cobaltstrike | b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a

Analysis

max time kernel
150s
max time network
128s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
29-12-2024 02:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
Size

6.0MB
MD5

b1c60f311441031799cb9b2bfee8109e
SHA1

2e5d8fa387509fbee15d52f4b12e142a8e3563ec
SHA256

b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a
SHA512

a1f9a7fe495bd1c8a043ea24047df464abb14e79856f68b58bfdffb8cb4e417b50056d222363aaeed74e36f306ce3de5900090efdd103d3a79bc27e2ad94b57a
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUN:eOl56utgpPF8u/7N

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a000000012262-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c23-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cab-19.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ce0-39.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ace-56.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-76.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b1-136.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-160.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-192.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-187.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-176.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-170.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-166.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-150.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-146.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-130.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-116.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-98.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194eb-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a3-62.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ce9-47.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ccc-38.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd8-32.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/804-0-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/files/0x000a000000012262-3.dat	xmrig
behavioral1/memory/804-7-0x0000000002200000-0x0000000002554000-memory.dmp	xmrig
behavioral1/memory/2556-9-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/files/0x0009000000016c23-10.dat	xmrig
behavioral1/files/0x0007000000016cab-19.dat	xmrig
behavioral1/memory/2440-15-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2900-36-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/files/0x0008000000016ce0-39.dat	xmrig
behavioral1/files/0x0009000000016ace-56.dat	xmrig
behavioral1/files/0x00050000000194ef-76.dat	xmrig
behavioral1/files/0x00050000000195b1-136.dat	xmrig
behavioral1/files/0x00050000000195bd-160.dat	xmrig
behavioral1/files/0x00050000000195c6-181.dat	xmrig
behavioral1/files/0x000500000001960c-192.dat	xmrig
behavioral1/memory/2324-289-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2724-1623-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2652-1656-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/1312-1671-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2440-2145-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/1936-1683-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/340-1694-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2324-1668-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2104-1657-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2732-1636-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/2772-1622-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2648-1625-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2556-1606-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2900-1617-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2456-1609-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/1936-407-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/804-204-0x0000000002200000-0x0000000002554000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c7-187.dat	xmrig
behavioral1/memory/2652-185-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/804-184-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c5-176.dat	xmrig
behavioral1/files/0x00050000000195c3-170.dat	xmrig
behavioral1/files/0x00050000000195c1-166.dat	xmrig
behavioral1/files/0x00050000000195bb-155.dat	xmrig
behavioral1/files/0x00050000000195b7-150.dat	xmrig
behavioral1/files/0x00050000000195b5-146.dat	xmrig
behavioral1/files/0x00050000000195b3-140.dat	xmrig
behavioral1/files/0x00050000000195af-130.dat	xmrig
behavioral1/files/0x00050000000195ad-126.dat	xmrig
behavioral1/files/0x00050000000195ab-120.dat	xmrig
behavioral1/files/0x00050000000195a9-116.dat	xmrig
behavioral1/files/0x00050000000195a7-110.dat	xmrig
behavioral1/files/0x000500000001957c-105.dat	xmrig
behavioral1/memory/340-102-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x0005000000019547-98.dat	xmrig
behavioral1/memory/1936-93-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/1312-87-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001950f-85.dat	xmrig
behavioral1/memory/2324-83-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2104-81-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019515-90.dat	xmrig
behavioral1/files/0x00050000000194eb-70.dat	xmrig
behavioral1/memory/2652-66-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/2732-59-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/2556-58-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/804-65-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/2440-64-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194a3-62.dat	xmrig
behavioral1/memory/2648-52-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2556	hEqQNVB.exe
2440	ZzrXjAD.exe
2456	ejXXGUW.exe
2900	LoDJYDD.exe
2724	RqwMhFS.exe
2772	LpLCzJa.exe
2648	SVHrwag.exe
2732	adbfGOt.exe
2652	nDsPNvA.exe
2104	oUgwxZp.exe
2324	vvTqrTJ.exe
1312	YtGzLls.exe
1936	DtWoIkd.exe
340	wgIxFBc.exe
384	TWWgEDE.exe
1980	zpKTdpu.exe
2516	xsNJlgI.exe
2980	lhOGFnV.exe
1884	gPetnZj.exe
3008	yChDLVx.exe
2476	VBxJtoS.exe
1972	ohkkhZr.exe
840	vryNLbt.exe
2248	kuafaMu.exe
2544	RURKyTM.exe
2096	KgkiRzG.exe
1812	SudCNQV.exe
1064	QBgaINZ.exe
1964	zUSZCbo.exe
640	rxyYdup.exe
1804	NTOwVvd.exe
968	TdanOOS.exe
1716	RmaJWxo.exe
1748	vWuIPIE.exe
2592	izVgkQs.exe
1056	hLbfGxD.exe
2308	xhdPcqg.exe
1816	DiyoHkU.exe
2044	roZfTmZ.exe
1828	yimWENW.exe
2352	NFNtMPZ.exe
1340	owNIYly.exe
2488	NqOBcZu.exe
1976	KfUHHoq.exe
1344	pNjeKRI.exe
788	lucRJuA.exe
568	LnXPWVp.exe
2704	GammUzu.exe
1668	ZpRtEVJ.exe
536	aVeqGCV.exe
2372	klzpHSh.exe
1720	enZqUmB.exe
2340	dJwIzQh.exe
2728	UpEJkEs.exe
2876	jckuBig.exe
2888	bEaWVDJ.exe
2380	YxhsSZd.exe
1580	qVMaHGN.exe
2604	hvLduOk.exe
3000	AXNKMFz.exe
656	kVkvGnd.exe
2916	IdLCQWf.exe
1176	djSWxmT.exe
2364	MwvrhFg.exe

Loads dropped DLL 64 IoCs

pid	Process
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/804-0-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/files/0x000a000000012262-3.dat	upx
behavioral1/memory/804-7-0x0000000002200000-0x0000000002554000-memory.dmp	upx
behavioral1/memory/2556-9-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/files/0x0009000000016c23-10.dat	upx
behavioral1/files/0x0007000000016cab-19.dat	upx
behavioral1/memory/2440-15-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2900-36-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/files/0x0008000000016ce0-39.dat	upx
behavioral1/files/0x0009000000016ace-56.dat	upx
behavioral1/files/0x00050000000194ef-76.dat	upx
behavioral1/files/0x00050000000195b1-136.dat	upx
behavioral1/files/0x00050000000195bd-160.dat	upx
behavioral1/files/0x00050000000195c6-181.dat	upx
behavioral1/files/0x000500000001960c-192.dat	upx
behavioral1/memory/2324-289-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2724-1623-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2652-1656-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/memory/1312-1671-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2440-2145-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/1936-1683-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/340-1694-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2324-1668-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2104-1657-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2732-1636-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2772-1622-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2648-1625-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2556-1606-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2900-1617-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2456-1609-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/1936-407-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/files/0x00050000000195c7-187.dat	upx
behavioral1/memory/2652-185-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/files/0x00050000000195c5-176.dat	upx
behavioral1/files/0x00050000000195c3-170.dat	upx
behavioral1/files/0x00050000000195c1-166.dat	upx
behavioral1/files/0x00050000000195bb-155.dat	upx
behavioral1/files/0x00050000000195b7-150.dat	upx
behavioral1/files/0x00050000000195b5-146.dat	upx
behavioral1/files/0x00050000000195b3-140.dat	upx
behavioral1/files/0x00050000000195af-130.dat	upx
behavioral1/files/0x00050000000195ad-126.dat	upx
behavioral1/files/0x00050000000195ab-120.dat	upx
behavioral1/files/0x00050000000195a9-116.dat	upx
behavioral1/files/0x00050000000195a7-110.dat	upx
behavioral1/files/0x000500000001957c-105.dat	upx
behavioral1/memory/340-102-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x0005000000019547-98.dat	upx
behavioral1/memory/1936-93-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/1312-87-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/files/0x000500000001950f-85.dat	upx
behavioral1/memory/2324-83-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2104-81-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/files/0x0005000000019515-90.dat	upx
behavioral1/files/0x00050000000194eb-70.dat	upx
behavioral1/memory/2652-66-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/memory/2732-59-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2556-58-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2440-64-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/files/0x00050000000194a3-62.dat	upx
behavioral1/memory/2648-52-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2772-43-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2724-42-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/804-49-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\OZmxIgx.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\LgZnnfY.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\CRTqanN.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\HvhDxsO.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\aTPMYIf.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\mbTbDSR.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\aQmBRol.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\zXyiQtr.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\Gjfqsph.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\TAJfpuY.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\TIzjsch.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\dXuHmVU.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\LDGIoic.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\bDUHFhH.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\LFATvBU.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\XdpuCIO.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\mwbVTQk.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\UBpVzBZ.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\mcOAwcm.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\QTayuNV.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\watfvFq.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\VLbwkgg.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\JIfjHAK.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\FxMQrer.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\ZpKELgt.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\ZZihSrv.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\xcBiWbA.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\XbIkBcR.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\mjihEBi.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\YXfMXEx.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\mToFlgI.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\pSkmUJE.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\jOIDTQW.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\xYZeYBc.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\kYBdtJq.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\aMMXjpU.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\RigaUva.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\CQfUWxy.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\HjGGRxH.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\DUtymVc.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\PctQiwX.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\rxyYdup.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\ZNfnOHX.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\wfTxWoC.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\XFzNfrf.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\YSkaFUI.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\LejKXml.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\MSmPAlf.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\bZOiWzb.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\uqwPSqU.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\sDijoBU.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\RuPfUgY.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\AAkYmTa.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\UnTciwV.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\jiJUeyD.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\mOOunhb.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\kmSuodT.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\zKNFXeZ.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\GKhMHfS.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\iLZZsak.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\FfGvIPM.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\qdINGqp.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\jYaSPnm.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
File created	C:\Windows\System\HDWpchr.exe	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 804 wrote to memory of 2556	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	32
PID 804 wrote to memory of 2556	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	32
PID 804 wrote to memory of 2556	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	32
PID 804 wrote to memory of 2440	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	33
PID 804 wrote to memory of 2440	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	33
PID 804 wrote to memory of 2440	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	33
PID 804 wrote to memory of 2456	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	34
PID 804 wrote to memory of 2456	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	34
PID 804 wrote to memory of 2456	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	34
PID 804 wrote to memory of 2724	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	35
PID 804 wrote to memory of 2724	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	35
PID 804 wrote to memory of 2724	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	35
PID 804 wrote to memory of 2900	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	36
PID 804 wrote to memory of 2900	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	36
PID 804 wrote to memory of 2900	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	36
PID 804 wrote to memory of 2772	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	37
PID 804 wrote to memory of 2772	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	37
PID 804 wrote to memory of 2772	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	37
PID 804 wrote to memory of 2648	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	38
PID 804 wrote to memory of 2648	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	38
PID 804 wrote to memory of 2648	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	38
PID 804 wrote to memory of 2732	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	39
PID 804 wrote to memory of 2732	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	39
PID 804 wrote to memory of 2732	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	39
PID 804 wrote to memory of 2652	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	40
PID 804 wrote to memory of 2652	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	40
PID 804 wrote to memory of 2652	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	40
PID 804 wrote to memory of 2104	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	41
PID 804 wrote to memory of 2104	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	41
PID 804 wrote to memory of 2104	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	41
PID 804 wrote to memory of 2324	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	42
PID 804 wrote to memory of 2324	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	42
PID 804 wrote to memory of 2324	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	42
PID 804 wrote to memory of 1312	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	43
PID 804 wrote to memory of 1312	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	43
PID 804 wrote to memory of 1312	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	43
PID 804 wrote to memory of 1936	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	44
PID 804 wrote to memory of 1936	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	44
PID 804 wrote to memory of 1936	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	44
PID 804 wrote to memory of 340	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	45
PID 804 wrote to memory of 340	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	45
PID 804 wrote to memory of 340	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	45
PID 804 wrote to memory of 384	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	46
PID 804 wrote to memory of 384	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	46
PID 804 wrote to memory of 384	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	46
PID 804 wrote to memory of 1980	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	47
PID 804 wrote to memory of 1980	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	47
PID 804 wrote to memory of 1980	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	47
PID 804 wrote to memory of 2516	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	48
PID 804 wrote to memory of 2516	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	48
PID 804 wrote to memory of 2516	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	48
PID 804 wrote to memory of 2980	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	49
PID 804 wrote to memory of 2980	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	49
PID 804 wrote to memory of 2980	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	49
PID 804 wrote to memory of 1884	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	50
PID 804 wrote to memory of 1884	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	50
PID 804 wrote to memory of 1884	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	50
PID 804 wrote to memory of 3008	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	51
PID 804 wrote to memory of 3008	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	51
PID 804 wrote to memory of 3008	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	51
PID 804 wrote to memory of 2476	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	52
PID 804 wrote to memory of 2476	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	52
PID 804 wrote to memory of 2476	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	52
PID 804 wrote to memory of 1972	804	JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe	53

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b5740d144f91b53b984c24ada3824b5be04befe18c2b8f32660ca459c613071a.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:804
- C:\Windows\System\hEqQNVB.exe
  C:\Windows\System\hEqQNVB.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\ZzrXjAD.exe
  C:\Windows\System\ZzrXjAD.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\ejXXGUW.exe
  C:\Windows\System\ejXXGUW.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\RqwMhFS.exe
  C:\Windows\System\RqwMhFS.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\LoDJYDD.exe
  C:\Windows\System\LoDJYDD.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\LpLCzJa.exe
  C:\Windows\System\LpLCzJa.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\SVHrwag.exe
  C:\Windows\System\SVHrwag.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\adbfGOt.exe
  C:\Windows\System\adbfGOt.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\nDsPNvA.exe
  C:\Windows\System\nDsPNvA.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\oUgwxZp.exe
  C:\Windows\System\oUgwxZp.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\vvTqrTJ.exe
  C:\Windows\System\vvTqrTJ.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\YtGzLls.exe
  C:\Windows\System\YtGzLls.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\DtWoIkd.exe
  C:\Windows\System\DtWoIkd.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\wgIxFBc.exe
  C:\Windows\System\wgIxFBc.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\TWWgEDE.exe
  C:\Windows\System\TWWgEDE.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\zpKTdpu.exe
  C:\Windows\System\zpKTdpu.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\xsNJlgI.exe
  C:\Windows\System\xsNJlgI.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\lhOGFnV.exe
  C:\Windows\System\lhOGFnV.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\gPetnZj.exe
  C:\Windows\System\gPetnZj.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\yChDLVx.exe
  C:\Windows\System\yChDLVx.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\VBxJtoS.exe
  C:\Windows\System\VBxJtoS.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\ohkkhZr.exe
  C:\Windows\System\ohkkhZr.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\vryNLbt.exe
  C:\Windows\System\vryNLbt.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\kuafaMu.exe
  C:\Windows\System\kuafaMu.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\RURKyTM.exe
  C:\Windows\System\RURKyTM.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\KgkiRzG.exe
  C:\Windows\System\KgkiRzG.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\SudCNQV.exe
  C:\Windows\System\SudCNQV.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\QBgaINZ.exe
  C:\Windows\System\QBgaINZ.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\zUSZCbo.exe
  C:\Windows\System\zUSZCbo.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\rxyYdup.exe
  C:\Windows\System\rxyYdup.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\NTOwVvd.exe
  C:\Windows\System\NTOwVvd.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\TdanOOS.exe
  C:\Windows\System\TdanOOS.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\RmaJWxo.exe
  C:\Windows\System\RmaJWxo.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\vWuIPIE.exe
  C:\Windows\System\vWuIPIE.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\izVgkQs.exe
  C:\Windows\System\izVgkQs.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\hLbfGxD.exe
  C:\Windows\System\hLbfGxD.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\xhdPcqg.exe
  C:\Windows\System\xhdPcqg.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\DiyoHkU.exe
  C:\Windows\System\DiyoHkU.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\roZfTmZ.exe
  C:\Windows\System\roZfTmZ.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\yimWENW.exe
  C:\Windows\System\yimWENW.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\NFNtMPZ.exe
  C:\Windows\System\NFNtMPZ.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\owNIYly.exe
  C:\Windows\System\owNIYly.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\NqOBcZu.exe
  C:\Windows\System\NqOBcZu.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\KfUHHoq.exe
  C:\Windows\System\KfUHHoq.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\pNjeKRI.exe
  C:\Windows\System\pNjeKRI.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\lucRJuA.exe
  C:\Windows\System\lucRJuA.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\LnXPWVp.exe
  C:\Windows\System\LnXPWVp.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\GammUzu.exe
  C:\Windows\System\GammUzu.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\ZpRtEVJ.exe
  C:\Windows\System\ZpRtEVJ.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\aVeqGCV.exe
  C:\Windows\System\aVeqGCV.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\klzpHSh.exe
  C:\Windows\System\klzpHSh.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\enZqUmB.exe
  C:\Windows\System\enZqUmB.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\dJwIzQh.exe
  C:\Windows\System\dJwIzQh.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\UpEJkEs.exe
  C:\Windows\System\UpEJkEs.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\jckuBig.exe
  C:\Windows\System\jckuBig.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\bEaWVDJ.exe
  C:\Windows\System\bEaWVDJ.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\YxhsSZd.exe
  C:\Windows\System\YxhsSZd.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\qVMaHGN.exe
  C:\Windows\System\qVMaHGN.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\hvLduOk.exe
  C:\Windows\System\hvLduOk.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\AXNKMFz.exe
  C:\Windows\System\AXNKMFz.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\kVkvGnd.exe
  C:\Windows\System\kVkvGnd.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\IdLCQWf.exe
  C:\Windows\System\IdLCQWf.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\djSWxmT.exe
  C:\Windows\System\djSWxmT.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\MwvrhFg.exe
  C:\Windows\System\MwvrhFg.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\VubxZrI.exe
  C:\Windows\System\VubxZrI.exe
  2⤵
  PID:1900
- C:\Windows\System\vDQILLM.exe
  C:\Windows\System\vDQILLM.exe
  2⤵
  PID:1628
- C:\Windows\System\UnTciwV.exe
  C:\Windows\System\UnTciwV.exe
  2⤵
  PID:2084
- C:\Windows\System\ASDaWjV.exe
  C:\Windows\System\ASDaWjV.exe
  2⤵
  PID:1728
- C:\Windows\System\ckPxrHT.exe
  C:\Windows\System\ckPxrHT.exe
  2⤵
  PID:1520
- C:\Windows\System\nyjBdGr.exe
  C:\Windows\System\nyjBdGr.exe
  2⤵
  PID:928
- C:\Windows\System\llypbXl.exe
  C:\Windows\System\llypbXl.exe
  2⤵
  PID:952
- C:\Windows\System\twWzkVb.exe
  C:\Windows\System\twWzkVb.exe
  2⤵
  PID:2864
- C:\Windows\System\POtXFrX.exe
  C:\Windows\System\POtXFrX.exe
  2⤵
  PID:2004
- C:\Windows\System\ijWUboD.exe
  C:\Windows\System\ijWUboD.exe
  2⤵
  PID:1060
- C:\Windows\System\TLYHJep.exe
  C:\Windows\System\TLYHJep.exe
  2⤵
  PID:1688
- C:\Windows\System\CLzqfAv.exe
  C:\Windows\System\CLzqfAv.exe
  2⤵
  PID:2040
- C:\Windows\System\JoEUASG.exe
  C:\Windows\System\JoEUASG.exe
  2⤵
  PID:2416
- C:\Windows\System\nArWlXw.exe
  C:\Windows\System\nArWlXw.exe
  2⤵
  PID:2596
- C:\Windows\System\UBOXQRc.exe
  C:\Windows\System\UBOXQRc.exe
  2⤵
  PID:856
- C:\Windows\System\HOvbzUa.exe
  C:\Windows\System\HOvbzUa.exe
  2⤵
  PID:2428
- C:\Windows\System\JWRvMis.exe
  C:\Windows\System\JWRvMis.exe
  2⤵
  PID:1012
- C:\Windows\System\XWQQuJh.exe
  C:\Windows\System\XWQQuJh.exe
  2⤵
  PID:2208
- C:\Windows\System\DYagOQQ.exe
  C:\Windows\System\DYagOQQ.exe
  2⤵
  PID:2212
- C:\Windows\System\bDUHFhH.exe
  C:\Windows\System\bDUHFhH.exe
  2⤵
  PID:1596
- C:\Windows\System\AYgttXx.exe
  C:\Windows\System\AYgttXx.exe
  2⤵
  PID:2880
- C:\Windows\System\AdjceFi.exe
  C:\Windows\System\AdjceFi.exe
  2⤵
  PID:3056
- C:\Windows\System\zEtUadp.exe
  C:\Windows\System\zEtUadp.exe
  2⤵
  PID:2692
- C:\Windows\System\zAqZNAr.exe
  C:\Windows\System\zAqZNAr.exe
  2⤵
  PID:2632
- C:\Windows\System\yLRMuFl.exe
  C:\Windows\System\yLRMuFl.exe
  2⤵
  PID:2984
- C:\Windows\System\UgbVhXp.exe
  C:\Windows\System\UgbVhXp.exe
  2⤵
  PID:2820
- C:\Windows\System\fnzVQoa.exe
  C:\Windows\System\fnzVQoa.exe
  2⤵
  PID:2384
- C:\Windows\System\UwhWDoO.exe
  C:\Windows\System\UwhWDoO.exe
  2⤵
  PID:3088
- C:\Windows\System\AbpycRX.exe
  C:\Windows\System\AbpycRX.exe
  2⤵
  PID:3108
- C:\Windows\System\DxpmYpo.exe
  C:\Windows\System\DxpmYpo.exe
  2⤵
  PID:3128
- C:\Windows\System\nBMHUkB.exe
  C:\Windows\System\nBMHUkB.exe
  2⤵
  PID:3148
- C:\Windows\System\RdjOYdl.exe
  C:\Windows\System\RdjOYdl.exe
  2⤵
  PID:3168
- C:\Windows\System\ENnFeYv.exe
  C:\Windows\System\ENnFeYv.exe
  2⤵
  PID:3188
- C:\Windows\System\ugTZfta.exe
  C:\Windows\System\ugTZfta.exe
  2⤵
  PID:3212
- C:\Windows\System\gAaoQjV.exe
  C:\Windows\System\gAaoQjV.exe
  2⤵
  PID:3232
- C:\Windows\System\jsYwXZf.exe
  C:\Windows\System\jsYwXZf.exe
  2⤵
  PID:3248
- C:\Windows\System\HpXpWSc.exe
  C:\Windows\System\HpXpWSc.exe
  2⤵
  PID:3272
- C:\Windows\System\eYyKlyG.exe
  C:\Windows\System\eYyKlyG.exe
  2⤵
  PID:3296
- C:\Windows\System\zjJqwuI.exe
  C:\Windows\System\zjJqwuI.exe
  2⤵
  PID:3316
- C:\Windows\System\RftyyTM.exe
  C:\Windows\System\RftyyTM.exe
  2⤵
  PID:3340
- C:\Windows\System\WabuJXm.exe
  C:\Windows\System\WabuJXm.exe
  2⤵
  PID:3360
- C:\Windows\System\fugGIIr.exe
  C:\Windows\System\fugGIIr.exe
  2⤵
  PID:3380
- C:\Windows\System\ThFQswm.exe
  C:\Windows\System\ThFQswm.exe
  2⤵
  PID:3400
- C:\Windows\System\ZEeTsGP.exe
  C:\Windows\System\ZEeTsGP.exe
  2⤵
  PID:3420
- C:\Windows\System\vWVirlp.exe
  C:\Windows\System\vWVirlp.exe
  2⤵
  PID:3440
- C:\Windows\System\ZNAnbsm.exe
  C:\Windows\System\ZNAnbsm.exe
  2⤵
  PID:3460
- C:\Windows\System\LyScuIB.exe
  C:\Windows\System\LyScuIB.exe
  2⤵
  PID:3480
- C:\Windows\System\bednQnG.exe
  C:\Windows\System\bednQnG.exe
  2⤵
  PID:3500
- C:\Windows\System\wPsKLvl.exe
  C:\Windows\System\wPsKLvl.exe
  2⤵
  PID:3520
- C:\Windows\System\srJscui.exe
  C:\Windows\System\srJscui.exe
  2⤵
  PID:3540
- C:\Windows\System\SsbpPLn.exe
  C:\Windows\System\SsbpPLn.exe
  2⤵
  PID:3560
- C:\Windows\System\KsDCmMf.exe
  C:\Windows\System\KsDCmMf.exe
  2⤵
  PID:3580
- C:\Windows\System\ZrVitfH.exe
  C:\Windows\System\ZrVitfH.exe
  2⤵
  PID:3600
- C:\Windows\System\DimYMeu.exe
  C:\Windows\System\DimYMeu.exe
  2⤵
  PID:3620
- C:\Windows\System\YPouWvq.exe
  C:\Windows\System\YPouWvq.exe
  2⤵
  PID:3644
- C:\Windows\System\xjaLtoj.exe
  C:\Windows\System\xjaLtoj.exe
  2⤵
  PID:3664
- C:\Windows\System\iSOzKyM.exe
  C:\Windows\System\iSOzKyM.exe
  2⤵
  PID:3684
- C:\Windows\System\uoGyOGe.exe
  C:\Windows\System\uoGyOGe.exe
  2⤵
  PID:3704
- C:\Windows\System\LvIaUGc.exe
  C:\Windows\System\LvIaUGc.exe
  2⤵
  PID:3724
- C:\Windows\System\ggHmpTy.exe
  C:\Windows\System\ggHmpTy.exe
  2⤵
  PID:3744
- C:\Windows\System\xWzbwTu.exe
  C:\Windows\System\xWzbwTu.exe
  2⤵
  PID:3764
- C:\Windows\System\NnnxRBU.exe
  C:\Windows\System\NnnxRBU.exe
  2⤵
  PID:3784
- C:\Windows\System\pZcnQJY.exe
  C:\Windows\System\pZcnQJY.exe
  2⤵
  PID:3800
- C:\Windows\System\zLuoaEK.exe
  C:\Windows\System\zLuoaEK.exe
  2⤵
  PID:3824
- C:\Windows\System\qdDcAPf.exe
  C:\Windows\System\qdDcAPf.exe
  2⤵
  PID:3848
- C:\Windows\System\ajChUWH.exe
  C:\Windows\System\ajChUWH.exe
  2⤵
  PID:3868
- C:\Windows\System\ZJIMWhz.exe
  C:\Windows\System\ZJIMWhz.exe
  2⤵
  PID:3888
- C:\Windows\System\EXHOGxo.exe
  C:\Windows\System\EXHOGxo.exe
  2⤵
  PID:3908
- C:\Windows\System\wHqFscW.exe
  C:\Windows\System\wHqFscW.exe
  2⤵
  PID:3928
- C:\Windows\System\QTayuNV.exe
  C:\Windows\System\QTayuNV.exe
  2⤵
  PID:3948
- C:\Windows\System\eWPhNDT.exe
  C:\Windows\System\eWPhNDT.exe
  2⤵
  PID:3972
- C:\Windows\System\watfvFq.exe
  C:\Windows\System\watfvFq.exe
  2⤵
  PID:3992
- C:\Windows\System\YhoRrrb.exe
  C:\Windows\System\YhoRrrb.exe
  2⤵
  PID:4012
- C:\Windows\System\ndAkfcX.exe
  C:\Windows\System\ndAkfcX.exe
  2⤵
  PID:4032
- C:\Windows\System\rFhADlE.exe
  C:\Windows\System\rFhADlE.exe
  2⤵
  PID:4052
- C:\Windows\System\WGmSCqy.exe
  C:\Windows\System\WGmSCqy.exe
  2⤵
  PID:4072
- C:\Windows\System\fqCwyMM.exe
  C:\Windows\System\fqCwyMM.exe
  2⤵
  PID:4088
- C:\Windows\System\fNjxjkd.exe
  C:\Windows\System\fNjxjkd.exe
  2⤵
  PID:2944
- C:\Windows\System\aMMXjpU.exe
  C:\Windows\System\aMMXjpU.exe
  2⤵
  PID:1332
- C:\Windows\System\eeQZqhl.exe
  C:\Windows\System\eeQZqhl.exe
  2⤵
  PID:3052
- C:\Windows\System\XcXHCmA.exe
  C:\Windows\System\XcXHCmA.exe
  2⤵
  PID:1164
- C:\Windows\System\EVDiMwM.exe
  C:\Windows\System\EVDiMwM.exe
  2⤵
  PID:824
- C:\Windows\System\JhmDynv.exe
  C:\Windows\System\JhmDynv.exe
  2⤵
  PID:1788
- C:\Windows\System\SKJyOIK.exe
  C:\Windows\System\SKJyOIK.exe
  2⤵
  PID:1540
- C:\Windows\System\BuIBCzR.exe
  C:\Windows\System\BuIBCzR.exe
  2⤵
  PID:836
- C:\Windows\System\WiRNVEZ.exe
  C:\Windows\System\WiRNVEZ.exe
  2⤵
  PID:2116
- C:\Windows\System\pBxtIlw.exe
  C:\Windows\System\pBxtIlw.exe
  2⤵
  PID:2484
- C:\Windows\System\wBiSFwK.exe
  C:\Windows\System\wBiSFwK.exe
  2⤵
  PID:2188
- C:\Windows\System\hWwosEG.exe
  C:\Windows\System\hWwosEG.exe
  2⤵
  PID:1700
- C:\Windows\System\lajvjoS.exe
  C:\Windows\System\lajvjoS.exe
  2⤵
  PID:2620
- C:\Windows\System\TmaMNgR.exe
  C:\Windows\System\TmaMNgR.exe
  2⤵
  PID:1104
- C:\Windows\System\hnHfKGX.exe
  C:\Windows\System\hnHfKGX.exe
  2⤵
  PID:3076
- C:\Windows\System\VNEbnbR.exe
  C:\Windows\System\VNEbnbR.exe
  2⤵
  PID:3080
- C:\Windows\System\lLJmveb.exe
  C:\Windows\System\lLJmveb.exe
  2⤵
  PID:3124
- C:\Windows\System\qrZMWsa.exe
  C:\Windows\System\qrZMWsa.exe
  2⤵
  PID:3156
- C:\Windows\System\erQUnFy.exe
  C:\Windows\System\erQUnFy.exe
  2⤵
  PID:3140
- C:\Windows\System\fIZrQuK.exe
  C:\Windows\System\fIZrQuK.exe
  2⤵
  PID:3208
- C:\Windows\System\PoxhdqK.exe
  C:\Windows\System\PoxhdqK.exe
  2⤵
  PID:3240
- C:\Windows\System\xMjcxyX.exe
  C:\Windows\System\xMjcxyX.exe
  2⤵
  PID:3268
- C:\Windows\System\KJcrava.exe
  C:\Windows\System\KJcrava.exe
  2⤵
  PID:3328
- C:\Windows\System\dvkLpPZ.exe
  C:\Windows\System\dvkLpPZ.exe
  2⤵
  PID:3348
- C:\Windows\System\yWouZrM.exe
  C:\Windows\System\yWouZrM.exe
  2⤵
  PID:3372
- C:\Windows\System\sfPOIpk.exe
  C:\Windows\System\sfPOIpk.exe
  2⤵
  PID:3392
- C:\Windows\System\nVwiGxB.exe
  C:\Windows\System\nVwiGxB.exe
  2⤵
  PID:3432
- C:\Windows\System\boLFVCI.exe
  C:\Windows\System\boLFVCI.exe
  2⤵
  PID:3476
- C:\Windows\System\KDQUWwr.exe
  C:\Windows\System\KDQUWwr.exe
  2⤵
  PID:3492
- C:\Windows\System\dnPzhoH.exe
  C:\Windows\System\dnPzhoH.exe
  2⤵
  PID:3512
- C:\Windows\System\NduIMfY.exe
  C:\Windows\System\NduIMfY.exe
  2⤵
  PID:3568
- C:\Windows\System\cGbJJlp.exe
  C:\Windows\System\cGbJJlp.exe
  2⤵
  PID:3596
- C:\Windows\System\ZAGzjQW.exe
  C:\Windows\System\ZAGzjQW.exe
  2⤵
  PID:3616
- C:\Windows\System\wWrEBep.exe
  C:\Windows\System\wWrEBep.exe
  2⤵
  PID:3692
- C:\Windows\System\AtQAWXD.exe
  C:\Windows\System\AtQAWXD.exe
  2⤵
  PID:3712
- C:\Windows\System\gtCEFJl.exe
  C:\Windows\System\gtCEFJl.exe
  2⤵
  PID:3740
- C:\Windows\System\gDTeXcO.exe
  C:\Windows\System\gDTeXcO.exe
  2⤵
  PID:3780
- C:\Windows\System\IuTjfAb.exe
  C:\Windows\System\IuTjfAb.exe
  2⤵
  PID:3796
- C:\Windows\System\nTPDeoi.exe
  C:\Windows\System\nTPDeoi.exe
  2⤵
  PID:3844
- C:\Windows\System\ocTsAbT.exe
  C:\Windows\System\ocTsAbT.exe
  2⤵
  PID:3904
- C:\Windows\System\jPPcvWt.exe
  C:\Windows\System\jPPcvWt.exe
  2⤵
  PID:3936
- C:\Windows\System\SbpwVrb.exe
  C:\Windows\System\SbpwVrb.exe
  2⤵
  PID:3924
- C:\Windows\System\OumsSPc.exe
  C:\Windows\System\OumsSPc.exe
  2⤵
  PID:3980
- C:\Windows\System\JImjGpk.exe
  C:\Windows\System\JImjGpk.exe
  2⤵
  PID:4028
- C:\Windows\System\EWkOaUa.exe
  C:\Windows\System\EWkOaUa.exe
  2⤵
  PID:4024
- C:\Windows\System\lRRajbu.exe
  C:\Windows\System\lRRajbu.exe
  2⤵
  PID:4064
- C:\Windows\System\iRGtFFR.exe
  C:\Windows\System\iRGtFFR.exe
  2⤵
  PID:4080
- C:\Windows\System\sdbIMYN.exe
  C:\Windows\System\sdbIMYN.exe
  2⤵
  PID:1180
- C:\Windows\System\rvQOuph.exe
  C:\Windows\System\rvQOuph.exe
  2⤵
  PID:1016
- C:\Windows\System\ywrbmWY.exe
  C:\Windows\System\ywrbmWY.exe
  2⤵
  PID:2480
- C:\Windows\System\OgpUwgH.exe
  C:\Windows\System\OgpUwgH.exe
  2⤵
  PID:2392
- C:\Windows\System\stRBPmW.exe
  C:\Windows\System\stRBPmW.exe
  2⤵
  PID:2920
- C:\Windows\System\nhkGitE.exe
  C:\Windows\System\nhkGitE.exe
  2⤵
  PID:2388
- C:\Windows\System\qCZnYqv.exe
  C:\Windows\System\qCZnYqv.exe
  2⤵
  PID:2452
- C:\Windows\System\edCfpJA.exe
  C:\Windows\System\edCfpJA.exe
  2⤵
  PID:2524
- C:\Windows\System\HBeQihq.exe
  C:\Windows\System\HBeQihq.exe
  2⤵
  PID:3116
- C:\Windows\System\DWLlWDj.exe
  C:\Windows\System\DWLlWDj.exe
  2⤵
  PID:3160
- C:\Windows\System\LQjmzFs.exe
  C:\Windows\System\LQjmzFs.exe
  2⤵
  PID:3224
- C:\Windows\System\yOdLnSU.exe
  C:\Windows\System\yOdLnSU.exe
  2⤵
  PID:3324
- C:\Windows\System\fFlBtkW.exe
  C:\Windows\System\fFlBtkW.exe
  2⤵
  PID:3120
- C:\Windows\System\UxOoDkK.exe
  C:\Windows\System\UxOoDkK.exe
  2⤵
  PID:3376
- C:\Windows\System\mfdATRZ.exe
  C:\Windows\System\mfdATRZ.exe
  2⤵
  PID:3436
- C:\Windows\System\OVrsESy.exe
  C:\Windows\System\OVrsESy.exe
  2⤵
  PID:3472
- C:\Windows\System\EzRXFuk.exe
  C:\Windows\System\EzRXFuk.exe
  2⤵
  PID:3552
- C:\Windows\System\UneBxrX.exe
  C:\Windows\System\UneBxrX.exe
  2⤵
  PID:3676
- C:\Windows\System\KMNFCMP.exe
  C:\Windows\System\KMNFCMP.exe
  2⤵
  PID:3756
- C:\Windows\System\NMVgzWB.exe
  C:\Windows\System\NMVgzWB.exe
  2⤵
  PID:3840
- C:\Windows\System\GKwkTdY.exe
  C:\Windows\System\GKwkTdY.exe
  2⤵
  PID:3572
- C:\Windows\System\EeSLboA.exe
  C:\Windows\System\EeSLboA.exe
  2⤵
  PID:3884
- C:\Windows\System\uLuZTXA.exe
  C:\Windows\System\uLuZTXA.exe
  2⤵
  PID:3964
- C:\Windows\System\VwAiiqQ.exe
  C:\Windows\System\VwAiiqQ.exe
  2⤵
  PID:1512
- C:\Windows\System\CCHoEMA.exe
  C:\Windows\System\CCHoEMA.exe
  2⤵
  PID:3808
- C:\Windows\System\pvUsElU.exe
  C:\Windows\System\pvUsElU.exe
  2⤵
  PID:936
- C:\Windows\System\sDQTFos.exe
  C:\Windows\System\sDQTFos.exe
  2⤵
  PID:1532
- C:\Windows\System\BdGSfRT.exe
  C:\Windows\System\BdGSfRT.exe
  2⤵
  PID:612
- C:\Windows\System\cSkRtbk.exe
  C:\Windows\System\cSkRtbk.exe
  2⤵
  PID:4068
- C:\Windows\System\JIrwtJZ.exe
  C:\Windows\System\JIrwtJZ.exe
  2⤵
  PID:2988
- C:\Windows\System\VYFWjVy.exe
  C:\Windows\System\VYFWjVy.exe
  2⤵
  PID:2824
- C:\Windows\System\LOoHLHE.exe
  C:\Windows\System\LOoHLHE.exe
  2⤵
  PID:3084
- C:\Windows\System\ghDDbGl.exe
  C:\Windows\System\ghDDbGl.exe
  2⤵
  PID:3284
- C:\Windows\System\nAcgVye.exe
  C:\Windows\System\nAcgVye.exe
  2⤵
  PID:2720
- C:\Windows\System\JzQqTjP.exe
  C:\Windows\System\JzQqTjP.exe
  2⤵
  PID:1712
- C:\Windows\System\KYxfMtJ.exe
  C:\Windows\System\KYxfMtJ.exe
  2⤵
  PID:3448
- C:\Windows\System\YoKXSCR.exe
  C:\Windows\System\YoKXSCR.exe
  2⤵
  PID:3100
- C:\Windows\System\MjiSDwo.exe
  C:\Windows\System\MjiSDwo.exe
  2⤵
  PID:4104
- C:\Windows\System\FHUnLSw.exe
  C:\Windows\System\FHUnLSw.exe
  2⤵
  PID:4132
- C:\Windows\System\tHavZhy.exe
  C:\Windows\System\tHavZhy.exe
  2⤵
  PID:4152
- C:\Windows\System\ZwKheZN.exe
  C:\Windows\System\ZwKheZN.exe
  2⤵
  PID:4172
- C:\Windows\System\zgQXIay.exe
  C:\Windows\System\zgQXIay.exe
  2⤵
  PID:4192
- C:\Windows\System\GvjMnXn.exe
  C:\Windows\System\GvjMnXn.exe
  2⤵
  PID:4208
- C:\Windows\System\gLXOLks.exe
  C:\Windows\System\gLXOLks.exe
  2⤵
  PID:4224
- C:\Windows\System\qSxZAvt.exe
  C:\Windows\System\qSxZAvt.exe
  2⤵
  PID:4252
- C:\Windows\System\YLUdBdU.exe
  C:\Windows\System\YLUdBdU.exe
  2⤵
  PID:4268
- C:\Windows\System\JAmhPwH.exe
  C:\Windows\System\JAmhPwH.exe
  2⤵
  PID:4288
- C:\Windows\System\qWozsOa.exe
  C:\Windows\System\qWozsOa.exe
  2⤵
  PID:4304
- C:\Windows\System\woSMkWy.exe
  C:\Windows\System\woSMkWy.exe
  2⤵
  PID:4324
- C:\Windows\System\fIeknvl.exe
  C:\Windows\System\fIeknvl.exe
  2⤵
  PID:4344
- C:\Windows\System\GziUnmM.exe
  C:\Windows\System\GziUnmM.exe
  2⤵
  PID:4364
- C:\Windows\System\kHvsVgH.exe
  C:\Windows\System\kHvsVgH.exe
  2⤵
  PID:4384
- C:\Windows\System\pUlgBFK.exe
  C:\Windows\System\pUlgBFK.exe
  2⤵
  PID:4404
- C:\Windows\System\sKiLqeD.exe
  C:\Windows\System\sKiLqeD.exe
  2⤵
  PID:4428
- C:\Windows\System\JKbqdaa.exe
  C:\Windows\System\JKbqdaa.exe
  2⤵
  PID:4444
- C:\Windows\System\NilCOfk.exe
  C:\Windows\System\NilCOfk.exe
  2⤵
  PID:4472
- C:\Windows\System\DYRxBsR.exe
  C:\Windows\System\DYRxBsR.exe
  2⤵
  PID:4492
- C:\Windows\System\IEZuVNo.exe
  C:\Windows\System\IEZuVNo.exe
  2⤵
  PID:4516
- C:\Windows\System\OvxzwdJ.exe
  C:\Windows\System\OvxzwdJ.exe
  2⤵
  PID:4532
- C:\Windows\System\ODGEgeC.exe
  C:\Windows\System\ODGEgeC.exe
  2⤵
  PID:4548
- C:\Windows\System\RmDFpWj.exe
  C:\Windows\System\RmDFpWj.exe
  2⤵
  PID:4572
- C:\Windows\System\KDiBjlY.exe
  C:\Windows\System\KDiBjlY.exe
  2⤵
  PID:4596
- C:\Windows\System\hrtCEwe.exe
  C:\Windows\System\hrtCEwe.exe
  2⤵
  PID:4612
- C:\Windows\System\Yvglspt.exe
  C:\Windows\System\Yvglspt.exe
  2⤵
  PID:4628
- C:\Windows\System\juykMdu.exe
  C:\Windows\System\juykMdu.exe
  2⤵
  PID:4652
- C:\Windows\System\GPwJpBu.exe
  C:\Windows\System\GPwJpBu.exe
  2⤵
  PID:4668
- C:\Windows\System\QcFUOWh.exe
  C:\Windows\System\QcFUOWh.exe
  2⤵
  PID:4692
- C:\Windows\System\cIcEzIR.exe
  C:\Windows\System\cIcEzIR.exe
  2⤵
  PID:4712
- C:\Windows\System\UNRzQch.exe
  C:\Windows\System\UNRzQch.exe
  2⤵
  PID:4732
- C:\Windows\System\zVxuNpr.exe
  C:\Windows\System\zVxuNpr.exe
  2⤵
  PID:4828
- C:\Windows\System\ZKKfrpc.exe
  C:\Windows\System\ZKKfrpc.exe
  2⤵
  PID:4848
- C:\Windows\System\IDDirjc.exe
  C:\Windows\System\IDDirjc.exe
  2⤵
  PID:4872
- C:\Windows\System\RxBoZnR.exe
  C:\Windows\System\RxBoZnR.exe
  2⤵
  PID:4892
- C:\Windows\System\ekexxfh.exe
  C:\Windows\System\ekexxfh.exe
  2⤵
  PID:4912
- C:\Windows\System\WnIYzqe.exe
  C:\Windows\System\WnIYzqe.exe
  2⤵
  PID:4928
- C:\Windows\System\jgQuRDc.exe
  C:\Windows\System\jgQuRDc.exe
  2⤵
  PID:4948
- C:\Windows\System\qiommRK.exe
  C:\Windows\System\qiommRK.exe
  2⤵
  PID:4968
- C:\Windows\System\DpofVBe.exe
  C:\Windows\System\DpofVBe.exe
  2⤵
  PID:4988
- C:\Windows\System\VrOQbWD.exe
  C:\Windows\System\VrOQbWD.exe
  2⤵
  PID:5012
- C:\Windows\System\sVCUEAV.exe
  C:\Windows\System\sVCUEAV.exe
  2⤵
  PID:5028
- C:\Windows\System\HTLSwOv.exe
  C:\Windows\System\HTLSwOv.exe
  2⤵
  PID:5052
- C:\Windows\System\LFATvBU.exe
  C:\Windows\System\LFATvBU.exe
  2⤵
  PID:5072
- C:\Windows\System\aNnRURD.exe
  C:\Windows\System\aNnRURD.exe
  2⤵
  PID:5088
- C:\Windows\System\yluSYDU.exe
  C:\Windows\System\yluSYDU.exe
  2⤵
  PID:5112
- C:\Windows\System\deiKXmJ.exe
  C:\Windows\System\deiKXmJ.exe
  2⤵
  PID:3452
- C:\Windows\System\nrRAEQP.exe
  C:\Windows\System\nrRAEQP.exe
  2⤵
  PID:3260
- C:\Windows\System\zVKsdHQ.exe
  C:\Windows\System\zVKsdHQ.exe
  2⤵
  PID:3752
- C:\Windows\System\CAinpaj.exe
  C:\Windows\System\CAinpaj.exe
  2⤵
  PID:3968
- C:\Windows\System\mhLYDlG.exe
  C:\Windows\System\mhLYDlG.exe
  2⤵
  PID:3812
- C:\Windows\System\BxuBKxX.exe
  C:\Windows\System\BxuBKxX.exe
  2⤵
  PID:4048
- C:\Windows\System\AqtniOf.exe
  C:\Windows\System\AqtniOf.exe
  2⤵
  PID:3628
- C:\Windows\System\hveHmef.exe
  C:\Windows\System\hveHmef.exe
  2⤵
  PID:2024
- C:\Windows\System\pnTjaId.exe
  C:\Windows\System\pnTjaId.exe
  2⤵
  PID:3896
- C:\Windows\System\gnzqpAC.exe
  C:\Windows\System\gnzqpAC.exe
  2⤵
  PID:852
- C:\Windows\System\HVbsurS.exe
  C:\Windows\System\HVbsurS.exe
  2⤵
  PID:3612
- C:\Windows\System\OLboYyC.exe
  C:\Windows\System\OLboYyC.exe
  2⤵
  PID:2560
- C:\Windows\System\ncPjERP.exe
  C:\Windows\System\ncPjERP.exe
  2⤵
  PID:4140
- C:\Windows\System\TWYkiNB.exe
  C:\Windows\System\TWYkiNB.exe
  2⤵
  PID:2320
- C:\Windows\System\uHkiEkE.exe
  C:\Windows\System\uHkiEkE.exe
  2⤵
  PID:3332
- C:\Windows\System\KPehNyi.exe
  C:\Windows\System\KPehNyi.exe
  2⤵
  PID:4120
- C:\Windows\System\iAyMYlp.exe
  C:\Windows\System\iAyMYlp.exe
  2⤵
  PID:4168
- C:\Windows\System\sVQCXeI.exe
  C:\Windows\System\sVQCXeI.exe
  2⤵
  PID:4336
- C:\Windows\System\EstCGGL.exe
  C:\Windows\System\EstCGGL.exe
  2⤵
  PID:4372
- C:\Windows\System\WNiJbhd.exe
  C:\Windows\System\WNiJbhd.exe
  2⤵
  PID:4236
- C:\Windows\System\JAgOXrW.exe
  C:\Windows\System\JAgOXrW.exe
  2⤵
  PID:4424
- C:\Windows\System\xfKafco.exe
  C:\Windows\System\xfKafco.exe
  2⤵
  PID:4316
- C:\Windows\System\poBnRnf.exe
  C:\Windows\System\poBnRnf.exe
  2⤵
  PID:4360
- C:\Windows\System\hrXBVTE.exe
  C:\Windows\System\hrXBVTE.exe
  2⤵
  PID:4512
- C:\Windows\System\aBFfaKf.exe
  C:\Windows\System\aBFfaKf.exe
  2⤵
  PID:4400
- C:\Windows\System\lGcmxug.exe
  C:\Windows\System\lGcmxug.exe
  2⤵
  PID:4484
- C:\Windows\System\tTlTzBl.exe
  C:\Windows\System\tTlTzBl.exe
  2⤵
  PID:4584
- C:\Windows\System\JFhDaAH.exe
  C:\Windows\System\JFhDaAH.exe
  2⤵
  PID:4564
- C:\Windows\System\EMkjRwa.exe
  C:\Windows\System\EMkjRwa.exe
  2⤵
  PID:4660
- C:\Windows\System\OgMXFQQ.exe
  C:\Windows\System\OgMXFQQ.exe
  2⤵
  PID:4644
- C:\Windows\System\BUzLYpE.exe
  C:\Windows\System\BUzLYpE.exe
  2⤵
  PID:4676
- C:\Windows\System\rHyINSV.exe
  C:\Windows\System\rHyINSV.exe
  2⤵
  PID:4740
- C:\Windows\System\rfLetUi.exe
  C:\Windows\System\rfLetUi.exe
  2⤵
  PID:4456
- C:\Windows\System\SQdUnYj.exe
  C:\Windows\System\SQdUnYj.exe
  2⤵
  PID:1904
- C:\Windows\System\kBrczZq.exe
  C:\Windows\System\kBrczZq.exe
  2⤵
  PID:2432
- C:\Windows\System\kmSuodT.exe
  C:\Windows\System\kmSuodT.exe
  2⤵
  PID:2904
- C:\Windows\System\kqqiHOJ.exe
  C:\Windows\System\kqqiHOJ.exe
  2⤵
  PID:2640
- C:\Windows\System\uuCNunz.exe
  C:\Windows\System\uuCNunz.exe
  2⤵
  PID:2976
- C:\Windows\System\GcfwmKT.exe
  C:\Windows\System\GcfwmKT.exe
  2⤵
  PID:2844
- C:\Windows\System\pWDVLuS.exe
  C:\Windows\System\pWDVLuS.exe
  2⤵
  PID:1692
- C:\Windows\System\GxfgDbn.exe
  C:\Windows\System\GxfgDbn.exe
  2⤵
  PID:4860
- C:\Windows\System\TmQZicA.exe
  C:\Windows\System\TmQZicA.exe
  2⤵
  PID:4880
- C:\Windows\System\ZTualyN.exe
  C:\Windows\System\ZTualyN.exe
  2⤵
  PID:4940
- C:\Windows\System\QxEbKwg.exe
  C:\Windows\System\QxEbKwg.exe
  2⤵
  PID:4980
- C:\Windows\System\xTCLWnV.exe
  C:\Windows\System\xTCLWnV.exe
  2⤵
  PID:5000
- C:\Windows\System\avxZDTn.exe
  C:\Windows\System\avxZDTn.exe
  2⤵
  PID:5004
- C:\Windows\System\sctDLIG.exe
  C:\Windows\System\sctDLIG.exe
  2⤵
  PID:5044
- C:\Windows\System\RznAzdF.exe
  C:\Windows\System\RznAzdF.exe
  2⤵
  PID:5104
- C:\Windows\System\oybfddR.exe
  C:\Windows\System\oybfddR.exe
  2⤵
  PID:2300
- C:\Windows\System\icPedGQ.exe
  C:\Windows\System\icPedGQ.exe
  2⤵
  PID:3876
- C:\Windows\System\McYhGbQ.exe
  C:\Windows\System\McYhGbQ.exe
  2⤵
  PID:3680
- C:\Windows\System\MSmPAlf.exe
  C:\Windows\System\MSmPAlf.exe
  2⤵
  PID:3636
- C:\Windows\System\qopahlV.exe
  C:\Windows\System\qopahlV.exe
  2⤵
  PID:3660
- C:\Windows\System\bYgTrbT.exe
  C:\Windows\System\bYgTrbT.exe
  2⤵
  PID:3984
- C:\Windows\System\OqDpfqg.exe
  C:\Windows\System\OqDpfqg.exe
  2⤵
  PID:1488
- C:\Windows\System\biclHJW.exe
  C:\Windows\System\biclHJW.exe
  2⤵
  PID:4144
- C:\Windows\System\yHpZRPl.exe
  C:\Windows\System\yHpZRPl.exe
  2⤵
  PID:4188
- C:\Windows\System\KiKiXzZ.exe
  C:\Windows\System\KiKiXzZ.exe
  2⤵
  PID:4112
- C:\Windows\System\uZLEBLk.exe
  C:\Windows\System\uZLEBLk.exe
  2⤵
  PID:4332
- C:\Windows\System\vucFoig.exe
  C:\Windows\System\vucFoig.exe
  2⤵
  PID:4116
- C:\Windows\System\OkuYFyY.exe
  C:\Windows\System\OkuYFyY.exe
  2⤵
  PID:4412
- C:\Windows\System\mbTbDSR.exe
  C:\Windows\System\mbTbDSR.exe
  2⤵
  PID:4312
- C:\Windows\System\kWfOAtr.exe
  C:\Windows\System\kWfOAtr.exe
  2⤵
  PID:4508
- C:\Windows\System\LYfMCNB.exe
  C:\Windows\System\LYfMCNB.exe
  2⤵
  PID:4352
- C:\Windows\System\eWbPTCZ.exe
  C:\Windows\System\eWbPTCZ.exe
  2⤵
  PID:4556
- C:\Windows\System\JFPZltj.exe
  C:\Windows\System\JFPZltj.exe
  2⤵
  PID:4620
- C:\Windows\System\OZmxIgx.exe
  C:\Windows\System\OZmxIgx.exe
  2⤵
  PID:4640
- C:\Windows\System\EcpaXBK.exe
  C:\Windows\System\EcpaXBK.exe
  2⤵
  PID:2668
- C:\Windows\System\JvjyrvZ.exe
  C:\Windows\System\JvjyrvZ.exe
  2⤵
  PID:4752
- C:\Windows\System\qIaHXwS.exe
  C:\Windows\System\qIaHXwS.exe
  2⤵
  PID:2196
- C:\Windows\System\dZgdJqT.exe
  C:\Windows\System\dZgdJqT.exe
  2⤵
  PID:2804
- C:\Windows\System\nwreeow.exe
  C:\Windows\System\nwreeow.exe
  2⤵
  PID:2836
- C:\Windows\System\OssklvH.exe
  C:\Windows\System\OssklvH.exe
  2⤵
  PID:4840
- C:\Windows\System\iePWyGZ.exe
  C:\Windows\System\iePWyGZ.exe
  2⤵
  PID:4868
- C:\Windows\System\NkCdWNH.exe
  C:\Windows\System\NkCdWNH.exe
  2⤵
  PID:4920
- C:\Windows\System\GLAagov.exe
  C:\Windows\System\GLAagov.exe
  2⤵
  PID:4960
- C:\Windows\System\EaPeyxM.exe
  C:\Windows\System\EaPeyxM.exe
  2⤵
  PID:5096
- C:\Windows\System\YRHZyaA.exe
  C:\Windows\System\YRHZyaA.exe
  2⤵
  PID:5100
- C:\Windows\System\YXfMXEx.exe
  C:\Windows\System\YXfMXEx.exe
  2⤵
  PID:1516
- C:\Windows\System\YBnmgjC.exe
  C:\Windows\System\YBnmgjC.exe
  2⤵
  PID:1184
- C:\Windows\System\VNvmAjo.exe
  C:\Windows\System\VNvmAjo.exe
  2⤵
  PID:3940
- C:\Windows\System\zmmFUVe.exe
  C:\Windows\System\zmmFUVe.exe
  2⤵
  PID:3836
- C:\Windows\System\ysaFvYI.exe
  C:\Windows\System\ysaFvYI.exe
  2⤵
  PID:4020
- C:\Windows\System\ExgBYnJ.exe
  C:\Windows\System\ExgBYnJ.exe
  2⤵
  PID:4220
- C:\Windows\System\oiuOlya.exe
  C:\Windows\System\oiuOlya.exe
  2⤵
  PID:4216
- C:\Windows\System\EXPrdsa.exe
  C:\Windows\System\EXPrdsa.exe
  2⤵
  PID:4204
- C:\Windows\System\BxWwieH.exe
  C:\Windows\System\BxWwieH.exe
  2⤵
  PID:4356
- C:\Windows\System\kxyQEXr.exe
  C:\Windows\System\kxyQEXr.exe
  2⤵
  PID:4440
- C:\Windows\System\TIzjsch.exe
  C:\Windows\System\TIzjsch.exe
  2⤵
  PID:4580
- C:\Windows\System\pbZLeQB.exe
  C:\Windows\System\pbZLeQB.exe
  2⤵
  PID:4460
- C:\Windows\System\odkAjLp.exe
  C:\Windows\System\odkAjLp.exe
  2⤵
  PID:2788
- C:\Windows\System\gMLRIpd.exe
  C:\Windows\System\gMLRIpd.exe
  2⤵
  PID:1560
- C:\Windows\System\uLnRCuE.exe
  C:\Windows\System\uLnRCuE.exe
  2⤵
  PID:2752
- C:\Windows\System\WGsYvsb.exe
  C:\Windows\System\WGsYvsb.exe
  2⤵
  PID:4908
- C:\Windows\System\JtbnkqE.exe
  C:\Windows\System\JtbnkqE.exe
  2⤵
  PID:3312
- C:\Windows\System\WdNUixp.exe
  C:\Windows\System\WdNUixp.exe
  2⤵
  PID:5008
- C:\Windows\System\aIvxwJq.exe
  C:\Windows\System\aIvxwJq.exe
  2⤵
  PID:5048
- C:\Windows\System\MAgstkB.exe
  C:\Windows\System\MAgstkB.exe
  2⤵
  PID:3508
- C:\Windows\System\AmLRrMp.exe
  C:\Windows\System\AmLRrMp.exe
  2⤵
  PID:3136
- C:\Windows\System\FuMkyxC.exe
  C:\Windows\System\FuMkyxC.exe
  2⤵
  PID:1524
- C:\Windows\System\RjErhYw.exe
  C:\Windows\System\RjErhYw.exe
  2⤵
  PID:4248
- C:\Windows\System\epBOzLO.exe
  C:\Windows\System\epBOzLO.exe
  2⤵
  PID:4436
- C:\Windows\System\YxbqLtp.exe
  C:\Windows\System\YxbqLtp.exe
  2⤵
  PID:4524
- C:\Windows\System\zJHIgyp.exe
  C:\Windows\System\zJHIgyp.exe
  2⤵
  PID:5128
- C:\Windows\System\VVVtoWa.exe
  C:\Windows\System\VVVtoWa.exe
  2⤵
  PID:5144
- C:\Windows\System\HcyTtbL.exe
  C:\Windows\System\HcyTtbL.exe
  2⤵
  PID:5168
- C:\Windows\System\DlYBcxZ.exe
  C:\Windows\System\DlYBcxZ.exe
  2⤵
  PID:5188
- C:\Windows\System\pNGukxo.exe
  C:\Windows\System\pNGukxo.exe
  2⤵
  PID:5208
- C:\Windows\System\XOOfsZv.exe
  C:\Windows\System\XOOfsZv.exe
  2⤵
  PID:5224
- C:\Windows\System\ApBLRPN.exe
  C:\Windows\System\ApBLRPN.exe
  2⤵
  PID:5240
- C:\Windows\System\cRLoaWw.exe
  C:\Windows\System\cRLoaWw.exe
  2⤵
  PID:5268
- C:\Windows\System\hBvXcvE.exe
  C:\Windows\System\hBvXcvE.exe
  2⤵
  PID:5288
- C:\Windows\System\mToFlgI.exe
  C:\Windows\System\mToFlgI.exe
  2⤵
  PID:5308
- C:\Windows\System\tCRZnfD.exe
  C:\Windows\System\tCRZnfD.exe
  2⤵
  PID:5328
- C:\Windows\System\iSJEbTK.exe
  C:\Windows\System\iSJEbTK.exe
  2⤵
  PID:5344
- C:\Windows\System\AVTVVQD.exe
  C:\Windows\System\AVTVVQD.exe
  2⤵
  PID:5368
- C:\Windows\System\emtJmpk.exe
  C:\Windows\System\emtJmpk.exe
  2⤵
  PID:5392
- C:\Windows\System\dsHSYsh.exe
  C:\Windows\System\dsHSYsh.exe
  2⤵
  PID:5412
- C:\Windows\System\XdpuCIO.exe
  C:\Windows\System\XdpuCIO.exe
  2⤵
  PID:5432
- C:\Windows\System\eSfsPTK.exe
  C:\Windows\System\eSfsPTK.exe
  2⤵
  PID:5452
- C:\Windows\System\EAkFEFt.exe
  C:\Windows\System\EAkFEFt.exe
  2⤵
  PID:5472
- C:\Windows\System\nTchPJa.exe
  C:\Windows\System\nTchPJa.exe
  2⤵
  PID:5492
- C:\Windows\System\OWYHEFw.exe
  C:\Windows\System\OWYHEFw.exe
  2⤵
  PID:5512
- C:\Windows\System\rnDUEWI.exe
  C:\Windows\System\rnDUEWI.exe
  2⤵
  PID:5532
- C:\Windows\System\sBBGzSP.exe
  C:\Windows\System\sBBGzSP.exe
  2⤵
  PID:5552
- C:\Windows\System\zDElehn.exe
  C:\Windows\System\zDElehn.exe
  2⤵
  PID:5572
- C:\Windows\System\XkCdAEY.exe
  C:\Windows\System\XkCdAEY.exe
  2⤵
  PID:5588
- C:\Windows\System\jegJOwk.exe
  C:\Windows\System\jegJOwk.exe
  2⤵
  PID:5612
- C:\Windows\System\cyWZJlC.exe
  C:\Windows\System\cyWZJlC.exe
  2⤵
  PID:5632
- C:\Windows\System\PHDRsDO.exe
  C:\Windows\System\PHDRsDO.exe
  2⤵
  PID:5652
- C:\Windows\System\JYTXkKd.exe
  C:\Windows\System\JYTXkKd.exe
  2⤵
  PID:5672
- C:\Windows\System\bsvDdCk.exe
  C:\Windows\System\bsvDdCk.exe
  2⤵
  PID:5692
- C:\Windows\System\LHzFlxO.exe
  C:\Windows\System\LHzFlxO.exe
  2⤵
  PID:5708
- C:\Windows\System\IzkfTeh.exe
  C:\Windows\System\IzkfTeh.exe
  2⤵
  PID:5732
- C:\Windows\System\HFFQMxj.exe
  C:\Windows\System\HFFQMxj.exe
  2⤵
  PID:5756
- C:\Windows\System\RcoOGTg.exe
  C:\Windows\System\RcoOGTg.exe
  2⤵
  PID:5776
- C:\Windows\System\xuTBoCN.exe
  C:\Windows\System\xuTBoCN.exe
  2⤵
  PID:5796
- C:\Windows\System\obkbceO.exe
  C:\Windows\System\obkbceO.exe
  2⤵
  PID:5816
- C:\Windows\System\taCyvET.exe
  C:\Windows\System\taCyvET.exe
  2⤵
  PID:5836
- C:\Windows\System\XZfuTZF.exe
  C:\Windows\System\XZfuTZF.exe
  2⤵
  PID:5852
- C:\Windows\System\dWfhpGK.exe
  C:\Windows\System\dWfhpGK.exe
  2⤵
  PID:5876
- C:\Windows\System\ipgIFmc.exe
  C:\Windows\System\ipgIFmc.exe
  2⤵
  PID:5896
- C:\Windows\System\bIYrWSa.exe
  C:\Windows\System\bIYrWSa.exe
  2⤵
  PID:5912
- C:\Windows\System\eOBXUJn.exe
  C:\Windows\System\eOBXUJn.exe
  2⤵
  PID:5936
- C:\Windows\System\eLyDfPg.exe
  C:\Windows\System\eLyDfPg.exe
  2⤵
  PID:5956
- C:\Windows\System\lVgAyZX.exe
  C:\Windows\System\lVgAyZX.exe
  2⤵
  PID:5980
- C:\Windows\System\TyITABv.exe
  C:\Windows\System\TyITABv.exe
  2⤵
  PID:6000
- C:\Windows\System\MgcKIYF.exe
  C:\Windows\System\MgcKIYF.exe
  2⤵
  PID:6024
- C:\Windows\System\Srkrpmg.exe
  C:\Windows\System\Srkrpmg.exe
  2⤵
  PID:6044
- C:\Windows\System\xThdZrc.exe
  C:\Windows\System\xThdZrc.exe
  2⤵
  PID:6064
- C:\Windows\System\nfIriTD.exe
  C:\Windows\System\nfIriTD.exe
  2⤵
  PID:6080
- C:\Windows\System\bTeWEYJ.exe
  C:\Windows\System\bTeWEYJ.exe
  2⤵
  PID:6104
- C:\Windows\System\RIAsUlK.exe
  C:\Windows\System\RIAsUlK.exe
  2⤵
  PID:6120
- C:\Windows\System\wmpEJTR.exe
  C:\Windows\System\wmpEJTR.exe
  2⤵
  PID:4964
- C:\Windows\System\OVDpgxX.exe
  C:\Windows\System\OVDpgxX.exe
  2⤵
  PID:4608
- C:\Windows\System\tXQEAES.exe
  C:\Windows\System\tXQEAES.exe
  2⤵
  PID:2468
- C:\Windows\System\wBajxtc.exe
  C:\Windows\System\wBajxtc.exe
  2⤵
  PID:2008
- C:\Windows\System\ALfGAnr.exe
  C:\Windows\System\ALfGAnr.exe
  2⤵
  PID:3468
- C:\Windows\System\WwsVYjl.exe
  C:\Windows\System\WwsVYjl.exe
  2⤵
  PID:5036
- C:\Windows\System\TbxzQEL.exe
  C:\Windows\System\TbxzQEL.exe
  2⤵
  PID:3288
- C:\Windows\System\DlFyupn.exe
  C:\Windows\System\DlFyupn.exe
  2⤵
  PID:4128
- C:\Windows\System\pDjwtTA.exe
  C:\Windows\System\pDjwtTA.exe
  2⤵
  PID:972
- C:\Windows\System\OyYOkct.exe
  C:\Windows\System\OyYOkct.exe
  2⤵
  PID:5160
- C:\Windows\System\GnlPrMt.exe
  C:\Windows\System\GnlPrMt.exe
  2⤵
  PID:5156
- C:\Windows\System\sKjnhuU.exe
  C:\Windows\System\sKjnhuU.exe
  2⤵
  PID:5200
- C:\Windows\System\DhCFeti.exe
  C:\Windows\System\DhCFeti.exe
  2⤵
  PID:5220
- C:\Windows\System\rnBivUH.exe
  C:\Windows\System\rnBivUH.exe
  2⤵
  PID:5256
- C:\Windows\System\lyYwBbJ.exe
  C:\Windows\System\lyYwBbJ.exe
  2⤵
  PID:5324
- C:\Windows\System\AVZQBTS.exe
  C:\Windows\System\AVZQBTS.exe
  2⤵
  PID:5352
- C:\Windows\System\mkcqiDL.exe
  C:\Windows\System\mkcqiDL.exe
  2⤵
  PID:5356
- C:\Windows\System\peVAIQc.exe
  C:\Windows\System\peVAIQc.exe
  2⤵
  PID:5408
- C:\Windows\System\HQKHQxL.exe
  C:\Windows\System\HQKHQxL.exe
  2⤵
  PID:5444
- C:\Windows\System\THlikgq.exe
  C:\Windows\System\THlikgq.exe
  2⤵
  PID:5460
- C:\Windows\System\mWXvSbu.exe
  C:\Windows\System\mWXvSbu.exe
  2⤵
  PID:5500
- C:\Windows\System\miHCAlx.exe
  C:\Windows\System\miHCAlx.exe
  2⤵
  PID:5560
- C:\Windows\System\AleCrpV.exe
  C:\Windows\System\AleCrpV.exe
  2⤵
  PID:5540
- C:\Windows\System\ZZKEoRg.exe
  C:\Windows\System\ZZKEoRg.exe
  2⤵
  PID:5580
- C:\Windows\System\bXPEZBx.exe
  C:\Windows\System\bXPEZBx.exe
  2⤵
  PID:5644
- C:\Windows\System\bZOiWzb.exe
  C:\Windows\System\bZOiWzb.exe
  2⤵
  PID:5680
- C:\Windows\System\uWKRpTH.exe
  C:\Windows\System\uWKRpTH.exe
  2⤵
  PID:5724
- C:\Windows\System\qWtPoVJ.exe
  C:\Windows\System\qWtPoVJ.exe
  2⤵
  PID:5740
- C:\Windows\System\ExoHIZP.exe
  C:\Windows\System\ExoHIZP.exe
  2⤵
  PID:5744
- C:\Windows\System\pSkmUJE.exe
  C:\Windows\System\pSkmUJE.exe
  2⤵
  PID:5808
- C:\Windows\System\AUvOACk.exe
  C:\Windows\System\AUvOACk.exe
  2⤵
  PID:5828
- C:\Windows\System\jDCbnxx.exe
  C:\Windows\System\jDCbnxx.exe
  2⤵
  PID:5872
- C:\Windows\System\ESfHkos.exe
  C:\Windows\System\ESfHkos.exe
  2⤵
  PID:5920
- C:\Windows\System\WKxqoXB.exe
  C:\Windows\System\WKxqoXB.exe
  2⤵
  PID:5924
- C:\Windows\System\MdJYKEA.exe
  C:\Windows\System\MdJYKEA.exe
  2⤵
  PID:2036
- C:\Windows\System\tkngurz.exe
  C:\Windows\System\tkngurz.exe
  2⤵
  PID:5976
- C:\Windows\System\FnEzpjY.exe
  C:\Windows\System\FnEzpjY.exe
  2⤵
  PID:2712
- C:\Windows\System\vnjSfWk.exe
  C:\Windows\System\vnjSfWk.exe
  2⤵
  PID:6060
- C:\Windows\System\aPqavcR.exe
  C:\Windows\System\aPqavcR.exe
  2⤵
  PID:6092
- C:\Windows\System\vXvkbGC.exe
  C:\Windows\System\vXvkbGC.exe
  2⤵
  PID:6128
- C:\Windows\System\LXqtolP.exe
  C:\Windows\System\LXqtolP.exe
  2⤵
  PID:6020
- C:\Windows\System\OZTAmQv.exe
  C:\Windows\System\OZTAmQv.exe
  2⤵
  PID:2032
- C:\Windows\System\vubNlHr.exe
  C:\Windows\System\vubNlHr.exe
  2⤵
  PID:4884
- C:\Windows\System\giHjbEC.exe
  C:\Windows\System\giHjbEC.exe
  2⤵
  PID:2420
- C:\Windows\System\vjMEGOU.exe
  C:\Windows\System\vjMEGOU.exe
  2⤵
  PID:5124
- C:\Windows\System\rtMdhyv.exe
  C:\Windows\System\rtMdhyv.exe
  2⤵
  PID:4480
- C:\Windows\System\SCIttmO.exe
  C:\Windows\System\SCIttmO.exe
  2⤵
  PID:4240
- C:\Windows\System\dBThSKj.exe
  C:\Windows\System\dBThSKj.exe
  2⤵
  PID:5184
- C:\Windows\System\grMzjGi.exe
  C:\Windows\System\grMzjGi.exe
  2⤵
  PID:5280
- C:\Windows\System\YOJzxkR.exe
  C:\Windows\System\YOJzxkR.exe
  2⤵
  PID:5364
- C:\Windows\System\OXwcVYT.exe
  C:\Windows\System\OXwcVYT.exe
  2⤵
  PID:2940
- C:\Windows\System\RhWANDn.exe
  C:\Windows\System\RhWANDn.exe
  2⤵
  PID:5464
- C:\Windows\System\pZzEzJk.exe
  C:\Windows\System\pZzEzJk.exe
  2⤵
  PID:5488
- C:\Windows\System\UOggEDX.exe
  C:\Windows\System\UOggEDX.exe
  2⤵
  PID:5524
- C:\Windows\System\PReYBTH.exe
  C:\Windows\System\PReYBTH.exe
  2⤵
  PID:5620
- C:\Windows\System\LlQZKGU.exe
  C:\Windows\System\LlQZKGU.exe
  2⤵
  PID:5688
- C:\Windows\System\aDPzhNB.exe
  C:\Windows\System\aDPzhNB.exe
  2⤵
  PID:5384
- C:\Windows\System\gDNxvsp.exe
  C:\Windows\System\gDNxvsp.exe
  2⤵
  PID:5720
- C:\Windows\System\wZekfAB.exe
  C:\Windows\System\wZekfAB.exe
  2⤵
  PID:5804
- C:\Windows\System\viyKGSU.exe
  C:\Windows\System\viyKGSU.exe
  2⤵
  PID:2052
- C:\Windows\System\SItBhFb.exe
  C:\Windows\System\SItBhFb.exe
  2⤵
  PID:2124
- C:\Windows\System\tRxTCsn.exe
  C:\Windows\System\tRxTCsn.exe
  2⤵
  PID:5908
- C:\Windows\System\lTiUpaA.exe
  C:\Windows\System\lTiUpaA.exe
  2⤵
  PID:5996
- C:\Windows\System\tJGrgNI.exe
  C:\Windows\System\tJGrgNI.exe
  2⤵
  PID:6052
- C:\Windows\System\XlxQcWj.exe
  C:\Windows\System\XlxQcWj.exe
  2⤵
  PID:6072
- C:\Windows\System\HIvWXTE.exe
  C:\Windows\System\HIvWXTE.exe
  2⤵
  PID:6112
- C:\Windows\System\mETKYaU.exe
  C:\Windows\System\mETKYaU.exe
  2⤵
  PID:2884
- C:\Windows\System\EyZZUpW.exe
  C:\Windows\System\EyZZUpW.exe
  2⤵
  PID:3864
- C:\Windows\System\aSPiQYP.exe
  C:\Windows\System\aSPiQYP.exe
  2⤵
  PID:4944
- C:\Windows\System\xuQcSFZ.exe
  C:\Windows\System\xuQcSFZ.exe
  2⤵
  PID:5232
- C:\Windows\System\jngKXsX.exe
  C:\Windows\System\jngKXsX.exe
  2⤵
  PID:5248
- C:\Windows\System\xalUgsI.exe
  C:\Windows\System\xalUgsI.exe
  2⤵
  PID:5484
- C:\Windows\System\BoKMFkS.exe
  C:\Windows\System\BoKMFkS.exe
  2⤵
  PID:5448
- C:\Windows\System\zxETeVg.exe
  C:\Windows\System\zxETeVg.exe
  2⤵
  PID:5624
- C:\Windows\System\ZdMNvaw.exe
  C:\Windows\System\ZdMNvaw.exe
  2⤵
  PID:5428
- C:\Windows\System\fMRDGuH.exe
  C:\Windows\System\fMRDGuH.exe
  2⤵
  PID:5608
- C:\Windows\System\EBxBpDx.exe
  C:\Windows\System\EBxBpDx.exe
  2⤵
  PID:5844
- C:\Windows\System\jihMGUB.exe
  C:\Windows\System\jihMGUB.exe
  2⤵
  PID:5988
- C:\Windows\System\yBZbwNM.exe
  C:\Windows\System\yBZbwNM.exe
  2⤵
  PID:5904
- C:\Windows\System\ZSfQQjW.exe
  C:\Windows\System\ZSfQQjW.exe
  2⤵
  PID:6012
- C:\Windows\System\YHXnkLK.exe
  C:\Windows\System\YHXnkLK.exe
  2⤵
  PID:1412
- C:\Windows\System\GGeHcEx.exe
  C:\Windows\System\GGeHcEx.exe
  2⤵
  PID:5300
- C:\Windows\System\GlpiYXr.exe
  C:\Windows\System\GlpiYXr.exe
  2⤵
  PID:5400
- C:\Windows\System\KnpkBEE.exe
  C:\Windows\System\KnpkBEE.exe
  2⤵
  PID:5296
- C:\Windows\System\SJXMSRQ.exe
  C:\Windows\System\SJXMSRQ.exe
  2⤵
  PID:5596
- C:\Windows\System\RwSpZcq.exe
  C:\Windows\System\RwSpZcq.exe
  2⤵
  PID:5892
- C:\Windows\System\GLGBWMb.exe
  C:\Windows\System\GLGBWMb.exe
  2⤵
  PID:1492
- C:\Windows\System\dYLtWRT.exe
  C:\Windows\System\dYLtWRT.exe
  2⤵
  PID:6152
- C:\Windows\System\gOeDJAE.exe
  C:\Windows\System\gOeDJAE.exe
  2⤵
  PID:6172
- C:\Windows\System\TwIMVMB.exe
  C:\Windows\System\TwIMVMB.exe
  2⤵
  PID:6192
- C:\Windows\System\FGTvnkb.exe
  C:\Windows\System\FGTvnkb.exe
  2⤵
  PID:6216
- C:\Windows\System\AkadTdQ.exe
  C:\Windows\System\AkadTdQ.exe
  2⤵
  PID:6244
- C:\Windows\System\EesGMYu.exe
  C:\Windows\System\EesGMYu.exe
  2⤵
  PID:6264
- C:\Windows\System\YjyvRYO.exe
  C:\Windows\System\YjyvRYO.exe
  2⤵
  PID:6284
- C:\Windows\System\CebQmGg.exe
  C:\Windows\System\CebQmGg.exe
  2⤵
  PID:6308
- C:\Windows\System\fSVLEMp.exe
  C:\Windows\System\fSVLEMp.exe
  2⤵
  PID:6332
- C:\Windows\System\EnxVaEh.exe
  C:\Windows\System\EnxVaEh.exe
  2⤵
  PID:6352
- C:\Windows\System\tITIVSo.exe
  C:\Windows\System\tITIVSo.exe
  2⤵
  PID:6372
- C:\Windows\System\vIhSLVU.exe
  C:\Windows\System\vIhSLVU.exe
  2⤵
  PID:6388
- C:\Windows\System\lajKutL.exe
  C:\Windows\System\lajKutL.exe
  2⤵
  PID:6416
- C:\Windows\System\kfpgeAW.exe
  C:\Windows\System\kfpgeAW.exe
  2⤵
  PID:6436
- C:\Windows\System\USRoJGA.exe
  C:\Windows\System\USRoJGA.exe
  2⤵
  PID:6456
- C:\Windows\System\MeMCIod.exe
  C:\Windows\System\MeMCIod.exe
  2⤵
  PID:6480
- C:\Windows\System\ftWdIOr.exe
  C:\Windows\System\ftWdIOr.exe
  2⤵
  PID:6500
- C:\Windows\System\TmFppAu.exe
  C:\Windows\System\TmFppAu.exe
  2⤵
  PID:6520
- C:\Windows\System\nNEEcPS.exe
  C:\Windows\System\nNEEcPS.exe
  2⤵
  PID:6548
- C:\Windows\System\wAoJtdP.exe
  C:\Windows\System\wAoJtdP.exe
  2⤵
  PID:6568
- C:\Windows\System\hjPUfUX.exe
  C:\Windows\System\hjPUfUX.exe
  2⤵
  PID:6588
- C:\Windows\System\zTKTIwY.exe
  C:\Windows\System\zTKTIwY.exe
  2⤵
  PID:6608
- C:\Windows\System\jiJUeyD.exe
  C:\Windows\System\jiJUeyD.exe
  2⤵
  PID:6628
- C:\Windows\System\XfpUoGF.exe
  C:\Windows\System\XfpUoGF.exe
  2⤵
  PID:6648
- C:\Windows\System\WUPajmF.exe
  C:\Windows\System\WUPajmF.exe
  2⤵
  PID:6668
- C:\Windows\System\QFRLfeH.exe
  C:\Windows\System\QFRLfeH.exe
  2⤵
  PID:6688
- C:\Windows\System\zVgzpAp.exe
  C:\Windows\System\zVgzpAp.exe
  2⤵
  PID:6712
- C:\Windows\System\OKDwGGx.exe
  C:\Windows\System\OKDwGGx.exe
  2⤵
  PID:6732
- C:\Windows\System\AavGbtN.exe
  C:\Windows\System\AavGbtN.exe
  2⤵
  PID:6752
- C:\Windows\System\VCMyBan.exe
  C:\Windows\System\VCMyBan.exe
  2⤵
  PID:6772
- C:\Windows\System\NcFuNft.exe
  C:\Windows\System\NcFuNft.exe
  2⤵
  PID:6792
- C:\Windows\System\ynkVfDR.exe
  C:\Windows\System\ynkVfDR.exe
  2⤵
  PID:6808
- C:\Windows\System\ecTATAD.exe
  C:\Windows\System\ecTATAD.exe
  2⤵
  PID:6828
- C:\Windows\System\LHRuNSa.exe
  C:\Windows\System\LHRuNSa.exe
  2⤵
  PID:6848
- C:\Windows\System\EHHPrns.exe
  C:\Windows\System\EHHPrns.exe
  2⤵
  PID:6868
- C:\Windows\System\WWmFuHx.exe
  C:\Windows\System\WWmFuHx.exe
  2⤵
  PID:6892
- C:\Windows\System\DAoigei.exe
  C:\Windows\System\DAoigei.exe
  2⤵
  PID:6912
- C:\Windows\System\ZKAasld.exe
  C:\Windows\System\ZKAasld.exe
  2⤵
  PID:6936
- C:\Windows\System\xlAJQWP.exe
  C:\Windows\System\xlAJQWP.exe
  2⤵
  PID:6960
- C:\Windows\System\qhyGosx.exe
  C:\Windows\System\qhyGosx.exe
  2⤵
  PID:6980
- C:\Windows\System\lSPsfrm.exe
  C:\Windows\System\lSPsfrm.exe
  2⤵
  PID:7000
- C:\Windows\System\QOKbdWj.exe
  C:\Windows\System\QOKbdWj.exe
  2⤵
  PID:7020
- C:\Windows\System\jaKSzjS.exe
  C:\Windows\System\jaKSzjS.exe
  2⤵
  PID:7040
- C:\Windows\System\FRQVHXy.exe
  C:\Windows\System\FRQVHXy.exe
  2⤵
  PID:7060
- C:\Windows\System\odMqJhO.exe
  C:\Windows\System\odMqJhO.exe
  2⤵
  PID:7080
- C:\Windows\System\ywmrfoG.exe
  C:\Windows\System\ywmrfoG.exe
  2⤵
  PID:7100
- C:\Windows\System\RqmFAra.exe
  C:\Windows\System\RqmFAra.exe
  2⤵
  PID:7120
- C:\Windows\System\zpQEnkG.exe
  C:\Windows\System\zpQEnkG.exe
  2⤵
  PID:7140
- C:\Windows\System\vknUgdx.exe
  C:\Windows\System\vknUgdx.exe
  2⤵
  PID:7160
- C:\Windows\System\AwywSpL.exe
  C:\Windows\System\AwywSpL.exe
  2⤵
  PID:2192
- C:\Windows\System\rOZclGF.exe
  C:\Windows\System\rOZclGF.exe
  2⤵
  PID:3292
- C:\Windows\System\lbpHmyb.exe
  C:\Windows\System\lbpHmyb.exe
  2⤵
  PID:5604
- C:\Windows\System\ZdHyBir.exe
  C:\Windows\System\ZdHyBir.exe
  2⤵
  PID:4588
- C:\Windows\System\PaGLXrh.exe
  C:\Windows\System\PaGLXrh.exe
  2⤵
  PID:5888
- C:\Windows\System\QpQERkP.exe
  C:\Windows\System\QpQERkP.exe
  2⤵
  PID:5868
- C:\Windows\System\xryVEnx.exe
  C:\Windows\System\xryVEnx.exe
  2⤵
  PID:6252
- C:\Windows\System\SXXqDSO.exe
  C:\Windows\System\SXXqDSO.exe
  2⤵
  PID:6292
- C:\Windows\System\tQahmUm.exe
  C:\Windows\System\tQahmUm.exe
  2⤵
  PID:6348
- C:\Windows\System\SQPhyUU.exe
  C:\Windows\System\SQPhyUU.exe
  2⤵
  PID:6280
- C:\Windows\System\KmlSbAT.exe
  C:\Windows\System\KmlSbAT.exe
  2⤵
  PID:6328
- C:\Windows\System\RWeibYj.exe
  C:\Windows\System\RWeibYj.exe
  2⤵
  PID:6428
- C:\Windows\System\vgFflFy.exe
  C:\Windows\System\vgFflFy.exe
  2⤵
  PID:6396
- C:\Windows\System\dXuHmVU.exe
  C:\Windows\System\dXuHmVU.exe
  2⤵
  PID:6444
- C:\Windows\System\LgZnnfY.exe
  C:\Windows\System\LgZnnfY.exe
  2⤵
  PID:6188
- C:\Windows\System\mvxjLIv.exe
  C:\Windows\System\mvxjLIv.exe
  2⤵
  PID:6596
- C:\Windows\System\znAtNHy.exe
  C:\Windows\System\znAtNHy.exe
  2⤵
  PID:6636
- C:\Windows\System\GMaVhpi.exe
  C:\Windows\System\GMaVhpi.exe
  2⤵
  PID:6576
- C:\Windows\System\VYjapwI.exe
  C:\Windows\System\VYjapwI.exe
  2⤵
  PID:6616
- C:\Windows\System\KyuOEix.exe
  C:\Windows\System\KyuOEix.exe
  2⤵
  PID:6720
- C:\Windows\System\BcCKPRB.exe
  C:\Windows\System\BcCKPRB.exe
  2⤵
  PID:6760
- C:\Windows\System\NMWCBSQ.exe
  C:\Windows\System\NMWCBSQ.exe
  2⤵
  PID:6656
- C:\Windows\System\aRbJBer.exe
  C:\Windows\System\aRbJBer.exe
  2⤵
  PID:6800
- C:\Windows\System\MdLlAGl.exe
  C:\Windows\System\MdLlAGl.exe
  2⤵
  PID:6836
- C:\Windows\System\TMIepMl.exe
  C:\Windows\System\TMIepMl.exe
  2⤵
  PID:6876
- C:\Windows\System\jtkabuy.exe
  C:\Windows\System\jtkabuy.exe
  2⤵
  PID:6824
- C:\Windows\System\WbjCExQ.exe
  C:\Windows\System\WbjCExQ.exe
  2⤵
  PID:6928
- C:\Windows\System\FfGvIPM.exe
  C:\Windows\System\FfGvIPM.exe
  2⤵
  PID:6900
- C:\Windows\System\INpaDLM.exe
  C:\Windows\System\INpaDLM.exe
  2⤵
  PID:2860
- C:\Windows\System\qCWrvQF.exe
  C:\Windows\System\qCWrvQF.exe
  2⤵
  PID:6972
- C:\Windows\System\lIFfTsy.exe
  C:\Windows\System\lIFfTsy.exe
  2⤵
  PID:3040
- C:\Windows\System\VLbwkgg.exe
  C:\Windows\System\VLbwkgg.exe
  2⤵
  PID:7048
- C:\Windows\System\hDwEzDn.exe
  C:\Windows\System\hDwEzDn.exe
  2⤵
  PID:7088
- C:\Windows\System\zgUFQyo.exe
  C:\Windows\System\zgUFQyo.exe
  2⤵
  PID:7108
- C:\Windows\System\zewfHjS.exe
  C:\Windows\System\zewfHjS.exe
  2⤵
  PID:7148
- C:\Windows\System\IjQWQkD.exe
  C:\Windows\System\IjQWQkD.exe
  2⤵
  PID:5948
- C:\Windows\System\RIykOqj.exe
  C:\Windows\System\RIykOqj.exe
  2⤵
  PID:5264
- C:\Windows\System\dMpkqFQ.exe
  C:\Windows\System\dMpkqFQ.exe
  2⤵
  PID:5152
- C:\Windows\System\OzyWIzP.exe
  C:\Windows\System\OzyWIzP.exe
  2⤵
  PID:6208
- C:\Windows\System\RXwZrEP.exe
  C:\Windows\System\RXwZrEP.exe
  2⤵
  PID:2616
- C:\Windows\System\HOqipQP.exe
  C:\Windows\System\HOqipQP.exe
  2⤵
  PID:6180
- C:\Windows\System\QLIzpxj.exe
  C:\Windows\System\QLIzpxj.exe
  2⤵
  PID:6224
- C:\Windows\System\qpJNCPr.exe
  C:\Windows\System\qpJNCPr.exe
  2⤵
  PID:6316
- C:\Windows\System\OHDMGkW.exe
  C:\Windows\System\OHDMGkW.exe
  2⤵
  PID:6468
- C:\Windows\System\rzvCBav.exe
  C:\Windows\System\rzvCBav.exe
  2⤵
  PID:6516
- C:\Windows\System\jzcSFhj.exe
  C:\Windows\System\jzcSFhj.exe
  2⤵
  PID:6512
- C:\Windows\System\xgelGSJ.exe
  C:\Windows\System\xgelGSJ.exe
  2⤵
  PID:1348
- C:\Windows\System\lItmwkX.exe
  C:\Windows\System\lItmwkX.exe
  2⤵
  PID:6528
- C:\Windows\System\CqrouMg.exe
  C:\Windows\System\CqrouMg.exe
  2⤵
  PID:6540
- C:\Windows\System\KttYczS.exe
  C:\Windows\System\KttYczS.exe
  2⤵
  PID:2708
- C:\Windows\System\gkBzzsO.exe
  C:\Windows\System\gkBzzsO.exe
  2⤵
  PID:6620
- C:\Windows\System\apDdXQW.exe
  C:\Windows\System\apDdXQW.exe
  2⤵
  PID:6700
- C:\Windows\System\pQNtrIw.exe
  C:\Windows\System\pQNtrIw.exe
  2⤵
  PID:6784
- C:\Windows\System\qZZlGMU.exe
  C:\Windows\System\qZZlGMU.exe
  2⤵
  PID:6804
- C:\Windows\System\yGejwah.exe
  C:\Windows\System\yGejwah.exe
  2⤵
  PID:1480
- C:\Windows\System\SgaCoQZ.exe
  C:\Windows\System\SgaCoQZ.exe
  2⤵
  PID:6908
- C:\Windows\System\plvXOWG.exe
  C:\Windows\System\plvXOWG.exe
  2⤵
  PID:2148
- C:\Windows\System\XayWorn.exe
  C:\Windows\System\XayWorn.exe
  2⤵
  PID:6948
- C:\Windows\System\JWrBxOY.exe
  C:\Windows\System\JWrBxOY.exe
  2⤵
  PID:7028
- C:\Windows\System\XXfLrxQ.exe
  C:\Windows\System\XXfLrxQ.exe
  2⤵
  PID:7132
- C:\Windows\System\awTmWqS.exe
  C:\Windows\System\awTmWqS.exe
  2⤵
  PID:7156
- C:\Windows\System\peCHhXK.exe
  C:\Windows\System\peCHhXK.exe
  2⤵
  PID:6040
- C:\Windows\System\iaIiBZi.exe
  C:\Windows\System\iaIiBZi.exe
  2⤵
  PID:6204
- C:\Windows\System\fnHaYRa.exe
  C:\Windows\System\fnHaYRa.exe
  2⤵
  PID:5424
- C:\Windows\System\ajJOZbl.exe
  C:\Windows\System\ajJOZbl.exe
  2⤵
  PID:6380
- C:\Windows\System\neqglkY.exe
  C:\Windows\System\neqglkY.exe
  2⤵
  PID:6476
- C:\Windows\System\KisYsQH.exe
  C:\Windows\System\KisYsQH.exe
  2⤵
  PID:6600
- C:\Windows\System\SgKlkOC.exe
  C:\Windows\System\SgKlkOC.exe
  2⤵
  PID:6496
- C:\Windows\System\vjRjctQ.exe
  C:\Windows\System\vjRjctQ.exe
  2⤵
  PID:2716
- C:\Windows\System\qdINGqp.exe
  C:\Windows\System\qdINGqp.exe
  2⤵
  PID:1368
- C:\Windows\System\AMLDhCk.exe
  C:\Windows\System\AMLDhCk.exe
  2⤵
  PID:1268
- C:\Windows\System\BdhGIzX.exe
  C:\Windows\System\BdhGIzX.exe
  2⤵
  PID:1888
- C:\Windows\System\SJUyWRx.exe
  C:\Windows\System\SJUyWRx.exe
  2⤵
  PID:2020
- C:\Windows\System\llZDSFZ.exe
  C:\Windows\System\llZDSFZ.exe
  2⤵
  PID:1612
- C:\Windows\System\zjfUloj.exe
  C:\Windows\System\zjfUloj.exe
  2⤵
  PID:6816
- C:\Windows\System\nAGQqpN.exe
  C:\Windows\System\nAGQqpN.exe
  2⤵
  PID:7008
- C:\Windows\System\hMWbfAE.exe
  C:\Windows\System\hMWbfAE.exe
  2⤵
  PID:7032
- C:\Windows\System\GeEGpYt.exe
  C:\Windows\System\GeEGpYt.exe
  2⤵
  PID:2508
- C:\Windows\System\sktNVUD.exe
  C:\Windows\System\sktNVUD.exe
  2⤵
  PID:328
- C:\Windows\System\MnifjCP.exe
  C:\Windows\System\MnifjCP.exe
  2⤵
  PID:7076
- C:\Windows\System\PYnDXfa.exe
  C:\Windows\System\PYnDXfa.exe
  2⤵
  PID:1136
- C:\Windows\System\UMnejDE.exe
  C:\Windows\System\UMnejDE.exe
  2⤵
  PID:5792
- C:\Windows\System\uqwPSqU.exe
  C:\Windows\System\uqwPSqU.exe
  2⤵
  PID:7116
- C:\Windows\System\nGvvRIN.exe
  C:\Windows\System\nGvvRIN.exe
  2⤵
  PID:6296
- C:\Windows\System\raOgUuj.exe
  C:\Windows\System\raOgUuj.exe
  2⤵
  PID:6564
- C:\Windows\System\uOQugHm.exe
  C:\Windows\System\uOQugHm.exe
  2⤵
  PID:1068
- C:\Windows\System\uUrzlzz.exe
  C:\Windows\System\uUrzlzz.exe
  2⤵
  PID:6764
- C:\Windows\System\yWfUAep.exe
  C:\Windows\System\yWfUAep.exe
  2⤵
  PID:6840
- C:\Windows\System\FffEZEK.exe
  C:\Windows\System\FffEZEK.exe
  2⤵
  PID:7016
- C:\Windows\System\AVOgTqN.exe
  C:\Windows\System\AVOgTqN.exe
  2⤵
  PID:800
- C:\Windows\System\PXnfUMU.exe
  C:\Windows\System\PXnfUMU.exe
  2⤵
  PID:6976
- C:\Windows\System\vipfeLT.exe
  C:\Windows\System\vipfeLT.exe
  2⤵
  PID:6256
- C:\Windows\System\tbHOnVC.exe
  C:\Windows\System\tbHOnVC.exe
  2⤵
  PID:7092
- C:\Windows\System\OPldDqK.exe
  C:\Windows\System\OPldDqK.exe
  2⤵
  PID:2660
- C:\Windows\System\BFLunWu.exe
  C:\Windows\System\BFLunWu.exe
  2⤵
  PID:2572
- C:\Windows\System\PPTtfaV.exe
  C:\Windows\System\PPTtfaV.exe
  2⤵
  PID:6856
- C:\Windows\System\LrYrOXj.exe
  C:\Windows\System\LrYrOXj.exe
  2⤵
  PID:688
- C:\Windows\System\eplJNit.exe
  C:\Windows\System\eplJNit.exe
  2⤵
  PID:7068
- C:\Windows\System\OxGCJbV.exe
  C:\Windows\System\OxGCJbV.exe
  2⤵
  PID:1740
- C:\Windows\System\zyIahtV.exe
  C:\Windows\System\zyIahtV.exe
  2⤵
  PID:6492
- C:\Windows\System\Xmkyiaz.exe
  C:\Windows\System\Xmkyiaz.exe
  2⤵
  PID:6684
- C:\Windows\System\oOquNWc.exe
  C:\Windows\System\oOquNWc.exe
  2⤵
  PID:6864
- C:\Windows\System\IxIoWAn.exe
  C:\Windows\System\IxIoWAn.exe
  2⤵
  PID:6408
- C:\Windows\System\cYjRulh.exe
  C:\Windows\System\cYjRulh.exe
  2⤵
  PID:7172
- C:\Windows\System\xpytbxd.exe
  C:\Windows\System\xpytbxd.exe
  2⤵
  PID:7192
- C:\Windows\System\hDTjHej.exe
  C:\Windows\System\hDTjHej.exe
  2⤵
  PID:7212
- C:\Windows\System\gFZfOeF.exe
  C:\Windows\System\gFZfOeF.exe
  2⤵
  PID:7232
- C:\Windows\System\nxjOtDR.exe
  C:\Windows\System\nxjOtDR.exe
  2⤵
  PID:7252
- C:\Windows\System\ZZxrBlL.exe
  C:\Windows\System\ZZxrBlL.exe
  2⤵
  PID:7272
- C:\Windows\System\LDGIoic.exe
  C:\Windows\System\LDGIoic.exe
  2⤵
  PID:7292
- C:\Windows\System\fDIhTTj.exe
  C:\Windows\System\fDIhTTj.exe
  2⤵
  PID:7316
- C:\Windows\System\WoVEsjL.exe
  C:\Windows\System\WoVEsjL.exe
  2⤵
  PID:7336
- C:\Windows\System\pUSZJCh.exe
  C:\Windows\System\pUSZJCh.exe
  2⤵
  PID:7352
- C:\Windows\System\QaqJSLp.exe
  C:\Windows\System\QaqJSLp.exe
  2⤵
  PID:7376
- C:\Windows\System\Qypysrq.exe
  C:\Windows\System\Qypysrq.exe
  2⤵
  PID:7396
- C:\Windows\System\kYVYTCl.exe
  C:\Windows\System\kYVYTCl.exe
  2⤵
  PID:7432
- C:\Windows\System\aDUysab.exe
  C:\Windows\System\aDUysab.exe
  2⤵
  PID:7448
- C:\Windows\System\gtcenks.exe
  C:\Windows\System\gtcenks.exe
  2⤵
  PID:7464
- C:\Windows\System\VOWYoWi.exe
  C:\Windows\System\VOWYoWi.exe
  2⤵
  PID:7480
- C:\Windows\System\pCTWxPP.exe
  C:\Windows\System\pCTWxPP.exe
  2⤵
  PID:7496
- C:\Windows\System\hMoZlTa.exe
  C:\Windows\System\hMoZlTa.exe
  2⤵
  PID:7516
- C:\Windows\System\RdpxVTV.exe
  C:\Windows\System\RdpxVTV.exe
  2⤵
  PID:7532
- C:\Windows\System\jMALjrS.exe
  C:\Windows\System\jMALjrS.exe
  2⤵
  PID:7548
- C:\Windows\System\Jvjcizp.exe
  C:\Windows\System\Jvjcizp.exe
  2⤵
  PID:7584
- C:\Windows\System\wguzPLi.exe
  C:\Windows\System\wguzPLi.exe
  2⤵
  PID:7608
- C:\Windows\System\XLcQhJX.exe
  C:\Windows\System\XLcQhJX.exe
  2⤵
  PID:7624
- C:\Windows\System\YCIwnXN.exe
  C:\Windows\System\YCIwnXN.exe
  2⤵
  PID:7648
- C:\Windows\System\QOehizP.exe
  C:\Windows\System\QOehizP.exe
  2⤵
  PID:7664
- C:\Windows\System\EIFJJVh.exe
  C:\Windows\System\EIFJJVh.exe
  2⤵
  PID:7688
- C:\Windows\System\aQjLeGt.exe
  C:\Windows\System\aQjLeGt.exe
  2⤵
  PID:7708
- C:\Windows\System\IxFeamu.exe
  C:\Windows\System\IxFeamu.exe
  2⤵
  PID:7732
- C:\Windows\System\GGwIEoz.exe
  C:\Windows\System\GGwIEoz.exe
  2⤵
  PID:7752
- C:\Windows\System\ZpPEcHc.exe
  C:\Windows\System\ZpPEcHc.exe
  2⤵
  PID:7776
- C:\Windows\System\VqDTvvI.exe
  C:\Windows\System\VqDTvvI.exe
  2⤵
  PID:7792
- C:\Windows\System\eYklbxJ.exe
  C:\Windows\System\eYklbxJ.exe
  2⤵
  PID:7816
- C:\Windows\System\tAWvlsP.exe
  C:\Windows\System\tAWvlsP.exe
  2⤵
  PID:7836
- C:\Windows\System\JIfjHAK.exe
  C:\Windows\System\JIfjHAK.exe
  2⤵
  PID:7856
- C:\Windows\System\AJDAavc.exe
  C:\Windows\System\AJDAavc.exe
  2⤵
  PID:7872
- C:\Windows\System\paAXOLw.exe
  C:\Windows\System\paAXOLw.exe
  2⤵
  PID:7892
- C:\Windows\System\TUCRfOx.exe
  C:\Windows\System\TUCRfOx.exe
  2⤵
  PID:7908
- C:\Windows\System\MQENIqu.exe
  C:\Windows\System\MQENIqu.exe
  2⤵
  PID:7928
- C:\Windows\System\AKhSkqL.exe
  C:\Windows\System\AKhSkqL.exe
  2⤵
  PID:7944
- C:\Windows\System\gXFbYcJ.exe
  C:\Windows\System\gXFbYcJ.exe
  2⤵
  PID:7960
- C:\Windows\System\rbBhDGj.exe
  C:\Windows\System\rbBhDGj.exe
  2⤵
  PID:7980
- C:\Windows\System\xPdgGkD.exe
  C:\Windows\System\xPdgGkD.exe
  2⤵
  PID:8016
- C:\Windows\System\KSNLNWt.exe
  C:\Windows\System\KSNLNWt.exe
  2⤵
  PID:8032
- C:\Windows\System\JAEVfPs.exe
  C:\Windows\System\JAEVfPs.exe
  2⤵
  PID:8052
- C:\Windows\System\bADMcSe.exe
  C:\Windows\System\bADMcSe.exe
  2⤵
  PID:8068
- C:\Windows\System\XGIsNYe.exe
  C:\Windows\System\XGIsNYe.exe
  2⤵
  PID:8100
- C:\Windows\System\NREgSiF.exe
  C:\Windows\System\NREgSiF.exe
  2⤵
  PID:8116
- C:\Windows\System\JpDbCxS.exe
  C:\Windows\System\JpDbCxS.exe
  2⤵
  PID:8132
- C:\Windows\System\BSxkaUS.exe
  C:\Windows\System\BSxkaUS.exe
  2⤵
  PID:8152
- C:\Windows\System\TAOcfiV.exe
  C:\Windows\System\TAOcfiV.exe
  2⤵
  PID:8176
- C:\Windows\System\UrsZLnD.exe
  C:\Windows\System\UrsZLnD.exe
  2⤵
  PID:1484
- C:\Windows\System\orxSmdg.exe
  C:\Windows\System\orxSmdg.exe
  2⤵
  PID:6724
- C:\Windows\System\BHwYuSp.exe
  C:\Windows\System\BHwYuSp.exe
  2⤵
  PID:7184
- C:\Windows\System\blPAiJo.exe
  C:\Windows\System\blPAiJo.exe
  2⤵
  PID:7224
- C:\Windows\System\WQCgPde.exe
  C:\Windows\System\WQCgPde.exe
  2⤵
  PID:7204
- C:\Windows\System\JkhaRIg.exe
  C:\Windows\System\JkhaRIg.exe
  2⤵
  PID:7264
- C:\Windows\System\DyIzBNq.exe
  C:\Windows\System\DyIzBNq.exe
  2⤵
  PID:7312
- C:\Windows\System\wOgBiIc.exe
  C:\Windows\System\wOgBiIc.exe
  2⤵
  PID:7280
- C:\Windows\System\BhecGDL.exe
  C:\Windows\System\BhecGDL.exe
  2⤵
  PID:7324
- C:\Windows\System\TFznyRh.exe
  C:\Windows\System\TFznyRh.exe
  2⤵
  PID:7408
- C:\Windows\System\lvNfcaV.exe
  C:\Windows\System\lvNfcaV.exe
  2⤵
  PID:6472
- C:\Windows\System\nAFyuwb.exe
  C:\Windows\System\nAFyuwb.exe
  2⤵
  PID:7368
- C:\Windows\System\fVelXiN.exe
  C:\Windows\System\fVelXiN.exe
  2⤵
  PID:6228
- C:\Windows\System\qJhqsdi.exe
  C:\Windows\System\qJhqsdi.exe
  2⤵
  PID:5860
- C:\Windows\System\xhFbxQg.exe
  C:\Windows\System\xhFbxQg.exe
  2⤵
  PID:7440
- C:\Windows\System\yIXsvcV.exe
  C:\Windows\System\yIXsvcV.exe
  2⤵
  PID:2680
- C:\Windows\System\RizmiUZ.exe
  C:\Windows\System\RizmiUZ.exe
  2⤵
  PID:7504
- C:\Windows\System\nGiQsPv.exe
  C:\Windows\System\nGiQsPv.exe
  2⤵
  PID:7512
- C:\Windows\System\srrDCvC.exe
  C:\Windows\System\srrDCvC.exe
  2⤵
  PID:7564
- C:\Windows\System\RwoWoeP.exe
  C:\Windows\System\RwoWoeP.exe
  2⤵
  PID:7580
- C:\Windows\System\APKsSau.exe
  C:\Windows\System\APKsSau.exe
  2⤵
  PID:2464
- C:\Windows\System\pFKMIAj.exe
  C:\Windows\System\pFKMIAj.exe
  2⤵
  PID:7600
- C:\Windows\System\wNDFnIs.exe
  C:\Windows\System\wNDFnIs.exe
  2⤵
  PID:7644
- C:\Windows\System\GAVbENw.exe
  C:\Windows\System\GAVbENw.exe
  2⤵
  PID:7680
- C:\Windows\System\FtsRhsT.exe
  C:\Windows\System\FtsRhsT.exe
  2⤵
  PID:7696
- C:\Windows\System\FxMQrer.exe
  C:\Windows\System\FxMQrer.exe
  2⤵
  PID:7656
- C:\Windows\System\SmgSEVB.exe
  C:\Windows\System\SmgSEVB.exe
  2⤵
  PID:7744
- C:\Windows\System\sGdosWi.exe
  C:\Windows\System\sGdosWi.exe
  2⤵
  PID:7772
- C:\Windows\System\zKNFXeZ.exe
  C:\Windows\System\zKNFXeZ.exe
  2⤵
  PID:7800
- C:\Windows\System\QoGRqSS.exe
  C:\Windows\System\QoGRqSS.exe
  2⤵
  PID:7824
- C:\Windows\System\ZuWTOVd.exe
  C:\Windows\System\ZuWTOVd.exe
  2⤵
  PID:7428
- C:\Windows\System\soNUBJM.exe
  C:\Windows\System\soNUBJM.exe
  2⤵
  PID:7852
- C:\Windows\System\rXZIFRe.exe
  C:\Windows\System\rXZIFRe.exe
  2⤵
  PID:7972
- C:\Windows\System\hnDnngl.exe
  C:\Windows\System\hnDnngl.exe
  2⤵
  PID:7916
- C:\Windows\System\OaqEudv.exe
  C:\Windows\System\OaqEudv.exe
  2⤵
  PID:7888
- C:\Windows\System\zFbRUjr.exe
  C:\Windows\System\zFbRUjr.exe
  2⤵
  PID:7956
- C:\Windows\System\OYERISI.exe
  C:\Windows\System\OYERISI.exe
  2⤵
  PID:8000
- C:\Windows\System\RtARfJa.exe
  C:\Windows\System\RtARfJa.exe
  2⤵
  PID:8008
- C:\Windows\System\TaayQsc.exe
  C:\Windows\System\TaayQsc.exe
  2⤵
  PID:8044
- C:\Windows\System\UUlnuYw.exe
  C:\Windows\System\UUlnuYw.exe
  2⤵
  PID:8084
- C:\Windows\System\nGkvlFp.exe
  C:\Windows\System\nGkvlFp.exe
  2⤵
  PID:8080
- C:\Windows\System\rBcduaO.exe
  C:\Windows\System\rBcduaO.exe
  2⤵
  PID:8172
- C:\Windows\System\SXzWexm.exe
  C:\Windows\System\SXzWexm.exe
  2⤵
  PID:8140
- C:\Windows\System\zsievGM.exe
  C:\Windows\System\zsievGM.exe
  2⤵
  PID:8184
- C:\Windows\System\ynEbKaj.exe
  C:\Windows\System\ynEbKaj.exe
  2⤵
  PID:6432
- C:\Windows\System\zyWnGFZ.exe
  C:\Windows\System\zyWnGFZ.exe
  2⤵
  PID:432
- C:\Windows\System\yLUGhOU.exe
  C:\Windows\System\yLUGhOU.exe
  2⤵
  PID:7300
- C:\Windows\System\MlKXOGB.exe
  C:\Windows\System\MlKXOGB.exe
  2⤵
  PID:6300
- C:\Windows\System\ZvlJriq.exe
  C:\Windows\System\ZvlJriq.exe
  2⤵
  PID:7364
- C:\Windows\System\pVDYWUg.exe
  C:\Windows\System\pVDYWUg.exe
  2⤵
  PID:7308
- C:\Windows\System\LuHeQUn.exe
  C:\Windows\System\LuHeQUn.exe
  2⤵
  PID:6320
- C:\Windows\System\stBlQjc.exe
  C:\Windows\System\stBlQjc.exe
  2⤵
  PID:6404
- C:\Windows\System\TbogGPF.exe
  C:\Windows\System\TbogGPF.exe
  2⤵
  PID:7460
- C:\Windows\System\SEBQcqY.exe
  C:\Windows\System\SEBQcqY.exe
  2⤵
  PID:7740
- C:\Windows\System\YpygllQ.exe
  C:\Windows\System\YpygllQ.exe
  2⤵
  PID:7528
- C:\Windows\System\iYExudL.exe
  C:\Windows\System\iYExudL.exe
  2⤵
  PID:7572
- C:\Windows\System\WvwblFY.exe
  C:\Windows\System\WvwblFY.exe
  2⤵
  PID:7596
- C:\Windows\System\sDaFyLx.exe
  C:\Windows\System\sDaFyLx.exe
  2⤵
  PID:7704
- C:\Windows\System\GKMoshG.exe
  C:\Windows\System\GKMoshG.exe
  2⤵
  PID:7832
- C:\Windows\System\klMplmR.exe
  C:\Windows\System\klMplmR.exe
  2⤵
  PID:7760
- C:\Windows\System\cYnkIMk.exe
  C:\Windows\System\cYnkIMk.exe
  2⤵
  PID:7936
- C:\Windows\System\rtIktDH.exe
  C:\Windows\System\rtIktDH.exe
  2⤵
  PID:8028
- C:\Windows\System\ZANSsaO.exe
  C:\Windows\System\ZANSsaO.exe
  2⤵
  PID:7764
- C:\Windows\System\DQpFZgX.exe
  C:\Windows\System\DQpFZgX.exe
  2⤵
  PID:8092
- C:\Windows\System\vMZuphj.exe
  C:\Windows\System\vMZuphj.exe
  2⤵
  PID:7200
- C:\Windows\System\LwVGwNQ.exe
  C:\Windows\System\LwVGwNQ.exe
  2⤵
  PID:8004
- C:\Windows\System\msggrnY.exe
  C:\Windows\System\msggrnY.exe
  2⤵
  PID:8128
- C:\Windows\System\PUNrwRS.exe
  C:\Windows\System\PUNrwRS.exe
  2⤵
  PID:7344
- C:\Windows\System\INOcpMP.exe
  C:\Windows\System\INOcpMP.exe
  2⤵
  PID:7348
- C:\Windows\System\nqPxzeX.exe
  C:\Windows\System\nqPxzeX.exe
  2⤵
  PID:7420
- C:\Windows\System\sbwHPIk.exe
  C:\Windows\System\sbwHPIk.exe
  2⤵
  PID:7636
- C:\Windows\System\sHIfjdg.exe
  C:\Windows\System\sHIfjdg.exe
  2⤵
  PID:7244
- C:\Windows\System\iLzvGsn.exe
  C:\Windows\System\iLzvGsn.exe
  2⤵
  PID:2076
- C:\Windows\System\IxhhqrM.exe
  C:\Windows\System\IxhhqrM.exe
  2⤵
  PID:2276
- C:\Windows\System\NPODREX.exe
  C:\Windows\System\NPODREX.exe
  2⤵
  PID:7720
- C:\Windows\System\cbbQFdH.exe
  C:\Windows\System\cbbQFdH.exe
  2⤵
  PID:8088
- C:\Windows\System\sBMiwVd.exe
  C:\Windows\System\sBMiwVd.exe
  2⤵
  PID:7864
- C:\Windows\System\LVWvkIW.exe
  C:\Windows\System\LVWvkIW.exe
  2⤵
  PID:5684
- C:\Windows\System\GqEneGG.exe
  C:\Windows\System\GqEneGG.exe
  2⤵
  PID:8112
- C:\Windows\System\qgAiAfn.exe
  C:\Windows\System\qgAiAfn.exe
  2⤵
  PID:7592
- C:\Windows\System\QUTVeHW.exe
  C:\Windows\System\QUTVeHW.exe
  2⤵
  PID:7788
- C:\Windows\System\fziCmsu.exe
  C:\Windows\System\fziCmsu.exe
  2⤵
  PID:4684
- C:\Windows\System\jbAgYjZ.exe
  C:\Windows\System\jbAgYjZ.exe
  2⤵
  PID:7544
- C:\Windows\System\mXqnmZI.exe
  C:\Windows\System\mXqnmZI.exe
  2⤵
  PID:8076
- C:\Windows\System\qIcFwQQ.exe
  C:\Windows\System\qIcFwQQ.exe
  2⤵
  PID:8196
- C:\Windows\System\lZgjPWe.exe
  C:\Windows\System\lZgjPWe.exe
  2⤵
  PID:8212
- C:\Windows\System\bGXrpkI.exe
  C:\Windows\System\bGXrpkI.exe
  2⤵
  PID:8228
- C:\Windows\System\XbIkBcR.exe
  C:\Windows\System\XbIkBcR.exe
  2⤵
  PID:8244
- C:\Windows\System\RvrhZpL.exe
  C:\Windows\System\RvrhZpL.exe
  2⤵
  PID:8260
- C:\Windows\System\XEVLKzj.exe
  C:\Windows\System\XEVLKzj.exe
  2⤵
  PID:8276
- C:\Windows\System\XrHATcM.exe
  C:\Windows\System\XrHATcM.exe
  2⤵
  PID:8340
- C:\Windows\System\TWAsgtd.exe
  C:\Windows\System\TWAsgtd.exe
  2⤵
  PID:8356
- C:\Windows\System\scVVWEV.exe
  C:\Windows\System\scVVWEV.exe
  2⤵
  PID:8372
- C:\Windows\System\llXdVGA.exe
  C:\Windows\System\llXdVGA.exe
  2⤵
  PID:8400
- C:\Windows\System\ONPCBCw.exe
  C:\Windows\System\ONPCBCw.exe
  2⤵
  PID:8416
- C:\Windows\System\iEiOGPZ.exe
  C:\Windows\System\iEiOGPZ.exe
  2⤵
  PID:8436
- C:\Windows\System\YTdLRDh.exe
  C:\Windows\System\YTdLRDh.exe
  2⤵
  PID:8452
- C:\Windows\System\YeoUrLj.exe
  C:\Windows\System\YeoUrLj.exe
  2⤵
  PID:8468
- C:\Windows\System\rQGXjrY.exe
  C:\Windows\System\rQGXjrY.exe
  2⤵
  PID:8496
- C:\Windows\System\TueNPqX.exe
  C:\Windows\System\TueNPqX.exe
  2⤵
  PID:8512
- C:\Windows\System\OmntSCN.exe
  C:\Windows\System\OmntSCN.exe
  2⤵
  PID:8528
- C:\Windows\System\lKkyocN.exe
  C:\Windows\System\lKkyocN.exe
  2⤵
  PID:8564
- C:\Windows\System\CzZIZUd.exe
  C:\Windows\System\CzZIZUd.exe
  2⤵
  PID:8588
- C:\Windows\System\ETRVEwM.exe
  C:\Windows\System\ETRVEwM.exe
  2⤵
  PID:8608
- C:\Windows\System\oFNyAZO.exe
  C:\Windows\System\oFNyAZO.exe
  2⤵
  PID:8624
- C:\Windows\System\HilfGkp.exe
  C:\Windows\System\HilfGkp.exe
  2⤵
  PID:8648
- C:\Windows\System\YmyQRgb.exe
  C:\Windows\System\YmyQRgb.exe
  2⤵
  PID:8668
- C:\Windows\System\eLUPKhs.exe
  C:\Windows\System\eLUPKhs.exe
  2⤵
  PID:8684
- C:\Windows\System\HNiRtgt.exe
  C:\Windows\System\HNiRtgt.exe
  2⤵
  PID:8700
- C:\Windows\System\cCbsSyy.exe
  C:\Windows\System\cCbsSyy.exe
  2⤵
  PID:8732
- C:\Windows\System\MHhSczQ.exe
  C:\Windows\System\MHhSczQ.exe
  2⤵
  PID:8752
- C:\Windows\System\uBGfxSu.exe
  C:\Windows\System\uBGfxSu.exe
  2⤵
  PID:8768
- C:\Windows\System\mgGuelh.exe
  C:\Windows\System\mgGuelh.exe
  2⤵
  PID:8784
- C:\Windows\System\WwInpTw.exe
  C:\Windows\System\WwInpTw.exe
  2⤵
  PID:8804
- C:\Windows\System\nkHTTXb.exe
  C:\Windows\System\nkHTTXb.exe
  2⤵
  PID:8824
- C:\Windows\System\FTkrsSm.exe
  C:\Windows\System\FTkrsSm.exe
  2⤵
  PID:8848
- C:\Windows\System\AMpcbHv.exe
  C:\Windows\System\AMpcbHv.exe
  2⤵
  PID:8864
- C:\Windows\System\EkSdNwp.exe
  C:\Windows\System\EkSdNwp.exe
  2⤵
  PID:8884
- C:\Windows\System\diBJnWA.exe
  C:\Windows\System\diBJnWA.exe
  2⤵
  PID:8904
- C:\Windows\System\KgzuoLO.exe
  C:\Windows\System\KgzuoLO.exe
  2⤵
  PID:8920
- C:\Windows\System\uCGrmZJ.exe
  C:\Windows\System\uCGrmZJ.exe
  2⤵
  PID:8952
- C:\Windows\System\VnizIVi.exe
  C:\Windows\System\VnizIVi.exe
  2⤵
  PID:8968
- C:\Windows\System\kehwJxE.exe
  C:\Windows\System\kehwJxE.exe
  2⤵
  PID:8988
- C:\Windows\System\FaeEwec.exe
  C:\Windows\System\FaeEwec.exe
  2⤵
  PID:9004
- C:\Windows\System\VwTNUVi.exe
  C:\Windows\System\VwTNUVi.exe
  2⤵
  PID:9020
- C:\Windows\System\Efcoweu.exe
  C:\Windows\System\Efcoweu.exe
  2⤵
  PID:9040
- C:\Windows\System\fOPuROf.exe
  C:\Windows\System\fOPuROf.exe
  2⤵
  PID:9060
- C:\Windows\System\DLgVxST.exe
  C:\Windows\System\DLgVxST.exe
  2⤵
  PID:9092
- C:\Windows\System\BUXTYnd.exe
  C:\Windows\System\BUXTYnd.exe
  2⤵
  PID:9112
- C:\Windows\System\neEIFDJ.exe
  C:\Windows\System\neEIFDJ.exe
  2⤵
  PID:9128
- C:\Windows\System\dHEHxnW.exe
  C:\Windows\System\dHEHxnW.exe
  2⤵
  PID:9144
- C:\Windows\System\vsxcZGh.exe
  C:\Windows\System\vsxcZGh.exe
  2⤵
  PID:9176
- C:\Windows\System\mUrDzRU.exe
  C:\Windows\System\mUrDzRU.exe
  2⤵
  PID:9192
- C:\Windows\System\ZSaMeBV.exe
  C:\Windows\System\ZSaMeBV.exe
  2⤵
  PID:9208
- C:\Windows\System\hfdsbBp.exe
  C:\Windows\System\hfdsbBp.exe
  2⤵
  PID:8148
- C:\Windows\System\zTgFGLV.exe
  C:\Windows\System\zTgFGLV.exe
  2⤵
  PID:8224
- C:\Windows\System\ewNSWmW.exe
  C:\Windows\System\ewNSWmW.exe
  2⤵
  PID:8308
- C:\Windows\System\feddlrE.exe
  C:\Windows\System\feddlrE.exe
  2⤵
  PID:8296
- C:\Windows\System\ZNfnOHX.exe
  C:\Windows\System\ZNfnOHX.exe
  2⤵
  PID:8328
- C:\Windows\System\WnIfeBv.exe
  C:\Windows\System\WnIfeBv.exe
  2⤵
  PID:8240
- C:\Windows\System\CNUhJSm.exe
  C:\Windows\System\CNUhJSm.exe
  2⤵
  PID:8348
- C:\Windows\System\fvkUpnN.exe
  C:\Windows\System\fvkUpnN.exe
  2⤵
  PID:8368
- C:\Windows\System\hBKMfXh.exe
  C:\Windows\System\hBKMfXh.exe
  2⤵
  PID:8424
- C:\Windows\System\KcSQirz.exe
  C:\Windows\System\KcSQirz.exe
  2⤵
  PID:8432
- C:\Windows\System\mYjMLGw.exe
  C:\Windows\System\mYjMLGw.exe
  2⤵
  PID:960
- C:\Windows\System\MxAlzXk.exe
  C:\Windows\System\MxAlzXk.exe
  2⤵
  PID:8412
- C:\Windows\System\iphMnEm.exe
  C:\Windows\System\iphMnEm.exe
  2⤵
  PID:8492
- C:\Windows\System\LzGlfYI.exe
  C:\Windows\System\LzGlfYI.exe
  2⤵
  PID:8544
- C:\Windows\System\VCXXIhG.exe
  C:\Windows\System\VCXXIhG.exe
  2⤵
  PID:8540
- C:\Windows\System\FsCxysK.exe
  C:\Windows\System\FsCxysK.exe
  2⤵
  PID:8632
- C:\Windows\System\ztRLrHI.exe
  C:\Windows\System\ztRLrHI.exe
  2⤵
  PID:8636
- C:\Windows\System\joLQXEQ.exe
  C:\Windows\System\joLQXEQ.exe
  2⤵
  PID:8692
- C:\Windows\System\JARlDXV.exe
  C:\Windows\System\JARlDXV.exe
  2⤵
  PID:8740
- C:\Windows\System\GIIrcqQ.exe
  C:\Windows\System\GIIrcqQ.exe
  2⤵
  PID:8728
- C:\Windows\System\KSWueId.exe
  C:\Windows\System\KSWueId.exe
  2⤵
  PID:8812
- C:\Windows\System\brpmiiY.exe
  C:\Windows\System\brpmiiY.exe
  2⤵
  PID:8856
- C:\Windows\System\dCisUoS.exe
  C:\Windows\System\dCisUoS.exe
  2⤵
  PID:8900
- C:\Windows\System\Ktjglzg.exe
  C:\Windows\System\Ktjglzg.exe
  2⤵
  PID:8940
- C:\Windows\System\QKKnTdX.exe
  C:\Windows\System\QKKnTdX.exe
  2⤵
  PID:8796
- C:\Windows\System\HiDMQSk.exe
  C:\Windows\System\HiDMQSk.exe
  2⤵
  PID:8916
- C:\Windows\System\PqVSuxy.exe
  C:\Windows\System\PqVSuxy.exe
  2⤵
  PID:8984
- C:\Windows\System\xiUrBdu.exe
  C:\Windows\System\xiUrBdu.exe
  2⤵
  PID:9052
- C:\Windows\System\aYhfyXb.exe
  C:\Windows\System\aYhfyXb.exe
  2⤵
  PID:2108
- C:\Windows\System\opLDqHD.exe
  C:\Windows\System\opLDqHD.exe
  2⤵
  PID:8996
- C:\Windows\System\wpzSsdW.exe
  C:\Windows\System\wpzSsdW.exe
  2⤵
  PID:9100
- C:\Windows\System\kqYCWva.exe
  C:\Windows\System\kqYCWva.exe
  2⤵
  PID:9088
- C:\Windows\System\KcyBVqP.exe
  C:\Windows\System\KcyBVqP.exe
  2⤵
  PID:9076
- C:\Windows\System\zoVPzQP.exe
  C:\Windows\System\zoVPzQP.exe
  2⤵
  PID:9184
- C:\Windows\System\QYuwZZm.exe
  C:\Windows\System\QYuwZZm.exe
  2⤵
  PID:7416
- C:\Windows\System\IThaxWp.exe
  C:\Windows\System\IThaxWp.exe
  2⤵
  PID:8324
- C:\Windows\System\mIRWsLP.exe
  C:\Windows\System\mIRWsLP.exe
  2⤵
  PID:9204
- C:\Windows\System\DfQBnuE.exe
  C:\Windows\System\DfQBnuE.exe
  2⤵
  PID:8332
- C:\Windows\System\mwbVTQk.exe
  C:\Windows\System\mwbVTQk.exe
  2⤵
  PID:8204
- C:\Windows\System\vqBQXvm.exe
  C:\Windows\System\vqBQXvm.exe
  2⤵
  PID:7404
- C:\Windows\System\oAIZCzp.exe
  C:\Windows\System\oAIZCzp.exe
  2⤵
  PID:7724
- C:\Windows\System\nUtjSGF.exe
  C:\Windows\System\nUtjSGF.exe
  2⤵
  PID:8428
- C:\Windows\System\hThaVgv.exe
  C:\Windows\System\hThaVgv.exe
  2⤵
  PID:8484
- C:\Windows\System\bEHQQuF.exe
  C:\Windows\System\bEHQQuF.exe
  2⤵
  PID:920
- C:\Windows\System\pjUzmjG.exe
  C:\Windows\System\pjUzmjG.exe
  2⤵
  PID:8604
- C:\Windows\System\gJgheTd.exe
  C:\Windows\System\gJgheTd.exe
  2⤵
  PID:8508
- C:\Windows\System\xycOjtl.exe
  C:\Windows\System\xycOjtl.exe
  2⤵
  PID:8744
- C:\Windows\System\ZGehnuN.exe
  C:\Windows\System\ZGehnuN.exe
  2⤵
  PID:8676
- C:\Windows\System\ohzwwaV.exe
  C:\Windows\System\ohzwwaV.exe
  2⤵
  PID:8708
- C:\Windows\System\SjqKGRS.exe
  C:\Windows\System\SjqKGRS.exe
  2⤵
  PID:8912
- C:\Windows\System\VEcuMZM.exe
  C:\Windows\System\VEcuMZM.exe
  2⤵
  PID:8816
- C:\Windows\System\WsoKKKT.exe
  C:\Windows\System\WsoKKKT.exe
  2⤵
  PID:9072
- C:\Windows\System\VYirjFr.exe
  C:\Windows\System\VYirjFr.exe
  2⤵
  PID:9140
- C:\Windows\System\IjyAbZP.exe
  C:\Windows\System\IjyAbZP.exe
  2⤵
  PID:268
- C:\Windows\System\HJuIUQF.exe
  C:\Windows\System\HJuIUQF.exe
  2⤵
  PID:8960
- C:\Windows\System\MMdrFmT.exe
  C:\Windows\System\MMdrFmT.exe
  2⤵
  PID:2656
- C:\Windows\System\plvwxcw.exe
  C:\Windows\System\plvwxcw.exe
  2⤵
  PID:9084
- C:\Windows\System\CUHwNes.exe
  C:\Windows\System\CUHwNes.exe
  2⤵
  PID:8256
- C:\Windows\System\XCtTkdh.exe
  C:\Windows\System\XCtTkdh.exe
  2⤵
  PID:8464
- C:\Windows\System\UgZEeUa.exe
  C:\Windows\System\UgZEeUa.exe
  2⤵
  PID:8536
- C:\Windows\System\AwDGcBS.exe
  C:\Windows\System\AwDGcBS.exe
  2⤵
  PID:8748
- C:\Windows\System\JAAOGLH.exe
  C:\Windows\System\JAAOGLH.exe
  2⤵
  PID:8304
- C:\Windows\System\yTLSshi.exe
  C:\Windows\System\yTLSshi.exe
  2⤵
  PID:8844
- C:\Windows\System\qxAGfpR.exe
  C:\Windows\System\qxAGfpR.exe
  2⤵
  PID:8220
- C:\Windows\System\YVpXfAa.exe
  C:\Windows\System\YVpXfAa.exe
  2⤵
  PID:8380
- C:\Windows\System\SlsOGSx.exe
  C:\Windows\System\SlsOGSx.exe
  2⤵
  PID:8488
- C:\Windows\System\ykOUHNm.exe
  C:\Windows\System\ykOUHNm.exe
  2⤵
  PID:8664
- C:\Windows\System\XcYvcpo.exe
  C:\Windows\System\XcYvcpo.exe
  2⤵
  PID:8872
- C:\Windows\System\RigaUva.exe
  C:\Windows\System\RigaUva.exe
  2⤵
  PID:8320
- C:\Windows\System\JLzYzXQ.exe
  C:\Windows\System\JLzYzXQ.exe
  2⤵
  PID:2540
- C:\Windows\System\WSyFQqL.exe
  C:\Windows\System\WSyFQqL.exe
  2⤵
  PID:7388
- C:\Windows\System\qjFVDmx.exe
  C:\Windows\System\qjFVDmx.exe
  2⤵
  PID:9080
- C:\Windows\System\ZsCPfOw.exe
  C:\Windows\System\ZsCPfOw.exe
  2⤵
  PID:544
- C:\Windows\System\gCrllfh.exe
  C:\Windows\System\gCrllfh.exe
  2⤵
  PID:9168
- C:\Windows\System\PPTOdyx.exe
  C:\Windows\System\PPTOdyx.exe
  2⤵
  PID:8316
- C:\Windows\System\XnQyLEz.exe
  C:\Windows\System\XnQyLEz.exe
  2⤵
  PID:8572
- C:\Windows\System\nSSsoCe.exe
  C:\Windows\System\nSSsoCe.exe
  2⤵
  PID:8444
- C:\Windows\System\yUQNntN.exe
  C:\Windows\System\yUQNntN.exe
  2⤵
  PID:9056
- C:\Windows\System\BwSAogk.exe
  C:\Windows\System\BwSAogk.exe
  2⤵
  PID:3036
- C:\Windows\System\jCpcrbp.exe
  C:\Windows\System\jCpcrbp.exe
  2⤵
  PID:8792
- C:\Windows\System\gDuwroF.exe
  C:\Windows\System\gDuwroF.exe
  2⤵
  PID:8556
- C:\Windows\System\qhaoilK.exe
  C:\Windows\System\qhaoilK.exe
  2⤵
  PID:9104
- C:\Windows\System\XMPwJmt.exe
  C:\Windows\System\XMPwJmt.exe
  2⤵
  PID:9200
- C:\Windows\System\GNFJFoN.exe
  C:\Windows\System\GNFJFoN.exe
  2⤵
  PID:2496
- C:\Windows\System\hIpbLsc.exe
  C:\Windows\System\hIpbLsc.exe
  2⤵
  PID:8896
- C:\Windows\System\YhxhsGT.exe
  C:\Windows\System\YhxhsGT.exe
  2⤵
  PID:9232
- C:\Windows\System\jReDhaL.exe
  C:\Windows\System\jReDhaL.exe
  2⤵
  PID:9268
- C:\Windows\System\inQgHla.exe
  C:\Windows\System\inQgHla.exe
  2⤵
  PID:9296
- C:\Windows\System\PPXlZHe.exe
  C:\Windows\System\PPXlZHe.exe
  2⤵
  PID:9316
- C:\Windows\System\HTkVoph.exe
  C:\Windows\System\HTkVoph.exe
  2⤵
  PID:9332
- C:\Windows\System\rbJUxcl.exe
  C:\Windows\System\rbJUxcl.exe
  2⤵
  PID:9352
- C:\Windows\System\GDSYbBI.exe
  C:\Windows\System\GDSYbBI.exe
  2⤵
  PID:9368
- C:\Windows\System\FrJCdGc.exe
  C:\Windows\System\FrJCdGc.exe
  2⤵
  PID:9384
- C:\Windows\System\KfbCIqo.exe
  C:\Windows\System\KfbCIqo.exe
  2⤵
  PID:9400
- C:\Windows\System\GsyEkaD.exe
  C:\Windows\System\GsyEkaD.exe
  2⤵
  PID:9424
- C:\Windows\System\HABGxDN.exe
  C:\Windows\System\HABGxDN.exe
  2⤵
  PID:9440
- C:\Windows\System\sasOkTk.exe
  C:\Windows\System\sasOkTk.exe
  2⤵
  PID:9456
- C:\Windows\System\pXBQrtU.exe
  C:\Windows\System\pXBQrtU.exe
  2⤵
  PID:9472
- C:\Windows\System\LJYjjyj.exe
  C:\Windows\System\LJYjjyj.exe
  2⤵
  PID:9488
- C:\Windows\System\TlDKOJh.exe
  C:\Windows\System\TlDKOJh.exe
  2⤵
  PID:9516
- C:\Windows\System\mpwPBXo.exe
  C:\Windows\System\mpwPBXo.exe
  2⤵
  PID:9532
- C:\Windows\System\gvGIYKJ.exe
  C:\Windows\System\gvGIYKJ.exe
  2⤵
  PID:9548
- C:\Windows\System\SPvCQPf.exe
  C:\Windows\System\SPvCQPf.exe
  2⤵
  PID:9564
- C:\Windows\System\WAepmJj.exe
  C:\Windows\System\WAepmJj.exe
  2⤵
  PID:9580
- C:\Windows\System\IhtUoCG.exe
  C:\Windows\System\IhtUoCG.exe
  2⤵
  PID:9600
- C:\Windows\System\jpYybvf.exe
  C:\Windows\System\jpYybvf.exe
  2⤵
  PID:9624
- C:\Windows\System\MNzuKZe.exe
  C:\Windows\System\MNzuKZe.exe
  2⤵
  PID:9648
- C:\Windows\System\qRMulvG.exe
  C:\Windows\System\qRMulvG.exe
  2⤵
  PID:9684
- C:\Windows\System\yaRjjjS.exe
  C:\Windows\System\yaRjjjS.exe
  2⤵
  PID:9708
- C:\Windows\System\vgDyEMX.exe
  C:\Windows\System\vgDyEMX.exe
  2⤵
  PID:9724
- C:\Windows\System\wUdNiGT.exe
  C:\Windows\System\wUdNiGT.exe
  2⤵
  PID:9744
- C:\Windows\System\WDGVyWS.exe
  C:\Windows\System\WDGVyWS.exe
  2⤵
  PID:9760
- C:\Windows\System\MgKcYJJ.exe
  C:\Windows\System\MgKcYJJ.exe
  2⤵
  PID:9788
- C:\Windows\System\hNduewc.exe
  C:\Windows\System\hNduewc.exe
  2⤵
  PID:9804
- C:\Windows\System\TtDebul.exe
  C:\Windows\System\TtDebul.exe
  2⤵
  PID:9820
- C:\Windows\System\pVQzvKw.exe
  C:\Windows\System\pVQzvKw.exe
  2⤵
  PID:9840
- C:\Windows\System\yNTqyGx.exe
  C:\Windows\System\yNTqyGx.exe
  2⤵
  PID:9860
- C:\Windows\System\YUFCkSH.exe
  C:\Windows\System\YUFCkSH.exe
  2⤵
  PID:9888
- C:\Windows\System\amGVHCw.exe
  C:\Windows\System\amGVHCw.exe
  2⤵
  PID:9904
- C:\Windows\System\bEaqria.exe
  C:\Windows\System\bEaqria.exe
  2⤵
  PID:9924
- C:\Windows\System\BAuPkJp.exe
  C:\Windows\System\BAuPkJp.exe
  2⤵
  PID:9940
- C:\Windows\System\nMnLzRg.exe
  C:\Windows\System\nMnLzRg.exe
  2⤵
  PID:9960
- C:\Windows\System\TqwPRVz.exe
  C:\Windows\System\TqwPRVz.exe
  2⤵
  PID:10004
- C:\Windows\System\ibjuhvS.exe
  C:\Windows\System\ibjuhvS.exe
  2⤵
  PID:10020
- C:\Windows\System\GsbFAjo.exe
  C:\Windows\System\GsbFAjo.exe
  2⤵
  PID:10040
- C:\Windows\System\gJUKRWa.exe
  C:\Windows\System\gJUKRWa.exe
  2⤵
  PID:10060
- C:\Windows\System\vOosUDv.exe
  C:\Windows\System\vOosUDv.exe
  2⤵
  PID:10076
- C:\Windows\System\GPHEdGE.exe
  C:\Windows\System\GPHEdGE.exe
  2⤵
  PID:10092
- C:\Windows\System\JTLTKnI.exe
  C:\Windows\System\JTLTKnI.exe
  2⤵
  PID:10112
- C:\Windows\System\HqAbaRr.exe
  C:\Windows\System\HqAbaRr.exe
  2⤵
  PID:10128
- C:\Windows\System\heHzVgt.exe
  C:\Windows\System\heHzVgt.exe
  2⤵
  PID:10148
- C:\Windows\System\giZXxaY.exe
  C:\Windows\System\giZXxaY.exe
  2⤵
  PID:10168
- C:\Windows\System\XyNFIjC.exe
  C:\Windows\System\XyNFIjC.exe
  2⤵
  PID:10184
- C:\Windows\System\BMMuURA.exe
  C:\Windows\System\BMMuURA.exe
  2⤵
  PID:10200
- C:\Windows\System\OXiLfQI.exe
  C:\Windows\System\OXiLfQI.exe
  2⤵
  PID:8504
- C:\Windows\System\ofblafc.exe
  C:\Windows\System\ofblafc.exe
  2⤵
  PID:9244
- C:\Windows\System\SDAwmcr.exe
  C:\Windows\System\SDAwmcr.exe
  2⤵
  PID:2928
- C:\Windows\System\myoWpQC.exe
  C:\Windows\System\myoWpQC.exe
  2⤵
  PID:7228
- C:\Windows\System\woLnsjH.exe
  C:\Windows\System\woLnsjH.exe
  2⤵
  PID:9228
- C:\Windows\System\GGyRCxG.exe
  C:\Windows\System\GGyRCxG.exe
  2⤵
  PID:2908
- C:\Windows\System\weGkxIX.exe
  C:\Windows\System\weGkxIX.exe
  2⤵
  PID:8976
- C:\Windows\System\PVwySUN.exe
  C:\Windows\System\PVwySUN.exe
  2⤵
  PID:9292
- C:\Windows\System\SvGNLKj.exe
  C:\Windows\System\SvGNLKj.exe
  2⤵
  PID:9432
- C:\Windows\System\BOPaxXe.exe
  C:\Windows\System\BOPaxXe.exe
  2⤵
  PID:9436
- C:\Windows\System\vzAraUO.exe
  C:\Windows\System\vzAraUO.exe
  2⤵
  PID:9380
- C:\Windows\System\VPNEuqB.exe
  C:\Windows\System\VPNEuqB.exe
  2⤵
  PID:9500
- C:\Windows\System\FRqfxOH.exe
  C:\Windows\System\FRqfxOH.exe
  2⤵
  PID:9616
- C:\Windows\System\nfEBKly.exe
  C:\Windows\System\nfEBKly.exe
  2⤵
  PID:9660
- C:\Windows\System\jYEYZxN.exe
  C:\Windows\System\jYEYZxN.exe
  2⤵
  PID:9680
- C:\Windows\System\HjGGRxH.exe
  C:\Windows\System\HjGGRxH.exe
  2⤵
  PID:9308
- C:\Windows\System\bVnxSfg.exe
  C:\Windows\System\bVnxSfg.exe
  2⤵
  PID:9348
- C:\Windows\System\ZoZnRIC.exe
  C:\Windows\System\ZoZnRIC.exe
  2⤵
  PID:9420
- C:\Windows\System\vYPdCvN.exe
  C:\Windows\System\vYPdCvN.exe
  2⤵
  PID:1608
- C:\Windows\System\KeWmkiU.exe
  C:\Windows\System\KeWmkiU.exe
  2⤵
  PID:9560
- C:\Windows\System\tHJFIoT.exe
  C:\Windows\System\tHJFIoT.exe
  2⤵
  PID:9636
- C:\Windows\System\xYVuggX.exe
  C:\Windows\System\xYVuggX.exe
  2⤵
  PID:9696
- C:\Windows\System\WYZQOXH.exe
  C:\Windows\System\WYZQOXH.exe
  2⤵
  PID:9732
- C:\Windows\System\GbELBxJ.exe
  C:\Windows\System\GbELBxJ.exe
  2⤵
  PID:9784
- C:\Windows\System\OMnNQth.exe
  C:\Windows\System\OMnNQth.exe
  2⤵
  PID:9952
- C:\Windows\System\gRdKBIK.exe
  C:\Windows\System\gRdKBIK.exe
  2⤵
  PID:9868
- C:\Windows\System\jYaSPnm.exe
  C:\Windows\System\jYaSPnm.exe
  2⤵
  PID:9884
- C:\Windows\System\OqdYoiz.exe
  C:\Windows\System\OqdYoiz.exe
  2⤵
  PID:9956
- C:\Windows\System\CENUisf.exe
  C:\Windows\System\CENUisf.exe
  2⤵
  PID:10028
- C:\Windows\System\jsOIvAR.exe
  C:\Windows\System\jsOIvAR.exe
  2⤵
  PID:2700
- C:\Windows\System\OULYnTw.exe
  C:\Windows\System\OULYnTw.exe
  2⤵
  PID:10032
- C:\Windows\System\btmqnwd.exe
  C:\Windows\System\btmqnwd.exe
  2⤵
  PID:10100
- C:\Windows\System\TzcdxhO.exe
  C:\Windows\System\TzcdxhO.exe
  2⤵
  PID:10176
- C:\Windows\System\XowBewn.exe
  C:\Windows\System\XowBewn.exe
  2⤵
  PID:10048
- C:\Windows\System\CLomADb.exe
  C:\Windows\System\CLomADb.exe
  2⤵
  PID:10052
- C:\Windows\System\CxEdyAe.exe
  C:\Windows\System\CxEdyAe.exe
  2⤵
  PID:10164
- C:\Windows\System\aSxWAhI.exe
  C:\Windows\System\aSxWAhI.exe
  2⤵
  PID:10220
- C:\Windows\System\WGHNSun.exe
  C:\Windows\System\WGHNSun.exe
  2⤵
  PID:10232
- C:\Windows\System\KzyjBvp.exe
  C:\Windows\System\KzyjBvp.exe
  2⤵
  PID:9260
- C:\Windows\System\UvZEhXO.exe
  C:\Windows\System\UvZEhXO.exe
  2⤵
  PID:9396
- C:\Windows\System\YHIqBNe.exe
  C:\Windows\System\YHIqBNe.exe
  2⤵
  PID:9276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DtWoIkd.exe

Filesize
6.0MB

MD5
40e3b4b83500e1920ea035fadebf8fa8

SHA1
33280ea96ac0d24c580ea43466777e4a79f3fe55

SHA256
289f104c3619e485a52e47c4c6b320cd32077818f03f56a4d0b6dbf6f14f59b9

SHA512
8919be80bbf255b724fef47575253379911bef0ad856c8646d7132368608b7d022fbf17234f76d8197220616d919bb052f2858fd1365ac93c3eaf77c534ee204

Download Submit
C:\Windows\system\KgkiRzG.exe

Filesize
6.0MB

MD5
0462555ece476dc046395efce3926f47

SHA1
c4f3a026ecf066af5f786752baca9a468de19563

SHA256
0c9e87404c09617e41887657f1266d883dc4f44fde28fde84daa3d485bde78df

SHA512
f3d731642740213192bf69f119086e7acb41ebeed55ce5e546dff917aa4524b4101cfc02f80bdffef1ce6a7169d9ef4301363e270f556b473be40351035d6664

Download Submit
C:\Windows\system\LoDJYDD.exe

Filesize
6.0MB

MD5
0eaccfd6a3f6fd84cfca496b9d8a9021

SHA1
489d0a66b960967d5891ee95a502ca24613a4c29

SHA256
08244b0bc0ad80927ffd6720bfa1cc1f4740c9c2f0a17c07ef30536cbfd50ea5

SHA512
04e3455954d47667f2019d1a35df24df25c09fa83a81da1776163c2f25f43c7cb9eeeb7ee427f08cc99668203a18b88159e5559b2fb1ef1bf5a3cc19ea1886c3

Download Submit
C:\Windows\system\LpLCzJa.exe

Filesize
6.0MB

MD5
9f83aa8cef006c7c6f73d275d3fa6555

SHA1
27c02fa7c40c3324c34cbf5f5d3f34dc1531dd45

SHA256
a8cd7f05a2a851111cb8d6ac9a80e2580be1fcc8666035e6a04f20cc173e1ea7

SHA512
8f23d5d619b95144b062d252cba4ffffa4f5f05343d6e1810aaa29d1805df1d74d65f15c688190f6887e2b94a0c5b10721b8b002bdd911a3e42a2c6aa1189a6e

Download Submit
C:\Windows\system\NTOwVvd.exe

Filesize
6.0MB

MD5
cf39c4475ddb5f927c7999e44ef84fc0

SHA1
8ffe77cc4504dd946e51f0b45d4d2834dc8caa05

SHA256
4eaba320e6a7adac2712ef5a8f462288066f7e3566186a24dbaf57bc1df30579

SHA512
cedce93299bde79d119801156cf1aabac2fe78a72bf01deca6fa34d8cfc7addcb1a8b6541d3f1a84c175b586119b6998f1c5f59da47be8c8db68e3d4896a28df

Download Submit
C:\Windows\system\QBgaINZ.exe

Filesize
6.0MB

MD5
37bb5ee92fadc789117cc4e4eafedc36

SHA1
02c36a68502171590fe24b6b99c9256047bed380

SHA256
4d18f4b08cbe3ccc9b182940404944469bd46d666516d898c1648da32f538863

SHA512
abfd36331bf3be5116f990786c8815d393b531e8a98a6d3341706b3117def59e7bc1234e3250fa08acd51be0282b714dcf3f3f4dde472dbdb94fe197790ac28d

Download Submit
C:\Windows\system\RURKyTM.exe

Filesize
6.0MB

MD5
9e37cab8d6cfad0fea9287b1845b3dd9

SHA1
a95f55c63d47ccc78d6a28065e35fb6d8b8382e9

SHA256
a06b2a9c4b62c475e7f0dfe7d3c2a7d2ecb3eb35d015da75ee8c83f923910a6b

SHA512
3d8a43d8e81cdc5b30ac14f144848427819c9b29ceee1664680a348e4056d1be7d133ac56a37a8f6c7448748c49dd40eb94b1e30a2b32b19e13249231700f6ef

Download Submit
C:\Windows\system\RqwMhFS.exe

Filesize
6.0MB

MD5
189c17ccbbdc9a936711039ef263974f

SHA1
ef23d60d502578345a2ddba4b3f7870329a68646

SHA256
86504250f0f4e7b431d5547e88ff799f8377a735ba50125052967bcf6dbaed6c

SHA512
03880e5b822b28f2e6cb4ab373316fa57ae7bb4e693dbcf4d68c2ab7cd25d95775db999b88c866438bb80b2d22176e64d8cbc2a1614497c16a839062ff5faa46

Download Submit
C:\Windows\system\SVHrwag.exe

Filesize
6.0MB

MD5
1f641a48fb97fea1b6c97c9c7de4797d

SHA1
47f5e8679e0f64d9c4f5af0057cb829c1fe35fc4

SHA256
616d9c4521790a56bd42902d815087145301046f61165ed5ae47f8f71b4db84a

SHA512
52d62128f6b447e988127304c02ac0a9b9df30e798836bbd2c11e3039afae0fcef00cc3f0dcf481179872f0fd49f5e2b8014f9cc44f037e8689ff249efa41605

Download Submit
C:\Windows\system\SudCNQV.exe

Filesize
6.0MB

MD5
b38bb3f3364728cecd1478288b5c8aa9

SHA1
cf23c69f7ce08fd323272ddf519dd30ea3bd52c0

SHA256
c5b054b930b585ccde64cd8b2c46c92eb78c2de52a5a432879e8da05c9b9818c

SHA512
6a36ec55ec3e8678b9ba37b7f8e3b6024155d7825c75fb1d1855856e40899d11670e0c120595b53f274c0b8fa843c7ce1048aa8b34ba147d0730738eb9dcf733

Download Submit
C:\Windows\system\TWWgEDE.exe

Filesize
6.0MB

MD5
0de06e0ac6422cfd90ecb46c0be140b8

SHA1
36971ca791f94528c3b922e2cb76c110f7d26656

SHA256
a18580f5d2b829a3e22e42c50becf0e888aac5dc3ca018db70a04b53e5e29c1b

SHA512
ef2e6879b769c607cdd628357d1a1d11273691e11bce9dedb773633c4b91f23b3be69ba6b797ad209a465e89bdd9e1cdb98a5e4c51a178d14c79fa67b131db1d

Download Submit
C:\Windows\system\TdanOOS.exe

Filesize
6.0MB

MD5
0e285408d0839d12e1f0f7c980eebcc6

SHA1
a202c55474c104d1a69dc27e268cbba698730c63

SHA256
bd6f88dad5b23e48bf82894e2cf976c64c57eeda3d73665238ff07a2f68bb464

SHA512
d485278fc9ba9e3941d36ef8dcd6a00e6441bd59fb0c3711fb6d0e9a13e2e3789aaa3a6573fa3c7336b756aecb2bdeff3dd0178f272c121ada107634f0c29675

Download Submit
C:\Windows\system\VBxJtoS.exe

Filesize
6.0MB

MD5
a3719eb0dda8447b491cb0bc7b597165

SHA1
5d16a817dae765408e8024f57e54cedfb0a2d52c

SHA256
5ab6343dc45b772c35e48a981d3aeda99e0d49331110b1eb54ffb358f229ba54

SHA512
a4635c85ae57b2f66e56c3ecfa4c9e991358a99a4e33151f84978985905874ce5faa452f52f3e570a555aa5571494fd8014f60093c2778d86d3e8eafc52237d4

Download Submit
C:\Windows\system\YtGzLls.exe

Filesize
6.0MB

MD5
9d7d03ef0d86c12a7287f0bba66b3499

SHA1
9614354e575534d00f75d161549cbb1b46888975

SHA256
760efd8f1b39619b9468ec4bcf82f8c8cd76036dcbcf4d6736f82229299fad86

SHA512
7c9f8d8f581eebef79c28f8ad27e31c455878825de82758d32ce6e0264b171c8926c8a3ee640ce5cbbeca7a83701d0fae4452298b67e17f913a4f95a9dc42c24

Download Submit
C:\Windows\system\adbfGOt.exe

Filesize
6.0MB

MD5
4d5ee897405fc3c57c25bdaf2fb4516a

SHA1
781867b05868d61998d7954fbb0fca0ef07b0632

SHA256
7b5ae5af0df602c9c0c72d77d8497077765b37121f9c868b480e59e656d3d708

SHA512
dba98bd219658eed3fe0fa161e10687a7f5c0fa675c6b6b9dd2bceebcc95fd46a6c3e2f2af1a36523b4b54c9b137bd08c3c630f52814bfd8ba10de3dccf7a976

Download Submit
C:\Windows\system\ejXXGUW.exe

Filesize
6.0MB

MD5
acfd5b2a6c9c256d674586edb24c113c

SHA1
6c091ebae9ae3e400ea1832ffca0f8a85b708a93

SHA256
c7be05e01c24cd38124f207025d5a3c145c071b860d6425e908343c7f1782854

SHA512
890389843600cf1c7f54edcd9fc609fc986318a6ada2f4bda709e982c541104302221688f524e824d2d7fdd0fcc8d1d018c725dd7f9ccc71a7821f9604d74221

Download Submit
C:\Windows\system\gPetnZj.exe

Filesize
6.0MB

MD5
bdc27703f57e917426a3732f2a0a3e65

SHA1
0107e4a6a110b87b63ea70005fafadffcb19edbc

SHA256
ac93c40ff9d4bc84a1fd969a9e6c06c3cd53367acfcd08dcc899b6d8822b74ba

SHA512
cb6ef41d1af4f8a0f645ad6c3287a2db2253d14ef43757525f26456cabd2ed9d5dbafd8daa44477c687cd9bfa998cefb902b7639341860765828203eaab5012b

Download Submit
C:\Windows\system\kuafaMu.exe

Filesize
6.0MB

MD5
16dde5b5de6c5db295b5f0789b01532b

SHA1
3464f9a0d2f82648c056fe1e4fd66cd0670267ee

SHA256
cfb40093e238da4722500181ac408be5c06eafb0872336d31a2620186a26c567

SHA512
f253b0e52f38f22fda4d9e566bc401bfb451567e2f8d10b6e80fa2138cd0fce6de468403871cf5330cbbad113085f73991211dbda380f0c10fdb0f4f25b762a4

Download Submit
C:\Windows\system\lhOGFnV.exe

Filesize
6.0MB

MD5
10aa7bdbc7a682954fd0712e257bba49

SHA1
ddbd35b7deba3e65b09212742b5ee32e773ba1bc

SHA256
78f0093277ce6c4798a4ccca41fce890c60416fe34a7c067f8c3fff852404692

SHA512
f496ef4cd0df5159605ba366dd383cbbcdfaf449ae957f6134af311280048d90ceaf6d0a48b29910ce7fe2250eaaa21200a3d8dfd686a3fd0dc3f4b47dcfe82b

Download Submit
C:\Windows\system\nDsPNvA.exe

Filesize
6.0MB

MD5
3f05adc1212dd4e298c9f3200250540b

SHA1
9dd1a36da4989ce504434b4c045077d861ddb6e8

SHA256
f4038bf5560d3c2f96873ed68b6be1d1545ac39ced09b3e641cec32b75b61cb6

SHA512
7626a1152f86ecc340dad535890e4b9412704c2967a5f62fadaf15e7a1f2546dbb0bf6a7d380666e3e0384fa446d10f1b658b7fedfa4330b77f41846b56870b0

Download Submit
C:\Windows\system\oUgwxZp.exe

Filesize
6.0MB

MD5
6aa4039e176a7748a099c5075a74697c

SHA1
54822deba0eed97dafd6bc6a06e00c873832382f

SHA256
3a953ccc1785c24f8fd4fda6fe51bea787b8c800a898809901d0664987e51a1a

SHA512
704281471e8764c7d2b3eeedd7af303f4a70b947b2689fc113cd224933682574a0a0c2ce02df4eed3f72459470464f297255f2c97c96ad8833f353435787c8f1

Download Submit
C:\Windows\system\ohkkhZr.exe

Filesize
6.0MB

MD5
da79f5d055f56e12886b96ad511c4ac1

SHA1
c9ea174200f4a7fd40a0c9a9786a2ba75bf3e27b

SHA256
716f289d48deb93a52d2b156244d56cca2cbc17ac92c51c4065108530d3932e5

SHA512
0c9bd53a04b350aa36c02bf84452d2ad98252efedb05e462d9a9dddc91e50a64386ec213a91dee00505b3fed82ce02970671abead95354a1c9c726443aa58c4f

Download Submit
C:\Windows\system\rxyYdup.exe

Filesize
6.0MB

MD5
647d7e2f77239bba81fdea393f95fddd

SHA1
8899f5960fa95570ab5ac9dc0e0e218f95079bf8

SHA256
5c44bc9a8c039d21b951f987dab1e41afb186c5a750bd5c04f33c91895a547f5

SHA512
a446a406567c062c718705459a5d5ca3b32bc91d063ce06f13d4af6d90e6cdf238dd0ecdbbf970d6fc5a193b0eb7ac45a9bc12d84a053e18da9fce11e7acaa81

Download Submit
C:\Windows\system\vryNLbt.exe

Filesize
6.0MB

MD5
dbb2de521f8b61dabc8b74a46d1f2495

SHA1
e35871dad733ae90623792874e8801a3b1aaaace

SHA256
abb4a97778549f6281a48e3f3e1445288a8809335b818b197200d187e21972c9

SHA512
ab7cc4aa5e7d57bf2acaecf63072734a92b944172ce7e4e6c152c429c2a1098131bc46824f1a26bc20bb0e9158ee14971fdd87ad48a673e60f6339561ffa696d

Download Submit
C:\Windows\system\vvTqrTJ.exe

Filesize
6.0MB

MD5
d92b214c27e72852b8e094303a5c59cd

SHA1
e395d31d4ca71a2b6e7bd0623035dc7fefff4748

SHA256
eaa88c0814cc0e76b5981e2e87d79ee873f28ba0b06ecdf96e3562d22916e9bd

SHA512
1cfab3810f76c72261af48daf6768dd32c32cfbb5dd14223a32e180aaa61f895b224b96ec47cfb4ec317521b6353bda67a35f8bd93530fb268dcf877d54e3899

Download Submit
C:\Windows\system\wgIxFBc.exe

Filesize
6.0MB

MD5
815ad7032b36854bcfdf130db4d409c8

SHA1
4e41fc9ddb16f8c39203d625fc430e998213301d

SHA256
b37b778f1e82907598183353a3f9d0bdcf677e08d3f00d88270437c6724c9603

SHA512
ae648e7ad9108beaa7c037d93f61d50163d96b03f1dd38ed7634ca7e8ba14166b01be6483117329bc2dbf50f49131411000ac17cd70503b3a4399a4305eb7fbe

Download Submit
C:\Windows\system\xsNJlgI.exe

Filesize
6.0MB

MD5
9870ba2a4abc28860e121a5042835990

SHA1
f11108ee46b6cf55a94b5028dc0d0c24eb8a49d3

SHA256
b060a30e3f000b27a507d458258776971f4926c7bc0d3ee9ad17059e3fb65c02

SHA512
79c3fc3a5e2af5ef04fd814652dedd84e7a9b9dc677f795c0c174f002b6cdf18267ecdb02d8d2692b01336bb64dce06313c32f6fa7bd24b28654b46a99709da3

Download Submit
C:\Windows\system\yChDLVx.exe

Filesize
6.0MB

MD5
8050bade7a8cb57805fde67fab245198

SHA1
f46cbb68714ceed0f7eebece589107f47875bbdc

SHA256
59641f890d286bbc891a1a9ab73f2f9d6b23d11648df10273931e6831a259676

SHA512
731f6aae9361e80107e7b7bb2ed6ea17dc3c8e77f16a57b0842b8470dcae0dcdf610d2de3804cfd581bc577f905854055fc9cbae7dcf236a6f1d52eb78c67f0c

Download Submit
C:\Windows\system\zUSZCbo.exe

Filesize
6.0MB

MD5
0d77c9cc0511b44fe3c5622d8ea4d855

SHA1
e526f0413ea98d0f12fbd6e54fa8e00d87274087

SHA256
287ac0c1779609a08480245d5365d4d38da8f1e497b48d5d7ced8f337912882c

SHA512
fe430a228849ab2d0694edf447fd10a622deb1986e3cba714836ee392a1cbd82c9d662a18cc25dce29e4412e25a5c7abfe054efaa54efec49cd16fb09caa6028

Download Submit
C:\Windows\system\zpKTdpu.exe

Filesize
6.0MB

MD5
8c64aea0b2725e250ddaa458b1921099

SHA1
f245f0be927a09e9ba7764da1b14bb7317455684

SHA256
c629b1af6114766f8f095536d968a015f97c3427abc84ecc54d7d19a341f2ad0

SHA512
34b5dce74db455714245d6bf237bc7d0609e776d1cea463cbb1445a6c363941c57a6ce959b3e63351e931e033ceecf953f7845d0641e3e252f5df65d39f30f5b

Download Submit
\Windows\system\ZzrXjAD.exe

Filesize
6.0MB

MD5
dbbfc7b1edfd59c30dd4725854b6ce04

SHA1
492480c556d822dbb4137a46fc7cedea580fec53

SHA256
ef2d8d138b9566d05a06826730c782f4615d7d7d2055ac96f58e8eeda4345ce9

SHA512
22404ca809e14a8e7622f721c3a4447eb1e148ffe3d83e6d2a14067ef5efcbff17daa97de57b0aa5a3e13a6fced4de593830437b2892b4c5c65049ee4927875d

Download Submit
\Windows\system\hEqQNVB.exe

Filesize
6.0MB

MD5
5b9783c959c51220e68ba5fee6391d26

SHA1
6370c23cc99a2bad923a789bf396e95ac33fc873

SHA256
2f862d91b94427594b38b3e6d6280714ad9b2fd7487f59987c7981addde63cfb

SHA512
8686dccbf68aa3c6f50650807d71c002bee5e26caf75bf8b6924f77aa239636431b5eabef2c8959fc638c0546d1b15430e11f993910d32d714ff5c46a695b08b

Download Submit
memory/340-1694-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/340-102-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/804-80-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/804-65-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/804-404-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/804-288-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/804-204-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/804-24-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/804-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/804-184-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/804-34-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/804-37-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/804-7-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/804-49-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/804-50-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/804-92-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/804-94-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/804-101-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/804-51-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/804-0-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/804-13-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/804-82-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/1312-1671-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1312-87-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1936-1683-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/1936-407-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/1936-93-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2104-1657-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-81-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2324-1668-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2324-289-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2324-83-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-2145-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-15-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-64-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2456-1609-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2456-26-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2556-58-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2556-9-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2556-1606-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2648-1625-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-52-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-66-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-185-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-1656-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-42-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2724-1623-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2732-59-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2732-1636-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2772-1622-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2772-43-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2900-1617-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2900-36-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download