cobaltstrike | 8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 01:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
Size

6.0MB
MD5

23ab0e1409e89684ced1b73fb217b822
SHA1

6c0fac1924a2e0f1d4c88e576ac97cfb605f29c7
SHA256

8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb
SHA512

0c95ce1bad426fef87583d1949feaf009252801ed33eba053a8bac1d04c93f510b71f05b6b2646fba99efe702dbe3b20d805a8951c902a0699f1113f15e5073e
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lU4:eOl56utgpPF8u/74

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0003000000012000-6.dat	cobalt_reflective_dll
behavioral1/files/0x000e000000018676-11.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186ea-38.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186ee-48.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186fd-53.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019619-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019617-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019611-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019613-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960f-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960b-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019609-106.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-99.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019582-92.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950c-84.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019461-76.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-66.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944f-71.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001873d-58.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018683-37.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186e4-32.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174cc-12.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2356-0-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/files/0x0003000000012000-6.dat	xmrig
behavioral1/memory/2216-8-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/files/0x000e000000018676-11.dat	xmrig
behavioral1/files/0x00060000000186ea-38.dat	xmrig
behavioral1/files/0x00060000000186ee-48.dat	xmrig
behavioral1/memory/2700-49-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2560-59-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x00060000000186fd-53.dat	xmrig
behavioral1/memory/2572-67-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2680-78-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2560-89-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x000500000001961f-149.dat	xmrig
behavioral1/memory/2356-450-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x0005000000019667-169.dat	xmrig
behavioral1/files/0x0005000000019625-165.dat	xmrig
behavioral1/files/0x0005000000019623-161.dat	xmrig
behavioral1/files/0x0005000000019621-154.dat	xmrig
behavioral1/files/0x0005000000019622-158.dat	xmrig
behavioral1/files/0x000500000001961d-146.dat	xmrig
behavioral1/files/0x0005000000019619-138.dat	xmrig
behavioral1/files/0x000500000001961b-141.dat	xmrig
behavioral1/files/0x0005000000019615-130.dat	xmrig
behavioral1/files/0x0005000000019617-133.dat	xmrig
behavioral1/files/0x0005000000019611-122.dat	xmrig
behavioral1/files/0x000500000001960d-114.dat	xmrig
behavioral1/files/0x0005000000019613-125.dat	xmrig
behavioral1/files/0x000500000001960f-117.dat	xmrig
behavioral1/files/0x000500000001960b-109.dat	xmrig
behavioral1/files/0x0005000000019609-106.dat	xmrig
behavioral1/files/0x00050000000195c5-99.dat	xmrig
behavioral1/memory/2764-95-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2356-94-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019582-92.dat	xmrig
behavioral1/memory/2700-88-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2524-87-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/files/0x000500000001950c-84.dat	xmrig
behavioral1/memory/2604-80-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2356-79-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x0005000000019461-76.dat	xmrig
behavioral1/memory/2452-73-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/3060-68-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x0005000000019441-66.dat	xmrig
behavioral1/memory/2356-65-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2636-64-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2356-63-0x0000000002330000-0x0000000002684000-memory.dmp	xmrig
behavioral1/files/0x000500000001944f-71.dat	xmrig
behavioral1/files/0x000700000001873d-58.dat	xmrig
behavioral1/memory/2356-47-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2356-42-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2680-41-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2860-40-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000018683-37.dat	xmrig
behavioral1/memory/2572-35-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/files/0x00060000000186e4-32.dat	xmrig
behavioral1/memory/2668-15-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2840-22-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/files/0x00080000000174cc-12.dat	xmrig
behavioral1/memory/2216-3362-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2860-3390-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2668-3391-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2572-3400-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2680-3402-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2840-3405-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2216	nAwGlVQ.exe
2668	YFgIeDc.exe
2840	qNMNJPP.exe
2572	FbMEcBZ.exe
2860	zyjeNAh.exe
2680	oHbrHJz.exe
2700	nAjTgQi.exe
2560	qyRYeOm.exe
2636	tegpDIi.exe
3060	esoKoPW.exe
2452	TzGBkTs.exe
2604	uxbHTWA.exe
2524	SCFAecz.exe
2764	MzgOyDn.exe
2756	KScpsQG.exe
1860	duXLmut.exe
2788	towgaqn.exe
2924	sfTRTuL.exe
2912	NTodaEP.exe
2400	DajrkFY.exe
1028	ojtgxoP.exe
1976	LdLFwco.exe
2220	MHJKmYd.exe
1724	vtFTZZO.exe
2176	OkQEWSH.exe
2036	lNZwNuK.exe
3016	iZtuAKW.exe
1316	TMySkhP.exe
3040	pWbbarL.exe
1332	AEbvnhh.exe
2952	bJVUKiT.exe
2956	VnnKPym.exe
1376	mdaFTeL.exe
968	tGmstbO.exe
672	YokmiYY.exe
1104	onwXGDT.exe
268	wSaDrUU.exe
1928	tgEFVWQ.exe
1728	fILKhaQ.exe
1548	xfTOOSH.exe
2296	lJbHBaV.exe
1556	oyQBbCZ.exe
1744	nktSptY.exe
2148	RUvNtrC.exe
1956	dMimjdA.exe
624	SQPHoxf.exe
2012	WlpTVOG.exe
2516	vlbhdYT.exe
996	PUjfCoQ.exe
1748	PBWvBIg.exe
3008	KEaTyJA.exe
2852	ArNBQGA.exe
2384	JgkkVDg.exe
3012	cgmWeFV.exe
2320	HUovMtT.exe
2136	cMOgjlk.exe
392	HwxSdsH.exe
2116	mAphQqu.exe
2968	OtoFsLO.exe
1800	wuxpJsc.exe
2292	nUhewJu.exe
544	MetQETx.exe
2648	dLpetPf.exe
2196	AoEhDRL.exe

Loads dropped DLL 64 IoCs

pid	Process
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2356-0-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/files/0x0003000000012000-6.dat	upx
behavioral1/memory/2216-8-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/files/0x000e000000018676-11.dat	upx
behavioral1/files/0x00060000000186ea-38.dat	upx
behavioral1/files/0x00060000000186ee-48.dat	upx
behavioral1/memory/2700-49-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2560-59-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x00060000000186fd-53.dat	upx
behavioral1/memory/2572-67-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2680-78-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2560-89-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x000500000001961f-149.dat	upx
behavioral1/files/0x0005000000019667-169.dat	upx
behavioral1/files/0x0005000000019625-165.dat	upx
behavioral1/files/0x0005000000019623-161.dat	upx
behavioral1/files/0x0005000000019621-154.dat	upx
behavioral1/files/0x0005000000019622-158.dat	upx
behavioral1/files/0x000500000001961d-146.dat	upx
behavioral1/files/0x0005000000019619-138.dat	upx
behavioral1/files/0x000500000001961b-141.dat	upx
behavioral1/files/0x0005000000019615-130.dat	upx
behavioral1/files/0x0005000000019617-133.dat	upx
behavioral1/files/0x0005000000019611-122.dat	upx
behavioral1/files/0x000500000001960d-114.dat	upx
behavioral1/files/0x0005000000019613-125.dat	upx
behavioral1/files/0x000500000001960f-117.dat	upx
behavioral1/files/0x000500000001960b-109.dat	upx
behavioral1/files/0x0005000000019609-106.dat	upx
behavioral1/files/0x00050000000195c5-99.dat	upx
behavioral1/memory/2764-95-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/files/0x0005000000019582-92.dat	upx
behavioral1/memory/2700-88-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2524-87-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/files/0x000500000001950c-84.dat	upx
behavioral1/memory/2604-80-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/files/0x0005000000019461-76.dat	upx
behavioral1/memory/2452-73-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/3060-68-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x0005000000019441-66.dat	upx
behavioral1/memory/2636-64-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/files/0x000500000001944f-71.dat	upx
behavioral1/files/0x000700000001873d-58.dat	upx
behavioral1/memory/2356-42-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2680-41-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2860-40-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/files/0x0007000000018683-37.dat	upx
behavioral1/memory/2572-35-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/files/0x00060000000186e4-32.dat	upx
behavioral1/memory/2668-15-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2840-22-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/files/0x00080000000174cc-12.dat	upx
behavioral1/memory/2216-3362-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2860-3390-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2668-3391-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2572-3400-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2680-3402-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2840-3405-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2700-4268-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2636-4269-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2560-4270-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2524-4271-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2452-4272-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/2764-4273-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\CicslnD.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\EpWFmgp.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\oMGxtKW.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\DqlKXSR.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\ZGApUbn.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\zhmomSY.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\NAVwdDy.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\exCTQrz.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\dWQeVxc.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\VZziqiO.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\IEKXVoo.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\lPnqVgj.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\nWRRBaR.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\wITqlHd.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\usTmAgZ.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\CfEPEcy.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\PmWOofq.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\MrjPnwf.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\gdCzzfe.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\oWCNRKc.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\WlpTVOG.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\NkZmdra.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\IkcVMyB.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\SdMRUMl.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\JjXpwUy.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\PTdWiES.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\IPVrLtF.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\nKQdxhw.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\mVEfEiT.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\JfVNllw.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\awJcYEE.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\nmyIpvU.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\xtqRiiM.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\sRwVXaM.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\iJcJRlL.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\qQxJMdE.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\AoEhDRL.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\saODlEO.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\Poslefm.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\aoXJmRt.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\oUCdjWP.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\joNrQdd.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\fXnBelT.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\DIBYECT.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\LdLFwco.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\ArNBQGA.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\MqQdryg.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\GFfiXzY.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\dCvkIHu.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\MiDvNzq.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\eyolaQU.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\vDevqKX.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\OHwzmwb.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\qGnuvXz.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\hkllKsi.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\qzJFqcR.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\rhFOrwM.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\GurvEqV.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\ZfVkFMF.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\cQmCXJe.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\MRlRtOB.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\XIJMTRm.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\Ouwspfm.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
File created	C:\Windows\System\dclVHPU.exe	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2216	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	31
PID 2356 wrote to memory of 2216	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	31
PID 2356 wrote to memory of 2216	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	31
PID 2356 wrote to memory of 2668	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	32
PID 2356 wrote to memory of 2668	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	32
PID 2356 wrote to memory of 2668	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	32
PID 2356 wrote to memory of 2840	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	33
PID 2356 wrote to memory of 2840	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	33
PID 2356 wrote to memory of 2840	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	33
PID 2356 wrote to memory of 2860	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	34
PID 2356 wrote to memory of 2860	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	34
PID 2356 wrote to memory of 2860	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	34
PID 2356 wrote to memory of 2572	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	35
PID 2356 wrote to memory of 2572	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	35
PID 2356 wrote to memory of 2572	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	35
PID 2356 wrote to memory of 2680	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	36
PID 2356 wrote to memory of 2680	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	36
PID 2356 wrote to memory of 2680	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	36
PID 2356 wrote to memory of 2700	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	37
PID 2356 wrote to memory of 2700	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	37
PID 2356 wrote to memory of 2700	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	37
PID 2356 wrote to memory of 2560	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	38
PID 2356 wrote to memory of 2560	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	38
PID 2356 wrote to memory of 2560	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	38
PID 2356 wrote to memory of 2636	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	39
PID 2356 wrote to memory of 2636	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	39
PID 2356 wrote to memory of 2636	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	39
PID 2356 wrote to memory of 3060	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	40
PID 2356 wrote to memory of 3060	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	40
PID 2356 wrote to memory of 3060	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	40
PID 2356 wrote to memory of 2452	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	41
PID 2356 wrote to memory of 2452	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	41
PID 2356 wrote to memory of 2452	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	41
PID 2356 wrote to memory of 2604	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	42
PID 2356 wrote to memory of 2604	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	42
PID 2356 wrote to memory of 2604	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	42
PID 2356 wrote to memory of 2524	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	43
PID 2356 wrote to memory of 2524	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	43
PID 2356 wrote to memory of 2524	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	43
PID 2356 wrote to memory of 2764	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	44
PID 2356 wrote to memory of 2764	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	44
PID 2356 wrote to memory of 2764	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	44
PID 2356 wrote to memory of 2756	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	45
PID 2356 wrote to memory of 2756	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	45
PID 2356 wrote to memory of 2756	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	45
PID 2356 wrote to memory of 1860	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	46
PID 2356 wrote to memory of 1860	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	46
PID 2356 wrote to memory of 1860	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	46
PID 2356 wrote to memory of 2788	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	47
PID 2356 wrote to memory of 2788	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	47
PID 2356 wrote to memory of 2788	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	47
PID 2356 wrote to memory of 2924	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	48
PID 2356 wrote to memory of 2924	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	48
PID 2356 wrote to memory of 2924	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	48
PID 2356 wrote to memory of 2912	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	49
PID 2356 wrote to memory of 2912	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	49
PID 2356 wrote to memory of 2912	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	49
PID 2356 wrote to memory of 2400	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	50
PID 2356 wrote to memory of 2400	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	50
PID 2356 wrote to memory of 2400	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	50
PID 2356 wrote to memory of 1028	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	51
PID 2356 wrote to memory of 1028	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	51
PID 2356 wrote to memory of 1028	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	51
PID 2356 wrote to memory of 1976	2356	JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8ec087d071b416d104d6c67b0ce7491791751166707434c395e41379cc3118cb.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\System\nAwGlVQ.exe
  C:\Windows\System\nAwGlVQ.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\YFgIeDc.exe
  C:\Windows\System\YFgIeDc.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\qNMNJPP.exe
  C:\Windows\System\qNMNJPP.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\zyjeNAh.exe
  C:\Windows\System\zyjeNAh.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\FbMEcBZ.exe
  C:\Windows\System\FbMEcBZ.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\oHbrHJz.exe
  C:\Windows\System\oHbrHJz.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\nAjTgQi.exe
  C:\Windows\System\nAjTgQi.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\qyRYeOm.exe
  C:\Windows\System\qyRYeOm.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\tegpDIi.exe
  C:\Windows\System\tegpDIi.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\esoKoPW.exe
  C:\Windows\System\esoKoPW.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\TzGBkTs.exe
  C:\Windows\System\TzGBkTs.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\uxbHTWA.exe
  C:\Windows\System\uxbHTWA.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\SCFAecz.exe
  C:\Windows\System\SCFAecz.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\MzgOyDn.exe
  C:\Windows\System\MzgOyDn.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\KScpsQG.exe
  C:\Windows\System\KScpsQG.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\duXLmut.exe
  C:\Windows\System\duXLmut.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\towgaqn.exe
  C:\Windows\System\towgaqn.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\sfTRTuL.exe
  C:\Windows\System\sfTRTuL.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\NTodaEP.exe
  C:\Windows\System\NTodaEP.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\DajrkFY.exe
  C:\Windows\System\DajrkFY.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\ojtgxoP.exe
  C:\Windows\System\ojtgxoP.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\LdLFwco.exe
  C:\Windows\System\LdLFwco.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\MHJKmYd.exe
  C:\Windows\System\MHJKmYd.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\vtFTZZO.exe
  C:\Windows\System\vtFTZZO.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\OkQEWSH.exe
  C:\Windows\System\OkQEWSH.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\lNZwNuK.exe
  C:\Windows\System\lNZwNuK.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\iZtuAKW.exe
  C:\Windows\System\iZtuAKW.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\TMySkhP.exe
  C:\Windows\System\TMySkhP.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\pWbbarL.exe
  C:\Windows\System\pWbbarL.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\AEbvnhh.exe
  C:\Windows\System\AEbvnhh.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\bJVUKiT.exe
  C:\Windows\System\bJVUKiT.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\VnnKPym.exe
  C:\Windows\System\VnnKPym.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\mdaFTeL.exe
  C:\Windows\System\mdaFTeL.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\tGmstbO.exe
  C:\Windows\System\tGmstbO.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\YokmiYY.exe
  C:\Windows\System\YokmiYY.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\onwXGDT.exe
  C:\Windows\System\onwXGDT.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\wSaDrUU.exe
  C:\Windows\System\wSaDrUU.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\tgEFVWQ.exe
  C:\Windows\System\tgEFVWQ.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\fILKhaQ.exe
  C:\Windows\System\fILKhaQ.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\lJbHBaV.exe
  C:\Windows\System\lJbHBaV.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\xfTOOSH.exe
  C:\Windows\System\xfTOOSH.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\oyQBbCZ.exe
  C:\Windows\System\oyQBbCZ.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\nktSptY.exe
  C:\Windows\System\nktSptY.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\RUvNtrC.exe
  C:\Windows\System\RUvNtrC.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\dMimjdA.exe
  C:\Windows\System\dMimjdA.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\WlpTVOG.exe
  C:\Windows\System\WlpTVOG.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\SQPHoxf.exe
  C:\Windows\System\SQPHoxf.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\vlbhdYT.exe
  C:\Windows\System\vlbhdYT.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\PUjfCoQ.exe
  C:\Windows\System\PUjfCoQ.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\PBWvBIg.exe
  C:\Windows\System\PBWvBIg.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\KEaTyJA.exe
  C:\Windows\System\KEaTyJA.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\ArNBQGA.exe
  C:\Windows\System\ArNBQGA.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\JgkkVDg.exe
  C:\Windows\System\JgkkVDg.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\HUovMtT.exe
  C:\Windows\System\HUovMtT.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\cgmWeFV.exe
  C:\Windows\System\cgmWeFV.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\wuxpJsc.exe
  C:\Windows\System\wuxpJsc.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\cMOgjlk.exe
  C:\Windows\System\cMOgjlk.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\nUhewJu.exe
  C:\Windows\System\nUhewJu.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\HwxSdsH.exe
  C:\Windows\System\HwxSdsH.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\MetQETx.exe
  C:\Windows\System\MetQETx.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\mAphQqu.exe
  C:\Windows\System\mAphQqu.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\dLpetPf.exe
  C:\Windows\System\dLpetPf.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\OtoFsLO.exe
  C:\Windows\System\OtoFsLO.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\AoEhDRL.exe
  C:\Windows\System\AoEhDRL.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\kBSArpj.exe
  C:\Windows\System\kBSArpj.exe
  2⤵
  PID:2372
- C:\Windows\System\zJsDeND.exe
  C:\Windows\System\zJsDeND.exe
  2⤵
  PID:2184
- C:\Windows\System\wKfsYQU.exe
  C:\Windows\System\wKfsYQU.exe
  2⤵
  PID:2836
- C:\Windows\System\xfuPVYh.exe
  C:\Windows\System\xfuPVYh.exe
  2⤵
  PID:2976
- C:\Windows\System\YufRREF.exe
  C:\Windows\System\YufRREF.exe
  2⤵
  PID:2744
- C:\Windows\System\VfebRxi.exe
  C:\Windows\System\VfebRxi.exe
  2⤵
  PID:2620
- C:\Windows\System\KSQjbxV.exe
  C:\Windows\System\KSQjbxV.exe
  2⤵
  PID:2584
- C:\Windows\System\oOUMrTY.exe
  C:\Windows\System\oOUMrTY.exe
  2⤵
  PID:2416
- C:\Windows\System\OTcXckx.exe
  C:\Windows\System\OTcXckx.exe
  2⤵
  PID:2124
- C:\Windows\System\cDIYedr.exe
  C:\Windows\System\cDIYedr.exe
  2⤵
  PID:2804
- C:\Windows\System\YbEVpKW.exe
  C:\Windows\System\YbEVpKW.exe
  2⤵
  PID:108
- C:\Windows\System\ioYVkSn.exe
  C:\Windows\System\ioYVkSn.exe
  2⤵
  PID:1652
- C:\Windows\System\WwfZAQf.exe
  C:\Windows\System\WwfZAQf.exe
  2⤵
  PID:2936
- C:\Windows\System\AftVSBm.exe
  C:\Windows\System\AftVSBm.exe
  2⤵
  PID:2440
- C:\Windows\System\ntmmsjD.exe
  C:\Windows\System\ntmmsjD.exe
  2⤵
  PID:1948
- C:\Windows\System\Poslefm.exe
  C:\Windows\System\Poslefm.exe
  2⤵
  PID:2336
- C:\Windows\System\fsoPXDL.exe
  C:\Windows\System\fsoPXDL.exe
  2⤵
  PID:2172
- C:\Windows\System\aDAIdQl.exe
  C:\Windows\System\aDAIdQl.exe
  2⤵
  PID:3044
- C:\Windows\System\rZybEse.exe
  C:\Windows\System\rZybEse.exe
  2⤵
  PID:848
- C:\Windows\System\exCTQrz.exe
  C:\Windows\System\exCTQrz.exe
  2⤵
  PID:1044
- C:\Windows\System\ENdBGGJ.exe
  C:\Windows\System\ENdBGGJ.exe
  2⤵
  PID:568
- C:\Windows\System\EwMqwTB.exe
  C:\Windows\System\EwMqwTB.exe
  2⤵
  PID:2284
- C:\Windows\System\kohUReb.exe
  C:\Windows\System\kohUReb.exe
  2⤵
  PID:2004
- C:\Windows\System\flFMOGg.exe
  C:\Windows\System\flFMOGg.exe
  2⤵
  PID:920
- C:\Windows\System\VhsHzlA.exe
  C:\Windows\System\VhsHzlA.exe
  2⤵
  PID:1776
- C:\Windows\System\vJTAWNr.exe
  C:\Windows\System\vJTAWNr.exe
  2⤵
  PID:2428
- C:\Windows\System\CDSwLas.exe
  C:\Windows\System\CDSwLas.exe
  2⤵
  PID:2960
- C:\Windows\System\BITaKtk.exe
  C:\Windows\System\BITaKtk.exe
  2⤵
  PID:284
- C:\Windows\System\scKhtDy.exe
  C:\Windows\System\scKhtDy.exe
  2⤵
  PID:344
- C:\Windows\System\dMUjTjf.exe
  C:\Windows\System\dMUjTjf.exe
  2⤵
  PID:2332
- C:\Windows\System\EgFSlwR.exe
  C:\Windows\System\EgFSlwR.exe
  2⤵
  PID:1736
- C:\Windows\System\pLcMTeV.exe
  C:\Windows\System\pLcMTeV.exe
  2⤵
  PID:2140
- C:\Windows\System\yznihjm.exe
  C:\Windows\System\yznihjm.exe
  2⤵
  PID:1504
- C:\Windows\System\EHCSCeC.exe
  C:\Windows\System\EHCSCeC.exe
  2⤵
  PID:2444
- C:\Windows\System\FaylqzS.exe
  C:\Windows\System\FaylqzS.exe
  2⤵
  PID:1488
- C:\Windows\System\gtRDFES.exe
  C:\Windows\System\gtRDFES.exe
  2⤵
  PID:2908
- C:\Windows\System\UwTurrP.exe
  C:\Windows\System\UwTurrP.exe
  2⤵
  PID:2696
- C:\Windows\System\UwmpWjg.exe
  C:\Windows\System\UwmpWjg.exe
  2⤵
  PID:2600
- C:\Windows\System\TsFrSnp.exe
  C:\Windows\System\TsFrSnp.exe
  2⤵
  PID:1624
- C:\Windows\System\XHnjCRQ.exe
  C:\Windows\System\XHnjCRQ.exe
  2⤵
  PID:2944
- C:\Windows\System\ESwQpRA.exe
  C:\Windows\System\ESwQpRA.exe
  2⤵
  PID:1168
- C:\Windows\System\nEuosQo.exe
  C:\Windows\System\nEuosQo.exe
  2⤵
  PID:1160
- C:\Windows\System\dkOXdZi.exe
  C:\Windows\System\dkOXdZi.exe
  2⤵
  PID:3048
- C:\Windows\System\KixLgXD.exe
  C:\Windows\System\KixLgXD.exe
  2⤵
  PID:1100
- C:\Windows\System\FPwDejt.exe
  C:\Windows\System\FPwDejt.exe
  2⤵
  PID:2512
- C:\Windows\System\KDbzWzD.exe
  C:\Windows\System\KDbzWzD.exe
  2⤵
  PID:1932
- C:\Windows\System\SYwDcht.exe
  C:\Windows\System\SYwDcht.exe
  2⤵
  PID:3084
- C:\Windows\System\rOaKQJz.exe
  C:\Windows\System\rOaKQJz.exe
  2⤵
  PID:3100
- C:\Windows\System\cQKQrqI.exe
  C:\Windows\System\cQKQrqI.exe
  2⤵
  PID:3116
- C:\Windows\System\tRLbTET.exe
  C:\Windows\System\tRLbTET.exe
  2⤵
  PID:3132
- C:\Windows\System\UPjNhzw.exe
  C:\Windows\System\UPjNhzw.exe
  2⤵
  PID:3148
- C:\Windows\System\ySnvjZT.exe
  C:\Windows\System\ySnvjZT.exe
  2⤵
  PID:3164
- C:\Windows\System\rlmPZGq.exe
  C:\Windows\System\rlmPZGq.exe
  2⤵
  PID:3180
- C:\Windows\System\GEpjYuY.exe
  C:\Windows\System\GEpjYuY.exe
  2⤵
  PID:3196
- C:\Windows\System\tgjFOXR.exe
  C:\Windows\System\tgjFOXR.exe
  2⤵
  PID:3212
- C:\Windows\System\QvGCYzi.exe
  C:\Windows\System\QvGCYzi.exe
  2⤵
  PID:3228
- C:\Windows\System\UQrIJsb.exe
  C:\Windows\System\UQrIJsb.exe
  2⤵
  PID:3244
- C:\Windows\System\zbZEbki.exe
  C:\Windows\System\zbZEbki.exe
  2⤵
  PID:3260
- C:\Windows\System\lhfKahl.exe
  C:\Windows\System\lhfKahl.exe
  2⤵
  PID:3276
- C:\Windows\System\WoXsDjM.exe
  C:\Windows\System\WoXsDjM.exe
  2⤵
  PID:3292
- C:\Windows\System\lzYXUVL.exe
  C:\Windows\System\lzYXUVL.exe
  2⤵
  PID:3308
- C:\Windows\System\edTzCIW.exe
  C:\Windows\System\edTzCIW.exe
  2⤵
  PID:3324
- C:\Windows\System\locibLs.exe
  C:\Windows\System\locibLs.exe
  2⤵
  PID:3340
- C:\Windows\System\aoXJmRt.exe
  C:\Windows\System\aoXJmRt.exe
  2⤵
  PID:3356
- C:\Windows\System\DLJAAkF.exe
  C:\Windows\System\DLJAAkF.exe
  2⤵
  PID:3372
- C:\Windows\System\WEwFXXY.exe
  C:\Windows\System\WEwFXXY.exe
  2⤵
  PID:3388
- C:\Windows\System\ppteURL.exe
  C:\Windows\System\ppteURL.exe
  2⤵
  PID:3404
- C:\Windows\System\LRbGvDs.exe
  C:\Windows\System\LRbGvDs.exe
  2⤵
  PID:3420
- C:\Windows\System\dwaGTgn.exe
  C:\Windows\System\dwaGTgn.exe
  2⤵
  PID:3436
- C:\Windows\System\OoLOKky.exe
  C:\Windows\System\OoLOKky.exe
  2⤵
  PID:3452
- C:\Windows\System\GXbNleo.exe
  C:\Windows\System\GXbNleo.exe
  2⤵
  PID:3468
- C:\Windows\System\tYvHMMI.exe
  C:\Windows\System\tYvHMMI.exe
  2⤵
  PID:3484
- C:\Windows\System\pNXFEpM.exe
  C:\Windows\System\pNXFEpM.exe
  2⤵
  PID:3500
- C:\Windows\System\uUkFqUF.exe
  C:\Windows\System\uUkFqUF.exe
  2⤵
  PID:3516
- C:\Windows\System\UrSgTqH.exe
  C:\Windows\System\UrSgTqH.exe
  2⤵
  PID:3532
- C:\Windows\System\kkTgxxf.exe
  C:\Windows\System\kkTgxxf.exe
  2⤵
  PID:3548
- C:\Windows\System\hxlpXlJ.exe
  C:\Windows\System\hxlpXlJ.exe
  2⤵
  PID:3564
- C:\Windows\System\IDgxRNN.exe
  C:\Windows\System\IDgxRNN.exe
  2⤵
  PID:3580
- C:\Windows\System\NCmhrAd.exe
  C:\Windows\System\NCmhrAd.exe
  2⤵
  PID:3596
- C:\Windows\System\pZpDTYU.exe
  C:\Windows\System\pZpDTYU.exe
  2⤵
  PID:3612
- C:\Windows\System\OVfXPuL.exe
  C:\Windows\System\OVfXPuL.exe
  2⤵
  PID:3628
- C:\Windows\System\rVdDzWC.exe
  C:\Windows\System\rVdDzWC.exe
  2⤵
  PID:3644
- C:\Windows\System\VqDYnsr.exe
  C:\Windows\System\VqDYnsr.exe
  2⤵
  PID:3660
- C:\Windows\System\jEolTnp.exe
  C:\Windows\System\jEolTnp.exe
  2⤵
  PID:3676
- C:\Windows\System\EVcqBZu.exe
  C:\Windows\System\EVcqBZu.exe
  2⤵
  PID:3692
- C:\Windows\System\mUMpIhe.exe
  C:\Windows\System\mUMpIhe.exe
  2⤵
  PID:3708
- C:\Windows\System\paszLjk.exe
  C:\Windows\System\paszLjk.exe
  2⤵
  PID:3724
- C:\Windows\System\jbKkhrX.exe
  C:\Windows\System\jbKkhrX.exe
  2⤵
  PID:3740
- C:\Windows\System\BICjDQZ.exe
  C:\Windows\System\BICjDQZ.exe
  2⤵
  PID:3756
- C:\Windows\System\cCVPkyW.exe
  C:\Windows\System\cCVPkyW.exe
  2⤵
  PID:3772
- C:\Windows\System\qjqZnjZ.exe
  C:\Windows\System\qjqZnjZ.exe
  2⤵
  PID:3788
- C:\Windows\System\cQmCXJe.exe
  C:\Windows\System\cQmCXJe.exe
  2⤵
  PID:3804
- C:\Windows\System\aUNKyMA.exe
  C:\Windows\System\aUNKyMA.exe
  2⤵
  PID:3820
- C:\Windows\System\GoKJqUA.exe
  C:\Windows\System\GoKJqUA.exe
  2⤵
  PID:3836
- C:\Windows\System\yvcpmcD.exe
  C:\Windows\System\yvcpmcD.exe
  2⤵
  PID:3852
- C:\Windows\System\sHVmJqH.exe
  C:\Windows\System\sHVmJqH.exe
  2⤵
  PID:3868
- C:\Windows\System\EpWFmgp.exe
  C:\Windows\System\EpWFmgp.exe
  2⤵
  PID:3884
- C:\Windows\System\qfyssTk.exe
  C:\Windows\System\qfyssTk.exe
  2⤵
  PID:3900
- C:\Windows\System\GXZcvjP.exe
  C:\Windows\System\GXZcvjP.exe
  2⤵
  PID:3916
- C:\Windows\System\NEdNzIK.exe
  C:\Windows\System\NEdNzIK.exe
  2⤵
  PID:3932
- C:\Windows\System\bNhkbzJ.exe
  C:\Windows\System\bNhkbzJ.exe
  2⤵
  PID:3948
- C:\Windows\System\oKeyLDA.exe
  C:\Windows\System\oKeyLDA.exe
  2⤵
  PID:3964
- C:\Windows\System\codSpWm.exe
  C:\Windows\System\codSpWm.exe
  2⤵
  PID:3980
- C:\Windows\System\jDaicMl.exe
  C:\Windows\System\jDaicMl.exe
  2⤵
  PID:3996
- C:\Windows\System\DbgfLml.exe
  C:\Windows\System\DbgfLml.exe
  2⤵
  PID:4012
- C:\Windows\System\zMgzOYO.exe
  C:\Windows\System\zMgzOYO.exe
  2⤵
  PID:4028
- C:\Windows\System\rjixxCV.exe
  C:\Windows\System\rjixxCV.exe
  2⤵
  PID:4044
- C:\Windows\System\MQOkPtN.exe
  C:\Windows\System\MQOkPtN.exe
  2⤵
  PID:4060
- C:\Windows\System\YJSLuOE.exe
  C:\Windows\System\YJSLuOE.exe
  2⤵
  PID:4080
- C:\Windows\System\DWLczOk.exe
  C:\Windows\System\DWLczOk.exe
  2⤵
  PID:2104
- C:\Windows\System\ekTVKrS.exe
  C:\Windows\System\ekTVKrS.exe
  2⤵
  PID:1560
- C:\Windows\System\qXxZQvF.exe
  C:\Windows\System\qXxZQvF.exe
  2⤵
  PID:2496
- C:\Windows\System\dlnfeWs.exe
  C:\Windows\System\dlnfeWs.exe
  2⤵
  PID:1580
- C:\Windows\System\xhsBiZF.exe
  C:\Windows\System\xhsBiZF.exe
  2⤵
  PID:1816
- C:\Windows\System\eKZmNtm.exe
  C:\Windows\System\eKZmNtm.exe
  2⤵
  PID:1512
- C:\Windows\System\dGoMWLK.exe
  C:\Windows\System\dGoMWLK.exe
  2⤵
  PID:1984
- C:\Windows\System\bhHiWNu.exe
  C:\Windows\System\bhHiWNu.exe
  2⤵
  PID:1608
- C:\Windows\System\zgnoYxV.exe
  C:\Windows\System\zgnoYxV.exe
  2⤵
  PID:2380
- C:\Windows\System\nsrdurI.exe
  C:\Windows\System\nsrdurI.exe
  2⤵
  PID:2064
- C:\Windows\System\jOeGfTe.exe
  C:\Windows\System\jOeGfTe.exe
  2⤵
  PID:816
- C:\Windows\System\oUCdjWP.exe
  C:\Windows\System\oUCdjWP.exe
  2⤵
  PID:1064
- C:\Windows\System\GYBhoVU.exe
  C:\Windows\System\GYBhoVU.exe
  2⤵
  PID:3080
- C:\Windows\System\eUilNqZ.exe
  C:\Windows\System\eUilNqZ.exe
  2⤵
  PID:3112
- C:\Windows\System\OTPitmU.exe
  C:\Windows\System\OTPitmU.exe
  2⤵
  PID:3160
- C:\Windows\System\aVTEdox.exe
  C:\Windows\System\aVTEdox.exe
  2⤵
  PID:3192
- C:\Windows\System\JYqFjhB.exe
  C:\Windows\System\JYqFjhB.exe
  2⤵
  PID:3252
- C:\Windows\System\OMNgUtr.exe
  C:\Windows\System\OMNgUtr.exe
  2⤵
  PID:3236
- C:\Windows\System\XHKpaqW.exe
  C:\Windows\System\XHKpaqW.exe
  2⤵
  PID:3272
- C:\Windows\System\nZXdRGg.exe
  C:\Windows\System\nZXdRGg.exe
  2⤵
  PID:3320
- C:\Windows\System\nBonlyz.exe
  C:\Windows\System\nBonlyz.exe
  2⤵
  PID:3352
- C:\Windows\System\VbMplwZ.exe
  C:\Windows\System\VbMplwZ.exe
  2⤵
  PID:3384
- C:\Windows\System\XAKvEso.exe
  C:\Windows\System\XAKvEso.exe
  2⤵
  PID:3416
- C:\Windows\System\eoqaLYX.exe
  C:\Windows\System\eoqaLYX.exe
  2⤵
  PID:3448
- C:\Windows\System\hxmpOFP.exe
  C:\Windows\System\hxmpOFP.exe
  2⤵
  PID:3464
- C:\Windows\System\wanditH.exe
  C:\Windows\System\wanditH.exe
  2⤵
  PID:3496
- C:\Windows\System\xaruDqi.exe
  C:\Windows\System\xaruDqi.exe
  2⤵
  PID:3544
- C:\Windows\System\hTcWIWz.exe
  C:\Windows\System\hTcWIWz.exe
  2⤵
  PID:3608
- C:\Windows\System\ikUGXge.exe
  C:\Windows\System\ikUGXge.exe
  2⤵
  PID:3592
- C:\Windows\System\qNdcvrZ.exe
  C:\Windows\System\qNdcvrZ.exe
  2⤵
  PID:3668
- C:\Windows\System\HpRVlai.exe
  C:\Windows\System\HpRVlai.exe
  2⤵
  PID:3704
- C:\Windows\System\IsTNwTC.exe
  C:\Windows\System\IsTNwTC.exe
  2⤵
  PID:3736
- C:\Windows\System\msZrnDd.exe
  C:\Windows\System\msZrnDd.exe
  2⤵
  PID:3768
- C:\Windows\System\UDcuVAC.exe
  C:\Windows\System\UDcuVAC.exe
  2⤵
  PID:3828
- C:\Windows\System\RYSpyaR.exe
  C:\Windows\System\RYSpyaR.exe
  2⤵
  PID:3892
- C:\Windows\System\aiXNaLj.exe
  C:\Windows\System\aiXNaLj.exe
  2⤵
  PID:3720
- C:\Windows\System\TWiCqpo.exe
  C:\Windows\System\TWiCqpo.exe
  2⤵
  PID:3848
- C:\Windows\System\yepiQwS.exe
  C:\Windows\System\yepiQwS.exe
  2⤵
  PID:3924
- C:\Windows\System\dUnEROU.exe
  C:\Windows\System\dUnEROU.exe
  2⤵
  PID:3988
- C:\Windows\System\usTmAgZ.exe
  C:\Windows\System\usTmAgZ.exe
  2⤵
  PID:3880
- C:\Windows\System\dVupXev.exe
  C:\Windows\System\dVupXev.exe
  2⤵
  PID:3944
- C:\Windows\System\AxwooXd.exe
  C:\Windows\System\AxwooXd.exe
  2⤵
  PID:4052
- C:\Windows\System\aQyktBM.exe
  C:\Windows\System\aQyktBM.exe
  2⤵
  PID:1076
- C:\Windows\System\eeuBWJn.exe
  C:\Windows\System\eeuBWJn.exe
  2⤵
  PID:4008
- C:\Windows\System\sLDOHyY.exe
  C:\Windows\System\sLDOHyY.exe
  2⤵
  PID:4076
- C:\Windows\System\ICTeRZs.exe
  C:\Windows\System\ICTeRZs.exe
  2⤵
  PID:1868
- C:\Windows\System\QtvBTzv.exe
  C:\Windows\System\QtvBTzv.exe
  2⤵
  PID:2980
- C:\Windows\System\HrYDzWM.exe
  C:\Windows\System\HrYDzWM.exe
  2⤵
  PID:3096
- C:\Windows\System\pNPYcTR.exe
  C:\Windows\System\pNPYcTR.exe
  2⤵
  PID:1008
- C:\Windows\System\CfEPEcy.exe
  C:\Windows\System\CfEPEcy.exe
  2⤵
  PID:3076
- C:\Windows\System\ftzLDgm.exe
  C:\Windows\System\ftzLDgm.exe
  2⤵
  PID:3204
- C:\Windows\System\qrCVxPA.exe
  C:\Windows\System\qrCVxPA.exe
  2⤵
  PID:3124
- C:\Windows\System\vyCpzsp.exe
  C:\Windows\System\vyCpzsp.exe
  2⤵
  PID:3256
- C:\Windows\System\uqwiYEN.exe
  C:\Windows\System\uqwiYEN.exe
  2⤵
  PID:3316
- C:\Windows\System\PLvkkXq.exe
  C:\Windows\System\PLvkkXq.exe
  2⤵
  PID:3476
- C:\Windows\System\WReTxns.exe
  C:\Windows\System\WReTxns.exe
  2⤵
  PID:3560
- C:\Windows\System\FTwoSep.exe
  C:\Windows\System\FTwoSep.exe
  2⤵
  PID:3432
- C:\Windows\System\mNrDUhD.exe
  C:\Windows\System\mNrDUhD.exe
  2⤵
  PID:3688
- C:\Windows\System\XFeprAM.exe
  C:\Windows\System\XFeprAM.exe
  2⤵
  PID:3812
- C:\Windows\System\MYyNraq.exe
  C:\Windows\System\MYyNraq.exe
  2⤵
  PID:3912
- C:\Windows\System\VXqSREq.exe
  C:\Windows\System\VXqSREq.exe
  2⤵
  PID:4068
- C:\Windows\System\rUHRPDb.exe
  C:\Windows\System\rUHRPDb.exe
  2⤵
  PID:2392
- C:\Windows\System\UbcuxVq.exe
  C:\Windows\System\UbcuxVq.exe
  2⤵
  PID:3512
- C:\Windows\System\OWAjaim.exe
  C:\Windows\System\OWAjaim.exe
  2⤵
  PID:3656
- C:\Windows\System\xlOiLcG.exe
  C:\Windows\System\xlOiLcG.exe
  2⤵
  PID:3716
- C:\Windows\System\wZgpwAI.exe
  C:\Windows\System\wZgpwAI.exe
  2⤵
  PID:3176
- C:\Windows\System\MRlRtOB.exe
  C:\Windows\System\MRlRtOB.exe
  2⤵
  PID:3380
- C:\Windows\System\kjywlFg.exe
  C:\Windows\System\kjywlFg.exe
  2⤵
  PID:3444
- C:\Windows\System\xvZwKuJ.exe
  C:\Windows\System\xvZwKuJ.exe
  2⤵
  PID:4112
- C:\Windows\System\eCTTCsS.exe
  C:\Windows\System\eCTTCsS.exe
  2⤵
  PID:4128
- C:\Windows\System\SuWKgvF.exe
  C:\Windows\System\SuWKgvF.exe
  2⤵
  PID:4144
- C:\Windows\System\kndUgQD.exe
  C:\Windows\System\kndUgQD.exe
  2⤵
  PID:4160
- C:\Windows\System\kREDGoW.exe
  C:\Windows\System\kREDGoW.exe
  2⤵
  PID:4176
- C:\Windows\System\mVEfEiT.exe
  C:\Windows\System\mVEfEiT.exe
  2⤵
  PID:4192
- C:\Windows\System\mhrlXDB.exe
  C:\Windows\System\mhrlXDB.exe
  2⤵
  PID:4208
- C:\Windows\System\ixDvvGi.exe
  C:\Windows\System\ixDvvGi.exe
  2⤵
  PID:4224
- C:\Windows\System\AUJGtuw.exe
  C:\Windows\System\AUJGtuw.exe
  2⤵
  PID:4240
- C:\Windows\System\CWoQSEb.exe
  C:\Windows\System\CWoQSEb.exe
  2⤵
  PID:4256
- C:\Windows\System\TmlZXXL.exe
  C:\Windows\System\TmlZXXL.exe
  2⤵
  PID:4272
- C:\Windows\System\rCXdAUG.exe
  C:\Windows\System\rCXdAUG.exe
  2⤵
  PID:4288
- C:\Windows\System\ofMBart.exe
  C:\Windows\System\ofMBart.exe
  2⤵
  PID:4304
- C:\Windows\System\UQJoJJB.exe
  C:\Windows\System\UQJoJJB.exe
  2⤵
  PID:4320
- C:\Windows\System\LwmxAIk.exe
  C:\Windows\System\LwmxAIk.exe
  2⤵
  PID:4336
- C:\Windows\System\dsnMILf.exe
  C:\Windows\System\dsnMILf.exe
  2⤵
  PID:4352
- C:\Windows\System\sxAMspZ.exe
  C:\Windows\System\sxAMspZ.exe
  2⤵
  PID:4368
- C:\Windows\System\AkvrwPY.exe
  C:\Windows\System\AkvrwPY.exe
  2⤵
  PID:4384
- C:\Windows\System\bEnBxco.exe
  C:\Windows\System\bEnBxco.exe
  2⤵
  PID:4400
- C:\Windows\System\WzBmjIm.exe
  C:\Windows\System\WzBmjIm.exe
  2⤵
  PID:4416
- C:\Windows\System\tjsnVJb.exe
  C:\Windows\System\tjsnVJb.exe
  2⤵
  PID:4432
- C:\Windows\System\WFumuHG.exe
  C:\Windows\System\WFumuHG.exe
  2⤵
  PID:4448
- C:\Windows\System\YqvJGEC.exe
  C:\Windows\System\YqvJGEC.exe
  2⤵
  PID:4464
- C:\Windows\System\mLrUKRy.exe
  C:\Windows\System\mLrUKRy.exe
  2⤵
  PID:4480
- C:\Windows\System\yylXAER.exe
  C:\Windows\System\yylXAER.exe
  2⤵
  PID:4496
- C:\Windows\System\kdnCLAi.exe
  C:\Windows\System\kdnCLAi.exe
  2⤵
  PID:4512
- C:\Windows\System\PWQYZaG.exe
  C:\Windows\System\PWQYZaG.exe
  2⤵
  PID:4528
- C:\Windows\System\NqFJBFA.exe
  C:\Windows\System\NqFJBFA.exe
  2⤵
  PID:4544
- C:\Windows\System\dRBixVM.exe
  C:\Windows\System\dRBixVM.exe
  2⤵
  PID:4560
- C:\Windows\System\JUcRrWc.exe
  C:\Windows\System\JUcRrWc.exe
  2⤵
  PID:4576
- C:\Windows\System\dWQeVxc.exe
  C:\Windows\System\dWQeVxc.exe
  2⤵
  PID:4592
- C:\Windows\System\QkRIUfH.exe
  C:\Windows\System\QkRIUfH.exe
  2⤵
  PID:4608
- C:\Windows\System\LRbsXwh.exe
  C:\Windows\System\LRbsXwh.exe
  2⤵
  PID:4624
- C:\Windows\System\CIHDuhv.exe
  C:\Windows\System\CIHDuhv.exe
  2⤵
  PID:4640
- C:\Windows\System\YhtNCor.exe
  C:\Windows\System\YhtNCor.exe
  2⤵
  PID:4656
- C:\Windows\System\wCnapAK.exe
  C:\Windows\System\wCnapAK.exe
  2⤵
  PID:4672
- C:\Windows\System\BqGXhas.exe
  C:\Windows\System\BqGXhas.exe
  2⤵
  PID:4688
- C:\Windows\System\UQnbkxG.exe
  C:\Windows\System\UQnbkxG.exe
  2⤵
  PID:4704
- C:\Windows\System\MYXDKAQ.exe
  C:\Windows\System\MYXDKAQ.exe
  2⤵
  PID:4720
- C:\Windows\System\EiJsBBI.exe
  C:\Windows\System\EiJsBBI.exe
  2⤵
  PID:4736
- C:\Windows\System\QGOAjsH.exe
  C:\Windows\System\QGOAjsH.exe
  2⤵
  PID:4752
- C:\Windows\System\KbjGIcV.exe
  C:\Windows\System\KbjGIcV.exe
  2⤵
  PID:4768
- C:\Windows\System\VOiNCbR.exe
  C:\Windows\System\VOiNCbR.exe
  2⤵
  PID:4784
- C:\Windows\System\DFfMiMl.exe
  C:\Windows\System\DFfMiMl.exe
  2⤵
  PID:4800
- C:\Windows\System\ZTShhBf.exe
  C:\Windows\System\ZTShhBf.exe
  2⤵
  PID:4816
- C:\Windows\System\CAjZwuh.exe
  C:\Windows\System\CAjZwuh.exe
  2⤵
  PID:4832
- C:\Windows\System\MqQdryg.exe
  C:\Windows\System\MqQdryg.exe
  2⤵
  PID:4848
- C:\Windows\System\yqprQNn.exe
  C:\Windows\System\yqprQNn.exe
  2⤵
  PID:4864
- C:\Windows\System\vDevqKX.exe
  C:\Windows\System\vDevqKX.exe
  2⤵
  PID:4880
- C:\Windows\System\YAOMYVm.exe
  C:\Windows\System\YAOMYVm.exe
  2⤵
  PID:4896
- C:\Windows\System\LnXRYkC.exe
  C:\Windows\System\LnXRYkC.exe
  2⤵
  PID:4912
- C:\Windows\System\jDIQlAt.exe
  C:\Windows\System\jDIQlAt.exe
  2⤵
  PID:4928
- C:\Windows\System\UWtZxrZ.exe
  C:\Windows\System\UWtZxrZ.exe
  2⤵
  PID:4944
- C:\Windows\System\laTVSKp.exe
  C:\Windows\System\laTVSKp.exe
  2⤵
  PID:4960
- C:\Windows\System\qDVLfhB.exe
  C:\Windows\System\qDVLfhB.exe
  2⤵
  PID:4976
- C:\Windows\System\VBOzAkv.exe
  C:\Windows\System\VBOzAkv.exe
  2⤵
  PID:4992
- C:\Windows\System\mVoANEL.exe
  C:\Windows\System\mVoANEL.exe
  2⤵
  PID:5008
- C:\Windows\System\XEniyMa.exe
  C:\Windows\System\XEniyMa.exe
  2⤵
  PID:5052
- C:\Windows\System\JfVNllw.exe
  C:\Windows\System\JfVNllw.exe
  2⤵
  PID:5068
- C:\Windows\System\PxPuYat.exe
  C:\Windows\System\PxPuYat.exe
  2⤵
  PID:5084
- C:\Windows\System\MgqyOlX.exe
  C:\Windows\System\MgqyOlX.exe
  2⤵
  PID:5100
- C:\Windows\System\TjXqlEu.exe
  C:\Windows\System\TjXqlEu.exe
  2⤵
  PID:5116
- C:\Windows\System\NTQIjNv.exe
  C:\Windows\System\NTQIjNv.exe
  2⤵
  PID:3976
- C:\Windows\System\wBUqyOo.exe
  C:\Windows\System\wBUqyOo.exe
  2⤵
  PID:2040
- C:\Windows\System\gQGWXAq.exe
  C:\Windows\System\gQGWXAq.exe
  2⤵
  PID:3020
- C:\Windows\System\qulYoHc.exe
  C:\Windows\System\qulYoHc.exe
  2⤵
  PID:4092
- C:\Windows\System\vXPxhag.exe
  C:\Windows\System\vXPxhag.exe
  2⤵
  PID:3144
- C:\Windows\System\DcWhcMX.exe
  C:\Windows\System\DcWhcMX.exe
  2⤵
  PID:3528
- C:\Windows\System\fPTEkok.exe
  C:\Windows\System\fPTEkok.exe
  2⤵
  PID:3960
- C:\Windows\System\OHwzmwb.exe
  C:\Windows\System\OHwzmwb.exe
  2⤵
  PID:3876
- C:\Windows\System\LyjlZMu.exe
  C:\Windows\System\LyjlZMu.exe
  2⤵
  PID:4108
- C:\Windows\System\VvHsjpV.exe
  C:\Windows\System\VvHsjpV.exe
  2⤵
  PID:3224
- C:\Windows\System\teBqQoH.exe
  C:\Windows\System\teBqQoH.exe
  2⤵
  PID:4024
- C:\Windows\System\RXjeLHD.exe
  C:\Windows\System\RXjeLHD.exe
  2⤵
  PID:4204
- C:\Windows\System\kWFyjDf.exe
  C:\Windows\System\kWFyjDf.exe
  2⤵
  PID:4268
- C:\Windows\System\XNylTNt.exe
  C:\Windows\System\XNylTNt.exe
  2⤵
  PID:4332
- C:\Windows\System\VXwrpMQ.exe
  C:\Windows\System\VXwrpMQ.exe
  2⤵
  PID:2708
- C:\Windows\System\kBemgMA.exe
  C:\Windows\System\kBemgMA.exe
  2⤵
  PID:4120
- C:\Windows\System\OMJkyGx.exe
  C:\Windows\System\OMJkyGx.exe
  2⤵
  PID:4460
- C:\Windows\System\DPppeue.exe
  C:\Windows\System\DPppeue.exe
  2⤵
  PID:4524
- C:\Windows\System\fnINtpw.exe
  C:\Windows\System\fnINtpw.exe
  2⤵
  PID:4184
- C:\Windows\System\DXGccaq.exe
  C:\Windows\System\DXGccaq.exe
  2⤵
  PID:4220
- C:\Windows\System\pcSxhyA.exe
  C:\Windows\System\pcSxhyA.exe
  2⤵
  PID:2868
- C:\Windows\System\ZRdaBiO.exe
  C:\Windows\System\ZRdaBiO.exe
  2⤵
  PID:4648
- C:\Windows\System\qGnuvXz.exe
  C:\Windows\System\qGnuvXz.exe
  2⤵
  PID:4680
- C:\Windows\System\ihQyiDW.exe
  C:\Windows\System\ihQyiDW.exe
  2⤵
  PID:4744
- C:\Windows\System\rUWnLvc.exe
  C:\Windows\System\rUWnLvc.exe
  2⤵
  PID:4808
- C:\Windows\System\QHTvMvK.exe
  C:\Windows\System\QHTvMvK.exe
  2⤵
  PID:4312
- C:\Windows\System\hvdvHRW.exe
  C:\Windows\System\hvdvHRW.exe
  2⤵
  PID:4376
- C:\Windows\System\ZdSdNqE.exe
  C:\Windows\System\ZdSdNqE.exe
  2⤵
  PID:4872
- C:\Windows\System\IAeBblp.exe
  C:\Windows\System\IAeBblp.exe
  2⤵
  PID:4904
- C:\Windows\System\SrsQIfE.exe
  C:\Windows\System\SrsQIfE.exe
  2⤵
  PID:4472
- C:\Windows\System\UjWnZdY.exe
  C:\Windows\System\UjWnZdY.exe
  2⤵
  PID:4968
- C:\Windows\System\miqRXjG.exe
  C:\Windows\System\miqRXjG.exe
  2⤵
  PID:4568
- C:\Windows\System\AXNPOdS.exe
  C:\Windows\System\AXNPOdS.exe
  2⤵
  PID:4632
- C:\Windows\System\qTCFpmb.exe
  C:\Windows\System\qTCFpmb.exe
  2⤵
  PID:4696
- C:\Windows\System\hvUSxVs.exe
  C:\Windows\System\hvUSxVs.exe
  2⤵
  PID:4728
- C:\Windows\System\mpNXlrm.exe
  C:\Windows\System\mpNXlrm.exe
  2⤵
  PID:4856
- C:\Windows\System\QmkLjUy.exe
  C:\Windows\System\QmkLjUy.exe
  2⤵
  PID:4920
- C:\Windows\System\kWuaPRF.exe
  C:\Windows\System\kWuaPRF.exe
  2⤵
  PID:4984
- C:\Windows\System\WwkaCQR.exe
  C:\Windows\System\WwkaCQR.exe
  2⤵
  PID:4828
- C:\Windows\System\tEbAPeo.exe
  C:\Windows\System\tEbAPeo.exe
  2⤵
  PID:5048
- C:\Windows\System\FWYqYva.exe
  C:\Windows\System\FWYqYva.exe
  2⤵
  PID:5092
- C:\Windows\System\UiVVObt.exe
  C:\Windows\System\UiVVObt.exe
  2⤵
  PID:2832
- C:\Windows\System\CEUSgOc.exe
  C:\Windows\System\CEUSgOc.exe
  2⤵
  PID:2528
- C:\Windows\System\vTEHjPp.exe
  C:\Windows\System\vTEHjPp.exe
  2⤵
  PID:3064
- C:\Windows\System\EIrjMTi.exe
  C:\Windows\System\EIrjMTi.exe
  2⤵
  PID:4036
- C:\Windows\System\SZHAmvV.exe
  C:\Windows\System\SZHAmvV.exe
  2⤵
  PID:3956
- C:\Windows\System\KRXfRaQ.exe
  C:\Windows\System\KRXfRaQ.exe
  2⤵
  PID:3400
- C:\Windows\System\oZHyrOU.exe
  C:\Windows\System\oZHyrOU.exe
  2⤵
  PID:4140
- C:\Windows\System\ZFuuIUX.exe
  C:\Windows\System\ZFuuIUX.exe
  2⤵
  PID:4364
- C:\Windows\System\HCeyGZa.exe
  C:\Windows\System\HCeyGZa.exe
  2⤵
  PID:4300
- C:\Windows\System\efCXAMc.exe
  C:\Windows\System\efCXAMc.exe
  2⤵
  PID:4252
- C:\Windows\System\KNRVIfZ.exe
  C:\Windows\System\KNRVIfZ.exe
  2⤵
  PID:4284
- C:\Windows\System\fXuYLIS.exe
  C:\Windows\System\fXuYLIS.exe
  2⤵
  PID:4520
- C:\Windows\System\MMRaBWp.exe
  C:\Windows\System\MMRaBWp.exe
  2⤵
  PID:4188
- C:\Windows\System\fBfmTqt.exe
  C:\Windows\System\fBfmTqt.exe
  2⤵
  PID:4348
- C:\Windows\System\JVZNLCu.exe
  C:\Windows\System\JVZNLCu.exe
  2⤵
  PID:4504
- C:\Windows\System\XjZllDM.exe
  C:\Windows\System\XjZllDM.exe
  2⤵
  PID:4716
- C:\Windows\System\gTEUjtF.exe
  C:\Windows\System\gTEUjtF.exe
  2⤵
  PID:4412
- C:\Windows\System\WxnCbhz.exe
  C:\Windows\System\WxnCbhz.exe
  2⤵
  PID:5004
- C:\Windows\System\lbMqCGE.exe
  C:\Windows\System\lbMqCGE.exe
  2⤵
  PID:4888
- C:\Windows\System\afEqxrS.exe
  C:\Windows\System\afEqxrS.exe
  2⤵
  PID:5016
- C:\Windows\System\TLxyIDH.exe
  C:\Windows\System\TLxyIDH.exe
  2⤵
  PID:4796
- C:\Windows\System\hFJgUIl.exe
  C:\Windows\System\hFJgUIl.exe
  2⤵
  PID:5064
- C:\Windows\System\TdoxRST.exe
  C:\Windows\System\TdoxRST.exe
  2⤵
  PID:4004
- C:\Windows\System\yPYjmNn.exe
  C:\Windows\System\yPYjmNn.exe
  2⤵
  PID:3348
- C:\Windows\System\WQPKnCU.exe
  C:\Windows\System\WQPKnCU.exe
  2⤵
  PID:2672
- C:\Windows\System\ibckxCu.exe
  C:\Windows\System\ibckxCu.exe
  2⤵
  PID:3540
- C:\Windows\System\lQLUonl.exe
  C:\Windows\System\lQLUonl.exe
  2⤵
  PID:5132
- C:\Windows\System\aRRKFDL.exe
  C:\Windows\System\aRRKFDL.exe
  2⤵
  PID:5148
- C:\Windows\System\lkMbMRp.exe
  C:\Windows\System\lkMbMRp.exe
  2⤵
  PID:5164
- C:\Windows\System\XRwacUJ.exe
  C:\Windows\System\XRwacUJ.exe
  2⤵
  PID:5180
- C:\Windows\System\TZSQHka.exe
  C:\Windows\System\TZSQHka.exe
  2⤵
  PID:5196
- C:\Windows\System\khIEDVU.exe
  C:\Windows\System\khIEDVU.exe
  2⤵
  PID:5212
- C:\Windows\System\phUBePF.exe
  C:\Windows\System\phUBePF.exe
  2⤵
  PID:5228
- C:\Windows\System\ZTOOoiv.exe
  C:\Windows\System\ZTOOoiv.exe
  2⤵
  PID:5244
- C:\Windows\System\kSqgZTy.exe
  C:\Windows\System\kSqgZTy.exe
  2⤵
  PID:5260
- C:\Windows\System\PeXobGn.exe
  C:\Windows\System\PeXobGn.exe
  2⤵
  PID:5276
- C:\Windows\System\uemZbuu.exe
  C:\Windows\System\uemZbuu.exe
  2⤵
  PID:5292
- C:\Windows\System\WUeOvko.exe
  C:\Windows\System\WUeOvko.exe
  2⤵
  PID:5308
- C:\Windows\System\UHShTmb.exe
  C:\Windows\System\UHShTmb.exe
  2⤵
  PID:5324
- C:\Windows\System\AvhWOtA.exe
  C:\Windows\System\AvhWOtA.exe
  2⤵
  PID:5340
- C:\Windows\System\mPRrUEi.exe
  C:\Windows\System\mPRrUEi.exe
  2⤵
  PID:5356
- C:\Windows\System\iMwuGGq.exe
  C:\Windows\System\iMwuGGq.exe
  2⤵
  PID:5372
- C:\Windows\System\UFVSYaW.exe
  C:\Windows\System\UFVSYaW.exe
  2⤵
  PID:5388
- C:\Windows\System\kpbzzYc.exe
  C:\Windows\System\kpbzzYc.exe
  2⤵
  PID:5404
- C:\Windows\System\jxxhMwJ.exe
  C:\Windows\System\jxxhMwJ.exe
  2⤵
  PID:5420
- C:\Windows\System\EhFbVwU.exe
  C:\Windows\System\EhFbVwU.exe
  2⤵
  PID:5436
- C:\Windows\System\SlfKwae.exe
  C:\Windows\System\SlfKwae.exe
  2⤵
  PID:5452
- C:\Windows\System\QRuNtDM.exe
  C:\Windows\System\QRuNtDM.exe
  2⤵
  PID:5472
- C:\Windows\System\ATnxUzN.exe
  C:\Windows\System\ATnxUzN.exe
  2⤵
  PID:5488
- C:\Windows\System\DDmzHuV.exe
  C:\Windows\System\DDmzHuV.exe
  2⤵
  PID:5504
- C:\Windows\System\uHZrvdt.exe
  C:\Windows\System\uHZrvdt.exe
  2⤵
  PID:5520
- C:\Windows\System\vribQSl.exe
  C:\Windows\System\vribQSl.exe
  2⤵
  PID:5536
- C:\Windows\System\CiavwbH.exe
  C:\Windows\System\CiavwbH.exe
  2⤵
  PID:5552
- C:\Windows\System\ROaWhzf.exe
  C:\Windows\System\ROaWhzf.exe
  2⤵
  PID:5568
- C:\Windows\System\tRKWPSb.exe
  C:\Windows\System\tRKWPSb.exe
  2⤵
  PID:5584
- C:\Windows\System\GyrcYJd.exe
  C:\Windows\System\GyrcYJd.exe
  2⤵
  PID:5600
- C:\Windows\System\CicslnD.exe
  C:\Windows\System\CicslnD.exe
  2⤵
  PID:5616
- C:\Windows\System\joNrQdd.exe
  C:\Windows\System\joNrQdd.exe
  2⤵
  PID:5632
- C:\Windows\System\QcDjlBU.exe
  C:\Windows\System\QcDjlBU.exe
  2⤵
  PID:5648
- C:\Windows\System\BUqTufd.exe
  C:\Windows\System\BUqTufd.exe
  2⤵
  PID:5664
- C:\Windows\System\IdStuay.exe
  C:\Windows\System\IdStuay.exe
  2⤵
  PID:5680
- C:\Windows\System\lWQIWcr.exe
  C:\Windows\System\lWQIWcr.exe
  2⤵
  PID:5696
- C:\Windows\System\HZeaBiy.exe
  C:\Windows\System\HZeaBiy.exe
  2⤵
  PID:5712
- C:\Windows\System\xbJNnzO.exe
  C:\Windows\System\xbJNnzO.exe
  2⤵
  PID:5728
- C:\Windows\System\huEIHYr.exe
  C:\Windows\System\huEIHYr.exe
  2⤵
  PID:5744
- C:\Windows\System\IwXMKYU.exe
  C:\Windows\System\IwXMKYU.exe
  2⤵
  PID:5760
- C:\Windows\System\HxlDoue.exe
  C:\Windows\System\HxlDoue.exe
  2⤵
  PID:5776
- C:\Windows\System\LnuutBU.exe
  C:\Windows\System\LnuutBU.exe
  2⤵
  PID:5792
- C:\Windows\System\RIaQvqw.exe
  C:\Windows\System\RIaQvqw.exe
  2⤵
  PID:5808
- C:\Windows\System\wzuzBtO.exe
  C:\Windows\System\wzuzBtO.exe
  2⤵
  PID:5824
- C:\Windows\System\XDSwxdW.exe
  C:\Windows\System\XDSwxdW.exe
  2⤵
  PID:5840
- C:\Windows\System\FvziKkp.exe
  C:\Windows\System\FvziKkp.exe
  2⤵
  PID:5856
- C:\Windows\System\pXtzDIR.exe
  C:\Windows\System\pXtzDIR.exe
  2⤵
  PID:5872
- C:\Windows\System\gVTsqzy.exe
  C:\Windows\System\gVTsqzy.exe
  2⤵
  PID:5888
- C:\Windows\System\YYlmNde.exe
  C:\Windows\System\YYlmNde.exe
  2⤵
  PID:5904
- C:\Windows\System\oMGxtKW.exe
  C:\Windows\System\oMGxtKW.exe
  2⤵
  PID:5920
- C:\Windows\System\Dknzaoq.exe
  C:\Windows\System\Dknzaoq.exe
  2⤵
  PID:5936
- C:\Windows\System\EgIGYte.exe
  C:\Windows\System\EgIGYte.exe
  2⤵
  PID:5952
- C:\Windows\System\arFmPkA.exe
  C:\Windows\System\arFmPkA.exe
  2⤵
  PID:5968
- C:\Windows\System\IpNLTRt.exe
  C:\Windows\System\IpNLTRt.exe
  2⤵
  PID:5984
- C:\Windows\System\sGcOBBq.exe
  C:\Windows\System\sGcOBBq.exe
  2⤵
  PID:6000
- C:\Windows\System\iQxgxbC.exe
  C:\Windows\System\iQxgxbC.exe
  2⤵
  PID:6016
- C:\Windows\System\rIdGUhE.exe
  C:\Windows\System\rIdGUhE.exe
  2⤵
  PID:6032
- C:\Windows\System\RgshEPw.exe
  C:\Windows\System\RgshEPw.exe
  2⤵
  PID:6048
- C:\Windows\System\ewEMEZW.exe
  C:\Windows\System\ewEMEZW.exe
  2⤵
  PID:6064
- C:\Windows\System\WiFEhuj.exe
  C:\Windows\System\WiFEhuj.exe
  2⤵
  PID:6080
- C:\Windows\System\AlIhsnt.exe
  C:\Windows\System\AlIhsnt.exe
  2⤵
  PID:6096
- C:\Windows\System\RVjNHlW.exe
  C:\Windows\System\RVjNHlW.exe
  2⤵
  PID:6112
- C:\Windows\System\IApkjpR.exe
  C:\Windows\System\IApkjpR.exe
  2⤵
  PID:6128
- C:\Windows\System\vFZhZNl.exe
  C:\Windows\System\vFZhZNl.exe
  2⤵
  PID:4556
- C:\Windows\System\XBdQMwb.exe
  C:\Windows\System\XBdQMwb.exe
  2⤵
  PID:4492
- C:\Windows\System\mvSBoHG.exe
  C:\Windows\System\mvSBoHG.exe
  2⤵
  PID:4600
- C:\Windows\System\OmycuXK.exe
  C:\Windows\System\OmycuXK.exe
  2⤵
  PID:4940
- C:\Windows\System\QUHWcuz.exe
  C:\Windows\System\QUHWcuz.exe
  2⤵
  PID:4216
- C:\Windows\System\GYVvCji.exe
  C:\Windows\System\GYVvCji.exe
  2⤵
  PID:2388
- C:\Windows\System\YHFWjkR.exe
  C:\Windows\System\YHFWjkR.exe
  2⤵
  PID:5060
- C:\Windows\System\WsodELA.exe
  C:\Windows\System\WsodELA.exe
  2⤵
  PID:4408
- C:\Windows\System\knfhYtm.exe
  C:\Windows\System\knfhYtm.exe
  2⤵
  PID:4360
- C:\Windows\System\NkZmdra.exe
  C:\Windows\System\NkZmdra.exe
  2⤵
  PID:4952
- C:\Windows\System\ALsBOnj.exe
  C:\Windows\System\ALsBOnj.exe
  2⤵
  PID:4792
- C:\Windows\System\oTBplEl.exe
  C:\Windows\System\oTBplEl.exe
  2⤵
  PID:5124
- C:\Windows\System\hlWPkjU.exe
  C:\Windows\System\hlWPkjU.exe
  2⤵
  PID:1592
- C:\Windows\System\ttAGZze.exe
  C:\Windows\System\ttAGZze.exe
  2⤵
  PID:1436
- C:\Windows\System\eoxlyEw.exe
  C:\Windows\System\eoxlyEw.exe
  2⤵
  PID:5268
- C:\Windows\System\DwfvpIJ.exe
  C:\Windows\System\DwfvpIJ.exe
  2⤵
  PID:5220
- C:\Windows\System\kIRyVXl.exe
  C:\Windows\System\kIRyVXl.exe
  2⤵
  PID:5252
- C:\Windows\System\lZwnKTk.exe
  C:\Windows\System\lZwnKTk.exe
  2⤵
  PID:5284
- C:\Windows\System\MmXStnc.exe
  C:\Windows\System\MmXStnc.exe
  2⤵
  PID:5316
- C:\Windows\System\UkFgEiG.exe
  C:\Windows\System\UkFgEiG.exe
  2⤵
  PID:5396
- C:\Windows\System\zFVFxkQ.exe
  C:\Windows\System\zFVFxkQ.exe
  2⤵
  PID:5380
- C:\Windows\System\ImogKjJ.exe
  C:\Windows\System\ImogKjJ.exe
  2⤵
  PID:5444
- C:\Windows\System\BNevAzD.exe
  C:\Windows\System\BNevAzD.exe
  2⤵
  PID:5496
- C:\Windows\System\kosYceB.exe
  C:\Windows\System\kosYceB.exe
  2⤵
  PID:5516
- C:\Windows\System\QxuCcsW.exe
  C:\Windows\System\QxuCcsW.exe
  2⤵
  PID:5544
- C:\Windows\System\FnAwnkw.exe
  C:\Windows\System\FnAwnkw.exe
  2⤵
  PID:5580
- C:\Windows\System\KSIGtGV.exe
  C:\Windows\System\KSIGtGV.exe
  2⤵
  PID:2900
- C:\Windows\System\MoBaVik.exe
  C:\Windows\System\MoBaVik.exe
  2⤵
  PID:5624
- C:\Windows\System\XFwygkP.exe
  C:\Windows\System\XFwygkP.exe
  2⤵
  PID:5628
- C:\Windows\System\hkllKsi.exe
  C:\Windows\System\hkllKsi.exe
  2⤵
  PID:5644
- C:\Windows\System\XIJMTRm.exe
  C:\Windows\System\XIJMTRm.exe
  2⤵
  PID:5676
- C:\Windows\System\rKRcJQU.exe
  C:\Windows\System\rKRcJQU.exe
  2⤵
  PID:5724
- C:\Windows\System\EjHBMbU.exe
  C:\Windows\System\EjHBMbU.exe
  2⤵
  PID:5752
- C:\Windows\System\RapLKQr.exe
  C:\Windows\System\RapLKQr.exe
  2⤵
  PID:5772
- C:\Windows\System\DWiRdAQ.exe
  C:\Windows\System\DWiRdAQ.exe
  2⤵
  PID:5804
- C:\Windows\System\HLKTbAl.exe
  C:\Windows\System\HLKTbAl.exe
  2⤵
  PID:5836
- C:\Windows\System\EJSqCYJ.exe
  C:\Windows\System\EJSqCYJ.exe
  2⤵
  PID:5868
- C:\Windows\System\KSvRjks.exe
  C:\Windows\System\KSvRjks.exe
  2⤵
  PID:5912
- C:\Windows\System\sGyznrI.exe
  C:\Windows\System\sGyznrI.exe
  2⤵
  PID:5932
- C:\Windows\System\KQswmIl.exe
  C:\Windows\System\KQswmIl.exe
  2⤵
  PID:5964
- C:\Windows\System\drFRisq.exe
  C:\Windows\System\drFRisq.exe
  2⤵
  PID:5996
- C:\Windows\System\qSamira.exe
  C:\Windows\System\qSamira.exe
  2⤵
  PID:6040
- C:\Windows\System\gWMfVpC.exe
  C:\Windows\System\gWMfVpC.exe
  2⤵
  PID:6060
- C:\Windows\System\nCuLpWs.exe
  C:\Windows\System\nCuLpWs.exe
  2⤵
  PID:6092
- C:\Windows\System\sHTlzzQ.exe
  C:\Windows\System\sHTlzzQ.exe
  2⤵
  PID:6124
- C:\Windows\System\vxLfPHm.exe
  C:\Windows\System\vxLfPHm.exe
  2⤵
  PID:4236
- C:\Windows\System\gPNqKPd.exe
  C:\Windows\System\gPNqKPd.exe
  2⤵
  PID:4428
- C:\Windows\System\EoHGIuV.exe
  C:\Windows\System\EoHGIuV.exe
  2⤵
  PID:4760
- C:\Windows\System\CCnMZrb.exe
  C:\Windows\System\CCnMZrb.exe
  2⤵
  PID:4844
- C:\Windows\System\glojkMd.exe
  C:\Windows\System\glojkMd.exe
  2⤵
  PID:5172
- C:\Windows\System\nadjDje.exe
  C:\Windows\System\nadjDje.exe
  2⤵
  PID:3732
- C:\Windows\System\OaNXNTa.exe
  C:\Windows\System\OaNXNTa.exe
  2⤵
  PID:5204
- C:\Windows\System\uoDjUir.exe
  C:\Windows\System\uoDjUir.exe
  2⤵
  PID:1820
- C:\Windows\System\AjQlCpm.exe
  C:\Windows\System\AjQlCpm.exe
  2⤵
  PID:5188
- C:\Windows\System\hitEnHp.exe
  C:\Windows\System\hitEnHp.exe
  2⤵
  PID:5288
- C:\Windows\System\ZRuyuXA.exe
  C:\Windows\System\ZRuyuXA.exe
  2⤵
  PID:5428
- C:\Windows\System\ESwhpuO.exe
  C:\Windows\System\ESwhpuO.exe
  2⤵
  PID:5464
- C:\Windows\System\wgKByZy.exe
  C:\Windows\System\wgKByZy.exe
  2⤵
  PID:1708
- C:\Windows\System\VZziqiO.exe
  C:\Windows\System\VZziqiO.exe
  2⤵
  PID:5564
- C:\Windows\System\JHOfBnM.exe
  C:\Windows\System\JHOfBnM.exe
  2⤵
  PID:1844
- C:\Windows\System\FfkZdWx.exe
  C:\Windows\System\FfkZdWx.exe
  2⤵
  PID:5656
- C:\Windows\System\aMxnriI.exe
  C:\Windows\System\aMxnriI.exe
  2⤵
  PID:5736
- C:\Windows\System\AGDvAye.exe
  C:\Windows\System\AGDvAye.exe
  2⤵
  PID:5800
- C:\Windows\System\jkJriLR.exe
  C:\Windows\System\jkJriLR.exe
  2⤵
  PID:5832
- C:\Windows\System\AmiWRtl.exe
  C:\Windows\System\AmiWRtl.exe
  2⤵
  PID:768
- C:\Windows\System\UALIWBQ.exe
  C:\Windows\System\UALIWBQ.exe
  2⤵
  PID:5928
- C:\Windows\System\CaZtmuR.exe
  C:\Windows\System\CaZtmuR.exe
  2⤵
  PID:5992
- C:\Windows\System\bzowVZM.exe
  C:\Windows\System\bzowVZM.exe
  2⤵
  PID:6028
- C:\Windows\System\WHNMHiU.exe
  C:\Windows\System\WHNMHiU.exe
  2⤵
  PID:6136
- C:\Windows\System\WLfwdxq.exe
  C:\Windows\System\WLfwdxq.exe
  2⤵
  PID:3172
- C:\Windows\System\vEKlUiw.exe
  C:\Windows\System\vEKlUiw.exe
  2⤵
  PID:4712
- C:\Windows\System\FcyChiU.exe
  C:\Windows\System\FcyChiU.exe
  2⤵
  PID:5144
- C:\Windows\System\nVfRKdH.exe
  C:\Windows\System\nVfRKdH.exe
  2⤵
  PID:764
- C:\Windows\System\mFwjJvB.exe
  C:\Windows\System\mFwjJvB.exe
  2⤵
  PID:5304
- C:\Windows\System\ZVqHsHP.exe
  C:\Windows\System\ZVqHsHP.exe
  2⤵
  PID:2800
- C:\Windows\System\RmtAwqL.exe
  C:\Windows\System\RmtAwqL.exe
  2⤵
  PID:5384
- C:\Windows\System\tipJIcI.exe
  C:\Windows\System\tipJIcI.exe
  2⤵
  PID:5560
- C:\Windows\System\AAsIaqt.exe
  C:\Windows\System\AAsIaqt.exe
  2⤵
  PID:2592
- C:\Windows\System\ugAqglH.exe
  C:\Windows\System\ugAqglH.exe
  2⤵
  PID:2988
- C:\Windows\System\JGDFFHp.exe
  C:\Windows\System\JGDFFHp.exe
  2⤵
  PID:2132
- C:\Windows\System\hixqtJD.exe
  C:\Windows\System\hixqtJD.exe
  2⤵
  PID:5900
- C:\Windows\System\ZgAjVtI.exe
  C:\Windows\System\ZgAjVtI.exe
  2⤵
  PID:6088
- C:\Windows\System\tMArqqh.exe
  C:\Windows\System\tMArqqh.exe
  2⤵
  PID:4780
- C:\Windows\System\pKNSFqA.exe
  C:\Windows\System\pKNSFqA.exe
  2⤵
  PID:6156
- C:\Windows\System\fWSphed.exe
  C:\Windows\System\fWSphed.exe
  2⤵
  PID:6172
- C:\Windows\System\fkMgDoN.exe
  C:\Windows\System\fkMgDoN.exe
  2⤵
  PID:6188
- C:\Windows\System\wAqEcUn.exe
  C:\Windows\System\wAqEcUn.exe
  2⤵
  PID:6204
- C:\Windows\System\CSvkrQp.exe
  C:\Windows\System\CSvkrQp.exe
  2⤵
  PID:6220
- C:\Windows\System\UyvlXnh.exe
  C:\Windows\System\UyvlXnh.exe
  2⤵
  PID:6236
- C:\Windows\System\fCjRQEF.exe
  C:\Windows\System\fCjRQEF.exe
  2⤵
  PID:6252
- C:\Windows\System\vKwMJsl.exe
  C:\Windows\System\vKwMJsl.exe
  2⤵
  PID:6268
- C:\Windows\System\GtAMCvP.exe
  C:\Windows\System\GtAMCvP.exe
  2⤵
  PID:6284
- C:\Windows\System\fpLUOIz.exe
  C:\Windows\System\fpLUOIz.exe
  2⤵
  PID:6300
- C:\Windows\System\NopeERA.exe
  C:\Windows\System\NopeERA.exe
  2⤵
  PID:6316
- C:\Windows\System\QwnQXru.exe
  C:\Windows\System\QwnQXru.exe
  2⤵
  PID:6332
- C:\Windows\System\tWEejOU.exe
  C:\Windows\System\tWEejOU.exe
  2⤵
  PID:6348
- C:\Windows\System\fFYRpRq.exe
  C:\Windows\System\fFYRpRq.exe
  2⤵
  PID:6364
- C:\Windows\System\uHsekEF.exe
  C:\Windows\System\uHsekEF.exe
  2⤵
  PID:6384
- C:\Windows\System\LuYUbsA.exe
  C:\Windows\System\LuYUbsA.exe
  2⤵
  PID:6400
- C:\Windows\System\FzaiUaq.exe
  C:\Windows\System\FzaiUaq.exe
  2⤵
  PID:6416
- C:\Windows\System\FlPrEGe.exe
  C:\Windows\System\FlPrEGe.exe
  2⤵
  PID:6432
- C:\Windows\System\aguznlq.exe
  C:\Windows\System\aguznlq.exe
  2⤵
  PID:6448
- C:\Windows\System\LlrVFpI.exe
  C:\Windows\System\LlrVFpI.exe
  2⤵
  PID:6464
- C:\Windows\System\pOfydqW.exe
  C:\Windows\System\pOfydqW.exe
  2⤵
  PID:6480
- C:\Windows\System\xgAGyoN.exe
  C:\Windows\System\xgAGyoN.exe
  2⤵
  PID:6496
- C:\Windows\System\MSjZFEL.exe
  C:\Windows\System\MSjZFEL.exe
  2⤵
  PID:6512
- C:\Windows\System\CazuJQp.exe
  C:\Windows\System\CazuJQp.exe
  2⤵
  PID:6528
- C:\Windows\System\PmWOofq.exe
  C:\Windows\System\PmWOofq.exe
  2⤵
  PID:6544
- C:\Windows\System\APPMdnO.exe
  C:\Windows\System\APPMdnO.exe
  2⤵
  PID:6560
- C:\Windows\System\ItuFgkV.exe
  C:\Windows\System\ItuFgkV.exe
  2⤵
  PID:6576
- C:\Windows\System\anreWgH.exe
  C:\Windows\System\anreWgH.exe
  2⤵
  PID:6592
- C:\Windows\System\ZVKOvuo.exe
  C:\Windows\System\ZVKOvuo.exe
  2⤵
  PID:6608
- C:\Windows\System\Ouwspfm.exe
  C:\Windows\System\Ouwspfm.exe
  2⤵
  PID:6624
- C:\Windows\System\jqvPDMO.exe
  C:\Windows\System\jqvPDMO.exe
  2⤵
  PID:6640
- C:\Windows\System\jUFObnT.exe
  C:\Windows\System\jUFObnT.exe
  2⤵
  PID:6656
- C:\Windows\System\cfzwcmg.exe
  C:\Windows\System\cfzwcmg.exe
  2⤵
  PID:6672
- C:\Windows\System\EFMioJz.exe
  C:\Windows\System\EFMioJz.exe
  2⤵
  PID:6688
- C:\Windows\System\sTEeUkw.exe
  C:\Windows\System\sTEeUkw.exe
  2⤵
  PID:6704
- C:\Windows\System\AuRtgLi.exe
  C:\Windows\System\AuRtgLi.exe
  2⤵
  PID:6720
- C:\Windows\System\TNrnHwa.exe
  C:\Windows\System\TNrnHwa.exe
  2⤵
  PID:6736
- C:\Windows\System\iGrqqtU.exe
  C:\Windows\System\iGrqqtU.exe
  2⤵
  PID:6752
- C:\Windows\System\ESvUVNi.exe
  C:\Windows\System\ESvUVNi.exe
  2⤵
  PID:6768
- C:\Windows\System\awJcYEE.exe
  C:\Windows\System\awJcYEE.exe
  2⤵
  PID:6784
- C:\Windows\System\uJRBsyI.exe
  C:\Windows\System\uJRBsyI.exe
  2⤵
  PID:6800
- C:\Windows\System\dZhjJib.exe
  C:\Windows\System\dZhjJib.exe
  2⤵
  PID:6816
- C:\Windows\System\OMxfgJS.exe
  C:\Windows\System\OMxfgJS.exe
  2⤵
  PID:6832
- C:\Windows\System\qSHFzUx.exe
  C:\Windows\System\qSHFzUx.exe
  2⤵
  PID:6848
- C:\Windows\System\sRCjQOO.exe
  C:\Windows\System\sRCjQOO.exe
  2⤵
  PID:6864
- C:\Windows\System\LpYjTyH.exe
  C:\Windows\System\LpYjTyH.exe
  2⤵
  PID:6880
- C:\Windows\System\IyqnRHK.exe
  C:\Windows\System\IyqnRHK.exe
  2⤵
  PID:6896
- C:\Windows\System\UVLfHXx.exe
  C:\Windows\System\UVLfHXx.exe
  2⤵
  PID:6912
- C:\Windows\System\nmyIpvU.exe
  C:\Windows\System\nmyIpvU.exe
  2⤵
  PID:6928
- C:\Windows\System\hDMzxVe.exe
  C:\Windows\System\hDMzxVe.exe
  2⤵
  PID:6944
- C:\Windows\System\GQEyMtC.exe
  C:\Windows\System\GQEyMtC.exe
  2⤵
  PID:6960
- C:\Windows\System\RUzOamh.exe
  C:\Windows\System\RUzOamh.exe
  2⤵
  PID:6976
- C:\Windows\System\MQtZWsk.exe
  C:\Windows\System\MQtZWsk.exe
  2⤵
  PID:6992
- C:\Windows\System\kagzpBa.exe
  C:\Windows\System\kagzpBa.exe
  2⤵
  PID:7008
- C:\Windows\System\KYbgHcV.exe
  C:\Windows\System\KYbgHcV.exe
  2⤵
  PID:7024
- C:\Windows\System\XvXGVRP.exe
  C:\Windows\System\XvXGVRP.exe
  2⤵
  PID:7040
- C:\Windows\System\tnVjnpe.exe
  C:\Windows\System\tnVjnpe.exe
  2⤵
  PID:7056
- C:\Windows\System\yVhdLYI.exe
  C:\Windows\System\yVhdLYI.exe
  2⤵
  PID:7072
- C:\Windows\System\EfugPcQ.exe
  C:\Windows\System\EfugPcQ.exe
  2⤵
  PID:7088
- C:\Windows\System\yfMErtl.exe
  C:\Windows\System\yfMErtl.exe
  2⤵
  PID:7104
- C:\Windows\System\UkisLBs.exe
  C:\Windows\System\UkisLBs.exe
  2⤵
  PID:7120
- C:\Windows\System\VbWFCsT.exe
  C:\Windows\System\VbWFCsT.exe
  2⤵
  PID:7140
- C:\Windows\System\kCbrJXy.exe
  C:\Windows\System\kCbrJXy.exe
  2⤵
  PID:7156
- C:\Windows\System\QHUlazh.exe
  C:\Windows\System\QHUlazh.exe
  2⤵
  PID:5140
- C:\Windows\System\UKRoDZx.exe
  C:\Windows\System\UKRoDZx.exe
  2⤵
  PID:2484
- C:\Windows\System\ZXOegbi.exe
  C:\Windows\System\ZXOegbi.exe
  2⤵
  PID:5532
- C:\Windows\System\DqlKXSR.exe
  C:\Windows\System\DqlKXSR.exe
  2⤵
  PID:5608
- C:\Windows\System\zxXpNaG.exe
  C:\Windows\System\zxXpNaG.exe
  2⤵
  PID:5704
- C:\Windows\System\ZklehEF.exe
  C:\Windows\System\ZklehEF.exe
  2⤵
  PID:2308
- C:\Windows\System\HaMwqar.exe
  C:\Windows\System\HaMwqar.exe
  2⤵
  PID:4344
- C:\Windows\System\NIWyKsV.exe
  C:\Windows\System\NIWyKsV.exe
  2⤵
  PID:6168
- C:\Windows\System\kmOOLBe.exe
  C:\Windows\System\kmOOLBe.exe
  2⤵
  PID:6200
- C:\Windows\System\oIvNqAQ.exe
  C:\Windows\System\oIvNqAQ.exe
  2⤵
  PID:6228
- C:\Windows\System\nZtjnDv.exe
  C:\Windows\System\nZtjnDv.exe
  2⤵
  PID:6248
- C:\Windows\System\vBMpttK.exe
  C:\Windows\System\vBMpttK.exe
  2⤵
  PID:6280
- C:\Windows\System\XElfwhc.exe
  C:\Windows\System\XElfwhc.exe
  2⤵
  PID:6312
- C:\Windows\System\swFupnV.exe
  C:\Windows\System\swFupnV.exe
  2⤵
  PID:6344
- C:\Windows\System\GSamPEB.exe
  C:\Windows\System\GSamPEB.exe
  2⤵
  PID:6376
- C:\Windows\System\eaCFIcN.exe
  C:\Windows\System\eaCFIcN.exe
  2⤵
  PID:6424
- C:\Windows\System\vhUpsbr.exe
  C:\Windows\System\vhUpsbr.exe
  2⤵
  PID:6444
- C:\Windows\System\XNCwjNC.exe
  C:\Windows\System\XNCwjNC.exe
  2⤵
  PID:6488
- C:\Windows\System\ulFBeWk.exe
  C:\Windows\System\ulFBeWk.exe
  2⤵
  PID:6508
- C:\Windows\System\rOrWbwg.exe
  C:\Windows\System\rOrWbwg.exe
  2⤵
  PID:6540
- C:\Windows\System\wtInPCq.exe
  C:\Windows\System\wtInPCq.exe
  2⤵
  PID:6572
- C:\Windows\System\xIkufHc.exe
  C:\Windows\System\xIkufHc.exe
  2⤵
  PID:6604
- C:\Windows\System\ABLHsAb.exe
  C:\Windows\System\ABLHsAb.exe
  2⤵
  PID:6636
- C:\Windows\System\ylgcyhf.exe
  C:\Windows\System\ylgcyhf.exe
  2⤵
  PID:6668
- C:\Windows\System\prVSvaz.exe
  C:\Windows\System\prVSvaz.exe
  2⤵
  PID:6700
- C:\Windows\System\ndORtUH.exe
  C:\Windows\System\ndORtUH.exe
  2⤵
  PID:6732
- C:\Windows\System\awEtSCo.exe
  C:\Windows\System\awEtSCo.exe
  2⤵
  PID:6764
- C:\Windows\System\ScDYIzI.exe
  C:\Windows\System\ScDYIzI.exe
  2⤵
  PID:6796
- C:\Windows\System\HctpjtY.exe
  C:\Windows\System\HctpjtY.exe
  2⤵
  PID:6824
- C:\Windows\System\qcjYmNA.exe
  C:\Windows\System\qcjYmNA.exe
  2⤵
  PID:6856
- C:\Windows\System\iYsTLcP.exe
  C:\Windows\System\iYsTLcP.exe
  2⤵
  PID:6888
- C:\Windows\System\qRPnMRB.exe
  C:\Windows\System\qRPnMRB.exe
  2⤵
  PID:2824
- C:\Windows\System\UnkXXRn.exe
  C:\Windows\System\UnkXXRn.exe
  2⤵
  PID:6940
- C:\Windows\System\hyxcRHU.exe
  C:\Windows\System\hyxcRHU.exe
  2⤵
  PID:6972
- C:\Windows\System\MTHGSrU.exe
  C:\Windows\System\MTHGSrU.exe
  2⤵
  PID:6988
- C:\Windows\System\NfjQWmS.exe
  C:\Windows\System\NfjQWmS.exe
  2⤵
  PID:7032
- C:\Windows\System\yYqmiHS.exe
  C:\Windows\System\yYqmiHS.exe
  2⤵
  PID:7064
- C:\Windows\System\eeNuPTM.exe
  C:\Windows\System\eeNuPTM.exe
  2⤵
  PID:7084
- C:\Windows\System\TlGDsQV.exe
  C:\Windows\System\TlGDsQV.exe
  2⤵
  PID:7116
- C:\Windows\System\njwjSKM.exe
  C:\Windows\System\njwjSKM.exe
  2⤵
  PID:7152
- C:\Windows\System\xigAcQa.exe
  C:\Windows\System\xigAcQa.exe
  2⤵
  PID:5236
- C:\Windows\System\zCcykea.exe
  C:\Windows\System\zCcykea.exe
  2⤵
  PID:2812
- C:\Windows\System\uQQkDXR.exe
  C:\Windows\System\uQQkDXR.exe
  2⤵
  PID:6164
- C:\Windows\System\elyAtZs.exe
  C:\Windows\System\elyAtZs.exe
  2⤵
  PID:6216
- C:\Windows\System\Ldjemmm.exe
  C:\Windows\System\Ldjemmm.exe
  2⤵
  PID:6244
- C:\Windows\System\KOfCGZW.exe
  C:\Windows\System\KOfCGZW.exe
  2⤵
  PID:6292
- C:\Windows\System\GbKDSPw.exe
  C:\Windows\System\GbKDSPw.exe
  2⤵
  PID:6392
- C:\Windows\System\vfcKhKP.exe
  C:\Windows\System\vfcKhKP.exe
  2⤵
  PID:6456
- C:\Windows\System\wVSXYfw.exe
  C:\Windows\System\wVSXYfw.exe
  2⤵
  PID:6520
- C:\Windows\System\dMwUivP.exe
  C:\Windows\System\dMwUivP.exe
  2⤵
  PID:6584
- C:\Windows\System\NcyovLo.exe
  C:\Windows\System\NcyovLo.exe
  2⤵
  PID:6632
- C:\Windows\System\wsuedEi.exe
  C:\Windows\System\wsuedEi.exe
  2⤵
  PID:6696
- C:\Windows\System\aOBkpGx.exe
  C:\Windows\System\aOBkpGx.exe
  2⤵
  PID:6728
- C:\Windows\System\RhEFdQc.exe
  C:\Windows\System\RhEFdQc.exe
  2⤵
  PID:6812
- C:\Windows\System\VNteiGH.exe
  C:\Windows\System\VNteiGH.exe
  2⤵
  PID:6844
- C:\Windows\System\xtqRiiM.exe
  C:\Windows\System\xtqRiiM.exe
  2⤵
  PID:572
- C:\Windows\System\fWyvVGQ.exe
  C:\Windows\System\fWyvVGQ.exe
  2⤵
  PID:6984
- C:\Windows\System\ZTpFMpE.exe
  C:\Windows\System\ZTpFMpE.exe
  2⤵
  PID:7016
- C:\Windows\System\ckEnZqA.exe
  C:\Windows\System\ckEnZqA.exe
  2⤵
  PID:7080
- C:\Windows\System\cPiqGMw.exe
  C:\Windows\System\cPiqGMw.exe
  2⤵
  PID:7148
- C:\Windows\System\dclVHPU.exe
  C:\Windows\System\dclVHPU.exe
  2⤵
  PID:5352
- C:\Windows\System\caiJals.exe
  C:\Windows\System\caiJals.exe
  2⤵
  PID:6152
- C:\Windows\System\lnHQszZ.exe
  C:\Windows\System\lnHQszZ.exe
  2⤵
  PID:6308
- C:\Windows\System\KenbHmX.exe
  C:\Windows\System\KenbHmX.exe
  2⤵
  PID:6412
- C:\Windows\System\jCKVKGS.exe
  C:\Windows\System\jCKVKGS.exe
  2⤵
  PID:6568
- C:\Windows\System\vENeTms.exe
  C:\Windows\System\vENeTms.exe
  2⤵
  PID:6664
- C:\Windows\System\PxRZemb.exe
  C:\Windows\System\PxRZemb.exe
  2⤵
  PID:6792
- C:\Windows\System\kFdlmQK.exe
  C:\Windows\System\kFdlmQK.exe
  2⤵
  PID:6892
- C:\Windows\System\BlXJEgf.exe
  C:\Windows\System\BlXJEgf.exe
  2⤵
  PID:1172
- C:\Windows\System\InIGrrF.exe
  C:\Windows\System\InIGrrF.exe
  2⤵
  PID:6968
- C:\Windows\System\KYJGbKS.exe
  C:\Windows\System\KYJGbKS.exe
  2⤵
  PID:7180
- C:\Windows\System\OUizVtG.exe
  C:\Windows\System\OUizVtG.exe
  2⤵
  PID:7196
- C:\Windows\System\rbOXlNG.exe
  C:\Windows\System\rbOXlNG.exe
  2⤵
  PID:7212
- C:\Windows\System\sGKLSGH.exe
  C:\Windows\System\sGKLSGH.exe
  2⤵
  PID:7228
- C:\Windows\System\caKcrcA.exe
  C:\Windows\System\caKcrcA.exe
  2⤵
  PID:7244
- C:\Windows\System\mydNpXM.exe
  C:\Windows\System\mydNpXM.exe
  2⤵
  PID:7260
- C:\Windows\System\SVDqGXv.exe
  C:\Windows\System\SVDqGXv.exe
  2⤵
  PID:7276
- C:\Windows\System\IJgXCna.exe
  C:\Windows\System\IJgXCna.exe
  2⤵
  PID:7292
- C:\Windows\System\slYaPbn.exe
  C:\Windows\System\slYaPbn.exe
  2⤵
  PID:7308
- C:\Windows\System\FEtAAZu.exe
  C:\Windows\System\FEtAAZu.exe
  2⤵
  PID:7324
- C:\Windows\System\habnMIP.exe
  C:\Windows\System\habnMIP.exe
  2⤵
  PID:7340
- C:\Windows\System\fXnBelT.exe
  C:\Windows\System\fXnBelT.exe
  2⤵
  PID:7356
- C:\Windows\System\pGCMjZK.exe
  C:\Windows\System\pGCMjZK.exe
  2⤵
  PID:7372
- C:\Windows\System\ypviWKW.exe
  C:\Windows\System\ypviWKW.exe
  2⤵
  PID:7388
- C:\Windows\System\VtSAjlq.exe
  C:\Windows\System\VtSAjlq.exe
  2⤵
  PID:7404
- C:\Windows\System\mzHbAia.exe
  C:\Windows\System\mzHbAia.exe
  2⤵
  PID:7420
- C:\Windows\System\abijThk.exe
  C:\Windows\System\abijThk.exe
  2⤵
  PID:7436
- C:\Windows\System\SSaSnMN.exe
  C:\Windows\System\SSaSnMN.exe
  2⤵
  PID:7456
- C:\Windows\System\pIZAZmZ.exe
  C:\Windows\System\pIZAZmZ.exe
  2⤵
  PID:7472
- C:\Windows\System\qeWrWWF.exe
  C:\Windows\System\qeWrWWF.exe
  2⤵
  PID:7488
- C:\Windows\System\tdgEmQH.exe
  C:\Windows\System\tdgEmQH.exe
  2⤵
  PID:7504
- C:\Windows\System\eBrYGsw.exe
  C:\Windows\System\eBrYGsw.exe
  2⤵
  PID:7520
- C:\Windows\System\rhLYGLW.exe
  C:\Windows\System\rhLYGLW.exe
  2⤵
  PID:7536
- C:\Windows\System\EzHUPzI.exe
  C:\Windows\System\EzHUPzI.exe
  2⤵
  PID:7552
- C:\Windows\System\tlBmGtS.exe
  C:\Windows\System\tlBmGtS.exe
  2⤵
  PID:7568
- C:\Windows\System\vuKrGqX.exe
  C:\Windows\System\vuKrGqX.exe
  2⤵
  PID:7584
- C:\Windows\System\ubxeWCk.exe
  C:\Windows\System\ubxeWCk.exe
  2⤵
  PID:7600
- C:\Windows\System\pAkLXje.exe
  C:\Windows\System\pAkLXje.exe
  2⤵
  PID:7616
- C:\Windows\System\aBYskot.exe
  C:\Windows\System\aBYskot.exe
  2⤵
  PID:7632
- C:\Windows\System\GkQIqzo.exe
  C:\Windows\System\GkQIqzo.exe
  2⤵
  PID:7648
- C:\Windows\System\UxyOZLM.exe
  C:\Windows\System\UxyOZLM.exe
  2⤵
  PID:7664
- C:\Windows\System\rXKWtRC.exe
  C:\Windows\System\rXKWtRC.exe
  2⤵
  PID:7680
- C:\Windows\System\LalfHdP.exe
  C:\Windows\System\LalfHdP.exe
  2⤵
  PID:7696
- C:\Windows\System\FfaNYDV.exe
  C:\Windows\System\FfaNYDV.exe
  2⤵
  PID:7712
- C:\Windows\System\QKthvHx.exe
  C:\Windows\System\QKthvHx.exe
  2⤵
  PID:7728
- C:\Windows\System\vxTTEuO.exe
  C:\Windows\System\vxTTEuO.exe
  2⤵
  PID:7744
- C:\Windows\System\wQhJdkH.exe
  C:\Windows\System\wQhJdkH.exe
  2⤵
  PID:7760
- C:\Windows\System\gneztNP.exe
  C:\Windows\System\gneztNP.exe
  2⤵
  PID:7776
- C:\Windows\System\nWvfLZh.exe
  C:\Windows\System\nWvfLZh.exe
  2⤵
  PID:7792
- C:\Windows\System\EVVWSub.exe
  C:\Windows\System\EVVWSub.exe
  2⤵
  PID:7808
- C:\Windows\System\XIQDuoK.exe
  C:\Windows\System\XIQDuoK.exe
  2⤵
  PID:7824
- C:\Windows\System\CWjAeVq.exe
  C:\Windows\System\CWjAeVq.exe
  2⤵
  PID:7840
- C:\Windows\System\wmLkQew.exe
  C:\Windows\System\wmLkQew.exe
  2⤵
  PID:7856
- C:\Windows\System\zNqUcTD.exe
  C:\Windows\System\zNqUcTD.exe
  2⤵
  PID:7872
- C:\Windows\System\vJRSbwW.exe
  C:\Windows\System\vJRSbwW.exe
  2⤵
  PID:7888
- C:\Windows\System\PGqDJFi.exe
  C:\Windows\System\PGqDJFi.exe
  2⤵
  PID:7904
- C:\Windows\System\euSFxfe.exe
  C:\Windows\System\euSFxfe.exe
  2⤵
  PID:7920
- C:\Windows\System\iCkbELM.exe
  C:\Windows\System\iCkbELM.exe
  2⤵
  PID:7936
- C:\Windows\System\VbmELrK.exe
  C:\Windows\System\VbmELrK.exe
  2⤵
  PID:7952
- C:\Windows\System\ziyJGBl.exe
  C:\Windows\System\ziyJGBl.exe
  2⤵
  PID:7968
- C:\Windows\System\IqHWsKs.exe
  C:\Windows\System\IqHWsKs.exe
  2⤵
  PID:7984
- C:\Windows\System\HOlfiFL.exe
  C:\Windows\System\HOlfiFL.exe
  2⤵
  PID:8000
- C:\Windows\System\vLlCbfc.exe
  C:\Windows\System\vLlCbfc.exe
  2⤵
  PID:8016
- C:\Windows\System\akpNZLb.exe
  C:\Windows\System\akpNZLb.exe
  2⤵
  PID:8032
- C:\Windows\System\TMJKcJF.exe
  C:\Windows\System\TMJKcJF.exe
  2⤵
  PID:8048
- C:\Windows\System\httPTkc.exe
  C:\Windows\System\httPTkc.exe
  2⤵
  PID:8064
- C:\Windows\System\vhgbPrl.exe
  C:\Windows\System\vhgbPrl.exe
  2⤵
  PID:8080
- C:\Windows\System\XZuGFJh.exe
  C:\Windows\System\XZuGFJh.exe
  2⤵
  PID:8096
- C:\Windows\System\cWWrEdy.exe
  C:\Windows\System\cWWrEdy.exe
  2⤵
  PID:8112
- C:\Windows\System\kGZfPXi.exe
  C:\Windows\System\kGZfPXi.exe
  2⤵
  PID:8132
- C:\Windows\System\THBaXJE.exe
  C:\Windows\System\THBaXJE.exe
  2⤵
  PID:8148
- C:\Windows\System\rBHewMy.exe
  C:\Windows\System\rBHewMy.exe
  2⤵
  PID:8164
- C:\Windows\System\afbJHfq.exe
  C:\Windows\System\afbJHfq.exe
  2⤵
  PID:8180
- C:\Windows\System\lvmrfct.exe
  C:\Windows\System\lvmrfct.exe
  2⤵
  PID:7096
- C:\Windows\System\HxqEYXQ.exe
  C:\Windows\System\HxqEYXQ.exe
  2⤵
  PID:6196
- C:\Windows\System\WnBHRzt.exe
  C:\Windows\System\WnBHRzt.exe
  2⤵
  PID:6356
- C:\Windows\System\jNdNKnr.exe
  C:\Windows\System\jNdNKnr.exe
  2⤵
  PID:2828
- C:\Windows\System\zmRInwk.exe
  C:\Windows\System\zmRInwk.exe
  2⤵
  PID:6840
- C:\Windows\System\fkUryzk.exe
  C:\Windows\System\fkUryzk.exe
  2⤵
  PID:2376
- C:\Windows\System\Dgsnkzr.exe
  C:\Windows\System\Dgsnkzr.exe
  2⤵
  PID:7188
- C:\Windows\System\XiZdyKN.exe
  C:\Windows\System\XiZdyKN.exe
  2⤵
  PID:7220
- C:\Windows\System\CEpqiGT.exe
  C:\Windows\System\CEpqiGT.exe
  2⤵
  PID:7252
- C:\Windows\System\OLmWzPi.exe
  C:\Windows\System\OLmWzPi.exe
  2⤵
  PID:7300
- C:\Windows\System\aRnWqru.exe
  C:\Windows\System\aRnWqru.exe
  2⤵
  PID:7316
- C:\Windows\System\MrjPnwf.exe
  C:\Windows\System\MrjPnwf.exe
  2⤵
  PID:7320
- C:\Windows\System\bjTrPBX.exe
  C:\Windows\System\bjTrPBX.exe
  2⤵
  PID:2896
- C:\Windows\System\dwJZrfo.exe
  C:\Windows\System\dwJZrfo.exe
  2⤵
  PID:7368
- C:\Windows\System\ttgkgfg.exe
  C:\Windows\System\ttgkgfg.exe
  2⤵
  PID:1248
- C:\Windows\System\xnXZogV.exe
  C:\Windows\System\xnXZogV.exe
  2⤵
  PID:2588
- C:\Windows\System\tTlWokl.exe
  C:\Windows\System\tTlWokl.exe
  2⤵
  PID:1616
- C:\Windows\System\gdCzzfe.exe
  C:\Windows\System\gdCzzfe.exe
  2⤵
  PID:788
- C:\Windows\System\ulfsGqF.exe
  C:\Windows\System\ulfsGqF.exe
  2⤵
  PID:7468
- C:\Windows\System\umPEKdU.exe
  C:\Windows\System\umPEKdU.exe
  2⤵
  PID:7500
- C:\Windows\System\gmOVZlm.exe
  C:\Windows\System\gmOVZlm.exe
  2⤵
  PID:7516
- C:\Windows\System\FLGkFwB.exe
  C:\Windows\System\FLGkFwB.exe
  2⤵
  PID:7560
- C:\Windows\System\uWgCVxr.exe
  C:\Windows\System\uWgCVxr.exe
  2⤵
  PID:7580
- C:\Windows\System\bwlvSZq.exe
  C:\Windows\System\bwlvSZq.exe
  2⤵
  PID:7608
- C:\Windows\System\AStxkDY.exe
  C:\Windows\System\AStxkDY.exe
  2⤵
  PID:2884
- C:\Windows\System\rsCYVzL.exe
  C:\Windows\System\rsCYVzL.exe
  2⤵
  PID:7688
- C:\Windows\System\grWaZzW.exe
  C:\Windows\System\grWaZzW.exe
  2⤵
  PID:7708
- C:\Windows\System\lPwPYWR.exe
  C:\Windows\System\lPwPYWR.exe
  2⤵
  PID:7752
- C:\Windows\System\oZuuiNq.exe
  C:\Windows\System\oZuuiNq.exe
  2⤵
  PID:7772
- C:\Windows\System\IsPgYoa.exe
  C:\Windows\System\IsPgYoa.exe
  2⤵
  PID:7816
- C:\Windows\System\BuraemD.exe
  C:\Windows\System\BuraemD.exe
  2⤵
  PID:7832
- C:\Windows\System\gpjGhsc.exe
  C:\Windows\System\gpjGhsc.exe
  2⤵
  PID:7880
- C:\Windows\System\sRwVXaM.exe
  C:\Windows\System\sRwVXaM.exe
  2⤵
  PID:7896
- C:\Windows\System\qOkDnyA.exe
  C:\Windows\System\qOkDnyA.exe
  2⤵
  PID:7900
- C:\Windows\System\TVvfiZz.exe
  C:\Windows\System\TVvfiZz.exe
  2⤵
  PID:7948
- C:\Windows\System\omVYGxb.exe
  C:\Windows\System\omVYGxb.exe
  2⤵
  PID:7976
- C:\Windows\System\lTzgKio.exe
  C:\Windows\System\lTzgKio.exe
  2⤵
  PID:376
- C:\Windows\System\bQhtCHq.exe
  C:\Windows\System\bQhtCHq.exe
  2⤵
  PID:2948
- C:\Windows\System\PtUETbx.exe
  C:\Windows\System\PtUETbx.exe
  2⤵
  PID:5468
- C:\Windows\System\umYThAm.exe
  C:\Windows\System\umYThAm.exe
  2⤵
  PID:2236
- C:\Windows\System\orBUaek.exe
  C:\Windows\System\orBUaek.exe
  2⤵
  PID:8072
- C:\Windows\System\snmKjmj.exe
  C:\Windows\System\snmKjmj.exe
  2⤵
  PID:8104
- C:\Windows\System\fsKaQVP.exe
  C:\Windows\System\fsKaQVP.exe
  2⤵
  PID:8140
- C:\Windows\System\VvLjiXg.exe
  C:\Windows\System\VvLjiXg.exe
  2⤵
  PID:8160
- C:\Windows\System\QwtjvvC.exe
  C:\Windows\System\QwtjvvC.exe
  2⤵
  PID:2624
- C:\Windows\System\RvraSzl.exe
  C:\Windows\System\RvraSzl.exe
  2⤵
  PID:6372
- C:\Windows\System\koJGVpP.exe
  C:\Windows\System\koJGVpP.exe
  2⤵
  PID:6956
- C:\Windows\System\KqUyDkm.exe
  C:\Windows\System\KqUyDkm.exe
  2⤵
  PID:7192
- C:\Windows\System\NpOnpsM.exe
  C:\Windows\System\NpOnpsM.exe
  2⤵
  PID:7240
- C:\Windows\System\ocwxytf.exe
  C:\Windows\System\ocwxytf.exe
  2⤵
  PID:7332
- C:\Windows\System\EVdxrUQ.exe
  C:\Windows\System\EVdxrUQ.exe
  2⤵
  PID:7348
- C:\Windows\System\JKKaCcV.exe
  C:\Windows\System\JKKaCcV.exe
  2⤵
  PID:6104
- C:\Windows\System\pPtFmWp.exe
  C:\Windows\System\pPtFmWp.exe
  2⤵
  PID:7412
- C:\Windows\System\gDbfsXR.exe
  C:\Windows\System\gDbfsXR.exe
  2⤵
  PID:7400
- C:\Windows\System\JGdieVD.exe
  C:\Windows\System\JGdieVD.exe
  2⤵
  PID:7484
- C:\Windows\System\sWdqezZ.exe
  C:\Windows\System\sWdqezZ.exe
  2⤵
  PID:2628
- C:\Windows\System\TlObzpU.exe
  C:\Windows\System\TlObzpU.exe
  2⤵
  PID:2580
- C:\Windows\System\ZCtCMHj.exe
  C:\Windows\System\ZCtCMHj.exe
  2⤵
  PID:7612
- C:\Windows\System\nPGFIFi.exe
  C:\Windows\System\nPGFIFi.exe
  2⤵
  PID:7720
- C:\Windows\System\ViMWelr.exe
  C:\Windows\System\ViMWelr.exe
  2⤵
  PID:7736
- C:\Windows\System\RmqAxxx.exe
  C:\Windows\System\RmqAxxx.exe
  2⤵
  PID:7852
- C:\Windows\System\AqrBrBl.exe
  C:\Windows\System\AqrBrBl.exe
  2⤵
  PID:7960
- C:\Windows\System\SlTAJjS.exe
  C:\Windows\System\SlTAJjS.exe
  2⤵
  PID:8044
- C:\Windows\System\GsUUMrv.exe
  C:\Windows\System\GsUUMrv.exe
  2⤵
  PID:8028
- C:\Windows\System\AbSqSEd.exe
  C:\Windows\System\AbSqSEd.exe
  2⤵
  PID:8156
- C:\Windows\System\cskiPIk.exe
  C:\Windows\System\cskiPIk.exe
  2⤵
  PID:8312
- C:\Windows\System\lVdOvlD.exe
  C:\Windows\System\lVdOvlD.exe
  2⤵
  PID:8328
- C:\Windows\System\gblZKwL.exe
  C:\Windows\System\gblZKwL.exe
  2⤵
  PID:8344
- C:\Windows\System\CNQpmTT.exe
  C:\Windows\System\CNQpmTT.exe
  2⤵
  PID:8360
- C:\Windows\System\HKMDsel.exe
  C:\Windows\System\HKMDsel.exe
  2⤵
  PID:8376
- C:\Windows\System\wadufvm.exe
  C:\Windows\System\wadufvm.exe
  2⤵
  PID:8392
- C:\Windows\System\oFzHOuF.exe
  C:\Windows\System\oFzHOuF.exe
  2⤵
  PID:8408
- C:\Windows\System\AvkKBXo.exe
  C:\Windows\System\AvkKBXo.exe
  2⤵
  PID:8424
- C:\Windows\System\isoZtHE.exe
  C:\Windows\System\isoZtHE.exe
  2⤵
  PID:8440
- C:\Windows\System\YciQpRh.exe
  C:\Windows\System\YciQpRh.exe
  2⤵
  PID:8456
- C:\Windows\System\AYqFZPf.exe
  C:\Windows\System\AYqFZPf.exe
  2⤵
  PID:8472
- C:\Windows\System\ZyMgdON.exe
  C:\Windows\System\ZyMgdON.exe
  2⤵
  PID:8488
- C:\Windows\System\WWRYOzv.exe
  C:\Windows\System\WWRYOzv.exe
  2⤵
  PID:8504
- C:\Windows\System\yhYEtTX.exe
  C:\Windows\System\yhYEtTX.exe
  2⤵
  PID:8520
- C:\Windows\System\ojtqWfx.exe
  C:\Windows\System\ojtqWfx.exe
  2⤵
  PID:8536
- C:\Windows\System\wvMKftX.exe
  C:\Windows\System\wvMKftX.exe
  2⤵
  PID:8552
- C:\Windows\System\shZDURC.exe
  C:\Windows\System\shZDURC.exe
  2⤵
  PID:8568
- C:\Windows\System\NINuRqD.exe
  C:\Windows\System\NINuRqD.exe
  2⤵
  PID:8584
- C:\Windows\System\doTRuza.exe
  C:\Windows\System\doTRuza.exe
  2⤵
  PID:8600
- C:\Windows\System\etyzpYJ.exe
  C:\Windows\System\etyzpYJ.exe
  2⤵
  PID:8620
- C:\Windows\System\SNSKPTU.exe
  C:\Windows\System\SNSKPTU.exe
  2⤵
  PID:8636
- C:\Windows\System\sHIaWXv.exe
  C:\Windows\System\sHIaWXv.exe
  2⤵
  PID:8652
- C:\Windows\System\RWUtuoN.exe
  C:\Windows\System\RWUtuoN.exe
  2⤵
  PID:8668
- C:\Windows\System\dfFQIGc.exe
  C:\Windows\System\dfFQIGc.exe
  2⤵
  PID:8692
- C:\Windows\System\sqHbeqq.exe
  C:\Windows\System\sqHbeqq.exe
  2⤵
  PID:8708
- C:\Windows\System\oWCNRKc.exe
  C:\Windows\System\oWCNRKc.exe
  2⤵
  PID:8724
- C:\Windows\System\dgRVtQO.exe
  C:\Windows\System\dgRVtQO.exe
  2⤵
  PID:8740
- C:\Windows\System\bUNFaDB.exe
  C:\Windows\System\bUNFaDB.exe
  2⤵
  PID:8756
- C:\Windows\System\rrxJciw.exe
  C:\Windows\System\rrxJciw.exe
  2⤵
  PID:8772
- C:\Windows\System\FREdJgV.exe
  C:\Windows\System\FREdJgV.exe
  2⤵
  PID:8788
- C:\Windows\System\cPXZWyq.exe
  C:\Windows\System\cPXZWyq.exe
  2⤵
  PID:8804
- C:\Windows\System\DIBYECT.exe
  C:\Windows\System\DIBYECT.exe
  2⤵
  PID:8820
- C:\Windows\System\xpgicTf.exe
  C:\Windows\System\xpgicTf.exe
  2⤵
  PID:8836
- C:\Windows\System\HiBpmEQ.exe
  C:\Windows\System\HiBpmEQ.exe
  2⤵
  PID:8852
- C:\Windows\System\iiCQkFK.exe
  C:\Windows\System\iiCQkFK.exe
  2⤵
  PID:8868
- C:\Windows\System\PPiNNIB.exe
  C:\Windows\System\PPiNNIB.exe
  2⤵
  PID:8884
- C:\Windows\System\PMqOCIs.exe
  C:\Windows\System\PMqOCIs.exe
  2⤵
  PID:8900
- C:\Windows\System\bkcqxnU.exe
  C:\Windows\System\bkcqxnU.exe
  2⤵
  PID:8916
- C:\Windows\System\VMEwQMN.exe
  C:\Windows\System\VMEwQMN.exe
  2⤵
  PID:8932
- C:\Windows\System\ZDvTUNB.exe
  C:\Windows\System\ZDvTUNB.exe
  2⤵
  PID:8948
- C:\Windows\System\kFkhxFy.exe
  C:\Windows\System\kFkhxFy.exe
  2⤵
  PID:8964
- C:\Windows\System\wFNUsxm.exe
  C:\Windows\System\wFNUsxm.exe
  2⤵
  PID:8980
- C:\Windows\System\kpgQUTg.exe
  C:\Windows\System\kpgQUTg.exe
  2⤵
  PID:8996
- C:\Windows\System\VqnZIkT.exe
  C:\Windows\System\VqnZIkT.exe
  2⤵
  PID:9012
- C:\Windows\System\xBPstFz.exe
  C:\Windows\System\xBPstFz.exe
  2⤵
  PID:9028
- C:\Windows\System\ZuBXHkz.exe
  C:\Windows\System\ZuBXHkz.exe
  2⤵
  PID:9044
- C:\Windows\System\AwCCRyr.exe
  C:\Windows\System\AwCCRyr.exe
  2⤵
  PID:9060
- C:\Windows\System\NHGYOAV.exe
  C:\Windows\System\NHGYOAV.exe
  2⤵
  PID:9076
- C:\Windows\System\SjlnFoP.exe
  C:\Windows\System\SjlnFoP.exe
  2⤵
  PID:9092
- C:\Windows\System\IWdshEB.exe
  C:\Windows\System\IWdshEB.exe
  2⤵
  PID:9108
- C:\Windows\System\MCPckJt.exe
  C:\Windows\System\MCPckJt.exe
  2⤵
  PID:9124
- C:\Windows\System\ywxrejl.exe
  C:\Windows\System\ywxrejl.exe
  2⤵
  PID:9140
- C:\Windows\System\tYoGnZh.exe
  C:\Windows\System\tYoGnZh.exe
  2⤵
  PID:9156
- C:\Windows\System\WPEljZz.exe
  C:\Windows\System\WPEljZz.exe
  2⤵
  PID:9172
- C:\Windows\System\UbaOGPP.exe
  C:\Windows\System\UbaOGPP.exe
  2⤵
  PID:9188
- C:\Windows\System\OGJJTNs.exe
  C:\Windows\System\OGJJTNs.exe
  2⤵
  PID:9204
- C:\Windows\System\lxCglQg.exe
  C:\Windows\System\lxCglQg.exe
  2⤵
  PID:7884
- C:\Windows\System\rDmcFSI.exe
  C:\Windows\System\rDmcFSI.exe
  2⤵
  PID:3056
- C:\Windows\System\IPYfedY.exe
  C:\Windows\System\IPYfedY.exe
  2⤵
  PID:6552
- C:\Windows\System\lojlPTK.exe
  C:\Windows\System\lojlPTK.exe
  2⤵
  PID:7288
- C:\Windows\System\OCEBzZG.exe
  C:\Windows\System\OCEBzZG.exe
  2⤵
  PID:7224
- C:\Windows\System\TalMxoH.exe
  C:\Windows\System\TalMxoH.exe
  2⤵
  PID:1288
- C:\Windows\System\KTdkKvK.exe
  C:\Windows\System\KTdkKvK.exe
  2⤵
  PID:1784
- C:\Windows\System\HwsDZnx.exe
  C:\Windows\System\HwsDZnx.exe
  2⤵
  PID:7548
- C:\Windows\System\YqZfrqq.exe
  C:\Windows\System\YqZfrqq.exe
  2⤵
  PID:2212
- C:\Windows\System\TJsmFYv.exe
  C:\Windows\System\TJsmFYv.exe
  2⤵
  PID:3024
- C:\Windows\System\myEOOgE.exe
  C:\Windows\System\myEOOgE.exe
  2⤵
  PID:2256
- C:\Windows\System\PHYhdvp.exe
  C:\Windows\System\PHYhdvp.exe
  2⤵
  PID:1972
- C:\Windows\System\ANLZCDp.exe
  C:\Windows\System\ANLZCDp.exe
  2⤵
  PID:7788
- C:\Windows\System\maUXEEE.exe
  C:\Windows\System\maUXEEE.exe
  2⤵
  PID:7528
- C:\Windows\System\wLOFsbM.exe
  C:\Windows\System\wLOFsbM.exe
  2⤵
  PID:1056
- C:\Windows\System\AXKhvLV.exe
  C:\Windows\System\AXKhvLV.exe
  2⤵
  PID:8248
- C:\Windows\System\NXmQoNo.exe
  C:\Windows\System\NXmQoNo.exe
  2⤵
  PID:852
- C:\Windows\System\EuFSVnd.exe
  C:\Windows\System\EuFSVnd.exe
  2⤵
  PID:8196
- C:\Windows\System\FfXEjYb.exe
  C:\Windows\System\FfXEjYb.exe
  2⤵
  PID:8212
- C:\Windows\System\XToIMDh.exe
  C:\Windows\System\XToIMDh.exe
  2⤵
  PID:8228
- C:\Windows\System\hZElMSl.exe
  C:\Windows\System\hZElMSl.exe
  2⤵
  PID:8240
- C:\Windows\System\kqlaNdt.exe
  C:\Windows\System\kqlaNdt.exe
  2⤵
  PID:8268
- C:\Windows\System\KSTmtYk.exe
  C:\Windows\System\KSTmtYk.exe
  2⤵
  PID:8284
- C:\Windows\System\AkRIKEZ.exe
  C:\Windows\System\AkRIKEZ.exe
  2⤵
  PID:8300
- C:\Windows\System\IsAyiYN.exe
  C:\Windows\System\IsAyiYN.exe
  2⤵
  PID:8308
- C:\Windows\System\qFzbqmH.exe
  C:\Windows\System\qFzbqmH.exe
  2⤵
  PID:8416
- C:\Windows\System\oIZgdnR.exe
  C:\Windows\System\oIZgdnR.exe
  2⤵
  PID:8452
- C:\Windows\System\yrfwKgG.exe
  C:\Windows\System\yrfwKgG.exe
  2⤵
  PID:8496
- C:\Windows\System\UUIFgli.exe
  C:\Windows\System\UUIFgli.exe
  2⤵
  PID:8372
- C:\Windows\System\HqpfSlv.exe
  C:\Windows\System\HqpfSlv.exe
  2⤵
  PID:8464
- C:\Windows\System\vqenUcS.exe
  C:\Windows\System\vqenUcS.exe
  2⤵
  PID:8560
- C:\Windows\System\HDHJnDo.exe
  C:\Windows\System\HDHJnDo.exe
  2⤵
  PID:8628
- C:\Windows\System\obBwINc.exe
  C:\Windows\System\obBwINc.exe
  2⤵
  PID:8608
- C:\Windows\System\nHWvmVX.exe
  C:\Windows\System\nHWvmVX.exe
  2⤵
  PID:8484
- C:\Windows\System\iJcJRlL.exe
  C:\Windows\System\iJcJRlL.exe
  2⤵
  PID:8580
- C:\Windows\System\YezcgWJ.exe
  C:\Windows\System\YezcgWJ.exe
  2⤵
  PID:8720
- C:\Windows\System\gfUATKF.exe
  C:\Windows\System\gfUATKF.exe
  2⤵
  PID:8732
- C:\Windows\System\iEzeDZY.exe
  C:\Windows\System\iEzeDZY.exe
  2⤵
  PID:8796
- C:\Windows\System\vAkMEAq.exe
  C:\Windows\System\vAkMEAq.exe
  2⤵
  PID:8748
- C:\Windows\System\TzoeAkl.exe
  C:\Windows\System\TzoeAkl.exe
  2⤵
  PID:8844
- C:\Windows\System\OiflLJI.exe
  C:\Windows\System\OiflLJI.exe
  2⤵
  PID:8848
- C:\Windows\System\fSvqMPz.exe
  C:\Windows\System\fSvqMPz.exe
  2⤵
  PID:8864
- C:\Windows\System\xAyrtwF.exe
  C:\Windows\System\xAyrtwF.exe
  2⤵
  PID:8928
- C:\Windows\System\lGVNGuj.exe
  C:\Windows\System\lGVNGuj.exe
  2⤵
  PID:8988
- C:\Windows\System\sqGhNVv.exe
  C:\Windows\System\sqGhNVv.exe
  2⤵
  PID:8940
- C:\Windows\System\AnnmGeT.exe
  C:\Windows\System\AnnmGeT.exe
  2⤵
  PID:9056
- C:\Windows\System\mhVjhhy.exe
  C:\Windows\System\mhVjhhy.exe
  2⤵
  PID:9036
- C:\Windows\System\HzYUSuq.exe
  C:\Windows\System\HzYUSuq.exe
  2⤵
  PID:8912
- C:\Windows\System\TNegIBz.exe
  C:\Windows\System\TNegIBz.exe
  2⤵
  PID:9104
- C:\Windows\System\MMQpEaY.exe
  C:\Windows\System\MMQpEaY.exe
  2⤵
  PID:9168
- C:\Windows\System\fscipZA.exe
  C:\Windows\System\fscipZA.exe
  2⤵
  PID:9152
- C:\Windows\System\Ujusdym.exe
  C:\Windows\System\Ujusdym.exe
  2⤵
  PID:7868
- C:\Windows\System\eJprblB.exe
  C:\Windows\System\eJprblB.exe
  2⤵
  PID:9100
- C:\Windows\System\nKQdxhw.exe
  C:\Windows\System\nKQdxhw.exe
  2⤵
  PID:7020
- C:\Windows\System\qkTedtf.exe
  C:\Windows\System\qkTedtf.exe
  2⤵
  PID:876
- C:\Windows\System\iHBHaDR.exe
  C:\Windows\System\iHBHaDR.exe
  2⤵
  PID:1732
- C:\Windows\System\HBfwWDw.exe
  C:\Windows\System\HBfwWDw.exe
  2⤵
  PID:972
- C:\Windows\System\DLBLhsx.exe
  C:\Windows\System\DLBLhsx.exe
  2⤵
  PID:7644
- C:\Windows\System\wgaQZtm.exe
  C:\Windows\System\wgaQZtm.exe
  2⤵
  PID:444
- C:\Windows\System\WeSQXZv.exe
  C:\Windows\System\WeSQXZv.exe
  2⤵
  PID:8088
- C:\Windows\System\kuUmWCy.exe
  C:\Windows\System\kuUmWCy.exe
  2⤵
  PID:8204
- C:\Windows\System\TqdZfcH.exe
  C:\Windows\System\TqdZfcH.exe
  2⤵
  PID:8276
- C:\Windows\System\PveCKPy.exe
  C:\Windows\System\PveCKPy.exe
  2⤵
  PID:8220
- C:\Windows\System\DPeQhcE.exe
  C:\Windows\System\DPeQhcE.exe
  2⤵
  PID:8292
- C:\Windows\System\tLDNwyu.exe
  C:\Windows\System\tLDNwyu.exe
  2⤵
  PID:8448
- C:\Windows\System\dKKOnLt.exe
  C:\Windows\System\dKKOnLt.exe
  2⤵
  PID:8500
- C:\Windows\System\sBGeuPl.exe
  C:\Windows\System\sBGeuPl.exe
  2⤵
  PID:8340
- C:\Windows\System\MaTZfau.exe
  C:\Windows\System\MaTZfau.exe
  2⤵
  PID:8544
- C:\Windows\System\NyGednY.exe
  C:\Windows\System\NyGednY.exe
  2⤵
  PID:8676
- C:\Windows\System\UveKJwn.exe
  C:\Windows\System\UveKJwn.exe
  2⤵
  PID:8548
- C:\Windows\System\EKefxbj.exe
  C:\Windows\System\EKefxbj.exe
  2⤵
  PID:8700
- C:\Windows\System\rVANvQu.exe
  C:\Windows\System\rVANvQu.exe
  2⤵
  PID:8832
- C:\Windows\System\bfLYABG.exe
  C:\Windows\System\bfLYABG.exe
  2⤵
  PID:8688
- C:\Windows\System\IgkRZwV.exe
  C:\Windows\System\IgkRZwV.exe
  2⤵
  PID:9024
- C:\Windows\System\yiFRgyR.exe
  C:\Windows\System\yiFRgyR.exe
  2⤵
  PID:9068
- C:\Windows\System\AkXByLs.exe
  C:\Windows\System\AkXByLs.exe
  2⤵
  PID:9196
- C:\Windows\System\lJjpbeW.exe
  C:\Windows\System\lJjpbeW.exe
  2⤵
  PID:8860
- C:\Windows\System\CZtWpxn.exe
  C:\Windows\System\CZtWpxn.exe
  2⤵
  PID:9088
- C:\Windows\System\XTdbbsc.exe
  C:\Windows\System\XTdbbsc.exe
  2⤵
  PID:8368
- C:\Windows\System\wvJoVpm.exe
  C:\Windows\System\wvJoVpm.exe
  2⤵
  PID:8596
- C:\Windows\System\kscmDKi.exe
  C:\Windows\System\kscmDKi.exe
  2⤵
  PID:8816
- C:\Windows\System\PawfSPz.exe
  C:\Windows\System\PawfSPz.exe
  2⤵
  PID:8828
- C:\Windows\System\vaRtvsv.exe
  C:\Windows\System\vaRtvsv.exe
  2⤵
  PID:7596
- C:\Windows\System\wbZcolv.exe
  C:\Windows\System\wbZcolv.exe
  2⤵
  PID:9120
- C:\Windows\System\IEKXVoo.exe
  C:\Windows\System\IEKXVoo.exe
  2⤵
  PID:9164
- C:\Windows\System\jMxRYNo.exe
  C:\Windows\System\jMxRYNo.exe
  2⤵
  PID:7980
- C:\Windows\System\zsAyphd.exe
  C:\Windows\System\zsAyphd.exe
  2⤵
  PID:7992
- C:\Windows\System\COVUDmI.exe
  C:\Windows\System\COVUDmI.exe
  2⤵
  PID:2084
- C:\Windows\System\qVkVVgx.exe
  C:\Windows\System\qVkVVgx.exe
  2⤵
  PID:2168
- C:\Windows\System\DsAQYru.exe
  C:\Windows\System\DsAQYru.exe
  2⤵
  PID:8256
- C:\Windows\System\dzKYvSc.exe
  C:\Windows\System\dzKYvSc.exe
  2⤵
  PID:8324
- C:\Windows\System\lLrNYId.exe
  C:\Windows\System\lLrNYId.exe
  2⤵
  PID:8592
- C:\Windows\System\PkMelNd.exe
  C:\Windows\System\PkMelNd.exe
  2⤵
  PID:8784
- C:\Windows\System\TRtSVFf.exe
  C:\Windows\System\TRtSVFf.exe
  2⤵
  PID:9220
- C:\Windows\System\MltoEoV.exe
  C:\Windows\System\MltoEoV.exe
  2⤵
  PID:9236
- C:\Windows\System\GRffVzQ.exe
  C:\Windows\System\GRffVzQ.exe
  2⤵
  PID:9252
- C:\Windows\System\kWKKMFv.exe
  C:\Windows\System\kWKKMFv.exe
  2⤵
  PID:9268
- C:\Windows\System\JbepYgR.exe
  C:\Windows\System\JbepYgR.exe
  2⤵
  PID:9284
- C:\Windows\System\VzyiBwo.exe
  C:\Windows\System\VzyiBwo.exe
  2⤵
  PID:9304
- C:\Windows\System\drSiKRE.exe
  C:\Windows\System\drSiKRE.exe
  2⤵
  PID:9320
- C:\Windows\System\BkmUByH.exe
  C:\Windows\System\BkmUByH.exe
  2⤵
  PID:9336
- C:\Windows\System\RsBIgEK.exe
  C:\Windows\System\RsBIgEK.exe
  2⤵
  PID:9352
- C:\Windows\System\dspDwcx.exe
  C:\Windows\System\dspDwcx.exe
  2⤵
  PID:9368
- C:\Windows\System\MTmBQUc.exe
  C:\Windows\System\MTmBQUc.exe
  2⤵
  PID:9388
- C:\Windows\System\mijASwj.exe
  C:\Windows\System\mijASwj.exe
  2⤵
  PID:9404
- C:\Windows\System\GIJmiPM.exe
  C:\Windows\System\GIJmiPM.exe
  2⤵
  PID:9420
- C:\Windows\System\ZBUWtuk.exe
  C:\Windows\System\ZBUWtuk.exe
  2⤵
  PID:9436
- C:\Windows\System\hYxxjkg.exe
  C:\Windows\System\hYxxjkg.exe
  2⤵
  PID:9452
- C:\Windows\System\PgjJrEy.exe
  C:\Windows\System\PgjJrEy.exe
  2⤵
  PID:9468
- C:\Windows\System\WbnLDIa.exe
  C:\Windows\System\WbnLDIa.exe
  2⤵
  PID:9484
- C:\Windows\System\jAtzWup.exe
  C:\Windows\System\jAtzWup.exe
  2⤵
  PID:9512
- C:\Windows\System\rrzyDhk.exe
  C:\Windows\System\rrzyDhk.exe
  2⤵
  PID:9536
- C:\Windows\System\BckGJpq.exe
  C:\Windows\System\BckGJpq.exe
  2⤵
  PID:9592
- C:\Windows\System\vafyqcL.exe
  C:\Windows\System\vafyqcL.exe
  2⤵
  PID:9660
- C:\Windows\System\sbqeVOU.exe
  C:\Windows\System\sbqeVOU.exe
  2⤵
  PID:9676
- C:\Windows\System\aqZCMRP.exe
  C:\Windows\System\aqZCMRP.exe
  2⤵
  PID:9692
- C:\Windows\System\wYxwEEA.exe
  C:\Windows\System\wYxwEEA.exe
  2⤵
  PID:9708
- C:\Windows\System\TNRBSVR.exe
  C:\Windows\System\TNRBSVR.exe
  2⤵
  PID:9724
- C:\Windows\System\qzJFqcR.exe
  C:\Windows\System\qzJFqcR.exe
  2⤵
  PID:9740
- C:\Windows\System\saODlEO.exe
  C:\Windows\System\saODlEO.exe
  2⤵
  PID:9756
- C:\Windows\System\viYcUPU.exe
  C:\Windows\System\viYcUPU.exe
  2⤵
  PID:9772
- C:\Windows\System\CdhOldG.exe
  C:\Windows\System\CdhOldG.exe
  2⤵
  PID:9788
- C:\Windows\System\ZGApUbn.exe
  C:\Windows\System\ZGApUbn.exe
  2⤵
  PID:9804
- C:\Windows\System\dbXcaMz.exe
  C:\Windows\System\dbXcaMz.exe
  2⤵
  PID:9820
- C:\Windows\System\MkRAwqb.exe
  C:\Windows\System\MkRAwqb.exe
  2⤵
  PID:9836
- C:\Windows\System\RVIjaxX.exe
  C:\Windows\System\RVIjaxX.exe
  2⤵
  PID:9852
- C:\Windows\System\qJPlcnk.exe
  C:\Windows\System\qJPlcnk.exe
  2⤵
  PID:9868
- C:\Windows\System\wVhtjpd.exe
  C:\Windows\System\wVhtjpd.exe
  2⤵
  PID:9888
- C:\Windows\System\kUtekAD.exe
  C:\Windows\System\kUtekAD.exe
  2⤵
  PID:9904
- C:\Windows\System\PXmMqdM.exe
  C:\Windows\System\PXmMqdM.exe
  2⤵
  PID:9920
- C:\Windows\System\lPnqVgj.exe
  C:\Windows\System\lPnqVgj.exe
  2⤵
  PID:9936
- C:\Windows\System\aZElcOQ.exe
  C:\Windows\System\aZElcOQ.exe
  2⤵
  PID:9952
- C:\Windows\System\pjLGnrC.exe
  C:\Windows\System\pjLGnrC.exe
  2⤵
  PID:9968
- C:\Windows\System\HFIxEGo.exe
  C:\Windows\System\HFIxEGo.exe
  2⤵
  PID:9984
- C:\Windows\System\qGbFlVT.exe
  C:\Windows\System\qGbFlVT.exe
  2⤵
  PID:10000
- C:\Windows\System\xfihcAz.exe
  C:\Windows\System\xfihcAz.exe
  2⤵
  PID:10016
- C:\Windows\System\VigseEk.exe
  C:\Windows\System\VigseEk.exe
  2⤵
  PID:10032
- C:\Windows\System\UWILGAt.exe
  C:\Windows\System\UWILGAt.exe
  2⤵
  PID:10052
- C:\Windows\System\CyoeKfe.exe
  C:\Windows\System\CyoeKfe.exe
  2⤵
  PID:10068
- C:\Windows\System\YGHcwUK.exe
  C:\Windows\System\YGHcwUK.exe
  2⤵
  PID:10084
- C:\Windows\System\xBWumhf.exe
  C:\Windows\System\xBWumhf.exe
  2⤵
  PID:10100
- C:\Windows\System\zaQOEoa.exe
  C:\Windows\System\zaQOEoa.exe
  2⤵
  PID:10116
- C:\Windows\System\aaTUnZy.exe
  C:\Windows\System\aaTUnZy.exe
  2⤵
  PID:10140
- C:\Windows\System\mUDCVmA.exe
  C:\Windows\System\mUDCVmA.exe
  2⤵
  PID:10216
- C:\Windows\System\OhPoEBG.exe
  C:\Windows\System\OhPoEBG.exe
  2⤵
  PID:10232
- C:\Windows\System\CNIYsbI.exe
  C:\Windows\System\CNIYsbI.exe
  2⤵
  PID:8024
- C:\Windows\System\fFeAHGj.exe
  C:\Windows\System\fFeAHGj.exe
  2⤵
  PID:8264
- C:\Windows\System\AVSYBQX.exe
  C:\Windows\System\AVSYBQX.exe
  2⤵
  PID:8356
- C:\Windows\System\QoFKyoi.exe
  C:\Windows\System\QoFKyoi.exe
  2⤵
  PID:9052
- C:\Windows\System\zyvNSwD.exe
  C:\Windows\System\zyvNSwD.exe
  2⤵
  PID:7512
- C:\Windows\System\ApWtHqQ.exe
  C:\Windows\System\ApWtHqQ.exe
  2⤵
  PID:7944
- C:\Windows\System\pgDNgjL.exe
  C:\Windows\System\pgDNgjL.exe
  2⤵
  PID:9264
- C:\Windows\System\cFQHawU.exe
  C:\Windows\System\cFQHawU.exe
  2⤵
  PID:9248
- C:\Windows\System\zGCsfYC.exe
  C:\Windows\System\zGCsfYC.exe
  2⤵
  PID:9344
- C:\Windows\System\mwoqYPf.exe
  C:\Windows\System\mwoqYPf.exe
  2⤵
  PID:9348
- C:\Windows\System\kRoxrZu.exe
  C:\Windows\System\kRoxrZu.exe
  2⤵
  PID:9396
- C:\Windows\System\PtKtgoI.exe
  C:\Windows\System\PtKtgoI.exe
  2⤵
  PID:9416
- C:\Windows\System\AkbTsYb.exe
  C:\Windows\System\AkbTsYb.exe
  2⤵
  PID:9444
- C:\Windows\System\oWgNUle.exe
  C:\Windows\System\oWgNUle.exe
  2⤵
  PID:9464
- C:\Windows\System\ubpvueN.exe
  C:\Windows\System\ubpvueN.exe
  2⤵
  PID:9508
- C:\Windows\System\uYPbMyx.exe
  C:\Windows\System\uYPbMyx.exe
  2⤵
  PID:9544
- C:\Windows\System\uCjHcch.exe
  C:\Windows\System\uCjHcch.exe
  2⤵
  PID:9604
- C:\Windows\System\AiRlXKR.exe
  C:\Windows\System\AiRlXKR.exe
  2⤵
  PID:9620
- C:\Windows\System\hOdvmBt.exe
  C:\Windows\System\hOdvmBt.exe
  2⤵
  PID:9632
- C:\Windows\System\wteqWUo.exe
  C:\Windows\System\wteqWUo.exe
  2⤵
  PID:9652
- C:\Windows\System\IkcVMyB.exe
  C:\Windows\System\IkcVMyB.exe
  2⤵
  PID:9672
- C:\Windows\System\qyGNcfp.exe
  C:\Windows\System\qyGNcfp.exe
  2⤵
  PID:9716
- C:\Windows\System\mXdauMy.exe
  C:\Windows\System\mXdauMy.exe
  2⤵
  PID:9732
- C:\Windows\System\GFfiXzY.exe
  C:\Windows\System\GFfiXzY.exe
  2⤵
  PID:9812
- C:\Windows\System\fhbPRbP.exe
  C:\Windows\System\fhbPRbP.exe
  2⤵
  PID:9800
- C:\Windows\System\OMgkgWr.exe
  C:\Windows\System\OMgkgWr.exe
  2⤵
  PID:9848
- C:\Windows\System\kYFMhEL.exe
  C:\Windows\System\kYFMhEL.exe
  2⤵
  PID:9916
- C:\Windows\System\HCDQkJl.exe
  C:\Windows\System\HCDQkJl.exe
  2⤵
  PID:9864
- C:\Windows\System\NEtSCNR.exe
  C:\Windows\System\NEtSCNR.exe
  2⤵
  PID:9932
- C:\Windows\System\vHqKFwj.exe
  C:\Windows\System\vHqKFwj.exe
  2⤵
  PID:10012
- C:\Windows\System\PRLeLYp.exe
  C:\Windows\System\PRLeLYp.exe
  2⤵
  PID:10076
- C:\Windows\System\iuTEaWH.exe
  C:\Windows\System\iuTEaWH.exe
  2⤵
  PID:10124
- C:\Windows\System\FiCnkSF.exe
  C:\Windows\System\FiCnkSF.exe
  2⤵
  PID:10092
- C:\Windows\System\yDSXFqk.exe
  C:\Windows\System\yDSXFqk.exe
  2⤵
  PID:9992
- C:\Windows\System\wwgjsEf.exe
  C:\Windows\System\wwgjsEf.exe
  2⤵
  PID:10128
- C:\Windows\System\nVgOvSP.exe
  C:\Windows\System\nVgOvSP.exe
  2⤵
  PID:10156
- C:\Windows\System\oiYuazy.exe
  C:\Windows\System\oiYuazy.exe
  2⤵
  PID:10172
- C:\Windows\System\SdMRUMl.exe
  C:\Windows\System\SdMRUMl.exe
  2⤵
  PID:10188
- C:\Windows\System\sTQxXca.exe
  C:\Windows\System\sTQxXca.exe
  2⤵
  PID:10208
- C:\Windows\System\GZeETcp.exe
  C:\Windows\System\GZeETcp.exe
  2⤵
  PID:9020
- C:\Windows\System\kjdAXjy.exe
  C:\Windows\System\kjdAXjy.exe
  2⤵
  PID:9228
- C:\Windows\System\UNTkrkw.exe
  C:\Windows\System\UNTkrkw.exe
  2⤵
  PID:9280
- C:\Windows\System\rzXBaYm.exe
  C:\Windows\System\rzXBaYm.exe
  2⤵
  PID:8280
- C:\Windows\System\FDAgRME.exe
  C:\Windows\System\FDAgRME.exe
  2⤵
  PID:9296
- C:\Windows\System\FZVKkRb.exe
  C:\Windows\System\FZVKkRb.exe
  2⤵
  PID:9328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AEbvnhh.exe

Filesize
6.0MB

MD5
dd110c5b6a7c97bcbf6ecd099e7749c6

SHA1
3b41dd5cc360df23c06f0193beb26d02873d3435

SHA256
772d97170426d385677c768ca34c872516a84d832474b088c14b2655adaa1c58

SHA512
0799a15eb1eb42a2388d6341019310a1afeb1f122633205ce98721ba36edc84b59cfa193acef7dd5e9af62bdff566de0f6e818f9617edcdb2e93404d696e90ae

Download Submit
C:\Windows\system\DajrkFY.exe

Filesize
6.0MB

MD5
6ccfae5cd301593595f043b06b2a3a73

SHA1
f9e43ff87a4d3359bc225089d2d01ea192b9020b

SHA256
1ef6d788fef081d030eed014abb9dcace083b2582e4a7b9e1ada89e87715b49b

SHA512
f0f82824c4ec01a75f63118eb9a12c6963ae36c6bb7062d88c8427d7a579a99fc2b48a307d087c5b8b0a9f4d2a609676b6348e37f0a92dd8cd6b243189f586bf

Download Submit
C:\Windows\system\FbMEcBZ.exe

Filesize
6.0MB

MD5
74413770b8d79fba62d48ced6677213a

SHA1
b111b37eddf81097189ec967cafef8a863347d40

SHA256
c53ab66b9302e4418fb7a0aa56940a3fdfffc1c7deb2492b24b50cb87eaee9ab

SHA512
19016fe0cdf0876b3840872c63024e7cf050124180c3e97046bffc09a38813364aec477cf2c9d26eafb4d134200f6b6828d99b85615ee884bc63b5a39f90d36e

Download Submit
C:\Windows\system\KScpsQG.exe

Filesize
6.0MB

MD5
52b46a7eaed923a2cc607562ebfc3cf3

SHA1
70250a934782c48841672cd2ceb66a2bf40f1ddc

SHA256
88b3f0f6de071979d3eef3846b8dbc367dae581389e98a88b77f3185d1b0fc9f

SHA512
5325aeaa4b7623bf80812af8e2081fda8e0e526dd2f865206ac49ccf6c38f73d74cc9a93c6e6943366ea4dc4964ef92fd65ac092f82ac94e51a643299a70e94a

Download Submit
C:\Windows\system\LdLFwco.exe

Filesize
6.0MB

MD5
7d0a78254822c5c0366e06deb6f1590c

SHA1
5e72410557cb1566dd155eb1f1b4032ab5e70e91

SHA256
e9e30d531d6e80e124c6e8a81b6b2ad3dd63898753e84509412b7b66a74969cd

SHA512
496dc8159f627d41ff92ba473ab8eefa12558c35333ec00d30076dbed454d1243d776788d24b0297850a17210e0584a42f6670191a23ed10acba3711602a6f69

Download Submit
C:\Windows\system\MHJKmYd.exe

Filesize
6.0MB

MD5
b0fd5ee805f4e4d818c98c5333898c1c

SHA1
ad0c6f74bdc13056dc3a260e84aa068e0f5cfaed

SHA256
78bc3589209c15a9a9a0fcd2a52f8d68ba331a6ef7da10de0cc199c597eef6d4

SHA512
42c809c6c2dde849c0fe1b056577cbff1ada5d2b610eff36f712b47bc4f7d04f657d0dcbede64e03e1a68086cac6deaff17d3246772da9bc541a6a34f1ac0425

Download Submit
C:\Windows\system\MzgOyDn.exe

Filesize
6.0MB

MD5
cb32678a94d012e12fac103f2a246333

SHA1
25e4d286398b7fdb75bcbf82d7edf96515b601ef

SHA256
5398d684959f46a628ae8b25e20eb92ef3de7f0f287297fc6eb82fcef5a66cef

SHA512
8a557b57bd7090a6a0336e4bc47c5c4931d3681692defdd7fa36969d60d456eea6d33b02e0a4bbe4611ee896623a48cce7603f56058a74384354df350e75a88b

Download Submit
C:\Windows\system\NTodaEP.exe

Filesize
6.0MB

MD5
7577314675a59187e1dcf9916e7ca6cb

SHA1
f074e50fe5711e076816685e966a4758751b4103

SHA256
eef1ee7c2a3b415cd39dc33c47d79eeab1b2d93ae1b37adca365e49fa34712a6

SHA512
f9752599ff3afe8d495f104ac3b87496700f0be767b39164a72d0b1516e4d70fbd4759b7a699d9b0ad4effac5b500d0f2d703b755db5851b3d6722f1fb387d01

Download Submit
C:\Windows\system\OkQEWSH.exe

Filesize
6.0MB

MD5
0b018b202556c55d8c6416b5de642d89

SHA1
60819be1ffc727ed403cc7d032b10d8a3210a591

SHA256
61be275ee59a1518205a83ce878c11b563c51855a17108263fc8557ea163dc67

SHA512
90776687ebf76364dee9ece962134413b416b2b84bd2c116d58a3dafc8d96e5b955ebc9172118ffb0ed1481a21c45e04577ae8f00377a49cf2b1bb55e757f2f6

Download Submit
C:\Windows\system\SCFAecz.exe

Filesize
6.0MB

MD5
8dfbe0dc3c0fd49ffa4dc88497e392ac

SHA1
ffe66eec6d5069ac08e41d3ecf759bd932244025

SHA256
be1862683bf254e2f4cf8a1dfe9d192d9380c0a44c78da1f3782c8f311b65bb6

SHA512
a08fb963bba8f1df6d2ee701d66188ff3c56a37befad7983d1d04073c5d0c728cf96b8025085ddac3310bbb217539964eb3331a129e7115e7991c8437254e8ed

Download Submit
C:\Windows\system\TMySkhP.exe

Filesize
6.0MB

MD5
b58bbc6a3daee13da4002664f0ae2923

SHA1
db68bddf97f010d1e43ae5ea17b829bc8a6aa5bf

SHA256
e6150374a96917813417eca13639e291bfbc3cb4e50a78b683033ccbdd93c483

SHA512
9bfcf5d1cd3944b6c0f6eabf4972b96cec67804046e75de0012a8689919bb8386a3118581d7188b2353feb2ab252b433b88fe908be56a6443724ef65c67615a3

Download Submit
C:\Windows\system\TzGBkTs.exe

Filesize
6.0MB

MD5
898829ffb71545b398f7e65d1cda3408

SHA1
d0b2be5814ce9a5214b3c00fa8f8c7f6e6861c38

SHA256
205d82a4c06762f50d7e4635d08e5ee197910e925f88d20a54b711add418e3ec

SHA512
5530309f081ed97acf9231db9360cd309d67d9c863c1cb1101c128a2025861a0fddd0fb0432b155590921576f2757b165a3a4fbd4763267dbd095405337dd753

Download Submit
C:\Windows\system\VnnKPym.exe

Filesize
6.0MB

MD5
9003ff451231eebdd0eb921759708a74

SHA1
b72eed74125e6121b409eb05290dba6f2fb61627

SHA256
329fda0f9c9b3cfbe9d2dff663ba26f32fc7433656dcbef2359ca6608a258b4e

SHA512
9f73a699f526a61f9ebf313eecac811933161ff86fb5eb2f01f8ddf51bec62653b2a865b2e36db3ab27c58d4ecd86396f9f8f12dcaa2f39dbc9e6cabeb368b5b

Download Submit
C:\Windows\system\YFgIeDc.exe

Filesize
6.0MB

MD5
fe7c91ddbfac50d11fe26872e694c8b7

SHA1
fb640323f2910eb1cebe152338903ceec8b931b7

SHA256
555443ee06f531d40059214d829cd3f2156d02352faa63cc5877e1c3edb46dc7

SHA512
84c250d6e260290a3ab265692cf612048369ffee4905dc6d33b9887c0855b024dace4ca4069eb2fafc9fea683d48aab9512c92ff024ece552e4368e853bd43b2

Download Submit
C:\Windows\system\bJVUKiT.exe

Filesize
6.0MB

MD5
c23b145abf5afd1290bf0f7d50cb5cca

SHA1
f09d76158c0502db2cc8a562a3b9f151e7367ab6

SHA256
f8a39beb28d9d0d34fb1077068e66384fa72ddf68208f783cfa8350865c86432

SHA512
c1062b0af5b6ec73a7b0207084cc21895d4f44e3be759429d465a5cfd59ee584bf052fd3d5d0bff021084632f9c4755167f7969bb3cf44bca15727854f0de17e

Download Submit
C:\Windows\system\duXLmut.exe

Filesize
6.0MB

MD5
7e53f6effc14b18c42d86100b600f253

SHA1
3cf8674752e139631224d7a307eb8025b14deacc

SHA256
d205e200d09b2e67280d3a61e192f4c7faf6cea92d8a7518262e07e705c4e4bf

SHA512
b127f37797b15c8841319853caab9604f1fd32bc689a7f982a3de1f480ae3c398d0296d9ee10c81566c632f778629769c0cf63caa44d924f4103ade16d9aa770

Download Submit
C:\Windows\system\esoKoPW.exe

Filesize
6.0MB

MD5
c5ec51a7a44698a5ff38e04b1ea10027

SHA1
bf4c9ee185202f852270c4d6c55ed12b4665e758

SHA256
adbc1c6587e441dee9d800b0c2fb85bbd6ecbb501fe9dfad93e36ae5139103a6

SHA512
3c5cb250846e70f8d9335dd9a3e7c2218844b120b12e92249d0e2e7c1fee109327adedd9d669d2fb8a410bbb7ddf3f31af5b1d05f20f0bd52511dc75d4b8d47a

Download Submit
C:\Windows\system\iZtuAKW.exe

Filesize
6.0MB

MD5
5804f4715b0845821cdb94436eb48d89

SHA1
5351b75f51b30e7a647483f74b97ade26ff92f00

SHA256
585daa2ce38a3d171b16eaccdffb67a7bdbe44a5637840704fe5b7df3e03910b

SHA512
6a25d78f61f0dce992bc6b179e3aa2bd7bbcbcd9ccf9fda4c0ac95125d9a8504fbba28acb27524de106ef26f0eacaee1978b2a81c5eb5c96e1c83fed8c5d2817

Download Submit
C:\Windows\system\lNZwNuK.exe

Filesize
6.0MB

MD5
211be7a3dcb92b88cf414aea51bb4e21

SHA1
1c0118c908cb9e1a9308f0c003710e35ef5d0ee9

SHA256
d1e09811c815aac86edb15a1f68ab4dfd88da5ccc5670516f2a5478d3efe9519

SHA512
96ab0e58d6abe994abf9557bd91b6060b6a49c8931fb39043f636918cd13cbdcd448fa56da7c2823858ef9583c5144e5fcd3aabbc6d86aef564a5e129e02a606

Download Submit
C:\Windows\system\nAjTgQi.exe

Filesize
6.0MB

MD5
96378cfa5d5a91e8189734641052dcfa

SHA1
d56dc7631e326fecdbbf35543f50079a645917b2

SHA256
f0d91ceca1538346dc9d629e4d9c9032d5131e935810c76f7b7d2e6341bf554a

SHA512
149a2f7ecc2796b51a944c8a943e7dce9bcae2cb3f35cfbd279f1c9160b23eccc1f6cdaee70e91ea76a46a5ccafaa1372ecabe9e32a827a3544ecf4d94df4844

Download Submit
C:\Windows\system\nAwGlVQ.exe

Filesize
6.0MB

MD5
536f29300f7d2ef738a46922d0b9fe29

SHA1
0d2901223790caa14e6131cc78d31a0653dc4c0c

SHA256
acc52bbf0674b82e59de2dbf29869e4a8cb8137e87cfff1abe1add2a5b45443e

SHA512
5d786af40fdfe7ae88a7e184220d869a8bfe0f01d1a2798505c19f2750e70d753d56dc433f431f28b6af130144c3186030f7057352a3e6c003de729181944644

Download Submit
C:\Windows\system\oHbrHJz.exe

Filesize
6.0MB

MD5
f3e9ecc757e9bde85622a7d1497eb82d

SHA1
56377b1dfca1496c07092d7471067be86bd0395e

SHA256
2eadd10355d5e4775ff233fd2202907ecee436c7ed510f6a2e3a934bdb8edfed

SHA512
9ab4d1ef973e9a2d0f3f74d68ddb8fb918f21c495635bd80a6e6337ba659104aa6543e2a7cb0f3372612bb1609bfe286f5a8664fb5932a8022c692d57ab620f5

Download Submit
C:\Windows\system\ojtgxoP.exe

Filesize
6.0MB

MD5
730ec3ddc6de4c37a252e54a3a990f7f

SHA1
7bfe918a55832a693aa219d7c1c44815949e1963

SHA256
31b48095b4f08fca0190a5be1a3d0af4a671f317606c8e6eeccde627f75aa526

SHA512
b15055f272cb5819751921280af1366e209c57a6e4ac22d9e34a9dcdabddd9647b04e5db30ff81caafffd9747596f2120ae8251d5f984de282e11b1431c8bb2b

Download Submit
C:\Windows\system\pWbbarL.exe

Filesize
6.0MB

MD5
98a574946f59e429fdcf0b542004268a

SHA1
3e3aea224579e3cb4543625ce7c0db258d8e5840

SHA256
b29ec51007483713bfaeb0e49bc1475b5de98c0e42ee29429928d7e238ae30b7

SHA512
82aaedadd062985ffa45478ef30d620724a790fb9cad1eaebe690c835ff7c423b9b63a5ad34ae74b579474d985cacaefde163837711318efc82173deec8c39e3

Download Submit
C:\Windows\system\qNMNJPP.exe

Filesize
6.0MB

MD5
8d36a2f9676118f07cb18d3d9cf1e1f7

SHA1
68523f7e82295bf93c09bebbbfb1af882e5563d0

SHA256
69d825ceb8dcaa8e9c1e4494f64be4bec11e97e6e3c5ecf0c6ba19158d5e2f73

SHA512
a639494d621507ffbc16f6d0250da08c8b80227747bae2b745bdfa445459ff185948422db056f9b4a58560773983aec37c5fc009d0d68254a4cd348643c101f3

Download Submit
C:\Windows\system\qyRYeOm.exe

Filesize
6.0MB

MD5
dcffb1e9cab73d8e10de06af05313a92

SHA1
b073032a156d1f63893a5a7144f4830d06da65c4

SHA256
b874a3a56e44fde0dc608053cfc775f90f7ea0713d990d2c491c499c8d578b1a

SHA512
2e53352342656fa098f17d92dd2f38fb6b75cc43069d577771ef7fdca0c272a2cf9bc9a81902662656a68172aa8da1364a56e170e1de5d6a8b02813d330fa1f2

Download Submit
C:\Windows\system\sfTRTuL.exe

Filesize
6.0MB

MD5
0b8de22ab924ee769e5ccb1023161649

SHA1
c77bfa12d8b6e4f8e093aa7044a4a9d12af5ea76

SHA256
9d3a7c9f061d7039e2725d586d1b3c96b012c219621785f595bc1a458b3a9349

SHA512
fbaa67577aff546be0ef8d740d4a199f769a4c9f0552f5b8a9fe1991bc8d512acc37ba13c8f848c19debc58ce425b71d9c301970e228c0dffb332bfa62862a5a

Download Submit
C:\Windows\system\tegpDIi.exe

Filesize
6.0MB

MD5
1e81ea8cfa966f566bcf05726e64bccf

SHA1
62e63c5406607c099356bc4e0aaf0278cfb47541

SHA256
d76251b4acd2ef0ef5bc648f95a8554725e55d2195606566e4d61098531e5582

SHA512
fa1f0e752c7c03f7fdb1a4c0ff0252ccaca6f4bcfd285e91ebff27e12f86ee17a6910183d2d15233c763c42b86740dd22bdffcda95c2b6aee47b6845cc93a267

Download Submit
C:\Windows\system\towgaqn.exe

Filesize
6.0MB

MD5
f4382b273f217255830f2030460f89e5

SHA1
6500943d7f16037b8b007d5ca6a7d26a9c5e35b5

SHA256
6d3848d906df76b501428299c56cc0637d0d73c56f29ce7b746cfa796df408d7

SHA512
39848eeae6046151502a6203cfdd8a88a6b1d8a90433f5613b5307059cea584d6fa1b914c60f5e2337f42361f055fe9420335e1101450654b470766abfaa46d0

Download Submit
C:\Windows\system\uxbHTWA.exe

Filesize
6.0MB

MD5
2ef0081efba98073e56388bbb6d5e0d3

SHA1
fb07497e188b7d6e113422e19911bc27e35390e4

SHA256
a6b6e0b7c4ffe601b85196e70bda62b85fef6cf5294a36d94c5690cb1c550afc

SHA512
71238fe3fba1018181d90584a9c713f100a253942a603fd2ab33fbaec4babe3a81a87a6fa5acf3fbf0485451446996c1dd79f967ef57d21cb05118e304192e47

Download Submit
C:\Windows\system\vtFTZZO.exe

Filesize
6.0MB

MD5
bbfce474b161db1398ad1787df58dfd4

SHA1
5e94e244040f5177a9e382f849a79ae83a233aaa

SHA256
e81d8a25288be8e1c02cf5bd1a07316af057a21ea77f4e33187d7402730be2b5

SHA512
52d74be40b58579872f8e5ff8b79d137c8a04f5e863b80ed4084a392476960d1a79990e7e0b2dbe926beb2b20030ed5084d4873c6316c8704d8c74f0332db7cd

Download Submit
C:\Windows\system\zyjeNAh.exe

Filesize
6.0MB

MD5
d598db17ff40464df19f17d33e84f6b7

SHA1
30f5c18ee1221917282445c08bd2d5bb39b81ff3

SHA256
d35f195f488f6080fe308a5cb497873b5a3fbe72299476e35d930f62de51f4c6

SHA512
cebb8f27a7dc14fe31d25803854df11bc077e89b5426defb74e41df4af21c72e5fc76544ddd48126d29a047998615645668f992e97825057cf245240e6560da3

Download Submit
memory/2216-8-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2216-3362-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2356-86-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2356-65-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2356-450-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2356-29-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2356-94-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-890-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2356-13-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2356-21-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2356-0-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2356-102-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2356-81-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-36-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-79-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2356-96-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2356-101-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2356-42-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2356-47-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2356-57-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2356-63-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2452-4272-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2452-73-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2524-4271-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2524-87-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2560-89-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2560-59-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2560-4270-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2572-3400-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2572-67-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2572-35-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2604-80-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2604-4275-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2636-4269-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2636-64-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2668-15-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2668-3391-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2680-41-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-3402-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-78-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-88-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-49-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-4268-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-4273-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-95-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-3405-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2840-22-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2860-40-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3390-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-68-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/3060-4274-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download