cobaltstrike | 2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29/12/2024, 00:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
Size

6.0MB
MD5

c16e9d11b0b8e66d20294402871909bb
SHA1

0e34df63aade4cca0d13e8a9446f88e41fa3b27d
SHA256

2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103
SHA512

d2b12fb2d2566e8187e72e7233d8646c5ff9da869dc5019df0165c6786bd1f4f2b4c3ce5dd863c6e2d94a2770e272d1d4bd5af1feb9b98dfcb18b33124483b8a
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUj:eOl56utgpPF8u/7j

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d0000000122e4-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d58-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016db5-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dd0-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016de4-36.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d36-30.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016de8-47.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016eb8-58.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a2-62.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018697-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c34-74.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f65-84.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e1-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-147.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-192.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b3-187.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-182.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-172.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019387-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019268-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-122.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f6-116.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001904c-96.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c44-86.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-103.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3000-0-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/files/0x000d0000000122e4-3.dat	xmrig
behavioral1/memory/1976-8-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d58-9.dat	xmrig
behavioral1/files/0x0007000000016db5-11.dat	xmrig
behavioral1/memory/2092-20-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016dd0-23.dat	xmrig
behavioral1/memory/2780-28-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/3000-29-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2232-27-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/files/0x0007000000016de4-36.dat	xmrig
behavioral1/memory/3000-37-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/3000-38-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d36-30.dat	xmrig
behavioral1/memory/2820-34-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2716-41-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/3000-44-0x0000000002280000-0x00000000025D4000-memory.dmp	xmrig
behavioral1/memory/1976-43-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2092-45-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016de8-47.dat	xmrig
behavioral1/files/0x0009000000016eb8-58.dat	xmrig
behavioral1/files/0x00050000000187a2-62.dat	xmrig
behavioral1/memory/2952-68-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2628-71-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2760-72-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/2864-73-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/files/0x0006000000018697-65.dat	xmrig
behavioral1/memory/3000-75-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018c34-74.dat	xmrig
behavioral1/memory/2820-76-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/1896-91-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/1140-105-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x0006000000018f65-84.dat	xmrig
behavioral1/files/0x00060000000190e1-112.dat	xmrig
behavioral1/files/0x0005000000019240-127.dat	xmrig
behavioral1/files/0x0005000000019275-147.dat	xmrig
behavioral1/memory/3000-347-0x0000000002280000-0x00000000025D4000-memory.dmp	xmrig
behavioral1/memory/1896-598-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/3000-348-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/files/0x00050000000193c1-192.dat	xmrig
behavioral1/files/0x00050000000193b3-187.dat	xmrig
behavioral1/files/0x00050000000193a4-182.dat	xmrig
behavioral1/files/0x0005000000019377-172.dat	xmrig
behavioral1/files/0x0005000000019387-177.dat	xmrig
behavioral1/files/0x0005000000019319-162.dat	xmrig
behavioral1/files/0x0005000000019365-167.dat	xmrig
behavioral1/files/0x0005000000019278-152.dat	xmrig
behavioral1/files/0x000500000001929a-157.dat	xmrig
behavioral1/files/0x000500000001926c-142.dat	xmrig
behavioral1/files/0x0005000000019259-132.dat	xmrig
behavioral1/files/0x0005000000019268-137.dat	xmrig
behavioral1/files/0x0005000000019217-122.dat	xmrig
behavioral1/files/0x00050000000191f6-116.dat	xmrig
behavioral1/files/0x000600000001904c-96.dat	xmrig
behavioral1/memory/1668-95-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/files/0x0006000000018c44-86.dat	xmrig
behavioral1/files/0x00050000000191d2-103.dat	xmrig
behavioral1/memory/2716-80-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/1976-3011-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2092-3046-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2780-3093-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2232-3100-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2820-3161-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2716-3222-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1976	LpcKGrn.exe
2092	LRHfrRH.exe
2232	QKraZzG.exe
2780	fJHFqwh.exe
2820	eejIJfE.exe
2716	tWtcNBl.exe
2952	KUfrLFF.exe
2628	KlOfEAg.exe
2760	cmyJRoF.exe
2864	EEkqPJU.exe
1896	gFrslWN.exe
1668	qQSegxk.exe
1140	yQCzWJr.exe
1044	ITvXwxT.exe
1400	dVOkgLE.exe
2032	tAwcJYO.exe
796	dCcwbIL.exe
1428	iAbQxOK.exe
1212	KwmOoDF.exe
1556	ZJzTPlw.exe
2932	oBxrwiU.exe
2876	PfJxmIY.exe
2188	CJAJJAT.exe
2220	SqpGLiy.exe
1772	PdiMjeS.exe
2196	XabSgnm.exe
1084	KcUJrTm.exe
848	bhCrGzV.exe
2772	SBZoRfV.exe
2964	jLFFXMC.exe
1196	DPOjVDU.exe
1532	gsBPOne.exe
2556	nTDXcRP.exe
2268	CHnwzRN.exe
1716	ImvoQJs.exe
1616	ZHEpncm.exe
1788	BHrBJuI.exe
744	WttKrFP.exe
844	hvmUUYH.exe
772	ykUecwA.exe
1580	juqyyhH.exe
2448	hQtlQTU.exe
2544	gyiKuek.exe
1408	ltGatoT.exe
868	IKNoVie.exe
676	CnrTKjW.exe
1544	BtsTGlQ.exe
2992	QIBiqkw.exe
2084	arKcbeC.exe
940	AHPHCfs.exe
3016	yJWfVvQ.exe
1512	BqMyYXw.exe
3064	MeNmfyS.exe
2536	LBEGCne.exe
2676	sHcNUMt.exe
1852	ptCgkvp.exe
2848	KRilWiU.exe
2180	LviCsWG.exe
2720	ZsOHgHB.exe
2744	LgeomIz.exe
2684	UqzySQW.exe
2792	qSfNVaX.exe
2316	jXJBdIJ.exe
2704	wejIqDI.exe

Loads dropped DLL 64 IoCs

pid	Process
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3000-0-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/files/0x000d0000000122e4-3.dat	upx
behavioral1/memory/1976-8-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/files/0x0008000000016d58-9.dat	upx
behavioral1/files/0x0007000000016db5-11.dat	upx
behavioral1/memory/2092-20-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/files/0x0007000000016dd0-23.dat	upx
behavioral1/memory/2780-28-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2232-27-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/files/0x0007000000016de4-36.dat	upx
behavioral1/memory/3000-37-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/files/0x0009000000016d36-30.dat	upx
behavioral1/memory/2820-34-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2716-41-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/3000-44-0x0000000002280000-0x00000000025D4000-memory.dmp	upx
behavioral1/memory/1976-43-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2092-45-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/files/0x0009000000016de8-47.dat	upx
behavioral1/files/0x0009000000016eb8-58.dat	upx
behavioral1/files/0x00050000000187a2-62.dat	upx
behavioral1/memory/2952-68-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2628-71-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2760-72-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2864-73-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/files/0x0006000000018697-65.dat	upx
behavioral1/files/0x0006000000018c34-74.dat	upx
behavioral1/memory/2820-76-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/1896-91-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/1140-105-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x0006000000018f65-84.dat	upx
behavioral1/files/0x00060000000190e1-112.dat	upx
behavioral1/files/0x0005000000019240-127.dat	upx
behavioral1/files/0x0005000000019275-147.dat	upx
behavioral1/memory/1896-598-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/files/0x00050000000193c1-192.dat	upx
behavioral1/files/0x00050000000193b3-187.dat	upx
behavioral1/files/0x00050000000193a4-182.dat	upx
behavioral1/files/0x0005000000019377-172.dat	upx
behavioral1/files/0x0005000000019387-177.dat	upx
behavioral1/files/0x0005000000019319-162.dat	upx
behavioral1/files/0x0005000000019365-167.dat	upx
behavioral1/files/0x0005000000019278-152.dat	upx
behavioral1/files/0x000500000001929a-157.dat	upx
behavioral1/files/0x000500000001926c-142.dat	upx
behavioral1/files/0x0005000000019259-132.dat	upx
behavioral1/files/0x0005000000019268-137.dat	upx
behavioral1/files/0x0005000000019217-122.dat	upx
behavioral1/files/0x00050000000191f6-116.dat	upx
behavioral1/files/0x000600000001904c-96.dat	upx
behavioral1/memory/1668-95-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/files/0x0006000000018c44-86.dat	upx
behavioral1/files/0x00050000000191d2-103.dat	upx
behavioral1/memory/2716-80-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/1976-3011-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2092-3046-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2780-3093-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2232-3100-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2820-3161-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2716-3222-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2628-3517-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2760-3525-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2864-3536-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/2952-3537-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/1668-3707-0x000000013F720000-0x000000013FA74000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\OWtSnWD.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\hfVxhsM.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\xtDvanl.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\PaYcIwP.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\xlAiqrl.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\NYtNwHm.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\fddmCiO.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\MKaLVbF.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\aLzHhvl.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\EnYdxKj.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\maMIthn.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\cfaIwVH.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\DKFdGBc.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\uIDOEtC.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\ShMxAuV.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\DfYwCHO.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\Wusrrub.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\qDvBVps.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\XvGAzQR.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\yDLKuLv.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\yjGVYYV.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\YERTSKx.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\TmmCNWH.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\YyAnLFY.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\hwZEGRs.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\abNvCCU.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\FJAXDxc.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\qCqvvsS.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\tJznTBR.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\ykWuESO.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\bVYEAqm.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\cDudyNg.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\UTGeULs.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\xwkfYMp.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\vpGKcTP.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\sWwmaFg.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\mPlFdEa.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\HFIoYWx.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\RIDcdak.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\hByqyOD.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\lzKvelh.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\wCZzAzN.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\kFkGXhd.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\nZckhXT.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\SEhnmbB.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\YfpRGkg.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\gRmEjod.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\FfMdSFR.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\MAMpHGp.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\yLqDUab.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\HgwWSvQ.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\qarYTHS.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\TIKTthE.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\zjtOUih.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\cPfKZJi.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\DaQtKga.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\CeNbqus.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\OjLLKwp.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\ADxHesb.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\nkiuVmv.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\Gupbzpt.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\KcSTpUf.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\yyPWwzZ.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
File created	C:\Windows\System\uvqoKVS.exe	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 1976	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	31
PID 3000 wrote to memory of 1976	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	31
PID 3000 wrote to memory of 1976	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	31
PID 3000 wrote to memory of 2092	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	32
PID 3000 wrote to memory of 2092	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	32
PID 3000 wrote to memory of 2092	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	32
PID 3000 wrote to memory of 2232	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	33
PID 3000 wrote to memory of 2232	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	33
PID 3000 wrote to memory of 2232	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	33
PID 3000 wrote to memory of 2780	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	34
PID 3000 wrote to memory of 2780	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	34
PID 3000 wrote to memory of 2780	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	34
PID 3000 wrote to memory of 2820	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	35
PID 3000 wrote to memory of 2820	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	35
PID 3000 wrote to memory of 2820	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	35
PID 3000 wrote to memory of 2716	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	36
PID 3000 wrote to memory of 2716	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	36
PID 3000 wrote to memory of 2716	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	36
PID 3000 wrote to memory of 2952	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	37
PID 3000 wrote to memory of 2952	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	37
PID 3000 wrote to memory of 2952	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	37
PID 3000 wrote to memory of 2628	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	38
PID 3000 wrote to memory of 2628	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	38
PID 3000 wrote to memory of 2628	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	38
PID 3000 wrote to memory of 2864	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	39
PID 3000 wrote to memory of 2864	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	39
PID 3000 wrote to memory of 2864	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	39
PID 3000 wrote to memory of 2760	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	40
PID 3000 wrote to memory of 2760	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	40
PID 3000 wrote to memory of 2760	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	40
PID 3000 wrote to memory of 1896	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	41
PID 3000 wrote to memory of 1896	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	41
PID 3000 wrote to memory of 1896	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	41
PID 3000 wrote to memory of 1668	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	42
PID 3000 wrote to memory of 1668	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	42
PID 3000 wrote to memory of 1668	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	42
PID 3000 wrote to memory of 1400	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	43
PID 3000 wrote to memory of 1400	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	43
PID 3000 wrote to memory of 1400	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	43
PID 3000 wrote to memory of 1140	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	44
PID 3000 wrote to memory of 1140	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	44
PID 3000 wrote to memory of 1140	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	44
PID 3000 wrote to memory of 2032	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	45
PID 3000 wrote to memory of 2032	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	45
PID 3000 wrote to memory of 2032	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	45
PID 3000 wrote to memory of 1044	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	46
PID 3000 wrote to memory of 1044	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	46
PID 3000 wrote to memory of 1044	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	46
PID 3000 wrote to memory of 796	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	48
PID 3000 wrote to memory of 796	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	48
PID 3000 wrote to memory of 796	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	48
PID 3000 wrote to memory of 1428	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	49
PID 3000 wrote to memory of 1428	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	49
PID 3000 wrote to memory of 1428	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	49
PID 3000 wrote to memory of 1212	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	50
PID 3000 wrote to memory of 1212	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	50
PID 3000 wrote to memory of 1212	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	50
PID 3000 wrote to memory of 1556	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	51
PID 3000 wrote to memory of 1556	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	51
PID 3000 wrote to memory of 1556	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	51
PID 3000 wrote to memory of 2932	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	52
PID 3000 wrote to memory of 2932	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	52
PID 3000 wrote to memory of 2932	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	52
PID 3000 wrote to memory of 2876	3000	JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe	53

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Windows\System\LpcKGrn.exe
  C:\Windows\System\LpcKGrn.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\LRHfrRH.exe
  C:\Windows\System\LRHfrRH.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\QKraZzG.exe
  C:\Windows\System\QKraZzG.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\fJHFqwh.exe
  C:\Windows\System\fJHFqwh.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\eejIJfE.exe
  C:\Windows\System\eejIJfE.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\tWtcNBl.exe
  C:\Windows\System\tWtcNBl.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\KUfrLFF.exe
  C:\Windows\System\KUfrLFF.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\KlOfEAg.exe
  C:\Windows\System\KlOfEAg.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\EEkqPJU.exe
  C:\Windows\System\EEkqPJU.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\cmyJRoF.exe
  C:\Windows\System\cmyJRoF.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\gFrslWN.exe
  C:\Windows\System\gFrslWN.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\qQSegxk.exe
  C:\Windows\System\qQSegxk.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\dVOkgLE.exe
  C:\Windows\System\dVOkgLE.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\yQCzWJr.exe
  C:\Windows\System\yQCzWJr.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\tAwcJYO.exe
  C:\Windows\System\tAwcJYO.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\ITvXwxT.exe
  C:\Windows\System\ITvXwxT.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\dCcwbIL.exe
  C:\Windows\System\dCcwbIL.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\iAbQxOK.exe
  C:\Windows\System\iAbQxOK.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\KwmOoDF.exe
  C:\Windows\System\KwmOoDF.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\ZJzTPlw.exe
  C:\Windows\System\ZJzTPlw.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\oBxrwiU.exe
  C:\Windows\System\oBxrwiU.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\PfJxmIY.exe
  C:\Windows\System\PfJxmIY.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\CJAJJAT.exe
  C:\Windows\System\CJAJJAT.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\SqpGLiy.exe
  C:\Windows\System\SqpGLiy.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\PdiMjeS.exe
  C:\Windows\System\PdiMjeS.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\XabSgnm.exe
  C:\Windows\System\XabSgnm.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\KcUJrTm.exe
  C:\Windows\System\KcUJrTm.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\bhCrGzV.exe
  C:\Windows\System\bhCrGzV.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\SBZoRfV.exe
  C:\Windows\System\SBZoRfV.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\jLFFXMC.exe
  C:\Windows\System\jLFFXMC.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\DPOjVDU.exe
  C:\Windows\System\DPOjVDU.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\gsBPOne.exe
  C:\Windows\System\gsBPOne.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\nTDXcRP.exe
  C:\Windows\System\nTDXcRP.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\CHnwzRN.exe
  C:\Windows\System\CHnwzRN.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\ImvoQJs.exe
  C:\Windows\System\ImvoQJs.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\ZHEpncm.exe
  C:\Windows\System\ZHEpncm.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\BHrBJuI.exe
  C:\Windows\System\BHrBJuI.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\WttKrFP.exe
  C:\Windows\System\WttKrFP.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\hvmUUYH.exe
  C:\Windows\System\hvmUUYH.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\ykUecwA.exe
  C:\Windows\System\ykUecwA.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\juqyyhH.exe
  C:\Windows\System\juqyyhH.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\hQtlQTU.exe
  C:\Windows\System\hQtlQTU.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\gyiKuek.exe
  C:\Windows\System\gyiKuek.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\ltGatoT.exe
  C:\Windows\System\ltGatoT.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\IKNoVie.exe
  C:\Windows\System\IKNoVie.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\CnrTKjW.exe
  C:\Windows\System\CnrTKjW.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\BtsTGlQ.exe
  C:\Windows\System\BtsTGlQ.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\QIBiqkw.exe
  C:\Windows\System\QIBiqkw.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\arKcbeC.exe
  C:\Windows\System\arKcbeC.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\AHPHCfs.exe
  C:\Windows\System\AHPHCfs.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\yJWfVvQ.exe
  C:\Windows\System\yJWfVvQ.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\BqMyYXw.exe
  C:\Windows\System\BqMyYXw.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\MeNmfyS.exe
  C:\Windows\System\MeNmfyS.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\LBEGCne.exe
  C:\Windows\System\LBEGCne.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\sHcNUMt.exe
  C:\Windows\System\sHcNUMt.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\ptCgkvp.exe
  C:\Windows\System\ptCgkvp.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\KRilWiU.exe
  C:\Windows\System\KRilWiU.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\LviCsWG.exe
  C:\Windows\System\LviCsWG.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\ZsOHgHB.exe
  C:\Windows\System\ZsOHgHB.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\LgeomIz.exe
  C:\Windows\System\LgeomIz.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\UqzySQW.exe
  C:\Windows\System\UqzySQW.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\qSfNVaX.exe
  C:\Windows\System\qSfNVaX.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\jXJBdIJ.exe
  C:\Windows\System\jXJBdIJ.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\wejIqDI.exe
  C:\Windows\System\wejIqDI.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\kskfTUS.exe
  C:\Windows\System\kskfTUS.exe
  2⤵
  PID:2764
- C:\Windows\System\XMnamEQ.exe
  C:\Windows\System\XMnamEQ.exe
  2⤵
  PID:2640
- C:\Windows\System\CzXsfGz.exe
  C:\Windows\System\CzXsfGz.exe
  2⤵
  PID:1652
- C:\Windows\System\qIdcPnh.exe
  C:\Windows\System\qIdcPnh.exe
  2⤵
  PID:2884
- C:\Windows\System\NEpjCYM.exe
  C:\Windows\System\NEpjCYM.exe
  2⤵
  PID:2644
- C:\Windows\System\QrAjGGl.exe
  C:\Windows\System\QrAjGGl.exe
  2⤵
  PID:2692
- C:\Windows\System\ZzDLjEm.exe
  C:\Windows\System\ZzDLjEm.exe
  2⤵
  PID:2000
- C:\Windows\System\ePLludV.exe
  C:\Windows\System\ePLludV.exe
  2⤵
  PID:1992
- C:\Windows\System\sdzCUVn.exe
  C:\Windows\System\sdzCUVn.exe
  2⤵
  PID:236
- C:\Windows\System\FgVXSTR.exe
  C:\Windows\System\FgVXSTR.exe
  2⤵
  PID:300
- C:\Windows\System\sQHMHhj.exe
  C:\Windows\System\sQHMHhj.exe
  2⤵
  PID:1500
- C:\Windows\System\NUsMwrE.exe
  C:\Windows\System\NUsMwrE.exe
  2⤵
  PID:1564
- C:\Windows\System\ZMnZtis.exe
  C:\Windows\System\ZMnZtis.exe
  2⤵
  PID:492
- C:\Windows\System\RiLMmox.exe
  C:\Windows\System\RiLMmox.exe
  2⤵
  PID:2172
- C:\Windows\System\MPVzYBH.exe
  C:\Windows\System\MPVzYBH.exe
  2⤵
  PID:1244
- C:\Windows\System\EBLJoki.exe
  C:\Windows\System\EBLJoki.exe
  2⤵
  PID:444
- C:\Windows\System\GuUNfff.exe
  C:\Windows\System\GuUNfff.exe
  2⤵
  PID:1664
- C:\Windows\System\teHqUiH.exe
  C:\Windows\System\teHqUiH.exe
  2⤵
  PID:2008
- C:\Windows\System\aqsYnBx.exe
  C:\Windows\System\aqsYnBx.exe
  2⤵
  PID:1784
- C:\Windows\System\RFPgyky.exe
  C:\Windows\System\RFPgyky.exe
  2⤵
  PID:2020
- C:\Windows\System\OsmTATY.exe
  C:\Windows\System\OsmTATY.exe
  2⤵
  PID:896
- C:\Windows\System\XLPQmft.exe
  C:\Windows\System\XLPQmft.exe
  2⤵
  PID:480
- C:\Windows\System\UJtPWjt.exe
  C:\Windows\System\UJtPWjt.exe
  2⤵
  PID:2052
- C:\Windows\System\BSGCkQP.exe
  C:\Windows\System\BSGCkQP.exe
  2⤵
  PID:2948
- C:\Windows\System\qndZZSt.exe
  C:\Windows\System\qndZZSt.exe
  2⤵
  PID:2348
- C:\Windows\System\MIHMWJs.exe
  C:\Windows\System\MIHMWJs.exe
  2⤵
  PID:1644
- C:\Windows\System\LrNJdki.exe
  C:\Windows\System\LrNJdki.exe
  2⤵
  PID:2204
- C:\Windows\System\diJyJYP.exe
  C:\Windows\System\diJyJYP.exe
  2⤵
  PID:1424
- C:\Windows\System\SWuwJPx.exe
  C:\Windows\System\SWuwJPx.exe
  2⤵
  PID:1508
- C:\Windows\System\qWTIzCS.exe
  C:\Windows\System\qWTIzCS.exe
  2⤵
  PID:1520
- C:\Windows\System\UqjWbSe.exe
  C:\Windows\System\UqjWbSe.exe
  2⤵
  PID:1728
- C:\Windows\System\mAfCMPx.exe
  C:\Windows\System\mAfCMPx.exe
  2⤵
  PID:2672
- C:\Windows\System\swMORNl.exe
  C:\Windows\System\swMORNl.exe
  2⤵
  PID:2504
- C:\Windows\System\qCqvvsS.exe
  C:\Windows\System\qCqvvsS.exe
  2⤵
  PID:1932
- C:\Windows\System\XmCtoch.exe
  C:\Windows\System\XmCtoch.exe
  2⤵
  PID:2956
- C:\Windows\System\jTgOhDB.exe
  C:\Windows\System\jTgOhDB.exe
  2⤵
  PID:2616
- C:\Windows\System\jNtOZRX.exe
  C:\Windows\System\jNtOZRX.exe
  2⤵
  PID:2852
- C:\Windows\System\HIKXYYy.exe
  C:\Windows\System\HIKXYYy.exe
  2⤵
  PID:2728
- C:\Windows\System\NuCFnRQ.exe
  C:\Windows\System\NuCFnRQ.exe
  2⤵
  PID:2300
- C:\Windows\System\eBTLwJA.exe
  C:\Windows\System\eBTLwJA.exe
  2⤵
  PID:1960
- C:\Windows\System\cUMjSra.exe
  C:\Windows\System\cUMjSra.exe
  2⤵
  PID:2116
- C:\Windows\System\QXdtRQu.exe
  C:\Windows\System\QXdtRQu.exe
  2⤵
  PID:1592
- C:\Windows\System\KXrYDDc.exe
  C:\Windows\System\KXrYDDc.exe
  2⤵
  PID:620
- C:\Windows\System\lNwNTTE.exe
  C:\Windows\System\lNwNTTE.exe
  2⤵
  PID:2156
- C:\Windows\System\hkhYnmO.exe
  C:\Windows\System\hkhYnmO.exe
  2⤵
  PID:2528
- C:\Windows\System\nFXihrt.exe
  C:\Windows\System\nFXihrt.exe
  2⤵
  PID:1392
- C:\Windows\System\TuqotUA.exe
  C:\Windows\System\TuqotUA.exe
  2⤵
  PID:828
- C:\Windows\System\CIRqSFF.exe
  C:\Windows\System\CIRqSFF.exe
  2⤵
  PID:1296
- C:\Windows\System\tJznTBR.exe
  C:\Windows\System\tJznTBR.exe
  2⤵
  PID:2464
- C:\Windows\System\nwyFibh.exe
  C:\Windows\System\nwyFibh.exe
  2⤵
  PID:1952
- C:\Windows\System\yafNetg.exe
  C:\Windows\System\yafNetg.exe
  2⤵
  PID:2256
- C:\Windows\System\MpCiXRy.exe
  C:\Windows\System\MpCiXRy.exe
  2⤵
  PID:1860
- C:\Windows\System\YSfEmpk.exe
  C:\Windows\System\YSfEmpk.exe
  2⤵
  PID:2496
- C:\Windows\System\DHUjfdN.exe
  C:\Windows\System\DHUjfdN.exe
  2⤵
  PID:1968
- C:\Windows\System\EUJkzEs.exe
  C:\Windows\System\EUJkzEs.exe
  2⤵
  PID:2452
- C:\Windows\System\DkOPvSu.exe
  C:\Windows\System\DkOPvSu.exe
  2⤵
  PID:2192
- C:\Windows\System\zDubind.exe
  C:\Windows\System\zDubind.exe
  2⤵
  PID:2296
- C:\Windows\System\eGTqtut.exe
  C:\Windows\System\eGTqtut.exe
  2⤵
  PID:2132
- C:\Windows\System\AwZxCGz.exe
  C:\Windows\System\AwZxCGz.exe
  2⤵
  PID:3036
- C:\Windows\System\OZEsrWS.exe
  C:\Windows\System\OZEsrWS.exe
  2⤵
  PID:1432
- C:\Windows\System\cCDJsxz.exe
  C:\Windows\System\cCDJsxz.exe
  2⤵
  PID:2812
- C:\Windows\System\jEsBLJI.exe
  C:\Windows\System\jEsBLJI.exe
  2⤵
  PID:2916
- C:\Windows\System\wlTKThy.exe
  C:\Windows\System\wlTKThy.exe
  2⤵
  PID:3012
- C:\Windows\System\cmKNItR.exe
  C:\Windows\System\cmKNItR.exe
  2⤵
  PID:2888
- C:\Windows\System\VooMNvP.exe
  C:\Windows\System\VooMNvP.exe
  2⤵
  PID:2972
- C:\Windows\System\cVVJfTA.exe
  C:\Windows\System\cVVJfTA.exe
  2⤵
  PID:1476
- C:\Windows\System\ReAAfZA.exe
  C:\Windows\System\ReAAfZA.exe
  2⤵
  PID:2776
- C:\Windows\System\vqCDtgn.exe
  C:\Windows\System\vqCDtgn.exe
  2⤵
  PID:1528
- C:\Windows\System\tsgxmJQ.exe
  C:\Windows\System\tsgxmJQ.exe
  2⤵
  PID:1840
- C:\Windows\System\EMjXwIf.exe
  C:\Windows\System\EMjXwIf.exe
  2⤵
  PID:2176
- C:\Windows\System\CzqxkqA.exe
  C:\Windows\System\CzqxkqA.exe
  2⤵
  PID:2784
- C:\Windows\System\CulROfJ.exe
  C:\Windows\System\CulROfJ.exe
  2⤵
  PID:2700
- C:\Windows\System\iutUrPS.exe
  C:\Windows\System\iutUrPS.exe
  2⤵
  PID:2828
- C:\Windows\System\iwZdOqQ.exe
  C:\Windows\System\iwZdOqQ.exe
  2⤵
  PID:2460
- C:\Windows\System\BGFgYIQ.exe
  C:\Windows\System\BGFgYIQ.exe
  2⤵
  PID:2340
- C:\Windows\System\WQlzErr.exe
  C:\Windows\System\WQlzErr.exe
  2⤵
  PID:1588
- C:\Windows\System\vhOpkSA.exe
  C:\Windows\System\vhOpkSA.exe
  2⤵
  PID:1188
- C:\Windows\System\zYHfzwV.exe
  C:\Windows\System\zYHfzwV.exe
  2⤵
  PID:1776
- C:\Windows\System\aXZrbvS.exe
  C:\Windows\System\aXZrbvS.exe
  2⤵
  PID:2472
- C:\Windows\System\fhvKDPB.exe
  C:\Windows\System\fhvKDPB.exe
  2⤵
  PID:2404
- C:\Windows\System\spAqAFM.exe
  C:\Windows\System\spAqAFM.exe
  2⤵
  PID:1712
- C:\Windows\System\xGxQZCM.exe
  C:\Windows\System\xGxQZCM.exe
  2⤵
  PID:3080
- C:\Windows\System\CxHGNPx.exe
  C:\Windows\System\CxHGNPx.exe
  2⤵
  PID:3100
- C:\Windows\System\TmmCNWH.exe
  C:\Windows\System\TmmCNWH.exe
  2⤵
  PID:3120
- C:\Windows\System\pWdfzYc.exe
  C:\Windows\System\pWdfzYc.exe
  2⤵
  PID:3136
- C:\Windows\System\nZScjQX.exe
  C:\Windows\System\nZScjQX.exe
  2⤵
  PID:3160
- C:\Windows\System\OmZGHUc.exe
  C:\Windows\System\OmZGHUc.exe
  2⤵
  PID:3180
- C:\Windows\System\IENqwbh.exe
  C:\Windows\System\IENqwbh.exe
  2⤵
  PID:3200
- C:\Windows\System\IhMEDoC.exe
  C:\Windows\System\IhMEDoC.exe
  2⤵
  PID:3220
- C:\Windows\System\poxWyWh.exe
  C:\Windows\System\poxWyWh.exe
  2⤵
  PID:3240
- C:\Windows\System\kEEQSdd.exe
  C:\Windows\System\kEEQSdd.exe
  2⤵
  PID:3260
- C:\Windows\System\urcWVnv.exe
  C:\Windows\System\urcWVnv.exe
  2⤵
  PID:3280
- C:\Windows\System\aqGqfIq.exe
  C:\Windows\System\aqGqfIq.exe
  2⤵
  PID:3300
- C:\Windows\System\sNUkVuX.exe
  C:\Windows\System\sNUkVuX.exe
  2⤵
  PID:3320
- C:\Windows\System\ZyTyJrF.exe
  C:\Windows\System\ZyTyJrF.exe
  2⤵
  PID:3340
- C:\Windows\System\rhsBaOo.exe
  C:\Windows\System\rhsBaOo.exe
  2⤵
  PID:3360
- C:\Windows\System\feeWPDp.exe
  C:\Windows\System\feeWPDp.exe
  2⤵
  PID:3384
- C:\Windows\System\zSfBOPJ.exe
  C:\Windows\System\zSfBOPJ.exe
  2⤵
  PID:3404
- C:\Windows\System\agyZhre.exe
  C:\Windows\System\agyZhre.exe
  2⤵
  PID:3424
- C:\Windows\System\IMbMgTR.exe
  C:\Windows\System\IMbMgTR.exe
  2⤵
  PID:3444
- C:\Windows\System\tiKlZIs.exe
  C:\Windows\System\tiKlZIs.exe
  2⤵
  PID:3460
- C:\Windows\System\LveiSWn.exe
  C:\Windows\System\LveiSWn.exe
  2⤵
  PID:3484
- C:\Windows\System\gSZLKDH.exe
  C:\Windows\System\gSZLKDH.exe
  2⤵
  PID:3532
- C:\Windows\System\uINnhHs.exe
  C:\Windows\System\uINnhHs.exe
  2⤵
  PID:3552
- C:\Windows\System\DdyJKOD.exe
  C:\Windows\System\DdyJKOD.exe
  2⤵
  PID:3572
- C:\Windows\System\bwmgsmD.exe
  C:\Windows\System\bwmgsmD.exe
  2⤵
  PID:3588
- C:\Windows\System\KJxUTwX.exe
  C:\Windows\System\KJxUTwX.exe
  2⤵
  PID:3604
- C:\Windows\System\UxpMJvr.exe
  C:\Windows\System\UxpMJvr.exe
  2⤵
  PID:3632
- C:\Windows\System\aIbTHeF.exe
  C:\Windows\System\aIbTHeF.exe
  2⤵
  PID:3648
- C:\Windows\System\WTTNosi.exe
  C:\Windows\System\WTTNosi.exe
  2⤵
  PID:3672
- C:\Windows\System\kAxaxum.exe
  C:\Windows\System\kAxaxum.exe
  2⤵
  PID:3692
- C:\Windows\System\kNSUQnS.exe
  C:\Windows\System\kNSUQnS.exe
  2⤵
  PID:3712
- C:\Windows\System\bHtrFRx.exe
  C:\Windows\System\bHtrFRx.exe
  2⤵
  PID:3732
- C:\Windows\System\vnTqIHG.exe
  C:\Windows\System\vnTqIHG.exe
  2⤵
  PID:3748
- C:\Windows\System\DdxutoI.exe
  C:\Windows\System\DdxutoI.exe
  2⤵
  PID:3772
- C:\Windows\System\BEDrvSt.exe
  C:\Windows\System\BEDrvSt.exe
  2⤵
  PID:3792
- C:\Windows\System\ogDKooZ.exe
  C:\Windows\System\ogDKooZ.exe
  2⤵
  PID:3812
- C:\Windows\System\yvkSgJP.exe
  C:\Windows\System\yvkSgJP.exe
  2⤵
  PID:3836
- C:\Windows\System\ysdoOex.exe
  C:\Windows\System\ysdoOex.exe
  2⤵
  PID:3852
- C:\Windows\System\fuQmZln.exe
  C:\Windows\System\fuQmZln.exe
  2⤵
  PID:3868
- C:\Windows\System\KWRDqFX.exe
  C:\Windows\System\KWRDqFX.exe
  2⤵
  PID:3884
- C:\Windows\System\GDOqBps.exe
  C:\Windows\System\GDOqBps.exe
  2⤵
  PID:3900
- C:\Windows\System\fipBilU.exe
  C:\Windows\System\fipBilU.exe
  2⤵
  PID:3916
- C:\Windows\System\cuzVeLf.exe
  C:\Windows\System\cuzVeLf.exe
  2⤵
  PID:3944
- C:\Windows\System\URFDUVj.exe
  C:\Windows\System\URFDUVj.exe
  2⤵
  PID:3964
- C:\Windows\System\uLdpbbe.exe
  C:\Windows\System\uLdpbbe.exe
  2⤵
  PID:3980
- C:\Windows\System\DKFdGBc.exe
  C:\Windows\System\DKFdGBc.exe
  2⤵
  PID:3996
- C:\Windows\System\wZLRxfS.exe
  C:\Windows\System\wZLRxfS.exe
  2⤵
  PID:4012
- C:\Windows\System\kHnXrxG.exe
  C:\Windows\System\kHnXrxG.exe
  2⤵
  PID:4032
- C:\Windows\System\tZYXDbv.exe
  C:\Windows\System\tZYXDbv.exe
  2⤵
  PID:4052
- C:\Windows\System\ZHfQGJM.exe
  C:\Windows\System\ZHfQGJM.exe
  2⤵
  PID:4068
- C:\Windows\System\PRvosnX.exe
  C:\Windows\System\PRvosnX.exe
  2⤵
  PID:4088
- C:\Windows\System\ihJiZqv.exe
  C:\Windows\System\ihJiZqv.exe
  2⤵
  PID:1164
- C:\Windows\System\kxpYyBT.exe
  C:\Windows\System\kxpYyBT.exe
  2⤵
  PID:1420
- C:\Windows\System\jXWAeRk.exe
  C:\Windows\System\jXWAeRk.exe
  2⤵
  PID:2592
- C:\Windows\System\eQNoNhF.exe
  C:\Windows\System\eQNoNhF.exe
  2⤵
  PID:2004
- C:\Windows\System\nQjmdXM.exe
  C:\Windows\System\nQjmdXM.exe
  2⤵
  PID:3144
- C:\Windows\System\fXbyhaX.exe
  C:\Windows\System\fXbyhaX.exe
  2⤵
  PID:3128
- C:\Windows\System\XVkqDbp.exe
  C:\Windows\System\XVkqDbp.exe
  2⤵
  PID:3168
- C:\Windows\System\GoKQQgr.exe
  C:\Windows\System\GoKQQgr.exe
  2⤵
  PID:3208
- C:\Windows\System\YATAFSD.exe
  C:\Windows\System\YATAFSD.exe
  2⤵
  PID:3216
- C:\Windows\System\narXtrT.exe
  C:\Windows\System\narXtrT.exe
  2⤵
  PID:3276
- C:\Windows\System\aCRbDon.exe
  C:\Windows\System\aCRbDon.exe
  2⤵
  PID:3308
- C:\Windows\System\gbaqcXP.exe
  C:\Windows\System\gbaqcXP.exe
  2⤵
  PID:3348
- C:\Windows\System\SNHRKFH.exe
  C:\Windows\System\SNHRKFH.exe
  2⤵
  PID:3400
- C:\Windows\System\eIRsBet.exe
  C:\Windows\System\eIRsBet.exe
  2⤵
  PID:3436
- C:\Windows\System\PLFrquw.exe
  C:\Windows\System\PLFrquw.exe
  2⤵
  PID:3296
- C:\Windows\System\MjhJxGx.exe
  C:\Windows\System\MjhJxGx.exe
  2⤵
  PID:3336
- C:\Windows\System\UptCwBL.exe
  C:\Windows\System\UptCwBL.exe
  2⤵
  PID:1344
- C:\Windows\System\disJlTr.exe
  C:\Windows\System\disJlTr.exe
  2⤵
  PID:3516
- C:\Windows\System\FDRWNvy.exe
  C:\Windows\System\FDRWNvy.exe
  2⤵
  PID:2660
- C:\Windows\System\IFGMLup.exe
  C:\Windows\System\IFGMLup.exe
  2⤵
  PID:2500
- C:\Windows\System\pkXkaUd.exe
  C:\Windows\System\pkXkaUd.exe
  2⤵
  PID:1012
- C:\Windows\System\PmBaysi.exe
  C:\Windows\System\PmBaysi.exe
  2⤵
  PID:3524
- C:\Windows\System\SXRGayM.exe
  C:\Windows\System\SXRGayM.exe
  2⤵
  PID:2284
- C:\Windows\System\hwZEGRs.exe
  C:\Windows\System\hwZEGRs.exe
  2⤵
  PID:1396
- C:\Windows\System\bsrMtZK.exe
  C:\Windows\System\bsrMtZK.exe
  2⤵
  PID:2976
- C:\Windows\System\sQNROYy.exe
  C:\Windows\System\sQNROYy.exe
  2⤵
  PID:1004
- C:\Windows\System\oRzDUiP.exe
  C:\Windows\System\oRzDUiP.exe
  2⤵
  PID:1736
- C:\Windows\System\yBpThye.exe
  C:\Windows\System\yBpThye.exe
  2⤵
  PID:888
- C:\Windows\System\xcrTSju.exe
  C:\Windows\System\xcrTSju.exe
  2⤵
  PID:3512
- C:\Windows\System\pRBqnux.exe
  C:\Windows\System\pRBqnux.exe
  2⤵
  PID:3580
- C:\Windows\System\qAQhqim.exe
  C:\Windows\System\qAQhqim.exe
  2⤵
  PID:3624
- C:\Windows\System\kRuUPFc.exe
  C:\Windows\System\kRuUPFc.exe
  2⤵
  PID:3656
- C:\Windows\System\RpvYKLh.exe
  C:\Windows\System\RpvYKLh.exe
  2⤵
  PID:3700
- C:\Windows\System\uKGlASu.exe
  C:\Windows\System\uKGlASu.exe
  2⤵
  PID:3688
- C:\Windows\System\SCkrakM.exe
  C:\Windows\System\SCkrakM.exe
  2⤵
  PID:3724
- C:\Windows\System\vxAyKJU.exe
  C:\Windows\System\vxAyKJU.exe
  2⤵
  PID:3764
- C:\Windows\System\SDQIfLd.exe
  C:\Windows\System\SDQIfLd.exe
  2⤵
  PID:3808
- C:\Windows\System\PohLWXk.exe
  C:\Windows\System\PohLWXk.exe
  2⤵
  PID:3832
- C:\Windows\System\FCZERlW.exe
  C:\Windows\System\FCZERlW.exe
  2⤵
  PID:3892
- C:\Windows\System\htiBgWQ.exe
  C:\Windows\System\htiBgWQ.exe
  2⤵
  PID:3932
- C:\Windows\System\guiCayg.exe
  C:\Windows\System\guiCayg.exe
  2⤵
  PID:4004
- C:\Windows\System\QsHpwUF.exe
  C:\Windows\System\QsHpwUF.exe
  2⤵
  PID:4048
- C:\Windows\System\YVKedJm.exe
  C:\Windows\System\YVKedJm.exe
  2⤵
  PID:4084
- C:\Windows\System\nEeWQYm.exe
  C:\Windows\System\nEeWQYm.exe
  2⤵
  PID:4064
- C:\Windows\System\UgKJXkn.exe
  C:\Windows\System\UgKJXkn.exe
  2⤵
  PID:3876
- C:\Windows\System\cYFmxrG.exe
  C:\Windows\System\cYFmxrG.exe
  2⤵
  PID:3992
- C:\Windows\System\ERJaLqf.exe
  C:\Windows\System\ERJaLqf.exe
  2⤵
  PID:3048
- C:\Windows\System\OnvADFK.exe
  C:\Windows\System\OnvADFK.exe
  2⤵
  PID:2376
- C:\Windows\System\WIsyYvW.exe
  C:\Windows\System\WIsyYvW.exe
  2⤵
  PID:3116
- C:\Windows\System\wCsaGku.exe
  C:\Windows\System\wCsaGku.exe
  2⤵
  PID:3096
- C:\Windows\System\vZFwiWL.exe
  C:\Windows\System\vZFwiWL.exe
  2⤵
  PID:3196
- C:\Windows\System\flXLJYU.exe
  C:\Windows\System\flXLJYU.exe
  2⤵
  PID:3256
- C:\Windows\System\oMYDDei.exe
  C:\Windows\System\oMYDDei.exe
  2⤵
  PID:3248
- C:\Windows\System\CqmsIZr.exe
  C:\Windows\System\CqmsIZr.exe
  2⤵
  PID:3432
- C:\Windows\System\nGGtZoN.exe
  C:\Windows\System\nGGtZoN.exe
  2⤵
  PID:3492
- C:\Windows\System\pPYLRNN.exe
  C:\Windows\System\pPYLRNN.exe
  2⤵
  PID:3476
- C:\Windows\System\tylsquL.exe
  C:\Windows\System\tylsquL.exe
  2⤵
  PID:3412
- C:\Windows\System\LaCHbyC.exe
  C:\Windows\System\LaCHbyC.exe
  2⤵
  PID:3452
- C:\Windows\System\CQzBtAI.exe
  C:\Windows\System\CQzBtAI.exe
  2⤵
  PID:3504
- C:\Windows\System\luONQUW.exe
  C:\Windows\System\luONQUW.exe
  2⤵
  PID:3520
- C:\Windows\System\BrCTCoC.exe
  C:\Windows\System\BrCTCoC.exe
  2⤵
  PID:2564
- C:\Windows\System\DyxMmia.exe
  C:\Windows\System\DyxMmia.exe
  2⤵
  PID:404
- C:\Windows\System\NecXUsM.exe
  C:\Windows\System\NecXUsM.exe
  2⤵
  PID:760
- C:\Windows\System\qQjCbRU.exe
  C:\Windows\System\qQjCbRU.exe
  2⤵
  PID:1624
- C:\Windows\System\MxEHafq.exe
  C:\Windows\System\MxEHafq.exe
  2⤵
  PID:3568
- C:\Windows\System\ainGBwY.exe
  C:\Windows\System\ainGBwY.exe
  2⤵
  PID:3620
- C:\Windows\System\iTEUkzm.exe
  C:\Windows\System\iTEUkzm.exe
  2⤵
  PID:3664
- C:\Windows\System\DgDzXfw.exe
  C:\Windows\System\DgDzXfw.exe
  2⤵
  PID:3924
- C:\Windows\System\TxVepWv.exe
  C:\Windows\System\TxVepWv.exe
  2⤵
  PID:4024
- C:\Windows\System\unnOaOR.exe
  C:\Windows\System\unnOaOR.exe
  2⤵
  PID:3952
- C:\Windows\System\lHtcZyK.exe
  C:\Windows\System\lHtcZyK.exe
  2⤵
  PID:3972
- C:\Windows\System\cwfNhkU.exe
  C:\Windows\System\cwfNhkU.exe
  2⤵
  PID:3976
- C:\Windows\System\LmByNFC.exe
  C:\Windows\System\LmByNFC.exe
  2⤵
  PID:3912
- C:\Windows\System\PgXQXcy.exe
  C:\Windows\System\PgXQXcy.exe
  2⤵
  PID:1316
- C:\Windows\System\dGoVIOq.exe
  C:\Windows\System\dGoVIOq.exe
  2⤵
  PID:2624
- C:\Windows\System\ZYCFkTa.exe
  C:\Windows\System\ZYCFkTa.exe
  2⤵
  PID:3236
- C:\Windows\System\CZyioHs.exe
  C:\Windows\System\CZyioHs.exe
  2⤵
  PID:2124
- C:\Windows\System\zUmEPfJ.exe
  C:\Windows\System\zUmEPfJ.exe
  2⤵
  PID:1620
- C:\Windows\System\pnwmdMT.exe
  C:\Windows\System\pnwmdMT.exe
  2⤵
  PID:1068
- C:\Windows\System\TQTddMo.exe
  C:\Windows\System\TQTddMo.exe
  2⤵
  PID:1540
- C:\Windows\System\LCDZIOO.exe
  C:\Windows\System\LCDZIOO.exe
  2⤵
  PID:1996
- C:\Windows\System\CPSgvcB.exe
  C:\Windows\System\CPSgvcB.exe
  2⤵
  PID:3496
- C:\Windows\System\AoVnXUR.exe
  C:\Windows\System\AoVnXUR.exe
  2⤵
  PID:3616
- C:\Windows\System\MXoFVBq.exe
  C:\Windows\System\MXoFVBq.exe
  2⤵
  PID:3292
- C:\Windows\System\oHKdCKq.exe
  C:\Windows\System\oHKdCKq.exe
  2⤵
  PID:3784
- C:\Windows\System\uKSiUla.exe
  C:\Windows\System\uKSiUla.exe
  2⤵
  PID:3684
- C:\Windows\System\MgbPsDv.exe
  C:\Windows\System\MgbPsDv.exe
  2⤵
  PID:3820
- C:\Windows\System\nqzXTcf.exe
  C:\Windows\System\nqzXTcf.exe
  2⤵
  PID:3728
- C:\Windows\System\AgJBkWa.exe
  C:\Windows\System\AgJBkWa.exe
  2⤵
  PID:1956
- C:\Windows\System\bvtjRAT.exe
  C:\Windows\System\bvtjRAT.exe
  2⤵
  PID:3860
- C:\Windows\System\ZxypMLF.exe
  C:\Windows\System\ZxypMLF.exe
  2⤵
  PID:1912
- C:\Windows\System\BvBwwuB.exe
  C:\Windows\System\BvBwwuB.exe
  2⤵
  PID:3148
- C:\Windows\System\yqsOBqx.exe
  C:\Windows\System\yqsOBqx.exe
  2⤵
  PID:1492
- C:\Windows\System\rZoDnKk.exe
  C:\Windows\System\rZoDnKk.exe
  2⤵
  PID:1108
- C:\Windows\System\raPrVSW.exe
  C:\Windows\System\raPrVSW.exe
  2⤵
  PID:956
- C:\Windows\System\CeAQOyI.exe
  C:\Windows\System\CeAQOyI.exe
  2⤵
  PID:2372
- C:\Windows\System\EyzKXiy.exe
  C:\Windows\System\EyzKXiy.exe
  2⤵
  PID:584
- C:\Windows\System\kSmuoHm.exe
  C:\Windows\System\kSmuoHm.exe
  2⤵
  PID:3644
- C:\Windows\System\qarYTHS.exe
  C:\Windows\System\qarYTHS.exe
  2⤵
  PID:3708
- C:\Windows\System\AUoUxLj.exe
  C:\Windows\System\AUoUxLj.exe
  2⤵
  PID:3804
- C:\Windows\System\nMZQpjt.exe
  C:\Windows\System\nMZQpjt.exe
  2⤵
  PID:2856
- C:\Windows\System\YxakWRg.exe
  C:\Windows\System\YxakWRg.exe
  2⤵
  PID:2224
- C:\Windows\System\uRjUSHx.exe
  C:\Windows\System\uRjUSHx.exe
  2⤵
  PID:3420
- C:\Windows\System\sCaXErn.exe
  C:\Windows\System\sCaXErn.exe
  2⤵
  PID:3564
- C:\Windows\System\TbPwPZH.exe
  C:\Windows\System\TbPwPZH.exe
  2⤵
  PID:4112
- C:\Windows\System\MPaLheB.exe
  C:\Windows\System\MPaLheB.exe
  2⤵
  PID:4128
- C:\Windows\System\mnQeCzv.exe
  C:\Windows\System\mnQeCzv.exe
  2⤵
  PID:4144
- C:\Windows\System\CibTDuq.exe
  C:\Windows\System\CibTDuq.exe
  2⤵
  PID:4184
- C:\Windows\System\saeYRtq.exe
  C:\Windows\System\saeYRtq.exe
  2⤵
  PID:4216
- C:\Windows\System\KDZRdYW.exe
  C:\Windows\System\KDZRdYW.exe
  2⤵
  PID:4252
- C:\Windows\System\uIDOEtC.exe
  C:\Windows\System\uIDOEtC.exe
  2⤵
  PID:4268
- C:\Windows\System\ginvQek.exe
  C:\Windows\System\ginvQek.exe
  2⤵
  PID:4292
- C:\Windows\System\ovDeraj.exe
  C:\Windows\System\ovDeraj.exe
  2⤵
  PID:4308
- C:\Windows\System\UtMzUMy.exe
  C:\Windows\System\UtMzUMy.exe
  2⤵
  PID:4332
- C:\Windows\System\bWlancD.exe
  C:\Windows\System\bWlancD.exe
  2⤵
  PID:4348
- C:\Windows\System\zvkcwLM.exe
  C:\Windows\System\zvkcwLM.exe
  2⤵
  PID:4364
- C:\Windows\System\ZHGJtxM.exe
  C:\Windows\System\ZHGJtxM.exe
  2⤵
  PID:4396
- C:\Windows\System\zXUNFlN.exe
  C:\Windows\System\zXUNFlN.exe
  2⤵
  PID:4412
- C:\Windows\System\Ylhgbwa.exe
  C:\Windows\System\Ylhgbwa.exe
  2⤵
  PID:4428
- C:\Windows\System\woCDdGF.exe
  C:\Windows\System\woCDdGF.exe
  2⤵
  PID:4448
- C:\Windows\System\nNWdjbG.exe
  C:\Windows\System\nNWdjbG.exe
  2⤵
  PID:4468
- C:\Windows\System\vpGKcTP.exe
  C:\Windows\System\vpGKcTP.exe
  2⤵
  PID:4492
- C:\Windows\System\bRIhVQe.exe
  C:\Windows\System\bRIhVQe.exe
  2⤵
  PID:4508
- C:\Windows\System\elCLamy.exe
  C:\Windows\System\elCLamy.exe
  2⤵
  PID:4532
- C:\Windows\System\dzwQmic.exe
  C:\Windows\System\dzwQmic.exe
  2⤵
  PID:4548
- C:\Windows\System\BOTQnuZ.exe
  C:\Windows\System\BOTQnuZ.exe
  2⤵
  PID:4568
- C:\Windows\System\qkmhsEo.exe
  C:\Windows\System\qkmhsEo.exe
  2⤵
  PID:4588
- C:\Windows\System\gfXqPEr.exe
  C:\Windows\System\gfXqPEr.exe
  2⤵
  PID:4612
- C:\Windows\System\GvUWOYF.exe
  C:\Windows\System\GvUWOYF.exe
  2⤵
  PID:4632
- C:\Windows\System\rYAZxhv.exe
  C:\Windows\System\rYAZxhv.exe
  2⤵
  PID:4648
- C:\Windows\System\XfnBnfd.exe
  C:\Windows\System\XfnBnfd.exe
  2⤵
  PID:4676
- C:\Windows\System\duKoQdP.exe
  C:\Windows\System\duKoQdP.exe
  2⤵
  PID:4692
- C:\Windows\System\BfGbpiA.exe
  C:\Windows\System\BfGbpiA.exe
  2⤵
  PID:4708
- C:\Windows\System\VeRlWdv.exe
  C:\Windows\System\VeRlWdv.exe
  2⤵
  PID:4724
- C:\Windows\System\kjAkFib.exe
  C:\Windows\System\kjAkFib.exe
  2⤵
  PID:4744
- C:\Windows\System\FhvQLnU.exe
  C:\Windows\System\FhvQLnU.exe
  2⤵
  PID:4760
- C:\Windows\System\mtknwOw.exe
  C:\Windows\System\mtknwOw.exe
  2⤵
  PID:4776
- C:\Windows\System\MKGSeiv.exe
  C:\Windows\System\MKGSeiv.exe
  2⤵
  PID:4792
- C:\Windows\System\bJUEtzK.exe
  C:\Windows\System\bJUEtzK.exe
  2⤵
  PID:4808
- C:\Windows\System\aOoLvzT.exe
  C:\Windows\System\aOoLvzT.exe
  2⤵
  PID:4828
- C:\Windows\System\dpsPHjG.exe
  C:\Windows\System\dpsPHjG.exe
  2⤵
  PID:4848
- C:\Windows\System\VytroXl.exe
  C:\Windows\System\VytroXl.exe
  2⤵
  PID:4864
- C:\Windows\System\jJEVLPi.exe
  C:\Windows\System\jJEVLPi.exe
  2⤵
  PID:4880
- C:\Windows\System\ZFdvbsy.exe
  C:\Windows\System\ZFdvbsy.exe
  2⤵
  PID:4896
- C:\Windows\System\QqjGSrF.exe
  C:\Windows\System\QqjGSrF.exe
  2⤵
  PID:4920
- C:\Windows\System\FADrWjI.exe
  C:\Windows\System\FADrWjI.exe
  2⤵
  PID:4944
- C:\Windows\System\xlAiqrl.exe
  C:\Windows\System\xlAiqrl.exe
  2⤵
  PID:4960
- C:\Windows\System\dofylUW.exe
  C:\Windows\System\dofylUW.exe
  2⤵
  PID:5016
- C:\Windows\System\CFQbCeM.exe
  C:\Windows\System\CFQbCeM.exe
  2⤵
  PID:5036
- C:\Windows\System\NYtNwHm.exe
  C:\Windows\System\NYtNwHm.exe
  2⤵
  PID:5056
- C:\Windows\System\XcPQNZt.exe
  C:\Windows\System\XcPQNZt.exe
  2⤵
  PID:5076
- C:\Windows\System\QnsTNOc.exe
  C:\Windows\System\QnsTNOc.exe
  2⤵
  PID:5092
- C:\Windows\System\WKZpzzt.exe
  C:\Windows\System\WKZpzzt.exe
  2⤵
  PID:5112
- C:\Windows\System\wCZzAzN.exe
  C:\Windows\System\wCZzAzN.exe
  2⤵
  PID:2912
- C:\Windows\System\FtJdUqm.exe
  C:\Windows\System\FtJdUqm.exe
  2⤵
  PID:3668
- C:\Windows\System\hvasVqa.exe
  C:\Windows\System\hvasVqa.exe
  2⤵
  PID:3392
- C:\Windows\System\iIAFBLy.exe
  C:\Windows\System\iIAFBLy.exe
  2⤵
  PID:976
- C:\Windows\System\KMiLqRP.exe
  C:\Windows\System\KMiLqRP.exe
  2⤵
  PID:4152
- C:\Windows\System\kTktqyu.exe
  C:\Windows\System\kTktqyu.exe
  2⤵
  PID:4168
- C:\Windows\System\fHeGrEF.exe
  C:\Windows\System\fHeGrEF.exe
  2⤵
  PID:3740
- C:\Windows\System\phgTKZP.exe
  C:\Windows\System\phgTKZP.exe
  2⤵
  PID:3528
- C:\Windows\System\kJJkkPD.exe
  C:\Windows\System\kJJkkPD.exe
  2⤵
  PID:4224
- C:\Windows\System\JWlxUrO.exe
  C:\Windows\System\JWlxUrO.exe
  2⤵
  PID:4212
- C:\Windows\System\iJCBHRi.exe
  C:\Windows\System\iJCBHRi.exe
  2⤵
  PID:4260
- C:\Windows\System\WmeufMb.exe
  C:\Windows\System\WmeufMb.exe
  2⤵
  PID:4320
- C:\Windows\System\JpMNqrg.exe
  C:\Windows\System\JpMNqrg.exe
  2⤵
  PID:4360
- C:\Windows\System\vSiOqQj.exe
  C:\Windows\System\vSiOqQj.exe
  2⤵
  PID:4380
- C:\Windows\System\nSmCgGP.exe
  C:\Windows\System\nSmCgGP.exe
  2⤵
  PID:4404
- C:\Windows\System\CupMUiF.exe
  C:\Windows\System\CupMUiF.exe
  2⤵
  PID:4420
- C:\Windows\System\fddmCiO.exe
  C:\Windows\System\fddmCiO.exe
  2⤵
  PID:4488
- C:\Windows\System\LZwgAba.exe
  C:\Windows\System\LZwgAba.exe
  2⤵
  PID:4528
- C:\Windows\System\GWFnNsy.exe
  C:\Windows\System\GWFnNsy.exe
  2⤵
  PID:4500
- C:\Windows\System\uMbbQkX.exe
  C:\Windows\System\uMbbQkX.exe
  2⤵
  PID:4596
- C:\Windows\System\wsHQLtt.exe
  C:\Windows\System\wsHQLtt.exe
  2⤵
  PID:4584
- C:\Windows\System\YpPETDQ.exe
  C:\Windows\System\YpPETDQ.exe
  2⤵
  PID:4620
- C:\Windows\System\mtPfJFk.exe
  C:\Windows\System\mtPfJFk.exe
  2⤵
  PID:4624
- C:\Windows\System\yokpVFc.exe
  C:\Windows\System\yokpVFc.exe
  2⤵
  PID:4752
- C:\Windows\System\uxDpzaw.exe
  C:\Windows\System\uxDpzaw.exe
  2⤵
  PID:4756
- C:\Windows\System\STYVgFU.exe
  C:\Windows\System\STYVgFU.exe
  2⤵
  PID:4892
- C:\Windows\System\hOqQNew.exe
  C:\Windows\System\hOqQNew.exe
  2⤵
  PID:4936
- C:\Windows\System\IicbAfL.exe
  C:\Windows\System\IicbAfL.exe
  2⤵
  PID:4984
- C:\Windows\System\ASYSdVe.exe
  C:\Windows\System\ASYSdVe.exe
  2⤵
  PID:4740
- C:\Windows\System\txGqXXy.exe
  C:\Windows\System\txGqXXy.exe
  2⤵
  PID:4804
- C:\Windows\System\CaTDdkf.exe
  C:\Windows\System\CaTDdkf.exe
  2⤵
  PID:4976
- C:\Windows\System\uSplXIe.exe
  C:\Windows\System\uSplXIe.exe
  2⤵
  PID:4844
- C:\Windows\System\GhiyJHa.exe
  C:\Windows\System\GhiyJHa.exe
  2⤵
  PID:4908
- C:\Windows\System\OfxHieB.exe
  C:\Windows\System\OfxHieB.exe
  2⤵
  PID:4956
- C:\Windows\System\ZWUhGQx.exe
  C:\Windows\System\ZWUhGQx.exe
  2⤵
  PID:5048
- C:\Windows\System\cPeOmdP.exe
  C:\Windows\System\cPeOmdP.exe
  2⤵
  PID:5088
- C:\Windows\System\VcnbnVI.exe
  C:\Windows\System\VcnbnVI.exe
  2⤵
  PID:4124
- C:\Windows\System\QACKHHL.exe
  C:\Windows\System\QACKHHL.exe
  2⤵
  PID:4120
- C:\Windows\System\AjTqUKD.exe
  C:\Windows\System\AjTqUKD.exe
  2⤵
  PID:5108
- C:\Windows\System\BAStIJI.exe
  C:\Windows\System\BAStIJI.exe
  2⤵
  PID:4028
- C:\Windows\System\ChZWRAj.exe
  C:\Windows\System\ChZWRAj.exe
  2⤵
  PID:4244
- C:\Windows\System\nDhkGNq.exe
  C:\Windows\System\nDhkGNq.exe
  2⤵
  PID:4160
- C:\Windows\System\Ufjxjfe.exe
  C:\Windows\System\Ufjxjfe.exe
  2⤵
  PID:4232
- C:\Windows\System\uVXtZVq.exe
  C:\Windows\System\uVXtZVq.exe
  2⤵
  PID:4236
- C:\Windows\System\oHQcZtZ.exe
  C:\Windows\System\oHQcZtZ.exe
  2⤵
  PID:4392
- C:\Windows\System\jBAgIlz.exe
  C:\Windows\System\jBAgIlz.exe
  2⤵
  PID:4388
- C:\Windows\System\xtDvanl.exe
  C:\Windows\System\xtDvanl.exe
  2⤵
  PID:4316
- C:\Windows\System\ZjCECOq.exe
  C:\Windows\System\ZjCECOq.exe
  2⤵
  PID:4460
- C:\Windows\System\xscClbS.exe
  C:\Windows\System\xscClbS.exe
  2⤵
  PID:4344
- C:\Windows\System\jBqFzaE.exe
  C:\Windows\System\jBqFzaE.exe
  2⤵
  PID:4668
- C:\Windows\System\tHLVMbl.exe
  C:\Windows\System\tHLVMbl.exe
  2⤵
  PID:4524
- C:\Windows\System\rFmpqxG.exe
  C:\Windows\System\rFmpqxG.exe
  2⤵
  PID:4788
- C:\Windows\System\vqmRXEQ.exe
  C:\Windows\System\vqmRXEQ.exe
  2⤵
  PID:4688
- C:\Windows\System\alSPAWo.exe
  C:\Windows\System\alSPAWo.exe
  2⤵
  PID:5072
- C:\Windows\System\iOrNwyQ.exe
  C:\Windows\System\iOrNwyQ.exe
  2⤵
  PID:3288
- C:\Windows\System\csVXfoD.exe
  C:\Windows\System\csVXfoD.exe
  2⤵
  PID:4800
- C:\Windows\System\nWMQtJN.exe
  C:\Windows\System\nWMQtJN.exe
  2⤵
  PID:5052
- C:\Windows\System\BOzNCtD.exe
  C:\Windows\System\BOzNCtD.exe
  2⤵
  PID:4300
- C:\Windows\System\HzRVggN.exe
  C:\Windows\System\HzRVggN.exe
  2⤵
  PID:4464
- C:\Windows\System\fkOqrcs.exe
  C:\Windows\System\fkOqrcs.exe
  2⤵
  PID:4996
- C:\Windows\System\MYNvPJi.exe
  C:\Windows\System\MYNvPJi.exe
  2⤵
  PID:4284
- C:\Windows\System\TxtXNyb.exe
  C:\Windows\System\TxtXNyb.exe
  2⤵
  PID:3940
- C:\Windows\System\rZpEole.exe
  C:\Windows\System\rZpEole.exe
  2⤵
  PID:4504
- C:\Windows\System\ZyjUEIQ.exe
  C:\Windows\System\ZyjUEIQ.exe
  2⤵
  PID:4700
- C:\Windows\System\YRlvrTh.exe
  C:\Windows\System\YRlvrTh.exe
  2⤵
  PID:4928
- C:\Windows\System\ktEBZws.exe
  C:\Windows\System\ktEBZws.exe
  2⤵
  PID:4196
- C:\Windows\System\RqVTVyI.exe
  C:\Windows\System\RqVTVyI.exe
  2⤵
  PID:4772
- C:\Windows\System\sWwmaFg.exe
  C:\Windows\System\sWwmaFg.exe
  2⤵
  PID:4136
- C:\Windows\System\CJsZzpZ.exe
  C:\Windows\System\CJsZzpZ.exe
  2⤵
  PID:3312
- C:\Windows\System\eOneelp.exe
  C:\Windows\System\eOneelp.exe
  2⤵
  PID:4544
- C:\Windows\System\uNjlgtl.exe
  C:\Windows\System\uNjlgtl.exe
  2⤵
  PID:4820
- C:\Windows\System\erDssFD.exe
  C:\Windows\System\erDssFD.exe
  2⤵
  PID:3612
- C:\Windows\System\WZMzEZz.exe
  C:\Windows\System\WZMzEZz.exe
  2⤵
  PID:4372
- C:\Windows\System\aOTgiqQ.exe
  C:\Windows\System\aOTgiqQ.exe
  2⤵
  PID:4576
- C:\Windows\System\RQudDIs.exe
  C:\Windows\System\RQudDIs.exe
  2⤵
  PID:4732
- C:\Windows\System\UYnMuwW.exe
  C:\Windows\System\UYnMuwW.exe
  2⤵
  PID:5044
- C:\Windows\System\rbMlvtL.exe
  C:\Windows\System\rbMlvtL.exe
  2⤵
  PID:5104
- C:\Windows\System\FZkLguF.exe
  C:\Windows\System\FZkLguF.exe
  2⤵
  PID:4664
- C:\Windows\System\QjODFEp.exe
  C:\Windows\System\QjODFEp.exe
  2⤵
  PID:4980
- C:\Windows\System\yySgGuP.exe
  C:\Windows\System\yySgGuP.exe
  2⤵
  PID:5028
- C:\Windows\System\pzwCMUu.exe
  C:\Windows\System\pzwCMUu.exe
  2⤵
  PID:4644
- C:\Windows\System\yjpLmxz.exe
  C:\Windows\System\yjpLmxz.exe
  2⤵
  PID:4952
- C:\Windows\System\WThSKSh.exe
  C:\Windows\System\WThSKSh.exe
  2⤵
  PID:4932
- C:\Windows\System\bTKYwGq.exe
  C:\Windows\System\bTKYwGq.exe
  2⤵
  PID:5100
- C:\Windows\System\zgmNAph.exe
  C:\Windows\System\zgmNAph.exe
  2⤵
  PID:4580
- C:\Windows\System\LYYedeC.exe
  C:\Windows\System\LYYedeC.exe
  2⤵
  PID:4916
- C:\Windows\System\axPgPSm.exe
  C:\Windows\System\axPgPSm.exe
  2⤵
  PID:5136
- C:\Windows\System\CCePhlw.exe
  C:\Windows\System\CCePhlw.exe
  2⤵
  PID:5160
- C:\Windows\System\oQOsLnM.exe
  C:\Windows\System\oQOsLnM.exe
  2⤵
  PID:5176
- C:\Windows\System\jdXKWvP.exe
  C:\Windows\System\jdXKWvP.exe
  2⤵
  PID:5192
- C:\Windows\System\DceAdtb.exe
  C:\Windows\System\DceAdtb.exe
  2⤵
  PID:5208
- C:\Windows\System\SVBnjGj.exe
  C:\Windows\System\SVBnjGj.exe
  2⤵
  PID:5228
- C:\Windows\System\mrFinxA.exe
  C:\Windows\System\mrFinxA.exe
  2⤵
  PID:5244
- C:\Windows\System\zAVDqvG.exe
  C:\Windows\System\zAVDqvG.exe
  2⤵
  PID:5284
- C:\Windows\System\zLrAGVG.exe
  C:\Windows\System\zLrAGVG.exe
  2⤵
  PID:5308
- C:\Windows\System\pOqzNyA.exe
  C:\Windows\System\pOqzNyA.exe
  2⤵
  PID:5328
- C:\Windows\System\vYZbPkz.exe
  C:\Windows\System\vYZbPkz.exe
  2⤵
  PID:5348
- C:\Windows\System\sBCSfby.exe
  C:\Windows\System\sBCSfby.exe
  2⤵
  PID:5364
- C:\Windows\System\HiEWRWV.exe
  C:\Windows\System\HiEWRWV.exe
  2⤵
  PID:5380
- C:\Windows\System\BgUxbXs.exe
  C:\Windows\System\BgUxbXs.exe
  2⤵
  PID:5404
- C:\Windows\System\pwlFehe.exe
  C:\Windows\System\pwlFehe.exe
  2⤵
  PID:5420
- C:\Windows\System\uJvzBbC.exe
  C:\Windows\System\uJvzBbC.exe
  2⤵
  PID:5436
- C:\Windows\System\uuWrhGV.exe
  C:\Windows\System\uuWrhGV.exe
  2⤵
  PID:5456
- C:\Windows\System\MKaLVbF.exe
  C:\Windows\System\MKaLVbF.exe
  2⤵
  PID:5472
- C:\Windows\System\IDqLmVi.exe
  C:\Windows\System\IDqLmVi.exe
  2⤵
  PID:5508
- C:\Windows\System\SLTvLdw.exe
  C:\Windows\System\SLTvLdw.exe
  2⤵
  PID:5524
- C:\Windows\System\ThSRQaR.exe
  C:\Windows\System\ThSRQaR.exe
  2⤵
  PID:5540
- C:\Windows\System\WjDoWqe.exe
  C:\Windows\System\WjDoWqe.exe
  2⤵
  PID:5560
- C:\Windows\System\wuUBeNy.exe
  C:\Windows\System\wuUBeNy.exe
  2⤵
  PID:5576
- C:\Windows\System\cCGjuNO.exe
  C:\Windows\System\cCGjuNO.exe
  2⤵
  PID:5600
- C:\Windows\System\LurcdFr.exe
  C:\Windows\System\LurcdFr.exe
  2⤵
  PID:5624
- C:\Windows\System\BDFrOWg.exe
  C:\Windows\System\BDFrOWg.exe
  2⤵
  PID:5644
- C:\Windows\System\oCXGebq.exe
  C:\Windows\System\oCXGebq.exe
  2⤵
  PID:5660
- C:\Windows\System\OphqdzH.exe
  C:\Windows\System\OphqdzH.exe
  2⤵
  PID:5676
- C:\Windows\System\vSkRInC.exe
  C:\Windows\System\vSkRInC.exe
  2⤵
  PID:5696
- C:\Windows\System\LVwViyT.exe
  C:\Windows\System\LVwViyT.exe
  2⤵
  PID:5716
- C:\Windows\System\udcKqJD.exe
  C:\Windows\System\udcKqJD.exe
  2⤵
  PID:5732
- C:\Windows\System\pPusnAG.exe
  C:\Windows\System\pPusnAG.exe
  2⤵
  PID:5752
- C:\Windows\System\JIUtziV.exe
  C:\Windows\System\JIUtziV.exe
  2⤵
  PID:5772
- C:\Windows\System\WwjiLeZ.exe
  C:\Windows\System\WwjiLeZ.exe
  2⤵
  PID:5792
- C:\Windows\System\wwEqVxs.exe
  C:\Windows\System\wwEqVxs.exe
  2⤵
  PID:5808
- C:\Windows\System\nLSKWEX.exe
  C:\Windows\System\nLSKWEX.exe
  2⤵
  PID:5824
- C:\Windows\System\tbbcFjd.exe
  C:\Windows\System\tbbcFjd.exe
  2⤵
  PID:5840
- C:\Windows\System\OnjbckJ.exe
  C:\Windows\System\OnjbckJ.exe
  2⤵
  PID:5884
- C:\Windows\System\dHHFlTR.exe
  C:\Windows\System\dHHFlTR.exe
  2⤵
  PID:5908
- C:\Windows\System\XxMGjwt.exe
  C:\Windows\System\XxMGjwt.exe
  2⤵
  PID:5924
- C:\Windows\System\JWeGfvK.exe
  C:\Windows\System\JWeGfvK.exe
  2⤵
  PID:5948
- C:\Windows\System\xlqqohf.exe
  C:\Windows\System\xlqqohf.exe
  2⤵
  PID:5964
- C:\Windows\System\ndQJsOr.exe
  C:\Windows\System\ndQJsOr.exe
  2⤵
  PID:5980
- C:\Windows\System\GxSTvfQ.exe
  C:\Windows\System\GxSTvfQ.exe
  2⤵
  PID:6000
- C:\Windows\System\amJZnyR.exe
  C:\Windows\System\amJZnyR.exe
  2⤵
  PID:6016
- C:\Windows\System\JMfQvyk.exe
  C:\Windows\System\JMfQvyk.exe
  2⤵
  PID:6032
- C:\Windows\System\OgtPLJH.exe
  C:\Windows\System\OgtPLJH.exe
  2⤵
  PID:6048
- C:\Windows\System\hCXyNhE.exe
  C:\Windows\System\hCXyNhE.exe
  2⤵
  PID:6076
- C:\Windows\System\EWolZYS.exe
  C:\Windows\System\EWolZYS.exe
  2⤵
  PID:6096
- C:\Windows\System\ciHvIYT.exe
  C:\Windows\System\ciHvIYT.exe
  2⤵
  PID:6112
- C:\Windows\System\TIKTthE.exe
  C:\Windows\System\TIKTthE.exe
  2⤵
  PID:5128
- C:\Windows\System\qSoggIv.exe
  C:\Windows\System\qSoggIv.exe
  2⤵
  PID:5172
- C:\Windows\System\MBblWmH.exe
  C:\Windows\System\MBblWmH.exe
  2⤵
  PID:4972
- C:\Windows\System\VubgWKn.exe
  C:\Windows\System\VubgWKn.exe
  2⤵
  PID:5236
- C:\Windows\System\NDhscjm.exe
  C:\Windows\System\NDhscjm.exe
  2⤵
  PID:5224
- C:\Windows\System\LyOABfP.exe
  C:\Windows\System\LyOABfP.exe
  2⤵
  PID:5256
- C:\Windows\System\HHVAqDQ.exe
  C:\Windows\System\HHVAqDQ.exe
  2⤵
  PID:5280
- C:\Windows\System\TxDzsKN.exe
  C:\Windows\System\TxDzsKN.exe
  2⤵
  PID:5300
- C:\Windows\System\BmaHCwK.exe
  C:\Windows\System\BmaHCwK.exe
  2⤵
  PID:5336
- C:\Windows\System\kdNvlFN.exe
  C:\Windows\System\kdNvlFN.exe
  2⤵
  PID:5356
- C:\Windows\System\ATPEJNI.exe
  C:\Windows\System\ATPEJNI.exe
  2⤵
  PID:5416
- C:\Windows\System\SJuqYhy.exe
  C:\Windows\System\SJuqYhy.exe
  2⤵
  PID:5400
- C:\Windows\System\GVvqACc.exe
  C:\Windows\System\GVvqACc.exe
  2⤵
  PID:5452
- C:\Windows\System\bmiWxZg.exe
  C:\Windows\System\bmiWxZg.exe
  2⤵
  PID:5516
- C:\Windows\System\kQCDqad.exe
  C:\Windows\System\kQCDqad.exe
  2⤵
  PID:5556
- C:\Windows\System\CbKkskD.exe
  C:\Windows\System\CbKkskD.exe
  2⤵
  PID:5572
- C:\Windows\System\MAMpHGp.exe
  C:\Windows\System\MAMpHGp.exe
  2⤵
  PID:5620
- C:\Windows\System\eGFLFEc.exe
  C:\Windows\System\eGFLFEc.exe
  2⤵
  PID:5684
- C:\Windows\System\BMseQFO.exe
  C:\Windows\System\BMseQFO.exe
  2⤵
  PID:5728
- C:\Windows\System\SovcWnK.exe
  C:\Windows\System\SovcWnK.exe
  2⤵
  PID:5768
- C:\Windows\System\hvUodJp.exe
  C:\Windows\System\hvUodJp.exe
  2⤵
  PID:5804
- C:\Windows\System\iRFkQiZ.exe
  C:\Windows\System\iRFkQiZ.exe
  2⤵
  PID:5640
- C:\Windows\System\upwDXUn.exe
  C:\Windows\System\upwDXUn.exe
  2⤵
  PID:5748
- C:\Windows\System\wrwJbPL.exe
  C:\Windows\System\wrwJbPL.exe
  2⤵
  PID:5816
- C:\Windows\System\PnJpiwl.exe
  C:\Windows\System\PnJpiwl.exe
  2⤵
  PID:5860
- C:\Windows\System\djenZBR.exe
  C:\Windows\System\djenZBR.exe
  2⤵
  PID:5876
- C:\Windows\System\HrlGTZD.exe
  C:\Windows\System\HrlGTZD.exe
  2⤵
  PID:5920
- C:\Windows\System\lIGRtzT.exe
  C:\Windows\System\lIGRtzT.exe
  2⤵
  PID:5956
- C:\Windows\System\hSMrTlM.exe
  C:\Windows\System\hSMrTlM.exe
  2⤵
  PID:6040
- C:\Windows\System\lVSKhzh.exe
  C:\Windows\System\lVSKhzh.exe
  2⤵
  PID:5996
- C:\Windows\System\kdlaDUp.exe
  C:\Windows\System\kdlaDUp.exe
  2⤵
  PID:6060
- C:\Windows\System\wazYhFH.exe
  C:\Windows\System\wazYhFH.exe
  2⤵
  PID:5988
- C:\Windows\System\xxeKfoR.exe
  C:\Windows\System\xxeKfoR.exe
  2⤵
  PID:5148
- C:\Windows\System\XgAcDTE.exe
  C:\Windows\System\XgAcDTE.exe
  2⤵
  PID:5216
- C:\Windows\System\eRyMtkr.exe
  C:\Windows\System\eRyMtkr.exe
  2⤵
  PID:5376
- C:\Windows\System\UFbcAFc.exe
  C:\Windows\System\UFbcAFc.exe
  2⤵
  PID:5444
- C:\Windows\System\JzjmiyD.exe
  C:\Windows\System\JzjmiyD.exe
  2⤵
  PID:5156
- C:\Windows\System\wYpFutK.exe
  C:\Windows\System\wYpFutK.exe
  2⤵
  PID:5304
- C:\Windows\System\cjCSgqn.exe
  C:\Windows\System\cjCSgqn.exe
  2⤵
  PID:5252
- C:\Windows\System\epVesul.exe
  C:\Windows\System\epVesul.exe
  2⤵
  PID:5464
- C:\Windows\System\ulRAOMk.exe
  C:\Windows\System\ulRAOMk.exe
  2⤵
  PID:5536
- C:\Windows\System\XuDMwqE.exe
  C:\Windows\System\XuDMwqE.exe
  2⤵
  PID:5552
- C:\Windows\System\HPLpSXv.exe
  C:\Windows\System\HPLpSXv.exe
  2⤵
  PID:5800
- C:\Windows\System\VSpZPEq.exe
  C:\Windows\System\VSpZPEq.exe
  2⤵
  PID:5852
- C:\Windows\System\qlIWbCq.exe
  C:\Windows\System\qlIWbCq.exe
  2⤵
  PID:5868
- C:\Windows\System\xwQglDc.exe
  C:\Windows\System\xwQglDc.exe
  2⤵
  PID:5784
- C:\Windows\System\TRZGWZT.exe
  C:\Windows\System\TRZGWZT.exe
  2⤵
  PID:5708
- C:\Windows\System\wSIhJsT.exe
  C:\Windows\System\wSIhJsT.exe
  2⤵
  PID:5940
- C:\Windows\System\zdcVJio.exe
  C:\Windows\System\zdcVJio.exe
  2⤵
  PID:5976
- C:\Windows\System\olYMbCR.exe
  C:\Windows\System\olYMbCR.exe
  2⤵
  PID:5992
- C:\Windows\System\UuUyVnz.exe
  C:\Windows\System\UuUyVnz.exe
  2⤵
  PID:6136
- C:\Windows\System\cDEsGLk.exe
  C:\Windows\System\cDEsGLk.exe
  2⤵
  PID:6120
- C:\Windows\System\eAvRmtw.exe
  C:\Windows\System\eAvRmtw.exe
  2⤵
  PID:4192
- C:\Windows\System\wbpMoCq.exe
  C:\Windows\System\wbpMoCq.exe
  2⤵
  PID:5488
- C:\Windows\System\akiVLPn.exe
  C:\Windows\System\akiVLPn.exe
  2⤵
  PID:5200
- C:\Windows\System\dRggCzp.exe
  C:\Windows\System\dRggCzp.exe
  2⤵
  PID:5428
- C:\Windows\System\IcvEFfy.exe
  C:\Windows\System\IcvEFfy.exe
  2⤵
  PID:5532
- C:\Windows\System\ORsKVpZ.exe
  C:\Windows\System\ORsKVpZ.exe
  2⤵
  PID:5704
- C:\Windows\System\gRLXdut.exe
  C:\Windows\System\gRLXdut.exe
  2⤵
  PID:5764
- C:\Windows\System\cPfKZJi.exe
  C:\Windows\System\cPfKZJi.exe
  2⤵
  PID:5788
- C:\Windows\System\DZngldk.exe
  C:\Windows\System\DZngldk.exe
  2⤵
  PID:5596
- C:\Windows\System\kBtZDde.exe
  C:\Windows\System\kBtZDde.exe
  2⤵
  PID:5944
- C:\Windows\System\Zgdevxw.exe
  C:\Windows\System\Zgdevxw.exe
  2⤵
  PID:6124
- C:\Windows\System\eHRqXAu.exe
  C:\Windows\System\eHRqXAu.exe
  2⤵
  PID:5688
- C:\Windows\System\ngsYvUG.exe
  C:\Windows\System\ngsYvUG.exe
  2⤵
  PID:5744
- C:\Windows\System\BnZRbfE.exe
  C:\Windows\System\BnZRbfE.exe
  2⤵
  PID:5468
- C:\Windows\System\QBibYdg.exe
  C:\Windows\System\QBibYdg.exe
  2⤵
  PID:5372
- C:\Windows\System\VwzxyeB.exe
  C:\Windows\System\VwzxyeB.exe
  2⤵
  PID:6104
- C:\Windows\System\kFkGXhd.exe
  C:\Windows\System\kFkGXhd.exe
  2⤵
  PID:6028
- C:\Windows\System\KSazptc.exe
  C:\Windows\System\KSazptc.exe
  2⤵
  PID:5848
- C:\Windows\System\tosrwth.exe
  C:\Windows\System\tosrwth.exe
  2⤵
  PID:6152
- C:\Windows\System\sanSkDK.exe
  C:\Windows\System\sanSkDK.exe
  2⤵
  PID:6200
- C:\Windows\System\ccgZVqx.exe
  C:\Windows\System\ccgZVqx.exe
  2⤵
  PID:6216
- C:\Windows\System\tzVsYDp.exe
  C:\Windows\System\tzVsYDp.exe
  2⤵
  PID:6236
- C:\Windows\System\JFTVfLe.exe
  C:\Windows\System\JFTVfLe.exe
  2⤵
  PID:6252
- C:\Windows\System\QEdhVXk.exe
  C:\Windows\System\QEdhVXk.exe
  2⤵
  PID:6276
- C:\Windows\System\OxCSOre.exe
  C:\Windows\System\OxCSOre.exe
  2⤵
  PID:6292
- C:\Windows\System\DdaCtsh.exe
  C:\Windows\System\DdaCtsh.exe
  2⤵
  PID:6308
- C:\Windows\System\CkVypDi.exe
  C:\Windows\System\CkVypDi.exe
  2⤵
  PID:6324
- C:\Windows\System\eiXkWgL.exe
  C:\Windows\System\eiXkWgL.exe
  2⤵
  PID:6340
- C:\Windows\System\WAeGEfM.exe
  C:\Windows\System\WAeGEfM.exe
  2⤵
  PID:6356
- C:\Windows\System\VwbpYDm.exe
  C:\Windows\System\VwbpYDm.exe
  2⤵
  PID:6372
- C:\Windows\System\smzjZUJ.exe
  C:\Windows\System\smzjZUJ.exe
  2⤵
  PID:6388
- C:\Windows\System\pnTSHrd.exe
  C:\Windows\System\pnTSHrd.exe
  2⤵
  PID:6404
- C:\Windows\System\IRJSsFq.exe
  C:\Windows\System\IRJSsFq.exe
  2⤵
  PID:6452
- C:\Windows\System\lkeDAWk.exe
  C:\Windows\System\lkeDAWk.exe
  2⤵
  PID:6480
- C:\Windows\System\EzgLVtp.exe
  C:\Windows\System\EzgLVtp.exe
  2⤵
  PID:6496
- C:\Windows\System\ZngOGAV.exe
  C:\Windows\System\ZngOGAV.exe
  2⤵
  PID:6512
- C:\Windows\System\CnTRpat.exe
  C:\Windows\System\CnTRpat.exe
  2⤵
  PID:6528
- C:\Windows\System\wWNEIml.exe
  C:\Windows\System\wWNEIml.exe
  2⤵
  PID:6548
- C:\Windows\System\zHcBAXm.exe
  C:\Windows\System\zHcBAXm.exe
  2⤵
  PID:6568
- C:\Windows\System\YxvzjxH.exe
  C:\Windows\System\YxvzjxH.exe
  2⤵
  PID:6584
- C:\Windows\System\Gupbzpt.exe
  C:\Windows\System\Gupbzpt.exe
  2⤵
  PID:6604
- C:\Windows\System\JHjZILr.exe
  C:\Windows\System\JHjZILr.exe
  2⤵
  PID:6624
- C:\Windows\System\opkWOgG.exe
  C:\Windows\System\opkWOgG.exe
  2⤵
  PID:6640
- C:\Windows\System\ZpOMjKk.exe
  C:\Windows\System\ZpOMjKk.exe
  2⤵
  PID:6656
- C:\Windows\System\UvyOJxf.exe
  C:\Windows\System\UvyOJxf.exe
  2⤵
  PID:6672
- C:\Windows\System\TgtVFDe.exe
  C:\Windows\System\TgtVFDe.exe
  2⤵
  PID:6716
- C:\Windows\System\rAQKIrM.exe
  C:\Windows\System\rAQKIrM.exe
  2⤵
  PID:6732
- C:\Windows\System\APPBTyj.exe
  C:\Windows\System\APPBTyj.exe
  2⤵
  PID:6748
- C:\Windows\System\HKatYys.exe
  C:\Windows\System\HKatYys.exe
  2⤵
  PID:6776
- C:\Windows\System\uMGKVUV.exe
  C:\Windows\System\uMGKVUV.exe
  2⤵
  PID:6796
- C:\Windows\System\sQxRVoV.exe
  C:\Windows\System\sQxRVoV.exe
  2⤵
  PID:6812
- C:\Windows\System\YhsfWjy.exe
  C:\Windows\System\YhsfWjy.exe
  2⤵
  PID:6828
- C:\Windows\System\SLuCUHr.exe
  C:\Windows\System\SLuCUHr.exe
  2⤵
  PID:6848
- C:\Windows\System\PaYcIwP.exe
  C:\Windows\System\PaYcIwP.exe
  2⤵
  PID:6868
- C:\Windows\System\rGzYvUP.exe
  C:\Windows\System\rGzYvUP.exe
  2⤵
  PID:6900
- C:\Windows\System\fuWzABv.exe
  C:\Windows\System\fuWzABv.exe
  2⤵
  PID:6916
- C:\Windows\System\eshdmzQ.exe
  C:\Windows\System\eshdmzQ.exe
  2⤵
  PID:6936
- C:\Windows\System\SmXcxTp.exe
  C:\Windows\System\SmXcxTp.exe
  2⤵
  PID:6952
- C:\Windows\System\kHVghRj.exe
  C:\Windows\System\kHVghRj.exe
  2⤵
  PID:6968
- C:\Windows\System\zOuXeJg.exe
  C:\Windows\System\zOuXeJg.exe
  2⤵
  PID:6996
- C:\Windows\System\lrUZLKm.exe
  C:\Windows\System\lrUZLKm.exe
  2⤵
  PID:7012
- C:\Windows\System\oyKfhyg.exe
  C:\Windows\System\oyKfhyg.exe
  2⤵
  PID:7032
- C:\Windows\System\jbGXIym.exe
  C:\Windows\System\jbGXIym.exe
  2⤵
  PID:7048
- C:\Windows\System\QWVnZLl.exe
  C:\Windows\System\QWVnZLl.exe
  2⤵
  PID:7064
- C:\Windows\System\bCIMdsa.exe
  C:\Windows\System\bCIMdsa.exe
  2⤵
  PID:7080
- C:\Windows\System\FbExoYL.exe
  C:\Windows\System\FbExoYL.exe
  2⤵
  PID:7100
- C:\Windows\System\dedJblb.exe
  C:\Windows\System\dedJblb.exe
  2⤵
  PID:7116
- C:\Windows\System\lQuwfAH.exe
  C:\Windows\System\lQuwfAH.exe
  2⤵
  PID:7132
- C:\Windows\System\AMpUuJn.exe
  C:\Windows\System\AMpUuJn.exe
  2⤵
  PID:7148
- C:\Windows\System\BxOVEpE.exe
  C:\Windows\System\BxOVEpE.exe
  2⤵
  PID:7164
- C:\Windows\System\ilfnwDx.exe
  C:\Windows\System\ilfnwDx.exe
  2⤵
  PID:5724
- C:\Windows\System\ulhGPmt.exe
  C:\Windows\System\ulhGPmt.exe
  2⤵
  PID:5632
- C:\Windows\System\cQrYHpm.exe
  C:\Windows\System\cQrYHpm.exe
  2⤵
  PID:5296
- C:\Windows\System\YyAnLFY.exe
  C:\Windows\System\YyAnLFY.exe
  2⤵
  PID:6140
- C:\Windows\System\AJWoaAE.exe
  C:\Windows\System\AJWoaAE.exe
  2⤵
  PID:6180
- C:\Windows\System\dzNjMER.exe
  C:\Windows\System\dzNjMER.exe
  2⤵
  PID:6164
- C:\Windows\System\KcSTpUf.exe
  C:\Windows\System\KcSTpUf.exe
  2⤵
  PID:6284
- C:\Windows\System\qbuADAG.exe
  C:\Windows\System\qbuADAG.exe
  2⤵
  PID:6348
- C:\Windows\System\lSPlgvy.exe
  C:\Windows\System\lSPlgvy.exe
  2⤵
  PID:6420
- C:\Windows\System\nPXPfUJ.exe
  C:\Windows\System\nPXPfUJ.exe
  2⤵
  PID:6436
- C:\Windows\System\kZlTdws.exe
  C:\Windows\System\kZlTdws.exe
  2⤵
  PID:6300
- C:\Windows\System\iDwOrTx.exe
  C:\Windows\System\iDwOrTx.exe
  2⤵
  PID:6396
- C:\Windows\System\CVLmbkP.exe
  C:\Windows\System\CVLmbkP.exe
  2⤵
  PID:6472
- C:\Windows\System\mBIfuHe.exe
  C:\Windows\System\mBIfuHe.exe
  2⤵
  PID:6492
- C:\Windows\System\GLlcBrR.exe
  C:\Windows\System\GLlcBrR.exe
  2⤵
  PID:6592
- C:\Windows\System\ByZaofK.exe
  C:\Windows\System\ByZaofK.exe
  2⤵
  PID:6636
- C:\Windows\System\wdMNLxA.exe
  C:\Windows\System\wdMNLxA.exe
  2⤵
  PID:6508
- C:\Windows\System\hCEujKj.exe
  C:\Windows\System\hCEujKj.exe
  2⤵
  PID:6620
- C:\Windows\System\KDWNXkA.exe
  C:\Windows\System\KDWNXkA.exe
  2⤵
  PID:6756
- C:\Windows\System\oHwBWLS.exe
  C:\Windows\System\oHwBWLS.exe
  2⤵
  PID:6688
- C:\Windows\System\aLzHhvl.exe
  C:\Windows\System\aLzHhvl.exe
  2⤵
  PID:6764
- C:\Windows\System\TYegWAi.exe
  C:\Windows\System\TYegWAi.exe
  2⤵
  PID:6808
- C:\Windows\System\PMMVpGJ.exe
  C:\Windows\System\PMMVpGJ.exe
  2⤵
  PID:6860
- C:\Windows\System\uJtFQbS.exe
  C:\Windows\System\uJtFQbS.exe
  2⤵
  PID:6864
- C:\Windows\System\wWQshgT.exe
  C:\Windows\System\wWQshgT.exe
  2⤵
  PID:6880
- C:\Windows\System\nmEtUNP.exe
  C:\Windows\System\nmEtUNP.exe
  2⤵
  PID:6896
- C:\Windows\System\oQLnDiK.exe
  C:\Windows\System\oQLnDiK.exe
  2⤵
  PID:6928
- C:\Windows\System\dZSGXir.exe
  C:\Windows\System\dZSGXir.exe
  2⤵
  PID:6960
- C:\Windows\System\ZRHgkIF.exe
  C:\Windows\System\ZRHgkIF.exe
  2⤵
  PID:7140
- C:\Windows\System\ykWuESO.exe
  C:\Windows\System\ykWuESO.exe
  2⤵
  PID:6012
- C:\Windows\System\zbSFJmH.exe
  C:\Windows\System\zbSFJmH.exe
  2⤵
  PID:5188
- C:\Windows\System\GohODhH.exe
  C:\Windows\System\GohODhH.exe
  2⤵
  PID:6992
- C:\Windows\System\PkMTbtE.exe
  C:\Windows\System\PkMTbtE.exe
  2⤵
  PID:6988
- C:\Windows\System\BlHNiBV.exe
  C:\Windows\System\BlHNiBV.exe
  2⤵
  PID:7096
- C:\Windows\System\UwMvFha.exe
  C:\Windows\System\UwMvFha.exe
  2⤵
  PID:7060
- C:\Windows\System\VPFitYl.exe
  C:\Windows\System\VPFitYl.exe
  2⤵
  PID:7128
- C:\Windows\System\OtKuJCN.exe
  C:\Windows\System\OtKuJCN.exe
  2⤵
  PID:5656
- C:\Windows\System\amGLgQJ.exe
  C:\Windows\System\amGLgQJ.exe
  2⤵
  PID:6108
- C:\Windows\System\OhNzgxq.exe
  C:\Windows\System\OhNzgxq.exe
  2⤵
  PID:6196
- C:\Windows\System\addYvOV.exe
  C:\Windows\System\addYvOV.exe
  2⤵
  PID:6444
- C:\Windows\System\oFfUVSR.exe
  C:\Windows\System\oFfUVSR.exe
  2⤵
  PID:6416
- C:\Windows\System\kSiEyJk.exe
  C:\Windows\System\kSiEyJk.exe
  2⤵
  PID:6336
- C:\Windows\System\pncohOk.exe
  C:\Windows\System\pncohOk.exe
  2⤵
  PID:6524
- C:\Windows\System\gfVrucL.exe
  C:\Windows\System\gfVrucL.exe
  2⤵
  PID:6668
- C:\Windows\System\qJPZutk.exe
  C:\Windows\System\qJPZutk.exe
  2⤵
  PID:6488
- C:\Windows\System\aLcQGwj.exe
  C:\Windows\System\aLcQGwj.exe
  2⤵
  PID:6544
- C:\Windows\System\BOcWChI.exe
  C:\Windows\System\BOcWChI.exe
  2⤵
  PID:6648
- C:\Windows\System\iqyhMXH.exe
  C:\Windows\System\iqyhMXH.exe
  2⤵
  PID:6744
- C:\Windows\System\ULxqXsr.exe
  C:\Windows\System\ULxqXsr.exe
  2⤵
  PID:6840
- C:\Windows\System\LTOyKTJ.exe
  C:\Windows\System\LTOyKTJ.exe
  2⤵
  PID:6876
- C:\Windows\System\zNkEsgy.exe
  C:\Windows\System\zNkEsgy.exe
  2⤵
  PID:7008
- C:\Windows\System\DDnmcKe.exe
  C:\Windows\System\DDnmcKe.exe
  2⤵
  PID:7040
- C:\Windows\System\bBlXmoc.exe
  C:\Windows\System\bBlXmoc.exe
  2⤵
  PID:7108
- C:\Windows\System\aQGwufY.exe
  C:\Windows\System\aQGwufY.exe
  2⤵
  PID:6948
- C:\Windows\System\ZNMKYQp.exe
  C:\Windows\System\ZNMKYQp.exe
  2⤵
  PID:6932
- C:\Windows\System\uEDrrYg.exe
  C:\Windows\System\uEDrrYg.exe
  2⤵
  PID:6212
- C:\Windows\System\jfyPZCo.exe
  C:\Windows\System\jfyPZCo.exe
  2⤵
  PID:7156
- C:\Windows\System\TJFyQmf.exe
  C:\Windows\System\TJFyQmf.exe
  2⤵
  PID:5904
- C:\Windows\System\xfrXGKo.exe
  C:\Windows\System\xfrXGKo.exe
  2⤵
  PID:6316
- C:\Windows\System\gNIpKSs.exe
  C:\Windows\System\gNIpKSs.exe
  2⤵
  PID:6224
- C:\Windows\System\PsNTgiv.exe
  C:\Windows\System\PsNTgiv.exe
  2⤵
  PID:5668
- C:\Windows\System\yNGsLqo.exe
  C:\Windows\System\yNGsLqo.exe
  2⤵
  PID:7088
- C:\Windows\System\TMQJsWJ.exe
  C:\Windows\System\TMQJsWJ.exe
  2⤵
  PID:6432
- C:\Windows\System\yyPWwzZ.exe
  C:\Windows\System\yyPWwzZ.exe
  2⤵
  PID:6708
- C:\Windows\System\toIbLDJ.exe
  C:\Windows\System\toIbLDJ.exe
  2⤵
  PID:6476
- C:\Windows\System\vEwYCed.exe
  C:\Windows\System\vEwYCed.exe
  2⤵
  PID:6856
- C:\Windows\System\uZsoKdS.exe
  C:\Windows\System\uZsoKdS.exe
  2⤵
  PID:6268
- C:\Windows\System\gxhIiCe.exe
  C:\Windows\System\gxhIiCe.exe
  2⤵
  PID:6580
- C:\Windows\System\uvqoKVS.exe
  C:\Windows\System\uvqoKVS.exe
  2⤵
  PID:6924
- C:\Windows\System\BtigJEs.exe
  C:\Windows\System\BtigJEs.exe
  2⤵
  PID:5916
- C:\Windows\System\XMjWMDw.exe
  C:\Windows\System\XMjWMDw.exe
  2⤵
  PID:6188
- C:\Windows\System\qsqPYgm.exe
  C:\Windows\System\qsqPYgm.exe
  2⤵
  PID:6976
- C:\Windows\System\OWtSnWD.exe
  C:\Windows\System\OWtSnWD.exe
  2⤵
  PID:6740
- C:\Windows\System\HteOAsb.exe
  C:\Windows\System\HteOAsb.exe
  2⤵
  PID:6680
- C:\Windows\System\ZsXsBii.exe
  C:\Windows\System\ZsXsBii.exe
  2⤵
  PID:7024
- C:\Windows\System\uXAgoxZ.exe
  C:\Windows\System\uXAgoxZ.exe
  2⤵
  PID:7044
- C:\Windows\System\CeNbqus.exe
  C:\Windows\System\CeNbqus.exe
  2⤵
  PID:6612
- C:\Windows\System\cbzfMgX.exe
  C:\Windows\System\cbzfMgX.exe
  2⤵
  PID:6892
- C:\Windows\System\qeGtZNn.exe
  C:\Windows\System\qeGtZNn.exe
  2⤵
  PID:6632
- C:\Windows\System\fMkpBOh.exe
  C:\Windows\System\fMkpBOh.exe
  2⤵
  PID:6792
- C:\Windows\System\LAyhKkG.exe
  C:\Windows\System\LAyhKkG.exe
  2⤵
  PID:6192
- C:\Windows\System\ABKfZEg.exe
  C:\Windows\System\ABKfZEg.exe
  2⤵
  PID:6564
- C:\Windows\System\UDYrOqq.exe
  C:\Windows\System\UDYrOqq.exe
  2⤵
  PID:7184
- C:\Windows\System\CKwLjfn.exe
  C:\Windows\System\CKwLjfn.exe
  2⤵
  PID:7208
- C:\Windows\System\MPdYuFh.exe
  C:\Windows\System\MPdYuFh.exe
  2⤵
  PID:7236
- C:\Windows\System\pLHiBoc.exe
  C:\Windows\System\pLHiBoc.exe
  2⤵
  PID:7256
- C:\Windows\System\jIphIfn.exe
  C:\Windows\System\jIphIfn.exe
  2⤵
  PID:7272
- C:\Windows\System\tbeJJmz.exe
  C:\Windows\System\tbeJJmz.exe
  2⤵
  PID:7288
- C:\Windows\System\YNXjLoZ.exe
  C:\Windows\System\YNXjLoZ.exe
  2⤵
  PID:7304
- C:\Windows\System\PWAqZAq.exe
  C:\Windows\System\PWAqZAq.exe
  2⤵
  PID:7320
- C:\Windows\System\gGTvEWK.exe
  C:\Windows\System\gGTvEWK.exe
  2⤵
  PID:7340
- C:\Windows\System\dMXPlqB.exe
  C:\Windows\System\dMXPlqB.exe
  2⤵
  PID:7360
- C:\Windows\System\IPWGoBm.exe
  C:\Windows\System\IPWGoBm.exe
  2⤵
  PID:7376
- C:\Windows\System\HEdNFss.exe
  C:\Windows\System\HEdNFss.exe
  2⤵
  PID:7400
- C:\Windows\System\fLPzBwK.exe
  C:\Windows\System\fLPzBwK.exe
  2⤵
  PID:7444
- C:\Windows\System\vjMCviS.exe
  C:\Windows\System\vjMCviS.exe
  2⤵
  PID:7460
- C:\Windows\System\wkiYYAh.exe
  C:\Windows\System\wkiYYAh.exe
  2⤵
  PID:7480
- C:\Windows\System\tKolZcp.exe
  C:\Windows\System\tKolZcp.exe
  2⤵
  PID:7496
- C:\Windows\System\mgkeeZn.exe
  C:\Windows\System\mgkeeZn.exe
  2⤵
  PID:7516
- C:\Windows\System\iFxPpIP.exe
  C:\Windows\System\iFxPpIP.exe
  2⤵
  PID:7532
- C:\Windows\System\bVYEAqm.exe
  C:\Windows\System\bVYEAqm.exe
  2⤵
  PID:7568
- C:\Windows\System\QIomveq.exe
  C:\Windows\System\QIomveq.exe
  2⤵
  PID:7588
- C:\Windows\System\qbYlzCC.exe
  C:\Windows\System\qbYlzCC.exe
  2⤵
  PID:7608
- C:\Windows\System\bOdIVyO.exe
  C:\Windows\System\bOdIVyO.exe
  2⤵
  PID:7628
- C:\Windows\System\hncsxda.exe
  C:\Windows\System\hncsxda.exe
  2⤵
  PID:7644
- C:\Windows\System\mctbWej.exe
  C:\Windows\System\mctbWej.exe
  2⤵
  PID:7676
- C:\Windows\System\fLHeZbE.exe
  C:\Windows\System\fLHeZbE.exe
  2⤵
  PID:7692
- C:\Windows\System\qUNuHYJ.exe
  C:\Windows\System\qUNuHYJ.exe
  2⤵
  PID:7712
- C:\Windows\System\HSFrjcR.exe
  C:\Windows\System\HSFrjcR.exe
  2⤵
  PID:7736
- C:\Windows\System\xAFsQIH.exe
  C:\Windows\System\xAFsQIH.exe
  2⤵
  PID:7756
- C:\Windows\System\itIHAgD.exe
  C:\Windows\System\itIHAgD.exe
  2⤵
  PID:7772
- C:\Windows\System\PTXXpEt.exe
  C:\Windows\System\PTXXpEt.exe
  2⤵
  PID:7788
- C:\Windows\System\dHgDhZW.exe
  C:\Windows\System\dHgDhZW.exe
  2⤵
  PID:7824
- C:\Windows\System\JQnKMAl.exe
  C:\Windows\System\JQnKMAl.exe
  2⤵
  PID:7840
- C:\Windows\System\QMpNlRU.exe
  C:\Windows\System\QMpNlRU.exe
  2⤵
  PID:7856
- C:\Windows\System\JqqEexi.exe
  C:\Windows\System\JqqEexi.exe
  2⤵
  PID:7872
- C:\Windows\System\FrhLzxf.exe
  C:\Windows\System\FrhLzxf.exe
  2⤵
  PID:7892
- C:\Windows\System\aIkkUNJ.exe
  C:\Windows\System\aIkkUNJ.exe
  2⤵
  PID:7916
- C:\Windows\System\YTrVTQj.exe
  C:\Windows\System\YTrVTQj.exe
  2⤵
  PID:7936
- C:\Windows\System\jKIEOUj.exe
  C:\Windows\System\jKIEOUj.exe
  2⤵
  PID:7952
- C:\Windows\System\YMfGpqK.exe
  C:\Windows\System\YMfGpqK.exe
  2⤵
  PID:7972
- C:\Windows\System\ltBPQnP.exe
  C:\Windows\System\ltBPQnP.exe
  2⤵
  PID:7992
- C:\Windows\System\wyMhbBS.exe
  C:\Windows\System\wyMhbBS.exe
  2⤵
  PID:8008
- C:\Windows\System\uhmAroM.exe
  C:\Windows\System\uhmAroM.exe
  2⤵
  PID:8036
- C:\Windows\System\DaQtKga.exe
  C:\Windows\System\DaQtKga.exe
  2⤵
  PID:8064
- C:\Windows\System\YnoCBwd.exe
  C:\Windows\System\YnoCBwd.exe
  2⤵
  PID:8080
- C:\Windows\System\UktrrOp.exe
  C:\Windows\System\UktrrOp.exe
  2⤵
  PID:8100
- C:\Windows\System\auIhIXn.exe
  C:\Windows\System\auIhIXn.exe
  2⤵
  PID:8116
- C:\Windows\System\tpLyIUR.exe
  C:\Windows\System\tpLyIUR.exe
  2⤵
  PID:8132
- C:\Windows\System\WLGemjE.exe
  C:\Windows\System\WLGemjE.exe
  2⤵
  PID:8148
- C:\Windows\System\NJrydCr.exe
  C:\Windows\System\NJrydCr.exe
  2⤵
  PID:8172
- C:\Windows\System\lTQwfeD.exe
  C:\Windows\System\lTQwfeD.exe
  2⤵
  PID:7176
- C:\Windows\System\bBdcqBx.exe
  C:\Windows\System\bBdcqBx.exe
  2⤵
  PID:7228
- C:\Windows\System\lRFYrwK.exe
  C:\Windows\System\lRFYrwK.exe
  2⤵
  PID:7268
- C:\Windows\System\rsIjkjY.exe
  C:\Windows\System\rsIjkjY.exe
  2⤵
  PID:7332
- C:\Windows\System\VNKLMRE.exe
  C:\Windows\System\VNKLMRE.exe
  2⤵
  PID:7384
- C:\Windows\System\gQJiFFQ.exe
  C:\Windows\System\gQJiFFQ.exe
  2⤵
  PID:7280
- C:\Windows\System\vMpqCzu.exe
  C:\Windows\System\vMpqCzu.exe
  2⤵
  PID:7352
- C:\Windows\System\yonrghr.exe
  C:\Windows\System\yonrghr.exe
  2⤵
  PID:7396
- C:\Windows\System\bNxdDLh.exe
  C:\Windows\System\bNxdDLh.exe
  2⤵
  PID:7420
- C:\Windows\System\sPbFaam.exe
  C:\Windows\System\sPbFaam.exe
  2⤵
  PID:7476
- C:\Windows\System\vCvrkBj.exe
  C:\Windows\System\vCvrkBj.exe
  2⤵
  PID:7544
- C:\Windows\System\FtHiKiO.exe
  C:\Windows\System\FtHiKiO.exe
  2⤵
  PID:7560
- C:\Windows\System\bHqFCfO.exe
  C:\Windows\System\bHqFCfO.exe
  2⤵
  PID:7488
- C:\Windows\System\nwPPMzE.exe
  C:\Windows\System\nwPPMzE.exe
  2⤵
  PID:7596
- C:\Windows\System\WIkWUAH.exe
  C:\Windows\System\WIkWUAH.exe
  2⤵
  PID:7584
- C:\Windows\System\NVroMXD.exe
  C:\Windows\System\NVroMXD.exe
  2⤵
  PID:7652
- C:\Windows\System\gkVIeOD.exe
  C:\Windows\System\gkVIeOD.exe
  2⤵
  PID:7732
- C:\Windows\System\tfqfjRD.exe
  C:\Windows\System\tfqfjRD.exe
  2⤵
  PID:7768
- C:\Windows\System\fwFsuQS.exe
  C:\Windows\System\fwFsuQS.exe
  2⤵
  PID:7808
- C:\Windows\System\SgmWueP.exe
  C:\Windows\System\SgmWueP.exe
  2⤵
  PID:7812
- C:\Windows\System\IhHzaIy.exe
  C:\Windows\System\IhHzaIy.exe
  2⤵
  PID:7820
- C:\Windows\System\aVzOlUP.exe
  C:\Windows\System\aVzOlUP.exe
  2⤵
  PID:7880
- C:\Windows\System\Wusrrub.exe
  C:\Windows\System\Wusrrub.exe
  2⤵
  PID:7836
- C:\Windows\System\dmEPrjF.exe
  C:\Windows\System\dmEPrjF.exe
  2⤵
  PID:7960
- C:\Windows\System\WpJQlyT.exe
  C:\Windows\System\WpJQlyT.exe
  2⤵
  PID:8004
- C:\Windows\System\qFRVURC.exe
  C:\Windows\System\qFRVURC.exe
  2⤵
  PID:7912
- C:\Windows\System\JetsFeV.exe
  C:\Windows\System\JetsFeV.exe
  2⤵
  PID:7980
- C:\Windows\System\WTZCagv.exe
  C:\Windows\System\WTZCagv.exe
  2⤵
  PID:8020
- C:\Windows\System\eFeDPlL.exe
  C:\Windows\System\eFeDPlL.exe
  2⤵
  PID:8088
- C:\Windows\System\OqyNYLf.exe
  C:\Windows\System\OqyNYLf.exe
  2⤵
  PID:8156
- C:\Windows\System\EzveZce.exe
  C:\Windows\System\EzveZce.exe
  2⤵
  PID:7216
- C:\Windows\System\lrekimP.exe
  C:\Windows\System\lrekimP.exe
  2⤵
  PID:8112
- C:\Windows\System\fOWzYQI.exe
  C:\Windows\System\fOWzYQI.exe
  2⤵
  PID:8184
- C:\Windows\System\PNOHRBI.exe
  C:\Windows\System\PNOHRBI.exe
  2⤵
  PID:7244
- C:\Windows\System\PJgPBAO.exe
  C:\Windows\System\PJgPBAO.exe
  2⤵
  PID:7196
- C:\Windows\System\pRvgHCt.exe
  C:\Windows\System\pRvgHCt.exe
  2⤵
  PID:7252
- C:\Windows\System\bOBBNVJ.exe
  C:\Windows\System\bOBBNVJ.exe
  2⤵
  PID:7428
- C:\Windows\System\bkzwEYz.exe
  C:\Windows\System\bkzwEYz.exe
  2⤵
  PID:7408
- C:\Windows\System\GHkwyiv.exe
  C:\Windows\System\GHkwyiv.exe
  2⤵
  PID:7524
- C:\Windows\System\XcgDfPb.exe
  C:\Windows\System\XcgDfPb.exe
  2⤵
  PID:7624
- C:\Windows\System\dXrJVxX.exe
  C:\Windows\System\dXrJVxX.exe
  2⤵
  PID:7764
- C:\Windows\System\qDvBVps.exe
  C:\Windows\System\qDvBVps.exe
  2⤵
  PID:7688
- C:\Windows\System\MOgXqNf.exe
  C:\Windows\System\MOgXqNf.exe
  2⤵
  PID:7800
- C:\Windows\System\GoBNQef.exe
  C:\Windows\System\GoBNQef.exe
  2⤵
  PID:7708
- C:\Windows\System\vUjSbYs.exe
  C:\Windows\System\vUjSbYs.exe
  2⤵
  PID:7868
- C:\Windows\System\jMBrmWu.exe
  C:\Windows\System\jMBrmWu.exe
  2⤵
  PID:7804
- C:\Windows\System\etKfsbz.exe
  C:\Windows\System\etKfsbz.exe
  2⤵
  PID:7968
- C:\Windows\System\Ldfikjx.exe
  C:\Windows\System\Ldfikjx.exe
  2⤵
  PID:8016
- C:\Windows\System\fKuhyJW.exe
  C:\Windows\System\fKuhyJW.exe
  2⤵
  PID:8096
- C:\Windows\System\WtpUMUA.exe
  C:\Windows\System\WtpUMUA.exe
  2⤵
  PID:6428
- C:\Windows\System\vzvPBgt.exe
  C:\Windows\System\vzvPBgt.exe
  2⤵
  PID:7204
- C:\Windows\System\uSZICXN.exe
  C:\Windows\System\uSZICXN.exe
  2⤵
  PID:8144
- C:\Windows\System\zAtjlqL.exe
  C:\Windows\System\zAtjlqL.exe
  2⤵
  PID:7372
- C:\Windows\System\dYToryD.exe
  C:\Windows\System\dYToryD.exe
  2⤵
  PID:6712
- C:\Windows\System\toMRwiF.exe
  C:\Windows\System\toMRwiF.exe
  2⤵
  PID:7552
- C:\Windows\System\MbOeicE.exe
  C:\Windows\System\MbOeicE.exe
  2⤵
  PID:7604
- C:\Windows\System\OoFfeqj.exe
  C:\Windows\System\OoFfeqj.exe
  2⤵
  PID:7780
- C:\Windows\System\eIOJooq.exe
  C:\Windows\System\eIOJooq.exe
  2⤵
  PID:7900
- C:\Windows\System\LAMguWO.exe
  C:\Windows\System\LAMguWO.exe
  2⤵
  PID:8108
- C:\Windows\System\skLDXrH.exe
  C:\Windows\System\skLDXrH.exe
  2⤵
  PID:6684
- C:\Windows\System\FbUIhRz.exe
  C:\Windows\System\FbUIhRz.exe
  2⤵
  PID:7884
- C:\Windows\System\xQwsjBo.exe
  C:\Windows\System\xQwsjBo.exe
  2⤵
  PID:7312
- C:\Windows\System\ESAdyiM.exe
  C:\Windows\System\ESAdyiM.exe
  2⤵
  PID:7440
- C:\Windows\System\QrUDayP.exe
  C:\Windows\System\QrUDayP.exe
  2⤵
  PID:7528
- C:\Windows\System\HCgUbXA.exe
  C:\Windows\System\HCgUbXA.exe
  2⤵
  PID:7728
- C:\Windows\System\urFGmOK.exe
  C:\Windows\System\urFGmOK.exe
  2⤵
  PID:7796
- C:\Windows\System\ynNzpkI.exe
  C:\Windows\System\ynNzpkI.exe
  2⤵
  PID:8028
- C:\Windows\System\xZhEcWB.exe
  C:\Windows\System\xZhEcWB.exe
  2⤵
  PID:8000
- C:\Windows\System\CiWNKJk.exe
  C:\Windows\System\CiWNKJk.exe
  2⤵
  PID:7200
- C:\Windows\System\boeNVEU.exe
  C:\Windows\System\boeNVEU.exe
  2⤵
  PID:7508
- C:\Windows\System\RyDTJzT.exe
  C:\Windows\System\RyDTJzT.exe
  2⤵
  PID:7664
- C:\Windows\System\TLNSiDI.exe
  C:\Windows\System\TLNSiDI.exe
  2⤵
  PID:7924
- C:\Windows\System\lBURJpd.exe
  C:\Windows\System\lBURJpd.exe
  2⤵
  PID:7932
- C:\Windows\System\xZFEeUF.exe
  C:\Windows\System\xZFEeUF.exe
  2⤵
  PID:8244
- C:\Windows\System\PsFxqCS.exe
  C:\Windows\System\PsFxqCS.exe
  2⤵
  PID:8264
- C:\Windows\System\KsXxgNs.exe
  C:\Windows\System\KsXxgNs.exe
  2⤵
  PID:8280
- C:\Windows\System\OhpzUJU.exe
  C:\Windows\System\OhpzUJU.exe
  2⤵
  PID:8300
- C:\Windows\System\HnYxEtB.exe
  C:\Windows\System\HnYxEtB.exe
  2⤵
  PID:8316
- C:\Windows\System\avyFbyU.exe
  C:\Windows\System\avyFbyU.exe
  2⤵
  PID:8332
- C:\Windows\System\QRoYpNI.exe
  C:\Windows\System\QRoYpNI.exe
  2⤵
  PID:8348
- C:\Windows\System\XIEZjJP.exe
  C:\Windows\System\XIEZjJP.exe
  2⤵
  PID:8368
- C:\Windows\System\hbsrZjq.exe
  C:\Windows\System\hbsrZjq.exe
  2⤵
  PID:8384
- C:\Windows\System\qYpNqcY.exe
  C:\Windows\System\qYpNqcY.exe
  2⤵
  PID:8404
- C:\Windows\System\rsacefp.exe
  C:\Windows\System\rsacefp.exe
  2⤵
  PID:8428
- C:\Windows\System\MvbKrvP.exe
  C:\Windows\System\MvbKrvP.exe
  2⤵
  PID:8468
- C:\Windows\System\zkZoIII.exe
  C:\Windows\System\zkZoIII.exe
  2⤵
  PID:8488
- C:\Windows\System\ApLiamR.exe
  C:\Windows\System\ApLiamR.exe
  2⤵
  PID:8504
- C:\Windows\System\nIflGLt.exe
  C:\Windows\System\nIflGLt.exe
  2⤵
  PID:8524
- C:\Windows\System\MhRwTbd.exe
  C:\Windows\System\MhRwTbd.exe
  2⤵
  PID:8544
- C:\Windows\System\GwbJYqH.exe
  C:\Windows\System\GwbJYqH.exe
  2⤵
  PID:8560
- C:\Windows\System\wysBLgd.exe
  C:\Windows\System\wysBLgd.exe
  2⤵
  PID:8580
- C:\Windows\System\nLyukeZ.exe
  C:\Windows\System\nLyukeZ.exe
  2⤵
  PID:8608
- C:\Windows\System\goxYQiu.exe
  C:\Windows\System\goxYQiu.exe
  2⤵
  PID:8624
- C:\Windows\System\FCLkHeM.exe
  C:\Windows\System\FCLkHeM.exe
  2⤵
  PID:8640
- C:\Windows\System\ZgXwOjJ.exe
  C:\Windows\System\ZgXwOjJ.exe
  2⤵
  PID:8664
- C:\Windows\System\ZYCpsCf.exe
  C:\Windows\System\ZYCpsCf.exe
  2⤵
  PID:8684
- C:\Windows\System\ZoNuBBA.exe
  C:\Windows\System\ZoNuBBA.exe
  2⤵
  PID:8704
- C:\Windows\System\iRfLOhA.exe
  C:\Windows\System\iRfLOhA.exe
  2⤵
  PID:8724
- C:\Windows\System\SYpwmfl.exe
  C:\Windows\System\SYpwmfl.exe
  2⤵
  PID:8740
- C:\Windows\System\XvGAzQR.exe
  C:\Windows\System\XvGAzQR.exe
  2⤵
  PID:8756
- C:\Windows\System\SwFnRph.exe
  C:\Windows\System\SwFnRph.exe
  2⤵
  PID:8772
- C:\Windows\System\yDLKuLv.exe
  C:\Windows\System\yDLKuLv.exe
  2⤵
  PID:8788
- C:\Windows\System\iiOyHfU.exe
  C:\Windows\System\iiOyHfU.exe
  2⤵
  PID:8804
- C:\Windows\System\HoCIIIC.exe
  C:\Windows\System\HoCIIIC.exe
  2⤵
  PID:8820
- C:\Windows\System\VUnSLlN.exe
  C:\Windows\System\VUnSLlN.exe
  2⤵
  PID:8836
- C:\Windows\System\gxIhYgk.exe
  C:\Windows\System\gxIhYgk.exe
  2⤵
  PID:8884
- C:\Windows\System\MTRxduG.exe
  C:\Windows\System\MTRxduG.exe
  2⤵
  PID:8912
- C:\Windows\System\tXRdrCl.exe
  C:\Windows\System\tXRdrCl.exe
  2⤵
  PID:8928
- C:\Windows\System\GQfKJSl.exe
  C:\Windows\System\GQfKJSl.exe
  2⤵
  PID:8944
- C:\Windows\System\WoQuZqI.exe
  C:\Windows\System\WoQuZqI.exe
  2⤵
  PID:8960
- C:\Windows\System\GWGhPAq.exe
  C:\Windows\System\GWGhPAq.exe
  2⤵
  PID:8976
- C:\Windows\System\hgXCKgq.exe
  C:\Windows\System\hgXCKgq.exe
  2⤵
  PID:8992
- C:\Windows\System\PxLcJcS.exe
  C:\Windows\System\PxLcJcS.exe
  2⤵
  PID:9008
- C:\Windows\System\ZjknOFW.exe
  C:\Windows\System\ZjknOFW.exe
  2⤵
  PID:9024
- C:\Windows\System\wXvKkCc.exe
  C:\Windows\System\wXvKkCc.exe
  2⤵
  PID:9040
- C:\Windows\System\nQkFWLi.exe
  C:\Windows\System\nQkFWLi.exe
  2⤵
  PID:9056
- C:\Windows\System\JOGSJaM.exe
  C:\Windows\System\JOGSJaM.exe
  2⤵
  PID:9072
- C:\Windows\System\rxTmoug.exe
  C:\Windows\System\rxTmoug.exe
  2⤵
  PID:9088
- C:\Windows\System\QADUhnU.exe
  C:\Windows\System\QADUhnU.exe
  2⤵
  PID:9104
- C:\Windows\System\wSquzuF.exe
  C:\Windows\System\wSquzuF.exe
  2⤵
  PID:9120
- C:\Windows\System\uQqccAn.exe
  C:\Windows\System\uQqccAn.exe
  2⤵
  PID:9136
- C:\Windows\System\IjdCzTQ.exe
  C:\Windows\System\IjdCzTQ.exe
  2⤵
  PID:9152
- C:\Windows\System\mPlFdEa.exe
  C:\Windows\System\mPlFdEa.exe
  2⤵
  PID:9168
- C:\Windows\System\WIgHDSe.exe
  C:\Windows\System\WIgHDSe.exe
  2⤵
  PID:9184
- C:\Windows\System\yQMYGRN.exe
  C:\Windows\System\yQMYGRN.exe
  2⤵
  PID:9200
- C:\Windows\System\SJaNhOK.exe
  C:\Windows\System\SJaNhOK.exe
  2⤵
  PID:7224
- C:\Windows\System\QRBiLMF.exe
  C:\Windows\System\QRBiLMF.exe
  2⤵
  PID:7192
- C:\Windows\System\oSCIhXb.exe
  C:\Windows\System\oSCIhXb.exe
  2⤵
  PID:8228
- C:\Windows\System\FIGKKXl.exe
  C:\Windows\System\FIGKKXl.exe
  2⤵
  PID:8252
- C:\Windows\System\HFIoYWx.exe
  C:\Windows\System\HFIoYWx.exe
  2⤵
  PID:8288
- C:\Windows\System\HTQtxYG.exe
  C:\Windows\System\HTQtxYG.exe
  2⤵
  PID:8308
- C:\Windows\System\qJxXFjE.exe
  C:\Windows\System\qJxXFjE.exe
  2⤵
  PID:8236
- C:\Windows\System\yTVQkjF.exe
  C:\Windows\System\yTVQkjF.exe
  2⤵
  PID:8392
- C:\Windows\System\SmRTjTQ.exe
  C:\Windows\System\SmRTjTQ.exe
  2⤵
  PID:8440
- C:\Windows\System\ZZlNIWO.exe
  C:\Windows\System\ZZlNIWO.exe
  2⤵
  PID:8476
- C:\Windows\System\JsooGCR.exe
  C:\Windows\System\JsooGCR.exe
  2⤵
  PID:8512
- C:\Windows\System\XzUUWoU.exe
  C:\Windows\System\XzUUWoU.exe
  2⤵
  PID:8616
- C:\Windows\System\oyewLoK.exe
  C:\Windows\System\oyewLoK.exe
  2⤵
  PID:8652
- C:\Windows\System\DPBPTDC.exe
  C:\Windows\System\DPBPTDC.exe
  2⤵
  PID:8712
- C:\Windows\System\rTTtqCa.exe
  C:\Windows\System\rTTtqCa.exe
  2⤵
  PID:8780
- C:\Windows\System\YkDOuus.exe
  C:\Windows\System\YkDOuus.exe
  2⤵
  PID:8696
- C:\Windows\System\AbAKDYl.exe
  C:\Windows\System\AbAKDYl.exe
  2⤵
  PID:8812
- C:\Windows\System\uybOMuu.exe
  C:\Windows\System\uybOMuu.exe
  2⤵
  PID:8856
- C:\Windows\System\bLHUUWJ.exe
  C:\Windows\System\bLHUUWJ.exe
  2⤵
  PID:8832
- C:\Windows\System\OOcYsxv.exe
  C:\Windows\System\OOcYsxv.exe
  2⤵
  PID:8876
- C:\Windows\System\ggMwnTr.exe
  C:\Windows\System\ggMwnTr.exe
  2⤵
  PID:8900
- C:\Windows\System\qhqldFO.exe
  C:\Windows\System\qhqldFO.exe
  2⤵
  PID:8924
- C:\Windows\System\eZODaHc.exe
  C:\Windows\System\eZODaHc.exe
  2⤵
  PID:8972
- C:\Windows\System\YxoqSUG.exe
  C:\Windows\System\YxoqSUG.exe
  2⤵
  PID:9148
- C:\Windows\System\lAhVjQp.exe
  C:\Windows\System\lAhVjQp.exe
  2⤵
  PID:9020
- C:\Windows\System\ghOZitl.exe
  C:\Windows\System\ghOZitl.exe
  2⤵
  PID:9116
- C:\Windows\System\uJcPaEP.exe
  C:\Windows\System\uJcPaEP.exe
  2⤵
  PID:9096
- C:\Windows\System\uavnRHi.exe
  C:\Windows\System\uavnRHi.exe
  2⤵
  PID:9160
- C:\Windows\System\lyizmKF.exe
  C:\Windows\System\lyizmKF.exe
  2⤵
  PID:9192
- C:\Windows\System\AowiICd.exe
  C:\Windows\System\AowiICd.exe
  2⤵
  PID:7576
- C:\Windows\System\jvTDezR.exe
  C:\Windows\System\jvTDezR.exe
  2⤵
  PID:8260
- C:\Windows\System\BfKDWmT.exe
  C:\Windows\System\BfKDWmT.exe
  2⤵
  PID:8272
- C:\Windows\System\UoKXtRg.exe
  C:\Windows\System\UoKXtRg.exe
  2⤵
  PID:8420
- C:\Windows\System\hVGjnjJ.exe
  C:\Windows\System\hVGjnjJ.exe
  2⤵
  PID:8360
- C:\Windows\System\VOzpdnC.exe
  C:\Windows\System\VOzpdnC.exe
  2⤵
  PID:8464
- C:\Windows\System\kxaUtSZ.exe
  C:\Windows\System\kxaUtSZ.exe
  2⤵
  PID:8444
- C:\Windows\System\ztjBPgR.exe
  C:\Windows\System\ztjBPgR.exe
  2⤵
  PID:8568
- C:\Windows\System\pOYzNRx.exe
  C:\Windows\System\pOYzNRx.exe
  2⤵
  PID:8600
- C:\Windows\System\vyEqFoC.exe
  C:\Windows\System\vyEqFoC.exe
  2⤵
  PID:8632
- C:\Windows\System\fZgLhsL.exe
  C:\Windows\System\fZgLhsL.exe
  2⤵
  PID:8748
- C:\Windows\System\qdRcGqX.exe
  C:\Windows\System\qdRcGqX.exe
  2⤵
  PID:8764
- C:\Windows\System\LRYlwDw.exe
  C:\Windows\System\LRYlwDw.exe
  2⤵
  PID:8828
- C:\Windows\System\byPjPht.exe
  C:\Windows\System\byPjPht.exe
  2⤵
  PID:8864
- C:\Windows\System\yzUrjKW.exe
  C:\Windows\System\yzUrjKW.exe
  2⤵
  PID:9032
- C:\Windows\System\JCZJUdC.exe
  C:\Windows\System\JCZJUdC.exe
  2⤵
  PID:9036
- C:\Windows\System\YNDPQHl.exe
  C:\Windows\System\YNDPQHl.exe
  2⤵
  PID:9144
- C:\Windows\System\PeddIEQ.exe
  C:\Windows\System\PeddIEQ.exe
  2⤵
  PID:9212
- C:\Windows\System\HlbXAyk.exe
  C:\Windows\System\HlbXAyk.exe
  2⤵
  PID:9132
- C:\Windows\System\dpUVwjH.exe
  C:\Windows\System\dpUVwjH.exe
  2⤵
  PID:9164
- C:\Windows\System\prBoMEP.exe
  C:\Windows\System\prBoMEP.exe
  2⤵
  PID:8412
- C:\Windows\System\xpclfKC.exe
  C:\Windows\System\xpclfKC.exe
  2⤵
  PID:8436
- C:\Windows\System\imizrUR.exe
  C:\Windows\System\imizrUR.exe
  2⤵
  PID:8364
- C:\Windows\System\CdmOBIi.exe
  C:\Windows\System\CdmOBIi.exe
  2⤵
  PID:8516
- C:\Windows\System\OOynWks.exe
  C:\Windows\System\OOynWks.exe
  2⤵
  PID:8540
- C:\Windows\System\GTWuaan.exe
  C:\Windows\System\GTWuaan.exe
  2⤵
  PID:8592
- C:\Windows\System\iQFDGZn.exe
  C:\Windows\System\iQFDGZn.exe
  2⤵
  PID:8680
- C:\Windows\System\edliIGJ.exe
  C:\Windows\System\edliIGJ.exe
  2⤵
  PID:8800
- C:\Windows\System\hciFbiN.exe
  C:\Windows\System\hciFbiN.exe
  2⤵
  PID:8872
- C:\Windows\System\pQgVPFx.exe
  C:\Windows\System\pQgVPFx.exe
  2⤵
  PID:8968
- C:\Windows\System\mrRxBTe.exe
  C:\Windows\System\mrRxBTe.exe
  2⤵
  PID:8988
- C:\Windows\System\ERWoXMj.exe
  C:\Windows\System\ERWoXMj.exe
  2⤵
  PID:9080
- C:\Windows\System\ShwybOq.exe
  C:\Windows\System\ShwybOq.exe
  2⤵
  PID:8128
- C:\Windows\System\DoglHMb.exe
  C:\Windows\System\DoglHMb.exe
  2⤵
  PID:8416
- C:\Windows\System\GhYSQcY.exe
  C:\Windows\System\GhYSQcY.exe
  2⤵
  PID:8844
- C:\Windows\System\rEBhOzh.exe
  C:\Windows\System\rEBhOzh.exe
  2⤵
  PID:8424
- C:\Windows\System\TwmnBAJ.exe
  C:\Windows\System\TwmnBAJ.exe
  2⤵
  PID:8892
- C:\Windows\System\YkWAsra.exe
  C:\Windows\System\YkWAsra.exe
  2⤵
  PID:8312
- C:\Windows\System\sPqgLEx.exe
  C:\Windows\System\sPqgLEx.exe
  2⤵
  PID:8656
- C:\Windows\System\MQewdnd.exe
  C:\Windows\System\MQewdnd.exe
  2⤵
  PID:8556
- C:\Windows\System\Zdbewln.exe
  C:\Windows\System\Zdbewln.exe
  2⤵
  PID:9068
- C:\Windows\System\uyhjGuI.exe
  C:\Windows\System\uyhjGuI.exe
  2⤵
  PID:8224
- C:\Windows\System\IMMYDfz.exe
  C:\Windows\System\IMMYDfz.exe
  2⤵
  PID:9084
- C:\Windows\System\SreRJrj.exe
  C:\Windows\System\SreRJrj.exe
  2⤵
  PID:8356
- C:\Windows\System\YwrpETW.exe
  C:\Windows\System\YwrpETW.exe
  2⤵
  PID:9180
- C:\Windows\System\YTZVJlG.exe
  C:\Windows\System\YTZVJlG.exe
  2⤵
  PID:8676
- C:\Windows\System\CfqDxyj.exe
  C:\Windows\System\CfqDxyj.exe
  2⤵
  PID:9220
- C:\Windows\System\mcrFZCx.exe
  C:\Windows\System\mcrFZCx.exe
  2⤵
  PID:9252
- C:\Windows\System\gRmEjod.exe
  C:\Windows\System\gRmEjod.exe
  2⤵
  PID:9268
- C:\Windows\System\tyWJFJn.exe
  C:\Windows\System\tyWJFJn.exe
  2⤵
  PID:9284
- C:\Windows\System\FfMdSFR.exe
  C:\Windows\System\FfMdSFR.exe
  2⤵
  PID:9308
- C:\Windows\System\uKZWAsd.exe
  C:\Windows\System\uKZWAsd.exe
  2⤵
  PID:9328
- C:\Windows\System\fpkMUZV.exe
  C:\Windows\System\fpkMUZV.exe
  2⤵
  PID:9344
- C:\Windows\System\DfLiucR.exe
  C:\Windows\System\DfLiucR.exe
  2⤵
  PID:9364
- C:\Windows\System\nSaSfVm.exe
  C:\Windows\System\nSaSfVm.exe
  2⤵
  PID:9380
- C:\Windows\System\hgtuLJC.exe
  C:\Windows\System\hgtuLJC.exe
  2⤵
  PID:9408
- C:\Windows\System\SBVAaBP.exe
  C:\Windows\System\SBVAaBP.exe
  2⤵
  PID:9424
- C:\Windows\System\BRSbKYF.exe
  C:\Windows\System\BRSbKYF.exe
  2⤵
  PID:9448
- C:\Windows\System\Svrrxwe.exe
  C:\Windows\System\Svrrxwe.exe
  2⤵
  PID:9464
- C:\Windows\System\YzGBUdR.exe
  C:\Windows\System\YzGBUdR.exe
  2⤵
  PID:9488
- C:\Windows\System\LxsmOxD.exe
  C:\Windows\System\LxsmOxD.exe
  2⤵
  PID:9504
- C:\Windows\System\pbyPilS.exe
  C:\Windows\System\pbyPilS.exe
  2⤵
  PID:9520
- C:\Windows\System\hKrZZIL.exe
  C:\Windows\System\hKrZZIL.exe
  2⤵
  PID:9536
- C:\Windows\System\DxzJjgd.exe
  C:\Windows\System\DxzJjgd.exe
  2⤵
  PID:9552
- C:\Windows\System\spRxHgp.exe
  C:\Windows\System\spRxHgp.exe
  2⤵
  PID:9568
- C:\Windows\System\ZPfNxRr.exe
  C:\Windows\System\ZPfNxRr.exe
  2⤵
  PID:9588
- C:\Windows\System\EuYncrI.exe
  C:\Windows\System\EuYncrI.exe
  2⤵
  PID:9608
- C:\Windows\System\AlXZtUs.exe
  C:\Windows\System\AlXZtUs.exe
  2⤵
  PID:9632
- C:\Windows\System\zWVvReL.exe
  C:\Windows\System\zWVvReL.exe
  2⤵
  PID:9668
- C:\Windows\System\SrVAlYx.exe
  C:\Windows\System\SrVAlYx.exe
  2⤵
  PID:9688
- C:\Windows\System\zjtOUih.exe
  C:\Windows\System\zjtOUih.exe
  2⤵
  PID:9716
- C:\Windows\System\PRQLCZd.exe
  C:\Windows\System\PRQLCZd.exe
  2⤵
  PID:9732
- C:\Windows\System\KZVCXgc.exe
  C:\Windows\System\KZVCXgc.exe
  2⤵
  PID:9756
- C:\Windows\System\GEJECCN.exe
  C:\Windows\System\GEJECCN.exe
  2⤵
  PID:9772
- C:\Windows\System\iCeryVW.exe
  C:\Windows\System\iCeryVW.exe
  2⤵
  PID:9788
- C:\Windows\System\akMdxpK.exe
  C:\Windows\System\akMdxpK.exe
  2⤵
  PID:9812
- C:\Windows\System\kcuVbxN.exe
  C:\Windows\System\kcuVbxN.exe
  2⤵
  PID:9828
- C:\Windows\System\YmctCmz.exe
  C:\Windows\System\YmctCmz.exe
  2⤵
  PID:9844
- C:\Windows\System\fQbDxKn.exe
  C:\Windows\System\fQbDxKn.exe
  2⤵
  PID:9864
- C:\Windows\System\AkGvsgW.exe
  C:\Windows\System\AkGvsgW.exe
  2⤵
  PID:9896
- C:\Windows\System\WyjzplE.exe
  C:\Windows\System\WyjzplE.exe
  2⤵
  PID:9912
- C:\Windows\System\rGgOlIt.exe
  C:\Windows\System\rGgOlIt.exe
  2⤵
  PID:9928
- C:\Windows\System\PGSNPsc.exe
  C:\Windows\System\PGSNPsc.exe
  2⤵
  PID:9952
- C:\Windows\System\dNCOUBx.exe
  C:\Windows\System\dNCOUBx.exe
  2⤵
  PID:9968
- C:\Windows\System\CQgRdZB.exe
  C:\Windows\System\CQgRdZB.exe
  2⤵
  PID:9988
- C:\Windows\System\xNvTiYa.exe
  C:\Windows\System\xNvTiYa.exe
  2⤵
  PID:10008
- C:\Windows\System\bSPBbgs.exe
  C:\Windows\System\bSPBbgs.exe
  2⤵
  PID:10024
- C:\Windows\System\DYcXAer.exe
  C:\Windows\System\DYcXAer.exe
  2⤵
  PID:10044
- C:\Windows\System\pPOInPz.exe
  C:\Windows\System\pPOInPz.exe
  2⤵
  PID:10064
- C:\Windows\System\bFHxvWb.exe
  C:\Windows\System\bFHxvWb.exe
  2⤵
  PID:10104
- C:\Windows\System\hGZYLxg.exe
  C:\Windows\System\hGZYLxg.exe
  2⤵
  PID:10120
- C:\Windows\System\NjRuCfd.exe
  C:\Windows\System\NjRuCfd.exe
  2⤵
  PID:10136
- C:\Windows\System\qYNOpkH.exe
  C:\Windows\System\qYNOpkH.exe
  2⤵
  PID:10152
- C:\Windows\System\OjLLKwp.exe
  C:\Windows\System\OjLLKwp.exe
  2⤵
  PID:10168
- C:\Windows\System\swdMwJE.exe
  C:\Windows\System\swdMwJE.exe
  2⤵
  PID:10184
- C:\Windows\System\XkwzDXY.exe
  C:\Windows\System\XkwzDXY.exe
  2⤵
  PID:10220
- C:\Windows\System\KsQtYQu.exe
  C:\Windows\System\KsQtYQu.exe
  2⤵
  PID:8024
- C:\Windows\System\HUxUxPC.exe
  C:\Windows\System\HUxUxPC.exe
  2⤵
  PID:9240
- C:\Windows\System\oePsjUN.exe
  C:\Windows\System\oePsjUN.exe
  2⤵
  PID:9244
- C:\Windows\System\tOLFSIT.exe
  C:\Windows\System\tOLFSIT.exe
  2⤵
  PID:9296
- C:\Windows\System\ZjTafCd.exe
  C:\Windows\System\ZjTafCd.exe
  2⤵
  PID:9316
- C:\Windows\System\icwPUst.exe
  C:\Windows\System\icwPUst.exe
  2⤵
  PID:9360
- C:\Windows\System\IVDNvFd.exe
  C:\Windows\System\IVDNvFd.exe
  2⤵
  PID:9376
- C:\Windows\System\LuEVATb.exe
  C:\Windows\System\LuEVATb.exe
  2⤵
  PID:9404
- C:\Windows\System\ANBjVRM.exe
  C:\Windows\System\ANBjVRM.exe
  2⤵
  PID:9472
- C:\Windows\System\kKUJxTO.exe
  C:\Windows\System\kKUJxTO.exe
  2⤵
  PID:9544
- C:\Windows\System\lCjVrNX.exe
  C:\Windows\System\lCjVrNX.exe
  2⤵
  PID:9576
- C:\Windows\System\GpgBpGO.exe
  C:\Windows\System\GpgBpGO.exe
  2⤵
  PID:9416
- C:\Windows\System\qbsWJCE.exe
  C:\Windows\System\qbsWJCE.exe
  2⤵
  PID:9628
- C:\Windows\System\cMwliwe.exe
  C:\Windows\System\cMwliwe.exe
  2⤵
  PID:9652
- C:\Windows\System\BteMnxt.exe
  C:\Windows\System\BteMnxt.exe
  2⤵
  PID:9696
- C:\Windows\System\LmvEHHZ.exe
  C:\Windows\System\LmvEHHZ.exe
  2⤵
  PID:9708
- C:\Windows\System\ptRgNFL.exe
  C:\Windows\System\ptRgNFL.exe
  2⤵
  PID:9740
- C:\Windows\System\LWSzEeY.exe
  C:\Windows\System\LWSzEeY.exe
  2⤵
  PID:9748
- C:\Windows\System\wipadud.exe
  C:\Windows\System\wipadud.exe
  2⤵
  PID:9796
- C:\Windows\System\czYFknx.exe
  C:\Windows\System\czYFknx.exe
  2⤵
  PID:9836
- C:\Windows\System\cwQPyJP.exe
  C:\Windows\System\cwQPyJP.exe
  2⤵
  PID:9872
- C:\Windows\System\vqBMfON.exe
  C:\Windows\System\vqBMfON.exe
  2⤵
  PID:9860
- C:\Windows\System\HlGMANM.exe
  C:\Windows\System\HlGMANM.exe
  2⤵
  PID:9920
- C:\Windows\System\AMFBuKy.exe
  C:\Windows\System\AMFBuKy.exe
  2⤵
  PID:9976
- C:\Windows\System\fHyyuiz.exe
  C:\Windows\System\fHyyuiz.exe
  2⤵
  PID:10032
- C:\Windows\System\VqlFksX.exe
  C:\Windows\System\VqlFksX.exe
  2⤵
  PID:10040
- C:\Windows\System\vBXSopD.exe
  C:\Windows\System\vBXSopD.exe
  2⤵
  PID:10056
- C:\Windows\System\oMkVAhx.exe
  C:\Windows\System\oMkVAhx.exe
  2⤵
  PID:10080
- C:\Windows\System\lJvQGHe.exe
  C:\Windows\System\lJvQGHe.exe
  2⤵
  PID:10076
- C:\Windows\System\sgmnAnU.exe
  C:\Windows\System\sgmnAnU.exe
  2⤵
  PID:10128
- C:\Windows\System\NcQTzkj.exe
  C:\Windows\System\NcQTzkj.exe
  2⤵
  PID:10192
- C:\Windows\System\ToEByob.exe
  C:\Windows\System\ToEByob.exe
  2⤵
  PID:10176
- C:\Windows\System\QvJghOM.exe
  C:\Windows\System\QvJghOM.exe
  2⤵
  PID:10216
- C:\Windows\System\GYQgZuu.exe
  C:\Windows\System\GYQgZuu.exe
  2⤵
  PID:9352
- C:\Windows\System\SZppjHQ.exe
  C:\Windows\System\SZppjHQ.exe
  2⤵
  PID:9304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CJAJJAT.exe

Filesize
6.0MB

MD5
5ddcdd57697ceec46c913bc446f67c63

SHA1
daa3d9ac445eedbda45f2f3e6dafe36f374e546b

SHA256
fc6e98c43307bfe0218f97ca50b623fd700238b1db70a6e212e7618b43699b17

SHA512
97e17f164be58df45b0ef5042342a957325ef9364fa1f9996ca5bf9292cc594e515c33b83fd4bce228c6b0ddea5f0358bab56180c8aecc5df16937f233a8f86d

Download Submit
C:\Windows\system\DPOjVDU.exe

Filesize
6.0MB

MD5
27696961498edeeca3b70b7ac841e709

SHA1
be906d136baad6713ab40869e54c0d85e353c61e

SHA256
ddce3925ac038242748d794a81d2f87498a518990cfb2b20cfa70e841e80b98d

SHA512
ed204cdb315f4273b847ae7f97d7c2b2df9336b28e2bcfba8f3e82578e3dfb2e592dc8c9e271d31548a1af5519107e0c097d56175aa569b99dd2a56d6e9be97b

Download Submit
C:\Windows\system\EEkqPJU.exe

Filesize
6.0MB

MD5
170ed9664b162aeea33e14fb04b0578e

SHA1
4bec6b7a2931bb1a86ef740b7af12e3f6b854414

SHA256
2faf6ec6606cd12a0f86149d81c4a7b711343f186c1d8cfe933b8a6cb62ec539

SHA512
81b48ca39e3b859390f441205e03935e545a51db9d82a293ebd2649d08066507d9532bcaad59914f15e4ca34dd7f97e92e45bd4b68c8894a7d748eea8bf453b6

Download Submit
C:\Windows\system\ITvXwxT.exe

Filesize
6.0MB

MD5
28dcfe26aae874e5862af69a2cf8449a

SHA1
db01d30020430f552860cd47b567bc2b28edf7d8

SHA256
76d074d5d15fc93ae1cf2c39009353e5101b6b0124ead5101fdbdd6c25747b2c

SHA512
bcba3e1bc665ca2b253faf180e201a5188d8a29f4eaa72015a2270f2cf765f985abcfd43b690d88486f5a5d383987cde3b6108c25ce2ee6f313f482e26c87be2

Download Submit
C:\Windows\system\KcUJrTm.exe

Filesize
6.0MB

MD5
87da96992dc5b346a1addf945bf999b8

SHA1
0e67a511db04d634124e4e2ba0c9b5bbcdec4b1d

SHA256
15c5a05bc33e0a264caf6d4b21dcb4bb5e422bb4e1b9be22076e6ea56fea3590

SHA512
4ddf3b1fc0632ad114abd25b895acf00e920c439da91b31048a10c7538cab12d96f34d76f05c6de027c22285484868e86023340bfbbbe3c8bf2c573fcbc1ac0f

Download Submit
C:\Windows\system\KlOfEAg.exe

Filesize
6.0MB

MD5
6d7efe31053c5c746ac141efc1eed088

SHA1
d55b54ee85de7361b494a5c61903fc76de1485a4

SHA256
ff5aca7e15912cf8eabd30a38a60e83d8b192b95e1c4ca9479fe49040931ab4a

SHA512
957b1b8dda64874d85ecf8ef685217a40c3c04306830f758e60a25d642ec5af37dccf1de9c427b306acf98a9b3b6b116e1f30f727f0bce3b0f34bb67ec858605

Download Submit
C:\Windows\system\KwmOoDF.exe

Filesize
6.0MB

MD5
683f056591abf6940be2b653d163ba5f

SHA1
b17e2db1d261ab4783764b4bf3ed5e60ff51e361

SHA256
85abf31a1802aaf0d2c0a91341345f0a24c4afb67367b17987f17be80f59df1e

SHA512
d0ee5febe90f4adb014fc684ea9cd1cb21ccc3449afdbab326426af67925113e8e820687c6f9a71c525bb9b27d79b1bfed26c2b4695de1a84759b4d0834945c2

Download Submit
C:\Windows\system\PdiMjeS.exe

Filesize
6.0MB

MD5
dcd7edbd85a22e5cff87f1ef740f7f47

SHA1
744faf59d712dda1e2ac3dbfc58c5eca946cc2a9

SHA256
2f9c22273bde7d5e38d0c629c7eccac24d10559552437adf76568e4d531fc272

SHA512
0d831bfe682fcc2b9b6b50e8a33556b48bfac6cd694321bf87e9c593545202ae9e7bef76663a6f754641e37d0b8ff5d8e01e6b462455b6373ffb5c4ffafad4cf

Download Submit
C:\Windows\system\PfJxmIY.exe

Filesize
6.0MB

MD5
262d86c1b9af599e6d795d48ef1a8247

SHA1
852a25bfcb60926df590894cbbc537cc7ace91fe

SHA256
c239cd849491d5bca82a077e6124070b3b12aa641c9c02af44caeba4f393c47c

SHA512
9fb365d40fe7bb17bde2acd8b4a5f5c15641cebb0ac389743524ed658d99e09db7c123cf68f5fdfeda599dacb9759d7a17e00dca8e4f1d9498a5f6ffaa66e1c7

Download Submit
C:\Windows\system\QKraZzG.exe

Filesize
6.0MB

MD5
d955505579a3d83202618f1daaf2633b

SHA1
44320352fa24cb85fe06e1f3d31e368cb0e32342

SHA256
f86278671958835b9d6744a347774626cb5164b376ffd715a0406b64de3fbe17

SHA512
12f567bb9c823db29325e49bddc0e668c06240acf0353f60d0a32e9f1d0a847d6ace5852ec3baad64d01906b391d7323d8c3e86f8f44321dbd5fb5dc979a8bf1

Download Submit
C:\Windows\system\SBZoRfV.exe

Filesize
6.0MB

MD5
c633489435d54fd7972c8a8140261f17

SHA1
db2cd7d12bed6bfdaee7692d99950dd52a664daf

SHA256
23c5bf5559c165fe41ad0a3ac523db200c85b0f0bea69e298b1238524030149a

SHA512
1c0cbb2c23fc04afc3c09209b02f93e97b6a3f929542da1be19ade6ff6d9bc4406905f8c1a6e6386921490ced171911b1a3909d584c503dcc81b423a01ceab7c

Download Submit
C:\Windows\system\SqpGLiy.exe

Filesize
6.0MB

MD5
18bf49d0a9468b3b6ebdcdba7087ce64

SHA1
f5bacfd04c94b0e973d71db088265cfd55945542

SHA256
fa2696ac874b1629a2d7772b0d662f3262d27c75f52b1072242f16dbac07d735

SHA512
24af1343d54ee89c1f13dbaf41ae0797795d0433fb5b849789c4208c3067e831f7d0864fbd2831b9872156bb1a8cbf04eb3fdf4f1efebd84ab385e383c7c8a0d

Download Submit
C:\Windows\system\XabSgnm.exe

Filesize
6.0MB

MD5
0ae20babdbe34a5eec0a597f8bbcb21f

SHA1
e0f8e73c91e4ae9803f4cf944a96103dc01a5a21

SHA256
9d11f2c98ba922443536b7d9313447214486c1457eed33afd92315062666a710

SHA512
1d1d97d66852b98b82c43eb5535699aa077cffc4e8989a887955603905bbe5c355c4662d7e267a05e927c852ea9169bebda9a8a3c0ddf48a71a0b5e03327ac1b

Download Submit
C:\Windows\system\ZJzTPlw.exe

Filesize
6.0MB

MD5
fd9b4e5fa93d9a78773eb975da0a1ec2

SHA1
f8098f02c2d652f05d051064e99b9c82188946b8

SHA256
f7a5383827cd664561eb40d08fadb17b9bd799c742defc22131289ba6b39c59b

SHA512
0531930a2551f28778e45b5b427d4f839f636c5d8cd6fa1702de245e805a28b16c02ef41957f2648e178abe11dedc9c6e536c321b8e75e071079604dd06b0ff1

Download Submit
C:\Windows\system\bhCrGzV.exe

Filesize
6.0MB

MD5
1f1661d6a1c695b4d6a68225a38c1b45

SHA1
21a89d61fa68eda046895351397ced6234a62318

SHA256
fd291a5b309db7f6fe4287cab5de6924ac805f6b05e2c334d1f515b87fb1977a

SHA512
e08d3f32803b081bae9c642fc70c13a669b53d4abe8aaaf5dc55cb276ddffc574e7887e3bca294cea829b47c56796616494e656a1649877c5e104d54b8d89d0d

Download Submit
C:\Windows\system\cmyJRoF.exe

Filesize
6.0MB

MD5
cde15fd0bf635e22695cae39979ab1aa

SHA1
005db13668c49cea5f4f30c2628ddeb6ee00bd33

SHA256
f2d6220b6e392ef5b0b14c9443ffb2c296a9b25e0833e07147801b3cea10f530

SHA512
56fb8f742052417985b54ac41df5c23b2a65f9fd30ef7b1b04e21d21fbf1e509f6588632ae3ee5e51f9432a29d8c7c8b2ccd549becc7058dd65a192d0fe62c35

Download Submit
C:\Windows\system\dCcwbIL.exe

Filesize
6.0MB

MD5
5a96b2e689f31db902b1d0c90dbaafad

SHA1
73f08b3492af671d80613d5a3a591d14d46cfd72

SHA256
3bf4a5d2efa80df2b5d561c26f4c35541ab2606654f71a728140ffe5f8301692

SHA512
922e73f8e400d7e60e496f8b9fa0cc1249d57056ffe7afbc034e819c41507cbb1676c1e003dcf43875cd9195c94a8a90d174b4304339ecaec44626dbe55af748

Download Submit
C:\Windows\system\fJHFqwh.exe

Filesize
6.0MB

MD5
46ce6d1d54d35b77bcfd03656e512fcb

SHA1
3fd5f6e4a79bcd0587d1440b6df5ac54eec7c663

SHA256
29df9b4bfe6f021e68cf0213d65007fdd337f7b9d97acfd091346743e9d123b5

SHA512
82ed922054965938199805a5e55ff4d18b087ca76ee35ffbd9aa2f559d461286f7154d8020223c0b66ae8d2b7d96b207e5e3f9156d73f83deed13576eaefd579

Download Submit
C:\Windows\system\gsBPOne.exe

Filesize
6.0MB

MD5
a50d74512f8fa70309665cab8f87c417

SHA1
309a11b4d18d5819880a97145d33b608f7d8243c

SHA256
9d05d2ae28d4b4610cf84be7abd0248226326e2c3f7d4a694f3a485785f8c39f

SHA512
145e1db4fa41266fe21cbbdb4c4123413b59151a071838680a0b69e0731238f5a395a7d424f0d86fb1f3a1b7462bb79aed25da3c0b9a6b74cce4caec8dad8fdb

Download Submit
C:\Windows\system\iAbQxOK.exe

Filesize
6.0MB

MD5
2e3a28c237342fe2ade54b6468457259

SHA1
0e3981d5453dc54c19dcb9dbc9bf7df751121a9a

SHA256
66e875580218b1e68670a7c587f2f8c31d5f528ed1ce97bc76e9cd50a73ba45a

SHA512
132471dbc64ccee42b82c1965370c5f6f4e6e23991160f7b832e1e632dbb8858e6a30c105b8b642d56d2c5a9ac615c595cbcaf85acf014312d8439b7de7aa52c

Download Submit
C:\Windows\system\jLFFXMC.exe

Filesize
6.0MB

MD5
55f5cec682285c3056b8be4e64eb8c0c

SHA1
45b1415cc7ba3895e48cfbec67272a5bac268ab1

SHA256
004a8f5eb6bda4c0a9a7046fcb5c47d7df3c715922485712defea1575fcc0cfd

SHA512
da3f68773af28c969c051fa4a104a17f5b3ab8446f1747072fe32d716a0353bc50e7af6a317971ab4717d01bc6f1a75e7cbfd3569ec9779c3b1cda5164206686

Download Submit
C:\Windows\system\oBxrwiU.exe

Filesize
6.0MB

MD5
7f31fd1b79b3140591cfe99ed771a511

SHA1
dc0e13e928b637521ae11818767783f6432f3610

SHA256
d2321f9d857f96c6304ec21212a1e40bfae683f94880af28005496351a281976

SHA512
b68e6f00f640e7c1e8bea544f74954f391962e0302534a17ebb96f6ee4e8aaf6f6790bac75f4eeccddd948b22649843e88aa2e1277f836edacf98233fa0b5e72

Download Submit
C:\Windows\system\qQSegxk.exe

Filesize
6.0MB

MD5
7ee639f4086bfc2203299e8c04caa6f6

SHA1
2b3ffaa9f74a969b5b5fc55982aa6760221cf1cb

SHA256
27ad5d9388c33aa69b92d4fc42dc6104b05134e3afa693cd239b1b15738ea64e

SHA512
a8ad1b693b07c661f40580230f0a0cddc04c18af02b5924cf1a342aee3ae0c2198d6097eca7598c560c190f9fe07e7746845c0690f1840624096191e03a513e9

Download Submit
C:\Windows\system\tAwcJYO.exe

Filesize
6.0MB

MD5
55ae5476eca93231b7f1c9a299e1cdba

SHA1
e3e17207b05a21940f7571b9d135eca0fe311864

SHA256
3fce15eef8759ebc00579c1c984571350ce090b99aec5a1b093585726d038dea

SHA512
bb2400615c76e353f46337080009c1bec0cc5aefcc61d152cb7a3e7da3b52cc75b18fef6625d306826964d671aa219327c412417c88965886fee91d15d8a4b2b

Download Submit
C:\Windows\system\yQCzWJr.exe

Filesize
6.0MB

MD5
addd6fd8f4b3874a451c4d6eba21500b

SHA1
a8c19e965681b02269024f8a5338ac569e0f0846

SHA256
f04d8dd941c2a789e462ab5f1c674510106031de90cbd4565bf0ab6d7e8bd81b

SHA512
5e5c05c3733b2df165ded09c29d69e9aa1147b6a173d3480431afe42ddf32489fc48d9d85797053c4a178c9554bbe8d98a893dc75beea208cb71193e3350c74d

Download Submit
\Windows\system\KUfrLFF.exe

Filesize
6.0MB

MD5
e58805d9a6df3b47b80b8217b8a8dafe

SHA1
d45913e63348bd55d815c6e2f72138c1e51eeaf7

SHA256
6236c41064b40e05326687c5af8c8cc81602f31e23ff28de7e3fda35f99d22d5

SHA512
6b8be208f02ca3da3072ef08378474107bea23542ca252d45756c031c761c508dd97f5245708700273ed7da8caed15d3b0e4a3829503e8b57dcebe8d4e59aa1f

Download Submit
\Windows\system\LRHfrRH.exe

Filesize
6.0MB

MD5
b92a6f013f4da9dad83ab35eed28631a

SHA1
a656bde4030cbea66904f0a6d05a432a85d93999

SHA256
f4f7868b4e7ec4253aa1025a1b381b0196ce98d426c5d1affc5e3adbc536366e

SHA512
e244e8fc942853127ba34e1244d6402bd4737bf4c7620206563a0050d2d704713aa7f133d78008e6931857a2fd6d321252242f8147b1fcd8f6d2f1f5c05a37f5

Download Submit
\Windows\system\LpcKGrn.exe

Filesize
6.0MB

MD5
af6d1d9f58f967b4b24abefa20cea165

SHA1
042c182d8535fcfc9011fd2a67c0c40982850806

SHA256
bb48d7edcfdd6e29d0b3c9d676366defad612f5badd3fe7fa3f8d998e60de3ee

SHA512
8ee48f04e6d99ed9543ff04c2d2f5669d557186c87c4421a8061e1f8f74fcc31a6ac96e4ac41940cafb78116441fdbd16e5e6138149592c94f09835c5ac66ed1

Download Submit
\Windows\system\dVOkgLE.exe

Filesize
6.0MB

MD5
7c1a3f2072dcd5b7010c498d491c34f2

SHA1
e26d0e8bed755f49d664048e6482baed5dc70405

SHA256
a28c26111d8d3383f5eebfa27c14805533517a8fad300832f3da80a28b02c6e4

SHA512
bb121d085a7fce2abaab164749a6d80e8abce8990087f4fc936251c0456135220ef95faa4fe11252422f9e912443079657bb03bb358722cc46c912226a313d5a

Download Submit
\Windows\system\eejIJfE.exe

Filesize
6.0MB

MD5
76ba02f29197714d40319e674cc69820

SHA1
f2b0052aee3f4111551a2a0f0e398ab4f481127d

SHA256
398b2347e48b2dcfe1a0b6f42ce916c10f299676b583d8c76540fdf078392f71

SHA512
bee8990cc6e8ba089f2646967a3a1b46fa907b45d7bee6f5c6d1eeec8f56e095d3744130b5bd260ea6828016e56349688b474b3b38e2da89806b188bd1dfd043

Download Submit
\Windows\system\gFrslWN.exe

Filesize
6.0MB

MD5
627a071184d16caaa84303b7a6db1c1f

SHA1
6b70eb30cb00bb3bea6504f8e4bbb2b4a822a6f3

SHA256
8aceff648a48c70db6dfe1af88369648c07ae3fa6c14ef06a4ef4ece04ce5618

SHA512
24696ba46010c0c3965fea041e5051bfcee03d77665fe611b4fabcf09ecc44262c122fff62bec541a5cc7d267d6daf409093de2c2888c68ca7cd32949e402c3c

Download Submit
\Windows\system\tWtcNBl.exe

Filesize
6.0MB

MD5
2f9acb59a31512ddeace027d53592624

SHA1
95d8a43466223c3b68d852e9694f7a0d87bbb073

SHA256
0d9a28531115bc40ebfc32f121c770b4ebec2ea2635baf64e118415f0309eb9f

SHA512
87525c73c7a468c8921a4a25fd227cc3342349e071e432967feb72a368c77042e59ae7eedbd70b03adb6e0b2f86837f1b046da2e62ef70d00dc95a406e785073

Download Submit
memory/1140-3713-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/1140-105-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/1668-3707-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/1668-95-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/1896-598-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1896-3722-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1896-91-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-43-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-8-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/1976-3011-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2092-45-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2092-20-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2092-3046-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-27-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2232-3100-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2628-3517-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2628-71-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2716-41-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-3222-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-80-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-72-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3525-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3093-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2780-28-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3161-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2820-76-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2820-34-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2864-73-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2864-3536-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2952-68-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2952-3537-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/3000-348-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/3000-599-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-0-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/3000-29-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/3000-111-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/3000-17-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-70-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-106-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/3000-69-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/3000-44-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-66-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/3000-109-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-597-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-347-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-75-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-102-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-37-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/3000-38-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-12-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-107-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/3000-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download