cobaltstrike | 830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23/12/2024, 22:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
Size

6.0MB
MD5

2087fccbc34630dcf0a754a5bebaebf9
SHA1

a8a698c7c9c87af8bab095884c851519d021909c
SHA256

830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb
SHA512

f78c875e0d5125bf1ada5d011f7e3987b39d870bdbe500074ec384edeb587a0bf6b37ff975906446e5b4e51efb41cc3cb4c800836eb81bbe3a32669c524bc7de
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUF:eOl56utgpPF8u/7F

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012029-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d0d-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d2e-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d6d-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d5c-25.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d50-21.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ee-63.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019241-119.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192f0-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019384-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c9-173.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f8-170.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193af-165.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193fa-174.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a2-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019346-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933e-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925c-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932a-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019228-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001920f-104.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903d-99.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019030-94.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d68-89.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d63-84.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018bcd-79.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018761-74.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001875d-69.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016858-45.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186de-57.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d64-56.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2828-0-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/files/0x000b000000012029-6.dat	xmrig
behavioral1/files/0x0008000000015d0d-8.dat	xmrig
behavioral1/files/0x0008000000015d2e-15.dat	xmrig
behavioral1/memory/2828-35-0x0000000002240000-0x0000000002594000-memory.dmp	xmrig
behavioral1/files/0x0007000000015d6d-32.dat	xmrig
behavioral1/files/0x0007000000015d5c-25.dat	xmrig
behavioral1/files/0x0007000000015d50-21.dat	xmrig
behavioral1/memory/2368-20-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/268-38-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2140-50-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/files/0x00050000000186ee-63.dat	xmrig
behavioral1/files/0x0005000000019241-119.dat	xmrig
behavioral1/files/0x00050000000192f0-134.dat	xmrig
behavioral1/files/0x0005000000019384-154.dat	xmrig
behavioral1/memory/2832-534-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2232-576-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2692-575-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2628-573-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2796-571-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/1988-2065-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2828-2296-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2828-1426-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2760-569-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2648-524-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/1988-509-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x00050000000193c9-173.dat	xmrig
behavioral1/files/0x00050000000193f8-170.dat	xmrig
behavioral1/files/0x00050000000193af-165.dat	xmrig
behavioral1/files/0x00050000000193fa-174.dat	xmrig
behavioral1/files/0x00050000000193a2-160.dat	xmrig
behavioral1/files/0x0005000000019346-149.dat	xmrig
behavioral1/files/0x000500000001933e-144.dat	xmrig
behavioral1/files/0x000500000001925c-124.dat	xmrig
behavioral1/files/0x000500000001932a-139.dat	xmrig
behavioral1/files/0x0005000000019273-129.dat	xmrig
behavioral1/files/0x0005000000019234-114.dat	xmrig
behavioral1/files/0x0005000000019228-109.dat	xmrig
behavioral1/files/0x000500000001920f-104.dat	xmrig
behavioral1/files/0x000600000001903d-99.dat	xmrig
behavioral1/files/0x0006000000019030-94.dat	xmrig
behavioral1/files/0x0006000000018d68-89.dat	xmrig
behavioral1/files/0x0006000000018d63-84.dat	xmrig
behavioral1/files/0x0006000000018bcd-79.dat	xmrig
behavioral1/files/0x0005000000018761-74.dat	xmrig
behavioral1/files/0x000500000001875d-69.dat	xmrig
behavioral1/memory/2780-49-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016858-45.dat	xmrig
behavioral1/memory/2884-30-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x00060000000186de-57.dat	xmrig
behavioral1/files/0x0007000000015d64-56.dat	xmrig
behavioral1/memory/2576-54-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2368-4009-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2884-4008-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/268-4007-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2648-4015-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2692-4014-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2232-4013-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2576-4012-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2628-4019-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2796-4018-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2760-4017-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2832-4016-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2140-4011-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
268	PWFvckx.exe
2368	rLVObfm.exe
2884	QfvUzgo.exe
2140	bofbkaX.exe
2780	dBcMCcV.exe
2576	bMEGSGC.exe
1988	LszCHkk.exe
2692	JgXbYSt.exe
2232	NiOnRdf.exe
2648	fQSHcsc.exe
2832	EQIfIYg.exe
2760	EjTcxgM.exe
2796	neZAdog.exe
2628	IWZCbFg.exe
2548	dNZjTQS.exe
2508	isHjQGo.exe
2612	XyUaSmM.exe
2980	EtmSjzS.exe
1512	DyXnkzz.exe
1684	kuAgAMZ.exe
1800	PpXMFIE.exe
1820	JNKGKUE.exe
2292	dCftGDs.exe
1056	FLmCiqI.exe
1632	EoNXZxd.exe
848	yaJGngh.exe
2940	nSsipXJ.exe
1292	zayMjcn.exe
2728	UYKYNRz.exe
1124	YuYXIDu.exe
1848	mfcPBzT.exe
744	eDfeSsy.exe
1132	icDOFDn.exe
1620	THfFKlq.exe
1932	zFvaFEg.exe
700	IQwPiTf.exe
3064	PVycLEU.exe
1376	OlfXtQi.exe
1084	SKtFhWz.exe
280	UHyFgkR.exe
532	JrlxKRG.exe
1908	QOrALrE.exe
2220	sZfRBVV.exe
836	xOGMSFk.exe
2992	lwnSvlY.exe
3012	IkKSkfY.exe
868	eQKLsxo.exe
2120	IyuzgGU.exe
1812	jAcNUkg.exe
2340	MvpNVRA.exe
880	fPsdqpu.exe
2080	ziMNrHL.exe
2332	UPEktHl.exe
1700	BxbMaGN.exe
1904	CQVfJZS.exe
2948	WeKPMAd.exe
1952	SNdkYtf.exe
2088	HKPSGdU.exe
2392	DosUqpT.exe
2772	xnogCej.exe
2620	mzBwTeX.exe
2668	rxfWJvn.exe
2432	SdVEeMB.exe
2568	ytoteMd.exe

Loads dropped DLL 64 IoCs

pid	Process
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2828-0-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/files/0x000b000000012029-6.dat	upx
behavioral1/files/0x0008000000015d0d-8.dat	upx
behavioral1/files/0x0008000000015d2e-15.dat	upx
behavioral1/files/0x0007000000015d6d-32.dat	upx
behavioral1/files/0x0007000000015d5c-25.dat	upx
behavioral1/files/0x0007000000015d50-21.dat	upx
behavioral1/memory/2368-20-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/268-38-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2140-50-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/files/0x00050000000186ee-63.dat	upx
behavioral1/files/0x0005000000019241-119.dat	upx
behavioral1/files/0x00050000000192f0-134.dat	upx
behavioral1/files/0x0005000000019384-154.dat	upx
behavioral1/memory/2832-534-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2232-576-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2692-575-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2628-573-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2796-571-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/1988-2065-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2828-1426-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2760-569-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2648-524-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/1988-509-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x00050000000193c9-173.dat	upx
behavioral1/files/0x00050000000193f8-170.dat	upx
behavioral1/files/0x00050000000193af-165.dat	upx
behavioral1/files/0x00050000000193fa-174.dat	upx
behavioral1/files/0x00050000000193a2-160.dat	upx
behavioral1/files/0x0005000000019346-149.dat	upx
behavioral1/files/0x000500000001933e-144.dat	upx
behavioral1/files/0x000500000001925c-124.dat	upx
behavioral1/files/0x000500000001932a-139.dat	upx
behavioral1/files/0x0005000000019273-129.dat	upx
behavioral1/files/0x0005000000019234-114.dat	upx
behavioral1/files/0x0005000000019228-109.dat	upx
behavioral1/files/0x000500000001920f-104.dat	upx
behavioral1/files/0x000600000001903d-99.dat	upx
behavioral1/files/0x0006000000019030-94.dat	upx
behavioral1/files/0x0006000000018d68-89.dat	upx
behavioral1/files/0x0006000000018d63-84.dat	upx
behavioral1/files/0x0006000000018bcd-79.dat	upx
behavioral1/files/0x0005000000018761-74.dat	upx
behavioral1/files/0x000500000001875d-69.dat	upx
behavioral1/memory/2780-49-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x0008000000016858-45.dat	upx
behavioral1/memory/2884-30-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x00060000000186de-57.dat	upx
behavioral1/files/0x0007000000015d64-56.dat	upx
behavioral1/memory/2576-54-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2368-4009-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2884-4008-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/268-4007-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2648-4015-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2692-4014-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2232-4013-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2576-4012-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2628-4019-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2796-4018-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2760-4017-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2832-4016-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2140-4011-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2780-4010-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/1988-4020-0x000000013F130000-0x000000013F484000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\OmIIxXQ.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\XgrPYtY.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\tJXemik.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\dbRSnSh.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\udLQzvx.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\NFhYqkm.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\wbdjwpH.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\cDPhqHy.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\aXhwxTm.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\CxZFNyu.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\dYZDxWf.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\FhqUwfI.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\DpgrgaS.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\hpZrlDv.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\BJPDtza.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\VFUtViy.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\CYIeNDw.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\roETQJc.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\FdDAoBi.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\WQfLdSA.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\hABQuWr.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\jwjzVLs.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\wTUsShd.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\xNCskFa.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\aQZsSkB.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\YufiNUT.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\PtgjZVW.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\NAWTdft.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\eHWkYBy.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\BQKNLtr.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\WNqWsGo.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\gdHTxRI.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\udFwiDV.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\raLbLxX.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\fyomumJ.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\KtRcYuY.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\zmhWVDS.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\lismkkk.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\hueZuWi.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\fdFmyAs.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\fZMBnOs.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\QWXrPyS.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\rCGVmXj.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\HGBvkIp.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\ncISnUz.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\ZKXpQlW.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\YYNoRgN.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\mIYLWHH.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\ynHaKMG.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\kJwbNMx.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\gxAcypQ.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\HFkFzPd.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\XbxkmDT.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\NKjbnAg.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\OkVqtDO.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\TyZOHlK.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\xCOPRin.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\NozpSUC.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\JgXbYSt.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\AxqXuic.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\GgsrMJi.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\eDfeSsy.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\VOLURnn.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
File created	C:\Windows\System\ALxZhpd.exe	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2828 wrote to memory of 268	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	29
PID 2828 wrote to memory of 268	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	29
PID 2828 wrote to memory of 268	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	29
PID 2828 wrote to memory of 2368	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	30
PID 2828 wrote to memory of 2368	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	30
PID 2828 wrote to memory of 2368	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	30
PID 2828 wrote to memory of 2884	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	31
PID 2828 wrote to memory of 2884	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	31
PID 2828 wrote to memory of 2884	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	31
PID 2828 wrote to memory of 2576	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	32
PID 2828 wrote to memory of 2576	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	32
PID 2828 wrote to memory of 2576	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	32
PID 2828 wrote to memory of 2140	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	33
PID 2828 wrote to memory of 2140	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	33
PID 2828 wrote to memory of 2140	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	33
PID 2828 wrote to memory of 1988	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	34
PID 2828 wrote to memory of 1988	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	34
PID 2828 wrote to memory of 1988	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	34
PID 2828 wrote to memory of 2780	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	35
PID 2828 wrote to memory of 2780	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	35
PID 2828 wrote to memory of 2780	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	35
PID 2828 wrote to memory of 2232	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	36
PID 2828 wrote to memory of 2232	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	36
PID 2828 wrote to memory of 2232	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	36
PID 2828 wrote to memory of 2692	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	37
PID 2828 wrote to memory of 2692	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	37
PID 2828 wrote to memory of 2692	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	37
PID 2828 wrote to memory of 2648	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	38
PID 2828 wrote to memory of 2648	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	38
PID 2828 wrote to memory of 2648	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	38
PID 2828 wrote to memory of 2832	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	39
PID 2828 wrote to memory of 2832	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	39
PID 2828 wrote to memory of 2832	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	39
PID 2828 wrote to memory of 2760	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	40
PID 2828 wrote to memory of 2760	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	40
PID 2828 wrote to memory of 2760	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	40
PID 2828 wrote to memory of 2796	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	41
PID 2828 wrote to memory of 2796	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	41
PID 2828 wrote to memory of 2796	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	41
PID 2828 wrote to memory of 2628	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	42
PID 2828 wrote to memory of 2628	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	42
PID 2828 wrote to memory of 2628	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	42
PID 2828 wrote to memory of 2548	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	43
PID 2828 wrote to memory of 2548	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	43
PID 2828 wrote to memory of 2548	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	43
PID 2828 wrote to memory of 2508	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	44
PID 2828 wrote to memory of 2508	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	44
PID 2828 wrote to memory of 2508	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	44
PID 2828 wrote to memory of 2612	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	45
PID 2828 wrote to memory of 2612	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	45
PID 2828 wrote to memory of 2612	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	45
PID 2828 wrote to memory of 2980	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	46
PID 2828 wrote to memory of 2980	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	46
PID 2828 wrote to memory of 2980	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	46
PID 2828 wrote to memory of 1512	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	47
PID 2828 wrote to memory of 1512	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	47
PID 2828 wrote to memory of 1512	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	47
PID 2828 wrote to memory of 1684	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	48
PID 2828 wrote to memory of 1684	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	48
PID 2828 wrote to memory of 1684	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	48
PID 2828 wrote to memory of 1800	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	49
PID 2828 wrote to memory of 1800	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	49
PID 2828 wrote to memory of 1800	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	49
PID 2828 wrote to memory of 1820	2828	JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe	50

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_830df045905863c60b287302d94f05ec99bec2cb0017bea7a9b92edf680817cb.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2828
- C:\Windows\System\PWFvckx.exe
  C:\Windows\System\PWFvckx.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\rLVObfm.exe
  C:\Windows\System\rLVObfm.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\QfvUzgo.exe
  C:\Windows\System\QfvUzgo.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\bMEGSGC.exe
  C:\Windows\System\bMEGSGC.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\bofbkaX.exe
  C:\Windows\System\bofbkaX.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\LszCHkk.exe
  C:\Windows\System\LszCHkk.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\dBcMCcV.exe
  C:\Windows\System\dBcMCcV.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\NiOnRdf.exe
  C:\Windows\System\NiOnRdf.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\JgXbYSt.exe
  C:\Windows\System\JgXbYSt.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\fQSHcsc.exe
  C:\Windows\System\fQSHcsc.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\EQIfIYg.exe
  C:\Windows\System\EQIfIYg.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\EjTcxgM.exe
  C:\Windows\System\EjTcxgM.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\neZAdog.exe
  C:\Windows\System\neZAdog.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\IWZCbFg.exe
  C:\Windows\System\IWZCbFg.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\dNZjTQS.exe
  C:\Windows\System\dNZjTQS.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\isHjQGo.exe
  C:\Windows\System\isHjQGo.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\XyUaSmM.exe
  C:\Windows\System\XyUaSmM.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\EtmSjzS.exe
  C:\Windows\System\EtmSjzS.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\DyXnkzz.exe
  C:\Windows\System\DyXnkzz.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\kuAgAMZ.exe
  C:\Windows\System\kuAgAMZ.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\PpXMFIE.exe
  C:\Windows\System\PpXMFIE.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\JNKGKUE.exe
  C:\Windows\System\JNKGKUE.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\dCftGDs.exe
  C:\Windows\System\dCftGDs.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\FLmCiqI.exe
  C:\Windows\System\FLmCiqI.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\EoNXZxd.exe
  C:\Windows\System\EoNXZxd.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\yaJGngh.exe
  C:\Windows\System\yaJGngh.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\nSsipXJ.exe
  C:\Windows\System\nSsipXJ.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\zayMjcn.exe
  C:\Windows\System\zayMjcn.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\UYKYNRz.exe
  C:\Windows\System\UYKYNRz.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\YuYXIDu.exe
  C:\Windows\System\YuYXIDu.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\mfcPBzT.exe
  C:\Windows\System\mfcPBzT.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\icDOFDn.exe
  C:\Windows\System\icDOFDn.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\eDfeSsy.exe
  C:\Windows\System\eDfeSsy.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\zFvaFEg.exe
  C:\Windows\System\zFvaFEg.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\THfFKlq.exe
  C:\Windows\System\THfFKlq.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\PVycLEU.exe
  C:\Windows\System\PVycLEU.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\IQwPiTf.exe
  C:\Windows\System\IQwPiTf.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\JrlxKRG.exe
  C:\Windows\System\JrlxKRG.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\OlfXtQi.exe
  C:\Windows\System\OlfXtQi.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\QOrALrE.exe
  C:\Windows\System\QOrALrE.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\SKtFhWz.exe
  C:\Windows\System\SKtFhWz.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\xOGMSFk.exe
  C:\Windows\System\xOGMSFk.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\UHyFgkR.exe
  C:\Windows\System\UHyFgkR.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\lwnSvlY.exe
  C:\Windows\System\lwnSvlY.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\sZfRBVV.exe
  C:\Windows\System\sZfRBVV.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\IkKSkfY.exe
  C:\Windows\System\IkKSkfY.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\eQKLsxo.exe
  C:\Windows\System\eQKLsxo.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\jAcNUkg.exe
  C:\Windows\System\jAcNUkg.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\IyuzgGU.exe
  C:\Windows\System\IyuzgGU.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\MvpNVRA.exe
  C:\Windows\System\MvpNVRA.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\fPsdqpu.exe
  C:\Windows\System\fPsdqpu.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\UPEktHl.exe
  C:\Windows\System\UPEktHl.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\ziMNrHL.exe
  C:\Windows\System\ziMNrHL.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\CQVfJZS.exe
  C:\Windows\System\CQVfJZS.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\BxbMaGN.exe
  C:\Windows\System\BxbMaGN.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\HKPSGdU.exe
  C:\Windows\System\HKPSGdU.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\WeKPMAd.exe
  C:\Windows\System\WeKPMAd.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\DosUqpT.exe
  C:\Windows\System\DosUqpT.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\SNdkYtf.exe
  C:\Windows\System\SNdkYtf.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\mzBwTeX.exe
  C:\Windows\System\mzBwTeX.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\xnogCej.exe
  C:\Windows\System\xnogCej.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\rxfWJvn.exe
  C:\Windows\System\rxfWJvn.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\SdVEeMB.exe
  C:\Windows\System\SdVEeMB.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\ytoteMd.exe
  C:\Windows\System\ytoteMd.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\jdzwpJH.exe
  C:\Windows\System\jdzwpJH.exe
  2⤵
  PID:2564
- C:\Windows\System\HVfFVrC.exe
  C:\Windows\System\HVfFVrC.exe
  2⤵
  PID:2308
- C:\Windows\System\THwjtwB.exe
  C:\Windows\System\THwjtwB.exe
  2⤵
  PID:1784
- C:\Windows\System\XJjpkHv.exe
  C:\Windows\System\XJjpkHv.exe
  2⤵
  PID:664
- C:\Windows\System\UHhLCxi.exe
  C:\Windows\System\UHhLCxi.exe
  2⤵
  PID:2272
- C:\Windows\System\aXhwxTm.exe
  C:\Windows\System\aXhwxTm.exe
  2⤵
  PID:2464
- C:\Windows\System\pNuQlAr.exe
  C:\Windows\System\pNuQlAr.exe
  2⤵
  PID:2336
- C:\Windows\System\VQovARS.exe
  C:\Windows\System\VQovARS.exe
  2⤵
  PID:264
- C:\Windows\System\jubTjLU.exe
  C:\Windows\System\jubTjLU.exe
  2⤵
  PID:2588
- C:\Windows\System\duxLCkY.exe
  C:\Windows\System\duxLCkY.exe
  2⤵
  PID:604
- C:\Windows\System\EZFdCxg.exe
  C:\Windows\System\EZFdCxg.exe
  2⤵
  PID:804
- C:\Windows\System\dNMvNJJ.exe
  C:\Windows\System\dNMvNJJ.exe
  2⤵
  PID:1336
- C:\Windows\System\RiPCQzl.exe
  C:\Windows\System\RiPCQzl.exe
  2⤵
  PID:1936
- C:\Windows\System\nnzijLG.exe
  C:\Windows\System\nnzijLG.exe
  2⤵
  PID:2672
- C:\Windows\System\EmXpLKk.exe
  C:\Windows\System\EmXpLKk.exe
  2⤵
  PID:3032
- C:\Windows\System\yBoMYls.exe
  C:\Windows\System\yBoMYls.exe
  2⤵
  PID:1344
- C:\Windows\System\jRZMRdM.exe
  C:\Windows\System\jRZMRdM.exe
  2⤵
  PID:740
- C:\Windows\System\WkCqxCf.exe
  C:\Windows\System\WkCqxCf.exe
  2⤵
  PID:2984
- C:\Windows\System\mOBZxbL.exe
  C:\Windows\System\mOBZxbL.exe
  2⤵
  PID:2076
- C:\Windows\System\ZCNWqFn.exe
  C:\Windows\System\ZCNWqFn.exe
  2⤵
  PID:2188
- C:\Windows\System\FBTItBr.exe
  C:\Windows\System\FBTItBr.exe
  2⤵
  PID:1596
- C:\Windows\System\HxnVKdI.exe
  C:\Windows\System\HxnVKdI.exe
  2⤵
  PID:1576
- C:\Windows\System\FMSXITu.exe
  C:\Windows\System\FMSXITu.exe
  2⤵
  PID:2072
- C:\Windows\System\DHuHeBL.exe
  C:\Windows\System\DHuHeBL.exe
  2⤵
  PID:2820
- C:\Windows\System\msdlTEH.exe
  C:\Windows\System\msdlTEH.exe
  2⤵
  PID:2652
- C:\Windows\System\sevFfTH.exe
  C:\Windows\System\sevFfTH.exe
  2⤵
  PID:2504
- C:\Windows\System\TSJDEUf.exe
  C:\Windows\System\TSJDEUf.exe
  2⤵
  PID:980
- C:\Windows\System\dqvBClU.exe
  C:\Windows\System\dqvBClU.exe
  2⤵
  PID:1920
- C:\Windows\System\YRRnFjR.exe
  C:\Windows\System\YRRnFjR.exe
  2⤵
  PID:1712
- C:\Windows\System\HFnczff.exe
  C:\Windows\System\HFnczff.exe
  2⤵
  PID:2664
- C:\Windows\System\VlxFrjb.exe
  C:\Windows\System\VlxFrjb.exe
  2⤵
  PID:1436
- C:\Windows\System\rOZTpVL.exe
  C:\Windows\System\rOZTpVL.exe
  2⤵
  PID:1640
- C:\Windows\System\XKiuZmW.exe
  C:\Windows\System\XKiuZmW.exe
  2⤵
  PID:1256
- C:\Windows\System\NpwNOLT.exe
  C:\Windows\System\NpwNOLT.exe
  2⤵
  PID:3016
- C:\Windows\System\jgOxMQX.exe
  C:\Windows\System\jgOxMQX.exe
  2⤵
  PID:1472
- C:\Windows\System\oPTLSPE.exe
  C:\Windows\System\oPTLSPE.exe
  2⤵
  PID:2552
- C:\Windows\System\BPnhorE.exe
  C:\Windows\System\BPnhorE.exe
  2⤵
  PID:1076
- C:\Windows\System\JSTeyqL.exe
  C:\Windows\System\JSTeyqL.exe
  2⤵
  PID:1772
- C:\Windows\System\xzQQZBV.exe
  C:\Windows\System\xzQQZBV.exe
  2⤵
  PID:572
- C:\Windows\System\aBEdibO.exe
  C:\Windows\System\aBEdibO.exe
  2⤵
  PID:2480
- C:\Windows\System\zvEmcSq.exe
  C:\Windows\System\zvEmcSq.exe
  2⤵
  PID:1600
- C:\Windows\System\sMWvhyp.exe
  C:\Windows\System\sMWvhyp.exe
  2⤵
  PID:3028
- C:\Windows\System\NMUpLTL.exe
  C:\Windows\System\NMUpLTL.exe
  2⤵
  PID:2928
- C:\Windows\System\JBbrjyv.exe
  C:\Windows\System\JBbrjyv.exe
  2⤵
  PID:288
- C:\Windows\System\kTbbnHi.exe
  C:\Windows\System\kTbbnHi.exe
  2⤵
  PID:3084
- C:\Windows\System\yjwzQhe.exe
  C:\Windows\System\yjwzQhe.exe
  2⤵
  PID:3100
- C:\Windows\System\TCZYWWo.exe
  C:\Windows\System\TCZYWWo.exe
  2⤵
  PID:3116
- C:\Windows\System\DZFtNBG.exe
  C:\Windows\System\DZFtNBG.exe
  2⤵
  PID:3132
- C:\Windows\System\NPVgZXT.exe
  C:\Windows\System\NPVgZXT.exe
  2⤵
  PID:3156
- C:\Windows\System\cZwlHOo.exe
  C:\Windows\System\cZwlHOo.exe
  2⤵
  PID:3176
- C:\Windows\System\vQgIGAp.exe
  C:\Windows\System\vQgIGAp.exe
  2⤵
  PID:3212
- C:\Windows\System\nYKZBSR.exe
  C:\Windows\System\nYKZBSR.exe
  2⤵
  PID:3228
- C:\Windows\System\ducAcBQ.exe
  C:\Windows\System\ducAcBQ.exe
  2⤵
  PID:3248
- C:\Windows\System\VIDdXsd.exe
  C:\Windows\System\VIDdXsd.exe
  2⤵
  PID:3272
- C:\Windows\System\dBRXkNo.exe
  C:\Windows\System\dBRXkNo.exe
  2⤵
  PID:3288
- C:\Windows\System\jAiwNGy.exe
  C:\Windows\System\jAiwNGy.exe
  2⤵
  PID:3304
- C:\Windows\System\fdFmyAs.exe
  C:\Windows\System\fdFmyAs.exe
  2⤵
  PID:3324
- C:\Windows\System\tInlSNb.exe
  C:\Windows\System\tInlSNb.exe
  2⤵
  PID:3344
- C:\Windows\System\VBqjVmM.exe
  C:\Windows\System\VBqjVmM.exe
  2⤵
  PID:3368
- C:\Windows\System\XDqDGWM.exe
  C:\Windows\System\XDqDGWM.exe
  2⤵
  PID:3384
- C:\Windows\System\nuePyXZ.exe
  C:\Windows\System\nuePyXZ.exe
  2⤵
  PID:3408
- C:\Windows\System\lvtZIso.exe
  C:\Windows\System\lvtZIso.exe
  2⤵
  PID:3424
- C:\Windows\System\iRweuWH.exe
  C:\Windows\System\iRweuWH.exe
  2⤵
  PID:3448
- C:\Windows\System\TLyQPib.exe
  C:\Windows\System\TLyQPib.exe
  2⤵
  PID:3464
- C:\Windows\System\ZpYketK.exe
  C:\Windows\System\ZpYketK.exe
  2⤵
  PID:3484
- C:\Windows\System\fOOhtkF.exe
  C:\Windows\System\fOOhtkF.exe
  2⤵
  PID:3508
- C:\Windows\System\ZnePCBV.exe
  C:\Windows\System\ZnePCBV.exe
  2⤵
  PID:3532
- C:\Windows\System\FYOnmfi.exe
  C:\Windows\System\FYOnmfi.exe
  2⤵
  PID:3552
- C:\Windows\System\lyorpeI.exe
  C:\Windows\System\lyorpeI.exe
  2⤵
  PID:3568
- C:\Windows\System\iiVokKx.exe
  C:\Windows\System\iiVokKx.exe
  2⤵
  PID:3588
- C:\Windows\System\SOsjgNv.exe
  C:\Windows\System\SOsjgNv.exe
  2⤵
  PID:3608
- C:\Windows\System\VOLURnn.exe
  C:\Windows\System\VOLURnn.exe
  2⤵
  PID:3632
- C:\Windows\System\XFZqjPT.exe
  C:\Windows\System\XFZqjPT.exe
  2⤵
  PID:3648
- C:\Windows\System\oDhwmBX.exe
  C:\Windows\System\oDhwmBX.exe
  2⤵
  PID:3664
- C:\Windows\System\hCjwmoM.exe
  C:\Windows\System\hCjwmoM.exe
  2⤵
  PID:3680
- C:\Windows\System\wdfadLs.exe
  C:\Windows\System\wdfadLs.exe
  2⤵
  PID:3704
- C:\Windows\System\MdJUCgu.exe
  C:\Windows\System\MdJUCgu.exe
  2⤵
  PID:3724
- C:\Windows\System\wdMErhR.exe
  C:\Windows\System\wdMErhR.exe
  2⤵
  PID:3740
- C:\Windows\System\hoIxsAb.exe
  C:\Windows\System\hoIxsAb.exe
  2⤵
  PID:3756
- C:\Windows\System\SGRaDDI.exe
  C:\Windows\System\SGRaDDI.exe
  2⤵
  PID:3772
- C:\Windows\System\cjetwUZ.exe
  C:\Windows\System\cjetwUZ.exe
  2⤵
  PID:3788
- C:\Windows\System\UcoTmtf.exe
  C:\Windows\System\UcoTmtf.exe
  2⤵
  PID:3808
- C:\Windows\System\olzcUJi.exe
  C:\Windows\System\olzcUJi.exe
  2⤵
  PID:3824
- C:\Windows\System\tZhCrNq.exe
  C:\Windows\System\tZhCrNq.exe
  2⤵
  PID:3840
- C:\Windows\System\vdHUQrR.exe
  C:\Windows\System\vdHUQrR.exe
  2⤵
  PID:3856
- C:\Windows\System\DeECjeB.exe
  C:\Windows\System\DeECjeB.exe
  2⤵
  PID:3876
- C:\Windows\System\AMkULCZ.exe
  C:\Windows\System\AMkULCZ.exe
  2⤵
  PID:3892
- C:\Windows\System\xWTBzJK.exe
  C:\Windows\System\xWTBzJK.exe
  2⤵
  PID:3908
- C:\Windows\System\eGEKabe.exe
  C:\Windows\System\eGEKabe.exe
  2⤵
  PID:3928
- C:\Windows\System\GCSggME.exe
  C:\Windows\System\GCSggME.exe
  2⤵
  PID:3944
- C:\Windows\System\OtPgCqp.exe
  C:\Windows\System\OtPgCqp.exe
  2⤵
  PID:3964
- C:\Windows\System\gFwhJSC.exe
  C:\Windows\System\gFwhJSC.exe
  2⤵
  PID:3980
- C:\Windows\System\BebSrLz.exe
  C:\Windows\System\BebSrLz.exe
  2⤵
  PID:4000
- C:\Windows\System\NJtRqUp.exe
  C:\Windows\System\NJtRqUp.exe
  2⤵
  PID:4016
- C:\Windows\System\uVGOxvw.exe
  C:\Windows\System\uVGOxvw.exe
  2⤵
  PID:4036
- C:\Windows\System\UDrJDPS.exe
  C:\Windows\System\UDrJDPS.exe
  2⤵
  PID:4060
- C:\Windows\System\KfEOPhf.exe
  C:\Windows\System\KfEOPhf.exe
  2⤵
  PID:4076
- C:\Windows\System\vUatRri.exe
  C:\Windows\System\vUatRri.exe
  2⤵
  PID:4092
- C:\Windows\System\sqLlvMb.exe
  C:\Windows\System\sqLlvMb.exe
  2⤵
  PID:1792
- C:\Windows\System\AzLkSRt.exe
  C:\Windows\System\AzLkSRt.exe
  2⤵
  PID:1724
- C:\Windows\System\CmCkEBX.exe
  C:\Windows\System\CmCkEBX.exe
  2⤵
  PID:2488
- C:\Windows\System\CDFquzw.exe
  C:\Windows\System\CDFquzw.exe
  2⤵
  PID:3036
- C:\Windows\System\qfhBIJG.exe
  C:\Windows\System\qfhBIJG.exe
  2⤵
  PID:876
- C:\Windows\System\ABRWOrv.exe
  C:\Windows\System\ABRWOrv.exe
  2⤵
  PID:1788
- C:\Windows\System\ilqbTyr.exe
  C:\Windows\System\ilqbTyr.exe
  2⤵
  PID:2216
- C:\Windows\System\WQbffAq.exe
  C:\Windows\System\WQbffAq.exe
  2⤵
  PID:444
- C:\Windows\System\hEDXsuk.exe
  C:\Windows\System\hEDXsuk.exe
  2⤵
  PID:3268
- C:\Windows\System\coGPTcO.exe
  C:\Windows\System\coGPTcO.exe
  2⤵
  PID:3196
- C:\Windows\System\QgBGIzK.exe
  C:\Windows\System\QgBGIzK.exe
  2⤵
  PID:3240
- C:\Windows\System\eosrUSR.exe
  C:\Windows\System\eosrUSR.exe
  2⤵
  PID:3336
- C:\Windows\System\NhLYgNZ.exe
  C:\Windows\System\NhLYgNZ.exe
  2⤵
  PID:3320
- C:\Windows\System\DVfxBHm.exe
  C:\Windows\System\DVfxBHm.exe
  2⤵
  PID:3356
- C:\Windows\System\wlTIavW.exe
  C:\Windows\System\wlTIavW.exe
  2⤵
  PID:3456
- C:\Windows\System\cGsbawT.exe
  C:\Windows\System\cGsbawT.exe
  2⤵
  PID:3400
- C:\Windows\System\stRDsxA.exe
  C:\Windows\System\stRDsxA.exe
  2⤵
  PID:3444
- C:\Windows\System\AwsBZgy.exe
  C:\Windows\System\AwsBZgy.exe
  2⤵
  PID:3540
- C:\Windows\System\gSlTEIH.exe
  C:\Windows\System\gSlTEIH.exe
  2⤵
  PID:3584
- C:\Windows\System\KaVRdLl.exe
  C:\Windows\System\KaVRdLl.exe
  2⤵
  PID:3616
- C:\Windows\System\yEbBXEU.exe
  C:\Windows\System\yEbBXEU.exe
  2⤵
  PID:3688
- C:\Windows\System\fBGCKdk.exe
  C:\Windows\System\fBGCKdk.exe
  2⤵
  PID:3732
- C:\Windows\System\OmIIxXQ.exe
  C:\Windows\System\OmIIxXQ.exe
  2⤵
  PID:3600
- C:\Windows\System\foLLpfR.exe
  C:\Windows\System\foLLpfR.exe
  2⤵
  PID:3796
- C:\Windows\System\tAJGHVr.exe
  C:\Windows\System\tAJGHVr.exe
  2⤵
  PID:3864
- C:\Windows\System\Bsqstfv.exe
  C:\Windows\System\Bsqstfv.exe
  2⤵
  PID:3936
- C:\Windows\System\JdWfvyG.exe
  C:\Windows\System\JdWfvyG.exe
  2⤵
  PID:4008
- C:\Windows\System\WzyfXIH.exe
  C:\Windows\System\WzyfXIH.exe
  2⤵
  PID:4048
- C:\Windows\System\wxCGKUn.exe
  C:\Windows\System\wxCGKUn.exe
  2⤵
  PID:4084
- C:\Windows\System\RMJhmhf.exe
  C:\Windows\System\RMJhmhf.exe
  2⤵
  PID:2148
- C:\Windows\System\yqUfaFS.exe
  C:\Windows\System\yqUfaFS.exe
  2⤵
  PID:2176
- C:\Windows\System\HnqKbgb.exe
  C:\Windows\System\HnqKbgb.exe
  2⤵
  PID:2580
- C:\Windows\System\syZgEcI.exe
  C:\Windows\System\syZgEcI.exe
  2⤵
  PID:3716
- C:\Windows\System\VdEsnbt.exe
  C:\Windows\System\VdEsnbt.exe
  2⤵
  PID:4028
- C:\Windows\System\fxBEOkF.exe
  C:\Windows\System\fxBEOkF.exe
  2⤵
  PID:3888
- C:\Windows\System\FwpPCNN.exe
  C:\Windows\System\FwpPCNN.exe
  2⤵
  PID:3960
- C:\Windows\System\CQENUlE.exe
  C:\Windows\System\CQENUlE.exe
  2⤵
  PID:2816
- C:\Windows\System\ZzXyEbo.exe
  C:\Windows\System\ZzXyEbo.exe
  2⤵
  PID:1508
- C:\Windows\System\gyXMWfQ.exe
  C:\Windows\System\gyXMWfQ.exe
  2⤵
  PID:3748
- C:\Windows\System\Dsqakke.exe
  C:\Windows\System\Dsqakke.exe
  2⤵
  PID:3816
- C:\Windows\System\eeLIMdX.exe
  C:\Windows\System\eeLIMdX.exe
  2⤵
  PID:1728
- C:\Windows\System\dnCnZUI.exe
  C:\Windows\System\dnCnZUI.exe
  2⤵
  PID:3092
- C:\Windows\System\WglvWHm.exe
  C:\Windows\System\WglvWHm.exe
  2⤵
  PID:3224
- C:\Windows\System\fZMBnOs.exe
  C:\Windows\System\fZMBnOs.exe
  2⤵
  PID:3164
- C:\Windows\System\hVswgmT.exe
  C:\Windows\System\hVswgmT.exe
  2⤵
  PID:3340
- C:\Windows\System\urPcIea.exe
  C:\Windows\System\urPcIea.exe
  2⤵
  PID:3360
- C:\Windows\System\YJywWOv.exe
  C:\Windows\System\YJywWOv.exe
  2⤵
  PID:3236
- C:\Windows\System\GvzFMji.exe
  C:\Windows\System\GvzFMji.exe
  2⤵
  PID:3496
- C:\Windows\System\TAvcBEA.exe
  C:\Windows\System\TAvcBEA.exe
  2⤵
  PID:3504
- C:\Windows\System\HhgeJVu.exe
  C:\Windows\System\HhgeJVu.exe
  2⤵
  PID:3516
- C:\Windows\System\OkVqtDO.exe
  C:\Windows\System\OkVqtDO.exe
  2⤵
  PID:3768
- C:\Windows\System\qYrajyD.exe
  C:\Windows\System\qYrajyD.exe
  2⤵
  PID:2684
- C:\Windows\System\wFdPtRZ.exe
  C:\Windows\System\wFdPtRZ.exe
  2⤵
  PID:4052
- C:\Windows\System\PBKMzPT.exe
  C:\Windows\System\PBKMzPT.exe
  2⤵
  PID:1604
- C:\Windows\System\YtOpwyy.exe
  C:\Windows\System\YtOpwyy.exe
  2⤵
  PID:1564
- C:\Windows\System\IOjIgyN.exe
  C:\Windows\System\IOjIgyN.exe
  2⤵
  PID:2296
- C:\Windows\System\CxZFNyu.exe
  C:\Windows\System\CxZFNyu.exe
  2⤵
  PID:3260
- C:\Windows\System\GFXEEWW.exe
  C:\Windows\System\GFXEEWW.exe
  2⤵
  PID:3256
- C:\Windows\System\RrtyAUL.exe
  C:\Windows\System\RrtyAUL.exe
  2⤵
  PID:3676
- C:\Windows\System\xPaTBUB.exe
  C:\Windows\System\xPaTBUB.exe
  2⤵
  PID:3976
- C:\Windows\System\BuRZQGC.exe
  C:\Windows\System\BuRZQGC.exe
  2⤵
  PID:4108
- C:\Windows\System\JlbnYAQ.exe
  C:\Windows\System\JlbnYAQ.exe
  2⤵
  PID:4124
- C:\Windows\System\QZyHCzW.exe
  C:\Windows\System\QZyHCzW.exe
  2⤵
  PID:4148
- C:\Windows\System\FXhyKJw.exe
  C:\Windows\System\FXhyKJw.exe
  2⤵
  PID:4164
- C:\Windows\System\EHxiliy.exe
  C:\Windows\System\EHxiliy.exe
  2⤵
  PID:4188
- C:\Windows\System\tIjMSjL.exe
  C:\Windows\System\tIjMSjL.exe
  2⤵
  PID:4212
- C:\Windows\System\LMIvXMO.exe
  C:\Windows\System\LMIvXMO.exe
  2⤵
  PID:4228
- C:\Windows\System\mxOoHvb.exe
  C:\Windows\System\mxOoHvb.exe
  2⤵
  PID:4244
- C:\Windows\System\FFFIwAf.exe
  C:\Windows\System\FFFIwAf.exe
  2⤵
  PID:4268
- C:\Windows\System\uYsowmb.exe
  C:\Windows\System\uYsowmb.exe
  2⤵
  PID:4292
- C:\Windows\System\PNrWryM.exe
  C:\Windows\System\PNrWryM.exe
  2⤵
  PID:4312
- C:\Windows\System\lNpfakG.exe
  C:\Windows\System\lNpfakG.exe
  2⤵
  PID:4328
- C:\Windows\System\eArwfUN.exe
  C:\Windows\System\eArwfUN.exe
  2⤵
  PID:4348
- C:\Windows\System\gEoKPpf.exe
  C:\Windows\System\gEoKPpf.exe
  2⤵
  PID:4364
- C:\Windows\System\tkHxrxx.exe
  C:\Windows\System\tkHxrxx.exe
  2⤵
  PID:4388
- C:\Windows\System\svQxcfm.exe
  C:\Windows\System\svQxcfm.exe
  2⤵
  PID:4412
- C:\Windows\System\FKlezpo.exe
  C:\Windows\System\FKlezpo.exe
  2⤵
  PID:4432
- C:\Windows\System\EuqBnzK.exe
  C:\Windows\System\EuqBnzK.exe
  2⤵
  PID:4452
- C:\Windows\System\FJJuWbT.exe
  C:\Windows\System\FJJuWbT.exe
  2⤵
  PID:4472
- C:\Windows\System\gGFNEVq.exe
  C:\Windows\System\gGFNEVq.exe
  2⤵
  PID:4488
- C:\Windows\System\EifnYPl.exe
  C:\Windows\System\EifnYPl.exe
  2⤵
  PID:4512
- C:\Windows\System\zgVQRVV.exe
  C:\Windows\System\zgVQRVV.exe
  2⤵
  PID:4536
- C:\Windows\System\CdzqCBN.exe
  C:\Windows\System\CdzqCBN.exe
  2⤵
  PID:4552
- C:\Windows\System\xNCskFa.exe
  C:\Windows\System\xNCskFa.exe
  2⤵
  PID:4576
- C:\Windows\System\ukoitDB.exe
  C:\Windows\System\ukoitDB.exe
  2⤵
  PID:4596
- C:\Windows\System\IqDVYiJ.exe
  C:\Windows\System\IqDVYiJ.exe
  2⤵
  PID:4612
- C:\Windows\System\gQapDtc.exe
  C:\Windows\System\gQapDtc.exe
  2⤵
  PID:4636
- C:\Windows\System\NcQNimn.exe
  C:\Windows\System\NcQNimn.exe
  2⤵
  PID:4656
- C:\Windows\System\dXgmUmR.exe
  C:\Windows\System\dXgmUmR.exe
  2⤵
  PID:4672
- C:\Windows\System\evhhtXj.exe
  C:\Windows\System\evhhtXj.exe
  2⤵
  PID:4696
- C:\Windows\System\ksHniqS.exe
  C:\Windows\System\ksHniqS.exe
  2⤵
  PID:4712
- C:\Windows\System\dAfTyEv.exe
  C:\Windows\System\dAfTyEv.exe
  2⤵
  PID:4740
- C:\Windows\System\koHsalH.exe
  C:\Windows\System\koHsalH.exe
  2⤵
  PID:4764
- C:\Windows\System\WNpZgnr.exe
  C:\Windows\System\WNpZgnr.exe
  2⤵
  PID:4784
- C:\Windows\System\cBDAHdr.exe
  C:\Windows\System\cBDAHdr.exe
  2⤵
  PID:4808
- C:\Windows\System\QkATggR.exe
  C:\Windows\System\QkATggR.exe
  2⤵
  PID:4828
- C:\Windows\System\ekGlhZL.exe
  C:\Windows\System\ekGlhZL.exe
  2⤵
  PID:4848
- C:\Windows\System\rzQbdPe.exe
  C:\Windows\System\rzQbdPe.exe
  2⤵
  PID:4864
- C:\Windows\System\oXOiKZy.exe
  C:\Windows\System\oXOiKZy.exe
  2⤵
  PID:4884
- C:\Windows\System\CPDhEXC.exe
  C:\Windows\System\CPDhEXC.exe
  2⤵
  PID:4908
- C:\Windows\System\ApfBcAO.exe
  C:\Windows\System\ApfBcAO.exe
  2⤵
  PID:4928
- C:\Windows\System\OkEImoE.exe
  C:\Windows\System\OkEImoE.exe
  2⤵
  PID:4944
- C:\Windows\System\IlAYKLq.exe
  C:\Windows\System\IlAYKLq.exe
  2⤵
  PID:4968
- C:\Windows\System\eQVZERb.exe
  C:\Windows\System\eQVZERb.exe
  2⤵
  PID:4988
- C:\Windows\System\KqoEsjp.exe
  C:\Windows\System\KqoEsjp.exe
  2⤵
  PID:5008
- C:\Windows\System\ZaIPtpB.exe
  C:\Windows\System\ZaIPtpB.exe
  2⤵
  PID:5028
- C:\Windows\System\xyyPQIp.exe
  C:\Windows\System\xyyPQIp.exe
  2⤵
  PID:5048
- C:\Windows\System\dGYpnTx.exe
  C:\Windows\System\dGYpnTx.exe
  2⤵
  PID:5068
- C:\Windows\System\mundIjU.exe
  C:\Windows\System\mundIjU.exe
  2⤵
  PID:5088
- C:\Windows\System\DffbjTj.exe
  C:\Windows\System\DffbjTj.exe
  2⤵
  PID:5108
- C:\Windows\System\Caxyprr.exe
  C:\Windows\System\Caxyprr.exe
  2⤵
  PID:1384
- C:\Windows\System\xVynZSs.exe
  C:\Windows\System\xVynZSs.exe
  2⤵
  PID:2236
- C:\Windows\System\FPHNAJh.exe
  C:\Windows\System\FPHNAJh.exe
  2⤵
  PID:4024
- C:\Windows\System\raLbLxX.exe
  C:\Windows\System\raLbLxX.exe
  2⤵
  PID:3576
- C:\Windows\System\IMkYshe.exe
  C:\Windows\System\IMkYshe.exe
  2⤵
  PID:3836
- C:\Windows\System\ehVkXyX.exe
  C:\Windows\System\ehVkXyX.exe
  2⤵
  PID:3996
- C:\Windows\System\zYhFYnu.exe
  C:\Windows\System\zYhFYnu.exe
  2⤵
  PID:4204
- C:\Windows\System\hgdzlTX.exe
  C:\Windows\System\hgdzlTX.exe
  2⤵
  PID:4236
- C:\Windows\System\tOYnrVP.exe
  C:\Windows\System\tOYnrVP.exe
  2⤵
  PID:3780
- C:\Windows\System\ydpJKzI.exe
  C:\Windows\System\ydpJKzI.exe
  2⤵
  PID:3128
- C:\Windows\System\SzigzAF.exe
  C:\Windows\System\SzigzAF.exe
  2⤵
  PID:3080
- C:\Windows\System\uWGibZa.exe
  C:\Windows\System\uWGibZa.exe
  2⤵
  PID:2736
- C:\Windows\System\mIYLWHH.exe
  C:\Windows\System\mIYLWHH.exe
  2⤵
  PID:3144
- C:\Windows\System\WXydMoV.exe
  C:\Windows\System\WXydMoV.exe
  2⤵
  PID:4356
- C:\Windows\System\aWwLipS.exe
  C:\Windows\System\aWwLipS.exe
  2⤵
  PID:3208
- C:\Windows\System\flEySSB.exe
  C:\Windows\System\flEySSB.exe
  2⤵
  PID:4396
- C:\Windows\System\nxTQVUy.exe
  C:\Windows\System\nxTQVUy.exe
  2⤵
  PID:3620
- C:\Windows\System\PFVcxVt.exe
  C:\Windows\System\PFVcxVt.exe
  2⤵
  PID:4012
- C:\Windows\System\xTkkkxU.exe
  C:\Windows\System\xTkkkxU.exe
  2⤵
  PID:4440
- C:\Windows\System\oLtSKgO.exe
  C:\Windows\System\oLtSKgO.exe
  2⤵
  PID:3820
- C:\Windows\System\NmeXbFU.exe
  C:\Windows\System\NmeXbFU.exe
  2⤵
  PID:4524
- C:\Windows\System\IRfFrLT.exe
  C:\Windows\System\IRfFrLT.exe
  2⤵
  PID:4104
- C:\Windows\System\ukANgwC.exe
  C:\Windows\System\ukANgwC.exe
  2⤵
  PID:4144
- C:\Windows\System\MWvyBmq.exe
  C:\Windows\System\MWvyBmq.exe
  2⤵
  PID:4220
- C:\Windows\System\GKorDFf.exe
  C:\Windows\System\GKorDFf.exe
  2⤵
  PID:4572
- C:\Windows\System\IhbcXxR.exe
  C:\Windows\System\IhbcXxR.exe
  2⤵
  PID:4256
- C:\Windows\System\LwhTkqh.exe
  C:\Windows\System\LwhTkqh.exe
  2⤵
  PID:4308
- C:\Windows\System\vOGfbZU.exe
  C:\Windows\System\vOGfbZU.exe
  2⤵
  PID:4376
- C:\Windows\System\CpjxcsE.exe
  C:\Windows\System\CpjxcsE.exe
  2⤵
  PID:4428
- C:\Windows\System\BTnaoUv.exe
  C:\Windows\System\BTnaoUv.exe
  2⤵
  PID:4468
- C:\Windows\System\kxlGJkv.exe
  C:\Windows\System\kxlGJkv.exe
  2⤵
  PID:4684
- C:\Windows\System\gNeabxZ.exe
  C:\Windows\System\gNeabxZ.exe
  2⤵
  PID:4508
- C:\Windows\System\oGdojbp.exe
  C:\Windows\System\oGdojbp.exe
  2⤵
  PID:4620
- C:\Windows\System\YPvbkPs.exe
  C:\Windows\System\YPvbkPs.exe
  2⤵
  PID:4668
- C:\Windows\System\BXHsOLC.exe
  C:\Windows\System\BXHsOLC.exe
  2⤵
  PID:4736
- C:\Windows\System\gPpxdfw.exe
  C:\Windows\System\gPpxdfw.exe
  2⤵
  PID:4776
- C:\Windows\System\YkjCWzr.exe
  C:\Windows\System\YkjCWzr.exe
  2⤵
  PID:4816
- C:\Windows\System\nbuSSnM.exe
  C:\Windows\System\nbuSSnM.exe
  2⤵
  PID:4820
- C:\Windows\System\zxXxIZu.exe
  C:\Windows\System\zxXxIZu.exe
  2⤵
  PID:4860
- C:\Windows\System\ALxZhpd.exe
  C:\Windows\System\ALxZhpd.exe
  2⤵
  PID:4840
- C:\Windows\System\rDPIucu.exe
  C:\Windows\System\rDPIucu.exe
  2⤵
  PID:4936
- C:\Windows\System\jrOwEbs.exe
  C:\Windows\System\jrOwEbs.exe
  2⤵
  PID:4960
- C:\Windows\System\JiVTvQv.exe
  C:\Windows\System\JiVTvQv.exe
  2⤵
  PID:4984
- C:\Windows\System\lfDzcKQ.exe
  C:\Windows\System\lfDzcKQ.exe
  2⤵
  PID:5004
- C:\Windows\System\fqRMkIl.exe
  C:\Windows\System\fqRMkIl.exe
  2⤵
  PID:5044
- C:\Windows\System\OyCeCbQ.exe
  C:\Windows\System\OyCeCbQ.exe
  2⤵
  PID:5104
- C:\Windows\System\awwevmV.exe
  C:\Windows\System\awwevmV.exe
  2⤵
  PID:5116
- C:\Windows\System\QWXrPyS.exe
  C:\Windows\System\QWXrPyS.exe
  2⤵
  PID:1128
- C:\Windows\System\JKhwoJV.exe
  C:\Windows\System\JKhwoJV.exe
  2⤵
  PID:3952
- C:\Windows\System\osSIazt.exe
  C:\Windows\System\osSIazt.exe
  2⤵
  PID:3884
- C:\Windows\System\pLHbwHk.exe
  C:\Windows\System\pLHbwHk.exe
  2⤵
  PID:2196
- C:\Windows\System\IbMNzSM.exe
  C:\Windows\System\IbMNzSM.exe
  2⤵
  PID:1048
- C:\Windows\System\mpFATyV.exe
  C:\Windows\System\mpFATyV.exe
  2⤵
  PID:1720
- C:\Windows\System\hrJBPVI.exe
  C:\Windows\System\hrJBPVI.exe
  2⤵
  PID:3172
- C:\Windows\System\xvmMXHe.exe
  C:\Windows\System\xvmMXHe.exe
  2⤵
  PID:2824
- C:\Windows\System\ygyStzz.exe
  C:\Windows\System\ygyStzz.exe
  2⤵
  PID:3476
- C:\Windows\System\DpnbamJ.exe
  C:\Windows\System\DpnbamJ.exe
  2⤵
  PID:4400
- C:\Windows\System\NYkEnXs.exe
  C:\Windows\System\NYkEnXs.exe
  2⤵
  PID:3644
- C:\Windows\System\rCGVmXj.exe
  C:\Windows\System\rCGVmXj.exe
  2⤵
  PID:3420
- C:\Windows\System\mnRZJlE.exe
  C:\Windows\System\mnRZJlE.exe
  2⤵
  PID:4132
- C:\Windows\System\YUgPEKL.exe
  C:\Windows\System\YUgPEKL.exe
  2⤵
  PID:4176
- C:\Windows\System\Qpqwjjs.exe
  C:\Windows\System\Qpqwjjs.exe
  2⤵
  PID:4568
- C:\Windows\System\WWdZpUC.exe
  C:\Windows\System\WWdZpUC.exe
  2⤵
  PID:4340
- C:\Windows\System\PCcHcxk.exe
  C:\Windows\System\PCcHcxk.exe
  2⤵
  PID:4464
- C:\Windows\System\igTrQhr.exe
  C:\Windows\System\igTrQhr.exe
  2⤵
  PID:4504
- C:\Windows\System\fXXqQXF.exe
  C:\Windows\System\fXXqQXF.exe
  2⤵
  PID:4548
- C:\Windows\System\EhByFIB.exe
  C:\Windows\System\EhByFIB.exe
  2⤵
  PID:4632
- C:\Windows\System\xSdgdQF.exe
  C:\Windows\System\xSdgdQF.exe
  2⤵
  PID:4780
- C:\Windows\System\zaYydMV.exe
  C:\Windows\System\zaYydMV.exe
  2⤵
  PID:4756
- C:\Windows\System\QLzRIqf.exe
  C:\Windows\System\QLzRIqf.exe
  2⤵
  PID:4836
- C:\Windows\System\fUpGbVt.exe
  C:\Windows\System\fUpGbVt.exe
  2⤵
  PID:4856
- C:\Windows\System\UaKvxQX.exe
  C:\Windows\System\UaKvxQX.exe
  2⤵
  PID:4964
- C:\Windows\System\YdhfOPZ.exe
  C:\Windows\System\YdhfOPZ.exe
  2⤵
  PID:4956
- C:\Windows\System\sAPqmES.exe
  C:\Windows\System\sAPqmES.exe
  2⤵
  PID:5036
- C:\Windows\System\SKrnDrc.exe
  C:\Windows\System\SKrnDrc.exe
  2⤵
  PID:3432
- C:\Windows\System\UyUGTZA.exe
  C:\Windows\System\UyUGTZA.exe
  2⤵
  PID:2996
- C:\Windows\System\joIErAm.exe
  C:\Windows\System\joIErAm.exe
  2⤵
  PID:4200
- C:\Windows\System\bZVhXDW.exe
  C:\Windows\System\bZVhXDW.exe
  2⤵
  PID:3752
- C:\Windows\System\dvykdUu.exe
  C:\Windows\System\dvykdUu.exe
  2⤵
  PID:4288
- C:\Windows\System\BqmiPCh.exe
  C:\Windows\System\BqmiPCh.exe
  2⤵
  PID:1228
- C:\Windows\System\tXSrQeO.exe
  C:\Windows\System\tXSrQeO.exe
  2⤵
  PID:4408
- C:\Windows\System\mnemfOd.exe
  C:\Windows\System\mnemfOd.exe
  2⤵
  PID:3312
- C:\Windows\System\eTYCyqp.exe
  C:\Windows\System\eTYCyqp.exe
  2⤵
  PID:2124
- C:\Windows\System\KoqvexD.exe
  C:\Windows\System\KoqvexD.exe
  2⤵
  PID:4252
- C:\Windows\System\aQZsSkB.exe
  C:\Windows\System\aQZsSkB.exe
  2⤵
  PID:4460
- C:\Windows\System\IuSZgjX.exe
  C:\Windows\System\IuSZgjX.exe
  2⤵
  PID:4372
- C:\Windows\System\ZZqhrye.exe
  C:\Windows\System\ZZqhrye.exe
  2⤵
  PID:4708
- C:\Windows\System\bhYxDMt.exe
  C:\Windows\System\bhYxDMt.exe
  2⤵
  PID:4804
- C:\Windows\System\PhTUXkO.exe
  C:\Windows\System\PhTUXkO.exe
  2⤵
  PID:4760
- C:\Windows\System\cdndroo.exe
  C:\Windows\System\cdndroo.exe
  2⤵
  PID:5140
- C:\Windows\System\YjvSzzL.exe
  C:\Windows\System\YjvSzzL.exe
  2⤵
  PID:5160
- C:\Windows\System\nCSevpb.exe
  C:\Windows\System\nCSevpb.exe
  2⤵
  PID:5180
- C:\Windows\System\bFTdfBB.exe
  C:\Windows\System\bFTdfBB.exe
  2⤵
  PID:5200
- C:\Windows\System\bZVOZci.exe
  C:\Windows\System\bZVOZci.exe
  2⤵
  PID:5220
- C:\Windows\System\hptCkyc.exe
  C:\Windows\System\hptCkyc.exe
  2⤵
  PID:5240
- C:\Windows\System\NdTUxUz.exe
  C:\Windows\System\NdTUxUz.exe
  2⤵
  PID:5260
- C:\Windows\System\dxpzBSA.exe
  C:\Windows\System\dxpzBSA.exe
  2⤵
  PID:5280
- C:\Windows\System\NfnOiaF.exe
  C:\Windows\System\NfnOiaF.exe
  2⤵
  PID:5300
- C:\Windows\System\ynHaKMG.exe
  C:\Windows\System\ynHaKMG.exe
  2⤵
  PID:5320
- C:\Windows\System\XrVJFEZ.exe
  C:\Windows\System\XrVJFEZ.exe
  2⤵
  PID:5340
- C:\Windows\System\bnLnUnM.exe
  C:\Windows\System\bnLnUnM.exe
  2⤵
  PID:5360
- C:\Windows\System\CZBOhMj.exe
  C:\Windows\System\CZBOhMj.exe
  2⤵
  PID:5380
- C:\Windows\System\TICfbTW.exe
  C:\Windows\System\TICfbTW.exe
  2⤵
  PID:5400
- C:\Windows\System\MbAtNxR.exe
  C:\Windows\System\MbAtNxR.exe
  2⤵
  PID:5416
- C:\Windows\System\plkylJh.exe
  C:\Windows\System\plkylJh.exe
  2⤵
  PID:5436
- C:\Windows\System\RdFnVmI.exe
  C:\Windows\System\RdFnVmI.exe
  2⤵
  PID:5456
- C:\Windows\System\RUfAPkv.exe
  C:\Windows\System\RUfAPkv.exe
  2⤵
  PID:5484
- C:\Windows\System\bdEdzRG.exe
  C:\Windows\System\bdEdzRG.exe
  2⤵
  PID:5504
- C:\Windows\System\usDuYXs.exe
  C:\Windows\System\usDuYXs.exe
  2⤵
  PID:5520
- C:\Windows\System\xexbhzK.exe
  C:\Windows\System\xexbhzK.exe
  2⤵
  PID:5536
- C:\Windows\System\zOLOIeY.exe
  C:\Windows\System\zOLOIeY.exe
  2⤵
  PID:5560
- C:\Windows\System\FyJptGA.exe
  C:\Windows\System\FyJptGA.exe
  2⤵
  PID:5576
- C:\Windows\System\zIyahUR.exe
  C:\Windows\System\zIyahUR.exe
  2⤵
  PID:5600
- C:\Windows\System\lYeXDGx.exe
  C:\Windows\System\lYeXDGx.exe
  2⤵
  PID:5616
- C:\Windows\System\kpiiQLR.exe
  C:\Windows\System\kpiiQLR.exe
  2⤵
  PID:5636
- C:\Windows\System\Tpfdidb.exe
  C:\Windows\System\Tpfdidb.exe
  2⤵
  PID:5652
- C:\Windows\System\DXVXLGw.exe
  C:\Windows\System\DXVXLGw.exe
  2⤵
  PID:5668
- C:\Windows\System\eRigSmo.exe
  C:\Windows\System\eRigSmo.exe
  2⤵
  PID:5688
- C:\Windows\System\nuLVvOq.exe
  C:\Windows\System\nuLVvOq.exe
  2⤵
  PID:5708
- C:\Windows\System\CoWuzwB.exe
  C:\Windows\System\CoWuzwB.exe
  2⤵
  PID:5728
- C:\Windows\System\nvStOBm.exe
  C:\Windows\System\nvStOBm.exe
  2⤵
  PID:5748
- C:\Windows\System\IEFbXbg.exe
  C:\Windows\System\IEFbXbg.exe
  2⤵
  PID:5764
- C:\Windows\System\dhdyHED.exe
  C:\Windows\System\dhdyHED.exe
  2⤵
  PID:5788
- C:\Windows\System\CFJmqBD.exe
  C:\Windows\System\CFJmqBD.exe
  2⤵
  PID:5804
- C:\Windows\System\byQwWiM.exe
  C:\Windows\System\byQwWiM.exe
  2⤵
  PID:5828
- C:\Windows\System\WiUtgrb.exe
  C:\Windows\System\WiUtgrb.exe
  2⤵
  PID:5844
- C:\Windows\System\crmMmkF.exe
  C:\Windows\System\crmMmkF.exe
  2⤵
  PID:5864
- C:\Windows\System\wFJfTBz.exe
  C:\Windows\System\wFJfTBz.exe
  2⤵
  PID:5880
- C:\Windows\System\YoMGwCV.exe
  C:\Windows\System\YoMGwCV.exe
  2⤵
  PID:5904
- C:\Windows\System\iRhBRle.exe
  C:\Windows\System\iRhBRle.exe
  2⤵
  PID:5920
- C:\Windows\System\bLksVoB.exe
  C:\Windows\System\bLksVoB.exe
  2⤵
  PID:5940
- C:\Windows\System\tDizgCQ.exe
  C:\Windows\System\tDizgCQ.exe
  2⤵
  PID:5960
- C:\Windows\System\dxFZsML.exe
  C:\Windows\System\dxFZsML.exe
  2⤵
  PID:5980
- C:\Windows\System\lujhRdB.exe
  C:\Windows\System\lujhRdB.exe
  2⤵
  PID:5996
- C:\Windows\System\aCfNGbQ.exe
  C:\Windows\System\aCfNGbQ.exe
  2⤵
  PID:6020
- C:\Windows\System\eAjjzve.exe
  C:\Windows\System\eAjjzve.exe
  2⤵
  PID:6036
- C:\Windows\System\kJwbNMx.exe
  C:\Windows\System\kJwbNMx.exe
  2⤵
  PID:6056
- C:\Windows\System\WfLMosg.exe
  C:\Windows\System\WfLMosg.exe
  2⤵
  PID:6072
- C:\Windows\System\ScJOZgT.exe
  C:\Windows\System\ScJOZgT.exe
  2⤵
  PID:6096
- C:\Windows\System\gmdcSEO.exe
  C:\Windows\System\gmdcSEO.exe
  2⤵
  PID:6116
- C:\Windows\System\ITmWWSM.exe
  C:\Windows\System\ITmWWSM.exe
  2⤵
  PID:6136
- C:\Windows\System\JwnALOR.exe
  C:\Windows\System\JwnALOR.exe
  2⤵
  PID:4952
- C:\Windows\System\KNbLjuM.exe
  C:\Windows\System\KNbLjuM.exe
  2⤵
  PID:5076
- C:\Windows\System\yytWJjx.exe
  C:\Windows\System\yytWJjx.exe
  2⤵
  PID:4120
- C:\Windows\System\RilxQOA.exe
  C:\Windows\System\RilxQOA.exe
  2⤵
  PID:2160
- C:\Windows\System\gxAcypQ.exe
  C:\Windows\System\gxAcypQ.exe
  2⤵
  PID:3924
- C:\Windows\System\XDVJSRN.exe
  C:\Windows\System\XDVJSRN.exe
  2⤵
  PID:3140
- C:\Windows\System\iqbLCuc.exe
  C:\Windows\System\iqbLCuc.exe
  2⤵
  PID:4520
- C:\Windows\System\kphBHMB.exe
  C:\Windows\System\kphBHMB.exe
  2⤵
  PID:4528
- C:\Windows\System\GpsLVuV.exe
  C:\Windows\System\GpsLVuV.exe
  2⤵
  PID:4680
- C:\Windows\System\WbfcDVP.exe
  C:\Windows\System\WbfcDVP.exe
  2⤵
  PID:4592
- C:\Windows\System\hCatYTi.exe
  C:\Windows\System\hCatYTi.exe
  2⤵
  PID:5128
- C:\Windows\System\KCySHPT.exe
  C:\Windows\System\KCySHPT.exe
  2⤵
  PID:4904
- C:\Windows\System\TQtbQxx.exe
  C:\Windows\System\TQtbQxx.exe
  2⤵
  PID:5172
- C:\Windows\System\FubahdN.exe
  C:\Windows\System\FubahdN.exe
  2⤵
  PID:5216
- C:\Windows\System\afGJcFb.exe
  C:\Windows\System\afGJcFb.exe
  2⤵
  PID:5248
- C:\Windows\System\Akdqpca.exe
  C:\Windows\System\Akdqpca.exe
  2⤵
  PID:5328
- C:\Windows\System\cUioVoC.exe
  C:\Windows\System\cUioVoC.exe
  2⤵
  PID:5228
- C:\Windows\System\QrkYrAe.exe
  C:\Windows\System\QrkYrAe.exe
  2⤵
  PID:5408
- C:\Windows\System\KwWjpQs.exe
  C:\Windows\System\KwWjpQs.exe
  2⤵
  PID:5452
- C:\Windows\System\QBXGakI.exe
  C:\Windows\System\QBXGakI.exe
  2⤵
  PID:5528
- C:\Windows\System\NiXieTV.exe
  C:\Windows\System\NiXieTV.exe
  2⤵
  PID:5308
- C:\Windows\System\bKVAhLh.exe
  C:\Windows\System\bKVAhLh.exe
  2⤵
  PID:5572
- C:\Windows\System\EtjLxgT.exe
  C:\Windows\System\EtjLxgT.exe
  2⤵
  PID:5348
- C:\Windows\System\appMNAX.exe
  C:\Windows\System\appMNAX.exe
  2⤵
  PID:5680
- C:\Windows\System\UiztkpP.exe
  C:\Windows\System\UiztkpP.exe
  2⤵
  PID:5396
- C:\Windows\System\ZFsDmAm.exe
  C:\Windows\System\ZFsDmAm.exe
  2⤵
  PID:5796
- C:\Windows\System\xKcqaHz.exe
  C:\Windows\System\xKcqaHz.exe
  2⤵
  PID:5840
- C:\Windows\System\VobSMbx.exe
  C:\Windows\System\VobSMbx.exe
  2⤵
  PID:5916
- C:\Windows\System\PIqbdmT.exe
  C:\Windows\System\PIqbdmT.exe
  2⤵
  PID:5464
- C:\Windows\System\ZyCuyKf.exe
  C:\Windows\System\ZyCuyKf.exe
  2⤵
  PID:5948
- C:\Windows\System\qRJtTkt.exe
  C:\Windows\System\qRJtTkt.exe
  2⤵
  PID:5992
- C:\Windows\System\dysoVgp.exe
  C:\Windows\System\dysoVgp.exe
  2⤵
  PID:6032
- C:\Windows\System\ScTPlZd.exe
  C:\Windows\System\ScTPlZd.exe
  2⤵
  PID:5544
- C:\Windows\System\FhqUwfI.exe
  C:\Windows\System\FhqUwfI.exe
  2⤵
  PID:6108
- C:\Windows\System\HGBvkIp.exe
  C:\Windows\System\HGBvkIp.exe
  2⤵
  PID:4980
- C:\Windows\System\oYnTnmB.exe
  C:\Windows\System\oYnTnmB.exe
  2⤵
  PID:2616
- C:\Windows\System\lXHadYs.exe
  C:\Windows\System\lXHadYs.exe
  2⤵
  PID:5584
- C:\Windows\System\riyBzBJ.exe
  C:\Windows\System\riyBzBJ.exe
  2⤵
  PID:5624
- C:\Windows\System\LYRcEnX.exe
  C:\Windows\System\LYRcEnX.exe
  2⤵
  PID:2640
- C:\Windows\System\NAWTdft.exe
  C:\Windows\System\NAWTdft.exe
  2⤵
  PID:5356
- C:\Windows\System\FlKSRDY.exe
  C:\Windows\System\FlKSRDY.exe
  2⤵
  PID:5724
- C:\Windows\System\ncISnUz.exe
  C:\Windows\System\ncISnUz.exe
  2⤵
  PID:5736
- C:\Windows\System\HYqmDGa.exe
  C:\Windows\System\HYqmDGa.exe
  2⤵
  PID:5776
- C:\Windows\System\FWNFuXf.exe
  C:\Windows\System\FWNFuXf.exe
  2⤵
  PID:5816
- C:\Windows\System\cjjwyhj.exe
  C:\Windows\System\cjjwyhj.exe
  2⤵
  PID:5856
- C:\Windows\System\WoRIVny.exe
  C:\Windows\System\WoRIVny.exe
  2⤵
  PID:5896
- C:\Windows\System\QFRuCpI.exe
  C:\Windows\System\QFRuCpI.exe
  2⤵
  PID:5936
- C:\Windows\System\qTctnjA.exe
  C:\Windows\System\qTctnjA.exe
  2⤵
  PID:6004
- C:\Windows\System\SsAcAfH.exe
  C:\Windows\System\SsAcAfH.exe
  2⤵
  PID:6044
- C:\Windows\System\oyfNeIp.exe
  C:\Windows\System\oyfNeIp.exe
  2⤵
  PID:6080
- C:\Windows\System\FIELwmO.exe
  C:\Windows\System\FIELwmO.exe
  2⤵
  PID:6124
- C:\Windows\System\VBMPHij.exe
  C:\Windows\System\VBMPHij.exe
  2⤵
  PID:4916
- C:\Windows\System\gHQdIdp.exe
  C:\Windows\System\gHQdIdp.exe
  2⤵
  PID:3124
- C:\Windows\System\GwMSeez.exe
  C:\Windows\System\GwMSeez.exe
  2⤵
  PID:3112
- C:\Windows\System\PZJVidd.exe
  C:\Windows\System\PZJVidd.exe
  2⤵
  PID:5424
- C:\Windows\System\sjvNmHd.exe
  C:\Windows\System\sjvNmHd.exe
  2⤵
  PID:4588
- C:\Windows\System\YcnrCQE.exe
  C:\Windows\System\YcnrCQE.exe
  2⤵
  PID:5152
- C:\Windows\System\DCVbdsR.exe
  C:\Windows\System\DCVbdsR.exe
  2⤵
  PID:5836
- C:\Windows\System\RuesAck.exe
  C:\Windows\System\RuesAck.exe
  2⤵
  PID:5232
- C:\Windows\System\zfLwcim.exe
  C:\Windows\System\zfLwcim.exe
  2⤵
  PID:5496
- C:\Windows\System\hNwWYEp.exe
  C:\Windows\System\hNwWYEp.exe
  2⤵
  PID:5676
- C:\Windows\System\emtidqE.exe
  C:\Windows\System\emtidqE.exe
  2⤵
  PID:2876
- C:\Windows\System\nlpaeGu.exe
  C:\Windows\System\nlpaeGu.exe
  2⤵
  PID:5432
- C:\Windows\System\BPJtnSJ.exe
  C:\Windows\System\BPJtnSJ.exe
  2⤵
  PID:6068
- C:\Windows\System\xgMNXpJ.exe
  C:\Windows\System\xgMNXpJ.exe
  2⤵
  PID:5480
- C:\Windows\System\WNXJSgu.exe
  C:\Windows\System\WNXJSgu.exe
  2⤵
  PID:3868
- C:\Windows\System\ciFvOCn.exe
  C:\Windows\System\ciFvOCn.exe
  2⤵
  PID:5516
- C:\Windows\System\GbDhzPD.exe
  C:\Windows\System\GbDhzPD.exe
  2⤵
  PID:4420
- C:\Windows\System\jDTrclP.exe
  C:\Windows\System\jDTrclP.exe
  2⤵
  PID:5352
- C:\Windows\System\IyQlASc.exe
  C:\Windows\System\IyQlASc.exe
  2⤵
  PID:5928
- C:\Windows\System\IujJXGf.exe
  C:\Windows\System\IujJXGf.exe
  2⤵
  PID:6016
- C:\Windows\System\CCTrVWI.exe
  C:\Windows\System\CCTrVWI.exe
  2⤵
  PID:6092
- C:\Windows\System\reuAmBk.exe
  C:\Windows\System\reuAmBk.exe
  2⤵
  PID:4500
- C:\Windows\System\qnXGIHN.exe
  C:\Windows\System\qnXGIHN.exe
  2⤵
  PID:5196
- C:\Windows\System\MQhNPgr.exe
  C:\Windows\System\MQhNPgr.exe
  2⤵
  PID:3972
- C:\Windows\System\sUrADxF.exe
  C:\Windows\System\sUrADxF.exe
  2⤵
  PID:5272
- C:\Windows\System\DIXdwPp.exe
  C:\Windows\System\DIXdwPp.exe
  2⤵
  PID:5704
- C:\Windows\System\yVcWEtC.exe
  C:\Windows\System\yVcWEtC.exe
  2⤵
  PID:5892
- C:\Windows\System\bOJSxZw.exe
  C:\Windows\System\bOJSxZw.exe
  2⤵
  PID:2364
- C:\Windows\System\dfIwEQG.exe
  C:\Windows\System\dfIwEQG.exe
  2⤵
  PID:5192
- C:\Windows\System\HNKxuPP.exe
  C:\Windows\System\HNKxuPP.exe
  2⤵
  PID:5700
- C:\Windows\System\xjCAxid.exe
  C:\Windows\System\xjCAxid.exe
  2⤵
  PID:6048
- C:\Windows\System\bzJWcDl.exe
  C:\Windows\System\bzJWcDl.exe
  2⤵
  PID:2424
- C:\Windows\System\ScRzXPm.exe
  C:\Windows\System\ScRzXPm.exe
  2⤵
  PID:4584
- C:\Windows\System\OCFHcis.exe
  C:\Windows\System\OCFHcis.exe
  2⤵
  PID:5372
- C:\Windows\System\YufiNUT.exe
  C:\Windows\System\YufiNUT.exe
  2⤵
  PID:5876
- C:\Windows\System\vwdweEm.exe
  C:\Windows\System\vwdweEm.exe
  2⤵
  PID:2888
- C:\Windows\System\lvsibUe.exe
  C:\Windows\System\lvsibUe.exe
  2⤵
  PID:4844
- C:\Windows\System\AowObCw.exe
  C:\Windows\System\AowObCw.exe
  2⤵
  PID:5556
- C:\Windows\System\RwpehFz.exe
  C:\Windows\System\RwpehFz.exe
  2⤵
  PID:4728
- C:\Windows\System\KSRbZyB.exe
  C:\Windows\System\KSRbZyB.exe
  2⤵
  PID:4444
- C:\Windows\System\bBhFXEi.exe
  C:\Windows\System\bBhFXEi.exe
  2⤵
  PID:5476
- C:\Windows\System\imzQmAF.exe
  C:\Windows\System\imzQmAF.exe
  2⤵
  PID:5268
- C:\Windows\System\eHWkYBy.exe
  C:\Windows\System\eHWkYBy.exe
  2⤵
  PID:5296
- C:\Windows\System\reRnfaC.exe
  C:\Windows\System\reRnfaC.exe
  2⤵
  PID:2976
- C:\Windows\System\oXljtDC.exe
  C:\Windows\System\oXljtDC.exe
  2⤵
  PID:5888
- C:\Windows\System\ZckVkEB.exe
  C:\Windows\System\ZckVkEB.exe
  2⤵
  PID:2052
- C:\Windows\System\VmIhpeS.exe
  C:\Windows\System\VmIhpeS.exe
  2⤵
  PID:6148
- C:\Windows\System\deSWmkx.exe
  C:\Windows\System\deSWmkx.exe
  2⤵
  PID:6168
- C:\Windows\System\LuqfAZP.exe
  C:\Windows\System\LuqfAZP.exe
  2⤵
  PID:6184
- C:\Windows\System\WfJtiHx.exe
  C:\Windows\System\WfJtiHx.exe
  2⤵
  PID:6228
- C:\Windows\System\KrvMxgU.exe
  C:\Windows\System\KrvMxgU.exe
  2⤵
  PID:6244
- C:\Windows\System\OZDKnNc.exe
  C:\Windows\System\OZDKnNc.exe
  2⤵
  PID:6260
- C:\Windows\System\PtgjZVW.exe
  C:\Windows\System\PtgjZVW.exe
  2⤵
  PID:6280
- C:\Windows\System\SfZuAku.exe
  C:\Windows\System\SfZuAku.exe
  2⤵
  PID:6308
- C:\Windows\System\qmMUUae.exe
  C:\Windows\System\qmMUUae.exe
  2⤵
  PID:6352
- C:\Windows\System\kHYOdxS.exe
  C:\Windows\System\kHYOdxS.exe
  2⤵
  PID:6368
- C:\Windows\System\WjWoyZa.exe
  C:\Windows\System\WjWoyZa.exe
  2⤵
  PID:6384
- C:\Windows\System\LuuAbEB.exe
  C:\Windows\System\LuuAbEB.exe
  2⤵
  PID:6400
- C:\Windows\System\PaSbyUZ.exe
  C:\Windows\System\PaSbyUZ.exe
  2⤵
  PID:6416
- C:\Windows\System\EzbUzoF.exe
  C:\Windows\System\EzbUzoF.exe
  2⤵
  PID:6432
- C:\Windows\System\dYZDxWf.exe
  C:\Windows\System\dYZDxWf.exe
  2⤵
  PID:6448
- C:\Windows\System\LcUPdOJ.exe
  C:\Windows\System\LcUPdOJ.exe
  2⤵
  PID:6464
- C:\Windows\System\uSChzYj.exe
  C:\Windows\System\uSChzYj.exe
  2⤵
  PID:6480
- C:\Windows\System\yvQBkek.exe
  C:\Windows\System\yvQBkek.exe
  2⤵
  PID:6496
- C:\Windows\System\nEvYCSj.exe
  C:\Windows\System\nEvYCSj.exe
  2⤵
  PID:6512
- C:\Windows\System\TIBmKXc.exe
  C:\Windows\System\TIBmKXc.exe
  2⤵
  PID:6528
- C:\Windows\System\taNRSKd.exe
  C:\Windows\System\taNRSKd.exe
  2⤵
  PID:6544
- C:\Windows\System\QJthhXq.exe
  C:\Windows\System\QJthhXq.exe
  2⤵
  PID:6560
- C:\Windows\System\TlrBJTt.exe
  C:\Windows\System\TlrBJTt.exe
  2⤵
  PID:6576
- C:\Windows\System\RjyknjQ.exe
  C:\Windows\System\RjyknjQ.exe
  2⤵
  PID:6592
- C:\Windows\System\mbdjcRP.exe
  C:\Windows\System\mbdjcRP.exe
  2⤵
  PID:6608
- C:\Windows\System\kbamGut.exe
  C:\Windows\System\kbamGut.exe
  2⤵
  PID:6624
- C:\Windows\System\QuBZjmv.exe
  C:\Windows\System\QuBZjmv.exe
  2⤵
  PID:6640
- C:\Windows\System\HrKNGXV.exe
  C:\Windows\System\HrKNGXV.exe
  2⤵
  PID:6656
- C:\Windows\System\zvxbDeo.exe
  C:\Windows\System\zvxbDeo.exe
  2⤵
  PID:6672
- C:\Windows\System\HlEqqcL.exe
  C:\Windows\System\HlEqqcL.exe
  2⤵
  PID:6688
- C:\Windows\System\GyosefJ.exe
  C:\Windows\System\GyosefJ.exe
  2⤵
  PID:6704
- C:\Windows\System\fzdRGzi.exe
  C:\Windows\System\fzdRGzi.exe
  2⤵
  PID:6720
- C:\Windows\System\QjXGlOS.exe
  C:\Windows\System\QjXGlOS.exe
  2⤵
  PID:6736
- C:\Windows\System\axyhhDd.exe
  C:\Windows\System\axyhhDd.exe
  2⤵
  PID:6760
- C:\Windows\System\ihQEePw.exe
  C:\Windows\System\ihQEePw.exe
  2⤵
  PID:6796
- C:\Windows\System\uQIPEfc.exe
  C:\Windows\System\uQIPEfc.exe
  2⤵
  PID:6884
- C:\Windows\System\xVvNEYr.exe
  C:\Windows\System\xVvNEYr.exe
  2⤵
  PID:6948
- C:\Windows\System\ooyeTKn.exe
  C:\Windows\System\ooyeTKn.exe
  2⤵
  PID:6972
- C:\Windows\System\ojOyXdG.exe
  C:\Windows\System\ojOyXdG.exe
  2⤵
  PID:6988
- C:\Windows\System\dozszrV.exe
  C:\Windows\System\dozszrV.exe
  2⤵
  PID:7008
- C:\Windows\System\vpLGspI.exe
  C:\Windows\System\vpLGspI.exe
  2⤵
  PID:7024
- C:\Windows\System\PtmSgmn.exe
  C:\Windows\System\PtmSgmn.exe
  2⤵
  PID:7040
- C:\Windows\System\zwQcLrM.exe
  C:\Windows\System\zwQcLrM.exe
  2⤵
  PID:7060
- C:\Windows\System\mCalOPZ.exe
  C:\Windows\System\mCalOPZ.exe
  2⤵
  PID:7080
- C:\Windows\System\gbVXGXf.exe
  C:\Windows\System\gbVXGXf.exe
  2⤵
  PID:7100
- C:\Windows\System\avrdmoj.exe
  C:\Windows\System\avrdmoj.exe
  2⤵
  PID:7124
- C:\Windows\System\uikaqCF.exe
  C:\Windows\System\uikaqCF.exe
  2⤵
  PID:7140
- C:\Windows\System\MwRJPzN.exe
  C:\Windows\System\MwRJPzN.exe
  2⤵
  PID:7156
- C:\Windows\System\IwnjIAJ.exe
  C:\Windows\System\IwnjIAJ.exe
  2⤵
  PID:5388
- C:\Windows\System\IZuNgjk.exe
  C:\Windows\System\IZuNgjk.exe
  2⤵
  PID:5168
- C:\Windows\System\RgunNVc.exe
  C:\Windows\System\RgunNVc.exe
  2⤵
  PID:5472
- C:\Windows\System\jRYApTK.exe
  C:\Windows\System\jRYApTK.exe
  2⤵
  PID:6088
- C:\Windows\System\BMXJwXF.exe
  C:\Windows\System\BMXJwXF.exe
  2⤵
  PID:5252
- C:\Windows\System\NFhYqkm.exe
  C:\Windows\System\NFhYqkm.exe
  2⤵
  PID:6160
- C:\Windows\System\YQwdMQg.exe
  C:\Windows\System\YQwdMQg.exe
  2⤵
  PID:6200
- C:\Windows\System\SgBPuCr.exe
  C:\Windows\System\SgBPuCr.exe
  2⤵
  PID:6224
- C:\Windows\System\zEOYhax.exe
  C:\Windows\System\zEOYhax.exe
  2⤵
  PID:300
- C:\Windows\System\vRcBXDp.exe
  C:\Windows\System\vRcBXDp.exe
  2⤵
  PID:2916
- C:\Windows\System\nXvzWZx.exe
  C:\Windows\System\nXvzWZx.exe
  2⤵
  PID:3060
- C:\Windows\System\xjOtRvb.exe
  C:\Windows\System\xjOtRvb.exe
  2⤵
  PID:6252
- C:\Windows\System\WYbjfSs.exe
  C:\Windows\System\WYbjfSs.exe
  2⤵
  PID:6288
- C:\Windows\System\zxbwSMf.exe
  C:\Windows\System\zxbwSMf.exe
  2⤵
  PID:6304
- C:\Windows\System\LDjXrHi.exe
  C:\Windows\System\LDjXrHi.exe
  2⤵
  PID:6324
- C:\Windows\System\DpgrgaS.exe
  C:\Windows\System\DpgrgaS.exe
  2⤵
  PID:6456
- C:\Windows\System\kUpZSmQ.exe
  C:\Windows\System\kUpZSmQ.exe
  2⤵
  PID:6472
- C:\Windows\System\TJkamWY.exe
  C:\Windows\System\TJkamWY.exe
  2⤵
  PID:6508
- C:\Windows\System\wVdlOKe.exe
  C:\Windows\System\wVdlOKe.exe
  2⤵
  PID:6540
- C:\Windows\System\bZEONES.exe
  C:\Windows\System\bZEONES.exe
  2⤵
  PID:6584
- C:\Windows\System\NUlhoRi.exe
  C:\Windows\System\NUlhoRi.exe
  2⤵
  PID:6616
- C:\Windows\System\HXbytTr.exe
  C:\Windows\System\HXbytTr.exe
  2⤵
  PID:6652
- C:\Windows\System\hdTsLli.exe
  C:\Windows\System\hdTsLli.exe
  2⤵
  PID:6680
- C:\Windows\System\aOXBLod.exe
  C:\Windows\System\aOXBLod.exe
  2⤵
  PID:6664
- C:\Windows\System\zHzKkIC.exe
  C:\Windows\System\zHzKkIC.exe
  2⤵
  PID:6744
- C:\Windows\System\RmXHJXl.exe
  C:\Windows\System\RmXHJXl.exe
  2⤵
  PID:2952
- C:\Windows\System\EqSFeXl.exe
  C:\Windows\System\EqSFeXl.exe
  2⤵
  PID:2496
- C:\Windows\System\jMWexpG.exe
  C:\Windows\System\jMWexpG.exe
  2⤵
  PID:6840
- C:\Windows\System\JkxWFqD.exe
  C:\Windows\System\JkxWFqD.exe
  2⤵
  PID:6852
- C:\Windows\System\qSxlgrw.exe
  C:\Windows\System\qSxlgrw.exe
  2⤵
  PID:6868
- C:\Windows\System\AVkiOre.exe
  C:\Windows\System\AVkiOre.exe
  2⤵
  PID:6776
- C:\Windows\System\HWHriRs.exe
  C:\Windows\System\HWHriRs.exe
  2⤵
  PID:1824
- C:\Windows\System\msRrIjm.exe
  C:\Windows\System\msRrIjm.exe
  2⤵
  PID:6908
- C:\Windows\System\bpFDxeh.exe
  C:\Windows\System\bpFDxeh.exe
  2⤵
  PID:6924
- C:\Windows\System\AxqXuic.exe
  C:\Windows\System\AxqXuic.exe
  2⤵
  PID:6940
- C:\Windows\System\SsOrxmy.exe
  C:\Windows\System\SsOrxmy.exe
  2⤵
  PID:296
- C:\Windows\System\UiEosju.exe
  C:\Windows\System\UiEosju.exe
  2⤵
  PID:6996
- C:\Windows\System\evLMrkV.exe
  C:\Windows\System\evLMrkV.exe
  2⤵
  PID:7016
- C:\Windows\System\CqzynkV.exe
  C:\Windows\System\CqzynkV.exe
  2⤵
  PID:7056
- C:\Windows\System\YrsfQdN.exe
  C:\Windows\System\YrsfQdN.exe
  2⤵
  PID:7120
- C:\Windows\System\TyZOHlK.exe
  C:\Windows\System\TyZOHlK.exe
  2⤵
  PID:7164
- C:\Windows\System\OIrgLFZ.exe
  C:\Windows\System\OIrgLFZ.exe
  2⤵
  PID:5988
- C:\Windows\System\vzCUOry.exe
  C:\Windows\System\vzCUOry.exe
  2⤵
  PID:1648
- C:\Windows\System\iwudbDL.exe
  C:\Windows\System\iwudbDL.exe
  2⤵
  PID:2372
- C:\Windows\System\LQDtLEo.exe
  C:\Windows\System\LQDtLEo.exe
  2⤵
  PID:6256
- C:\Windows\System\GzOwFSR.exe
  C:\Windows\System\GzOwFSR.exe
  2⤵
  PID:4140
- C:\Windows\System\XAFwXmE.exe
  C:\Windows\System\XAFwXmE.exe
  2⤵
  PID:6316
- C:\Windows\System\YLVjqVv.exe
  C:\Windows\System\YLVjqVv.exe
  2⤵
  PID:2584
- C:\Windows\System\PGFNIrv.exe
  C:\Windows\System\PGFNIrv.exe
  2⤵
  PID:2740
- C:\Windows\System\MwpjuVm.exe
  C:\Windows\System\MwpjuVm.exe
  2⤵
  PID:6276
- C:\Windows\System\plhuebB.exe
  C:\Windows\System\plhuebB.exe
  2⤵
  PID:6336
- C:\Windows\System\loioqvt.exe
  C:\Windows\System\loioqvt.exe
  2⤵
  PID:6376
- C:\Windows\System\aMwVrDJ.exe
  C:\Windows\System\aMwVrDJ.exe
  2⤵
  PID:6408
- C:\Windows\System\SfvqAtc.exe
  C:\Windows\System\SfvqAtc.exe
  2⤵
  PID:6460
- C:\Windows\System\yPBhWyU.exe
  C:\Windows\System\yPBhWyU.exe
  2⤵
  PID:6600
- C:\Windows\System\dwaygBC.exe
  C:\Windows\System\dwaygBC.exe
  2⤵
  PID:6568
- C:\Windows\System\vctkwOA.exe
  C:\Windows\System\vctkwOA.exe
  2⤵
  PID:2200
- C:\Windows\System\WGTPTzC.exe
  C:\Windows\System\WGTPTzC.exe
  2⤵
  PID:6668
- C:\Windows\System\ZNUzLwc.exe
  C:\Windows\System\ZNUzLwc.exe
  2⤵
  PID:6716
- C:\Windows\System\mhfQGRc.exe
  C:\Windows\System\mhfQGRc.exe
  2⤵
  PID:6808
- C:\Windows\System\RhQkGey.exe
  C:\Windows\System\RhQkGey.exe
  2⤵
  PID:832
- C:\Windows\System\jdcfOzO.exe
  C:\Windows\System\jdcfOzO.exe
  2⤵
  PID:6848
- C:\Windows\System\DRFVpdv.exe
  C:\Windows\System\DRFVpdv.exe
  2⤵
  PID:6880
- C:\Windows\System\jVknblE.exe
  C:\Windows\System\jVknblE.exe
  2⤵
  PID:6772
- C:\Windows\System\ZKXpQlW.exe
  C:\Windows\System\ZKXpQlW.exe
  2⤵
  PID:6932
- C:\Windows\System\RrTCToP.exe
  C:\Windows\System\RrTCToP.exe
  2⤵
  PID:2320
- C:\Windows\System\PBuZWLY.exe
  C:\Windows\System\PBuZWLY.exe
  2⤵
  PID:6960
- C:\Windows\System\kvcFPxH.exe
  C:\Windows\System\kvcFPxH.exe
  2⤵
  PID:7068
- C:\Windows\System\uTMlNHJ.exe
  C:\Windows\System\uTMlNHJ.exe
  2⤵
  PID:7072
- C:\Windows\System\RIVGrLb.exe
  C:\Windows\System\RIVGrLb.exe
  2⤵
  PID:7112
- C:\Windows\System\nKZcuLK.exe
  C:\Windows\System\nKZcuLK.exe
  2⤵
  PID:1756
- C:\Windows\System\ORAtVGO.exe
  C:\Windows\System\ORAtVGO.exe
  2⤵
  PID:5932
- C:\Windows\System\Ldphomd.exe
  C:\Windows\System\Ldphomd.exe
  2⤵
  PID:6220
- C:\Windows\System\rroPyFZ.exe
  C:\Windows\System\rroPyFZ.exe
  2⤵
  PID:6236
- C:\Windows\System\ZXcbKlY.exe
  C:\Windows\System\ZXcbKlY.exe
  2⤵
  PID:6392
- C:\Windows\System\PBazbYH.exe
  C:\Windows\System\PBazbYH.exe
  2⤵
  PID:6488
- C:\Windows\System\XlpLsEJ.exe
  C:\Windows\System\XlpLsEJ.exe
  2⤵
  PID:6428
- C:\Windows\System\IOZIWuu.exe
  C:\Windows\System\IOZIWuu.exe
  2⤵
  PID:2768
- C:\Windows\System\XgrPYtY.exe
  C:\Windows\System\XgrPYtY.exe
  2⤵
  PID:2516
- C:\Windows\System\qkPDkvp.exe
  C:\Windows\System\qkPDkvp.exe
  2⤵
  PID:764
- C:\Windows\System\FsxAfVr.exe
  C:\Windows\System\FsxAfVr.exe
  2⤵
  PID:6824
- C:\Windows\System\OczrhlO.exe
  C:\Windows\System\OczrhlO.exe
  2⤵
  PID:6856
- C:\Windows\System\gmTOXoJ.exe
  C:\Windows\System\gmTOXoJ.exe
  2⤵
  PID:6904
- C:\Windows\System\MEgKmPD.exe
  C:\Windows\System\MEgKmPD.exe
  2⤵
  PID:7092
- C:\Windows\System\gBAilvD.exe
  C:\Windows\System\gBAilvD.exe
  2⤵
  PID:2360
- C:\Windows\System\LDDBoga.exe
  C:\Windows\System\LDDBoga.exe
  2⤵
  PID:6364
- C:\Windows\System\HFkFzPd.exe
  C:\Windows\System\HFkFzPd.exe
  2⤵
  PID:6340
- C:\Windows\System\gbcWKYB.exe
  C:\Windows\System\gbcWKYB.exe
  2⤵
  PID:7108
- C:\Windows\System\dZtycJv.exe
  C:\Windows\System\dZtycJv.exe
  2⤵
  PID:5188
- C:\Windows\System\ugnZDCk.exe
  C:\Windows\System\ugnZDCk.exe
  2⤵
  PID:6700
- C:\Windows\System\VKuFCki.exe
  C:\Windows\System\VKuFCki.exe
  2⤵
  PID:2808
- C:\Windows\System\LvbUOfm.exe
  C:\Windows\System\LvbUOfm.exe
  2⤵
  PID:6756
- C:\Windows\System\SGgyFic.exe
  C:\Windows\System\SGgyFic.exe
  2⤵
  PID:1736
- C:\Windows\System\CDREBKg.exe
  C:\Windows\System\CDREBKg.exe
  2⤵
  PID:6176
- C:\Windows\System\MxAhohj.exe
  C:\Windows\System\MxAhohj.exe
  2⤵
  PID:6328
- C:\Windows\System\JZtDvwL.exe
  C:\Windows\System\JZtDvwL.exe
  2⤵
  PID:6396
- C:\Windows\System\IjPgCKN.exe
  C:\Windows\System\IjPgCKN.exe
  2⤵
  PID:7196
- C:\Windows\System\YzMFBJF.exe
  C:\Windows\System\YzMFBJF.exe
  2⤵
  PID:7216
- C:\Windows\System\HDXoGCy.exe
  C:\Windows\System\HDXoGCy.exe
  2⤵
  PID:7232
- C:\Windows\System\RVklXPv.exe
  C:\Windows\System\RVklXPv.exe
  2⤵
  PID:7252
- C:\Windows\System\QzndrSK.exe
  C:\Windows\System\QzndrSK.exe
  2⤵
  PID:7272
- C:\Windows\System\fyomumJ.exe
  C:\Windows\System\fyomumJ.exe
  2⤵
  PID:7300
- C:\Windows\System\FLBQGcX.exe
  C:\Windows\System\FLBQGcX.exe
  2⤵
  PID:7324
- C:\Windows\System\NVdtZWb.exe
  C:\Windows\System\NVdtZWb.exe
  2⤵
  PID:7348
- C:\Windows\System\TKAozhK.exe
  C:\Windows\System\TKAozhK.exe
  2⤵
  PID:7364
- C:\Windows\System\uodnGbg.exe
  C:\Windows\System\uodnGbg.exe
  2⤵
  PID:7384
- C:\Windows\System\pCrKmXy.exe
  C:\Windows\System\pCrKmXy.exe
  2⤵
  PID:7400
- C:\Windows\System\JxattNW.exe
  C:\Windows\System\JxattNW.exe
  2⤵
  PID:7420
- C:\Windows\System\Qwuzeru.exe
  C:\Windows\System\Qwuzeru.exe
  2⤵
  PID:7436
- C:\Windows\System\fWUJhcY.exe
  C:\Windows\System\fWUJhcY.exe
  2⤵
  PID:7456
- C:\Windows\System\NqfIyHC.exe
  C:\Windows\System\NqfIyHC.exe
  2⤵
  PID:7488
- C:\Windows\System\CkTEeyH.exe
  C:\Windows\System\CkTEeyH.exe
  2⤵
  PID:7504
- C:\Windows\System\NvLGYsZ.exe
  C:\Windows\System\NvLGYsZ.exe
  2⤵
  PID:7524
- C:\Windows\System\LHhapxu.exe
  C:\Windows\System\LHhapxu.exe
  2⤵
  PID:7552
- C:\Windows\System\lHgyCWj.exe
  C:\Windows\System\lHgyCWj.exe
  2⤵
  PID:7572
- C:\Windows\System\MkUZOsw.exe
  C:\Windows\System\MkUZOsw.exe
  2⤵
  PID:7588
- C:\Windows\System\kGdDHoh.exe
  C:\Windows\System\kGdDHoh.exe
  2⤵
  PID:7608
- C:\Windows\System\Goxshgi.exe
  C:\Windows\System\Goxshgi.exe
  2⤵
  PID:7628
- C:\Windows\System\UHOlXlQ.exe
  C:\Windows\System\UHOlXlQ.exe
  2⤵
  PID:7648
- C:\Windows\System\EVpSxDh.exe
  C:\Windows\System\EVpSxDh.exe
  2⤵
  PID:7676
- C:\Windows\System\VRvaxvp.exe
  C:\Windows\System\VRvaxvp.exe
  2⤵
  PID:7696
- C:\Windows\System\pWpxQsE.exe
  C:\Windows\System\pWpxQsE.exe
  2⤵
  PID:7712
- C:\Windows\System\FdDAoBi.exe
  C:\Windows\System\FdDAoBi.exe
  2⤵
  PID:7732
- C:\Windows\System\qvRFkAK.exe
  C:\Windows\System\qvRFkAK.exe
  2⤵
  PID:7748
- C:\Windows\System\vKQbgKg.exe
  C:\Windows\System\vKQbgKg.exe
  2⤵
  PID:7788
- C:\Windows\System\mJgsLta.exe
  C:\Windows\System\mJgsLta.exe
  2⤵
  PID:7804
- C:\Windows\System\BbwJLDg.exe
  C:\Windows\System\BbwJLDg.exe
  2⤵
  PID:7820
- C:\Windows\System\ADtwwwN.exe
  C:\Windows\System\ADtwwwN.exe
  2⤵
  PID:7840
- C:\Windows\System\QrvBLeE.exe
  C:\Windows\System\QrvBLeE.exe
  2⤵
  PID:7856
- C:\Windows\System\SseywMJ.exe
  C:\Windows\System\SseywMJ.exe
  2⤵
  PID:7876
- C:\Windows\System\PcRqUEY.exe
  C:\Windows\System\PcRqUEY.exe
  2⤵
  PID:7892
- C:\Windows\System\ZpdYEwE.exe
  C:\Windows\System\ZpdYEwE.exe
  2⤵
  PID:7912
- C:\Windows\System\EFOqAIt.exe
  C:\Windows\System\EFOqAIt.exe
  2⤵
  PID:7932
- C:\Windows\System\yoQHIby.exe
  C:\Windows\System\yoQHIby.exe
  2⤵
  PID:7952
- C:\Windows\System\WinoDHq.exe
  C:\Windows\System\WinoDHq.exe
  2⤵
  PID:7980
- C:\Windows\System\AMHrwCf.exe
  C:\Windows\System\AMHrwCf.exe
  2⤵
  PID:8004
- C:\Windows\System\CVbMwaS.exe
  C:\Windows\System\CVbMwaS.exe
  2⤵
  PID:8032
- C:\Windows\System\ZCcHIaA.exe
  C:\Windows\System\ZCcHIaA.exe
  2⤵
  PID:8048
- C:\Windows\System\JEDWhZx.exe
  C:\Windows\System\JEDWhZx.exe
  2⤵
  PID:8064
- C:\Windows\System\ChnGWvf.exe
  C:\Windows\System\ChnGWvf.exe
  2⤵
  PID:8084
- C:\Windows\System\DFgLAMd.exe
  C:\Windows\System\DFgLAMd.exe
  2⤵
  PID:8100
- C:\Windows\System\wESDTrt.exe
  C:\Windows\System\wESDTrt.exe
  2⤵
  PID:8120
- C:\Windows\System\yobHese.exe
  C:\Windows\System\yobHese.exe
  2⤵
  PID:8136
- C:\Windows\System\MQRdcRt.exe
  C:\Windows\System\MQRdcRt.exe
  2⤵
  PID:8152
- C:\Windows\System\IiohNXI.exe
  C:\Windows\System\IiohNXI.exe
  2⤵
  PID:8172
- C:\Windows\System\MWfoBlM.exe
  C:\Windows\System\MWfoBlM.exe
  2⤵
  PID:8188
- C:\Windows\System\VhgWxNe.exe
  C:\Windows\System\VhgWxNe.exe
  2⤵
  PID:6504
- C:\Windows\System\tKOMxTC.exe
  C:\Windows\System\tKOMxTC.exe
  2⤵
  PID:7152
- C:\Windows\System\UZYQBTL.exe
  C:\Windows\System\UZYQBTL.exe
  2⤵
  PID:2944
- C:\Windows\System\glFvLpz.exe
  C:\Windows\System\glFvLpz.exe
  2⤵
  PID:6732
- C:\Windows\System\hpZrlDv.exe
  C:\Windows\System\hpZrlDv.exe
  2⤵
  PID:6196
- C:\Windows\System\HRBOlnO.exe
  C:\Windows\System\HRBOlnO.exe
  2⤵
  PID:7224
- C:\Windows\System\eFTshyV.exe
  C:\Windows\System\eFTshyV.exe
  2⤵
  PID:1964
- C:\Windows\System\jbITnai.exe
  C:\Windows\System\jbITnai.exe
  2⤵
  PID:6360
- C:\Windows\System\QYAMflA.exe
  C:\Windows\System\QYAMflA.exe
  2⤵
  PID:2624
- C:\Windows\System\vEZvyPW.exe
  C:\Windows\System\vEZvyPW.exe
  2⤵
  PID:7308
- C:\Windows\System\gfZSoXQ.exe
  C:\Windows\System\gfZSoXQ.exe
  2⤵
  PID:2696
- C:\Windows\System\wKVvuYZ.exe
  C:\Windows\System\wKVvuYZ.exe
  2⤵
  PID:7204
- C:\Windows\System\XtZhNlg.exe
  C:\Windows\System\XtZhNlg.exe
  2⤵
  PID:7248
- C:\Windows\System\KGidIKA.exe
  C:\Windows\System\KGidIKA.exe
  2⤵
  PID:7292
- C:\Windows\System\pVoADEm.exe
  C:\Windows\System\pVoADEm.exe
  2⤵
  PID:7344
- C:\Windows\System\iUntvlJ.exe
  C:\Windows\System\iUntvlJ.exe
  2⤵
  PID:7052
- C:\Windows\System\fnEpFpi.exe
  C:\Windows\System\fnEpFpi.exe
  2⤵
  PID:7468
- C:\Windows\System\UNQMqRX.exe
  C:\Windows\System\UNQMqRX.exe
  2⤵
  PID:7484
- C:\Windows\System\zfUBNOd.exe
  C:\Windows\System\zfUBNOd.exe
  2⤵
  PID:7444
- C:\Windows\System\unwOpyy.exe
  C:\Windows\System\unwOpyy.exe
  2⤵
  PID:7516
- C:\Windows\System\JIoGkcN.exe
  C:\Windows\System\JIoGkcN.exe
  2⤵
  PID:7532
- C:\Windows\System\ohOeKof.exe
  C:\Windows\System\ohOeKof.exe
  2⤵
  PID:7548
- C:\Windows\System\YNOkeVw.exe
  C:\Windows\System\YNOkeVw.exe
  2⤵
  PID:7568
- C:\Windows\System\xsxvqKT.exe
  C:\Windows\System\xsxvqKT.exe
  2⤵
  PID:7644
- C:\Windows\System\ceuuZHT.exe
  C:\Windows\System\ceuuZHT.exe
  2⤵
  PID:7580
- C:\Windows\System\YSIeWcb.exe
  C:\Windows\System\YSIeWcb.exe
  2⤵
  PID:752
- C:\Windows\System\tdGtyIE.exe
  C:\Windows\System\tdGtyIE.exe
  2⤵
  PID:7852
- C:\Windows\System\lDwpSld.exe
  C:\Windows\System\lDwpSld.exe
  2⤵
  PID:7664
- C:\Windows\System\KwKtLJY.exe
  C:\Windows\System\KwKtLJY.exe
  2⤵
  PID:7744
- C:\Windows\System\XbxkmDT.exe
  C:\Windows\System\XbxkmDT.exe
  2⤵
  PID:2104
- C:\Windows\System\NKjbnAg.exe
  C:\Windows\System\NKjbnAg.exe
  2⤵
  PID:7832
- C:\Windows\System\Jlhxzyx.exe
  C:\Windows\System\Jlhxzyx.exe
  2⤵
  PID:7872
- C:\Windows\System\zaHdytD.exe
  C:\Windows\System\zaHdytD.exe
  2⤵
  PID:7944
- C:\Windows\System\TcArYvH.exe
  C:\Windows\System\TcArYvH.exe
  2⤵
  PID:2096
- C:\Windows\System\hogherN.exe
  C:\Windows\System\hogherN.exe
  2⤵
  PID:8024
- C:\Windows\System\QKNtqjJ.exe
  C:\Windows\System\QKNtqjJ.exe
  2⤵
  PID:8028
- C:\Windows\System\HfURWtU.exe
  C:\Windows\System\HfURWtU.exe
  2⤵
  PID:8096
- C:\Windows\System\xZrquYA.exe
  C:\Windows\System\xZrquYA.exe
  2⤵
  PID:5952
- C:\Windows\System\ZgwCFQg.exe
  C:\Windows\System\ZgwCFQg.exe
  2⤵
  PID:2756
- C:\Windows\System\UqRMUUB.exe
  C:\Windows\System\UqRMUUB.exe
  2⤵
  PID:2528
- C:\Windows\System\KtRcYuY.exe
  C:\Windows\System\KtRcYuY.exe
  2⤵
  PID:8040
- C:\Windows\System\KQHmkFv.exe
  C:\Windows\System\KQHmkFv.exe
  2⤵
  PID:7340
- C:\Windows\System\xASlghu.exe
  C:\Windows\System\xASlghu.exe
  2⤵
  PID:6836
- C:\Windows\System\QWMsRvY.exe
  C:\Windows\System\QWMsRvY.exe
  2⤵
  PID:8044
- C:\Windows\System\qYPdfNM.exe
  C:\Windows\System\qYPdfNM.exe
  2⤵
  PID:8112
- C:\Windows\System\zmWzKai.exe
  C:\Windows\System\zmWzKai.exe
  2⤵
  PID:6828
- C:\Windows\System\GFRcyyg.exe
  C:\Windows\System\GFRcyyg.exe
  2⤵
  PID:6784
- C:\Windows\System\QVSkWlp.exe
  C:\Windows\System\QVSkWlp.exe
  2⤵
  PID:6216
- C:\Windows\System\pJcNSpG.exe
  C:\Windows\System\pJcNSpG.exe
  2⤵
  PID:7396
- C:\Windows\System\SLPveGo.exe
  C:\Windows\System\SLPveGo.exe
  2⤵
  PID:7564
- C:\Windows\System\tTFHNIf.exe
  C:\Windows\System\tTFHNIf.exe
  2⤵
  PID:7176
- C:\Windows\System\OKaexFt.exe
  C:\Windows\System\OKaexFt.exe
  2⤵
  PID:7284
- C:\Windows\System\JLuxGNN.exe
  C:\Windows\System\JLuxGNN.exe
  2⤵
  PID:7360
- C:\Windows\System\IgpbUNl.exe
  C:\Windows\System\IgpbUNl.exe
  2⤵
  PID:7480
- C:\Windows\System\iOhlnKA.exe
  C:\Windows\System\iOhlnKA.exe
  2⤵
  PID:7544
- C:\Windows\System\WUiPYLS.exe
  C:\Windows\System\WUiPYLS.exe
  2⤵
  PID:7720
- C:\Windows\System\McukZNm.exe
  C:\Windows\System\McukZNm.exe
  2⤵
  PID:7600
- C:\Windows\System\pWZlsDa.exe
  C:\Windows\System\pWZlsDa.exe
  2⤵
  PID:1532
- C:\Windows\System\oNFoxWc.exe
  C:\Windows\System\oNFoxWc.exe
  2⤵
  PID:7624
- C:\Windows\System\WIKAfsW.exe
  C:\Windows\System\WIKAfsW.exe
  2⤵
  PID:7620
- C:\Windows\System\SLtBmuj.exe
  C:\Windows\System\SLtBmuj.exe
  2⤵
  PID:7772
- C:\Windows\System\smbeAul.exe
  C:\Windows\System\smbeAul.exe
  2⤵
  PID:2300
- C:\Windows\System\hueZuWi.exe
  C:\Windows\System\hueZuWi.exe
  2⤵
  PID:7660
- C:\Windows\System\iwYhTEo.exe
  C:\Windows\System\iwYhTEo.exe
  2⤵
  PID:7708
- C:\Windows\System\kdcoLWp.exe
  C:\Windows\System\kdcoLWp.exe
  2⤵
  PID:7964
- C:\Windows\System\mwUWuIE.exe
  C:\Windows\System\mwUWuIE.exe
  2⤵
  PID:7828
- C:\Windows\System\vQiuaRz.exe
  C:\Windows\System\vQiuaRz.exe
  2⤵
  PID:688
- C:\Windows\System\fsrbaKh.exe
  C:\Windows\System\fsrbaKh.exe
  2⤵
  PID:7940
- C:\Windows\System\AUoKSkk.exe
  C:\Windows\System\AUoKSkk.exe
  2⤵
  PID:8016
- C:\Windows\System\FtdFpiw.exe
  C:\Windows\System\FtdFpiw.exe
  2⤵
  PID:8168
- C:\Windows\System\NObyumU.exe
  C:\Windows\System\NObyumU.exe
  2⤵
  PID:8164
- C:\Windows\System\kkauxpa.exe
  C:\Windows\System\kkauxpa.exe
  2⤵
  PID:7560
- C:\Windows\System\FYWFwFP.exe
  C:\Windows\System\FYWFwFP.exe
  2⤵
  PID:1624
- C:\Windows\System\zqIeflM.exe
  C:\Windows\System\zqIeflM.exe
  2⤵
  PID:7184
- C:\Windows\System\KYjLSqz.exe
  C:\Windows\System\KYjLSqz.exe
  2⤵
  PID:7096
- C:\Windows\System\digjryD.exe
  C:\Windows\System\digjryD.exe
  2⤵
  PID:8076
- C:\Windows\System\PlzVQns.exe
  C:\Windows\System\PlzVQns.exe
  2⤵
  PID:7416
- C:\Windows\System\sACuxAa.exe
  C:\Windows\System\sACuxAa.exe
  2⤵
  PID:7812
- C:\Windows\System\DDUmoPc.exe
  C:\Windows\System\DDUmoPc.exe
  2⤵
  PID:2252
- C:\Windows\System\fdQsnTr.exe
  C:\Windows\System\fdQsnTr.exe
  2⤵
  PID:7784
- C:\Windows\System\qtgEJXW.exe
  C:\Windows\System\qtgEJXW.exe
  2⤵
  PID:7540
- C:\Windows\System\wEZTIde.exe
  C:\Windows\System\wEZTIde.exe
  2⤵
  PID:7928
- C:\Windows\System\zCpLaQH.exe
  C:\Windows\System\zCpLaQH.exe
  2⤵
  PID:1900
- C:\Windows\System\vKYJAvY.exe
  C:\Windows\System\vKYJAvY.exe
  2⤵
  PID:8012
- C:\Windows\System\AYrdkfS.exe
  C:\Windows\System\AYrdkfS.exe
  2⤵
  PID:7904
- C:\Windows\System\RedlItT.exe
  C:\Windows\System\RedlItT.exe
  2⤵
  PID:8020
- C:\Windows\System\kwoLiQO.exe
  C:\Windows\System\kwoLiQO.exe
  2⤵
  PID:7692
- C:\Windows\System\EApLdDQ.exe
  C:\Windows\System\EApLdDQ.exe
  2⤵
  PID:7380
- C:\Windows\System\BcJZRCi.exe
  C:\Windows\System\BcJZRCi.exe
  2⤵
  PID:7316
- C:\Windows\System\HaiMJVf.exe
  C:\Windows\System\HaiMJVf.exe
  2⤵
  PID:2924
- C:\Windows\System\KILcdPx.exe
  C:\Windows\System\KILcdPx.exe
  2⤵
  PID:7848
- C:\Windows\System\OWYzKhS.exe
  C:\Windows\System\OWYzKhS.exe
  2⤵
  PID:8216
- C:\Windows\System\cRLvbBR.exe
  C:\Windows\System\cRLvbBR.exe
  2⤵
  PID:8236
- C:\Windows\System\qgKHrQk.exe
  C:\Windows\System\qgKHrQk.exe
  2⤵
  PID:8280
- C:\Windows\System\LOLqesc.exe
  C:\Windows\System\LOLqesc.exe
  2⤵
  PID:8304
- C:\Windows\System\ornxuxT.exe
  C:\Windows\System\ornxuxT.exe
  2⤵
  PID:8320
- C:\Windows\System\UbojFcI.exe
  C:\Windows\System\UbojFcI.exe
  2⤵
  PID:8368
- C:\Windows\System\rcxBcrV.exe
  C:\Windows\System\rcxBcrV.exe
  2⤵
  PID:8424
- C:\Windows\System\HmwzOUc.exe
  C:\Windows\System\HmwzOUc.exe
  2⤵
  PID:8448
- C:\Windows\System\lSERrGR.exe
  C:\Windows\System\lSERrGR.exe
  2⤵
  PID:8464
- C:\Windows\System\pisOIzj.exe
  C:\Windows\System\pisOIzj.exe
  2⤵
  PID:8480
- C:\Windows\System\ItcQcVF.exe
  C:\Windows\System\ItcQcVF.exe
  2⤵
  PID:8500
- C:\Windows\System\jkQoCgU.exe
  C:\Windows\System\jkQoCgU.exe
  2⤵
  PID:8516
- C:\Windows\System\vWSntlx.exe
  C:\Windows\System\vWSntlx.exe
  2⤵
  PID:8532
- C:\Windows\System\WQfLdSA.exe
  C:\Windows\System\WQfLdSA.exe
  2⤵
  PID:8548
- C:\Windows\System\GVXQyDL.exe
  C:\Windows\System\GVXQyDL.exe
  2⤵
  PID:8564
- C:\Windows\System\HIEZWZj.exe
  C:\Windows\System\HIEZWZj.exe
  2⤵
  PID:8580
- C:\Windows\System\DlSWKov.exe
  C:\Windows\System\DlSWKov.exe
  2⤵
  PID:8596
- C:\Windows\System\MewWpWk.exe
  C:\Windows\System\MewWpWk.exe
  2⤵
  PID:8612
- C:\Windows\System\prulLbd.exe
  C:\Windows\System\prulLbd.exe
  2⤵
  PID:8628
- C:\Windows\System\tJXemik.exe
  C:\Windows\System\tJXemik.exe
  2⤵
  PID:8644
- C:\Windows\System\RGXSnbV.exe
  C:\Windows\System\RGXSnbV.exe
  2⤵
  PID:8660
- C:\Windows\System\NPZrMhx.exe
  C:\Windows\System\NPZrMhx.exe
  2⤵
  PID:8676
- C:\Windows\System\wIuOvVK.exe
  C:\Windows\System\wIuOvVK.exe
  2⤵
  PID:8692
- C:\Windows\System\LsRFcQV.exe
  C:\Windows\System\LsRFcQV.exe
  2⤵
  PID:8708
- C:\Windows\System\wJHBGvi.exe
  C:\Windows\System\wJHBGvi.exe
  2⤵
  PID:8724
- C:\Windows\System\BDzqPkg.exe
  C:\Windows\System\BDzqPkg.exe
  2⤵
  PID:8740
- C:\Windows\System\fjqlros.exe
  C:\Windows\System\fjqlros.exe
  2⤵
  PID:8756
- C:\Windows\System\BQKNLtr.exe
  C:\Windows\System\BQKNLtr.exe
  2⤵
  PID:8772
- C:\Windows\System\HxRPSvX.exe
  C:\Windows\System\HxRPSvX.exe
  2⤵
  PID:8788
- C:\Windows\System\YYNoRgN.exe
  C:\Windows\System\YYNoRgN.exe
  2⤵
  PID:8804
- C:\Windows\System\gycFAdD.exe
  C:\Windows\System\gycFAdD.exe
  2⤵
  PID:8820
- C:\Windows\System\ZFjqNKT.exe
  C:\Windows\System\ZFjqNKT.exe
  2⤵
  PID:8836
- C:\Windows\System\KhCMbpM.exe
  C:\Windows\System\KhCMbpM.exe
  2⤵
  PID:8852
- C:\Windows\System\hyEPpkE.exe
  C:\Windows\System\hyEPpkE.exe
  2⤵
  PID:8868
- C:\Windows\System\mCEehWj.exe
  C:\Windows\System\mCEehWj.exe
  2⤵
  PID:8884
- C:\Windows\System\InHLskB.exe
  C:\Windows\System\InHLskB.exe
  2⤵
  PID:8900
- C:\Windows\System\NmaQIUo.exe
  C:\Windows\System\NmaQIUo.exe
  2⤵
  PID:8916
- C:\Windows\System\aDvNhOo.exe
  C:\Windows\System\aDvNhOo.exe
  2⤵
  PID:8932
- C:\Windows\System\YZoJCIq.exe
  C:\Windows\System\YZoJCIq.exe
  2⤵
  PID:8948
- C:\Windows\System\TsINKQO.exe
  C:\Windows\System\TsINKQO.exe
  2⤵
  PID:8964
- C:\Windows\System\JhMmxSU.exe
  C:\Windows\System\JhMmxSU.exe
  2⤵
  PID:8980
- C:\Windows\System\urQBYmE.exe
  C:\Windows\System\urQBYmE.exe
  2⤵
  PID:8996
- C:\Windows\System\BOzColX.exe
  C:\Windows\System\BOzColX.exe
  2⤵
  PID:9012
- C:\Windows\System\CZnGWCY.exe
  C:\Windows\System\CZnGWCY.exe
  2⤵
  PID:9028
- C:\Windows\System\hSVKKci.exe
  C:\Windows\System\hSVKKci.exe
  2⤵
  PID:9044
- C:\Windows\System\MBrhEFD.exe
  C:\Windows\System\MBrhEFD.exe
  2⤵
  PID:9060
- C:\Windows\System\HHxmWIi.exe
  C:\Windows\System\HHxmWIi.exe
  2⤵
  PID:9076
- C:\Windows\System\YUKpZzd.exe
  C:\Windows\System\YUKpZzd.exe
  2⤵
  PID:9092
- C:\Windows\System\nIqvVnL.exe
  C:\Windows\System\nIqvVnL.exe
  2⤵
  PID:9108
- C:\Windows\System\jQOilCf.exe
  C:\Windows\System\jQOilCf.exe
  2⤵
  PID:9124
- C:\Windows\System\FUuhnZC.exe
  C:\Windows\System\FUuhnZC.exe
  2⤵
  PID:9140
- C:\Windows\System\cgnbOsD.exe
  C:\Windows\System\cgnbOsD.exe
  2⤵
  PID:9156
- C:\Windows\System\lmZlNel.exe
  C:\Windows\System\lmZlNel.exe
  2⤵
  PID:9172
- C:\Windows\System\MIPdFac.exe
  C:\Windows\System\MIPdFac.exe
  2⤵
  PID:9188
- C:\Windows\System\vEzbEnY.exe
  C:\Windows\System\vEzbEnY.exe
  2⤵
  PID:9204
- C:\Windows\System\GZkJMUR.exe
  C:\Windows\System\GZkJMUR.exe
  2⤵
  PID:7976
- C:\Windows\System\uuvaDfT.exe
  C:\Windows\System\uuvaDfT.exe
  2⤵
  PID:8080
- C:\Windows\System\MQgQaHr.exe
  C:\Windows\System\MQgQaHr.exe
  2⤵
  PID:7244
- C:\Windows\System\ZJTTeCN.exe
  C:\Windows\System\ZJTTeCN.exe
  2⤵
  PID:7888
- C:\Windows\System\dqkVSrp.exe
  C:\Windows\System\dqkVSrp.exe
  2⤵
  PID:7212
- C:\Windows\System\fPDEKpd.exe
  C:\Windows\System\fPDEKpd.exe
  2⤵
  PID:8252
- C:\Windows\System\lMuClRN.exe
  C:\Windows\System\lMuClRN.exe
  2⤵
  PID:8268
- C:\Windows\System\uOuKewr.exe
  C:\Windows\System\uOuKewr.exe
  2⤵
  PID:8228
- C:\Windows\System\rEZkNLJ.exe
  C:\Windows\System\rEZkNLJ.exe
  2⤵
  PID:8296
- C:\Windows\System\FWbgquZ.exe
  C:\Windows\System\FWbgquZ.exe
  2⤵
  PID:8316
- C:\Windows\System\aScRpjA.exe
  C:\Windows\System\aScRpjA.exe
  2⤵
  PID:8340
- C:\Windows\System\zvqEvoj.exe
  C:\Windows\System\zvqEvoj.exe
  2⤵
  PID:8356
- C:\Windows\System\rQaXugm.exe
  C:\Windows\System\rQaXugm.exe
  2⤵
  PID:8384
- C:\Windows\System\WNqWsGo.exe
  C:\Windows\System\WNqWsGo.exe
  2⤵
  PID:8408
- C:\Windows\System\euFzaeF.exe
  C:\Windows\System\euFzaeF.exe
  2⤵
  PID:8592
- C:\Windows\System\WroQXxm.exe
  C:\Windows\System\WroQXxm.exe
  2⤵
  PID:8860
- C:\Windows\System\NDtHVaX.exe
  C:\Windows\System\NDtHVaX.exe
  2⤵
  PID:8928
- C:\Windows\System\roTPEEL.exe
  C:\Windows\System\roTPEEL.exe
  2⤵
  PID:8988
- C:\Windows\System\AhczMKB.exe
  C:\Windows\System\AhczMKB.exe
  2⤵
  PID:9072
- C:\Windows\System\hABQuWr.exe
  C:\Windows\System\hABQuWr.exe
  2⤵
  PID:9168
- C:\Windows\System\TefGnQY.exe
  C:\Windows\System\TefGnQY.exe
  2⤵
  PID:7076
- C:\Windows\System\TBkTVft.exe
  C:\Windows\System\TBkTVft.exe
  2⤵
  PID:7760
- C:\Windows\System\tAjUKas.exe
  C:\Windows\System\tAjUKas.exe
  2⤵
  PID:6956
- C:\Windows\System\maIKzjS.exe
  C:\Windows\System\maIKzjS.exe
  2⤵
  PID:7376
- C:\Windows\System\thMJymC.exe
  C:\Windows\System\thMJymC.exe
  2⤵
  PID:8248
- C:\Windows\System\ZqkCPmX.exe
  C:\Windows\System\ZqkCPmX.exe
  2⤵
  PID:8264
- C:\Windows\System\urhfJga.exe
  C:\Windows\System\urhfJga.exe
  2⤵
  PID:8400
- C:\Windows\System\EeVyYZZ.exe
  C:\Windows\System\EeVyYZZ.exe
  2⤵
  PID:8336
- C:\Windows\System\HuDWZOm.exe
  C:\Windows\System\HuDWZOm.exe
  2⤵
  PID:8332
- C:\Windows\System\LnORfHJ.exe
  C:\Windows\System\LnORfHJ.exe
  2⤵
  PID:8460
- C:\Windows\System\bLKcetZ.exe
  C:\Windows\System\bLKcetZ.exe
  2⤵
  PID:8556
- C:\Windows\System\NVnyONw.exe
  C:\Windows\System\NVnyONw.exe
  2⤵
  PID:8652
- C:\Windows\System\BJPDtza.exe
  C:\Windows\System\BJPDtza.exe
  2⤵
  PID:8476
- C:\Windows\System\seLlrpH.exe
  C:\Windows\System\seLlrpH.exe
  2⤵
  PID:8672
- C:\Windows\System\JWssixS.exe
  C:\Windows\System\JWssixS.exe
  2⤵
  PID:8656
- C:\Windows\System\zCSbjuU.exe
  C:\Windows\System\zCSbjuU.exe
  2⤵
  PID:8688
- C:\Windows\System\OpyIXwP.exe
  C:\Windows\System\OpyIXwP.exe
  2⤵
  PID:8748
- C:\Windows\System\hitcWIj.exe
  C:\Windows\System\hitcWIj.exe
  2⤵
  PID:8732
- C:\Windows\System\HjCXlrt.exe
  C:\Windows\System\HjCXlrt.exe
  2⤵
  PID:8844
- C:\Windows\System\MGQWyUc.exe
  C:\Windows\System\MGQWyUc.exe
  2⤵
  PID:8908
- C:\Windows\System\WoBonGg.exe
  C:\Windows\System\WoBonGg.exe
  2⤵
  PID:8944
- C:\Windows\System\MMoCARH.exe
  C:\Windows\System\MMoCARH.exe
  2⤵
  PID:9008
- C:\Windows\System\NpgtGJf.exe
  C:\Windows\System\NpgtGJf.exe
  2⤵
  PID:8892
- C:\Windows\System\KjrQJiS.exe
  C:\Windows\System\KjrQJiS.exe
  2⤵
  PID:7672
- C:\Windows\System\FBMoZRc.exe
  C:\Windows\System\FBMoZRc.exe
  2⤵
  PID:8960
- C:\Windows\System\MbSHitT.exe
  C:\Windows\System\MbSHitT.exe
  2⤵
  PID:9212
- C:\Windows\System\mCywTCU.exe
  C:\Windows\System\mCywTCU.exe
  2⤵
  PID:9180
- C:\Windows\System\VqBcXlm.exe
  C:\Windows\System\VqBcXlm.exe
  2⤵
  PID:9068
- C:\Windows\System\nfIMkFz.exe
  C:\Windows\System\nfIMkFz.exe
  2⤵
  PID:7780
- C:\Windows\System\FPQjcaQ.exe
  C:\Windows\System\FPQjcaQ.exe
  2⤵
  PID:9164
- C:\Windows\System\liYdlbw.exe
  C:\Windows\System\liYdlbw.exe
  2⤵
  PID:8160
- C:\Windows\System\TWhKYnM.exe
  C:\Windows\System\TWhKYnM.exe
  2⤵
  PID:7764
- C:\Windows\System\GelErqx.exe
  C:\Windows\System\GelErqx.exe
  2⤵
  PID:8352
- C:\Windows\System\LTNilil.exe
  C:\Windows\System\LTNilil.exe
  2⤵
  PID:8364
- C:\Windows\System\lofbZpM.exe
  C:\Windows\System\lofbZpM.exe
  2⤵
  PID:8560
- C:\Windows\System\bfWTABT.exe
  C:\Windows\System\bfWTABT.exe
  2⤵
  PID:8604
- C:\Windows\System\edqUCNO.exe
  C:\Windows\System\edqUCNO.exe
  2⤵
  PID:8684
- C:\Windows\System\objBuwX.exe
  C:\Windows\System\objBuwX.exe
  2⤵
  PID:8880
- C:\Windows\System\CjugpDJ.exe
  C:\Windows\System\CjugpDJ.exe
  2⤵
  PID:8608
- C:\Windows\System\viYDkCS.exe
  C:\Windows\System\viYDkCS.exe
  2⤵
  PID:8800
- C:\Windows\System\POFjIGs.exe
  C:\Windows\System\POFjIGs.exe
  2⤵
  PID:8976
- C:\Windows\System\bSgeNHR.exe
  C:\Windows\System\bSgeNHR.exe
  2⤵
  PID:8956
- C:\Windows\System\vNlpCcS.exe
  C:\Windows\System\vNlpCcS.exe
  2⤵
  PID:9056
- C:\Windows\System\jmGUWeC.exe
  C:\Windows\System\jmGUWeC.exe
  2⤵
  PID:7924
- C:\Windows\System\usAQYBB.exe
  C:\Windows\System\usAQYBB.exe
  2⤵
  PID:8396
- C:\Windows\System\jMsSOPv.exe
  C:\Windows\System\jMsSOPv.exe
  2⤵
  PID:8412
- C:\Windows\System\XPfILFK.exe
  C:\Windows\System\XPfILFK.exe
  2⤵
  PID:8848
- C:\Windows\System\PaVMLWL.exe
  C:\Windows\System\PaVMLWL.exe
  2⤵
  PID:9136
- C:\Windows\System\ldHdqyK.exe
  C:\Windows\System\ldHdqyK.exe
  2⤵
  PID:8720
- C:\Windows\System\bOVdidN.exe
  C:\Windows\System\bOVdidN.exe
  2⤵
  PID:8924
- C:\Windows\System\HRHLNEC.exe
  C:\Windows\System\HRHLNEC.exe
  2⤵
  PID:8260
- C:\Windows\System\xBfNFMB.exe
  C:\Windows\System\xBfNFMB.exe
  2⤵
  PID:9196
- C:\Windows\System\sHABstI.exe
  C:\Windows\System\sHABstI.exe
  2⤵
  PID:8348
- C:\Windows\System\bEBsvic.exe
  C:\Windows\System\bEBsvic.exe
  2⤵
  PID:9220
- C:\Windows\System\IvnoQCL.exe
  C:\Windows\System\IvnoQCL.exe
  2⤵
  PID:9236
- C:\Windows\System\CzazfwG.exe
  C:\Windows\System\CzazfwG.exe
  2⤵
  PID:9252
- C:\Windows\System\qzAkiTI.exe
  C:\Windows\System\qzAkiTI.exe
  2⤵
  PID:9268
- C:\Windows\System\RSWDIkJ.exe
  C:\Windows\System\RSWDIkJ.exe
  2⤵
  PID:9284
- C:\Windows\System\nCFNmgg.exe
  C:\Windows\System\nCFNmgg.exe
  2⤵
  PID:9300
- C:\Windows\System\qSjgvta.exe
  C:\Windows\System\qSjgvta.exe
  2⤵
  PID:9316
- C:\Windows\System\SYLemuM.exe
  C:\Windows\System\SYLemuM.exe
  2⤵
  PID:9332
- C:\Windows\System\sbIjVdm.exe
  C:\Windows\System\sbIjVdm.exe
  2⤵
  PID:9348
- C:\Windows\System\CHpaFsa.exe
  C:\Windows\System\CHpaFsa.exe
  2⤵
  PID:9364
- C:\Windows\System\kQoUPuW.exe
  C:\Windows\System\kQoUPuW.exe
  2⤵
  PID:9380
- C:\Windows\System\KdhZYEu.exe
  C:\Windows\System\KdhZYEu.exe
  2⤵
  PID:9396
- C:\Windows\System\WcXQGIT.exe
  C:\Windows\System\WcXQGIT.exe
  2⤵
  PID:9412
- C:\Windows\System\hJrgnGC.exe
  C:\Windows\System\hJrgnGC.exe
  2⤵
  PID:9432
- C:\Windows\System\SrfRRhw.exe
  C:\Windows\System\SrfRRhw.exe
  2⤵
  PID:9448
- C:\Windows\System\fxUaRBl.exe
  C:\Windows\System\fxUaRBl.exe
  2⤵
  PID:9480
- C:\Windows\System\gcMapvc.exe
  C:\Windows\System\gcMapvc.exe
  2⤵
  PID:9500
- C:\Windows\System\cbclQrg.exe
  C:\Windows\System\cbclQrg.exe
  2⤵
  PID:9528
- C:\Windows\System\iTPhqVl.exe
  C:\Windows\System\iTPhqVl.exe
  2⤵
  PID:9544
- C:\Windows\System\LNjlBlt.exe
  C:\Windows\System\LNjlBlt.exe
  2⤵
  PID:9584
- C:\Windows\System\pbFMohH.exe
  C:\Windows\System\pbFMohH.exe
  2⤵
  PID:9608
- C:\Windows\System\bVZAclr.exe
  C:\Windows\System\bVZAclr.exe
  2⤵
  PID:9640
- C:\Windows\System\nigbLfl.exe
  C:\Windows\System\nigbLfl.exe
  2⤵
  PID:9656
- C:\Windows\System\zmhWVDS.exe
  C:\Windows\System\zmhWVDS.exe
  2⤵
  PID:9680
- C:\Windows\System\PpftsXe.exe
  C:\Windows\System\PpftsXe.exe
  2⤵
  PID:9700
- C:\Windows\System\IKXWYvT.exe
  C:\Windows\System\IKXWYvT.exe
  2⤵
  PID:9740
- C:\Windows\System\qgBTngR.exe
  C:\Windows\System\qgBTngR.exe
  2⤵
  PID:9756
- C:\Windows\System\oSpqPOQ.exe
  C:\Windows\System\oSpqPOQ.exe
  2⤵
  PID:9788
- C:\Windows\System\STTiALr.exe
  C:\Windows\System\STTiALr.exe
  2⤵
  PID:9804
- C:\Windows\System\EfKNpxq.exe
  C:\Windows\System\EfKNpxq.exe
  2⤵
  PID:9836
- C:\Windows\System\HBWrutN.exe
  C:\Windows\System\HBWrutN.exe
  2⤵
  PID:9952
- C:\Windows\System\XbNXfhJ.exe
  C:\Windows\System\XbNXfhJ.exe
  2⤵
  PID:9968
- C:\Windows\System\htqXcMU.exe
  C:\Windows\System\htqXcMU.exe
  2⤵
  PID:9988
- C:\Windows\System\FYlxFHd.exe
  C:\Windows\System\FYlxFHd.exe
  2⤵
  PID:10056
- C:\Windows\System\MeixqOy.exe
  C:\Windows\System\MeixqOy.exe
  2⤵
  PID:10080
- C:\Windows\System\tqcjLmC.exe
  C:\Windows\System\tqcjLmC.exe
  2⤵
  PID:10096
- C:\Windows\System\rovevMF.exe
  C:\Windows\System\rovevMF.exe
  2⤵
  PID:10112
- C:\Windows\System\THHihia.exe
  C:\Windows\System\THHihia.exe
  2⤵
  PID:10128
- C:\Windows\System\HOqQLHW.exe
  C:\Windows\System\HOqQLHW.exe
  2⤵
  PID:10144
- C:\Windows\System\rlslwoA.exe
  C:\Windows\System\rlslwoA.exe
  2⤵
  PID:10160
- C:\Windows\System\SfDzvpR.exe
  C:\Windows\System\SfDzvpR.exe
  2⤵
  PID:10176
- C:\Windows\System\ssCGsZT.exe
  C:\Windows\System\ssCGsZT.exe
  2⤵
  PID:10192
- C:\Windows\System\PGOdIBp.exe
  C:\Windows\System\PGOdIBp.exe
  2⤵
  PID:10220
- C:\Windows\System\bcfdQxE.exe
  C:\Windows\System\bcfdQxE.exe
  2⤵
  PID:10236
- C:\Windows\System\MzbTBNf.exe
  C:\Windows\System\MzbTBNf.exe
  2⤵
  PID:9260
- C:\Windows\System\AsOYuYD.exe
  C:\Windows\System\AsOYuYD.exe
  2⤵
  PID:8896
- C:\Windows\System\gIZgHov.exe
  C:\Windows\System\gIZgHov.exe
  2⤵
  PID:9280
- C:\Windows\System\cAPnKdD.exe
  C:\Windows\System\cAPnKdD.exe
  2⤵
  PID:9440
- C:\Windows\System\zEEpsZY.exe
  C:\Windows\System\zEEpsZY.exe
  2⤵
  PID:9444
- C:\Windows\System\CNXmqla.exe
  C:\Windows\System\CNXmqla.exe
  2⤵
  PID:9468
- C:\Windows\System\IlOISbj.exe
  C:\Windows\System\IlOISbj.exe
  2⤵
  PID:9496
- C:\Windows\System\giqtpHZ.exe
  C:\Windows\System\giqtpHZ.exe
  2⤵
  PID:9520
- C:\Windows\System\xWYAPOZ.exe
  C:\Windows\System\xWYAPOZ.exe
  2⤵
  PID:9556
- C:\Windows\System\IbyQexG.exe
  C:\Windows\System\IbyQexG.exe
  2⤵
  PID:9592
- C:\Windows\System\ixOJmjm.exe
  C:\Windows\System\ixOJmjm.exe
  2⤵
  PID:9616
- C:\Windows\System\uHtrrAl.exe
  C:\Windows\System\uHtrrAl.exe
  2⤵
  PID:9628
- C:\Windows\System\bQNNKyp.exe
  C:\Windows\System\bQNNKyp.exe
  2⤵
  PID:9672
- C:\Windows\System\rayddUM.exe
  C:\Windows\System\rayddUM.exe
  2⤵
  PID:9428
- C:\Windows\System\SISDxmH.exe
  C:\Windows\System\SISDxmH.exe
  2⤵
  PID:9724
- C:\Windows\System\XdyHWcY.exe
  C:\Windows\System\XdyHWcY.exe
  2⤵
  PID:9728
- C:\Windows\System\GZZrXaY.exe
  C:\Windows\System\GZZrXaY.exe
  2⤵
  PID:9772
- C:\Windows\System\XojZxuX.exe
  C:\Windows\System\XojZxuX.exe
  2⤵
  PID:9800
- C:\Windows\System\hRVgiez.exe
  C:\Windows\System\hRVgiez.exe
  2⤵
  PID:9816
- C:\Windows\System\datutwS.exe
  C:\Windows\System\datutwS.exe
  2⤵
  PID:9852
- C:\Windows\System\CLiyvVJ.exe
  C:\Windows\System\CLiyvVJ.exe
  2⤵
  PID:9868
- C:\Windows\System\enCLWLt.exe
  C:\Windows\System\enCLWLt.exe
  2⤵
  PID:9888
- C:\Windows\System\YZMOgcb.exe
  C:\Windows\System\YZMOgcb.exe
  2⤵
  PID:9904
- C:\Windows\System\WQSbuKE.exe
  C:\Windows\System\WQSbuKE.exe
  2⤵
  PID:9996
- C:\Windows\System\gLHNhcQ.exe
  C:\Windows\System\gLHNhcQ.exe
  2⤵
  PID:10024
- C:\Windows\System\WQgHKdU.exe
  C:\Windows\System\WQgHKdU.exe
  2⤵
  PID:10040
- C:\Windows\System\VEjkaPi.exe
  C:\Windows\System\VEjkaPi.exe
  2⤵
  PID:10064
- C:\Windows\System\RkPTRfY.exe
  C:\Windows\System\RkPTRfY.exe
  2⤵
  PID:10092
- C:\Windows\System\HExjDah.exe
  C:\Windows\System\HExjDah.exe
  2⤵
  PID:10184
- C:\Windows\System\VFUtViy.exe
  C:\Windows\System\VFUtViy.exe
  2⤵
  PID:9104
- C:\Windows\System\Btjqlae.exe
  C:\Windows\System\Btjqlae.exe
  2⤵
  PID:9356
- C:\Windows\System\OSfcxLp.exe
  C:\Windows\System\OSfcxLp.exe
  2⤵
  PID:9296
- C:\Windows\System\aaPBamZ.exe
  C:\Windows\System\aaPBamZ.exe
  2⤵
  PID:8540
- C:\Windows\System\zpduMBd.exe
  C:\Windows\System\zpduMBd.exe
  2⤵
  PID:9516
- C:\Windows\System\PbWxOAq.exe
  C:\Windows\System\PbWxOAq.exe
  2⤵
  PID:9572
- C:\Windows\System\RAuPlmT.exe
  C:\Windows\System\RAuPlmT.exe
  2⤵
  PID:9648
- C:\Windows\System\yockPXy.exe
  C:\Windows\System\yockPXy.exe
  2⤵
  PID:9712
- C:\Windows\System\SXoEMMV.exe
  C:\Windows\System\SXoEMMV.exe
  2⤵
  PID:9796
- C:\Windows\System\yxYPQaX.exe
  C:\Windows\System\yxYPQaX.exe
  2⤵
  PID:9880
- C:\Windows\System\dFufFYN.exe
  C:\Windows\System\dFufFYN.exe
  2⤵
  PID:9916
- C:\Windows\System\bqaUrUQ.exe
  C:\Windows\System\bqaUrUQ.exe
  2⤵
  PID:9932
- C:\Windows\System\aEEybIJ.exe
  C:\Windows\System\aEEybIJ.exe
  2⤵
  PID:9948
- C:\Windows\System\NazIvPl.exe
  C:\Windows\System\NazIvPl.exe
  2⤵
  PID:9748
- C:\Windows\System\xGRGutF.exe
  C:\Windows\System\xGRGutF.exe
  2⤵
  PID:9980
- C:\Windows\System\jlxTuoK.exe
  C:\Windows\System\jlxTuoK.exe
  2⤵
  PID:8752
- C:\Windows\System\UJHxXIr.exe
  C:\Windows\System\UJHxXIr.exe
  2⤵
  PID:10140
- C:\Windows\System\LLnJTqI.exe
  C:\Windows\System\LLnJTqI.exe
  2⤵
  PID:9768
- C:\Windows\System\RObibkG.exe
  C:\Windows\System\RObibkG.exe
  2⤵
  PID:8196
- C:\Windows\System\AvxYFXV.exe
  C:\Windows\System\AvxYFXV.exe
  2⤵
  PID:9456
- C:\Windows\System\DFiVxXt.exe
  C:\Windows\System\DFiVxXt.exe
  2⤵
  PID:9492
- C:\Windows\System\rMsJocA.exe
  C:\Windows\System\rMsJocA.exe
  2⤵
  PID:9764
- C:\Windows\System\VmGOVtV.exe
  C:\Windows\System\VmGOVtV.exe
  2⤵
  PID:9856
- C:\Windows\System\TbSTlch.exe
  C:\Windows\System\TbSTlch.exe
  2⤵
  PID:8572
- C:\Windows\System\FSbAyev.exe
  C:\Windows\System\FSbAyev.exe
  2⤵
  PID:10124
- C:\Windows\System\oKsVmqw.exe
  C:\Windows\System\oKsVmqw.exe
  2⤵
  PID:8432
- C:\Windows\System\WkmutjM.exe
  C:\Windows\System\WkmutjM.exe
  2⤵
  PID:9340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DyXnkzz.exe

Filesize
6.0MB

MD5
4a4503e5b433454e7c642aeebeb6ef4e

SHA1
e6f942e9098b755d5568fa55dbe8fb6dc9274905

SHA256
9aabb1b485b4838416f0ffb5689a3c08a9901d0e0e4549d23cbeec4a1089b89c

SHA512
c5a11f021bb5907dbf3cee7aa305217baa31b61b91b4812acb9051e67c80b75372f36f2b0b845e6813fced2391b1c28645204727ae6a1a47a4dbe7ad6b9d5d88

Download Submit
C:\Windows\system\EQIfIYg.exe

Filesize
6.0MB

MD5
784aa1074619f89d254dd16a6bc9dfac

SHA1
eee95c791cb230f2c02c96b57314488450e683da

SHA256
fc2c8d171b3ff7ae7ef1f7c0e7aaabd88be63afd69103406e0bf9b06a1c2c180

SHA512
5f9a0aefafcfb55c7742a73831aad9a98bed86c2f276ae6f38d7ac1768fb3d7a826f5c1811bc6c06deaaaa99088820be06639e96d67c17e5be2b4f8c624a9b72

Download Submit
C:\Windows\system\EjTcxgM.exe

Filesize
6.0MB

MD5
65f0bf0b217029e8e22081c1e88cbb4b

SHA1
c57a25217e562e0ad5319f7c58f479ea603fc343

SHA256
9b3a97bba23339bf7438a30fd237e0e0ca63c98a51e3bd1c5f4d3b7c1b61e832

SHA512
59b4b2adae7c88e55ce59a5e6c951b3479dbf9dac63664019dabad5507c8a6f47f4659122c2584854f9909c838d25dad22143ad7ad8e4b67eb361ae7429fbf73

Download Submit
C:\Windows\system\EoNXZxd.exe

Filesize
6.0MB

MD5
32e22ea9622a210b4660db90a507d97f

SHA1
dbd6ffef89b1c682b92eed0006810d584a689f2c

SHA256
9a331f680205ffc55664f184cf5631f8c75fdc43270939c34711878ead4b50fd

SHA512
e5ef2e3ba8ac77d68c63fa50ad76ae2cacbed0550fec62ecdb4dbc293f01c1b57a377d00a2ed0a3049b5e4006a458e024325c4a643742d4b3710d93839db5561

Download Submit
C:\Windows\system\EtmSjzS.exe

Filesize
6.0MB

MD5
74668e6a6c7292014d2df5fb5c93c173

SHA1
9ae5c7387ee1d7e47766d7688baff6f35498a839

SHA256
92bbb1dff898aa8248a8818290495b4741a081d09ac06b49c89413760f31cf55

SHA512
c3a772a294a893d5e6184109e42971e956234b117d1f666fa933b6d673fd3abdcca8c50abf560e57cf49ef8e741ff5b564da7b1155cd04f6a76fe320bb48b36b

Download Submit
C:\Windows\system\FLmCiqI.exe

Filesize
6.0MB

MD5
5c15f2a7767959351d87b3360c42394c

SHA1
ac99531d2a6900083aa34a6bd4b1f0302554a5e4

SHA256
2f150a6fc55f0e6547554e46c7c5ab737c61574fad451306957cb398a7bebc5f

SHA512
a22502c411d7bbcebd54d65c649c8826f605f22bb16e7a8b7a0d76a1d39f643bd70bf0bed33529addf9cece235b0eb6d40fbb9ad2291aa199639c82d5c5f9d46

Download Submit
C:\Windows\system\IWZCbFg.exe

Filesize
6.0MB

MD5
cbb8abbda6eef4bd966d510f0174c234

SHA1
685d91a31ff87ee5b60ef3bae8a0f7aed0ca5071

SHA256
4dd7c585b4838099d30ba978b2d843724ea226b90880720c772c35c2bb1983db

SHA512
d06919e5e4f7cca4f330c72fd3154990727a3098e6332e34807417708e2b0e0afd848bca02287c62c238c3b427ab3f678e3ef1c3465187222b5c38def438bc96

Download Submit
C:\Windows\system\JNKGKUE.exe

Filesize
6.0MB

MD5
4c6ed91fab3f5c8cf91a124d049fd060

SHA1
d5d0b73308d5571d843b62a27430f8de5dd8e7a4

SHA256
239f09b5b6bcfe9ab7f5e5ed6ba5d42d46aced2f2fc1a31d68064e57d51c052f

SHA512
575fbaeba1a3e76d8ef4e5389eacbbcdeb3517d7c2dfb416d56577b3f7866e77e3e881d196a413fd2c566e737c4b339a7cc96e042b9cf6e042b06399b321fdf6

Download Submit
C:\Windows\system\JgXbYSt.exe

Filesize
6.0MB

MD5
aff87d45a4212a8e938d5713ec06fde0

SHA1
06106d6587541e02c659133bdc93abcc7478925d

SHA256
6f211856a89c40d77807e2115cedf41572dfa2c877ef6216ae10bca228008f15

SHA512
4e320b09dcb6d15b433dfc70b811d13035269a9ae7f55aa5292dc483ecbdccc965ae629dccee751f716c5da963f5feeab9b02ddc8c78bc4c36913c2222b2ffa2

Download Submit
C:\Windows\system\LszCHkk.exe

Filesize
6.0MB

MD5
4bfd1022b63abf1537299ae4b0852be1

SHA1
d5b8876a91fcf51099bb30113fa4446afa6d9ae9

SHA256
8a0c2249135d787a42f52e532a9fa6c94c4826f8b5eddd83ac26bd38e871b72e

SHA512
7825da14a1dcd76f96ebc15b8b3dc5394b085c507babc8887e13adb859e6c206b31e647803d992681164bccfc190702f23439e0ed83a941be46dd618aad40300

Download Submit
C:\Windows\system\PWFvckx.exe

Filesize
6.0MB

MD5
2165dce4bbfbabbf6b3a686f5e36cbc0

SHA1
3b95e137944c68a17799e2c5d8058aca0f2705c9

SHA256
c11f9d475dbb09162f74428ff2134d6de15ea7cf728b7b6bb3514cb51713fd20

SHA512
c7ca5248ca03b1362da852518d1fe4e9ecadf33c04b3e37dcc3a0807b75cbd1d8c2543bff58322453e1a899a3616d87dc3d48753f26df109431922e6fb4b2be3

Download Submit
C:\Windows\system\PpXMFIE.exe

Filesize
6.0MB

MD5
816708fd2ce2556296ee38f53e4a1ac5

SHA1
6a581717076e0a850997d6d06ac4f7446f116615

SHA256
91c96aa483a57383b6923a500bb37585da7c5e94dfef3ec8e7968d4fceaa1533

SHA512
126839a11f274b3a5f31bf8b32a05fe6afa33077fb11f6d2a88733d92cdae321e120137741ddaeeb61afdcd51f4e3b025da8d00a805e8df6c00a2b1544a0ab6e

Download Submit
C:\Windows\system\QfvUzgo.exe

Filesize
6.0MB

MD5
6f0644983cf9b6e7e9be00157acc712d

SHA1
eca3b9e86eaa81f1224f3f3f3a4360ee930b5068

SHA256
398a637b3d5abd50fc29a228966ae53a0592a60b5b0721a06159c98e64ed52eb

SHA512
10eafa5a09574fb0e49a836ec379bf4b6e3da61e13a8741d0fa9def0140bf7c2bb706f1646cc8061b4299dc7c6abe1c99c3631740077d14b3e4741c2c38ede06

Download Submit
C:\Windows\system\UYKYNRz.exe

Filesize
6.0MB

MD5
c6767bcb52990a3923e5340c6059ec69

SHA1
17caccde276cbf28d1b5706366f812992bac6e62

SHA256
7cffe19eb9abf902ff8c294dcdc777b734188b95cec0e08d6366067f42cec675

SHA512
ac9703de3fcaae08b385006e6287cbda52ee849ed4616b0e2964cac34d8053166afb28820e47650dce98ccdbbc35836efe8f50b87e9a56b28c4c0138a55d7cb5

Download Submit
C:\Windows\system\XyUaSmM.exe

Filesize
6.0MB

MD5
5307c0c546091c24a68e523dad9f711f

SHA1
5967436c6a9eea3b8d7666ef755ddd7d45fa2e03

SHA256
39b9962c2e49872a2faad9298d4f4e6299dc01da87c3f5e9be19efa26f6d9b31

SHA512
578774fb0663753dbea0ac72ffee583b0eddeac8bab2a4829a0041af21337c33f79ce50fb11369526e16eaa5615de10debd096420fe1eb733b335729998d8b14

Download Submit
C:\Windows\system\YuYXIDu.exe

Filesize
6.0MB

MD5
4d1045b1237ac252e41a8726fe08d20d

SHA1
c043ff389588120a15e6089ac2b4af12a95c01c2

SHA256
dfac527b9a96fb91168298bf8da0d2cd0d2599604f9b0211953748ef17788921

SHA512
75650802760a0eb93adab4ad74326ce9b64c2b566950eac8ab8535862b1da9bb9474dcc1c963718c9af98d03971690fd697365c9f7fe3b6a9e764fa34b4a9e56

Download Submit
C:\Windows\system\dCftGDs.exe

Filesize
6.0MB

MD5
1de0271095bfba6f6467f2a7b84832f2

SHA1
9ac7cda7f74998a6949a08912771998ecedc460d

SHA256
5eda418585d844c78be5a49ce8174fa2abe2efd00b616fdbb6b168674ab638e4

SHA512
69d04c7a1bc336a39c7918678e18287e12740b6ddb6b1ea280bcf80b4e0d084b228b5453cce4f324ec8b387d3bcab40fd2d8447e0a97ea16657d4d5cb8876c70

Download Submit
C:\Windows\system\dNZjTQS.exe

Filesize
6.0MB

MD5
2a0602f766f4c88cc26e225e8c81b364

SHA1
7f8a6871b1e58ec30f36cae6ae8de4b255c7a8b7

SHA256
1a0b11c4dd0c94fd613afc8b2423b5cd6530812694e12a5837c8d97e4cf228c6

SHA512
70eaf8078d4de6601e29057d8384f88f4967a034f3ce1bc385c6cc3e9658afa786ab808eae49e8611dbc06e21fe3a8d14174a6901f6741d7e81d561616485ea3

Download Submit
C:\Windows\system\fQSHcsc.exe

Filesize
6.0MB

MD5
cd5e5ce1a908d35802ae2c4765236114

SHA1
9b65a40dd758963d11798ac77e159da62dbb6ea8

SHA256
7340fdd2b8187f53da20acd2905386e460536cd5781707968007b9b82ea714c2

SHA512
5d84af192b9693bb61a337a4df18efa477e1d8b8c7e543bfc977c4fa77ed2b695ac5f449207894b23b032751e475d3cf7041800e36d7e9e0161c874b2a76dd05

Download Submit
C:\Windows\system\isHjQGo.exe

Filesize
6.0MB

MD5
45945b224caddeb4f5e7686f4e31539b

SHA1
f6003c1ea7b413be02434c67d16527236dede9ee

SHA256
ec40ac6ae27c17875810b3fc1a39e5c8ad5270eecaf9a90a5b98b768656be30c

SHA512
cb6345190e96edc336e6dffb67fa8d153d7305ab8840c25165d11656e0054433495ebb27d00cca2ed860db0675c0e62ca42b549990f5fcc349052a329d12f471

Download Submit
C:\Windows\system\kuAgAMZ.exe

Filesize
6.0MB

MD5
bb10329824bd14963a125d92290b2130

SHA1
a3bf117c1f2a70d06fbd252fc01fd306c23885a9

SHA256
331ff5c6b13e7efc861b6c31096ee95e47dbefdaa345003ee97fee7169d3a3a4

SHA512
6a796896ea7809ebe9c1b961f5a2a4e2a59c37bbfa4b04f8e24a4194ffe9f87462c3290a72d8c86a5a513e80f74301aca7b8833f79ae56992648e37fd951797e

Download Submit
C:\Windows\system\mfcPBzT.exe

Filesize
6.0MB

MD5
9ad945718e0901d69f8bbbde45480cb5

SHA1
5caf6ec8dd8516df827689506d6c21511ede8a5b

SHA256
c5cfea5adfd64404568047afd1306e6d8bef1252e15e73f267f8225d7a00a9de

SHA512
197031da8a1b5a7b446498df04650ae67a6d9831b5b1cd46436cedcbebca37eb99ab1ecfea58ce655e83bcb7eb8924f1213f7e5449d3998ee48b869541207f7a

Download Submit
C:\Windows\system\nSsipXJ.exe

Filesize
6.0MB

MD5
c51ff65109b8d01665659411a4e1414c

SHA1
971b72dc4e765e20b2c8c39495ffe71cb94bab15

SHA256
1341ca9a4809cde1ab0434298c8000003ce50a7d42e6f7336bd2e1b93fb7ee22

SHA512
fb4a708f79e10e6c48afc9b0ab799c7d0ac078da024f96f8790bc1a0a0e375c7f644b5859d6d0136dec9cb38db1dfbaee97a53e6c0a40906ff21ed7e1e71328a

Download Submit
C:\Windows\system\neZAdog.exe

Filesize
6.0MB

MD5
a68c7bb2fae07fd7bc3d9de98afa541e

SHA1
46bc7b506420815a55ab55b7e5d8cf9ed2eee538

SHA256
26dbb95ce66e8d1c2cc5ce24a37cf3d044b0ebdfed9dfeb0141ff34501096536

SHA512
3c497f7090ded958fc46f3750f14b91acb273409891ed0f960ac73aae7bbd91b03a9aeef1925b7ab241d8bb8194e9f35f11cb5d9d66f39a1fb1bd204e956019d

Download Submit
C:\Windows\system\yaJGngh.exe

Filesize
6.0MB

MD5
cf1cf5ff4b28d6ab49c4dec619cf42d6

SHA1
07e5af8d875c5d77d25246a58aa3e12407d2c237

SHA256
f4c93d36dc010d1b7e41b49bf7601001d5e0e5d20079bfa8ab4a03019d4cc16c

SHA512
a8eac8630f10ff87fa9c75b52a0d52e5077f1bcd90fa986cc1f2f3fe9a3bd891d0c900709b65ee4178f6c04326849557a78febfd1507d6fb6522cdf396002216

Download Submit
C:\Windows\system\zayMjcn.exe

Filesize
6.0MB

MD5
a10b9f217d7c23aca65b138f3e6fa367

SHA1
95162dbac526e4bb3b089fcb491940ef999e5c15

SHA256
0d1889ab02e1c76a53ac8975ec65e039834014423355259d6be23d67f9c72216

SHA512
3620a8afb595b19549cd3f1b58c8948629bdb47c656d32b196cee5c083b953464729167eec89097b9f3c8cf802ec59930e72aa8bab9a038c7aa6b2096befbc8d

Download Submit
\Windows\system\NiOnRdf.exe

Filesize
6.0MB

MD5
2343efaf9ade8799e6ff44e3e27829e5

SHA1
ab9e36314c445d5ac5d88d904dd152ab61dde96f

SHA256
580b985ed02bc33434cc5a0215f4251ea38a3dd6047eafe7d09cc91c0dd4ca19

SHA512
8da9598bdbb980d719061b07e4c752b39df6f5e38b5e0fbc55bdfbea36a21a814f8b95628fdced373f59f3131ce4681c09f1e2434ef39ff1f44b67a2bcdb3e5e

Download Submit
\Windows\system\bMEGSGC.exe

Filesize
6.0MB

MD5
6c5ad17bdb82740d5abde246b732387e

SHA1
58e640485e5f3c771abfe7dde2361c1663ce4f24

SHA256
d6c84ad691ac28a093ce2325f4de8615ed835f64b3fa98b4e44bbc6abd13fb62

SHA512
ad20a788d14f7bacfc3081ce96c5b266303b23f472c4818442919f31cff2ebb86dd1c660ff8a713706ca08a6f25cb7d8269ffb785fa9d26ca2875b2e037073ca

Download Submit
\Windows\system\bofbkaX.exe

Filesize
6.0MB

MD5
2925a3df3149bfc8b653742888cc5b37

SHA1
92589e8cc03ee88cc5a0a2a9d0848d3c7da5965a

SHA256
858e7417a212462e38cbe132f317041ada17764ce5d2c008f9493f3d701edafd

SHA512
1e3fdfc86a24b830671b84f10dfa2ea58c229f55f1369a4ee693b322c0bd546fd1793daa4a05d1f3690d9feb5a11c7f866b326a4664c132d478e0ba642ce6476

Download Submit
\Windows\system\dBcMCcV.exe

Filesize
6.0MB

MD5
d762313f616ad50297e2c12243771489

SHA1
ed1610d958ec8d3db6b999c6f6a6f3061446dda1

SHA256
80efdc8fe15118fab30add7960256d2b58ea99fd03584e8553d8fa8add2a6b7f

SHA512
03cb0771b15f628bb7b386c3bc4f84c0433b6649206ea2e7f940df5f66a8227c54f9c3d0aafd2c96bb5a10cc723e082c923da496ea67d5b8e32a25efaf5bd053

Download Submit
\Windows\system\eDfeSsy.exe

Filesize
6.0MB

MD5
535d04ead94840f836ee7a31d69af9e0

SHA1
7abdcaf6a7b8630f4992f7a0b53f9c18bede2d86

SHA256
1fe0de51ad5af2cc127432dddc67186d1a590cc6ca8f226583c4a8ce66a081af

SHA512
35171c133a5d41170c636b8fce5b8d34353d4f541dc8e9fc6b230e595f9cd31fe63cf998c08eacd1e800ee6666706187cd488543a7f6edaa050dfdfe436a8f48

Download Submit
\Windows\system\icDOFDn.exe

Filesize
6.0MB

MD5
fdf79c975daf4e89cbbc67f34059a654

SHA1
56d01e29e1b5a641e924afb5f3c4bced59154a77

SHA256
39cd18f9949313ab01de7d8dfd7acf485fe34f35c6472e29277fa4f0e8f3669e

SHA512
a0d54c126183b5bcf3c2d4221a7d96a48ebd263a9b823a00099acec8e43431b3096268c2faaa7dc062e101fbd7771bdd123192389dce7ccf3b14702dff392d55

Download Submit
\Windows\system\rLVObfm.exe

Filesize
6.0MB

MD5
9ff01cebb116574361171fa1c55734ea

SHA1
6f07b278119d86eba55fefe9f2ddec4f0974e030

SHA256
e3a827bcd8fba7deda3968383abc2ca15e6479110c23bc301653f41e3de24c96

SHA512
aadd1e6caef1ecb0f34fc0309ac294f54c088870b064f0e8f4f25ebe070c1cdbc1e49eb84183bb1d60a37cd4006e8e12e0726ee536e50984f33359d8283d369c

Download Submit
memory/268-4007-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/268-38-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1988-2065-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/1988-4020-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/1988-509-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2140-50-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2140-4011-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-576-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2232-4013-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2368-4009-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-20-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-54-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-4012-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-573-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2628-4019-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2648-4015-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2648-524-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2692-575-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2692-4014-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2760-4017-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2760-569-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2780-4010-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-49-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-571-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2796-4018-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2828-2278-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-44-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-2240-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-517-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-2296-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2828-2257-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-2272-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2828-2245-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-2036-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-2041-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2828-1429-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-1427-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-570-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2828-1581-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-1428-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2828-46-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-572-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2828-574-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2828-0-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2828-55-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-529-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-58-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2828-35-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-42-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-1601-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-1473-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-17-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-19-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2828-24-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2828-1426-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2828-568-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2832-4016-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2832-534-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2884-4008-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2884-30-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download