C:\Windows\System\LraByeZ.exe
  C:\Windows\System\LraByeZ.exe
  2⤵
  PID:6304
- C:\Windows\System\KcpNvEY.exe
  C:\Windows\System\KcpNvEY.exe
  2⤵
  PID:6320
- C:\Windows\System\byydaBT.exe
  C:\Windows\System\byydaBT.exe
  2⤵
  PID:6336
- C:\Windows\System\QbdwSIR.exe
  C:\Windows\System\QbdwSIR.exe
  2⤵
  PID:6352
- C:\Windows\System\DZqGCkl.exe
  C:\Windows\System\DZqGCkl.exe
  2⤵
  PID:6368
- C:\Windows\System\AeQKMUp.exe
  C:\Windows\System\AeQKMUp.exe
  2⤵
  PID:6384
- C:\Windows\System\dDLdaws.exe
  C:\Windows\System\dDLdaws.exe
  2⤵
  PID:6400
- C:\Windows\System\TlElYhc.exe
  C:\Windows\System\TlElYhc.exe
  2⤵
  PID:6416
- C:\Windows\System\CoOBwGS.exe
  C:\Windows\System\CoOBwGS.exe
  2⤵
  PID:6432
- C:\Windows\System\LGCqvPR.exe
  C:\Windows\System\LGCqvPR.exe
  2⤵
  PID:6448
- C:\Windows\System\ESqFRrc.exe
  C:\Windows\System\ESqFRrc.exe
  2⤵
  PID:6464
- C:\Windows\System\wAqXdHQ.exe
  C:\Windows\System\wAqXdHQ.exe
  2⤵
  PID:6480
- C:\Windows\System\sezKxQT.exe
  C:\Windows\System\sezKxQT.exe
  2⤵
  PID:6496
- C:\Windows\System\LLBYxVL.exe
  C:\Windows\System\LLBYxVL.exe
  2⤵
  PID:6512
- C:\Windows\System\OSjevuc.exe
  C:\Windows\System\OSjevuc.exe
  2⤵
  PID:6528
- C:\Windows\System\wwNTHFE.exe
  C:\Windows\System\wwNTHFE.exe
  2⤵
  PID:6544
- C:\Windows\System\kAGUjqs.exe
  C:\Windows\System\kAGUjqs.exe
  2⤵
  PID:6560
- C:\Windows\System\yOWXIZk.exe
  C:\Windows\System\yOWXIZk.exe
  2⤵
  PID:6580
- C:\Windows\System\qmJizAK.exe
  C:\Windows\System\qmJizAK.exe
  2⤵
  PID:6596
- C:\Windows\System\rtGRvcw.exe
  C:\Windows\System\rtGRvcw.exe
  2⤵
  PID:6612
- C:\Windows\System\UUaQuDW.exe
  C:\Windows\System\UUaQuDW.exe
  2⤵
  PID:6628
- C:\Windows\System\ReTcwAq.exe
  C:\Windows\System\ReTcwAq.exe
  2⤵
  PID:6644
- C:\Windows\System\iDcEDDs.exe
  C:\Windows\System\iDcEDDs.exe
  2⤵
  PID:6660
- C:\Windows\System\pHvSuUe.exe
  C:\Windows\System\pHvSuUe.exe
  2⤵
  PID:6676
- C:\Windows\System\FxvudtK.exe
  C:\Windows\System\FxvudtK.exe
  2⤵
  PID:6692
- C:\Windows\System\VzjZPUJ.exe
  C:\Windows\System\VzjZPUJ.exe
  2⤵
  PID:6708
- C:\Windows\System\urwbmei.exe
  C:\Windows\System\urwbmei.exe
  2⤵
  PID:6724
- C:\Windows\System\yfvnxtf.exe
  C:\Windows\System\yfvnxtf.exe
  2⤵
  PID:6740
- C:\Windows\System\knLkBqW.exe
  C:\Windows\System\knLkBqW.exe
  2⤵
  PID:6756
- C:\Windows\System\xYMLRlW.exe
  C:\Windows\System\xYMLRlW.exe
  2⤵
  PID:6772
- C:\Windows\System\WgDbNcn.exe
  C:\Windows\System\WgDbNcn.exe
  2⤵
  PID:6788
- C:\Windows\System\mtloNLY.exe
  C:\Windows\System\mtloNLY.exe
  2⤵
  PID:6804
- C:\Windows\System\VdPOquP.exe
  C:\Windows\System\VdPOquP.exe
  2⤵
  PID:6820
- C:\Windows\System\rZfzXFO.exe
  C:\Windows\System\rZfzXFO.exe
  2⤵
  PID:6836
- C:\Windows\System\VtingUo.exe
  C:\Windows\System\VtingUo.exe
  2⤵
  PID:6852
- C:\Windows\System\AFcUlOB.exe
  C:\Windows\System\AFcUlOB.exe
  2⤵
  PID:6868
- C:\Windows\System\uvkADJs.exe
  C:\Windows\System\uvkADJs.exe
  2⤵
  PID:6884
- C:\Windows\System\UnVzfyL.exe
  C:\Windows\System\UnVzfyL.exe
  2⤵
  PID:6900
- C:\Windows\System\IkhoShS.exe
  C:\Windows\System\IkhoShS.exe
  2⤵
  PID:6916
- C:\Windows\System\EmpdReX.exe
  C:\Windows\System\EmpdReX.exe
  2⤵
  PID:6932
- C:\Windows\System\ShbkFLQ.exe
  C:\Windows\System\ShbkFLQ.exe
  2⤵
  PID:6952
- C:\Windows\System\fiFdajN.exe
  C:\Windows\System\fiFdajN.exe
  2⤵
  PID:6968
- C:\Windows\System\cdyOjZn.exe
  C:\Windows\System\cdyOjZn.exe
  2⤵
  PID:6984
- C:\Windows\System\ApxcoNl.exe
  C:\Windows\System\ApxcoNl.exe
  2⤵
  PID:7000
- C:\Windows\System\noGDrTJ.exe
  C:\Windows\System\noGDrTJ.exe
  2⤵
  PID:7016
- C:\Windows\System\qDwbccy.exe
  C:\Windows\System\qDwbccy.exe
  2⤵
  PID:7032
- C:\Windows\System\AdJlqRw.exe
  C:\Windows\System\AdJlqRw.exe
  2⤵
  PID:7048
- C:\Windows\System\TqIFICr.exe
  C:\Windows\System\TqIFICr.exe
  2⤵
  PID:7064
- C:\Windows\System\fMtwujp.exe
  C:\Windows\System\fMtwujp.exe
  2⤵
  PID:7080
- C:\Windows\System\hJoVjOM.exe
  C:\Windows\System\hJoVjOM.exe
  2⤵
  PID:7096
- C:\Windows\System\KHuVHoW.exe
  C:\Windows\System\KHuVHoW.exe
  2⤵
  PID:7112
- C:\Windows\System\qKxVYLa.exe
  C:\Windows\System\qKxVYLa.exe
  2⤵
  PID:7128
- C:\Windows\System\hGmqFLA.exe
  C:\Windows\System\hGmqFLA.exe
  2⤵
  PID:7144
- C:\Windows\System\NGnCWHF.exe
  C:\Windows\System\NGnCWHF.exe
  2⤵
  PID:7160
- C:\Windows\System\GxAjPae.exe
  C:\Windows\System\GxAjPae.exe
  2⤵
  PID:5668
- C:\Windows\System\iFwBWQa.exe
  C:\Windows\System\iFwBWQa.exe
  2⤵
  PID:5768
- C:\Windows\System\viBiKos.exe
  C:\Windows\System\viBiKos.exe
  2⤵
  PID:5944
- C:\Windows\System\zepicLu.exe
  C:\Windows\System\zepicLu.exe
  2⤵
  PID:6068
- C:\Windows\System\QzEqJKb.exe
  C:\Windows\System\QzEqJKb.exe
  2⤵
  PID:4824
- C:\Windows\System\YcNnxsX.exe
  C:\Windows\System\YcNnxsX.exe
  2⤵
  PID:5204
- C:\Windows\System\IiZxURN.exe
  C:\Windows\System\IiZxURN.exe
  2⤵
  PID:5396
- C:\Windows\System\mFHzOBG.exe
  C:\Windows\System\mFHzOBG.exe
  2⤵
  PID:6168
- C:\Windows\System\PCdLiaE.exe
  C:\Windows\System\PCdLiaE.exe
  2⤵
  PID:6188
- C:\Windows\System\BTcSVdb.exe
  C:\Windows\System\BTcSVdb.exe
  2⤵
  PID:6220
- C:\Windows\System\PIhBmYJ.exe
  C:\Windows\System\PIhBmYJ.exe
  2⤵
  PID:1824
- C:\Windows\System\MGIbPnC.exe
  C:\Windows\System\MGIbPnC.exe
  2⤵
  PID:6268
- C:\Windows\System\aIHGojp.exe
  C:\Windows\System\aIHGojp.exe
  2⤵
  PID:6300
- C:\Windows\System\sakcqyV.exe
  C:\Windows\System\sakcqyV.exe
  2⤵
  PID:6332
- C:\Windows\System\bUmLMUu.exe
  C:\Windows\System\bUmLMUu.exe
  2⤵
  PID:6364
- C:\Windows\System\MtjCfFR.exe
  C:\Windows\System\MtjCfFR.exe
  2⤵
  PID:6396
- C:\Windows\System\rKWcaXW.exe
  C:\Windows\System\rKWcaXW.exe
  2⤵
  PID:6428
- C:\Windows\System\JqCoxpU.exe
  C:\Windows\System\JqCoxpU.exe
  2⤵
  PID:6460
- C:\Windows\System\WYVGjij.exe
  C:\Windows\System\WYVGjij.exe
  2⤵
  PID:6488
- C:\Windows\System\qAitYHt.exe
  C:\Windows\System\qAitYHt.exe
  2⤵
  PID:6524
- C:\Windows\System\zzxyhjx.exe
  C:\Windows\System\zzxyhjx.exe
  2⤵
  PID:2604
- C:\Windows\System\tZiJyuf.exe
  C:\Windows\System\tZiJyuf.exe
  2⤵
  PID:6576
- C:\Windows\System\hlpZLiP.exe
  C:\Windows\System\hlpZLiP.exe
  2⤵
  PID:6620
- C:\Windows\System\MZbUpkQ.exe
  C:\Windows\System\MZbUpkQ.exe
  2⤵
  PID:6640
- C:\Windows\System\fSXZUQd.exe
  C:\Windows\System\fSXZUQd.exe
  2⤵
  PID:6672
- C:\Windows\System\obzKpOs.exe
  C:\Windows\System\obzKpOs.exe
  2⤵
  PID:6716
- C:\Windows\System\HHyUwzM.exe
  C:\Windows\System\HHyUwzM.exe
  2⤵
  PID:6748
- C:\Windows\System\AvsxLGH.exe
  C:\Windows\System\AvsxLGH.exe
  2⤵
  PID:6768
- C:\Windows\System\LivvZlz.exe
  C:\Windows\System\LivvZlz.exe
  2⤵
  PID:6812
- C:\Windows\System\HTfeyeC.exe
  C:\Windows\System\HTfeyeC.exe
  2⤵
  PID:6832
- C:\Windows\System\amnPKfG.exe
  C:\Windows\System\amnPKfG.exe
  2⤵
  PID:6876
- C:\Windows\System\DdkZZWu.exe
  C:\Windows\System\DdkZZWu.exe
  2⤵
  PID:6908
- C:\Windows\System\QFtrpdE.exe
  C:\Windows\System\QFtrpdE.exe
  2⤵
  PID:6940
- C:\Windows\System\lyaZLsQ.exe
  C:\Windows\System\lyaZLsQ.exe
  2⤵
  PID:492
- C:\Windows\System\igUUPEU.exe
  C:\Windows\System\igUUPEU.exe
  2⤵
  PID:2500
- C:\Windows\System\bXYEqDt.exe
  C:\Windows\System\bXYEqDt.exe
  2⤵
  PID:7024
- C:\Windows\System\GLeHGnk.exe
  C:\Windows\System\GLeHGnk.exe
  2⤵
  PID:7056
- C:\Windows\System\dFvSqFH.exe
  C:\Windows\System\dFvSqFH.exe
  2⤵
  PID:7088
- C:\Windows\System\RuXJSmv.exe
  C:\Windows\System\RuXJSmv.exe
  2⤵
  PID:7120
- C:\Windows\System\wFOjNbZ.exe
  C:\Windows\System\wFOjNbZ.exe
  2⤵
  PID:7152
- C:\Windows\System\eakpcZh.exe
  C:\Windows\System\eakpcZh.exe
  2⤵
  PID:5720
- C:\Windows\System\MFEjTNH.exe
  C:\Windows\System\MFEjTNH.exe
  2⤵
  PID:6012
- C:\Windows\System\CdfTXki.exe
  C:\Windows\System\CdfTXki.exe
  2⤵
  PID:4504
- C:\Windows\System\XzdcfVs.exe
  C:\Windows\System\XzdcfVs.exe
  2⤵
  PID:5332
- C:\Windows\System\RGSVEKt.exe
  C:\Windows\System\RGSVEKt.exe
  2⤵
  PID:6184
- C:\Windows\System\LZCngOa.exe
  C:\Windows\System\LZCngOa.exe
  2⤵
  PID:2928
- C:\Windows\System\RbEuefm.exe
  C:\Windows\System\RbEuefm.exe
  2⤵
  PID:6284
- C:\Windows\System\rYIUGGE.exe
  C:\Windows\System\rYIUGGE.exe
  2⤵
  PID:6316
- C:\Windows\System\gceNpml.exe
  C:\Windows\System\gceNpml.exe
  2⤵
  PID:6380
- C:\Windows\System\LWuVUPm.exe
  C:\Windows\System\LWuVUPm.exe
  2⤵
  PID:6476
- C:\Windows\System\VKlccYt.exe
  C:\Windows\System\VKlccYt.exe
  2⤵
  PID:6520
- C:\Windows\System\OKNCMLT.exe
  C:\Windows\System\OKNCMLT.exe
  2⤵
  PID:6588
- C:\Windows\System\LQpvUDV.exe
  C:\Windows\System\LQpvUDV.exe
  2⤵
  PID:6652
- C:\Windows\System\vZGyLTu.exe
  C:\Windows\System\vZGyLTu.exe
  2⤵
  PID:6700
- C:\Windows\System\ZzmUMqs.exe
  C:\Windows\System\ZzmUMqs.exe
  2⤵
  PID:1848
- C:\Windows\System\ZYoZjwx.exe
  C:\Windows\System\ZYoZjwx.exe
  2⤵
  PID:6860
- C:\Windows\System\ZLuklub.exe
  C:\Windows\System\ZLuklub.exe
  2⤵
  PID:680
- C:\Windows\System\CrlnqKD.exe
  C:\Windows\System\CrlnqKD.exe
  2⤵
  PID:6992
- C:\Windows\System\LurYFLU.exe
  C:\Windows\System\LurYFLU.exe
  2⤵
  PID:7044
- C:\Windows\System\ymZlhdD.exe
  C:\Windows\System\ymZlhdD.exe
  2⤵
  PID:2952
- C:\Windows\System\AnagDxS.exe
  C:\Windows\System\AnagDxS.exe
  2⤵
  PID:7140
- C:\Windows\System\VcqQDPI.exe
  C:\Windows\System\VcqQDPI.exe
  2⤵
  PID:5880
- C:\Windows\System\ruvxlFV.exe
  C:\Windows\System\ruvxlFV.exe
  2⤵
  PID:1784
- C:\Windows\System\zWIkPvK.exe
  C:\Windows\System\zWIkPvK.exe
  2⤵
  PID:6156
- C:\Windows\System\znsxFyl.exe
  C:\Windows\System\znsxFyl.exe
  2⤵
  PID:6252
- C:\Windows\System\bTdmCwf.exe
  C:\Windows\System\bTdmCwf.exe
  2⤵
  PID:6328
- C:\Windows\System\eiynsBG.exe
  C:\Windows\System\eiynsBG.exe
  2⤵
  PID:6392
- C:\Windows\System\SkjCQpk.exe
  C:\Windows\System\SkjCQpk.exe
  2⤵
  PID:2784
- C:\Windows\System\zLCiVCy.exe
  C:\Windows\System\zLCiVCy.exe
  2⤵
  PID:2008
- C:\Windows\System\EHaTEAO.exe
  C:\Windows\System\EHaTEAO.exe
  2⤵
  PID:1296
- C:\Windows\System\idHUflp.exe
  C:\Windows\System\idHUflp.exe
  2⤵
  PID:2040
- C:\Windows\System\DhcxEzg.exe
  C:\Windows\System\DhcxEzg.exe
  2⤵
  PID:6684
- C:\Windows\System\gzEFziE.exe
  C:\Windows\System\gzEFziE.exe
  2⤵
  PID:1252
- C:\Windows\System\HTaJwef.exe
  C:\Windows\System\HTaJwef.exe
  2⤵
  PID:3308
- C:\Windows\System\sumLhdJ.exe
  C:\Windows\System\sumLhdJ.exe
  2⤵
  PID:2696
- C:\Windows\System\TQBmLfA.exe
  C:\Windows\System\TQBmLfA.exe
  2⤵
  PID:264
- C:\Windows\System\ogpyidV.exe
  C:\Windows\System\ogpyidV.exe
  2⤵
  PID:600
- C:\Windows\System\lRmKdku.exe
  C:\Windows\System\lRmKdku.exe
  2⤵
  PID:6844
- C:\Windows\System\JlOxzos.exe
  C:\Windows\System\JlOxzos.exe
  2⤵
  PID:2868
- C:\Windows\System\nvrPHQX.exe
  C:\Windows\System\nvrPHQX.exe
  2⤵
  PID:2712
- C:\Windows\System\HSOQsJN.exe
  C:\Windows\System\HSOQsJN.exe
  2⤵
  PID:7092
- C:\Windows\System\aNlGnGF.exe
  C:\Windows\System\aNlGnGF.exe
  2⤵
  PID:2504
- C:\Windows\System\cpateco.exe
  C:\Windows\System\cpateco.exe
  2⤵
  PID:5608
- C:\Windows\System\GuDHsCV.exe
  C:\Windows\System\GuDHsCV.exe
  2⤵
  PID:2364
- C:\Windows\System\AzoLHns.exe
  C:\Windows\System\AzoLHns.exe
  2⤵
  PID:6800
- C:\Windows\System\wftLSga.exe
  C:\Windows\System\wftLSga.exe
  2⤵
  PID:2016
- C:\Windows\System\wzoEulZ.exe
  C:\Windows\System\wzoEulZ.exe
  2⤵
  PID:3992
- C:\Windows\System\dSxsOra.exe
  C:\Windows\System\dSxsOra.exe
  2⤵
  PID:532
- C:\Windows\System\knZwNtO.exe
  C:\Windows\System\knZwNtO.exe
  2⤵
  PID:6604
- C:\Windows\System\aaYcIhd.exe
  C:\Windows\System\aaYcIhd.exe
  2⤵
  PID:6960
- C:\Windows\System\jzFldDV.exe
  C:\Windows\System\jzFldDV.exe
  2⤵
  PID:6444
- C:\Windows\System\zkvtdHW.exe
  C:\Windows\System\zkvtdHW.exe
  2⤵
  PID:2884
- C:\Windows\System\WukXsrG.exe
  C:\Windows\System\WukXsrG.exe
  2⤵
  PID:1696
- C:\Windows\System\secgbrs.exe
  C:\Windows\System\secgbrs.exe
  2⤵
  PID:2584
- C:\Windows\System\ozQZCkM.exe
  C:\Windows\System\ozQZCkM.exe
  2⤵
  PID:6636
- C:\Windows\System\hGAKWcI.exe
  C:\Windows\System\hGAKWcI.exe
  2⤵
  PID:6348
- C:\Windows\System\gYkTOef.exe
  C:\Windows\System\gYkTOef.exe
  2⤵
  PID:7176
- C:\Windows\System\gklHFQE.exe
  C:\Windows\System\gklHFQE.exe
  2⤵
  PID:7192
- C:\Windows\System\coPbQSG.exe
  C:\Windows\System\coPbQSG.exe
  2⤵
  PID:7208
- C:\Windows\System\qXbhINZ.exe
  C:\Windows\System\qXbhINZ.exe
  2⤵
  PID:7224
- C:\Windows\System\IQgavqV.exe
  C:\Windows\System\IQgavqV.exe
  2⤵
  PID:7240
- C:\Windows\System\tftiaoZ.exe
  C:\Windows\System\tftiaoZ.exe
  2⤵
  PID:7256
- C:\Windows\System\sxLCfWV.exe
  C:\Windows\System\sxLCfWV.exe
  2⤵
  PID:7272
- C:\Windows\System\zkkmbOt.exe
  C:\Windows\System\zkkmbOt.exe
  2⤵
  PID:7288
- C:\Windows\System\zBQIWIO.exe
  C:\Windows\System\zBQIWIO.exe
  2⤵
  PID:7304
- C:\Windows\System\KvSyHzQ.exe
  C:\Windows\System\KvSyHzQ.exe
  2⤵
  PID:7320
- C:\Windows\System\oZqxLII.exe
  C:\Windows\System\oZqxLII.exe
  2⤵
  PID:7336
- C:\Windows\System\kmVyGnv.exe
  C:\Windows\System\kmVyGnv.exe
  2⤵
  PID:7352
- C:\Windows\System\ZaJQNJt.exe
  C:\Windows\System\ZaJQNJt.exe
  2⤵
  PID:7368
- C:\Windows\System\uNfgjQa.exe
  C:\Windows\System\uNfgjQa.exe
  2⤵
  PID:7384
- C:\Windows\System\jCobxdp.exe
  C:\Windows\System\jCobxdp.exe
  2⤵
  PID:7400
- C:\Windows\System\KXHXXmD.exe
  C:\Windows\System\KXHXXmD.exe
  2⤵
  PID:7416
- C:\Windows\System\yoqMLlg.exe
  C:\Windows\System\yoqMLlg.exe
  2⤵
  PID:7432
- C:\Windows\System\yJTlcEe.exe
  C:\Windows\System\yJTlcEe.exe
  2⤵
  PID:7448
- C:\Windows\System\tbgGWjD.exe
  C:\Windows\System\tbgGWjD.exe
  2⤵
  PID:7464
- C:\Windows\System\zuAISlF.exe
  C:\Windows\System\zuAISlF.exe
  2⤵
  PID:7480
- C:\Windows\System\EdwzuGZ.exe
  C:\Windows\System\EdwzuGZ.exe
  2⤵
  PID:7496
- C:\Windows\System\eRaFBtv.exe
  C:\Windows\System\eRaFBtv.exe
  2⤵
  PID:7512
- C:\Windows\System\zEypKdC.exe
  C:\Windows\System\zEypKdC.exe
  2⤵
  PID:7528
- C:\Windows\System\HwonibG.exe
  C:\Windows\System\HwonibG.exe
  2⤵
  PID:7544
- C:\Windows\System\sephriz.exe
  C:\Windows\System\sephriz.exe
  2⤵
  PID:7560
- C:\Windows\System\kLfMinO.exe
  C:\Windows\System\kLfMinO.exe
  2⤵
  PID:7576
- C:\Windows\System\QYTOXWi.exe
  C:\Windows\System\QYTOXWi.exe
  2⤵
  PID:7596
- C:\Windows\System\bsXUTnu.exe
  C:\Windows\System\bsXUTnu.exe
  2⤵
  PID:7612
- C:\Windows\System\xSKmUPM.exe
  C:\Windows\System\xSKmUPM.exe
  2⤵
  PID:7628
- C:\Windows\System\pUBJUZS.exe
  C:\Windows\System\pUBJUZS.exe
  2⤵
  PID:7644
- C:\Windows\System\IownSgQ.exe
  C:\Windows\System\IownSgQ.exe
  2⤵
  PID:7660
- C:\Windows\System\VlgoxsY.exe
  C:\Windows\System\VlgoxsY.exe
  2⤵
  PID:7676
- C:\Windows\System\RXKtuZF.exe
  C:\Windows\System\RXKtuZF.exe
  2⤵
  PID:7692
- C:\Windows\System\nIelCMO.exe
  C:\Windows\System\nIelCMO.exe
  2⤵
  PID:7708
- C:\Windows\System\PyUJgcw.exe
  C:\Windows\System\PyUJgcw.exe
  2⤵
  PID:7724
- C:\Windows\System\urnTsSm.exe
  C:\Windows\System\urnTsSm.exe
  2⤵
  PID:7740
- C:\Windows\System\JakdDzQ.exe
  C:\Windows\System\JakdDzQ.exe
  2⤵
  PID:7756
- C:\Windows\System\EUNAlFO.exe
  C:\Windows\System\EUNAlFO.exe
  2⤵
  PID:7772
- C:\Windows\System\zCuLHtb.exe
  C:\Windows\System\zCuLHtb.exe
  2⤵
  PID:7788
- C:\Windows\System\rscboOU.exe
  C:\Windows\System\rscboOU.exe
  2⤵
  PID:7804
- C:\Windows\System\ZcsVCYz.exe
  C:\Windows\System\ZcsVCYz.exe
  2⤵
  PID:7820
- C:\Windows\System\kfxsxip.exe
  C:\Windows\System\kfxsxip.exe
  2⤵
  PID:7840
- C:\Windows\System\WhOmbdq.exe
  C:\Windows\System\WhOmbdq.exe
  2⤵
  PID:7856
- C:\Windows\System\CfgzxXT.exe
  C:\Windows\System\CfgzxXT.exe
  2⤵
  PID:7872
- C:\Windows\System\kMbKOUU.exe
  C:\Windows\System\kMbKOUU.exe
  2⤵
  PID:7888
- C:\Windows\System\vqCGvsr.exe
  C:\Windows\System\vqCGvsr.exe
  2⤵
  PID:7904
- C:\Windows\System\bNiGjxF.exe
  C:\Windows\System\bNiGjxF.exe
  2⤵
  PID:7920
- C:\Windows\System\xjeypWb.exe
  C:\Windows\System\xjeypWb.exe
  2⤵
  PID:7936
- C:\Windows\System\fKBSiZY.exe
  C:\Windows\System\fKBSiZY.exe
  2⤵
  PID:7952
- C:\Windows\System\bzYEych.exe
  C:\Windows\System\bzYEych.exe
  2⤵
  PID:7968
- C:\Windows\System\abJWLlF.exe
  C:\Windows\System\abJWLlF.exe
  2⤵
  PID:7984
- C:\Windows\System\sljGXAN.exe
  C:\Windows\System\sljGXAN.exe
  2⤵
  PID:8000
- C:\Windows\System\JWvTGAJ.exe
  C:\Windows\System\JWvTGAJ.exe
  2⤵
  PID:8016
- C:\Windows\System\kqmMqVZ.exe
  C:\Windows\System\kqmMqVZ.exe
  2⤵
  PID:8032
- C:\Windows\System\wUWqTlm.exe
  C:\Windows\System\wUWqTlm.exe
  2⤵
  PID:8048
- C:\Windows\System\NKcbMHW.exe
  C:\Windows\System\NKcbMHW.exe
  2⤵
  PID:8064
- C:\Windows\System\jwtuosg.exe
  C:\Windows\System\jwtuosg.exe
  2⤵
  PID:8080
- C:\Windows\System\AfatooB.exe
  C:\Windows\System\AfatooB.exe
  2⤵
  PID:8096
- C:\Windows\System\BYaLcdd.exe
  C:\Windows\System\BYaLcdd.exe
  2⤵
  PID:8112
- C:\Windows\System\HnVuOOy.exe
  C:\Windows\System\HnVuOOy.exe
  2⤵
  PID:8128
- C:\Windows\System\VrujrZT.exe
  C:\Windows\System\VrujrZT.exe
  2⤵
  PID:8144
- C:\Windows\System\KZCkMXm.exe
  C:\Windows\System\KZCkMXm.exe
  2⤵
  PID:8160
- C:\Windows\System\ZaCvDFV.exe
  C:\Windows\System\ZaCvDFV.exe
  2⤵
  PID:8176
- C:\Windows\System\OuRfhjI.exe
  C:\Windows\System\OuRfhjI.exe
  2⤵
  PID:480
- C:\Windows\System\pndmDOD.exe
  C:\Windows\System\pndmDOD.exe
  2⤵
  PID:2824
- C:\Windows\System\iAAhtAX.exe
  C:\Windows\System\iAAhtAX.exe
  2⤵
  PID:7188
- C:\Windows\System\zZVgdmo.exe
  C:\Windows\System\zZVgdmo.exe
  2⤵
  PID:7236
- C:\Windows\System\XookshN.exe
  C:\Windows\System\XookshN.exe
  2⤵
  PID:7204
- C:\Windows\System\KhytVdL.exe
  C:\Windows\System\KhytVdL.exe
  2⤵
  PID:7252
- C:\Windows\System\yadUpxu.exe
  C:\Windows\System\yadUpxu.exe
  2⤵
  PID:7284
- C:\Windows\System\LiQSSXS.exe
  C:\Windows\System\LiQSSXS.exe
  2⤵
  PID:7316
- C:\Windows\System\waDaBpM.exe
  C:\Windows\System\waDaBpM.exe
  2⤵
  PID:7348
- C:\Windows\System\FotBPyM.exe
  C:\Windows\System\FotBPyM.exe
  2⤵
  PID:7396
- C:\Windows\System\TTxsVfD.exe
  C:\Windows\System\TTxsVfD.exe
  2⤵
  PID:7424
- C:\Windows\System\HKuFjXn.exe
  C:\Windows\System\HKuFjXn.exe
  2⤵
  PID:7460
- C:\Windows\System\OZzZQfN.exe
  C:\Windows\System\OZzZQfN.exe
  2⤵
  PID:7408
- C:\Windows\System\rRFNLIy.exe
  C:\Windows\System\rRFNLIy.exe
  2⤵
  PID:7504
- C:\Windows\System\fNKGlFb.exe
  C:\Windows\System\fNKGlFb.exe
  2⤵
  PID:7540
- C:\Windows\System\lDIYeEf.exe
  C:\Windows\System\lDIYeEf.exe
  2⤵
  PID:7592
- C:\Windows\System\HsnjdLQ.exe
  C:\Windows\System\HsnjdLQ.exe
  2⤵
  PID:7604
- C:\Windows\System\FQrhUye.exe
  C:\Windows\System\FQrhUye.exe
  2⤵
  PID:7684
- C:\Windows\System\oqYpGCV.exe
  C:\Windows\System\oqYpGCV.exe
  2⤵
  PID:7640
- C:\Windows\System\zdSNLtc.exe
  C:\Windows\System\zdSNLtc.exe
  2⤵
  PID:7704
- C:\Windows\System\VDNcOaL.exe
  C:\Windows\System\VDNcOaL.exe
  2⤵
  PID:7752
- C:\Windows\System\MyTrGRv.exe
  C:\Windows\System\MyTrGRv.exe
  2⤵
  PID:7732
- C:\Windows\System\rGEGtck.exe
  C:\Windows\System\rGEGtck.exe
  2⤵
  PID:7796
- C:\Windows\System\brDttlp.exe
  C:\Windows\System\brDttlp.exe
  2⤵
  PID:7852
- C:\Windows\System\NnsIHcu.exe
  C:\Windows\System\NnsIHcu.exe
  2⤵
  PID:7836
- C:\Windows\System\zdiPcBq.exe
  C:\Windows\System\zdiPcBq.exe
  2⤵
  PID:7912
- C:\Windows\System\WNZWmgv.exe
  C:\Windows\System\WNZWmgv.exe
  2⤵
  PID:7900
- C:\Windows\System\mztxIIZ.exe
  C:\Windows\System\mztxIIZ.exe
  2⤵
  PID:7960
- C:\Windows\System\GLMwLzy.exe
  C:\Windows\System\GLMwLzy.exe
  2⤵
  PID:8028
- C:\Windows\System\lzeAGZw.exe
  C:\Windows\System\lzeAGZw.exe
  2⤵
  PID:8072
- C:\Windows\System\NnSUNOc.exe
  C:\Windows\System\NnSUNOc.exe
  2⤵
  PID:8012
- C:\Windows\System\VJhVgDG.exe
  C:\Windows\System\VJhVgDG.exe
  2⤵
  PID:8092
- C:\Windows\System\hORxMJN.exe
  C:\Windows\System\hORxMJN.exe
  2⤵
  PID:8136
- C:\Windows\System\IqiKKCl.exe
  C:\Windows\System\IqiKKCl.exe
  2⤵
  PID:8156
- C:\Windows\System\zMXtAZr.exe
  C:\Windows\System\zMXtAZr.exe
  2⤵
  PID:6508
- C:\Windows\System\QPdNwaD.exe
  C:\Windows\System\QPdNwaD.exe
  2⤵
  PID:7184
- C:\Windows\System\DeqPCdI.exe
  C:\Windows\System\DeqPCdI.exe
  2⤵
  PID:7172
- C:\Windows\System\OInslgr.exe
  C:\Windows\System\OInslgr.exe
  2⤵
  PID:7268
- C:\Windows\System\GRiKeyh.exe
  C:\Windows\System\GRiKeyh.exe
  2⤵
  PID:7412
- C:\Windows\System\EHshJij.exe
  C:\Windows\System\EHshJij.exe
  2⤵
  PID:7364
- C:\Windows\System\KRYMVeu.exe
  C:\Windows\System\KRYMVeu.exe
  2⤵
  PID:7476
- C:\Windows\System\UpPTBej.exe
  C:\Windows\System\UpPTBej.exe
  2⤵
  PID:7656
- C:\Windows\System\RYPivwS.exe
  C:\Windows\System\RYPivwS.exe
  2⤵
  PID:7444
- C:\Windows\System\NgLXAjX.exe
  C:\Windows\System\NgLXAjX.exe
  2⤵
  PID:7568
- C:\Windows\System\DDORehh.exe
  C:\Windows\System\DDORehh.exe
  2⤵
  PID:7720
- C:\Windows\System\YBFGCsc.exe
  C:\Windows\System\YBFGCsc.exe
  2⤵
  PID:7816
- C:\Windows\System\CzMLAOE.exe
  C:\Windows\System\CzMLAOE.exe
  2⤵
  PID:7768
- C:\Windows\System\MveHVPM.exe
  C:\Windows\System\MveHVPM.exe
  2⤵
  PID:7980
- C:\Windows\System\WSiOLaq.exe
  C:\Windows\System\WSiOLaq.exe
  2⤵
  PID:7884
- C:\Windows\System\wXhajEH.exe
  C:\Windows\System\wXhajEH.exe
  2⤵
  PID:8008
- C:\Windows\System\WPLdWqz.exe
  C:\Windows\System\WPLdWqz.exe
  2⤵
  PID:8140
- C:\Windows\System\KdeQUkv.exe
  C:\Windows\System\KdeQUkv.exe
  2⤵
  PID:1864
- C:\Windows\System\yRNLFgG.exe
  C:\Windows\System\yRNLFgG.exe
  2⤵
  PID:7220
- C:\Windows\System\hYfzGlc.exe
  C:\Windows\System\hYfzGlc.exe
  2⤵
  PID:7332
- C:\Windows\System\ZlxewoU.exe
  C:\Windows\System\ZlxewoU.exe
  2⤵
  PID:7312
- C:\Windows\System\Cndotdw.exe
  C:\Windows\System\Cndotdw.exe
  2⤵
  PID:7508
- C:\Windows\System\gUWevER.exe
  C:\Windows\System\gUWevER.exe
  2⤵
  PID:7608
- C:\Windows\System\PyHpfSG.exe
  C:\Windows\System\PyHpfSG.exe
  2⤵
  PID:7428
- C:\Windows\System\BaUqZbz.exe
  C:\Windows\System\BaUqZbz.exe
  2⤵
  PID:7928
- C:\Windows\System\XydDjyC.exe
  C:\Windows\System\XydDjyC.exe
  2⤵
  PID:8188
- C:\Windows\System\gBZdeLZ.exe
  C:\Windows\System\gBZdeLZ.exe
  2⤵
  PID:8204
- C:\Windows\System\OcYzskq.exe
  C:\Windows\System\OcYzskq.exe
  2⤵
  PID:8220
- C:\Windows\System\eVaNVtk.exe
  C:\Windows\System\eVaNVtk.exe
  2⤵
  PID:8236
- C:\Windows\System\QkLxmKD.exe
  C:\Windows\System\QkLxmKD.exe
  2⤵
  PID:8252
- C:\Windows\System\WJdPYOW.exe
  C:\Windows\System\WJdPYOW.exe
  2⤵
  PID:8268
- C:\Windows\System\eEcWLhr.exe
  C:\Windows\System\eEcWLhr.exe
  2⤵
  PID:8284
- C:\Windows\System\fYzyVCf.exe
  C:\Windows\System\fYzyVCf.exe
  2⤵
  PID:8300
- C:\Windows\System\DmMzMxP.exe
  C:\Windows\System\DmMzMxP.exe
  2⤵
  PID:8316
- C:\Windows\System\JWEgosq.exe
  C:\Windows\System\JWEgosq.exe
  2⤵
  PID:8332
- C:\Windows\System\jIVoMUQ.exe
  C:\Windows\System\jIVoMUQ.exe
  2⤵
  PID:8352
- C:\Windows\System\hBkfgJv.exe
  C:\Windows\System\hBkfgJv.exe
  2⤵
  PID:8412
- C:\Windows\System\tFMiCIN.exe
  C:\Windows\System\tFMiCIN.exe
  2⤵
  PID:8556
- C:\Windows\System\ZDRpppR.exe
  C:\Windows\System\ZDRpppR.exe
  2⤵
  PID:8572
- C:\Windows\System\ccZXkvi.exe
  C:\Windows\System\ccZXkvi.exe
  2⤵
  PID:8588
- C:\Windows\System\uaMCvmg.exe
  C:\Windows\System\uaMCvmg.exe
  2⤵
  PID:8604
- C:\Windows\System\rQtXJpB.exe
  C:\Windows\System\rQtXJpB.exe
  2⤵
  PID:8620
- C:\Windows\System\KxMCNXA.exe
  C:\Windows\System\KxMCNXA.exe
  2⤵
  PID:8636
- C:\Windows\System\IWlXSEq.exe
  C:\Windows\System\IWlXSEq.exe
  2⤵
  PID:8652
- C:\Windows\System\VOXauFw.exe
  C:\Windows\System\VOXauFw.exe
  2⤵
  PID:8668
- C:\Windows\System\JawJogz.exe
  C:\Windows\System\JawJogz.exe
  2⤵
  PID:8684
- C:\Windows\System\McfWQRY.exe
  C:\Windows\System\McfWQRY.exe
  2⤵
  PID:8700
- C:\Windows\System\xOPwxaN.exe
  C:\Windows\System\xOPwxaN.exe
  2⤵
  PID:8716
- C:\Windows\System\ZyxsRRm.exe
  C:\Windows\System\ZyxsRRm.exe
  2⤵
  PID:8732
- C:\Windows\System\xzriHGd.exe
  C:\Windows\System\xzriHGd.exe
  2⤵
  PID:8748
- C:\Windows\System\IpwaGhR.exe
  C:\Windows\System\IpwaGhR.exe
  2⤵
  PID:8764
- C:\Windows\System\kYaTexI.exe
  C:\Windows\System\kYaTexI.exe
  2⤵
  PID:8780
- C:\Windows\System\gvgFpbV.exe
  C:\Windows\System\gvgFpbV.exe
  2⤵
  PID:8796
- C:\Windows\System\jabsGSL.exe
  C:\Windows\System\jabsGSL.exe
  2⤵
  PID:8812
- C:\Windows\System\hUxRxNH.exe
  C:\Windows\System\hUxRxNH.exe
  2⤵
  PID:8828
- C:\Windows\System\jlWPcOu.exe
  C:\Windows\System\jlWPcOu.exe
  2⤵
  PID:8844
- C:\Windows\System\iKnjAel.exe
  C:\Windows\System\iKnjAel.exe
  2⤵
  PID:8860
- C:\Windows\System\pTdOxYw.exe
  C:\Windows\System\pTdOxYw.exe
  2⤵
  PID:8876
- C:\Windows\System\yyntfal.exe
  C:\Windows\System\yyntfal.exe
  2⤵
  PID:8892
- C:\Windows\System\oXSVCUO.exe
  C:\Windows\System\oXSVCUO.exe
  2⤵
  PID:8908
- C:\Windows\System\zEaggVe.exe
  C:\Windows\System\zEaggVe.exe
  2⤵
  PID:8924
- C:\Windows\System\IAbKTPp.exe
  C:\Windows\System\IAbKTPp.exe
  2⤵
  PID:8940
- C:\Windows\System\ZeSBFzg.exe
  C:\Windows\System\ZeSBFzg.exe
  2⤵
  PID:8956
- C:\Windows\System\YLQNpOR.exe
  C:\Windows\System\YLQNpOR.exe
  2⤵
  PID:8972
- C:\Windows\System\ePwwTHn.exe
  C:\Windows\System\ePwwTHn.exe
  2⤵
  PID:8988
- C:\Windows\System\HxLyzOF.exe
  C:\Windows\System\HxLyzOF.exe
  2⤵
  PID:9004
- C:\Windows\System\hKSwkkC.exe
  C:\Windows\System\hKSwkkC.exe
  2⤵
  PID:9020
- C:\Windows\System\PUtmhGl.exe
  C:\Windows\System\PUtmhGl.exe
  2⤵
  PID:9036
- C:\Windows\System\VzqnatE.exe
  C:\Windows\System\VzqnatE.exe
  2⤵
  PID:9052
- C:\Windows\System\vSzibYd.exe
  C:\Windows\System\vSzibYd.exe
  2⤵
  PID:9068
- C:\Windows\System\ENBVvuC.exe
  C:\Windows\System\ENBVvuC.exe
  2⤵
  PID:9084
- C:\Windows\System\XjAeLCv.exe
  C:\Windows\System\XjAeLCv.exe
  2⤵
  PID:9100
- C:\Windows\System\MBuklas.exe
  C:\Windows\System\MBuklas.exe
  2⤵
  PID:9116
- C:\Windows\System\aIPtkIP.exe
  C:\Windows\System\aIPtkIP.exe
  2⤵
  PID:9132
- C:\Windows\System\FrRlDZg.exe
  C:\Windows\System\FrRlDZg.exe
  2⤵
  PID:9148
- C:\Windows\System\PSztwcf.exe
  C:\Windows\System\PSztwcf.exe
  2⤵
  PID:9164
- C:\Windows\System\HcbJVfV.exe
  C:\Windows\System\HcbJVfV.exe
  2⤵
  PID:9184
- C:\Windows\System\cAKbXdJ.exe
  C:\Windows\System\cAKbXdJ.exe
  2⤵
  PID:9200
- C:\Windows\System\CwaxjqX.exe
  C:\Windows\System\CwaxjqX.exe
  2⤵
  PID:7232
- C:\Windows\System\PlUjThO.exe
  C:\Windows\System\PlUjThO.exe
  2⤵
  PID:8120
- C:\Windows\System\UuCSnhv.exe
  C:\Windows\System\UuCSnhv.exe
  2⤵
  PID:7896
- C:\Windows\System\bUxMIaE.exe
  C:\Windows\System\bUxMIaE.exe
  2⤵
  PID:8244
- C:\Windows\System\FBFhGeK.exe
  C:\Windows\System\FBFhGeK.exe
  2⤵
  PID:8216
- C:\Windows\System\EEGurDV.exe
  C:\Windows\System\EEGurDV.exe
  2⤵
  PID:8280
- C:\Windows\System\gBihiVk.exe
  C:\Windows\System\gBihiVk.exe
  2⤵
  PID:8292
- C:\Windows\System\bofqsKh.exe
  C:\Windows\System\bofqsKh.exe
  2⤵
  PID:7748
- C:\Windows\System\tIxFwpt.exe
  C:\Windows\System\tIxFwpt.exe
  2⤵
  PID:8228
- C:\Windows\System\YkLpkWM.exe
  C:\Windows\System\YkLpkWM.exe
  2⤵
  PID:8372
- C:\Windows\System\xgeXTrX.exe
  C:\Windows\System\xgeXTrX.exe
  2⤵
  PID:8392
- C:\Windows\System\PwLhdqr.exe
  C:\Windows\System\PwLhdqr.exe
  2⤵
  PID:8436
- C:\Windows\System\vRrNigJ.exe
  C:\Windows\System\vRrNigJ.exe
  2⤵
  PID:8452
- C:\Windows\System\rTmKCLv.exe
  C:\Windows\System\rTmKCLv.exe
  2⤵
  PID:8468
- C:\Windows\System\uqhQYSi.exe
  C:\Windows\System\uqhQYSi.exe
  2⤵
  PID:8480
- C:\Windows\System\DZQmmpg.exe
  C:\Windows\System\DZQmmpg.exe
  2⤵
  PID:8504
- C:\Windows\System\xWSDdvy.exe
  C:\Windows\System\xWSDdvy.exe
  2⤵
  PID:8520
- C:\Windows\System\FwKTFeD.exe
  C:\Windows\System\FwKTFeD.exe
  2⤵
  PID:8536
- C:\Windows\System\XBGDncG.exe
  C:\Windows\System\XBGDncG.exe
  2⤵
  PID:8552
- C:\Windows\System\gYSXbXh.exe
  C:\Windows\System\gYSXbXh.exe
  2⤵
  PID:8564
- C:\Windows\System\vQViLxG.exe
  C:\Windows\System\vQViLxG.exe
  2⤵
  PID:8628
- C:\Windows\System\PiTbVwj.exe
  C:\Windows\System\PiTbVwj.exe
  2⤵
  PID:8692
- C:\Windows\System\oBkoVXc.exe
  C:\Windows\System\oBkoVXc.exe
  2⤵
  PID:8760
- C:\Windows\System\SwtdPqH.exe
  C:\Windows\System\SwtdPqH.exe
  2⤵
  PID:8644
- C:\Windows\System\cOAjJpU.exe
  C:\Windows\System\cOAjJpU.exe
  2⤵
  PID:8744
- C:\Windows\System\JsHfjGn.exe
  C:\Windows\System\JsHfjGn.exe
  2⤵
  PID:8868
- C:\Windows\System\VAnsSbo.exe
  C:\Windows\System\VAnsSbo.exe
  2⤵
  PID:9000
- C:\Windows\System\AqqmfZU.exe
  C:\Windows\System\AqqmfZU.exe
  2⤵
  PID:8248
- C:\Windows\System\ueWlZde.exe
  C:\Windows\System\ueWlZde.exe
  2⤵
  PID:8428
- C:\Windows\System\tuaQPNI.exe
  C:\Windows\System\tuaQPNI.exe
  2⤵
  PID:8584
- C:\Windows\System\cgaUmou.exe
  C:\Windows\System\cgaUmou.exe
  2⤵
  PID:8544
- C:\Windows\System\ZtdtrtO.exe
  C:\Windows\System\ZtdtrtO.exe
  2⤵
  PID:8792
- C:\Windows\System\MbzRgPu.exe
  C:\Windows\System\MbzRgPu.exe
  2⤵
  PID:8616
- C:\Windows\System\eIVnoJB.exe
  C:\Windows\System\eIVnoJB.exe
  2⤵
  PID:8804
- C:\Windows\System\lUCzQQp.exe
  C:\Windows\System\lUCzQQp.exe
  2⤵
  PID:8512
- C:\Windows\System\geRdWNf.exe
  C:\Windows\System\geRdWNf.exe
  2⤵
  PID:8728
- C:\Windows\System\cElBxXQ.exe
  C:\Windows\System\cElBxXQ.exe
  2⤵
  PID:8708
- C:\Windows\System\TiSagVq.exe
  C:\Windows\System\TiSagVq.exe
  2⤵
  PID:8932
- C:\Windows\System\PGyGJcH.exe
  C:\Windows\System\PGyGJcH.exe
  2⤵
  PID:8968
- C:\Windows\System\qTMUrvr.exe
  C:\Windows\System\qTMUrvr.exe
  2⤵
  PID:8916
- C:\Windows\System\tAeyYiD.exe
  C:\Windows\System\tAeyYiD.exe
  2⤵
  PID:8948
- C:\Windows\System\dSbsnWy.exe
  C:\Windows\System\dSbsnWy.exe
  2⤵
  PID:9012
- C:\Windows\System\KNhfiQu.exe
  C:\Windows\System\KNhfiQu.exe
  2⤵
  PID:9064
- C:\Windows\System\WgnJEDf.exe
  C:\Windows\System\WgnJEDf.exe
  2⤵
  PID:9128
- C:\Windows\System\fSIQaQB.exe
  C:\Windows\System\fSIQaQB.exe
  2⤵
  PID:9108
- C:\Windows\System\LdiqGgy.exe
  C:\Windows\System\LdiqGgy.exe
  2⤵
  PID:9044
- C:\Windows\System\zJnCHPw.exe
  C:\Windows\System\zJnCHPw.exe
  2⤵
  PID:9192
- C:\Windows\System\qiYzHPj.exe
  C:\Windows\System\qiYzHPj.exe
  2⤵
  PID:8108
- C:\Windows\System\jFnZqRi.exe
  C:\Windows\System\jFnZqRi.exe
  2⤵
  PID:8312
- C:\Windows\System\yMRdLgh.exe
  C:\Windows\System\yMRdLgh.exe
  2⤵
  PID:9212
- C:\Windows\System\kUBbjJI.exe
  C:\Windows\System\kUBbjJI.exe
  2⤵
  PID:7764
- C:\Windows\System\jXUZGlw.exe
  C:\Windows\System\jXUZGlw.exe
  2⤵
  PID:8040
- C:\Windows\System\IzpWQMJ.exe
  C:\Windows\System\IzpWQMJ.exe
  2⤵
  PID:7996
- C:\Windows\System\WznJycp.exe
  C:\Windows\System\WznJycp.exe
  2⤵
  PID:8368
- C:\Windows\System\FJrgJLE.exe
  C:\Windows\System\FJrgJLE.exe
  2⤵
  PID:8404
- C:\Windows\System\ububrLt.exe
  C:\Windows\System\ububrLt.exe
  2⤵
  PID:8496
- C:\Windows\System\FwONPWU.exe
  C:\Windows\System\FwONPWU.exe
  2⤵
  PID:8580
- C:\Windows\System\AuDvEUL.exe
  C:\Windows\System\AuDvEUL.exe
  2⤵
  PID:8836
- C:\Windows\System\mQtClMd.exe
  C:\Windows\System\mQtClMd.exe
  2⤵
  PID:9032
- C:\Windows\System\QRxtzok.exe
  C:\Windows\System\QRxtzok.exe
  2⤵
  PID:9076
- C:\Windows\System\dALuDVf.exe
  C:\Windows\System\dALuDVf.exe
  2⤵
  PID:8328
- C:\Windows\System\RJpMDhE.exe
  C:\Windows\System\RJpMDhE.exe
  2⤵
  PID:8384
- C:\Windows\System\QSGmwXa.exe
  C:\Windows\System\QSGmwXa.exe
  2⤵
  PID:8532
- C:\Windows\System\oYjTbsZ.exe
  C:\Windows\System\oYjTbsZ.exe
  2⤵
  PID:8464
- C:\Windows\System\awCzLul.exe
  C:\Windows\System\awCzLul.exe
  2⤵
  PID:8740
- C:\Windows\System\TfpSaxp.exe
  C:\Windows\System\TfpSaxp.exe
  2⤵
  PID:8904
- C:\Windows\System\SstzZVF.exe
  C:\Windows\System\SstzZVF.exe
  2⤵
  PID:8660
- C:\Windows\System\VvadLri.exe
  C:\Windows\System\VvadLri.exe
  2⤵
  PID:8260
- C:\Windows\System\uSnpjUH.exe
  C:\Windows\System\uSnpjUH.exe
  2⤵
  PID:9196
- C:\Windows\System\jSNeZyd.exe
  C:\Windows\System\jSNeZyd.exe
  2⤵
  PID:9096
- C:\Windows\System\DpxvWaf.exe
  C:\Windows\System\DpxvWaf.exe
  2⤵
  PID:8484
- C:\Windows\System\zYirsUk.exe
  C:\Windows\System\zYirsUk.exe
  2⤵
  PID:7300
- C:\Windows\System\PnjDNHo.exe
  C:\Windows\System\PnjDNHo.exe
  2⤵
  PID:8996
- C:\Windows\System\aPhAViK.exe
  C:\Windows\System\aPhAViK.exe
  2⤵
  PID:9176
- C:\Windows\System\VVEHGgJ.exe
  C:\Windows\System\VVEHGgJ.exe
  2⤵
  PID:8596
- C:\Windows\System\YnOheMI.exe
  C:\Windows\System\YnOheMI.exe
  2⤵
  PID:8612
- C:\Windows\System\mRDLYrl.exe
  C:\Windows\System\mRDLYrl.exe
  2⤵
  PID:9224
- C:\Windows\System\DFNhqrP.exe
  C:\Windows\System\DFNhqrP.exe
  2⤵
  PID:9240
- C:\Windows\System\UvhFmNo.exe
  C:\Windows\System\UvhFmNo.exe
  2⤵
  PID:9256
- C:\Windows\System\JwWTzvH.exe
  C:\Windows\System\JwWTzvH.exe
  2⤵
  PID:9272
- C:\Windows\System\DyLKDrw.exe
  C:\Windows\System\DyLKDrw.exe
  2⤵
  PID:9288
- C:\Windows\System\pCFCTek.exe
  C:\Windows\System\pCFCTek.exe
  2⤵
  PID:9304
- C:\Windows\System\rClshKu.exe
  C:\Windows\System\rClshKu.exe
  2⤵
  PID:9320
- C:\Windows\System\abaBUvc.exe
  C:\Windows\System\abaBUvc.exe
  2⤵
  PID:9336
- C:\Windows\System\LHdBqVX.exe
  C:\Windows\System\LHdBqVX.exe
  2⤵
  PID:9352
- C:\Windows\System\imqViRI.exe
  C:\Windows\System\imqViRI.exe
  2⤵
  PID:9368
- C:\Windows\System\liHfyEC.exe
  C:\Windows\System\liHfyEC.exe
  2⤵
  PID:9384
- C:\Windows\System\KlSYaxW.exe
  C:\Windows\System\KlSYaxW.exe
  2⤵
  PID:9400
- C:\Windows\System\XUruPaq.exe
  C:\Windows\System\XUruPaq.exe
  2⤵
  PID:9416
- C:\Windows\System\WNfBaUl.exe
  C:\Windows\System\WNfBaUl.exe
  2⤵
  PID:9432
- C:\Windows\System\vhedTMO.exe
  C:\Windows\System\vhedTMO.exe
  2⤵
  PID:9452
- C:\Windows\System\ylJXcID.exe
  C:\Windows\System\ylJXcID.exe
  2⤵
  PID:9468
- C:\Windows\System\QvPxcNt.exe
  C:\Windows\System\QvPxcNt.exe
  2⤵
  PID:9484
- C:\Windows\System\lImhUqY.exe
  C:\Windows\System\lImhUqY.exe
  2⤵
  PID:9500
- C:\Windows\System\wjjvNBX.exe
  C:\Windows\System\wjjvNBX.exe
  2⤵
  PID:9516
- C:\Windows\System\QeZtzae.exe
  C:\Windows\System\QeZtzae.exe
  2⤵
  PID:9532
- C:\Windows\System\HJzPpmp.exe
  C:\Windows\System\HJzPpmp.exe
  2⤵
  PID:9548
- C:\Windows\System\RGhdDuI.exe
  C:\Windows\System\RGhdDuI.exe
  2⤵
  PID:9564
- C:\Windows\System\khTCJDi.exe
  C:\Windows\System\khTCJDi.exe
  2⤵
  PID:9580
- C:\Windows\System\JuNpxDZ.exe
  C:\Windows\System\JuNpxDZ.exe
  2⤵
  PID:9596
- C:\Windows\System\prsencS.exe
  C:\Windows\System\prsencS.exe
  2⤵
  PID:9612
- C:\Windows\System\wWFxveK.exe
  C:\Windows\System\wWFxveK.exe
  2⤵
  PID:9628
- C:\Windows\System\rcmIjHl.exe
  C:\Windows\System\rcmIjHl.exe
  2⤵
  PID:9644
- C:\Windows\System\MKZbiRw.exe
  C:\Windows\System\MKZbiRw.exe
  2⤵
  PID:9660
- C:\Windows\System\TXmKQoZ.exe
  C:\Windows\System\TXmKQoZ.exe
  2⤵
  PID:9676
- C:\Windows\System\MXmDOVK.exe
  C:\Windows\System\MXmDOVK.exe
  2⤵
  PID:9692
- C:\Windows\System\BgLkuLm.exe
  C:\Windows\System\BgLkuLm.exe
  2⤵
  PID:9708
- C:\Windows\System\TRXxnkS.exe
  C:\Windows\System\TRXxnkS.exe
  2⤵
  PID:9724
- C:\Windows\System\JqIpUYN.exe
  C:\Windows\System\JqIpUYN.exe
  2⤵
  PID:9740
- C:\Windows\System\YuKrkIV.exe
  C:\Windows\System\YuKrkIV.exe
  2⤵
  PID:9756
- C:\Windows\System\TSjxpQj.exe
  C:\Windows\System\TSjxpQj.exe
  2⤵
  PID:9772
- C:\Windows\System\YvewcpL.exe
  C:\Windows\System\YvewcpL.exe
  2⤵
  PID:9788
- C:\Windows\System\NqokEsl.exe
  C:\Windows\System\NqokEsl.exe
  2⤵
  PID:9804
- C:\Windows\System\QqnTFiG.exe
  C:\Windows\System\QqnTFiG.exe
  2⤵
  PID:9820
- C:\Windows\System\UPSBosM.exe
  C:\Windows\System\UPSBosM.exe
  2⤵
  PID:9836
- C:\Windows\System\IqHafun.exe
  C:\Windows\System\IqHafun.exe
  2⤵
  PID:9852
- C:\Windows\System\AIuHgzj.exe
  C:\Windows\System\AIuHgzj.exe
  2⤵
  PID:9868
- C:\Windows\System\dVqyErv.exe
  C:\Windows\System\dVqyErv.exe
  2⤵
  PID:9888
- C:\Windows\System\GUbczbX.exe
  C:\Windows\System\GUbczbX.exe
  2⤵
  PID:9904
- C:\Windows\System\oLNwUWc.exe
  C:\Windows\System\oLNwUWc.exe
  2⤵
  PID:9920
- C:\Windows\System\eJaxLoh.exe
  C:\Windows\System\eJaxLoh.exe
  2⤵
  PID:9936
- C:\Windows\System\CWEdYhL.exe
  C:\Windows\System\CWEdYhL.exe
  2⤵
  PID:9952
- C:\Windows\System\wOUjqUn.exe
  C:\Windows\System\wOUjqUn.exe
  2⤵
  PID:9968
- C:\Windows\System\eqhrGCZ.exe
  C:\Windows\System\eqhrGCZ.exe
  2⤵
  PID:9984
- C:\Windows\System\dOLqeiy.exe
  C:\Windows\System\dOLqeiy.exe
  2⤵
  PID:10000
- C:\Windows\System\bnrGDjb.exe
  C:\Windows\System\bnrGDjb.exe
  2⤵
  PID:10016
- C:\Windows\System\PlCfXJs.exe
  C:\Windows\System\PlCfXJs.exe
  2⤵
  PID:10032
- C:\Windows\System\mWEDkni.exe
  C:\Windows\System\mWEDkni.exe
  2⤵
  PID:10048
- C:\Windows\System\UuCmVny.exe
  C:\Windows\System\UuCmVny.exe
  2⤵
  PID:10064
- C:\Windows\System\sKoiUYd.exe
  C:\Windows\System\sKoiUYd.exe
  2⤵
  PID:10080
- C:\Windows\System\PYJXNdB.exe
  C:\Windows\System\PYJXNdB.exe
  2⤵
  PID:10096
- C:\Windows\System\EHOcViQ.exe
  C:\Windows\System\EHOcViQ.exe
  2⤵
  PID:10112
- C:\Windows\System\snXPqcf.exe
  C:\Windows\System\snXPqcf.exe
  2⤵
  PID:10128
- C:\Windows\System\YwJghtG.exe
  C:\Windows\System\YwJghtG.exe
  2⤵
  PID:10144
- C:\Windows\System\zbGtuhf.exe
  C:\Windows\System\zbGtuhf.exe
  2⤵
  PID:10160
- C:\Windows\System\vvVUxWF.exe
  C:\Windows\System\vvVUxWF.exe
  2⤵
  PID:10176
- C:\Windows\System\HxeNQOh.exe
  C:\Windows\System\HxeNQOh.exe
  2⤵
  PID:10192
- C:\Windows\System\RTuHtzY.exe
  C:\Windows\System\RTuHtzY.exe
  2⤵
  PID:10208
- C:\Windows\System\ftKgSeB.exe
  C:\Windows\System\ftKgSeB.exe
  2⤵
  PID:10224
- C:\Windows\System\aWfWPRZ.exe
  C:\Windows\System\aWfWPRZ.exe
  2⤵
  PID:8408
- C:\Windows\System\LiqjaYt.exe
  C:\Windows\System\LiqjaYt.exe
  2⤵
  PID:8492
- C:\Windows\System\WdHDqEU.exe
  C:\Windows\System\WdHDqEU.exe
  2⤵
  PID:8448
- C:\Windows\System\jFMDEHj.exe
  C:\Windows\System\jFMDEHj.exe
  2⤵
  PID:9252
- C:\Windows\System\LqETNDw.exe
  C:\Windows\System\LqETNDw.exe
  2⤵
  PID:9060
- C:\Windows\System\dgsSKZU.exe
  C:\Windows\System\dgsSKZU.exe
  2⤵
  PID:9268
- C:\Windows\System\XkjHMYA.exe
  C:\Windows\System\XkjHMYA.exe
  2⤵
  PID:8420
- C:\Windows\System\VdxkhqB.exe
  C:\Windows\System\VdxkhqB.exe
  2⤵
  PID:8884
- C:\Windows\System\aaclRan.exe
  C:\Windows\System\aaclRan.exe
  2⤵
  PID:9332
- C:\Windows\System\wLjiPIb.exe
  C:\Windows\System\wLjiPIb.exe
  2⤵
  PID:9392
- C:\Windows\System\AVkSNrf.exe
  C:\Windows\System\AVkSNrf.exe
  2⤵
  PID:9424
- C:\Windows\System\CjHPdjc.exe
  C:\Windows\System\CjHPdjc.exe
  2⤵
  PID:9408
- C:\Windows\System\ewHrlQv.exe
  C:\Windows\System\ewHrlQv.exe
  2⤵
  PID:9476
- C:\Windows\System\BYtrGId.exe
  C:\Windows\System\BYtrGId.exe
  2⤵
  PID:9540
- C:\Windows\System\tDdwLgQ.exe
  C:\Windows\System\tDdwLgQ.exe
  2⤵
  PID:9496
- C:\Windows\System\kAhOQtl.exe
  C:\Windows\System\kAhOQtl.exe
  2⤵
  PID:9608
- C:\Windows\System\xsqJgxS.exe
  C:\Windows\System\xsqJgxS.exe
  2⤵
  PID:9556
- C:\Windows\System\jNCjnMU.exe
  C:\Windows\System\jNCjnMU.exe
  2⤵
  PID:9588
- C:\Windows\System\nVmhzrK.exe
  C:\Windows\System\nVmhzrK.exe
  2⤵
  PID:9688
- C:\Windows\System\JyiojEo.exe
  C:\Windows\System\JyiojEo.exe
  2⤵
  PID:9668
- C:\Windows\System\qFqMATQ.exe
  C:\Windows\System\qFqMATQ.exe
  2⤵
  PID:9732
- C:\Windows\System\RRrarmD.exe
  C:\Windows\System\RRrarmD.exe
  2⤵
  PID:9844
- C:\Windows\System\EBvoNXn.exe
  C:\Windows\System\EBvoNXn.exe
  2⤵
  PID:9812
- C:\Windows\System\updsnwO.exe
  C:\Windows\System\updsnwO.exe
  2⤵
  PID:9884
- C:\Windows\System\LuUXrvX.exe
  C:\Windows\System\LuUXrvX.exe
  2⤵
  PID:9800
- C:\Windows\System\XvNsUvx.exe
  C:\Windows\System\XvNsUvx.exe
  2⤵
  PID:9864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\EEcIRNF.exe

Filesize
6.0MB

MD5
e36b69cf72fa5763ccfe44cceb2305ca

SHA1
ea6488bdc875b4c02c1665ce2df2124a6c8da398

SHA256
e8e2db2c924be12ecb765f33ae664c17620c6497a3cf6fb3135d56a33058280b

SHA512
ed0ea5b4efa49fe1897ed60bcba8f774f94a1c90938cd2d75f9944c0be731b8e548140e11ef8faf9051d182b9ebd5d6cebf3c82449b2930b92c2dff86329a288

Download Submit
C:\Windows\system\HOVgzRO.exe

Filesize
6.0MB

MD5
8401146bdae23ffc9e4c158edd747fb2

SHA1
5e16f18637381759520a09d4d6f807ae34271b2e

SHA256
c4db170ada5e26e3fdc2002f8fee5f1ab483c4ddf1c22a2e4874c32f0f0c653d

SHA512
3a8ebf2a5a8643e9afb61e774f6062c7fa06d6fb3917e0f014d37656f829f4d4e1f60552ea591d9aa166f15a8a41e4b0d52aac75199cf1740c798144b2c118e7

Download Submit
C:\Windows\system\JIbYCmn.exe

Filesize
6.0MB

MD5
62c5d5fc4005ea59dce20df539bf375d

SHA1
87eace0ec45255f9c193a8361cc8a5a44086a10a

SHA256
39c0f145ca64d499ebfd3341c2600f990e3314c1b897f4e02b67d6dd9f04acc7

SHA512
2cee822d669df7d8e6a2a8ca14b5b0765886cccb200fccd1c702350a80bdd4c96702f4c8393ac724d7bdef8094d42564b26b0214d5e45ad6eba096beaed79533

Download Submit
C:\Windows\system\OijeQNL.exe

Filesize
6.0MB

MD5
a82cc81d34e1a935c0dc8972972f4d02

SHA1
a95ce7c5b705da0d409b004a9425a5dc887fdae5

SHA256
e3457377dd7c306e1373d2c2a24776e047d704f505636a23e09a2da8c5aa5128

SHA512
e5064767238f92e2f2a5ed7c974c168893176694397fafa13b9797beec2b83a226cc79bf16bd90a6224a29576f00ad96031c0ac08628e825bc9be31792c82de7

Download Submit
C:\Windows\system\PNlMOta.exe

Filesize
6.0MB

MD5
3360edf5bb361249a39e18117b6b06b3

SHA1
9fbe1abf9a7c7c391720f928c4d8050c00a145da

SHA256
8c2b86ab6f215ef955b78d3c281e749f12803f4f6b717a5a379db691dc86a401

SHA512
7faa4056d7a1cade7df58df41c248a82a8e2f8a840a4245cbc26784fc8ba687f1dd19bf644c8d1f8bb478e66e06a6c54e0604762599d062ce25fecee0ec09045

Download Submit
C:\Windows\system\PVneIuu.exe

Filesize
6.0MB

MD5
7369a313a5930ead488cf026abeb491f

SHA1
b6f4db09db402c2615eb26d7ee7215285d072759

SHA256
039620ef2fb20eff362058f7a18971c606886dcf54b88d794d4ce9e12e4253b0

SHA512
b75788ed43440cc7f01334523d15836eccca5eb37d1d94bf6aad71c36b0fbbc7928faddd4274bc3703e438d951a6c3e76d6499567f7dfe77d2d27b6bc005a55c

Download Submit
C:\Windows\system\QnriMsG.exe

Filesize
6.0MB

MD5
ed61bc91b2a63aad44ba660751a36668

SHA1
5d66565d84f2ef6dc43b140d0a95b3a2428b1c08

SHA256
c481fcce79196b1d34d5c0071f4dd0ff5e780e5a64ff8ec27150e250cf6104d8

SHA512
00206e89bca96019ef9995993dee2047e910bc6997affd885e4d4a4f1bab102920e6ddda100f709b31439015171ca25b5313134dc827838e1e2cb8ebbc862236

Download Submit
C:\Windows\system\SUlsbab.exe

Filesize
6.0MB

MD5
a376a09e5d21042e02b4190cadf600f7

SHA1
73854987dfe8c8333e675a03171dd11e09a7ff3a

SHA256
d8d08ca20b84852a622ab2350b22681172944ea725a24864c61766541e972e2f

SHA512
0ae1e457bdce6e8e690284775f9677796b0f4fe4fa21fc6366e7fe2676c72e73247a9f1998adbcb01a705c786c52c02e94a50a4cee90a36282a972e8285d4f7b

Download Submit
C:\Windows\system\SokITek.exe

Filesize
6.0MB

MD5
a7bf7546b414b0e82feae21120944a00

SHA1
9e4d6c415a7e876a019b06f2e56ef97f69adf1d0

SHA256
27c6c2991bb053314fca80dfadb77606a069268a09e8786d844cb5b5a013883d

SHA512
dd89777960c8c1c105e067b0fc54bc5936c38370005cba292dd62257e5a482ec89459fb242d7ac696c7a8e2584e8d617e0e36ee928196c8f668565295c338baf

Download Submit
C:\Windows\system\WIechvZ.exe

Filesize
6.0MB

MD5
7530ed7d4fee58ceb1036ea6586b6eae

SHA1
b16e551ef1e75db5755323b2b2b609fa7fea1103

SHA256
ca54ea352b7cbcbf30e001e3c0160d69d06960ecdd7c9e0985bb8ebdbce33103

SHA512
fa8bd619a17af5b78069760dc364c5cf19f68580ee2acb4e8ac75a7052fab3e013ba7c115849ea4fe6818c93dc6f58df424419e8141820ed7c47df53f6d9a61d

Download Submit
C:\Windows\system\YLKWoCJ.exe

Filesize
6.0MB

MD5
c4a2678f9aa7614aa84c67a021aea1fc

SHA1
0ac653cf023119092bcecf1f8e54a53253a67bd9

SHA256
70dd7ce74653ace2f85a6853221616e4a13b0d8471974ef9aee17837b8fb744c

SHA512
a5d88e31e48a2af05f2e5339f75a72729ce4cfdbe3e1faf87b89496ace36b949f5447b6347ef0ae9ed490854eca7405d1dd705ee3a54e1328ed04f8eca884855

Download Submit
C:\Windows\system\YgatNAO.exe

Filesize
6.0MB

MD5
a27f3e72532dae0459553259d78be597

SHA1
f1e4b9bb11c6a6dc95554034c7cdacc5fad5a15b

SHA256
cb69d7cd46c17f1e7973c815369f1e5a7e5ae157914df4a9c7f925d1790b06ae

SHA512
3ff95dc1ba0e3438a3b856628d24ec095c01351ff91f14202b4fb723764f4a2d530acc7982f85cf0014cd213c8b8847448eceb7597f0588cd37aa4a52db35448

Download Submit
C:\Windows\system\ZhSWybk.exe

Filesize
6.0MB

MD5
281951f7e5de6ddc970b20874705f0a1

SHA1
3ba458ba27ceb447a8b2144b302131dac56e8885

SHA256
14b548ca82373a77df5cb75f814f1b332813f2684694dee0501a897ae7bfa0d6

SHA512
0e51d6440a6a43058845409fa2a15ab9b2618aef46b6233a7ff5528312bf0fe331a4d675114adba657575b9aca3dfe7ea25567b6cfbf6b41b6b0bbdb3a8cd364

Download Submit
C:\Windows\system\evftTiQ.exe

Filesize
6.0MB

MD5
06385add6d04810dcd7fc5ea23388827

SHA1
f770e60268a631de9a8b86d138698df5231dd02a

SHA256
c6db51c3e1a86cb16f62eb06172e3038a9426d50118bdf35023ace0f6e374a0e

SHA512
4a953b6466711802b943924409fc9b6fa7e58652a6b270234eedcf58ca9f25c8bee13afd4b04934066c692c3838a8207958450948983203271edc22d2f13b7e9

Download Submit
C:\Windows\system\gWjvvld.exe

Filesize
6.0MB

MD5
185e54e426a8765174b83482b237f5d2

SHA1
f8b4ea95fdd4f7210a71a69a1127620352d3bb97

SHA256
37e6d34851b93aaa5f83072955252a57d7de38129813846414749fbe7202737b

SHA512
3ea5de284b973e33819a1d05529fd6863696efb30be35b462ad84eeef8aa3cc3461abb651faff19f2c31976ac36ab78b3a7114751d73c83369da9cb664f0244c

Download Submit
C:\Windows\system\iVuRfBo.exe

Filesize
6.0MB

MD5
203bdafee00a4956dc7d75c1c61a57fe

SHA1
49f936064564515796e3267358c713c58a239004

SHA256
0198490ffcf01d73f2a54bd6fb7de305696d4d7e04bf5dc3ab1873876d0b1abc

SHA512
887ea2986dc868710d5645e3031f666ca0daea49fa2dc520e764bfd504c65fa732c041a11cfadc8de282e9fa2f0db342bc442133070784fdbce5d7a68815e914

Download Submit
C:\Windows\system\jfTaJmY.exe

Filesize
6.0MB

MD5
5f31de3682bae32b8c89bdc19821ad67

SHA1
558b2808634929c307018e0b6931028739af034c

SHA256
a858ed59872af8e8223c6e5c9f35a2f84f83718b29564e231104cba959009e65

SHA512
82715601d815b1dfda7f29da2bbdb97d60d55bb74a3c8ad88dba2397f1c23e1c12f1e44222f919c0b776768947a04417c1620908054ed8124201925f2ee7268b

Download Submit
C:\Windows\system\kGDdMBz.exe

Filesize
6.0MB

MD5
62605bce4e6f6598db5eb111f683274b

SHA1
d7225c7fbaa31bd5e956fc52fa099638c74e81f7

SHA256
37e0b55b031bdcecbcf11dc16fff6b2a92613e76cc474d4546ccd0b1e2980c49

SHA512
9c2232e47508156c02359b67a02834e3cc94a513c7ab22a06aded68e6b0103308cf0fae36a65d409734d75143bda0ae219e0732d8e6e01ed352030f9987b643a

Download Submit
C:\Windows\system\mPYbekj.exe

Filesize
6.0MB

MD5
50e4a0b9c5a90ec8aa23f580a60b7034

SHA1
0cd84ec73dab624274d58ecc3039e2d593e751f8

SHA256
284b32b57db8fa5591d099a668f4ce886181ed31a1c14278b28d9dfba3d3ead1

SHA512
a27eca33dcac08f32beb8b83bbe87e5ce4e36a44d5eb9aaa1d6eacf9a2265d364a761de3204e80770288d521ef02ee25f70e69536b3d4b6c6b728f193fd21caf

Download Submit
C:\Windows\system\nGhYhln.exe

Filesize
6.0MB

MD5
d75cee8b3437753b5d9baa341f1e5fcd

SHA1
bcc9c4dac7ba42c232c67d412c2125792c1808b5

SHA256
a4bbe05295dc2cd8339a29ae34c8d4acfa75e2d7a1c8976f768fba4be746a613

SHA512
f339249e7ae86ca1707a8e4c88f1fc151e18d26da2ee4c2b55a68572b9f37a17b48cedaf3281d007d994f14c357d916bf2a9edf944f43fcc6c24cdb8bc06958b

Download Submit
C:\Windows\system\vAoYUZv.exe

Filesize
6.0MB

MD5
1149f77a0029b399fef6fefc30c23637

SHA1
a2d817f34811dfb1946b4e3f40b3b49dbff08ce6

SHA256
298a1c640743f318e7c3e10f0826347997063ee17d6d4c21a99c7e5029ce20d4

SHA512
82a84179cab1cd04a32c0d1bf3aec11f5394d224767c4720e5a41921225dea2b49cb1e64ba119d16845473c92ff7ad3191bb12ea9a0ba2d02da2dccc990533ac

Download Submit
C:\Windows\system\wEaRlOV.exe

Filesize
6.0MB

MD5
baab2bd76b858dc82e365b0dc2bb70d7

SHA1
0e6f6143cd8171d31c1c94586dedbc68ebcc02d8

SHA256
641a0f8e8ff4043277d8882a1cd861948afad3817b532c106643198995ca624b

SHA512
3dba519e5e2d64666e83be2545683402a1f840ab6c3720a49a573d624aff91db0838b3904becc12f7f2a0b79712893d72b94ba1ae4963b0255bcb51373b6e2ff

Download Submit
C:\Windows\system\xUbXAVE.exe

Filesize
6.0MB

MD5
7f7f259471e198facf6fddaea8f27278

SHA1
2ef9a8a798e874e430e1fc1b7d8353d388bead5f

SHA256
00d02733b997e48178762555325d3a37b5f2d54265fa21f4e4fa4a96b6d6bf50

SHA512
8ac5608df093664cfd3863e9881bb00807a187e3b6bcd290e5aefc3da9e5cb097e6454b219a135b0286650e178eeb71536fceab759514491d20fbad37e9f3253

Download Submit
\Windows\system\EtKCrKe.exe

Filesize
6.0MB

MD5
3d99c43cd5f758f7be7469dd98fe24d3

SHA1
30f78cfee3d27149710a2291405a2f90cce70d01

SHA256
ce0fce6ccbc0b704e770671c09fbbeb706b43f0d2998ed686431b851deb66bb5

SHA512
e4f867eca99311babfb5638597068206f2f9ed964e26d92ff6579b6a5b86c96031d09f2a9604c4f872edc9a3909e7421d8ac766588e2cf1038a64c7d2f33c70d

Download Submit
\Windows\system\HDIDDWV.exe

Filesize
6.0MB

MD5
39ad4ba94fb85689fab565e6f72fe539

SHA1
c94e2140a513501400a7d9ab34acf9aadd3d1ad4

SHA256
b258b1231920bf84f9129b62fff2d447f4164caf8f38171161b0790d20413666

SHA512
1577197ff3f555144e819baa53d69c087fb82581167fd86bedb5743b3c0dd88044ff5195f31fc43ed6f0e94e97fc6107e52539d4d2a3937980284ab520715acc

Download Submit
\Windows\system\IJzGZoc.exe

Filesize
6.0MB

MD5
39072536d79bd69154f93341b2607332

SHA1
5a3570311fe957da0077d7b596ce3ca8788376b8

SHA256
e5c53aa6281f3dd59ea821ee99df130f16226c26306106d4fa534057fc5a049f

SHA512
e17f7212648e48ae0c2f28dc02b536707974b806d50dd2f33d7ded5f3af4a28d76f55b5d91f12df991c488147dfc6e86f645880e320e4c4d53f06390b73f6d37

Download Submit
\Windows\system\PgHTxIa.exe

Filesize
6.0MB

MD5
50757beb2f233a869fc82088ebfb10c3

SHA1
6d3d27bb671313839f4e6b0180a46f3532bbe3c4

SHA256
d4e094f2b3428a74352c259ca3e406ff272b626e9ab210a2d4f8ca5ff5e03968

SHA512
0b1552fb71466b1d032a0c60536c014f91a54d1d32351f67c6ed335d447a8f1e7a0188d64a378a7a9bab4a756bd0f0d48e46a3bc2ef8abae5af156b95f379dd0

Download Submit
\Windows\system\kCOcVIc.exe

Filesize
6.0MB

MD5
b4e5a1932ff881cf221629dcb26cc2e4

SHA1
cde4e7947e8e7b89128ffadfc09539b1cfd63a71

SHA256
cd998bd9da88a201716bd60e3aa534af50079e0c0d95c3c3f4972ada7259d6bc

SHA512
d25c01dcf015427251ff29181a3080d35adfd1b9d6a6653fcd109b707cd300d7dfa37436a2c409cd5e77d2ee1a90b302e5e87843adad38c5493f2e1677189a36

Download Submit
\Windows\system\mEizGSk.exe

Filesize
6.0MB

MD5
9c9f8250c381caea4c49420f8f2e24ac

SHA1
33b6e9027c98adea346865f53e7bdc2a0bce813b

SHA256
d58548325bd31f936003b213fd9b893e2f093f9891dbdb13d777c534c81f36df

SHA512
489b071c54917ebbbc2ac9ef75ad62cb1c29d0a27a410285fa128a46bd4737169a457329da21ad5a240679965a0e6e5c3066b3c505c7a6d81faf648c7acb52a4

Download Submit
\Windows\system\mgBvdsG.exe

Filesize
6.0MB

MD5
b35753f16af468aaed09524894478078

SHA1
e5cf24a82217aa552f9e926f70e7b22f8c6149a5

SHA256
a21b0044e1f63e6ae0652d8bc17156cd9b01abddcc27cbf1f6ca1812923094b3

SHA512
6e7179d7ad478cc71b3d12883b79317fc6e91eb1f2e8462bd7cd1c0167594476d13cc7c2d415538626a1d3324f6b3710bd3a15b763c5aea9d3cb9317dab4bee1

Download Submit
\Windows\system\pdxUDHH.exe

Filesize
6.0MB

MD5
24710cf9ee00eaf18e1d3afb6d42af55

SHA1
859bfd6affe6ac5fe1562a0741b4fbfc4487d4d4

SHA256
c3b526470cba9cc9f420c160efc7f0ee53bc9aedb90b254f0dd4140173a3ad15

SHA512
6e803384271ec34f56ef45ebb7b8703bf8e6a96d8c9eda5bd0692c585ca7560add55ed59e10ef883429a0d6c5ba967ac076dfed025a9a9d486ecd7144d869caa

Download Submit
\Windows\system\vDYdryd.exe

Filesize
6.0MB

MD5
40c5497da6aeaa04e4aebff9ddd74f83

SHA1
19b510bb586873e83e67a013e07ff0748bb421b0

SHA256
ad4eb12b20a336a29fd86a35db947be667a7cd58add7ea735adf3e859298a20b

SHA512
88505cce991d8730f0bb7811240b9f3e21876c8b95c91c7578fcfdc8982d639f7d189d6187f0e7394cc941cdac9e04a951479862d18762a98fd06e2a7de3af12

Download Submit
memory/1484-106-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1484-4068-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1708-40-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/1708-8-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/1708-3757-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/1972-59-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/1972-20-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2108-52-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2108-100-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2108-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2108-22-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2108-505-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2108-640-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2108-17-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2108-66-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2108-33-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2108-72-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2108-75-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2108-202-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2108-60-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2108-0-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2108-101-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2108-42-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2108-31-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2108-108-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2108-37-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2108-96-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2108-104-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2108-93-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2204-3806-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-81-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-268-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2340-69-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2340-3767-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2340-27-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-43-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-13-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-90-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-4067-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3777-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2644-88-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2772-3795-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2772-80-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2772-203-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2804-34-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2804-76-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2804-3793-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2840-3774-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-92-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-58-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3773-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-87-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-41-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-97-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2900-4069-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/3008-63-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/3008-3786-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download