cobaltstrike | 26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
29-12-2024 13:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
Size

6.0MB
MD5

48cc591201a63956edd7b8ff0bb732ed
SHA1

b7c2515124b1046213ff0f42220a869e0b69dcca
SHA256

26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b
SHA512

fb684adda83e1a34076322a5ecc2f26efa9a83f6fded0383c33ebfeae5a4aa19c87dd9efe9476816c8fc88c8a3020fba7f83502c3f770d58d77ad1f545caca84
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUg:eOl56utgpPF8u/7g

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a000000012254-3.dat	cobalt_reflective_dll
behavioral1/files/0x0030000000016d1c-12.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d64-13.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d69-28.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000186b7-67.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001756b-56.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000170f8-50.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-61.dat	cobalt_reflective_dll
behavioral1/files/0x000f000000016d3f-41.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-83.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-92.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-195.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-184.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-123.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-114.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-101.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-106.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-77.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d70-34.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2164-0-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/files/0x000a000000012254-3.dat	xmrig
behavioral1/files/0x0030000000016d1c-12.dat	xmrig
behavioral1/memory/2164-10-0x0000000002510000-0x0000000002864000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d64-13.dat	xmrig
behavioral1/files/0x0008000000016d69-28.dat	xmrig
behavioral1/memory/2132-29-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2164-27-0x0000000002510000-0x0000000002864000-memory.dmp	xmrig
behavioral1/memory/2940-26-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2588-25-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2996-24-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/1740-37-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/files/0x00080000000186b7-67.dat	xmrig
behavioral1/memory/1788-66-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x000700000001756b-56.dat	xmrig
behavioral1/memory/2748-55-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/files/0x00070000000170f8-50.dat	xmrig
behavioral1/memory/2852-64-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2164-63-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2132-69-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/files/0x0002000000018334-61.dat	xmrig
behavioral1/files/0x000f000000016d3f-41.dat	xmrig
behavioral1/memory/2236-72-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2448-80-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195bd-83.dat	xmrig
behavioral1/files/0x00050000000195c1-92.dat	xmrig
behavioral1/files/0x00050000000195c7-118.dat	xmrig
behavioral1/files/0x0005000000019820-149.dat	xmrig
behavioral1/files/0x0005000000019bf5-160.dat	xmrig
behavioral1/files/0x0005000000019bf9-169.dat	xmrig
behavioral1/files/0x0005000000019e92-195.dat	xmrig
behavioral1/memory/2236-208-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/1816-455-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2996-1354-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2132-1355-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2748-1357-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/1788-1359-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/2852-1358-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/1740-1356-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2588-1353-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2236-1360-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2448-1361-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/1756-1363-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/1816-1364-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2844-1365-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2940-1367-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2360-1362-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2448-231-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d6d-189.dat	xmrig
behavioral1/files/0x0005000000019d62-184.dat	xmrig
behavioral1/files/0x0005000000019d61-180.dat	xmrig
behavioral1/files/0x0005000000019c3c-174.dat	xmrig
behavioral1/files/0x0005000000019bf6-164.dat	xmrig
behavioral1/files/0x000500000001998d-155.dat	xmrig
behavioral1/memory/2164-146-0x0000000002510000-0x0000000002864000-memory.dmp	xmrig
behavioral1/files/0x00050000000197fd-143.dat	xmrig
behavioral1/files/0x0005000000019761-138.dat	xmrig
behavioral1/files/0x000500000001975a-133.dat	xmrig
behavioral1/files/0x0005000000019643-128.dat	xmrig
behavioral1/files/0x000500000001960c-123.dat	xmrig
behavioral1/files/0x00050000000195c6-114.dat	xmrig
behavioral1/memory/1816-103-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c3-101.dat	xmrig
behavioral1/memory/1756-99-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2588	NbftkMB.exe
2940	TJAqHXj.exe
2996	hVEPZLi.exe
2132	XRAdJXg.exe
1740	RCckHVD.exe
2844	ckXrzAh.exe
2748	etXkceN.exe
2852	tCOXUHC.exe
1788	jolEtZw.exe
2236	mdplsUy.exe
2448	fEnwmTc.exe
2360	MuquJEd.exe
1756	TUXnqDx.exe
1816	TUELrmk.exe
2792	kdUPOSZ.exe
2364	PCyhdQE.exe
952	xouQGDC.exe
1732	LZtuvdh.exe
2304	TguUSYI.exe
2928	FTtwIta.exe
3068	ZzPlgLz.exe
2204	qriXurl.exe
2172	jZatCnn.exe
2176	bfEpKpA.exe
1748	moGiWlB.exe
1644	GnqdVzp.exe
2436	FswhcyD.exe
908	hMVTlRe.exe
1860	dcdywba.exe
1260	Eslsxli.exe
2272	YHZhCcl.exe
1836	ioeTIly.exe
2340	ikKxvdd.exe
2812	yYvvvUr.exe
2708	WxZRPHZ.exe
1296	mGoPQWa.exe
1480	bbuYeLx.exe
1360	EAmBvou.exe
1832	YeDdilL.exe
1844	ybUviuG.exe
2672	gGzCwsu.exe
2404	rXwdihe.exe
920	SUnYbvR.exe
2524	LVrtRyu.exe
2008	bbKqnoP.exe
2200	gIQMeKF.exe
900	uGoeTKA.exe
1652	YKtFOQJ.exe
2532	IsxYUDx.exe
2492	hIvesJY.exe
3040	kJHCGwS.exe
1592	wRvItgz.exe
1708	tIuUZik.exe
2484	gWhydGl.exe
2884	cvPZDrF.exe
2284	jvhHpUy.exe
2900	YlSBHsZ.exe
2168	HabpzUC.exe
956	rpuTbyl.exe
2124	jezwGbq.exe
1940	gebDfHs.exe
1252	aFNfNnn.exe
1616	xPiKwrC.exe
2820	ggnrVkX.exe

Loads dropped DLL 64 IoCs

pid	Process
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2164-0-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/files/0x000a000000012254-3.dat	upx
behavioral1/files/0x0030000000016d1c-12.dat	upx
behavioral1/files/0x0009000000016d64-13.dat	upx
behavioral1/files/0x0008000000016d69-28.dat	upx
behavioral1/memory/2132-29-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2940-26-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2588-25-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2996-24-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/1740-37-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/files/0x00080000000186b7-67.dat	upx
behavioral1/memory/1788-66-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x000700000001756b-56.dat	upx
behavioral1/memory/2748-55-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/files/0x00070000000170f8-50.dat	upx
behavioral1/memory/2852-64-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2164-63-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2132-69-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/files/0x0002000000018334-61.dat	upx
behavioral1/files/0x000f000000016d3f-41.dat	upx
behavioral1/memory/2236-72-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2448-80-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/files/0x00050000000195bd-83.dat	upx
behavioral1/files/0x00050000000195c1-92.dat	upx
behavioral1/files/0x00050000000195c7-118.dat	upx
behavioral1/files/0x0005000000019820-149.dat	upx
behavioral1/files/0x0005000000019bf5-160.dat	upx
behavioral1/files/0x0005000000019bf9-169.dat	upx
behavioral1/files/0x0005000000019e92-195.dat	upx
behavioral1/memory/2236-208-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/1816-455-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2996-1354-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2132-1355-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2748-1357-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/1788-1359-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/2852-1358-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/1740-1356-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2588-1353-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2236-1360-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2448-1361-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/1756-1363-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/1816-1364-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2844-1365-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2940-1367-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2360-1362-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2448-231-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/files/0x0005000000019d6d-189.dat	upx
behavioral1/files/0x0005000000019d62-184.dat	upx
behavioral1/files/0x0005000000019d61-180.dat	upx
behavioral1/files/0x0005000000019c3c-174.dat	upx
behavioral1/files/0x0005000000019bf6-164.dat	upx
behavioral1/files/0x000500000001998d-155.dat	upx
behavioral1/files/0x00050000000197fd-143.dat	upx
behavioral1/files/0x0005000000019761-138.dat	upx
behavioral1/files/0x000500000001975a-133.dat	upx
behavioral1/files/0x0005000000019643-128.dat	upx
behavioral1/files/0x000500000001960c-123.dat	upx
behavioral1/files/0x00050000000195c6-114.dat	upx
behavioral1/memory/1816-103-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x00050000000195c3-101.dat	upx
behavioral1/memory/1756-99-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/files/0x00050000000195c5-106.dat	upx
behavioral1/memory/2360-95-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2844-82-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\zqJezSr.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\uUcNxQw.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\nXngfLU.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\eMBqRRP.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\pbrKNAP.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\tangkQL.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\nLonjns.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\olpXbLG.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\SZpjOwD.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\rennvDf.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\bZRKEuw.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\cLHDTXn.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\ByZeSyO.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\RJBMUvg.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\ENtnplG.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\ENIYfTm.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\QjVGfRB.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\fksEAuW.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\YyRsogx.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\BOZgpcY.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\iEkOtge.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\mvpSOnh.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\vzvTXeo.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\lyTWrZW.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\dvoZWuX.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\TpkUPgT.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\XTWArNX.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\wLzaSXA.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\qgtAlRU.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\kHBxkGj.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\HbhKELi.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\ZbhpLHh.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\tEYKRjY.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\SlTkFch.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\uumdhJT.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\JFugrXL.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\DXMbyRB.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\AOlJdbK.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\jCNAwlM.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\gebDfHs.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\KkTfdzw.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\LLiDUpz.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\WTjVWAK.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\EcsNcrX.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\bZLJeTI.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\jfXFeVV.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\sIbjyLl.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\ixQDBGX.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\MloidcV.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\uQtXAyY.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\MIiWzdi.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\aQaciRU.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\nCTYqmK.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\onbxicx.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\UrbgSdo.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\fhsEZTZ.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\htLfRbU.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\YZpzHvK.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\wUGFrJr.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\YYroyCc.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\EMncPQe.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\sMwrsXy.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\tCOXUHC.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
File created	C:\Windows\System\TguUSYI.exe	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2588	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	30
PID 2164 wrote to memory of 2588	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	30
PID 2164 wrote to memory of 2588	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	30
PID 2164 wrote to memory of 2940	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	31
PID 2164 wrote to memory of 2940	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	31
PID 2164 wrote to memory of 2940	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	31
PID 2164 wrote to memory of 2996	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	32
PID 2164 wrote to memory of 2996	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	32
PID 2164 wrote to memory of 2996	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	32
PID 2164 wrote to memory of 2132	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	33
PID 2164 wrote to memory of 2132	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	33
PID 2164 wrote to memory of 2132	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	33
PID 2164 wrote to memory of 1740	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	34
PID 2164 wrote to memory of 1740	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	34
PID 2164 wrote to memory of 1740	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	34
PID 2164 wrote to memory of 2844	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	35
PID 2164 wrote to memory of 2844	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	35
PID 2164 wrote to memory of 2844	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	35
PID 2164 wrote to memory of 2748	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	36
PID 2164 wrote to memory of 2748	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	36
PID 2164 wrote to memory of 2748	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	36
PID 2164 wrote to memory of 2852	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	37
PID 2164 wrote to memory of 2852	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	37
PID 2164 wrote to memory of 2852	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	37
PID 2164 wrote to memory of 1788	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	38
PID 2164 wrote to memory of 1788	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	38
PID 2164 wrote to memory of 1788	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	38
PID 2164 wrote to memory of 2236	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	39
PID 2164 wrote to memory of 2236	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	39
PID 2164 wrote to memory of 2236	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	39
PID 2164 wrote to memory of 2448	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	40
PID 2164 wrote to memory of 2448	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	40
PID 2164 wrote to memory of 2448	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	40
PID 2164 wrote to memory of 2360	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	41
PID 2164 wrote to memory of 2360	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	41
PID 2164 wrote to memory of 2360	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	41
PID 2164 wrote to memory of 1756	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	42
PID 2164 wrote to memory of 1756	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	42
PID 2164 wrote to memory of 1756	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	42
PID 2164 wrote to memory of 1816	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	43
PID 2164 wrote to memory of 1816	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	43
PID 2164 wrote to memory of 1816	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	43
PID 2164 wrote to memory of 2792	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	44
PID 2164 wrote to memory of 2792	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	44
PID 2164 wrote to memory of 2792	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	44
PID 2164 wrote to memory of 2364	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	45
PID 2164 wrote to memory of 2364	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	45
PID 2164 wrote to memory of 2364	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	45
PID 2164 wrote to memory of 952	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	46
PID 2164 wrote to memory of 952	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	46
PID 2164 wrote to memory of 952	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	46
PID 2164 wrote to memory of 1732	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	47
PID 2164 wrote to memory of 1732	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	47
PID 2164 wrote to memory of 1732	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	47
PID 2164 wrote to memory of 2304	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	48
PID 2164 wrote to memory of 2304	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	48
PID 2164 wrote to memory of 2304	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	48
PID 2164 wrote to memory of 2928	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	49
PID 2164 wrote to memory of 2928	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	49
PID 2164 wrote to memory of 2928	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	49
PID 2164 wrote to memory of 3068	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	50
PID 2164 wrote to memory of 3068	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	50
PID 2164 wrote to memory of 3068	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	50
PID 2164 wrote to memory of 2204	2164	JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe	51

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_26403159add1aaba772abc2b21ba7abde4f11c0d0e0451589a18aca62f0f668b.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Windows\System\NbftkMB.exe
  C:\Windows\System\NbftkMB.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\TJAqHXj.exe
  C:\Windows\System\TJAqHXj.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\hVEPZLi.exe
  C:\Windows\System\hVEPZLi.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\XRAdJXg.exe
  C:\Windows\System\XRAdJXg.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\RCckHVD.exe
  C:\Windows\System\RCckHVD.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\ckXrzAh.exe
  C:\Windows\System\ckXrzAh.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\etXkceN.exe
  C:\Windows\System\etXkceN.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\tCOXUHC.exe
  C:\Windows\System\tCOXUHC.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\jolEtZw.exe
  C:\Windows\System\jolEtZw.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\mdplsUy.exe
  C:\Windows\System\mdplsUy.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\fEnwmTc.exe
  C:\Windows\System\fEnwmTc.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\MuquJEd.exe
  C:\Windows\System\MuquJEd.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\TUXnqDx.exe
  C:\Windows\System\TUXnqDx.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\TUELrmk.exe
  C:\Windows\System\TUELrmk.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\kdUPOSZ.exe
  C:\Windows\System\kdUPOSZ.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\PCyhdQE.exe
  C:\Windows\System\PCyhdQE.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\xouQGDC.exe
  C:\Windows\System\xouQGDC.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\LZtuvdh.exe
  C:\Windows\System\LZtuvdh.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\TguUSYI.exe
  C:\Windows\System\TguUSYI.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\FTtwIta.exe
  C:\Windows\System\FTtwIta.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\ZzPlgLz.exe
  C:\Windows\System\ZzPlgLz.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\qriXurl.exe
  C:\Windows\System\qriXurl.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\jZatCnn.exe
  C:\Windows\System\jZatCnn.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\bfEpKpA.exe
  C:\Windows\System\bfEpKpA.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\moGiWlB.exe
  C:\Windows\System\moGiWlB.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\GnqdVzp.exe
  C:\Windows\System\GnqdVzp.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\FswhcyD.exe
  C:\Windows\System\FswhcyD.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\hMVTlRe.exe
  C:\Windows\System\hMVTlRe.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\dcdywba.exe
  C:\Windows\System\dcdywba.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\Eslsxli.exe
  C:\Windows\System\Eslsxli.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\YHZhCcl.exe
  C:\Windows\System\YHZhCcl.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\ioeTIly.exe
  C:\Windows\System\ioeTIly.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\ikKxvdd.exe
  C:\Windows\System\ikKxvdd.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\yYvvvUr.exe
  C:\Windows\System\yYvvvUr.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\WxZRPHZ.exe
  C:\Windows\System\WxZRPHZ.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\bbuYeLx.exe
  C:\Windows\System\bbuYeLx.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\mGoPQWa.exe
  C:\Windows\System\mGoPQWa.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\EAmBvou.exe
  C:\Windows\System\EAmBvou.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\YeDdilL.exe
  C:\Windows\System\YeDdilL.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\ybUviuG.exe
  C:\Windows\System\ybUviuG.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\gGzCwsu.exe
  C:\Windows\System\gGzCwsu.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\SUnYbvR.exe
  C:\Windows\System\SUnYbvR.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\rXwdihe.exe
  C:\Windows\System\rXwdihe.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\LVrtRyu.exe
  C:\Windows\System\LVrtRyu.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\bbKqnoP.exe
  C:\Windows\System\bbKqnoP.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\uGoeTKA.exe
  C:\Windows\System\uGoeTKA.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\gIQMeKF.exe
  C:\Windows\System\gIQMeKF.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\YKtFOQJ.exe
  C:\Windows\System\YKtFOQJ.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\IsxYUDx.exe
  C:\Windows\System\IsxYUDx.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\hIvesJY.exe
  C:\Windows\System\hIvesJY.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\kJHCGwS.exe
  C:\Windows\System\kJHCGwS.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\wRvItgz.exe
  C:\Windows\System\wRvItgz.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\tIuUZik.exe
  C:\Windows\System\tIuUZik.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\gWhydGl.exe
  C:\Windows\System\gWhydGl.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\cvPZDrF.exe
  C:\Windows\System\cvPZDrF.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\jvhHpUy.exe
  C:\Windows\System\jvhHpUy.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\YlSBHsZ.exe
  C:\Windows\System\YlSBHsZ.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\rpuTbyl.exe
  C:\Windows\System\rpuTbyl.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\HabpzUC.exe
  C:\Windows\System\HabpzUC.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\gebDfHs.exe
  C:\Windows\System\gebDfHs.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\jezwGbq.exe
  C:\Windows\System\jezwGbq.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\xPiKwrC.exe
  C:\Windows\System\xPiKwrC.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\aFNfNnn.exe
  C:\Windows\System\aFNfNnn.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\axXrRNh.exe
  C:\Windows\System\axXrRNh.exe
  2⤵
  PID:2984
- C:\Windows\System\ggnrVkX.exe
  C:\Windows\System\ggnrVkX.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\saaiVgx.exe
  C:\Windows\System\saaiVgx.exe
  2⤵
  PID:1248
- C:\Windows\System\acxtjrR.exe
  C:\Windows\System\acxtjrR.exe
  2⤵
  PID:1784
- C:\Windows\System\sjhBGdZ.exe
  C:\Windows\System\sjhBGdZ.exe
  2⤵
  PID:2192
- C:\Windows\System\yIaziqn.exe
  C:\Windows\System\yIaziqn.exe
  2⤵
  PID:1320
- C:\Windows\System\FmKdGrq.exe
  C:\Windows\System\FmKdGrq.exe
  2⤵
  PID:2056
- C:\Windows\System\ZEfvhyL.exe
  C:\Windows\System\ZEfvhyL.exe
  2⤵
  PID:2336
- C:\Windows\System\rELHUgK.exe
  C:\Windows\System\rELHUgK.exe
  2⤵
  PID:2540
- C:\Windows\System\ikaTTbt.exe
  C:\Windows\System\ikaTTbt.exe
  2⤵
  PID:2156
- C:\Windows\System\deGCVbT.exe
  C:\Windows\System\deGCVbT.exe
  2⤵
  PID:3048
- C:\Windows\System\RbEPDiC.exe
  C:\Windows\System\RbEPDiC.exe
  2⤵
  PID:1304
- C:\Windows\System\dVDhryJ.exe
  C:\Windows\System\dVDhryJ.exe
  2⤵
  PID:2148
- C:\Windows\System\lNkfWMH.exe
  C:\Windows\System\lNkfWMH.exe
  2⤵
  PID:1300
- C:\Windows\System\TXBfPTU.exe
  C:\Windows\System\TXBfPTU.exe
  2⤵
  PID:1664
- C:\Windows\System\vgPGbfu.exe
  C:\Windows\System\vgPGbfu.exe
  2⤵
  PID:108
- C:\Windows\System\NLwZGkp.exe
  C:\Windows\System\NLwZGkp.exe
  2⤵
  PID:2224
- C:\Windows\System\uxwovXV.exe
  C:\Windows\System\uxwovXV.exe
  2⤵
  PID:2432
- C:\Windows\System\gPnyIyi.exe
  C:\Windows\System\gPnyIyi.exe
  2⤵
  PID:2420
- C:\Windows\System\qKOzpFg.exe
  C:\Windows\System\qKOzpFg.exe
  2⤵
  PID:1640
- C:\Windows\System\prRAbVG.exe
  C:\Windows\System\prRAbVG.exe
  2⤵
  PID:752
- C:\Windows\System\tAdiVcJ.exe
  C:\Windows\System\tAdiVcJ.exe
  2⤵
  PID:1648
- C:\Windows\System\pNKABaf.exe
  C:\Windows\System\pNKABaf.exe
  2⤵
  PID:2992
- C:\Windows\System\SMdXYTb.exe
  C:\Windows\System\SMdXYTb.exe
  2⤵
  PID:2808
- C:\Windows\System\RShoJiH.exe
  C:\Windows\System\RShoJiH.exe
  2⤵
  PID:2784
- C:\Windows\System\JIKJewE.exe
  C:\Windows\System\JIKJewE.exe
  2⤵
  PID:1492
- C:\Windows\System\WdACZsC.exe
  C:\Windows\System\WdACZsC.exe
  2⤵
  PID:2756
- C:\Windows\System\oMqNBnk.exe
  C:\Windows\System\oMqNBnk.exe
  2⤵
  PID:2220
- C:\Windows\System\ZPQVVpn.exe
  C:\Windows\System\ZPQVVpn.exe
  2⤵
  PID:2568
- C:\Windows\System\ThmdfQr.exe
  C:\Windows\System\ThmdfQr.exe
  2⤵
  PID:2736
- C:\Windows\System\nnqQGrr.exe
  C:\Windows\System\nnqQGrr.exe
  2⤵
  PID:2372
- C:\Windows\System\geujbsF.exe
  C:\Windows\System\geujbsF.exe
  2⤵
  PID:1328
- C:\Windows\System\TznNKgN.exe
  C:\Windows\System\TznNKgN.exe
  2⤵
  PID:616
- C:\Windows\System\musmHut.exe
  C:\Windows\System\musmHut.exe
  2⤵
  PID:472
- C:\Windows\System\xsjoQbE.exe
  C:\Windows\System\xsjoQbE.exe
  2⤵
  PID:864
- C:\Windows\System\ZWpbRdP.exe
  C:\Windows\System\ZWpbRdP.exe
  2⤵
  PID:2208
- C:\Windows\System\NKkvdXp.exe
  C:\Windows\System\NKkvdXp.exe
  2⤵
  PID:2252
- C:\Windows\System\IsfkYwF.exe
  C:\Windows\System\IsfkYwF.exe
  2⤵
  PID:2264
- C:\Windows\System\vyurgJK.exe
  C:\Windows\System\vyurgJK.exe
  2⤵
  PID:876
- C:\Windows\System\zsqJfkJ.exe
  C:\Windows\System\zsqJfkJ.exe
  2⤵
  PID:3080
- C:\Windows\System\qjrHRji.exe
  C:\Windows\System\qjrHRji.exe
  2⤵
  PID:3096
- C:\Windows\System\XFIPnWB.exe
  C:\Windows\System\XFIPnWB.exe
  2⤵
  PID:3112
- C:\Windows\System\ZwFPhcg.exe
  C:\Windows\System\ZwFPhcg.exe
  2⤵
  PID:3128
- C:\Windows\System\BeZzgSS.exe
  C:\Windows\System\BeZzgSS.exe
  2⤵
  PID:3144
- C:\Windows\System\nurSjAT.exe
  C:\Windows\System\nurSjAT.exe
  2⤵
  PID:3168
- C:\Windows\System\imBObrN.exe
  C:\Windows\System\imBObrN.exe
  2⤵
  PID:3192
- C:\Windows\System\CYdXPbF.exe
  C:\Windows\System\CYdXPbF.exe
  2⤵
  PID:3208
- C:\Windows\System\EAQKUcw.exe
  C:\Windows\System\EAQKUcw.exe
  2⤵
  PID:3236
- C:\Windows\System\SvTHQwP.exe
  C:\Windows\System\SvTHQwP.exe
  2⤵
  PID:3256
- C:\Windows\System\CSpPvkC.exe
  C:\Windows\System\CSpPvkC.exe
  2⤵
  PID:3276
- C:\Windows\System\YrUGbhM.exe
  C:\Windows\System\YrUGbhM.exe
  2⤵
  PID:3292
- C:\Windows\System\RQKVcge.exe
  C:\Windows\System\RQKVcge.exe
  2⤵
  PID:3308
- C:\Windows\System\CdJPSqm.exe
  C:\Windows\System\CdJPSqm.exe
  2⤵
  PID:3324
- C:\Windows\System\FEgPjnA.exe
  C:\Windows\System\FEgPjnA.exe
  2⤵
  PID:3340
- C:\Windows\System\sgjCCfF.exe
  C:\Windows\System\sgjCCfF.exe
  2⤵
  PID:3356
- C:\Windows\System\hRREunl.exe
  C:\Windows\System\hRREunl.exe
  2⤵
  PID:3372
- C:\Windows\System\zvQraQc.exe
  C:\Windows\System\zvQraQc.exe
  2⤵
  PID:3388
- C:\Windows\System\hAxyLLt.exe
  C:\Windows\System\hAxyLLt.exe
  2⤵
  PID:3404
- C:\Windows\System\bKFHkYD.exe
  C:\Windows\System\bKFHkYD.exe
  2⤵
  PID:3428
- C:\Windows\System\aflIdmZ.exe
  C:\Windows\System\aflIdmZ.exe
  2⤵
  PID:3472
- C:\Windows\System\HXfzHSb.exe
  C:\Windows\System\HXfzHSb.exe
  2⤵
  PID:3548
- C:\Windows\System\rNzHkbD.exe
  C:\Windows\System\rNzHkbD.exe
  2⤵
  PID:3568
- C:\Windows\System\gFiWydg.exe
  C:\Windows\System\gFiWydg.exe
  2⤵
  PID:3588
- C:\Windows\System\zxbYANm.exe
  C:\Windows\System\zxbYANm.exe
  2⤵
  PID:3604
- C:\Windows\System\ikBLUFF.exe
  C:\Windows\System\ikBLUFF.exe
  2⤵
  PID:3624
- C:\Windows\System\hnLuXTa.exe
  C:\Windows\System\hnLuXTa.exe
  2⤵
  PID:3644
- C:\Windows\System\BMJElae.exe
  C:\Windows\System\BMJElae.exe
  2⤵
  PID:3668
- C:\Windows\System\jEUjYDP.exe
  C:\Windows\System\jEUjYDP.exe
  2⤵
  PID:3692
- C:\Windows\System\nLonjns.exe
  C:\Windows\System\nLonjns.exe
  2⤵
  PID:3712
- C:\Windows\System\wWerDdr.exe
  C:\Windows\System\wWerDdr.exe
  2⤵
  PID:3728
- C:\Windows\System\dtHjyWN.exe
  C:\Windows\System\dtHjyWN.exe
  2⤵
  PID:3752
- C:\Windows\System\zsiMete.exe
  C:\Windows\System\zsiMete.exe
  2⤵
  PID:3768
- C:\Windows\System\mKRvSrF.exe
  C:\Windows\System\mKRvSrF.exe
  2⤵
  PID:3784
- C:\Windows\System\wBPJido.exe
  C:\Windows\System\wBPJido.exe
  2⤵
  PID:3808
- C:\Windows\System\ASNXXUE.exe
  C:\Windows\System\ASNXXUE.exe
  2⤵
  PID:3828
- C:\Windows\System\bryMeMa.exe
  C:\Windows\System\bryMeMa.exe
  2⤵
  PID:3844
- C:\Windows\System\cwbziIr.exe
  C:\Windows\System\cwbziIr.exe
  2⤵
  PID:3860
- C:\Windows\System\rCmUJKc.exe
  C:\Windows\System\rCmUJKc.exe
  2⤵
  PID:3884
- C:\Windows\System\ScemPAm.exe
  C:\Windows\System\ScemPAm.exe
  2⤵
  PID:3904
- C:\Windows\System\jJgbjSz.exe
  C:\Windows\System\jJgbjSz.exe
  2⤵
  PID:3924
- C:\Windows\System\HHPFYRQ.exe
  C:\Windows\System\HHPFYRQ.exe
  2⤵
  PID:3944
- C:\Windows\System\sTVGlas.exe
  C:\Windows\System\sTVGlas.exe
  2⤵
  PID:3960
- C:\Windows\System\xZiLelm.exe
  C:\Windows\System\xZiLelm.exe
  2⤵
  PID:3984
- C:\Windows\System\lXjTiIj.exe
  C:\Windows\System\lXjTiIj.exe
  2⤵
  PID:4004
- C:\Windows\System\AYRDXwi.exe
  C:\Windows\System\AYRDXwi.exe
  2⤵
  PID:4036
- C:\Windows\System\KlAcsry.exe
  C:\Windows\System\KlAcsry.exe
  2⤵
  PID:4052
- C:\Windows\System\yvZIxpV.exe
  C:\Windows\System\yvZIxpV.exe
  2⤵
  PID:4072
- C:\Windows\System\ylTEPDX.exe
  C:\Windows\System\ylTEPDX.exe
  2⤵
  PID:4092
- C:\Windows\System\YYroyCc.exe
  C:\Windows\System\YYroyCc.exe
  2⤵
  PID:368
- C:\Windows\System\JWVPqvg.exe
  C:\Windows\System\JWVPqvg.exe
  2⤵
  PID:2660
- C:\Windows\System\eiIADPi.exe
  C:\Windows\System\eiIADPi.exe
  2⤵
  PID:2300
- C:\Windows\System\cxNRXRB.exe
  C:\Windows\System\cxNRXRB.exe
  2⤵
  PID:2380
- C:\Windows\System\qrLzwwu.exe
  C:\Windows\System\qrLzwwu.exe
  2⤵
  PID:1904
- C:\Windows\System\lCgdkHv.exe
  C:\Windows\System\lCgdkHv.exe
  2⤵
  PID:3124
- C:\Windows\System\MIiWzdi.exe
  C:\Windows\System\MIiWzdi.exe
  2⤵
  PID:3164
- C:\Windows\System\iuJjMoz.exe
  C:\Windows\System\iuJjMoz.exe
  2⤵
  PID:1136
- C:\Windows\System\sbyzWty.exe
  C:\Windows\System\sbyzWty.exe
  2⤵
  PID:1636
- C:\Windows\System\suFRGfz.exe
  C:\Windows\System\suFRGfz.exe
  2⤵
  PID:1760
- C:\Windows\System\ArJyzQJ.exe
  C:\Windows\System\ArJyzQJ.exe
  2⤵
  PID:3248
- C:\Windows\System\YUGOEVR.exe
  C:\Windows\System\YUGOEVR.exe
  2⤵
  PID:2796
- C:\Windows\System\tWxwsWm.exe
  C:\Windows\System\tWxwsWm.exe
  2⤵
  PID:3348
- C:\Windows\System\ilvDXEG.exe
  C:\Windows\System\ilvDXEG.exe
  2⤵
  PID:1624
- C:\Windows\System\jfBMWqz.exe
  C:\Windows\System\jfBMWqz.exe
  2⤵
  PID:3412
- C:\Windows\System\AjFgczl.exe
  C:\Windows\System\AjFgczl.exe
  2⤵
  PID:1796
- C:\Windows\System\PfHQqkM.exe
  C:\Windows\System\PfHQqkM.exe
  2⤵
  PID:2872
- C:\Windows\System\HJLmGoc.exe
  C:\Windows\System\HJLmGoc.exe
  2⤵
  PID:1936
- C:\Windows\System\IMRbFpK.exe
  C:\Windows\System\IMRbFpK.exe
  2⤵
  PID:2368
- C:\Windows\System\ruEKckI.exe
  C:\Windows\System\ruEKckI.exe
  2⤵
  PID:2328
- C:\Windows\System\ZAOVeyN.exe
  C:\Windows\System\ZAOVeyN.exe
  2⤵
  PID:2212
- C:\Windows\System\KBmrBNm.exe
  C:\Windows\System\KBmrBNm.exe
  2⤵
  PID:3228
- C:\Windows\System\cTmbsoX.exe
  C:\Windows\System\cTmbsoX.exe
  2⤵
  PID:3300
- C:\Windows\System\RWbnPmz.exe
  C:\Windows\System\RWbnPmz.exe
  2⤵
  PID:3364
- C:\Windows\System\wHjCcLg.exe
  C:\Windows\System\wHjCcLg.exe
  2⤵
  PID:3436
- C:\Windows\System\tpABDxY.exe
  C:\Windows\System\tpABDxY.exe
  2⤵
  PID:3104
- C:\Windows\System\bnZHkuo.exe
  C:\Windows\System\bnZHkuo.exe
  2⤵
  PID:3468
- C:\Windows\System\mPVBgik.exe
  C:\Windows\System\mPVBgik.exe
  2⤵
  PID:3496
- C:\Windows\System\xHDdMrp.exe
  C:\Windows\System\xHDdMrp.exe
  2⤵
  PID:3516
- C:\Windows\System\SVnIDOn.exe
  C:\Windows\System\SVnIDOn.exe
  2⤵
  PID:3524
- C:\Windows\System\KbHCMsX.exe
  C:\Windows\System\KbHCMsX.exe
  2⤵
  PID:1876
- C:\Windows\System\dtuasra.exe
  C:\Windows\System\dtuasra.exe
  2⤵
  PID:3576
- C:\Windows\System\UjFTWyG.exe
  C:\Windows\System\UjFTWyG.exe
  2⤵
  PID:3564
- C:\Windows\System\YpsJTlK.exe
  C:\Windows\System\YpsJTlK.exe
  2⤵
  PID:3636
- C:\Windows\System\PXGbDfF.exe
  C:\Windows\System\PXGbDfF.exe
  2⤵
  PID:3820
- C:\Windows\System\VvdjlNz.exe
  C:\Windows\System\VvdjlNz.exe
  2⤵
  PID:3680
- C:\Windows\System\ASpdOZa.exe
  C:\Windows\System\ASpdOZa.exe
  2⤵
  PID:3940
- C:\Windows\System\nDMDUgD.exe
  C:\Windows\System\nDMDUgD.exe
  2⤵
  PID:3760
- C:\Windows\System\EJZCjif.exe
  C:\Windows\System\EJZCjif.exe
  2⤵
  PID:3792
- C:\Windows\System\WykTjaS.exe
  C:\Windows\System\WykTjaS.exe
  2⤵
  PID:4012
- C:\Windows\System\LTsQhLs.exe
  C:\Windows\System\LTsQhLs.exe
  2⤵
  PID:4032
- C:\Windows\System\kHBxkGj.exe
  C:\Windows\System\kHBxkGj.exe
  2⤵
  PID:1596
- C:\Windows\System\HxQWrhG.exe
  C:\Windows\System\HxQWrhG.exe
  2⤵
  PID:3088
- C:\Windows\System\JPULySA.exe
  C:\Windows\System\JPULySA.exe
  2⤵
  PID:1888
- C:\Windows\System\McXrdZv.exe
  C:\Windows\System\McXrdZv.exe
  2⤵
  PID:3956
- C:\Windows\System\eLHXriS.exe
  C:\Windows\System\eLHXriS.exe
  2⤵
  PID:3912
- C:\Windows\System\CqPnplU.exe
  C:\Windows\System\CqPnplU.exe
  2⤵
  PID:4080
- C:\Windows\System\QLcoQTb.exe
  C:\Windows\System\QLcoQTb.exe
  2⤵
  PID:2860
- C:\Windows\System\FMsEibv.exe
  C:\Windows\System\FMsEibv.exe
  2⤵
  PID:1808
- C:\Windows\System\kMWVxCN.exe
  C:\Windows\System\kMWVxCN.exe
  2⤵
  PID:3320
- C:\Windows\System\zaBSYHH.exe
  C:\Windows\System\zaBSYHH.exe
  2⤵
  PID:2712
- C:\Windows\System\aOdBvDW.exe
  C:\Windows\System\aOdBvDW.exe
  2⤵
  PID:2960
- C:\Windows\System\SuWjIuW.exe
  C:\Windows\System\SuWjIuW.exe
  2⤵
  PID:3120
- C:\Windows\System\lqJdeaN.exe
  C:\Windows\System\lqJdeaN.exe
  2⤵
  PID:3268
- C:\Windows\System\TSLPQoM.exe
  C:\Windows\System\TSLPQoM.exe
  2⤵
  PID:3284
- C:\Windows\System\WMpLcSZ.exe
  C:\Windows\System\WMpLcSZ.exe
  2⤵
  PID:3504
- C:\Windows\System\pbrKNAP.exe
  C:\Windows\System\pbrKNAP.exe
  2⤵
  PID:2880
- C:\Windows\System\lTevGkE.exe
  C:\Windows\System\lTevGkE.exe
  2⤵
  PID:3420
- C:\Windows\System\TGeIeZx.exe
  C:\Windows\System\TGeIeZx.exe
  2⤵
  PID:3620
- C:\Windows\System\MEtcyVx.exe
  C:\Windows\System\MEtcyVx.exe
  2⤵
  PID:3660
- C:\Windows\System\RTTcqXs.exe
  C:\Windows\System\RTTcqXs.exe
  2⤵
  PID:3740
- C:\Windows\System\ndMWJrn.exe
  C:\Windows\System\ndMWJrn.exe
  2⤵
  PID:3996
- C:\Windows\System\FIQfoMV.exe
  C:\Windows\System\FIQfoMV.exe
  2⤵
  PID:3336
- C:\Windows\System\lgcDlXZ.exe
  C:\Windows\System\lgcDlXZ.exe
  2⤵
  PID:3140
- C:\Windows\System\LpKYoGN.exe
  C:\Windows\System\LpKYoGN.exe
  2⤵
  PID:3492
- C:\Windows\System\rhjfWNK.exe
  C:\Windows\System\rhjfWNK.exe
  2⤵
  PID:1548
- C:\Windows\System\CTVWcjl.exe
  C:\Windows\System\CTVWcjl.exe
  2⤵
  PID:3824
- C:\Windows\System\bBOXkiB.exe
  C:\Windows\System\bBOXkiB.exe
  2⤵
  PID:3684
- C:\Windows\System\ahdbMGz.exe
  C:\Windows\System\ahdbMGz.exe
  2⤵
  PID:3676
- C:\Windows\System\nWIZYzi.exe
  C:\Windows\System\nWIZYzi.exe
  2⤵
  PID:3976
- C:\Windows\System\EPUWZym.exe
  C:\Windows\System\EPUWZym.exe
  2⤵
  PID:3720
- C:\Windows\System\WssFpnp.exe
  C:\Windows\System\WssFpnp.exe
  2⤵
  PID:2400
- C:\Windows\System\lFVGpTW.exe
  C:\Windows\System\lFVGpTW.exe
  2⤵
  PID:3160
- C:\Windows\System\pnOapXK.exe
  C:\Windows\System\pnOapXK.exe
  2⤵
  PID:3868
- C:\Windows\System\QKHUAiR.exe
  C:\Windows\System\QKHUAiR.exe
  2⤵
  PID:2636
- C:\Windows\System\wMoCuOW.exe
  C:\Windows\System\wMoCuOW.exe
  2⤵
  PID:3384
- C:\Windows\System\cVWsoGA.exe
  C:\Windows\System\cVWsoGA.exe
  2⤵
  PID:2760
- C:\Windows\System\ALNJbZi.exe
  C:\Windows\System\ALNJbZi.exe
  2⤵
  PID:2648
- C:\Windows\System\eIDHUuB.exe
  C:\Windows\System\eIDHUuB.exe
  2⤵
  PID:1852
- C:\Windows\System\TcjRpuC.exe
  C:\Windows\System\TcjRpuC.exe
  2⤵
  PID:3204
- C:\Windows\System\DONNOAZ.exe
  C:\Windows\System\DONNOAZ.exe
  2⤵
  PID:3460
- C:\Windows\System\OHqIZBJ.exe
  C:\Windows\System\OHqIZBJ.exe
  2⤵
  PID:860
- C:\Windows\System\fYhPnhf.exe
  C:\Windows\System\fYhPnhf.exe
  2⤵
  PID:3616
- C:\Windows\System\Ksctrsq.exe
  C:\Windows\System\Ksctrsq.exe
  2⤵
  PID:3704
- C:\Windows\System\uFFyNvF.exe
  C:\Windows\System\uFFyNvF.exe
  2⤵
  PID:3108
- C:\Windows\System\SPzZdvW.exe
  C:\Windows\System\SPzZdvW.exe
  2⤵
  PID:3216
- C:\Windows\System\oVBJYIK.exe
  C:\Windows\System\oVBJYIK.exe
  2⤵
  PID:3188
- C:\Windows\System\ZquSjvI.exe
  C:\Windows\System\ZquSjvI.exe
  2⤵
  PID:2108
- C:\Windows\System\GqkNNuI.exe
  C:\Windows\System\GqkNNuI.exe
  2⤵
  PID:4068
- C:\Windows\System\vymluRT.exe
  C:\Windows\System\vymluRT.exe
  2⤵
  PID:4048
- C:\Windows\System\LuIAwBi.exe
  C:\Windows\System\LuIAwBi.exe
  2⤵
  PID:2248
- C:\Windows\System\HWKurCK.exe
  C:\Windows\System\HWKurCK.exe
  2⤵
  PID:4028
- C:\Windows\System\jjjylYt.exe
  C:\Windows\System\jjjylYt.exe
  2⤵
  PID:2096
- C:\Windows\System\rFwYlzC.exe
  C:\Windows\System\rFwYlzC.exe
  2⤵
  PID:3288
- C:\Windows\System\qVvoCkF.exe
  C:\Windows\System\qVvoCkF.exe
  2⤵
  PID:3380
- C:\Windows\System\DSfXePE.exe
  C:\Windows\System\DSfXePE.exe
  2⤵
  PID:3156
- C:\Windows\System\diuPcKO.exe
  C:\Windows\System\diuPcKO.exe
  2⤵
  PID:3528
- C:\Windows\System\KfJeHsM.exe
  C:\Windows\System\KfJeHsM.exe
  2⤵
  PID:4108
- C:\Windows\System\DgPntwK.exe
  C:\Windows\System\DgPntwK.exe
  2⤵
  PID:4128
- C:\Windows\System\ZbCiauJ.exe
  C:\Windows\System\ZbCiauJ.exe
  2⤵
  PID:4148
- C:\Windows\System\jbWXCnP.exe
  C:\Windows\System\jbWXCnP.exe
  2⤵
  PID:4180
- C:\Windows\System\PuJMrnm.exe
  C:\Windows\System\PuJMrnm.exe
  2⤵
  PID:4200
- C:\Windows\System\rXYgsXL.exe
  C:\Windows\System\rXYgsXL.exe
  2⤵
  PID:4220
- C:\Windows\System\vIRNSzT.exe
  C:\Windows\System\vIRNSzT.exe
  2⤵
  PID:4240
- C:\Windows\System\AxYxBqm.exe
  C:\Windows\System\AxYxBqm.exe
  2⤵
  PID:4260
- C:\Windows\System\OunylIw.exe
  C:\Windows\System\OunylIw.exe
  2⤵
  PID:4276
- C:\Windows\System\kuhYrLy.exe
  C:\Windows\System\kuhYrLy.exe
  2⤵
  PID:4296
- C:\Windows\System\WxBDziJ.exe
  C:\Windows\System\WxBDziJ.exe
  2⤵
  PID:4320
- C:\Windows\System\YUxHaWw.exe
  C:\Windows\System\YUxHaWw.exe
  2⤵
  PID:4336
- C:\Windows\System\XcxIckE.exe
  C:\Windows\System\XcxIckE.exe
  2⤵
  PID:4356
- C:\Windows\System\GRrRJvR.exe
  C:\Windows\System\GRrRJvR.exe
  2⤵
  PID:4376
- C:\Windows\System\uehKxuA.exe
  C:\Windows\System\uehKxuA.exe
  2⤵
  PID:4396
- C:\Windows\System\HtvaxhU.exe
  C:\Windows\System\HtvaxhU.exe
  2⤵
  PID:4412
- C:\Windows\System\GtchNru.exe
  C:\Windows\System\GtchNru.exe
  2⤵
  PID:4428
- C:\Windows\System\DuJQbHm.exe
  C:\Windows\System\DuJQbHm.exe
  2⤵
  PID:4448
- C:\Windows\System\YZpzHvK.exe
  C:\Windows\System\YZpzHvK.exe
  2⤵
  PID:4468
- C:\Windows\System\Bhcyzfm.exe
  C:\Windows\System\Bhcyzfm.exe
  2⤵
  PID:4488
- C:\Windows\System\XyVLBQU.exe
  C:\Windows\System\XyVLBQU.exe
  2⤵
  PID:4508
- C:\Windows\System\PmGKQIY.exe
  C:\Windows\System\PmGKQIY.exe
  2⤵
  PID:4524
- C:\Windows\System\nohhydR.exe
  C:\Windows\System\nohhydR.exe
  2⤵
  PID:4540
- C:\Windows\System\bqMzwpo.exe
  C:\Windows\System\bqMzwpo.exe
  2⤵
  PID:4556
- C:\Windows\System\olpXbLG.exe
  C:\Windows\System\olpXbLG.exe
  2⤵
  PID:4580
- C:\Windows\System\gSvBJnv.exe
  C:\Windows\System\gSvBJnv.exe
  2⤵
  PID:4600
- C:\Windows\System\jkcRrwO.exe
  C:\Windows\System\jkcRrwO.exe
  2⤵
  PID:4624
- C:\Windows\System\skFECST.exe
  C:\Windows\System\skFECST.exe
  2⤵
  PID:4640
- C:\Windows\System\HRJqQwP.exe
  C:\Windows\System\HRJqQwP.exe
  2⤵
  PID:4660
- C:\Windows\System\CGtQMSG.exe
  C:\Windows\System\CGtQMSG.exe
  2⤵
  PID:4688
- C:\Windows\System\qgsZLiQ.exe
  C:\Windows\System\qgsZLiQ.exe
  2⤵
  PID:4728
- C:\Windows\System\xyCxddt.exe
  C:\Windows\System\xyCxddt.exe
  2⤵
  PID:4748
- C:\Windows\System\AmACiPY.exe
  C:\Windows\System\AmACiPY.exe
  2⤵
  PID:4768
- C:\Windows\System\CXAZuAv.exe
  C:\Windows\System\CXAZuAv.exe
  2⤵
  PID:4784
- C:\Windows\System\bgbxDDE.exe
  C:\Windows\System\bgbxDDE.exe
  2⤵
  PID:4804
- C:\Windows\System\YMipIIc.exe
  C:\Windows\System\YMipIIc.exe
  2⤵
  PID:4828
- C:\Windows\System\ZyAWNdp.exe
  C:\Windows\System\ZyAWNdp.exe
  2⤵
  PID:4848
- C:\Windows\System\aMjCCPj.exe
  C:\Windows\System\aMjCCPj.exe
  2⤵
  PID:4868
- C:\Windows\System\lriCCGZ.exe
  C:\Windows\System\lriCCGZ.exe
  2⤵
  PID:4884
- C:\Windows\System\KzeeBjK.exe
  C:\Windows\System\KzeeBjK.exe
  2⤵
  PID:4912
- C:\Windows\System\TOZjYIp.exe
  C:\Windows\System\TOZjYIp.exe
  2⤵
  PID:4932
- C:\Windows\System\nFTynHg.exe
  C:\Windows\System\nFTynHg.exe
  2⤵
  PID:4952
- C:\Windows\System\vdoOiBy.exe
  C:\Windows\System\vdoOiBy.exe
  2⤵
  PID:4972
- C:\Windows\System\Exavboj.exe
  C:\Windows\System\Exavboj.exe
  2⤵
  PID:4992
- C:\Windows\System\RjrJKgW.exe
  C:\Windows\System\RjrJKgW.exe
  2⤵
  PID:5012
- C:\Windows\System\asUdhCc.exe
  C:\Windows\System\asUdhCc.exe
  2⤵
  PID:5032
- C:\Windows\System\QOUcTck.exe
  C:\Windows\System\QOUcTck.exe
  2⤵
  PID:5052
- C:\Windows\System\EtTjbdy.exe
  C:\Windows\System\EtTjbdy.exe
  2⤵
  PID:5072
- C:\Windows\System\feAMcun.exe
  C:\Windows\System\feAMcun.exe
  2⤵
  PID:5092
- C:\Windows\System\arqhnmf.exe
  C:\Windows\System\arqhnmf.exe
  2⤵
  PID:5112
- C:\Windows\System\BjgxDRW.exe
  C:\Windows\System\BjgxDRW.exe
  2⤵
  PID:3512
- C:\Windows\System\YjLOUkl.exe
  C:\Windows\System\YjLOUkl.exe
  2⤵
  PID:2620
- C:\Windows\System\rdCXfox.exe
  C:\Windows\System\rdCXfox.exe
  2⤵
  PID:2868
- C:\Windows\System\iEkOtge.exe
  C:\Windows\System\iEkOtge.exe
  2⤵
  PID:3748
- C:\Windows\System\jnzwOYS.exe
  C:\Windows\System\jnzwOYS.exe
  2⤵
  PID:2092
- C:\Windows\System\sClxxEb.exe
  C:\Windows\System\sClxxEb.exe
  2⤵
  PID:3816
- C:\Windows\System\PcXgFhH.exe
  C:\Windows\System\PcXgFhH.exe
  2⤵
  PID:3600
- C:\Windows\System\bcsyKCM.exe
  C:\Windows\System\bcsyKCM.exe
  2⤵
  PID:2560
- C:\Windows\System\FoIrHTn.exe
  C:\Windows\System\FoIrHTn.exe
  2⤵
  PID:3332
- C:\Windows\System\rBuJbtS.exe
  C:\Windows\System\rBuJbtS.exe
  2⤵
  PID:3880
- C:\Windows\System\wIGalNr.exe
  C:\Windows\System\wIGalNr.exe
  2⤵
  PID:4172
- C:\Windows\System\dXecYMF.exe
  C:\Windows\System\dXecYMF.exe
  2⤵
  PID:3900
- C:\Windows\System\PBjilao.exe
  C:\Windows\System\PBjilao.exe
  2⤵
  PID:4216
- C:\Windows\System\RRVMsfF.exe
  C:\Windows\System\RRVMsfF.exe
  2⤵
  PID:4252
- C:\Windows\System\FzOGPVP.exe
  C:\Windows\System\FzOGPVP.exe
  2⤵
  PID:4332
- C:\Windows\System\wImhtDO.exe
  C:\Windows\System\wImhtDO.exe
  2⤵
  PID:4404
- C:\Windows\System\RqEGKpB.exe
  C:\Windows\System\RqEGKpB.exe
  2⤵
  PID:4476
- C:\Windows\System\MdPbqRh.exe
  C:\Windows\System\MdPbqRh.exe
  2⤵
  PID:4480
- C:\Windows\System\XzppzQj.exe
  C:\Windows\System\XzppzQj.exe
  2⤵
  PID:4516
- C:\Windows\System\cyhUaoZ.exe
  C:\Windows\System\cyhUaoZ.exe
  2⤵
  PID:4316
- C:\Windows\System\TVcppIC.exe
  C:\Windows\System\TVcppIC.exe
  2⤵
  PID:4352
- C:\Windows\System\BopPOfr.exe
  C:\Windows\System\BopPOfr.exe
  2⤵
  PID:4592
- C:\Windows\System\VWQVzGe.exe
  C:\Windows\System\VWQVzGe.exe
  2⤵
  PID:4636
- C:\Windows\System\ebMzVWc.exe
  C:\Windows\System\ebMzVWc.exe
  2⤵
  PID:4672
- C:\Windows\System\DDvbeDk.exe
  C:\Windows\System\DDvbeDk.exe
  2⤵
  PID:4532
- C:\Windows\System\JUHpMSp.exe
  C:\Windows\System\JUHpMSp.exe
  2⤵
  PID:4576
- C:\Windows\System\ZcEqcgx.exe
  C:\Windows\System\ZcEqcgx.exe
  2⤵
  PID:2956
- C:\Windows\System\rFKWJhf.exe
  C:\Windows\System\rFKWJhf.exe
  2⤵
  PID:4496
- C:\Windows\System\mIiXLYj.exe
  C:\Windows\System\mIiXLYj.exe
  2⤵
  PID:4712
- C:\Windows\System\OmZMVdc.exe
  C:\Windows\System\OmZMVdc.exe
  2⤵
  PID:4776
- C:\Windows\System\GHeSYAI.exe
  C:\Windows\System\GHeSYAI.exe
  2⤵
  PID:4792
- C:\Windows\System\Cxbgtdb.exe
  C:\Windows\System\Cxbgtdb.exe
  2⤵
  PID:4816
- C:\Windows\System\zXWVgRc.exe
  C:\Windows\System\zXWVgRc.exe
  2⤵
  PID:4836
- C:\Windows\System\PKxbiIL.exe
  C:\Windows\System\PKxbiIL.exe
  2⤵
  PID:4892
- C:\Windows\System\laulmvv.exe
  C:\Windows\System\laulmvv.exe
  2⤵
  PID:4940
- C:\Windows\System\owAldsd.exe
  C:\Windows\System\owAldsd.exe
  2⤵
  PID:4944
- C:\Windows\System\ZqQiXrx.exe
  C:\Windows\System\ZqQiXrx.exe
  2⤵
  PID:4984
- C:\Windows\System\lRrFZfx.exe
  C:\Windows\System\lRrFZfx.exe
  2⤵
  PID:5024
- C:\Windows\System\loIZFdR.exe
  C:\Windows\System\loIZFdR.exe
  2⤵
  PID:5068
- C:\Windows\System\ifuTauR.exe
  C:\Windows\System\ifuTauR.exe
  2⤵
  PID:5080
- C:\Windows\System\zsUmnsT.exe
  C:\Windows\System\zsUmnsT.exe
  2⤵
  PID:5084
- C:\Windows\System\lOuvVlf.exe
  C:\Windows\System\lOuvVlf.exe
  2⤵
  PID:2944
- C:\Windows\System\kUPJBLq.exe
  C:\Windows\System\kUPJBLq.exe
  2⤵
  PID:3980
- C:\Windows\System\JNKUwck.exe
  C:\Windows\System\JNKUwck.exe
  2⤵
  PID:3484
- C:\Windows\System\JOrSylQ.exe
  C:\Windows\System\JOrSylQ.exe
  2⤵
  PID:3176
- C:\Windows\System\sLfaEJE.exe
  C:\Windows\System\sLfaEJE.exe
  2⤵
  PID:3952
- C:\Windows\System\ONkryds.exe
  C:\Windows\System\ONkryds.exe
  2⤵
  PID:4124
- C:\Windows\System\zfjlnwx.exe
  C:\Windows\System\zfjlnwx.exe
  2⤵
  PID:4104
- C:\Windows\System\XsyvAvy.exe
  C:\Windows\System\XsyvAvy.exe
  2⤵
  PID:4160
- C:\Windows\System\MCqnIKG.exe
  C:\Windows\System\MCqnIKG.exe
  2⤵
  PID:1880
- C:\Windows\System\nOicRhC.exe
  C:\Windows\System\nOicRhC.exe
  2⤵
  PID:4228
- C:\Windows\System\ZCsIUPl.exe
  C:\Windows\System\ZCsIUPl.exe
  2⤵
  PID:4444
- C:\Windows\System\FZHyUJm.exe
  C:\Windows\System\FZHyUJm.exe
  2⤵
  PID:4268
- C:\Windows\System\vdjGEpk.exe
  C:\Windows\System\vdjGEpk.exe
  2⤵
  PID:4344
- C:\Windows\System\UPwaoLr.exe
  C:\Windows\System\UPwaoLr.exe
  2⤵
  PID:4680
- C:\Windows\System\PHMawQS.exe
  C:\Windows\System\PHMawQS.exe
  2⤵
  PID:4460
- C:\Windows\System\nRQHYpt.exe
  C:\Windows\System\nRQHYpt.exe
  2⤵
  PID:4656
- C:\Windows\System\jywAHzj.exe
  C:\Windows\System\jywAHzj.exe
  2⤵
  PID:4696
- C:\Windows\System\zEapmtI.exe
  C:\Windows\System\zEapmtI.exe
  2⤵
  PID:4616
- C:\Windows\System\NxsFLSE.exe
  C:\Windows\System\NxsFLSE.exe
  2⤵
  PID:4740
- C:\Windows\System\gKEXoxE.exe
  C:\Windows\System\gKEXoxE.exe
  2⤵
  PID:4620
- C:\Windows\System\lszCfzq.exe
  C:\Windows\System\lszCfzq.exe
  2⤵
  PID:4820
- C:\Windows\System\KDNrnqS.exe
  C:\Windows\System\KDNrnqS.exe
  2⤵
  PID:4928
- C:\Windows\System\uKlSdda.exe
  C:\Windows\System\uKlSdda.exe
  2⤵
  PID:4988
- C:\Windows\System\HliqeQm.exe
  C:\Windows\System\HliqeQm.exe
  2⤵
  PID:5008
- C:\Windows\System\VyUBDtb.exe
  C:\Windows\System\VyUBDtb.exe
  2⤵
  PID:1284
- C:\Windows\System\zieKzSb.exe
  C:\Windows\System\zieKzSb.exe
  2⤵
  PID:5108
- C:\Windows\System\LwmKxLr.exe
  C:\Windows\System\LwmKxLr.exe
  2⤵
  PID:2688
- C:\Windows\System\nhcYFUZ.exe
  C:\Windows\System\nhcYFUZ.exe
  2⤵
  PID:4168
- C:\Windows\System\modRoPG.exe
  C:\Windows\System\modRoPG.exe
  2⤵
  PID:3596
- C:\Windows\System\pwzmRBY.exe
  C:\Windows\System\pwzmRBY.exe
  2⤵
  PID:2116
- C:\Windows\System\WOxdpcB.exe
  C:\Windows\System\WOxdpcB.exe
  2⤵
  PID:4520
- C:\Windows\System\uKOliSX.exe
  C:\Windows\System\uKOliSX.exe
  2⤵
  PID:4596
- C:\Windows\System\ykdrldp.exe
  C:\Windows\System\ykdrldp.exe
  2⤵
  PID:4552
- C:\Windows\System\tEYUbyv.exe
  C:\Windows\System\tEYUbyv.exe
  2⤵
  PID:4676
- C:\Windows\System\RgEvRAd.exe
  C:\Windows\System\RgEvRAd.exe
  2⤵
  PID:4700
- C:\Windows\System\hmiMfMY.exe
  C:\Windows\System\hmiMfMY.exe
  2⤵
  PID:5124
- C:\Windows\System\OwVKKaY.exe
  C:\Windows\System\OwVKKaY.exe
  2⤵
  PID:5144
- C:\Windows\System\PVWRcjz.exe
  C:\Windows\System\PVWRcjz.exe
  2⤵
  PID:5160
- C:\Windows\System\cQmCmDJ.exe
  C:\Windows\System\cQmCmDJ.exe
  2⤵
  PID:5184
- C:\Windows\System\RNobolF.exe
  C:\Windows\System\RNobolF.exe
  2⤵
  PID:5200
- C:\Windows\System\bZLJeTI.exe
  C:\Windows\System\bZLJeTI.exe
  2⤵
  PID:5220
- C:\Windows\System\wJJvSjt.exe
  C:\Windows\System\wJJvSjt.exe
  2⤵
  PID:5240
- C:\Windows\System\zrOcAgz.exe
  C:\Windows\System\zrOcAgz.exe
  2⤵
  PID:5256
- C:\Windows\System\obigtst.exe
  C:\Windows\System\obigtst.exe
  2⤵
  PID:5280
- C:\Windows\System\zdUGulr.exe
  C:\Windows\System\zdUGulr.exe
  2⤵
  PID:5296
- C:\Windows\System\XHwUkIa.exe
  C:\Windows\System\XHwUkIa.exe
  2⤵
  PID:5320
- C:\Windows\System\wDbnlOu.exe
  C:\Windows\System\wDbnlOu.exe
  2⤵
  PID:5344
- C:\Windows\System\JFugrXL.exe
  C:\Windows\System\JFugrXL.exe
  2⤵
  PID:5364
- C:\Windows\System\FLjNZuQ.exe
  C:\Windows\System\FLjNZuQ.exe
  2⤵
  PID:5388
- C:\Windows\System\MlAwFhF.exe
  C:\Windows\System\MlAwFhF.exe
  2⤵
  PID:5412
- C:\Windows\System\TnYeNqm.exe
  C:\Windows\System\TnYeNqm.exe
  2⤵
  PID:5432
- C:\Windows\System\NfmLABn.exe
  C:\Windows\System\NfmLABn.exe
  2⤵
  PID:5448
- C:\Windows\System\VOTXkzP.exe
  C:\Windows\System\VOTXkzP.exe
  2⤵
  PID:5468
- C:\Windows\System\kbHnXJk.exe
  C:\Windows\System\kbHnXJk.exe
  2⤵
  PID:5492
- C:\Windows\System\yDXAIZI.exe
  C:\Windows\System\yDXAIZI.exe
  2⤵
  PID:5512
- C:\Windows\System\WpZIUNp.exe
  C:\Windows\System\WpZIUNp.exe
  2⤵
  PID:5536
- C:\Windows\System\CkOwJYh.exe
  C:\Windows\System\CkOwJYh.exe
  2⤵
  PID:5556
- C:\Windows\System\gelEpwZ.exe
  C:\Windows\System\gelEpwZ.exe
  2⤵
  PID:5576
- C:\Windows\System\fXWWyry.exe
  C:\Windows\System\fXWWyry.exe
  2⤵
  PID:5596
- C:\Windows\System\SJPWgef.exe
  C:\Windows\System\SJPWgef.exe
  2⤵
  PID:5616
- C:\Windows\System\bAycNXt.exe
  C:\Windows\System\bAycNXt.exe
  2⤵
  PID:5636
- C:\Windows\System\sZmqeiV.exe
  C:\Windows\System\sZmqeiV.exe
  2⤵
  PID:5656
- C:\Windows\System\sThyBDd.exe
  C:\Windows\System\sThyBDd.exe
  2⤵
  PID:5676
- C:\Windows\System\SAKJoVy.exe
  C:\Windows\System\SAKJoVy.exe
  2⤵
  PID:5696
- C:\Windows\System\AuKkRjo.exe
  C:\Windows\System\AuKkRjo.exe
  2⤵
  PID:5716
- C:\Windows\System\GfKywAo.exe
  C:\Windows\System\GfKywAo.exe
  2⤵
  PID:5736
- C:\Windows\System\zHxaQtQ.exe
  C:\Windows\System\zHxaQtQ.exe
  2⤵
  PID:5756
- C:\Windows\System\yFCdJnp.exe
  C:\Windows\System\yFCdJnp.exe
  2⤵
  PID:5776
- C:\Windows\System\zXCAObK.exe
  C:\Windows\System\zXCAObK.exe
  2⤵
  PID:5800
- C:\Windows\System\LmwjHik.exe
  C:\Windows\System\LmwjHik.exe
  2⤵
  PID:5820
- C:\Windows\System\jfXFeVV.exe
  C:\Windows\System\jfXFeVV.exe
  2⤵
  PID:5840
- C:\Windows\System\ajCWXkb.exe
  C:\Windows\System\ajCWXkb.exe
  2⤵
  PID:5860
- C:\Windows\System\PgRCgnO.exe
  C:\Windows\System\PgRCgnO.exe
  2⤵
  PID:5880
- C:\Windows\System\FxhSfiz.exe
  C:\Windows\System\FxhSfiz.exe
  2⤵
  PID:5896
- C:\Windows\System\vaAYWDU.exe
  C:\Windows\System\vaAYWDU.exe
  2⤵
  PID:5920
- C:\Windows\System\IrbENvE.exe
  C:\Windows\System\IrbENvE.exe
  2⤵
  PID:5940
- C:\Windows\System\oHmPNsK.exe
  C:\Windows\System\oHmPNsK.exe
  2⤵
  PID:5960
- C:\Windows\System\SRlHkHF.exe
  C:\Windows\System\SRlHkHF.exe
  2⤵
  PID:6124
- C:\Windows\System\XtFWAon.exe
  C:\Windows\System\XtFWAon.exe
  2⤵
  PID:6140
- C:\Windows\System\WouoAzP.exe
  C:\Windows\System\WouoAzP.exe
  2⤵
  PID:2352
- C:\Windows\System\kqaQzxo.exe
  C:\Windows\System\kqaQzxo.exe
  2⤵
  PID:5004
- C:\Windows\System\qcvlZfO.exe
  C:\Windows\System\qcvlZfO.exe
  2⤵
  PID:3972
- C:\Windows\System\qIYhtVq.exe
  C:\Windows\System\qIYhtVq.exe
  2⤵
  PID:4920
- C:\Windows\System\NADUSHo.exe
  C:\Windows\System\NADUSHo.exe
  2⤵
  PID:5028
- C:\Windows\System\CygRBTV.exe
  C:\Windows\System\CygRBTV.exe
  2⤵
  PID:1036
- C:\Windows\System\cqaNDXS.exe
  C:\Windows\System\cqaNDXS.exe
  2⤵
  PID:4440
- C:\Windows\System\CRJJxpB.exe
  C:\Windows\System\CRJJxpB.exe
  2⤵
  PID:4292
- C:\Windows\System\WzRLmkp.exe
  C:\Windows\System\WzRLmkp.exe
  2⤵
  PID:4564
- C:\Windows\System\DXMbyRB.exe
  C:\Windows\System\DXMbyRB.exe
  2⤵
  PID:2384
- C:\Windows\System\nMLlBqh.exe
  C:\Windows\System\nMLlBqh.exe
  2⤵
  PID:4116
- C:\Windows\System\FSzYSmS.exe
  C:\Windows\System\FSzYSmS.exe
  2⤵
  PID:5140
- C:\Windows\System\hpEDlMq.exe
  C:\Windows\System\hpEDlMq.exe
  2⤵
  PID:5168
- C:\Windows\System\svtucTb.exe
  C:\Windows\System\svtucTb.exe
  2⤵
  PID:4272
- C:\Windows\System\GubCxAm.exe
  C:\Windows\System\GubCxAm.exe
  2⤵
  PID:5208
- C:\Windows\System\ecTcrcF.exe
  C:\Windows\System\ecTcrcF.exe
  2⤵
  PID:4864
- C:\Windows\System\cfOEWee.exe
  C:\Windows\System\cfOEWee.exe
  2⤵
  PID:5248
- C:\Windows\System\aQaciRU.exe
  C:\Windows\System\aQaciRU.exe
  2⤵
  PID:5192
- C:\Windows\System\mmkHDDP.exe
  C:\Windows\System\mmkHDDP.exe
  2⤵
  PID:5228
- C:\Windows\System\XyZRYvr.exe
  C:\Windows\System\XyZRYvr.exe
  2⤵
  PID:5272
- C:\Windows\System\JsMpafe.exe
  C:\Windows\System\JsMpafe.exe
  2⤵
  PID:5372
- C:\Windows\System\vyOkHPd.exe
  C:\Windows\System\vyOkHPd.exe
  2⤵
  PID:5312
- C:\Windows\System\vkhCYMg.exe
  C:\Windows\System\vkhCYMg.exe
  2⤵
  PID:5376
- C:\Windows\System\xMPhaNX.exe
  C:\Windows\System\xMPhaNX.exe
  2⤵
  PID:5400
- C:\Windows\System\sModFbz.exe
  C:\Windows\System\sModFbz.exe
  2⤵
  PID:1764
- C:\Windows\System\gbZyOoA.exe
  C:\Windows\System\gbZyOoA.exe
  2⤵
  PID:1560
- C:\Windows\System\UaGyfHV.exe
  C:\Windows\System\UaGyfHV.exe
  2⤵
  PID:5480
- C:\Windows\System\wquFykL.exe
  C:\Windows\System\wquFykL.exe
  2⤵
  PID:5520
- C:\Windows\System\cSgewMC.exe
  C:\Windows\System\cSgewMC.exe
  2⤵
  PID:5548
- C:\Windows\System\cfjJghS.exe
  C:\Windows\System\cfjJghS.exe
  2⤵
  PID:5592
- C:\Windows\System\PObFKRr.exe
  C:\Windows\System\PObFKRr.exe
  2⤵
  PID:5632
- C:\Windows\System\iSTTwlD.exe
  C:\Windows\System\iSTTwlD.exe
  2⤵
  PID:5608
- C:\Windows\System\XmSiuMd.exe
  C:\Windows\System\XmSiuMd.exe
  2⤵
  PID:5664
- C:\Windows\System\HzeZTmU.exe
  C:\Windows\System\HzeZTmU.exe
  2⤵
  PID:5652
- C:\Windows\System\eMxzFgg.exe
  C:\Windows\System\eMxzFgg.exe
  2⤵
  PID:5712
- C:\Windows\System\dKtpFDK.exe
  C:\Windows\System\dKtpFDK.exe
  2⤵
  PID:5744
- C:\Windows\System\BvQxiaY.exe
  C:\Windows\System\BvQxiaY.exe
  2⤵
  PID:5732
- C:\Windows\System\omaHVKC.exe
  C:\Windows\System\omaHVKC.exe
  2⤵
  PID:5764
- C:\Windows\System\YdryzRY.exe
  C:\Windows\System\YdryzRY.exe
  2⤵
  PID:2968
- C:\Windows\System\leHxVmU.exe
  C:\Windows\System\leHxVmU.exe
  2⤵
  PID:5836
- C:\Windows\System\NDQMVmq.exe
  C:\Windows\System\NDQMVmq.exe
  2⤵
  PID:5868
- C:\Windows\System\kwxmoQA.exe
  C:\Windows\System\kwxmoQA.exe
  2⤵
  PID:5912
- C:\Windows\System\SxQAGfC.exe
  C:\Windows\System\SxQAGfC.exe
  2⤵
  PID:5928
- C:\Windows\System\FcilTqZ.exe
  C:\Windows\System\FcilTqZ.exe
  2⤵
  PID:5948
- C:\Windows\System\qegIyXy.exe
  C:\Windows\System\qegIyXy.exe
  2⤵
  PID:5968
- C:\Windows\System\JCzcCIU.exe
  C:\Windows\System\JCzcCIU.exe
  2⤵
  PID:2280
- C:\Windows\System\WQXyQbW.exe
  C:\Windows\System\WQXyQbW.exe
  2⤵
  PID:2564
- C:\Windows\System\CWmKpaN.exe
  C:\Windows\System\CWmKpaN.exe
  2⤵
  PID:2936
- C:\Windows\System\STwXYRN.exe
  C:\Windows\System\STwXYRN.exe
  2⤵
  PID:2732
- C:\Windows\System\WXxYxpO.exe
  C:\Windows\System\WXxYxpO.exe
  2⤵
  PID:2216
- C:\Windows\System\rqvPpPV.exe
  C:\Windows\System\rqvPpPV.exe
  2⤵
  PID:6044
- C:\Windows\System\WugowWs.exe
  C:\Windows\System\WugowWs.exe
  2⤵
  PID:1128
- C:\Windows\System\tSXzfSL.exe
  C:\Windows\System\tSXzfSL.exe
  2⤵
  PID:2288
- C:\Windows\System\LbFbdCv.exe
  C:\Windows\System\LbFbdCv.exe
  2⤵
  PID:2240
- C:\Windows\System\OfqmPLG.exe
  C:\Windows\System\OfqmPLG.exe
  2⤵
  PID:2536
- C:\Windows\System\AqtSfvZ.exe
  C:\Windows\System\AqtSfvZ.exe
  2⤵
  PID:1380
- C:\Windows\System\mlHGYXX.exe
  C:\Windows\System\mlHGYXX.exe
  2⤵
  PID:1744
- C:\Windows\System\rBLdQgK.exe
  C:\Windows\System\rBLdQgK.exe
  2⤵
  PID:2908
- C:\Windows\System\UMNFyJu.exe
  C:\Windows\System\UMNFyJu.exe
  2⤵
  PID:6092
- C:\Windows\System\rLPPYDs.exe
  C:\Windows\System\rLPPYDs.exe
  2⤵
  PID:3060
- C:\Windows\System\wUGFrJr.exe
  C:\Windows\System\wUGFrJr.exe
  2⤵
  PID:2392
- C:\Windows\System\GAaZIZb.exe
  C:\Windows\System\GAaZIZb.exe
  2⤵
  PID:2764
- C:\Windows\System\ntWwrKY.exe
  C:\Windows\System\ntWwrKY.exe
  2⤵
  PID:6000
- C:\Windows\System\DvQTNpE.exe
  C:\Windows\System\DvQTNpE.exe
  2⤵
  PID:6040
- C:\Windows\System\mvpSOnh.exe
  C:\Windows\System\mvpSOnh.exe
  2⤵
  PID:6068
- C:\Windows\System\qWrbXHn.exe
  C:\Windows\System\qWrbXHn.exe
  2⤵
  PID:6112
- C:\Windows\System\wDVaObT.exe
  C:\Windows\System\wDVaObT.exe
  2⤵
  PID:3892
- C:\Windows\System\dYiOcst.exe
  C:\Windows\System\dYiOcst.exe
  2⤵
  PID:2804
- C:\Windows\System\hcpLUwO.exe
  C:\Windows\System\hcpLUwO.exe
  2⤵
  PID:4196
- C:\Windows\System\soWVRpn.exe
  C:\Windows\System\soWVRpn.exe
  2⤵
  PID:4392
- C:\Windows\System\rXtxuGH.exe
  C:\Windows\System\rXtxuGH.exe
  2⤵
  PID:4876
- C:\Windows\System\lLZgQXu.exe
  C:\Windows\System\lLZgQXu.exe
  2⤵
  PID:4800
- C:\Windows\System\JceNZSf.exe
  C:\Windows\System\JceNZSf.exe
  2⤵
  PID:6120
- C:\Windows\System\IyLDlNh.exe
  C:\Windows\System\IyLDlNh.exe
  2⤵
  PID:4288
- C:\Windows\System\UsZldPJ.exe
  C:\Windows\System\UsZldPJ.exe
  2⤵
  PID:5180
- C:\Windows\System\OOntfhV.exe
  C:\Windows\System\OOntfhV.exe
  2⤵
  PID:5340
- C:\Windows\System\xHnFsEP.exe
  C:\Windows\System\xHnFsEP.exe
  2⤵
  PID:5236
- C:\Windows\System\LBWoeaA.exe
  C:\Windows\System\LBWoeaA.exe
  2⤵
  PID:5384
- C:\Windows\System\AOlJdbK.exe
  C:\Windows\System\AOlJdbK.exe
  2⤵
  PID:5356
- C:\Windows\System\uWmsDJg.exe
  C:\Windows\System\uWmsDJg.exe
  2⤵
  PID:5508
- C:\Windows\System\GkvPBQY.exe
  C:\Windows\System\GkvPBQY.exe
  2⤵
  PID:2144
- C:\Windows\System\kKPbQhN.exe
  C:\Windows\System\kKPbQhN.exe
  2⤵
  PID:5584
- C:\Windows\System\YVxqiCW.exe
  C:\Windows\System\YVxqiCW.exe
  2⤵
  PID:5604
- C:\Windows\System\gOaCGKG.exe
  C:\Windows\System\gOaCGKG.exe
  2⤵
  PID:5684
- C:\Windows\System\vQBUlIp.exe
  C:\Windows\System\vQBUlIp.exe
  2⤵
  PID:5724
- C:\Windows\System\hPQcBtG.exe
  C:\Windows\System\hPQcBtG.exe
  2⤵
  PID:5688
- C:\Windows\System\cdneJpD.exe
  C:\Windows\System\cdneJpD.exe
  2⤵
  PID:5856
- C:\Windows\System\WrZAYkI.exe
  C:\Windows\System\WrZAYkI.exe
  2⤵
  PID:5872
- C:\Windows\System\wuhDfjt.exe
  C:\Windows\System\wuhDfjt.exe
  2⤵
  PID:5952
- C:\Windows\System\UWHumQh.exe
  C:\Windows\System\UWHumQh.exe
  2⤵
  PID:1032
- C:\Windows\System\VDYlmtw.exe
  C:\Windows\System\VDYlmtw.exe
  2⤵
  PID:5932
- C:\Windows\System\nShOccU.exe
  C:\Windows\System\nShOccU.exe
  2⤵
  PID:2832
- C:\Windows\System\NYhqgQj.exe
  C:\Windows\System\NYhqgQj.exe
  2⤵
  PID:3444
- C:\Windows\System\ycMRgHE.exe
  C:\Windows\System\ycMRgHE.exe
  2⤵
  PID:1048
- C:\Windows\System\hzmwcmE.exe
  C:\Windows\System\hzmwcmE.exe
  2⤵
  PID:6076
- C:\Windows\System\citAoUr.exe
  C:\Windows\System\citAoUr.exe
  2⤵
  PID:1276
- C:\Windows\System\UXDYgWq.exe
  C:\Windows\System\UXDYgWq.exe
  2⤵
  PID:944
- C:\Windows\System\bwVaZqZ.exe
  C:\Windows\System\bwVaZqZ.exe
  2⤵
  PID:1096
- C:\Windows\System\IEfrrVL.exe
  C:\Windows\System\IEfrrVL.exe
  2⤵
  PID:396
- C:\Windows\System\ZcxqxsH.exe
  C:\Windows\System\ZcxqxsH.exe
  2⤵
  PID:6116
- C:\Windows\System\UpSKIjq.exe
  C:\Windows\System\UpSKIjq.exe
  2⤵
  PID:6100
- C:\Windows\System\AaOTAaT.exe
  C:\Windows\System\AaOTAaT.exe
  2⤵
  PID:4796
- C:\Windows\System\zopLeca.exe
  C:\Windows\System\zopLeca.exe
  2⤵
  PID:3920
- C:\Windows\System\xkECxFf.exe
  C:\Windows\System\xkECxFf.exe
  2⤵
  PID:4760
- C:\Windows\System\wkdgJVJ.exe
  C:\Windows\System\wkdgJVJ.exe
  2⤵
  PID:5132
- C:\Windows\System\AigYgch.exe
  C:\Windows\System\AigYgch.exe
  2⤵
  PID:5352
- C:\Windows\System\tbJliPy.exe
  C:\Windows\System\tbJliPy.exe
  2⤵
  PID:5264
- C:\Windows\System\wXafYIR.exe
  C:\Windows\System\wXafYIR.exe
  2⤵
  PID:5504
- C:\Windows\System\HddRsdu.exe
  C:\Windows\System\HddRsdu.exe
  2⤵
  PID:984
- C:\Windows\System\MIpslEG.exe
  C:\Windows\System\MIpslEG.exe
  2⤵
  PID:5784
- C:\Windows\System\VwnYuAo.exe
  C:\Windows\System\VwnYuAo.exe
  2⤵
  PID:5796
- C:\Windows\System\EqUqNKL.exe
  C:\Windows\System\EqUqNKL.exe
  2⤵
  PID:5888
- C:\Windows\System\yOIrKie.exe
  C:\Windows\System\yOIrKie.exe
  2⤵
  PID:3536
- C:\Windows\System\lSYSJyK.exe
  C:\Windows\System\lSYSJyK.exe
  2⤵
  PID:3036
- C:\Windows\System\UgIJFrl.exe
  C:\Windows\System\UgIJFrl.exe
  2⤵
  PID:6064
- C:\Windows\System\UKGjsPV.exe
  C:\Windows\System\UKGjsPV.exe
  2⤵
  PID:2772
- C:\Windows\System\iFsEOXS.exe
  C:\Windows\System\iFsEOXS.exe
  2⤵
  PID:1052
- C:\Windows\System\eXyaPLL.exe
  C:\Windows\System\eXyaPLL.exe
  2⤵
  PID:4900
- C:\Windows\System\rDEHwgR.exe
  C:\Windows\System\rDEHwgR.exe
  2⤵
  PID:4568
- C:\Windows\System\ttcjSzA.exe
  C:\Windows\System\ttcjSzA.exe
  2⤵
  PID:4812
- C:\Windows\System\HbhKELi.exe
  C:\Windows\System\HbhKELi.exe
  2⤵
  PID:4044
- C:\Windows\System\CXJeAFQ.exe
  C:\Windows\System\CXJeAFQ.exe
  2⤵
  PID:5420
- C:\Windows\System\ryuFcmJ.exe
  C:\Windows\System\ryuFcmJ.exe
  2⤵
  PID:5816
- C:\Windows\System\lyuJiCx.exe
  C:\Windows\System\lyuJiCx.exe
  2⤵
  PID:2836
- C:\Windows\System\DmMFYyX.exe
  C:\Windows\System\DmMFYyX.exe
  2⤵
  PID:5976
- C:\Windows\System\ThHHFvv.exe
  C:\Windows\System\ThHHFvv.exe
  2⤵
  PID:4708
- C:\Windows\System\qDCmnho.exe
  C:\Windows\System\qDCmnho.exe
  2⤵
  PID:5212
- C:\Windows\System\XgAgxgf.exe
  C:\Windows\System\XgAgxgf.exe
  2⤵
  PID:6008
- C:\Windows\System\mqFdXAp.exe
  C:\Windows\System\mqFdXAp.exe
  2⤵
  PID:5852
- C:\Windows\System\PpjEXMu.exe
  C:\Windows\System\PpjEXMu.exe
  2⤵
  PID:6060
- C:\Windows\System\CGggFFb.exe
  C:\Windows\System\CGggFFb.exe
  2⤵
  PID:5532
- C:\Windows\System\Wecvmrs.exe
  C:\Windows\System\Wecvmrs.exe
  2⤵
  PID:6156
- C:\Windows\System\bZjlWAg.exe
  C:\Windows\System\bZjlWAg.exe
  2⤵
  PID:6172
- C:\Windows\System\tpJtDxw.exe
  C:\Windows\System\tpJtDxw.exe
  2⤵
  PID:6188
- C:\Windows\System\EhsACqZ.exe
  C:\Windows\System\EhsACqZ.exe
  2⤵
  PID:6204
- C:\Windows\System\JRPLIDv.exe
  C:\Windows\System\JRPLIDv.exe
  2⤵
  PID:6220
- C:\Windows\System\INzcyCI.exe
  C:\Windows\System\INzcyCI.exe
  2⤵
  PID:6236
- C:\Windows\System\DfpecRO.exe
  C:\Windows\System\DfpecRO.exe
  2⤵
  PID:6252
- C:\Windows\System\hxsaYWZ.exe
  C:\Windows\System\hxsaYWZ.exe
  2⤵
  PID:6268
- C:\Windows\System\IvHEwjK.exe
  C:\Windows\System\IvHEwjK.exe
  2⤵
  PID:6284
- C:\Windows\System\bzBJsfG.exe
  C:\Windows\System\bzBJsfG.exe
  2⤵
  PID:6300
- C:\Windows\System\dnoKPWs.exe
  C:\Windows\System\dnoKPWs.exe
  2⤵
  PID:6316
- C:\Windows\System\BmPCNuD.exe
  C:\Windows\System\BmPCNuD.exe
  2⤵
  PID:6332
- C:\Windows\System\eDXcJQO.exe
  C:\Windows\System\eDXcJQO.exe
  2⤵
  PID:6348
- C:\Windows\System\bFSvWst.exe
  C:\Windows\System\bFSvWst.exe
  2⤵
  PID:6364
- C:\Windows\System\lmXRvIf.exe
  C:\Windows\System\lmXRvIf.exe
  2⤵
  PID:6380
- C:\Windows\System\hfQCmjr.exe
  C:\Windows\System\hfQCmjr.exe
  2⤵
  PID:6396
- C:\Windows\System\DPFJIhi.exe
  C:\Windows\System\DPFJIhi.exe
  2⤵
  PID:6412
- C:\Windows\System\bZRKEuw.exe
  C:\Windows\System\bZRKEuw.exe
  2⤵
  PID:6428
- C:\Windows\System\qNDrede.exe
  C:\Windows\System\qNDrede.exe
  2⤵
  PID:6444
- C:\Windows\System\NPpVxte.exe
  C:\Windows\System\NPpVxte.exe
  2⤵
  PID:6460
- C:\Windows\System\epoYMNR.exe
  C:\Windows\System\epoYMNR.exe
  2⤵
  PID:6476
- C:\Windows\System\tYABTse.exe
  C:\Windows\System\tYABTse.exe
  2⤵
  PID:6492
- C:\Windows\System\VvsknBL.exe
  C:\Windows\System\VvsknBL.exe
  2⤵
  PID:6508
- C:\Windows\System\SzsBXgO.exe
  C:\Windows\System\SzsBXgO.exe
  2⤵
  PID:6524
- C:\Windows\System\AErhOrC.exe
  C:\Windows\System\AErhOrC.exe
  2⤵
  PID:6540
- C:\Windows\System\dTNlEfm.exe
  C:\Windows\System\dTNlEfm.exe
  2⤵
  PID:6556
- C:\Windows\System\vEJiKWS.exe
  C:\Windows\System\vEJiKWS.exe
  2⤵
  PID:6572
- C:\Windows\System\dNPSmSH.exe
  C:\Windows\System\dNPSmSH.exe
  2⤵
  PID:6588
- C:\Windows\System\GhfGbGS.exe
  C:\Windows\System\GhfGbGS.exe
  2⤵
  PID:6608
- C:\Windows\System\aYCvfKm.exe
  C:\Windows\System\aYCvfKm.exe
  2⤵
  PID:6624
- C:\Windows\System\tITDntL.exe
  C:\Windows\System\tITDntL.exe
  2⤵
  PID:6640
- C:\Windows\System\DTvHzng.exe
  C:\Windows\System\DTvHzng.exe
  2⤵
  PID:6656
- C:\Windows\System\YCAZeZx.exe
  C:\Windows\System\YCAZeZx.exe
  2⤵
  PID:6672
- C:\Windows\System\lpDNeQZ.exe
  C:\Windows\System\lpDNeQZ.exe
  2⤵
  PID:6688
- C:\Windows\System\rVQoxss.exe
  C:\Windows\System\rVQoxss.exe
  2⤵
  PID:6704
- C:\Windows\System\rhkQefF.exe
  C:\Windows\System\rhkQefF.exe
  2⤵
  PID:6720
- C:\Windows\System\JOHojFC.exe
  C:\Windows\System\JOHojFC.exe
  2⤵
  PID:6740
- C:\Windows\System\TxLtvak.exe
  C:\Windows\System\TxLtvak.exe
  2⤵
  PID:6756
- C:\Windows\System\CdWQXbq.exe
  C:\Windows\System\CdWQXbq.exe
  2⤵
  PID:6772
- C:\Windows\System\wlfazst.exe
  C:\Windows\System\wlfazst.exe
  2⤵
  PID:6788
- C:\Windows\System\uDtIBeD.exe
  C:\Windows\System\uDtIBeD.exe
  2⤵
  PID:6804
- C:\Windows\System\upglJWj.exe
  C:\Windows\System\upglJWj.exe
  2⤵
  PID:6820
- C:\Windows\System\DJcYHUw.exe
  C:\Windows\System\DJcYHUw.exe
  2⤵
  PID:6836
- C:\Windows\System\nempstj.exe
  C:\Windows\System\nempstj.exe
  2⤵
  PID:6852
- C:\Windows\System\eonfuwJ.exe
  C:\Windows\System\eonfuwJ.exe
  2⤵
  PID:6868
- C:\Windows\System\SZpjOwD.exe
  C:\Windows\System\SZpjOwD.exe
  2⤵
  PID:6884
- C:\Windows\System\XrZHBjO.exe
  C:\Windows\System\XrZHBjO.exe
  2⤵
  PID:6900
- C:\Windows\System\iibjqcg.exe
  C:\Windows\System\iibjqcg.exe
  2⤵
  PID:6916
- C:\Windows\System\IgbudLc.exe
  C:\Windows\System\IgbudLc.exe
  2⤵
  PID:6932
- C:\Windows\System\ilkTlZf.exe
  C:\Windows\System\ilkTlZf.exe
  2⤵
  PID:6948
- C:\Windows\System\ZqwyKyL.exe
  C:\Windows\System\ZqwyKyL.exe
  2⤵
  PID:6964
- C:\Windows\System\CgVjtoV.exe
  C:\Windows\System\CgVjtoV.exe
  2⤵
  PID:6980
- C:\Windows\System\CkDijpe.exe
  C:\Windows\System\CkDijpe.exe
  2⤵
  PID:6996
- C:\Windows\System\ztszxBJ.exe
  C:\Windows\System\ztszxBJ.exe
  2⤵
  PID:7012
- C:\Windows\System\OqReJtb.exe
  C:\Windows\System\OqReJtb.exe
  2⤵
  PID:7028
- C:\Windows\System\xsMthAz.exe
  C:\Windows\System\xsMthAz.exe
  2⤵
  PID:7044
- C:\Windows\System\eDEOEJo.exe
  C:\Windows\System\eDEOEJo.exe
  2⤵
  PID:7060
- C:\Windows\System\USanyzl.exe
  C:\Windows\System\USanyzl.exe
  2⤵
  PID:7076
- C:\Windows\System\tVGGMLK.exe
  C:\Windows\System\tVGGMLK.exe
  2⤵
  PID:7092
- C:\Windows\System\jWxsfTe.exe
  C:\Windows\System\jWxsfTe.exe
  2⤵
  PID:7116
- C:\Windows\System\vIGSzUC.exe
  C:\Windows\System\vIGSzUC.exe
  2⤵
  PID:7132
- C:\Windows\System\qteUNvF.exe
  C:\Windows\System\qteUNvF.exe
  2⤵
  PID:7148
- C:\Windows\System\zhDwjZz.exe
  C:\Windows\System\zhDwjZz.exe
  2⤵
  PID:7164
- C:\Windows\System\Bpwbqwu.exe
  C:\Windows\System\Bpwbqwu.exe
  2⤵
  PID:6104
- C:\Windows\System\OBJSkxJ.exe
  C:\Windows\System\OBJSkxJ.exe
  2⤵
  PID:5488
- C:\Windows\System\DLnmExw.exe
  C:\Windows\System\DLnmExw.exe
  2⤵
  PID:6184
- C:\Windows\System\uCBuXyY.exe
  C:\Windows\System\uCBuXyY.exe
  2⤵
  PID:6260
- C:\Windows\System\EwlyaFZ.exe
  C:\Windows\System\EwlyaFZ.exe
  2⤵
  PID:6212
- C:\Windows\System\pKrUTYn.exe
  C:\Windows\System\pKrUTYn.exe
  2⤵
  PID:6248
- C:\Windows\System\guNrBgM.exe
  C:\Windows\System\guNrBgM.exe
  2⤵
  PID:6296
- C:\Windows\System\RxHHEYI.exe
  C:\Windows\System\RxHHEYI.exe
  2⤵
  PID:6328
- C:\Windows\System\eBdTNOz.exe
  C:\Windows\System\eBdTNOz.exe
  2⤵
  PID:6356
- C:\Windows\System\JSBmpJg.exe
  C:\Windows\System\JSBmpJg.exe
  2⤵
  PID:6392
- C:\Windows\System\YoiAUmV.exe
  C:\Windows\System\YoiAUmV.exe
  2⤵
  PID:6440
- C:\Windows\System\EYUNavy.exe
  C:\Windows\System\EYUNavy.exe
  2⤵
  PID:6456
- C:\Windows\System\XxovJgM.exe
  C:\Windows\System\XxovJgM.exe
  2⤵
  PID:6468
- C:\Windows\System\bTsNKxQ.exe
  C:\Windows\System\bTsNKxQ.exe
  2⤵
  PID:6504
- C:\Windows\System\RSFIhNt.exe
  C:\Windows\System\RSFIhNt.exe
  2⤵
  PID:6532
- C:\Windows\System\fsaptjC.exe
  C:\Windows\System\fsaptjC.exe
  2⤵
  PID:6596
- C:\Windows\System\DZvbhKs.exe
  C:\Windows\System\DZvbhKs.exe
  2⤵
  PID:6648
- C:\Windows\System\ESYSbzz.exe
  C:\Windows\System\ESYSbzz.exe
  2⤵
  PID:6664
- C:\Windows\System\GQUyjvq.exe
  C:\Windows\System\GQUyjvq.exe
  2⤵
  PID:6712
- C:\Windows\System\UWcXADx.exe
  C:\Windows\System\UWcXADx.exe
  2⤵
  PID:6728
- C:\Windows\System\XbFWCNv.exe
  C:\Windows\System\XbFWCNv.exe
  2⤵
  PID:6764
- C:\Windows\System\jwBgDcg.exe
  C:\Windows\System\jwBgDcg.exe
  2⤵
  PID:6812
- C:\Windows\System\ViQlSTm.exe
  C:\Windows\System\ViQlSTm.exe
  2⤵
  PID:6844
- C:\Windows\System\xpYBbxX.exe
  C:\Windows\System\xpYBbxX.exe
  2⤵
  PID:6880
- C:\Windows\System\ePpdWpE.exe
  C:\Windows\System\ePpdWpE.exe
  2⤵
  PID:6860
- C:\Windows\System\zXMLEqB.exe
  C:\Windows\System\zXMLEqB.exe
  2⤵
  PID:6924
- C:\Windows\System\bXQXkqG.exe
  C:\Windows\System\bXQXkqG.exe
  2⤵
  PID:6944
- C:\Windows\System\RcoviDT.exe
  C:\Windows\System\RcoviDT.exe
  2⤵
  PID:6992
- C:\Windows\System\XRkTcfL.exe
  C:\Windows\System\XRkTcfL.exe
  2⤵
  PID:7008
- C:\Windows\System\wvfscVs.exe
  C:\Windows\System\wvfscVs.exe
  2⤵
  PID:7068
- C:\Windows\System\MEZjpwJ.exe
  C:\Windows\System\MEZjpwJ.exe
  2⤵
  PID:7052
- C:\Windows\System\NpzOKou.exe
  C:\Windows\System\NpzOKou.exe
  2⤵
  PID:6736
- C:\Windows\System\txrcVzd.exe
  C:\Windows\System\txrcVzd.exe
  2⤵
  PID:7140
- C:\Windows\System\YbaoaNV.exe
  C:\Windows\System\YbaoaNV.exe
  2⤵
  PID:6164
- C:\Windows\System\gfzDMcd.exe
  C:\Windows\System\gfzDMcd.exe
  2⤵
  PID:6292
- C:\Windows\System\vozRUYg.exe
  C:\Windows\System\vozRUYg.exe
  2⤵
  PID:6408
- C:\Windows\System\OHJKaiF.exe
  C:\Windows\System\OHJKaiF.exe
  2⤵
  PID:7128
- C:\Windows\System\xbiWqTH.exe
  C:\Windows\System\xbiWqTH.exe
  2⤵
  PID:6312
- C:\Windows\System\qxGajsu.exe
  C:\Windows\System\qxGajsu.exe
  2⤵
  PID:6200
- C:\Windows\System\OCjbGmV.exe
  C:\Windows\System\OCjbGmV.exe
  2⤵
  PID:6324
- C:\Windows\System\WLKLnYA.exe
  C:\Windows\System\WLKLnYA.exe
  2⤵
  PID:6452
- C:\Windows\System\WJzTCYh.exe
  C:\Windows\System\WJzTCYh.exe
  2⤵
  PID:6600
- C:\Windows\System\ALrPXzF.exe
  C:\Windows\System\ALrPXzF.exe
  2⤵
  PID:6748
- C:\Windows\System\BmAFznM.exe
  C:\Windows\System\BmAFznM.exe
  2⤵
  PID:6636
- C:\Windows\System\WlUwGdn.exe
  C:\Windows\System\WlUwGdn.exe
  2⤵
  PID:6784
- C:\Windows\System\YfzAtje.exe
  C:\Windows\System\YfzAtje.exe
  2⤵
  PID:6800
- C:\Windows\System\WzPMQoH.exe
  C:\Windows\System\WzPMQoH.exe
  2⤵
  PID:6940
- C:\Windows\System\ThCDFgg.exe
  C:\Windows\System\ThCDFgg.exe
  2⤵
  PID:7100
- C:\Windows\System\HIPmeAr.exe
  C:\Windows\System\HIPmeAr.exe
  2⤵
  PID:6892
- C:\Windows\System\KkTfdzw.exe
  C:\Windows\System\KkTfdzw.exe
  2⤵
  PID:6960
- C:\Windows\System\jrbZtyY.exe
  C:\Windows\System\jrbZtyY.exe
  2⤵
  PID:7160
- C:\Windows\System\tFrzIiB.exe
  C:\Windows\System\tFrzIiB.exe
  2⤵
  PID:6404
- C:\Windows\System\rvZmmYr.exe
  C:\Windows\System\rvZmmYr.exe
  2⤵
  PID:6552
- C:\Windows\System\nmkYvtj.exe
  C:\Windows\System\nmkYvtj.exe
  2⤵
  PID:6388
- C:\Windows\System\bGgNdhq.exe
  C:\Windows\System\bGgNdhq.exe
  2⤵
  PID:6264
- C:\Windows\System\NIFolBn.exe
  C:\Windows\System\NIFolBn.exe
  2⤵
  PID:6796
- C:\Windows\System\sSbyHYV.exe
  C:\Windows\System\sSbyHYV.exe
  2⤵
  PID:6680
- C:\Windows\System\YFFxCEE.exe
  C:\Windows\System\YFFxCEE.exe
  2⤵
  PID:7024
- C:\Windows\System\HTOkQgH.exe
  C:\Windows\System\HTOkQgH.exe
  2⤵
  PID:6684
- C:\Windows\System\vdxplNs.exe
  C:\Windows\System\vdxplNs.exe
  2⤵
  PID:6232
- C:\Windows\System\XvrowlE.exe
  C:\Windows\System\XvrowlE.exe
  2⤵
  PID:6956
- C:\Windows\System\cpcsKCg.exe
  C:\Windows\System\cpcsKCg.exe
  2⤵
  PID:7124
- C:\Windows\System\qrcUqwL.exe
  C:\Windows\System\qrcUqwL.exe
  2⤵
  PID:3024
- C:\Windows\System\QjVGfRB.exe
  C:\Windows\System\QjVGfRB.exe
  2⤵
  PID:7020
- C:\Windows\System\UIRGxxc.exe
  C:\Windows\System\UIRGxxc.exe
  2⤵
  PID:7176
- C:\Windows\System\vTNrLLD.exe
  C:\Windows\System\vTNrLLD.exe
  2⤵
  PID:7192
- C:\Windows\System\xPLmaxt.exe
  C:\Windows\System\xPLmaxt.exe
  2⤵
  PID:7208
- C:\Windows\System\UrmQlQP.exe
  C:\Windows\System\UrmQlQP.exe
  2⤵
  PID:7228
- C:\Windows\System\ihSSCTt.exe
  C:\Windows\System\ihSSCTt.exe
  2⤵
  PID:7244
- C:\Windows\System\VzPIUnS.exe
  C:\Windows\System\VzPIUnS.exe
  2⤵
  PID:7260
- C:\Windows\System\nyZXGTY.exe
  C:\Windows\System\nyZXGTY.exe
  2⤵
  PID:7276
- C:\Windows\System\cAbfTGM.exe
  C:\Windows\System\cAbfTGM.exe
  2⤵
  PID:7292
- C:\Windows\System\ioCtPNt.exe
  C:\Windows\System\ioCtPNt.exe
  2⤵
  PID:7308
- C:\Windows\System\cLHDTXn.exe
  C:\Windows\System\cLHDTXn.exe
  2⤵
  PID:7324
- C:\Windows\System\SyvlUlW.exe
  C:\Windows\System\SyvlUlW.exe
  2⤵
  PID:7340
- C:\Windows\System\vtYxuaU.exe
  C:\Windows\System\vtYxuaU.exe
  2⤵
  PID:7356
- C:\Windows\System\kJkVNyr.exe
  C:\Windows\System\kJkVNyr.exe
  2⤵
  PID:7372
- C:\Windows\System\bMPXEXA.exe
  C:\Windows\System\bMPXEXA.exe
  2⤵
  PID:7388
- C:\Windows\System\cmVxmkB.exe
  C:\Windows\System\cmVxmkB.exe
  2⤵
  PID:7404
- C:\Windows\System\UjUEPyi.exe
  C:\Windows\System\UjUEPyi.exe
  2⤵
  PID:7420
- C:\Windows\System\QSboaOs.exe
  C:\Windows\System\QSboaOs.exe
  2⤵
  PID:7436
- C:\Windows\System\iDSvhtO.exe
  C:\Windows\System\iDSvhtO.exe
  2⤵
  PID:7452
- C:\Windows\System\ydfmGss.exe
  C:\Windows\System\ydfmGss.exe
  2⤵
  PID:7468
- C:\Windows\System\VfhANGL.exe
  C:\Windows\System\VfhANGL.exe
  2⤵
  PID:7484
- C:\Windows\System\rRdCPoB.exe
  C:\Windows\System\rRdCPoB.exe
  2⤵
  PID:7500
- C:\Windows\System\FmeRHcH.exe
  C:\Windows\System\FmeRHcH.exe
  2⤵
  PID:7532
- C:\Windows\System\ZbhpLHh.exe
  C:\Windows\System\ZbhpLHh.exe
  2⤵
  PID:7552
- C:\Windows\System\nlcxsBf.exe
  C:\Windows\System\nlcxsBf.exe
  2⤵
  PID:7568
- C:\Windows\System\LenyLgt.exe
  C:\Windows\System\LenyLgt.exe
  2⤵
  PID:7584
- C:\Windows\System\doxHGsR.exe
  C:\Windows\System\doxHGsR.exe
  2⤵
  PID:7612
- C:\Windows\System\TpOLUhL.exe
  C:\Windows\System\TpOLUhL.exe
  2⤵
  PID:7628
- C:\Windows\System\fksEAuW.exe
  C:\Windows\System\fksEAuW.exe
  2⤵
  PID:7644
- C:\Windows\System\vTbniSt.exe
  C:\Windows\System\vTbniSt.exe
  2⤵
  PID:7664
- C:\Windows\System\XBELreN.exe
  C:\Windows\System\XBELreN.exe
  2⤵
  PID:7680
- C:\Windows\System\jMaXMvb.exe
  C:\Windows\System\jMaXMvb.exe
  2⤵
  PID:7696
- C:\Windows\System\rTbIAer.exe
  C:\Windows\System\rTbIAer.exe
  2⤵
  PID:7712
- C:\Windows\System\wQtBahR.exe
  C:\Windows\System\wQtBahR.exe
  2⤵
  PID:7728
- C:\Windows\System\fNwBPQZ.exe
  C:\Windows\System\fNwBPQZ.exe
  2⤵
  PID:7744
- C:\Windows\System\lOHwGzb.exe
  C:\Windows\System\lOHwGzb.exe
  2⤵
  PID:7760
- C:\Windows\System\iDPzZCn.exe
  C:\Windows\System\iDPzZCn.exe
  2⤵
  PID:7776
- C:\Windows\System\fblYSxu.exe
  C:\Windows\System\fblYSxu.exe
  2⤵
  PID:7792
- C:\Windows\System\VIPCoPn.exe
  C:\Windows\System\VIPCoPn.exe
  2⤵
  PID:7808
- C:\Windows\System\qymwScz.exe
  C:\Windows\System\qymwScz.exe
  2⤵
  PID:7824
- C:\Windows\System\psboOZN.exe
  C:\Windows\System\psboOZN.exe
  2⤵
  PID:7840
- C:\Windows\System\BRSxVBZ.exe
  C:\Windows\System\BRSxVBZ.exe
  2⤵
  PID:7856
- C:\Windows\System\ckkBbBc.exe
  C:\Windows\System\ckkBbBc.exe
  2⤵
  PID:7872
- C:\Windows\System\gKpkBHM.exe
  C:\Windows\System\gKpkBHM.exe
  2⤵
  PID:7888
- C:\Windows\System\wXtbYHQ.exe
  C:\Windows\System\wXtbYHQ.exe
  2⤵
  PID:7904
- C:\Windows\System\wKiGooN.exe
  C:\Windows\System\wKiGooN.exe
  2⤵
  PID:7920
- C:\Windows\System\ztAqjom.exe
  C:\Windows\System\ztAqjom.exe
  2⤵
  PID:7936
- C:\Windows\System\GlCVweK.exe
  C:\Windows\System\GlCVweK.exe
  2⤵
  PID:7952
- C:\Windows\System\UpNRGkq.exe
  C:\Windows\System\UpNRGkq.exe
  2⤵
  PID:7968
- C:\Windows\System\VhIBMtN.exe
  C:\Windows\System\VhIBMtN.exe
  2⤵
  PID:7984
- C:\Windows\System\upbOGDB.exe
  C:\Windows\System\upbOGDB.exe
  2⤵
  PID:8000
- C:\Windows\System\jKlRsOr.exe
  C:\Windows\System\jKlRsOr.exe
  2⤵
  PID:8016
- C:\Windows\System\hrzYQIP.exe
  C:\Windows\System\hrzYQIP.exe
  2⤵
  PID:8032
- C:\Windows\System\aMsrvLh.exe
  C:\Windows\System\aMsrvLh.exe
  2⤵
  PID:8048
- C:\Windows\System\kwaUgKr.exe
  C:\Windows\System\kwaUgKr.exe
  2⤵
  PID:8064
- C:\Windows\System\kPBPzeT.exe
  C:\Windows\System\kPBPzeT.exe
  2⤵
  PID:8080
- C:\Windows\System\uyANSkw.exe
  C:\Windows\System\uyANSkw.exe
  2⤵
  PID:8096
- C:\Windows\System\fMfjLlV.exe
  C:\Windows\System\fMfjLlV.exe
  2⤵
  PID:8112
- C:\Windows\System\tFIutmU.exe
  C:\Windows\System\tFIutmU.exe
  2⤵
  PID:8128
- C:\Windows\System\oGqPKcP.exe
  C:\Windows\System\oGqPKcP.exe
  2⤵
  PID:8144
- C:\Windows\System\RNFxcRm.exe
  C:\Windows\System\RNFxcRm.exe
  2⤵
  PID:8160
- C:\Windows\System\EZoTsvs.exe
  C:\Windows\System\EZoTsvs.exe
  2⤵
  PID:8176
- C:\Windows\System\sRHsoNg.exe
  C:\Windows\System\sRHsoNg.exe
  2⤵
  PID:5848
- C:\Windows\System\mVTxZuN.exe
  C:\Windows\System\mVTxZuN.exe
  2⤵
  PID:7084
- C:\Windows\System\HWCLQxY.exe
  C:\Windows\System\HWCLQxY.exe
  2⤵
  PID:6752
- C:\Windows\System\aCDhLTa.exe
  C:\Windows\System\aCDhLTa.exe
  2⤵
  PID:840
- C:\Windows\System\zpokOgi.exe
  C:\Windows\System\zpokOgi.exe
  2⤵
  PID:7224
- C:\Windows\System\pFuUUcv.exe
  C:\Windows\System\pFuUUcv.exe
  2⤵
  PID:2064
- C:\Windows\System\qLsuxpG.exe
  C:\Windows\System\qLsuxpG.exe
  2⤵
  PID:7268
- C:\Windows\System\mwuRSKX.exe
  C:\Windows\System\mwuRSKX.exe
  2⤵
  PID:7348
- C:\Windows\System\aMkqzfY.exe
  C:\Windows\System\aMkqzfY.exe
  2⤵
  PID:7240
- C:\Windows\System\XyWzRjq.exe
  C:\Windows\System\XyWzRjq.exe
  2⤵
  PID:7364
- C:\Windows\System\dKrpXtE.exe
  C:\Windows\System\dKrpXtE.exe
  2⤵
  PID:7428
- C:\Windows\System\cAxwQIe.exe
  C:\Windows\System\cAxwQIe.exe
  2⤵
  PID:7416
- C:\Windows\System\lNQKcgH.exe
  C:\Windows\System\lNQKcgH.exe
  2⤵
  PID:7464
- C:\Windows\System\TXedIHM.exe
  C:\Windows\System\TXedIHM.exe
  2⤵
  PID:6580
- C:\Windows\System\uZCplnu.exe
  C:\Windows\System\uZCplnu.exe
  2⤵
  PID:7476
- C:\Windows\System\nzXnREX.exe
  C:\Windows\System\nzXnREX.exe
  2⤵
  PID:7508
- C:\Windows\System\ETmdprM.exe
  C:\Windows\System\ETmdprM.exe
  2⤵
  PID:7528
- C:\Windows\System\ORPSZpA.exe
  C:\Windows\System\ORPSZpA.exe
  2⤵
  PID:7580
- C:\Windows\System\jwSGKco.exe
  C:\Windows\System\jwSGKco.exe
  2⤵
  PID:7624
- C:\Windows\System\mrJOJgr.exe
  C:\Windows\System\mrJOJgr.exe
  2⤵
  PID:7596
- C:\Windows\System\EdyOcCx.exe
  C:\Windows\System\EdyOcCx.exe
  2⤵
  PID:7672
- C:\Windows\System\FHgDOAX.exe
  C:\Windows\System\FHgDOAX.exe
  2⤵
  PID:7692
- C:\Windows\System\rXcykip.exe
  C:\Windows\System\rXcykip.exe
  2⤵
  PID:7740
- C:\Windows\System\dgTEgIQ.exe
  C:\Windows\System\dgTEgIQ.exe
  2⤵
  PID:7756
- C:\Windows\System\qrxnamB.exe
  C:\Windows\System\qrxnamB.exe
  2⤵
  PID:7832
- C:\Windows\System\aoDZxpI.exe
  C:\Windows\System\aoDZxpI.exe
  2⤵
  PID:7868
- C:\Windows\System\DrePwMN.exe
  C:\Windows\System\DrePwMN.exe
  2⤵
  PID:7816
- C:\Windows\System\IipkDwp.exe
  C:\Windows\System\IipkDwp.exe
  2⤵
  PID:7820
- C:\Windows\System\MLYOFuu.exe
  C:\Windows\System\MLYOFuu.exe
  2⤵
  PID:7916
- C:\Windows\System\OhnmYHJ.exe
  C:\Windows\System\OhnmYHJ.exe
  2⤵
  PID:7932
- C:\Windows\System\hgRXxaZ.exe
  C:\Windows\System\hgRXxaZ.exe
  2⤵
  PID:2740
- C:\Windows\System\JiqBlGH.exe
  C:\Windows\System\JiqBlGH.exe
  2⤵
  PID:8008
- C:\Windows\System\FXqKcse.exe
  C:\Windows\System\FXqKcse.exe
  2⤵
  PID:8028
- C:\Windows\System\JwEYqUV.exe
  C:\Windows\System\JwEYqUV.exe
  2⤵
  PID:8072
- C:\Windows\System\kzuofEs.exe
  C:\Windows\System\kzuofEs.exe
  2⤵
  PID:8076
- C:\Windows\System\jSUPwMY.exe
  C:\Windows\System\jSUPwMY.exe
  2⤵
  PID:8124
- C:\Windows\System\XUpkbcD.exe
  C:\Windows\System\XUpkbcD.exe
  2⤵
  PID:8172
- C:\Windows\System\UCxghrl.exe
  C:\Windows\System\UCxghrl.exe
  2⤵
  PID:8188
- C:\Windows\System\WRnqVVV.exe
  C:\Windows\System\WRnqVVV.exe
  2⤵
  PID:828
- C:\Windows\System\uVBcSTY.exe
  C:\Windows\System\uVBcSTY.exe
  2⤵
  PID:7216
- C:\Windows\System\CollUIz.exe
  C:\Windows\System\CollUIz.exe
  2⤵
  PID:7320
- C:\Windows\System\hpcjmVX.exe
  C:\Windows\System\hpcjmVX.exe
  2⤵
  PID:7236
- C:\Windows\System\dsicWzC.exe
  C:\Windows\System\dsicWzC.exe
  2⤵
  PID:2652
- C:\Windows\System\JSrYNHe.exe
  C:\Windows\System\JSrYNHe.exe
  2⤵
  PID:7652
- C:\Windows\System\AFJqFCN.exe
  C:\Windows\System\AFJqFCN.exe
  2⤵
  PID:7560
- C:\Windows\System\VsOnHzR.exe
  C:\Windows\System\VsOnHzR.exe
  2⤵
  PID:7524
- C:\Windows\System\rcomIMW.exe
  C:\Windows\System\rcomIMW.exe
  2⤵
  PID:7640
- C:\Windows\System\EVTfPYf.exe
  C:\Windows\System\EVTfPYf.exe
  2⤵
  PID:7720
- C:\Windows\System\pjOJKnJ.exe
  C:\Windows\System\pjOJKnJ.exe
  2⤵
  PID:7788
- C:\Windows\System\rKOHSqZ.exe
  C:\Windows\System\rKOHSqZ.exe
  2⤵
  PID:7836
- C:\Windows\System\ILgyakS.exe
  C:\Windows\System\ILgyakS.exe
  2⤵
  PID:7852
- C:\Windows\System\rNyFoPN.exe
  C:\Windows\System\rNyFoPN.exe
  2⤵
  PID:7964
- C:\Windows\System\QINBrCP.exe
  C:\Windows\System\QINBrCP.exe
  2⤵
  PID:2068
- C:\Windows\System\NnOMTaH.exe
  C:\Windows\System\NnOMTaH.exe
  2⤵
  PID:2520
- C:\Windows\System\cVwGqQA.exe
  C:\Windows\System\cVwGqQA.exe
  2⤵
  PID:8136
- C:\Windows\System\cymacGI.exe
  C:\Windows\System\cymacGI.exe
  2⤵
  PID:7256
- C:\Windows\System\uxyIwlP.exe
  C:\Windows\System\uxyIwlP.exe
  2⤵
  PID:8168
- C:\Windows\System\QosOzhP.exe
  C:\Windows\System\QosOzhP.exe
  2⤵
  PID:7412
- C:\Windows\System\BDmAzDi.exe
  C:\Windows\System\BDmAzDi.exe
  2⤵
  PID:7548
- C:\Windows\System\PdxBaAY.exe
  C:\Windows\System\PdxBaAY.exe
  2⤵
  PID:7540
- C:\Windows\System\DKATfQe.exe
  C:\Windows\System\DKATfQe.exe
  2⤵
  PID:7896
- C:\Windows\System\geFJUsP.exe
  C:\Windows\System\geFJUsP.exe
  2⤵
  PID:7948
- C:\Windows\System\PYHWOmG.exe
  C:\Windows\System\PYHWOmG.exe
  2⤵
  PID:7660
- C:\Windows\System\TtREIIx.exe
  C:\Windows\System\TtREIIx.exe
  2⤵
  PID:2976
- C:\Windows\System\NtQXsyE.exe
  C:\Windows\System\NtQXsyE.exe
  2⤵
  PID:7996
- C:\Windows\System\TmAeFWS.exe
  C:\Windows\System\TmAeFWS.exe
  2⤵
  PID:2856
- C:\Windows\System\pLrTUdI.exe
  C:\Windows\System\pLrTUdI.exe
  2⤵
  PID:8044
- C:\Windows\System\pPzGyLa.exe
  C:\Windows\System\pPzGyLa.exe
  2⤵
  PID:7036
- C:\Windows\System\oWCTwSr.exe
  C:\Windows\System\oWCTwSr.exe
  2⤵
  PID:7396
- C:\Windows\System\LdksjzC.exe
  C:\Windows\System\LdksjzC.exe
  2⤵
  PID:8196
- C:\Windows\System\PzIFMXD.exe
  C:\Windows\System\PzIFMXD.exe
  2⤵
  PID:8212
- C:\Windows\System\URBamki.exe
  C:\Windows\System\URBamki.exe
  2⤵
  PID:8228
- C:\Windows\System\aonMMpp.exe
  C:\Windows\System\aonMMpp.exe
  2⤵
  PID:8244
- C:\Windows\System\GWoYvCM.exe
  C:\Windows\System\GWoYvCM.exe
  2⤵
  PID:8260
- C:\Windows\System\dEBvbDa.exe
  C:\Windows\System\dEBvbDa.exe
  2⤵
  PID:8276
- C:\Windows\System\hzVbbCj.exe
  C:\Windows\System\hzVbbCj.exe
  2⤵
  PID:8292
- C:\Windows\System\VFjUOtg.exe
  C:\Windows\System\VFjUOtg.exe
  2⤵
  PID:8308
- C:\Windows\System\WRNsUFT.exe
  C:\Windows\System\WRNsUFT.exe
  2⤵
  PID:8324
- C:\Windows\System\ByZeSyO.exe
  C:\Windows\System\ByZeSyO.exe
  2⤵
  PID:8340
- C:\Windows\System\kOxTSpB.exe
  C:\Windows\System\kOxTSpB.exe
  2⤵
  PID:8356
- C:\Windows\System\ETHELBL.exe
  C:\Windows\System\ETHELBL.exe
  2⤵
  PID:8372
- C:\Windows\System\QYeZPbd.exe
  C:\Windows\System\QYeZPbd.exe
  2⤵
  PID:8388
- C:\Windows\System\QieioZO.exe
  C:\Windows\System\QieioZO.exe
  2⤵
  PID:8404
- C:\Windows\System\gIQIizm.exe
  C:\Windows\System\gIQIizm.exe
  2⤵
  PID:8420
- C:\Windows\System\nRmHPjy.exe
  C:\Windows\System\nRmHPjy.exe
  2⤵
  PID:8436
- C:\Windows\System\OjZcZcz.exe
  C:\Windows\System\OjZcZcz.exe
  2⤵
  PID:8452
- C:\Windows\System\NbkAxpx.exe
  C:\Windows\System\NbkAxpx.exe
  2⤵
  PID:8472
- C:\Windows\System\KlxdeyY.exe
  C:\Windows\System\KlxdeyY.exe
  2⤵
  PID:8488
- C:\Windows\System\zZVtGRO.exe
  C:\Windows\System\zZVtGRO.exe
  2⤵
  PID:8508
- C:\Windows\System\PkCKuxJ.exe
  C:\Windows\System\PkCKuxJ.exe
  2⤵
  PID:8524
- C:\Windows\System\tqsopHE.exe
  C:\Windows\System\tqsopHE.exe
  2⤵
  PID:8540
- C:\Windows\System\asGGQKU.exe
  C:\Windows\System\asGGQKU.exe
  2⤵
  PID:8556
- C:\Windows\System\SnroDIY.exe
  C:\Windows\System\SnroDIY.exe
  2⤵
  PID:8572
- C:\Windows\System\uujvIsB.exe
  C:\Windows\System\uujvIsB.exe
  2⤵
  PID:8588
- C:\Windows\System\DjDmPMb.exe
  C:\Windows\System\DjDmPMb.exe
  2⤵
  PID:8604
- C:\Windows\System\ePsNDFe.exe
  C:\Windows\System\ePsNDFe.exe
  2⤵
  PID:8620
- C:\Windows\System\klxaHkZ.exe
  C:\Windows\System\klxaHkZ.exe
  2⤵
  PID:8636
- C:\Windows\System\XvvWaDF.exe
  C:\Windows\System\XvvWaDF.exe
  2⤵
  PID:8656
- C:\Windows\System\ixQDBGX.exe
  C:\Windows\System\ixQDBGX.exe
  2⤵
  PID:8676
- C:\Windows\System\WHAGFhy.exe
  C:\Windows\System\WHAGFhy.exe
  2⤵
  PID:8692
- C:\Windows\System\uOYDMum.exe
  C:\Windows\System\uOYDMum.exe
  2⤵
  PID:8708
- C:\Windows\System\eJuyDSt.exe
  C:\Windows\System\eJuyDSt.exe
  2⤵
  PID:8724
- C:\Windows\System\aryhqCS.exe
  C:\Windows\System\aryhqCS.exe
  2⤵
  PID:8740
- C:\Windows\System\zEnLKMD.exe
  C:\Windows\System\zEnLKMD.exe
  2⤵
  PID:8756
- C:\Windows\System\WwgSPDe.exe
  C:\Windows\System\WwgSPDe.exe
  2⤵
  PID:8772
- C:\Windows\System\ZFCqYEG.exe
  C:\Windows\System\ZFCqYEG.exe
  2⤵
  PID:8788
- C:\Windows\System\UWEGCBY.exe
  C:\Windows\System\UWEGCBY.exe
  2⤵
  PID:8804
- C:\Windows\System\ISmYnMF.exe
  C:\Windows\System\ISmYnMF.exe
  2⤵
  PID:8820
- C:\Windows\System\WAkJLvr.exe
  C:\Windows\System\WAkJLvr.exe
  2⤵
  PID:8836
- C:\Windows\System\RKKxOzS.exe
  C:\Windows\System\RKKxOzS.exe
  2⤵
  PID:8852
- C:\Windows\System\bULVHTs.exe
  C:\Windows\System\bULVHTs.exe
  2⤵
  PID:8872
- C:\Windows\System\KhietLX.exe
  C:\Windows\System\KhietLX.exe
  2⤵
  PID:8888
- C:\Windows\System\gsyckMc.exe
  C:\Windows\System\gsyckMc.exe
  2⤵
  PID:8912
- C:\Windows\System\bvPSPbW.exe
  C:\Windows\System\bvPSPbW.exe
  2⤵
  PID:8928
- C:\Windows\System\fyiyrPr.exe
  C:\Windows\System\fyiyrPr.exe
  2⤵
  PID:8944
- C:\Windows\System\hCFWunR.exe
  C:\Windows\System\hCFWunR.exe
  2⤵
  PID:8964
- C:\Windows\System\gtLpcFq.exe
  C:\Windows\System\gtLpcFq.exe
  2⤵
  PID:8980
- C:\Windows\System\xGaOLuQ.exe
  C:\Windows\System\xGaOLuQ.exe
  2⤵
  PID:8996
- C:\Windows\System\UrbgSdo.exe
  C:\Windows\System\UrbgSdo.exe
  2⤵
  PID:9012
- C:\Windows\System\nJcdthB.exe
  C:\Windows\System\nJcdthB.exe
  2⤵
  PID:9028
- C:\Windows\System\nuWsBNR.exe
  C:\Windows\System\nuWsBNR.exe
  2⤵
  PID:9044
- C:\Windows\System\NcwiNJO.exe
  C:\Windows\System\NcwiNJO.exe
  2⤵
  PID:9060
- C:\Windows\System\ylTDQud.exe
  C:\Windows\System\ylTDQud.exe
  2⤵
  PID:9076
- C:\Windows\System\itTEqln.exe
  C:\Windows\System\itTEqln.exe
  2⤵
  PID:9096
- C:\Windows\System\IVmuuip.exe
  C:\Windows\System\IVmuuip.exe
  2⤵
  PID:9116
- C:\Windows\System\lhXWLwR.exe
  C:\Windows\System\lhXWLwR.exe
  2⤵
  PID:9132
- C:\Windows\System\RruvBce.exe
  C:\Windows\System\RruvBce.exe
  2⤵
  PID:9148
- C:\Windows\System\tHMkBhX.exe
  C:\Windows\System\tHMkBhX.exe
  2⤵
  PID:9168
- C:\Windows\System\CwqMblw.exe
  C:\Windows\System\CwqMblw.exe
  2⤵
  PID:9184
- C:\Windows\System\XLVkAni.exe
  C:\Windows\System\XLVkAni.exe
  2⤵
  PID:9200
- C:\Windows\System\gafdhpF.exe
  C:\Windows\System\gafdhpF.exe
  2⤵
  PID:2416
- C:\Windows\System\YNrLYZG.exe
  C:\Windows\System\YNrLYZG.exe
  2⤵
  PID:7520
- C:\Windows\System\AgzsPCI.exe
  C:\Windows\System\AgzsPCI.exe
  2⤵
  PID:6568
- C:\Windows\System\gmFUiKS.exe
  C:\Windows\System\gmFUiKS.exe
  2⤵
  PID:8268
- C:\Windows\System\JrsZByk.exe
  C:\Windows\System\JrsZByk.exe
  2⤵
  PID:8332
- C:\Windows\System\UXfinlp.exe
  C:\Windows\System\UXfinlp.exe
  2⤵
  PID:8336
- C:\Windows\System\bsqTTBl.exe
  C:\Windows\System\bsqTTBl.exe
  2⤵
  PID:8400
- C:\Windows\System\GRvKKSR.exe
  C:\Windows\System\GRvKKSR.exe
  2⤵
  PID:8396
- C:\Windows\System\utryHAE.exe
  C:\Windows\System\utryHAE.exe
  2⤵
  PID:7900
- C:\Windows\System\OxSbshe.exe
  C:\Windows\System\OxSbshe.exe
  2⤵
  PID:8460
- C:\Windows\System\qDShbti.exe
  C:\Windows\System\qDShbti.exe
  2⤵
  PID:8316
- C:\Windows\System\fYiKYKH.exe
  C:\Windows\System\fYiKYKH.exe
  2⤵
  PID:8380
- C:\Windows\System\QBRntet.exe
  C:\Windows\System\QBRntet.exe
  2⤵
  PID:8256
- C:\Windows\System\bUWliRj.exe
  C:\Windows\System\bUWliRj.exe
  2⤵
  PID:8548
- C:\Windows\System\pqdIokV.exe
  C:\Windows\System\pqdIokV.exe
  2⤵
  PID:8612
- C:\Windows\System\XDSgGbe.exe
  C:\Windows\System\XDSgGbe.exe
  2⤵
  PID:8596
- C:\Windows\System\nClFffJ.exe
  C:\Windows\System\nClFffJ.exe
  2⤵
  PID:8628
- C:\Windows\System\Okfrpkj.exe
  C:\Windows\System\Okfrpkj.exe
  2⤵
  PID:8672
- C:\Windows\System\sCazaDL.exe
  C:\Windows\System\sCazaDL.exe
  2⤵
  PID:8716
- C:\Windows\System\FYFnNQh.exe
  C:\Windows\System\FYFnNQh.exe
  2⤵
  PID:8784
- C:\Windows\System\fyxLwRp.exe
  C:\Windows\System\fyxLwRp.exe
  2⤵
  PID:8816
- C:\Windows\System\dPaxvlt.exe
  C:\Windows\System\dPaxvlt.exe
  2⤵
  PID:8768
- C:\Windows\System\FqJcpry.exe
  C:\Windows\System\FqJcpry.exe
  2⤵
  PID:8832
- C:\Windows\System\PIqspeK.exe
  C:\Windows\System\PIqspeK.exe
  2⤵
  PID:8884
- C:\Windows\System\NPssqZX.exe
  C:\Windows\System\NPssqZX.exe
  2⤵
  PID:8896
- C:\Windows\System\zvvRwBa.exe
  C:\Windows\System\zvvRwBa.exe
  2⤵
  PID:8924
- C:\Windows\System\SVQkKVg.exe
  C:\Windows\System\SVQkKVg.exe
  2⤵
  PID:8956
- C:\Windows\System\RZnXkmR.exe
  C:\Windows\System\RZnXkmR.exe
  2⤵
  PID:8992
- C:\Windows\System\xWbFoXJ.exe
  C:\Windows\System\xWbFoXJ.exe
  2⤵
  PID:9056
- C:\Windows\System\JtpZKjr.exe
  C:\Windows\System\JtpZKjr.exe
  2⤵
  PID:9036
- C:\Windows\System\Xilzsmw.exe
  C:\Windows\System\Xilzsmw.exe
  2⤵
  PID:9068
- C:\Windows\System\aCnEgrt.exe
  C:\Windows\System\aCnEgrt.exe
  2⤵
  PID:9164
- C:\Windows\System\bwOdcLz.exe
  C:\Windows\System\bwOdcLz.exe
  2⤵
  PID:9176
- C:\Windows\System\RUpxDzv.exe
  C:\Windows\System\RUpxDzv.exe
  2⤵
  PID:7444
- C:\Windows\System\XszbpFG.exe
  C:\Windows\System\XszbpFG.exe
  2⤵
  PID:8208
- C:\Windows\System\lVbemMy.exe
  C:\Windows\System\lVbemMy.exe
  2⤵
  PID:8240
- C:\Windows\System\CUxtekO.exe
  C:\Windows\System\CUxtekO.exe
  2⤵
  PID:7400
- C:\Windows\System\yppUHqM.exe
  C:\Windows\System\yppUHqM.exe
  2⤵
  PID:8252
- C:\Windows\System\HwYnnsL.exe
  C:\Windows\System\HwYnnsL.exe
  2⤵
  PID:8384
- C:\Windows\System\FkJOJNU.exe
  C:\Windows\System\FkJOJNU.exe
  2⤵
  PID:8448
- C:\Windows\System\FZafKCD.exe
  C:\Windows\System\FZafKCD.exe
  2⤵
  PID:8352
- C:\Windows\System\PXhQfOs.exe
  C:\Windows\System\PXhQfOs.exe
  2⤵
  PID:8552
- C:\Windows\System\rtLjkTy.exe
  C:\Windows\System\rtLjkTy.exe
  2⤵
  PID:8564
- C:\Windows\System\rvVqwuh.exe
  C:\Windows\System\rvVqwuh.exe
  2⤵
  PID:8752
- C:\Windows\System\mzcpnIV.exe
  C:\Windows\System\mzcpnIV.exe
  2⤵
  PID:8848
- C:\Windows\System\iLtccBU.exe
  C:\Windows\System\iLtccBU.exe
  2⤵
  PID:8908
- C:\Windows\System\DZGEcON.exe
  C:\Windows\System\DZGEcON.exe
  2⤵
  PID:9092
- C:\Windows\System\UUpZllm.exe
  C:\Windows\System\UUpZllm.exe
  2⤵
  PID:8652
- C:\Windows\System\jvLEEfl.exe
  C:\Windows\System\jvLEEfl.exe
  2⤵
  PID:8800
- C:\Windows\System\vmOYeRA.exe
  C:\Windows\System\vmOYeRA.exe
  2⤵
  PID:8936
- C:\Windows\System\jzflRby.exe
  C:\Windows\System\jzflRby.exe
  2⤵
  PID:9156
- C:\Windows\System\POJOrSO.exe
  C:\Windows\System\POJOrSO.exe
  2⤵
  PID:9108
- C:\Windows\System\wUOXgAr.exe
  C:\Windows\System\wUOXgAr.exe
  2⤵
  PID:9140
- C:\Windows\System\pDQOvvb.exe
  C:\Windows\System\pDQOvvb.exe
  2⤵
  PID:8060
- C:\Windows\System\NHPFpnr.exe
  C:\Windows\System\NHPFpnr.exe
  2⤵
  PID:8368
- C:\Windows\System\yUgGhUc.exe
  C:\Windows\System\yUgGhUc.exe
  2⤵
  PID:8300
- C:\Windows\System\VZzzhwG.exe
  C:\Windows\System\VZzzhwG.exe
  2⤵
  PID:8580
- C:\Windows\System\htLfRbU.exe
  C:\Windows\System\htLfRbU.exe
  2⤵
  PID:8900
- C:\Windows\System\vejLBnZ.exe
  C:\Windows\System\vejLBnZ.exe
  2⤵
  PID:8764
- C:\Windows\System\tEYKRjY.exe
  C:\Windows\System\tEYKRjY.exe
  2⤵
  PID:8704
- C:\Windows\System\PWmBDsM.exe
  C:\Windows\System\PWmBDsM.exe
  2⤵
  PID:9160
- C:\Windows\System\RWnzCBW.exe
  C:\Windows\System\RWnzCBW.exe
  2⤵
  PID:8236
- C:\Windows\System\bPoBzyC.exe
  C:\Windows\System\bPoBzyC.exe
  2⤵
  PID:8504
- C:\Windows\System\UsgKqTy.exe
  C:\Windows\System\UsgKqTy.exe
  2⤵
  PID:8416
- C:\Windows\System\iSSeSoI.exe
  C:\Windows\System\iSSeSoI.exe
  2⤵
  PID:8868
- C:\Windows\System\YyRsogx.exe
  C:\Windows\System\YyRsogx.exe
  2⤵
  PID:8224
- C:\Windows\System\mQUgKPD.exe
  C:\Windows\System\mQUgKPD.exe
  2⤵
  PID:9024
- C:\Windows\System\CdpOAEE.exe
  C:\Windows\System\CdpOAEE.exe
  2⤵
  PID:8976
- C:\Windows\System\XmWdTUA.exe
  C:\Windows\System\XmWdTUA.exe
  2⤵
  PID:9196
- C:\Windows\System\yPIBbia.exe
  C:\Windows\System\yPIBbia.exe
  2⤵
  PID:9104
- C:\Windows\System\vIDilfs.exe
  C:\Windows\System\vIDilfs.exe
  2⤵
  PID:9828
- C:\Windows\System\awXAcnF.exe
  C:\Windows\System\awXAcnF.exe
  2⤵
  PID:9844
- C:\Windows\System\uvwpLeA.exe
  C:\Windows\System\uvwpLeA.exe
  2⤵
  PID:9868
- C:\Windows\System\gXIjkmU.exe
  C:\Windows\System\gXIjkmU.exe
  2⤵
  PID:9392
- C:\Windows\System\dWwslZd.exe
  C:\Windows\System\dWwslZd.exe
  2⤵
  PID:9408
- C:\Windows\System\uePedvk.exe
  C:\Windows\System\uePedvk.exe
  2⤵
  PID:9424
- C:\Windows\System\AZatTLU.exe
  C:\Windows\System\AZatTLU.exe
  2⤵
  PID:9440
- C:\Windows\System\AyzTDKK.exe
  C:\Windows\System\AyzTDKK.exe
  2⤵
  PID:9456
- C:\Windows\System\epcoHpy.exe
  C:\Windows\System\epcoHpy.exe
  2⤵
  PID:9472
- C:\Windows\System\SqLrABm.exe
  C:\Windows\System\SqLrABm.exe
  2⤵
  PID:9488
- C:\Windows\System\VEcXWkG.exe
  C:\Windows\System\VEcXWkG.exe
  2⤵
  PID:9500
- C:\Windows\System\kgUDGzI.exe
  C:\Windows\System\kgUDGzI.exe
  2⤵
  PID:9520
- C:\Windows\System\otcCBUW.exe
  C:\Windows\System\otcCBUW.exe
  2⤵
  PID:9536
- C:\Windows\System\eIwwsXc.exe
  C:\Windows\System\eIwwsXc.exe
  2⤵
  PID:9552
- C:\Windows\System\BVnCNGH.exe
  C:\Windows\System\BVnCNGH.exe
  2⤵
  PID:9572
- C:\Windows\System\lPyzIfn.exe
  C:\Windows\System\lPyzIfn.exe
  2⤵
  PID:9596
- C:\Windows\System\TuDQWNV.exe
  C:\Windows\System\TuDQWNV.exe
  2⤵
  PID:9612
- C:\Windows\System\kInbfRB.exe
  C:\Windows\System\kInbfRB.exe
  2⤵
  PID:9628
- C:\Windows\System\DuMGbPx.exe
  C:\Windows\System\DuMGbPx.exe
  2⤵
  PID:9644
- C:\Windows\System\NptZGST.exe
  C:\Windows\System\NptZGST.exe
  2⤵
  PID:9660
- C:\Windows\System\IkNbRWt.exe
  C:\Windows\System\IkNbRWt.exe
  2⤵
  PID:9676
- C:\Windows\System\BChyVzD.exe
  C:\Windows\System\BChyVzD.exe
  2⤵
  PID:9692
- C:\Windows\System\oYLOvcF.exe
  C:\Windows\System\oYLOvcF.exe
  2⤵
  PID:9708
- C:\Windows\System\xdRHRCp.exe
  C:\Windows\System\xdRHRCp.exe
  2⤵
  PID:9724
- C:\Windows\System\KaDBENC.exe
  C:\Windows\System\KaDBENC.exe
  2⤵
  PID:9740
- C:\Windows\System\poMrodg.exe
  C:\Windows\System\poMrodg.exe
  2⤵
  PID:9756
- C:\Windows\System\yBqFnIg.exe
  C:\Windows\System\yBqFnIg.exe
  2⤵
  PID:9772
- C:\Windows\System\UFvJwLf.exe
  C:\Windows\System\UFvJwLf.exe
  2⤵
  PID:9788
- C:\Windows\System\mthvGjP.exe
  C:\Windows\System\mthvGjP.exe
  2⤵
  PID:9804
- C:\Windows\System\bqvBlaY.exe
  C:\Windows\System\bqvBlaY.exe
  2⤵
  PID:9820
- C:\Windows\System\mBdOMYG.exe
  C:\Windows\System\mBdOMYG.exe
  2⤵
  PID:9852
- C:\Windows\System\UgagTHJ.exe
  C:\Windows\System\UgagTHJ.exe
  2⤵
  PID:10128
- C:\Windows\System\UQmZBmg.exe
  C:\Windows\System\UQmZBmg.exe
  2⤵
  PID:10096
- C:\Windows\System\tCWPMTm.exe
  C:\Windows\System\tCWPMTm.exe
  2⤵
  PID:10156
- C:\Windows\System\PCWDKPv.exe
  C:\Windows\System\PCWDKPv.exe
  2⤵
  PID:10176
- C:\Windows\System\fXSpGFi.exe
  C:\Windows\System\fXSpGFi.exe
  2⤵
  PID:10208
- C:\Windows\System\NqEgavK.exe
  C:\Windows\System\NqEgavK.exe
  2⤵
  PID:10224
- C:\Windows\System\vlYRjJR.exe
  C:\Windows\System\vlYRjJR.exe
  2⤵
  PID:8644
- C:\Windows\System\NaxlprJ.exe
  C:\Windows\System\NaxlprJ.exe
  2⤵
  PID:9228
- C:\Windows\System\hSbZDrm.exe
  C:\Windows\System\hSbZDrm.exe
  2⤵
  PID:9256
- C:\Windows\System\uGchmBC.exe
  C:\Windows\System\uGchmBC.exe
  2⤵
  PID:9276
- C:\Windows\System\swBRyai.exe
  C:\Windows\System\swBRyai.exe
  2⤵
  PID:9300
- C:\Windows\System\JdINpZs.exe
  C:\Windows\System\JdINpZs.exe
  2⤵
  PID:9320
- C:\Windows\System\eWbOMFG.exe
  C:\Windows\System\eWbOMFG.exe
  2⤵
  PID:9340
- C:\Windows\System\LPbXGZf.exe
  C:\Windows\System\LPbXGZf.exe
  2⤵
  PID:9360
- C:\Windows\System\XAUtupV.exe
  C:\Windows\System\XAUtupV.exe
  2⤵
  PID:9384
- C:\Windows\System\JdnvYkp.exe
  C:\Windows\System\JdnvYkp.exe
  2⤵
  PID:9420
- C:\Windows\System\BWsmcJy.exe
  C:\Windows\System\BWsmcJy.exe
  2⤵
  PID:9484
- C:\Windows\System\OPCbLeA.exe
  C:\Windows\System\OPCbLeA.exe
  2⤵
  PID:9436
- C:\Windows\System\LAerfXN.exe
  C:\Windows\System\LAerfXN.exe
  2⤵
  PID:9528
- C:\Windows\System\jerfSuX.exe
  C:\Windows\System\jerfSuX.exe
  2⤵
  PID:9548
- C:\Windows\System\VBknKvx.exe
  C:\Windows\System\VBknKvx.exe
  2⤵
  PID:9584
- C:\Windows\System\QUnvTIe.exe
  C:\Windows\System\QUnvTIe.exe
  2⤵
  PID:9636
- C:\Windows\System\KawckKg.exe
  C:\Windows\System\KawckKg.exe
  2⤵
  PID:9620
- C:\Windows\System\mgTvvSC.exe
  C:\Windows\System\mgTvvSC.exe
  2⤵
  PID:9688
- C:\Windows\System\zfhouVb.exe
  C:\Windows\System\zfhouVb.exe
  2⤵
  PID:9720
- C:\Windows\System\gRouaEX.exe
  C:\Windows\System\gRouaEX.exe
  2⤵
  PID:9732
- C:\Windows\System\kkUBFHA.exe
  C:\Windows\System\kkUBFHA.exe
  2⤵
  PID:9768
- C:\Windows\System\OcgZzur.exe
  C:\Windows\System\OcgZzur.exe
  2⤵
  PID:9860
- C:\Windows\System\raDKNVL.exe
  C:\Windows\System\raDKNVL.exe
  2⤵
  PID:9888
- C:\Windows\System\OFLTKvO.exe
  C:\Windows\System\OFLTKvO.exe
  2⤵
  PID:9912
- C:\Windows\System\HxQOrWm.exe
  C:\Windows\System\HxQOrWm.exe
  2⤵
  PID:9952
- C:\Windows\System\yBpSgqT.exe
  C:\Windows\System\yBpSgqT.exe
  2⤵
  PID:10008
- C:\Windows\System\OkNOIHh.exe
  C:\Windows\System\OkNOIHh.exe
  2⤵
  PID:9856
- C:\Windows\System\UPJCEuT.exe
  C:\Windows\System\UPJCEuT.exe
  2⤵
  PID:9892
- C:\Windows\System\aKcvECo.exe
  C:\Windows\System\aKcvECo.exe
  2⤵
  PID:9936
- C:\Windows\System\YHsCPHt.exe
  C:\Windows\System\YHsCPHt.exe
  2⤵
  PID:9960
- C:\Windows\System\pBXghke.exe
  C:\Windows\System\pBXghke.exe
  2⤵
  PID:10004
- C:\Windows\System\jjGeXVe.exe
  C:\Windows\System\jjGeXVe.exe
  2⤵
  PID:10052
- C:\Windows\System\bYLopkj.exe
  C:\Windows\System\bYLopkj.exe
  2⤵
  PID:10076
- C:\Windows\System\vAlAuPx.exe
  C:\Windows\System\vAlAuPx.exe
  2⤵
  PID:10104
- C:\Windows\System\czCjgaf.exe
  C:\Windows\System\czCjgaf.exe
  2⤵
  PID:10120
- C:\Windows\System\Xnhxgjy.exe
  C:\Windows\System\Xnhxgjy.exe
  2⤵
  PID:5812
- C:\Windows\System\cgtQcgq.exe
  C:\Windows\System\cgtQcgq.exe
  2⤵
  PID:10196
- C:\Windows\System\cribxAw.exe
  C:\Windows\System\cribxAw.exe
  2⤵
  PID:9920
- C:\Windows\System\fnuHJTr.exe
  C:\Windows\System\fnuHJTr.exe
  2⤵
  PID:10200
- C:\Windows\System\FiJoMge.exe
  C:\Windows\System\FiJoMge.exe
  2⤵
  PID:9232
- C:\Windows\System\pkaMcaP.exe
  C:\Windows\System\pkaMcaP.exe
  2⤵
  PID:9268
- C:\Windows\System\HgaSdqh.exe
  C:\Windows\System\HgaSdqh.exe
  2⤵
  PID:9996
- C:\Windows\System\kBNwitT.exe
  C:\Windows\System\kBNwitT.exe
  2⤵
  PID:10216
- C:\Windows\System\smLsNqX.exe
  C:\Windows\System\smLsNqX.exe
  2⤵
  PID:9248
- C:\Windows\System\dDCyyCg.exe
  C:\Windows\System\dDCyyCg.exe
  2⤵
  PID:9316
- C:\Windows\System\MGbaBdf.exe
  C:\Windows\System\MGbaBdf.exe
  2⤵
  PID:7620
- C:\Windows\System\erwdqVb.exe
  C:\Windows\System\erwdqVb.exe
  2⤵
  PID:9404
- C:\Windows\System\siBtkrS.exe
  C:\Windows\System\siBtkrS.exe
  2⤵
  PID:9516
- C:\Windows\System\sIbjyLl.exe
  C:\Windows\System\sIbjyLl.exe
  2⤵
  PID:9372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\Eslsxli.exe

Filesize
6.0MB

MD5
7946f1be80d5efef2480e23daa5a1c62

SHA1
736abb9b6393c3bdff86556fc6ef02bb193c43ea

SHA256
f566308898d24ca57ae995eef0b62916597765d74315ed5458ba36d7b59d161e

SHA512
e6d61fcac50cb2433431489d3e24e4b0edd6086502796491c732e89fd09da962ac61fdbb4d4a1745d20bea1b744d8188f26963fa90efaaeaa5e76bf6ce4a88d7

Download Submit
C:\Windows\system\FTtwIta.exe

Filesize
6.0MB

MD5
369078f91c2ae031a66e94bed85470af

SHA1
7d9d102dedc3190ed331f34f2be95d0a54c4c966

SHA256
9ac623ee28e1403e47d4452e4a4f30ddef8afd65ac396459fc9a351c676fb5d9

SHA512
1207c7130d78da86ab59383fa693317421dab58eb2402270605263dc6dc9b49702f7ea972c85e4c1dbde7e72da68f76f2b6610eead733ce6dbe773b39a899189

Download Submit
C:\Windows\system\FswhcyD.exe

Filesize
6.0MB

MD5
f97ef11d4f1afd216b6bab7bdc84f005

SHA1
d4845e2ef3dfb1e0501672e4f3f900bc357a49f7

SHA256
abf7aa52260265b173107f98380e504bfe5a4a993951cacf683a5ccee4f87ed6

SHA512
cfdd710dcaea2dd70f9ee91600401b7d96eae937dd5fabb27d42a83cf337d98e110ffed345b97f385d0e775bcb58c12afc3ae95bafe2837e36683fb9f35e344b

Download Submit
C:\Windows\system\GnqdVzp.exe

Filesize
6.0MB

MD5
3fbe6fb0b12addc84d9ea82f1536fb6a

SHA1
4b8e1f69560d4536437d11726b519853c5023997

SHA256
8d8e7c71e8a812d11bd0624efeab1a19ba72e5830c36991d2a2b54585de96c73

SHA512
0d2c1406ac3951145edf52fd7f962c54ff078d9acf905a5cfccf9f534e6f5ed63553f807ac31bb1ce1bc9a2deab159ea282718b57352b6c5f0c65b43f6a4a740

Download Submit
C:\Windows\system\LZtuvdh.exe

Filesize
6.0MB

MD5
f474903b653b2f83c3b9c5a3a242e447

SHA1
86ca915a87f6a74f18d4cf89bb1be3f59c2a8772

SHA256
4508abb08015479fcc88b2801a6f0b38b99fd046f9a47d24a82806d16e6de720

SHA512
7d030dd5dccdfac6c6ed52d18ce58edc9f1519c3ba6aac9b56641b131d52788cf7bbd5ecef11219b512568cda035cb0c723bca07791f1cd6751d28746c6d6c06

Download Submit
C:\Windows\system\PCyhdQE.exe

Filesize
6.0MB

MD5
0a44cbc8b8b18f708da7a4d115e475d8

SHA1
f443c26edd579e2eda319a1c06fbae8baed0200e

SHA256
1178b0a4c62c7057fe022891a486b0d2513cd2e25ef9dc2cee30569e4dadf504

SHA512
26c30a47cfd3efa05da8af8e63f63fb980214e1d8c53885808b961428c217d4c5d0f70eba7e0790c76516a17e21aac22629dc6acc48c1793642d29a334db8747

Download Submit
C:\Windows\system\RCckHVD.exe

Filesize
6.0MB

MD5
f28d60367916cab3442eaaf760ceb85d

SHA1
cec01715d911292d496a3c08d2ef75c1efde4c8e

SHA256
40db69d5acdad777034ee021a2b982a710a9d88df5c289a52f71f40a8e1cadff

SHA512
c520798176bb674d3ddf8b8ea16c1b990f74e60ed3d311053b43b6fa930ba5d5cf701abcd01eca787a65bf4b0762325a5b9677870234a93fdeb8b5fd2e67ba39

Download Submit
C:\Windows\system\TJAqHXj.exe

Filesize
6.0MB

MD5
0d21846501a43eaafb401d7664355795

SHA1
1a187a3e10693fa91e012c981a79a032cf461d44

SHA256
78e687b220c9f4feb4d9412c2b2db607f238cbaa00a130a9c6084777739561f2

SHA512
a3f6f8eda031045a710b68e1ee48c54621e9e64ed9e667a1debfbac0dab0722666ca33dbfd9a9c396f6088ab2b45abd07aaa2ff8539b448337722b1d74984028

Download Submit
C:\Windows\system\TUELrmk.exe

Filesize
6.0MB

MD5
d9381dd100c997bca1a1e0cb7013901a

SHA1
21aa4ad2bf708b4c619786dfa79d82c7aaff897f

SHA256
958836df25b98082c6fe62666a7d04edf8c933060acee170a6ebe91fa4486275

SHA512
175c5fb9312a647ffcf135ba96ecb24edd49497b23095dc4fa51accf4d258e4d30a66bb09058ad8bb80353e616882cabc8d3245fea0a74d62627f23c0892835f

Download Submit
C:\Windows\system\TUXnqDx.exe

Filesize
6.0MB

MD5
bb6d4112eb17929e2256527303d72636

SHA1
c119c5c5262a71cd5f657f99e32f6a61d9e12382

SHA256
9f646b5c2bc5bb4fd826f8f28bf5a1c241dc114b8c8dfa8f3add2642888c0e0e

SHA512
840e3268c63eab88e277b9757ecb70e0a9c53cbde74a4f38fe55783d0baad2a7c94e537b5c5655d84b8d3008d582542ffbf95bc32caa87c5b1485f050f19b985

Download Submit
C:\Windows\system\TguUSYI.exe

Filesize
6.0MB

MD5
01ba3f31c3d9cdfafb53d428deb61d9c

SHA1
06e2ce1d5df5d8935e5300eccde2b8d17b5078f8

SHA256
9c2e57d4420102c67322999b53abbbf9324857713dfaaec0f50169936b4933d5

SHA512
aff23e33b93666cce4bea9f179e855d365ce04bb45e3f841122290a0a73282e41dca08f5955334a30f0576503fbde1f69f0e4deee05b5baaa2401366d9646507

Download Submit
C:\Windows\system\XRAdJXg.exe

Filesize
6.0MB

MD5
ce5a9da82e830828795de00a41b96c8c

SHA1
493f926fac879253a05db12cc1fce92257f9b851

SHA256
dbe6b5bdefbd8b1d9415e6a76456942e0cd3dbf4d9cbff276af43ce6c231fb5a

SHA512
250187b313869e5046ac42c0541a315c8342553d99a6cfead57d7c01c7f00acd6da9f8fca83b1fb4dd4bfec490bd11cee9b1535667e16aff6646a30211df8338

Download Submit
C:\Windows\system\YHZhCcl.exe

Filesize
6.0MB

MD5
4c1875812aa7f0736afd626c02616e45

SHA1
c4a2653a16aba8e53f4b781848593989502de93f

SHA256
70a41cc6bfa2edabd5070026a8a1ea978799f639a028d8fe95ec88627027d653

SHA512
8aee0291b8cfc8f6dd8bc8223a244c80e81da2842c9156184336de103222889d85c1f820b54c8c571205653e2121e9bfbefaf044e09bc7b4a317c666836c5fc2

Download Submit
C:\Windows\system\ZzPlgLz.exe

Filesize
6.0MB

MD5
5d388ae45f4e6fcc3c965f01b927be2e

SHA1
6bfa1a991ec00f3ba18d3d32d4ad5daa0f7221d5

SHA256
d653255b87c14e3f8f215f637265245aa5edb6dbe8eaa5f3ed394161e6a76cc6

SHA512
ea0d863eb3f137961fc30b64dc5ed15794007f55ecaf0f97248a66e6c770f82a10e94e7146f7104c5ab0cc48efdc4ffe09f795fc88ff4e680191247bfcacc92a

Download Submit
C:\Windows\system\bfEpKpA.exe

Filesize
6.0MB

MD5
e62c0b9491315ac5d9a4cd87be7df6ba

SHA1
fc56001ba4816a6640f6567aca71fcb9441a03d0

SHA256
25c3a94e4cf89e47a4fba86b013298ee2fe23935cb633782d0b1f265e93bb036

SHA512
147c1890c8c2072ef4b870290b1ecd1031b8aecbe2d463d360b19bbd2a8116768c7e6b59f01f18f6cd0ec6de429a4688d198424ea17524569c0f17ceecf438cf

Download Submit
C:\Windows\system\ckXrzAh.exe

Filesize
6.0MB

MD5
f3675faecf3607e07779b00fe6ef5c59

SHA1
7ee60b6486e43dac1080090fc118867fc17b8880

SHA256
9e17426768cafce51252d349411001f4135d472b3f94c27b05e3b0ced43409a4

SHA512
3b4057219d771120b0de366c34b4aa6e44f68ecb593188aa1cae7f16f26693e840a127aa15bec03e94bc9bf841518767da9848976645a0aab0a0ef9d87e2cb26

Download Submit
C:\Windows\system\dcdywba.exe

Filesize
6.0MB

MD5
202a7696d49ce7135318161c936e61da

SHA1
23087c5ddad59adf3610270b9dc624bd675c7ce0

SHA256
e167998c4bb88b5406ba5640f6d35c1d5490fae761825960e8535f5513fac4d4

SHA512
13480756dab716b88122448565305e8da447a48825cdfa8dbb0c339773c17deb9c5b8486f8fc0a3ab5d1b283f9387a2a6b2fb642056a1078acef2272c471db3e

Download Submit
C:\Windows\system\etXkceN.exe

Filesize
6.0MB

MD5
9ba34ee26d46970a470b8d577c90746a

SHA1
afb5da0043f6b671f954cc775e267e33ddb801e6

SHA256
9ec0b6e581d096e6aa1986f1f266a65d85a98a1dc760c4152917783f72aa06e4

SHA512
b72b959b1de8e0441fa4af0289506f191a2839f7a027bd48fcf7ad20fc05a193c4fcd7bf3593c14390cdc35c0dbd513a7800a0db6e39f1ecc287c2dc07282104

Download Submit
C:\Windows\system\fEnwmTc.exe

Filesize
6.0MB

MD5
f5d642b0d7fb64d6ba21f083a75dc573

SHA1
69e1b4447845dd544e39dc8c3ad8efa9428a5359

SHA256
662b3a1631d404c0319e7bf8bccc573673237a000e603519f5198609cba56610

SHA512
7a9e61cf07ca3dd8dec9697d909ba56834633f166a01f6f2840e462973115f7c1ed9b396027c22525a960852b8a396daa43b246690762ec599d3fccaa81827e7

Download Submit
C:\Windows\system\hMVTlRe.exe

Filesize
6.0MB

MD5
5e7cea99be14a51c1a63ddd182bdd352

SHA1
fc867da011e4c04e0318b985f6e5b5eebc3a6c60

SHA256
5babbde5ef748746bf89a04b4859111db2d33ff916949e75d3a514aefd7dc1ea

SHA512
4c3c09bf220de93974514a0a2518c6129204bbd959797716c540aa717422bea01779021ba955f2a842ff9145c5389363308671d7ac07dd38e7aa309f226c886b

Download Submit
C:\Windows\system\ioeTIly.exe

Filesize
6.0MB

MD5
495e7cb2d8eeeb6ae37e7b62dc42779e

SHA1
9b2b445ef743d4077417e6a3df2fe6de145ae7d1

SHA256
986f5c727dc174991106d0bef849734303a87944bc87f2f1c79fac9d98cdd8d4

SHA512
751e3e4f096765924b6c0811ce32c30756f2069d3b5146710f3af6f5dac975900836e072f6eb8c640562fa2b30b1f8f3f1883cec2cde217fa845388a7aa431d0

Download Submit
C:\Windows\system\jZatCnn.exe

Filesize
6.0MB

MD5
eecfb8c8a44b7847559166ee6347bd20

SHA1
5b1afa2f1dee00fae7f6d6d2342335a8c5aae19a

SHA256
72c6b5643073036f17fd7764d385efa751f6ad82c06b192373b7c8d4f537a871

SHA512
8cf4d4a3489dec08569254b4094b1b0cf11afd32d354f33488c285156a883e8075e16d93ab5b02f67484c45262f3fa7163abb8b48a8c8b68fecd8c45b816f490

Download Submit
C:\Windows\system\jolEtZw.exe

Filesize
6.0MB

MD5
65ccd5571c6e853eb407bb4f39c13dcb

SHA1
f0dcee60eaf0e3676d1b089600d4d0d280808182

SHA256
b44709824bceabc406536367a224c5b5eb1883ce73bfccc7fd015409e9c00d97

SHA512
25e92078c468f50d1b6d3b4886fb4bb328387305620c0339352a397aacafbf1d52a471bd3039fff76e2dd6c814f1616e43d3f4dd34ece2a738ba9a8ccfc70461

Download Submit
C:\Windows\system\kdUPOSZ.exe

Filesize
6.0MB

MD5
70b13644bf54e55959b15531ea356467

SHA1
f99903e0940452f90294b5f5017681096e3973e5

SHA256
911f88695302b4dadc8e4edbbc13777111602572623a865dccf30008cd3170d8

SHA512
f0ae70436b0908c52d84b8c3d402dfcba3f5317a3acccac51054496b064a2025f25eb1470e835dd8eb51916626ec36b3aba004dcda1f5df272c244ff89121773

Download Submit
C:\Windows\system\moGiWlB.exe

Filesize
6.0MB

MD5
f36ac50f540cab24dd57678362c72735

SHA1
d97db29c100a2c83c830f962d40b58eaf2c09b71

SHA256
f315bfdf860060eb9830441af5d7346b124ee360fe17658319cd6882c060d3ff

SHA512
89b4c89bec823146f1bbabef43f10e8ef6de596cb5b4ade1b6e8384874b10887d66682f6b587b624afc849763ffd6788ce93dbf889115edd5b29b27f4283983f

Download Submit
C:\Windows\system\qriXurl.exe

Filesize
6.0MB

MD5
11bf6190f536e525482c7e0336a08928

SHA1
7b8851230e98fb60ad4f55df9c273cb32224bec0

SHA256
9161054e6744974e9e0aad1693e52b68c07ec39eb6d8a1516ecd40f05d0a9856

SHA512
11420701c25e9d1c45570f2152bd797bb3e07490d119fb25e84f5e34f879a65388996550c90decd15b717aa1f36c09197c15033e9bfd82fa080906c00d20adec

Download Submit
C:\Windows\system\tCOXUHC.exe

Filesize
6.0MB

MD5
75ef52cb341a5f895a45722818b80366

SHA1
7c72ba0aee9bdc4adc6fe2ad945d89b6b5c24862

SHA256
ab3973cabaa7598bf2bb884fac40c62dd5168266705c1eecf9855d609082dc87

SHA512
4cbc16535347663159cc9dd7ff4ce27526ef320a9bede737ccc1c77f5e303937c267221e63fba4db38381779156331662ba62e7da5bd5dd2e5e0c80eee0fc5d3

Download Submit
C:\Windows\system\xouQGDC.exe

Filesize
6.0MB

MD5
4adab1b189ee9b00308f6507d1b19265

SHA1
b750cd8238e0e416df95fcb1fcb46828717092dc

SHA256
53a490b81fd33514f85a27f67fa42f376357c3e0a429e4aafd1157da704cf671

SHA512
305ac7c4e7b69b96038573bc6e910f06962bba5a9d7bc6fc47910aa4128ab85453f9fc12cdc8bf6e7f9d74295b8caf443542a751f5f6a24ce8c43e280aa7e89c

Download Submit
\Windows\system\MuquJEd.exe

Filesize
6.0MB

MD5
b7d808b52fc62ad127a9f39e9b15ce9d

SHA1
8efb1babf4de4cbc6b546966766644f57dbea872

SHA256
78c54439df1d04b4ec778aa9c085ced09342b6b3311f065570406bda7a73c3fa

SHA512
5f415161ead7abf68e8aadef34b770d0cab51ed203a6606ca7fe1539caf962a37f0929b29932089b5c16df6300b07b9a609329b589f050991b5709c69bd49173

Download Submit
\Windows\system\NbftkMB.exe

Filesize
6.0MB

MD5
0acb075ba48888837dea41ff1df11636

SHA1
fccd5678210df7f1692a6c363261d467a78c2785

SHA256
ea4ca030e7037f033a30dcc131d61572827927cfc1bc3853ef027c549bae930b

SHA512
88f8eb2093bb2c456fc5d9b1798ff18251948358d7ed4dd1bbec190f07e9f7863798e50a51fd30601a61991bc4f17dba61d798cdab9b281a2af1dcd3bccabcf7

Download Submit
\Windows\system\hVEPZLi.exe

Filesize
6.0MB

MD5
ee2b64ba297eddbef0469092f2e26783

SHA1
6f4a57fbe290fc0a3833b849eaa213b434a9b8c3

SHA256
cb38af81943e4594e841a708d1f8447a789325cb2c9d88fc01ad3b0b8562d5a9

SHA512
349e57afd190f96332fb372ec945030acbf1d3ba2d84182e3a9b86ccec42d7d6165a415064537f1687b8637cf0a8c9995b1450793260eb1ba8e119814790c937

Download Submit
\Windows\system\mdplsUy.exe

Filesize
6.0MB

MD5
b19de6c9b91214b632bb35815920e611

SHA1
3fa236e16c6c720a2a6582d1e1023a058362aea3

SHA256
e5b155fc879ec7488b73269bc97c7972b2e9873126028f04c6d55437d7e97850

SHA512
42d38ce93b40bb64147453237ec260544f35b1aefc4e63ba305f5f4bcd0ff724893979161c56269ed4b2f0b9d0163603436506ea6a2b887c49e8a6f0002ee770

Download Submit
memory/1740-1356-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/1740-37-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/1756-1363-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1756-99-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1788-66-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/1788-1359-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/1816-103-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/1816-1364-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/1816-455-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2132-1355-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2132-29-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2132-69-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2164-17-0x0000000002510000-0x0000000002864000-memory.dmp

Filesize
3.3MB

Download
memory/2164-65-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2164-10-0x0000000002510000-0x0000000002864000-memory.dmp

Filesize
3.3MB

Download
memory/2164-84-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2164-79-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-63-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-100-0x0000000002510000-0x0000000002864000-memory.dmp

Filesize
3.3MB

Download
memory/2164-102-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2164-27-0x0000000002510000-0x0000000002864000-memory.dmp

Filesize
3.3MB

Download
memory/2164-21-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-36-0x0000000002510000-0x0000000002864000-memory.dmp

Filesize
3.3MB

Download
memory/2164-110-0x0000000002510000-0x0000000002864000-memory.dmp

Filesize
3.3MB

Download
memory/2164-96-0x0000000002510000-0x0000000002864000-memory.dmp

Filesize
3.3MB

Download
memory/2164-39-0x0000000002510000-0x0000000002864000-memory.dmp

Filesize
3.3MB

Download
memory/2164-472-0x0000000002510000-0x0000000002864000-memory.dmp

Filesize
3.3MB

Download
memory/2164-397-0x0000000002510000-0x0000000002864000-memory.dmp

Filesize
3.3MB

Download
memory/2164-146-0x0000000002510000-0x0000000002864000-memory.dmp

Filesize
3.3MB

Download
memory/2164-51-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-54-0x0000000002510000-0x0000000002864000-memory.dmp

Filesize
3.3MB

Download
memory/2164-1-0x0000000000200000-0x0000000000210000-memory.dmp

Filesize
64KB

Download
memory/2164-0-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-68-0x0000000002510000-0x0000000002864000-memory.dmp

Filesize
3.3MB

Download
memory/2236-72-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-1360-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-208-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2360-1362-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2360-95-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2448-80-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-231-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-1361-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-1353-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-25-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-55-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-1357-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-1365-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-82-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-46-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-64-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2852-1358-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2940-26-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-1367-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-24-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-1354-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download