cobaltstrike | a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee

Analysis

max time kernel
149s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
29-12-2024 06:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
Size

6.0MB
MD5

3003b390b069bdd1b59609f871f8a781
SHA1

753deb1e10373d557f23f9af66e0d784f9a1056d
SHA256

a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee
SHA512

5b13cd16bc3c5f506150e42c57265484b5de1c2ad7c2bd487208dbfe2341b254b4adfc65fe5a31a68d53957956005243fec406a1ee2fa38b619cf508a765e496
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lU4:eOl56utgpPF8u/74

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a000000012262-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000197fd-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019820-13.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001998d-24.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019bf6-40.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019c3c-60.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001a438-72.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019d62-67.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a469-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46d-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a471-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a473-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a47d-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48a-201.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a488-197.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a486-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a484-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a482-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a480-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a47b-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a479-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a477-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a475-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46b-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a459-107.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a457-99.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44f-90.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44d-82.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019bf9-52.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001960c-35.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2116-0-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/files/0x000a000000012262-3.dat	xmrig
behavioral1/files/0x00080000000197fd-8.dat	xmrig
behavioral1/memory/756-16-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/2096-10-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/files/0x0007000000019820-13.dat	xmrig
behavioral1/memory/2572-22-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x000700000001998d-24.dat	xmrig
behavioral1/memory/2864-30-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/files/0x0006000000019bf6-40.dat	xmrig
behavioral1/memory/2952-38-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2136-44-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2096-37-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/files/0x0006000000019c3c-60.dat	xmrig
behavioral1/memory/2748-61-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2972-53-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2952-73-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2744-74-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/files/0x000600000001a438-72.dat	xmrig
behavioral1/memory/2836-68-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/files/0x0008000000019d62-67.dat	xmrig
behavioral1/files/0x000500000001a469-120.dat	xmrig
behavioral1/files/0x000500000001a46d-129.dat	xmrig
behavioral1/files/0x000500000001a471-140.dat	xmrig
behavioral1/files/0x000500000001a473-145.dat	xmrig
behavioral1/files/0x000500000001a47d-170.dat	xmrig
behavioral1/files/0x000500000001a48a-201.dat	xmrig
behavioral1/memory/2836-1344-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2332-1383-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2096-1795-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/1040-1406-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/1740-1399-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/1344-1391-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2744-1353-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2748-1335-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2972-1333-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2136-1320-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2952-1313-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2864-1298-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2572-1230-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/756-1220-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/2116-420-0x0000000002370000-0x00000000026C4000-memory.dmp	xmrig
behavioral1/memory/1040-377-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/1740-310-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/1344-265-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2332-213-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/files/0x000500000001a488-197.dat	xmrig
behavioral1/files/0x000500000001a486-191.dat	xmrig
behavioral1/files/0x000500000001a484-187.dat	xmrig
behavioral1/files/0x000500000001a482-181.dat	xmrig
behavioral1/files/0x000500000001a480-177.dat	xmrig
behavioral1/files/0x000500000001a47b-165.dat	xmrig
behavioral1/files/0x000500000001a479-161.dat	xmrig
behavioral1/files/0x000500000001a477-155.dat	xmrig
behavioral1/files/0x000500000001a475-151.dat	xmrig
behavioral1/memory/2744-143-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/files/0x000500000001a46f-134.dat	xmrig
behavioral1/files/0x000500000001a46b-124.dat	xmrig
behavioral1/files/0x000500000001a463-114.dat	xmrig
behavioral1/memory/1040-109-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2836-108-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a459-107.dat	xmrig
behavioral1/memory/1740-101-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2748-100-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2096	IdBKDwo.exe
756	YHzFucu.exe
2572	KETHoDL.exe
2864	ugulOKW.exe
2952	WuiQgcj.exe
2136	UceksqY.exe
2972	ULsmaGv.exe
2748	LoRGyvJ.exe
2836	hEvGiGI.exe
2744	bDvOLIV.exe
2332	gZcqpbX.exe
1344	OSeJWRE.exe
1740	xcCYaIP.exe
1040	BaLbRij.exe
2976	QhRKZDM.exe
3064	QvxZuXH.exe
1584	dBzSbVQ.exe
1576	erUYoIw.exe
2216	tRvOAgU.exe
2112	TqEYjWD.exe
432	INlbEMZ.exe
1952	hzMjVkz.exe
2428	tOoJPbr.exe
836	IOAnqRC.exe
2152	IzWFbtU.exe
2172	eJErpIm.exe
2120	ViykWrx.exe
1680	lmOrSRj.exe
600	oHuckUo.exe
520	YzkCCKE.exe
2628	ViFZMSP.exe
272	rcHKeYN.exe
2412	GoBmfyr.exe
2436	UxoTqTm.exe
2584	KhUnsxt.exe
1788	rJIJHCp.exe
772	LLJXiaj.exe
2036	lETtIas.exe
108	zmyJcss.exe
1800	vTlVeSE.exe
1980	RKIuBHj.exe
2236	vzkmJsM.exe
1684	JYngGxB.exe
680	fAoWsmm.exe
236	AddpMsD.exe
2564	xMrgNBI.exe
2664	vhJrgKT.exe
2300	RXpEzPC.exe
2176	XvbrRXv.exe
1072	JsteEsw.exe
1532	TasrCDo.exe
912	dayeWDy.exe
2240	lhtyLLH.exe
2832	KlBRqEv.exe
2924	esURJGD.exe
2732	BgwSysK.exe
3052	MlIYcMj.exe
1916	gkltfwa.exe
3008	IvSWDZw.exe
2604	iVIHVdN.exe
1316	tYwNWOx.exe
2812	uAGACZX.exe
1900	bYFSgdO.exe
2540	TxpIAJe.exe

Loads dropped DLL 64 IoCs

pid	Process
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2116-0-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/files/0x000a000000012262-3.dat	upx
behavioral1/files/0x00080000000197fd-8.dat	upx
behavioral1/memory/756-16-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2096-10-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/files/0x0007000000019820-13.dat	upx
behavioral1/memory/2572-22-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x000700000001998d-24.dat	upx
behavioral1/memory/2864-30-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/files/0x0006000000019bf6-40.dat	upx
behavioral1/memory/2952-38-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2136-44-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2096-37-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/files/0x0006000000019c3c-60.dat	upx
behavioral1/memory/2748-61-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2972-53-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2952-73-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2744-74-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/files/0x000600000001a438-72.dat	upx
behavioral1/memory/2836-68-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/files/0x0008000000019d62-67.dat	upx
behavioral1/files/0x000500000001a469-120.dat	upx
behavioral1/files/0x000500000001a46d-129.dat	upx
behavioral1/files/0x000500000001a471-140.dat	upx
behavioral1/files/0x000500000001a473-145.dat	upx
behavioral1/files/0x000500000001a47d-170.dat	upx
behavioral1/files/0x000500000001a48a-201.dat	upx
behavioral1/memory/2836-1344-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2332-1383-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2096-1795-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/1040-1406-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/1740-1399-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/1344-1391-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2744-1353-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2748-1335-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2972-1333-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2136-1320-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2952-1313-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2864-1298-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2572-1230-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/756-1220-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/1040-377-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/1740-310-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/1344-265-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2332-213-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/files/0x000500000001a488-197.dat	upx
behavioral1/files/0x000500000001a486-191.dat	upx
behavioral1/files/0x000500000001a484-187.dat	upx
behavioral1/files/0x000500000001a482-181.dat	upx
behavioral1/files/0x000500000001a480-177.dat	upx
behavioral1/files/0x000500000001a47b-165.dat	upx
behavioral1/files/0x000500000001a479-161.dat	upx
behavioral1/files/0x000500000001a477-155.dat	upx
behavioral1/files/0x000500000001a475-151.dat	upx
behavioral1/memory/2744-143-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/files/0x000500000001a46f-134.dat	upx
behavioral1/files/0x000500000001a46b-124.dat	upx
behavioral1/files/0x000500000001a463-114.dat	upx
behavioral1/memory/1040-109-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/2836-108-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/files/0x000500000001a459-107.dat	upx
behavioral1/memory/1740-101-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2748-100-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/files/0x000500000001a457-99.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\YfCSRij.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\qhDjfbo.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\QFEFEoK.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\NmdoTFj.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\xrqBVyB.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\exNhpmN.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\AoGCdfb.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\JaWGGuI.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\VrcAJNk.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\EBitBhy.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\rSvycEZ.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\qpmrjav.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\YTcfJRI.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\cPGwcBT.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\GoELweP.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\NnJkGEv.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\yprfBEa.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\DUVgXGU.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\uPLwbgN.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\FKWrgGY.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\DxqUimy.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\hxrfozU.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\VdCFHyB.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\lhtyLLH.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\rfDGibQ.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\JMMamzO.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\wKMrkLz.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\ajcNULp.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\DBewbWM.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\lTkcTNx.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\gzJjlxx.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\CLFlMdz.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\YoCkSRl.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\lFlkOVg.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\NEIWagn.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\ZzoUNDl.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\knnkzzW.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\NwjxbVi.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\aMlRGJF.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\TLiTxUu.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\dfSjJVc.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\iIdIMnS.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\DaStATM.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\inzsxbe.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\klfkUud.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\hgnbxBK.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\ExCFYmm.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\RQJkIOD.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\qGPGkEN.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\GXODLUi.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\luDGIzy.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\csBgRXv.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\wIijprR.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\kcXOYpr.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\ZSrleGs.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\XhgCcoR.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\juuSNao.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\JlqcKBT.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\mscIzLz.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\QYGaqqZ.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\jpAAxcp.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\xFXVOvF.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\cSEyyqI.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
File created	C:\Windows\System\ZlgNwpj.exe	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 2096	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	31
PID 2116 wrote to memory of 2096	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	31
PID 2116 wrote to memory of 2096	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	31
PID 2116 wrote to memory of 756	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	32
PID 2116 wrote to memory of 756	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	32
PID 2116 wrote to memory of 756	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	32
PID 2116 wrote to memory of 2572	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	33
PID 2116 wrote to memory of 2572	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	33
PID 2116 wrote to memory of 2572	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	33
PID 2116 wrote to memory of 2864	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	34
PID 2116 wrote to memory of 2864	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	34
PID 2116 wrote to memory of 2864	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	34
PID 2116 wrote to memory of 2952	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	35
PID 2116 wrote to memory of 2952	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	35
PID 2116 wrote to memory of 2952	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	35
PID 2116 wrote to memory of 2136	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	36
PID 2116 wrote to memory of 2136	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	36
PID 2116 wrote to memory of 2136	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	36
PID 2116 wrote to memory of 2972	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	37
PID 2116 wrote to memory of 2972	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	37
PID 2116 wrote to memory of 2972	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	37
PID 2116 wrote to memory of 2748	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	38
PID 2116 wrote to memory of 2748	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	38
PID 2116 wrote to memory of 2748	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	38
PID 2116 wrote to memory of 2836	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	39
PID 2116 wrote to memory of 2836	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	39
PID 2116 wrote to memory of 2836	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	39
PID 2116 wrote to memory of 2744	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	40
PID 2116 wrote to memory of 2744	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	40
PID 2116 wrote to memory of 2744	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	40
PID 2116 wrote to memory of 2332	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	41
PID 2116 wrote to memory of 2332	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	41
PID 2116 wrote to memory of 2332	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	41
PID 2116 wrote to memory of 1344	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	42
PID 2116 wrote to memory of 1344	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	42
PID 2116 wrote to memory of 1344	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	42
PID 2116 wrote to memory of 1740	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	43
PID 2116 wrote to memory of 1740	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	43
PID 2116 wrote to memory of 1740	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	43
PID 2116 wrote to memory of 1040	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	44
PID 2116 wrote to memory of 1040	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	44
PID 2116 wrote to memory of 1040	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	44
PID 2116 wrote to memory of 2976	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	45
PID 2116 wrote to memory of 2976	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	45
PID 2116 wrote to memory of 2976	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	45
PID 2116 wrote to memory of 3064	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	46
PID 2116 wrote to memory of 3064	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	46
PID 2116 wrote to memory of 3064	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	46
PID 2116 wrote to memory of 1584	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	47
PID 2116 wrote to memory of 1584	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	47
PID 2116 wrote to memory of 1584	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	47
PID 2116 wrote to memory of 1576	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	48
PID 2116 wrote to memory of 1576	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	48
PID 2116 wrote to memory of 1576	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	48
PID 2116 wrote to memory of 2216	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	49
PID 2116 wrote to memory of 2216	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	49
PID 2116 wrote to memory of 2216	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	49
PID 2116 wrote to memory of 2112	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	50
PID 2116 wrote to memory of 2112	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	50
PID 2116 wrote to memory of 2112	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	50
PID 2116 wrote to memory of 432	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	51
PID 2116 wrote to memory of 432	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	51
PID 2116 wrote to memory of 432	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	51
PID 2116 wrote to memory of 1952	2116	JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a53f322ce4013f50d4b319de7d287f381e3c4fab080335096e21fe2307e58cee.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Windows\System\IdBKDwo.exe
  C:\Windows\System\IdBKDwo.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\YHzFucu.exe
  C:\Windows\System\YHzFucu.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\KETHoDL.exe
  C:\Windows\System\KETHoDL.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\ugulOKW.exe
  C:\Windows\System\ugulOKW.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\WuiQgcj.exe
  C:\Windows\System\WuiQgcj.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\UceksqY.exe
  C:\Windows\System\UceksqY.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\ULsmaGv.exe
  C:\Windows\System\ULsmaGv.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\LoRGyvJ.exe
  C:\Windows\System\LoRGyvJ.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\hEvGiGI.exe
  C:\Windows\System\hEvGiGI.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\bDvOLIV.exe
  C:\Windows\System\bDvOLIV.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\gZcqpbX.exe
  C:\Windows\System\gZcqpbX.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\OSeJWRE.exe
  C:\Windows\System\OSeJWRE.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\xcCYaIP.exe
  C:\Windows\System\xcCYaIP.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\BaLbRij.exe
  C:\Windows\System\BaLbRij.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\QhRKZDM.exe
  C:\Windows\System\QhRKZDM.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\QvxZuXH.exe
  C:\Windows\System\QvxZuXH.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\dBzSbVQ.exe
  C:\Windows\System\dBzSbVQ.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\erUYoIw.exe
  C:\Windows\System\erUYoIw.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\tRvOAgU.exe
  C:\Windows\System\tRvOAgU.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\TqEYjWD.exe
  C:\Windows\System\TqEYjWD.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\INlbEMZ.exe
  C:\Windows\System\INlbEMZ.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\hzMjVkz.exe
  C:\Windows\System\hzMjVkz.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\tOoJPbr.exe
  C:\Windows\System\tOoJPbr.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\IOAnqRC.exe
  C:\Windows\System\IOAnqRC.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\IzWFbtU.exe
  C:\Windows\System\IzWFbtU.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\eJErpIm.exe
  C:\Windows\System\eJErpIm.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\ViykWrx.exe
  C:\Windows\System\ViykWrx.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\lmOrSRj.exe
  C:\Windows\System\lmOrSRj.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\oHuckUo.exe
  C:\Windows\System\oHuckUo.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\YzkCCKE.exe
  C:\Windows\System\YzkCCKE.exe
  2⤵
  - Executes dropped EXE
  PID:520
- C:\Windows\System\ViFZMSP.exe
  C:\Windows\System\ViFZMSP.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\rcHKeYN.exe
  C:\Windows\System\rcHKeYN.exe
  2⤵
  - Executes dropped EXE
  PID:272
- C:\Windows\System\GoBmfyr.exe
  C:\Windows\System\GoBmfyr.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\UxoTqTm.exe
  C:\Windows\System\UxoTqTm.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\KhUnsxt.exe
  C:\Windows\System\KhUnsxt.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\rJIJHCp.exe
  C:\Windows\System\rJIJHCp.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\LLJXiaj.exe
  C:\Windows\System\LLJXiaj.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\lETtIas.exe
  C:\Windows\System\lETtIas.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\zmyJcss.exe
  C:\Windows\System\zmyJcss.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\vTlVeSE.exe
  C:\Windows\System\vTlVeSE.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\RKIuBHj.exe
  C:\Windows\System\RKIuBHj.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\vzkmJsM.exe
  C:\Windows\System\vzkmJsM.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\JYngGxB.exe
  C:\Windows\System\JYngGxB.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\fAoWsmm.exe
  C:\Windows\System\fAoWsmm.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\AddpMsD.exe
  C:\Windows\System\AddpMsD.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\xMrgNBI.exe
  C:\Windows\System\xMrgNBI.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\vhJrgKT.exe
  C:\Windows\System\vhJrgKT.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\RXpEzPC.exe
  C:\Windows\System\RXpEzPC.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\XvbrRXv.exe
  C:\Windows\System\XvbrRXv.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\JsteEsw.exe
  C:\Windows\System\JsteEsw.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\TasrCDo.exe
  C:\Windows\System\TasrCDo.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\dayeWDy.exe
  C:\Windows\System\dayeWDy.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\lhtyLLH.exe
  C:\Windows\System\lhtyLLH.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\KlBRqEv.exe
  C:\Windows\System\KlBRqEv.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\esURJGD.exe
  C:\Windows\System\esURJGD.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\BgwSysK.exe
  C:\Windows\System\BgwSysK.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\MlIYcMj.exe
  C:\Windows\System\MlIYcMj.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\gkltfwa.exe
  C:\Windows\System\gkltfwa.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\IvSWDZw.exe
  C:\Windows\System\IvSWDZw.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\iVIHVdN.exe
  C:\Windows\System\iVIHVdN.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\tYwNWOx.exe
  C:\Windows\System\tYwNWOx.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\uAGACZX.exe
  C:\Windows\System\uAGACZX.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\bYFSgdO.exe
  C:\Windows\System\bYFSgdO.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\TxpIAJe.exe
  C:\Windows\System\TxpIAJe.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\QGJVXpP.exe
  C:\Windows\System\QGJVXpP.exe
  2⤵
  PID:396
- C:\Windows\System\BzGmPJY.exe
  C:\Windows\System\BzGmPJY.exe
  2⤵
  PID:1688
- C:\Windows\System\xrqBVyB.exe
  C:\Windows\System\xrqBVyB.exe
  2⤵
  PID:2148
- C:\Windows\System\YUxAvPE.exe
  C:\Windows\System\YUxAvPE.exe
  2⤵
  PID:1488
- C:\Windows\System\gskeHqY.exe
  C:\Windows\System\gskeHqY.exe
  2⤵
  PID:2488
- C:\Windows\System\KqdRvEp.exe
  C:\Windows\System\KqdRvEp.exe
  2⤵
  PID:2316
- C:\Windows\System\ETOtdGy.exe
  C:\Windows\System\ETOtdGy.exe
  2⤵
  PID:764
- C:\Windows\System\IcYsIKf.exe
  C:\Windows\System\IcYsIKf.exe
  2⤵
  PID:2528
- C:\Windows\System\GuryFmD.exe
  C:\Windows\System\GuryFmD.exe
  2⤵
  PID:2432
- C:\Windows\System\QRGptZG.exe
  C:\Windows\System\QRGptZG.exe
  2⤵
  PID:1772
- C:\Windows\System\EWrsClH.exe
  C:\Windows\System\EWrsClH.exe
  2⤵
  PID:2688
- C:\Windows\System\HDKtUID.exe
  C:\Windows\System\HDKtUID.exe
  2⤵
  PID:1924
- C:\Windows\System\rfEqqkl.exe
  C:\Windows\System\rfEqqkl.exe
  2⤵
  PID:940
- C:\Windows\System\yZtgGZb.exe
  C:\Windows\System\yZtgGZb.exe
  2⤵
  PID:1608
- C:\Windows\System\jpAAxcp.exe
  C:\Windows\System\jpAAxcp.exe
  2⤵
  PID:2192
- C:\Windows\System\kewJdTQ.exe
  C:\Windows\System\kewJdTQ.exe
  2⤵
  PID:2476
- C:\Windows\System\RJqIsIt.exe
  C:\Windows\System\RJqIsIt.exe
  2⤵
  PID:2636
- C:\Windows\System\wEhAiKI.exe
  C:\Windows\System\wEhAiKI.exe
  2⤵
  PID:1668
- C:\Windows\System\XTlzRZf.exe
  C:\Windows\System\XTlzRZf.exe
  2⤵
  PID:1536
- C:\Windows\System\IzugnnF.exe
  C:\Windows\System\IzugnnF.exe
  2⤵
  PID:2396
- C:\Windows\System\GvXfimA.exe
  C:\Windows\System\GvXfimA.exe
  2⤵
  PID:2656
- C:\Windows\System\PUdQhrm.exe
  C:\Windows\System\PUdQhrm.exe
  2⤵
  PID:2948
- C:\Windows\System\GixFIGl.exe
  C:\Windows\System\GixFIGl.exe
  2⤵
  PID:3068
- C:\Windows\System\uHJzNED.exe
  C:\Windows\System\uHJzNED.exe
  2⤵
  PID:2788
- C:\Windows\System\eBFNrke.exe
  C:\Windows\System\eBFNrke.exe
  2⤵
  PID:2108
- C:\Windows\System\JfaoNDj.exe
  C:\Windows\System\JfaoNDj.exe
  2⤵
  PID:2352
- C:\Windows\System\rSoRtnN.exe
  C:\Windows\System\rSoRtnN.exe
  2⤵
  PID:2544
- C:\Windows\System\TTcXlTx.exe
  C:\Windows\System\TTcXlTx.exe
  2⤵
  PID:2268
- C:\Windows\System\PgmdiVl.exe
  C:\Windows\System\PgmdiVl.exe
  2⤵
  PID:1648
- C:\Windows\System\jOUQtMX.exe
  C:\Windows\System\jOUQtMX.exe
  2⤵
  PID:1964
- C:\Windows\System\EFGjFZa.exe
  C:\Windows\System\EFGjFZa.exe
  2⤵
  PID:2520
- C:\Windows\System\ulOPNMw.exe
  C:\Windows\System\ulOPNMw.exe
  2⤵
  PID:856
- C:\Windows\System\JaWGGuI.exe
  C:\Windows\System\JaWGGuI.exe
  2⤵
  PID:2596
- C:\Windows\System\VKZzbPS.exe
  C:\Windows\System\VKZzbPS.exe
  2⤵
  PID:1912
- C:\Windows\System\Aakzzbr.exe
  C:\Windows\System\Aakzzbr.exe
  2⤵
  PID:1164
- C:\Windows\System\AWDqzpV.exe
  C:\Windows\System\AWDqzpV.exe
  2⤵
  PID:700
- C:\Windows\System\TpLSPIq.exe
  C:\Windows\System\TpLSPIq.exe
  2⤵
  PID:1976
- C:\Windows\System\qLQPWaq.exe
  C:\Windows\System\qLQPWaq.exe
  2⤵
  PID:1920
- C:\Windows\System\rBTDtED.exe
  C:\Windows\System\rBTDtED.exe
  2⤵
  PID:2668
- C:\Windows\System\IYORokp.exe
  C:\Windows\System\IYORokp.exe
  2⤵
  PID:1620
- C:\Windows\System\bvnSBHu.exe
  C:\Windows\System\bvnSBHu.exe
  2⤵
  PID:1236
- C:\Windows\System\xlKdeaz.exe
  C:\Windows\System\xlKdeaz.exe
  2⤵
  PID:1476
- C:\Windows\System\yprfBEa.exe
  C:\Windows\System\yprfBEa.exe
  2⤵
  PID:2728
- C:\Windows\System\lQvKeWN.exe
  C:\Windows\System\lQvKeWN.exe
  2⤵
  PID:2768
- C:\Windows\System\RmRpZnc.exe
  C:\Windows\System\RmRpZnc.exe
  2⤵
  PID:320
- C:\Windows\System\HJUNsAP.exe
  C:\Windows\System\HJUNsAP.exe
  2⤵
  PID:1748
- C:\Windows\System\ZhZTTFK.exe
  C:\Windows\System\ZhZTTFK.exe
  2⤵
  PID:3084
- C:\Windows\System\DDIQsQo.exe
  C:\Windows\System\DDIQsQo.exe
  2⤵
  PID:3104
- C:\Windows\System\NQOuQEi.exe
  C:\Windows\System\NQOuQEi.exe
  2⤵
  PID:3124
- C:\Windows\System\awkxOBy.exe
  C:\Windows\System\awkxOBy.exe
  2⤵
  PID:3148
- C:\Windows\System\cTdXTsN.exe
  C:\Windows\System\cTdXTsN.exe
  2⤵
  PID:3168
- C:\Windows\System\wYFQNua.exe
  C:\Windows\System\wYFQNua.exe
  2⤵
  PID:3188
- C:\Windows\System\YXsmvtr.exe
  C:\Windows\System\YXsmvtr.exe
  2⤵
  PID:3208
- C:\Windows\System\KADXtuT.exe
  C:\Windows\System\KADXtuT.exe
  2⤵
  PID:3228
- C:\Windows\System\vIjgXdl.exe
  C:\Windows\System\vIjgXdl.exe
  2⤵
  PID:3248
- C:\Windows\System\WwnYpTV.exe
  C:\Windows\System\WwnYpTV.exe
  2⤵
  PID:3268
- C:\Windows\System\avlcWHl.exe
  C:\Windows\System\avlcWHl.exe
  2⤵
  PID:3288
- C:\Windows\System\YVPYagw.exe
  C:\Windows\System\YVPYagw.exe
  2⤵
  PID:3308
- C:\Windows\System\yfIfUOA.exe
  C:\Windows\System\yfIfUOA.exe
  2⤵
  PID:3328
- C:\Windows\System\tFNEtjX.exe
  C:\Windows\System\tFNEtjX.exe
  2⤵
  PID:3348
- C:\Windows\System\DzaETpo.exe
  C:\Windows\System\DzaETpo.exe
  2⤵
  PID:3372
- C:\Windows\System\xKqaPHO.exe
  C:\Windows\System\xKqaPHO.exe
  2⤵
  PID:3392
- C:\Windows\System\kcXOYpr.exe
  C:\Windows\System\kcXOYpr.exe
  2⤵
  PID:3412
- C:\Windows\System\QGwmRWi.exe
  C:\Windows\System\QGwmRWi.exe
  2⤵
  PID:3432
- C:\Windows\System\tcQexDK.exe
  C:\Windows\System\tcQexDK.exe
  2⤵
  PID:3452
- C:\Windows\System\RGxtchb.exe
  C:\Windows\System\RGxtchb.exe
  2⤵
  PID:3472
- C:\Windows\System\niYTsbZ.exe
  C:\Windows\System\niYTsbZ.exe
  2⤵
  PID:3496
- C:\Windows\System\IaaquNS.exe
  C:\Windows\System\IaaquNS.exe
  2⤵
  PID:3516
- C:\Windows\System\haiKuOg.exe
  C:\Windows\System\haiKuOg.exe
  2⤵
  PID:3536
- C:\Windows\System\EaetVJZ.exe
  C:\Windows\System\EaetVJZ.exe
  2⤵
  PID:3552
- C:\Windows\System\ZdqSPWF.exe
  C:\Windows\System\ZdqSPWF.exe
  2⤵
  PID:3576
- C:\Windows\System\gjXmSDK.exe
  C:\Windows\System\gjXmSDK.exe
  2⤵
  PID:3596
- C:\Windows\System\zLdJTCK.exe
  C:\Windows\System\zLdJTCK.exe
  2⤵
  PID:3620
- C:\Windows\System\TPZAzAt.exe
  C:\Windows\System\TPZAzAt.exe
  2⤵
  PID:3640
- C:\Windows\System\KHqvPiR.exe
  C:\Windows\System\KHqvPiR.exe
  2⤵
  PID:3660
- C:\Windows\System\NazsELy.exe
  C:\Windows\System\NazsELy.exe
  2⤵
  PID:3680
- C:\Windows\System\vCCCbaR.exe
  C:\Windows\System\vCCCbaR.exe
  2⤵
  PID:3700
- C:\Windows\System\VOBpiFa.exe
  C:\Windows\System\VOBpiFa.exe
  2⤵
  PID:3720
- C:\Windows\System\TrpyTRp.exe
  C:\Windows\System\TrpyTRp.exe
  2⤵
  PID:3740
- C:\Windows\System\SKeasqj.exe
  C:\Windows\System\SKeasqj.exe
  2⤵
  PID:3760
- C:\Windows\System\uHNJHDq.exe
  C:\Windows\System\uHNJHDq.exe
  2⤵
  PID:3780
- C:\Windows\System\hSORgil.exe
  C:\Windows\System\hSORgil.exe
  2⤵
  PID:3800
- C:\Windows\System\bOPOncD.exe
  C:\Windows\System\bOPOncD.exe
  2⤵
  PID:3820
- C:\Windows\System\VqewZwL.exe
  C:\Windows\System\VqewZwL.exe
  2⤵
  PID:3844
- C:\Windows\System\fCKAWtA.exe
  C:\Windows\System\fCKAWtA.exe
  2⤵
  PID:3864
- C:\Windows\System\GkPHDnw.exe
  C:\Windows\System\GkPHDnw.exe
  2⤵
  PID:3884
- C:\Windows\System\ktrjTVe.exe
  C:\Windows\System\ktrjTVe.exe
  2⤵
  PID:3908
- C:\Windows\System\OxeTZBs.exe
  C:\Windows\System\OxeTZBs.exe
  2⤵
  PID:3928
- C:\Windows\System\luRprDQ.exe
  C:\Windows\System\luRprDQ.exe
  2⤵
  PID:3948
- C:\Windows\System\Bcbnisx.exe
  C:\Windows\System\Bcbnisx.exe
  2⤵
  PID:3968
- C:\Windows\System\fCuQMFh.exe
  C:\Windows\System\fCuQMFh.exe
  2⤵
  PID:3988
- C:\Windows\System\yqUbuCP.exe
  C:\Windows\System\yqUbuCP.exe
  2⤵
  PID:4008
- C:\Windows\System\ctVmkHH.exe
  C:\Windows\System\ctVmkHH.exe
  2⤵
  PID:4028
- C:\Windows\System\GvaNjnV.exe
  C:\Windows\System\GvaNjnV.exe
  2⤵
  PID:4048
- C:\Windows\System\YikIcnE.exe
  C:\Windows\System\YikIcnE.exe
  2⤵
  PID:4068
- C:\Windows\System\hWdZIGc.exe
  C:\Windows\System\hWdZIGc.exe
  2⤵
  PID:4088
- C:\Windows\System\kZKRQdV.exe
  C:\Windows\System\kZKRQdV.exe
  2⤵
  PID:2536
- C:\Windows\System\MgSMROU.exe
  C:\Windows\System\MgSMROU.exe
  2⤵
  PID:1020
- C:\Windows\System\ZzoUNDl.exe
  C:\Windows\System\ZzoUNDl.exe
  2⤵
  PID:2484
- C:\Windows\System\aMlRGJF.exe
  C:\Windows\System\aMlRGJF.exe
  2⤵
  PID:944
- C:\Windows\System\ZGEDslm.exe
  C:\Windows\System\ZGEDslm.exe
  2⤵
  PID:1732
- C:\Windows\System\ikWJkag.exe
  C:\Windows\System\ikWJkag.exe
  2⤵
  PID:2568
- C:\Windows\System\cGZEfUy.exe
  C:\Windows\System\cGZEfUy.exe
  2⤵
  PID:2680
- C:\Windows\System\HireDDf.exe
  C:\Windows\System\HireDDf.exe
  2⤵
  PID:1676
- C:\Windows\System\oGccgvk.exe
  C:\Windows\System\oGccgvk.exe
  2⤵
  PID:3080
- C:\Windows\System\FshtDfa.exe
  C:\Windows\System\FshtDfa.exe
  2⤵
  PID:3112
- C:\Windows\System\tiCzUyM.exe
  C:\Windows\System\tiCzUyM.exe
  2⤵
  PID:3116
- C:\Windows\System\HdDhoJY.exe
  C:\Windows\System\HdDhoJY.exe
  2⤵
  PID:3144
- C:\Windows\System\RrYTOkP.exe
  C:\Windows\System\RrYTOkP.exe
  2⤵
  PID:3180
- C:\Windows\System\uVHZpAe.exe
  C:\Windows\System\uVHZpAe.exe
  2⤵
  PID:3224
- C:\Windows\System\XAXZtDs.exe
  C:\Windows\System\XAXZtDs.exe
  2⤵
  PID:3276
- C:\Windows\System\bnqFBLI.exe
  C:\Windows\System\bnqFBLI.exe
  2⤵
  PID:3296
- C:\Windows\System\wTndvRR.exe
  C:\Windows\System\wTndvRR.exe
  2⤵
  PID:3320
- C:\Windows\System\GPTUVkD.exe
  C:\Windows\System\GPTUVkD.exe
  2⤵
  PID:3488
- C:\Windows\System\QUIldqJ.exe
  C:\Windows\System\QUIldqJ.exe
  2⤵
  PID:3388
- C:\Windows\System\MYupWVi.exe
  C:\Windows\System\MYupWVi.exe
  2⤵
  PID:3428
- C:\Windows\System\OmiMtVE.exe
  C:\Windows\System\OmiMtVE.exe
  2⤵
  PID:3460
- C:\Windows\System\rBGYjEb.exe
  C:\Windows\System\rBGYjEb.exe
  2⤵
  PID:3468
- C:\Windows\System\FmomAAu.exe
  C:\Windows\System\FmomAAu.exe
  2⤵
  PID:3508
- C:\Windows\System\GbmYMzN.exe
  C:\Windows\System\GbmYMzN.exe
  2⤵
  PID:3548
- C:\Windows\System\tPwcyqT.exe
  C:\Windows\System\tPwcyqT.exe
  2⤵
  PID:3592
- C:\Windows\System\mPUbtqT.exe
  C:\Windows\System\mPUbtqT.exe
  2⤵
  PID:3632
- C:\Windows\System\EfmaCll.exe
  C:\Windows\System\EfmaCll.exe
  2⤵
  PID:3692
- C:\Windows\System\EnwbEWZ.exe
  C:\Windows\System\EnwbEWZ.exe
  2⤵
  PID:3732
- C:\Windows\System\rqPYizh.exe
  C:\Windows\System\rqPYizh.exe
  2⤵
  PID:3772
- C:\Windows\System\lCmfOSn.exe
  C:\Windows\System\lCmfOSn.exe
  2⤵
  PID:3752
- C:\Windows\System\WruMjGD.exe
  C:\Windows\System\WruMjGD.exe
  2⤵
  PID:3792
- C:\Windows\System\oKvcOIn.exe
  C:\Windows\System\oKvcOIn.exe
  2⤵
  PID:3832
- C:\Windows\System\Kdcvqgh.exe
  C:\Windows\System\Kdcvqgh.exe
  2⤵
  PID:3872
- C:\Windows\System\cSTtOqf.exe
  C:\Windows\System\cSTtOqf.exe
  2⤵
  PID:3944
- C:\Windows\System\IllzHST.exe
  C:\Windows\System\IllzHST.exe
  2⤵
  PID:3920
- C:\Windows\System\ntAbcCM.exe
  C:\Windows\System\ntAbcCM.exe
  2⤵
  PID:3960
- C:\Windows\System\kvnHtvV.exe
  C:\Windows\System\kvnHtvV.exe
  2⤵
  PID:4020
- C:\Windows\System\fIlYmzR.exe
  C:\Windows\System\fIlYmzR.exe
  2⤵
  PID:4060
- C:\Windows\System\ulrDDqn.exe
  C:\Windows\System\ulrDDqn.exe
  2⤵
  PID:4080
- C:\Windows\System\PHmyRNT.exe
  C:\Windows\System\PHmyRNT.exe
  2⤵
  PID:1704
- C:\Windows\System\FRFbjCN.exe
  C:\Windows\System\FRFbjCN.exe
  2⤵
  PID:2672
- C:\Windows\System\ZGPZzOi.exe
  C:\Windows\System\ZGPZzOi.exe
  2⤵
  PID:1036
- C:\Windows\System\LhFrlsg.exe
  C:\Windows\System\LhFrlsg.exe
  2⤵
  PID:2740
- C:\Windows\System\nCGbGPB.exe
  C:\Windows\System\nCGbGPB.exe
  2⤵
  PID:640
- C:\Windows\System\mBDygWm.exe
  C:\Windows\System\mBDygWm.exe
  2⤵
  PID:3056
- C:\Windows\System\UEOtpEl.exe
  C:\Windows\System\UEOtpEl.exe
  2⤵
  PID:3136
- C:\Windows\System\DmkiVxd.exe
  C:\Windows\System\DmkiVxd.exe
  2⤵
  PID:3256
- C:\Windows\System\wigwkqz.exe
  C:\Windows\System\wigwkqz.exe
  2⤵
  PID:3260
- C:\Windows\System\jQXeYGT.exe
  C:\Windows\System\jQXeYGT.exe
  2⤵
  PID:3344
- C:\Windows\System\wwybXoY.exe
  C:\Windows\System\wwybXoY.exe
  2⤵
  PID:3264
- C:\Windows\System\iZIOtaV.exe
  C:\Windows\System\iZIOtaV.exe
  2⤵
  PID:3420
- C:\Windows\System\bforyuo.exe
  C:\Windows\System\bforyuo.exe
  2⤵
  PID:3512
- C:\Windows\System\ypUiJOH.exe
  C:\Windows\System\ypUiJOH.exe
  2⤵
  PID:3568
- C:\Windows\System\luDGIzy.exe
  C:\Windows\System\luDGIzy.exe
  2⤵
  PID:3612
- C:\Windows\System\fWaJVAs.exe
  C:\Windows\System\fWaJVAs.exe
  2⤵
  PID:3696
- C:\Windows\System\CTXNRYg.exe
  C:\Windows\System\CTXNRYg.exe
  2⤵
  PID:3768
- C:\Windows\System\klfkUud.exe
  C:\Windows\System\klfkUud.exe
  2⤵
  PID:3716
- C:\Windows\System\RdcXfzB.exe
  C:\Windows\System\RdcXfzB.exe
  2⤵
  PID:3840
- C:\Windows\System\aWQLoxU.exe
  C:\Windows\System\aWQLoxU.exe
  2⤵
  PID:3880
- C:\Windows\System\qztaDAJ.exe
  C:\Windows\System\qztaDAJ.exe
  2⤵
  PID:3916
- C:\Windows\System\gSddSYj.exe
  C:\Windows\System\gSddSYj.exe
  2⤵
  PID:4024
- C:\Windows\System\eCCeThy.exe
  C:\Windows\System\eCCeThy.exe
  2⤵
  PID:4056
- C:\Windows\System\siMMOOq.exe
  C:\Windows\System\siMMOOq.exe
  2⤵
  PID:4064
- C:\Windows\System\qjEAEqC.exe
  C:\Windows\System\qjEAEqC.exe
  2⤵
  PID:816
- C:\Windows\System\bjafIEK.exe
  C:\Windows\System\bjafIEK.exe
  2⤵
  PID:1232
- C:\Windows\System\qpmrjav.exe
  C:\Windows\System\qpmrjav.exe
  2⤵
  PID:3120
- C:\Windows\System\hgnbxBK.exe
  C:\Windows\System\hgnbxBK.exe
  2⤵
  PID:3176
- C:\Windows\System\QFLMXwI.exe
  C:\Windows\System\QFLMXwI.exe
  2⤵
  PID:3216
- C:\Windows\System\SgNkOsE.exe
  C:\Windows\System\SgNkOsE.exe
  2⤵
  PID:3240
- C:\Windows\System\oftJvyu.exe
  C:\Windows\System\oftJvyu.exe
  2⤵
  PID:3368
- C:\Windows\System\mmtEVMo.exe
  C:\Windows\System\mmtEVMo.exe
  2⤵
  PID:3504
- C:\Windows\System\tbQcWJf.exe
  C:\Windows\System\tbQcWJf.exe
  2⤵
  PID:3492
- C:\Windows\System\LfiOCzb.exe
  C:\Windows\System\LfiOCzb.exe
  2⤵
  PID:3572
- C:\Windows\System\ISrnouY.exe
  C:\Windows\System\ISrnouY.exe
  2⤵
  PID:3676
- C:\Windows\System\YTcfJRI.exe
  C:\Windows\System\YTcfJRI.exe
  2⤵
  PID:3904
- C:\Windows\System\VJJishm.exe
  C:\Windows\System\VJJishm.exe
  2⤵
  PID:4016
- C:\Windows\System\PkHeXQr.exe
  C:\Windows\System\PkHeXQr.exe
  2⤵
  PID:4000
- C:\Windows\System\VfjYBvZ.exe
  C:\Windows\System\VfjYBvZ.exe
  2⤵
  PID:2380
- C:\Windows\System\dVzTKii.exe
  C:\Windows\System\dVzTKii.exe
  2⤵
  PID:4112
- C:\Windows\System\lTkcTNx.exe
  C:\Windows\System\lTkcTNx.exe
  2⤵
  PID:4132
- C:\Windows\System\wBBvkyf.exe
  C:\Windows\System\wBBvkyf.exe
  2⤵
  PID:4152
- C:\Windows\System\ALlhMWc.exe
  C:\Windows\System\ALlhMWc.exe
  2⤵
  PID:4176
- C:\Windows\System\ixbvUXl.exe
  C:\Windows\System\ixbvUXl.exe
  2⤵
  PID:4196
- C:\Windows\System\ITgyOtt.exe
  C:\Windows\System\ITgyOtt.exe
  2⤵
  PID:4212
- C:\Windows\System\aFIbzYA.exe
  C:\Windows\System\aFIbzYA.exe
  2⤵
  PID:4236
- C:\Windows\System\MIPlzif.exe
  C:\Windows\System\MIPlzif.exe
  2⤵
  PID:4256
- C:\Windows\System\YKevjLv.exe
  C:\Windows\System\YKevjLv.exe
  2⤵
  PID:4276
- C:\Windows\System\VrcAJNk.exe
  C:\Windows\System\VrcAJNk.exe
  2⤵
  PID:4296
- C:\Windows\System\VRtmVlI.exe
  C:\Windows\System\VRtmVlI.exe
  2⤵
  PID:4316
- C:\Windows\System\WIxgNCo.exe
  C:\Windows\System\WIxgNCo.exe
  2⤵
  PID:4336
- C:\Windows\System\EXoGsGp.exe
  C:\Windows\System\EXoGsGp.exe
  2⤵
  PID:4356
- C:\Windows\System\bDsOSJC.exe
  C:\Windows\System\bDsOSJC.exe
  2⤵
  PID:4380
- C:\Windows\System\uFxNZvM.exe
  C:\Windows\System\uFxNZvM.exe
  2⤵
  PID:4400
- C:\Windows\System\xQxyHBB.exe
  C:\Windows\System\xQxyHBB.exe
  2⤵
  PID:4420
- C:\Windows\System\tffqUTf.exe
  C:\Windows\System\tffqUTf.exe
  2⤵
  PID:4440
- C:\Windows\System\SbBAFxx.exe
  C:\Windows\System\SbBAFxx.exe
  2⤵
  PID:4460
- C:\Windows\System\QANamtP.exe
  C:\Windows\System\QANamtP.exe
  2⤵
  PID:4480
- C:\Windows\System\FKWShiZ.exe
  C:\Windows\System\FKWShiZ.exe
  2⤵
  PID:4496
- C:\Windows\System\vIaITDS.exe
  C:\Windows\System\vIaITDS.exe
  2⤵
  PID:4524
- C:\Windows\System\IzsEBfh.exe
  C:\Windows\System\IzsEBfh.exe
  2⤵
  PID:4544
- C:\Windows\System\HtsBZnH.exe
  C:\Windows\System\HtsBZnH.exe
  2⤵
  PID:4564
- C:\Windows\System\DtCeRVN.exe
  C:\Windows\System\DtCeRVN.exe
  2⤵
  PID:4584
- C:\Windows\System\cIereqV.exe
  C:\Windows\System\cIereqV.exe
  2⤵
  PID:4604
- C:\Windows\System\EzUGpGW.exe
  C:\Windows\System\EzUGpGW.exe
  2⤵
  PID:4620
- C:\Windows\System\wJKgtaX.exe
  C:\Windows\System\wJKgtaX.exe
  2⤵
  PID:4644
- C:\Windows\System\VEZrTiE.exe
  C:\Windows\System\VEZrTiE.exe
  2⤵
  PID:4660
- C:\Windows\System\buLIQhU.exe
  C:\Windows\System\buLIQhU.exe
  2⤵
  PID:4684
- C:\Windows\System\OlHwzvn.exe
  C:\Windows\System\OlHwzvn.exe
  2⤵
  PID:4704
- C:\Windows\System\oEYcqBl.exe
  C:\Windows\System\oEYcqBl.exe
  2⤵
  PID:4724
- C:\Windows\System\nVxXyEv.exe
  C:\Windows\System\nVxXyEv.exe
  2⤵
  PID:4744
- C:\Windows\System\ohQituh.exe
  C:\Windows\System\ohQituh.exe
  2⤵
  PID:4764
- C:\Windows\System\vehbcQK.exe
  C:\Windows\System\vehbcQK.exe
  2⤵
  PID:4784
- C:\Windows\System\tOyZduz.exe
  C:\Windows\System\tOyZduz.exe
  2⤵
  PID:4808
- C:\Windows\System\uybCnMY.exe
  C:\Windows\System\uybCnMY.exe
  2⤵
  PID:4824
- C:\Windows\System\oQZoQpF.exe
  C:\Windows\System\oQZoQpF.exe
  2⤵
  PID:4848
- C:\Windows\System\CvPhdzJ.exe
  C:\Windows\System\CvPhdzJ.exe
  2⤵
  PID:4864
- C:\Windows\System\skqyKGP.exe
  C:\Windows\System\skqyKGP.exe
  2⤵
  PID:4888
- C:\Windows\System\pSlEsPL.exe
  C:\Windows\System\pSlEsPL.exe
  2⤵
  PID:4904
- C:\Windows\System\CVoNhTJ.exe
  C:\Windows\System\CVoNhTJ.exe
  2⤵
  PID:4928
- C:\Windows\System\voPUBSR.exe
  C:\Windows\System\voPUBSR.exe
  2⤵
  PID:4948
- C:\Windows\System\AynOFZm.exe
  C:\Windows\System\AynOFZm.exe
  2⤵
  PID:4968
- C:\Windows\System\LjBUVcf.exe
  C:\Windows\System\LjBUVcf.exe
  2⤵
  PID:4988
- C:\Windows\System\PDhoFbg.exe
  C:\Windows\System\PDhoFbg.exe
  2⤵
  PID:5008
- C:\Windows\System\ingtSTi.exe
  C:\Windows\System\ingtSTi.exe
  2⤵
  PID:5028
- C:\Windows\System\yjTFNnM.exe
  C:\Windows\System\yjTFNnM.exe
  2⤵
  PID:5048
- C:\Windows\System\XozVysz.exe
  C:\Windows\System\XozVysz.exe
  2⤵
  PID:5068
- C:\Windows\System\xfyTupA.exe
  C:\Windows\System\xfyTupA.exe
  2⤵
  PID:5092
- C:\Windows\System\dkLtRkF.exe
  C:\Windows\System\dkLtRkF.exe
  2⤵
  PID:5108
- C:\Windows\System\jfpAfQG.exe
  C:\Windows\System\jfpAfQG.exe
  2⤵
  PID:2592
- C:\Windows\System\bviGuFM.exe
  C:\Windows\System\bviGuFM.exe
  2⤵
  PID:3100
- C:\Windows\System\oxmeFZQ.exe
  C:\Windows\System\oxmeFZQ.exe
  2⤵
  PID:3164
- C:\Windows\System\fscKrIf.exe
  C:\Windows\System\fscKrIf.exe
  2⤵
  PID:3304
- C:\Windows\System\yOijcVH.exe
  C:\Windows\System\yOijcVH.exe
  2⤵
  PID:3440
- C:\Windows\System\GtHtums.exe
  C:\Windows\System\GtHtums.exe
  2⤵
  PID:3448
- C:\Windows\System\MgnUpIC.exe
  C:\Windows\System\MgnUpIC.exe
  2⤵
  PID:3544
- C:\Windows\System\ZRobWll.exe
  C:\Windows\System\ZRobWll.exe
  2⤵
  PID:3852
- C:\Windows\System\KfOXObU.exe
  C:\Windows\System\KfOXObU.exe
  2⤵
  PID:4076
- C:\Windows\System\elxFSXf.exe
  C:\Windows\System\elxFSXf.exe
  2⤵
  PID:4084
- C:\Windows\System\xFXVOvF.exe
  C:\Windows\System\xFXVOvF.exe
  2⤵
  PID:4128
- C:\Windows\System\cvdTCVc.exe
  C:\Windows\System\cvdTCVc.exe
  2⤵
  PID:4192
- C:\Windows\System\ZJGCGJJ.exe
  C:\Windows\System\ZJGCGJJ.exe
  2⤵
  PID:2984
- C:\Windows\System\JHRiknb.exe
  C:\Windows\System\JHRiknb.exe
  2⤵
  PID:4224
- C:\Windows\System\cgQgpdX.exe
  C:\Windows\System\cgQgpdX.exe
  2⤵
  PID:4252
- C:\Windows\System\CPZAyQU.exe
  C:\Windows\System\CPZAyQU.exe
  2⤵
  PID:4288
- C:\Windows\System\AUNIXcl.exe
  C:\Windows\System\AUNIXcl.exe
  2⤵
  PID:4352
- C:\Windows\System\abrvcBo.exe
  C:\Windows\System\abrvcBo.exe
  2⤵
  PID:2920
- C:\Windows\System\DuWnPRU.exe
  C:\Windows\System\DuWnPRU.exe
  2⤵
  PID:4376
- C:\Windows\System\VvARVEs.exe
  C:\Windows\System\VvARVEs.exe
  2⤵
  PID:4428
- C:\Windows\System\aIBnxAg.exe
  C:\Windows\System\aIBnxAg.exe
  2⤵
  PID:4412
- C:\Windows\System\LYiELYy.exe
  C:\Windows\System\LYiELYy.exe
  2⤵
  PID:4476
- C:\Windows\System\cEmzMuU.exe
  C:\Windows\System\cEmzMuU.exe
  2⤵
  PID:4508
- C:\Windows\System\iTueCCE.exe
  C:\Windows\System\iTueCCE.exe
  2⤵
  PID:4520
- C:\Windows\System\pxXIrVg.exe
  C:\Windows\System\pxXIrVg.exe
  2⤵
  PID:4540
- C:\Windows\System\mKShtZG.exe
  C:\Windows\System\mKShtZG.exe
  2⤵
  PID:4580
- C:\Windows\System\DIFrjhh.exe
  C:\Windows\System\DIFrjhh.exe
  2⤵
  PID:4632
- C:\Windows\System\UKGnGTb.exe
  C:\Windows\System\UKGnGTb.exe
  2⤵
  PID:4680
- C:\Windows\System\oIxfYts.exe
  C:\Windows\System\oIxfYts.exe
  2⤵
  PID:3020
- C:\Windows\System\qtlyQgG.exe
  C:\Windows\System\qtlyQgG.exe
  2⤵
  PID:4752
- C:\Windows\System\gylbUou.exe
  C:\Windows\System\gylbUou.exe
  2⤵
  PID:1956
- C:\Windows\System\nAolrAO.exe
  C:\Windows\System\nAolrAO.exe
  2⤵
  PID:4800
- C:\Windows\System\SNpdMzF.exe
  C:\Windows\System\SNpdMzF.exe
  2⤵
  PID:4796
- C:\Windows\System\BSTAwkl.exe
  C:\Windows\System\BSTAwkl.exe
  2⤵
  PID:4840
- C:\Windows\System\UDDmPuL.exe
  C:\Windows\System\UDDmPuL.exe
  2⤵
  PID:4856
- C:\Windows\System\ZfNrwpa.exe
  C:\Windows\System\ZfNrwpa.exe
  2⤵
  PID:4916
- C:\Windows\System\nrEBaRX.exe
  C:\Windows\System\nrEBaRX.exe
  2⤵
  PID:4936
- C:\Windows\System\svoHPvA.exe
  C:\Windows\System\svoHPvA.exe
  2⤵
  PID:5004
- C:\Windows\System\nVfyDyL.exe
  C:\Windows\System\nVfyDyL.exe
  2⤵
  PID:4984
- C:\Windows\System\QHqopVy.exe
  C:\Windows\System\QHqopVy.exe
  2⤵
  PID:5040
- C:\Windows\System\DggdzOM.exe
  C:\Windows\System\DggdzOM.exe
  2⤵
  PID:5084
- C:\Windows\System\QzKibok.exe
  C:\Windows\System\QzKibok.exe
  2⤵
  PID:5116
- C:\Windows\System\JcqSvgy.exe
  C:\Windows\System\JcqSvgy.exe
  2⤵
  PID:2588
- C:\Windows\System\leFJDjJ.exe
  C:\Windows\System\leFJDjJ.exe
  2⤵
  PID:1456
- C:\Windows\System\RDBWlFa.exe
  C:\Windows\System\RDBWlFa.exe
  2⤵
  PID:2804
- C:\Windows\System\PEiZmoB.exe
  C:\Windows\System\PEiZmoB.exe
  2⤵
  PID:3708
- C:\Windows\System\lNaobHQ.exe
  C:\Windows\System\lNaobHQ.exe
  2⤵
  PID:3816
- C:\Windows\System\eGqPFVp.exe
  C:\Windows\System\eGqPFVp.exe
  2⤵
  PID:4148
- C:\Windows\System\cPGwcBT.exe
  C:\Windows\System\cPGwcBT.exe
  2⤵
  PID:2860
- C:\Windows\System\fbyXQTP.exe
  C:\Windows\System\fbyXQTP.exe
  2⤵
  PID:4204
- C:\Windows\System\wkiaUDO.exe
  C:\Windows\System\wkiaUDO.exe
  2⤵
  PID:4228
- C:\Windows\System\hAcCHtu.exe
  C:\Windows\System\hAcCHtu.exe
  2⤵
  PID:4312
- C:\Windows\System\cPbaLrA.exe
  C:\Windows\System\cPbaLrA.exe
  2⤵
  PID:4332
- C:\Windows\System\hsNBzzo.exe
  C:\Windows\System\hsNBzzo.exe
  2⤵
  PID:4396
- C:\Windows\System\mOLpEDR.exe
  C:\Windows\System\mOLpEDR.exe
  2⤵
  PID:4516
- C:\Windows\System\EWXoDFo.exe
  C:\Windows\System\EWXoDFo.exe
  2⤵
  PID:4452
- C:\Windows\System\MRIrIov.exe
  C:\Windows\System\MRIrIov.exe
  2⤵
  PID:4492
- C:\Windows\System\bBuvUga.exe
  C:\Windows\System\bBuvUga.exe
  2⤵
  PID:4628
- C:\Windows\System\nDelGbN.exe
  C:\Windows\System\nDelGbN.exe
  2⤵
  PID:4640
- C:\Windows\System\msZKjyj.exe
  C:\Windows\System\msZKjyj.exe
  2⤵
  PID:4676
- C:\Windows\System\ftGBlsD.exe
  C:\Windows\System\ftGBlsD.exe
  2⤵
  PID:4700
- C:\Windows\System\QrCEwbY.exe
  C:\Windows\System\QrCEwbY.exe
  2⤵
  PID:4772
- C:\Windows\System\DnpahAF.exe
  C:\Windows\System\DnpahAF.exe
  2⤵
  PID:4880
- C:\Windows\System\PJhiWAv.exe
  C:\Windows\System\PJhiWAv.exe
  2⤵
  PID:4896
- C:\Windows\System\otBYlzl.exe
  C:\Windows\System\otBYlzl.exe
  2⤵
  PID:4964
- C:\Windows\System\WJanqmP.exe
  C:\Windows\System\WJanqmP.exe
  2⤵
  PID:2968
- C:\Windows\System\dzlfarv.exe
  C:\Windows\System\dzlfarv.exe
  2⤵
  PID:2896
- C:\Windows\System\ipmjyHh.exe
  C:\Windows\System\ipmjyHh.exe
  2⤵
  PID:5024
- C:\Windows\System\AYaPDEs.exe
  C:\Windows\System\AYaPDEs.exe
  2⤵
  PID:2576
- C:\Windows\System\YQlcHmx.exe
  C:\Windows\System\YQlcHmx.exe
  2⤵
  PID:5080
- C:\Windows\System\bDKOExj.exe
  C:\Windows\System\bDKOExj.exe
  2⤵
  PID:3984
- C:\Windows\System\hrDQqLw.exe
  C:\Windows\System\hrDQqLw.exe
  2⤵
  PID:4120
- C:\Windows\System\BVIThDS.exe
  C:\Windows\System\BVIThDS.exe
  2⤵
  PID:4108
- C:\Windows\System\qziZxSv.exe
  C:\Windows\System\qziZxSv.exe
  2⤵
  PID:4264
- C:\Windows\System\VeMAXLs.exe
  C:\Windows\System\VeMAXLs.exe
  2⤵
  PID:4184
- C:\Windows\System\cHCrfpS.exe
  C:\Windows\System\cHCrfpS.exe
  2⤵
  PID:4344
- C:\Windows\System\gzJjlxx.exe
  C:\Windows\System\gzJjlxx.exe
  2⤵
  PID:4436
- C:\Windows\System\GZkYlnl.exe
  C:\Windows\System\GZkYlnl.exe
  2⤵
  PID:4512
- C:\Windows\System\sOTRfUw.exe
  C:\Windows\System\sOTRfUw.exe
  2⤵
  PID:2508
- C:\Windows\System\evuMxKt.exe
  C:\Windows\System\evuMxKt.exe
  2⤵
  PID:4552
- C:\Windows\System\xyOEWZH.exe
  C:\Windows\System\xyOEWZH.exe
  2⤵
  PID:4656
- C:\Windows\System\dDcipyp.exe
  C:\Windows\System\dDcipyp.exe
  2⤵
  PID:4740
- C:\Windows\System\DUVgXGU.exe
  C:\Windows\System\DUVgXGU.exe
  2⤵
  PID:4860
- C:\Windows\System\zqGkuQq.exe
  C:\Windows\System\zqGkuQq.exe
  2⤵
  PID:4924
- C:\Windows\System\vbvkJbb.exe
  C:\Windows\System\vbvkJbb.exe
  2⤵
  PID:4944
- C:\Windows\System\BQOzgOl.exe
  C:\Windows\System\BQOzgOl.exe
  2⤵
  PID:5076
- C:\Windows\System\gosPFVA.exe
  C:\Windows\System\gosPFVA.exe
  2⤵
  PID:3892
- C:\Windows\System\yLEEPUV.exe
  C:\Windows\System\yLEEPUV.exe
  2⤵
  PID:3656
- C:\Windows\System\uPLwbgN.exe
  C:\Windows\System\uPLwbgN.exe
  2⤵
  PID:4248
- C:\Windows\System\QsSwyVu.exe
  C:\Windows\System\QsSwyVu.exe
  2⤵
  PID:4104
- C:\Windows\System\QsGeLSA.exe
  C:\Windows\System\QsGeLSA.exe
  2⤵
  PID:4308
- C:\Windows\System\pTZIZGw.exe
  C:\Windows\System\pTZIZGw.exe
  2⤵
  PID:4504
- C:\Windows\System\wIWLIhi.exe
  C:\Windows\System\wIWLIhi.exe
  2⤵
  PID:4532
- C:\Windows\System\ELXQmqb.exe
  C:\Windows\System\ELXQmqb.exe
  2⤵
  PID:5132
- C:\Windows\System\caObixF.exe
  C:\Windows\System\caObixF.exe
  2⤵
  PID:5156
- C:\Windows\System\SaKXjls.exe
  C:\Windows\System\SaKXjls.exe
  2⤵
  PID:5176
- C:\Windows\System\NQevxQb.exe
  C:\Windows\System\NQevxQb.exe
  2⤵
  PID:5196
- C:\Windows\System\HqNLson.exe
  C:\Windows\System\HqNLson.exe
  2⤵
  PID:5216
- C:\Windows\System\VjkhAMJ.exe
  C:\Windows\System\VjkhAMJ.exe
  2⤵
  PID:5236
- C:\Windows\System\rmUmiLq.exe
  C:\Windows\System\rmUmiLq.exe
  2⤵
  PID:5252
- C:\Windows\System\bVoVwSl.exe
  C:\Windows\System\bVoVwSl.exe
  2⤵
  PID:5276
- C:\Windows\System\psbbnKD.exe
  C:\Windows\System\psbbnKD.exe
  2⤵
  PID:5296
- C:\Windows\System\WThUDnQ.exe
  C:\Windows\System\WThUDnQ.exe
  2⤵
  PID:5316
- C:\Windows\System\rLIbyXg.exe
  C:\Windows\System\rLIbyXg.exe
  2⤵
  PID:5332
- C:\Windows\System\nVxYXPZ.exe
  C:\Windows\System\nVxYXPZ.exe
  2⤵
  PID:5356
- C:\Windows\System\heDSMwh.exe
  C:\Windows\System\heDSMwh.exe
  2⤵
  PID:5376
- C:\Windows\System\ORvuDde.exe
  C:\Windows\System\ORvuDde.exe
  2⤵
  PID:5400
- C:\Windows\System\ZaZkmHP.exe
  C:\Windows\System\ZaZkmHP.exe
  2⤵
  PID:5424
- C:\Windows\System\wrpGgEg.exe
  C:\Windows\System\wrpGgEg.exe
  2⤵
  PID:5444
- C:\Windows\System\cRUKFEy.exe
  C:\Windows\System\cRUKFEy.exe
  2⤵
  PID:5468
- C:\Windows\System\DfGCwNz.exe
  C:\Windows\System\DfGCwNz.exe
  2⤵
  PID:5492
- C:\Windows\System\jubQPcj.exe
  C:\Windows\System\jubQPcj.exe
  2⤵
  PID:5512
- C:\Windows\System\DhttdpC.exe
  C:\Windows\System\DhttdpC.exe
  2⤵
  PID:5536
- C:\Windows\System\yuqEcPr.exe
  C:\Windows\System\yuqEcPr.exe
  2⤵
  PID:5556
- C:\Windows\System\DHTRcTV.exe
  C:\Windows\System\DHTRcTV.exe
  2⤵
  PID:5576
- C:\Windows\System\xkOLzDe.exe
  C:\Windows\System\xkOLzDe.exe
  2⤵
  PID:5596
- C:\Windows\System\XOUcEPA.exe
  C:\Windows\System\XOUcEPA.exe
  2⤵
  PID:5620
- C:\Windows\System\iMqVQnt.exe
  C:\Windows\System\iMqVQnt.exe
  2⤵
  PID:5644
- C:\Windows\System\WuXEyql.exe
  C:\Windows\System\WuXEyql.exe
  2⤵
  PID:5668
- C:\Windows\System\LcKtNvk.exe
  C:\Windows\System\LcKtNvk.exe
  2⤵
  PID:5692
- C:\Windows\System\hGeDCwL.exe
  C:\Windows\System\hGeDCwL.exe
  2⤵
  PID:5712
- C:\Windows\System\yTOyjtH.exe
  C:\Windows\System\yTOyjtH.exe
  2⤵
  PID:5732
- C:\Windows\System\CwnsZyZ.exe
  C:\Windows\System\CwnsZyZ.exe
  2⤵
  PID:5760
- C:\Windows\System\PkjizNT.exe
  C:\Windows\System\PkjizNT.exe
  2⤵
  PID:5780
- C:\Windows\System\vCQfNIA.exe
  C:\Windows\System\vCQfNIA.exe
  2⤵
  PID:5804
- C:\Windows\System\OVLawux.exe
  C:\Windows\System\OVLawux.exe
  2⤵
  PID:5820
- C:\Windows\System\VFijrHO.exe
  C:\Windows\System\VFijrHO.exe
  2⤵
  PID:5844
- C:\Windows\System\EKaVHGu.exe
  C:\Windows\System\EKaVHGu.exe
  2⤵
  PID:5868
- C:\Windows\System\WCLotjF.exe
  C:\Windows\System\WCLotjF.exe
  2⤵
  PID:5888
- C:\Windows\System\IzFlmdn.exe
  C:\Windows\System\IzFlmdn.exe
  2⤵
  PID:5908
- C:\Windows\System\IIHlDYM.exe
  C:\Windows\System\IIHlDYM.exe
  2⤵
  PID:5936
- C:\Windows\System\fAaTPHD.exe
  C:\Windows\System\fAaTPHD.exe
  2⤵
  PID:5956
- C:\Windows\System\FnSgfev.exe
  C:\Windows\System\FnSgfev.exe
  2⤵
  PID:5988
- C:\Windows\System\MSiSPWh.exe
  C:\Windows\System\MSiSPWh.exe
  2⤵
  PID:6012
- C:\Windows\System\PpPARBw.exe
  C:\Windows\System\PpPARBw.exe
  2⤵
  PID:6040
- C:\Windows\System\CZLBDnM.exe
  C:\Windows\System\CZLBDnM.exe
  2⤵
  PID:6060
- C:\Windows\System\eMDieoD.exe
  C:\Windows\System\eMDieoD.exe
  2⤵
  PID:6084
- C:\Windows\System\BGzVdfJ.exe
  C:\Windows\System\BGzVdfJ.exe
  2⤵
  PID:6100
- C:\Windows\System\nwCwJVF.exe
  C:\Windows\System\nwCwJVF.exe
  2⤵
  PID:6128
- C:\Windows\System\BCcbLdT.exe
  C:\Windows\System\BCcbLdT.exe
  2⤵
  PID:4692
- C:\Windows\System\norqEDm.exe
  C:\Windows\System\norqEDm.exe
  2⤵
  PID:2320
- C:\Windows\System\TZhMhjm.exe
  C:\Windows\System\TZhMhjm.exe
  2⤵
  PID:5036
- C:\Windows\System\ABTknQx.exe
  C:\Windows\System\ABTknQx.exe
  2⤵
  PID:3016
- C:\Windows\System\YfCSRij.exe
  C:\Windows\System\YfCSRij.exe
  2⤵
  PID:3004
- C:\Windows\System\XeCfzLs.exe
  C:\Windows\System\XeCfzLs.exe
  2⤵
  PID:4416
- C:\Windows\System\oPieWeo.exe
  C:\Windows\System\oPieWeo.exe
  2⤵
  PID:2928
- C:\Windows\System\ptvyPJt.exe
  C:\Windows\System\ptvyPJt.exe
  2⤵
  PID:2420
- C:\Windows\System\RjFyyEU.exe
  C:\Windows\System\RjFyyEU.exe
  2⤵
  PID:5148
- C:\Windows\System\QibKVkr.exe
  C:\Windows\System\QibKVkr.exe
  2⤵
  PID:5164
- C:\Windows\System\JRooZcw.exe
  C:\Windows\System\JRooZcw.exe
  2⤵
  PID:5232
- C:\Windows\System\wXcFAVE.exe
  C:\Windows\System\wXcFAVE.exe
  2⤵
  PID:5208
- C:\Windows\System\YntAatd.exe
  C:\Windows\System\YntAatd.exe
  2⤵
  PID:5248
- C:\Windows\System\PPtESfB.exe
  C:\Windows\System\PPtESfB.exe
  2⤵
  PID:5292
- C:\Windows\System\stasYog.exe
  C:\Windows\System\stasYog.exe
  2⤵
  PID:5324
- C:\Windows\System\IZaRHSA.exe
  C:\Windows\System\IZaRHSA.exe
  2⤵
  PID:5392
- C:\Windows\System\SVrwidU.exe
  C:\Windows\System\SVrwidU.exe
  2⤵
  PID:5432
- C:\Windows\System\TLiTxUu.exe
  C:\Windows\System\TLiTxUu.exe
  2⤵
  PID:5436
- C:\Windows\System\mIyxUmH.exe
  C:\Windows\System\mIyxUmH.exe
  2⤵
  PID:5464
- C:\Windows\System\VVDGsfU.exe
  C:\Windows\System\VVDGsfU.exe
  2⤵
  PID:5500
- C:\Windows\System\gfTqPJQ.exe
  C:\Windows\System\gfTqPJQ.exe
  2⤵
  PID:472
- C:\Windows\System\xycMJuM.exe
  C:\Windows\System\xycMJuM.exe
  2⤵
  PID:5572
- C:\Windows\System\YSCwkKi.exe
  C:\Windows\System\YSCwkKi.exe
  2⤵
  PID:5604
- C:\Windows\System\sSoJODt.exe
  C:\Windows\System\sSoJODt.exe
  2⤵
  PID:5652
- C:\Windows\System\xGxbfVq.exe
  C:\Windows\System\xGxbfVq.exe
  2⤵
  PID:5636
- C:\Windows\System\REkuWQh.exe
  C:\Windows\System\REkuWQh.exe
  2⤵
  PID:5708
- C:\Windows\System\GDVXigR.exe
  C:\Windows\System\GDVXigR.exe
  2⤵
  PID:5756
- C:\Windows\System\WUoCSHl.exe
  C:\Windows\System\WUoCSHl.exe
  2⤵
  PID:5768
- C:\Windows\System\szVfHaw.exe
  C:\Windows\System\szVfHaw.exe
  2⤵
  PID:5748
- C:\Windows\System\MMbrCvm.exe
  C:\Windows\System\MMbrCvm.exe
  2⤵
  PID:5836
- C:\Windows\System\WdwzuuY.exe
  C:\Windows\System\WdwzuuY.exe
  2⤵
  PID:5864
- C:\Windows\System\mjsrPAM.exe
  C:\Windows\System\mjsrPAM.exe
  2⤵
  PID:5924
- C:\Windows\System\eDzXzPQ.exe
  C:\Windows\System\eDzXzPQ.exe
  2⤵
  PID:5900
- C:\Windows\System\BeRXEJE.exe
  C:\Windows\System\BeRXEJE.exe
  2⤵
  PID:5972
- C:\Windows\System\xoYGWgE.exe
  C:\Windows\System\xoYGWgE.exe
  2⤵
  PID:6000
- C:\Windows\System\WvHLMyS.exe
  C:\Windows\System\WvHLMyS.exe
  2⤵
  PID:1752
- C:\Windows\System\DDIelgi.exe
  C:\Windows\System\DDIelgi.exe
  2⤵
  PID:6072
- C:\Windows\System\rWVCWtR.exe
  C:\Windows\System\rWVCWtR.exe
  2⤵
  PID:6112
- C:\Windows\System\wkNXyGQ.exe
  C:\Windows\System\wkNXyGQ.exe
  2⤵
  PID:6140
- C:\Windows\System\xCrapVJ.exe
  C:\Windows\System\xCrapVJ.exe
  2⤵
  PID:2624
- C:\Windows\System\WOKyfci.exe
  C:\Windows\System\WOKyfci.exe
  2⤵
  PID:2992
- C:\Windows\System\htFTKZV.exe
  C:\Windows\System\htFTKZV.exe
  2⤵
  PID:3408
- C:\Windows\System\ICpsbcO.exe
  C:\Windows\System\ICpsbcO.exe
  2⤵
  PID:1632
- C:\Windows\System\bXpuqOF.exe
  C:\Windows\System\bXpuqOF.exe
  2⤵
  PID:4572
- C:\Windows\System\NSZczva.exe
  C:\Windows\System\NSZczva.exe
  2⤵
  PID:5228
- C:\Windows\System\vmvHmbS.exe
  C:\Windows\System\vmvHmbS.exe
  2⤵
  PID:5168
- C:\Windows\System\UgxzHRZ.exe
  C:\Windows\System\UgxzHRZ.exe
  2⤵
  PID:5264
- C:\Windows\System\vlTsfGC.exe
  C:\Windows\System\vlTsfGC.exe
  2⤵
  PID:5340
- C:\Windows\System\RCjWGoH.exe
  C:\Windows\System\RCjWGoH.exe
  2⤵
  PID:5416
- C:\Windows\System\ZMOLilC.exe
  C:\Windows\System\ZMOLilC.exe
  2⤵
  PID:1596
- C:\Windows\System\pBtuHlF.exe
  C:\Windows\System\pBtuHlF.exe
  2⤵
  PID:668
- C:\Windows\System\shZgkza.exe
  C:\Windows\System\shZgkza.exe
  2⤵
  PID:5524
- C:\Windows\System\DIIUyGa.exe
  C:\Windows\System\DIIUyGa.exe
  2⤵
  PID:5584
- C:\Windows\System\IUGqoHc.exe
  C:\Windows\System\IUGqoHc.exe
  2⤵
  PID:5700
- C:\Windows\System\glUULCd.exe
  C:\Windows\System\glUULCd.exe
  2⤵
  PID:5720
- C:\Windows\System\PVtjNqj.exe
  C:\Windows\System\PVtjNqj.exe
  2⤵
  PID:5828
- C:\Windows\System\fGTGXrB.exe
  C:\Windows\System\fGTGXrB.exe
  2⤵
  PID:5796
- C:\Windows\System\kZaaXFj.exe
  C:\Windows\System\kZaaXFj.exe
  2⤵
  PID:5880
- C:\Windows\System\suoblzW.exe
  C:\Windows\System\suoblzW.exe
  2⤵
  PID:5976
- C:\Windows\System\bBxptyl.exe
  C:\Windows\System\bBxptyl.exe
  2⤵
  PID:6020
- C:\Windows\System\XvaYVez.exe
  C:\Windows\System\XvaYVez.exe
  2⤵
  PID:6028
- C:\Windows\System\mOkgSMg.exe
  C:\Windows\System\mOkgSMg.exe
  2⤵
  PID:6120
- C:\Windows\System\TFzbJKN.exe
  C:\Windows\System\TFzbJKN.exe
  2⤵
  PID:4792
- C:\Windows\System\oaLVMFP.exe
  C:\Windows\System\oaLVMFP.exe
  2⤵
  PID:2944
- C:\Windows\System\mGdRCVk.exe
  C:\Windows\System\mGdRCVk.exe
  2⤵
  PID:1496
- C:\Windows\System\kigBYro.exe
  C:\Windows\System\kigBYro.exe
  2⤵
  PID:4468
- C:\Windows\System\sjgcLrr.exe
  C:\Windows\System\sjgcLrr.exe
  2⤵
  PID:5312
- C:\Windows\System\JihfCjB.exe
  C:\Windows\System\JihfCjB.exe
  2⤵
  PID:5272
- C:\Windows\System\NYfxKIz.exe
  C:\Windows\System\NYfxKIz.exe
  2⤵
  PID:5520
- C:\Windows\System\JkqZGtF.exe
  C:\Windows\System\JkqZGtF.exe
  2⤵
  PID:5484
- C:\Windows\System\NHiDwEg.exe
  C:\Windows\System\NHiDwEg.exe
  2⤵
  PID:2932
- C:\Windows\System\iPRxtSx.exe
  C:\Windows\System\iPRxtSx.exe
  2⤵
  PID:5608
- C:\Windows\System\UtqvhYO.exe
  C:\Windows\System\UtqvhYO.exe
  2⤵
  PID:1624
- C:\Windows\System\zmkCRjl.exe
  C:\Windows\System\zmkCRjl.exe
  2⤵
  PID:2884
- C:\Windows\System\RowZwri.exe
  C:\Windows\System\RowZwri.exe
  2⤵
  PID:5876
- C:\Windows\System\aLETttQ.exe
  C:\Windows\System\aLETttQ.exe
  2⤵
  PID:2772
- C:\Windows\System\tnCNdcN.exe
  C:\Windows\System\tnCNdcN.exe
  2⤵
  PID:6048
- C:\Windows\System\haAPEbI.exe
  C:\Windows\System\haAPEbI.exe
  2⤵
  PID:2468
- C:\Windows\System\Dcxpepn.exe
  C:\Windows\System\Dcxpepn.exe
  2⤵
  PID:2260
- C:\Windows\System\KqKiAHK.exe
  C:\Windows\System\KqKiAHK.exe
  2⤵
  PID:5188
- C:\Windows\System\JWRDLZA.exe
  C:\Windows\System\JWRDLZA.exe
  2⤵
  PID:5140
- C:\Windows\System\RLptOcf.exe
  C:\Windows\System\RLptOcf.exe
  2⤵
  PID:5476
- C:\Windows\System\FrrOMxP.exe
  C:\Windows\System\FrrOMxP.exe
  2⤵
  PID:5656
- C:\Windows\System\eKrMXUm.exe
  C:\Windows\System\eKrMXUm.exe
  2⤵
  PID:6160
- C:\Windows\System\dRIfYel.exe
  C:\Windows\System\dRIfYel.exe
  2⤵
  PID:6180
- C:\Windows\System\ptwUPoR.exe
  C:\Windows\System\ptwUPoR.exe
  2⤵
  PID:6200
- C:\Windows\System\cuXxJeu.exe
  C:\Windows\System\cuXxJeu.exe
  2⤵
  PID:6220
- C:\Windows\System\JWHbUdT.exe
  C:\Windows\System\JWHbUdT.exe
  2⤵
  PID:6240
- C:\Windows\System\cYHsWrN.exe
  C:\Windows\System\cYHsWrN.exe
  2⤵
  PID:6260
- C:\Windows\System\mqLhoZm.exe
  C:\Windows\System\mqLhoZm.exe
  2⤵
  PID:6280
- C:\Windows\System\cjkukij.exe
  C:\Windows\System\cjkukij.exe
  2⤵
  PID:6300
- C:\Windows\System\aPqWfkN.exe
  C:\Windows\System\aPqWfkN.exe
  2⤵
  PID:6320
- C:\Windows\System\kfJYlfF.exe
  C:\Windows\System\kfJYlfF.exe
  2⤵
  PID:6340
- C:\Windows\System\ZNyFzoX.exe
  C:\Windows\System\ZNyFzoX.exe
  2⤵
  PID:6360
- C:\Windows\System\woFuNKR.exe
  C:\Windows\System\woFuNKR.exe
  2⤵
  PID:6380
- C:\Windows\System\YNlUQRH.exe
  C:\Windows\System\YNlUQRH.exe
  2⤵
  PID:6400
- C:\Windows\System\rGqBHbl.exe
  C:\Windows\System\rGqBHbl.exe
  2⤵
  PID:6424
- C:\Windows\System\OuhVtoK.exe
  C:\Windows\System\OuhVtoK.exe
  2⤵
  PID:6444
- C:\Windows\System\oWtGtEw.exe
  C:\Windows\System\oWtGtEw.exe
  2⤵
  PID:6464
- C:\Windows\System\ZOODyfE.exe
  C:\Windows\System\ZOODyfE.exe
  2⤵
  PID:6484
- C:\Windows\System\pfLeMrj.exe
  C:\Windows\System\pfLeMrj.exe
  2⤵
  PID:6504
- C:\Windows\System\sZWyIsU.exe
  C:\Windows\System\sZWyIsU.exe
  2⤵
  PID:6524
- C:\Windows\System\wiHSsvL.exe
  C:\Windows\System\wiHSsvL.exe
  2⤵
  PID:6544
- C:\Windows\System\JueoWBD.exe
  C:\Windows\System\JueoWBD.exe
  2⤵
  PID:6576
- C:\Windows\System\HSIBAed.exe
  C:\Windows\System\HSIBAed.exe
  2⤵
  PID:6592
- C:\Windows\System\FQFDJVj.exe
  C:\Windows\System\FQFDJVj.exe
  2⤵
  PID:6620
- C:\Windows\System\vuBfOoC.exe
  C:\Windows\System\vuBfOoC.exe
  2⤵
  PID:6640
- C:\Windows\System\xflPlxc.exe
  C:\Windows\System\xflPlxc.exe
  2⤵
  PID:6660
- C:\Windows\System\hZMDmdC.exe
  C:\Windows\System\hZMDmdC.exe
  2⤵
  PID:6680
- C:\Windows\System\tXhlRPW.exe
  C:\Windows\System\tXhlRPW.exe
  2⤵
  PID:6700
- C:\Windows\System\JTpcgXB.exe
  C:\Windows\System\JTpcgXB.exe
  2⤵
  PID:6720
- C:\Windows\System\bRnxGxY.exe
  C:\Windows\System\bRnxGxY.exe
  2⤵
  PID:6740
- C:\Windows\System\IyphgrD.exe
  C:\Windows\System\IyphgrD.exe
  2⤵
  PID:6760
- C:\Windows\System\aFXXMFa.exe
  C:\Windows\System\aFXXMFa.exe
  2⤵
  PID:6780
- C:\Windows\System\gXdrwYJ.exe
  C:\Windows\System\gXdrwYJ.exe
  2⤵
  PID:6800
- C:\Windows\System\fXtQvar.exe
  C:\Windows\System\fXtQvar.exe
  2⤵
  PID:6820
- C:\Windows\System\xpgBdpA.exe
  C:\Windows\System\xpgBdpA.exe
  2⤵
  PID:6840
- C:\Windows\System\StbEtXK.exe
  C:\Windows\System\StbEtXK.exe
  2⤵
  PID:6860
- C:\Windows\System\XsCUMqN.exe
  C:\Windows\System\XsCUMqN.exe
  2⤵
  PID:6880
- C:\Windows\System\YjTHkvQ.exe
  C:\Windows\System\YjTHkvQ.exe
  2⤵
  PID:6900
- C:\Windows\System\VBPZZXn.exe
  C:\Windows\System\VBPZZXn.exe
  2⤵
  PID:6924
- C:\Windows\System\KnFtIDh.exe
  C:\Windows\System\KnFtIDh.exe
  2⤵
  PID:6944
- C:\Windows\System\cwQHWPu.exe
  C:\Windows\System\cwQHWPu.exe
  2⤵
  PID:6964
- C:\Windows\System\gnyBYyp.exe
  C:\Windows\System\gnyBYyp.exe
  2⤵
  PID:6984
- C:\Windows\System\KekIDmD.exe
  C:\Windows\System\KekIDmD.exe
  2⤵
  PID:7004
- C:\Windows\System\YGWVApQ.exe
  C:\Windows\System\YGWVApQ.exe
  2⤵
  PID:7040
- C:\Windows\System\rosqpXn.exe
  C:\Windows\System\rosqpXn.exe
  2⤵
  PID:7064
- C:\Windows\System\TIMMoDr.exe
  C:\Windows\System\TIMMoDr.exe
  2⤵
  PID:7088
- C:\Windows\System\TEDfTpR.exe
  C:\Windows\System\TEDfTpR.exe
  2⤵
  PID:7116
- C:\Windows\System\LPeSZNZ.exe
  C:\Windows\System\LPeSZNZ.exe
  2⤵
  PID:7140
- C:\Windows\System\XcIjsns.exe
  C:\Windows\System\XcIjsns.exe
  2⤵
  PID:7160
- C:\Windows\System\nyNAAXV.exe
  C:\Windows\System\nyNAAXV.exe
  2⤵
  PID:5592
- C:\Windows\System\BUWFzId.exe
  C:\Windows\System\BUWFzId.exe
  2⤵
  PID:5792
- C:\Windows\System\YcpDIra.exe
  C:\Windows\System\YcpDIra.exe
  2⤵
  PID:6052
- C:\Windows\System\NsvdPsK.exe
  C:\Windows\System\NsvdPsK.exe
  2⤵
  PID:2504
- C:\Windows\System\asyhGaO.exe
  C:\Windows\System\asyhGaO.exe
  2⤵
  PID:5344
- C:\Windows\System\TeQzmcr.exe
  C:\Windows\System\TeQzmcr.exe
  2⤵
  PID:3000
- C:\Windows\System\wJMWiAw.exe
  C:\Windows\System\wJMWiAw.exe
  2⤵
  PID:6148
- C:\Windows\System\yxRVBJU.exe
  C:\Windows\System\yxRVBJU.exe
  2⤵
  PID:6152
- C:\Windows\System\ESjYSQr.exe
  C:\Windows\System\ESjYSQr.exe
  2⤵
  PID:6228
- C:\Windows\System\NHGjoRQ.exe
  C:\Windows\System\NHGjoRQ.exe
  2⤵
  PID:6216
- C:\Windows\System\AipNgfX.exe
  C:\Windows\System\AipNgfX.exe
  2⤵
  PID:6268
- C:\Windows\System\RaEwpsk.exe
  C:\Windows\System\RaEwpsk.exe
  2⤵
  PID:6288
- C:\Windows\System\gTuXCvV.exe
  C:\Windows\System\gTuXCvV.exe
  2⤵
  PID:6328
- C:\Windows\System\nNymVkc.exe
  C:\Windows\System\nNymVkc.exe
  2⤵
  PID:6332
- C:\Windows\System\lrYAIHZ.exe
  C:\Windows\System\lrYAIHZ.exe
  2⤵
  PID:6376
- C:\Windows\System\loWxvIW.exe
  C:\Windows\System\loWxvIW.exe
  2⤵
  PID:6432
- C:\Windows\System\cSEyyqI.exe
  C:\Windows\System\cSEyyqI.exe
  2⤵
  PID:2960
- C:\Windows\System\UiVgpeI.exe
  C:\Windows\System\UiVgpeI.exe
  2⤵
  PID:6480
- C:\Windows\System\ijenUaV.exe
  C:\Windows\System\ijenUaV.exe
  2⤵
  PID:6520
- C:\Windows\System\CSXsrtN.exe
  C:\Windows\System\CSXsrtN.exe
  2⤵
  PID:6552
- C:\Windows\System\KCndzZi.exe
  C:\Windows\System\KCndzZi.exe
  2⤵
  PID:2720
- C:\Windows\System\IFPYglR.exe
  C:\Windows\System\IFPYglR.exe
  2⤵
  PID:4712
- C:\Windows\System\NFuBQLh.exe
  C:\Windows\System\NFuBQLh.exe
  2⤵
  PID:5532
- C:\Windows\System\reQPoJl.exe
  C:\Windows\System\reQPoJl.exe
  2⤵
  PID:1876
- C:\Windows\System\TJhWzBp.exe
  C:\Windows\System\TJhWzBp.exe
  2⤵
  PID:6588
- C:\Windows\System\abWuQvg.exe
  C:\Windows\System\abWuQvg.exe
  2⤵
  PID:6648
- C:\Windows\System\rIzOjxn.exe
  C:\Windows\System\rIzOjxn.exe
  2⤵
  PID:6652
- C:\Windows\System\CLFlMdz.exe
  C:\Windows\System\CLFlMdz.exe
  2⤵
  PID:6032
- C:\Windows\System\pDKfKss.exe
  C:\Windows\System\pDKfKss.exe
  2⤵
  PID:5632
- C:\Windows\System\tIPmprR.exe
  C:\Windows\System\tIPmprR.exe
  2⤵
  PID:6712
- C:\Windows\System\sqkUWpt.exe
  C:\Windows\System\sqkUWpt.exe
  2⤵
  PID:6080
- C:\Windows\System\OhYoMtB.exe
  C:\Windows\System\OhYoMtB.exe
  2⤵
  PID:6756
- C:\Windows\System\JjCqHVO.exe
  C:\Windows\System\JjCqHVO.exe
  2⤵
  PID:6792
- C:\Windows\System\ycvzDoR.exe
  C:\Windows\System\ycvzDoR.exe
  2⤵
  PID:6816
- C:\Windows\System\lmpJSRW.exe
  C:\Windows\System\lmpJSRW.exe
  2⤵
  PID:2276
- C:\Windows\System\fUdLDSo.exe
  C:\Windows\System\fUdLDSo.exe
  2⤵
  PID:6856
- C:\Windows\System\MqVyALP.exe
  C:\Windows\System\MqVyALP.exe
  2⤵
  PID:6896
- C:\Windows\System\hovmZRQ.exe
  C:\Windows\System\hovmZRQ.exe
  2⤵
  PID:6872
- C:\Windows\System\csBgRXv.exe
  C:\Windows\System\csBgRXv.exe
  2⤵
  PID:6932
- C:\Windows\System\CNvQnJh.exe
  C:\Windows\System\CNvQnJh.exe
  2⤵
  PID:972
- C:\Windows\System\fBSkDFb.exe
  C:\Windows\System\fBSkDFb.exe
  2⤵
  PID:6976
- C:\Windows\System\wzOkadH.exe
  C:\Windows\System\wzOkadH.exe
  2⤵
  PID:6960
- C:\Windows\System\sLcLurl.exe
  C:\Windows\System\sLcLurl.exe
  2⤵
  PID:7000
- C:\Windows\System\kNUzFrD.exe
  C:\Windows\System\kNUzFrD.exe
  2⤵
  PID:5980
- C:\Windows\System\tjGoKac.exe
  C:\Windows\System\tjGoKac.exe
  2⤵
  PID:2372
- C:\Windows\System\LowHojO.exe
  C:\Windows\System\LowHojO.exe
  2⤵
  PID:2144
- C:\Windows\System\KbgAiCY.exe
  C:\Windows\System\KbgAiCY.exe
  2⤵
  PID:7056
- C:\Windows\System\wraOYUk.exe
  C:\Windows\System\wraOYUk.exe
  2⤵
  PID:2280
- C:\Windows\System\brHTkOC.exe
  C:\Windows\System\brHTkOC.exe
  2⤵
  PID:7128
- C:\Windows\System\iTBvsBE.exe
  C:\Windows\System\iTBvsBE.exe
  2⤵
  PID:7148
- C:\Windows\System\KnFJiLt.exe
  C:\Windows\System\KnFJiLt.exe
  2⤵
  PID:6004
- C:\Windows\System\FisBKLG.exe
  C:\Windows\System\FisBKLG.exe
  2⤵
  PID:6136
- C:\Windows\System\DhAEjyS.exe
  C:\Windows\System\DhAEjyS.exe
  2⤵
  PID:5128
- C:\Windows\System\rfDGibQ.exe
  C:\Windows\System\rfDGibQ.exe
  2⤵
  PID:2088
- C:\Windows\System\jqDFaaw.exe
  C:\Windows\System\jqDFaaw.exe
  2⤵
  PID:6196
- C:\Windows\System\ZsFuqAl.exe
  C:\Windows\System\ZsFuqAl.exe
  2⤵
  PID:6232
- C:\Windows\System\lzvINbx.exe
  C:\Windows\System\lzvINbx.exe
  2⤵
  PID:6276
- C:\Windows\System\YoCkSRl.exe
  C:\Windows\System\YoCkSRl.exe
  2⤵
  PID:2988
- C:\Windows\System\OpuKeus.exe
  C:\Windows\System\OpuKeus.exe
  2⤵
  PID:6492
- C:\Windows\System\OYPqrXu.exe
  C:\Windows\System\OYPqrXu.exe
  2⤵
  PID:6496
- C:\Windows\System\tSoDETJ.exe
  C:\Windows\System\tSoDETJ.exe
  2⤵
  PID:6336
- C:\Windows\System\SByfOOF.exe
  C:\Windows\System\SByfOOF.exe
  2⤵
  PID:6472
- C:\Windows\System\hpPTHRz.exe
  C:\Windows\System\hpPTHRz.exe
  2⤵
  PID:5488
- C:\Windows\System\eKWNAUs.exe
  C:\Windows\System\eKWNAUs.exe
  2⤵
  PID:6568
- C:\Windows\System\lYSVUuZ.exe
  C:\Windows\System\lYSVUuZ.exe
  2⤵
  PID:6632
- C:\Windows\System\LZyidqY.exe
  C:\Windows\System\LZyidqY.exe
  2⤵
  PID:1944
- C:\Windows\System\vmBDlpC.exe
  C:\Windows\System\vmBDlpC.exe
  2⤵
  PID:6732
- C:\Windows\System\fgDFqmF.exe
  C:\Windows\System\fgDFqmF.exe
  2⤵
  PID:6748
- C:\Windows\System\kGnzFLg.exe
  C:\Windows\System\kGnzFLg.exe
  2⤵
  PID:6788
- C:\Windows\System\zKUyKMs.exe
  C:\Windows\System\zKUyKMs.exe
  2⤵
  PID:6604
- C:\Windows\System\VlzAIbl.exe
  C:\Windows\System\VlzAIbl.exe
  2⤵
  PID:684
- C:\Windows\System\fBQYaMt.exe
  C:\Windows\System\fBQYaMt.exe
  2⤵
  PID:6888
- C:\Windows\System\iPfwIcu.exe
  C:\Windows\System\iPfwIcu.exe
  2⤵
  PID:6936
- C:\Windows\System\vkrCkIE.exe
  C:\Windows\System\vkrCkIE.exe
  2⤵
  PID:6980
- C:\Windows\System\DRnaLju.exe
  C:\Windows\System\DRnaLju.exe
  2⤵
  PID:6912
- C:\Windows\System\JgnLAFW.exe
  C:\Windows\System\JgnLAFW.exe
  2⤵
  PID:6952
- C:\Windows\System\LIJuYxm.exe
  C:\Windows\System\LIJuYxm.exe
  2⤵
  PID:1868
- C:\Windows\System\jKUXfHj.exe
  C:\Windows\System\jKUXfHj.exe
  2⤵
  PID:7096
- C:\Windows\System\knnkzzW.exe
  C:\Windows\System\knnkzzW.exe
  2⤵
  PID:7084
- C:\Windows\System\BvGQwwt.exe
  C:\Windows\System\BvGQwwt.exe
  2⤵
  PID:5588
- C:\Windows\System\iPTyezR.exe
  C:\Windows\System\iPTyezR.exe
  2⤵
  PID:4884
- C:\Windows\System\uQdqzvY.exe
  C:\Windows\System\uQdqzvY.exe
  2⤵
  PID:6176
- C:\Windows\System\kCBtPIJ.exe
  C:\Windows\System\kCBtPIJ.exe
  2⤵
  PID:6256
- C:\Windows\System\LnHTRVt.exe
  C:\Windows\System\LnHTRVt.exe
  2⤵
  PID:6436
- C:\Windows\System\JFexLmr.exe
  C:\Windows\System\JFexLmr.exe
  2⤵
  PID:6312
- C:\Windows\System\MbcjgLb.exe
  C:\Windows\System\MbcjgLb.exe
  2⤵
  PID:2956
- C:\Windows\System\bndKbYx.exe
  C:\Windows\System\bndKbYx.exe
  2⤵
  PID:6416
- C:\Windows\System\jIPYPcW.exe
  C:\Windows\System\jIPYPcW.exe
  2⤵
  PID:1884
- C:\Windows\System\ZYlQBWt.exe
  C:\Windows\System\ZYlQBWt.exe
  2⤵
  PID:6696
- C:\Windows\System\LMaKDMZ.exe
  C:\Windows\System\LMaKDMZ.exe
  2⤵
  PID:5752
- C:\Windows\System\lxGSNmD.exe
  C:\Windows\System\lxGSNmD.exe
  2⤵
  PID:6708
- C:\Windows\System\eiEmHpX.exe
  C:\Windows\System\eiEmHpX.exe
  2⤵
  PID:6812
- C:\Windows\System\YNSzRtG.exe
  C:\Windows\System\YNSzRtG.exe
  2⤵
  PID:2244
- C:\Windows\System\YMlCCsd.exe
  C:\Windows\System\YMlCCsd.exe
  2⤵
  PID:6556
- C:\Windows\System\CmPcQQC.exe
  C:\Windows\System\CmPcQQC.exe
  2⤵
  PID:2904
- C:\Windows\System\dTxtRVZ.exe
  C:\Windows\System\dTxtRVZ.exe
  2⤵
  PID:6996
- C:\Windows\System\uisIzfP.exe
  C:\Windows\System\uisIzfP.exe
  2⤵
  PID:2076
- C:\Windows\System\OdqMjgJ.exe
  C:\Windows\System\OdqMjgJ.exe
  2⤵
  PID:5640
- C:\Windows\System\LuGDytE.exe
  C:\Windows\System\LuGDytE.exe
  2⤵
  PID:1472
- C:\Windows\System\djLhDXG.exe
  C:\Windows\System\djLhDXG.exe
  2⤵
  PID:6172
- C:\Windows\System\emsirgI.exe
  C:\Windows\System\emsirgI.exe
  2⤵
  PID:2796
- C:\Windows\System\XIQjkbP.exe
  C:\Windows\System\XIQjkbP.exe
  2⤵
  PID:7132
- C:\Windows\System\CMoqtXJ.exe
  C:\Windows\System\CMoqtXJ.exe
  2⤵
  PID:6916
- C:\Windows\System\ZSrleGs.exe
  C:\Windows\System\ZSrleGs.exe
  2⤵
  PID:6636
- C:\Windows\System\yMtDfJq.exe
  C:\Windows\System\yMtDfJq.exe
  2⤵
  PID:6768
- C:\Windows\System\SaQtrne.exe
  C:\Windows\System\SaQtrne.exe
  2⤵
  PID:6832
- C:\Windows\System\gJyYzTw.exe
  C:\Windows\System\gJyYzTw.exe
  2⤵
  PID:1872
- C:\Windows\System\KfObzlm.exe
  C:\Windows\System\KfObzlm.exe
  2⤵
  PID:1604
- C:\Windows\System\ycZHzRS.exe
  C:\Windows\System\ycZHzRS.exe
  2⤵
  PID:7016
- C:\Windows\System\XkJnSeR.exe
  C:\Windows\System\XkJnSeR.exe
  2⤵
  PID:1056
- C:\Windows\System\YJJvtqz.exe
  C:\Windows\System\YJJvtqz.exe
  2⤵
  PID:1484
- C:\Windows\System\YtNUrjn.exe
  C:\Windows\System\YtNUrjn.exe
  2⤵
  PID:7112
- C:\Windows\System\ExCFYmm.exe
  C:\Windows\System\ExCFYmm.exe
  2⤵
  PID:6248
- C:\Windows\System\pZByRgV.exe
  C:\Windows\System\pZByRgV.exe
  2⤵
  PID:6420
- C:\Windows\System\psGVITW.exe
  C:\Windows\System\psGVITW.exe
  2⤵
  PID:6608
- C:\Windows\System\BpKrpbl.exe
  C:\Windows\System\BpKrpbl.exe
  2⤵
  PID:6808
- C:\Windows\System\iHxnjDW.exe
  C:\Windows\System\iHxnjDW.exe
  2⤵
  PID:6972
- C:\Windows\System\ZfdPycc.exe
  C:\Windows\System\ZfdPycc.exe
  2⤵
  PID:6992
- C:\Windows\System\WVSGEki.exe
  C:\Windows\System\WVSGEki.exe
  2⤵
  PID:2360
- C:\Windows\System\vuMhsVU.exe
  C:\Windows\System\vuMhsVU.exe
  2⤵
  PID:7104
- C:\Windows\System\fyXSlIZ.exe
  C:\Windows\System\fyXSlIZ.exe
  2⤵
  PID:6628
- C:\Windows\System\kbEiyyQ.exe
  C:\Windows\System\kbEiyyQ.exe
  2⤵
  PID:5688
- C:\Windows\System\llMpCTP.exe
  C:\Windows\System\llMpCTP.exe
  2⤵
  PID:6868
- C:\Windows\System\TDDHNMG.exe
  C:\Windows\System\TDDHNMG.exe
  2⤵
  PID:2472
- C:\Windows\System\CMkIQCM.exe
  C:\Windows\System\CMkIQCM.exe
  2⤵
  PID:6156
- C:\Windows\System\poMzBGp.exe
  C:\Windows\System\poMzBGp.exe
  2⤵
  PID:6692
- C:\Windows\System\SDTipLW.exe
  C:\Windows\System\SDTipLW.exe
  2⤵
  PID:1264
- C:\Windows\System\pDpKukw.exe
  C:\Windows\System\pDpKukw.exe
  2⤵
  PID:2124
- C:\Windows\System\skVdneQ.exe
  C:\Windows\System\skVdneQ.exe
  2⤵
  PID:2808
- C:\Windows\System\USltXeV.exe
  C:\Windows\System\USltXeV.exe
  2⤵
  PID:7184
- C:\Windows\System\PKqbBrO.exe
  C:\Windows\System\PKqbBrO.exe
  2⤵
  PID:7200
- C:\Windows\System\UpGJKmu.exe
  C:\Windows\System\UpGJKmu.exe
  2⤵
  PID:7220
- C:\Windows\System\hMkxIys.exe
  C:\Windows\System\hMkxIys.exe
  2⤵
  PID:7236
- C:\Windows\System\EbeBYgR.exe
  C:\Windows\System\EbeBYgR.exe
  2⤵
  PID:7260
- C:\Windows\System\QZzyqgH.exe
  C:\Windows\System\QZzyqgH.exe
  2⤵
  PID:7288
- C:\Windows\System\VvIeFjm.exe
  C:\Windows\System\VvIeFjm.exe
  2⤵
  PID:7304
- C:\Windows\System\tKlnScI.exe
  C:\Windows\System\tKlnScI.exe
  2⤵
  PID:7336
- C:\Windows\System\sAGClxy.exe
  C:\Windows\System\sAGClxy.exe
  2⤵
  PID:7352
- C:\Windows\System\bqbftbB.exe
  C:\Windows\System\bqbftbB.exe
  2⤵
  PID:7372
- C:\Windows\System\cSJfskK.exe
  C:\Windows\System\cSJfskK.exe
  2⤵
  PID:7392
- C:\Windows\System\CJgiTlB.exe
  C:\Windows\System\CJgiTlB.exe
  2⤵
  PID:7412
- C:\Windows\System\LGHEjDq.exe
  C:\Windows\System\LGHEjDq.exe
  2⤵
  PID:7432
- C:\Windows\System\ibCZaOA.exe
  C:\Windows\System\ibCZaOA.exe
  2⤵
  PID:7452
- C:\Windows\System\OUsqobg.exe
  C:\Windows\System\OUsqobg.exe
  2⤵
  PID:7476
- C:\Windows\System\xeDGiZr.exe
  C:\Windows\System\xeDGiZr.exe
  2⤵
  PID:7492
- C:\Windows\System\TOdeGbi.exe
  C:\Windows\System\TOdeGbi.exe
  2⤵
  PID:7508
- C:\Windows\System\SISzJHB.exe
  C:\Windows\System\SISzJHB.exe
  2⤵
  PID:7536
- C:\Windows\System\nwakEwK.exe
  C:\Windows\System\nwakEwK.exe
  2⤵
  PID:7552
- C:\Windows\System\WVMabmm.exe
  C:\Windows\System\WVMabmm.exe
  2⤵
  PID:7568
- C:\Windows\System\NwjxbVi.exe
  C:\Windows\System\NwjxbVi.exe
  2⤵
  PID:7588
- C:\Windows\System\cqrEcXf.exe
  C:\Windows\System\cqrEcXf.exe
  2⤵
  PID:7612
- C:\Windows\System\TrKotSj.exe
  C:\Windows\System\TrKotSj.exe
  2⤵
  PID:7628
- C:\Windows\System\UBUmeHs.exe
  C:\Windows\System\UBUmeHs.exe
  2⤵
  PID:7656
- C:\Windows\System\nUOGDQX.exe
  C:\Windows\System\nUOGDQX.exe
  2⤵
  PID:7672
- C:\Windows\System\EszRuDG.exe
  C:\Windows\System\EszRuDG.exe
  2⤵
  PID:7688
- C:\Windows\System\FuYLwUY.exe
  C:\Windows\System\FuYLwUY.exe
  2⤵
  PID:7704
- C:\Windows\System\zvmpYJi.exe
  C:\Windows\System\zvmpYJi.exe
  2⤵
  PID:7724
- C:\Windows\System\zxtFOkJ.exe
  C:\Windows\System\zxtFOkJ.exe
  2⤵
  PID:7744
- C:\Windows\System\yWZqmGM.exe
  C:\Windows\System\yWZqmGM.exe
  2⤵
  PID:7764
- C:\Windows\System\hXzKouR.exe
  C:\Windows\System\hXzKouR.exe
  2⤵
  PID:7800
- C:\Windows\System\nyEOBIE.exe
  C:\Windows\System\nyEOBIE.exe
  2⤵
  PID:7820
- C:\Windows\System\UhtvEZn.exe
  C:\Windows\System\UhtvEZn.exe
  2⤵
  PID:7836
- C:\Windows\System\NTtAtdi.exe
  C:\Windows\System\NTtAtdi.exe
  2⤵
  PID:7852
- C:\Windows\System\pWdpTSS.exe
  C:\Windows\System\pWdpTSS.exe
  2⤵
  PID:7880
- C:\Windows\System\auTfGWX.exe
  C:\Windows\System\auTfGWX.exe
  2⤵
  PID:7896
- C:\Windows\System\CCTDqtN.exe
  C:\Windows\System\CCTDqtN.exe
  2⤵
  PID:7916
- C:\Windows\System\CcvZtqI.exe
  C:\Windows\System\CcvZtqI.exe
  2⤵
  PID:7936
- C:\Windows\System\hUAFdnH.exe
  C:\Windows\System\hUAFdnH.exe
  2⤵
  PID:7960
- C:\Windows\System\FuqOWts.exe
  C:\Windows\System\FuqOWts.exe
  2⤵
  PID:7980
- C:\Windows\System\SgqkQzz.exe
  C:\Windows\System\SgqkQzz.exe
  2⤵
  PID:7996
- C:\Windows\System\EpEcVTO.exe
  C:\Windows\System\EpEcVTO.exe
  2⤵
  PID:8020
- C:\Windows\System\CmoEphf.exe
  C:\Windows\System\CmoEphf.exe
  2⤵
  PID:8036
- C:\Windows\System\qdoXgOa.exe
  C:\Windows\System\qdoXgOa.exe
  2⤵
  PID:8060
- C:\Windows\System\LXjMQaY.exe
  C:\Windows\System\LXjMQaY.exe
  2⤵
  PID:8076
- C:\Windows\System\RPZaRsg.exe
  C:\Windows\System\RPZaRsg.exe
  2⤵
  PID:8096
- C:\Windows\System\pZexsbV.exe
  C:\Windows\System\pZexsbV.exe
  2⤵
  PID:8116
- C:\Windows\System\FmgCHBk.exe
  C:\Windows\System\FmgCHBk.exe
  2⤵
  PID:8140
- C:\Windows\System\DvhSqBQ.exe
  C:\Windows\System\DvhSqBQ.exe
  2⤵
  PID:8156
- C:\Windows\System\GzHoaDg.exe
  C:\Windows\System\GzHoaDg.exe
  2⤵
  PID:8172
- C:\Windows\System\cncXMBJ.exe
  C:\Windows\System\cncXMBJ.exe
  2⤵
  PID:7192
- C:\Windows\System\WZdWbmf.exe
  C:\Windows\System\WZdWbmf.exe
  2⤵
  PID:2060
- C:\Windows\System\sAVSkIY.exe
  C:\Windows\System\sAVSkIY.exe
  2⤵
  PID:7276
- C:\Windows\System\IXoJXMs.exe
  C:\Windows\System\IXoJXMs.exe
  2⤵
  PID:7324
- C:\Windows\System\ZCFyZVf.exe
  C:\Windows\System\ZCFyZVf.exe
  2⤵
  PID:7212
- C:\Windows\System\GGkUjVI.exe
  C:\Windows\System\GGkUjVI.exe
  2⤵
  PID:7300
- C:\Windows\System\rFiCGct.exe
  C:\Windows\System\rFiCGct.exe
  2⤵
  PID:7348
- C:\Windows\System\EnbMscP.exe
  C:\Windows\System\EnbMscP.exe
  2⤵
  PID:7408
- C:\Windows\System\zauOHcl.exe
  C:\Windows\System\zauOHcl.exe
  2⤵
  PID:7420
- C:\Windows\System\KKUWamJ.exe
  C:\Windows\System\KKUWamJ.exe
  2⤵
  PID:7444
- C:\Windows\System\IxTWqnA.exe
  C:\Windows\System\IxTWqnA.exe
  2⤵
  PID:7488
- C:\Windows\System\mBLiLYg.exe
  C:\Windows\System\mBLiLYg.exe
  2⤵
  PID:7516
- C:\Windows\System\euGmjlH.exe
  C:\Windows\System\euGmjlH.exe
  2⤵
  PID:7564
- C:\Windows\System\IylsFWH.exe
  C:\Windows\System\IylsFWH.exe
  2⤵
  PID:7604
- C:\Windows\System\onzEGIv.exe
  C:\Windows\System\onzEGIv.exe
  2⤵
  PID:7644
- C:\Windows\System\IFZuHap.exe
  C:\Windows\System\IFZuHap.exe
  2⤵
  PID:7580
- C:\Windows\System\sSCXeYB.exe
  C:\Windows\System\sSCXeYB.exe
  2⤵
  PID:7716
- C:\Windows\System\NasFPQO.exe
  C:\Windows\System\NasFPQO.exe
  2⤵
  PID:7668
- C:\Windows\System\FiNWNtZ.exe
  C:\Windows\System\FiNWNtZ.exe
  2⤵
  PID:7732
- C:\Windows\System\ZIxiRkU.exe
  C:\Windows\System\ZIxiRkU.exe
  2⤵
  PID:7788
- C:\Windows\System\XLKQSmH.exe
  C:\Windows\System\XLKQSmH.exe
  2⤵
  PID:7812
- C:\Windows\System\FPtViAC.exe
  C:\Windows\System\FPtViAC.exe
  2⤵
  PID:7860
- C:\Windows\System\IdiIGRV.exe
  C:\Windows\System\IdiIGRV.exe
  2⤵
  PID:7876
- C:\Windows\System\jRdmVHf.exe
  C:\Windows\System\jRdmVHf.exe
  2⤵
  PID:7928
- C:\Windows\System\qZvdZdk.exe
  C:\Windows\System\qZvdZdk.exe
  2⤵
  PID:7912
- C:\Windows\System\DDSrqfB.exe
  C:\Windows\System\DDSrqfB.exe
  2⤵
  PID:8004
- C:\Windows\System\APJPlDk.exe
  C:\Windows\System\APJPlDk.exe
  2⤵
  PID:8008
- C:\Windows\System\SjIHmjz.exe
  C:\Windows\System\SjIHmjz.exe
  2⤵
  PID:8056
- C:\Windows\System\fvsLrHj.exe
  C:\Windows\System\fvsLrHj.exe
  2⤵
  PID:8092
- C:\Windows\System\hAVtEDP.exe
  C:\Windows\System\hAVtEDP.exe
  2⤵
  PID:8124
- C:\Windows\System\uEhjhlK.exe
  C:\Windows\System\uEhjhlK.exe
  2⤵
  PID:8180
- C:\Windows\System\lUtHitc.exe
  C:\Windows\System\lUtHitc.exe
  2⤵
  PID:8148
- C:\Windows\System\dQKaQlN.exe
  C:\Windows\System\dQKaQlN.exe
  2⤵
  PID:7284
- C:\Windows\System\OhOowRG.exe
  C:\Windows\System\OhOowRG.exe
  2⤵
  PID:7176
- C:\Windows\System\PbgWlQI.exe
  C:\Windows\System\PbgWlQI.exe
  2⤵
  PID:7256
- C:\Windows\System\jxBjpoG.exe
  C:\Windows\System\jxBjpoG.exe
  2⤵
  PID:7344
- C:\Windows\System\PgwfdpY.exe
  C:\Windows\System\PgwfdpY.exe
  2⤵
  PID:7388
- C:\Windows\System\DxMfCEP.exe
  C:\Windows\System\DxMfCEP.exe
  2⤵
  PID:7468
- C:\Windows\System\FRdMciu.exe
  C:\Windows\System\FRdMciu.exe
  2⤵
  PID:7600
- C:\Windows\System\QmlnaMF.exe
  C:\Windows\System\QmlnaMF.exe
  2⤵
  PID:7560
- C:\Windows\System\ONKSkFo.exe
  C:\Windows\System\ONKSkFo.exe
  2⤵
  PID:7664
- C:\Windows\System\XFpPrGw.exe
  C:\Windows\System\XFpPrGw.exe
  2⤵
  PID:7684
- C:\Windows\System\HNrwItA.exe
  C:\Windows\System\HNrwItA.exe
  2⤵
  PID:7772
- C:\Windows\System\ZqjItxQ.exe
  C:\Windows\System\ZqjItxQ.exe
  2⤵
  PID:7832
- C:\Windows\System\OUHWPSc.exe
  C:\Windows\System\OUHWPSc.exe
  2⤵
  PID:7952
- C:\Windows\System\RyxWSGt.exe
  C:\Windows\System\RyxWSGt.exe
  2⤵
  PID:7776
- C:\Windows\System\xKQrpMC.exe
  C:\Windows\System\xKQrpMC.exe
  2⤵
  PID:7904
- C:\Windows\System\UvVxGlb.exe
  C:\Windows\System\UvVxGlb.exe
  2⤵
  PID:8016
- C:\Windows\System\gQetsrI.exe
  C:\Windows\System\gQetsrI.exe
  2⤵
  PID:8088
- C:\Windows\System\JqJqenY.exe
  C:\Windows\System\JqJqenY.exe
  2⤵
  PID:8152
- C:\Windows\System\ufjOGAL.exe
  C:\Windows\System\ufjOGAL.exe
  2⤵
  PID:5152
- C:\Windows\System\FLGxbmB.exe
  C:\Windows\System\FLGxbmB.exe
  2⤵
  PID:7208
- C:\Windows\System\OVbMxEi.exe
  C:\Windows\System\OVbMxEi.exe
  2⤵
  PID:7252
- C:\Windows\System\tyYTHWq.exe
  C:\Windows\System\tyYTHWq.exe
  2⤵
  PID:7424
- C:\Windows\System\pjTsFqd.exe
  C:\Windows\System\pjTsFqd.exe
  2⤵
  PID:7544
- C:\Windows\System\pDBjbvU.exe
  C:\Windows\System\pDBjbvU.exe
  2⤵
  PID:7576
- C:\Windows\System\BkOqEPO.exe
  C:\Windows\System\BkOqEPO.exe
  2⤵
  PID:7640
- C:\Windows\System\EKiRqhD.exe
  C:\Windows\System\EKiRqhD.exe
  2⤵
  PID:7844
- C:\Windows\System\MDjvHGy.exe
  C:\Windows\System\MDjvHGy.exe
  2⤵
  PID:7956
- C:\Windows\System\gVdrtEK.exe
  C:\Windows\System\gVdrtEK.exe
  2⤵
  PID:7908
- C:\Windows\System\bzkKQfg.exe
  C:\Windows\System\bzkKQfg.exe
  2⤵
  PID:8104
- C:\Windows\System\vEOWFBL.exe
  C:\Windows\System\vEOWFBL.exe
  2⤵
  PID:8108
- C:\Windows\System\bFIIjkV.exe
  C:\Windows\System\bFIIjkV.exe
  2⤵
  PID:7228
- C:\Windows\System\DwLmaEp.exe
  C:\Windows\System\DwLmaEp.exe
  2⤵
  PID:7320
- C:\Windows\System\qGxXosf.exe
  C:\Windows\System\qGxXosf.exe
  2⤵
  PID:7504
- C:\Windows\System\aPVeczK.exe
  C:\Windows\System\aPVeczK.exe
  2⤵
  PID:7756
- C:\Windows\System\YILdBkk.exe
  C:\Windows\System\YILdBkk.exe
  2⤵
  PID:7968
- C:\Windows\System\MmtljSV.exe
  C:\Windows\System\MmtljSV.exe
  2⤵
  PID:7796
- C:\Windows\System\JBfbMGK.exe
  C:\Windows\System\JBfbMGK.exe
  2⤵
  PID:8012
- C:\Windows\System\tRPgQfy.exe
  C:\Windows\System\tRPgQfy.exe
  2⤵
  PID:8136
- C:\Windows\System\gEDSzVj.exe
  C:\Windows\System\gEDSzVj.exe
  2⤵
  PID:7624
- C:\Windows\System\sEkCxxZ.exe
  C:\Windows\System\sEkCxxZ.exe
  2⤵
  PID:7700
- C:\Windows\System\SaBVDSh.exe
  C:\Windows\System\SaBVDSh.exe
  2⤵
  PID:7180
- C:\Windows\System\QRjkYxf.exe
  C:\Windows\System\QRjkYxf.exe
  2⤵
  PID:6512
- C:\Windows\System\EELMFIH.exe
  C:\Windows\System\EELMFIH.exe
  2⤵
  PID:7736
- C:\Windows\System\woTffuW.exe
  C:\Windows\System\woTffuW.exe
  2⤵
  PID:8072
- C:\Windows\System\OHpVPKe.exe
  C:\Windows\System\OHpVPKe.exe
  2⤵
  PID:7400
- C:\Windows\System\MWfqxuu.exe
  C:\Windows\System\MWfqxuu.exe
  2⤵
  PID:7472
- C:\Windows\System\qAOVetP.exe
  C:\Windows\System\qAOVetP.exe
  2⤵
  PID:8208
- C:\Windows\System\tJyALkw.exe
  C:\Windows\System\tJyALkw.exe
  2⤵
  PID:8228
- C:\Windows\System\SKFuTkC.exe
  C:\Windows\System\SKFuTkC.exe
  2⤵
  PID:8252
- C:\Windows\System\DkgKoYN.exe
  C:\Windows\System\DkgKoYN.exe
  2⤵
  PID:8268
- C:\Windows\System\jQKTpJN.exe
  C:\Windows\System\jQKTpJN.exe
  2⤵
  PID:8292
- C:\Windows\System\ZYsrhFd.exe
  C:\Windows\System\ZYsrhFd.exe
  2⤵
  PID:8312
- C:\Windows\System\vMWQmBk.exe
  C:\Windows\System\vMWQmBk.exe
  2⤵
  PID:8328
- C:\Windows\System\yaCqFlw.exe
  C:\Windows\System\yaCqFlw.exe
  2⤵
  PID:8352
- C:\Windows\System\WyRmgmW.exe
  C:\Windows\System\WyRmgmW.exe
  2⤵
  PID:8368
- C:\Windows\System\ACUBYzp.exe
  C:\Windows\System\ACUBYzp.exe
  2⤵
  PID:8384
- C:\Windows\System\mvtMSYz.exe
  C:\Windows\System\mvtMSYz.exe
  2⤵
  PID:8408
- C:\Windows\System\rcglezP.exe
  C:\Windows\System\rcglezP.exe
  2⤵
  PID:8432
- C:\Windows\System\pzgaOTS.exe
  C:\Windows\System\pzgaOTS.exe
  2⤵
  PID:8448
- C:\Windows\System\EPGDCeR.exe
  C:\Windows\System\EPGDCeR.exe
  2⤵
  PID:8472
- C:\Windows\System\xltvMPJ.exe
  C:\Windows\System\xltvMPJ.exe
  2⤵
  PID:8488
- C:\Windows\System\NrYjtts.exe
  C:\Windows\System\NrYjtts.exe
  2⤵
  PID:8504
- C:\Windows\System\kyAJVxA.exe
  C:\Windows\System\kyAJVxA.exe
  2⤵
  PID:8524
- C:\Windows\System\AexXZwv.exe
  C:\Windows\System\AexXZwv.exe
  2⤵
  PID:8544
- C:\Windows\System\ulIlMwK.exe
  C:\Windows\System\ulIlMwK.exe
  2⤵
  PID:8564
- C:\Windows\System\VqILVZU.exe
  C:\Windows\System\VqILVZU.exe
  2⤵
  PID:8592
- C:\Windows\System\dQSHtaW.exe
  C:\Windows\System\dQSHtaW.exe
  2⤵
  PID:8608
- C:\Windows\System\tkafrTU.exe
  C:\Windows\System\tkafrTU.exe
  2⤵
  PID:8632
- C:\Windows\System\pwfpsFg.exe
  C:\Windows\System\pwfpsFg.exe
  2⤵
  PID:8648
- C:\Windows\System\myNPFlW.exe
  C:\Windows\System\myNPFlW.exe
  2⤵
  PID:8664
- C:\Windows\System\SmsXRyE.exe
  C:\Windows\System\SmsXRyE.exe
  2⤵
  PID:8688
- C:\Windows\System\EZtgtlk.exe
  C:\Windows\System\EZtgtlk.exe
  2⤵
  PID:8708
- C:\Windows\System\aZNKqQw.exe
  C:\Windows\System\aZNKqQw.exe
  2⤵
  PID:8728
- C:\Windows\System\DUMCLGz.exe
  C:\Windows\System\DUMCLGz.exe
  2⤵
  PID:8748
- C:\Windows\System\oHOZtuf.exe
  C:\Windows\System\oHOZtuf.exe
  2⤵
  PID:8768
- C:\Windows\System\iidEtXW.exe
  C:\Windows\System\iidEtXW.exe
  2⤵
  PID:8796
- C:\Windows\System\PQodInz.exe
  C:\Windows\System\PQodInz.exe
  2⤵
  PID:8820
- C:\Windows\System\fPUWZUV.exe
  C:\Windows\System\fPUWZUV.exe
  2⤵
  PID:8840
- C:\Windows\System\MoiVHub.exe
  C:\Windows\System\MoiVHub.exe
  2⤵
  PID:8856
- C:\Windows\System\goqESOg.exe
  C:\Windows\System\goqESOg.exe
  2⤵
  PID:8880
- C:\Windows\System\BDGiJzP.exe
  C:\Windows\System\BDGiJzP.exe
  2⤵
  PID:8896
- C:\Windows\System\WSXFfeq.exe
  C:\Windows\System\WSXFfeq.exe
  2⤵
  PID:8916
- C:\Windows\System\uJsMled.exe
  C:\Windows\System\uJsMled.exe
  2⤵
  PID:8936
- C:\Windows\System\eMsDJZw.exe
  C:\Windows\System\eMsDJZw.exe
  2⤵
  PID:8960
- C:\Windows\System\wUfClhs.exe
  C:\Windows\System\wUfClhs.exe
  2⤵
  PID:8976
- C:\Windows\System\SBMsbmA.exe
  C:\Windows\System\SBMsbmA.exe
  2⤵
  PID:9000
- C:\Windows\System\vyENwmB.exe
  C:\Windows\System\vyENwmB.exe
  2⤵
  PID:9020
- C:\Windows\System\WPLFvHx.exe
  C:\Windows\System\WPLFvHx.exe
  2⤵
  PID:9040
- C:\Windows\System\LnnVwIq.exe
  C:\Windows\System\LnnVwIq.exe
  2⤵
  PID:9056
- C:\Windows\System\RkowcKB.exe
  C:\Windows\System\RkowcKB.exe
  2⤵
  PID:9076
- C:\Windows\System\qGFJOSc.exe
  C:\Windows\System\qGFJOSc.exe
  2⤵
  PID:9096
- C:\Windows\System\GgtxeyS.exe
  C:\Windows\System\GgtxeyS.exe
  2⤵
  PID:9116
- C:\Windows\System\JMMamzO.exe
  C:\Windows\System\JMMamzO.exe
  2⤵
  PID:9136
- C:\Windows\System\ClnOhSZ.exe
  C:\Windows\System\ClnOhSZ.exe
  2⤵
  PID:9156
- C:\Windows\System\rbLuFFn.exe
  C:\Windows\System\rbLuFFn.exe
  2⤵
  PID:9176
- C:\Windows\System\RDczIEe.exe
  C:\Windows\System\RDczIEe.exe
  2⤵
  PID:9200
- C:\Windows\System\ildFYir.exe
  C:\Windows\System\ildFYir.exe
  2⤵
  PID:7368
- C:\Windows\System\optIeyP.exe
  C:\Windows\System\optIeyP.exe
  2⤵
  PID:8224
- C:\Windows\System\dfSjJVc.exe
  C:\Windows\System\dfSjJVc.exe
  2⤵
  PID:8244
- C:\Windows\System\jePhLSH.exe
  C:\Windows\System\jePhLSH.exe
  2⤵
  PID:8284
- C:\Windows\System\YtrLucA.exe
  C:\Windows\System\YtrLucA.exe
  2⤵
  PID:8336
- C:\Windows\System\lyDYIkN.exe
  C:\Windows\System\lyDYIkN.exe
  2⤵
  PID:8344
- C:\Windows\System\VfwXsJc.exe
  C:\Windows\System\VfwXsJc.exe
  2⤵
  PID:8364
- C:\Windows\System\FCDvlnQ.exe
  C:\Windows\System\FCDvlnQ.exe
  2⤵
  PID:8416
- C:\Windows\System\zmDiKyq.exe
  C:\Windows\System\zmDiKyq.exe
  2⤵
  PID:8444
- C:\Windows\System\kPSUCWj.exe
  C:\Windows\System\kPSUCWj.exe
  2⤵
  PID:8468
- C:\Windows\System\FpxNvFe.exe
  C:\Windows\System\FpxNvFe.exe
  2⤵
  PID:8536
- C:\Windows\System\pmjhHvP.exe
  C:\Windows\System\pmjhHvP.exe
  2⤵
  PID:8580
- C:\Windows\System\wCtcVnt.exe
  C:\Windows\System\wCtcVnt.exe
  2⤵
  PID:8556
- C:\Windows\System\gQnXQqI.exe
  C:\Windows\System\gQnXQqI.exe
  2⤵
  PID:8624
- C:\Windows\System\btADKLR.exe
  C:\Windows\System\btADKLR.exe
  2⤵
  PID:8656
- C:\Windows\System\vIRBPbD.exe
  C:\Windows\System\vIRBPbD.exe
  2⤵
  PID:8672
- C:\Windows\System\bPDCVrg.exe
  C:\Windows\System\bPDCVrg.exe
  2⤵
  PID:8676
- C:\Windows\System\bDoTEdG.exe
  C:\Windows\System\bDoTEdG.exe
  2⤵
  PID:8720
- C:\Windows\System\CDFjTWo.exe
  C:\Windows\System\CDFjTWo.exe
  2⤵
  PID:8724
- C:\Windows\System\MxKZtpR.exe
  C:\Windows\System\MxKZtpR.exe
  2⤵
  PID:8780
- C:\Windows\System\SFjwpcL.exe
  C:\Windows\System\SFjwpcL.exe
  2⤵
  PID:8872
- C:\Windows\System\jrYmqFt.exe
  C:\Windows\System\jrYmqFt.exe
  2⤵
  PID:8908
- C:\Windows\System\TLLOfix.exe
  C:\Windows\System\TLLOfix.exe
  2⤵
  PID:8944
- C:\Windows\System\uJxipYO.exe
  C:\Windows\System\uJxipYO.exe
  2⤵
  PID:8968
- C:\Windows\System\FKWrgGY.exe
  C:\Windows\System\FKWrgGY.exe
  2⤵
  PID:8996
- C:\Windows\System\tKeIPdW.exe
  C:\Windows\System\tKeIPdW.exe
  2⤵
  PID:9032
- C:\Windows\System\rQAESHY.exe
  C:\Windows\System\rQAESHY.exe
  2⤵
  PID:9064
- C:\Windows\System\mfjzTrc.exe
  C:\Windows\System\mfjzTrc.exe
  2⤵
  PID:9084
- C:\Windows\System\IwzWMPa.exe
  C:\Windows\System\IwzWMPa.exe
  2⤵
  PID:9128
- C:\Windows\System\uxRopXI.exe
  C:\Windows\System\uxRopXI.exe
  2⤵
  PID:9132
- C:\Windows\System\gorcpTz.exe
  C:\Windows\System\gorcpTz.exe
  2⤵
  PID:9172
- C:\Windows\System\xHzqvGB.exe
  C:\Windows\System\xHzqvGB.exe
  2⤵
  PID:8068
- C:\Windows\System\aSnippl.exe
  C:\Windows\System\aSnippl.exe
  2⤵
  PID:8264
- C:\Windows\System\GmOzbjP.exe
  C:\Windows\System\GmOzbjP.exe
  2⤵
  PID:8304
- C:\Windows\System\oLyKAtb.exe
  C:\Windows\System\oLyKAtb.exe
  2⤵
  PID:8400
- C:\Windows\System\FfjcBka.exe
  C:\Windows\System\FfjcBka.exe
  2⤵
  PID:8532
- C:\Windows\System\nJMrZAc.exe
  C:\Windows\System\nJMrZAc.exe
  2⤵
  PID:8428
- C:\Windows\System\WGgaiXQ.exe
  C:\Windows\System\WGgaiXQ.exe
  2⤵
  PID:8512
- C:\Windows\System\dXKzGYz.exe
  C:\Windows\System\dXKzGYz.exe
  2⤵
  PID:8484
- C:\Windows\System\lzuJaSa.exe
  C:\Windows\System\lzuJaSa.exe
  2⤵
  PID:8628
- C:\Windows\System\IlPLcND.exe
  C:\Windows\System\IlPLcND.exe
  2⤵
  PID:8696
- C:\Windows\System\pfDHEAQ.exe
  C:\Windows\System\pfDHEAQ.exe
  2⤵
  PID:8776
- C:\Windows\System\JkniILt.exe
  C:\Windows\System\JkniILt.exe
  2⤵
  PID:8808
- C:\Windows\System\qfGMhCJ.exe
  C:\Windows\System\qfGMhCJ.exe
  2⤵
  PID:8852
- C:\Windows\System\BLAXfEZ.exe
  C:\Windows\System\BLAXfEZ.exe
  2⤵
  PID:8132
- C:\Windows\System\aCZZDPR.exe
  C:\Windows\System\aCZZDPR.exe
  2⤵
  PID:9008
- C:\Windows\System\idwfeGF.exe
  C:\Windows\System\idwfeGF.exe
  2⤵
  PID:9012
- C:\Windows\System\MwmDFTw.exe
  C:\Windows\System\MwmDFTw.exe
  2⤵
  PID:9104
- C:\Windows\System\CGvhnIg.exe
  C:\Windows\System\CGvhnIg.exe
  2⤵
  PID:9112
- C:\Windows\System\OyExkvK.exe
  C:\Windows\System\OyExkvK.exe
  2⤵
  PID:9168
- C:\Windows\System\PyQmjxS.exe
  C:\Windows\System\PyQmjxS.exe
  2⤵
  PID:8216
- C:\Windows\System\jsWqLOo.exe
  C:\Windows\System\jsWqLOo.exe
  2⤵
  PID:8324
- C:\Windows\System\eFlvTee.exe
  C:\Windows\System\eFlvTee.exe
  2⤵
  PID:8376
- C:\Windows\System\EpiUuSl.exe
  C:\Windows\System\EpiUuSl.exe
  2⤵
  PID:8616
- C:\Windows\System\PxYnStK.exe
  C:\Windows\System\PxYnStK.exe
  2⤵
  PID:8420
- C:\Windows\System\QJDuikK.exe
  C:\Windows\System\QJDuikK.exe
  2⤵
  PID:8572
- C:\Windows\System\TeQqciM.exe
  C:\Windows\System\TeQqciM.exe
  2⤵
  PID:8788
- C:\Windows\System\NdifLlS.exe
  C:\Windows\System\NdifLlS.exe
  2⤵
  PID:8892
- C:\Windows\System\MKNfHmV.exe
  C:\Windows\System\MKNfHmV.exe
  2⤵
  PID:8932
- C:\Windows\System\PyIUvyU.exe
  C:\Windows\System\PyIUvyU.exe
  2⤵
  PID:8972
- C:\Windows\System\wHGcwHH.exe
  C:\Windows\System\wHGcwHH.exe
  2⤵
  PID:9192
- C:\Windows\System\RQJkIOD.exe
  C:\Windows\System\RQJkIOD.exe
  2⤵
  PID:9212
- C:\Windows\System\oZCaMUn.exe
  C:\Windows\System\oZCaMUn.exe
  2⤵
  PID:8516
- C:\Windows\System\fAvcGBO.exe
  C:\Windows\System\fAvcGBO.exe
  2⤵
  PID:8460
- C:\Windows\System\Fshodiw.exe
  C:\Windows\System\Fshodiw.exe
  2⤵
  PID:8620
- C:\Windows\System\BMQLRYd.exe
  C:\Windows\System\BMQLRYd.exe
  2⤵
  PID:8836
- C:\Windows\System\GXDoLOr.exe
  C:\Windows\System\GXDoLOr.exe
  2⤵
  PID:9016
- C:\Windows\System\plYPvsa.exe
  C:\Windows\System\plYPvsa.exe
  2⤵
  PID:9108
- C:\Windows\System\AwduzBN.exe
  C:\Windows\System\AwduzBN.exe
  2⤵
  PID:8288
- C:\Windows\System\ygRuaFH.exe
  C:\Windows\System\ygRuaFH.exe
  2⤵
  PID:8396
- C:\Windows\System\TCQWjGR.exe
  C:\Windows\System\TCQWjGR.exe
  2⤵
  PID:8848
- C:\Windows\System\urrLbIK.exe
  C:\Windows\System\urrLbIK.exe
  2⤵
  PID:9048
- C:\Windows\System\HiFXjAO.exe
  C:\Windows\System\HiFXjAO.exe
  2⤵
  PID:8308
- C:\Windows\System\MWUepNt.exe
  C:\Windows\System\MWUepNt.exe
  2⤵
  PID:8740
- C:\Windows\System\eIBRAmo.exe
  C:\Windows\System\eIBRAmo.exe
  2⤵
  PID:8952
- C:\Windows\System\ccWtDuB.exe
  C:\Windows\System\ccWtDuB.exe
  2⤵
  PID:9148
- C:\Windows\System\WjvVGEo.exe
  C:\Windows\System\WjvVGEo.exe
  2⤵
  PID:9188
- C:\Windows\System\qMRvFyd.exe
  C:\Windows\System\qMRvFyd.exe
  2⤵
  PID:9240
- C:\Windows\System\qKlavwo.exe
  C:\Windows\System\qKlavwo.exe
  2⤵
  PID:9256
- C:\Windows\System\exNhpmN.exe
  C:\Windows\System\exNhpmN.exe
  2⤵
  PID:9276
- C:\Windows\System\eBZjvbP.exe
  C:\Windows\System\eBZjvbP.exe
  2⤵
  PID:9292
- C:\Windows\System\vxrSSpx.exe
  C:\Windows\System\vxrSSpx.exe
  2⤵
  PID:9312
- C:\Windows\System\lhhZQTf.exe
  C:\Windows\System\lhhZQTf.exe
  2⤵
  PID:9332
- C:\Windows\System\mFcUuzW.exe
  C:\Windows\System\mFcUuzW.exe
  2⤵
  PID:9356
- C:\Windows\System\rbquibv.exe
  C:\Windows\System\rbquibv.exe
  2⤵
  PID:9372
- C:\Windows\System\UyBCimq.exe
  C:\Windows\System\UyBCimq.exe
  2⤵
  PID:9400
- C:\Windows\System\SYKaaMJ.exe
  C:\Windows\System\SYKaaMJ.exe
  2⤵
  PID:9416
- C:\Windows\System\NOkXZAz.exe
  C:\Windows\System\NOkXZAz.exe
  2⤵
  PID:9432
- C:\Windows\System\rJLsfCv.exe
  C:\Windows\System\rJLsfCv.exe
  2⤵
  PID:9452
- C:\Windows\System\mbPFlqj.exe
  C:\Windows\System\mbPFlqj.exe
  2⤵
  PID:9472
- C:\Windows\System\xUGVNXZ.exe
  C:\Windows\System\xUGVNXZ.exe
  2⤵
  PID:9492
- C:\Windows\System\ucglBbg.exe
  C:\Windows\System\ucglBbg.exe
  2⤵
  PID:9516
- C:\Windows\System\zWcoinc.exe
  C:\Windows\System\zWcoinc.exe
  2⤵
  PID:9536
- C:\Windows\System\ENgkbBz.exe
  C:\Windows\System\ENgkbBz.exe
  2⤵
  PID:9560
- C:\Windows\System\bONAWPH.exe
  C:\Windows\System\bONAWPH.exe
  2⤵
  PID:9576
- C:\Windows\System\RdzIolI.exe
  C:\Windows\System\RdzIolI.exe
  2⤵
  PID:9596
- C:\Windows\System\YXRrCUF.exe
  C:\Windows\System\YXRrCUF.exe
  2⤵
  PID:9616
- C:\Windows\System\GSfgWAE.exe
  C:\Windows\System\GSfgWAE.exe
  2⤵
  PID:9640
- C:\Windows\System\vpURmsw.exe
  C:\Windows\System\vpURmsw.exe
  2⤵
  PID:9656
- C:\Windows\System\wKMrkLz.exe
  C:\Windows\System\wKMrkLz.exe
  2⤵
  PID:9680
- C:\Windows\System\ZlaPpzw.exe
  C:\Windows\System\ZlaPpzw.exe
  2⤵
  PID:9700
- C:\Windows\System\LgRUNYu.exe
  C:\Windows\System\LgRUNYu.exe
  2⤵
  PID:9724
- C:\Windows\System\nskQtdv.exe
  C:\Windows\System\nskQtdv.exe
  2⤵
  PID:9740
- C:\Windows\System\TbVwNoQ.exe
  C:\Windows\System\TbVwNoQ.exe
  2⤵
  PID:9764
- C:\Windows\System\SNFmnwf.exe
  C:\Windows\System\SNFmnwf.exe
  2⤵
  PID:9780
- C:\Windows\System\pthQSUy.exe
  C:\Windows\System\pthQSUy.exe
  2⤵
  PID:9796
- C:\Windows\System\OOCGjwk.exe
  C:\Windows\System\OOCGjwk.exe
  2⤵
  PID:9812
- C:\Windows\System\xLHOyEi.exe
  C:\Windows\System\xLHOyEi.exe
  2⤵
  PID:9840
- C:\Windows\System\HvIIFtg.exe
  C:\Windows\System\HvIIFtg.exe
  2⤵
  PID:9860
- C:\Windows\System\ujzzQpN.exe
  C:\Windows\System\ujzzQpN.exe
  2⤵
  PID:9884
- C:\Windows\System\XqlCZXl.exe
  C:\Windows\System\XqlCZXl.exe
  2⤵
  PID:9900
- C:\Windows\System\lqbwugJ.exe
  C:\Windows\System\lqbwugJ.exe
  2⤵
  PID:9924
- C:\Windows\System\YqvANcW.exe
  C:\Windows\System\YqvANcW.exe
  2⤵
  PID:9940
- C:\Windows\System\VXNzqCT.exe
  C:\Windows\System\VXNzqCT.exe
  2⤵
  PID:9956
- C:\Windows\System\plNqbQf.exe
  C:\Windows\System\plNqbQf.exe
  2⤵
  PID:9984
- C:\Windows\System\hcodisq.exe
  C:\Windows\System\hcodisq.exe
  2⤵
  PID:10004
- C:\Windows\System\pBxrsTz.exe
  C:\Windows\System\pBxrsTz.exe
  2⤵
  PID:10024
- C:\Windows\System\ifNbrrZ.exe
  C:\Windows\System\ifNbrrZ.exe
  2⤵
  PID:10044
- C:\Windows\System\qQMrCmd.exe
  C:\Windows\System\qQMrCmd.exe
  2⤵
  PID:10060
- C:\Windows\System\DBoqHkD.exe
  C:\Windows\System\DBoqHkD.exe
  2⤵
  PID:10076
- C:\Windows\System\GJpPtDn.exe
  C:\Windows\System\GJpPtDn.exe
  2⤵
  PID:10096
- C:\Windows\System\LjfQjvr.exe
  C:\Windows\System\LjfQjvr.exe
  2⤵
  PID:10120
- C:\Windows\System\PBiLDuK.exe
  C:\Windows\System\PBiLDuK.exe
  2⤵
  PID:10136
- C:\Windows\System\adTMtVj.exe
  C:\Windows\System\adTMtVj.exe
  2⤵
  PID:10152
- C:\Windows\System\APpqDnc.exe
  C:\Windows\System\APpqDnc.exe
  2⤵
  PID:10180
- C:\Windows\System\RJUiZat.exe
  C:\Windows\System\RJUiZat.exe
  2⤵
  PID:10204
- C:\Windows\System\hIISXlM.exe
  C:\Windows\System\hIISXlM.exe
  2⤵
  PID:10220
- C:\Windows\System\KAPDyOy.exe
  C:\Windows\System\KAPDyOy.exe
  2⤵
  PID:9164
- C:\Windows\System\qQtfbxX.exe
  C:\Windows\System\qQtfbxX.exe
  2⤵
  PID:9264
- C:\Windows\System\QWbnQjF.exe
  C:\Windows\System\QWbnQjF.exe
  2⤵
  PID:9300
- C:\Windows\System\PNZoITa.exe
  C:\Windows\System\PNZoITa.exe
  2⤵
  PID:9348
- C:\Windows\System\aYQetRA.exe
  C:\Windows\System\aYQetRA.exe
  2⤵
  PID:8904
- C:\Windows\System\JBUUjaj.exe
  C:\Windows\System\JBUUjaj.exe
  2⤵
  PID:9368
- C:\Windows\System\rRoEXXZ.exe
  C:\Windows\System\rRoEXXZ.exe
  2⤵
  PID:9384
- C:\Windows\System\RFYpBNh.exe
  C:\Windows\System\RFYpBNh.exe
  2⤵
  PID:9440
- C:\Windows\System\wSEacKQ.exe
  C:\Windows\System\wSEacKQ.exe
  2⤵
  PID:9544
- C:\Windows\System\tuPKcke.exe
  C:\Windows\System\tuPKcke.exe
  2⤵
  PID:9524
- C:\Windows\System\lBOwNqk.exe
  C:\Windows\System\lBOwNqk.exe
  2⤵
  PID:9408
- C:\Windows\System\VRqsgbe.exe
  C:\Windows\System\VRqsgbe.exe
  2⤵
  PID:9532
- C:\Windows\System\ajcNULp.exe
  C:\Windows\System\ajcNULp.exe
  2⤵
  PID:9624
- C:\Windows\System\xSjixNm.exe
  C:\Windows\System\xSjixNm.exe
  2⤵
  PID:9612
- C:\Windows\System\AbsHRHv.exe
  C:\Windows\System\AbsHRHv.exe
  2⤵
  PID:9676
- C:\Windows\System\oQyGsbJ.exe
  C:\Windows\System\oQyGsbJ.exe
  2⤵
  PID:9692
- C:\Windows\System\ZnXcxMj.exe
  C:\Windows\System\ZnXcxMj.exe
  2⤵
  PID:9732
- C:\Windows\System\AKHNOqp.exe
  C:\Windows\System\AKHNOqp.exe
  2⤵
  PID:9788
- C:\Windows\System\hMyDovl.exe
  C:\Windows\System\hMyDovl.exe
  2⤵
  PID:9804
- C:\Windows\System\VZPLTsi.exe
  C:\Windows\System\VZPLTsi.exe
  2⤵
  PID:9852
- C:\Windows\System\aBBVYXV.exe
  C:\Windows\System\aBBVYXV.exe
  2⤵
  PID:9908
- C:\Windows\System\wbbsOfe.exe
  C:\Windows\System\wbbsOfe.exe
  2⤵
  PID:9896
- C:\Windows\System\DcnUhar.exe
  C:\Windows\System\DcnUhar.exe
  2⤵
  PID:9936
- C:\Windows\System\JtvwSwb.exe
  C:\Windows\System\JtvwSwb.exe
  2⤵
  PID:9968
- C:\Windows\System\MOQXTlD.exe
  C:\Windows\System\MOQXTlD.exe
  2⤵
  PID:10032
- C:\Windows\System\bQXOqjb.exe
  C:\Windows\System\bQXOqjb.exe
  2⤵
  PID:10052
- C:\Windows\System\hlQOOAS.exe
  C:\Windows\System\hlQOOAS.exe
  2⤵
  PID:10108
- C:\Windows\System\BCWNmXC.exe
  C:\Windows\System\BCWNmXC.exe
  2⤵
  PID:8816
- C:\Windows\System\IRIjTAm.exe
  C:\Windows\System\IRIjTAm.exe
  2⤵
  PID:10144
- C:\Windows\System\HOOePnh.exe
  C:\Windows\System\HOOePnh.exe
  2⤵
  PID:10192
- C:\Windows\System\WLNzjgf.exe
  C:\Windows\System\WLNzjgf.exe
  2⤵
  PID:10216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BaLbRij.exe

Filesize
6.0MB

MD5
95f98bea0a20b35a85f2d67aafdd8233

SHA1
42300183e171ca3a03a427ebdbb6f1a3d6cc1909

SHA256
d5f6a13292eb8f4268497e7a758fe790b35f527b27d92fcc9d84367e659ed853

SHA512
2ca7ef329e26ad24347274f0cc4e5a248fc8aa44fa0515acea79cff4479fe3cddee4c8cad2352fa7d40ddec23e0993fd3e2a57b4fb63fdd341e7ec96e9a54932

Download Submit
C:\Windows\system\INlbEMZ.exe

Filesize
6.0MB

MD5
3ef6fb2000d39d5bffcc46a2b0aa98c6

SHA1
d41aa91c7002f908f6de5a26ce04916e3dcc2d3f

SHA256
d7e624a51266c8b3af768783f413948be571e79e2d9d488eb6c837aba61812e0

SHA512
fe13876ed6a181c01c72e8b5193ef424d3d5d9233c606f5020fd07c56aa251b6bf24885216db9e8d380d3b2bc7eaaafb9366afdd3d9eac57d3f824a4f2f1e814

Download Submit
C:\Windows\system\IOAnqRC.exe

Filesize
6.0MB

MD5
834d094c9f5975076dac178c674db979

SHA1
972f43f37f2af0a5254284d79a1269df30d2cb76

SHA256
59de82f7db235e239263626b962b5da0dbc65653ad74c95f38e31f4b8b2923fe

SHA512
a54535d35af2f107c2f5e2c6e5f84034ace9f276695c4439988c2c415d4630e47c0725c8d938659adf9a7ad1f0c91ad0c4bf7f7c3459f3bc38391e7c83f975de

Download Submit
C:\Windows\system\IzWFbtU.exe

Filesize
6.0MB

MD5
d71969e1887d97f954bc91e7059c38a2

SHA1
dff4b5b89a132ae1542ab3c7ac6736c7dd9cf3df

SHA256
1e4c9f9fb247aaf41b7dea35726da18bebc85069283ee055d1a4b1de56a67954

SHA512
2249472d3f825fcfac2db7cfeb657490c9ff3dd264ac7146689a6119b4c7a8e0841f0f19c237a4fcc5b18b3ee65c17dfc4a57d5d997e728d52b167b9633e7e12

Download Submit
C:\Windows\system\KETHoDL.exe

Filesize
6.0MB

MD5
ada4c8ec08bc1c06d65c8c607bf9851c

SHA1
87321aa028a3725a20fe0957bb2b0e8635a0556f

SHA256
4e7e05eb9e6e493d768bd1d177f6bc9cddd60e444c89ca39c5eca05374268a1d

SHA512
f19e7e28ee65fa8fa2b1a19d7ec0a2f20d606f071f68dcc7a810604e7ec05fb14a25f9ecfe85163aad2ac782363e4c962c1e11df1a1f6566952afc1609200efb

Download Submit
C:\Windows\system\LoRGyvJ.exe

Filesize
6.0MB

MD5
73a8dd7486f153dfb124f521c15aac5c

SHA1
987814367c3f8f2ea2ede9ef41390541a1df450a

SHA256
3947ab01175f373968a282e1d2e8c77c80462d92d669bf1064db13e171f21001

SHA512
29c58d461a47aca5bccc138e1b6e02cc5e5ddd5408477c3e8dd18ade35fec599179a8dbbc001e199b0ea8aee5d7161dfea658d1b7ecdc4df737bf0fe822400d5

Download Submit
C:\Windows\system\OSeJWRE.exe

Filesize
6.0MB

MD5
22353e885d77a479deefb110306b95cf

SHA1
b0c55216b12e3481342a21d3181faae13fd123a2

SHA256
7ec442895eefc725bbe98c99512050c87f726a35aa0f60c15466bc8eeb04f60a

SHA512
3b6bae0cfbc0afccbb8e8dfa817a6da2256ccb096e8694905849781c46617b167e494d4e93a6e2a04aa8c9a6ffcfeaaf2c41e4ddbf7e9b07608076d04ade59fa

Download Submit
C:\Windows\system\QhRKZDM.exe

Filesize
6.0MB

MD5
c697d0068c41ea06e2c5000c235cfb96

SHA1
37e4701ad00f9cd466b671fcb72d12007bcdeab1

SHA256
cd459bc41c3340d58ee156b8b96fc47098e509901aafd301cf08befd09051c8c

SHA512
77402f523fd8528bdcf6cbc9d1c012d5c075d7633020fc2d4ec6245fded50afba660ece00740a7b272f173f7f247ddf85cbe4475d1125b001380c3004098960f

Download Submit
C:\Windows\system\QvxZuXH.exe

Filesize
6.0MB

MD5
ca0e1ead150be1f87a69c628523ee3fe

SHA1
900d2d42d760708fffdefe0adfb2c8592e020492

SHA256
7ff202122b207ace168b6317d1a78f744788dc317fde30a1bc5bf9ee7535baf8

SHA512
a7d794d11124746f6780691394bc2e834126cb4b85eaf50060c2751fb6c38037011037b519c133ef2c669e59f2426e3e00e36dc101ef74bff0e54d075e67e411

Download Submit
C:\Windows\system\TqEYjWD.exe

Filesize
6.0MB

MD5
706f1b590db77fc91199fa174f8a5cc5

SHA1
e6aec091e11ce11fa8af2613b5a6d287040e5ac7

SHA256
72bc831f377f1976f12f9fbab392eb90f5f7da2a12489d014ac862e2cfa8a3eb

SHA512
594ee879cd0e9d6b10f6b0566c6672750938bc3fcf5efb12f8bd94a847ff0ab5b88c9c6a84233d6f31b19efa2ca43d8e98e9f18dfe26d057845a5217676c0ab4

Download Submit
C:\Windows\system\ULsmaGv.exe

Filesize
6.0MB

MD5
7438ac325f1c12ccd5ec1f6288a333f1

SHA1
5ae782902cae5ce2913feb3ed20c799d0f8c2bf0

SHA256
7f53a35375cc315330cefd6840aad444e59285a557c90eb6bf1617877d067927

SHA512
8dba908668540e4f578b206545ee9c3ce8b8fb74d05d830a3ae5e964be4a702060f3ef84a3027a271150f0a8c37a0119c56f3954bacc6d10ae1b07151e6b458f

Download Submit
C:\Windows\system\ViFZMSP.exe

Filesize
6.0MB

MD5
22691267d05f81102d2886ad7cc1c3f3

SHA1
5724b215803f411b91a887d9ae82a567516f1797

SHA256
4fb2665a25c307256f48e0852c437086d09cb5020154e9dbe65335a4531c768e

SHA512
7fc69934a13f4d58ac2ae3c626a04f6bdff90382c44233c299fc00c9e32cc11e28f734e171f1940951c1fbc687a2b05a574f7d208a2bca0e39678a78e2993cb6

Download Submit
C:\Windows\system\ViykWrx.exe

Filesize
6.0MB

MD5
b02fcd94b205fcbe78670115e7b4b225

SHA1
b94b1ce7c882f12522c0e4562dbcdf730f911ed9

SHA256
e6e5861b0f7c21080aa4bf6d793b52a1450d22bc531f72a493f799f4d399651e

SHA512
83d0683661f9cc1b8a97fa1993552fdc7f3da3b3f0dcd6fb60c5687d56e980d90f65ab281b0bf8da739618a037db80e389ba63349109e660ae26d695d31f2df6

Download Submit
C:\Windows\system\WuiQgcj.exe

Filesize
6.0MB

MD5
2c4fb60df81c3c1c03d889a0f0a99472

SHA1
47ac69de54f4c1013acb53a95a8d54b66cc4e99d

SHA256
7af5c8d43f55c92ed739d161fc6f21e74040c1b8373e615e168348f8560caaea

SHA512
b69b0b4c89eeeeb4965c89c0099328977d754355a966759f4bcdaaade497137b8629c8909cdca026a5553ac8a90036448bce0022229c822d5266fd5054c71c00

Download Submit
C:\Windows\system\YzkCCKE.exe

Filesize
6.0MB

MD5
dfb6cb6ca18849e3fc14102b3fb49195

SHA1
c77e979ca81fbe4d271136c788a9f1f0b110db2d

SHA256
07989c6ebdaf5d55c2da5a24a2bfb3ace802c875a1f5a52f5cbed308e6fd4f5f

SHA512
d198402c9d56e69c80bfe3499d884a4ef1cdd4bfc199444ec809a5f7e73ff32ee8e295b5d75e0cbd79ca8c3109c8dd5271c078ebc7fb451264681f3977898b45

Download Submit
C:\Windows\system\bDvOLIV.exe

Filesize
6.0MB

MD5
b624b4557f8adedaa2e1778e322099d2

SHA1
952c3d677092ef0b05fd979743775c15cf2d32c4

SHA256
887887f1d3ded41fe8c2acc0a6c7f41ade5fb59ba9f3af2d47f9db2d0e35e5cd

SHA512
46836ebe3ebf55598b3e982b2292aa3f75f07b30713a61d336f9481a66414d5407f55c3b74e8dfefbb23e2d6de732b49546047c644c943ab2604c44d8c12d7aa

Download Submit
C:\Windows\system\dBzSbVQ.exe

Filesize
6.0MB

MD5
122d27780e23135c4cafca9b087d7999

SHA1
5c52ec3add83d65ed5c33873425a8527122a7c03

SHA256
a61119b4460b5601bf690dcbdd629875caa14e2b234b308362705a929553554a

SHA512
56677aa1cd9bd4e6efbe6a9913240dca3027e5553ba5f2c853aefee66190a5fba3ee94fda438036ed118b5632c04f501cbc66e2f96f0bab080e1e4cff4100f03

Download Submit
C:\Windows\system\eJErpIm.exe

Filesize
6.0MB

MD5
6cfb707124830745380c699e2392d8e0

SHA1
cbe7ae87d459e258503b10e04c21a4c3e794dfa2

SHA256
4de7099c4e910ab76ede5c2829992a29418d3ed3b61f5a32c08991963130a9a3

SHA512
8571b54d8b77c0af335afa8037ecac6899221e3f6d2fda5ff9cd59901e5505bd9d0902c7c4d930356a3dadd341ed20db3bdc08b48391107104ae3a681063c917

Download Submit
C:\Windows\system\erUYoIw.exe

Filesize
6.0MB

MD5
6f6ddf964b62fbab62273452a5930f79

SHA1
4e00ebd72a0eedcba3b4ccba08c2b6ab2a686845

SHA256
11fe566b9da87ba30ef07f4cb3736a7ecf37ae0c7f7e1cab02e10cab83ff88a6

SHA512
42785c7e1fbb1a33501ba16f1a3c589d643fd66220612d7b5784c65b90dc093117e5dff68855ec371334ef60fb2e9e853f836b5d9c8a8d986485383376299cb0

Download Submit
C:\Windows\system\gZcqpbX.exe

Filesize
6.0MB

MD5
6ba9f7df6be3bbf2b9030863b640e277

SHA1
c3dd68c0c4bbdb505552aa3dfcb0e7eeb0f2c87f

SHA256
9d1558359259a0d2d898419c2b71c2a7e65ac0e50435146da2ac4f4fc07b9c1c

SHA512
27e8f369d56db97d9a5b5fd173d686b6dc17c3ae4a4a1e4764fdd827cc72b7f2ea71654f3a950d47a3c79d961270cbde7d600ee8652b097d72d15829bd0ba95c

Download Submit
C:\Windows\system\hEvGiGI.exe

Filesize
6.0MB

MD5
44bcb21480607fccc0574f42a7eefce8

SHA1
0582ab7e067152a36985e020ce82f06e49363c00

SHA256
a596f806fa91018b47e057bff7c5e8c243397d0de437d78563441ddf0421e115

SHA512
b726297524865494a10b117cba13e49af2292a1862ebede6cdc536d9c9cd9a4d505eabbd16394def5b231ae60389d92626b4f04284dd7cdd3b7308dcf10dd21e

Download Submit
C:\Windows\system\hzMjVkz.exe

Filesize
6.0MB

MD5
af7315ffdabd18cdd86302700a2cc2ed

SHA1
2acf524c233afbdae7fe98d856ee74b74f9b6dde

SHA256
9c89242cfd02ddeb12a1a9184bd0906a1c0e9951124520a4dc5d2ef5ac9b7983

SHA512
993bb5995134236fb54aabbececbe7ab79937382aa4bc63682a6fa325a7ad191db9ff0fac535650f8d3d3ebc03f5349adba46170a9a7e4db5c91188c808936f4

Download Submit
C:\Windows\system\lmOrSRj.exe

Filesize
6.0MB

MD5
ade402c47999361a5575dd53adf15fbf

SHA1
f13705442c0b300423932827a8cc496bab4da32b

SHA256
96e6af91e291d18a8ed735abee21a27e98901b8684601ad55059e8a9a7b535b1

SHA512
c701f7db9044721750cf1001519240f621c77aba3df6cd4d8ab538502de97c1b9df1465795ce819f403d6761c963bf75d324d12f921e0d3692afc58ec642bb8f

Download Submit
C:\Windows\system\oHuckUo.exe

Filesize
6.0MB

MD5
a9c667ade0d988a2471a76c3a28f0808

SHA1
eee45dfaeb0c55f4bfed12792253323d1dcfe05e

SHA256
aa85e0c53a60682f1491198ee338da839163aa245f3bb6738abd0d28e84a8fcd

SHA512
5ae08a7a5f4006323fd320ce38bbf1283dbef75ab831c5302a08d75c608b5582b5587710444783f297b970e62153b1dedaf4882010b426017d82e21489e1cab9

Download Submit
C:\Windows\system\rcHKeYN.exe

Filesize
6.0MB

MD5
5d46741a56b331e82e7946d8d1f3b270

SHA1
805e519159f83c8abc6122e3844af57860ce0328

SHA256
193ac3d8c3dad9b0b0a5b574586e55dc740d44e4452359bd17871b9354b05944

SHA512
e0efc58fda75b35bcd458a0efb1899f84c24bbe61b81058024784d0217beca924bd413e83e8cb399f9d350bbae41d527156f441cae25d1dd0d3bb6b1e1c123a9

Download Submit
C:\Windows\system\tOoJPbr.exe

Filesize
6.0MB

MD5
74a115889cab0a8585cbbbe041fc69ca

SHA1
5865c0cd575f057f43d9a93ad7ed95fa7acb8d1f

SHA256
d596d98db79ceb6711d789b7c9998e15693751e974a5f3f71f28f37ff5fccf34

SHA512
ffa47ae4d472fccd34de9ed2cf59c5cb96af207c830073750fa7424b9226e114fe3dd3804740ac9b686abeb292e4685ad41008d68e1c655b816f8a2a09dec7ea

Download Submit
C:\Windows\system\tRvOAgU.exe

Filesize
6.0MB

MD5
432e02eebc4415a257e14d2b116c2df0

SHA1
56ba0e2ee0a8969a0fbbfae5aabaf7a16ec1f1a5

SHA256
6f6805b59af1dcc7a9ce1e267180588fed5313c93daea0f04a7f7e07c06fac0c

SHA512
854705d74dcc1de68983b728aac1faa6d3b9bd0a7ca953cd85822654605aade6738be0b701e4a9d6a8ff1c0d6a8574f113b23470f0d21fee26926be139b6615c

Download Submit
C:\Windows\system\xcCYaIP.exe

Filesize
6.0MB

MD5
551123801490e30d3f01f188e8461310

SHA1
04955da16cf06623f0075bc763a134513f44d2cb

SHA256
3ad9dfa14af000adbe057beb4448b381547fc6f334e889f979c3e482f3c10c66

SHA512
a2386588f4a189d673c6eb283462756972b3a87b590dd2b1a3d5813b8f6189b9e0f5ef41f01f9ec11202ca2731826a3ef3d78c3b0cec3d2a773092e735056276

Download Submit
\Windows\system\IdBKDwo.exe

Filesize
6.0MB

MD5
fb2fcbc737d46a494b5704a2a1774440

SHA1
0e5cad4d18a9bb71c60a148d24e12da64eec7c5b

SHA256
c1622510464b596d2fe5bc5341e504b722b9152330220fa5da13372487d6531a

SHA512
202a4f9a5e7fbc9a8a1ca882f36b63dfcfd3ea6488a62e261c73ead24d034b65f2fc3105525e98a63a50926262aff3baaf2eb7eea3a4fcfc89c9e5105bc264fa

Download Submit
\Windows\system\UceksqY.exe

Filesize
6.0MB

MD5
ee9f5b9f6d2e52f9b5a180b1b937ccc3

SHA1
6bb4fa6749bc672bf7357833c5a21a01cf2f36d2

SHA256
bc0bf99b9e8f09117c00db849f13e50fdace5ffe587e4e02a0b63df74e0a7503

SHA512
3fee538ad81bdd5334fece6e0f91b3a005df62af8191d46ca518137ec90ea25f0214e916f97199166b6f0640c656604a145467333b81d63fdb5ab2dde173cd96

Download Submit
\Windows\system\YHzFucu.exe

Filesize
6.0MB

MD5
cbb603e79a1211eddea16105ed6fa095

SHA1
0c8b2da7e78efb9a84282e89eed45a0424437324

SHA256
5b64c4eaf425c81dc847d2c43d159965baa4892ae8357f3e6ed34036cecfcb37

SHA512
28d2f2e2fd321d6aca32750c4f8be92cb518d57b77b81342367c993139ec5178a5d77362330e4768bb646b7beec1fe9478e008e0ca363aad61115cd5c816182d

Download Submit
\Windows\system\ugulOKW.exe

Filesize
6.0MB

MD5
5b9c89c86472f52b93f28d81a04cb366

SHA1
e9f78def01cabe72cb7c962c9cf8bc3a6e13dd20

SHA256
28483b9b8f60d8fcb68fa58f761ee9f613d47970e61ece6220e8af2902fb8466

SHA512
e1001737182054ad8f67e012664210f6c2ea69fee6a798c861e0164111f4025f389245febba2fbac252824360075e7853e0fa98d6b99eb0ed68982eca845fc1c

Download Submit
memory/756-16-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/756-48-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/756-1220-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/1040-109-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/1040-1406-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/1040-377-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/1344-92-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/1344-265-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/1344-1391-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/1740-101-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1740-1399-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1740-310-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2096-37-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2096-10-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2096-1795-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2116-11-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-251-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-420-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-57-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2116-341-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-36-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2116-287-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2116-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2116-49-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-0-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2116-64-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-6-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2116-105-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-87-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-173-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-78-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-79-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-32-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2116-88-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-20-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-96-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2116-41-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-97-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2116-28-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2136-44-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2136-1320-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2136-83-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2332-84-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2332-213-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2332-1383-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2572-56-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2572-1230-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2572-22-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2744-1353-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2744-74-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2744-143-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2748-1335-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2748-100-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2748-61-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2836-108-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-68-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-1344-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-30-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2864-1298-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2952-73-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2952-38-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2952-1313-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2972-53-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-91-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-1333-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download