cobaltstrike | 912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-12-2024 21:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
Size

6.0MB
MD5

fab69f79de9b57d26325f2081fc985f0
SHA1

dd272de2d1cfb581e566bdaeef848219b5594f0a
SHA256

912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e
SHA512

7593760d382e1a8d71c8c8bc3deb037bd61be1c23587e3611df49d2e3008dcda59e2a48389bd5e887c7fff0d20cf3be3404e68681bc38861a57e823e6311990c
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUs:eOl56utgpPF8u/7s

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d00000001227f-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c4a-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c9d-16.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cc8-18.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cec-26.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d06-30.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d0e-35.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017079-40.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173a7-50.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017492-65.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ee-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018784-115.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019023-130.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b4-157.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c2-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019334-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019350-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019282-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925e-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878f-121.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a5-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001873d-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018728-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186fd-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ea-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e4-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018683-80.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018676-75.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174cc-70.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017488-60.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173a9-55.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000171a8-45.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 59 IoCs

miner

resource	yara_rule
behavioral1/memory/2404-0-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/files/0x000d00000001227f-6.dat	xmrig
behavioral1/files/0x0008000000016c4a-8.dat	xmrig
behavioral1/files/0x0007000000016c9d-16.dat	xmrig
behavioral1/files/0x0007000000016cc8-18.dat	xmrig
behavioral1/files/0x0007000000016cec-26.dat	xmrig
behavioral1/files/0x0009000000016d06-30.dat	xmrig
behavioral1/files/0x0008000000016d0e-35.dat	xmrig
behavioral1/files/0x0006000000017079-40.dat	xmrig
behavioral1/files/0x00060000000173a7-50.dat	xmrig
behavioral1/files/0x0006000000017492-65.dat	xmrig
behavioral1/files/0x00050000000186ee-95.dat	xmrig
behavioral1/files/0x0005000000018784-115.dat	xmrig
behavioral1/files/0x0006000000019023-130.dat	xmrig
behavioral1/files/0x00050000000193b4-157.dat	xmrig
behavioral1/files/0x00050000000193c2-161.dat	xmrig
behavioral1/files/0x0005000000019334-151.dat	xmrig
behavioral1/files/0x0005000000019350-155.dat	xmrig
behavioral1/files/0x0005000000019282-145.dat	xmrig
behavioral1/files/0x0005000000019261-140.dat	xmrig
behavioral1/files/0x000500000001925e-135.dat	xmrig
behavioral1/files/0x000500000001878f-121.dat	xmrig
behavioral1/files/0x00050000000187a5-124.dat	xmrig
behavioral1/files/0x000500000001873d-110.dat	xmrig
behavioral1/files/0x0005000000018728-105.dat	xmrig
behavioral1/files/0x00050000000186fd-100.dat	xmrig
behavioral1/files/0x00050000000186ea-90.dat	xmrig
behavioral1/files/0x00050000000186e4-85.dat	xmrig
behavioral1/files/0x0005000000018683-80.dat	xmrig
behavioral1/files/0x000d000000018676-75.dat	xmrig
behavioral1/files/0x00060000000174cc-70.dat	xmrig
behavioral1/files/0x0006000000017488-60.dat	xmrig
behavioral1/files/0x00060000000173a9-55.dat	xmrig
behavioral1/files/0x00060000000171a8-45.dat	xmrig
behavioral1/memory/2712-1857-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2404-1864-0x00000000022B0000-0x0000000002604000-memory.dmp	xmrig
behavioral1/memory/2976-2078-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2592-2295-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2780-2419-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2600-2449-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2556-2452-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2604-2455-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/1080-2457-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2220-2463-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/1620-2465-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2404-2474-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2776-2472-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2556-3892-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2780-3894-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2776-3897-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2220-3910-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2604-3902-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2976-3896-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/1620-3895-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2600-3914-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2712-3919-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2404-3918-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2592-3915-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/1080-3893-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2776	nGkyWHK.exe
2712	UeUogBi.exe
2976	yBtPbYd.exe
2592	FZlzFkL.exe
2780	WFoTrrc.exe
2600	XKANnQb.exe
2556	HHRwNkv.exe
2604	MmGxPFg.exe
1080	gLciKVW.exe
2220	vYYHamY.exe
1620	iQiGMYg.exe
1468	XTyJFJz.exe
2896	uTZDDXk.exe
2924	UZVIcgU.exe
3052	pDWAMYt.exe
2236	XursDIz.exe
2616	bGvqGqB.exe
1508	rJFoyto.exe
1104	tBSimhN.exe
2804	UVDBQXP.exe
2016	nvhczyn.exe
1100	LzEgKBj.exe
2872	dmRIOdY.exe
1296	loBtVCf.exe
772	eXabkIV.exe
1780	OHCnMEM.exe
1792	vSXphLV.exe
1836	lKJdjjj.exe
2140	gPUkDFN.exe
1160	AfsvlPx.exe
700	kVqEHGs.exe
2520	EcpUCnR.exe
1316	qjujTab.exe
1820	QNIGuHu.exe
2808	JpzmoTs.exe
940	msVkIXz.exe
568	qqwRGVa.exe
1372	HFvruur.exe
2024	aphEHDi.exe
1744	zVorPKa.exe
2156	VvpagYW.exe
916	lPXyebf.exe
2380	CfoNenZ.exe
1816	McLHqoT.exe
2300	MSlnInU.exe
1756	EORkSNQ.exe
3016	NwbsGoE.exe
2456	xHSalVP.exe
1364	ALejyNU.exe
1204	BTuuNlu.exe
3032	tZpyJLY.exe
2640	uoSOMSo.exe
2132	daGplVs.exe
1888	valNxyz.exe
3020	urZYkQN.exe
1596	Bujryxo.exe
2752	TgVkXBS.exe
2824	RvdEyda.exe
2848	MHSaFPp.exe
2724	GZINEwP.exe
2568	WeFcJWU.exe
2620	JOFPKpf.exe
2728	aYYJtvz.exe
2916	eVvMYyY.exe

Loads dropped DLL 64 IoCs

pid	Process
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe

UPX packed file 57 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2404-0-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/files/0x000d00000001227f-6.dat	upx
behavioral1/files/0x0008000000016c4a-8.dat	upx
behavioral1/files/0x0007000000016c9d-16.dat	upx
behavioral1/files/0x0007000000016cc8-18.dat	upx
behavioral1/files/0x0007000000016cec-26.dat	upx
behavioral1/files/0x0009000000016d06-30.dat	upx
behavioral1/files/0x0008000000016d0e-35.dat	upx
behavioral1/files/0x0006000000017079-40.dat	upx
behavioral1/files/0x00060000000173a7-50.dat	upx
behavioral1/files/0x0006000000017492-65.dat	upx
behavioral1/files/0x00050000000186ee-95.dat	upx
behavioral1/files/0x0005000000018784-115.dat	upx
behavioral1/files/0x0006000000019023-130.dat	upx
behavioral1/files/0x00050000000193b4-157.dat	upx
behavioral1/files/0x00050000000193c2-161.dat	upx
behavioral1/files/0x0005000000019334-151.dat	upx
behavioral1/files/0x0005000000019350-155.dat	upx
behavioral1/files/0x0005000000019282-145.dat	upx
behavioral1/files/0x0005000000019261-140.dat	upx
behavioral1/files/0x000500000001925e-135.dat	upx
behavioral1/files/0x000500000001878f-121.dat	upx
behavioral1/files/0x00050000000187a5-124.dat	upx
behavioral1/files/0x000500000001873d-110.dat	upx
behavioral1/files/0x0005000000018728-105.dat	upx
behavioral1/files/0x00050000000186fd-100.dat	upx
behavioral1/files/0x00050000000186ea-90.dat	upx
behavioral1/files/0x00050000000186e4-85.dat	upx
behavioral1/files/0x0005000000018683-80.dat	upx
behavioral1/files/0x000d000000018676-75.dat	upx
behavioral1/files/0x00060000000174cc-70.dat	upx
behavioral1/files/0x0006000000017488-60.dat	upx
behavioral1/files/0x00060000000173a9-55.dat	upx
behavioral1/files/0x00060000000171a8-45.dat	upx
behavioral1/memory/2712-1857-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2976-2078-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2592-2295-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2780-2419-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2600-2449-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2556-2452-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2604-2455-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/1080-2457-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2220-2463-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/1620-2465-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2776-2472-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2556-3892-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2780-3894-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2776-3897-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2220-3910-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2604-3902-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2976-3896-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/1620-3895-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2600-3914-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2712-3919-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2404-3918-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2592-3915-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/1080-3893-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\XKANnQb.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\OqsIiKM.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\qZVQDta.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\THjlFRa.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\TuSHRhM.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\vcVUpHN.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\BlIlXXJ.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\wwEdIFl.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\xItEFkl.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\fvHSatp.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\dmwFpef.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\PozGyfD.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\GAqUGeh.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\kBPNnEO.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\GRIhDBh.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\VogxJHe.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\rqmgjyl.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\pScHjlR.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\QYgrZEj.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\JDFjqVU.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\Jzptwkn.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\kgwGhYx.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\XGzqgyg.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\CFfwvre.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\FoBWoTu.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\NrAMdzB.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\WwaYfxm.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\UMeYIQb.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\hpTFbTc.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\yBtPbYd.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\MZUOwZY.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\cngMIWF.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\LoAAavb.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\emkePTR.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\eqNAgUD.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\cGpbMQZ.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\YBgpYsV.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\ZPhlLVa.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\iQiGMYg.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\ALejyNU.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\VgKlUny.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\yFpsghV.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\bkzHfoU.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\WFoTrrc.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\wFDUTPz.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\SyWAfQB.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\PYhyeAz.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\cmGOHVr.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\nrzQPTv.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\LfijdoB.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\tBSimhN.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\TePYtDM.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\CrjUYDk.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\ckgYDtt.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\SVGRKQr.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\sSQOaLZ.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\uyEmkBK.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\EKgCRFD.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\FnyStoH.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\VhUlXKs.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\KangXoE.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\DAsTafZ.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\JvyvEIM.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
File created	C:\Windows\System\ywmwWON.exe	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 2776	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	32
PID 2404 wrote to memory of 2776	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	32
PID 2404 wrote to memory of 2776	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	32
PID 2404 wrote to memory of 2712	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	33
PID 2404 wrote to memory of 2712	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	33
PID 2404 wrote to memory of 2712	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	33
PID 2404 wrote to memory of 2976	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	34
PID 2404 wrote to memory of 2976	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	34
PID 2404 wrote to memory of 2976	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	34
PID 2404 wrote to memory of 2592	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	35
PID 2404 wrote to memory of 2592	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	35
PID 2404 wrote to memory of 2592	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	35
PID 2404 wrote to memory of 2780	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	36
PID 2404 wrote to memory of 2780	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	36
PID 2404 wrote to memory of 2780	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	36
PID 2404 wrote to memory of 2600	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	37
PID 2404 wrote to memory of 2600	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	37
PID 2404 wrote to memory of 2600	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	37
PID 2404 wrote to memory of 2556	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	38
PID 2404 wrote to memory of 2556	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	38
PID 2404 wrote to memory of 2556	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	38
PID 2404 wrote to memory of 2604	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	39
PID 2404 wrote to memory of 2604	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	39
PID 2404 wrote to memory of 2604	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	39
PID 2404 wrote to memory of 1080	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	40
PID 2404 wrote to memory of 1080	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	40
PID 2404 wrote to memory of 1080	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	40
PID 2404 wrote to memory of 2220	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	41
PID 2404 wrote to memory of 2220	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	41
PID 2404 wrote to memory of 2220	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	41
PID 2404 wrote to memory of 1620	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	42
PID 2404 wrote to memory of 1620	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	42
PID 2404 wrote to memory of 1620	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	42
PID 2404 wrote to memory of 1468	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	43
PID 2404 wrote to memory of 1468	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	43
PID 2404 wrote to memory of 1468	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	43
PID 2404 wrote to memory of 2896	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	44
PID 2404 wrote to memory of 2896	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	44
PID 2404 wrote to memory of 2896	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	44
PID 2404 wrote to memory of 2924	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	45
PID 2404 wrote to memory of 2924	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	45
PID 2404 wrote to memory of 2924	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	45
PID 2404 wrote to memory of 3052	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	46
PID 2404 wrote to memory of 3052	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	46
PID 2404 wrote to memory of 3052	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	46
PID 2404 wrote to memory of 2236	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	47
PID 2404 wrote to memory of 2236	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	47
PID 2404 wrote to memory of 2236	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	47
PID 2404 wrote to memory of 2616	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	48
PID 2404 wrote to memory of 2616	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	48
PID 2404 wrote to memory of 2616	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	48
PID 2404 wrote to memory of 1508	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	49
PID 2404 wrote to memory of 1508	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	49
PID 2404 wrote to memory of 1508	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	49
PID 2404 wrote to memory of 1104	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	50
PID 2404 wrote to memory of 1104	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	50
PID 2404 wrote to memory of 1104	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	50
PID 2404 wrote to memory of 2804	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	51
PID 2404 wrote to memory of 2804	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	51
PID 2404 wrote to memory of 2804	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	51
PID 2404 wrote to memory of 2016	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	52
PID 2404 wrote to memory of 2016	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	52
PID 2404 wrote to memory of 2016	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	52
PID 2404 wrote to memory of 1100	2404	JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe	53

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_912c09757dbf2d17853b1d15c2bce1f02863d62889918e0d5d547980cd08227e.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Windows\System\nGkyWHK.exe
  C:\Windows\System\nGkyWHK.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\UeUogBi.exe
  C:\Windows\System\UeUogBi.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\yBtPbYd.exe
  C:\Windows\System\yBtPbYd.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\FZlzFkL.exe
  C:\Windows\System\FZlzFkL.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\WFoTrrc.exe
  C:\Windows\System\WFoTrrc.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\XKANnQb.exe
  C:\Windows\System\XKANnQb.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\HHRwNkv.exe
  C:\Windows\System\HHRwNkv.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\MmGxPFg.exe
  C:\Windows\System\MmGxPFg.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\gLciKVW.exe
  C:\Windows\System\gLciKVW.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\vYYHamY.exe
  C:\Windows\System\vYYHamY.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\iQiGMYg.exe
  C:\Windows\System\iQiGMYg.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\XTyJFJz.exe
  C:\Windows\System\XTyJFJz.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\uTZDDXk.exe
  C:\Windows\System\uTZDDXk.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\UZVIcgU.exe
  C:\Windows\System\UZVIcgU.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\pDWAMYt.exe
  C:\Windows\System\pDWAMYt.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\XursDIz.exe
  C:\Windows\System\XursDIz.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\bGvqGqB.exe
  C:\Windows\System\bGvqGqB.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\rJFoyto.exe
  C:\Windows\System\rJFoyto.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\tBSimhN.exe
  C:\Windows\System\tBSimhN.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\UVDBQXP.exe
  C:\Windows\System\UVDBQXP.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\nvhczyn.exe
  C:\Windows\System\nvhczyn.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\LzEgKBj.exe
  C:\Windows\System\LzEgKBj.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\dmRIOdY.exe
  C:\Windows\System\dmRIOdY.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\loBtVCf.exe
  C:\Windows\System\loBtVCf.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\eXabkIV.exe
  C:\Windows\System\eXabkIV.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\OHCnMEM.exe
  C:\Windows\System\OHCnMEM.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\vSXphLV.exe
  C:\Windows\System\vSXphLV.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\lKJdjjj.exe
  C:\Windows\System\lKJdjjj.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\gPUkDFN.exe
  C:\Windows\System\gPUkDFN.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\AfsvlPx.exe
  C:\Windows\System\AfsvlPx.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\kVqEHGs.exe
  C:\Windows\System\kVqEHGs.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\qjujTab.exe
  C:\Windows\System\qjujTab.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\EcpUCnR.exe
  C:\Windows\System\EcpUCnR.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\QNIGuHu.exe
  C:\Windows\System\QNIGuHu.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\JpzmoTs.exe
  C:\Windows\System\JpzmoTs.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\msVkIXz.exe
  C:\Windows\System\msVkIXz.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\qqwRGVa.exe
  C:\Windows\System\qqwRGVa.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\HFvruur.exe
  C:\Windows\System\HFvruur.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\aphEHDi.exe
  C:\Windows\System\aphEHDi.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\zVorPKa.exe
  C:\Windows\System\zVorPKa.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\VvpagYW.exe
  C:\Windows\System\VvpagYW.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\lPXyebf.exe
  C:\Windows\System\lPXyebf.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\CfoNenZ.exe
  C:\Windows\System\CfoNenZ.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\McLHqoT.exe
  C:\Windows\System\McLHqoT.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\MSlnInU.exe
  C:\Windows\System\MSlnInU.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\EORkSNQ.exe
  C:\Windows\System\EORkSNQ.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\NwbsGoE.exe
  C:\Windows\System\NwbsGoE.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\xHSalVP.exe
  C:\Windows\System\xHSalVP.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\ALejyNU.exe
  C:\Windows\System\ALejyNU.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\BTuuNlu.exe
  C:\Windows\System\BTuuNlu.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\tZpyJLY.exe
  C:\Windows\System\tZpyJLY.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\uoSOMSo.exe
  C:\Windows\System\uoSOMSo.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\daGplVs.exe
  C:\Windows\System\daGplVs.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\valNxyz.exe
  C:\Windows\System\valNxyz.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\urZYkQN.exe
  C:\Windows\System\urZYkQN.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\Bujryxo.exe
  C:\Windows\System\Bujryxo.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\TgVkXBS.exe
  C:\Windows\System\TgVkXBS.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\RvdEyda.exe
  C:\Windows\System\RvdEyda.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\MHSaFPp.exe
  C:\Windows\System\MHSaFPp.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\GZINEwP.exe
  C:\Windows\System\GZINEwP.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\WeFcJWU.exe
  C:\Windows\System\WeFcJWU.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\aYYJtvz.exe
  C:\Windows\System\aYYJtvz.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\JOFPKpf.exe
  C:\Windows\System\JOFPKpf.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\ZWTJjZz.exe
  C:\Windows\System\ZWTJjZz.exe
  2⤵
  PID:1112
- C:\Windows\System\eVvMYyY.exe
  C:\Windows\System\eVvMYyY.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\rvKhLrn.exe
  C:\Windows\System\rvKhLrn.exe
  2⤵
  PID:3036
- C:\Windows\System\Fzyqzjm.exe
  C:\Windows\System\Fzyqzjm.exe
  2⤵
  PID:2440
- C:\Windows\System\JvyvEIM.exe
  C:\Windows\System\JvyvEIM.exe
  2⤵
  PID:1648
- C:\Windows\System\msAKXGF.exe
  C:\Windows\System\msAKXGF.exe
  2⤵
  PID:264
- C:\Windows\System\fBXsObc.exe
  C:\Windows\System\fBXsObc.exe
  2⤵
  PID:2996
- C:\Windows\System\hWpFKgN.exe
  C:\Windows\System\hWpFKgN.exe
  2⤵
  PID:2232
- C:\Windows\System\KNuUbeM.exe
  C:\Windows\System\KNuUbeM.exe
  2⤵
  PID:1864
- C:\Windows\System\PXPVQHR.exe
  C:\Windows\System\PXPVQHR.exe
  2⤵
  PID:1488
- C:\Windows\System\rNkuiPU.exe
  C:\Windows\System\rNkuiPU.exe
  2⤵
  PID:1916
- C:\Windows\System\eIenqqO.exe
  C:\Windows\System\eIenqqO.exe
  2⤵
  PID:2396
- C:\Windows\System\FAQevxb.exe
  C:\Windows\System\FAQevxb.exe
  2⤵
  PID:1096
- C:\Windows\System\bwToMDx.exe
  C:\Windows\System\bwToMDx.exe
  2⤵
  PID:968
- C:\Windows\System\bwaCfSu.exe
  C:\Windows\System\bwaCfSu.exe
  2⤵
  PID:792
- C:\Windows\System\xsTdfxb.exe
  C:\Windows\System\xsTdfxb.exe
  2⤵
  PID:2988
- C:\Windows\System\VmkTKky.exe
  C:\Windows\System\VmkTKky.exe
  2⤵
  PID:1556
- C:\Windows\System\pScHjlR.exe
  C:\Windows\System\pScHjlR.exe
  2⤵
  PID:2004
- C:\Windows\System\mmuWgYz.exe
  C:\Windows\System\mmuWgYz.exe
  2⤵
  PID:2332
- C:\Windows\System\xBvtYAi.exe
  C:\Windows\System\xBvtYAi.exe
  2⤵
  PID:2320
- C:\Windows\System\hlADNBU.exe
  C:\Windows\System\hlADNBU.exe
  2⤵
  PID:3044
- C:\Windows\System\ywmwWON.exe
  C:\Windows\System\ywmwWON.exe
  2⤵
  PID:2340
- C:\Windows\System\FoBWoTu.exe
  C:\Windows\System\FoBWoTu.exe
  2⤵
  PID:2104
- C:\Windows\System\qWXGImZ.exe
  C:\Windows\System\qWXGImZ.exe
  2⤵
  PID:816
- C:\Windows\System\CrbBNEC.exe
  C:\Windows\System\CrbBNEC.exe
  2⤵
  PID:2860
- C:\Windows\System\csgamrX.exe
  C:\Windows\System\csgamrX.exe
  2⤵
  PID:884
- C:\Windows\System\JsVRhXQ.exe
  C:\Windows\System\JsVRhXQ.exe
  2⤵
  PID:2040
- C:\Windows\System\vPSxwYn.exe
  C:\Windows\System\vPSxwYn.exe
  2⤵
  PID:2652
- C:\Windows\System\GtWTwDW.exe
  C:\Windows\System\GtWTwDW.exe
  2⤵
  PID:2588
- C:\Windows\System\UUVmoLx.exe
  C:\Windows\System\UUVmoLx.exe
  2⤵
  PID:2720
- C:\Windows\System\KEstTMK.exe
  C:\Windows\System\KEstTMK.exe
  2⤵
  PID:812
- C:\Windows\System\frxwGLv.exe
  C:\Windows\System\frxwGLv.exe
  2⤵
  PID:2748
- C:\Windows\System\liMmxMQ.exe
  C:\Windows\System\liMmxMQ.exe
  2⤵
  PID:1196
- C:\Windows\System\KzuJcyJ.exe
  C:\Windows\System\KzuJcyJ.exe
  2⤵
  PID:2144
- C:\Windows\System\QflMbDB.exe
  C:\Windows\System\QflMbDB.exe
  2⤵
  PID:2020
- C:\Windows\System\WgCTVEg.exe
  C:\Windows\System\WgCTVEg.exe
  2⤵
  PID:2384
- C:\Windows\System\eVblbgu.exe
  C:\Windows\System\eVblbgu.exe
  2⤵
  PID:2512
- C:\Windows\System\EwtbaUM.exe
  C:\Windows\System\EwtbaUM.exe
  2⤵
  PID:1692
- C:\Windows\System\BscSICy.exe
  C:\Windows\System\BscSICy.exe
  2⤵
  PID:2656
- C:\Windows\System\txQAvSE.exe
  C:\Windows\System\txQAvSE.exe
  2⤵
  PID:2328
- C:\Windows\System\kFewfIe.exe
  C:\Windows\System\kFewfIe.exe
  2⤵
  PID:2180
- C:\Windows\System\gAkHUli.exe
  C:\Windows\System\gAkHUli.exe
  2⤵
  PID:1084
- C:\Windows\System\TePYtDM.exe
  C:\Windows\System\TePYtDM.exe
  2⤵
  PID:1768
- C:\Windows\System\vHwpvEc.exe
  C:\Windows\System\vHwpvEc.exe
  2⤵
  PID:1724
- C:\Windows\System\XvoKVqP.exe
  C:\Windows\System\XvoKVqP.exe
  2⤵
  PID:2760
- C:\Windows\System\hgydWoY.exe
  C:\Windows\System\hgydWoY.exe
  2⤵
  PID:1520
- C:\Windows\System\YmiUaBj.exe
  C:\Windows\System\YmiUaBj.exe
  2⤵
  PID:1576
- C:\Windows\System\Asatxmo.exe
  C:\Windows\System\Asatxmo.exe
  2⤵
  PID:532
- C:\Windows\System\sZkVPpA.exe
  C:\Windows\System\sZkVPpA.exe
  2⤵
  PID:2304
- C:\Windows\System\AvMTLUi.exe
  C:\Windows\System\AvMTLUi.exe
  2⤵
  PID:2904
- C:\Windows\System\PoBFgKY.exe
  C:\Windows\System\PoBFgKY.exe
  2⤵
  PID:2192
- C:\Windows\System\oxQeYoY.exe
  C:\Windows\System\oxQeYoY.exe
  2⤵
  PID:2124
- C:\Windows\System\SsEwRgr.exe
  C:\Windows\System\SsEwRgr.exe
  2⤵
  PID:992
- C:\Windows\System\FKcAKFI.exe
  C:\Windows\System\FKcAKFI.exe
  2⤵
  PID:956
- C:\Windows\System\ACPintB.exe
  C:\Windows\System\ACPintB.exe
  2⤵
  PID:3084
- C:\Windows\System\wFDUTPz.exe
  C:\Windows\System\wFDUTPz.exe
  2⤵
  PID:3104
- C:\Windows\System\JdIxGkW.exe
  C:\Windows\System\JdIxGkW.exe
  2⤵
  PID:3128
- C:\Windows\System\WrShraB.exe
  C:\Windows\System\WrShraB.exe
  2⤵
  PID:3144
- C:\Windows\System\qeddxEb.exe
  C:\Windows\System\qeddxEb.exe
  2⤵
  PID:3168
- C:\Windows\System\RXRJKmc.exe
  C:\Windows\System\RXRJKmc.exe
  2⤵
  PID:3184
- C:\Windows\System\BxRgfFD.exe
  C:\Windows\System\BxRgfFD.exe
  2⤵
  PID:3208
- C:\Windows\System\SjYPfKv.exe
  C:\Windows\System\SjYPfKv.exe
  2⤵
  PID:3228
- C:\Windows\System\KaYmRTt.exe
  C:\Windows\System\KaYmRTt.exe
  2⤵
  PID:3248
- C:\Windows\System\CvRPEKx.exe
  C:\Windows\System\CvRPEKx.exe
  2⤵
  PID:3264
- C:\Windows\System\CHqccWy.exe
  C:\Windows\System\CHqccWy.exe
  2⤵
  PID:3284
- C:\Windows\System\HUmVeaT.exe
  C:\Windows\System\HUmVeaT.exe
  2⤵
  PID:3308
- C:\Windows\System\iVNDADx.exe
  C:\Windows\System\iVNDADx.exe
  2⤵
  PID:3324
- C:\Windows\System\mjXAVuV.exe
  C:\Windows\System\mjXAVuV.exe
  2⤵
  PID:3344
- C:\Windows\System\kjlIAZF.exe
  C:\Windows\System\kjlIAZF.exe
  2⤵
  PID:3364
- C:\Windows\System\OFBAVhg.exe
  C:\Windows\System\OFBAVhg.exe
  2⤵
  PID:3388
- C:\Windows\System\hUBSFza.exe
  C:\Windows\System\hUBSFza.exe
  2⤵
  PID:3404
- C:\Windows\System\JbTHEpQ.exe
  C:\Windows\System\JbTHEpQ.exe
  2⤵
  PID:3424
- C:\Windows\System\HpGGwKH.exe
  C:\Windows\System\HpGGwKH.exe
  2⤵
  PID:3444
- C:\Windows\System\AOJkivm.exe
  C:\Windows\System\AOJkivm.exe
  2⤵
  PID:3460
- C:\Windows\System\yGpkXav.exe
  C:\Windows\System\yGpkXav.exe
  2⤵
  PID:3484
- C:\Windows\System\qbaDKiL.exe
  C:\Windows\System\qbaDKiL.exe
  2⤵
  PID:3508
- C:\Windows\System\xsEncZf.exe
  C:\Windows\System\xsEncZf.exe
  2⤵
  PID:3524
- C:\Windows\System\sybmjLd.exe
  C:\Windows\System\sybmjLd.exe
  2⤵
  PID:3544
- C:\Windows\System\fKnhwER.exe
  C:\Windows\System\fKnhwER.exe
  2⤵
  PID:3560
- C:\Windows\System\bTfiLMx.exe
  C:\Windows\System\bTfiLMx.exe
  2⤵
  PID:3580
- C:\Windows\System\ZjKITQs.exe
  C:\Windows\System\ZjKITQs.exe
  2⤵
  PID:3604
- C:\Windows\System\kWkorwi.exe
  C:\Windows\System\kWkorwi.exe
  2⤵
  PID:3624
- C:\Windows\System\IDjnhfQ.exe
  C:\Windows\System\IDjnhfQ.exe
  2⤵
  PID:3644
- C:\Windows\System\bRcukKa.exe
  C:\Windows\System\bRcukKa.exe
  2⤵
  PID:3660
- C:\Windows\System\rsbNtvO.exe
  C:\Windows\System\rsbNtvO.exe
  2⤵
  PID:3676
- C:\Windows\System\oLgCOxa.exe
  C:\Windows\System\oLgCOxa.exe
  2⤵
  PID:3700
- C:\Windows\System\GDYHmiK.exe
  C:\Windows\System\GDYHmiK.exe
  2⤵
  PID:3716
- C:\Windows\System\RpQMlzv.exe
  C:\Windows\System\RpQMlzv.exe
  2⤵
  PID:3736
- C:\Windows\System\GCiwhWL.exe
  C:\Windows\System\GCiwhWL.exe
  2⤵
  PID:3756
- C:\Windows\System\otgEQjz.exe
  C:\Windows\System\otgEQjz.exe
  2⤵
  PID:3780
- C:\Windows\System\kqhFWNz.exe
  C:\Windows\System\kqhFWNz.exe
  2⤵
  PID:3800
- C:\Windows\System\eKSrcTP.exe
  C:\Windows\System\eKSrcTP.exe
  2⤵
  PID:3820
- C:\Windows\System\CjpYtPG.exe
  C:\Windows\System\CjpYtPG.exe
  2⤵
  PID:3836
- C:\Windows\System\vyCSOkQ.exe
  C:\Windows\System\vyCSOkQ.exe
  2⤵
  PID:3852
- C:\Windows\System\CrjUYDk.exe
  C:\Windows\System\CrjUYDk.exe
  2⤵
  PID:3868
- C:\Windows\System\rPiIoJs.exe
  C:\Windows\System\rPiIoJs.exe
  2⤵
  PID:3912
- C:\Windows\System\wFAwRAw.exe
  C:\Windows\System\wFAwRAw.exe
  2⤵
  PID:3932
- C:\Windows\System\BtqfFjq.exe
  C:\Windows\System\BtqfFjq.exe
  2⤵
  PID:3948
- C:\Windows\System\jCKMYJD.exe
  C:\Windows\System\jCKMYJD.exe
  2⤵
  PID:3972
- C:\Windows\System\IAppQIT.exe
  C:\Windows\System\IAppQIT.exe
  2⤵
  PID:3992
- C:\Windows\System\vtIdeli.exe
  C:\Windows\System\vtIdeli.exe
  2⤵
  PID:4012
- C:\Windows\System\qPWYaVF.exe
  C:\Windows\System\qPWYaVF.exe
  2⤵
  PID:4032
- C:\Windows\System\ibTUHuO.exe
  C:\Windows\System\ibTUHuO.exe
  2⤵
  PID:4052
- C:\Windows\System\tEZspGn.exe
  C:\Windows\System\tEZspGn.exe
  2⤵
  PID:4072
- C:\Windows\System\JKOSpar.exe
  C:\Windows\System\JKOSpar.exe
  2⤵
  PID:4092
- C:\Windows\System\uYBgnrr.exe
  C:\Windows\System\uYBgnrr.exe
  2⤵
  PID:1796
- C:\Windows\System\QqsJdKJ.exe
  C:\Windows\System\QqsJdKJ.exe
  2⤵
  PID:2096
- C:\Windows\System\tLpsOIS.exe
  C:\Windows\System\tLpsOIS.exe
  2⤵
  PID:1920
- C:\Windows\System\MZUOwZY.exe
  C:\Windows\System\MZUOwZY.exe
  2⤵
  PID:2768
- C:\Windows\System\RHQkmOw.exe
  C:\Windows\System\RHQkmOw.exe
  2⤵
  PID:1008
- C:\Windows\System\FydhGuG.exe
  C:\Windows\System\FydhGuG.exe
  2⤵
  PID:2784
- C:\Windows\System\hUvuoSF.exe
  C:\Windows\System\hUvuoSF.exe
  2⤵
  PID:1484
- C:\Windows\System\qBqRTts.exe
  C:\Windows\System\qBqRTts.exe
  2⤵
  PID:2672
- C:\Windows\System\SyWAfQB.exe
  C:\Windows\System\SyWAfQB.exe
  2⤵
  PID:1844
- C:\Windows\System\ZSsjZqB.exe
  C:\Windows\System\ZSsjZqB.exe
  2⤵
  PID:2820
- C:\Windows\System\OmrIQrX.exe
  C:\Windows\System\OmrIQrX.exe
  2⤵
  PID:3092
- C:\Windows\System\wDlehbz.exe
  C:\Windows\System\wDlehbz.exe
  2⤵
  PID:3160
- C:\Windows\System\NbrxuEq.exe
  C:\Windows\System\NbrxuEq.exe
  2⤵
  PID:3200
- C:\Windows\System\XBcYokb.exe
  C:\Windows\System\XBcYokb.exe
  2⤵
  PID:3244
- C:\Windows\System\IqPElDF.exe
  C:\Windows\System\IqPElDF.exe
  2⤵
  PID:3220
- C:\Windows\System\tlNtrzu.exe
  C:\Windows\System\tlNtrzu.exe
  2⤵
  PID:3320
- C:\Windows\System\HVOCiIN.exe
  C:\Windows\System\HVOCiIN.exe
  2⤵
  PID:3304
- C:\Windows\System\jHVsVaD.exe
  C:\Windows\System\jHVsVaD.exe
  2⤵
  PID:3340
- C:\Windows\System\OIdCJtt.exe
  C:\Windows\System\OIdCJtt.exe
  2⤵
  PID:3440
- C:\Windows\System\RdHUiZD.exe
  C:\Windows\System\RdHUiZD.exe
  2⤵
  PID:3372
- C:\Windows\System\FVMUOFd.exe
  C:\Windows\System\FVMUOFd.exe
  2⤵
  PID:2984
- C:\Windows\System\KjOncEv.exe
  C:\Windows\System\KjOncEv.exe
  2⤵
  PID:3596
- C:\Windows\System\NrkXuVI.exe
  C:\Windows\System\NrkXuVI.exe
  2⤵
  PID:3416
- C:\Windows\System\rlttPyv.exe
  C:\Windows\System\rlttPyv.exe
  2⤵
  PID:3496
- C:\Windows\System\BqGHDTm.exe
  C:\Windows\System\BqGHDTm.exe
  2⤵
  PID:3504
- C:\Windows\System\Ndkgvrv.exe
  C:\Windows\System\Ndkgvrv.exe
  2⤵
  PID:3540
- C:\Windows\System\QvILZzq.exe
  C:\Windows\System\QvILZzq.exe
  2⤵
  PID:3748
- C:\Windows\System\AfUtbov.exe
  C:\Windows\System\AfUtbov.exe
  2⤵
  PID:3576
- C:\Windows\System\GjvQZWu.exe
  C:\Windows\System\GjvQZWu.exe
  2⤵
  PID:3652
- C:\Windows\System\oVxAvkg.exe
  C:\Windows\System\oVxAvkg.exe
  2⤵
  PID:3828
- C:\Windows\System\acYJoQX.exe
  C:\Windows\System\acYJoQX.exe
  2⤵
  PID:3732
- C:\Windows\System\MnQtbAU.exe
  C:\Windows\System\MnQtbAU.exe
  2⤵
  PID:3776
- C:\Windows\System\SQeDPjH.exe
  C:\Windows\System\SQeDPjH.exe
  2⤵
  PID:3816
- C:\Windows\System\ZVqLSlR.exe
  C:\Windows\System\ZVqLSlR.exe
  2⤵
  PID:3880
- C:\Windows\System\ZiPYQmu.exe
  C:\Windows\System\ZiPYQmu.exe
  2⤵
  PID:3920
- C:\Windows\System\WEkBhmJ.exe
  C:\Windows\System\WEkBhmJ.exe
  2⤵
  PID:3964
- C:\Windows\System\MKTLYVs.exe
  C:\Windows\System\MKTLYVs.exe
  2⤵
  PID:4008
- C:\Windows\System\qyeEGbM.exe
  C:\Windows\System\qyeEGbM.exe
  2⤵
  PID:4048
- C:\Windows\System\Kqlvtkc.exe
  C:\Windows\System\Kqlvtkc.exe
  2⤵
  PID:4020
- C:\Windows\System\GyxcCzx.exe
  C:\Windows\System\GyxcCzx.exe
  2⤵
  PID:4064
- C:\Windows\System\YBGxnkf.exe
  C:\Windows\System\YBGxnkf.exe
  2⤵
  PID:972
- C:\Windows\System\JuJFzxA.exe
  C:\Windows\System\JuJFzxA.exe
  2⤵
  PID:2444
- C:\Windows\System\yTOtNjc.exe
  C:\Windows\System\yTOtNjc.exe
  2⤵
  PID:1600
- C:\Windows\System\QnlfZfs.exe
  C:\Windows\System\QnlfZfs.exe
  2⤵
  PID:2960
- C:\Windows\System\dDnqIYm.exe
  C:\Windows\System\dDnqIYm.exe
  2⤵
  PID:1628
- C:\Windows\System\PRCFPnD.exe
  C:\Windows\System\PRCFPnD.exe
  2⤵
  PID:3124
- C:\Windows\System\qbXStyp.exe
  C:\Windows\System\qbXStyp.exe
  2⤵
  PID:2888
- C:\Windows\System\pDBFAuf.exe
  C:\Windows\System\pDBFAuf.exe
  2⤵
  PID:3204
- C:\Windows\System\WtjAJEr.exe
  C:\Windows\System\WtjAJEr.exe
  2⤵
  PID:3240
- C:\Windows\System\zNRDqTw.exe
  C:\Windows\System\zNRDqTw.exe
  2⤵
  PID:3292
- C:\Windows\System\FlWvGGW.exe
  C:\Windows\System\FlWvGGW.exe
  2⤵
  PID:3296
- C:\Windows\System\uUHaaZi.exe
  C:\Windows\System\uUHaaZi.exe
  2⤵
  PID:3400
- C:\Windows\System\PoBUWdh.exe
  C:\Windows\System\PoBUWdh.exe
  2⤵
  PID:3380
- C:\Windows\System\IKVzWHO.exe
  C:\Windows\System\IKVzWHO.exe
  2⤵
  PID:3632
- C:\Windows\System\oiGQaMx.exe
  C:\Windows\System\oiGQaMx.exe
  2⤵
  PID:3796
- C:\Windows\System\KqjEqgW.exe
  C:\Windows\System\KqjEqgW.exe
  2⤵
  PID:3640
- C:\Windows\System\CfYlihr.exe
  C:\Windows\System\CfYlihr.exe
  2⤵
  PID:3752
- C:\Windows\System\FGYqEzI.exe
  C:\Windows\System\FGYqEzI.exe
  2⤵
  PID:3696
- C:\Windows\System\ZEFesbw.exe
  C:\Windows\System\ZEFesbw.exe
  2⤵
  PID:3928
- C:\Windows\System\qVgeZdi.exe
  C:\Windows\System\qVgeZdi.exe
  2⤵
  PID:3896
- C:\Windows\System\XrojVjM.exe
  C:\Windows\System\XrojVjM.exe
  2⤵
  PID:3956
- C:\Windows\System\QYgrZEj.exe
  C:\Windows\System\QYgrZEj.exe
  2⤵
  PID:3980
- C:\Windows\System\vGhokTq.exe
  C:\Windows\System\vGhokTq.exe
  2⤵
  PID:3944
- C:\Windows\System\WIprVKk.exe
  C:\Windows\System\WIprVKk.exe
  2⤵
  PID:4060
- C:\Windows\System\VwIBOGc.exe
  C:\Windows\System\VwIBOGc.exe
  2⤵
  PID:2504
- C:\Windows\System\NrqrXRM.exe
  C:\Windows\System\NrqrXRM.exe
  2⤵
  PID:3116
- C:\Windows\System\OtOELAf.exe
  C:\Windows\System\OtOELAf.exe
  2⤵
  PID:1516
- C:\Windows\System\GVXRiZC.exe
  C:\Windows\System\GVXRiZC.exe
  2⤵
  PID:1548
- C:\Windows\System\JXSCDSi.exe
  C:\Windows\System\JXSCDSi.exe
  2⤵
  PID:3272
- C:\Windows\System\kgwGhYx.exe
  C:\Windows\System\kgwGhYx.exe
  2⤵
  PID:3480
- C:\Windows\System\fWjQDyy.exe
  C:\Windows\System\fWjQDyy.exe
  2⤵
  PID:3336
- C:\Windows\System\AWpYBzG.exe
  C:\Windows\System\AWpYBzG.exe
  2⤵
  PID:3556
- C:\Windows\System\GROxvNc.exe
  C:\Windows\System\GROxvNc.exe
  2⤵
  PID:3492
- C:\Windows\System\yxMyUSI.exe
  C:\Windows\System\yxMyUSI.exe
  2⤵
  PID:3616
- C:\Windows\System\BsLtymV.exe
  C:\Windows\System\BsLtymV.exe
  2⤵
  PID:3728
- C:\Windows\System\vFsbNUY.exe
  C:\Windows\System\vFsbNUY.exe
  2⤵
  PID:3772
- C:\Windows\System\YGukTBn.exe
  C:\Windows\System\YGukTBn.exe
  2⤵
  PID:3812
- C:\Windows\System\THjlFRa.exe
  C:\Windows\System\THjlFRa.exe
  2⤵
  PID:4040
- C:\Windows\System\qyGgYgz.exe
  C:\Windows\System\qyGgYgz.exe
  2⤵
  PID:3112
- C:\Windows\System\MbPvexe.exe
  C:\Windows\System\MbPvexe.exe
  2⤵
  PID:4112
- C:\Windows\System\dXQHdYh.exe
  C:\Windows\System\dXQHdYh.exe
  2⤵
  PID:4128
- C:\Windows\System\QMyBzja.exe
  C:\Windows\System\QMyBzja.exe
  2⤵
  PID:4152
- C:\Windows\System\DKxhWQC.exe
  C:\Windows\System\DKxhWQC.exe
  2⤵
  PID:4176
- C:\Windows\System\eoQTclI.exe
  C:\Windows\System\eoQTclI.exe
  2⤵
  PID:4192
- C:\Windows\System\wwgnfnF.exe
  C:\Windows\System\wwgnfnF.exe
  2⤵
  PID:4216
- C:\Windows\System\JXTYIiq.exe
  C:\Windows\System\JXTYIiq.exe
  2⤵
  PID:4236
- C:\Windows\System\FGhfIxD.exe
  C:\Windows\System\FGhfIxD.exe
  2⤵
  PID:4256
- C:\Windows\System\HMeATeP.exe
  C:\Windows\System\HMeATeP.exe
  2⤵
  PID:4276
- C:\Windows\System\JzOhoJC.exe
  C:\Windows\System\JzOhoJC.exe
  2⤵
  PID:4292
- C:\Windows\System\PZkYffD.exe
  C:\Windows\System\PZkYffD.exe
  2⤵
  PID:4312
- C:\Windows\System\VYbRiQf.exe
  C:\Windows\System\VYbRiQf.exe
  2⤵
  PID:4336
- C:\Windows\System\FmgydgS.exe
  C:\Windows\System\FmgydgS.exe
  2⤵
  PID:4352
- C:\Windows\System\xFlhSTT.exe
  C:\Windows\System\xFlhSTT.exe
  2⤵
  PID:4372
- C:\Windows\System\FuwnUeT.exe
  C:\Windows\System\FuwnUeT.exe
  2⤵
  PID:4392
- C:\Windows\System\VjvDELG.exe
  C:\Windows\System\VjvDELG.exe
  2⤵
  PID:4412
- C:\Windows\System\UxWHTKs.exe
  C:\Windows\System\UxWHTKs.exe
  2⤵
  PID:4436
- C:\Windows\System\uRRqYVM.exe
  C:\Windows\System\uRRqYVM.exe
  2⤵
  PID:4452
- C:\Windows\System\rxMhnCR.exe
  C:\Windows\System\rxMhnCR.exe
  2⤵
  PID:4472
- C:\Windows\System\TiporZA.exe
  C:\Windows\System\TiporZA.exe
  2⤵
  PID:4492
- C:\Windows\System\VianppX.exe
  C:\Windows\System\VianppX.exe
  2⤵
  PID:4512
- C:\Windows\System\cLrGqjR.exe
  C:\Windows\System\cLrGqjR.exe
  2⤵
  PID:4536
- C:\Windows\System\yebDbEc.exe
  C:\Windows\System\yebDbEc.exe
  2⤵
  PID:4552
- C:\Windows\System\vIyAwRv.exe
  C:\Windows\System\vIyAwRv.exe
  2⤵
  PID:4576
- C:\Windows\System\KloqPJd.exe
  C:\Windows\System\KloqPJd.exe
  2⤵
  PID:4592
- C:\Windows\System\KyUiHqF.exe
  C:\Windows\System\KyUiHqF.exe
  2⤵
  PID:4616
- C:\Windows\System\bFvCuOD.exe
  C:\Windows\System\bFvCuOD.exe
  2⤵
  PID:4636
- C:\Windows\System\HlgHvAl.exe
  C:\Windows\System\HlgHvAl.exe
  2⤵
  PID:4656
- C:\Windows\System\mIelwUL.exe
  C:\Windows\System\mIelwUL.exe
  2⤵
  PID:4676
- C:\Windows\System\CEaYslU.exe
  C:\Windows\System\CEaYslU.exe
  2⤵
  PID:4692
- C:\Windows\System\mjPqzoI.exe
  C:\Windows\System\mjPqzoI.exe
  2⤵
  PID:4708
- C:\Windows\System\QhJUtSP.exe
  C:\Windows\System\QhJUtSP.exe
  2⤵
  PID:4732
- C:\Windows\System\NxFxzyK.exe
  C:\Windows\System\NxFxzyK.exe
  2⤵
  PID:4752
- C:\Windows\System\JDFjqVU.exe
  C:\Windows\System\JDFjqVU.exe
  2⤵
  PID:4772
- C:\Windows\System\qlGLzTc.exe
  C:\Windows\System\qlGLzTc.exe
  2⤵
  PID:4792
- C:\Windows\System\sKHxKLc.exe
  C:\Windows\System\sKHxKLc.exe
  2⤵
  PID:4816
- C:\Windows\System\lYgsiMI.exe
  C:\Windows\System\lYgsiMI.exe
  2⤵
  PID:4832
- C:\Windows\System\KcnsccB.exe
  C:\Windows\System\KcnsccB.exe
  2⤵
  PID:4856
- C:\Windows\System\rMddWPN.exe
  C:\Windows\System\rMddWPN.exe
  2⤵
  PID:4872
- C:\Windows\System\kVNQroK.exe
  C:\Windows\System\kVNQroK.exe
  2⤵
  PID:4896
- C:\Windows\System\wXwvBLz.exe
  C:\Windows\System\wXwvBLz.exe
  2⤵
  PID:4912
- C:\Windows\System\lrVDzIN.exe
  C:\Windows\System\lrVDzIN.exe
  2⤵
  PID:4928
- C:\Windows\System\nXiOcvT.exe
  C:\Windows\System\nXiOcvT.exe
  2⤵
  PID:4952
- C:\Windows\System\SWtlDKr.exe
  C:\Windows\System\SWtlDKr.exe
  2⤵
  PID:4972
- C:\Windows\System\GTyXEtf.exe
  C:\Windows\System\GTyXEtf.exe
  2⤵
  PID:4992
- C:\Windows\System\wpWrlry.exe
  C:\Windows\System\wpWrlry.exe
  2⤵
  PID:5016
- C:\Windows\System\skhBuCl.exe
  C:\Windows\System\skhBuCl.exe
  2⤵
  PID:5032
- C:\Windows\System\XXgAedm.exe
  C:\Windows\System\XXgAedm.exe
  2⤵
  PID:5052
- C:\Windows\System\ijtdONv.exe
  C:\Windows\System\ijtdONv.exe
  2⤵
  PID:5076
- C:\Windows\System\hPXKNCu.exe
  C:\Windows\System\hPXKNCu.exe
  2⤵
  PID:5092
- C:\Windows\System\tacAKKV.exe
  C:\Windows\System\tacAKKV.exe
  2⤵
  PID:5112
- C:\Windows\System\OssTtyG.exe
  C:\Windows\System\OssTtyG.exe
  2⤵
  PID:2388
- C:\Windows\System\eCwtwqQ.exe
  C:\Windows\System\eCwtwqQ.exe
  2⤵
  PID:3152
- C:\Windows\System\tMFWLJy.exe
  C:\Windows\System\tMFWLJy.exe
  2⤵
  PID:3316
- C:\Windows\System\NaovLbV.exe
  C:\Windows\System\NaovLbV.exe
  2⤵
  PID:3536
- C:\Windows\System\LbplhoM.exe
  C:\Windows\System\LbplhoM.exe
  2⤵
  PID:3864
- C:\Windows\System\mAdNgBS.exe
  C:\Windows\System\mAdNgBS.exe
  2⤵
  PID:3432
- C:\Windows\System\DOMyWHB.exe
  C:\Windows\System\DOMyWHB.exe
  2⤵
  PID:4084
- C:\Windows\System\vWNkwcS.exe
  C:\Windows\System\vWNkwcS.exe
  2⤵
  PID:3904
- C:\Windows\System\ajQPtkB.exe
  C:\Windows\System\ajQPtkB.exe
  2⤵
  PID:4144
- C:\Windows\System\cqOuwRR.exe
  C:\Windows\System\cqOuwRR.exe
  2⤵
  PID:684
- C:\Windows\System\bJBSteX.exe
  C:\Windows\System\bJBSteX.exe
  2⤵
  PID:4120
- C:\Windows\System\pcVXGDB.exe
  C:\Windows\System\pcVXGDB.exe
  2⤵
  PID:4224
- C:\Windows\System\VNTEePe.exe
  C:\Windows\System\VNTEePe.exe
  2⤵
  PID:4268
- C:\Windows\System\nVVbHrv.exe
  C:\Windows\System\nVVbHrv.exe
  2⤵
  PID:4248
- C:\Windows\System\lHNEUUO.exe
  C:\Windows\System\lHNEUUO.exe
  2⤵
  PID:4284
- C:\Windows\System\ATXpDPT.exe
  C:\Windows\System\ATXpDPT.exe
  2⤵
  PID:4348
- C:\Windows\System\sBGOZZU.exe
  C:\Windows\System\sBGOZZU.exe
  2⤵
  PID:4328
- C:\Windows\System\xCYTiyx.exe
  C:\Windows\System\xCYTiyx.exe
  2⤵
  PID:4424
- C:\Windows\System\TZxAGUU.exe
  C:\Windows\System\TZxAGUU.exe
  2⤵
  PID:4400
- C:\Windows\System\dfyQOSp.exe
  C:\Windows\System\dfyQOSp.exe
  2⤵
  PID:4508
- C:\Windows\System\fIlYNSv.exe
  C:\Windows\System\fIlYNSv.exe
  2⤵
  PID:4448
- C:\Windows\System\fAOpkYF.exe
  C:\Windows\System\fAOpkYF.exe
  2⤵
  PID:4532
- C:\Windows\System\GroToMu.exe
  C:\Windows\System\GroToMu.exe
  2⤵
  PID:4564
- C:\Windows\System\tXpBJRC.exe
  C:\Windows\System\tXpBJRC.exe
  2⤵
  PID:4628
- C:\Windows\System\FjdZZsZ.exe
  C:\Windows\System\FjdZZsZ.exe
  2⤵
  PID:4604
- C:\Windows\System\IUYXgoN.exe
  C:\Windows\System\IUYXgoN.exe
  2⤵
  PID:4648
- C:\Windows\System\wxgdVKW.exe
  C:\Windows\System\wxgdVKW.exe
  2⤵
  PID:4720
- C:\Windows\System\cKeeeNj.exe
  C:\Windows\System\cKeeeNj.exe
  2⤵
  PID:4724
- C:\Windows\System\GiFlMEe.exe
  C:\Windows\System\GiFlMEe.exe
  2⤵
  PID:4788
- C:\Windows\System\MhkvGLC.exe
  C:\Windows\System\MhkvGLC.exe
  2⤵
  PID:4828
- C:\Windows\System\zpvJBnC.exe
  C:\Windows\System\zpvJBnC.exe
  2⤵
  PID:4840
- C:\Windows\System\uyalxDw.exe
  C:\Windows\System\uyalxDw.exe
  2⤵
  PID:4904
- C:\Windows\System\KfTucvN.exe
  C:\Windows\System\KfTucvN.exe
  2⤵
  PID:4880
- C:\Windows\System\WwiptMF.exe
  C:\Windows\System\WwiptMF.exe
  2⤵
  PID:4948
- C:\Windows\System\wMICewF.exe
  C:\Windows\System\wMICewF.exe
  2⤵
  PID:4968
- C:\Windows\System\DZvSjKp.exe
  C:\Windows\System\DZvSjKp.exe
  2⤵
  PID:5004
- C:\Windows\System\CJiaCPH.exe
  C:\Windows\System\CJiaCPH.exe
  2⤵
  PID:5044
- C:\Windows\System\dmwFpef.exe
  C:\Windows\System\dmwFpef.exe
  2⤵
  PID:5048
- C:\Windows\System\uTjzKYM.exe
  C:\Windows\System\uTjzKYM.exe
  2⤵
  PID:4068
- C:\Windows\System\YmyVLed.exe
  C:\Windows\System\YmyVLed.exe
  2⤵
  PID:3520
- C:\Windows\System\NdneUUR.exe
  C:\Windows\System\NdneUUR.exe
  2⤵
  PID:3592
- C:\Windows\System\RlFPoWu.exe
  C:\Windows\System\RlFPoWu.exe
  2⤵
  PID:2684
- C:\Windows\System\TqHxtuh.exe
  C:\Windows\System\TqHxtuh.exe
  2⤵
  PID:3572
- C:\Windows\System\TsaMoTq.exe
  C:\Windows\System\TsaMoTq.exe
  2⤵
  PID:4140
- C:\Windows\System\UNmyRbT.exe
  C:\Windows\System\UNmyRbT.exe
  2⤵
  PID:4164
- C:\Windows\System\LAOixQj.exe
  C:\Windows\System\LAOixQj.exe
  2⤵
  PID:4136
- C:\Windows\System\GVxafwF.exe
  C:\Windows\System\GVxafwF.exe
  2⤵
  PID:4204
- C:\Windows\System\AiYhpfC.exe
  C:\Windows\System\AiYhpfC.exe
  2⤵
  PID:4304
- C:\Windows\System\aLIJvgI.exe
  C:\Windows\System\aLIJvgI.exe
  2⤵
  PID:4360
- C:\Windows\System\VUrpWgl.exe
  C:\Windows\System\VUrpWgl.exe
  2⤵
  PID:4432
- C:\Windows\System\ABXXbbb.exe
  C:\Windows\System\ABXXbbb.exe
  2⤵
  PID:4468
- C:\Windows\System\ckgYDtt.exe
  C:\Windows\System\ckgYDtt.exe
  2⤵
  PID:4544
- C:\Windows\System\hHCJQpp.exe
  C:\Windows\System\hHCJQpp.exe
  2⤵
  PID:4632
- C:\Windows\System\GyBLBVP.exe
  C:\Windows\System\GyBLBVP.exe
  2⤵
  PID:4560
- C:\Windows\System\drQdfjQ.exe
  C:\Windows\System\drQdfjQ.exe
  2⤵
  PID:4608
- C:\Windows\System\RBZMDbV.exe
  C:\Windows\System\RBZMDbV.exe
  2⤵
  PID:4688
- C:\Windows\System\Hyjiajx.exe
  C:\Windows\System\Hyjiajx.exe
  2⤵
  PID:4768
- C:\Windows\System\UhHQWOx.exe
  C:\Windows\System\UhHQWOx.exe
  2⤵
  PID:4848
- C:\Windows\System\JfKKXmb.exe
  C:\Windows\System\JfKKXmb.exe
  2⤵
  PID:4924
- C:\Windows\System\NcYELKz.exe
  C:\Windows\System\NcYELKz.exe
  2⤵
  PID:4980
- C:\Windows\System\UMeYIQb.exe
  C:\Windows\System\UMeYIQb.exe
  2⤵
  PID:5024
- C:\Windows\System\yDeqlEh.exe
  C:\Windows\System\yDeqlEh.exe
  2⤵
  PID:5072
- C:\Windows\System\QAQfkwp.exe
  C:\Windows\System\QAQfkwp.exe
  2⤵
  PID:5100
- C:\Windows\System\dVfbfiV.exe
  C:\Windows\System\dVfbfiV.exe
  2⤵
  PID:2352
- C:\Windows\System\OEGIQkw.exe
  C:\Windows\System\OEGIQkw.exe
  2⤵
  PID:3768
- C:\Windows\System\fJkdGQD.exe
  C:\Windows\System\fJkdGQD.exe
  2⤵
  PID:4264
- C:\Windows\System\sXNUngV.exe
  C:\Windows\System\sXNUngV.exe
  2⤵
  PID:4384
- C:\Windows\System\XuAwSfS.exe
  C:\Windows\System\XuAwSfS.exe
  2⤵
  PID:3620
- C:\Windows\System\YUePLSi.exe
  C:\Windows\System\YUePLSi.exe
  2⤵
  PID:4420
- C:\Windows\System\EHhclBi.exe
  C:\Windows\System\EHhclBi.exe
  2⤵
  PID:4480
- C:\Windows\System\lOVXJCy.exe
  C:\Windows\System\lOVXJCy.exe
  2⤵
  PID:4652
- C:\Windows\System\MbWQaOL.exe
  C:\Windows\System\MbWQaOL.exe
  2⤵
  PID:4612
- C:\Windows\System\MIxTqas.exe
  C:\Windows\System\MIxTqas.exe
  2⤵
  PID:4824
- C:\Windows\System\eeSoTkf.exe
  C:\Windows\System\eeSoTkf.exe
  2⤵
  PID:4936
- C:\Windows\System\qeyZFyV.exe
  C:\Windows\System\qeyZFyV.exe
  2⤵
  PID:4940
- C:\Windows\System\dVaRmqi.exe
  C:\Windows\System\dVaRmqi.exe
  2⤵
  PID:2336
- C:\Windows\System\CXbQnGG.exe
  C:\Windows\System\CXbQnGG.exe
  2⤵
  PID:5000
- C:\Windows\System\KFkBJXE.exe
  C:\Windows\System\KFkBJXE.exe
  2⤵
  PID:4160
- C:\Windows\System\ffBZaeU.exe
  C:\Windows\System\ffBZaeU.exe
  2⤵
  PID:4252
- C:\Windows\System\IHVqxWn.exe
  C:\Windows\System\IHVqxWn.exe
  2⤵
  PID:5128
- C:\Windows\System\QhkyVxC.exe
  C:\Windows\System\QhkyVxC.exe
  2⤵
  PID:5148
- C:\Windows\System\WzLTYpT.exe
  C:\Windows\System\WzLTYpT.exe
  2⤵
  PID:5176
- C:\Windows\System\VKDEiQO.exe
  C:\Windows\System\VKDEiQO.exe
  2⤵
  PID:5192
- C:\Windows\System\ThpKNKV.exe
  C:\Windows\System\ThpKNKV.exe
  2⤵
  PID:5216
- C:\Windows\System\vxUwegU.exe
  C:\Windows\System\vxUwegU.exe
  2⤵
  PID:5232
- C:\Windows\System\ONwgcFm.exe
  C:\Windows\System\ONwgcFm.exe
  2⤵
  PID:5252
- C:\Windows\System\FSVNsBL.exe
  C:\Windows\System\FSVNsBL.exe
  2⤵
  PID:5272
- C:\Windows\System\bRyEsGH.exe
  C:\Windows\System\bRyEsGH.exe
  2⤵
  PID:5292
- C:\Windows\System\eDdHOjr.exe
  C:\Windows\System\eDdHOjr.exe
  2⤵
  PID:5316
- C:\Windows\System\NRSohuF.exe
  C:\Windows\System\NRSohuF.exe
  2⤵
  PID:5332
- C:\Windows\System\TOHPGpQ.exe
  C:\Windows\System\TOHPGpQ.exe
  2⤵
  PID:5356
- C:\Windows\System\AdOAjWb.exe
  C:\Windows\System\AdOAjWb.exe
  2⤵
  PID:5376
- C:\Windows\System\oYWgcuz.exe
  C:\Windows\System\oYWgcuz.exe
  2⤵
  PID:5396
- C:\Windows\System\XSXgdDD.exe
  C:\Windows\System\XSXgdDD.exe
  2⤵
  PID:5416
- C:\Windows\System\yZvRxrJ.exe
  C:\Windows\System\yZvRxrJ.exe
  2⤵
  PID:5432
- C:\Windows\System\DEGTtTh.exe
  C:\Windows\System\DEGTtTh.exe
  2⤵
  PID:5456
- C:\Windows\System\kimiqkY.exe
  C:\Windows\System\kimiqkY.exe
  2⤵
  PID:5476
- C:\Windows\System\EdZTgtA.exe
  C:\Windows\System\EdZTgtA.exe
  2⤵
  PID:5496
- C:\Windows\System\HnupXIP.exe
  C:\Windows\System\HnupXIP.exe
  2⤵
  PID:5516
- C:\Windows\System\igGFbQW.exe
  C:\Windows\System\igGFbQW.exe
  2⤵
  PID:5536
- C:\Windows\System\ahkHUKU.exe
  C:\Windows\System\ahkHUKU.exe
  2⤵
  PID:5556
- C:\Windows\System\VrInNaz.exe
  C:\Windows\System\VrInNaz.exe
  2⤵
  PID:5576
- C:\Windows\System\MnaoFQr.exe
  C:\Windows\System\MnaoFQr.exe
  2⤵
  PID:5592
- C:\Windows\System\sglymlt.exe
  C:\Windows\System\sglymlt.exe
  2⤵
  PID:5616
- C:\Windows\System\CWDYGWP.exe
  C:\Windows\System\CWDYGWP.exe
  2⤵
  PID:5636
- C:\Windows\System\etDZedu.exe
  C:\Windows\System\etDZedu.exe
  2⤵
  PID:5656
- C:\Windows\System\rBDzwts.exe
  C:\Windows\System\rBDzwts.exe
  2⤵
  PID:5672
- C:\Windows\System\ysoikOw.exe
  C:\Windows\System\ysoikOw.exe
  2⤵
  PID:5696
- C:\Windows\System\yBGZthz.exe
  C:\Windows\System\yBGZthz.exe
  2⤵
  PID:5716
- C:\Windows\System\iIfZIOT.exe
  C:\Windows\System\iIfZIOT.exe
  2⤵
  PID:5736
- C:\Windows\System\MrQOXtX.exe
  C:\Windows\System\MrQOXtX.exe
  2⤵
  PID:5752
- C:\Windows\System\ZpjOBmj.exe
  C:\Windows\System\ZpjOBmj.exe
  2⤵
  PID:5776
- C:\Windows\System\suCQiYD.exe
  C:\Windows\System\suCQiYD.exe
  2⤵
  PID:5792
- C:\Windows\System\melnNxE.exe
  C:\Windows\System\melnNxE.exe
  2⤵
  PID:5816
- C:\Windows\System\KwXrYNJ.exe
  C:\Windows\System\KwXrYNJ.exe
  2⤵
  PID:5832
- C:\Windows\System\OZNELQV.exe
  C:\Windows\System\OZNELQV.exe
  2⤵
  PID:5856
- C:\Windows\System\joWWBQE.exe
  C:\Windows\System\joWWBQE.exe
  2⤵
  PID:5876
- C:\Windows\System\neTVTuN.exe
  C:\Windows\System\neTVTuN.exe
  2⤵
  PID:5896
- C:\Windows\System\LGSnLVD.exe
  C:\Windows\System\LGSnLVD.exe
  2⤵
  PID:5912
- C:\Windows\System\iUhxrWS.exe
  C:\Windows\System\iUhxrWS.exe
  2⤵
  PID:5936
- C:\Windows\System\nGUBwgi.exe
  C:\Windows\System\nGUBwgi.exe
  2⤵
  PID:5956
- C:\Windows\System\cmGOHVr.exe
  C:\Windows\System\cmGOHVr.exe
  2⤵
  PID:5972
- C:\Windows\System\BbRruoa.exe
  C:\Windows\System\BbRruoa.exe
  2⤵
  PID:5988
- C:\Windows\System\Mmxzsvt.exe
  C:\Windows\System\Mmxzsvt.exe
  2⤵
  PID:6016
- C:\Windows\System\LXmIFBg.exe
  C:\Windows\System\LXmIFBg.exe
  2⤵
  PID:6036
- C:\Windows\System\lkwpSqd.exe
  C:\Windows\System\lkwpSqd.exe
  2⤵
  PID:6056
- C:\Windows\System\nNUxyeE.exe
  C:\Windows\System\nNUxyeE.exe
  2⤵
  PID:6076
- C:\Windows\System\JuSUKWE.exe
  C:\Windows\System\JuSUKWE.exe
  2⤵
  PID:6092
- C:\Windows\System\OxmvNYM.exe
  C:\Windows\System\OxmvNYM.exe
  2⤵
  PID:6116
- C:\Windows\System\ebSlAba.exe
  C:\Windows\System\ebSlAba.exe
  2⤵
  PID:6136
- C:\Windows\System\DmNoyhD.exe
  C:\Windows\System\DmNoyhD.exe
  2⤵
  PID:4500
- C:\Windows\System\HKCtAFk.exe
  C:\Windows\System\HKCtAFk.exe
  2⤵
  PID:4484
- C:\Windows\System\LHlMoKp.exe
  C:\Windows\System\LHlMoKp.exe
  2⤵
  PID:4548
- C:\Windows\System\NzeZYBQ.exe
  C:\Windows\System\NzeZYBQ.exe
  2⤵
  PID:4812
- C:\Windows\System\ailcwOT.exe
  C:\Windows\System\ailcwOT.exe
  2⤵
  PID:5104
- C:\Windows\System\wesGOfe.exe
  C:\Windows\System\wesGOfe.exe
  2⤵
  PID:4984
- C:\Windows\System\NNbaxWG.exe
  C:\Windows\System\NNbaxWG.exe
  2⤵
  PID:3136
- C:\Windows\System\KyqGGHN.exe
  C:\Windows\System\KyqGGHN.exe
  2⤵
  PID:3712
- C:\Windows\System\IcvDfam.exe
  C:\Windows\System\IcvDfam.exe
  2⤵
  PID:5140
- C:\Windows\System\SgpfBjG.exe
  C:\Windows\System\SgpfBjG.exe
  2⤵
  PID:5212
- C:\Windows\System\gQOsdTm.exe
  C:\Windows\System\gQOsdTm.exe
  2⤵
  PID:5224
- C:\Windows\System\gBwONvf.exe
  C:\Windows\System\gBwONvf.exe
  2⤵
  PID:5280
- C:\Windows\System\ydHTctq.exe
  C:\Windows\System\ydHTctq.exe
  2⤵
  PID:5304
- C:\Windows\System\wwEdIFl.exe
  C:\Windows\System\wwEdIFl.exe
  2⤵
  PID:5328
- C:\Windows\System\XzyguhK.exe
  C:\Windows\System\XzyguhK.exe
  2⤵
  PID:5348
- C:\Windows\System\NvozVci.exe
  C:\Windows\System\NvozVci.exe
  2⤵
  PID:5408
- C:\Windows\System\btBVbQT.exe
  C:\Windows\System\btBVbQT.exe
  2⤵
  PID:5444
- C:\Windows\System\mPBfDMW.exe
  C:\Windows\System\mPBfDMW.exe
  2⤵
  PID:5452
- C:\Windows\System\AilJKTN.exe
  C:\Windows\System\AilJKTN.exe
  2⤵
  PID:5524
- C:\Windows\System\VcaKVWy.exe
  C:\Windows\System\VcaKVWy.exe
  2⤵
  PID:5532
- C:\Windows\System\utkgkjV.exe
  C:\Windows\System\utkgkjV.exe
  2⤵
  PID:5572
- C:\Windows\System\IBguNfb.exe
  C:\Windows\System\IBguNfb.exe
  2⤵
  PID:5600
- C:\Windows\System\mbVTENT.exe
  C:\Windows\System\mbVTENT.exe
  2⤵
  PID:5584
- C:\Windows\System\juDpfNa.exe
  C:\Windows\System\juDpfNa.exe
  2⤵
  PID:5648
- C:\Windows\System\tgMDofR.exe
  C:\Windows\System\tgMDofR.exe
  2⤵
  PID:5684
- C:\Windows\System\GzhzUXs.exe
  C:\Windows\System\GzhzUXs.exe
  2⤵
  PID:5732
- C:\Windows\System\IVpefFV.exe
  C:\Windows\System\IVpefFV.exe
  2⤵
  PID:5764
- C:\Windows\System\nrzQPTv.exe
  C:\Windows\System\nrzQPTv.exe
  2⤵
  PID:5748
- C:\Windows\System\rTGQtcd.exe
  C:\Windows\System\rTGQtcd.exe
  2⤵
  PID:5804
- C:\Windows\System\hHtzaHJ.exe
  C:\Windows\System\hHtzaHJ.exe
  2⤵
  PID:5828
- C:\Windows\System\NKNgGgB.exe
  C:\Windows\System\NKNgGgB.exe
  2⤵
  PID:5872
- C:\Windows\System\cUfJsHo.exe
  C:\Windows\System\cUfJsHo.exe
  2⤵
  PID:5904
- C:\Windows\System\qzJzKzo.exe
  C:\Windows\System\qzJzKzo.exe
  2⤵
  PID:5952
- C:\Windows\System\XJIQPMk.exe
  C:\Windows\System\XJIQPMk.exe
  2⤵
  PID:5984
- C:\Windows\System\LEVxJHl.exe
  C:\Windows\System\LEVxJHl.exe
  2⤵
  PID:6012
- C:\Windows\System\IiSPyaf.exe
  C:\Windows\System\IiSPyaf.exe
  2⤵
  PID:6052
- C:\Windows\System\zKHxjFm.exe
  C:\Windows\System\zKHxjFm.exe
  2⤵
  PID:6068
- C:\Windows\System\sbNJGPL.exe
  C:\Windows\System\sbNJGPL.exe
  2⤵
  PID:6112
- C:\Windows\System\LwvzZAo.exe
  C:\Windows\System\LwvzZAo.exe
  2⤵
  PID:4024
- C:\Windows\System\ZEvzNGT.exe
  C:\Windows\System\ZEvzNGT.exe
  2⤵
  PID:4588
- C:\Windows\System\cqAEtMi.exe
  C:\Windows\System\cqAEtMi.exe
  2⤵
  PID:4672
- C:\Windows\System\OTVwjDr.exe
  C:\Windows\System\OTVwjDr.exe
  2⤵
  PID:4748
- C:\Windows\System\NAUXEAw.exe
  C:\Windows\System\NAUXEAw.exe
  2⤵
  PID:5168
- C:\Windows\System\wVVbtTd.exe
  C:\Windows\System\wVVbtTd.exe
  2⤵
  PID:5164
- C:\Windows\System\kLuliOK.exe
  C:\Windows\System\kLuliOK.exe
  2⤵
  PID:2696
- C:\Windows\System\bguQTkb.exe
  C:\Windows\System\bguQTkb.exe
  2⤵
  PID:5240
- C:\Windows\System\uOtJenQ.exe
  C:\Windows\System\uOtJenQ.exe
  2⤵
  PID:5312
- C:\Windows\System\WUZeAzz.exe
  C:\Windows\System\WUZeAzz.exe
  2⤵
  PID:5344
- C:\Windows\System\ELjWnqg.exe
  C:\Windows\System\ELjWnqg.exe
  2⤵
  PID:5392
- C:\Windows\System\CMpXrty.exe
  C:\Windows\System\CMpXrty.exe
  2⤵
  PID:5388
- C:\Windows\System\XzFOJET.exe
  C:\Windows\System\XzFOJET.exe
  2⤵
  PID:5492
- C:\Windows\System\gftunOS.exe
  C:\Windows\System\gftunOS.exe
  2⤵
  PID:5552
- C:\Windows\System\PozGyfD.exe
  C:\Windows\System\PozGyfD.exe
  2⤵
  PID:5588
- C:\Windows\System\HRZPdMV.exe
  C:\Windows\System\HRZPdMV.exe
  2⤵
  PID:5668
- C:\Windows\System\OXzKKXK.exe
  C:\Windows\System\OXzKKXK.exe
  2⤵
  PID:5704
- C:\Windows\System\ldgfxUS.exe
  C:\Windows\System\ldgfxUS.exe
  2⤵
  PID:5708
- C:\Windows\System\ZjeHjqM.exe
  C:\Windows\System\ZjeHjqM.exe
  2⤵
  PID:5812
- C:\Windows\System\RMJGJJk.exe
  C:\Windows\System\RMJGJJk.exe
  2⤵
  PID:5868
- C:\Windows\System\cmchqCW.exe
  C:\Windows\System\cmchqCW.exe
  2⤵
  PID:2552
- C:\Windows\System\MPeWEag.exe
  C:\Windows\System\MPeWEag.exe
  2⤵
  PID:5928
- C:\Windows\System\ZhuqbSw.exe
  C:\Windows\System\ZhuqbSw.exe
  2⤵
  PID:6028
- C:\Windows\System\YgnTONZ.exe
  C:\Windows\System\YgnTONZ.exe
  2⤵
  PID:6088
- C:\Windows\System\Jzptwkn.exe
  C:\Windows\System\Jzptwkn.exe
  2⤵
  PID:4324
- C:\Windows\System\XxrdlsS.exe
  C:\Windows\System\XxrdlsS.exe
  2⤵
  PID:4716
- C:\Windows\System\WveyZiT.exe
  C:\Windows\System\WveyZiT.exe
  2⤵
  PID:4124
- C:\Windows\System\dpXGKXO.exe
  C:\Windows\System\dpXGKXO.exe
  2⤵
  PID:4108
- C:\Windows\System\PWkierF.exe
  C:\Windows\System\PWkierF.exe
  2⤵
  PID:5188
- C:\Windows\System\pwHwAoI.exe
  C:\Windows\System\pwHwAoI.exe
  2⤵
  PID:5244
- C:\Windows\System\ANziWoN.exe
  C:\Windows\System\ANziWoN.exe
  2⤵
  PID:5404
- C:\Windows\System\oNWKPWw.exe
  C:\Windows\System\oNWKPWw.exe
  2⤵
  PID:5364
- C:\Windows\System\BkWTtBa.exe
  C:\Windows\System\BkWTtBa.exe
  2⤵
  PID:5644
- C:\Windows\System\MQvYokg.exe
  C:\Windows\System\MQvYokg.exe
  2⤵
  PID:5612
- C:\Windows\System\WnQaykt.exe
  C:\Windows\System\WnQaykt.exe
  2⤵
  PID:5664
- C:\Windows\System\BPfNhIs.exe
  C:\Windows\System\BPfNhIs.exe
  2⤵
  PID:5744
- C:\Windows\System\UwnZadr.exe
  C:\Windows\System\UwnZadr.exe
  2⤵
  PID:5800
- C:\Windows\System\mXwcblN.exe
  C:\Windows\System\mXwcblN.exe
  2⤵
  PID:5932
- C:\Windows\System\PjQJSNl.exe
  C:\Windows\System\PjQJSNl.exe
  2⤵
  PID:2572
- C:\Windows\System\TibTcGK.exe
  C:\Windows\System\TibTcGK.exe
  2⤵
  PID:4308
- C:\Windows\System\bpFXOrh.exe
  C:\Windows\System\bpFXOrh.exe
  2⤵
  PID:4464
- C:\Windows\System\tikXCFh.exe
  C:\Windows\System\tikXCFh.exe
  2⤵
  PID:6100
- C:\Windows\System\RZYRbSG.exe
  C:\Windows\System\RZYRbSG.exe
  2⤵
  PID:2840
- C:\Windows\System\jbNAknL.exe
  C:\Windows\System\jbNAknL.exe
  2⤵
  PID:2244
- C:\Windows\System\fBtuSDb.exe
  C:\Windows\System\fBtuSDb.exe
  2⤵
  PID:5248
- C:\Windows\System\kEkmfWo.exe
  C:\Windows\System\kEkmfWo.exe
  2⤵
  PID:2428
- C:\Windows\System\QiKKrJX.exe
  C:\Windows\System\QiKKrJX.exe
  2⤵
  PID:304
- C:\Windows\System\BSXpwmK.exe
  C:\Windows\System\BSXpwmK.exe
  2⤵
  PID:3064
- C:\Windows\System\ddKdoWO.exe
  C:\Windows\System\ddKdoWO.exe
  2⤵
  PID:5484
- C:\Windows\System\gRqrUJj.exe
  C:\Windows\System\gRqrUJj.exe
  2⤵
  PID:5848
- C:\Windows\System\ygIpQtY.exe
  C:\Windows\System\ygIpQtY.exe
  2⤵
  PID:5920
- C:\Windows\System\hpmaoqK.exe
  C:\Windows\System\hpmaoqK.exe
  2⤵
  PID:1164
- C:\Windows\System\ldDtuJb.exe
  C:\Windows\System\ldDtuJb.exe
  2⤵
  PID:6084
- C:\Windows\System\NqcreJV.exe
  C:\Windows\System\NqcreJV.exe
  2⤵
  PID:6128
- C:\Windows\System\pxEAczF.exe
  C:\Windows\System\pxEAczF.exe
  2⤵
  PID:3068
- C:\Windows\System\mTWFhto.exe
  C:\Windows\System\mTWFhto.exe
  2⤵
  PID:1052
- C:\Windows\System\DGJEkka.exe
  C:\Windows\System\DGJEkka.exe
  2⤵
  PID:5632
- C:\Windows\System\KIDrKit.exe
  C:\Windows\System\KIDrKit.exe
  2⤵
  PID:5544
- C:\Windows\System\YoIuXVY.exe
  C:\Windows\System\YoIuXVY.exe
  2⤵
  PID:5124
- C:\Windows\System\puEnfRu.exe
  C:\Windows\System\puEnfRu.exe
  2⤵
  PID:6000
- C:\Windows\System\zKNfOgz.exe
  C:\Windows\System\zKNfOgz.exe
  2⤵
  PID:5068
- C:\Windows\System\WmztdcF.exe
  C:\Windows\System\WmztdcF.exe
  2⤵
  PID:1220
- C:\Windows\System\YxSnKPX.exe
  C:\Windows\System\YxSnKPX.exe
  2⤵
  PID:1800
- C:\Windows\System\kwSWIxc.exe
  C:\Windows\System\kwSWIxc.exe
  2⤵
  PID:2400
- C:\Windows\System\TbAZiJv.exe
  C:\Windows\System\TbAZiJv.exe
  2⤵
  PID:2744
- C:\Windows\System\GaSiPXM.exe
  C:\Windows\System\GaSiPXM.exe
  2⤵
  PID:784
- C:\Windows\System\jnCqPmT.exe
  C:\Windows\System\jnCqPmT.exe
  2⤵
  PID:2164
- C:\Windows\System\otIyiVP.exe
  C:\Windows\System\otIyiVP.exe
  2⤵
  PID:2248
- C:\Windows\System\meUSOld.exe
  C:\Windows\System\meUSOld.exe
  2⤵
  PID:2364
- C:\Windows\System\mTMjAYq.exe
  C:\Windows\System\mTMjAYq.exe
  2⤵
  PID:5824
- C:\Windows\System\WKaJOwB.exe
  C:\Windows\System\WKaJOwB.exe
  2⤵
  PID:2280
- C:\Windows\System\shFxPxR.exe
  C:\Windows\System\shFxPxR.exe
  2⤵
  PID:6044
- C:\Windows\System\vrQLYNs.exe
  C:\Windows\System\vrQLYNs.exe
  2⤵
  PID:2900
- C:\Windows\System\zhAInuK.exe
  C:\Windows\System\zhAInuK.exe
  2⤵
  PID:2212
- C:\Windows\System\lXYnTqj.exe
  C:\Windows\System\lXYnTqj.exe
  2⤵
  PID:5512
- C:\Windows\System\AOQKGeM.exe
  C:\Windows\System\AOQKGeM.exe
  2⤵
  PID:2028
- C:\Windows\System\BbavlAn.exe
  C:\Windows\System\BbavlAn.exe
  2⤵
  PID:3060
- C:\Windows\System\QdktZpW.exe
  C:\Windows\System\QdktZpW.exe
  2⤵
  PID:6148
- C:\Windows\System\ItOAJGY.exe
  C:\Windows\System\ItOAJGY.exe
  2⤵
  PID:6164
- C:\Windows\System\YymYIRb.exe
  C:\Windows\System\YymYIRb.exe
  2⤵
  PID:6180
- C:\Windows\System\SuSdfmE.exe
  C:\Windows\System\SuSdfmE.exe
  2⤵
  PID:6232
- C:\Windows\System\YsFxKdl.exe
  C:\Windows\System\YsFxKdl.exe
  2⤵
  PID:6252
- C:\Windows\System\lJzsCnE.exe
  C:\Windows\System\lJzsCnE.exe
  2⤵
  PID:6272
- C:\Windows\System\TdUlNRk.exe
  C:\Windows\System\TdUlNRk.exe
  2⤵
  PID:6288
- C:\Windows\System\iIyijNU.exe
  C:\Windows\System\iIyijNU.exe
  2⤵
  PID:6304
- C:\Windows\System\jKpaQCG.exe
  C:\Windows\System\jKpaQCG.exe
  2⤵
  PID:6320
- C:\Windows\System\gJTQkvY.exe
  C:\Windows\System\gJTQkvY.exe
  2⤵
  PID:6336
- C:\Windows\System\HTrEMXZ.exe
  C:\Windows\System\HTrEMXZ.exe
  2⤵
  PID:6352
- C:\Windows\System\lraUlXl.exe
  C:\Windows\System\lraUlXl.exe
  2⤵
  PID:6368
- C:\Windows\System\JxjOphX.exe
  C:\Windows\System\JxjOphX.exe
  2⤵
  PID:6384
- C:\Windows\System\gQnSTiC.exe
  C:\Windows\System\gQnSTiC.exe
  2⤵
  PID:6400
- C:\Windows\System\MbyXnzk.exe
  C:\Windows\System\MbyXnzk.exe
  2⤵
  PID:6416
- C:\Windows\System\WAlUWhh.exe
  C:\Windows\System\WAlUWhh.exe
  2⤵
  PID:6432
- C:\Windows\System\ujRlWiQ.exe
  C:\Windows\System\ujRlWiQ.exe
  2⤵
  PID:6448
- C:\Windows\System\TaEfMzM.exe
  C:\Windows\System\TaEfMzM.exe
  2⤵
  PID:6492
- C:\Windows\System\YaxEmhx.exe
  C:\Windows\System\YaxEmhx.exe
  2⤵
  PID:6540
- C:\Windows\System\KDJGXMx.exe
  C:\Windows\System\KDJGXMx.exe
  2⤵
  PID:6556
- C:\Windows\System\XmsfiCn.exe
  C:\Windows\System\XmsfiCn.exe
  2⤵
  PID:6572
- C:\Windows\System\DzDYbOk.exe
  C:\Windows\System\DzDYbOk.exe
  2⤵
  PID:6588
- C:\Windows\System\qEfXgzW.exe
  C:\Windows\System\qEfXgzW.exe
  2⤵
  PID:6604
- C:\Windows\System\qIbiqkV.exe
  C:\Windows\System\qIbiqkV.exe
  2⤵
  PID:6620
- C:\Windows\System\cqFVOjB.exe
  C:\Windows\System\cqFVOjB.exe
  2⤵
  PID:6636
- C:\Windows\System\eskmXld.exe
  C:\Windows\System\eskmXld.exe
  2⤵
  PID:6656
- C:\Windows\System\KhrfLfO.exe
  C:\Windows\System\KhrfLfO.exe
  2⤵
  PID:6672
- C:\Windows\System\aFdBDVO.exe
  C:\Windows\System\aFdBDVO.exe
  2⤵
  PID:6688
- C:\Windows\System\fkaUzTJ.exe
  C:\Windows\System\fkaUzTJ.exe
  2⤵
  PID:6704
- C:\Windows\System\uiEXkUv.exe
  C:\Windows\System\uiEXkUv.exe
  2⤵
  PID:6720
- C:\Windows\System\JjTdBCF.exe
  C:\Windows\System\JjTdBCF.exe
  2⤵
  PID:6736
- C:\Windows\System\UAEHqMR.exe
  C:\Windows\System\UAEHqMR.exe
  2⤵
  PID:6752
- C:\Windows\System\WMQPPtl.exe
  C:\Windows\System\WMQPPtl.exe
  2⤵
  PID:6768
- C:\Windows\System\gXDkmda.exe
  C:\Windows\System\gXDkmda.exe
  2⤵
  PID:6784
- C:\Windows\System\lEirkxP.exe
  C:\Windows\System\lEirkxP.exe
  2⤵
  PID:6800
- C:\Windows\System\sAjOdnb.exe
  C:\Windows\System\sAjOdnb.exe
  2⤵
  PID:6816
- C:\Windows\System\NrAMdzB.exe
  C:\Windows\System\NrAMdzB.exe
  2⤵
  PID:6832
- C:\Windows\System\ooiexBh.exe
  C:\Windows\System\ooiexBh.exe
  2⤵
  PID:6848
- C:\Windows\System\mVmWMiQ.exe
  C:\Windows\System\mVmWMiQ.exe
  2⤵
  PID:6884
- C:\Windows\System\gBMDsSO.exe
  C:\Windows\System\gBMDsSO.exe
  2⤵
  PID:6900
- C:\Windows\System\YXlHuPa.exe
  C:\Windows\System\YXlHuPa.exe
  2⤵
  PID:6916
- C:\Windows\System\RBYALmi.exe
  C:\Windows\System\RBYALmi.exe
  2⤵
  PID:6932
- C:\Windows\System\nlPJySx.exe
  C:\Windows\System\nlPJySx.exe
  2⤵
  PID:6948
- C:\Windows\System\noerrmF.exe
  C:\Windows\System\noerrmF.exe
  2⤵
  PID:6976
- C:\Windows\System\pCfBFWi.exe
  C:\Windows\System\pCfBFWi.exe
  2⤵
  PID:6996
- C:\Windows\System\qDvjNfG.exe
  C:\Windows\System\qDvjNfG.exe
  2⤵
  PID:7012
- C:\Windows\System\xBenaHF.exe
  C:\Windows\System\xBenaHF.exe
  2⤵
  PID:7028
- C:\Windows\System\MADlDDq.exe
  C:\Windows\System\MADlDDq.exe
  2⤵
  PID:7044
- C:\Windows\System\gbuuqmN.exe
  C:\Windows\System\gbuuqmN.exe
  2⤵
  PID:7060
- C:\Windows\System\amNwDKk.exe
  C:\Windows\System\amNwDKk.exe
  2⤵
  PID:7076
- C:\Windows\System\bRExwJw.exe
  C:\Windows\System\bRExwJw.exe
  2⤵
  PID:7092
- C:\Windows\System\DoNxBdJ.exe
  C:\Windows\System\DoNxBdJ.exe
  2⤵
  PID:7116
- C:\Windows\System\EQosYOO.exe
  C:\Windows\System\EQosYOO.exe
  2⤵
  PID:7132
- C:\Windows\System\yypbHvT.exe
  C:\Windows\System\yypbHvT.exe
  2⤵
  PID:7148
- C:\Windows\System\vGCMxIQ.exe
  C:\Windows\System\vGCMxIQ.exe
  2⤵
  PID:5808
- C:\Windows\System\gXgspib.exe
  C:\Windows\System\gXgspib.exe
  2⤵
  PID:1072
- C:\Windows\System\LvPcUnm.exe
  C:\Windows\System\LvPcUnm.exe
  2⤵
  PID:4804
- C:\Windows\System\lNhdtoR.exe
  C:\Windows\System\lNhdtoR.exe
  2⤵
  PID:2216
- C:\Windows\System\krRQQBu.exe
  C:\Windows\System\krRQQBu.exe
  2⤵
  PID:6188
- C:\Windows\System\XpAwYWf.exe
  C:\Windows\System\XpAwYWf.exe
  2⤵
  PID:6176
- C:\Windows\System\tZOSNHy.exe
  C:\Windows\System\tZOSNHy.exe
  2⤵
  PID:6296
- C:\Windows\System\ShKuhZo.exe
  C:\Windows\System\ShKuhZo.exe
  2⤵
  PID:6360
- C:\Windows\System\jDpmdQO.exe
  C:\Windows\System\jDpmdQO.exe
  2⤵
  PID:6456
- C:\Windows\System\kZCAlSE.exe
  C:\Windows\System\kZCAlSE.exe
  2⤵
  PID:6472
- C:\Windows\System\UZbeAwc.exe
  C:\Windows\System\UZbeAwc.exe
  2⤵
  PID:6500
- C:\Windows\System\CJIfMGd.exe
  C:\Windows\System\CJIfMGd.exe
  2⤵
  PID:6552
- C:\Windows\System\UtYPJyo.exe
  C:\Windows\System\UtYPJyo.exe
  2⤵
  PID:6616
- C:\Windows\System\BJOzVUN.exe
  C:\Windows\System\BJOzVUN.exe
  2⤵
  PID:6680
- C:\Windows\System\sSQOaLZ.exe
  C:\Windows\System\sSQOaLZ.exe
  2⤵
  PID:6744
- C:\Windows\System\YklvCHz.exe
  C:\Windows\System\YklvCHz.exe
  2⤵
  PID:6812
- C:\Windows\System\fdhwZxl.exe
  C:\Windows\System\fdhwZxl.exe
  2⤵
  PID:6924
- C:\Windows\System\eEqavxf.exe
  C:\Windows\System\eEqavxf.exe
  2⤵
  PID:6964
- C:\Windows\System\hHADlJm.exe
  C:\Windows\System\hHADlJm.exe
  2⤵
  PID:7104
- C:\Windows\System\FjymlwZ.exe
  C:\Windows\System\FjymlwZ.exe
  2⤵
  PID:7144
- C:\Windows\System\hnlEDUs.exe
  C:\Windows\System\hnlEDUs.exe
  2⤵
  PID:444
- C:\Windows\System\fHHRblR.exe
  C:\Windows\System\fHHRblR.exe
  2⤵
  PID:6944
- C:\Windows\System\ZFGuSIF.exe
  C:\Windows\System\ZFGuSIF.exe
  2⤵
  PID:6596
- C:\Windows\System\SPVBudI.exe
  C:\Windows\System\SPVBudI.exe
  2⤵
  PID:7024
- C:\Windows\System\dkcBUPU.exe
  C:\Windows\System\dkcBUPU.exe
  2⤵
  PID:6328
- C:\Windows\System\VNwGfhm.exe
  C:\Windows\System\VNwGfhm.exe
  2⤵
  PID:6424
- C:\Windows\System\qGkMpXJ.exe
  C:\Windows\System\qGkMpXJ.exe
  2⤵
  PID:6652
- C:\Windows\System\krYhuCL.exe
  C:\Windows\System\krYhuCL.exe
  2⤵
  PID:6520
- C:\Windows\System\XohJLYg.exe
  C:\Windows\System\XohJLYg.exe
  2⤵
  PID:6536
- C:\Windows\System\BAdLHKq.exe
  C:\Windows\System\BAdLHKq.exe
  2⤵
  PID:6376
- C:\Windows\System\IHaCzdw.exe
  C:\Windows\System\IHaCzdw.exe
  2⤵
  PID:6668
- C:\Windows\System\soJwiOU.exe
  C:\Windows\System\soJwiOU.exe
  2⤵
  PID:6760
- C:\Windows\System\EtyNOeo.exe
  C:\Windows\System\EtyNOeo.exe
  2⤵
  PID:6828
- C:\Windows\System\pbemmET.exe
  C:\Windows\System\pbemmET.exe
  2⤵
  PID:6872
- C:\Windows\System\JuTkfIY.exe
  C:\Windows\System\JuTkfIY.exe
  2⤵
  PID:6988
- C:\Windows\System\uMuMgkF.exe
  C:\Windows\System\uMuMgkF.exe
  2⤵
  PID:7128
- C:\Windows\System\IloRrzU.exe
  C:\Windows\System\IloRrzU.exe
  2⤵
  PID:1292
- C:\Windows\System\YxJJdWm.exe
  C:\Windows\System\YxJJdWm.exe
  2⤵
  PID:6196
- C:\Windows\System\aerAjue.exe
  C:\Windows\System\aerAjue.exe
  2⤵
  PID:6208
- C:\Windows\System\nwUfWxA.exe
  C:\Windows\System\nwUfWxA.exe
  2⤵
  PID:6284
- C:\Windows\System\qqXjeDP.exe
  C:\Windows\System\qqXjeDP.exe
  2⤵
  PID:6484
- C:\Windows\System\uytMhHE.exe
  C:\Windows\System\uytMhHE.exe
  2⤵
  PID:6808
- C:\Windows\System\wqvHFfU.exe
  C:\Windows\System\wqvHFfU.exe
  2⤵
  PID:6584
- C:\Windows\System\mDmnkaB.exe
  C:\Windows\System\mDmnkaB.exe
  2⤵
  PID:6716
- C:\Windows\System\RLaPqzb.exe
  C:\Windows\System\RLaPqzb.exe
  2⤵
  PID:2208
- C:\Windows\System\HoRgIaX.exe
  C:\Windows\System\HoRgIaX.exe
  2⤵
  PID:6468
- C:\Windows\System\MVhShhL.exe
  C:\Windows\System\MVhShhL.exe
  2⤵
  PID:6700
- C:\Windows\System\VNwAMIS.exe
  C:\Windows\System\VNwAMIS.exe
  2⤵
  PID:2796
- C:\Windows\System\BFlZjun.exe
  C:\Windows\System\BFlZjun.exe
  2⤵
  PID:7068
- C:\Windows\System\BHHCaBR.exe
  C:\Windows\System\BHHCaBR.exe
  2⤵
  PID:6912
- C:\Windows\System\OErpRfi.exe
  C:\Windows\System\OErpRfi.exe
  2⤵
  PID:7056
- C:\Windows\System\npXQWmv.exe
  C:\Windows\System\npXQWmv.exe
  2⤵
  PID:6172
- C:\Windows\System\bsZLMLp.exe
  C:\Windows\System\bsZLMLp.exe
  2⤵
  PID:2948
- C:\Windows\System\EzbnIcC.exe
  C:\Windows\System\EzbnIcC.exe
  2⤵
  PID:6156
- C:\Windows\System\ansUznb.exe
  C:\Windows\System\ansUznb.exe
  2⤵
  PID:6528
- C:\Windows\System\sqwjRvP.exe
  C:\Windows\System\sqwjRvP.exe
  2⤵
  PID:6792
- C:\Windows\System\PggWZjR.exe
  C:\Windows\System\PggWZjR.exe
  2⤵
  PID:7160
- C:\Windows\System\nwgffnt.exe
  C:\Windows\System\nwgffnt.exe
  2⤵
  PID:6240
- C:\Windows\System\GNBAULE.exe
  C:\Windows\System\GNBAULE.exe
  2⤵
  PID:6380
- C:\Windows\System\KbSmJPm.exe
  C:\Windows\System\KbSmJPm.exe
  2⤵
  PID:6480
- C:\Windows\System\GHuuBNH.exe
  C:\Windows\System\GHuuBNH.exe
  2⤵
  PID:6908
- C:\Windows\System\fVwHNRW.exe
  C:\Windows\System\fVwHNRW.exe
  2⤵
  PID:6864
- C:\Windows\System\bYQPyNI.exe
  C:\Windows\System\bYQPyNI.exe
  2⤵
  PID:6632
- C:\Windows\System\FOMigDd.exe
  C:\Windows\System\FOMigDd.exe
  2⤵
  PID:6444
- C:\Windows\System\ACqmQwZ.exe
  C:\Windows\System\ACqmQwZ.exe
  2⤵
  PID:7172
- C:\Windows\System\EntTnVB.exe
  C:\Windows\System\EntTnVB.exe
  2⤵
  PID:7240
- C:\Windows\System\sPDwBNo.exe
  C:\Windows\System\sPDwBNo.exe
  2⤵
  PID:7292
- C:\Windows\System\mzvtLFF.exe
  C:\Windows\System\mzvtLFF.exe
  2⤵
  PID:7308
- C:\Windows\System\ElWlnIy.exe
  C:\Windows\System\ElWlnIy.exe
  2⤵
  PID:7324
- C:\Windows\System\sVIjKHs.exe
  C:\Windows\System\sVIjKHs.exe
  2⤵
  PID:7340
- C:\Windows\System\NoexTkj.exe
  C:\Windows\System\NoexTkj.exe
  2⤵
  PID:7360
- C:\Windows\System\jsxvIzf.exe
  C:\Windows\System\jsxvIzf.exe
  2⤵
  PID:7380
- C:\Windows\System\oAZVwUh.exe
  C:\Windows\System\oAZVwUh.exe
  2⤵
  PID:7396
- C:\Windows\System\yaAhgxV.exe
  C:\Windows\System\yaAhgxV.exe
  2⤵
  PID:7412
- C:\Windows\System\MNQwUlR.exe
  C:\Windows\System\MNQwUlR.exe
  2⤵
  PID:7436
- C:\Windows\System\PYhyeAz.exe
  C:\Windows\System\PYhyeAz.exe
  2⤵
  PID:7460
- C:\Windows\System\wMCUMdn.exe
  C:\Windows\System\wMCUMdn.exe
  2⤵
  PID:7484
- C:\Windows\System\PuCmBlg.exe
  C:\Windows\System\PuCmBlg.exe
  2⤵
  PID:7500
- C:\Windows\System\KIKMmKy.exe
  C:\Windows\System\KIKMmKy.exe
  2⤵
  PID:7520
- C:\Windows\System\rIfNsmx.exe
  C:\Windows\System\rIfNsmx.exe
  2⤵
  PID:7540
- C:\Windows\System\EUBQgyq.exe
  C:\Windows\System\EUBQgyq.exe
  2⤵
  PID:7556
- C:\Windows\System\oMsDnuL.exe
  C:\Windows\System\oMsDnuL.exe
  2⤵
  PID:7572
- C:\Windows\System\btgegYV.exe
  C:\Windows\System\btgegYV.exe
  2⤵
  PID:7600
- C:\Windows\System\zQlAaHb.exe
  C:\Windows\System\zQlAaHb.exe
  2⤵
  PID:7620
- C:\Windows\System\bQztkAF.exe
  C:\Windows\System\bQztkAF.exe
  2⤵
  PID:7640
- C:\Windows\System\VhUlXKs.exe
  C:\Windows\System\VhUlXKs.exe
  2⤵
  PID:7660
- C:\Windows\System\yYXXRgv.exe
  C:\Windows\System\yYXXRgv.exe
  2⤵
  PID:7676
- C:\Windows\System\ELIJjTQ.exe
  C:\Windows\System\ELIJjTQ.exe
  2⤵
  PID:7692
- C:\Windows\System\PohLgxw.exe
  C:\Windows\System\PohLgxw.exe
  2⤵
  PID:7712
- C:\Windows\System\TtOwPxg.exe
  C:\Windows\System\TtOwPxg.exe
  2⤵
  PID:7728
- C:\Windows\System\RzzCiUi.exe
  C:\Windows\System\RzzCiUi.exe
  2⤵
  PID:7748
- C:\Windows\System\vTmHjXn.exe
  C:\Windows\System\vTmHjXn.exe
  2⤵
  PID:7772
- C:\Windows\System\Gvhntxi.exe
  C:\Windows\System\Gvhntxi.exe
  2⤵
  PID:7788
- C:\Windows\System\JuxeYmm.exe
  C:\Windows\System\JuxeYmm.exe
  2⤵
  PID:7816
- C:\Windows\System\unIEkFg.exe
  C:\Windows\System\unIEkFg.exe
  2⤵
  PID:7832
- C:\Windows\System\JfRSWeY.exe
  C:\Windows\System\JfRSWeY.exe
  2⤵
  PID:7848
- C:\Windows\System\MhoANXM.exe
  C:\Windows\System\MhoANXM.exe
  2⤵
  PID:7864
- C:\Windows\System\qorraZW.exe
  C:\Windows\System\qorraZW.exe
  2⤵
  PID:7884
- C:\Windows\System\OjtxWgh.exe
  C:\Windows\System\OjtxWgh.exe
  2⤵
  PID:7920
- C:\Windows\System\jYrKsze.exe
  C:\Windows\System\jYrKsze.exe
  2⤵
  PID:7940
- C:\Windows\System\GrNdYqJ.exe
  C:\Windows\System\GrNdYqJ.exe
  2⤵
  PID:7956
- C:\Windows\System\yHyLBSp.exe
  C:\Windows\System\yHyLBSp.exe
  2⤵
  PID:7976
- C:\Windows\System\bOPJjWv.exe
  C:\Windows\System\bOPJjWv.exe
  2⤵
  PID:7992
- C:\Windows\System\nntFeoa.exe
  C:\Windows\System\nntFeoa.exe
  2⤵
  PID:8012
- C:\Windows\System\DAXNDSG.exe
  C:\Windows\System\DAXNDSG.exe
  2⤵
  PID:8040
- C:\Windows\System\afJtQmU.exe
  C:\Windows\System\afJtQmU.exe
  2⤵
  PID:8088
- C:\Windows\System\FBwBdMO.exe
  C:\Windows\System\FBwBdMO.exe
  2⤵
  PID:8108
- C:\Windows\System\pZICqAx.exe
  C:\Windows\System\pZICqAx.exe
  2⤵
  PID:8124
- C:\Windows\System\BoLxNkd.exe
  C:\Windows\System\BoLxNkd.exe
  2⤵
  PID:8144
- C:\Windows\System\taoNBBu.exe
  C:\Windows\System\taoNBBu.exe
  2⤵
  PID:8168
- C:\Windows\System\duIMVIe.exe
  C:\Windows\System\duIMVIe.exe
  2⤵
  PID:8184
- C:\Windows\System\JIGtJPt.exe
  C:\Windows\System\JIGtJPt.exe
  2⤵
  PID:6464
- C:\Windows\System\ZwSQCwi.exe
  C:\Windows\System\ZwSQCwi.exe
  2⤵
  PID:7192
- C:\Windows\System\DxhBAAB.exe
  C:\Windows\System\DxhBAAB.exe
  2⤵
  PID:6972
- C:\Windows\System\ECNaFPU.exe
  C:\Windows\System\ECNaFPU.exe
  2⤵
  PID:6568
- C:\Windows\System\WEYEYQZ.exe
  C:\Windows\System\WEYEYQZ.exe
  2⤵
  PID:7052
- C:\Windows\System\rXjYkiU.exe
  C:\Windows\System\rXjYkiU.exe
  2⤵
  PID:6260
- C:\Windows\System\MkpGzVH.exe
  C:\Windows\System\MkpGzVH.exe
  2⤵
  PID:6440
- C:\Windows\System\ITIyBia.exe
  C:\Windows\System\ITIyBia.exe
  2⤵
  PID:6600
- C:\Windows\System\BjZAbzL.exe
  C:\Windows\System\BjZAbzL.exe
  2⤵
  PID:7200
- C:\Windows\System\emkePTR.exe
  C:\Windows\System\emkePTR.exe
  2⤵
  PID:7216
- C:\Windows\System\rwzxPPh.exe
  C:\Windows\System\rwzxPPh.exe
  2⤵
  PID:7232
- C:\Windows\System\EMMpkXO.exe
  C:\Windows\System\EMMpkXO.exe
  2⤵
  PID:7368
- C:\Windows\System\supguko.exe
  C:\Windows\System\supguko.exe
  2⤵
  PID:7408
- C:\Windows\System\hrcWUQg.exe
  C:\Windows\System\hrcWUQg.exe
  2⤵
  PID:7284
- C:\Windows\System\CECHXrh.exe
  C:\Windows\System\CECHXrh.exe
  2⤵
  PID:7348
- C:\Windows\System\tAPuPqY.exe
  C:\Windows\System\tAPuPqY.exe
  2⤵
  PID:7420
- C:\Windows\System\cngMIWF.exe
  C:\Windows\System\cngMIWF.exe
  2⤵
  PID:7492
- C:\Windows\System\LSBVKSS.exe
  C:\Windows\System\LSBVKSS.exe
  2⤵
  PID:7536
- C:\Windows\System\CGSqIFd.exe
  C:\Windows\System\CGSqIFd.exe
  2⤵
  PID:7612
- C:\Windows\System\dFMOVfZ.exe
  C:\Windows\System\dFMOVfZ.exe
  2⤵
  PID:7656
- C:\Windows\System\dbTdCqG.exe
  C:\Windows\System\dbTdCqG.exe
  2⤵
  PID:7508
- C:\Windows\System\UFEUbzA.exe
  C:\Windows\System\UFEUbzA.exe
  2⤵
  PID:7584
- C:\Windows\System\QFltJWU.exe
  C:\Windows\System\QFltJWU.exe
  2⤵
  PID:7668
- C:\Windows\System\bCBXRnZ.exe
  C:\Windows\System\bCBXRnZ.exe
  2⤵
  PID:7708
- C:\Windows\System\jDAClFx.exe
  C:\Windows\System\jDAClFx.exe
  2⤵
  PID:7764
- C:\Windows\System\zPMlaxo.exe
  C:\Windows\System\zPMlaxo.exe
  2⤵
  PID:7808
- C:\Windows\System\UjiXTyH.exe
  C:\Windows\System\UjiXTyH.exe
  2⤵
  PID:7880
- C:\Windows\System\PvgCnKZ.exe
  C:\Windows\System\PvgCnKZ.exe
  2⤵
  PID:7964
- C:\Windows\System\daUEkfp.exe
  C:\Windows\System\daUEkfp.exe
  2⤵
  PID:7860
- C:\Windows\System\MxVbkkF.exe
  C:\Windows\System\MxVbkkF.exe
  2⤵
  PID:7900
- C:\Windows\System\NUXYWVG.exe
  C:\Windows\System\NUXYWVG.exe
  2⤵
  PID:7916
- C:\Windows\System\KAeKeSH.exe
  C:\Windows\System\KAeKeSH.exe
  2⤵
  PID:7988
- C:\Windows\System\RxuJXwp.exe
  C:\Windows\System\RxuJXwp.exe
  2⤵
  PID:8000
- C:\Windows\System\TTADfxk.exe
  C:\Windows\System\TTADfxk.exe
  2⤵
  PID:8140
- C:\Windows\System\nnpEGsP.exe
  C:\Windows\System\nnpEGsP.exe
  2⤵
  PID:8084
- C:\Windows\System\UERcRZv.exe
  C:\Windows\System\UERcRZv.exe
  2⤵
  PID:8176
- C:\Windows\System\HpZOCDh.exe
  C:\Windows\System\HpZOCDh.exe
  2⤵
  PID:8156
- C:\Windows\System\xWVhPvB.exe
  C:\Windows\System\xWVhPvB.exe
  2⤵
  PID:6488
- C:\Windows\System\foHPwHK.exe
  C:\Windows\System\foHPwHK.exe
  2⤵
  PID:7188
- C:\Windows\System\GWybppF.exe
  C:\Windows\System\GWybppF.exe
  2⤵
  PID:6880
- C:\Windows\System\NEjoxcb.exe
  C:\Windows\System\NEjoxcb.exe
  2⤵
  PID:7036
- C:\Windows\System\rAAwJQc.exe
  C:\Windows\System\rAAwJQc.exe
  2⤵
  PID:6712
- C:\Windows\System\isnyfay.exe
  C:\Windows\System\isnyfay.exe
  2⤵
  PID:7224
- C:\Windows\System\dtThtnx.exe
  C:\Windows\System\dtThtnx.exe
  2⤵
  PID:7316
- C:\Windows\System\IjHJgJM.exe
  C:\Windows\System\IjHJgJM.exe
  2⤵
  PID:7568
- C:\Windows\System\oHmIAxm.exe
  C:\Windows\System\oHmIAxm.exe
  2⤵
  PID:7332
- C:\Windows\System\QpPPnyh.exe
  C:\Windows\System\QpPPnyh.exe
  2⤵
  PID:2036
- C:\Windows\System\DKQzFnC.exe
  C:\Windows\System\DKQzFnC.exe
  2⤵
  PID:7516
- C:\Windows\System\Wqhmspl.exe
  C:\Windows\System\Wqhmspl.exe
  2⤵
  PID:7528
- C:\Windows\System\JYAijZs.exe
  C:\Windows\System\JYAijZs.exe
  2⤵
  PID:7700
- C:\Windows\System\RNPEtIJ.exe
  C:\Windows\System\RNPEtIJ.exe
  2⤵
  PID:7592
- C:\Windows\System\CNsseHu.exe
  C:\Windows\System\CNsseHu.exe
  2⤵
  PID:7744
- C:\Windows\System\zieYszr.exe
  C:\Windows\System\zieYszr.exe
  2⤵
  PID:7724
- C:\Windows\System\UlnHTgM.exe
  C:\Windows\System\UlnHTgM.exe
  2⤵
  PID:7840
- C:\Windows\System\oyffXBe.exe
  C:\Windows\System\oyffXBe.exe
  2⤵
  PID:7856
- C:\Windows\System\hahNCDN.exe
  C:\Windows\System\hahNCDN.exe
  2⤵
  PID:7804
- C:\Windows\System\DcipQzQ.exe
  C:\Windows\System\DcipQzQ.exe
  2⤵
  PID:8036
- C:\Windows\System\jxFWrNS.exe
  C:\Windows\System\jxFWrNS.exe
  2⤵
  PID:7892
- C:\Windows\System\YDbOXTI.exe
  C:\Windows\System\YDbOXTI.exe
  2⤵
  PID:8008
- C:\Windows\System\KRVBuIv.exe
  C:\Windows\System\KRVBuIv.exe
  2⤵
  PID:8132
- C:\Windows\System\CHNBQPa.exe
  C:\Windows\System\CHNBQPa.exe
  2⤵
  PID:8160
- C:\Windows\System\khclyoG.exe
  C:\Windows\System\khclyoG.exe
  2⤵
  PID:8080
- C:\Windows\System\fIPgrab.exe
  C:\Windows\System\fIPgrab.exe
  2⤵
  PID:6316
- C:\Windows\System\oGCmlFm.exe
  C:\Windows\System\oGCmlFm.exe
  2⤵
  PID:7184
- C:\Windows\System\eoOoTQG.exe
  C:\Windows\System\eoOoTQG.exe
  2⤵
  PID:1716
- C:\Windows\System\XlmYFAW.exe
  C:\Windows\System\XlmYFAW.exe
  2⤵
  PID:7688
- C:\Windows\System\XtxoJhu.exe
  C:\Windows\System\XtxoJhu.exe
  2⤵
  PID:5968
- C:\Windows\System\VOwZmWF.exe
  C:\Windows\System\VOwZmWF.exe
  2⤵
  PID:7876
- C:\Windows\System\rWYkKKz.exe
  C:\Windows\System\rWYkKKz.exe
  2⤵
  PID:7952
- C:\Windows\System\aQezqFh.exe
  C:\Windows\System\aQezqFh.exe
  2⤵
  PID:6248
- C:\Windows\System\wJIvvAe.exe
  C:\Windows\System\wJIvvAe.exe
  2⤵
  PID:6960
- C:\Windows\System\cHzFOFd.exe
  C:\Windows\System\cHzFOFd.exe
  2⤵
  PID:7452
- C:\Windows\System\GAqUGeh.exe
  C:\Windows\System\GAqUGeh.exe
  2⤵
  PID:7652
- C:\Windows\System\DfOyFBq.exe
  C:\Windows\System\DfOyFBq.exe
  2⤵
  PID:7636
- C:\Windows\System\hDxkKRa.exe
  C:\Windows\System\hDxkKRa.exe
  2⤵
  PID:7912
- C:\Windows\System\pNBPJWn.exe
  C:\Windows\System\pNBPJWn.exe
  2⤵
  PID:8060
- C:\Windows\System\HZnSqWz.exe
  C:\Windows\System\HZnSqWz.exe
  2⤵
  PID:6392
- C:\Windows\System\bwUIRRQ.exe
  C:\Windows\System\bwUIRRQ.exe
  2⤵
  PID:788
- C:\Windows\System\lHWRPlT.exe
  C:\Windows\System\lHWRPlT.exe
  2⤵
  PID:7300
- C:\Windows\System\kOYZLAf.exe
  C:\Windows\System\kOYZLAf.exe
  2⤵
  PID:7388
- C:\Windows\System\KFULkBs.exe
  C:\Windows\System\KFULkBs.exe
  2⤵
  PID:7428
- C:\Windows\System\bkzHfoU.exe
  C:\Windows\System\bkzHfoU.exe
  2⤵
  PID:7648
- C:\Windows\System\ZZllBms.exe
  C:\Windows\System\ZZllBms.exe
  2⤵
  PID:6516
- C:\Windows\System\dYJDGgo.exe
  C:\Windows\System\dYJDGgo.exe
  2⤵
  PID:8076
- C:\Windows\System\pLeZjNs.exe
  C:\Windows\System\pLeZjNs.exe
  2⤵
  PID:7936
- C:\Windows\System\QzqVFAZ.exe
  C:\Windows\System\QzqVFAZ.exe
  2⤵
  PID:7468
- C:\Windows\System\zXHIBxS.exe
  C:\Windows\System\zXHIBxS.exe
  2⤵
  PID:7596
- C:\Windows\System\ePbKCHr.exe
  C:\Windows\System\ePbKCHr.exe
  2⤵
  PID:6612
- C:\Windows\System\rowDAxe.exe
  C:\Windows\System\rowDAxe.exe
  2⤵
  PID:7632
- C:\Windows\System\baRZEuM.exe
  C:\Windows\System\baRZEuM.exe
  2⤵
  PID:7720
- C:\Windows\System\BuFEVjC.exe
  C:\Windows\System\BuFEVjC.exe
  2⤵
  PID:8152
- C:\Windows\System\eBuZKOb.exe
  C:\Windows\System\eBuZKOb.exe
  2⤵
  PID:8200
- C:\Windows\System\FwCnqPs.exe
  C:\Windows\System\FwCnqPs.exe
  2⤵
  PID:8216
- C:\Windows\System\HHQEulN.exe
  C:\Windows\System\HHQEulN.exe
  2⤵
  PID:8232
- C:\Windows\System\fzgEeka.exe
  C:\Windows\System\fzgEeka.exe
  2⤵
  PID:8252
- C:\Windows\System\vjCwaTF.exe
  C:\Windows\System\vjCwaTF.exe
  2⤵
  PID:8268
- C:\Windows\System\jsBOYBY.exe
  C:\Windows\System\jsBOYBY.exe
  2⤵
  PID:8288
- C:\Windows\System\EspjRdy.exe
  C:\Windows\System\EspjRdy.exe
  2⤵
  PID:8304
- C:\Windows\System\syNtpTM.exe
  C:\Windows\System\syNtpTM.exe
  2⤵
  PID:8320
- C:\Windows\System\WEOMwpn.exe
  C:\Windows\System\WEOMwpn.exe
  2⤵
  PID:8336
- C:\Windows\System\NpNQCFA.exe
  C:\Windows\System\NpNQCFA.exe
  2⤵
  PID:8392
- C:\Windows\System\ONZaYhj.exe
  C:\Windows\System\ONZaYhj.exe
  2⤵
  PID:8408
- C:\Windows\System\NsByTiG.exe
  C:\Windows\System\NsByTiG.exe
  2⤵
  PID:8428
- C:\Windows\System\evgsgnw.exe
  C:\Windows\System\evgsgnw.exe
  2⤵
  PID:8448
- C:\Windows\System\qqnlNos.exe
  C:\Windows\System\qqnlNos.exe
  2⤵
  PID:8468
- C:\Windows\System\pWyKEMO.exe
  C:\Windows\System\pWyKEMO.exe
  2⤵
  PID:8496
- C:\Windows\System\jbypWNt.exe
  C:\Windows\System\jbypWNt.exe
  2⤵
  PID:8512
- C:\Windows\System\zYcHtir.exe
  C:\Windows\System\zYcHtir.exe
  2⤵
  PID:8528
- C:\Windows\System\qFDHNEx.exe
  C:\Windows\System\qFDHNEx.exe
  2⤵
  PID:8548
- C:\Windows\System\apEOKJF.exe
  C:\Windows\System\apEOKJF.exe
  2⤵
  PID:8568
- C:\Windows\System\DKIKESW.exe
  C:\Windows\System\DKIKESW.exe
  2⤵
  PID:8596
- C:\Windows\System\oEzudlI.exe
  C:\Windows\System\oEzudlI.exe
  2⤵
  PID:8612
- C:\Windows\System\dfaFEXu.exe
  C:\Windows\System\dfaFEXu.exe
  2⤵
  PID:8628
- C:\Windows\System\JGvZAUY.exe
  C:\Windows\System\JGvZAUY.exe
  2⤵
  PID:8644
- C:\Windows\System\hRdaoXZ.exe
  C:\Windows\System\hRdaoXZ.exe
  2⤵
  PID:8660
- C:\Windows\System\uATZwtc.exe
  C:\Windows\System\uATZwtc.exe
  2⤵
  PID:8676
- C:\Windows\System\AzAPUxt.exe
  C:\Windows\System\AzAPUxt.exe
  2⤵
  PID:8692
- C:\Windows\System\ZplrQlu.exe
  C:\Windows\System\ZplrQlu.exe
  2⤵
  PID:8708
- C:\Windows\System\Wbhmnjm.exe
  C:\Windows\System\Wbhmnjm.exe
  2⤵
  PID:8724
- C:\Windows\System\WhWqNmz.exe
  C:\Windows\System\WhWqNmz.exe
  2⤵
  PID:8740
- C:\Windows\System\XdAbMKQ.exe
  C:\Windows\System\XdAbMKQ.exe
  2⤵
  PID:8756
- C:\Windows\System\saBoOxy.exe
  C:\Windows\System\saBoOxy.exe
  2⤵
  PID:8772
- C:\Windows\System\HyUEhhV.exe
  C:\Windows\System\HyUEhhV.exe
  2⤵
  PID:8788
- C:\Windows\System\nzzowjD.exe
  C:\Windows\System\nzzowjD.exe
  2⤵
  PID:8804
- C:\Windows\System\VcsgJEb.exe
  C:\Windows\System\VcsgJEb.exe
  2⤵
  PID:8820
- C:\Windows\System\bAeHhHW.exe
  C:\Windows\System\bAeHhHW.exe
  2⤵
  PID:8836
- C:\Windows\System\ZkTEDvD.exe
  C:\Windows\System\ZkTEDvD.exe
  2⤵
  PID:8852
- C:\Windows\System\YpSwEXW.exe
  C:\Windows\System\YpSwEXW.exe
  2⤵
  PID:8868
- C:\Windows\System\qBdBHFv.exe
  C:\Windows\System\qBdBHFv.exe
  2⤵
  PID:8884
- C:\Windows\System\eqNAgUD.exe
  C:\Windows\System\eqNAgUD.exe
  2⤵
  PID:8900
- C:\Windows\System\BdMXuTD.exe
  C:\Windows\System\BdMXuTD.exe
  2⤵
  PID:8916
- C:\Windows\System\WezNdkM.exe
  C:\Windows\System\WezNdkM.exe
  2⤵
  PID:8932
- C:\Windows\System\VcjgAOb.exe
  C:\Windows\System\VcjgAOb.exe
  2⤵
  PID:8948
- C:\Windows\System\BWeXhjZ.exe
  C:\Windows\System\BWeXhjZ.exe
  2⤵
  PID:8964
- C:\Windows\System\DPTyZfz.exe
  C:\Windows\System\DPTyZfz.exe
  2⤵
  PID:9000
- C:\Windows\System\xGVAryY.exe
  C:\Windows\System\xGVAryY.exe
  2⤵
  PID:9040
- C:\Windows\System\bPlansW.exe
  C:\Windows\System\bPlansW.exe
  2⤵
  PID:9060
- C:\Windows\System\ZXvWTrT.exe
  C:\Windows\System\ZXvWTrT.exe
  2⤵
  PID:9092
- C:\Windows\System\QJWOxVv.exe
  C:\Windows\System\QJWOxVv.exe
  2⤵
  PID:9112
- C:\Windows\System\lWyoAgi.exe
  C:\Windows\System\lWyoAgi.exe
  2⤵
  PID:9128
- C:\Windows\System\gnsMzSa.exe
  C:\Windows\System\gnsMzSa.exe
  2⤵
  PID:9144
- C:\Windows\System\ZykHfmS.exe
  C:\Windows\System\ZykHfmS.exe
  2⤵
  PID:9172
- C:\Windows\System\UAiWUFY.exe
  C:\Windows\System\UAiWUFY.exe
  2⤵
  PID:9196
- C:\Windows\System\IQwUTLw.exe
  C:\Windows\System\IQwUTLw.exe
  2⤵
  PID:8228
- C:\Windows\System\IwtYnCm.exe
  C:\Windows\System\IwtYnCm.exe
  2⤵
  PID:8264
- C:\Windows\System\FOTator.exe
  C:\Windows\System\FOTator.exe
  2⤵
  PID:8296
- C:\Windows\System\uurxuMN.exe
  C:\Windows\System\uurxuMN.exe
  2⤵
  PID:8312
- C:\Windows\System\VgKlUny.exe
  C:\Windows\System\VgKlUny.exe
  2⤵
  PID:8364
- C:\Windows\System\fuTxZVr.exe
  C:\Windows\System\fuTxZVr.exe
  2⤵
  PID:8056
- C:\Windows\System\vBBgxxc.exe
  C:\Windows\System\vBBgxxc.exe
  2⤵
  PID:8420
- C:\Windows\System\rqJBzjM.exe
  C:\Windows\System\rqJBzjM.exe
  2⤵
  PID:8456
- C:\Windows\System\fgndTcK.exe
  C:\Windows\System\fgndTcK.exe
  2⤵
  PID:8476
- C:\Windows\System\uyEmkBK.exe
  C:\Windows\System\uyEmkBK.exe
  2⤵
  PID:8492
- C:\Windows\System\xEppapZ.exe
  C:\Windows\System\xEppapZ.exe
  2⤵
  PID:8524
- C:\Windows\System\GRIhDBh.exe
  C:\Windows\System\GRIhDBh.exe
  2⤵
  PID:8544
- C:\Windows\System\BRQuQxv.exe
  C:\Windows\System\BRQuQxv.exe
  2⤵
  PID:8588
- C:\Windows\System\aBSizfc.exe
  C:\Windows\System\aBSizfc.exe
  2⤵
  PID:8668
- C:\Windows\System\ifsfuGs.exe
  C:\Windows\System\ifsfuGs.exe
  2⤵
  PID:8736
- C:\Windows\System\xrvGWve.exe
  C:\Windows\System\xrvGWve.exe
  2⤵
  PID:8620
- C:\Windows\System\yyzSpFw.exe
  C:\Windows\System\yyzSpFw.exe
  2⤵
  PID:8684
- C:\Windows\System\JDmujVO.exe
  C:\Windows\System\JDmujVO.exe
  2⤵
  PID:8748
- C:\Windows\System\WpVjIFR.exe
  C:\Windows\System\WpVjIFR.exe
  2⤵
  PID:8812
- C:\Windows\System\OvgXkPO.exe
  C:\Windows\System\OvgXkPO.exe
  2⤵
  PID:8876
- C:\Windows\System\mNYFQVK.exe
  C:\Windows\System\mNYFQVK.exe
  2⤵
  PID:8768
- C:\Windows\System\okbjNPv.exe
  C:\Windows\System\okbjNPv.exe
  2⤵
  PID:8908
- C:\Windows\System\TyZeuPc.exe
  C:\Windows\System\TyZeuPc.exe
  2⤵
  PID:8860
- C:\Windows\System\yFpsghV.exe
  C:\Windows\System\yFpsghV.exe
  2⤵
  PID:8924
- C:\Windows\System\JHRtHyU.exe
  C:\Windows\System\JHRtHyU.exe
  2⤵
  PID:8976
- C:\Windows\System\WOHYPkF.exe
  C:\Windows\System\WOHYPkF.exe
  2⤵
  PID:9036
- C:\Windows\System\wEyswSP.exe
  C:\Windows\System\wEyswSP.exe
  2⤵
  PID:9048
- C:\Windows\System\Zowfllk.exe
  C:\Windows\System\Zowfllk.exe
  2⤵
  PID:9016
- C:\Windows\System\igVfHMH.exe
  C:\Windows\System\igVfHMH.exe
  2⤵
  PID:9032
- C:\Windows\System\pCRRJIT.exe
  C:\Windows\System\pCRRJIT.exe
  2⤵
  PID:9080
- C:\Windows\System\YzOTlTX.exe
  C:\Windows\System\YzOTlTX.exe
  2⤵
  PID:9124
- C:\Windows\System\ZvLAeUW.exe
  C:\Windows\System\ZvLAeUW.exe
  2⤵
  PID:9168
- C:\Windows\System\EKgCRFD.exe
  C:\Windows\System\EKgCRFD.exe
  2⤵
  PID:8260
- C:\Windows\System\pITFVAN.exe
  C:\Windows\System\pITFVAN.exe
  2⤵
  PID:8384
- C:\Windows\System\xItEFkl.exe
  C:\Windows\System\xItEFkl.exe
  2⤵
  PID:8460
- C:\Windows\System\vUazzEa.exe
  C:\Windows\System\vUazzEa.exe
  2⤵
  PID:8508
- C:\Windows\System\ilnNvuC.exe
  C:\Windows\System\ilnNvuC.exe
  2⤵
  PID:8556
- C:\Windows\System\SYxhnLk.exe
  C:\Windows\System\SYxhnLk.exe
  2⤵
  PID:8584
- C:\Windows\System\megVaFP.exe
  C:\Windows\System\megVaFP.exe
  2⤵
  PID:8672
- C:\Windows\System\DswiowE.exe
  C:\Windows\System\DswiowE.exe
  2⤵
  PID:8940
- C:\Windows\System\gTRnABy.exe
  C:\Windows\System\gTRnABy.exe
  2⤵
  PID:8960
- C:\Windows\System\igrAVPX.exe
  C:\Windows\System\igrAVPX.exe
  2⤵
  PID:8704
- C:\Windows\System\rxsKavf.exe
  C:\Windows\System\rxsKavf.exe
  2⤵
  PID:9072
- C:\Windows\System\QEQFDgL.exe
  C:\Windows\System\QEQFDgL.exe
  2⤵
  PID:9180
- C:\Windows\System\oxRsJKR.exe
  C:\Windows\System\oxRsJKR.exe
  2⤵
  PID:9164
- C:\Windows\System\BFqPydt.exe
  C:\Windows\System\BFqPydt.exe
  2⤵
  PID:9212
- C:\Windows\System\qswwlqA.exe
  C:\Windows\System\qswwlqA.exe
  2⤵
  PID:8996
- C:\Windows\System\eszTwLK.exe
  C:\Windows\System\eszTwLK.exe
  2⤵
  PID:9156
- C:\Windows\System\yPhaXeT.exe
  C:\Windows\System\yPhaXeT.exe
  2⤵
  PID:8240
- C:\Windows\System\FfawANJ.exe
  C:\Windows\System\FfawANJ.exe
  2⤵
  PID:8280
- C:\Windows\System\vSScKVY.exe
  C:\Windows\System\vSScKVY.exe
  2⤵
  PID:7828
- C:\Windows\System\gwyXzGp.exe
  C:\Windows\System\gwyXzGp.exe
  2⤵
  PID:8484
- C:\Windows\System\XEAwulb.exe
  C:\Windows\System\XEAwulb.exe
  2⤵
  PID:8720
- C:\Windows\System\VogxJHe.exe
  C:\Windows\System\VogxJHe.exe
  2⤵
  PID:9012
- C:\Windows\System\EhCmaMT.exe
  C:\Windows\System\EhCmaMT.exe
  2⤵
  PID:9208
- C:\Windows\System\CPnDYaz.exe
  C:\Windows\System\CPnDYaz.exe
  2⤵
  PID:8440
- C:\Windows\System\FvhTcgR.exe
  C:\Windows\System\FvhTcgR.exe
  2⤵
  PID:8248
- C:\Windows\System\fvHSatp.exe
  C:\Windows\System\fvHSatp.exe
  2⤵
  PID:8388
- C:\Windows\System\ZWfKEDV.exe
  C:\Windows\System\ZWfKEDV.exe
  2⤵
  PID:8896
- C:\Windows\System\BGdNotg.exe
  C:\Windows\System\BGdNotg.exe
  2⤵
  PID:8576
- C:\Windows\System\OVnPNVz.exe
  C:\Windows\System\OVnPNVz.exe
  2⤵
  PID:8832
- C:\Windows\System\eAIuvPG.exe
  C:\Windows\System\eAIuvPG.exe
  2⤵
  PID:9188
- C:\Windows\System\zNwxLjv.exe
  C:\Windows\System\zNwxLjv.exe
  2⤵
  PID:8828
- C:\Windows\System\CyikPdP.exe
  C:\Windows\System\CyikPdP.exe
  2⤵
  PID:8436
- C:\Windows\System\qRTPHTR.exe
  C:\Windows\System\qRTPHTR.exe
  2⤵
  PID:8892
- C:\Windows\System\pwXAuTD.exe
  C:\Windows\System\pwXAuTD.exe
  2⤵
  PID:9088
- C:\Windows\System\ZrCJGIz.exe
  C:\Windows\System\ZrCJGIz.exe
  2⤵
  PID:8316
- C:\Windows\System\NLvEnba.exe
  C:\Windows\System\NLvEnba.exe
  2⤵
  PID:8360
- C:\Windows\System\MdZFoWD.exe
  C:\Windows\System\MdZFoWD.exe
  2⤵
  PID:8780
- C:\Windows\System\CkDaenO.exe
  C:\Windows\System\CkDaenO.exe
  2⤵
  PID:9224
- C:\Windows\System\msEKKxa.exe
  C:\Windows\System\msEKKxa.exe
  2⤵
  PID:9240
- C:\Windows\System\iZIpTkz.exe
  C:\Windows\System\iZIpTkz.exe
  2⤵
  PID:9256
- C:\Windows\System\ybesAap.exe
  C:\Windows\System\ybesAap.exe
  2⤵
  PID:9272
- C:\Windows\System\yppciAs.exe
  C:\Windows\System\yppciAs.exe
  2⤵
  PID:9288
- C:\Windows\System\BRvdDtW.exe
  C:\Windows\System\BRvdDtW.exe
  2⤵
  PID:9304
- C:\Windows\System\ejpDZNN.exe
  C:\Windows\System\ejpDZNN.exe
  2⤵
  PID:9320
- C:\Windows\System\zWbuzbj.exe
  C:\Windows\System\zWbuzbj.exe
  2⤵
  PID:9336
- C:\Windows\System\hFNeMqY.exe
  C:\Windows\System\hFNeMqY.exe
  2⤵
  PID:9352
- C:\Windows\System\InZFjmC.exe
  C:\Windows\System\InZFjmC.exe
  2⤵
  PID:9368
- C:\Windows\System\GIFOhsY.exe
  C:\Windows\System\GIFOhsY.exe
  2⤵
  PID:9384
- C:\Windows\System\Dsoorpz.exe
  C:\Windows\System\Dsoorpz.exe
  2⤵
  PID:9400
- C:\Windows\System\WwaYfxm.exe
  C:\Windows\System\WwaYfxm.exe
  2⤵
  PID:9416
- C:\Windows\System\CIoWivF.exe
  C:\Windows\System\CIoWivF.exe
  2⤵
  PID:9432
- C:\Windows\System\usJkWhY.exe
  C:\Windows\System\usJkWhY.exe
  2⤵
  PID:9448
- C:\Windows\System\rDOBRkz.exe
  C:\Windows\System\rDOBRkz.exe
  2⤵
  PID:9464
- C:\Windows\System\RtHFIus.exe
  C:\Windows\System\RtHFIus.exe
  2⤵
  PID:9480
- C:\Windows\System\IgtwBXU.exe
  C:\Windows\System\IgtwBXU.exe
  2⤵
  PID:9496
- C:\Windows\System\TnpwmGi.exe
  C:\Windows\System\TnpwmGi.exe
  2⤵
  PID:9520
- C:\Windows\System\ZmpGJTh.exe
  C:\Windows\System\ZmpGJTh.exe
  2⤵
  PID:9540
- C:\Windows\System\iSVpSSL.exe
  C:\Windows\System\iSVpSSL.exe
  2⤵
  PID:9564
- C:\Windows\System\JpuiXES.exe
  C:\Windows\System\JpuiXES.exe
  2⤵
  PID:9580
- C:\Windows\System\llpuLdE.exe
  C:\Windows\System\llpuLdE.exe
  2⤵
  PID:9604
- C:\Windows\System\kBPNnEO.exe
  C:\Windows\System\kBPNnEO.exe
  2⤵
  PID:9620
- C:\Windows\System\XvNPUGF.exe
  C:\Windows\System\XvNPUGF.exe
  2⤵
  PID:9636
- C:\Windows\System\drJqFtr.exe
  C:\Windows\System\drJqFtr.exe
  2⤵
  PID:9652
- C:\Windows\System\TuSHRhM.exe
  C:\Windows\System\TuSHRhM.exe
  2⤵
  PID:9668
- C:\Windows\System\Jqlxlyi.exe
  C:\Windows\System\Jqlxlyi.exe
  2⤵
  PID:9684
- C:\Windows\System\AbVgwsH.exe
  C:\Windows\System\AbVgwsH.exe
  2⤵
  PID:9700
- C:\Windows\System\IMxmydP.exe
  C:\Windows\System\IMxmydP.exe
  2⤵
  PID:9716
- C:\Windows\System\OHeAxhY.exe
  C:\Windows\System\OHeAxhY.exe
  2⤵
  PID:9732
- C:\Windows\System\RvcCADi.exe
  C:\Windows\System\RvcCADi.exe
  2⤵
  PID:9748
- C:\Windows\System\LoAAavb.exe
  C:\Windows\System\LoAAavb.exe
  2⤵
  PID:9764
- C:\Windows\System\CcoGHIe.exe
  C:\Windows\System\CcoGHIe.exe
  2⤵
  PID:9780
- C:\Windows\System\LGjNGpx.exe
  C:\Windows\System\LGjNGpx.exe
  2⤵
  PID:9796
- C:\Windows\System\jgcoSWq.exe
  C:\Windows\System\jgcoSWq.exe
  2⤵
  PID:9812
- C:\Windows\System\NzGfofE.exe
  C:\Windows\System\NzGfofE.exe
  2⤵
  PID:9828
- C:\Windows\System\rEmBltF.exe
  C:\Windows\System\rEmBltF.exe
  2⤵
  PID:9844
- C:\Windows\System\ChWXskF.exe
  C:\Windows\System\ChWXskF.exe
  2⤵
  PID:9864
- C:\Windows\System\cIkfDbV.exe
  C:\Windows\System\cIkfDbV.exe
  2⤵
  PID:9880
- C:\Windows\System\mAWyXsI.exe
  C:\Windows\System\mAWyXsI.exe
  2⤵
  PID:9896
- C:\Windows\System\cMLSnXx.exe
  C:\Windows\System\cMLSnXx.exe
  2⤵
  PID:9912
- C:\Windows\System\DiJJfyP.exe
  C:\Windows\System\DiJJfyP.exe
  2⤵
  PID:9928
- C:\Windows\System\hIfxpCw.exe
  C:\Windows\System\hIfxpCw.exe
  2⤵
  PID:9944
- C:\Windows\System\QOvhMQb.exe
  C:\Windows\System\QOvhMQb.exe
  2⤵
  PID:9960
- C:\Windows\System\GemvHki.exe
  C:\Windows\System\GemvHki.exe
  2⤵
  PID:9976
- C:\Windows\System\ZSPSjVE.exe
  C:\Windows\System\ZSPSjVE.exe
  2⤵
  PID:9992
- C:\Windows\System\DHAdZRX.exe
  C:\Windows\System\DHAdZRX.exe
  2⤵
  PID:10012
- C:\Windows\System\vcYZuZD.exe
  C:\Windows\System\vcYZuZD.exe
  2⤵
  PID:10036
- C:\Windows\System\zlDHAAE.exe
  C:\Windows\System\zlDHAAE.exe
  2⤵
  PID:10052
- C:\Windows\System\honqxjK.exe
  C:\Windows\System\honqxjK.exe
  2⤵
  PID:10068
- C:\Windows\System\SgcOEvR.exe
  C:\Windows\System\SgcOEvR.exe
  2⤵
  PID:10092
- C:\Windows\System\TIrImBj.exe
  C:\Windows\System\TIrImBj.exe
  2⤵
  PID:10112
- C:\Windows\System\bsWCVsU.exe
  C:\Windows\System\bsWCVsU.exe
  2⤵
  PID:10128
- C:\Windows\System\YKPzrCr.exe
  C:\Windows\System\YKPzrCr.exe
  2⤵
  PID:10144
- C:\Windows\System\hBBozGc.exe
  C:\Windows\System\hBBozGc.exe
  2⤵
  PID:10160
- C:\Windows\System\ucCQKpf.exe
  C:\Windows\System\ucCQKpf.exe
  2⤵
  PID:10176
- C:\Windows\System\UFpFgOf.exe
  C:\Windows\System\UFpFgOf.exe
  2⤵
  PID:10192
- C:\Windows\System\YBgpYsV.exe
  C:\Windows\System\YBgpYsV.exe
  2⤵
  PID:10208
- C:\Windows\System\WthTfUS.exe
  C:\Windows\System\WthTfUS.exe
  2⤵
  PID:10224
- C:\Windows\System\yWtJMfi.exe
  C:\Windows\System\yWtJMfi.exe
  2⤵
  PID:8640
- C:\Windows\System\SHTouOD.exe
  C:\Windows\System\SHTouOD.exe
  2⤵
  PID:9264
- C:\Windows\System\lPyPrHI.exe
  C:\Windows\System\lPyPrHI.exe
  2⤵
  PID:9300
- C:\Windows\System\TLMUOwq.exe
  C:\Windows\System\TLMUOwq.exe
  2⤵
  PID:9120
- C:\Windows\System\vSyGLFJ.exe
  C:\Windows\System\vSyGLFJ.exe
  2⤵
  PID:9268
- C:\Windows\System\MFENRQT.exe
  C:\Windows\System\MFENRQT.exe
  2⤵
  PID:9360
- C:\Windows\System\wakbNwi.exe
  C:\Windows\System\wakbNwi.exe
  2⤵
  PID:8328
- C:\Windows\System\eOXrclJ.exe
  C:\Windows\System\eOXrclJ.exe
  2⤵
  PID:9192
- C:\Windows\System\cyvMpSJ.exe
  C:\Windows\System\cyvMpSJ.exe
  2⤵
  PID:9280
- C:\Windows\System\GRwZoPM.exe
  C:\Windows\System\GRwZoPM.exe
  2⤵
  PID:9348
- C:\Windows\System\LcYByty.exe
  C:\Windows\System\LcYByty.exe
  2⤵
  PID:9412
- C:\Windows\System\lUSnkkR.exe
  C:\Windows\System\lUSnkkR.exe
  2⤵
  PID:9504
- C:\Windows\System\tHXlcpx.exe
  C:\Windows\System\tHXlcpx.exe
  2⤵
  PID:9516
- C:\Windows\System\agqsKxq.exe
  C:\Windows\System\agqsKxq.exe
  2⤵
  PID:9560
- C:\Windows\System\Pedklxg.exe
  C:\Windows\System\Pedklxg.exe
  2⤵
  PID:9600
- C:\Windows\System\VEnPmxP.exe
  C:\Windows\System\VEnPmxP.exe
  2⤵
  PID:9664
- C:\Windows\System\TZskprN.exe
  C:\Windows\System\TZskprN.exe
  2⤵
  PID:9728
- C:\Windows\System\crtXPCh.exe
  C:\Windows\System\crtXPCh.exe
  2⤵
  PID:9824
- C:\Windows\System\MHINQrf.exe
  C:\Windows\System\MHINQrf.exe
  2⤵
  PID:9492
- C:\Windows\System\nXSQAar.exe
  C:\Windows\System\nXSQAar.exe
  2⤵
  PID:9612
- C:\Windows\System\HnHsXrs.exe
  C:\Windows\System\HnHsXrs.exe
  2⤵
  PID:9676
- C:\Windows\System\gqiwPji.exe
  C:\Windows\System\gqiwPji.exe
  2⤵
  PID:9744
- C:\Windows\System\XiODenK.exe
  C:\Windows\System\XiODenK.exe
  2⤵
  PID:9836
- C:\Windows\System\LRznHEO.exe
  C:\Windows\System\LRznHEO.exe
  2⤵
  PID:9856
- C:\Windows\System\qgmIvwh.exe
  C:\Windows\System\qgmIvwh.exe
  2⤵
  PID:9908
- C:\Windows\System\jJHFujR.exe
  C:\Windows\System\jJHFujR.exe
  2⤵
  PID:10004
- C:\Windows\System\ftMRWHd.exe
  C:\Windows\System\ftMRWHd.exe
  2⤵
  PID:9972
- C:\Windows\System\mcCdMMA.exe
  C:\Windows\System\mcCdMMA.exe
  2⤵
  PID:10044
- C:\Windows\System\OfRBgYc.exe
  C:\Windows\System\OfRBgYc.exe
  2⤵
  PID:10084
- C:\Windows\System\aLxvLKS.exe
  C:\Windows\System\aLxvLKS.exe
  2⤵
  PID:10064
- C:\Windows\System\ZtdVnWJ.exe
  C:\Windows\System\ZtdVnWJ.exe
  2⤵
  PID:10028
- C:\Windows\System\TOPkEDi.exe
  C:\Windows\System\TOPkEDi.exe
  2⤵
  PID:10152
- C:\Windows\System\zPQIkHw.exe
  C:\Windows\System\zPQIkHw.exe
  2⤵
  PID:10168
- C:\Windows\System\ccMWeXq.exe
  C:\Windows\System\ccMWeXq.exe
  2⤵
  PID:10204
- C:\Windows\System\XAAWPYq.exe
  C:\Windows\System\XAAWPYq.exe
  2⤵
  PID:10236
- C:\Windows\System\klpyfyF.exe
  C:\Windows\System\klpyfyF.exe
  2⤵
  PID:9296
- C:\Windows\System\FnyStoH.exe
  C:\Windows\System\FnyStoH.exe
  2⤵
  PID:9472
- C:\Windows\System\ejQgUTg.exe
  C:\Windows\System\ejQgUTg.exe
  2⤵
  PID:9804
- C:\Windows\System\ECPiLYJ.exe
  C:\Windows\System\ECPiLYJ.exe
  2⤵
  PID:9872
- C:\Windows\System\sogJwby.exe
  C:\Windows\System\sogJwby.exe
  2⤵
  PID:10000
- C:\Windows\System\nQezYno.exe
  C:\Windows\System\nQezYno.exe
  2⤵
  PID:10024
- C:\Windows\System\ZpOnjFn.exe
  C:\Windows\System\ZpOnjFn.exe
  2⤵
  PID:10200
- C:\Windows\System\OSrBJls.exe
  C:\Windows\System\OSrBJls.exe
  2⤵
  PID:10232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AfsvlPx.exe

Filesize
6.0MB

MD5
c57b76ee8087e204c660bf81c4d58897

SHA1
bedb8c7a5f117e075d909b44bfbd5db4083195c2

SHA256
0b1055f7c99e43f76bef799a4e1f9c45e8a8f8f73c40baea24d5529bc2bfde03

SHA512
75836200793a8515a12c877b4d352ac683cdd4c27390ca5358d64fff2ecb37c410331357fffb4faa9adf9f8af0f7d6972b71206194c2b8c035a142c66afdb485

Download Submit
C:\Windows\system\HHRwNkv.exe

Filesize
6.0MB

MD5
ee6de8c0e1b78459ee2c5d590ab59618

SHA1
a429ee6cdec8c9d82198445fb993bbdc8bb4d2b4

SHA256
c04afb3e444d549c80df9f4da94d4c9df8e12be56c921a8b851453f383c83a86

SHA512
e134f13cd19e78bb492754a5e20fff9e6b62a80434587641f9403608927b5aeadcdec080e473fabf4d0f87492c8a05f19b715843fe6aa1e553d012a64981dffc

Download Submit
C:\Windows\system\LzEgKBj.exe

Filesize
6.0MB

MD5
326b237f3d29d077c33b841631e878e1

SHA1
d81b1b77873a44ca686180f16e1376bb9541d1aa

SHA256
ef520dcfa5418858ce0f1d5e1ebaebdd469f9daa63a425a34efd44dd2dc1cc4f

SHA512
b2157ac7dbdcf66b167f8676648a205e78a8feba185aa75edbc3f2011ffdc7f638ca1df4308b5a270fd2a6783287ef4b9d14427c9b27a96df4a8ab892a827fd5

Download Submit
C:\Windows\system\MmGxPFg.exe

Filesize
6.0MB

MD5
a1c385b70c608930edc9541c1c901c8f

SHA1
aeeac2e13370bcf687083fe4d301f16fbdac8821

SHA256
7ba2b4c55bf659ae64edac1876a29b7b2c34ec82bfcf5acc37c972c3d50b6354

SHA512
d307b4d183ca4e6d212b63ee048cbca7f743d19da1e33c518a3622476648a3a2d68ba2db8a9cbecdf7eb8af9f20d4c22048d4f4925c65bd6791f2f345e3c89eb

Download Submit
C:\Windows\system\OHCnMEM.exe

Filesize
6.0MB

MD5
1c189076ffdc15416b073fe1eeb65528

SHA1
1288631b4a0d2129cb9343178b973fdc214e5972

SHA256
2f168222521095f04c1ee805b120fdb276e1080fd25264a21c14e0cdca8fb978

SHA512
1bfc41e5a9bb560a13ceaecc4576a8e8045f7b1b951baafdc71672ec0623a93ba2d5548d601e6958cbfbfdfdddb8c39a8946151a9af7f9468aac5cae635918fc

Download Submit
C:\Windows\system\UVDBQXP.exe

Filesize
6.0MB

MD5
72131031ae5c6d3579c2891d85695958

SHA1
954163d8941c8d64490f9df47bf1bd473f21e28f

SHA256
a1e06856973fa7b755c71eb97b9cc81f09fd9ebd4e17f93ee01ceb99fcf04ecd

SHA512
5398eaa686a11d3cce8b36c5c01fc8dffee6a16a3750be34b5310947edc6d93822b64ebb3f8c5732ea5bd116d02e8ffb713c673c78f640eab120a29e08d170b5

Download Submit
C:\Windows\system\UZVIcgU.exe

Filesize
6.0MB

MD5
fd2085bd37b09d042cb7d575ed5cc231

SHA1
1a154ff36b2b6e059a018e3fcc7ebae96f0176fa

SHA256
c3ca9c708329f7069dc2462415c2395f9568603b40d065a44e8caaeed387e645

SHA512
9e11019e1fe80d7a3ed42e6cf70b3f3204cc7399dae6c9e14f716e971aedd7826bdeea3ca16dfed83850be751e0f4f39d3200e47d4e0813457c7bec1a75d8943

Download Submit
C:\Windows\system\WFoTrrc.exe

Filesize
6.0MB

MD5
26fe22c564901317fe28af02a4786b11

SHA1
e91eb9ef7b62cc278ff2a33f923d6a32cea91568

SHA256
ceaa5705258b5d812795ad71dcf410b88bc820659e5c41afb6f5678978d178fe

SHA512
177f376a07bd31d5bd3287ac7fbe988778d2cc5c8b8767cee4bb031b5aac2e94c9572869537be4ef1f8ead88dceb7dcd9bc41153748d9d70a5e93660ce26e5c7

Download Submit
C:\Windows\system\XKANnQb.exe

Filesize
6.0MB

MD5
52ddb24e20b83c62ffcd3f6967f78d09

SHA1
8e4bca9c316b32c4833050bf0a9d9220d4c286a3

SHA256
b36a5b71a25b62077e884b070db2026b450d493e3b215ae96a13dd6fbcad1f95

SHA512
d15f4351aeb76e2cd9df425bc03e7ef6faf1fcd3c047c4def71ec06b94705281d64e8d290cf5633807d572f8111621c819a2bf46866858b18d1bf4b3be0e7139

Download Submit
C:\Windows\system\XTyJFJz.exe

Filesize
6.0MB

MD5
491455291c1a97bece9d0a97d64a4b35

SHA1
242a642f836df32ac8b0020ad1bae2183c914815

SHA256
82a024924b2bfec638713be6c93075abf83d4dcdac8ceffe6f4de7bce3b21ca7

SHA512
7612f9171db3010db1f8917e15391c982c5af822b7b0973766ef41d47a76820b5e866746d90dc4e8e76a0f0edd2178a775244bb02c127e700e604b262f84b534

Download Submit
C:\Windows\system\XursDIz.exe

Filesize
6.0MB

MD5
a321ffbe44ea235124dad64dc4f5f7dd

SHA1
0c8a8785851887dd6fa5cc5d324443781725784f

SHA256
265f0c94f72ba746a36c4c02a4785355a923acf9e6c73045170c0052a6c31c0f

SHA512
18bc6f021252aa6051720f9a7db9bc3d46c143d089921d5a403d2b043e0811d9475798fb6b9d708c7984669d0a5900be927d191d5e4ec3602b539f07737d293f

Download Submit
C:\Windows\system\bGvqGqB.exe

Filesize
6.0MB

MD5
ac41f4d7c427ffd4a97dd0baee0f2148

SHA1
a7b9818c2612df96fa43eeb92b18fa8cd9350e49

SHA256
79958ed5c1295d9d68d21ac2153ad1b0701668202d43bab60bd54b6dc78ed40b

SHA512
9fcf864f959c322ed37daf051f665c10c848acd384706e4c6879ed9ab89d6963fcd25cc0dfc1e5bc700e7746c61daf9bce389c86e93e2f725d742f44055eaee4

Download Submit
C:\Windows\system\dmRIOdY.exe

Filesize
6.0MB

MD5
a1b9686bd63770a102449d1b15992250

SHA1
427fb162aa1ba3b2cd0d80d89ea66384891f4ec5

SHA256
cb544bf5acdfcffbe012cecc01adc116e14ea4eaa0db645134bdf45ef7b3e3bd

SHA512
19928d1d7df86d1f69fd546b79b77d77adac201d3dfa714d12a41b4636bbd55ec88ba854bf225c61a2cb2d5dfaabb70c0ca00fc99fefa8a2d20fef3b6b81a3a3

Download Submit
C:\Windows\system\eXabkIV.exe

Filesize
6.0MB

MD5
3f619eac6e61b637d732c96eb6a02367

SHA1
824c9e8de8ab5bbf6cb80917c8eb2bb62a2ee9dc

SHA256
27fb9b5b1156862a4a5464998d437f29f5b7b0fb57de3a5c5bfdbf0e62867f70

SHA512
027b4ec1e4ccafe3b2aa44e0bf6dab887b1af10aeb152cbcd49fcd32bca830dfe613131c5011440bede9fdd123ba63e412ed8f9a6b79250adf69d854a2f29511

Download Submit
C:\Windows\system\gLciKVW.exe

Filesize
6.0MB

MD5
bf20dd49e0915a250eca513dd1bfc8dc

SHA1
8632e6984ad9488495070b94f2a3b81938d1a3fd

SHA256
80697fa4adb3358ecff8b1308bfa566a63bc43e58657318581f79cae8477cd78

SHA512
c2b4e3baceb576c0c02d1ee498b4d02cf58737afd91692e59fded3eb5ffff33f7ce2cee0fb86cb56cfc6f0998f605e1afc55297e36ad7877977d7f9f445b1a44

Download Submit
C:\Windows\system\gPUkDFN.exe

Filesize
6.0MB

MD5
2348378dcc0309a62469f5df2cd443bb

SHA1
1b20c39267c0ee3a59e7c67ff79473cf4d58b4ad

SHA256
ee8c2f717057e98686194173dc99d6dd1a9bb0705a3e5d0c1305e76c5416c8a1

SHA512
00123c98e9a90e25e06dd2880b482ff153c9de1cad0aaff3de91342109280e9ce5a3e4136f43ee099bf168c1a9b3e733e457115f17ec39bf2e452b640cba534e

Download Submit
C:\Windows\system\iQiGMYg.exe

Filesize
6.0MB

MD5
2771d36b93b905e02760bbd122baf81d

SHA1
b60e3d005e5a8986af994ec1e88bfd486cba3796

SHA256
b66590f858131a6aadd956686fd8726964e71e6f3ec70e24a625a5d209a743e8

SHA512
e971eb271c4a429af1c3d189f9c261e59a99b3e1763ae92a0de63bc3097a242fc4e9095595b1d6b95853ae6de993ffed823d44b650089e5514ddb60a43ad6762

Download Submit
C:\Windows\system\kVqEHGs.exe

Filesize
6.0MB

MD5
7ccbe90ed3bb6927c914a905e859690d

SHA1
6a97f47a6296c469e615e20efdb58c9e3dde2acc

SHA256
310d91d862756df78fc83bec4d750c0a152075953d064aaaee06b62afdcd5e62

SHA512
7e08da46f0b3836b86ff19ce97108049059d40035bba0e07b7e288b06c8bb28ae3a23f79469e552f2b223ce89a88929b3525518cf590b9fa7ba8e87b64d175fc

Download Submit
C:\Windows\system\lKJdjjj.exe

Filesize
6.0MB

MD5
68136ac10193cefc234d6466b0f56145

SHA1
37af55048f42c0fc1f82fca68bb7c3bc29d251c0

SHA256
9ab90589565fefb0cb63a0b0c2523f85e4a8b4c864c3eff81b75a5a77f13a097

SHA512
88888bc14ab70c8254ca64598c668465ad1a63dd29e79be91d1dd62a7772f73b385d6a95ca412c8b081dfbbb344a532c34ceff48927be46c09d806da7cb865d7

Download Submit
C:\Windows\system\loBtVCf.exe

Filesize
6.0MB

MD5
d60c302ac1081f73a14f1573af1752c3

SHA1
ba1eb5fab612314b63a14e883c142174a63f58a8

SHA256
5e61f9ec24c98bd43c2be98ec3d3a1d1e38cb4053691666f93a6cae08dddb57f

SHA512
551850c3006447cfbf5c5302c554b084454523951776b1d596794cd08c5a534a0dbb8da742e18b57cb154cb2ec4b8b6f76b4939362dbaba56e375cf503219a64

Download Submit
C:\Windows\system\nGkyWHK.exe

Filesize
6.0MB

MD5
f7626d33bee102e9757852a3848c46de

SHA1
b48deac12cfdc2572c0c22b2dcbbd8b3435b054e

SHA256
2fa0c8a2f08381762c69b3210f1b2cb57c7b8acdfbb786a9dc855690fff9fcd4

SHA512
0e93d5a4d361639b68ca089d30f853d2b71f806e9f472931c840f15f878afbd176ee8b22c69bac9dae50f5e90d5761145b91a7974edba8e67f83ee34f7e0bbbb

Download Submit
C:\Windows\system\nvhczyn.exe

Filesize
6.0MB

MD5
6042c5ba33bb004bf690fc0e0d130893

SHA1
0814dacb6531ba35c76635411a8ea92e5424cda0

SHA256
fa0322afdceba65526d2fa2c87b736b4adb2a2a487512a319135405a4770ff4d

SHA512
f829280ddda29d8129e9be69cb9d44064e8e1cb4fa6dde2473577557635bdedb76afc74ac2948ed8d93be0a4352ade0c64a148cf4c267464d8d568ffe1467e8f

Download Submit
C:\Windows\system\pDWAMYt.exe

Filesize
6.0MB

MD5
eb357a5af635de522fb4463dc7508aaa

SHA1
dcefdce0e0432a9ec4add31bcf36a7edf0db080d

SHA256
c2c075827e8a14190ea5fba3043bee7e101e7bda53f3dabe88f94527d48e20a9

SHA512
8b6b85c7b8a9f7d8661261c316cdf580a196bba0e8c67324020a95f40826548de2a715e64c46c61c2beb9c1ffcc85058c551977dd42645f68d59834c5426875e

Download Submit
C:\Windows\system\rJFoyto.exe

Filesize
6.0MB

MD5
0bcc934ecdf0ae56fd7ce95b294a5316

SHA1
41d0806cc1fe390405cb327df85df5ffa7299e14

SHA256
63e60a8ad77bc6112118e250a49e494cbcb1dc9d0297b4c761d3582d536a832b

SHA512
9c4c0807b5424b5bdba8ad8fb07a1ea229cb7c27ff1d6bf0a83c8f5671fde2005d13ffc612c75250ac3808fef6124c34376a47d7cc1672e85cb2e6c2181ccacc

Download Submit
C:\Windows\system\tBSimhN.exe

Filesize
6.0MB

MD5
2bc4ee680a09777252e45e48ec985900

SHA1
b625ac3a4b650045564e0380dc99f42b08c2717b

SHA256
28b3c85196c973dfda686dd365bfd96b036118232319a7f0b2ab33c9a1568bcc

SHA512
7b5122c4e5294bdb9b4768019d934d9fc3ab5f1677320a8a5ae0a80418513bfa145f2e86471da969d1981c6d38e2fc478f64cfe77475ec9523c84389899f47bb

Download Submit
C:\Windows\system\uTZDDXk.exe

Filesize
6.0MB

MD5
cebf3185d4107b87f2f210d29ad5f467

SHA1
1c8a3c403a4b8fab5dd3c3e75a23fdcd8c63715b

SHA256
30a364c4573d3a6f7034d7406fd949be1d2dd9783b78c129274972d9dbbebf72

SHA512
620481ff7059906317be8aa8c5a3a8d3d62c030b7b6838c2f4f4bc5ff23b3a59d9c4c4da08833674b606c371253668c2ef105e409c9af1f6a2316a4768078278

Download Submit
C:\Windows\system\vSXphLV.exe

Filesize
6.0MB

MD5
1301c9e1d9579906e9f3b00550a1eabe

SHA1
c78a31c4927a2c6ccd5d74cc7387da2befc8a811

SHA256
be5be08dffda3e56277774654b24b27e382a2b88a1c005ba4d5cdcb76d8bd49c

SHA512
5b7790653f89dbf5b577e89e0a19b6677daaf1a787992ed6e6adf3db2aec0baddcf1cc69f3200a15c594d6f9fd2701a72de29c54e52f79a7b6752941f159fae9

Download Submit
C:\Windows\system\vYYHamY.exe

Filesize
6.0MB

MD5
8d9ea6dc66c2dc1e542d7c43a15c1978

SHA1
95c28a39f0f26e7ebc472283b64520567bf96445

SHA256
7690a4723504a85906145967a5ca2a463cea46a3ad11509adf56c23a438d8568

SHA512
c50dd8ca686bf8ce7c37f9ff399b432caab73d92ddc529ca371510f478d58e8a9317f0b2dc94cec0dc1a34e1b9fc66181a9fa3109ea4a4bf51623d5baa47291e

Download Submit
C:\Windows\system\yBtPbYd.exe

Filesize
6.0MB

MD5
91e06407666df76fad73b658f1767090

SHA1
cf6e554e42f7bcf2bc287ae2c44e41557286150f

SHA256
fecfe3d2f8dfbad14ff8e96adcafd4b22a667a2e282817d643efe6cdb0ca4582

SHA512
9a286133716a8f7f524651c8c051e4d99e88ac584f9580f31d834e2e9a62dc9f2bdac191a7161e0c9dec279c2dabb2f7e6dde56af16718d13095b8a0d5b7e9a8

Download Submit
\Windows\system\EcpUCnR.exe

Filesize
6.0MB

MD5
2c9c786fd009294a9304c7998d695ffc

SHA1
d9c8e51e66c66dc6e6ea6d45ccdf6fb9e74631d8

SHA256
6dbd7e0a666d5eb7f79ce8e0f029a67f6f460e9826c467622fd2e1a7e7f61eaa

SHA512
a36c76422c7b6e31514c5d91de683569140182aadbf703243482ecbe1e650029849410e06ad8531077e42073effc52f9a6da66b16af5480e0efe34063eed3c95

Download Submit
\Windows\system\FZlzFkL.exe

Filesize
6.0MB

MD5
8b8075c095bcf7309ff1441830008ba0

SHA1
e10160483b104e6c59452d95de94311b096dee47

SHA256
6b955a2dc03f07d7a3e1a4b24c5d8111c53984a342a9dcaea23387f2302a70eb

SHA512
1c7a8d73e17bfb10230771b73bb9d641fdf31ca4f415f5e013a3d436bfc517facc319516a34270995b41369fddb76963f3fdad91ec87304678cab56de8ab83d9

Download Submit
\Windows\system\UeUogBi.exe

Filesize
6.0MB

MD5
5207376e7a61c87eeceb2fa6444f9448

SHA1
be024159ac69eb62fd831519ac9e6877751e480a

SHA256
bd50819c0bc76811a1d8bf8a910c126b8d76ab96fa090d47e89027c7684ea4c8

SHA512
4edc93042cad7619a4ada74751166740cd5aa8a2c03de26a49d02444600ed1f788ed781d66f18a985169c628324a0334a88d7be0dfc5a477136e28c99da9fb2b

Download Submit
\Windows\system\qjujTab.exe

Filesize
6.0MB

MD5
b01d85ff3b90f213e448f693c0f8e527

SHA1
031766988ef88f47e40fc0cf23c3d10483547f0b

SHA256
5264c7d56568909ba692cf4a15d10567b5a0bc811addb1f94eceb15d0a1c31da

SHA512
91f34e6c46895ec6ab43015cdac6968dd6e2fc75f6c3c21e8bd5652e875a324f4501bc78fd2c916b5fa0ee8bcd0b80a4e9495bb7cde0a3e279b307348e9ff541

Download Submit
memory/1080-2457-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1080-3893-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-3895-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/1620-2465-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2220-3910-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-2463-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-2450-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2404-2474-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2404-2421-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2404-0-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2404-3918-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2404-2453-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1864-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2404-2456-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-2313-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2404-2458-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2404-2466-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2404-2082-0x00000000022B0000-0x0000000002604000-memory.dmp

Filesize
3.3MB

Download
memory/2556-2452-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2556-3892-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-3915-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2295-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-2449-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-3914-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-3902-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2604-2455-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2712-1857-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3919-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-3897-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2776-2472-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3894-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2780-2419-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2976-3896-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2976-2078-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download