cobaltstrike | 60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-12-2024 20:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
Size

6.0MB
MD5

1fc04f75dc9abe99ad7445845a3e7218
SHA1

1054bc9172e07a218cb211ac7dc5e7f829d346d4
SHA256

60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5
SHA512

4f103f21e04b90f763b860f34a669ade7c269605015134d95795db7959ba7e729d7d7ceb8df38dcd6552fe654db0333539a71a8c2d9e764922666f263ea56b95
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUf:eOl56utgpPF8u/7f

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012115-6.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193c4-8.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193d9-10.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019401-24.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019403-34.dat	cobalt_reflective_dll
behavioral1/files/0x0032000000019382-38.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001942f-47.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019441-55.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001947e-64.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001967d-69.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196be-82.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c48-107.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c43-104.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998a-94.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196f6-88.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c4a-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c63-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d2d-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d54-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db5-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dc1-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019faf-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fc9-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a078-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a08b-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a441-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a443-194.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a43f-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a354-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a43d-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a311-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b3-168.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2644-0-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/files/0x0007000000012115-6.dat	xmrig
behavioral1/files/0x00070000000193c4-8.dat	xmrig
behavioral1/files/0x00070000000193d9-10.dat	xmrig
behavioral1/memory/1044-23-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2780-20-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2644-12-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019401-24.dat	xmrig
behavioral1/memory/2692-17-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019403-34.dat	xmrig
behavioral1/memory/2536-37-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/files/0x0032000000019382-38.dat	xmrig
behavioral1/memory/2824-30-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2644-40-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/files/0x000600000001942f-47.dat	xmrig
behavioral1/memory/2432-46-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2692-43-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/1048-54-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/files/0x0008000000019441-55.dat	xmrig
behavioral1/memory/1600-60-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/files/0x000800000001947e-64.dat	xmrig
behavioral1/memory/2832-68-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/files/0x000600000001967d-69.dat	xmrig
behavioral1/files/0x00050000000196be-82.dat	xmrig
behavioral1/memory/2216-90-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/1600-105-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/1532-106-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c48-107.dat	xmrig
behavioral1/files/0x0005000000019c43-104.dat	xmrig
behavioral1/memory/1996-97-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/files/0x000500000001998a-94.dat	xmrig
behavioral1/files/0x00050000000196f6-88.dat	xmrig
behavioral1/memory/1856-87-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2432-86-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2376-109-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2376-80-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c4a-115.dat	xmrig
behavioral1/files/0x0005000000019c63-120.dat	xmrig
behavioral1/files/0x0005000000019d2d-126.dat	xmrig
behavioral1/files/0x0005000000019d54-129.dat	xmrig
behavioral1/files/0x0005000000019db5-136.dat	xmrig
behavioral1/files/0x0005000000019dc1-140.dat	xmrig
behavioral1/files/0x0005000000019faf-146.dat	xmrig
behavioral1/files/0x0005000000019fc9-152.dat	xmrig
behavioral1/files/0x000500000001a078-157.dat	xmrig
behavioral1/memory/2216-160-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/files/0x000500000001a08b-163.dat	xmrig
behavioral1/files/0x000500000001a441-190.dat	xmrig
behavioral1/files/0x000500000001a443-194.dat	xmrig
behavioral1/memory/1996-276-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/files/0x000500000001a43f-188.dat	xmrig
behavioral1/files/0x000500000001a354-178.dat	xmrig
behavioral1/files/0x000500000001a43d-183.dat	xmrig
behavioral1/files/0x000500000001a311-173.dat	xmrig
behavioral1/files/0x000500000001a0b3-168.dat	xmrig
behavioral1/memory/1532-856-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2780-3379-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/1044-3378-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2536-3381-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/1048-3380-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/1532-3801-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/1996-3800-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2432-3799-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2824-3798-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2780	xOFHFii.exe
2692	hIFYBDO.exe
1044	IWcUCmL.exe
2824	zqBhreG.exe
2536	VAMVBGt.exe
2432	mCWljkT.exe
1048	mbwwXRe.exe
1600	FMEKTXY.exe
2832	zGeofKo.exe
2376	AGOyYGb.exe
1856	MXLtppP.exe
2216	VoHThvS.exe
1996	rrtTNVs.exe
1532	fJoJkug.exe
2424	SeszSeP.exe
2264	WVSHhdb.exe
2428	CRCUoew.exe
536	jnYdidK.exe
1680	CGmtRtj.exe
2864	aoewBYJ.exe
2880	RykKAny.exe
2972	rgKxyxN.exe
2620	FPqGPun.exe
2248	zmjCLoz.exe
3032	AdMfawG.exe
2408	jyylqPM.exe
812	TzGVEFw.exe
956	ELsihOW.exe
1256	WvWzlsQ.exe
2288	yKUsRfQ.exe
992	IUZgRYw.exe
2268	JInqAKv.exe
1748	wldvlHZ.exe
1552	UaGEJdR.exe
1360	mNKRobm.exe
1512	hNTwpyy.exe
1548	ysrWCCu.exe
1592	myDGPMg.exe
608	mYWFCSd.exe
2508	AyMEQQs.exe
2104	qyjUuPI.exe
2412	ffZOkwW.exe
2076	EMSWTZC.exe
2892	inWGJlL.exe
1752	yzSbJCF.exe
352	ZxMFWRc.exe
900	suhmDJO.exe
108	PfEVlWP.exe
1744	KwmwuIb.exe
880	qlBUHhy.exe
2904	ZbFTimU.exe
2764	mshgcay.exe
3004	HXoVMZV.exe
2760	ZEsmiuO.exe
2736	RoKndBJ.exe
2748	FOrPJHT.exe
2708	GcKaCIT.exe
2568	fmpehiU.exe
2852	PIWkYzg.exe
2656	zpHItgk.exe
576	xoqakkl.exe
2704	tPWyIcD.exe
2612	YYLaiov.exe
636	yJWhcPl.exe

Loads dropped DLL 64 IoCs

pid	Process
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2644-0-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/files/0x0007000000012115-6.dat	upx
behavioral1/files/0x00070000000193c4-8.dat	upx
behavioral1/files/0x00070000000193d9-10.dat	upx
behavioral1/memory/1044-23-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2780-20-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x0006000000019401-24.dat	upx
behavioral1/memory/2692-17-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/files/0x0006000000019403-34.dat	upx
behavioral1/memory/2536-37-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/files/0x0032000000019382-38.dat	upx
behavioral1/memory/2824-30-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2644-40-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/files/0x000600000001942f-47.dat	upx
behavioral1/memory/2432-46-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2692-43-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/1048-54-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/files/0x0008000000019441-55.dat	upx
behavioral1/memory/1600-60-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/files/0x000800000001947e-64.dat	upx
behavioral1/memory/2832-68-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/files/0x000600000001967d-69.dat	upx
behavioral1/files/0x00050000000196be-82.dat	upx
behavioral1/memory/2216-90-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/1600-105-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/1532-106-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/files/0x0005000000019c48-107.dat	upx
behavioral1/files/0x0005000000019c43-104.dat	upx
behavioral1/memory/1996-97-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/files/0x000500000001998a-94.dat	upx
behavioral1/files/0x00050000000196f6-88.dat	upx
behavioral1/memory/1856-87-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2432-86-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2376-109-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2376-80-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/files/0x0005000000019c4a-115.dat	upx
behavioral1/files/0x0005000000019c63-120.dat	upx
behavioral1/files/0x0005000000019d2d-126.dat	upx
behavioral1/files/0x0005000000019d54-129.dat	upx
behavioral1/files/0x0005000000019db5-136.dat	upx
behavioral1/files/0x0005000000019dc1-140.dat	upx
behavioral1/files/0x0005000000019faf-146.dat	upx
behavioral1/files/0x0005000000019fc9-152.dat	upx
behavioral1/files/0x000500000001a078-157.dat	upx
behavioral1/memory/2216-160-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/files/0x000500000001a08b-163.dat	upx
behavioral1/files/0x000500000001a441-190.dat	upx
behavioral1/files/0x000500000001a443-194.dat	upx
behavioral1/memory/1996-276-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/files/0x000500000001a43f-188.dat	upx
behavioral1/files/0x000500000001a354-178.dat	upx
behavioral1/files/0x000500000001a43d-183.dat	upx
behavioral1/files/0x000500000001a311-173.dat	upx
behavioral1/files/0x000500000001a0b3-168.dat	upx
behavioral1/memory/1532-856-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2780-3379-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/1044-3378-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2536-3381-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/1048-3380-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/1532-3801-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/1996-3800-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2432-3799-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2824-3798-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2692-3797-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\AkAwJce.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\eRkFsOI.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\bOTqeNc.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\PpsgrYE.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\jsHNXBh.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\YyfmdYl.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\MmoeZaO.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\VUSLdom.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\EkQrzPB.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\GAwvKAp.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\oOVDlcB.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\cceNGpw.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\YYLaiov.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\BeeQTQS.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\lOgDegt.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\gSqOAts.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\emIvPkY.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\cQiuXRV.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\tDLvHth.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\xLNcVgd.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\klfopAz.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\qJAMuDl.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\vMhcMuJ.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\TgMZxgB.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\sOpXSqc.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\LDPmpul.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\kArTVyU.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\jyylqPM.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\HmIoTMF.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\WlTFxXo.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\hZFyGaG.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\GGSejqx.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\FDWemEN.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\qZJaXhJ.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\hXfcWbB.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\raQPVZl.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\yMqgfYh.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\XZCqfvA.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\ZgNkOeD.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\lEXNOFh.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\EAYQmIY.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\xQblcvU.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\szWdtSo.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\imEMeMX.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\pYjfYca.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\QBLyTyX.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\uDNHeVM.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\KLFcdvQ.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\atyCRfh.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\NmYbUmg.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\PfEVlWP.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\gKwQkDI.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\DtRIEwO.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\HUAWGla.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\SHafVgF.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\jayMaqK.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\cMKfmVJ.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\prDbfRY.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\mToOOHo.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\LpngErm.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\KdSRtxp.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\rQCastn.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\lGHuKZr.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
File created	C:\Windows\System\PjlnGaN.exe	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2780	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	31
PID 2644 wrote to memory of 2780	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	31
PID 2644 wrote to memory of 2780	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	31
PID 2644 wrote to memory of 2692	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	32
PID 2644 wrote to memory of 2692	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	32
PID 2644 wrote to memory of 2692	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	32
PID 2644 wrote to memory of 1044	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	33
PID 2644 wrote to memory of 1044	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	33
PID 2644 wrote to memory of 1044	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	33
PID 2644 wrote to memory of 2824	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	34
PID 2644 wrote to memory of 2824	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	34
PID 2644 wrote to memory of 2824	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	34
PID 2644 wrote to memory of 2536	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	35
PID 2644 wrote to memory of 2536	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	35
PID 2644 wrote to memory of 2536	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	35
PID 2644 wrote to memory of 2432	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	36
PID 2644 wrote to memory of 2432	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	36
PID 2644 wrote to memory of 2432	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	36
PID 2644 wrote to memory of 1048	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	37
PID 2644 wrote to memory of 1048	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	37
PID 2644 wrote to memory of 1048	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	37
PID 2644 wrote to memory of 1600	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	38
PID 2644 wrote to memory of 1600	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	38
PID 2644 wrote to memory of 1600	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	38
PID 2644 wrote to memory of 2832	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	39
PID 2644 wrote to memory of 2832	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	39
PID 2644 wrote to memory of 2832	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	39
PID 2644 wrote to memory of 2376	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	40
PID 2644 wrote to memory of 2376	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	40
PID 2644 wrote to memory of 2376	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	40
PID 2644 wrote to memory of 1856	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	41
PID 2644 wrote to memory of 1856	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	41
PID 2644 wrote to memory of 1856	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	41
PID 2644 wrote to memory of 2216	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	42
PID 2644 wrote to memory of 2216	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	42
PID 2644 wrote to memory of 2216	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	42
PID 2644 wrote to memory of 1996	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	43
PID 2644 wrote to memory of 1996	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	43
PID 2644 wrote to memory of 1996	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	43
PID 2644 wrote to memory of 1532	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	44
PID 2644 wrote to memory of 1532	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	44
PID 2644 wrote to memory of 1532	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	44
PID 2644 wrote to memory of 2424	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	45
PID 2644 wrote to memory of 2424	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	45
PID 2644 wrote to memory of 2424	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	45
PID 2644 wrote to memory of 2264	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	46
PID 2644 wrote to memory of 2264	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	46
PID 2644 wrote to memory of 2264	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	46
PID 2644 wrote to memory of 2428	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	47
PID 2644 wrote to memory of 2428	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	47
PID 2644 wrote to memory of 2428	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	47
PID 2644 wrote to memory of 536	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	48
PID 2644 wrote to memory of 536	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	48
PID 2644 wrote to memory of 536	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	48
PID 2644 wrote to memory of 1680	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	49
PID 2644 wrote to memory of 1680	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	49
PID 2644 wrote to memory of 1680	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	49
PID 2644 wrote to memory of 2864	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	50
PID 2644 wrote to memory of 2864	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	50
PID 2644 wrote to memory of 2864	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	50
PID 2644 wrote to memory of 2880	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	51
PID 2644 wrote to memory of 2880	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	51
PID 2644 wrote to memory of 2880	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	51
PID 2644 wrote to memory of 2972	2644	JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_60b05400158781495198e527eb4801f2e68edd6b471715946413155246adcfe5.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Windows\System\xOFHFii.exe
  C:\Windows\System\xOFHFii.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\hIFYBDO.exe
  C:\Windows\System\hIFYBDO.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\IWcUCmL.exe
  C:\Windows\System\IWcUCmL.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\zqBhreG.exe
  C:\Windows\System\zqBhreG.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\VAMVBGt.exe
  C:\Windows\System\VAMVBGt.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\mCWljkT.exe
  C:\Windows\System\mCWljkT.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\mbwwXRe.exe
  C:\Windows\System\mbwwXRe.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\FMEKTXY.exe
  C:\Windows\System\FMEKTXY.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\zGeofKo.exe
  C:\Windows\System\zGeofKo.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\AGOyYGb.exe
  C:\Windows\System\AGOyYGb.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\MXLtppP.exe
  C:\Windows\System\MXLtppP.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\VoHThvS.exe
  C:\Windows\System\VoHThvS.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\rrtTNVs.exe
  C:\Windows\System\rrtTNVs.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\fJoJkug.exe
  C:\Windows\System\fJoJkug.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\SeszSeP.exe
  C:\Windows\System\SeszSeP.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\WVSHhdb.exe
  C:\Windows\System\WVSHhdb.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\CRCUoew.exe
  C:\Windows\System\CRCUoew.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\jnYdidK.exe
  C:\Windows\System\jnYdidK.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\CGmtRtj.exe
  C:\Windows\System\CGmtRtj.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\aoewBYJ.exe
  C:\Windows\System\aoewBYJ.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\RykKAny.exe
  C:\Windows\System\RykKAny.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\rgKxyxN.exe
  C:\Windows\System\rgKxyxN.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\FPqGPun.exe
  C:\Windows\System\FPqGPun.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\zmjCLoz.exe
  C:\Windows\System\zmjCLoz.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\AdMfawG.exe
  C:\Windows\System\AdMfawG.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\jyylqPM.exe
  C:\Windows\System\jyylqPM.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\TzGVEFw.exe
  C:\Windows\System\TzGVEFw.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\ELsihOW.exe
  C:\Windows\System\ELsihOW.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\WvWzlsQ.exe
  C:\Windows\System\WvWzlsQ.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\yKUsRfQ.exe
  C:\Windows\System\yKUsRfQ.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\IUZgRYw.exe
  C:\Windows\System\IUZgRYw.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\JInqAKv.exe
  C:\Windows\System\JInqAKv.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\wldvlHZ.exe
  C:\Windows\System\wldvlHZ.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\UaGEJdR.exe
  C:\Windows\System\UaGEJdR.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\mNKRobm.exe
  C:\Windows\System\mNKRobm.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\hNTwpyy.exe
  C:\Windows\System\hNTwpyy.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\ysrWCCu.exe
  C:\Windows\System\ysrWCCu.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\myDGPMg.exe
  C:\Windows\System\myDGPMg.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\mYWFCSd.exe
  C:\Windows\System\mYWFCSd.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\AyMEQQs.exe
  C:\Windows\System\AyMEQQs.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\qyjUuPI.exe
  C:\Windows\System\qyjUuPI.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\ffZOkwW.exe
  C:\Windows\System\ffZOkwW.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\EMSWTZC.exe
  C:\Windows\System\EMSWTZC.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\inWGJlL.exe
  C:\Windows\System\inWGJlL.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\yzSbJCF.exe
  C:\Windows\System\yzSbJCF.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\ZxMFWRc.exe
  C:\Windows\System\ZxMFWRc.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\suhmDJO.exe
  C:\Windows\System\suhmDJO.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\PfEVlWP.exe
  C:\Windows\System\PfEVlWP.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\KwmwuIb.exe
  C:\Windows\System\KwmwuIb.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\qlBUHhy.exe
  C:\Windows\System\qlBUHhy.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\ZbFTimU.exe
  C:\Windows\System\ZbFTimU.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\mshgcay.exe
  C:\Windows\System\mshgcay.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\HXoVMZV.exe
  C:\Windows\System\HXoVMZV.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\ZEsmiuO.exe
  C:\Windows\System\ZEsmiuO.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\RoKndBJ.exe
  C:\Windows\System\RoKndBJ.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\FOrPJHT.exe
  C:\Windows\System\FOrPJHT.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\GcKaCIT.exe
  C:\Windows\System\GcKaCIT.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\fmpehiU.exe
  C:\Windows\System\fmpehiU.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\PIWkYzg.exe
  C:\Windows\System\PIWkYzg.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\zpHItgk.exe
  C:\Windows\System\zpHItgk.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\xoqakkl.exe
  C:\Windows\System\xoqakkl.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\tPWyIcD.exe
  C:\Windows\System\tPWyIcD.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\YYLaiov.exe
  C:\Windows\System\YYLaiov.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\UrSzkdF.exe
  C:\Windows\System\UrSzkdF.exe
  2⤵
  PID:2152
- C:\Windows\System\yJWhcPl.exe
  C:\Windows\System\yJWhcPl.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\svgwJhW.exe
  C:\Windows\System\svgwJhW.exe
  2⤵
  PID:1652
- C:\Windows\System\kIRqnKI.exe
  C:\Windows\System\kIRqnKI.exe
  2⤵
  PID:800
- C:\Windows\System\XRurrpb.exe
  C:\Windows\System\XRurrpb.exe
  2⤵
  PID:2936
- C:\Windows\System\SuuqaXr.exe
  C:\Windows\System\SuuqaXr.exe
  2⤵
  PID:2920
- C:\Windows\System\BeeQTQS.exe
  C:\Windows\System\BeeQTQS.exe
  2⤵
  PID:1520
- C:\Windows\System\dAMWtOV.exe
  C:\Windows\System\dAMWtOV.exe
  2⤵
  PID:2256
- C:\Windows\System\sKXfPBf.exe
  C:\Windows\System\sKXfPBf.exe
  2⤵
  PID:1504
- C:\Windows\System\agLSDfv.exe
  C:\Windows\System\agLSDfv.exe
  2⤵
  PID:2592
- C:\Windows\System\UsVWqZP.exe
  C:\Windows\System\UsVWqZP.exe
  2⤵
  PID:2724
- C:\Windows\System\LcVDsqJ.exe
  C:\Windows\System\LcVDsqJ.exe
  2⤵
  PID:2176
- C:\Windows\System\ClVFAiQ.exe
  C:\Windows\System\ClVFAiQ.exe
  2⤵
  PID:1684
- C:\Windows\System\VLnOayr.exe
  C:\Windows\System\VLnOayr.exe
  2⤵
  PID:1148
- C:\Windows\System\NjnEJhy.exe
  C:\Windows\System\NjnEJhy.exe
  2⤵
  PID:1904
- C:\Windows\System\BEtrDxc.exe
  C:\Windows\System\BEtrDxc.exe
  2⤵
  PID:112
- C:\Windows\System\KBkNbSy.exe
  C:\Windows\System\KBkNbSy.exe
  2⤵
  PID:2512
- C:\Windows\System\LjxkrEm.exe
  C:\Windows\System\LjxkrEm.exe
  2⤵
  PID:1696
- C:\Windows\System\gKNJLJV.exe
  C:\Windows\System\gKNJLJV.exe
  2⤵
  PID:2940
- C:\Windows\System\deDmqnV.exe
  C:\Windows\System\deDmqnV.exe
  2⤵
  PID:1668
- C:\Windows\System\hjbKYqG.exe
  C:\Windows\System\hjbKYqG.exe
  2⤵
  PID:444
- C:\Windows\System\SfXuRnG.exe
  C:\Windows\System\SfXuRnG.exe
  2⤵
  PID:2404
- C:\Windows\System\cnVbbNy.exe
  C:\Windows\System\cnVbbNy.exe
  2⤵
  PID:1660
- C:\Windows\System\NzgSkRV.exe
  C:\Windows\System\NzgSkRV.exe
  2⤵
  PID:868
- C:\Windows\System\glUEAVp.exe
  C:\Windows\System\glUEAVp.exe
  2⤵
  PID:1112
- C:\Windows\System\uqwpsut.exe
  C:\Windows\System\uqwpsut.exe
  2⤵
  PID:1616
- C:\Windows\System\iRgqzGJ.exe
  C:\Windows\System\iRgqzGJ.exe
  2⤵
  PID:2072
- C:\Windows\System\QmocJrr.exe
  C:\Windows\System\QmocJrr.exe
  2⤵
  PID:1524
- C:\Windows\System\iIYAeWI.exe
  C:\Windows\System\iIYAeWI.exe
  2⤵
  PID:2500
- C:\Windows\System\iPWSsQi.exe
  C:\Windows\System\iPWSsQi.exe
  2⤵
  PID:1956
- C:\Windows\System\WcVTDjK.exe
  C:\Windows\System\WcVTDjK.exe
  2⤵
  PID:1312
- C:\Windows\System\ccVuHTc.exe
  C:\Windows\System\ccVuHTc.exe
  2⤵
  PID:1800
- C:\Windows\System\JgmgbZE.exe
  C:\Windows\System\JgmgbZE.exe
  2⤵
  PID:2236
- C:\Windows\System\MOMXXrD.exe
  C:\Windows\System\MOMXXrD.exe
  2⤵
  PID:2092
- C:\Windows\System\wXrblrO.exe
  C:\Windows\System\wXrblrO.exe
  2⤵
  PID:1336
- C:\Windows\System\eCCmnQX.exe
  C:\Windows\System\eCCmnQX.exe
  2⤵
  PID:1724
- C:\Windows\System\QSiglwB.exe
  C:\Windows\System\QSiglwB.exe
  2⤵
  PID:1192
- C:\Windows\System\BqxImqq.exe
  C:\Windows\System\BqxImqq.exe
  2⤵
  PID:1808
- C:\Windows\System\ZYVkXDy.exe
  C:\Windows\System\ZYVkXDy.exe
  2⤵
  PID:2952
- C:\Windows\System\GBqXLYR.exe
  C:\Windows\System\GBqXLYR.exe
  2⤵
  PID:1544
- C:\Windows\System\LspYImz.exe
  C:\Windows\System\LspYImz.exe
  2⤵
  PID:2660
- C:\Windows\System\LcAbAlI.exe
  C:\Windows\System\LcAbAlI.exe
  2⤵
  PID:2552
- C:\Windows\System\uyoDWBM.exe
  C:\Windows\System\uyoDWBM.exe
  2⤵
  PID:2996
- C:\Windows\System\MmNZcoq.exe
  C:\Windows\System\MmNZcoq.exe
  2⤵
  PID:2636
- C:\Windows\System\doXIrpe.exe
  C:\Windows\System\doXIrpe.exe
  2⤵
  PID:2328
- C:\Windows\System\BbulfwD.exe
  C:\Windows\System\BbulfwD.exe
  2⤵
  PID:1972
- C:\Windows\System\JTrhRVr.exe
  C:\Windows\System\JTrhRVr.exe
  2⤵
  PID:1672
- C:\Windows\System\XlUAWDG.exe
  C:\Windows\System\XlUAWDG.exe
  2⤵
  PID:2172
- C:\Windows\System\acLtbJE.exe
  C:\Windows\System\acLtbJE.exe
  2⤵
  PID:616
- C:\Windows\System\SALfONr.exe
  C:\Windows\System\SALfONr.exe
  2⤵
  PID:2312
- C:\Windows\System\PjlnGaN.exe
  C:\Windows\System\PjlnGaN.exe
  2⤵
  PID:2848
- C:\Windows\System\kPdnkAS.exe
  C:\Windows\System\kPdnkAS.exe
  2⤵
  PID:2324
- C:\Windows\System\UlfMzLW.exe
  C:\Windows\System\UlfMzLW.exe
  2⤵
  PID:1664
- C:\Windows\System\CtQDNfn.exe
  C:\Windows\System\CtQDNfn.exe
  2⤵
  PID:2300
- C:\Windows\System\QJoeHZi.exe
  C:\Windows\System\QJoeHZi.exe
  2⤵
  PID:1864
- C:\Windows\System\ucsEIRk.exe
  C:\Windows\System\ucsEIRk.exe
  2⤵
  PID:2128
- C:\Windows\System\yMqgfYh.exe
  C:\Windows\System\yMqgfYh.exe
  2⤵
  PID:380
- C:\Windows\System\khRoiQq.exe
  C:\Windows\System\khRoiQq.exe
  2⤵
  PID:1580
- C:\Windows\System\oLclCDP.exe
  C:\Windows\System\oLclCDP.exe
  2⤵
  PID:2464
- C:\Windows\System\CkhZsSQ.exe
  C:\Windows\System\CkhZsSQ.exe
  2⤵
  PID:1940
- C:\Windows\System\eFsCYFu.exe
  C:\Windows\System\eFsCYFu.exe
  2⤵
  PID:540
- C:\Windows\System\CERVAsn.exe
  C:\Windows\System\CERVAsn.exe
  2⤵
  PID:1980
- C:\Windows\System\dgMkJlF.exe
  C:\Windows\System\dgMkJlF.exe
  2⤵
  PID:3080
- C:\Windows\System\jVYHhHp.exe
  C:\Windows\System\jVYHhHp.exe
  2⤵
  PID:3100
- C:\Windows\System\anajiqI.exe
  C:\Windows\System\anajiqI.exe
  2⤵
  PID:3116
- C:\Windows\System\pkSrnPy.exe
  C:\Windows\System\pkSrnPy.exe
  2⤵
  PID:3132
- C:\Windows\System\YPMqfDf.exe
  C:\Windows\System\YPMqfDf.exe
  2⤵
  PID:3160
- C:\Windows\System\QYYHzfA.exe
  C:\Windows\System\QYYHzfA.exe
  2⤵
  PID:3180
- C:\Windows\System\CkqyMSJ.exe
  C:\Windows\System\CkqyMSJ.exe
  2⤵
  PID:3196
- C:\Windows\System\HmRxiJh.exe
  C:\Windows\System\HmRxiJh.exe
  2⤵
  PID:3212
- C:\Windows\System\IjJhwxL.exe
  C:\Windows\System\IjJhwxL.exe
  2⤵
  PID:3228
- C:\Windows\System\yZbkcNC.exe
  C:\Windows\System\yZbkcNC.exe
  2⤵
  PID:3244
- C:\Windows\System\cPuzcvT.exe
  C:\Windows\System\cPuzcvT.exe
  2⤵
  PID:3260
- C:\Windows\System\oOTOfTL.exe
  C:\Windows\System\oOTOfTL.exe
  2⤵
  PID:3276
- C:\Windows\System\BRVowUQ.exe
  C:\Windows\System\BRVowUQ.exe
  2⤵
  PID:3292
- C:\Windows\System\qbdzdnI.exe
  C:\Windows\System\qbdzdnI.exe
  2⤵
  PID:3308
- C:\Windows\System\CXSsUWU.exe
  C:\Windows\System\CXSsUWU.exe
  2⤵
  PID:3324
- C:\Windows\System\JmrQCXi.exe
  C:\Windows\System\JmrQCXi.exe
  2⤵
  PID:3340
- C:\Windows\System\NpdwWhC.exe
  C:\Windows\System\NpdwWhC.exe
  2⤵
  PID:3356
- C:\Windows\System\HKmlmXn.exe
  C:\Windows\System\HKmlmXn.exe
  2⤵
  PID:3372
- C:\Windows\System\OTrnMbd.exe
  C:\Windows\System\OTrnMbd.exe
  2⤵
  PID:3388
- C:\Windows\System\bkAZgMA.exe
  C:\Windows\System\bkAZgMA.exe
  2⤵
  PID:3412
- C:\Windows\System\QTkgjCt.exe
  C:\Windows\System\QTkgjCt.exe
  2⤵
  PID:3428
- C:\Windows\System\ApWClxH.exe
  C:\Windows\System\ApWClxH.exe
  2⤵
  PID:3452
- C:\Windows\System\mSPpsJh.exe
  C:\Windows\System\mSPpsJh.exe
  2⤵
  PID:3488
- C:\Windows\System\AjvNyiC.exe
  C:\Windows\System\AjvNyiC.exe
  2⤵
  PID:3508
- C:\Windows\System\zhKRBnR.exe
  C:\Windows\System\zhKRBnR.exe
  2⤵
  PID:3528
- C:\Windows\System\obiwxOx.exe
  C:\Windows\System\obiwxOx.exe
  2⤵
  PID:3548
- C:\Windows\System\ICORvSL.exe
  C:\Windows\System\ICORvSL.exe
  2⤵
  PID:3564
- C:\Windows\System\BvnkvXI.exe
  C:\Windows\System\BvnkvXI.exe
  2⤵
  PID:3580
- C:\Windows\System\lrwacRe.exe
  C:\Windows\System\lrwacRe.exe
  2⤵
  PID:3596
- C:\Windows\System\djjPdEt.exe
  C:\Windows\System\djjPdEt.exe
  2⤵
  PID:3624
- C:\Windows\System\XUxKgAP.exe
  C:\Windows\System\XUxKgAP.exe
  2⤵
  PID:3640
- C:\Windows\System\jqwpeIc.exe
  C:\Windows\System\jqwpeIc.exe
  2⤵
  PID:3656
- C:\Windows\System\UdnOexx.exe
  C:\Windows\System\UdnOexx.exe
  2⤵
  PID:3672
- C:\Windows\System\PsIKTpZ.exe
  C:\Windows\System\PsIKTpZ.exe
  2⤵
  PID:3692
- C:\Windows\System\OpLZVcl.exe
  C:\Windows\System\OpLZVcl.exe
  2⤵
  PID:3708
- C:\Windows\System\iLiIrVO.exe
  C:\Windows\System\iLiIrVO.exe
  2⤵
  PID:3728
- C:\Windows\System\sybFlBK.exe
  C:\Windows\System\sybFlBK.exe
  2⤵
  PID:3748
- C:\Windows\System\OtLfUAA.exe
  C:\Windows\System\OtLfUAA.exe
  2⤵
  PID:3772
- C:\Windows\System\PTUdmcW.exe
  C:\Windows\System\PTUdmcW.exe
  2⤵
  PID:3788
- C:\Windows\System\JvJFxlJ.exe
  C:\Windows\System\JvJFxlJ.exe
  2⤵
  PID:3804
- C:\Windows\System\WPbHovW.exe
  C:\Windows\System\WPbHovW.exe
  2⤵
  PID:3824
- C:\Windows\System\ACFSVFm.exe
  C:\Windows\System\ACFSVFm.exe
  2⤵
  PID:3844
- C:\Windows\System\XjznTkq.exe
  C:\Windows\System\XjznTkq.exe
  2⤵
  PID:3864
- C:\Windows\System\CSsHTFp.exe
  C:\Windows\System\CSsHTFp.exe
  2⤵
  PID:3880
- C:\Windows\System\pAhLfSa.exe
  C:\Windows\System\pAhLfSa.exe
  2⤵
  PID:3900
- C:\Windows\System\enGThEG.exe
  C:\Windows\System\enGThEG.exe
  2⤵
  PID:3916
- C:\Windows\System\tBJsBaW.exe
  C:\Windows\System\tBJsBaW.exe
  2⤵
  PID:3932
- C:\Windows\System\NkUroRu.exe
  C:\Windows\System\NkUroRu.exe
  2⤵
  PID:3948
- C:\Windows\System\aeVCgiv.exe
  C:\Windows\System\aeVCgiv.exe
  2⤵
  PID:3964
- C:\Windows\System\dtjsIwH.exe
  C:\Windows\System\dtjsIwH.exe
  2⤵
  PID:3984
- C:\Windows\System\ArnVvwd.exe
  C:\Windows\System\ArnVvwd.exe
  2⤵
  PID:4004
- C:\Windows\System\JDsSfkh.exe
  C:\Windows\System\JDsSfkh.exe
  2⤵
  PID:4020
- C:\Windows\System\APTyjLY.exe
  C:\Windows\System\APTyjLY.exe
  2⤵
  PID:4044
- C:\Windows\System\HkruhVo.exe
  C:\Windows\System\HkruhVo.exe
  2⤵
  PID:4064
- C:\Windows\System\FShSIZX.exe
  C:\Windows\System\FShSIZX.exe
  2⤵
  PID:4080
- C:\Windows\System\aBhMglw.exe
  C:\Windows\System\aBhMglw.exe
  2⤵
  PID:2456
- C:\Windows\System\zVLjZeQ.exe
  C:\Windows\System\zVLjZeQ.exe
  2⤵
  PID:1608
- C:\Windows\System\uAWWPHZ.exe
  C:\Windows\System\uAWWPHZ.exe
  2⤵
  PID:2116
- C:\Windows\System\vkzVEdL.exe
  C:\Windows\System\vkzVEdL.exe
  2⤵
  PID:3140
- C:\Windows\System\JaZzDBT.exe
  C:\Windows\System\JaZzDBT.exe
  2⤵
  PID:3156
- C:\Windows\System\hGEPJod.exe
  C:\Windows\System\hGEPJod.exe
  2⤵
  PID:3252
- C:\Windows\System\NqlhnxZ.exe
  C:\Windows\System\NqlhnxZ.exe
  2⤵
  PID:2352
- C:\Windows\System\VJERoUO.exe
  C:\Windows\System\VJERoUO.exe
  2⤵
  PID:3320
- C:\Windows\System\qSegGMo.exe
  C:\Windows\System\qSegGMo.exe
  2⤵
  PID:3384
- C:\Windows\System\NqNkbkF.exe
  C:\Windows\System\NqNkbkF.exe
  2⤵
  PID:3468
- C:\Windows\System\SbJKpsZ.exe
  C:\Windows\System\SbJKpsZ.exe
  2⤵
  PID:3484
- C:\Windows\System\xKUiHDq.exe
  C:\Windows\System\xKUiHDq.exe
  2⤵
  PID:3556
- C:\Windows\System\LknTXME.exe
  C:\Windows\System\LknTXME.exe
  2⤵
  PID:3592
- C:\Windows\System\YSSQrtO.exe
  C:\Windows\System\YSSQrtO.exe
  2⤵
  PID:3668
- C:\Windows\System\lOgDegt.exe
  C:\Windows\System\lOgDegt.exe
  2⤵
  PID:3740
- C:\Windows\System\TTyiVVt.exe
  C:\Windows\System\TTyiVVt.exe
  2⤵
  PID:3812
- C:\Windows\System\JgFEQXz.exe
  C:\Windows\System\JgFEQXz.exe
  2⤵
  PID:3852
- C:\Windows\System\JcdGpVh.exe
  C:\Windows\System\JcdGpVh.exe
  2⤵
  PID:1232
- C:\Windows\System\SKuAUjw.exe
  C:\Windows\System\SKuAUjw.exe
  2⤵
  PID:1964
- C:\Windows\System\MmoeZaO.exe
  C:\Windows\System\MmoeZaO.exe
  2⤵
  PID:1936
- C:\Windows\System\BYHKoMh.exe
  C:\Windows\System\BYHKoMh.exe
  2⤵
  PID:1476
- C:\Windows\System\rPjCQbk.exe
  C:\Windows\System\rPjCQbk.exe
  2⤵
  PID:2400
- C:\Windows\System\hBfXple.exe
  C:\Windows\System\hBfXple.exe
  2⤵
  PID:3924
- C:\Windows\System\gYHIQhV.exe
  C:\Windows\System\gYHIQhV.exe
  2⤵
  PID:4112
- C:\Windows\System\huUicZQ.exe
  C:\Windows\System\huUicZQ.exe
  2⤵
  PID:4132
- C:\Windows\System\sAztzQP.exe
  C:\Windows\System\sAztzQP.exe
  2⤵
  PID:4152
- C:\Windows\System\wovvtur.exe
  C:\Windows\System\wovvtur.exe
  2⤵
  PID:4168
- C:\Windows\System\DrsTEkE.exe
  C:\Windows\System\DrsTEkE.exe
  2⤵
  PID:4184
- C:\Windows\System\lNyDgCh.exe
  C:\Windows\System\lNyDgCh.exe
  2⤵
  PID:4200
- C:\Windows\System\GaImlzv.exe
  C:\Windows\System\GaImlzv.exe
  2⤵
  PID:4216
- C:\Windows\System\wKXMQCU.exe
  C:\Windows\System\wKXMQCU.exe
  2⤵
  PID:4232
- C:\Windows\System\SJTGRfV.exe
  C:\Windows\System\SJTGRfV.exe
  2⤵
  PID:4248
- C:\Windows\System\igNAFil.exe
  C:\Windows\System\igNAFil.exe
  2⤵
  PID:4264
- C:\Windows\System\kUDRDfK.exe
  C:\Windows\System\kUDRDfK.exe
  2⤵
  PID:4280
- C:\Windows\System\dXojnxz.exe
  C:\Windows\System\dXojnxz.exe
  2⤵
  PID:4296
- C:\Windows\System\ihqsJjh.exe
  C:\Windows\System\ihqsJjh.exe
  2⤵
  PID:4312
- C:\Windows\System\oYObeOi.exe
  C:\Windows\System\oYObeOi.exe
  2⤵
  PID:4328
- C:\Windows\System\JflyGkB.exe
  C:\Windows\System\JflyGkB.exe
  2⤵
  PID:4344
- C:\Windows\System\LSUUjGv.exe
  C:\Windows\System\LSUUjGv.exe
  2⤵
  PID:4360
- C:\Windows\System\DVtmKts.exe
  C:\Windows\System\DVtmKts.exe
  2⤵
  PID:4440
- C:\Windows\System\MjDQilh.exe
  C:\Windows\System\MjDQilh.exe
  2⤵
  PID:4792
- C:\Windows\System\YDwrKxi.exe
  C:\Windows\System\YDwrKxi.exe
  2⤵
  PID:4812
- C:\Windows\System\ckqXjRL.exe
  C:\Windows\System\ckqXjRL.exe
  2⤵
  PID:4828
- C:\Windows\System\jJlKZrd.exe
  C:\Windows\System\jJlKZrd.exe
  2⤵
  PID:4844
- C:\Windows\System\fJgajCL.exe
  C:\Windows\System\fJgajCL.exe
  2⤵
  PID:4864
- C:\Windows\System\AcvienV.exe
  C:\Windows\System\AcvienV.exe
  2⤵
  PID:4880
- C:\Windows\System\baSOodw.exe
  C:\Windows\System\baSOodw.exe
  2⤵
  PID:4900
- C:\Windows\System\vMhcMuJ.exe
  C:\Windows\System\vMhcMuJ.exe
  2⤵
  PID:4916
- C:\Windows\System\tSSujBp.exe
  C:\Windows\System\tSSujBp.exe
  2⤵
  PID:4936
- C:\Windows\System\GekLOOf.exe
  C:\Windows\System\GekLOOf.exe
  2⤵
  PID:4952
- C:\Windows\System\SjAyHDx.exe
  C:\Windows\System\SjAyHDx.exe
  2⤵
  PID:4968
- C:\Windows\System\QhEqlXh.exe
  C:\Windows\System\QhEqlXh.exe
  2⤵
  PID:4984
- C:\Windows\System\EAYQmIY.exe
  C:\Windows\System\EAYQmIY.exe
  2⤵
  PID:5000
- C:\Windows\System\JrgafLE.exe
  C:\Windows\System\JrgafLE.exe
  2⤵
  PID:5016
- C:\Windows\System\giQZoHe.exe
  C:\Windows\System\giQZoHe.exe
  2⤵
  PID:5032
- C:\Windows\System\lHmZbWd.exe
  C:\Windows\System\lHmZbWd.exe
  2⤵
  PID:5048
- C:\Windows\System\dsEgAek.exe
  C:\Windows\System\dsEgAek.exe
  2⤵
  PID:5064
- C:\Windows\System\HATTIud.exe
  C:\Windows\System\HATTIud.exe
  2⤵
  PID:5080
- C:\Windows\System\BpylEOK.exe
  C:\Windows\System\BpylEOK.exe
  2⤵
  PID:5096
- C:\Windows\System\AQxjCvd.exe
  C:\Windows\System\AQxjCvd.exe
  2⤵
  PID:5112
- C:\Windows\System\bfQaUtg.exe
  C:\Windows\System\bfQaUtg.exe
  2⤵
  PID:3956
- C:\Windows\System\epuUOUH.exe
  C:\Windows\System\epuUOUH.exe
  2⤵
  PID:4040
- C:\Windows\System\wMCoRHF.exe
  C:\Windows\System\wMCoRHF.exe
  2⤵
  PID:4000
- C:\Windows\System\ZfTZsun.exe
  C:\Windows\System\ZfTZsun.exe
  2⤵
  PID:3224
- C:\Windows\System\jowIfCR.exe
  C:\Windows\System\jowIfCR.exe
  2⤵
  PID:2228
- C:\Windows\System\gSqOAts.exe
  C:\Windows\System\gSqOAts.exe
  2⤵
  PID:3316
- C:\Windows\System\hMkCHzX.exe
  C:\Windows\System\hMkCHzX.exe
  2⤵
  PID:3520
- C:\Windows\System\pyuAPTh.exe
  C:\Windows\System\pyuAPTh.exe
  2⤵
  PID:3780
- C:\Windows\System\RXzIUCd.exe
  C:\Windows\System\RXzIUCd.exe
  2⤵
  PID:1984
- C:\Windows\System\rjKwvNL.exe
  C:\Windows\System\rjKwvNL.exe
  2⤵
  PID:2836
- C:\Windows\System\dHzURJs.exe
  C:\Windows\System\dHzURJs.exe
  2⤵
  PID:4140
- C:\Windows\System\amPVRFY.exe
  C:\Windows\System\amPVRFY.exe
  2⤵
  PID:4180
- C:\Windows\System\EmolQtR.exe
  C:\Windows\System\EmolQtR.exe
  2⤵
  PID:4244
- C:\Windows\System\nzGWxpz.exe
  C:\Windows\System\nzGWxpz.exe
  2⤵
  PID:4308
- C:\Windows\System\uNVdhjr.exe
  C:\Windows\System\uNVdhjr.exe
  2⤵
  PID:4368
- C:\Windows\System\Bzzoich.exe
  C:\Windows\System\Bzzoich.exe
  2⤵
  PID:1736
- C:\Windows\System\PDjzvsA.exe
  C:\Windows\System\PDjzvsA.exe
  2⤵
  PID:948
- C:\Windows\System\VyOpWDy.exe
  C:\Windows\System\VyOpWDy.exe
  2⤵
  PID:3400
- C:\Windows\System\WahGjMd.exe
  C:\Windows\System\WahGjMd.exe
  2⤵
  PID:3500
- C:\Windows\System\TeJjLWX.exe
  C:\Windows\System\TeJjLWX.exe
  2⤵
  PID:3616
- C:\Windows\System\MMLatMs.exe
  C:\Windows\System\MMLatMs.exe
  2⤵
  PID:3756
- C:\Windows\System\ogQkTjR.exe
  C:\Windows\System\ogQkTjR.exe
  2⤵
  PID:3796
- C:\Windows\System\YQFcMyc.exe
  C:\Windows\System\YQFcMyc.exe
  2⤵
  PID:3840
- C:\Windows\System\FerUoAg.exe
  C:\Windows\System\FerUoAg.exe
  2⤵
  PID:3940
- C:\Windows\System\IyXYmEZ.exe
  C:\Windows\System\IyXYmEZ.exe
  2⤵
  PID:3980
- C:\Windows\System\BATLDbs.exe
  C:\Windows\System\BATLDbs.exe
  2⤵
  PID:4056
- C:\Windows\System\BhiVLmv.exe
  C:\Windows\System\BhiVLmv.exe
  2⤵
  PID:2680
- C:\Windows\System\AqYWpOE.exe
  C:\Windows\System\AqYWpOE.exe
  2⤵
  PID:3152
- C:\Windows\System\lpeCdqG.exe
  C:\Windows\System\lpeCdqG.exe
  2⤵
  PID:3352
- C:\Windows\System\KPJcBBK.exe
  C:\Windows\System\KPJcBBK.exe
  2⤵
  PID:2744
- C:\Windows\System\sCjvoMV.exe
  C:\Windows\System\sCjvoMV.exe
  2⤵
  PID:3820
- C:\Windows\System\ZGPTKJG.exe
  C:\Windows\System\ZGPTKJG.exe
  2⤵
  PID:584
- C:\Windows\System\eHsWWez.exe
  C:\Windows\System\eHsWWez.exe
  2⤵
  PID:4120
- C:\Windows\System\QjyImke.exe
  C:\Windows\System\QjyImke.exe
  2⤵
  PID:4164
- C:\Windows\System\NsRCRAp.exe
  C:\Windows\System\NsRCRAp.exe
  2⤵
  PID:4228
- C:\Windows\System\ZQOTKrz.exe
  C:\Windows\System\ZQOTKrz.exe
  2⤵
  PID:4292
- C:\Windows\System\psFNiWQ.exe
  C:\Windows\System\psFNiWQ.exe
  2⤵
  PID:4356
- C:\Windows\System\QHMuTRx.exe
  C:\Windows\System\QHMuTRx.exe
  2⤵
  PID:3684
- C:\Windows\System\SLiLlqm.exe
  C:\Windows\System\SLiLlqm.exe
  2⤵
  PID:3608
- C:\Windows\System\wvnLGsu.exe
  C:\Windows\System\wvnLGsu.exe
  2⤵
  PID:3536
- C:\Windows\System\BKcEqHR.exe
  C:\Windows\System\BKcEqHR.exe
  2⤵
  PID:3436
- C:\Windows\System\lGENYzx.exe
  C:\Windows\System\lGENYzx.exe
  2⤵
  PID:3364
- C:\Windows\System\xQblcvU.exe
  C:\Windows\System\xQblcvU.exe
  2⤵
  PID:3300
- C:\Windows\System\FdEndLD.exe
  C:\Windows\System\FdEndLD.exe
  2⤵
  PID:3236
- C:\Windows\System\qyARwFy.exe
  C:\Windows\System\qyARwFy.exe
  2⤵
  PID:3168
- C:\Windows\System\oQQlqoM.exe
  C:\Windows\System\oQQlqoM.exe
  2⤵
  PID:3092
- C:\Windows\System\cYZkknj.exe
  C:\Windows\System\cYZkknj.exe
  2⤵
  PID:2932
- C:\Windows\System\tXdVQyF.exe
  C:\Windows\System\tXdVQyF.exe
  2⤵
  PID:1032
- C:\Windows\System\rSaOXhx.exe
  C:\Windows\System\rSaOXhx.exe
  2⤵
  PID:2876
- C:\Windows\System\GEmPbFl.exe
  C:\Windows\System\GEmPbFl.exe
  2⤵
  PID:1716
- C:\Windows\System\tiOBjKT.exe
  C:\Windows\System\tiOBjKT.exe
  2⤵
  PID:2668
- C:\Windows\System\jhCIbOy.exe
  C:\Windows\System\jhCIbOy.exe
  2⤵
  PID:1576
- C:\Windows\System\ijZJjZA.exe
  C:\Windows\System\ijZJjZA.exe
  2⤵
  PID:2976
- C:\Windows\System\lUNscry.exe
  C:\Windows\System\lUNscry.exe
  2⤵
  PID:1676
- C:\Windows\System\VUSLdom.exe
  C:\Windows\System\VUSLdom.exe
  2⤵
  PID:3048
- C:\Windows\System\xtCwhRX.exe
  C:\Windows\System\xtCwhRX.exe
  2⤵
  PID:4432
- C:\Windows\System\BqHySBE.exe
  C:\Windows\System\BqHySBE.exe
  2⤵
  PID:4456
- C:\Windows\System\CFYNhFm.exe
  C:\Windows\System\CFYNhFm.exe
  2⤵
  PID:4472
- C:\Windows\System\eWIBBbR.exe
  C:\Windows\System\eWIBBbR.exe
  2⤵
  PID:4488
- C:\Windows\System\egCLGYp.exe
  C:\Windows\System\egCLGYp.exe
  2⤵
  PID:4496
- C:\Windows\System\mFiQyYp.exe
  C:\Windows\System\mFiQyYp.exe
  2⤵
  PID:4520
- C:\Windows\System\mDMikgF.exe
  C:\Windows\System\mDMikgF.exe
  2⤵
  PID:4536
- C:\Windows\System\YhsLADr.exe
  C:\Windows\System\YhsLADr.exe
  2⤵
  PID:4552
- C:\Windows\System\AEYgfip.exe
  C:\Windows\System\AEYgfip.exe
  2⤵
  PID:4568
- C:\Windows\System\jaDoaMt.exe
  C:\Windows\System\jaDoaMt.exe
  2⤵
  PID:4584
- C:\Windows\System\ImGRMVB.exe
  C:\Windows\System\ImGRMVB.exe
  2⤵
  PID:4600
- C:\Windows\System\EGHynRN.exe
  C:\Windows\System\EGHynRN.exe
  2⤵
  PID:4616
- C:\Windows\System\nFMdulD.exe
  C:\Windows\System\nFMdulD.exe
  2⤵
  PID:4632
- C:\Windows\System\opEbXUC.exe
  C:\Windows\System\opEbXUC.exe
  2⤵
  PID:4648
- C:\Windows\System\PLZtPft.exe
  C:\Windows\System\PLZtPft.exe
  2⤵
  PID:4664
- C:\Windows\System\TcVeoNL.exe
  C:\Windows\System\TcVeoNL.exe
  2⤵
  PID:4680
- C:\Windows\System\rDSCZgu.exe
  C:\Windows\System\rDSCZgu.exe
  2⤵
  PID:4696
- C:\Windows\System\nVSVqsB.exe
  C:\Windows\System\nVSVqsB.exe
  2⤵
  PID:4712
- C:\Windows\System\WPywgnI.exe
  C:\Windows\System\WPywgnI.exe
  2⤵
  PID:4728
- C:\Windows\System\OdSSdJg.exe
  C:\Windows\System\OdSSdJg.exe
  2⤵
  PID:4744
- C:\Windows\System\prDbfRY.exe
  C:\Windows\System\prDbfRY.exe
  2⤵
  PID:4760
- C:\Windows\System\aUgaQee.exe
  C:\Windows\System\aUgaQee.exe
  2⤵
  PID:4776
- C:\Windows\System\jRGobdi.exe
  C:\Windows\System\jRGobdi.exe
  2⤵
  PID:4808
- C:\Windows\System\mIxpDoa.exe
  C:\Windows\System\mIxpDoa.exe
  2⤵
  PID:1204
- C:\Windows\System\xVXNAhm.exe
  C:\Windows\System\xVXNAhm.exe
  2⤵
  PID:4872
- C:\Windows\System\OrmBYtJ.exe
  C:\Windows\System\OrmBYtJ.exe
  2⤵
  PID:4876
- C:\Windows\System\HxnZghB.exe
  C:\Windows\System\HxnZghB.exe
  2⤵
  PID:4860
- C:\Windows\System\AJpozxs.exe
  C:\Windows\System\AJpozxs.exe
  2⤵
  PID:4924
- C:\Windows\System\yqkpiGy.exe
  C:\Windows\System\yqkpiGy.exe
  2⤵
  PID:4960
- C:\Windows\System\gqHXMOB.exe
  C:\Windows\System\gqHXMOB.exe
  2⤵
  PID:4992
- C:\Windows\System\uFWghXj.exe
  C:\Windows\System\uFWghXj.exe
  2⤵
  PID:5024
- C:\Windows\System\lhvKlsJ.exe
  C:\Windows\System\lhvKlsJ.exe
  2⤵
  PID:5056
- C:\Windows\System\zpAZCau.exe
  C:\Windows\System\zpAZCau.exe
  2⤵
  PID:5088
- C:\Windows\System\mtGuwyW.exe
  C:\Windows\System\mtGuwyW.exe
  2⤵
  PID:3928
- C:\Windows\System\EHcvMav.exe
  C:\Windows\System\EHcvMav.exe
  2⤵
  PID:4032
- C:\Windows\System\OXbfEUU.exe
  C:\Windows\System\OXbfEUU.exe
  2⤵
  PID:3112
- C:\Windows\System\fbwlrdR.exe
  C:\Windows\System\fbwlrdR.exe
  2⤵
  PID:3460
- C:\Windows\System\vaDSMwj.exe
  C:\Windows\System\vaDSMwj.exe
  2⤵
  PID:3860
- C:\Windows\System\KlmjgUv.exe
  C:\Windows\System\KlmjgUv.exe
  2⤵
  PID:4104
- C:\Windows\System\GQrflDU.exe
  C:\Windows\System\GQrflDU.exe
  2⤵
  PID:4212
- C:\Windows\System\cePCjOE.exe
  C:\Windows\System\cePCjOE.exe
  2⤵
  PID:4336
- C:\Windows\System\qllWQMj.exe
  C:\Windows\System\qllWQMj.exe
  2⤵
  PID:2796
- C:\Windows\System\vOaRpZU.exe
  C:\Windows\System\vOaRpZU.exe
  2⤵
  PID:3444
- C:\Windows\System\mtlTkqt.exe
  C:\Windows\System\mtlTkqt.exe
  2⤵
  PID:3688
- C:\Windows\System\WkpqMtz.exe
  C:\Windows\System\WkpqMtz.exe
  2⤵
  PID:3832
- C:\Windows\System\tKKeaqX.exe
  C:\Windows\System\tKKeaqX.exe
  2⤵
  PID:3972
- C:\Windows\System\LuRQCmx.exe
  C:\Windows\System\LuRQCmx.exe
  2⤵
  PID:4088
- C:\Windows\System\sIPYMNj.exe
  C:\Windows\System\sIPYMNj.exe
  2⤵
  PID:3148
- C:\Windows\System\veKRVqz.exe
  C:\Windows\System\veKRVqz.exe
  2⤵
  PID:3480
- C:\Windows\System\BjvGOXu.exe
  C:\Windows\System\BjvGOXu.exe
  2⤵
  PID:1960
- C:\Windows\System\CqdWMHg.exe
  C:\Windows\System\CqdWMHg.exe
  2⤵
  PID:4160
- C:\Windows\System\ArvgzZC.exe
  C:\Windows\System\ArvgzZC.exe
  2⤵
  PID:4288
- C:\Windows\System\OKzlFnb.exe
  C:\Windows\System\OKzlFnb.exe
  2⤵
  PID:3716
- C:\Windows\System\wwzlqCi.exe
  C:\Windows\System\wwzlqCi.exe
  2⤵
  PID:3540
- C:\Windows\System\emIvPkY.exe
  C:\Windows\System\emIvPkY.exe
  2⤵
  PID:3368
- C:\Windows\System\jIubpgh.exe
  C:\Windows\System\jIubpgh.exe
  2⤵
  PID:3240
- C:\Windows\System\QXTYBGB.exe
  C:\Windows\System\QXTYBGB.exe
  2⤵
  PID:3096
- C:\Windows\System\RMrepZK.exe
  C:\Windows\System\RMrepZK.exe
  2⤵
  PID:840
- C:\Windows\System\kiGeqXv.exe
  C:\Windows\System\kiGeqXv.exe
  2⤵
  PID:2184
- C:\Windows\System\kzZHIXf.exe
  C:\Windows\System\kzZHIXf.exe
  2⤵
  PID:2768
- C:\Windows\System\djHJehk.exe
  C:\Windows\System\djHJehk.exe
  2⤵
  PID:2244
- C:\Windows\System\YrCYWta.exe
  C:\Windows\System\YrCYWta.exe
  2⤵
  PID:1768
- C:\Windows\System\PTRePqq.exe
  C:\Windows\System\PTRePqq.exe
  2⤵
  PID:4464
- C:\Windows\System\keAmwiw.exe
  C:\Windows\System\keAmwiw.exe
  2⤵
  PID:4500
- C:\Windows\System\XLBpkQJ.exe
  C:\Windows\System\XLBpkQJ.exe
  2⤵
  PID:4528
- C:\Windows\System\MFWlfDO.exe
  C:\Windows\System\MFWlfDO.exe
  2⤵
  PID:4548
- C:\Windows\System\vVeOhWj.exe
  C:\Windows\System\vVeOhWj.exe
  2⤵
  PID:4580
- C:\Windows\System\tNukGLk.exe
  C:\Windows\System\tNukGLk.exe
  2⤵
  PID:4612
- C:\Windows\System\TGCaisG.exe
  C:\Windows\System\TGCaisG.exe
  2⤵
  PID:4644
- C:\Windows\System\nRpLDGP.exe
  C:\Windows\System\nRpLDGP.exe
  2⤵
  PID:4676
- C:\Windows\System\PiODhMa.exe
  C:\Windows\System\PiODhMa.exe
  2⤵
  PID:4708
- C:\Windows\System\dKanUGt.exe
  C:\Windows\System\dKanUGt.exe
  2⤵
  PID:4752
- C:\Windows\System\whhFbVB.exe
  C:\Windows\System\whhFbVB.exe
  2⤵
  PID:4772
- C:\Windows\System\OqHXUuc.exe
  C:\Windows\System\OqHXUuc.exe
  2⤵
  PID:4840
- C:\Windows\System\nYlqdaj.exe
  C:\Windows\System\nYlqdaj.exe
  2⤵
  PID:4908
- C:\Windows\System\WWquYfF.exe
  C:\Windows\System\WWquYfF.exe
  2⤵
  PID:4896
- C:\Windows\System\PKxiASm.exe
  C:\Windows\System\PKxiASm.exe
  2⤵
  PID:4976
- C:\Windows\System\mnKGviD.exe
  C:\Windows\System\mnKGviD.exe
  2⤵
  PID:5028
- C:\Windows\System\tQrZbCc.exe
  C:\Windows\System\tQrZbCc.exe
  2⤵
  PID:5092
- C:\Windows\System\LhaEBOl.exe
  C:\Windows\System\LhaEBOl.exe
  2⤵
  PID:3992
- C:\Windows\System\GxsYGiP.exe
  C:\Windows\System\GxsYGiP.exe
  2⤵
  PID:3636
- C:\Windows\System\IasYFID.exe
  C:\Windows\System\IasYFID.exe
  2⤵
  PID:3028
- C:\Windows\System\lEbkHYN.exe
  C:\Windows\System\lEbkHYN.exe
  2⤵
  PID:1040
- C:\Windows\System\jZzbYVj.exe
  C:\Windows\System\jZzbYVj.exe
  2⤵
  PID:2896
- C:\Windows\System\szWdtSo.exe
  C:\Windows\System\szWdtSo.exe
  2⤵
  PID:3724
- C:\Windows\System\hZFyGaG.exe
  C:\Windows\System\hZFyGaG.exe
  2⤵
  PID:3976
- C:\Windows\System\nDWjvSn.exe
  C:\Windows\System\nDWjvSn.exe
  2⤵
  PID:3476
- C:\Windows\System\QWdXgbu.exe
  C:\Windows\System\QWdXgbu.exe
  2⤵
  PID:3736
- C:\Windows\System\SumFZXg.exe
  C:\Windows\System\SumFZXg.exe
  2⤵
  PID:4224
- C:\Windows\System\znpEtVI.exe
  C:\Windows\System\znpEtVI.exe
  2⤵
  PID:3648
- C:\Windows\System\JiqURLo.exe
  C:\Windows\System\JiqURLo.exe
  2⤵
  PID:3024
- C:\Windows\System\jFCZZbP.exe
  C:\Windows\System\jFCZZbP.exe
  2⤵
  PID:2900
- C:\Windows\System\HFzZJvL.exe
  C:\Windows\System\HFzZJvL.exe
  2⤵
  PID:2688
- C:\Windows\System\AGRnPUN.exe
  C:\Windows\System\AGRnPUN.exe
  2⤵
  PID:1840
- C:\Windows\System\vvFdkhC.exe
  C:\Windows\System\vvFdkhC.exe
  2⤵
  PID:4448
- C:\Windows\System\VXxFjss.exe
  C:\Windows\System\VXxFjss.exe
  2⤵
  PID:4512
- C:\Windows\System\pWiumVI.exe
  C:\Windows\System\pWiumVI.exe
  2⤵
  PID:4576
- C:\Windows\System\vXlKzWV.exe
  C:\Windows\System\vXlKzWV.exe
  2⤵
  PID:4656
- C:\Windows\System\vkvewti.exe
  C:\Windows\System\vkvewti.exe
  2⤵
  PID:4704
- C:\Windows\System\kjlgvaB.exe
  C:\Windows\System\kjlgvaB.exe
  2⤵
  PID:4740
- C:\Windows\System\lZAEZaz.exe
  C:\Windows\System\lZAEZaz.exe
  2⤵
  PID:816
- C:\Windows\System\dEBJfyE.exe
  C:\Windows\System\dEBJfyE.exe
  2⤵
  PID:2440
- C:\Windows\System\dojAwFt.exe
  C:\Windows\System\dojAwFt.exe
  2⤵
  PID:4980
- C:\Windows\System\WeLdaxF.exe
  C:\Windows\System\WeLdaxF.exe
  2⤵
  PID:5108
- C:\Windows\System\DRtYOHZ.exe
  C:\Windows\System\DRtYOHZ.exe
  2⤵
  PID:780
- C:\Windows\System\MebLXFA.exe
  C:\Windows\System\MebLXFA.exe
  2⤵
  PID:1916
- C:\Windows\System\KgnpHPt.exe
  C:\Windows\System\KgnpHPt.exe
  2⤵
  PID:4340
- C:\Windows\System\QoirKsx.exe
  C:\Windows\System\QoirKsx.exe
  2⤵
  PID:3612
- C:\Windows\System\yQUJiRM.exe
  C:\Windows\System\yQUJiRM.exe
  2⤵
  PID:4928
- C:\Windows\System\FSpGRiB.exe
  C:\Windows\System\FSpGRiB.exe
  2⤵
  PID:3720
- C:\Windows\System\ldxPaEe.exe
  C:\Windows\System\ldxPaEe.exe
  2⤵
  PID:912
- C:\Windows\System\agEigqV.exe
  C:\Windows\System\agEigqV.exe
  2⤵
  PID:1688
- C:\Windows\System\CgbnXrc.exe
  C:\Windows\System\CgbnXrc.exe
  2⤵
  PID:4404
- C:\Windows\System\zRIljoE.exe
  C:\Windows\System\zRIljoE.exe
  2⤵
  PID:4564
- C:\Windows\System\swvjyGX.exe
  C:\Windows\System\swvjyGX.exe
  2⤵
  PID:4640
- C:\Windows\System\gUlnufq.exe
  C:\Windows\System\gUlnufq.exe
  2⤵
  PID:4736
- C:\Windows\System\qTugRyV.exe
  C:\Windows\System\qTugRyV.exe
  2⤵
  PID:408
- C:\Windows\System\bPnZJTS.exe
  C:\Windows\System\bPnZJTS.exe
  2⤵
  PID:4948
- C:\Windows\System\qcsvdnq.exe
  C:\Windows\System\qcsvdnq.exe
  2⤵
  PID:2632
- C:\Windows\System\IxcoHON.exe
  C:\Windows\System\IxcoHON.exe
  2⤵
  PID:1860
- C:\Windows\System\LBmuxNs.exe
  C:\Windows\System\LBmuxNs.exe
  2⤵
  PID:3908
- C:\Windows\System\imEMeMX.exe
  C:\Windows\System\imEMeMX.exe
  2⤵
  PID:916
- C:\Windows\System\OqntYZi.exe
  C:\Windows\System\OqntYZi.exe
  2⤵
  PID:2616
- C:\Windows\System\LrRYsYm.exe
  C:\Windows\System\LrRYsYm.exe
  2⤵
  PID:4504
- C:\Windows\System\ZdQvJps.exe
  C:\Windows\System\ZdQvJps.exe
  2⤵
  PID:4768
- C:\Windows\System\WAoNvpY.exe
  C:\Windows\System\WAoNvpY.exe
  2⤵
  PID:2504
- C:\Windows\System\zbxVyjo.exe
  C:\Windows\System\zbxVyjo.exe
  2⤵
  PID:4092
- C:\Windows\System\JrStMfA.exe
  C:\Windows\System\JrStMfA.exe
  2⤵
  PID:3268
- C:\Windows\System\tbalqOu.exe
  C:\Windows\System\tbalqOu.exe
  2⤵
  PID:2948
- C:\Windows\System\CrlagIO.exe
  C:\Windows\System\CrlagIO.exe
  2⤵
  PID:2712
- C:\Windows\System\ZHOTdoc.exe
  C:\Windows\System\ZHOTdoc.exe
  2⤵
  PID:4856
- C:\Windows\System\luxbMvb.exe
  C:\Windows\System\luxbMvb.exe
  2⤵
  PID:4128
- C:\Windows\System\SsWDzCB.exe
  C:\Windows\System\SsWDzCB.exe
  2⤵
  PID:836
- C:\Windows\System\KjqWvsM.exe
  C:\Windows\System\KjqWvsM.exe
  2⤵
  PID:5132
- C:\Windows\System\TNasfSN.exe
  C:\Windows\System\TNasfSN.exe
  2⤵
  PID:5148
- C:\Windows\System\pSDjFzd.exe
  C:\Windows\System\pSDjFzd.exe
  2⤵
  PID:5164
- C:\Windows\System\yFgUyFk.exe
  C:\Windows\System\yFgUyFk.exe
  2⤵
  PID:5180
- C:\Windows\System\TOtvTxY.exe
  C:\Windows\System\TOtvTxY.exe
  2⤵
  PID:5196
- C:\Windows\System\ThJJUrc.exe
  C:\Windows\System\ThJJUrc.exe
  2⤵
  PID:5212
- C:\Windows\System\cQiuXRV.exe
  C:\Windows\System\cQiuXRV.exe
  2⤵
  PID:5228
- C:\Windows\System\OENkfhe.exe
  C:\Windows\System\OENkfhe.exe
  2⤵
  PID:5244
- C:\Windows\System\lEafRIb.exe
  C:\Windows\System\lEafRIb.exe
  2⤵
  PID:5260
- C:\Windows\System\yhRvAUQ.exe
  C:\Windows\System\yhRvAUQ.exe
  2⤵
  PID:5276
- C:\Windows\System\FuHzckU.exe
  C:\Windows\System\FuHzckU.exe
  2⤵
  PID:5292
- C:\Windows\System\SCsNtDX.exe
  C:\Windows\System\SCsNtDX.exe
  2⤵
  PID:5308
- C:\Windows\System\EctrAnK.exe
  C:\Windows\System\EctrAnK.exe
  2⤵
  PID:5324
- C:\Windows\System\hTGydWy.exe
  C:\Windows\System\hTGydWy.exe
  2⤵
  PID:5340
- C:\Windows\System\pgaXdQt.exe
  C:\Windows\System\pgaXdQt.exe
  2⤵
  PID:5376
- C:\Windows\System\IsUpbWv.exe
  C:\Windows\System\IsUpbWv.exe
  2⤵
  PID:5428
- C:\Windows\System\MbcJPDm.exe
  C:\Windows\System\MbcJPDm.exe
  2⤵
  PID:5444
- C:\Windows\System\UhSIHaB.exe
  C:\Windows\System\UhSIHaB.exe
  2⤵
  PID:5460
- C:\Windows\System\lcsiLAc.exe
  C:\Windows\System\lcsiLAc.exe
  2⤵
  PID:5476
- C:\Windows\System\bGuxxIB.exe
  C:\Windows\System\bGuxxIB.exe
  2⤵
  PID:5492
- C:\Windows\System\gKwQkDI.exe
  C:\Windows\System\gKwQkDI.exe
  2⤵
  PID:5508
- C:\Windows\System\wxSSotO.exe
  C:\Windows\System\wxSSotO.exe
  2⤵
  PID:5524
- C:\Windows\System\ioJaeQa.exe
  C:\Windows\System\ioJaeQa.exe
  2⤵
  PID:5540
- C:\Windows\System\fhuJtDS.exe
  C:\Windows\System\fhuJtDS.exe
  2⤵
  PID:5556
- C:\Windows\System\YdsKbzp.exe
  C:\Windows\System\YdsKbzp.exe
  2⤵
  PID:5572
- C:\Windows\System\GwWTUNj.exe
  C:\Windows\System\GwWTUNj.exe
  2⤵
  PID:5588
- C:\Windows\System\fAqlVel.exe
  C:\Windows\System\fAqlVel.exe
  2⤵
  PID:5604
- C:\Windows\System\sFSRlQR.exe
  C:\Windows\System\sFSRlQR.exe
  2⤵
  PID:5620
- C:\Windows\System\qizvOwm.exe
  C:\Windows\System\qizvOwm.exe
  2⤵
  PID:5636
- C:\Windows\System\AHTxDtM.exe
  C:\Windows\System\AHTxDtM.exe
  2⤵
  PID:5652
- C:\Windows\System\OZtEpsu.exe
  C:\Windows\System\OZtEpsu.exe
  2⤵
  PID:5668
- C:\Windows\System\qPUhkdD.exe
  C:\Windows\System\qPUhkdD.exe
  2⤵
  PID:5684
- C:\Windows\System\vRASAMl.exe
  C:\Windows\System\vRASAMl.exe
  2⤵
  PID:5700
- C:\Windows\System\CnQuksF.exe
  C:\Windows\System\CnQuksF.exe
  2⤵
  PID:5716
- C:\Windows\System\CVOILVA.exe
  C:\Windows\System\CVOILVA.exe
  2⤵
  PID:5732
- C:\Windows\System\qdohkhC.exe
  C:\Windows\System\qdohkhC.exe
  2⤵
  PID:5748
- C:\Windows\System\BATRuTD.exe
  C:\Windows\System\BATRuTD.exe
  2⤵
  PID:5764
- C:\Windows\System\urqfksH.exe
  C:\Windows\System\urqfksH.exe
  2⤵
  PID:5780
- C:\Windows\System\elBHHfN.exe
  C:\Windows\System\elBHHfN.exe
  2⤵
  PID:5796
- C:\Windows\System\JnuOmfH.exe
  C:\Windows\System\JnuOmfH.exe
  2⤵
  PID:5812
- C:\Windows\System\WkexfSn.exe
  C:\Windows\System\WkexfSn.exe
  2⤵
  PID:5828
- C:\Windows\System\BwVvvFG.exe
  C:\Windows\System\BwVvvFG.exe
  2⤵
  PID:5844
- C:\Windows\System\ldcKwil.exe
  C:\Windows\System\ldcKwil.exe
  2⤵
  PID:5860
- C:\Windows\System\ufevcdI.exe
  C:\Windows\System\ufevcdI.exe
  2⤵
  PID:5876
- C:\Windows\System\EPWCZEE.exe
  C:\Windows\System\EPWCZEE.exe
  2⤵
  PID:5892
- C:\Windows\System\qJTToqO.exe
  C:\Windows\System\qJTToqO.exe
  2⤵
  PID:5908
- C:\Windows\System\cwRVuBH.exe
  C:\Windows\System\cwRVuBH.exe
  2⤵
  PID:5924
- C:\Windows\System\sEFImbE.exe
  C:\Windows\System\sEFImbE.exe
  2⤵
  PID:5940
- C:\Windows\System\DtRIEwO.exe
  C:\Windows\System\DtRIEwO.exe
  2⤵
  PID:5956
- C:\Windows\System\RmQYHrJ.exe
  C:\Windows\System\RmQYHrJ.exe
  2⤵
  PID:5972
- C:\Windows\System\MdRtyKG.exe
  C:\Windows\System\MdRtyKG.exe
  2⤵
  PID:5988
- C:\Windows\System\TlDjQUf.exe
  C:\Windows\System\TlDjQUf.exe
  2⤵
  PID:6004
- C:\Windows\System\dIFuVlb.exe
  C:\Windows\System\dIFuVlb.exe
  2⤵
  PID:6020
- C:\Windows\System\NcrDgUg.exe
  C:\Windows\System\NcrDgUg.exe
  2⤵
  PID:6036
- C:\Windows\System\igyECVc.exe
  C:\Windows\System\igyECVc.exe
  2⤵
  PID:6052
- C:\Windows\System\lCAidkx.exe
  C:\Windows\System\lCAidkx.exe
  2⤵
  PID:6068
- C:\Windows\System\dIMeDlS.exe
  C:\Windows\System\dIMeDlS.exe
  2⤵
  PID:6084
- C:\Windows\System\eKFSink.exe
  C:\Windows\System\eKFSink.exe
  2⤵
  PID:6100
- C:\Windows\System\YZvaNOa.exe
  C:\Windows\System\YZvaNOa.exe
  2⤵
  PID:6116
- C:\Windows\System\whVoeZA.exe
  C:\Windows\System\whVoeZA.exe
  2⤵
  PID:6132
- C:\Windows\System\vaPvmjf.exe
  C:\Windows\System\vaPvmjf.exe
  2⤵
  PID:3088
- C:\Windows\System\HrnzPhc.exe
  C:\Windows\System\HrnzPhc.exe
  2⤵
  PID:5124
- C:\Windows\System\uGGNabF.exe
  C:\Windows\System\uGGNabF.exe
  2⤵
  PID:5156
- C:\Windows\System\sGlIEOy.exe
  C:\Windows\System\sGlIEOy.exe
  2⤵
  PID:5188
- C:\Windows\System\QrYvJqY.exe
  C:\Windows\System\QrYvJqY.exe
  2⤵
  PID:5220
- C:\Windows\System\yELGyzC.exe
  C:\Windows\System\yELGyzC.exe
  2⤵
  PID:3912
- C:\Windows\System\UHctHmO.exe
  C:\Windows\System\UHctHmO.exe
  2⤵
  PID:1320
- C:\Windows\System\oaYDfgD.exe
  C:\Windows\System\oaYDfgD.exe
  2⤵
  PID:5284
- C:\Windows\System\UuMHjTm.exe
  C:\Windows\System\UuMHjTm.exe
  2⤵
  PID:5304
- C:\Windows\System\rTzMeVt.exe
  C:\Windows\System\rTzMeVt.exe
  2⤵
  PID:5388
- C:\Windows\System\TgMZxgB.exe
  C:\Windows\System\TgMZxgB.exe
  2⤵
  PID:5404
- C:\Windows\System\sOpXSqc.exe
  C:\Windows\System\sOpXSqc.exe
  2⤵
  PID:5420
- C:\Windows\System\MXzYCjv.exe
  C:\Windows\System\MXzYCjv.exe
  2⤵
  PID:5424
- C:\Windows\System\FHfmlsC.exe
  C:\Windows\System\FHfmlsC.exe
  2⤵
  PID:5488
- C:\Windows\System\mmvDyod.exe
  C:\Windows\System\mmvDyod.exe
  2⤵
  PID:5548
- C:\Windows\System\CZNhHJX.exe
  C:\Windows\System\CZNhHJX.exe
  2⤵
  PID:5356
- C:\Windows\System\aJSEUfL.exe
  C:\Windows\System\aJSEUfL.exe
  2⤵
  PID:5372
- C:\Windows\System\ahfMWgy.exe
  C:\Windows\System\ahfMWgy.exe
  2⤵
  PID:5472
- C:\Windows\System\gFCvlRj.exe
  C:\Windows\System\gFCvlRj.exe
  2⤵
  PID:5532
- C:\Windows\System\MyrFaUH.exe
  C:\Windows\System\MyrFaUH.exe
  2⤵
  PID:5612
- C:\Windows\System\AklsXwZ.exe
  C:\Windows\System\AklsXwZ.exe
  2⤵
  PID:5568
- C:\Windows\System\tDlBTAp.exe
  C:\Windows\System\tDlBTAp.exe
  2⤵
  PID:5628
- C:\Windows\System\wTPBeEs.exe
  C:\Windows\System\wTPBeEs.exe
  2⤵
  PID:5692
- C:\Windows\System\BnIPHeS.exe
  C:\Windows\System\BnIPHeS.exe
  2⤵
  PID:5756
- C:\Windows\System\mqvuOvb.exe
  C:\Windows\System\mqvuOvb.exe
  2⤵
  PID:5820
- C:\Windows\System\nyoPtAc.exe
  C:\Windows\System\nyoPtAc.exe
  2⤵
  PID:5884
- C:\Windows\System\CoBdqdk.exe
  C:\Windows\System\CoBdqdk.exe
  2⤵
  PID:5680
- C:\Windows\System\qJnnylm.exe
  C:\Windows\System\qJnnylm.exe
  2⤵
  PID:5712
- C:\Windows\System\SlNhvlZ.exe
  C:\Windows\System\SlNhvlZ.exe
  2⤵
  PID:5836
- C:\Windows\System\NJIqgIi.exe
  C:\Windows\System\NJIqgIi.exe
  2⤵
  PID:5872
- C:\Windows\System\YSkHICn.exe
  C:\Windows\System\YSkHICn.exe
  2⤵
  PID:5936
- C:\Windows\System\HfcUuzW.exe
  C:\Windows\System\HfcUuzW.exe
  2⤵
  PID:6000
- C:\Windows\System\MhFdKAM.exe
  C:\Windows\System\MhFdKAM.exe
  2⤵
  PID:6032
- C:\Windows\System\YUZuUJH.exe
  C:\Windows\System\YUZuUJH.exe
  2⤵
  PID:5952
- C:\Windows\System\tljUymi.exe
  C:\Windows\System\tljUymi.exe
  2⤵
  PID:5920
- C:\Windows\System\RxHPruJ.exe
  C:\Windows\System\RxHPruJ.exe
  2⤵
  PID:6048
- C:\Windows\System\OstLved.exe
  C:\Windows\System\OstLved.exe
  2⤵
  PID:6112
- C:\Windows\System\KmgZgxW.exe
  C:\Windows\System\KmgZgxW.exe
  2⤵
  PID:5076
- C:\Windows\System\YLdkdvM.exe
  C:\Windows\System\YLdkdvM.exe
  2⤵
  PID:5348
- C:\Windows\System\OMGhhvT.exe
  C:\Windows\System\OMGhhvT.exe
  2⤵
  PID:5440
- C:\Windows\System\wOcRmcw.exe
  C:\Windows\System\wOcRmcw.exe
  2⤵
  PID:5504
- C:\Windows\System\rdbyLmk.exe
  C:\Windows\System\rdbyLmk.exe
  2⤵
  PID:5660
- C:\Windows\System\JBCROpo.exe
  C:\Windows\System\JBCROpo.exe
  2⤵
  PID:5916
- C:\Windows\System\WnMIVPY.exe
  C:\Windows\System\WnMIVPY.exe
  2⤵
  PID:5724
- C:\Windows\System\HYcvvWB.exe
  C:\Windows\System\HYcvvWB.exe
  2⤵
  PID:5840
- C:\Windows\System\AkAwJce.exe
  C:\Windows\System\AkAwJce.exe
  2⤵
  PID:5676
- C:\Windows\System\gywSRwn.exe
  C:\Windows\System\gywSRwn.exe
  2⤵
  PID:5932
- C:\Windows\System\yZiSrrc.exe
  C:\Windows\System\yZiSrrc.exe
  2⤵
  PID:5948
- C:\Windows\System\PwPrHhd.exe
  C:\Windows\System\PwPrHhd.exe
  2⤵
  PID:6016
- C:\Windows\System\BEcfIaI.exe
  C:\Windows\System\BEcfIaI.exe
  2⤵
  PID:5144
- C:\Windows\System\tiCqmzz.exe
  C:\Windows\System\tiCqmzz.exe
  2⤵
  PID:5176
- C:\Windows\System\lFzZolZ.exe
  C:\Windows\System\lFzZolZ.exe
  2⤵
  PID:5272
- C:\Windows\System\TcNBtxh.exe
  C:\Windows\System\TcNBtxh.exe
  2⤵
  PID:5384
- C:\Windows\System\DIXrSem.exe
  C:\Windows\System\DIXrSem.exe
  2⤵
  PID:5192
- C:\Windows\System\jqeXVNM.exe
  C:\Windows\System\jqeXVNM.exe
  2⤵
  PID:2856
- C:\Windows\System\vvBLtcm.exe
  C:\Windows\System\vvBLtcm.exe
  2⤵
  PID:5416
- C:\Windows\System\LyNCEdc.exe
  C:\Windows\System\LyNCEdc.exe
  2⤵
  PID:5644
- C:\Windows\System\tIMDzmO.exe
  C:\Windows\System\tIMDzmO.exe
  2⤵
  PID:5564
- C:\Windows\System\GYpXbLC.exe
  C:\Windows\System\GYpXbLC.exe
  2⤵
  PID:5804
- C:\Windows\System\uUMeytU.exe
  C:\Windows\System\uUMeytU.exe
  2⤵
  PID:5984
- C:\Windows\System\ptqyaGw.exe
  C:\Windows\System\ptqyaGw.exe
  2⤵
  PID:5852
- C:\Windows\System\vBgzzwd.exe
  C:\Windows\System\vBgzzwd.exe
  2⤵
  PID:1472
- C:\Windows\System\qDEgyzd.exe
  C:\Windows\System\qDEgyzd.exe
  2⤵
  PID:1136
- C:\Windows\System\YqGGdMQ.exe
  C:\Windows\System\YqGGdMQ.exe
  2⤵
  PID:5400
- C:\Windows\System\mJBycAW.exe
  C:\Windows\System\mJBycAW.exe
  2⤵
  PID:5352
- C:\Windows\System\XZCqfvA.exe
  C:\Windows\System\XZCqfvA.exe
  2⤵
  PID:5160
- C:\Windows\System\PPNJyrj.exe
  C:\Windows\System\PPNJyrj.exe
  2⤵
  PID:5904
- C:\Windows\System\FAkLuth.exe
  C:\Windows\System\FAkLuth.exe
  2⤵
  PID:5968
- C:\Windows\System\oRkgesk.exe
  C:\Windows\System\oRkgesk.exe
  2⤵
  PID:6080
- C:\Windows\System\AjPylZA.exe
  C:\Windows\System\AjPylZA.exe
  2⤵
  PID:1968
- C:\Windows\System\hnFfujV.exe
  C:\Windows\System\hnFfujV.exe
  2⤵
  PID:6152
- C:\Windows\System\eqWVjEq.exe
  C:\Windows\System\eqWVjEq.exe
  2⤵
  PID:6168
- C:\Windows\System\GGSejqx.exe
  C:\Windows\System\GGSejqx.exe
  2⤵
  PID:6184
- C:\Windows\System\sgapzqi.exe
  C:\Windows\System\sgapzqi.exe
  2⤵
  PID:6200
- C:\Windows\System\KPsXSeM.exe
  C:\Windows\System\KPsXSeM.exe
  2⤵
  PID:6216
- C:\Windows\System\ZgNkOeD.exe
  C:\Windows\System\ZgNkOeD.exe
  2⤵
  PID:6232
- C:\Windows\System\MpyvtRO.exe
  C:\Windows\System\MpyvtRO.exe
  2⤵
  PID:6248
- C:\Windows\System\vkgKrKC.exe
  C:\Windows\System\vkgKrKC.exe
  2⤵
  PID:6264
- C:\Windows\System\uDHcpHk.exe
  C:\Windows\System\uDHcpHk.exe
  2⤵
  PID:6280
- C:\Windows\System\HZoAcHj.exe
  C:\Windows\System\HZoAcHj.exe
  2⤵
  PID:6296
- C:\Windows\System\LDPmpul.exe
  C:\Windows\System\LDPmpul.exe
  2⤵
  PID:6312
- C:\Windows\System\fFdsphW.exe
  C:\Windows\System\fFdsphW.exe
  2⤵
  PID:6328
- C:\Windows\System\zUwuIhh.exe
  C:\Windows\System\zUwuIhh.exe
  2⤵
  PID:6344
- C:\Windows\System\aPxzqAt.exe
  C:\Windows\System\aPxzqAt.exe
  2⤵
  PID:6360
- C:\Windows\System\pKsNupE.exe
  C:\Windows\System\pKsNupE.exe
  2⤵
  PID:6376
- C:\Windows\System\YtkYMoT.exe
  C:\Windows\System\YtkYMoT.exe
  2⤵
  PID:6392
- C:\Windows\System\CpZKxmm.exe
  C:\Windows\System\CpZKxmm.exe
  2⤵
  PID:6408
- C:\Windows\System\YCbFjXO.exe
  C:\Windows\System\YCbFjXO.exe
  2⤵
  PID:6424
- C:\Windows\System\IrloipK.exe
  C:\Windows\System\IrloipK.exe
  2⤵
  PID:6440
- C:\Windows\System\nBsjGHa.exe
  C:\Windows\System\nBsjGHa.exe
  2⤵
  PID:6456
- C:\Windows\System\vTDIlPS.exe
  C:\Windows\System\vTDIlPS.exe
  2⤵
  PID:6472
- C:\Windows\System\TdxqHFz.exe
  C:\Windows\System\TdxqHFz.exe
  2⤵
  PID:6488
- C:\Windows\System\IULiljA.exe
  C:\Windows\System\IULiljA.exe
  2⤵
  PID:6504
- C:\Windows\System\FDFSyMm.exe
  C:\Windows\System\FDFSyMm.exe
  2⤵
  PID:6520
- C:\Windows\System\nkAVDYb.exe
  C:\Windows\System\nkAVDYb.exe
  2⤵
  PID:6536
- C:\Windows\System\vKbanKX.exe
  C:\Windows\System\vKbanKX.exe
  2⤵
  PID:6552
- C:\Windows\System\FIXdfiH.exe
  C:\Windows\System\FIXdfiH.exe
  2⤵
  PID:6568
- C:\Windows\System\yTBLUFA.exe
  C:\Windows\System\yTBLUFA.exe
  2⤵
  PID:6584
- C:\Windows\System\gHOeKVW.exe
  C:\Windows\System\gHOeKVW.exe
  2⤵
  PID:6600
- C:\Windows\System\rodinig.exe
  C:\Windows\System\rodinig.exe
  2⤵
  PID:6616
- C:\Windows\System\ieoIZIp.exe
  C:\Windows\System\ieoIZIp.exe
  2⤵
  PID:6632
- C:\Windows\System\ZhQNqll.exe
  C:\Windows\System\ZhQNqll.exe
  2⤵
  PID:6648
- C:\Windows\System\YCTaYQy.exe
  C:\Windows\System\YCTaYQy.exe
  2⤵
  PID:6664
- C:\Windows\System\HFUBkYD.exe
  C:\Windows\System\HFUBkYD.exe
  2⤵
  PID:6680
- C:\Windows\System\uJEmbym.exe
  C:\Windows\System\uJEmbym.exe
  2⤵
  PID:6696
- C:\Windows\System\UBZzhfQ.exe
  C:\Windows\System\UBZzhfQ.exe
  2⤵
  PID:6712
- C:\Windows\System\VOUKoMn.exe
  C:\Windows\System\VOUKoMn.exe
  2⤵
  PID:6728
- C:\Windows\System\evtzuaS.exe
  C:\Windows\System\evtzuaS.exe
  2⤵
  PID:6744
- C:\Windows\System\huPoZzy.exe
  C:\Windows\System\huPoZzy.exe
  2⤵
  PID:6760
- C:\Windows\System\tDLvHth.exe
  C:\Windows\System\tDLvHth.exe
  2⤵
  PID:6776
- C:\Windows\System\hjgQfrr.exe
  C:\Windows\System\hjgQfrr.exe
  2⤵
  PID:6792
- C:\Windows\System\YNLNdFv.exe
  C:\Windows\System\YNLNdFv.exe
  2⤵
  PID:6808
- C:\Windows\System\mOXWeVh.exe
  C:\Windows\System\mOXWeVh.exe
  2⤵
  PID:6824
- C:\Windows\System\lMjhuyx.exe
  C:\Windows\System\lMjhuyx.exe
  2⤵
  PID:6840
- C:\Windows\System\bWhCgZe.exe
  C:\Windows\System\bWhCgZe.exe
  2⤵
  PID:6856
- C:\Windows\System\QWIIKyg.exe
  C:\Windows\System\QWIIKyg.exe
  2⤵
  PID:6872
- C:\Windows\System\kiGuZyQ.exe
  C:\Windows\System\kiGuZyQ.exe
  2⤵
  PID:6888
- C:\Windows\System\cmKamro.exe
  C:\Windows\System\cmKamro.exe
  2⤵
  PID:6904
- C:\Windows\System\kaWPFyx.exe
  C:\Windows\System\kaWPFyx.exe
  2⤵
  PID:6924
- C:\Windows\System\csZKZMA.exe
  C:\Windows\System\csZKZMA.exe
  2⤵
  PID:6940
- C:\Windows\System\YYRTgOC.exe
  C:\Windows\System\YYRTgOC.exe
  2⤵
  PID:6956
- C:\Windows\System\JGGDNRj.exe
  C:\Windows\System\JGGDNRj.exe
  2⤵
  PID:6972
- C:\Windows\System\LeqlPok.exe
  C:\Windows\System\LeqlPok.exe
  2⤵
  PID:6988
- C:\Windows\System\fuLrUoQ.exe
  C:\Windows\System\fuLrUoQ.exe
  2⤵
  PID:7004
- C:\Windows\System\VxZNDOV.exe
  C:\Windows\System\VxZNDOV.exe
  2⤵
  PID:7020
- C:\Windows\System\XRDWsPU.exe
  C:\Windows\System\XRDWsPU.exe
  2⤵
  PID:7036
- C:\Windows\System\rZpisLu.exe
  C:\Windows\System\rZpisLu.exe
  2⤵
  PID:7052
- C:\Windows\System\EkQrzPB.exe
  C:\Windows\System\EkQrzPB.exe
  2⤵
  PID:7068
- C:\Windows\System\wYPWPMn.exe
  C:\Windows\System\wYPWPMn.exe
  2⤵
  PID:7084
- C:\Windows\System\WVCMqts.exe
  C:\Windows\System\WVCMqts.exe
  2⤵
  PID:7100
- C:\Windows\System\kWNBdvd.exe
  C:\Windows\System\kWNBdvd.exe
  2⤵
  PID:7116
- C:\Windows\System\QTTKQVp.exe
  C:\Windows\System\QTTKQVp.exe
  2⤵
  PID:7132
- C:\Windows\System\guCTVGk.exe
  C:\Windows\System\guCTVGk.exe
  2⤵
  PID:7148
- C:\Windows\System\gCSKEhs.exe
  C:\Windows\System\gCSKEhs.exe
  2⤵
  PID:7164
- C:\Windows\System\hAFTZKm.exe
  C:\Windows\System\hAFTZKm.exe
  2⤵
  PID:6148
- C:\Windows\System\doBiaEY.exe
  C:\Windows\System\doBiaEY.exe
  2⤵
  PID:6212
- C:\Windows\System\oaglEUy.exe
  C:\Windows\System\oaglEUy.exe
  2⤵
  PID:6276
- C:\Windows\System\qvneWIO.exe
  C:\Windows\System\qvneWIO.exe
  2⤵
  PID:5412
- C:\Windows\System\SnlwJNX.exe
  C:\Windows\System\SnlwJNX.exe
  2⤵
  PID:6224
- C:\Windows\System\UKsmrjI.exe
  C:\Windows\System\UKsmrjI.exe
  2⤵
  PID:5552
- C:\Windows\System\sQneLYt.exe
  C:\Windows\System\sQneLYt.exe
  2⤵
  PID:6164
- C:\Windows\System\oCljdOr.exe
  C:\Windows\System\oCljdOr.exe
  2⤵
  PID:6228
- C:\Windows\System\FEiyNow.exe
  C:\Windows\System\FEiyNow.exe
  2⤵
  PID:6400
- C:\Windows\System\ohEOvxy.exe
  C:\Windows\System\ohEOvxy.exe
  2⤵
  PID:6464
- C:\Windows\System\rlUBaXF.exe
  C:\Windows\System\rlUBaXF.exe
  2⤵
  PID:6468
- C:\Windows\System\NPtwfXu.exe
  C:\Windows\System\NPtwfXu.exe
  2⤵
  PID:6448
- C:\Windows\System\nNkLeVL.exe
  C:\Windows\System\nNkLeVL.exe
  2⤵
  PID:6388
- C:\Windows\System\vUCSfGB.exe
  C:\Windows\System\vUCSfGB.exe
  2⤵
  PID:6596
- C:\Windows\System\SnQNznj.exe
  C:\Windows\System\SnQNznj.exe
  2⤵
  PID:6484
- C:\Windows\System\GjjcueK.exe
  C:\Windows\System\GjjcueK.exe
  2⤵
  PID:6640
- C:\Windows\System\mofdqld.exe
  C:\Windows\System\mofdqld.exe
  2⤵
  PID:6656
- C:\Windows\System\HUAWGla.exe
  C:\Windows\System\HUAWGla.exe
  2⤵
  PID:6544
- C:\Windows\System\EbmrOyY.exe
  C:\Windows\System\EbmrOyY.exe
  2⤵
  PID:6644
- C:\Windows\System\sDxLcNr.exe
  C:\Windows\System\sDxLcNr.exe
  2⤵
  PID:6704
- C:\Windows\System\sEyiKoU.exe
  C:\Windows\System\sEyiKoU.exe
  2⤵
  PID:6720
- C:\Windows\System\jdmCNLX.exe
  C:\Windows\System\jdmCNLX.exe
  2⤵
  PID:6784
- C:\Windows\System\WRDjSOz.exe
  C:\Windows\System\WRDjSOz.exe
  2⤵
  PID:6848
- C:\Windows\System\FYqLzzI.exe
  C:\Windows\System\FYqLzzI.exe
  2⤵
  PID:6772
- C:\Windows\System\aipMTwt.exe
  C:\Windows\System\aipMTwt.exe
  2⤵
  PID:6912
- C:\Windows\System\QcMSFVb.exe
  C:\Windows\System\QcMSFVb.exe
  2⤵
  PID:6980
- C:\Windows\System\wnMFxWx.exe
  C:\Windows\System\wnMFxWx.exe
  2⤵
  PID:6932
- C:\Windows\System\QgueiFa.exe
  C:\Windows\System\QgueiFa.exe
  2⤵
  PID:6964
- C:\Windows\System\oknzcLV.exe
  C:\Windows\System\oknzcLV.exe
  2⤵
  PID:7108
- C:\Windows\System\bGcTgTV.exe
  C:\Windows\System\bGcTgTV.exe
  2⤵
  PID:6936
- C:\Windows\System\GZIPGqt.exe
  C:\Windows\System\GZIPGqt.exe
  2⤵
  PID:7000
- C:\Windows\System\HRDGQbi.exe
  C:\Windows\System\HRDGQbi.exe
  2⤵
  PID:7092
- C:\Windows\System\gVFYPyR.exe
  C:\Windows\System\gVFYPyR.exe
  2⤵
  PID:6244
- C:\Windows\System\ZEJTCKD.exe
  C:\Windows\System\ZEJTCKD.exe
  2⤵
  PID:7064
- C:\Windows\System\HrzDMjC.exe
  C:\Windows\System\HrzDMjC.exe
  2⤵
  PID:7160
- C:\Windows\System\WecXexU.exe
  C:\Windows\System\WecXexU.exe
  2⤵
  PID:6368
- C:\Windows\System\mmkfpem.exe
  C:\Windows\System\mmkfpem.exe
  2⤵
  PID:6208
- C:\Windows\System\wfqbvaS.exe
  C:\Windows\System\wfqbvaS.exe
  2⤵
  PID:6012
- C:\Windows\System\IKRdXTT.exe
  C:\Windows\System\IKRdXTT.exe
  2⤵
  PID:6436
- C:\Windows\System\BzuSmoZ.exe
  C:\Windows\System\BzuSmoZ.exe
  2⤵
  PID:6452
- C:\Windows\System\dgbzllE.exe
  C:\Windows\System\dgbzllE.exe
  2⤵
  PID:6580
- C:\Windows\System\RjajJTX.exe
  C:\Windows\System\RjajJTX.exe
  2⤵
  PID:6768
- C:\Windows\System\GEYpZTW.exe
  C:\Windows\System\GEYpZTW.exe
  2⤵
  PID:6692
- C:\Windows\System\NHgKLGP.exe
  C:\Windows\System\NHgKLGP.exe
  2⤵
  PID:6512
- C:\Windows\System\xwVVxMS.exe
  C:\Windows\System\xwVVxMS.exe
  2⤵
  PID:6756
- C:\Windows\System\eUyjVNA.exe
  C:\Windows\System\eUyjVNA.exe
  2⤵
  PID:6804
- C:\Windows\System\KqVmLTe.exe
  C:\Windows\System\KqVmLTe.exe
  2⤵
  PID:6948
- C:\Windows\System\LFISWzg.exe
  C:\Windows\System\LFISWzg.exe
  2⤵
  PID:7080
- C:\Windows\System\gvSLChD.exe
  C:\Windows\System\gvSLChD.exe
  2⤵
  PID:7032
- C:\Windows\System\CCDcrQa.exe
  C:\Windows\System\CCDcrQa.exe
  2⤵
  PID:6180
- C:\Windows\System\frJtoBz.exe
  C:\Windows\System\frJtoBz.exe
  2⤵
  PID:6628
- C:\Windows\System\GrGWxcQ.exe
  C:\Windows\System\GrGWxcQ.exe
  2⤵
  PID:6868
- C:\Windows\System\BaozhiS.exe
  C:\Windows\System\BaozhiS.exe
  2⤵
  PID:6532
- C:\Windows\System\WYmOGpn.exe
  C:\Windows\System\WYmOGpn.exe
  2⤵
  PID:6352
- C:\Windows\System\erlLPTR.exe
  C:\Windows\System\erlLPTR.exe
  2⤵
  PID:6736
- C:\Windows\System\uYGCOdB.exe
  C:\Windows\System\uYGCOdB.exe
  2⤵
  PID:6752
- C:\Windows\System\fLVXWIs.exe
  C:\Windows\System\fLVXWIs.exe
  2⤵
  PID:6836
- C:\Windows\System\FdzYPGB.exe
  C:\Windows\System\FdzYPGB.exe
  2⤵
  PID:6996
- C:\Windows\System\kPcHbth.exe
  C:\Windows\System\kPcHbth.exe
  2⤵
  PID:6500
- C:\Windows\System\DUodUHD.exe
  C:\Windows\System\DUodUHD.exe
  2⤵
  PID:7060
- C:\Windows\System\vUjsCoi.exe
  C:\Windows\System\vUjsCoi.exe
  2⤵
  PID:7180
- C:\Windows\System\JFNbfMK.exe
  C:\Windows\System\JFNbfMK.exe
  2⤵
  PID:7196
- C:\Windows\System\xkJqHQv.exe
  C:\Windows\System\xkJqHQv.exe
  2⤵
  PID:7212
- C:\Windows\System\GJCkFYG.exe
  C:\Windows\System\GJCkFYG.exe
  2⤵
  PID:7228
- C:\Windows\System\MBlUsbQ.exe
  C:\Windows\System\MBlUsbQ.exe
  2⤵
  PID:7244
- C:\Windows\System\dIOqvEZ.exe
  C:\Windows\System\dIOqvEZ.exe
  2⤵
  PID:7260
- C:\Windows\System\oTxhCQt.exe
  C:\Windows\System\oTxhCQt.exe
  2⤵
  PID:7276
- C:\Windows\System\cgxKIiO.exe
  C:\Windows\System\cgxKIiO.exe
  2⤵
  PID:7296
- C:\Windows\System\HmIoTMF.exe
  C:\Windows\System\HmIoTMF.exe
  2⤵
  PID:7316
- C:\Windows\System\ykDAojf.exe
  C:\Windows\System\ykDAojf.exe
  2⤵
  PID:7332
- C:\Windows\System\xNdMcCT.exe
  C:\Windows\System\xNdMcCT.exe
  2⤵
  PID:7352
- C:\Windows\System\rblRVgW.exe
  C:\Windows\System\rblRVgW.exe
  2⤵
  PID:7368
- C:\Windows\System\ydxRqvW.exe
  C:\Windows\System\ydxRqvW.exe
  2⤵
  PID:7384
- C:\Windows\System\TGKHhfZ.exe
  C:\Windows\System\TGKHhfZ.exe
  2⤵
  PID:7400
- C:\Windows\System\dXkuIOX.exe
  C:\Windows\System\dXkuIOX.exe
  2⤵
  PID:7416
- C:\Windows\System\QvHvvOR.exe
  C:\Windows\System\QvHvvOR.exe
  2⤵
  PID:7432
- C:\Windows\System\QwhcCio.exe
  C:\Windows\System\QwhcCio.exe
  2⤵
  PID:7468
- C:\Windows\System\qyHiAKm.exe
  C:\Windows\System\qyHiAKm.exe
  2⤵
  PID:7484
- C:\Windows\System\smFByAV.exe
  C:\Windows\System\smFByAV.exe
  2⤵
  PID:7504
- C:\Windows\System\yqZBpWP.exe
  C:\Windows\System\yqZBpWP.exe
  2⤵
  PID:7520
- C:\Windows\System\qzhgKbq.exe
  C:\Windows\System\qzhgKbq.exe
  2⤵
  PID:7536
- C:\Windows\System\vraesja.exe
  C:\Windows\System\vraesja.exe
  2⤵
  PID:7552
- C:\Windows\System\LrgwvEn.exe
  C:\Windows\System\LrgwvEn.exe
  2⤵
  PID:7568
- C:\Windows\System\NWMOSII.exe
  C:\Windows\System\NWMOSII.exe
  2⤵
  PID:7584
- C:\Windows\System\qnozhqx.exe
  C:\Windows\System\qnozhqx.exe
  2⤵
  PID:7600
- C:\Windows\System\FdTPnbY.exe
  C:\Windows\System\FdTPnbY.exe
  2⤵
  PID:7736
- C:\Windows\System\RkEytdJ.exe
  C:\Windows\System\RkEytdJ.exe
  2⤵
  PID:7752
- C:\Windows\System\uOqGNDL.exe
  C:\Windows\System\uOqGNDL.exe
  2⤵
  PID:7768
- C:\Windows\System\GMBZEXQ.exe
  C:\Windows\System\GMBZEXQ.exe
  2⤵
  PID:7784
- C:\Windows\System\hfmrLMf.exe
  C:\Windows\System\hfmrLMf.exe
  2⤵
  PID:7800
- C:\Windows\System\eChXjJQ.exe
  C:\Windows\System\eChXjJQ.exe
  2⤵
  PID:7820
- C:\Windows\System\qQtNjxr.exe
  C:\Windows\System\qQtNjxr.exe
  2⤵
  PID:7836
- C:\Windows\System\RfeggJU.exe
  C:\Windows\System\RfeggJU.exe
  2⤵
  PID:7852
- C:\Windows\System\WYOABbY.exe
  C:\Windows\System\WYOABbY.exe
  2⤵
  PID:7868
- C:\Windows\System\HTPdVFs.exe
  C:\Windows\System\HTPdVFs.exe
  2⤵
  PID:7884
- C:\Windows\System\PQmIeGw.exe
  C:\Windows\System\PQmIeGw.exe
  2⤵
  PID:7900
- C:\Windows\System\SEXcbiC.exe
  C:\Windows\System\SEXcbiC.exe
  2⤵
  PID:7920
- C:\Windows\System\nheNCYD.exe
  C:\Windows\System\nheNCYD.exe
  2⤵
  PID:7936
- C:\Windows\System\atyOSmf.exe
  C:\Windows\System\atyOSmf.exe
  2⤵
  PID:7952
- C:\Windows\System\QOKyRDU.exe
  C:\Windows\System\QOKyRDU.exe
  2⤵
  PID:7976
- C:\Windows\System\OvingNg.exe
  C:\Windows\System\OvingNg.exe
  2⤵
  PID:7996
- C:\Windows\System\psHxUVT.exe
  C:\Windows\System\psHxUVT.exe
  2⤵
  PID:8016
- C:\Windows\System\rJsUDcj.exe
  C:\Windows\System\rJsUDcj.exe
  2⤵
  PID:8032
- C:\Windows\System\THIXRZf.exe
  C:\Windows\System\THIXRZf.exe
  2⤵
  PID:8052
- C:\Windows\System\LxmPItS.exe
  C:\Windows\System\LxmPItS.exe
  2⤵
  PID:8072
- C:\Windows\System\soXfBRV.exe
  C:\Windows\System\soXfBRV.exe
  2⤵
  PID:8088
- C:\Windows\System\mToOOHo.exe
  C:\Windows\System\mToOOHo.exe
  2⤵
  PID:8104
- C:\Windows\System\eseLvis.exe
  C:\Windows\System\eseLvis.exe
  2⤵
  PID:8124
- C:\Windows\System\gwjIEyR.exe
  C:\Windows\System\gwjIEyR.exe
  2⤵
  PID:8140
- C:\Windows\System\LpngErm.exe
  C:\Windows\System\LpngErm.exe
  2⤵
  PID:8160
- C:\Windows\System\IIRZoFo.exe
  C:\Windows\System\IIRZoFo.exe
  2⤵
  PID:8176
- C:\Windows\System\gvykjgG.exe
  C:\Windows\System\gvykjgG.exe
  2⤵
  PID:7028
- C:\Windows\System\boRhree.exe
  C:\Windows\System\boRhree.exe
  2⤵
  PID:5368
- C:\Windows\System\sPSGlAv.exe
  C:\Windows\System\sPSGlAv.exe
  2⤵
  PID:7076
- C:\Windows\System\utYEJTZ.exe
  C:\Windows\System\utYEJTZ.exe
  2⤵
  PID:7204
- C:\Windows\System\oZMxovF.exe
  C:\Windows\System\oZMxovF.exe
  2⤵
  PID:6740
- C:\Windows\System\zkcresP.exe
  C:\Windows\System\zkcresP.exe
  2⤵
  PID:6884
- C:\Windows\System\APxdZMD.exe
  C:\Windows\System\APxdZMD.exe
  2⤵
  PID:7224
- C:\Windows\System\EHIsaLm.exe
  C:\Windows\System\EHIsaLm.exe
  2⤵
  PID:7272
- C:\Windows\System\bUITBdH.exe
  C:\Windows\System\bUITBdH.exe
  2⤵
  PID:7344
- C:\Windows\System\NpcQBoI.exe
  C:\Windows\System\NpcQBoI.exe
  2⤵
  PID:7408
- C:\Windows\System\LghvZCo.exe
  C:\Windows\System\LghvZCo.exe
  2⤵
  PID:7324
- C:\Windows\System\UqhVvNt.exe
  C:\Windows\System\UqhVvNt.exe
  2⤵
  PID:7292
- C:\Windows\System\cZsqwyO.exe
  C:\Windows\System\cZsqwyO.exe
  2⤵
  PID:7396
- C:\Windows\System\SoGGCMz.exe
  C:\Windows\System\SoGGCMz.exe
  2⤵
  PID:7464
- C:\Windows\System\CwHlehO.exe
  C:\Windows\System\CwHlehO.exe
  2⤵
  PID:7528
- C:\Windows\System\CROYAre.exe
  C:\Windows\System\CROYAre.exe
  2⤵
  PID:7544
- C:\Windows\System\UBFvRhR.exe
  C:\Windows\System\UBFvRhR.exe
  2⤵
  PID:7608
- C:\Windows\System\ZKICtzw.exe
  C:\Windows\System\ZKICtzw.exe
  2⤵
  PID:7624
- C:\Windows\System\qXZpHkb.exe
  C:\Windows\System\qXZpHkb.exe
  2⤵
  PID:7640
- C:\Windows\System\LvifIKd.exe
  C:\Windows\System\LvifIKd.exe
  2⤵
  PID:7656
- C:\Windows\System\zvGxlQe.exe
  C:\Windows\System\zvGxlQe.exe
  2⤵
  PID:7676
- C:\Windows\System\ceEnAWP.exe
  C:\Windows\System\ceEnAWP.exe
  2⤵
  PID:7692
- C:\Windows\System\umusSJP.exe
  C:\Windows\System\umusSJP.exe
  2⤵
  PID:7708
- C:\Windows\System\XNhBHNq.exe
  C:\Windows\System\XNhBHNq.exe
  2⤵
  PID:7724
- C:\Windows\System\JxqYUAT.exe
  C:\Windows\System\JxqYUAT.exe
  2⤵
  PID:7748
- C:\Windows\System\ebciTQt.exe
  C:\Windows\System\ebciTQt.exe
  2⤵
  PID:7764
- C:\Windows\System\NBufhGs.exe
  C:\Windows\System\NBufhGs.exe
  2⤵
  PID:7844
- C:\Windows\System\xaLbanK.exe
  C:\Windows\System\xaLbanK.exe
  2⤵
  PID:7796
- C:\Windows\System\nNWRSor.exe
  C:\Windows\System\nNWRSor.exe
  2⤵
  PID:7864
- C:\Windows\System\JFIQgGQ.exe
  C:\Windows\System\JFIQgGQ.exe
  2⤵
  PID:7916
- C:\Windows\System\oLIUGok.exe
  C:\Windows\System\oLIUGok.exe
  2⤵
  PID:7896
- C:\Windows\System\iTUwBqD.exe
  C:\Windows\System\iTUwBqD.exe
  2⤵
  PID:7960
- C:\Windows\System\pYjfYca.exe
  C:\Windows\System\pYjfYca.exe
  2⤵
  PID:7992
- C:\Windows\System\nynUQjk.exe
  C:\Windows\System\nynUQjk.exe
  2⤵
  PID:8064
- C:\Windows\System\cZjpRpB.exe
  C:\Windows\System\cZjpRpB.exe
  2⤵
  PID:8132
- C:\Windows\System\cwZeQxM.exe
  C:\Windows\System\cwZeQxM.exe
  2⤵
  PID:8004
- C:\Windows\System\XcxPyXA.exe
  C:\Windows\System\XcxPyXA.exe
  2⤵
  PID:8168
- C:\Windows\System\EdynzQq.exe
  C:\Windows\System\EdynzQq.exe
  2⤵
  PID:8116
- C:\Windows\System\SBgdWJH.exe
  C:\Windows\System\SBgdWJH.exe
  2⤵
  PID:8148
- C:\Windows\System\BNcpfPj.exe
  C:\Windows\System\BNcpfPj.exe
  2⤵
  PID:6528
- C:\Windows\System\PYadoek.exe
  C:\Windows\System\PYadoek.exe
  2⤵
  PID:7240
- C:\Windows\System\KrcvpTx.exe
  C:\Windows\System\KrcvpTx.exe
  2⤵
  PID:7308
- C:\Windows\System\zduWbjm.exe
  C:\Windows\System\zduWbjm.exe
  2⤵
  PID:7448
- C:\Windows\System\KdSRtxp.exe
  C:\Windows\System\KdSRtxp.exe
  2⤵
  PID:7496
- C:\Windows\System\SemjXtH.exe
  C:\Windows\System\SemjXtH.exe
  2⤵
  PID:7268
- C:\Windows\System\STSUEYf.exe
  C:\Windows\System\STSUEYf.exe
  2⤵
  PID:7288
- C:\Windows\System\AnMfvBM.exe
  C:\Windows\System\AnMfvBM.exe
  2⤵
  PID:7456
- C:\Windows\System\tKSPrbz.exe
  C:\Windows\System\tKSPrbz.exe
  2⤵
  PID:7460
- C:\Windows\System\BcVECko.exe
  C:\Windows\System\BcVECko.exe
  2⤵
  PID:7476
- C:\Windows\System\mTEkUdx.exe
  C:\Windows\System\mTEkUdx.exe
  2⤵
  PID:7512
- C:\Windows\System\iVeGpim.exe
  C:\Windows\System\iVeGpim.exe
  2⤵
  PID:7516
- C:\Windows\System\AQFeQzv.exe
  C:\Windows\System\AQFeQzv.exe
  2⤵
  PID:7632
- C:\Windows\System\zFhVTBT.exe
  C:\Windows\System\zFhVTBT.exe
  2⤵
  PID:7780
- C:\Windows\System\wTlWGcy.exe
  C:\Windows\System\wTlWGcy.exe
  2⤵
  PID:7744
- C:\Windows\System\VAXbeKe.exe
  C:\Windows\System\VAXbeKe.exe
  2⤵
  PID:7812
- C:\Windows\System\beczBdf.exe
  C:\Windows\System\beczBdf.exe
  2⤵
  PID:7828
- C:\Windows\System\ZDmxlRW.exe
  C:\Windows\System\ZDmxlRW.exe
  2⤵
  PID:7928
- C:\Windows\System\kaAofji.exe
  C:\Windows\System\kaAofji.exe
  2⤵
  PID:8028
- C:\Windows\System\niCzOsg.exe
  C:\Windows\System\niCzOsg.exe
  2⤵
  PID:8048
- C:\Windows\System\kVTcKdo.exe
  C:\Windows\System\kVTcKdo.exe
  2⤵
  PID:7984
- C:\Windows\System\XgOPdWw.exe
  C:\Windows\System\XgOPdWw.exe
  2⤵
  PID:8172
- C:\Windows\System\HufZqRv.exe
  C:\Windows\System\HufZqRv.exe
  2⤵
  PID:8100
- C:\Windows\System\CjXKESx.exe
  C:\Windows\System\CjXKESx.exe
  2⤵
  PID:7236
- C:\Windows\System\jAXkwSq.exe
  C:\Windows\System\jAXkwSq.exe
  2⤵
  PID:7440
- C:\Windows\System\xeDPQnN.exe
  C:\Windows\System\xeDPQnN.exe
  2⤵
  PID:7284
- C:\Windows\System\MpNAtJL.exe
  C:\Windows\System\MpNAtJL.exe
  2⤵
  PID:7444
- C:\Windows\System\jiXSUsE.exe
  C:\Windows\System\jiXSUsE.exe
  2⤵
  PID:7480
- C:\Windows\System\KwilTOM.exe
  C:\Windows\System\KwilTOM.exe
  2⤵
  PID:7636
- C:\Windows\System\eynChmt.exe
  C:\Windows\System\eynChmt.exe
  2⤵
  PID:7876
- C:\Windows\System\eRuXFSo.exe
  C:\Windows\System\eRuXFSo.exe
  2⤵
  PID:8096
- C:\Windows\System\UxDmcKU.exe
  C:\Windows\System\UxDmcKU.exe
  2⤵
  PID:5300
- C:\Windows\System\qBAhzsC.exe
  C:\Windows\System\qBAhzsC.exe
  2⤵
  PID:7988
- C:\Windows\System\fEWdwnz.exe
  C:\Windows\System\fEWdwnz.exe
  2⤵
  PID:8208
- C:\Windows\System\lQIiBRC.exe
  C:\Windows\System\lQIiBRC.exe
  2⤵
  PID:8224
- C:\Windows\System\JwAmjRA.exe
  C:\Windows\System\JwAmjRA.exe
  2⤵
  PID:8240
- C:\Windows\System\NiNEguH.exe
  C:\Windows\System\NiNEguH.exe
  2⤵
  PID:8256
- C:\Windows\System\hLpJQsQ.exe
  C:\Windows\System\hLpJQsQ.exe
  2⤵
  PID:8272
- C:\Windows\System\JZzcJhX.exe
  C:\Windows\System\JZzcJhX.exe
  2⤵
  PID:8288
- C:\Windows\System\BWYsXfS.exe
  C:\Windows\System\BWYsXfS.exe
  2⤵
  PID:8304
- C:\Windows\System\QjwZvSN.exe
  C:\Windows\System\QjwZvSN.exe
  2⤵
  PID:8320
- C:\Windows\System\AZrfrwC.exe
  C:\Windows\System\AZrfrwC.exe
  2⤵
  PID:8336
- C:\Windows\System\pXrtWMS.exe
  C:\Windows\System\pXrtWMS.exe
  2⤵
  PID:8352
- C:\Windows\System\fDdfhEg.exe
  C:\Windows\System\fDdfhEg.exe
  2⤵
  PID:8368
- C:\Windows\System\QYXpKWn.exe
  C:\Windows\System\QYXpKWn.exe
  2⤵
  PID:8384
- C:\Windows\System\aEjLYGt.exe
  C:\Windows\System\aEjLYGt.exe
  2⤵
  PID:8400
- C:\Windows\System\mhKSzNJ.exe
  C:\Windows\System\mhKSzNJ.exe
  2⤵
  PID:8416
- C:\Windows\System\JJkVxUF.exe
  C:\Windows\System\JJkVxUF.exe
  2⤵
  PID:8432
- C:\Windows\System\pLamFwf.exe
  C:\Windows\System\pLamFwf.exe
  2⤵
  PID:8448
- C:\Windows\System\qPhdNfJ.exe
  C:\Windows\System\qPhdNfJ.exe
  2⤵
  PID:8464
- C:\Windows\System\MQWzFrO.exe
  C:\Windows\System\MQWzFrO.exe
  2⤵
  PID:8480
- C:\Windows\System\RenTosy.exe
  C:\Windows\System\RenTosy.exe
  2⤵
  PID:8496
- C:\Windows\System\JAztxuT.exe
  C:\Windows\System\JAztxuT.exe
  2⤵
  PID:8512
- C:\Windows\System\XhbfkyG.exe
  C:\Windows\System\XhbfkyG.exe
  2⤵
  PID:8532
- C:\Windows\System\mYMDdnp.exe
  C:\Windows\System\mYMDdnp.exe
  2⤵
  PID:8548
- C:\Windows\System\FtsaAIt.exe
  C:\Windows\System\FtsaAIt.exe
  2⤵
  PID:8564
- C:\Windows\System\JupqiDl.exe
  C:\Windows\System\JupqiDl.exe
  2⤵
  PID:8580
- C:\Windows\System\PngHbtq.exe
  C:\Windows\System\PngHbtq.exe
  2⤵
  PID:8596
- C:\Windows\System\EZgCKec.exe
  C:\Windows\System\EZgCKec.exe
  2⤵
  PID:8612
- C:\Windows\System\ZFsLMUI.exe
  C:\Windows\System\ZFsLMUI.exe
  2⤵
  PID:8628
- C:\Windows\System\UUBRSoy.exe
  C:\Windows\System\UUBRSoy.exe
  2⤵
  PID:8644
- C:\Windows\System\ScDAlSk.exe
  C:\Windows\System\ScDAlSk.exe
  2⤵
  PID:8660
- C:\Windows\System\XUXSAij.exe
  C:\Windows\System\XUXSAij.exe
  2⤵
  PID:8676
- C:\Windows\System\uSgMaSf.exe
  C:\Windows\System\uSgMaSf.exe
  2⤵
  PID:8692
- C:\Windows\System\esYPLWJ.exe
  C:\Windows\System\esYPLWJ.exe
  2⤵
  PID:8708
- C:\Windows\System\OaySoPD.exe
  C:\Windows\System\OaySoPD.exe
  2⤵
  PID:8724
- C:\Windows\System\QBLyTyX.exe
  C:\Windows\System\QBLyTyX.exe
  2⤵
  PID:8740
- C:\Windows\System\xdcsCDh.exe
  C:\Windows\System\xdcsCDh.exe
  2⤵
  PID:8756
- C:\Windows\System\NgWtwIz.exe
  C:\Windows\System\NgWtwIz.exe
  2⤵
  PID:8772
- C:\Windows\System\etgsOms.exe
  C:\Windows\System\etgsOms.exe
  2⤵
  PID:8788
- C:\Windows\System\UawnKbJ.exe
  C:\Windows\System\UawnKbJ.exe
  2⤵
  PID:8804
- C:\Windows\System\cGVmiJe.exe
  C:\Windows\System\cGVmiJe.exe
  2⤵
  PID:8820
- C:\Windows\System\TIDvgix.exe
  C:\Windows\System\TIDvgix.exe
  2⤵
  PID:8836
- C:\Windows\System\bQvcxwe.exe
  C:\Windows\System\bQvcxwe.exe
  2⤵
  PID:8852
- C:\Windows\System\FaFaJuu.exe
  C:\Windows\System\FaFaJuu.exe
  2⤵
  PID:8868
- C:\Windows\System\lifKPJN.exe
  C:\Windows\System\lifKPJN.exe
  2⤵
  PID:8884
- C:\Windows\System\NPcvbTn.exe
  C:\Windows\System\NPcvbTn.exe
  2⤵
  PID:8900
- C:\Windows\System\zhJHzvS.exe
  C:\Windows\System\zhJHzvS.exe
  2⤵
  PID:8916
- C:\Windows\System\ydyozDD.exe
  C:\Windows\System\ydyozDD.exe
  2⤵
  PID:8932
- C:\Windows\System\zEvPRRb.exe
  C:\Windows\System\zEvPRRb.exe
  2⤵
  PID:8952
- C:\Windows\System\IYHhOCT.exe
  C:\Windows\System\IYHhOCT.exe
  2⤵
  PID:8972
- C:\Windows\System\hTXQyOf.exe
  C:\Windows\System\hTXQyOf.exe
  2⤵
  PID:9028
- C:\Windows\System\McGOTnk.exe
  C:\Windows\System\McGOTnk.exe
  2⤵
  PID:9060
- C:\Windows\System\vKWSvWG.exe
  C:\Windows\System\vKWSvWG.exe
  2⤵
  PID:9076
- C:\Windows\System\BLinoxu.exe
  C:\Windows\System\BLinoxu.exe
  2⤵
  PID:9096
- C:\Windows\System\hNgyyXw.exe
  C:\Windows\System\hNgyyXw.exe
  2⤵
  PID:9112
- C:\Windows\System\rDYmLUd.exe
  C:\Windows\System\rDYmLUd.exe
  2⤵
  PID:9128
- C:\Windows\System\EdThBnS.exe
  C:\Windows\System\EdThBnS.exe
  2⤵
  PID:9144
- C:\Windows\System\SaPxGEL.exe
  C:\Windows\System\SaPxGEL.exe
  2⤵
  PID:9164
- C:\Windows\System\TNpDOpu.exe
  C:\Windows\System\TNpDOpu.exe
  2⤵
  PID:9184
- C:\Windows\System\ArvgfKS.exe
  C:\Windows\System\ArvgfKS.exe
  2⤵
  PID:9204
- C:\Windows\System\WDCqPER.exe
  C:\Windows\System\WDCqPER.exe
  2⤵
  PID:8188
- C:\Windows\System\FKVGBcZ.exe
  C:\Windows\System\FKVGBcZ.exe
  2⤵
  PID:7364
- C:\Windows\System\ZVUGFBd.exe
  C:\Windows\System\ZVUGFBd.exe
  2⤵
  PID:8284
- C:\Windows\System\VHJKEoE.exe
  C:\Windows\System\VHJKEoE.exe
  2⤵
  PID:7860
- C:\Windows\System\rgBIkpL.exe
  C:\Windows\System\rgBIkpL.exe
  2⤵
  PID:7672
- C:\Windows\System\hqpMzFl.exe
  C:\Windows\System\hqpMzFl.exe
  2⤵
  PID:8236
- C:\Windows\System\NUPEYfE.exe
  C:\Windows\System\NUPEYfE.exe
  2⤵
  PID:7220
- C:\Windows\System\tKzZdNd.exe
  C:\Windows\System\tKzZdNd.exe
  2⤵
  PID:6952
- C:\Windows\System\gXQUfBT.exe
  C:\Windows\System\gXQUfBT.exe
  2⤵
  PID:8380
- C:\Windows\System\GxBsWqq.exe
  C:\Windows\System\GxBsWqq.exe
  2⤵
  PID:8268
- C:\Windows\System\HQEQpSq.exe
  C:\Windows\System\HQEQpSq.exe
  2⤵
  PID:8440
- C:\Windows\System\thWguuX.exe
  C:\Windows\System\thWguuX.exe
  2⤵
  PID:8472
- C:\Windows\System\SJhJgYx.exe
  C:\Windows\System\SJhJgYx.exe
  2⤵
  PID:8456
- C:\Windows\System\zswVJMn.exe
  C:\Windows\System\zswVJMn.exe
  2⤵
  PID:8524
- C:\Windows\System\CEVsBZI.exe
  C:\Windows\System\CEVsBZI.exe
  2⤵
  PID:8576
- C:\Windows\System\DEOCvcJ.exe
  C:\Windows\System\DEOCvcJ.exe
  2⤵
  PID:8704
- C:\Windows\System\EKPlOcA.exe
  C:\Windows\System\EKPlOcA.exe
  2⤵
  PID:8796
- C:\Windows\System\ogLtWJz.exe
  C:\Windows\System\ogLtWJz.exe
  2⤵
  PID:8860
- C:\Windows\System\SDrMiUo.exe
  C:\Windows\System\SDrMiUo.exe
  2⤵
  PID:8924
- C:\Windows\System\dCeTxUa.exe
  C:\Windows\System\dCeTxUa.exe
  2⤵
  PID:8912
- C:\Windows\System\nPqrkiV.exe
  C:\Windows\System\nPqrkiV.exe
  2⤵
  PID:8720
- C:\Windows\System\kmhJJfd.exe
  C:\Windows\System\kmhJJfd.exe
  2⤵
  PID:8560
- C:\Windows\System\hFpyuvF.exe
  C:\Windows\System\hFpyuvF.exe
  2⤵
  PID:8624
- C:\Windows\System\JmQGfIJ.exe
  C:\Windows\System\JmQGfIJ.exe
  2⤵
  PID:8684
- C:\Windows\System\dWKWebD.exe
  C:\Windows\System\dWKWebD.exe
  2⤵
  PID:8848
- C:\Windows\System\TnudBfl.exe
  C:\Windows\System\TnudBfl.exe
  2⤵
  PID:8992
- C:\Windows\System\DPJrURM.exe
  C:\Windows\System\DPJrURM.exe
  2⤵
  PID:9048
- C:\Windows\System\FiqBZER.exe
  C:\Windows\System\FiqBZER.exe
  2⤵
  PID:9008
- C:\Windows\System\wjESTnj.exe
  C:\Windows\System\wjESTnj.exe
  2⤵
  PID:9152
- C:\Windows\System\VEUvFdu.exe
  C:\Windows\System\VEUvFdu.exe
  2⤵
  PID:9196
- C:\Windows\System\vqVvMLo.exe
  C:\Windows\System\vqVvMLo.exe
  2⤵
  PID:8252
- C:\Windows\System\rNMgdaO.exe
  C:\Windows\System\rNMgdaO.exe
  2⤵
  PID:8344
- C:\Windows\System\XfwgFmW.exe
  C:\Windows\System\XfwgFmW.exe
  2⤵
  PID:8412
- C:\Windows\System\jNBVkQu.exe
  C:\Windows\System\jNBVkQu.exe
  2⤵
  PID:8444
- C:\Windows\System\VtTwueg.exe
  C:\Windows\System\VtTwueg.exe
  2⤵
  PID:8184
- C:\Windows\System\DBNBQsX.exe
  C:\Windows\System\DBNBQsX.exe
  2⤵
  PID:8668
- C:\Windows\System\AjvtSsl.exe
  C:\Windows\System\AjvtSsl.exe
  2⤵
  PID:9012
- C:\Windows\System\fpfUGtK.exe
  C:\Windows\System\fpfUGtK.exe
  2⤵
  PID:9212
- C:\Windows\System\IAdocuf.exe
  C:\Windows\System\IAdocuf.exe
  2⤵
  PID:8544
- C:\Windows\System\kQeCOTn.exe
  C:\Windows\System\kQeCOTn.exe
  2⤵
  PID:9108
- C:\Windows\System\tXIJHKI.exe
  C:\Windows\System\tXIJHKI.exe
  2⤵
  PID:9180
- C:\Windows\System\rQCastn.exe
  C:\Windows\System\rQCastn.exe
  2⤵
  PID:7720
- C:\Windows\System\CfXIHKg.exe
  C:\Windows\System\CfXIHKg.exe
  2⤵
  PID:7664
- C:\Windows\System\azMleeb.exe
  C:\Windows\System\azMleeb.exe
  2⤵
  PID:8332
- C:\Windows\System\XRCXpnl.exe
  C:\Windows\System\XRCXpnl.exe
  2⤵
  PID:8832
- C:\Windows\System\OEePrtn.exe
  C:\Windows\System\OEePrtn.exe
  2⤵
  PID:8948
- C:\Windows\System\KzBKyel.exe
  C:\Windows\System\KzBKyel.exe
  2⤵
  PID:8736
- C:\Windows\System\Tlmdrcw.exe
  C:\Windows\System\Tlmdrcw.exe
  2⤵
  PID:8656
- C:\Windows\System\NeKZTvL.exe
  C:\Windows\System\NeKZTvL.exe
  2⤵
  PID:8592
- C:\Windows\System\IZOSDUy.exe
  C:\Windows\System\IZOSDUy.exe
  2⤵
  PID:8844
- C:\Windows\System\vzEnCld.exe
  C:\Windows\System\vzEnCld.exe
  2⤵
  PID:9160
- C:\Windows\System\pFtBCeg.exe
  C:\Windows\System\pFtBCeg.exe
  2⤵
  PID:7908
- C:\Windows\System\UtfTpiV.exe
  C:\Windows\System\UtfTpiV.exe
  2⤵
  PID:8424
- C:\Windows\System\RBDOenG.exe
  C:\Windows\System\RBDOenG.exe
  2⤵
  PID:9044
- C:\Windows\System\LblEjeW.exe
  C:\Windows\System\LblEjeW.exe
  2⤵
  PID:8700
- C:\Windows\System\eRkFsOI.exe
  C:\Windows\System\eRkFsOI.exe
  2⤵
  PID:8492
- C:\Windows\System\jdoZCpf.exe
  C:\Windows\System\jdoZCpf.exe
  2⤵
  PID:8908
- C:\Windows\System\IqdXukF.exe
  C:\Windows\System\IqdXukF.exe
  2⤵
  PID:9004
- C:\Windows\System\owHfWfI.exe
  C:\Windows\System\owHfWfI.exe
  2⤵
  PID:9140
- C:\Windows\System\kFjmKrr.exe
  C:\Windows\System\kFjmKrr.exe
  2⤵
  PID:8748
- C:\Windows\System\MPDBifJ.exe
  C:\Windows\System\MPDBifJ.exe
  2⤵
  PID:9176
- C:\Windows\System\KTIiDuU.exe
  C:\Windows\System\KTIiDuU.exe
  2⤵
  PID:8828
- C:\Windows\System\xLNcVgd.exe
  C:\Windows\System\xLNcVgd.exe
  2⤵
  PID:7564
- C:\Windows\System\SIKVepi.exe
  C:\Windows\System\SIKVepi.exe
  2⤵
  PID:9036
- C:\Windows\System\eyqxghV.exe
  C:\Windows\System\eyqxghV.exe
  2⤵
  PID:8220
- C:\Windows\System\ntvkAQU.exe
  C:\Windows\System\ntvkAQU.exe
  2⤵
  PID:8312
- C:\Windows\System\hOPGEkt.exe
  C:\Windows\System\hOPGEkt.exe
  2⤵
  PID:8812
- C:\Windows\System\hcmrsSQ.exe
  C:\Windows\System\hcmrsSQ.exe
  2⤵
  PID:9092
- C:\Windows\System\RWHDZzY.exe
  C:\Windows\System\RWHDZzY.exe
  2⤵
  PID:8376
- C:\Windows\System\gQNHVaA.exe
  C:\Windows\System\gQNHVaA.exe
  2⤵
  PID:7596
- C:\Windows\System\eMctIZr.exe
  C:\Windows\System\eMctIZr.exe
  2⤵
  PID:8640
- C:\Windows\System\fRaOWnG.exe
  C:\Windows\System\fRaOWnG.exe
  2⤵
  PID:8652
- C:\Windows\System\DwGFNEl.exe
  C:\Windows\System\DwGFNEl.exe
  2⤵
  PID:7816
- C:\Windows\System\BBxWEUi.exe
  C:\Windows\System\BBxWEUi.exe
  2⤵
  PID:9020
- C:\Windows\System\aLFROps.exe
  C:\Windows\System\aLFROps.exe
  2⤵
  PID:9056
- C:\Windows\System\WDikKDn.exe
  C:\Windows\System\WDikKDn.exe
  2⤵
  PID:9124
- C:\Windows\System\qImuBfB.exe
  C:\Windows\System\qImuBfB.exe
  2⤵
  PID:8528
- C:\Windows\System\KnqNKfV.exe
  C:\Windows\System\KnqNKfV.exe
  2⤵
  PID:9220
- C:\Windows\System\zMHSQAE.exe
  C:\Windows\System\zMHSQAE.exe
  2⤵
  PID:9236
- C:\Windows\System\kiUHxam.exe
  C:\Windows\System\kiUHxam.exe
  2⤵
  PID:9252
- C:\Windows\System\bOTqeNc.exe
  C:\Windows\System\bOTqeNc.exe
  2⤵
  PID:9268
- C:\Windows\System\WlfuaRA.exe
  C:\Windows\System\WlfuaRA.exe
  2⤵
  PID:9284
- C:\Windows\System\HpkJCLa.exe
  C:\Windows\System\HpkJCLa.exe
  2⤵
  PID:9300
- C:\Windows\System\klfopAz.exe
  C:\Windows\System\klfopAz.exe
  2⤵
  PID:9316
- C:\Windows\System\DabioDi.exe
  C:\Windows\System\DabioDi.exe
  2⤵
  PID:9332
- C:\Windows\System\bQKzlGC.exe
  C:\Windows\System\bQKzlGC.exe
  2⤵
  PID:9348
- C:\Windows\System\LzopHCb.exe
  C:\Windows\System\LzopHCb.exe
  2⤵
  PID:9364
- C:\Windows\System\FDWemEN.exe
  C:\Windows\System\FDWemEN.exe
  2⤵
  PID:9384
- C:\Windows\System\BnDryhB.exe
  C:\Windows\System\BnDryhB.exe
  2⤵
  PID:9400
- C:\Windows\System\XtUSKnJ.exe
  C:\Windows\System\XtUSKnJ.exe
  2⤵
  PID:9416
- C:\Windows\System\IYlLvfe.exe
  C:\Windows\System\IYlLvfe.exe
  2⤵
  PID:9432
- C:\Windows\System\gNCbQhU.exe
  C:\Windows\System\gNCbQhU.exe
  2⤵
  PID:9448
- C:\Windows\System\SBUuLUi.exe
  C:\Windows\System\SBUuLUi.exe
  2⤵
  PID:9464
- C:\Windows\System\BrcDjDP.exe
  C:\Windows\System\BrcDjDP.exe
  2⤵
  PID:9480
- C:\Windows\System\SROMlIL.exe
  C:\Windows\System\SROMlIL.exe
  2⤵
  PID:9496
- C:\Windows\System\ZEIwIYt.exe
  C:\Windows\System\ZEIwIYt.exe
  2⤵
  PID:9512
- C:\Windows\System\ZXtkekl.exe
  C:\Windows\System\ZXtkekl.exe
  2⤵
  PID:9528
- C:\Windows\System\YqhSjrI.exe
  C:\Windows\System\YqhSjrI.exe
  2⤵
  PID:9544
- C:\Windows\System\FBAkKxn.exe
  C:\Windows\System\FBAkKxn.exe
  2⤵
  PID:9560
- C:\Windows\System\DtVSquT.exe
  C:\Windows\System\DtVSquT.exe
  2⤵
  PID:9576
- C:\Windows\System\FnPqzlM.exe
  C:\Windows\System\FnPqzlM.exe
  2⤵
  PID:9592
- C:\Windows\System\EFLxYoT.exe
  C:\Windows\System\EFLxYoT.exe
  2⤵
  PID:9608
- C:\Windows\System\YaEvlfh.exe
  C:\Windows\System\YaEvlfh.exe
  2⤵
  PID:9624
- C:\Windows\System\UuJTBOx.exe
  C:\Windows\System\UuJTBOx.exe
  2⤵
  PID:9640
- C:\Windows\System\wvZGXWW.exe
  C:\Windows\System\wvZGXWW.exe
  2⤵
  PID:9656
- C:\Windows\System\HoSIZYg.exe
  C:\Windows\System\HoSIZYg.exe
  2⤵
  PID:9672
- C:\Windows\System\fzxUmDT.exe
  C:\Windows\System\fzxUmDT.exe
  2⤵
  PID:9688
- C:\Windows\System\puhiVlQ.exe
  C:\Windows\System\puhiVlQ.exe
  2⤵
  PID:9704
- C:\Windows\System\oUudYnG.exe
  C:\Windows\System\oUudYnG.exe
  2⤵
  PID:9720
- C:\Windows\System\uyTChEB.exe
  C:\Windows\System\uyTChEB.exe
  2⤵
  PID:9736
- C:\Windows\System\xbHhTGG.exe
  C:\Windows\System\xbHhTGG.exe
  2⤵
  PID:9752
- C:\Windows\System\TJSRStn.exe
  C:\Windows\System\TJSRStn.exe
  2⤵
  PID:9768
- C:\Windows\System\NXDLqFl.exe
  C:\Windows\System\NXDLqFl.exe
  2⤵
  PID:9784
- C:\Windows\System\iMvRvky.exe
  C:\Windows\System\iMvRvky.exe
  2⤵
  PID:9800
- C:\Windows\System\AUPPsIj.exe
  C:\Windows\System\AUPPsIj.exe
  2⤵
  PID:9816
- C:\Windows\System\NvZFrZh.exe
  C:\Windows\System\NvZFrZh.exe
  2⤵
  PID:9832
- C:\Windows\System\YCWZVxV.exe
  C:\Windows\System\YCWZVxV.exe
  2⤵
  PID:9852
- C:\Windows\System\DsgSZIJ.exe
  C:\Windows\System\DsgSZIJ.exe
  2⤵
  PID:9868
- C:\Windows\System\UnBxpku.exe
  C:\Windows\System\UnBxpku.exe
  2⤵
  PID:9884
- C:\Windows\System\HnClKmV.exe
  C:\Windows\System\HnClKmV.exe
  2⤵
  PID:9900
- C:\Windows\System\AGHuDIo.exe
  C:\Windows\System\AGHuDIo.exe
  2⤵
  PID:9916
- C:\Windows\System\ClEQgES.exe
  C:\Windows\System\ClEQgES.exe
  2⤵
  PID:9932
- C:\Windows\System\XGItUcc.exe
  C:\Windows\System\XGItUcc.exe
  2⤵
  PID:9948
- C:\Windows\System\lukUMic.exe
  C:\Windows\System\lukUMic.exe
  2⤵
  PID:9964
- C:\Windows\System\YFnWEZe.exe
  C:\Windows\System\YFnWEZe.exe
  2⤵
  PID:9980
- C:\Windows\System\ndjFzcZ.exe
  C:\Windows\System\ndjFzcZ.exe
  2⤵
  PID:9996
- C:\Windows\System\dmaWIOp.exe
  C:\Windows\System\dmaWIOp.exe
  2⤵
  PID:10012
- C:\Windows\System\nNYwajd.exe
  C:\Windows\System\nNYwajd.exe
  2⤵
  PID:10028
- C:\Windows\System\zPMjTlF.exe
  C:\Windows\System\zPMjTlF.exe
  2⤵
  PID:10044
- C:\Windows\System\QsMcnSx.exe
  C:\Windows\System\QsMcnSx.exe
  2⤵
  PID:10060
- C:\Windows\System\ZhrhZAU.exe
  C:\Windows\System\ZhrhZAU.exe
  2⤵
  PID:10076
- C:\Windows\System\OCNVQIH.exe
  C:\Windows\System\OCNVQIH.exe
  2⤵
  PID:10092
- C:\Windows\System\BNoHKGK.exe
  C:\Windows\System\BNoHKGK.exe
  2⤵
  PID:10108
- C:\Windows\System\sciVPYX.exe
  C:\Windows\System\sciVPYX.exe
  2⤵
  PID:10124
- C:\Windows\System\OxNyZZQ.exe
  C:\Windows\System\OxNyZZQ.exe
  2⤵
  PID:10144
- C:\Windows\System\PoIYvzQ.exe
  C:\Windows\System\PoIYvzQ.exe
  2⤵
  PID:10160
- C:\Windows\System\fAWJDUr.exe
  C:\Windows\System\fAWJDUr.exe
  2⤵
  PID:10176
- C:\Windows\System\SVcYHQt.exe
  C:\Windows\System\SVcYHQt.exe
  2⤵
  PID:10192
- C:\Windows\System\KMzaUoB.exe
  C:\Windows\System\KMzaUoB.exe
  2⤵
  PID:10208
- C:\Windows\System\Agcmcse.exe
  C:\Windows\System\Agcmcse.exe
  2⤵
  PID:10224
- C:\Windows\System\VDCovJb.exe
  C:\Windows\System\VDCovJb.exe
  2⤵
  PID:8364
- C:\Windows\System\qIxDtij.exe
  C:\Windows\System\qIxDtij.exe
  2⤵
  PID:9244
- C:\Windows\System\vkIqzlu.exe
  C:\Windows\System\vkIqzlu.exe
  2⤵
  PID:8520
- C:\Windows\System\sLOGEqY.exe
  C:\Windows\System\sLOGEqY.exe
  2⤵
  PID:9264
- C:\Windows\System\SJgJIBU.exe
  C:\Windows\System\SJgJIBU.exe
  2⤵
  PID:9356
- C:\Windows\System\DCPQfEr.exe
  C:\Windows\System\DCPQfEr.exe
  2⤵
  PID:9308
- C:\Windows\System\wxyklpU.exe
  C:\Windows\System\wxyklpU.exe
  2⤵
  PID:9376
- C:\Windows\System\kmmQsLT.exe
  C:\Windows\System\kmmQsLT.exe
  2⤵
  PID:9440
- C:\Windows\System\ipEDodI.exe
  C:\Windows\System\ipEDodI.exe
  2⤵
  PID:9392
- C:\Windows\System\YMEdKtP.exe
  C:\Windows\System\YMEdKtP.exe
  2⤵
  PID:9456
- C:\Windows\System\PWGIRzS.exe
  C:\Windows\System\PWGIRzS.exe
  2⤵
  PID:9492
- C:\Windows\System\vlPDOln.exe
  C:\Windows\System\vlPDOln.exe
  2⤵
  PID:9568
- C:\Windows\System\vnBYNQi.exe
  C:\Windows\System\vnBYNQi.exe
  2⤵
  PID:9632
- C:\Windows\System\TsbkWwX.exe
  C:\Windows\System\TsbkWwX.exe
  2⤵
  PID:9696
- C:\Windows\System\FrvxVuf.exe
  C:\Windows\System\FrvxVuf.exe
  2⤵
  PID:9760
- C:\Windows\System\DTULZer.exe
  C:\Windows\System\DTULZer.exe
  2⤵
  PID:9824
- C:\Windows\System\WbLAzyL.exe
  C:\Windows\System\WbLAzyL.exe
  2⤵
  PID:9864
- C:\Windows\System\WFyuMJT.exe
  C:\Windows\System\WFyuMJT.exe
  2⤵
  PID:9924
- C:\Windows\System\vMOTufc.exe
  C:\Windows\System\vMOTufc.exe
  2⤵
  PID:9960
- C:\Windows\System\xgwhcly.exe
  C:\Windows\System\xgwhcly.exe
  2⤵
  PID:9616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AdMfawG.exe

Filesize
6.0MB

MD5
f58ca8eb9edd15c2ee009f543a39158b

SHA1
b7bb9b7b557aa4ef7965aad57dab668ae8886c6d

SHA256
c9739795540e2bf69aa3aa8eac447fc0088d1b7de6f04bb91e87b08396c6bc34

SHA512
1b207fe1b0f4ace372867709c36fa02e0c18c495102a01c4c70686520b07596f9d4c287e02ab696c7fa01e703a3f2ca95847a2aff9538323c58ed302306eb199

Download Submit
C:\Windows\system\ELsihOW.exe

Filesize
6.0MB

MD5
577fcc582d545d758179a9d76bf1ba13

SHA1
95716c9ccc858e4aedea0cc6f6475b300ac2acb3

SHA256
4160de82abf6cbdb285d60d2a4ad1b59b0ff1edd39778aa9ec5ba80c5d653790

SHA512
138e79ab7b7b3a43b47f4722cf2c2b690bc65d1bb47c94da080229f2408ae76e8b9746768894c3f582b39a64a1d12301e753d9571605aabcc5fc8492bb861e89

Download Submit
C:\Windows\system\FPqGPun.exe

Filesize
6.0MB

MD5
6d92c99ee6b773f32b076d2516a28b3e

SHA1
54184af0064dd0a4d351c195ebdd7e5b1c87f8d6

SHA256
6fb1b32100157903135e5aacdfbcb8ec4973b1d309ee5282d41bba264adcb3ca

SHA512
30e568c7a08a2c42462acf5f0da13f23b06d4e4b0c4e4703d61ad0b81c96b7471a9953a3250f26c380cad3cbdbeb2ff4e2f34249bb9b904f497a3e5ebf3911d8

Download Submit
C:\Windows\system\IWcUCmL.exe

Filesize
6.0MB

MD5
c7f38afe8c869bcdfa244ca832b5f68c

SHA1
37a42e73c8458bba79429d05b324e5cdd972450e

SHA256
adbf8573da4e6b941227efcb4aec66992b8ebb8120df975a41d618cd5c9a63c3

SHA512
55894d1188e896db5f121bf8a99f24461c47e38456d80731843f97d6f060e306ecdaf56f0fad00a8a2e3d9c8d4af127a0adc955f5695b0cfbd5cd24fb68dad38

Download Submit
C:\Windows\system\MXLtppP.exe

Filesize
6.0MB

MD5
fb11544ac06e6b61d6df9e911a759812

SHA1
29043a6c798c34033950b5937ea0983b8ff71f9d

SHA256
4f3abfdb045807bd052eb6c635a6d944334d20761341d11e94284f32f8dfd6c4

SHA512
05c8895a9a509dd93effa8ab1c926059df5d956ac339cd08ecd7b370ffd7e91fb82af379d67da9f8d4efaad7adb9700967c6a9d610da1e47281567d32332d6fd

Download Submit
C:\Windows\system\TzGVEFw.exe

Filesize
6.0MB

MD5
5b1f42feb5231b0e339470bfa067876a

SHA1
1aae356bbf4151385bbb1c3184c649d730a36aec

SHA256
048276be8612a0f3545c5d97044ad6cfa7560f8aab1ff6d99bf656b9cc1c3559

SHA512
bdb5a5d0fadac47a6fae3d681a2668ef3792109237846a446185ab51dc127946b8651e1603ff089012e0e176eafdb85c583815396ac7f547a3227196aa80c7d6

Download Submit
C:\Windows\system\VAMVBGt.exe

Filesize
6.0MB

MD5
38600c2d0a03351f11ff07cd0b4ef5bf

SHA1
a4d0082720c9cfeaa2c8fee841a166fed643d4ca

SHA256
ce3388eaa55aa6a213e1fb71b562b6ea619e2d20f371067200a60634d458f3e3

SHA512
8ac69e54a89b4da3ad12ffc5d6b1e4515fdc7cef175f90952144be9e390746c4bc1284108e4ea1f38c466af79025ffff5b1a5ffc7a29bd553f05a23276233289

Download Submit
C:\Windows\system\VoHThvS.exe

Filesize
6.0MB

MD5
6719bab2119e404545b34cf14b48c82e

SHA1
95339c58b602e5ca7709b0d0430fbd4f9d3eece0

SHA256
24288be0af362b737b9780ee8cb9a2eade02199f8394da6235606e348c651e72

SHA512
a1072d34a22fb6c1cd43d141b7f68d8fac1a484800528fabe0e93668d3fab027a84cf16fb3f1b7a26be37c610894641ecf2f43bcdb181c426dc942cf3e5b9ecf

Download Submit
C:\Windows\system\WVSHhdb.exe

Filesize
6.0MB

MD5
039be95befdb09922d82607169d8aed2

SHA1
1c4ce67d7c96a67a2cdfe14cf5c3781eba44035d

SHA256
6520c43a198bb38739d6a0c57440aeb51aea4a4e0386d42719d461da84dae969

SHA512
e38e17096ff42bb6eee4513ef6b7f00724f3d43700923dd60a156e8214b87da5b35ebb322b078f157d6db031da9ffbdac0af0307a4563d8e930a9985401ae2df

Download Submit
C:\Windows\system\WvWzlsQ.exe

Filesize
6.0MB

MD5
f65081a1957f95a4c5f67b6bab088e1e

SHA1
fe2376e6067c6f4500ced47416fbe844c072c6a8

SHA256
8501102d7ea3303fcee9288a5651a1dc4e14f39c6ccf54bb705706f2fd49129f

SHA512
a819f449492e7f50f3c134a7e708c4b50bd53058572f022b852dc02e25a1cc92757fa428eed9e324ef7565d5f16c9f42cfb78c3834591de271c47711c970c615

Download Submit
C:\Windows\system\aoewBYJ.exe

Filesize
6.0MB

MD5
0c963afe2553f48a5b657feefb0e2c39

SHA1
5bf05ad827fc18c491593a34b0cbbac0e32081a0

SHA256
6d08cca8f568d0b7cfa7bf56876e60e8d324c812e79ec21fe72162f161f6044c

SHA512
5ee2379023eeb0d61e06106f3137f8cae20ae614e6a4460ed8d22f9d4323790b8533f65f9d16dcd16021579304eade102602e9509c76f73752e6af0c2eefbf0d

Download Submit
C:\Windows\system\fJoJkug.exe

Filesize
6.0MB

MD5
d096c69bf57be5de1c2ce814f50f0661

SHA1
860dd90d57e2e7fd40149efaf63790f4dc4ed54b

SHA256
b7ae3fdc1588190392547db56dd88d9f757e80991b0cbd9fe8bcfcf0b570c50a

SHA512
7b4927a7324ea1f5969ddd324edc0f066d20744930eeb888c0ebee799d411c952c420d58022fe224bb7c1603d37faa9ab5f1fec9de3927949771fad70b02c5b5

Download Submit
C:\Windows\system\jnYdidK.exe

Filesize
6.0MB

MD5
01f762ccaad2847a906f88a4a9ceb284

SHA1
8e1ffd1ca2354c97ffa815d23e76ae02a2eb1c33

SHA256
223aa4e2cea34a77316ed24658dc3e080b48e3b9b9d8d0e4de2871f8550fdf05

SHA512
da290fd01b2de1b326b1984ea19dad76c521367ab0c847b8ad151e38c0dc4c662da5f778970464d10e570262d265b38c208d2d229f09e8ddc83016cf047e6fca

Download Submit
C:\Windows\system\jyylqPM.exe

Filesize
6.0MB

MD5
4d3a0e839754575e8e5ee524792e4c57

SHA1
ee01d7711cf43599b41a8c9926824605e97bf4d6

SHA256
fa8ca7e3e136a2a5e7fb12b22a02646d4080f7507c20b807f05a6304756fc508

SHA512
34119e9e8b93ff76bb0931fb602e28e297b941f075eac5d99f362fad04fd68f6ae46184017225903cc94aa38fac59640452893859c37d5eca19aa4b8cf7479a0

Download Submit
C:\Windows\system\rgKxyxN.exe

Filesize
6.0MB

MD5
8d0214bdf9a9f15e85b6e7f0daeb7e0b

SHA1
2fb8a1fe631071183c79fe9579f29d30ea3fdd1e

SHA256
50d2a605dfeb2190f90c34b3065477e9ed255f606ba35c167cb00044792a590f

SHA512
ac8527735806950a4f8482cf72fec416c2a22c66a151bde393422e3801fcd543762e62f67542e47f30c972cdf2608d98a0b75a42584ff5789c4242ba8281faba

Download Submit
C:\Windows\system\rrtTNVs.exe

Filesize
6.0MB

MD5
96389bb5f17851ef5701279b41f7088e

SHA1
365ee53f23742b1a99de5fc5085fed1b73541731

SHA256
caaf32e403fd68587c9f702fb25775cbc2056bc1b5d2a4531e9cdc0ac735aaa6

SHA512
9bb29129153e028d3b532a1cabdd18a6c75df0e6cab731735204a65b0c57af6934bf8bc93399d4764efc2c833277dd5e73bef77430eabe8e9c75bfbca3f13722

Download Submit
C:\Windows\system\xOFHFii.exe

Filesize
6.0MB

MD5
e5b8d6cc8483d93decf1fb9bddcb1d17

SHA1
3866bc06fef33b0950e5c15dc44d28ed212808b0

SHA256
6fe1ee9916a980e0e5746fffcfd0e61570f64baa782d808a84e9a203f68fdadc

SHA512
050e22adf438f58a67cbe695041fcd970c10a2e7f4265afb4ac20ce6da58aa5f438a13540ee1365540ee3ded6657e04e20e1a1106f93c3a31c57e23603609ceb

Download Submit
C:\Windows\system\yKUsRfQ.exe

Filesize
6.0MB

MD5
cf6654af910680bee1e9896ff54a0bfd

SHA1
88d6c2eaaf735ca1c32b0c6eff712815c8624a0e

SHA256
3bc7389768cd206ca8fbc24f8716a26f2b68426d29f08b3198178de7a3825d36

SHA512
9855f2ce419719f3322308e4898be2b86773ec8b217801ac6fc078eb60a1d6e51910054c8a98729d5f53dcfcec2e652b05a4d23fa5c798526343dedb7bf3d118

Download Submit
C:\Windows\system\zGeofKo.exe

Filesize
6.0MB

MD5
1f601b2323d86e147d98b1c8394b9d40

SHA1
9dc6fe744e494ed35b6117599ee3fa5c9dc58ab6

SHA256
8df0be8a996006cca79716793f149d4b715ccfe8e9ef25ca0086e34c17276a5a

SHA512
a2055e596cfb363107e94bf680264607e2b7499c969cf4f64cdfb695674bf11999c3e3f624179e56ac623cfabb9ea94a1da929bb761e6c62c894b57aa53121ae

Download Submit
C:\Windows\system\zmjCLoz.exe

Filesize
6.0MB

MD5
b26906e7ec15836ee88667296d850b2c

SHA1
47e48bb9c75810b037924ae5354eda77fb10b58b

SHA256
52c4e574ef1141674b9f4a12a9a0bcdff4644c46d589bf90a87d2e3233441e8c

SHA512
1ed90d1bce16c27bb00be026e6be435477cb4e8aed8da68ec4a1d1f6ca0a5c43bab8ef82bb63648e1fd7224f3ccd79c441d514ac94adf5588c204c32eb639d45

Download Submit
\Windows\system\AGOyYGb.exe

Filesize
6.0MB

MD5
17a1d934e371582a000063cefd3c1d70

SHA1
573a31db6ff0df860a8f64f485c9e142a3d47975

SHA256
3a180f030d0fc095f208cf9908cb8575d374ae9ce709d9e38069ff0cc730ce63

SHA512
3431b29026d8b9075f784c9fdcd9cce063632ebfc845043d71d0feddfc879f8aa1cb5cf6ab1efda37e62936b3825e8155c1d476526bbeeaf1f2e05d3141ed4e3

Download Submit
\Windows\system\CGmtRtj.exe

Filesize
6.0MB

MD5
001225b5debd100ad28b6575de775193

SHA1
b6aa7b627e848ecb0c303ea71513dd038fa9e2d1

SHA256
aabadd10354527abd73932fb8f11f7b209c1d7f79b521976500e72608042e2ba

SHA512
8893b749b5a5a52ca81398df45feacb8c1dd60fa69b745eb033b5a6f96e5bf286b2901c9af715c32dc60d8667a4dd17e96a467f00f3f86efae15f884c249be55

Download Submit
\Windows\system\CRCUoew.exe

Filesize
6.0MB

MD5
df1b0f4b03a7e8c4d0cfe553329b6eb0

SHA1
10c522c25addab2a12bffd99c6c740efd1ea4480

SHA256
df05a483664d7c0aa22770fc9cee24283316ccc459f367aab4b1903932acdaa6

SHA512
1c92d6c714443c4202f2207d44ecf432e7362c2f3f7f8fcff5ceae749c13870151be8c5bf22100bec3b4b19641f40e4aadcbee9b09a5c0c2ded74a08f52ee401

Download Submit
\Windows\system\FMEKTXY.exe

Filesize
6.0MB

MD5
51519f93ca1faf73507e0c9596117290

SHA1
e65f5559ce7fbd058a3e6f8c8f33829a1192cb32

SHA256
48d01911969f75bdd7e1ea2802d5155b5b694ee86208917b2f03af3044a1883a

SHA512
e54081c70f269052b0081cda417aae7089f32176ee806a16d73d10cd0dc7584deffbb447df2b20e110467021f8f47080071cb1ae36150f1ca734900874492043

Download Submit
\Windows\system\IUZgRYw.exe

Filesize
6.0MB

MD5
2ab6b7a07e4226fdb06aec72980b1ac4

SHA1
24b4279d1f583cc2672a6993f3e2a31e24f67cab

SHA256
c0d4631d4ba1b4561c3eab99b325056a43397e1d270b2d8239337706837baef6

SHA512
e58c227ad6076937d433c9c44cb41de14f26268a091fb35d734264f98eaa2bb069d12f3b826679776567f4ef637040541098e77e9eb30f7ef36f1ce2b5261e02

Download Submit
\Windows\system\JInqAKv.exe

Filesize
6.0MB

MD5
244b5d8067a7771d4857f7c0ab58ccf2

SHA1
5ddab45e81a26402699da0bb32ff67c0b63fbca1

SHA256
f8a034087cc8414481d5a01914389ddec0a8ad7c6afccacae0cb742c6473924f

SHA512
a66f1f60bdd15784434ffbe519e09d7af0ee5e2d4d4442d0b2e40fc5bf001181f693428b23e84ec369e5736fa58c8e28e9fa5edd83d13f900c2535511c606fbf

Download Submit
\Windows\system\RykKAny.exe

Filesize
6.0MB

MD5
682102b5adaf1e364390f0f41f8b3405

SHA1
1053e1f7b435e34213a87e59fe0aead659839992

SHA256
51b296c8ae86faee2602ddd82511403eaf1126df65e0b9d957919535d1cb08d9

SHA512
6926e42e969760ad5b8f774ef2b35be4ad4a08d7be2607010c25ed0d4a19fb19c4e916c2fb88a3171ac1a25250391e145c6eb8f49d9ea11313cbb4ded5c719a9

Download Submit
\Windows\system\SeszSeP.exe

Filesize
6.0MB

MD5
e5119f20226ba4b8662104a5fd7cb9a7

SHA1
c60ea115c73a5de8e22e31b994bf463a7506a265

SHA256
05045cdd45788a7a96528db5d4613e805d64cee5ffe14b28f4945c0649421b45

SHA512
a3ab6daa573a3b85c287e73af67d7b5f9680b6e590c0acc1bc7f7fa03de3f53611f6cb6033edc3cb03b9565ad150743a926cac8e41bead88cb42e509bcf289e9

Download Submit
\Windows\system\hIFYBDO.exe

Filesize
6.0MB

MD5
bf6bb5952e96aac39590306174cba853

SHA1
71666d7ca2bf288030d8cbae68814756b4160104

SHA256
384604cdaa21c7ab6def2bdcd535067f2c30d40312e1f08d673a739910344e26

SHA512
1b4b368f3884fc7b734752ee677483607c7684c8d3f163187354b3aeed66fd91ae72a0d3e3f4ae2bb67d761981f1449768dad4a18395e229e81dd7acc62ec1a0

Download Submit
\Windows\system\mCWljkT.exe

Filesize
6.0MB

MD5
fb24c5f90462d038c662b026d95b0394

SHA1
9ea6038a69480489f56f7032f7bb11823d7354d8

SHA256
e2a67615dbe164e2821328242f2a17cbbd62b927d1a420e69fcd212740b2a915

SHA512
60b169e5575bb48771670481d7cadee373d3723aa9f081396c07aed14ef5e30ce46954158b8ade4a3df7d7c27847d7bbe522b163e9bbdd7a396b269e11936d56

Download Submit
\Windows\system\mbwwXRe.exe

Filesize
6.0MB

MD5
17476aa879c47ccb4499ea5d97e5f649

SHA1
805596a52814fe05394288d8950a87ca6f004126

SHA256
a3a8d2da8c22c28383f93878cbab6985b0a19b5def1f87ca9b303d2c89abe8e7

SHA512
afd4e24dd95e2ca834d98812dcddef8f28d9597e8242e1759f0ab18449778607f567c6870f984bf9072422080d813cbbf6f6e0371a60bf34d3ea8589edd956df

Download Submit
\Windows\system\zqBhreG.exe

Filesize
6.0MB

MD5
e36deb47eb076f79839ac6b6e792d5c3

SHA1
8e265e53be8a59982f4a7a9f1070eaa384068870

SHA256
3039ef72c7379c4da8d81f55a6db6ed5fc41cfc289d02fd9f58f6613da2ac964

SHA512
9ecd3d169a5a7628ff2abcd945118f7fc5b270d31089c8beb7e8bdee35145a43544151753d3a734c4b23755e63eefdc2c5803baafd4d5f95b363863567c19068

Download Submit
memory/1044-3378-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/1044-23-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/1048-54-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/1048-3380-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/1532-106-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/1532-856-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/1532-3801-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/1600-3714-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/1600-105-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/1600-60-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/1856-3712-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/1856-87-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/1996-97-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/1996-276-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/1996-3800-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2216-90-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2216-3718-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2216-160-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2376-109-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2376-80-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2376-3713-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2432-86-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2432-3799-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2432-46-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2536-3381-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2536-37-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2644-67-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2644-764-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2644-56-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-53-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2644-36-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2644-89-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2644-95-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2644-41-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-40-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2644-108-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2644-85-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2644-1-0x0000000000100000-0x0000000000110000-memory.dmp

Filesize
64KB

Download
memory/2644-39-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2644-102-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2644-101-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-22-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2644-25-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2644-967-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2644-84-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2644-12-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-76-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2644-0-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2644-21-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-3797-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-17-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-43-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-20-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3379-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3798-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2824-30-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2832-3715-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2832-68-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download