cobaltstrike | 52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
27/12/2024, 02:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
Size

6.0MB
MD5

ed3167d7b50d97790892e51385fc42c0
SHA1

50cd12973079b3cb18556b53fa0d41d009874ca6
SHA256

52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794
SHA512

ca3bdc1678c18daca1528a11d37d4fc1686aa669eb4f4fdb5d7fda2689351c6cc1c5a244eaeb415e647924750525e8d5925eca915a31f1460e0ca120c2831318
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUQ:eOl56utgpPF8u/7Q

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001202c-3.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001939c-11.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001938e-29.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019429-41.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019490-52.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a467-84.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c7-197.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c5-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c3-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c1-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bd-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bf-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b9-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ad-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ab-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a5-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a495-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a494-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a489-103.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a487-95.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001932a-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-72.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000194c6-61.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019481-49.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001946b-31.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001941b-30.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1528-0-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x000a00000001202c-3.dat	xmrig
behavioral1/files/0x000700000001939c-11.dat	xmrig
behavioral1/files/0x000700000001938e-29.dat	xmrig
behavioral1/files/0x0006000000019429-41.dat	xmrig
behavioral1/memory/1824-44-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/1528-42-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/1488-40-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/files/0x0006000000019490-52.dat	xmrig
behavioral1/memory/2664-73-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x000500000001a467-84.dat	xmrig
behavioral1/memory/664-966-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/1684-756-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2796-541-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/2668-406-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/1528-316-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2664-236-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4c7-197.dat	xmrig
behavioral1/files/0x000500000001a4c5-193.dat	xmrig
behavioral1/files/0x000500000001a4c3-187.dat	xmrig
behavioral1/files/0x000500000001a4c1-183.dat	xmrig
behavioral1/files/0x000500000001a4bd-173.dat	xmrig
behavioral1/files/0x000500000001a4bf-177.dat	xmrig
behavioral1/files/0x000500000001a4b9-163.dat	xmrig
behavioral1/files/0x000500000001a4bb-167.dat	xmrig
behavioral1/files/0x000500000001a4b7-157.dat	xmrig
behavioral1/files/0x000500000001a4b5-153.dat	xmrig
behavioral1/files/0x000500000001a4b3-147.dat	xmrig
behavioral1/files/0x000500000001a4b1-143.dat	xmrig
behavioral1/files/0x000500000001a4af-137.dat	xmrig
behavioral1/files/0x000500000001a4ad-133.dat	xmrig
behavioral1/files/0x000500000001a4ab-127.dat	xmrig
behavioral1/files/0x000500000001a4a5-122.dat	xmrig
behavioral1/files/0x000500000001a495-117.dat	xmrig
behavioral1/files/0x000500000001a494-113.dat	xmrig
behavioral1/memory/664-105-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2788-104-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/files/0x000500000001a489-103.dat	xmrig
behavioral1/memory/1684-97-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2844-96-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/files/0x000500000001a487-95.dat	xmrig
behavioral1/memory/2668-82-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/1824-81-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/files/0x000800000001932a-80.dat	xmrig
behavioral1/memory/1488-75-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2796-88-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/memory/2764-87-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2788-62-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/files/0x000500000001a42d-72.dat	xmrig
behavioral1/memory/1528-69-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2060-68-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2340-67-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/files/0x00070000000194c6-61.dat	xmrig
behavioral1/memory/2332-66-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2764-50-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019481-49.dat	xmrig
behavioral1/memory/2712-46-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2060-37-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2340-33-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2332-32-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/files/0x000600000001946b-31.dat	xmrig
behavioral1/files/0x000700000001941b-30.dat	xmrig
behavioral1/memory/1528-6-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/1824-3494-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2712	gqpZEew.exe
2332	irxXLdw.exe
2340	mjxXqwe.exe
2060	pTWKlVj.exe
1488	WNnxRXY.exe
1824	ykjbTvJ.exe
2764	Kbmmxnd.exe
2844	QRddWsy.exe
2788	OdoZUVD.exe
2664	oPdFqBT.exe
2668	FkrvoTA.exe
2796	VvFqJkN.exe
1684	TmXGgYs.exe
664	tctQayZ.exe
2072	bvCKGGR.exe
1160	wmkifWX.exe
2020	pVPSIPE.exe
2952	AZxoelV.exe
2956	JaLEbRE.exe
2308	daldJKu.exe
1432	ACBwXHH.exe
1964	ErXVoaZ.exe
2180	BUMeVEg.exe
2300	BHcYJho.exe
2208	GSbvXfc.exe
332	ybKCWmz.exe
2552	XOpGykS.exe
484	shWwnPG.exe
1468	vzpznTX.exe
912	aALdYkN.exe
832	GEeEMXs.exe
1736	xZRgiuP.exe
984	ulhXfQf.exe
1360	joPWMYf.exe
2184	zeIrYkt.exe
684	pjQBujT.exe
1772	PUNzYEI.exe
1348	YxjjRvF.exe
3032	dyEiObM.exe
2492	BDBTbmX.exe
876	iBQYYDP.exe
2212	fEkfMIB.exe
1968	xglsqHz.exe
2512	Eulnwua.exe
2440	nkKsWqG.exe
2460	IDlatfI.exe
1592	yVfOPIX.exe
2204	FEFWtMw.exe
1980	MplohXG.exe
872	vIeDrTj.exe
2400	yREvbGZ.exe
2588	tjgQbIy.exe
1056	AMgcjWb.exe
1664	jaDqWbF.exe
2600	DsnPrTJ.exe
1288	kTPdfeE.exe
2128	jenaOtf.exe
2376	nIoBCXR.exe
2784	GZGBCpp.exe
2732	DjJEMxy.exe
2804	FqzZuUl.exe
568	wNkxoou.exe
2884	CvxFfDF.exe
2320	CEOVjuo.exe

Loads dropped DLL 64 IoCs

pid	Process
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1528-0-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x000a00000001202c-3.dat	upx
behavioral1/files/0x000700000001939c-11.dat	upx
behavioral1/files/0x000700000001938e-29.dat	upx
behavioral1/files/0x0006000000019429-41.dat	upx
behavioral1/memory/1824-44-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/1528-42-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/1488-40-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/files/0x0006000000019490-52.dat	upx
behavioral1/memory/2664-73-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x000500000001a467-84.dat	upx
behavioral1/memory/664-966-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/1684-756-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2796-541-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2668-406-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2664-236-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x000500000001a4c7-197.dat	upx
behavioral1/files/0x000500000001a4c5-193.dat	upx
behavioral1/files/0x000500000001a4c3-187.dat	upx
behavioral1/files/0x000500000001a4c1-183.dat	upx
behavioral1/files/0x000500000001a4bd-173.dat	upx
behavioral1/files/0x000500000001a4bf-177.dat	upx
behavioral1/files/0x000500000001a4b9-163.dat	upx
behavioral1/files/0x000500000001a4bb-167.dat	upx
behavioral1/files/0x000500000001a4b7-157.dat	upx
behavioral1/files/0x000500000001a4b5-153.dat	upx
behavioral1/files/0x000500000001a4b3-147.dat	upx
behavioral1/files/0x000500000001a4b1-143.dat	upx
behavioral1/files/0x000500000001a4af-137.dat	upx
behavioral1/files/0x000500000001a4ad-133.dat	upx
behavioral1/files/0x000500000001a4ab-127.dat	upx
behavioral1/files/0x000500000001a4a5-122.dat	upx
behavioral1/files/0x000500000001a495-117.dat	upx
behavioral1/files/0x000500000001a494-113.dat	upx
behavioral1/memory/664-105-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2788-104-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/files/0x000500000001a489-103.dat	upx
behavioral1/memory/1684-97-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2844-96-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/files/0x000500000001a487-95.dat	upx
behavioral1/memory/2668-82-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/1824-81-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/files/0x000800000001932a-80.dat	upx
behavioral1/memory/1488-75-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2796-88-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/memory/2764-87-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2788-62-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/files/0x000500000001a42d-72.dat	upx
behavioral1/memory/2060-68-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2340-67-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/files/0x00070000000194c6-61.dat	upx
behavioral1/memory/2332-66-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2764-50-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/files/0x0006000000019481-49.dat	upx
behavioral1/memory/2712-46-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2060-37-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2340-33-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2332-32-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/files/0x000600000001946b-31.dat	upx
behavioral1/files/0x000700000001941b-30.dat	upx
behavioral1/memory/1528-6-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/1824-3494-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2764-3501-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2060-3500-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\vvvbDST.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\ZQGftKN.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\ddBOfsI.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\wCOMaqp.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\LvLlkyt.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\dfJXpOy.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\RZpiODe.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\fsrNozi.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\HJKmNTs.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\LIBvgOU.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\qJUJPbW.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\VKaLqbE.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\vzKuJke.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\zeVvRAl.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\fBUiieV.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\wDKOAwr.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\wQHYhFC.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\LCPsFML.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\xlyLIUp.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\najClLr.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\GSrRbwF.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\CsnPezh.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\zROIYqz.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\AJvGpfz.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\WrjqTTu.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\EWxoeUK.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\iBxPnrA.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\rnOtLTw.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\bkzDRZA.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\hhhySLp.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\jeQGIgm.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\HECjFtY.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\nItdUJt.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\JVmwosE.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\CIYxxkQ.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\KRzHSQd.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\fhyBzkE.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\wkiFRLC.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\rJuwbOS.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\NVlwoMx.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\CjQwWXU.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\fZtRKuF.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\szBdjck.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\qJugQPh.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\PGiHYEf.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\yzIeDbR.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\IrIcAkg.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\XxAdAVX.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\BGpmMPt.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\loorJIf.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\FKdPmbd.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\riBWXrs.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\DjWSTDA.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\pMHQJWB.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\NVranSt.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\vxgVReJ.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\EhvEbzl.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\twSJshJ.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\ieHuwBm.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\PHwmpjO.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\zahIEJa.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\LhlYwvq.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\vbrdmyt.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
File created	C:\Windows\System\JGEwraK.exe	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1528 wrote to memory of 2712	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	31
PID 1528 wrote to memory of 2712	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	31
PID 1528 wrote to memory of 2712	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	31
PID 1528 wrote to memory of 2332	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	32
PID 1528 wrote to memory of 2332	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	32
PID 1528 wrote to memory of 2332	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	32
PID 1528 wrote to memory of 1488	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	33
PID 1528 wrote to memory of 1488	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	33
PID 1528 wrote to memory of 1488	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	33
PID 1528 wrote to memory of 2340	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	34
PID 1528 wrote to memory of 2340	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	34
PID 1528 wrote to memory of 2340	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	34
PID 1528 wrote to memory of 1824	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	35
PID 1528 wrote to memory of 1824	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	35
PID 1528 wrote to memory of 1824	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	35
PID 1528 wrote to memory of 2060	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	36
PID 1528 wrote to memory of 2060	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	36
PID 1528 wrote to memory of 2060	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	36
PID 1528 wrote to memory of 2764	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	37
PID 1528 wrote to memory of 2764	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	37
PID 1528 wrote to memory of 2764	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	37
PID 1528 wrote to memory of 2844	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	38
PID 1528 wrote to memory of 2844	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	38
PID 1528 wrote to memory of 2844	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	38
PID 1528 wrote to memory of 2788	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	39
PID 1528 wrote to memory of 2788	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	39
PID 1528 wrote to memory of 2788	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	39
PID 1528 wrote to memory of 2664	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	40
PID 1528 wrote to memory of 2664	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	40
PID 1528 wrote to memory of 2664	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	40
PID 1528 wrote to memory of 2668	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	41
PID 1528 wrote to memory of 2668	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	41
PID 1528 wrote to memory of 2668	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	41
PID 1528 wrote to memory of 2796	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	42
PID 1528 wrote to memory of 2796	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	42
PID 1528 wrote to memory of 2796	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	42
PID 1528 wrote to memory of 1684	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	43
PID 1528 wrote to memory of 1684	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	43
PID 1528 wrote to memory of 1684	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	43
PID 1528 wrote to memory of 664	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	44
PID 1528 wrote to memory of 664	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	44
PID 1528 wrote to memory of 664	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	44
PID 1528 wrote to memory of 2072	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	45
PID 1528 wrote to memory of 2072	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	45
PID 1528 wrote to memory of 2072	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	45
PID 1528 wrote to memory of 1160	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	46
PID 1528 wrote to memory of 1160	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	46
PID 1528 wrote to memory of 1160	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	46
PID 1528 wrote to memory of 2020	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	47
PID 1528 wrote to memory of 2020	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	47
PID 1528 wrote to memory of 2020	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	47
PID 1528 wrote to memory of 2952	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	48
PID 1528 wrote to memory of 2952	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	48
PID 1528 wrote to memory of 2952	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	48
PID 1528 wrote to memory of 2956	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	49
PID 1528 wrote to memory of 2956	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	49
PID 1528 wrote to memory of 2956	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	49
PID 1528 wrote to memory of 2308	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	50
PID 1528 wrote to memory of 2308	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	50
PID 1528 wrote to memory of 2308	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	50
PID 1528 wrote to memory of 1432	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	51
PID 1528 wrote to memory of 1432	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	51
PID 1528 wrote to memory of 1432	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	51
PID 1528 wrote to memory of 1964	1528	JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_52703513a60471865eaadce10bf901693bca30375d7cb9c36bbb9473d0d93794.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1528
- C:\Windows\System\gqpZEew.exe
  C:\Windows\System\gqpZEew.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\irxXLdw.exe
  C:\Windows\System\irxXLdw.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\WNnxRXY.exe
  C:\Windows\System\WNnxRXY.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\mjxXqwe.exe
  C:\Windows\System\mjxXqwe.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\ykjbTvJ.exe
  C:\Windows\System\ykjbTvJ.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\pTWKlVj.exe
  C:\Windows\System\pTWKlVj.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\Kbmmxnd.exe
  C:\Windows\System\Kbmmxnd.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\QRddWsy.exe
  C:\Windows\System\QRddWsy.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\OdoZUVD.exe
  C:\Windows\System\OdoZUVD.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\oPdFqBT.exe
  C:\Windows\System\oPdFqBT.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\FkrvoTA.exe
  C:\Windows\System\FkrvoTA.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\VvFqJkN.exe
  C:\Windows\System\VvFqJkN.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\TmXGgYs.exe
  C:\Windows\System\TmXGgYs.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\tctQayZ.exe
  C:\Windows\System\tctQayZ.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\bvCKGGR.exe
  C:\Windows\System\bvCKGGR.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\wmkifWX.exe
  C:\Windows\System\wmkifWX.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\pVPSIPE.exe
  C:\Windows\System\pVPSIPE.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\AZxoelV.exe
  C:\Windows\System\AZxoelV.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\JaLEbRE.exe
  C:\Windows\System\JaLEbRE.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\daldJKu.exe
  C:\Windows\System\daldJKu.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\ACBwXHH.exe
  C:\Windows\System\ACBwXHH.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\ErXVoaZ.exe
  C:\Windows\System\ErXVoaZ.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\BUMeVEg.exe
  C:\Windows\System\BUMeVEg.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\BHcYJho.exe
  C:\Windows\System\BHcYJho.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\GSbvXfc.exe
  C:\Windows\System\GSbvXfc.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\ybKCWmz.exe
  C:\Windows\System\ybKCWmz.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\XOpGykS.exe
  C:\Windows\System\XOpGykS.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\shWwnPG.exe
  C:\Windows\System\shWwnPG.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\vzpznTX.exe
  C:\Windows\System\vzpznTX.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\aALdYkN.exe
  C:\Windows\System\aALdYkN.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\GEeEMXs.exe
  C:\Windows\System\GEeEMXs.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\xZRgiuP.exe
  C:\Windows\System\xZRgiuP.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\ulhXfQf.exe
  C:\Windows\System\ulhXfQf.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\joPWMYf.exe
  C:\Windows\System\joPWMYf.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\zeIrYkt.exe
  C:\Windows\System\zeIrYkt.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\pjQBujT.exe
  C:\Windows\System\pjQBujT.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\PUNzYEI.exe
  C:\Windows\System\PUNzYEI.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\YxjjRvF.exe
  C:\Windows\System\YxjjRvF.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\dyEiObM.exe
  C:\Windows\System\dyEiObM.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\BDBTbmX.exe
  C:\Windows\System\BDBTbmX.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\iBQYYDP.exe
  C:\Windows\System\iBQYYDP.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\fEkfMIB.exe
  C:\Windows\System\fEkfMIB.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\xglsqHz.exe
  C:\Windows\System\xglsqHz.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\Eulnwua.exe
  C:\Windows\System\Eulnwua.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\nkKsWqG.exe
  C:\Windows\System\nkKsWqG.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\IDlatfI.exe
  C:\Windows\System\IDlatfI.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\yVfOPIX.exe
  C:\Windows\System\yVfOPIX.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\FEFWtMw.exe
  C:\Windows\System\FEFWtMw.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\MplohXG.exe
  C:\Windows\System\MplohXG.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\vIeDrTj.exe
  C:\Windows\System\vIeDrTj.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\yREvbGZ.exe
  C:\Windows\System\yREvbGZ.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\tjgQbIy.exe
  C:\Windows\System\tjgQbIy.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\AMgcjWb.exe
  C:\Windows\System\AMgcjWb.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\jaDqWbF.exe
  C:\Windows\System\jaDqWbF.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\DsnPrTJ.exe
  C:\Windows\System\DsnPrTJ.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\kTPdfeE.exe
  C:\Windows\System\kTPdfeE.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\jenaOtf.exe
  C:\Windows\System\jenaOtf.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\nIoBCXR.exe
  C:\Windows\System\nIoBCXR.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\GZGBCpp.exe
  C:\Windows\System\GZGBCpp.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\DjJEMxy.exe
  C:\Windows\System\DjJEMxy.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\FqzZuUl.exe
  C:\Windows\System\FqzZuUl.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\wNkxoou.exe
  C:\Windows\System\wNkxoou.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\CvxFfDF.exe
  C:\Windows\System\CvxFfDF.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\CEOVjuo.exe
  C:\Windows\System\CEOVjuo.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\NuaHXbk.exe
  C:\Windows\System\NuaHXbk.exe
  2⤵
  PID:2892
- C:\Windows\System\BWwDNuy.exe
  C:\Windows\System\BWwDNuy.exe
  2⤵
  PID:1776
- C:\Windows\System\KHAiAIB.exe
  C:\Windows\System\KHAiAIB.exe
  2⤵
  PID:2000
- C:\Windows\System\VtFxefe.exe
  C:\Windows\System\VtFxefe.exe
  2⤵
  PID:1972
- C:\Windows\System\rpJfnTd.exe
  C:\Windows\System\rpJfnTd.exe
  2⤵
  PID:1924
- C:\Windows\System\AWrOPOI.exe
  C:\Windows\System\AWrOPOI.exe
  2⤵
  PID:2328
- C:\Windows\System\naLnAvJ.exe
  C:\Windows\System\naLnAvJ.exe
  2⤵
  PID:1840
- C:\Windows\System\ekVuExu.exe
  C:\Windows\System\ekVuExu.exe
  2⤵
  PID:444
- C:\Windows\System\ZoXvTXG.exe
  C:\Windows\System\ZoXvTXG.exe
  2⤵
  PID:1856
- C:\Windows\System\HiCOScr.exe
  C:\Windows\System\HiCOScr.exe
  2⤵
  PID:1328
- C:\Windows\System\FSwMCJx.exe
  C:\Windows\System\FSwMCJx.exe
  2⤵
  PID:2904
- C:\Windows\System\nXNBGLA.exe
  C:\Windows\System\nXNBGLA.exe
  2⤵
  PID:1548
- C:\Windows\System\tnEKrsE.exe
  C:\Windows\System\tnEKrsE.exe
  2⤵
  PID:2008
- C:\Windows\System\NRUMXXj.exe
  C:\Windows\System\NRUMXXj.exe
  2⤵
  PID:900
- C:\Windows\System\YLjOLAJ.exe
  C:\Windows\System\YLjOLAJ.exe
  2⤵
  PID:584
- C:\Windows\System\tMSViSV.exe
  C:\Windows\System\tMSViSV.exe
  2⤵
  PID:688
- C:\Windows\System\MpzfMJs.exe
  C:\Windows\System\MpzfMJs.exe
  2⤵
  PID:1716
- C:\Windows\System\dVrBDCe.exe
  C:\Windows\System\dVrBDCe.exe
  2⤵
  PID:2464
- C:\Windows\System\JHmBDnS.exe
  C:\Windows\System\JHmBDnS.exe
  2⤵
  PID:604
- C:\Windows\System\cgWkdlP.exe
  C:\Windows\System\cgWkdlP.exe
  2⤵
  PID:3068
- C:\Windows\System\GEiNFhz.exe
  C:\Windows\System\GEiNFhz.exe
  2⤵
  PID:1560
- C:\Windows\System\VFvUMVW.exe
  C:\Windows\System\VFvUMVW.exe
  2⤵
  PID:2084
- C:\Windows\System\yHZDnGc.exe
  C:\Windows\System\yHZDnGc.exe
  2⤵
  PID:2364
- C:\Windows\System\dIjbiyz.exe
  C:\Windows\System\dIjbiyz.exe
  2⤵
  PID:2772
- C:\Windows\System\najClLr.exe
  C:\Windows\System\najClLr.exe
  2⤵
  PID:2868
- C:\Windows\System\UQLlebk.exe
  C:\Windows\System\UQLlebk.exe
  2⤵
  PID:2876
- C:\Windows\System\QqOSMrA.exe
  C:\Windows\System\QqOSMrA.exe
  2⤵
  PID:2940
- C:\Windows\System\tZOPDgS.exe
  C:\Windows\System\tZOPDgS.exe
  2⤵
  PID:1272
- C:\Windows\System\HMGVRTf.exe
  C:\Windows\System\HMGVRTf.exe
  2⤵
  PID:2616
- C:\Windows\System\xydmYnY.exe
  C:\Windows\System\xydmYnY.exe
  2⤵
  PID:1792
- C:\Windows\System\NUecfvk.exe
  C:\Windows\System\NUecfvk.exe
  2⤵
  PID:1976
- C:\Windows\System\zvtwsRM.exe
  C:\Windows\System\zvtwsRM.exe
  2⤵
  PID:564
- C:\Windows\System\ZtqpMKQ.exe
  C:\Windows\System\ZtqpMKQ.exe
  2⤵
  PID:1080
- C:\Windows\System\UUXANHG.exe
  C:\Windows\System\UUXANHG.exe
  2⤵
  PID:748
- C:\Windows\System\RBaCubb.exe
  C:\Windows\System\RBaCubb.exe
  2⤵
  PID:2516
- C:\Windows\System\aNcnUYr.exe
  C:\Windows\System\aNcnUYr.exe
  2⤵
  PID:1516
- C:\Windows\System\gRnjCHR.exe
  C:\Windows\System\gRnjCHR.exe
  2⤵
  PID:3096
- C:\Windows\System\RIoLJKK.exe
  C:\Windows\System\RIoLJKK.exe
  2⤵
  PID:3116
- C:\Windows\System\WTnKxOT.exe
  C:\Windows\System\WTnKxOT.exe
  2⤵
  PID:3136
- C:\Windows\System\tLpNBJZ.exe
  C:\Windows\System\tLpNBJZ.exe
  2⤵
  PID:3156
- C:\Windows\System\xzdirPs.exe
  C:\Windows\System\xzdirPs.exe
  2⤵
  PID:3172
- C:\Windows\System\KOcbikF.exe
  C:\Windows\System\KOcbikF.exe
  2⤵
  PID:3196
- C:\Windows\System\CxdFqxU.exe
  C:\Windows\System\CxdFqxU.exe
  2⤵
  PID:3216
- C:\Windows\System\WVrEhsE.exe
  C:\Windows\System\WVrEhsE.exe
  2⤵
  PID:3236
- C:\Windows\System\TqJdoAc.exe
  C:\Windows\System\TqJdoAc.exe
  2⤵
  PID:3256
- C:\Windows\System\PGBRKgG.exe
  C:\Windows\System\PGBRKgG.exe
  2⤵
  PID:3276
- C:\Windows\System\tREjSzc.exe
  C:\Windows\System\tREjSzc.exe
  2⤵
  PID:3296
- C:\Windows\System\XgmVWgh.exe
  C:\Windows\System\XgmVWgh.exe
  2⤵
  PID:3316
- C:\Windows\System\cRdpgie.exe
  C:\Windows\System\cRdpgie.exe
  2⤵
  PID:3336
- C:\Windows\System\jNxKfGu.exe
  C:\Windows\System\jNxKfGu.exe
  2⤵
  PID:3356
- C:\Windows\System\kAAmKiV.exe
  C:\Windows\System\kAAmKiV.exe
  2⤵
  PID:3376
- C:\Windows\System\Nmdcmcg.exe
  C:\Windows\System\Nmdcmcg.exe
  2⤵
  PID:3396
- C:\Windows\System\atIBCUH.exe
  C:\Windows\System\atIBCUH.exe
  2⤵
  PID:3416
- C:\Windows\System\dDfexXb.exe
  C:\Windows\System\dDfexXb.exe
  2⤵
  PID:3436
- C:\Windows\System\rhSDxII.exe
  C:\Windows\System\rhSDxII.exe
  2⤵
  PID:3456
- C:\Windows\System\ypiSXgZ.exe
  C:\Windows\System\ypiSXgZ.exe
  2⤵
  PID:3476
- C:\Windows\System\PzYXwks.exe
  C:\Windows\System\PzYXwks.exe
  2⤵
  PID:3496
- C:\Windows\System\uwoMjch.exe
  C:\Windows\System\uwoMjch.exe
  2⤵
  PID:3516
- C:\Windows\System\PZWFpEG.exe
  C:\Windows\System\PZWFpEG.exe
  2⤵
  PID:3536
- C:\Windows\System\kqzBVWF.exe
  C:\Windows\System\kqzBVWF.exe
  2⤵
  PID:3560
- C:\Windows\System\LJBkzea.exe
  C:\Windows\System\LJBkzea.exe
  2⤵
  PID:3580
- C:\Windows\System\VsUQVec.exe
  C:\Windows\System\VsUQVec.exe
  2⤵
  PID:3600
- C:\Windows\System\WShtEDp.exe
  C:\Windows\System\WShtEDp.exe
  2⤵
  PID:3620
- C:\Windows\System\otBgmlR.exe
  C:\Windows\System\otBgmlR.exe
  2⤵
  PID:3640
- C:\Windows\System\xvLZSCW.exe
  C:\Windows\System\xvLZSCW.exe
  2⤵
  PID:3660
- C:\Windows\System\EGMOmwi.exe
  C:\Windows\System\EGMOmwi.exe
  2⤵
  PID:3680
- C:\Windows\System\aXLvJBV.exe
  C:\Windows\System\aXLvJBV.exe
  2⤵
  PID:3700
- C:\Windows\System\fvhkjtj.exe
  C:\Windows\System\fvhkjtj.exe
  2⤵
  PID:3720
- C:\Windows\System\VsifWKe.exe
  C:\Windows\System\VsifWKe.exe
  2⤵
  PID:3740
- C:\Windows\System\GFcLteP.exe
  C:\Windows\System\GFcLteP.exe
  2⤵
  PID:3760
- C:\Windows\System\UqkVbFq.exe
  C:\Windows\System\UqkVbFq.exe
  2⤵
  PID:3780
- C:\Windows\System\IJWPhyl.exe
  C:\Windows\System\IJWPhyl.exe
  2⤵
  PID:3800
- C:\Windows\System\Owmziae.exe
  C:\Windows\System\Owmziae.exe
  2⤵
  PID:3820
- C:\Windows\System\PjxllLX.exe
  C:\Windows\System\PjxllLX.exe
  2⤵
  PID:3840
- C:\Windows\System\DqXpLTB.exe
  C:\Windows\System\DqXpLTB.exe
  2⤵
  PID:3860
- C:\Windows\System\UYFZYlV.exe
  C:\Windows\System\UYFZYlV.exe
  2⤵
  PID:3880
- C:\Windows\System\HdvBMLv.exe
  C:\Windows\System\HdvBMLv.exe
  2⤵
  PID:3900
- C:\Windows\System\jWuBIur.exe
  C:\Windows\System\jWuBIur.exe
  2⤵
  PID:3920
- C:\Windows\System\oMUodhX.exe
  C:\Windows\System\oMUodhX.exe
  2⤵
  PID:3940
- C:\Windows\System\qvRDZCO.exe
  C:\Windows\System\qvRDZCO.exe
  2⤵
  PID:3960
- C:\Windows\System\WIfIySl.exe
  C:\Windows\System\WIfIySl.exe
  2⤵
  PID:3980
- C:\Windows\System\XPbKuYb.exe
  C:\Windows\System\XPbKuYb.exe
  2⤵
  PID:4000
- C:\Windows\System\aPKZtSM.exe
  C:\Windows\System\aPKZtSM.exe
  2⤵
  PID:4024
- C:\Windows\System\xzrgWqV.exe
  C:\Windows\System\xzrgWqV.exe
  2⤵
  PID:4044
- C:\Windows\System\xkZGujy.exe
  C:\Windows\System\xkZGujy.exe
  2⤵
  PID:4064
- C:\Windows\System\kqTUxWI.exe
  C:\Windows\System\kqTUxWI.exe
  2⤵
  PID:4084
- C:\Windows\System\xaeymTi.exe
  C:\Windows\System\xaeymTi.exe
  2⤵
  PID:1704
- C:\Windows\System\pHYtyay.exe
  C:\Windows\System\pHYtyay.exe
  2⤵
  PID:768
- C:\Windows\System\PadOfZL.exe
  C:\Windows\System\PadOfZL.exe
  2⤵
  PID:2168
- C:\Windows\System\nraPFzg.exe
  C:\Windows\System\nraPFzg.exe
  2⤵
  PID:2524
- C:\Windows\System\ARxNgyt.exe
  C:\Windows\System\ARxNgyt.exe
  2⤵
  PID:884
- C:\Windows\System\YSGLtwf.exe
  C:\Windows\System\YSGLtwf.exe
  2⤵
  PID:2564
- C:\Windows\System\XooCxiL.exe
  C:\Windows\System\XooCxiL.exe
  2⤵
  PID:1040
- C:\Windows\System\dLHUdlV.exe
  C:\Windows\System\dLHUdlV.exe
  2⤵
  PID:2264
- C:\Windows\System\nbiRvYJ.exe
  C:\Windows\System\nbiRvYJ.exe
  2⤵
  PID:2744
- C:\Windows\System\hTKkgAQ.exe
  C:\Windows\System\hTKkgAQ.exe
  2⤵
  PID:3064
- C:\Windows\System\qiicZiS.exe
  C:\Windows\System\qiicZiS.exe
  2⤵
  PID:1436
- C:\Windows\System\ydwAVLR.exe
  C:\Windows\System\ydwAVLR.exe
  2⤵
  PID:1124
- C:\Windows\System\wCOMaqp.exe
  C:\Windows\System\wCOMaqp.exe
  2⤵
  PID:1144
- C:\Windows\System\pvMfnWJ.exe
  C:\Windows\System\pvMfnWJ.exe
  2⤵
  PID:3080
- C:\Windows\System\efabzHd.exe
  C:\Windows\System\efabzHd.exe
  2⤵
  PID:3124
- C:\Windows\System\DDlhifi.exe
  C:\Windows\System\DDlhifi.exe
  2⤵
  PID:3144
- C:\Windows\System\NheGZLT.exe
  C:\Windows\System\NheGZLT.exe
  2⤵
  PID:3180
- C:\Windows\System\FuTjREa.exe
  C:\Windows\System\FuTjREa.exe
  2⤵
  PID:3212
- C:\Windows\System\pNlQaar.exe
  C:\Windows\System\pNlQaar.exe
  2⤵
  PID:3252
- C:\Windows\System\iSKqynw.exe
  C:\Windows\System\iSKqynw.exe
  2⤵
  PID:3268
- C:\Windows\System\MsOZAPo.exe
  C:\Windows\System\MsOZAPo.exe
  2⤵
  PID:3312
- C:\Windows\System\GLMDwto.exe
  C:\Windows\System\GLMDwto.exe
  2⤵
  PID:3308
- C:\Windows\System\wJttZOJ.exe
  C:\Windows\System\wJttZOJ.exe
  2⤵
  PID:3368
- C:\Windows\System\xdddoyB.exe
  C:\Windows\System\xdddoyB.exe
  2⤵
  PID:3412
- C:\Windows\System\uylheQy.exe
  C:\Windows\System\uylheQy.exe
  2⤵
  PID:3444
- C:\Windows\System\sTILmMf.exe
  C:\Windows\System\sTILmMf.exe
  2⤵
  PID:3492
- C:\Windows\System\LYEATko.exe
  C:\Windows\System\LYEATko.exe
  2⤵
  PID:3512
- C:\Windows\System\TsFhJmg.exe
  C:\Windows\System\TsFhJmg.exe
  2⤵
  PID:3544
- C:\Windows\System\ukEjTLp.exe
  C:\Windows\System\ukEjTLp.exe
  2⤵
  PID:3572
- C:\Windows\System\wsCoVKj.exe
  C:\Windows\System\wsCoVKj.exe
  2⤵
  PID:3612
- C:\Windows\System\BApJMWa.exe
  C:\Windows\System\BApJMWa.exe
  2⤵
  PID:3632
- C:\Windows\System\pBHnQlp.exe
  C:\Windows\System\pBHnQlp.exe
  2⤵
  PID:3668
- C:\Windows\System\NqcYkLM.exe
  C:\Windows\System\NqcYkLM.exe
  2⤵
  PID:3728
- C:\Windows\System\plQBCnW.exe
  C:\Windows\System\plQBCnW.exe
  2⤵
  PID:3776
- C:\Windows\System\XJoiiVQ.exe
  C:\Windows\System\XJoiiVQ.exe
  2⤵
  PID:3792
- C:\Windows\System\pOOSrst.exe
  C:\Windows\System\pOOSrst.exe
  2⤵
  PID:3812
- C:\Windows\System\oiAkLbX.exe
  C:\Windows\System\oiAkLbX.exe
  2⤵
  PID:3836
- C:\Windows\System\noRkixZ.exe
  C:\Windows\System\noRkixZ.exe
  2⤵
  PID:3892
- C:\Windows\System\iWEqeYE.exe
  C:\Windows\System\iWEqeYE.exe
  2⤵
  PID:3908
- C:\Windows\System\VLsAmvH.exe
  C:\Windows\System\VLsAmvH.exe
  2⤵
  PID:3968
- C:\Windows\System\hihjmaH.exe
  C:\Windows\System\hihjmaH.exe
  2⤵
  PID:3972
- C:\Windows\System\HEZHHFJ.exe
  C:\Windows\System\HEZHHFJ.exe
  2⤵
  PID:4012
- C:\Windows\System\nfXRufV.exe
  C:\Windows\System\nfXRufV.exe
  2⤵
  PID:4056
- C:\Windows\System\VxSYZZv.exe
  C:\Windows\System\VxSYZZv.exe
  2⤵
  PID:4080
- C:\Windows\System\rlTWdGt.exe
  C:\Windows\System\rlTWdGt.exe
  2⤵
  PID:2384
- C:\Windows\System\HgBowkW.exe
  C:\Windows\System\HgBowkW.exe
  2⤵
  PID:2148
- C:\Windows\System\Dyzagta.exe
  C:\Windows\System\Dyzagta.exe
  2⤵
  PID:2412
- C:\Windows\System\KscVJUT.exe
  C:\Windows\System\KscVJUT.exe
  2⤵
  PID:1952
- C:\Windows\System\zhwVvZJ.exe
  C:\Windows\System\zhwVvZJ.exe
  2⤵
  PID:2888
- C:\Windows\System\KtZWAbE.exe
  C:\Windows\System\KtZWAbE.exe
  2⤵
  PID:2220
- C:\Windows\System\eUMUtwA.exe
  C:\Windows\System\eUMUtwA.exe
  2⤵
  PID:2136
- C:\Windows\System\LSxEGDK.exe
  C:\Windows\System\LSxEGDK.exe
  2⤵
  PID:1508
- C:\Windows\System\lMvhCpZ.exe
  C:\Windows\System\lMvhCpZ.exe
  2⤵
  PID:1364
- C:\Windows\System\QwhiDUE.exe
  C:\Windows\System\QwhiDUE.exe
  2⤵
  PID:3128
- C:\Windows\System\disDIji.exe
  C:\Windows\System\disDIji.exe
  2⤵
  PID:3244
- C:\Windows\System\ovTQqjt.exe
  C:\Windows\System\ovTQqjt.exe
  2⤵
  PID:3248
- C:\Windows\System\fQJHbfS.exe
  C:\Windows\System\fQJHbfS.exe
  2⤵
  PID:3372
- C:\Windows\System\EtyFKer.exe
  C:\Windows\System\EtyFKer.exe
  2⤵
  PID:3404
- C:\Windows\System\KoifYck.exe
  C:\Windows\System\KoifYck.exe
  2⤵
  PID:3488
- C:\Windows\System\mTUGcJr.exe
  C:\Windows\System\mTUGcJr.exe
  2⤵
  PID:3464
- C:\Windows\System\fgUgpJq.exe
  C:\Windows\System\fgUgpJq.exe
  2⤵
  PID:3576
- C:\Windows\System\xyIZXdd.exe
  C:\Windows\System\xyIZXdd.exe
  2⤵
  PID:3648
- C:\Windows\System\EalmBaZ.exe
  C:\Windows\System\EalmBaZ.exe
  2⤵
  PID:3688
- C:\Windows\System\uUSaiGL.exe
  C:\Windows\System\uUSaiGL.exe
  2⤵
  PID:3752
- C:\Windows\System\LqWGVdd.exe
  C:\Windows\System\LqWGVdd.exe
  2⤵
  PID:3856
- C:\Windows\System\acqyUTh.exe
  C:\Windows\System\acqyUTh.exe
  2⤵
  PID:3816
- C:\Windows\System\GKUXCNC.exe
  C:\Windows\System\GKUXCNC.exe
  2⤵
  PID:3948
- C:\Windows\System\ulHZWbA.exe
  C:\Windows\System\ulHZWbA.exe
  2⤵
  PID:3912
- C:\Windows\System\tpusgRW.exe
  C:\Windows\System\tpusgRW.exe
  2⤵
  PID:4060
- C:\Windows\System\XauYyqW.exe
  C:\Windows\System\XauYyqW.exe
  2⤵
  PID:4072
- C:\Windows\System\kqFGwKK.exe
  C:\Windows\System\kqFGwKK.exe
  2⤵
  PID:2092
- C:\Windows\System\pcZyWBT.exe
  C:\Windows\System\pcZyWBT.exe
  2⤵
  PID:556
- C:\Windows\System\XzBfnoI.exe
  C:\Windows\System\XzBfnoI.exe
  2⤵
  PID:1588
- C:\Windows\System\YhJefDU.exe
  C:\Windows\System\YhJefDU.exe
  2⤵
  PID:1100
- C:\Windows\System\Kfawfce.exe
  C:\Windows\System\Kfawfce.exe
  2⤵
  PID:1996
- C:\Windows\System\xRyUfvv.exe
  C:\Windows\System\xRyUfvv.exe
  2⤵
  PID:3192
- C:\Windows\System\DJfJplv.exe
  C:\Windows\System\DJfJplv.exe
  2⤵
  PID:3224
- C:\Windows\System\DEYYzPp.exe
  C:\Windows\System\DEYYzPp.exe
  2⤵
  PID:3304
- C:\Windows\System\hYKJCeN.exe
  C:\Windows\System\hYKJCeN.exe
  2⤵
  PID:3428
- C:\Windows\System\FuZvctH.exe
  C:\Windows\System\FuZvctH.exe
  2⤵
  PID:3548
- C:\Windows\System\sqUwCWZ.exe
  C:\Windows\System\sqUwCWZ.exe
  2⤵
  PID:3608
- C:\Windows\System\mLzUMne.exe
  C:\Windows\System\mLzUMne.exe
  2⤵
  PID:3716
- C:\Windows\System\JnOvSXc.exe
  C:\Windows\System\JnOvSXc.exe
  2⤵
  PID:3748
- C:\Windows\System\KchAlbv.exe
  C:\Windows\System\KchAlbv.exe
  2⤵
  PID:3876
- C:\Windows\System\ulKkRmf.exe
  C:\Windows\System\ulKkRmf.exe
  2⤵
  PID:3556
- C:\Windows\System\JSaaiXa.exe
  C:\Windows\System\JSaaiXa.exe
  2⤵
  PID:1904
- C:\Windows\System\gLmVZLa.exe
  C:\Windows\System\gLmVZLa.exe
  2⤵
  PID:992
- C:\Windows\System\NgMuCWZ.exe
  C:\Windows\System\NgMuCWZ.exe
  2⤵
  PID:1696
- C:\Windows\System\yXRpWYu.exe
  C:\Windows\System\yXRpWYu.exe
  2⤵
  PID:2944
- C:\Windows\System\GUXkxpP.exe
  C:\Windows\System\GUXkxpP.exe
  2⤵
  PID:2056
- C:\Windows\System\gwvnvrE.exe
  C:\Windows\System\gwvnvrE.exe
  2⤵
  PID:3292
- C:\Windows\System\YhjuWaj.exe
  C:\Windows\System\YhjuWaj.exe
  2⤵
  PID:3432
- C:\Windows\System\KnrYjwA.exe
  C:\Windows\System\KnrYjwA.exe
  2⤵
  PID:3696
- C:\Windows\System\FvKKxCs.exe
  C:\Windows\System\FvKKxCs.exe
  2⤵
  PID:3988
- C:\Windows\System\hiwEZlE.exe
  C:\Windows\System\hiwEZlE.exe
  2⤵
  PID:3108
- C:\Windows\System\gkCljlG.exe
  C:\Windows\System\gkCljlG.exe
  2⤵
  PID:4112
- C:\Windows\System\GcuOYdK.exe
  C:\Windows\System\GcuOYdK.exe
  2⤵
  PID:4132
- C:\Windows\System\YTjcXKX.exe
  C:\Windows\System\YTjcXKX.exe
  2⤵
  PID:4152
- C:\Windows\System\ZrUmhgd.exe
  C:\Windows\System\ZrUmhgd.exe
  2⤵
  PID:4176
- C:\Windows\System\EvVzNNZ.exe
  C:\Windows\System\EvVzNNZ.exe
  2⤵
  PID:4196
- C:\Windows\System\NOLOnbg.exe
  C:\Windows\System\NOLOnbg.exe
  2⤵
  PID:4216
- C:\Windows\System\AzqwpuP.exe
  C:\Windows\System\AzqwpuP.exe
  2⤵
  PID:4236
- C:\Windows\System\JVtUhFR.exe
  C:\Windows\System\JVtUhFR.exe
  2⤵
  PID:4260
- C:\Windows\System\UqruDys.exe
  C:\Windows\System\UqruDys.exe
  2⤵
  PID:4280
- C:\Windows\System\ymAJFru.exe
  C:\Windows\System\ymAJFru.exe
  2⤵
  PID:4300
- C:\Windows\System\GSrRbwF.exe
  C:\Windows\System\GSrRbwF.exe
  2⤵
  PID:4320
- C:\Windows\System\FsXdumi.exe
  C:\Windows\System\FsXdumi.exe
  2⤵
  PID:4340
- C:\Windows\System\CJBVbbr.exe
  C:\Windows\System\CJBVbbr.exe
  2⤵
  PID:4360
- C:\Windows\System\ARJljjU.exe
  C:\Windows\System\ARJljjU.exe
  2⤵
  PID:4380
- C:\Windows\System\jixRqSu.exe
  C:\Windows\System\jixRqSu.exe
  2⤵
  PID:4400
- C:\Windows\System\KuvkYBN.exe
  C:\Windows\System\KuvkYBN.exe
  2⤵
  PID:4420
- C:\Windows\System\FjAsZYl.exe
  C:\Windows\System\FjAsZYl.exe
  2⤵
  PID:4440
- C:\Windows\System\UQkdQXJ.exe
  C:\Windows\System\UQkdQXJ.exe
  2⤵
  PID:4460
- C:\Windows\System\WHRwnwu.exe
  C:\Windows\System\WHRwnwu.exe
  2⤵
  PID:4480
- C:\Windows\System\ZwGyFXr.exe
  C:\Windows\System\ZwGyFXr.exe
  2⤵
  PID:4500
- C:\Windows\System\wPriyKd.exe
  C:\Windows\System\wPriyKd.exe
  2⤵
  PID:4520
- C:\Windows\System\MNhLIYI.exe
  C:\Windows\System\MNhLIYI.exe
  2⤵
  PID:4540
- C:\Windows\System\qxEYuOQ.exe
  C:\Windows\System\qxEYuOQ.exe
  2⤵
  PID:4560
- C:\Windows\System\hAfsfbx.exe
  C:\Windows\System\hAfsfbx.exe
  2⤵
  PID:4580
- C:\Windows\System\TkdIRLU.exe
  C:\Windows\System\TkdIRLU.exe
  2⤵
  PID:4600
- C:\Windows\System\sNlzFXz.exe
  C:\Windows\System\sNlzFXz.exe
  2⤵
  PID:4620
- C:\Windows\System\TAIBSDI.exe
  C:\Windows\System\TAIBSDI.exe
  2⤵
  PID:4640
- C:\Windows\System\RwxzmZs.exe
  C:\Windows\System\RwxzmZs.exe
  2⤵
  PID:4660
- C:\Windows\System\livlEff.exe
  C:\Windows\System\livlEff.exe
  2⤵
  PID:4680
- C:\Windows\System\MIbrMgX.exe
  C:\Windows\System\MIbrMgX.exe
  2⤵
  PID:4700
- C:\Windows\System\ARQYRWj.exe
  C:\Windows\System\ARQYRWj.exe
  2⤵
  PID:4720
- C:\Windows\System\kaPcngk.exe
  C:\Windows\System\kaPcngk.exe
  2⤵
  PID:4740
- C:\Windows\System\qnlwMTl.exe
  C:\Windows\System\qnlwMTl.exe
  2⤵
  PID:4760
- C:\Windows\System\vtiaZaK.exe
  C:\Windows\System\vtiaZaK.exe
  2⤵
  PID:4780
- C:\Windows\System\TTWLpQj.exe
  C:\Windows\System\TTWLpQj.exe
  2⤵
  PID:4800
- C:\Windows\System\oaqxpPp.exe
  C:\Windows\System\oaqxpPp.exe
  2⤵
  PID:4820
- C:\Windows\System\qNlJRIc.exe
  C:\Windows\System\qNlJRIc.exe
  2⤵
  PID:4840
- C:\Windows\System\rsUJBYe.exe
  C:\Windows\System\rsUJBYe.exe
  2⤵
  PID:4860
- C:\Windows\System\UvBjNzf.exe
  C:\Windows\System\UvBjNzf.exe
  2⤵
  PID:4880
- C:\Windows\System\pfaxxCR.exe
  C:\Windows\System\pfaxxCR.exe
  2⤵
  PID:4900
- C:\Windows\System\PFWekbT.exe
  C:\Windows\System\PFWekbT.exe
  2⤵
  PID:4924
- C:\Windows\System\OzESkiE.exe
  C:\Windows\System\OzESkiE.exe
  2⤵
  PID:4944
- C:\Windows\System\oJGToLY.exe
  C:\Windows\System\oJGToLY.exe
  2⤵
  PID:4964
- C:\Windows\System\MUCdehs.exe
  C:\Windows\System\MUCdehs.exe
  2⤵
  PID:4988
- C:\Windows\System\UOanhDp.exe
  C:\Windows\System\UOanhDp.exe
  2⤵
  PID:5008
- C:\Windows\System\nGyNTkI.exe
  C:\Windows\System\nGyNTkI.exe
  2⤵
  PID:5028
- C:\Windows\System\jnrhbaO.exe
  C:\Windows\System\jnrhbaO.exe
  2⤵
  PID:5048
- C:\Windows\System\YTNPbmc.exe
  C:\Windows\System\YTNPbmc.exe
  2⤵
  PID:5068
- C:\Windows\System\BNVnqSm.exe
  C:\Windows\System\BNVnqSm.exe
  2⤵
  PID:5088
- C:\Windows\System\FoezvTo.exe
  C:\Windows\System\FoezvTo.exe
  2⤵
  PID:5108
- C:\Windows\System\ARYApSj.exe
  C:\Windows\System\ARYApSj.exe
  2⤵
  PID:3016
- C:\Windows\System\HxKEbZu.exe
  C:\Windows\System\HxKEbZu.exe
  2⤵
  PID:2572
- C:\Windows\System\fkxKimu.exe
  C:\Windows\System\fkxKimu.exe
  2⤵
  PID:3168
- C:\Windows\System\lMCzEUH.exe
  C:\Windows\System\lMCzEUH.exe
  2⤵
  PID:3288
- C:\Windows\System\DxLzqMB.exe
  C:\Windows\System\DxLzqMB.exe
  2⤵
  PID:3484
- C:\Windows\System\SjdAbJH.exe
  C:\Windows\System\SjdAbJH.exe
  2⤵
  PID:3852
- C:\Windows\System\XgUgVdP.exe
  C:\Windows\System\XgUgVdP.exe
  2⤵
  PID:4108
- C:\Windows\System\RIhlnSQ.exe
  C:\Windows\System\RIhlnSQ.exe
  2⤵
  PID:4168
- C:\Windows\System\lmMoOVU.exe
  C:\Windows\System\lmMoOVU.exe
  2⤵
  PID:4192
- C:\Windows\System\ZYeAMtd.exe
  C:\Windows\System\ZYeAMtd.exe
  2⤵
  PID:4224
- C:\Windows\System\tojnKaU.exe
  C:\Windows\System\tojnKaU.exe
  2⤵
  PID:4252
- C:\Windows\System\aYrgVNL.exe
  C:\Windows\System\aYrgVNL.exe
  2⤵
  PID:4296
- C:\Windows\System\hbWZZZD.exe
  C:\Windows\System\hbWZZZD.exe
  2⤵
  PID:4312
- C:\Windows\System\FVpWUkP.exe
  C:\Windows\System\FVpWUkP.exe
  2⤵
  PID:4348
- C:\Windows\System\SWtsQEo.exe
  C:\Windows\System\SWtsQEo.exe
  2⤵
  PID:4388
- C:\Windows\System\yCMecMa.exe
  C:\Windows\System\yCMecMa.exe
  2⤵
  PID:4448
- C:\Windows\System\kjTuIdT.exe
  C:\Windows\System\kjTuIdT.exe
  2⤵
  PID:4436
- C:\Windows\System\eyUPtOL.exe
  C:\Windows\System\eyUPtOL.exe
  2⤵
  PID:4472
- C:\Windows\System\dSqreJt.exe
  C:\Windows\System\dSqreJt.exe
  2⤵
  PID:4528
- C:\Windows\System\sQBrOuw.exe
  C:\Windows\System\sQBrOuw.exe
  2⤵
  PID:4556
- C:\Windows\System\USnNHNv.exe
  C:\Windows\System\USnNHNv.exe
  2⤵
  PID:4608
- C:\Windows\System\sPMseXh.exe
  C:\Windows\System\sPMseXh.exe
  2⤵
  PID:4628
- C:\Windows\System\tSqUZLb.exe
  C:\Windows\System\tSqUZLb.exe
  2⤵
  PID:4652
- C:\Windows\System\buPBMWI.exe
  C:\Windows\System\buPBMWI.exe
  2⤵
  PID:4676
- C:\Windows\System\qxaKOHg.exe
  C:\Windows\System\qxaKOHg.exe
  2⤵
  PID:2848
- C:\Windows\System\ppjzDfV.exe
  C:\Windows\System\ppjzDfV.exe
  2⤵
  PID:4768
- C:\Windows\System\LQWNUhz.exe
  C:\Windows\System\LQWNUhz.exe
  2⤵
  PID:2312
- C:\Windows\System\KYZzEcn.exe
  C:\Windows\System\KYZzEcn.exe
  2⤵
  PID:4816
- C:\Windows\System\otgAFiE.exe
  C:\Windows\System\otgAFiE.exe
  2⤵
  PID:4848
- C:\Windows\System\yLcRPpF.exe
  C:\Windows\System\yLcRPpF.exe
  2⤵
  PID:4872
- C:\Windows\System\CyocJiY.exe
  C:\Windows\System\CyocJiY.exe
  2⤵
  PID:2104
- C:\Windows\System\NkgbqLw.exe
  C:\Windows\System\NkgbqLw.exe
  2⤵
  PID:4936
- C:\Windows\System\lvfiDZU.exe
  C:\Windows\System\lvfiDZU.exe
  2⤵
  PID:4956
- C:\Windows\System\bxwNeVU.exe
  C:\Windows\System\bxwNeVU.exe
  2⤵
  PID:2740
- C:\Windows\System\pPzHQuL.exe
  C:\Windows\System\pPzHQuL.exe
  2⤵
  PID:5024
- C:\Windows\System\LfRdBir.exe
  C:\Windows\System\LfRdBir.exe
  2⤵
  PID:5036
- C:\Windows\System\jKeTGOK.exe
  C:\Windows\System\jKeTGOK.exe
  2⤵
  PID:5076
- C:\Windows\System\RhzUpDU.exe
  C:\Windows\System\RhzUpDU.exe
  2⤵
  PID:5084
- C:\Windows\System\FGqocwl.exe
  C:\Windows\System\FGqocwl.exe
  2⤵
  PID:4016
- C:\Windows\System\sKtMVyO.exe
  C:\Windows\System\sKtMVyO.exe
  2⤵
  PID:2836
- C:\Windows\System\eWIJIDw.exe
  C:\Windows\System\eWIJIDw.exe
  2⤵
  PID:3672
- C:\Windows\System\nInkGYy.exe
  C:\Windows\System\nInkGYy.exe
  2⤵
  PID:4128
- C:\Windows\System\RWHXIBr.exe
  C:\Windows\System\RWHXIBr.exe
  2⤵
  PID:4120
- C:\Windows\System\mqMImUE.exe
  C:\Windows\System\mqMImUE.exe
  2⤵
  PID:4184
- C:\Windows\System\KIALUaj.exe
  C:\Windows\System\KIALUaj.exe
  2⤵
  PID:4272
- C:\Windows\System\lBuyMHu.exe
  C:\Windows\System\lBuyMHu.exe
  2⤵
  PID:4376
- C:\Windows\System\ptkcHbk.exe
  C:\Windows\System\ptkcHbk.exe
  2⤵
  PID:4308
- C:\Windows\System\qxdgusJ.exe
  C:\Windows\System\qxdgusJ.exe
  2⤵
  PID:4352
- C:\Windows\System\FoPuExF.exe
  C:\Windows\System\FoPuExF.exe
  2⤵
  PID:4456
- C:\Windows\System\cyQRdYP.exe
  C:\Windows\System\cyQRdYP.exe
  2⤵
  PID:4568
- C:\Windows\System\vTJJYhH.exe
  C:\Windows\System\vTJJYhH.exe
  2⤵
  PID:4516
- C:\Windows\System\udkKukS.exe
  C:\Windows\System\udkKukS.exe
  2⤵
  PID:4696
- C:\Windows\System\rsTWQJe.exe
  C:\Windows\System\rsTWQJe.exe
  2⤵
  PID:4692
- C:\Windows\System\ntOXFyX.exe
  C:\Windows\System\ntOXFyX.exe
  2⤵
  PID:4748
- C:\Windows\System\zPbnDnc.exe
  C:\Windows\System\zPbnDnc.exe
  2⤵
  PID:4792
- C:\Windows\System\EnvKlbi.exe
  C:\Windows\System\EnvKlbi.exe
  2⤵
  PID:4876
- C:\Windows\System\MYEQkeH.exe
  C:\Windows\System\MYEQkeH.exe
  2⤵
  PID:4912
- C:\Windows\System\tNZDWnE.exe
  C:\Windows\System\tNZDWnE.exe
  2⤵
  PID:4892
- C:\Windows\System\MKohFjr.exe
  C:\Windows\System\MKohFjr.exe
  2⤵
  PID:4976
- C:\Windows\System\rCKJbjF.exe
  C:\Windows\System\rCKJbjF.exe
  2⤵
  PID:5096
- C:\Windows\System\qJugQPh.exe
  C:\Windows\System\qJugQPh.exe
  2⤵
  PID:5000
- C:\Windows\System\QENMHqv.exe
  C:\Windows\System\QENMHqv.exe
  2⤵
  PID:1544
- C:\Windows\System\EZBoNlS.exe
  C:\Windows\System\EZBoNlS.exe
  2⤵
  PID:5116
- C:\Windows\System\QBrcZOh.exe
  C:\Windows\System\QBrcZOh.exe
  2⤵
  PID:3768
- C:\Windows\System\iObzdBO.exe
  C:\Windows\System\iObzdBO.exe
  2⤵
  PID:4536
- C:\Windows\System\kPNegOy.exe
  C:\Windows\System\kPNegOy.exe
  2⤵
  PID:4248
- C:\Windows\System\RjIaKSE.exe
  C:\Windows\System\RjIaKSE.exe
  2⤵
  PID:4276
- C:\Windows\System\pdtouCi.exe
  C:\Windows\System\pdtouCi.exe
  2⤵
  PID:4372
- C:\Windows\System\zMjBKHi.exe
  C:\Windows\System\zMjBKHi.exe
  2⤵
  PID:4548
- C:\Windows\System\MoOeIfH.exe
  C:\Windows\System\MoOeIfH.exe
  2⤵
  PID:4588
- C:\Windows\System\lTmUJdn.exe
  C:\Windows\System\lTmUJdn.exe
  2⤵
  PID:4612
- C:\Windows\System\etRrtBw.exe
  C:\Windows\System\etRrtBw.exe
  2⤵
  PID:4728
- C:\Windows\System\ZDDXZxY.exe
  C:\Windows\System\ZDDXZxY.exe
  2⤵
  PID:4752
- C:\Windows\System\vEsFOxU.exe
  C:\Windows\System\vEsFOxU.exe
  2⤵
  PID:4836
- C:\Windows\System\vmUCtiW.exe
  C:\Windows\System\vmUCtiW.exe
  2⤵
  PID:4972
- C:\Windows\System\qWFPCXK.exe
  C:\Windows\System\qWFPCXK.exe
  2⤵
  PID:5056
- C:\Windows\System\UqSaiNf.exe
  C:\Windows\System\UqSaiNf.exe
  2⤵
  PID:4036
- C:\Windows\System\PGDAybR.exe
  C:\Windows\System\PGDAybR.exe
  2⤵
  PID:3388
- C:\Windows\System\vIzQJoo.exe
  C:\Windows\System\vIzQJoo.exe
  2⤵
  PID:4188
- C:\Windows\System\MTpSBun.exe
  C:\Windows\System\MTpSBun.exe
  2⤵
  PID:4148
- C:\Windows\System\cmhbGhD.exe
  C:\Windows\System\cmhbGhD.exe
  2⤵
  PID:4256
- C:\Windows\System\loUpNpc.exe
  C:\Windows\System\loUpNpc.exe
  2⤵
  PID:2840
- C:\Windows\System\xnJHOyQ.exe
  C:\Windows\System\xnJHOyQ.exe
  2⤵
  PID:5128
- C:\Windows\System\CovvwiM.exe
  C:\Windows\System\CovvwiM.exe
  2⤵
  PID:5148
- C:\Windows\System\XNjvXHU.exe
  C:\Windows\System\XNjvXHU.exe
  2⤵
  PID:5168
- C:\Windows\System\dCAwFWl.exe
  C:\Windows\System\dCAwFWl.exe
  2⤵
  PID:5188
- C:\Windows\System\BJVIAiH.exe
  C:\Windows\System\BJVIAiH.exe
  2⤵
  PID:5208
- C:\Windows\System\diNycci.exe
  C:\Windows\System\diNycci.exe
  2⤵
  PID:5228
- C:\Windows\System\raninjf.exe
  C:\Windows\System\raninjf.exe
  2⤵
  PID:5248
- C:\Windows\System\HGqCtPV.exe
  C:\Windows\System\HGqCtPV.exe
  2⤵
  PID:5268
- C:\Windows\System\lVRVnDS.exe
  C:\Windows\System\lVRVnDS.exe
  2⤵
  PID:5288
- C:\Windows\System\VMSIslZ.exe
  C:\Windows\System\VMSIslZ.exe
  2⤵
  PID:5308
- C:\Windows\System\tbqDkMI.exe
  C:\Windows\System\tbqDkMI.exe
  2⤵
  PID:5328
- C:\Windows\System\KfLCIRT.exe
  C:\Windows\System\KfLCIRT.exe
  2⤵
  PID:5348
- C:\Windows\System\WhrOeKi.exe
  C:\Windows\System\WhrOeKi.exe
  2⤵
  PID:5368
- C:\Windows\System\UszeEFf.exe
  C:\Windows\System\UszeEFf.exe
  2⤵
  PID:5388
- C:\Windows\System\eMbnvKW.exe
  C:\Windows\System\eMbnvKW.exe
  2⤵
  PID:5408
- C:\Windows\System\TBNiIVv.exe
  C:\Windows\System\TBNiIVv.exe
  2⤵
  PID:5428
- C:\Windows\System\rkkfqCh.exe
  C:\Windows\System\rkkfqCh.exe
  2⤵
  PID:5448
- C:\Windows\System\rbGmERS.exe
  C:\Windows\System\rbGmERS.exe
  2⤵
  PID:5468
- C:\Windows\System\yXJkrEa.exe
  C:\Windows\System\yXJkrEa.exe
  2⤵
  PID:5488
- C:\Windows\System\JkQEJfa.exe
  C:\Windows\System\JkQEJfa.exe
  2⤵
  PID:5508
- C:\Windows\System\SUaCEkg.exe
  C:\Windows\System\SUaCEkg.exe
  2⤵
  PID:5528
- C:\Windows\System\CTIOUvG.exe
  C:\Windows\System\CTIOUvG.exe
  2⤵
  PID:5548
- C:\Windows\System\KmhgFcs.exe
  C:\Windows\System\KmhgFcs.exe
  2⤵
  PID:5568
- C:\Windows\System\bQxqpBu.exe
  C:\Windows\System\bQxqpBu.exe
  2⤵
  PID:5588
- C:\Windows\System\tYNABnW.exe
  C:\Windows\System\tYNABnW.exe
  2⤵
  PID:5608
- C:\Windows\System\lKeZSvg.exe
  C:\Windows\System\lKeZSvg.exe
  2⤵
  PID:5628
- C:\Windows\System\enwobfc.exe
  C:\Windows\System\enwobfc.exe
  2⤵
  PID:5648
- C:\Windows\System\CBcrrWk.exe
  C:\Windows\System\CBcrrWk.exe
  2⤵
  PID:5668
- C:\Windows\System\bfaYuMU.exe
  C:\Windows\System\bfaYuMU.exe
  2⤵
  PID:5688
- C:\Windows\System\vRwMPth.exe
  C:\Windows\System\vRwMPth.exe
  2⤵
  PID:5708
- C:\Windows\System\AYWMuDD.exe
  C:\Windows\System\AYWMuDD.exe
  2⤵
  PID:5728
- C:\Windows\System\mTZOuKy.exe
  C:\Windows\System\mTZOuKy.exe
  2⤵
  PID:5748
- C:\Windows\System\AfjIEOK.exe
  C:\Windows\System\AfjIEOK.exe
  2⤵
  PID:5768
- C:\Windows\System\RIieRzq.exe
  C:\Windows\System\RIieRzq.exe
  2⤵
  PID:5788
- C:\Windows\System\ZFKLEiu.exe
  C:\Windows\System\ZFKLEiu.exe
  2⤵
  PID:5808
- C:\Windows\System\mtnQcmN.exe
  C:\Windows\System\mtnQcmN.exe
  2⤵
  PID:5828
- C:\Windows\System\fBzZqRf.exe
  C:\Windows\System\fBzZqRf.exe
  2⤵
  PID:5848
- C:\Windows\System\AflMvFl.exe
  C:\Windows\System\AflMvFl.exe
  2⤵
  PID:5868
- C:\Windows\System\VgIHHWh.exe
  C:\Windows\System\VgIHHWh.exe
  2⤵
  PID:5888
- C:\Windows\System\puQDWLd.exe
  C:\Windows\System\puQDWLd.exe
  2⤵
  PID:5908
- C:\Windows\System\UQEWXLg.exe
  C:\Windows\System\UQEWXLg.exe
  2⤵
  PID:5932
- C:\Windows\System\IbgDfDd.exe
  C:\Windows\System\IbgDfDd.exe
  2⤵
  PID:5952
- C:\Windows\System\wHRklqN.exe
  C:\Windows\System\wHRklqN.exe
  2⤵
  PID:5972
- C:\Windows\System\gvSQiuy.exe
  C:\Windows\System\gvSQiuy.exe
  2⤵
  PID:5992
- C:\Windows\System\VoIecvM.exe
  C:\Windows\System\VoIecvM.exe
  2⤵
  PID:6012
- C:\Windows\System\fbclTcb.exe
  C:\Windows\System\fbclTcb.exe
  2⤵
  PID:6032
- C:\Windows\System\tBvxMwW.exe
  C:\Windows\System\tBvxMwW.exe
  2⤵
  PID:6052
- C:\Windows\System\rGVVWlv.exe
  C:\Windows\System\rGVVWlv.exe
  2⤵
  PID:6072
- C:\Windows\System\HDAyomK.exe
  C:\Windows\System\HDAyomK.exe
  2⤵
  PID:6092
- C:\Windows\System\StFFLhU.exe
  C:\Windows\System\StFFLhU.exe
  2⤵
  PID:6112
- C:\Windows\System\ubXAbgg.exe
  C:\Windows\System\ubXAbgg.exe
  2⤵
  PID:6132
- C:\Windows\System\DQdjDiv.exe
  C:\Windows\System\DQdjDiv.exe
  2⤵
  PID:4508
- C:\Windows\System\wPZwdEI.exe
  C:\Windows\System\wPZwdEI.exe
  2⤵
  PID:4828
- C:\Windows\System\ymghzLl.exe
  C:\Windows\System\ymghzLl.exe
  2⤵
  PID:4996
- C:\Windows\System\JWnCoqg.exe
  C:\Windows\System\JWnCoqg.exe
  2⤵
  PID:2792
- C:\Windows\System\VwSAEjc.exe
  C:\Windows\System\VwSAEjc.exe
  2⤵
  PID:2520
- C:\Windows\System\KNjhGiH.exe
  C:\Windows\System\KNjhGiH.exe
  2⤵
  PID:2880
- C:\Windows\System\nvUamco.exe
  C:\Windows\System\nvUamco.exe
  2⤵
  PID:2896
- C:\Windows\System\GNGLMgR.exe
  C:\Windows\System\GNGLMgR.exe
  2⤵
  PID:4496
- C:\Windows\System\civRPCS.exe
  C:\Windows\System\civRPCS.exe
  2⤵
  PID:5144
- C:\Windows\System\GTZNCDF.exe
  C:\Windows\System\GTZNCDF.exe
  2⤵
  PID:5184
- C:\Windows\System\BdGQvCO.exe
  C:\Windows\System\BdGQvCO.exe
  2⤵
  PID:5224
- C:\Windows\System\RWlPIcO.exe
  C:\Windows\System\RWlPIcO.exe
  2⤵
  PID:2860
- C:\Windows\System\rOLcWzm.exe
  C:\Windows\System\rOLcWzm.exe
  2⤵
  PID:5260
- C:\Windows\System\vmpRojf.exe
  C:\Windows\System\vmpRojf.exe
  2⤵
  PID:5300
- C:\Windows\System\GGUyUdb.exe
  C:\Windows\System\GGUyUdb.exe
  2⤵
  PID:5324
- C:\Windows\System\RITObiv.exe
  C:\Windows\System\RITObiv.exe
  2⤵
  PID:5364
- C:\Windows\System\icGfXQd.exe
  C:\Windows\System\icGfXQd.exe
  2⤵
  PID:5424
- C:\Windows\System\EhvEbzl.exe
  C:\Windows\System\EhvEbzl.exe
  2⤵
  PID:3364
- C:\Windows\System\LyHEwXT.exe
  C:\Windows\System\LyHEwXT.exe
  2⤵
  PID:2928
- C:\Windows\System\ACqlXqK.exe
  C:\Windows\System\ACqlXqK.exe
  2⤵
  PID:5496
- C:\Windows\System\gIxKnob.exe
  C:\Windows\System\gIxKnob.exe
  2⤵
  PID:5536
- C:\Windows\System\gIdnBhB.exe
  C:\Windows\System\gIdnBhB.exe
  2⤵
  PID:5524
- C:\Windows\System\QPpkTrL.exe
  C:\Windows\System\QPpkTrL.exe
  2⤵
  PID:5560
- C:\Windows\System\ItNkAot.exe
  C:\Windows\System\ItNkAot.exe
  2⤵
  PID:5616
- C:\Windows\System\PRbhlZO.exe
  C:\Windows\System\PRbhlZO.exe
  2⤵
  PID:2936
- C:\Windows\System\JVmwosE.exe
  C:\Windows\System\JVmwosE.exe
  2⤵
  PID:5664
- C:\Windows\System\FcGGuit.exe
  C:\Windows\System\FcGGuit.exe
  2⤵
  PID:5684
- C:\Windows\System\jxgnFDz.exe
  C:\Windows\System\jxgnFDz.exe
  2⤵
  PID:5716
- C:\Windows\System\ZNmTqPP.exe
  C:\Windows\System\ZNmTqPP.exe
  2⤵
  PID:5764
- C:\Windows\System\GwDSaSv.exe
  C:\Windows\System\GwDSaSv.exe
  2⤵
  PID:5796
- C:\Windows\System\UmFLqbA.exe
  C:\Windows\System\UmFLqbA.exe
  2⤵
  PID:5820
- C:\Windows\System\MUDtoIj.exe
  C:\Windows\System\MUDtoIj.exe
  2⤵
  PID:5844
- C:\Windows\System\qdMuoPk.exe
  C:\Windows\System\qdMuoPk.exe
  2⤵
  PID:5884
- C:\Windows\System\llCxZlw.exe
  C:\Windows\System\llCxZlw.exe
  2⤵
  PID:5928
- C:\Windows\System\XArpdiA.exe
  C:\Windows\System\XArpdiA.exe
  2⤵
  PID:5980
- C:\Windows\System\usZatwL.exe
  C:\Windows\System\usZatwL.exe
  2⤵
  PID:5964
- C:\Windows\System\igPyuIH.exe
  C:\Windows\System\igPyuIH.exe
  2⤵
  PID:6004
- C:\Windows\System\adBxaOF.exe
  C:\Windows\System\adBxaOF.exe
  2⤵
  PID:6068
- C:\Windows\System\RsnpRat.exe
  C:\Windows\System\RsnpRat.exe
  2⤵
  PID:6100
- C:\Windows\System\sLjijjq.exe
  C:\Windows\System\sLjijjq.exe
  2⤵
  PID:4592
- C:\Windows\System\ccaUxFB.exe
  C:\Windows\System\ccaUxFB.exe
  2⤵
  PID:4808
- C:\Windows\System\PmMaiYe.exe
  C:\Windows\System\PmMaiYe.exe
  2⤵
  PID:2864
- C:\Windows\System\kJnUtAD.exe
  C:\Windows\System\kJnUtAD.exe
  2⤵
  PID:5064
- C:\Windows\System\TdnGLoQ.exe
  C:\Windows\System\TdnGLoQ.exe
  2⤵
  PID:1948
- C:\Windows\System\QLejLDb.exe
  C:\Windows\System\QLejLDb.exe
  2⤵
  PID:2976
- C:\Windows\System\aRGacfZ.exe
  C:\Windows\System\aRGacfZ.exe
  2⤵
  PID:5136
- C:\Windows\System\RRBJuXZ.exe
  C:\Windows\System\RRBJuXZ.exe
  2⤵
  PID:5216
- C:\Windows\System\KiEAgsX.exe
  C:\Windows\System\KiEAgsX.exe
  2⤵
  PID:5200
- C:\Windows\System\ZwaQWqv.exe
  C:\Windows\System\ZwaQWqv.exe
  2⤵
  PID:5280
- C:\Windows\System\tfDpRNM.exe
  C:\Windows\System\tfDpRNM.exe
  2⤵
  PID:5384
- C:\Windows\System\nDzjOdz.exe
  C:\Windows\System\nDzjOdz.exe
  2⤵
  PID:5380
- C:\Windows\System\nrCqElE.exe
  C:\Windows\System\nrCqElE.exe
  2⤵
  PID:5440
- C:\Windows\System\UDTkimz.exe
  C:\Windows\System\UDTkimz.exe
  2⤵
  PID:5500
- C:\Windows\System\pIZeIXd.exe
  C:\Windows\System\pIZeIXd.exe
  2⤵
  PID:5564
- C:\Windows\System\mTYNcKp.exe
  C:\Windows\System\mTYNcKp.exe
  2⤵
  PID:5600
- C:\Windows\System\YSXlPHD.exe
  C:\Windows\System\YSXlPHD.exe
  2⤵
  PID:5704
- C:\Windows\System\VQpvkCw.exe
  C:\Windows\System\VQpvkCw.exe
  2⤵
  PID:5656
- C:\Windows\System\FwTdQSz.exe
  C:\Windows\System\FwTdQSz.exe
  2⤵
  PID:5756
- C:\Windows\System\ndxkafb.exe
  C:\Windows\System\ndxkafb.exe
  2⤵
  PID:5780
- C:\Windows\System\kOxnFEV.exe
  C:\Windows\System\kOxnFEV.exe
  2⤵
  PID:5860
- C:\Windows\System\tkPBQWG.exe
  C:\Windows\System\tkPBQWG.exe
  2⤵
  PID:5900
- C:\Windows\System\KatRZmI.exe
  C:\Windows\System\KatRZmI.exe
  2⤵
  PID:5920
- C:\Windows\System\eKeACcC.exe
  C:\Windows\System\eKeACcC.exe
  2⤵
  PID:5960
- C:\Windows\System\fuXINns.exe
  C:\Windows\System\fuXINns.exe
  2⤵
  PID:6044
- C:\Windows\System\PvNfdQP.exe
  C:\Windows\System\PvNfdQP.exe
  2⤵
  PID:6108
- C:\Windows\System\rrvpeFr.exe
  C:\Windows\System\rrvpeFr.exe
  2⤵
  PID:6128
- C:\Windows\System\oPLtWnL.exe
  C:\Windows\System\oPLtWnL.exe
  2⤵
  PID:4648
- C:\Windows\System\eIhDgbL.exe
  C:\Windows\System\eIhDgbL.exe
  2⤵
  PID:3628
- C:\Windows\System\llgYDfq.exe
  C:\Windows\System\llgYDfq.exe
  2⤵
  PID:5156
- C:\Windows\System\lfjHKar.exe
  C:\Windows\System\lfjHKar.exe
  2⤵
  PID:5176
- C:\Windows\System\RPFngmu.exe
  C:\Windows\System\RPFngmu.exe
  2⤵
  PID:5240
- C:\Windows\System\OVNtWAY.exe
  C:\Windows\System\OVNtWAY.exe
  2⤵
  PID:5376
- C:\Windows\System\azxsOVU.exe
  C:\Windows\System\azxsOVU.exe
  2⤵
  PID:5480
- C:\Windows\System\vNXookY.exe
  C:\Windows\System\vNXookY.exe
  2⤵
  PID:5460
- C:\Windows\System\gXHvVUb.exe
  C:\Windows\System\gXHvVUb.exe
  2⤵
  PID:5644
- C:\Windows\System\uVfaAvh.exe
  C:\Windows\System\uVfaAvh.exe
  2⤵
  PID:5580
- C:\Windows\System\sdGkEiF.exe
  C:\Windows\System\sdGkEiF.exe
  2⤵
  PID:5724
- C:\Windows\System\VLTfFkt.exe
  C:\Windows\System\VLTfFkt.exe
  2⤵
  PID:5876
- C:\Windows\System\qeaJLVC.exe
  C:\Windows\System\qeaJLVC.exe
  2⤵
  PID:6008
- C:\Windows\System\BHHmHIP.exe
  C:\Windows\System\BHHmHIP.exe
  2⤵
  PID:6080
- C:\Windows\System\vPSFwuZ.exe
  C:\Windows\System\vPSFwuZ.exe
  2⤵
  PID:4776
- C:\Windows\System\ttRmorg.exe
  C:\Windows\System\ttRmorg.exe
  2⤵
  PID:6124
- C:\Windows\System\zeVvRAl.exe
  C:\Windows\System\zeVvRAl.exe
  2⤵
  PID:5256
- C:\Windows\System\msbzuKs.exe
  C:\Windows\System\msbzuKs.exe
  2⤵
  PID:988
- C:\Windows\System\QprnyAO.exe
  C:\Windows\System\QprnyAO.exe
  2⤵
  PID:4476
- C:\Windows\System\cFXRdUH.exe
  C:\Windows\System\cFXRdUH.exe
  2⤵
  PID:5924
- C:\Windows\System\YzdHbYh.exe
  C:\Windows\System\YzdHbYh.exe
  2⤵
  PID:5456
- C:\Windows\System\yUPBAms.exe
  C:\Windows\System\yUPBAms.exe
  2⤵
  PID:5760
- C:\Windows\System\kldwLVw.exe
  C:\Windows\System\kldwLVw.exe
  2⤵
  PID:5836
- C:\Windows\System\iNBoeoh.exe
  C:\Windows\System\iNBoeoh.exe
  2⤵
  PID:3092
- C:\Windows\System\pYJbGEY.exe
  C:\Windows\System\pYJbGEY.exe
  2⤵
  PID:6040
- C:\Windows\System\xnnpJxk.exe
  C:\Windows\System\xnnpJxk.exe
  2⤵
  PID:6156
- C:\Windows\System\TyniBjl.exe
  C:\Windows\System\TyniBjl.exe
  2⤵
  PID:6176
- C:\Windows\System\RFTNIqY.exe
  C:\Windows\System\RFTNIqY.exe
  2⤵
  PID:6196
- C:\Windows\System\lLVyDiS.exe
  C:\Windows\System\lLVyDiS.exe
  2⤵
  PID:6216
- C:\Windows\System\JJswhSq.exe
  C:\Windows\System\JJswhSq.exe
  2⤵
  PID:6236
- C:\Windows\System\UUpYxIN.exe
  C:\Windows\System\UUpYxIN.exe
  2⤵
  PID:6256
- C:\Windows\System\HHiNapy.exe
  C:\Windows\System\HHiNapy.exe
  2⤵
  PID:6276
- C:\Windows\System\bFOOenj.exe
  C:\Windows\System\bFOOenj.exe
  2⤵
  PID:6296
- C:\Windows\System\DNFnrli.exe
  C:\Windows\System\DNFnrli.exe
  2⤵
  PID:6316
- C:\Windows\System\rpUKDxS.exe
  C:\Windows\System\rpUKDxS.exe
  2⤵
  PID:6336
- C:\Windows\System\jMOUlEf.exe
  C:\Windows\System\jMOUlEf.exe
  2⤵
  PID:6356
- C:\Windows\System\lIxsnWc.exe
  C:\Windows\System\lIxsnWc.exe
  2⤵
  PID:6376
- C:\Windows\System\CaWVEUH.exe
  C:\Windows\System\CaWVEUH.exe
  2⤵
  PID:6400
- C:\Windows\System\vEfXlMe.exe
  C:\Windows\System\vEfXlMe.exe
  2⤵
  PID:6420
- C:\Windows\System\SlxVqqu.exe
  C:\Windows\System\SlxVqqu.exe
  2⤵
  PID:6440
- C:\Windows\System\ydJpHNm.exe
  C:\Windows\System\ydJpHNm.exe
  2⤵
  PID:6464
- C:\Windows\System\XZJnymx.exe
  C:\Windows\System\XZJnymx.exe
  2⤵
  PID:6484
- C:\Windows\System\QcaytJt.exe
  C:\Windows\System\QcaytJt.exe
  2⤵
  PID:6500
- C:\Windows\System\YtTjGIT.exe
  C:\Windows\System\YtTjGIT.exe
  2⤵
  PID:6524
- C:\Windows\System\tUqXOzI.exe
  C:\Windows\System\tUqXOzI.exe
  2⤵
  PID:6544
- C:\Windows\System\lAtzZBe.exe
  C:\Windows\System\lAtzZBe.exe
  2⤵
  PID:6564
- C:\Windows\System\ZFqIqjI.exe
  C:\Windows\System\ZFqIqjI.exe
  2⤵
  PID:6584
- C:\Windows\System\tczVqEG.exe
  C:\Windows\System\tczVqEG.exe
  2⤵
  PID:6600
- C:\Windows\System\gTpKlYp.exe
  C:\Windows\System\gTpKlYp.exe
  2⤵
  PID:6624
- C:\Windows\System\NMVoMlW.exe
  C:\Windows\System\NMVoMlW.exe
  2⤵
  PID:6652
- C:\Windows\System\FZtdUXg.exe
  C:\Windows\System\FZtdUXg.exe
  2⤵
  PID:6672
- C:\Windows\System\DDIxcvN.exe
  C:\Windows\System\DDIxcvN.exe
  2⤵
  PID:6692
- C:\Windows\System\goRqUeZ.exe
  C:\Windows\System\goRqUeZ.exe
  2⤵
  PID:6712
- C:\Windows\System\jkMsCWD.exe
  C:\Windows\System\jkMsCWD.exe
  2⤵
  PID:6732
- C:\Windows\System\nfqBgCS.exe
  C:\Windows\System\nfqBgCS.exe
  2⤵
  PID:6756
- C:\Windows\System\IDRFpvV.exe
  C:\Windows\System\IDRFpvV.exe
  2⤵
  PID:6780
- C:\Windows\System\nbxLCtF.exe
  C:\Windows\System\nbxLCtF.exe
  2⤵
  PID:6804
- C:\Windows\System\MWBzZzk.exe
  C:\Windows\System\MWBzZzk.exe
  2⤵
  PID:6824
- C:\Windows\System\mnSerCb.exe
  C:\Windows\System\mnSerCb.exe
  2⤵
  PID:6840
- C:\Windows\System\yDUKpSR.exe
  C:\Windows\System\yDUKpSR.exe
  2⤵
  PID:6876
- C:\Windows\System\IihPcPs.exe
  C:\Windows\System\IihPcPs.exe
  2⤵
  PID:6896
- C:\Windows\System\HCzVHMa.exe
  C:\Windows\System\HCzVHMa.exe
  2⤵
  PID:6916
- C:\Windows\System\nPTmqWe.exe
  C:\Windows\System\nPTmqWe.exe
  2⤵
  PID:6936
- C:\Windows\System\IrIcAkg.exe
  C:\Windows\System\IrIcAkg.exe
  2⤵
  PID:6956
- C:\Windows\System\hgBGFNz.exe
  C:\Windows\System\hgBGFNz.exe
  2⤵
  PID:6976
- C:\Windows\System\LzBIsoG.exe
  C:\Windows\System\LzBIsoG.exe
  2⤵
  PID:6996
- C:\Windows\System\MllVChi.exe
  C:\Windows\System\MllVChi.exe
  2⤵
  PID:7016
- C:\Windows\System\pPqsQTQ.exe
  C:\Windows\System\pPqsQTQ.exe
  2⤵
  PID:7036
- C:\Windows\System\kUkkdrD.exe
  C:\Windows\System\kUkkdrD.exe
  2⤵
  PID:7056
- C:\Windows\System\UkTRxjS.exe
  C:\Windows\System\UkTRxjS.exe
  2⤵
  PID:7076
- C:\Windows\System\ZzErDIB.exe
  C:\Windows\System\ZzErDIB.exe
  2⤵
  PID:7092
- C:\Windows\System\AMEnHjd.exe
  C:\Windows\System\AMEnHjd.exe
  2⤵
  PID:7116
- C:\Windows\System\ypTnwMJ.exe
  C:\Windows\System\ypTnwMJ.exe
  2⤵
  PID:7136
- C:\Windows\System\JWekiDc.exe
  C:\Windows\System\JWekiDc.exe
  2⤵
  PID:7160
- C:\Windows\System\HQkeuoK.exe
  C:\Windows\System\HQkeuoK.exe
  2⤵
  PID:5164
- C:\Windows\System\EOnzUtD.exe
  C:\Windows\System\EOnzUtD.exe
  2⤵
  PID:5040
- C:\Windows\System\LwlLMlF.exe
  C:\Windows\System\LwlLMlF.exe
  2⤵
  PID:5744
- C:\Windows\System\IbiMgoZ.exe
  C:\Windows\System\IbiMgoZ.exe
  2⤵
  PID:5596
- C:\Windows\System\aBDmbZU.exe
  C:\Windows\System\aBDmbZU.exe
  2⤵
  PID:5864
- C:\Windows\System\ZFqpYIl.exe
  C:\Windows\System\ZFqpYIl.exe
  2⤵
  PID:6164
- C:\Windows\System\yCHYbgQ.exe
  C:\Windows\System\yCHYbgQ.exe
  2⤵
  PID:6204
- C:\Windows\System\hfBIfOa.exe
  C:\Windows\System\hfBIfOa.exe
  2⤵
  PID:6244
- C:\Windows\System\OCZCmif.exe
  C:\Windows\System\OCZCmif.exe
  2⤵
  PID:6228
- C:\Windows\System\ElrGYWS.exe
  C:\Windows\System\ElrGYWS.exe
  2⤵
  PID:6288
- C:\Windows\System\VWTVPKn.exe
  C:\Windows\System\VWTVPKn.exe
  2⤵
  PID:6328
- C:\Windows\System\WGkotjw.exe
  C:\Windows\System\WGkotjw.exe
  2⤵
  PID:6352
- C:\Windows\System\WEBNppO.exe
  C:\Windows\System\WEBNppO.exe
  2⤵
  PID:6408
- C:\Windows\System\KgLhFTr.exe
  C:\Windows\System\KgLhFTr.exe
  2⤵
  PID:6392
- C:\Windows\System\oIPZCtA.exe
  C:\Windows\System\oIPZCtA.exe
  2⤵
  PID:6432
- C:\Windows\System\zHTshjJ.exe
  C:\Windows\System\zHTshjJ.exe
  2⤵
  PID:6480
- C:\Windows\System\LvLlkyt.exe
  C:\Windows\System\LvLlkyt.exe
  2⤵
  PID:6512
- C:\Windows\System\VVVaFWF.exe
  C:\Windows\System\VVVaFWF.exe
  2⤵
  PID:6552
- C:\Windows\System\jNrUGtk.exe
  C:\Windows\System\jNrUGtk.exe
  2⤵
  PID:6576
- C:\Windows\System\EbmzYqH.exe
  C:\Windows\System\EbmzYqH.exe
  2⤵
  PID:6596
- C:\Windows\System\WObxRAK.exe
  C:\Windows\System\WObxRAK.exe
  2⤵
  PID:6660
- C:\Windows\System\vZNmEft.exe
  C:\Windows\System\vZNmEft.exe
  2⤵
  PID:6664
- C:\Windows\System\iTcjMSg.exe
  C:\Windows\System\iTcjMSg.exe
  2⤵
  PID:6704
- C:\Windows\System\BLIDISV.exe
  C:\Windows\System\BLIDISV.exe
  2⤵
  PID:6768
- C:\Windows\System\jdxARci.exe
  C:\Windows\System\jdxARci.exe
  2⤵
  PID:6796
- C:\Windows\System\WJxjrWZ.exe
  C:\Windows\System\WJxjrWZ.exe
  2⤵
  PID:6856
- C:\Windows\System\lOkOTms.exe
  C:\Windows\System\lOkOTms.exe
  2⤵
  PID:6884
- C:\Windows\System\eOsVtcp.exe
  C:\Windows\System\eOsVtcp.exe
  2⤵
  PID:6888
- C:\Windows\System\eTlisYv.exe
  C:\Windows\System\eTlisYv.exe
  2⤵
  PID:6932
- C:\Windows\System\sDndLqv.exe
  C:\Windows\System\sDndLqv.exe
  2⤵
  PID:6988
- C:\Windows\System\ENTQXsT.exe
  C:\Windows\System\ENTQXsT.exe
  2⤵
  PID:7032
- C:\Windows\System\QnxrwvS.exe
  C:\Windows\System\QnxrwvS.exe
  2⤵
  PID:7008
- C:\Windows\System\WBvuwyZ.exe
  C:\Windows\System\WBvuwyZ.exe
  2⤵
  PID:7052
- C:\Windows\System\XjBjbZt.exe
  C:\Windows\System\XjBjbZt.exe
  2⤵
  PID:7104
- C:\Windows\System\iaYcBHS.exe
  C:\Windows\System\iaYcBHS.exe
  2⤵
  PID:7156
- C:\Windows\System\bpGXqIH.exe
  C:\Windows\System\bpGXqIH.exe
  2⤵
  PID:4164
- C:\Windows\System\tcIWQvp.exe
  C:\Windows\System\tcIWQvp.exe
  2⤵
  PID:6456
- C:\Windows\System\MyqWHkq.exe
  C:\Windows\System\MyqWHkq.exe
  2⤵
  PID:5784
- C:\Windows\System\srmzxdu.exe
  C:\Windows\System\srmzxdu.exe
  2⤵
  PID:5556
- C:\Windows\System\YbuxShc.exe
  C:\Windows\System\YbuxShc.exe
  2⤵
  PID:5968
- C:\Windows\System\EOXUFWl.exe
  C:\Windows\System\EOXUFWl.exe
  2⤵
  PID:6168
- C:\Windows\System\pzsvesh.exe
  C:\Windows\System\pzsvesh.exe
  2⤵
  PID:6284
- C:\Windows\System\rYAhzSc.exe
  C:\Windows\System\rYAhzSc.exe
  2⤵
  PID:6308
- C:\Windows\System\FXWDWPo.exe
  C:\Windows\System\FXWDWPo.exe
  2⤵
  PID:1928
- C:\Windows\System\NoxerSE.exe
  C:\Windows\System\NoxerSE.exe
  2⤵
  PID:6384
- C:\Windows\System\RvHDWbD.exe
  C:\Windows\System\RvHDWbD.exe
  2⤵
  PID:6460
- C:\Windows\System\FppEusB.exe
  C:\Windows\System\FppEusB.exe
  2⤵
  PID:6536
- C:\Windows\System\hPaTwba.exe
  C:\Windows\System\hPaTwba.exe
  2⤵
  PID:2824
- C:\Windows\System\ZuIwHrW.exe
  C:\Windows\System\ZuIwHrW.exe
  2⤵
  PID:6688
- C:\Windows\System\WdFXQCR.exe
  C:\Windows\System\WdFXQCR.exe
  2⤵
  PID:6636
- C:\Windows\System\OoipkKS.exe
  C:\Windows\System\OoipkKS.exe
  2⤵
  PID:2472
- C:\Windows\System\qlezxIN.exe
  C:\Windows\System\qlezxIN.exe
  2⤵
  PID:6728
- C:\Windows\System\jpiNJJV.exe
  C:\Windows\System\jpiNJJV.exe
  2⤵
  PID:6816
- C:\Windows\System\YzGQqxi.exe
  C:\Windows\System\YzGQqxi.exe
  2⤵
  PID:6832
- C:\Windows\System\tmXBCtV.exe
  C:\Windows\System\tmXBCtV.exe
  2⤵
  PID:6992
- C:\Windows\System\hEqUmYg.exe
  C:\Windows\System\hEqUmYg.exe
  2⤵
  PID:7112
- C:\Windows\System\ZuGHSmD.exe
  C:\Windows\System\ZuGHSmD.exe
  2⤵
  PID:7084
- C:\Windows\System\WRBgdrs.exe
  C:\Windows\System\WRBgdrs.exe
  2⤵
  PID:5356
- C:\Windows\System\bTcHVhh.exe
  C:\Windows\System\bTcHVhh.exe
  2⤵
  PID:3872
- C:\Windows\System\lMyZgQw.exe
  C:\Windows\System\lMyZgQw.exe
  2⤵
  PID:5904
- C:\Windows\System\ltVdoPR.exe
  C:\Windows\System\ltVdoPR.exe
  2⤵
  PID:6152
- C:\Windows\System\qftgTsD.exe
  C:\Windows\System\qftgTsD.exe
  2⤵
  PID:6208
- C:\Windows\System\vDPMTek.exe
  C:\Windows\System\vDPMTek.exe
  2⤵
  PID:2632
- C:\Windows\System\whyuMzi.exe
  C:\Windows\System\whyuMzi.exe
  2⤵
  PID:6412
- C:\Windows\System\VHGstAV.exe
  C:\Windows\System\VHGstAV.exe
  2⤵
  PID:2760
- C:\Windows\System\ngIPqDl.exe
  C:\Windows\System\ngIPqDl.exe
  2⤵
  PID:6532
- C:\Windows\System\ERyrltP.exe
  C:\Windows\System\ERyrltP.exe
  2⤵
  PID:6632
- C:\Windows\System\pCtqaix.exe
  C:\Windows\System\pCtqaix.exe
  2⤵
  PID:6556
- C:\Windows\System\FFyGRbS.exe
  C:\Windows\System\FFyGRbS.exe
  2⤵
  PID:2484
- C:\Windows\System\nxLdusE.exe
  C:\Windows\System\nxLdusE.exe
  2⤵
  PID:2984
- C:\Windows\System\bXgBNWS.exe
  C:\Windows\System\bXgBNWS.exe
  2⤵
  PID:6948
- C:\Windows\System\sJodvKT.exe
  C:\Windows\System\sJodvKT.exe
  2⤵
  PID:1620
- C:\Windows\System\bIrtCSS.exe
  C:\Windows\System\bIrtCSS.exe
  2⤵
  PID:2832
- C:\Windows\System\kGkmytP.exe
  C:\Windows\System\kGkmytP.exe
  2⤵
  PID:536
- C:\Windows\System\ifjzdUo.exe
  C:\Windows\System\ifjzdUo.exe
  2⤵
  PID:1276
- C:\Windows\System\BxZwLlS.exe
  C:\Windows\System\BxZwLlS.exe
  2⤵
  PID:2348
- C:\Windows\System\lUmOZJT.exe
  C:\Windows\System\lUmOZJT.exe
  2⤵
  PID:6984
- C:\Windows\System\JsVjtcS.exe
  C:\Windows\System\JsVjtcS.exe
  2⤵
  PID:7124
- C:\Windows\System\yMQYKry.exe
  C:\Windows\System\yMQYKry.exe
  2⤵
  PID:1808
- C:\Windows\System\iexJngp.exe
  C:\Windows\System\iexJngp.exe
  2⤵
  PID:2096
- C:\Windows\System\FEfKwei.exe
  C:\Windows\System\FEfKwei.exe
  2⤵
  PID:6372
- C:\Windows\System\dfJXpOy.exe
  C:\Windows\System\dfJXpOy.exe
  2⤵
  PID:6496
- C:\Windows\System\OiLGkIN.exe
  C:\Windows\System\OiLGkIN.exe
  2⤵
  PID:6580
- C:\Windows\System\eUnELpp.exe
  C:\Windows\System\eUnELpp.exe
  2⤵
  PID:2392
- C:\Windows\System\dlzhMde.exe
  C:\Windows\System\dlzhMde.exe
  2⤵
  PID:3004
- C:\Windows\System\yjppqsS.exe
  C:\Windows\System\yjppqsS.exe
  2⤵
  PID:1756
- C:\Windows\System\PkuOWfz.exe
  C:\Windows\System\PkuOWfz.exe
  2⤵
  PID:1540
- C:\Windows\System\fLsSHrc.exe
  C:\Windows\System\fLsSHrc.exe
  2⤵
  PID:7172
- C:\Windows\System\GaCzzeg.exe
  C:\Windows\System\GaCzzeg.exe
  2⤵
  PID:7188
- C:\Windows\System\ljOtzJD.exe
  C:\Windows\System\ljOtzJD.exe
  2⤵
  PID:7204
- C:\Windows\System\LjxXGOr.exe
  C:\Windows\System\LjxXGOr.exe
  2⤵
  PID:7220
- C:\Windows\System\MSnCvSQ.exe
  C:\Windows\System\MSnCvSQ.exe
  2⤵
  PID:7244
- C:\Windows\System\uwcrmbP.exe
  C:\Windows\System\uwcrmbP.exe
  2⤵
  PID:7260
- C:\Windows\System\cCLjFsW.exe
  C:\Windows\System\cCLjFsW.exe
  2⤵
  PID:7276
- C:\Windows\System\UNJLieN.exe
  C:\Windows\System\UNJLieN.exe
  2⤵
  PID:7296
- C:\Windows\System\FvCyxRS.exe
  C:\Windows\System\FvCyxRS.exe
  2⤵
  PID:7312
- C:\Windows\System\kSWjfNC.exe
  C:\Windows\System\kSWjfNC.exe
  2⤵
  PID:7328
- C:\Windows\System\LUZDuSS.exe
  C:\Windows\System\LUZDuSS.exe
  2⤵
  PID:7344
- C:\Windows\System\UlUQTfd.exe
  C:\Windows\System\UlUQTfd.exe
  2⤵
  PID:7360
- C:\Windows\System\ITPEoZS.exe
  C:\Windows\System\ITPEoZS.exe
  2⤵
  PID:7376
- C:\Windows\System\XlQMiUR.exe
  C:\Windows\System\XlQMiUR.exe
  2⤵
  PID:7392
- C:\Windows\System\KJRxYPT.exe
  C:\Windows\System\KJRxYPT.exe
  2⤵
  PID:7408
- C:\Windows\System\PYHhWzI.exe
  C:\Windows\System\PYHhWzI.exe
  2⤵
  PID:7424
- C:\Windows\System\skwJolB.exe
  C:\Windows\System\skwJolB.exe
  2⤵
  PID:7440
- C:\Windows\System\fINYszJ.exe
  C:\Windows\System\fINYszJ.exe
  2⤵
  PID:7460
- C:\Windows\System\QCeFXNB.exe
  C:\Windows\System\QCeFXNB.exe
  2⤵
  PID:7548
- C:\Windows\System\OeYoJNb.exe
  C:\Windows\System\OeYoJNb.exe
  2⤵
  PID:7568
- C:\Windows\System\dSXvKfH.exe
  C:\Windows\System\dSXvKfH.exe
  2⤵
  PID:7584
- C:\Windows\System\MsZeovV.exe
  C:\Windows\System\MsZeovV.exe
  2⤵
  PID:7600
- C:\Windows\System\RTRtQpY.exe
  C:\Windows\System\RTRtQpY.exe
  2⤵
  PID:7620
- C:\Windows\System\WcVqDuW.exe
  C:\Windows\System\WcVqDuW.exe
  2⤵
  PID:7636
- C:\Windows\System\OzVCBDM.exe
  C:\Windows\System\OzVCBDM.exe
  2⤵
  PID:7652
- C:\Windows\System\rJuwbOS.exe
  C:\Windows\System\rJuwbOS.exe
  2⤵
  PID:7668
- C:\Windows\System\nmQQJvW.exe
  C:\Windows\System\nmQQJvW.exe
  2⤵
  PID:7688
- C:\Windows\System\NUpCbdH.exe
  C:\Windows\System\NUpCbdH.exe
  2⤵
  PID:7704
- C:\Windows\System\bpYidBC.exe
  C:\Windows\System\bpYidBC.exe
  2⤵
  PID:7720
- C:\Windows\System\duDKXoT.exe
  C:\Windows\System\duDKXoT.exe
  2⤵
  PID:7736
- C:\Windows\System\CfmdRci.exe
  C:\Windows\System\CfmdRci.exe
  2⤵
  PID:7756
- C:\Windows\System\DfNYGQd.exe
  C:\Windows\System\DfNYGQd.exe
  2⤵
  PID:7780
- C:\Windows\System\IgVvruD.exe
  C:\Windows\System\IgVvruD.exe
  2⤵
  PID:7800
- C:\Windows\System\ZaqOXYy.exe
  C:\Windows\System\ZaqOXYy.exe
  2⤵
  PID:7816
- C:\Windows\System\XBPMJID.exe
  C:\Windows\System\XBPMJID.exe
  2⤵
  PID:7832
- C:\Windows\System\yBqirnF.exe
  C:\Windows\System\yBqirnF.exe
  2⤵
  PID:7848
- C:\Windows\System\dITvxHR.exe
  C:\Windows\System\dITvxHR.exe
  2⤵
  PID:7864
- C:\Windows\System\NRnzfLl.exe
  C:\Windows\System\NRnzfLl.exe
  2⤵
  PID:7880
- C:\Windows\System\gCuavjL.exe
  C:\Windows\System\gCuavjL.exe
  2⤵
  PID:7896
- C:\Windows\System\LyGeHzi.exe
  C:\Windows\System\LyGeHzi.exe
  2⤵
  PID:7912
- C:\Windows\System\riBWXrs.exe
  C:\Windows\System\riBWXrs.exe
  2⤵
  PID:7932
- C:\Windows\System\yegUZaJ.exe
  C:\Windows\System\yegUZaJ.exe
  2⤵
  PID:7952
- C:\Windows\System\fTnavkO.exe
  C:\Windows\System\fTnavkO.exe
  2⤵
  PID:7968
- C:\Windows\System\CXFDHJp.exe
  C:\Windows\System\CXFDHJp.exe
  2⤵
  PID:8072
- C:\Windows\System\RuMGJSa.exe
  C:\Windows\System\RuMGJSa.exe
  2⤵
  PID:8092
- C:\Windows\System\QnKFOCF.exe
  C:\Windows\System\QnKFOCF.exe
  2⤵
  PID:8112
- C:\Windows\System\IdkafZE.exe
  C:\Windows\System\IdkafZE.exe
  2⤵
  PID:8128
- C:\Windows\System\PLQEceF.exe
  C:\Windows\System\PLQEceF.exe
  2⤵
  PID:8148
- C:\Windows\System\oVmdFyY.exe
  C:\Windows\System\oVmdFyY.exe
  2⤵
  PID:8164
- C:\Windows\System\vawWDgC.exe
  C:\Windows\System\vawWDgC.exe
  2⤵
  PID:8180
- C:\Windows\System\ueXhqnh.exe
  C:\Windows\System\ueXhqnh.exe
  2⤵
  PID:4244
- C:\Windows\System\YqsjqKs.exe
  C:\Windows\System\YqsjqKs.exe
  2⤵
  PID:7228
- C:\Windows\System\GoCJpGe.exe
  C:\Windows\System\GoCJpGe.exe
  2⤵
  PID:7272
- C:\Windows\System\IbtCQGY.exe
  C:\Windows\System\IbtCQGY.exe
  2⤵
  PID:7340
- C:\Windows\System\mgGChOY.exe
  C:\Windows\System\mgGChOY.exe
  2⤵
  PID:7400
- C:\Windows\System\SsGpfMi.exe
  C:\Windows\System\SsGpfMi.exe
  2⤵
  PID:6324
- C:\Windows\System\SKtNDaF.exe
  C:\Windows\System\SKtNDaF.exe
  2⤵
  PID:6364
- C:\Windows\System\CNnAVhV.exe
  C:\Windows\System\CNnAVhV.exe
  2⤵
  PID:1200
- C:\Windows\System\uDGCjPi.exe
  C:\Windows\System\uDGCjPi.exe
  2⤵
  PID:7288
- C:\Windows\System\lZIXoYu.exe
  C:\Windows\System\lZIXoYu.exe
  2⤵
  PID:7324
- C:\Windows\System\nCrmjVY.exe
  C:\Windows\System\nCrmjVY.exe
  2⤵
  PID:7420
- C:\Windows\System\NHRMtZT.exe
  C:\Windows\System\NHRMtZT.exe
  2⤵
  PID:7152
- C:\Windows\System\QKzoZyF.exe
  C:\Windows\System\QKzoZyF.exe
  2⤵
  PID:1584
- C:\Windows\System\ieMOpnD.exe
  C:\Windows\System\ieMOpnD.exe
  2⤵
  PID:7284
- C:\Windows\System\SOdJBQu.exe
  C:\Windows\System\SOdJBQu.exe
  2⤵
  PID:7180
- C:\Windows\System\DLOmqtA.exe
  C:\Windows\System\DLOmqtA.exe
  2⤵
  PID:1484
- C:\Windows\System\MFslugc.exe
  C:\Windows\System\MFslugc.exe
  2⤵
  PID:6912
- C:\Windows\System\JFMwYCB.exe
  C:\Windows\System\JFMwYCB.exe
  2⤵
  PID:7212
- C:\Windows\System\FKUNxOh.exe
  C:\Windows\System\FKUNxOh.exe
  2⤵
  PID:7484
- C:\Windows\System\aPqQimT.exe
  C:\Windows\System\aPqQimT.exe
  2⤵
  PID:7500
- C:\Windows\System\XxAdAVX.exe
  C:\Windows\System\XxAdAVX.exe
  2⤵
  PID:7516
- C:\Windows\System\DxWQzdG.exe
  C:\Windows\System\DxWQzdG.exe
  2⤵
  PID:7532
- C:\Windows\System\LBikcHF.exe
  C:\Windows\System\LBikcHF.exe
  2⤵
  PID:7576
- C:\Windows\System\TnupnOy.exe
  C:\Windows\System\TnupnOy.exe
  2⤵
  PID:7616
- C:\Windows\System\rSbNEEr.exe
  C:\Windows\System\rSbNEEr.exe
  2⤵
  PID:7560
- C:\Windows\System\uHKUrzq.exe
  C:\Windows\System\uHKUrzq.exe
  2⤵
  PID:7628
- C:\Windows\System\rEcfPUS.exe
  C:\Windows\System\rEcfPUS.exe
  2⤵
  PID:7676
- C:\Windows\System\EwptJdR.exe
  C:\Windows\System\EwptJdR.exe
  2⤵
  PID:7716
- C:\Windows\System\mrQpfcS.exe
  C:\Windows\System\mrQpfcS.exe
  2⤵
  PID:7788
- C:\Windows\System\ARfojYI.exe
  C:\Windows\System\ARfojYI.exe
  2⤵
  PID:7828
- C:\Windows\System\kHoUHBi.exe
  C:\Windows\System\kHoUHBi.exe
  2⤵
  PID:7892
- C:\Windows\System\rGahvmS.exe
  C:\Windows\System\rGahvmS.exe
  2⤵
  PID:7664
- C:\Windows\System\EyiardY.exe
  C:\Windows\System\EyiardY.exe
  2⤵
  PID:7728
- C:\Windows\System\SOjnZdt.exe
  C:\Windows\System\SOjnZdt.exe
  2⤵
  PID:7776
- C:\Windows\System\MRXNWpg.exe
  C:\Windows\System\MRXNWpg.exe
  2⤵
  PID:7940
- C:\Windows\System\gheaIrG.exe
  C:\Windows\System\gheaIrG.exe
  2⤵
  PID:8028
- C:\Windows\System\nXyBfku.exe
  C:\Windows\System\nXyBfku.exe
  2⤵
  PID:7844
- C:\Windows\System\FWMNAGg.exe
  C:\Windows\System\FWMNAGg.exe
  2⤵
  PID:7948
- C:\Windows\System\EAmLxHW.exe
  C:\Windows\System\EAmLxHW.exe
  2⤵
  PID:7992
- C:\Windows\System\fwnUoMb.exe
  C:\Windows\System\fwnUoMb.exe
  2⤵
  PID:8020
- C:\Windows\System\wuoLsHu.exe
  C:\Windows\System\wuoLsHu.exe
  2⤵
  PID:8040
- C:\Windows\System\tGFrVIn.exe
  C:\Windows\System\tGFrVIn.exe
  2⤵
  PID:8060
- C:\Windows\System\bkzDRZA.exe
  C:\Windows\System\bkzDRZA.exe
  2⤵
  PID:8068
- C:\Windows\System\LkynwKJ.exe
  C:\Windows\System\LkynwKJ.exe
  2⤵
  PID:8104
- C:\Windows\System\YHfDUBY.exe
  C:\Windows\System\YHfDUBY.exe
  2⤵
  PID:8160
- C:\Windows\System\oJTAoYq.exe
  C:\Windows\System\oJTAoYq.exe
  2⤵
  PID:7268
- C:\Windows\System\vuZpSLp.exe
  C:\Windows\System\vuZpSLp.exe
  2⤵
  PID:6292
- C:\Windows\System\TbmHMpP.exe
  C:\Windows\System\TbmHMpP.exe
  2⤵
  PID:7416
- C:\Windows\System\kHmGflq.exe
  C:\Windows\System\kHmGflq.exe
  2⤵
  PID:8136
- C:\Windows\System\WVmIcVa.exe
  C:\Windows\System\WVmIcVa.exe
  2⤵
  PID:7256
- C:\Windows\System\EktahsX.exe
  C:\Windows\System\EktahsX.exe
  2⤵
  PID:7336
- C:\Windows\System\OXzDVGt.exe
  C:\Windows\System\OXzDVGt.exe
  2⤵
  PID:7232
- C:\Windows\System\AhWdIoc.exe
  C:\Windows\System\AhWdIoc.exe
  2⤵
  PID:1960
- C:\Windows\System\lcRpsJt.exe
  C:\Windows\System\lcRpsJt.exe
  2⤵
  PID:7292
- C:\Windows\System\PhxKSPe.exe
  C:\Windows\System\PhxKSPe.exe
  2⤵
  PID:2080
- C:\Windows\System\NFxJpGD.exe
  C:\Windows\System\NFxJpGD.exe
  2⤵
  PID:6892
- C:\Windows\System\YlIIitf.exe
  C:\Windows\System\YlIIitf.exe
  2⤵
  PID:7476
- C:\Windows\System\loumZyL.exe
  C:\Windows\System\loumZyL.exe
  2⤵
  PID:7540
- C:\Windows\System\faevYAN.exe
  C:\Windows\System\faevYAN.exe
  2⤵
  PID:7660
- C:\Windows\System\gLwYBtP.exe
  C:\Windows\System\gLwYBtP.exe
  2⤵
  PID:7860
- C:\Windows\System\Mahledy.exe
  C:\Windows\System\Mahledy.exe
  2⤵
  PID:7904
- C:\Windows\System\iclrfYl.exe
  C:\Windows\System\iclrfYl.exe
  2⤵
  PID:7980
- C:\Windows\System\IsEYOmR.exe
  C:\Windows\System\IsEYOmR.exe
  2⤵
  PID:8036
- C:\Windows\System\BApTEow.exe
  C:\Windows\System\BApTEow.exe
  2⤵
  PID:2244
- C:\Windows\System\wPLbFam.exe
  C:\Windows\System\wPLbFam.exe
  2⤵
  PID:8052
- C:\Windows\System\mbTnqoF.exe
  C:\Windows\System\mbTnqoF.exe
  2⤵
  PID:8108
- C:\Windows\System\qXHDQko.exe
  C:\Windows\System\qXHDQko.exe
  2⤵
  PID:7004
- C:\Windows\System\EPttpyd.exe
  C:\Windows\System\EPttpyd.exe
  2⤵
  PID:7592
- C:\Windows\System\hsAyiPa.exe
  C:\Windows\System\hsAyiPa.exe
  2⤵
  PID:7596
- C:\Windows\System\ANTapjM.exe
  C:\Windows\System\ANTapjM.exe
  2⤵
  PID:7924
- C:\Windows\System\SZKFaUE.exe
  C:\Windows\System\SZKFaUE.exe
  2⤵
  PID:1316
- C:\Windows\System\uGWnGNh.exe
  C:\Windows\System\uGWnGNh.exe
  2⤵
  PID:8008
- C:\Windows\System\AtxdwrC.exe
  C:\Windows\System\AtxdwrC.exe
  2⤵
  PID:2720
- C:\Windows\System\tPLWnjj.exe
  C:\Windows\System\tPLWnjj.exe
  2⤵
  PID:7456
- C:\Windows\System\iIzpnoy.exe
  C:\Windows\System\iIzpnoy.exe
  2⤵
  PID:7648
- C:\Windows\System\JeRCBSK.exe
  C:\Windows\System\JeRCBSK.exe
  2⤵
  PID:8032
- C:\Windows\System\VshtFOy.exe
  C:\Windows\System\VshtFOy.exe
  2⤵
  PID:8000
- C:\Windows\System\okBLVMB.exe
  C:\Windows\System\okBLVMB.exe
  2⤵
  PID:7240
- C:\Windows\System\mbJqWpn.exe
  C:\Windows\System\mbJqWpn.exe
  2⤵
  PID:7196
- C:\Windows\System\DEaHKDG.exe
  C:\Windows\System\DEaHKDG.exe
  2⤵
  PID:7184
- C:\Windows\System\sYwNbTN.exe
  C:\Windows\System\sYwNbTN.exe
  2⤵
  PID:7748
- C:\Windows\System\zqIrIaL.exe
  C:\Windows\System\zqIrIaL.exe
  2⤵
  PID:8080
- C:\Windows\System\laSModM.exe
  C:\Windows\System\laSModM.exe
  2⤵
  PID:7524
- C:\Windows\System\DdYYhmD.exe
  C:\Windows\System\DdYYhmD.exe
  2⤵
  PID:7768
- C:\Windows\System\QgkArXV.exe
  C:\Windows\System\QgkArXV.exe
  2⤵
  PID:6028
- C:\Windows\System\AOjaALY.exe
  C:\Windows\System\AOjaALY.exe
  2⤵
  PID:6776
- C:\Windows\System\tZCRaBF.exe
  C:\Windows\System\tZCRaBF.exe
  2⤵
  PID:8048
- C:\Windows\System\OwtJTej.exe
  C:\Windows\System\OwtJTej.exe
  2⤵
  PID:2132
- C:\Windows\System\EHKfZlE.exe
  C:\Windows\System\EHKfZlE.exe
  2⤵
  PID:7512
- C:\Windows\System\dWxLJgY.exe
  C:\Windows\System\dWxLJgY.exe
  2⤵
  PID:7384
- C:\Windows\System\tOUiPxQ.exe
  C:\Windows\System\tOUiPxQ.exe
  2⤵
  PID:7496
- C:\Windows\System\jRAdkGx.exe
  C:\Windows\System\jRAdkGx.exe
  2⤵
  PID:8156
- C:\Windows\System\pJSGBKr.exe
  C:\Windows\System\pJSGBKr.exe
  2⤵
  PID:7812
- C:\Windows\System\kKQgJDh.exe
  C:\Windows\System\kKQgJDh.exe
  2⤵
  PID:8208
- C:\Windows\System\VkiHeaq.exe
  C:\Windows\System\VkiHeaq.exe
  2⤵
  PID:8224
- C:\Windows\System\LMrgvrl.exe
  C:\Windows\System\LMrgvrl.exe
  2⤵
  PID:8244
- C:\Windows\System\whvZlej.exe
  C:\Windows\System\whvZlej.exe
  2⤵
  PID:8308
- C:\Windows\System\zROIYqz.exe
  C:\Windows\System\zROIYqz.exe
  2⤵
  PID:8324
- C:\Windows\System\tsIQjMe.exe
  C:\Windows\System\tsIQjMe.exe
  2⤵
  PID:8340
- C:\Windows\System\gBKJKoy.exe
  C:\Windows\System\gBKJKoy.exe
  2⤵
  PID:8356
- C:\Windows\System\IIreuSZ.exe
  C:\Windows\System\IIreuSZ.exe
  2⤵
  PID:8376
- C:\Windows\System\XlDVWYo.exe
  C:\Windows\System\XlDVWYo.exe
  2⤵
  PID:8392
- C:\Windows\System\bQUUbzT.exe
  C:\Windows\System\bQUUbzT.exe
  2⤵
  PID:8408
- C:\Windows\System\GDkCGIG.exe
  C:\Windows\System\GDkCGIG.exe
  2⤵
  PID:8424
- C:\Windows\System\afpRTQx.exe
  C:\Windows\System\afpRTQx.exe
  2⤵
  PID:8440
- C:\Windows\System\dPeGKUc.exe
  C:\Windows\System\dPeGKUc.exe
  2⤵
  PID:8456
- C:\Windows\System\JkxxtvB.exe
  C:\Windows\System\JkxxtvB.exe
  2⤵
  PID:8472
- C:\Windows\System\JVCbrdL.exe
  C:\Windows\System\JVCbrdL.exe
  2⤵
  PID:8488
- C:\Windows\System\bsTCIRX.exe
  C:\Windows\System\bsTCIRX.exe
  2⤵
  PID:8504
- C:\Windows\System\nncaujM.exe
  C:\Windows\System\nncaujM.exe
  2⤵
  PID:8520
- C:\Windows\System\HtwmQEe.exe
  C:\Windows\System\HtwmQEe.exe
  2⤵
  PID:8536
- C:\Windows\System\NYqIGsd.exe
  C:\Windows\System\NYqIGsd.exe
  2⤵
  PID:8552
- C:\Windows\System\nnyAwJd.exe
  C:\Windows\System\nnyAwJd.exe
  2⤵
  PID:8568
- C:\Windows\System\ferpvfK.exe
  C:\Windows\System\ferpvfK.exe
  2⤵
  PID:8584
- C:\Windows\System\BcWSrDG.exe
  C:\Windows\System\BcWSrDG.exe
  2⤵
  PID:8600
- C:\Windows\System\PnleBmw.exe
  C:\Windows\System\PnleBmw.exe
  2⤵
  PID:8616
- C:\Windows\System\vIyNFUz.exe
  C:\Windows\System\vIyNFUz.exe
  2⤵
  PID:8632
- C:\Windows\System\dPkCdCC.exe
  C:\Windows\System\dPkCdCC.exe
  2⤵
  PID:8648
- C:\Windows\System\oeWFXLX.exe
  C:\Windows\System\oeWFXLX.exe
  2⤵
  PID:8664
- C:\Windows\System\KwOWtlf.exe
  C:\Windows\System\KwOWtlf.exe
  2⤵
  PID:8680
- C:\Windows\System\BdStYrb.exe
  C:\Windows\System\BdStYrb.exe
  2⤵
  PID:8696
- C:\Windows\System\ULQpxyE.exe
  C:\Windows\System\ULQpxyE.exe
  2⤵
  PID:8712
- C:\Windows\System\hesxsAq.exe
  C:\Windows\System\hesxsAq.exe
  2⤵
  PID:8728
- C:\Windows\System\dlUlHQM.exe
  C:\Windows\System\dlUlHQM.exe
  2⤵
  PID:8744
- C:\Windows\System\WKlENnp.exe
  C:\Windows\System\WKlENnp.exe
  2⤵
  PID:8760
- C:\Windows\System\nhwczcD.exe
  C:\Windows\System\nhwczcD.exe
  2⤵
  PID:9036
- C:\Windows\System\JAVZKTm.exe
  C:\Windows\System\JAVZKTm.exe
  2⤵
  PID:9168
- C:\Windows\System\aCiWSCA.exe
  C:\Windows\System\aCiWSCA.exe
  2⤵
  PID:9184
- C:\Windows\System\izpgOFD.exe
  C:\Windows\System\izpgOFD.exe
  2⤵
  PID:9200
- C:\Windows\System\tjIasuB.exe
  C:\Windows\System\tjIasuB.exe
  2⤵
  PID:2532
- C:\Windows\System\NOLzIVP.exe
  C:\Windows\System\NOLzIVP.exe
  2⤵
  PID:2652
- C:\Windows\System\tOHjtHp.exe
  C:\Windows\System\tOHjtHp.exe
  2⤵
  PID:8256
- C:\Windows\System\EBMUbaf.exe
  C:\Windows\System\EBMUbaf.exe
  2⤵
  PID:8272
- C:\Windows\System\aSnBYAr.exe
  C:\Windows\System\aSnBYAr.exe
  2⤵
  PID:8292
- C:\Windows\System\rWFzEiD.exe
  C:\Windows\System\rWFzEiD.exe
  2⤵
  PID:8336
- C:\Windows\System\UzVLUcn.exe
  C:\Windows\System\UzVLUcn.exe
  2⤵
  PID:8432
- C:\Windows\System\jCNfcoV.exe
  C:\Windows\System\jCNfcoV.exe
  2⤵
  PID:8352
- C:\Windows\System\xCjJZKX.exe
  C:\Windows\System\xCjJZKX.exe
  2⤵
  PID:8452
- C:\Windows\System\IynpsdB.exe
  C:\Windows\System\IynpsdB.exe
  2⤵
  PID:8532
- C:\Windows\System\GIuYHTq.exe
  C:\Windows\System\GIuYHTq.exe
  2⤵
  PID:8564
- C:\Windows\System\MfLTlRP.exe
  C:\Windows\System\MfLTlRP.exe
  2⤵
  PID:8576
- C:\Windows\System\dGSFxUk.exe
  C:\Windows\System\dGSFxUk.exe
  2⤵
  PID:8596
- C:\Windows\System\mqybRHZ.exe
  C:\Windows\System\mqybRHZ.exe
  2⤵
  PID:8660
- C:\Windows\System\NNFpSbh.exe
  C:\Windows\System\NNFpSbh.exe
  2⤵
  PID:8672
- C:\Windows\System\xBpAYRO.exe
  C:\Windows\System\xBpAYRO.exe
  2⤵
  PID:8752
- C:\Windows\System\DJGCTWx.exe
  C:\Windows\System\DJGCTWx.exe
  2⤵
  PID:8740
- C:\Windows\System\wOrxwRZ.exe
  C:\Windows\System\wOrxwRZ.exe
  2⤵
  PID:8788
- C:\Windows\System\BohfnSW.exe
  C:\Windows\System\BohfnSW.exe
  2⤵
  PID:8792
- C:\Windows\System\cYXhGLR.exe
  C:\Windows\System\cYXhGLR.exe
  2⤵
  PID:8808
- C:\Windows\System\cLYJlGz.exe
  C:\Windows\System\cLYJlGz.exe
  2⤵
  PID:8816
- C:\Windows\System\EMRdibc.exe
  C:\Windows\System\EMRdibc.exe
  2⤵
  PID:8848
- C:\Windows\System\PpTFoDB.exe
  C:\Windows\System\PpTFoDB.exe
  2⤵
  PID:8868
- C:\Windows\System\eWjgorw.exe
  C:\Windows\System\eWjgorw.exe
  2⤵
  PID:8888
- C:\Windows\System\hYiQjkV.exe
  C:\Windows\System\hYiQjkV.exe
  2⤵
  PID:8912
- C:\Windows\System\OsfqPlH.exe
  C:\Windows\System\OsfqPlH.exe
  2⤵
  PID:8928
- C:\Windows\System\eowIRvo.exe
  C:\Windows\System\eowIRvo.exe
  2⤵
  PID:8940
- C:\Windows\System\LkwUNoV.exe
  C:\Windows\System\LkwUNoV.exe
  2⤵
  PID:8956
- C:\Windows\System\OmLCzxk.exe
  C:\Windows\System\OmLCzxk.exe
  2⤵
  PID:8992
- C:\Windows\System\uXlsLuv.exe
  C:\Windows\System\uXlsLuv.exe
  2⤵
  PID:9016
- C:\Windows\System\BajDTeF.exe
  C:\Windows\System\BajDTeF.exe
  2⤵
  PID:9064
- C:\Windows\System\JeiAiDV.exe
  C:\Windows\System\JeiAiDV.exe
  2⤵
  PID:9084
- C:\Windows\System\VFEYZyJ.exe
  C:\Windows\System\VFEYZyJ.exe
  2⤵
  PID:9100
- C:\Windows\System\OrIYpWO.exe
  C:\Windows\System\OrIYpWO.exe
  2⤵
  PID:9124
- C:\Windows\System\xTaukla.exe
  C:\Windows\System\xTaukla.exe
  2⤵
  PID:9140
- C:\Windows\System\cUrEKaf.exe
  C:\Windows\System\cUrEKaf.exe
  2⤵
  PID:9164
- C:\Windows\System\czRupsC.exe
  C:\Windows\System\czRupsC.exe
  2⤵
  PID:8216
- C:\Windows\System\GGHRdrk.exe
  C:\Windows\System\GGHRdrk.exe
  2⤵
  PID:8232
- C:\Windows\System\AmAMEer.exe
  C:\Windows\System\AmAMEer.exe
  2⤵
  PID:7840
- C:\Windows\System\JGRnsUQ.exe
  C:\Windows\System\JGRnsUQ.exe
  2⤵
  PID:8252
- C:\Windows\System\hFKhVnk.exe
  C:\Windows\System\hFKhVnk.exe
  2⤵
  PID:896
- C:\Windows\System\TMefSfO.exe
  C:\Windows\System\TMefSfO.exe
  2⤵
  PID:8364
- C:\Windows\System\EsYJNUo.exe
  C:\Windows\System\EsYJNUo.exe
  2⤵
  PID:8400
- C:\Windows\System\ihXCJWI.exe
  C:\Windows\System\ihXCJWI.exe
  2⤵
  PID:8348
- C:\Windows\System\ORMEcfR.exe
  C:\Windows\System\ORMEcfR.exe
  2⤵
  PID:8416
- C:\Windows\System\gXXilWf.exe
  C:\Windows\System\gXXilWf.exe
  2⤵
  PID:8608
- C:\Windows\System\IVtDpdR.exe
  C:\Windows\System\IVtDpdR.exe
  2⤵
  PID:8692
- C:\Windows\System\GWVEfvs.exe
  C:\Windows\System\GWVEfvs.exe
  2⤵
  PID:8832
- C:\Windows\System\tWSxJBt.exe
  C:\Windows\System\tWSxJBt.exe
  2⤵
  PID:8844
- C:\Windows\System\ZYLLtRf.exe
  C:\Windows\System\ZYLLtRf.exe
  2⤵
  PID:8708
- C:\Windows\System\NKcVEyb.exe
  C:\Windows\System\NKcVEyb.exe
  2⤵
  PID:8812
- C:\Windows\System\gHxqzeg.exe
  C:\Windows\System\gHxqzeg.exe
  2⤵
  PID:8864
- C:\Windows\System\YCavfUk.exe
  C:\Windows\System\YCavfUk.exe
  2⤵
  PID:8784
- C:\Windows\System\dihrTHj.exe
  C:\Windows\System\dihrTHj.exe
  2⤵
  PID:1660
- C:\Windows\System\DTOtfhU.exe
  C:\Windows\System\DTOtfhU.exe
  2⤵
  PID:9008
- C:\Windows\System\zrhytxf.exe
  C:\Windows\System\zrhytxf.exe
  2⤵
  PID:8972
- C:\Windows\System\UrciXfl.exe
  C:\Windows\System\UrciXfl.exe
  2⤵
  PID:9052
- C:\Windows\System\smpUoTI.exe
  C:\Windows\System\smpUoTI.exe
  2⤵
  PID:9076
- C:\Windows\System\KCRKLvt.exe
  C:\Windows\System\KCRKLvt.exe
  2⤵
  PID:9108
- C:\Windows\System\zPQhVrT.exe
  C:\Windows\System\zPQhVrT.exe
  2⤵
  PID:9112
- C:\Windows\System\rqIKYGP.exe
  C:\Windows\System\rqIKYGP.exe
  2⤵
  PID:580
- C:\Windows\System\byrLsTV.exe
  C:\Windows\System\byrLsTV.exe
  2⤵
  PID:9136
- C:\Windows\System\lwWOxfx.exe
  C:\Windows\System\lwWOxfx.exe
  2⤵
  PID:9192
- C:\Windows\System\FZJVHsb.exe
  C:\Windows\System\FZJVHsb.exe
  2⤵
  PID:8268
- C:\Windows\System\ZYKwMoU.exe
  C:\Windows\System\ZYKwMoU.exe
  2⤵
  PID:8516
- C:\Windows\System\PGiHYEf.exe
  C:\Windows\System\PGiHYEf.exe
  2⤵
  PID:2424
- C:\Windows\System\GHfRrkp.exe
  C:\Windows\System\GHfRrkp.exe
  2⤵
  PID:8688
- C:\Windows\System\hhhySLp.exe
  C:\Windows\System\hhhySLp.exe
  2⤵
  PID:8880
- C:\Windows\System\eOUBboX.exe
  C:\Windows\System\eOUBboX.exe
  2⤵
  PID:8840
- C:\Windows\System\BtWhpVi.exe
  C:\Windows\System\BtWhpVi.exe
  2⤵
  PID:8856
- C:\Windows\System\SUblrRv.exe
  C:\Windows\System\SUblrRv.exe
  2⤵
  PID:2232
- C:\Windows\System\isIQaNY.exe
  C:\Windows\System\isIQaNY.exe
  2⤵
  PID:8936
- C:\Windows\System\KnprBmq.exe
  C:\Windows\System\KnprBmq.exe
  2⤵
  PID:9060
- C:\Windows\System\VsCHpkJ.exe
  C:\Windows\System\VsCHpkJ.exe
  2⤵
  PID:9148
- C:\Windows\System\coEYoFh.exe
  C:\Windows\System\coEYoFh.exe
  2⤵
  PID:9048
- C:\Windows\System\xJJJmtT.exe
  C:\Windows\System\xJJJmtT.exe
  2⤵
  PID:9212
- C:\Windows\System\BQaMiOy.exe
  C:\Windows\System\BQaMiOy.exe
  2⤵
  PID:8484
- C:\Windows\System\vHUnPAx.exe
  C:\Windows\System\vHUnPAx.exe
  2⤵
  PID:8372
- C:\Windows\System\qylVPdh.exe
  C:\Windows\System\qylVPdh.exe
  2⤵
  PID:8720
- C:\Windows\System\CRVvKFO.exe
  C:\Windows\System\CRVvKFO.exe
  2⤵
  PID:9004
- C:\Windows\System\CKODUKj.exe
  C:\Windows\System\CKODUKj.exe
  2⤵
  PID:8756
- C:\Windows\System\BCPqobn.exe
  C:\Windows\System\BCPqobn.exe
  2⤵
  PID:8988
- C:\Windows\System\wRnpnCR.exe
  C:\Windows\System\wRnpnCR.exe
  2⤵
  PID:8656
- C:\Windows\System\vvvbDST.exe
  C:\Windows\System\vvvbDST.exe
  2⤵
  PID:9120
- C:\Windows\System\HPIRfoE.exe
  C:\Windows\System\HPIRfoE.exe
  2⤵
  PID:8980
- C:\Windows\System\sQlNlaS.exe
  C:\Windows\System\sQlNlaS.exe
  2⤵
  PID:8220
- C:\Windows\System\HmSLmGN.exe
  C:\Windows\System\HmSLmGN.exe
  2⤵
  PID:2064
- C:\Windows\System\EzBDSNI.exe
  C:\Windows\System\EzBDSNI.exe
  2⤵
  PID:1652
- C:\Windows\System\ZkdpDRZ.exe
  C:\Windows\System\ZkdpDRZ.exe
  2⤵
  PID:8968
- C:\Windows\System\piTYHyw.exe
  C:\Windows\System\piTYHyw.exe
  2⤵
  PID:8896
- C:\Windows\System\WWCeRwf.exe
  C:\Windows\System\WWCeRwf.exe
  2⤵
  PID:2592
- C:\Windows\System\fThbFvR.exe
  C:\Windows\System\fThbFvR.exe
  2⤵
  PID:1000
- C:\Windows\System\IbjkGEE.exe
  C:\Windows\System\IbjkGEE.exe
  2⤵
  PID:8624
- C:\Windows\System\YpyNKrK.exe
  C:\Windows\System\YpyNKrK.exe
  2⤵
  PID:1308
- C:\Windows\System\WkPTMsL.exe
  C:\Windows\System\WkPTMsL.exe
  2⤵
  PID:620
- C:\Windows\System\rNGKJsU.exe
  C:\Windows\System\rNGKJsU.exe
  2⤵
  PID:8528
- C:\Windows\System\LsHEhKa.exe
  C:\Windows\System\LsHEhKa.exe
  2⤵
  PID:8772
- C:\Windows\System\wOvNEez.exe
  C:\Windows\System\wOvNEez.exe
  2⤵
  PID:2596
- C:\Windows\System\XTxDYqW.exe
  C:\Windows\System\XTxDYqW.exe
  2⤵
  PID:9228
- C:\Windows\System\WgwDOJu.exe
  C:\Windows\System\WgwDOJu.exe
  2⤵
  PID:9256
- C:\Windows\System\bqbhRPO.exe
  C:\Windows\System\bqbhRPO.exe
  2⤵
  PID:9280
- C:\Windows\System\GudAQfQ.exe
  C:\Windows\System\GudAQfQ.exe
  2⤵
  PID:9308
- C:\Windows\System\ZmxMjaK.exe
  C:\Windows\System\ZmxMjaK.exe
  2⤵
  PID:9328
- C:\Windows\System\gkuTzlL.exe
  C:\Windows\System\gkuTzlL.exe
  2⤵
  PID:9344
- C:\Windows\System\HFXGGPL.exe
  C:\Windows\System\HFXGGPL.exe
  2⤵
  PID:9360
- C:\Windows\System\aUTbAhy.exe
  C:\Windows\System\aUTbAhy.exe
  2⤵
  PID:9376
- C:\Windows\System\oBjbRoB.exe
  C:\Windows\System\oBjbRoB.exe
  2⤵
  PID:9400
- C:\Windows\System\ihaMOKy.exe
  C:\Windows\System\ihaMOKy.exe
  2⤵
  PID:9416
- C:\Windows\System\ezEUTaP.exe
  C:\Windows\System\ezEUTaP.exe
  2⤵
  PID:9432
- C:\Windows\System\RHdFgrs.exe
  C:\Windows\System\RHdFgrs.exe
  2⤵
  PID:9452
- C:\Windows\System\LeQHMYK.exe
  C:\Windows\System\LeQHMYK.exe
  2⤵
  PID:9492
- C:\Windows\System\KixsNQG.exe
  C:\Windows\System\KixsNQG.exe
  2⤵
  PID:9512
- C:\Windows\System\fwikmIh.exe
  C:\Windows\System\fwikmIh.exe
  2⤵
  PID:9528
- C:\Windows\System\rJrunEy.exe
  C:\Windows\System\rJrunEy.exe
  2⤵
  PID:9544
- C:\Windows\System\oalqJmG.exe
  C:\Windows\System\oalqJmG.exe
  2⤵
  PID:9560
- C:\Windows\System\oHcYRxi.exe
  C:\Windows\System\oHcYRxi.exe
  2⤵
  PID:9576
- C:\Windows\System\eIMauBw.exe
  C:\Windows\System\eIMauBw.exe
  2⤵
  PID:9604
- C:\Windows\System\nbusVns.exe
  C:\Windows\System\nbusVns.exe
  2⤵
  PID:9624
- C:\Windows\System\aLmmhnP.exe
  C:\Windows\System\aLmmhnP.exe
  2⤵
  PID:9640
- C:\Windows\System\lLnFMTr.exe
  C:\Windows\System\lLnFMTr.exe
  2⤵
  PID:9656
- C:\Windows\System\ADNmpDq.exe
  C:\Windows\System\ADNmpDq.exe
  2⤵
  PID:9676
- C:\Windows\System\LKHsRjU.exe
  C:\Windows\System\LKHsRjU.exe
  2⤵
  PID:9692
- C:\Windows\System\swgOeSy.exe
  C:\Windows\System\swgOeSy.exe
  2⤵
  PID:9732
- C:\Windows\System\DAkSBed.exe
  C:\Windows\System\DAkSBed.exe
  2⤵
  PID:9752
- C:\Windows\System\tbDpVOo.exe
  C:\Windows\System\tbDpVOo.exe
  2⤵
  PID:9768
- C:\Windows\System\xHjrxgZ.exe
  C:\Windows\System\xHjrxgZ.exe
  2⤵
  PID:9784
- C:\Windows\System\LKWPcRA.exe
  C:\Windows\System\LKWPcRA.exe
  2⤵
  PID:9800
- C:\Windows\System\VdycpLX.exe
  C:\Windows\System\VdycpLX.exe
  2⤵
  PID:9816
- C:\Windows\System\RwmNIrv.exe
  C:\Windows\System\RwmNIrv.exe
  2⤵
  PID:9832
- C:\Windows\System\rxOplRu.exe
  C:\Windows\System\rxOplRu.exe
  2⤵
  PID:9860
- C:\Windows\System\IWUlcdZ.exe
  C:\Windows\System\IWUlcdZ.exe
  2⤵
  PID:9880
- C:\Windows\System\BGpmMPt.exe
  C:\Windows\System\BGpmMPt.exe
  2⤵
  PID:9916
- C:\Windows\System\YnvSrdy.exe
  C:\Windows\System\YnvSrdy.exe
  2⤵
  PID:9936
- C:\Windows\System\riwKUjE.exe
  C:\Windows\System\riwKUjE.exe
  2⤵
  PID:9956
- C:\Windows\System\FitTiEE.exe
  C:\Windows\System\FitTiEE.exe
  2⤵
  PID:9972
- C:\Windows\System\NxvEjCT.exe
  C:\Windows\System\NxvEjCT.exe
  2⤵
  PID:9988
- C:\Windows\System\kDBxwWS.exe
  C:\Windows\System\kDBxwWS.exe
  2⤵
  PID:10008
- C:\Windows\System\keBBndk.exe
  C:\Windows\System\keBBndk.exe
  2⤵
  PID:10036
- C:\Windows\System\OChIkOA.exe
  C:\Windows\System\OChIkOA.exe
  2⤵
  PID:10052
- C:\Windows\System\xQiNEEs.exe
  C:\Windows\System\xQiNEEs.exe
  2⤵
  PID:10068
- C:\Windows\System\nGycEqQ.exe
  C:\Windows\System\nGycEqQ.exe
  2⤵
  PID:10088
- C:\Windows\System\tCkWwqe.exe
  C:\Windows\System\tCkWwqe.exe
  2⤵
  PID:10104
- C:\Windows\System\SDPFIVP.exe
  C:\Windows\System\SDPFIVP.exe
  2⤵
  PID:10132
- C:\Windows\System\katwQQK.exe
  C:\Windows\System\katwQQK.exe
  2⤵
  PID:10148
- C:\Windows\System\vJrUULg.exe
  C:\Windows\System\vJrUULg.exe
  2⤵
  PID:10164
- C:\Windows\System\obPxZAS.exe
  C:\Windows\System\obPxZAS.exe
  2⤵
  PID:10180
- C:\Windows\System\zlbKiiv.exe
  C:\Windows\System\zlbKiiv.exe
  2⤵
  PID:10224
- C:\Windows\System\grCaQzK.exe
  C:\Windows\System\grCaQzK.exe
  2⤵
  PID:8204
- C:\Windows\System\ggIyKkH.exe
  C:\Windows\System\ggIyKkH.exe
  2⤵
  PID:9236
- C:\Windows\System\wLuXXQU.exe
  C:\Windows\System\wLuXXQU.exe
  2⤵
  PID:9224
- C:\Windows\System\ZUUaoMP.exe
  C:\Windows\System\ZUUaoMP.exe
  2⤵
  PID:9292
- C:\Windows\System\vGGGezs.exe
  C:\Windows\System\vGGGezs.exe
  2⤵
  PID:9320
- C:\Windows\System\umRNNai.exe
  C:\Windows\System\umRNNai.exe
  2⤵
  PID:9368
- C:\Windows\System\bgSrJGL.exe
  C:\Windows\System\bgSrJGL.exe
  2⤵
  PID:9412
- C:\Windows\System\KhOkXVi.exe
  C:\Windows\System\KhOkXVi.exe
  2⤵
  PID:9388
- C:\Windows\System\qFbfWkL.exe
  C:\Windows\System\qFbfWkL.exe
  2⤵
  PID:9392
- C:\Windows\System\fJSEqVX.exe
  C:\Windows\System\fJSEqVX.exe
  2⤵
  PID:9480
- C:\Windows\System\jptQRvm.exe
  C:\Windows\System\jptQRvm.exe
  2⤵
  PID:9504
- C:\Windows\System\JqfFqvT.exe
  C:\Windows\System\JqfFqvT.exe
  2⤵
  PID:9540
- C:\Windows\System\VGYXjZJ.exe
  C:\Windows\System\VGYXjZJ.exe
  2⤵
  PID:9616
- C:\Windows\System\BcLKIPz.exe
  C:\Windows\System\BcLKIPz.exe
  2⤵
  PID:9652
- C:\Windows\System\eqyXPce.exe
  C:\Windows\System\eqyXPce.exe
  2⤵
  PID:9688
- C:\Windows\System\tVhrmvB.exe
  C:\Windows\System\tVhrmvB.exe
  2⤵
  PID:9592
- C:\Windows\System\jdbzbdS.exe
  C:\Windows\System\jdbzbdS.exe
  2⤵
  PID:9700
- C:\Windows\System\JlpkRHH.exe
  C:\Windows\System\JlpkRHH.exe
  2⤵
  PID:9716
- C:\Windows\System\asICbMJ.exe
  C:\Windows\System\asICbMJ.exe
  2⤵
  PID:9748
- C:\Windows\System\vlkVuYS.exe
  C:\Windows\System\vlkVuYS.exe
  2⤵
  PID:9812
- C:\Windows\System\MHULhKC.exe
  C:\Windows\System\MHULhKC.exe
  2⤵
  PID:9792
- C:\Windows\System\RAxvmPa.exe
  C:\Windows\System\RAxvmPa.exe
  2⤵
  PID:9852
- C:\Windows\System\FRIADRD.exe
  C:\Windows\System\FRIADRD.exe
  2⤵
  PID:9484
- C:\Windows\System\xYQpwnJ.exe
  C:\Windows\System\xYQpwnJ.exe
  2⤵
  PID:9912
- C:\Windows\System\KeRekMy.exe
  C:\Windows\System\KeRekMy.exe
  2⤵
  PID:9944
- C:\Windows\System\qJUJPbW.exe
  C:\Windows\System\qJUJPbW.exe
  2⤵
  PID:9984
- C:\Windows\System\zpYcaxY.exe
  C:\Windows\System\zpYcaxY.exe
  2⤵
  PID:10016
- C:\Windows\System\kYeEEZJ.exe
  C:\Windows\System\kYeEEZJ.exe
  2⤵
  PID:10044
- C:\Windows\System\KFiPCRX.exe
  C:\Windows\System\KFiPCRX.exe
  2⤵
  PID:10100
- C:\Windows\System\mscThmA.exe
  C:\Windows\System\mscThmA.exe
  2⤵
  PID:9996
- C:\Windows\System\wFLprmD.exe
  C:\Windows\System\wFLprmD.exe
  2⤵
  PID:10076
- C:\Windows\System\LxobBOU.exe
  C:\Windows\System\LxobBOU.exe
  2⤵
  PID:10116
- C:\Windows\System\LfvwFve.exe
  C:\Windows\System\LfvwFve.exe
  2⤵
  PID:10188
- C:\Windows\System\zzCBdEN.exe
  C:\Windows\System\zzCBdEN.exe
  2⤵
  PID:10112
- C:\Windows\System\OvNAGQo.exe
  C:\Windows\System\OvNAGQo.exe
  2⤵
  PID:10208
- C:\Windows\System\cmqLfAk.exe
  C:\Windows\System\cmqLfAk.exe
  2⤵
  PID:10236
- C:\Windows\System\olywqNH.exe
  C:\Windows\System\olywqNH.exe
  2⤵
  PID:9248
- C:\Windows\System\FsgWlkK.exe
  C:\Windows\System\FsgWlkK.exe
  2⤵
  PID:9288
- C:\Windows\System\wWLJDyV.exe
  C:\Windows\System\wWLJDyV.exe
  2⤵
  PID:9316
- C:\Windows\System\bJEFYBD.exe
  C:\Windows\System\bJEFYBD.exe
  2⤵
  PID:9340
- C:\Windows\System\lUKdmSC.exe
  C:\Windows\System\lUKdmSC.exe
  2⤵
  PID:9384
- C:\Windows\System\asixXFT.exe
  C:\Windows\System\asixXFT.exe
  2⤵
  PID:9460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ACBwXHH.exe

Filesize
6.0MB

MD5
1409117b95d894f750fe02781a343790

SHA1
bd0825d6f98d8e5f5825be4b5a41a13a2c36a243

SHA256
a92a760bf5bda241be0b7a72653312ef4b0db67c5e9962ff216d1c76e2175987

SHA512
3156b813721d2ef086282906f6770cf51dcd3088c9be43f3992caee86abae49e3f1b040c7d83d16119b833ae6db03c81cbeec6d57044a94682513942bd94d475

Download Submit
C:\Windows\system\AZxoelV.exe

Filesize
6.0MB

MD5
9de9b91ab0a6f9c7dff79a96fc79fdb6

SHA1
4c9ab55c2808fe96506b5b4e400eb8c4b2b29353

SHA256
45517e4f0ffb4ec790299e52f8e4d9eca7ad21a941195a6d71832a410cebd636

SHA512
89207b60eebbe6d8519a3bf0e5f5475645b0d2cfb8c7e22d826b6b3128cf9bc41ba7d1d91696909b7b68e16de0aed92c927ec8360468277e40a03316aca9d411

Download Submit
C:\Windows\system\BHcYJho.exe

Filesize
6.0MB

MD5
b4b4ee784f1710ae21689c373d9b05b7

SHA1
7a69fc39030a958311de66404157184b0060943f

SHA256
0f9e5bd72aa90a20661206eadad512753e38e3edb16165d5aea7ec500e4d972b

SHA512
1e7ff733024c213791c0ae1b08e3027835a218bdfbbc9f98f1aca781ea7b0944f20830b7ea2c2ef99e43bb657c74a9fe60f84ad24bed51d98e8b97c98b4c2bb1

Download Submit
C:\Windows\system\BUMeVEg.exe

Filesize
6.0MB

MD5
04e6a0ce24815b74960d767b254ba3c5

SHA1
0d5b189f06a056c9d93445e4506b2d09abbe0f81

SHA256
0f2efd151a7ac57adb14a732d842c1bd4fe6d0d86118984833cafed64024fe1b

SHA512
eaff27b829b0b8d3be1163f7dd8eb48828503ead630d7c7844406ce452099c5acb3b2553643edb0269c4689f59f521f1ee2333ee5bcf88aa388aea1757d0d4dd

Download Submit
C:\Windows\system\ErXVoaZ.exe

Filesize
6.0MB

MD5
927e0e92359a052e6323604a8e5639e6

SHA1
a03ba1cf5e1f6db78b81c28cee5c847341c200b9

SHA256
7c84477fcd602ae1706347146181e62b6ec4745b4c2609af7558e8c0a17a5ed7

SHA512
8ae5c898a5976d185abe897cc1078c6c6be57f18ff24b00447ca3b11cc0c8d6f36e845b00c360eda144b0cbb0dc275265aca0e1cddf9e731c12817ffdd692d76

Download Submit
C:\Windows\system\FkrvoTA.exe

Filesize
6.0MB

MD5
61fa343398bd3e018f4375bb00fd5293

SHA1
702d584cf7c9f832d3b1e0b49be8db655a68b76e

SHA256
a9f1a95da1986c40d332630c12a19fa733537c3e6cbcd637c6d932d2e4501edd

SHA512
287d7a7badd7d8c1077fa32530642d7c428515c8229bac9ff5414bdcef2f6489eb91699c65b4e4301314ac018fd6d0e14e0a00e5ca4ccf291c20caa2c04f9180

Download Submit
C:\Windows\system\GEeEMXs.exe

Filesize
6.0MB

MD5
8f7e12e75aa261a39b152f1bcd88f3b4

SHA1
d36b041dc3f2497eae6bdb653a6322dc5a23a017

SHA256
4f83d0f8432fecc27a1173c6492dff5a444f4c032e90a1bb3f1120ae07c24df5

SHA512
8b96f7d340170f368de28487d5d8633ae7590c3b48af5374956ce51780a83bc77676eb860dfdbbbede8a2185b7a46b8b22c3b003ec12388a6e29b8ff0aef47ae

Download Submit
C:\Windows\system\GSbvXfc.exe

Filesize
6.0MB

MD5
9f4badd9015895a68268f57d009dd367

SHA1
330f10f370f0f21a7bda617191ac9b24bbc59aea

SHA256
7d4a31498bc8569c71eaca2104435fcd576162b7032ace82f12c5cab4f164f08

SHA512
da2916e18a40f450609f04fc80587c5cd775f6d0b7d5af8b249827bb58fd717988615e88c0c265f22e0e1ac4e4cf9d9157db3d70082d2d60788bcf6a0b13b2cc

Download Submit
C:\Windows\system\JaLEbRE.exe

Filesize
6.0MB

MD5
929f5c5c442911f13589b8c5009867f2

SHA1
de17ce776d66de2644a1006efac22054908daa66

SHA256
5ef7859b3f5c5863a3c92321e8e33afdbbd2706808a115e0ab75b99b7fece0d2

SHA512
2c29462ece3063bcd5eac0c280701c229ea2720fadd3738ea2b4a753e521fa739ec2c65dc37a07d919e3eb32099107a3f7b1cd36567319625423184278b8bd16

Download Submit
C:\Windows\system\Kbmmxnd.exe

Filesize
6.0MB

MD5
cfa6d037f8b5bf94f6c41d4c5b5eacfe

SHA1
1d418c3f03badd76d8608d8c3689e537748bb463

SHA256
d80c628e9cc41f7879ba9fd12d44b2f40d1059ae56fa9d58178df1ce4be7fa3c

SHA512
a62fba7ad1ac5ea91039c3fd0910dbbc090c3fa528c1ff43ead91a5339a2a0d68a1f4e5cd28a3964f687f330bddd016168b77627e2dcf20320b863f684e8915c

Download Submit
C:\Windows\system\OdoZUVD.exe

Filesize
6.0MB

MD5
9b96d1592fc0143df3e36a27bfea7023

SHA1
a8ad9e64b1dcfadadd4d1fca828f79c2cb2e9b06

SHA256
4bfd7a2c346493e7c3409ead9ba8c7c6cb1cf0b7246d19143b6331b60deb31d7

SHA512
d36413ec88e1bf77a267cef8a8193894e2f951e82d16d3d6f73f150d3064ab62624e60135cf3fee29f6bcd63ee01bc25247b538eecd10882fdf7fa35c1ef5960

Download Submit
C:\Windows\system\TmXGgYs.exe

Filesize
6.0MB

MD5
8e6dafc884af93098cc838a1e3d0eb9b

SHA1
62c9c42fb45de13f4df64929b9d7266645a32507

SHA256
ed2f7e5f322923eeae4b8f28cc20ba033a415205343eddfdd8cccfabb414b1b6

SHA512
217070c26f385d226cf6a0a7d4766e00d3179eab54b54a24ea99438174912afc41410ef7caa200861ae90c9dd6345adca0dcbdd0eeb404998ef39f5752d1a37c

Download Submit
C:\Windows\system\XOpGykS.exe

Filesize
6.0MB

MD5
3b37be2cfa6a22dc619fcb4b4c044ede

SHA1
92936a1f57a987cba1fca02a4ce72821a1d94ee4

SHA256
e989cd534fc8b8c5d4323b3daceda8d1687a8950e4064bdea0a6758e59098770

SHA512
a696402be07899a8fb10b1af533e37ed69d3205f3ebeec084cfe2230347f8078dee705e1abf6c023f3d3476d2ef941fcc794581695e30bda8d49d9bdee5c7d86

Download Submit
C:\Windows\system\aALdYkN.exe

Filesize
6.0MB

MD5
cfb9cc811e77e7bbeb7cca2bf64a58c4

SHA1
d2fef09e4a7e030c6c5ddf7372ffbd0247e076c0

SHA256
138657c32512f6d3cfed1486c579672e39f0787b248f7fa9094252e1ecc29865

SHA512
d43ed5c480cc2a4ba66c11910a0a5d00dafe74c243c4a214bca9c580755073e03349da6b7ed9bb67477f4ddf37fe9aaf8bfd4cb0307f23a467dcc430f6b91ece

Download Submit
C:\Windows\system\bvCKGGR.exe

Filesize
6.0MB

MD5
73b6b6c1bd0969d44070069f43e9b8a7

SHA1
126b047ec34a8e777669ed58b8c8e2785487eee5

SHA256
c67d67b9759de8b6542c60bd90b0b45e21fb7b9f815701b35becdacc8dba3126

SHA512
b499bdc602c182e0b438d0d51cdb78eb620118646803ba77799bb34f523ca430eaaafbc95b5566dcc7f70307a9797c8ee2b3dcd7b50f0114417d0c0f4c9e2176

Download Submit
C:\Windows\system\daldJKu.exe

Filesize
6.0MB

MD5
9fd672f6ea4c5f265bd5e722db60c930

SHA1
8db0963bf01008a7d8b6a8756ec62f0c19005d01

SHA256
0073869ea79360cb2c96cb0ed216b230cca693c3336af6ed5ea89db842660f08

SHA512
66b9f26ea30f47b4f99a2ae9a158d1741b8e5c2a78440d3c9a582c99dd0e73e992058187a43245bd937de3891d34939951077f0825944803a9921f6f85f9f384

Download Submit
C:\Windows\system\irxXLdw.exe

Filesize
6.0MB

MD5
7f6921fc306e52305d9b4c74fe44a421

SHA1
50556c22492b1eb9ad4a5bd2ee842a322b4734cd

SHA256
d595f2135c683b5c51fe61045bff43789980fff1fe6b5853fcce0776426520d9

SHA512
6d0d660ebb83385fa0fb74899d99290ad71f7f95a6b9bb7cb2f7b162397f4bd138f1cdcf11cdfa977411e2a14d29a009a19671c34ff67c97f3b624917802cf98

Download Submit
C:\Windows\system\lXefSuH.exe

Filesize
8B

MD5
8d102c8b9dcad6ecccfdb8a106567085

SHA1
ccbbb62ce86585ad44e013e6f5284d3fbd102636

SHA256
c958ee5f7dd8c8e21a17662941d2aea112fba85281c1f9a687b05f1cbea124d5

SHA512
41369d6d6d7d8368f3035b90818409c8baec11f52940d23540683f0d6444508b916e54dca16704a555c6f0ca0605170ffedaecb64d2244711492d4effb18d6a4

Download Submit
C:\Windows\system\mjxXqwe.exe

Filesize
6.0MB

MD5
5e5fb53eb470ef73e19a97497ca56d41

SHA1
cd7221db172ec1196c18542657078de93df39dd0

SHA256
957bdb4032b3061e0409c180b7471fcba11db853d5782bb8c10ed5e4dca746cb

SHA512
605ece291dcad65719ab18df4d804e3cbf816d56a7efff7b5f115fb8d53d77d6e4d18dc9f5241597fdd33e854987c3b5f84968ec5c0d43664c81ab6847280798

Download Submit
C:\Windows\system\oPdFqBT.exe

Filesize
6.0MB

MD5
060fc673ef0dc968c0003102ae175467

SHA1
2cfa605ff29cd92e008a9448b989d37115ee249c

SHA256
8342011f8adf8c05465b8478be3e6b59410fc9f83aa7f2d1036abe48fac0b5a9

SHA512
2c7be102165f7ce0003986ac1068676ef18ff8cc3b0ec73c4a7b3543ed2621ead00f54303b8a82b2d9cbe674844afd79b0192e7d84ccc2f21ce571a442a2fde0

Download Submit
C:\Windows\system\pTWKlVj.exe

Filesize
6.0MB

MD5
0a93be2896141e90999148543f94ab9f

SHA1
42ac3198011f9ad0ad7013a76133bd34d2ac6003

SHA256
7318ab2f545269b8063aaf62e4bcb6f7cd5322b52835925497dc79bd23bb9f1c

SHA512
1cddb17b299107cb026e350b03834c1f6885f6c14f49b32aabede9dde52b6c0d0843785827d7abb769ff0f34e7f70c4cd45cd4815434cee16fb0997cb7996b0a

Download Submit
C:\Windows\system\pVPSIPE.exe

Filesize
6.0MB

MD5
5b120efd599aa59323d5391f36ab0e59

SHA1
3eb87b3725cb2109fc4f484dfa9ac8ced0f63980

SHA256
0b5b024cb8640a4ce921c8782bd1327269419a1725c20577eea4505f735db748

SHA512
f27893a85359e6d63f9e1192ee6414c8e352e5e2dee16079d534621b8e9b1108c37335f20f0f65e7df64cdbcb58412ec8cacf4f737a7083ba9231b63e2c32a9f

Download Submit
C:\Windows\system\shWwnPG.exe

Filesize
6.0MB

MD5
849fd95c975c7381978f9aeebfaeb206

SHA1
5c396518b0a337ad508615892adeefab0cf911b5

SHA256
1670f40c39a234a82894632164b1c86aee96a51450ac2654cdcb4343d096b8d4

SHA512
7eb42daef1303076e5223ba5c1d92649193c2d1fe2b0c7f3c4551e3ff608eab1474218b01ac67b74f2b7c15f36e7383fdb6976131d304b3fde247ff22264e7fc

Download Submit
C:\Windows\system\tctQayZ.exe

Filesize
6.0MB

MD5
114a5ecc2b9bcc7ea4f76ffa3112932d

SHA1
fe87f136890f907efd295cf60d3f6d0ac5fd23bb

SHA256
18b8587b33539e232b49ce295bf021185025548842833984681f3941a067fbed

SHA512
6cfc7f6560b021eb3ba5b2f3bf08b58038b4c2875b5e644a4575fe53c626021cd7b63d8bb5e83b0dcefb7b8dff832592bb91970c6ae570c04bfe16972dd65067

Download Submit
C:\Windows\system\vzpznTX.exe

Filesize
6.0MB

MD5
926ebd59decf817f30d7c2e7c2726ea4

SHA1
a1b33da341792644d80bc6d124f51d13e99fd624

SHA256
38ddaf0e86a113b21aabd722d864682682c677204c4c6c9e1108f445cb01ddaf

SHA512
3d3360f46e53a97970f307faeb8b2d668b2995add66771d5e69eb2dfe3b3121865cddcd94bec0f81a0102ed72b89a88920086205d4763fd25b59c716cd7fd5ab

Download Submit
C:\Windows\system\wmkifWX.exe

Filesize
6.0MB

MD5
f1dd8a6ca9b84d5d3500e5cf2a87b55f

SHA1
0d8a924c875265df5a22d0a19014635b0c072e19

SHA256
737f99de018247b8ff153d270354197c41bedb00d35f1ff7ca218bc481956b02

SHA512
9c6d93cf7b53a28a726821673c7cfaaee11c41064668dd0758fd709c18fe463cb2f61f4d20a9b9b635d1b46b9329ad7d3bc57f1acdef8a35c247d398ce7ce6a1

Download Submit
C:\Windows\system\xZRgiuP.exe

Filesize
6.0MB

MD5
580ae27b9ca497ebadba9efc8cd65b62

SHA1
c241141d170630500841538bd5d6b0af564dd501

SHA256
22778714539a4735557304d5881c893d32c800e7f10b736f2a1f183db8f1067d

SHA512
2aff2e1e81dc9725667d3f9cce295a643aa57ddbc937b377e1da5c304cf23104bfd4724d44dce3d5fc33378ff388472a21eeb8900c902dd6a40c3d6a880df4e3

Download Submit
C:\Windows\system\ybKCWmz.exe

Filesize
6.0MB

MD5
efd11f1a1598d142750ce837fe26021c

SHA1
52256656e65e8ff74672e14e51942c4866b440df

SHA256
5189653f9f150698ec28e7ca5734ccbb7dbcf54a7be6909add3ee1d4b7c11f71

SHA512
ebb71efd86de872dda60374a6efa964309bb5d47980f1d11d84037bd09f113c36fe001b9b55faaad34307f7cb891120d69c219cacf6ace71669bd8cc3a3bb1ac

Download Submit
C:\Windows\system\ykjbTvJ.exe

Filesize
6.0MB

MD5
644b4747ddd140d13e523d7e0b413e27

SHA1
5e3f22796d37582578ce6438359e918096e04c79

SHA256
2b4605d43dc2d41d2eaeb07a276ee435d66903db9e6e6324a9954a60e270e33a

SHA512
37f178cbe4937309e14bba14030556f18458f1d6ad4a68c2450ec61293a2dda33fb97b394ef96ea5f0e9956a119f0221377f1e0414ff20f5b643e5d085b2f9cf

Download Submit
\Windows\system\QRddWsy.exe

Filesize
6.0MB

MD5
a3a146fe992ce4f9a6832adf6135f3d6

SHA1
03c9e67c2d79bbb6d00bcb49a1e70a3e633172ae

SHA256
a388860ececceadc803293ef8cbdb5424d27a9acb09aeef003938f60c7b19c56

SHA512
cbaf6bbaf912ffe88655bf818aeda92007db88b7830602e815e20c059f7b1f39091a58b6d062b5f8a3b3d6d3450603286f5cbb2ca64b3ad4b9dedcc833ff5109

Download Submit
\Windows\system\VvFqJkN.exe

Filesize
6.0MB

MD5
d971d3cbae92beb843358a42502da893

SHA1
f9cdbf84f1a197c89fe72aa735fff5030e883658

SHA256
df8143e7744fb3926acede8181c5443594cfd2b22bba152da9f8c06c0a8d2d3c

SHA512
d64c72f121946f47cdf5f4e50b7d9f33d9ac66e8a1f84867b0566bea85b437e1099bc972696e13d4d08bef3563687a193dd42e0853decfbd148391d259da087f

Download Submit
\Windows\system\WNnxRXY.exe

Filesize
6.0MB

MD5
b7d51c57571d746f30200008e6f0fac0

SHA1
8fe2c8dbb59dede970b3a0d75c083db253c290a9

SHA256
b4a69bc11dab8dec3b3ee33c2a4d9da8a8e5b424e7dca3eb745289d6513c032a

SHA512
87c3b41f74ed58cdd61c9a4ecc57bd68e676af279c2b9b2921b6f2803ae7ef53c00c3c2a7764755535fb973f69d3b87e8bbdb3b5eb63bfa81f33a5932633227c

Download Submit
\Windows\system\gqpZEew.exe

Filesize
6.0MB

MD5
0c9d6c2afa861d454f210ba9a8b9886c

SHA1
b2085ac3d13e4fa232b739d385139be4ea2157c4

SHA256
d8c1583c881fcfd5f4f26e6a3bf105eb944b426d16d4cc34b0934247254868a5

SHA512
d77b5406d9b10a772c9a8b7c725785665ce1fa0ab35c7e0064e7b862d853221962776c39ab3e7a779263aa1f6e550c1d7608a7c30893e35b310c1ab3ff5c0b18

Download Submit
memory/664-105-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/664-3521-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/664-966-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/1488-3503-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/1488-75-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/1488-40-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/1528-101-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/1528-6-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/1528-110-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/1528-109-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/1528-316-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/1528-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1528-23-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/1528-0-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/1528-14-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/1528-19-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/1528-24-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/1528-93-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/1528-92-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/1528-28-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/1528-42-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/1528-644-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/1528-76-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/1528-53-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/1528-59-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/1528-1018-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/1528-69-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/1528-863-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/1684-756-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/1684-3520-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/1684-97-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/1824-44-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/1824-81-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/1824-3494-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-3500-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2060-68-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2060-37-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2332-3510-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2332-32-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2332-66-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2340-3507-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2340-33-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2340-67-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2664-73-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2664-236-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2664-3518-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2668-3519-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-82-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-406-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3505-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-46-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3501-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-50-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-87-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-3515-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2788-62-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2788-104-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2796-88-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2796-541-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3517-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2844-3516-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2844-96-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download