cobaltstrike | 3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-12-2024 14:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
Size

6.0MB
MD5

a32015f593084cdef344939d4c973a80
SHA1

1889441f6426b64dddfb77d75330dce9f1589bf4
SHA256

3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c
SHA512

47a2ab2f90d619532be05a375a9c4dcd4a8f8b8bba2e1f4f28a762387d96019a55fcce25169b5cbb499adb59b546728f6f0329e37ea7a92e55b81568b176df26
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lU/:eOl56utgpPF8u/7/

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d3f-7.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d47-14.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d50-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dad-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dc8-25.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016e74-30.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001739a-33.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190d6-45.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f7-53.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-65.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924c-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019389-93.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001942f-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019401-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019403-156.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d9-141.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-136.dat	cobalt_reflective_dll
behavioral1/files/0x0036000000016d24-131.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-127.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193be-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019277-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019271-78.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-73.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019229-61.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019218-57.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-49.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190cd-41.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001879b-37.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 50 IoCs

miner

resource	yara_rule
behavioral1/memory/1868-0-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/files/0x0008000000016d3f-7.dat	xmrig
behavioral1/files/0x0008000000016d47-14.dat	xmrig
behavioral1/files/0x0008000000016d50-15.dat	xmrig
behavioral1/files/0x0007000000016dad-22.dat	xmrig
behavioral1/files/0x0007000000016dc8-25.dat	xmrig
behavioral1/files/0x0007000000016e74-30.dat	xmrig
behavioral1/files/0x000900000001739a-33.dat	xmrig
behavioral1/files/0x00060000000190d6-45.dat	xmrig
behavioral1/files/0x00050000000191f7-53.dat	xmrig
behavioral1/files/0x0005000000019234-65.dat	xmrig
behavioral1/files/0x000500000001924c-69.dat	xmrig
behavioral1/files/0x0005000000019273-81.dat	xmrig
behavioral1/files/0x0005000000019389-93.dat	xmrig
behavioral1/files/0x000500000001942f-161.dat	xmrig
behavioral1/files/0x0005000000019401-152.dat	xmrig
behavioral1/files/0x0005000000019403-156.dat	xmrig
behavioral1/files/0x00050000000193d9-141.dat	xmrig
behavioral1/files/0x00050000000193df-145.dat	xmrig
behavioral1/files/0x00050000000193cc-136.dat	xmrig
behavioral1/files/0x0036000000016d24-131.dat	xmrig
behavioral1/files/0x00050000000193c4-127.dat	xmrig
behavioral1/files/0x00050000000193be-97.dat	xmrig
behavioral1/files/0x0005000000019382-89.dat	xmrig
behavioral1/files/0x0005000000019277-85.dat	xmrig
behavioral1/files/0x0005000000019271-78.dat	xmrig
behavioral1/files/0x000500000001926b-73.dat	xmrig
behavioral1/files/0x0005000000019229-61.dat	xmrig
behavioral1/files/0x0005000000019218-57.dat	xmrig
behavioral1/files/0x00050000000191f3-49.dat	xmrig
behavioral1/files/0x00060000000190cd-41.dat	xmrig
behavioral1/files/0x000500000001879b-37.dat	xmrig
behavioral1/memory/2836-2005-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2964-2071-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2652-2087-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2956-2457-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2552-2552-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/1868-2604-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2640-2603-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2532-2613-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/1868-4039-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2652-4062-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2532-4064-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2552-4063-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2836-4060-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2964-4055-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2956-4054-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2640-4053-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2576-4052-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2668	OrejPAU.exe
2836	crXMhon.exe
2964	XQYMedE.exe
2652	KufehMX.exe
2956	okGHQAT.exe
2868	ngKKeLA.exe
2556	xuGYBcg.exe
2552	GZgTDDS.exe
2640	uvthxTt.exe
2532	ySBnlAu.exe
2576	obfmuro.exe
3028	tZsxSuA.exe
2184	ADXriGX.exe
752	hQPbwSf.exe
1224	ejvIBoZ.exe
1916	msMsbiH.exe
1080	hxoFCBH.exe
2000	OaQTEZs.exe
2756	uqoiYHa.exe
2980	lpzAGwG.exe
1984	SDDmyFb.exe
2940	BPAmulg.exe
2744	oyZhGQM.exe
2596	lpgFLJW.exe
2368	iSZtNiT.exe
2320	QzKwXJE.exe
2160	VGwoXeo.exe
2208	BKmioGQ.exe
2992	DJOkeTt.exe
2360	UmApbUf.exe
1288	JIawUNg.exe
868	jpqlpyp.exe
1436	cuxElhx.exe
316	fANsGIi.exe
964	LelzWhM.exe
392	sqhXlWO.exe
3024	VFEquTV.exe
2352	TrILjSZ.exe
2008	ZDksBAT.exe
1040	NYNZQAJ.exe
1704	MsgkoMn.exe
1700	VjNjhkC.exe
840	oIWnDeN.exe
940	KCCEpTE.exe
2496	nIBFomg.exe
1840	UKArxOh.exe
2272	kgrTCKq.exe
2088	ykwFCgx.exe
2400	EwmYQjv.exe
696	mJwKBcE.exe
1828	ZevLLnG.exe
2404	rMGupKZ.exe
2288	quHiBGm.exe
1508	cDqZIIi.exe
2164	NUUpWmt.exe
2644	lvuGsPM.exe
2388	GyETmfg.exe
2544	JlMpZLl.exe
1432	vhpNdRz.exe
2316	wRgHLDg.exe
1552	nFPFJCI.exe
2812	SLmEcwt.exe
2876	tiFJSno.exe
2472	FHgTAqt.exe

Loads dropped DLL 64 IoCs

pid	Process
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe

UPX packed file 49 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1868-0-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/files/0x0008000000016d3f-7.dat	upx
behavioral1/files/0x0008000000016d47-14.dat	upx
behavioral1/files/0x0008000000016d50-15.dat	upx
behavioral1/files/0x0007000000016dad-22.dat	upx
behavioral1/files/0x0007000000016dc8-25.dat	upx
behavioral1/files/0x0007000000016e74-30.dat	upx
behavioral1/files/0x000900000001739a-33.dat	upx
behavioral1/files/0x00060000000190d6-45.dat	upx
behavioral1/files/0x00050000000191f7-53.dat	upx
behavioral1/files/0x0005000000019234-65.dat	upx
behavioral1/files/0x000500000001924c-69.dat	upx
behavioral1/files/0x0005000000019273-81.dat	upx
behavioral1/files/0x0005000000019389-93.dat	upx
behavioral1/files/0x000500000001942f-161.dat	upx
behavioral1/files/0x0005000000019401-152.dat	upx
behavioral1/files/0x0005000000019403-156.dat	upx
behavioral1/files/0x00050000000193d9-141.dat	upx
behavioral1/files/0x00050000000193df-145.dat	upx
behavioral1/files/0x00050000000193cc-136.dat	upx
behavioral1/files/0x0036000000016d24-131.dat	upx
behavioral1/files/0x00050000000193c4-127.dat	upx
behavioral1/files/0x00050000000193be-97.dat	upx
behavioral1/files/0x0005000000019382-89.dat	upx
behavioral1/files/0x0005000000019277-85.dat	upx
behavioral1/files/0x0005000000019271-78.dat	upx
behavioral1/files/0x000500000001926b-73.dat	upx
behavioral1/files/0x0005000000019229-61.dat	upx
behavioral1/files/0x0005000000019218-57.dat	upx
behavioral1/files/0x00050000000191f3-49.dat	upx
behavioral1/files/0x00060000000190cd-41.dat	upx
behavioral1/files/0x000500000001879b-37.dat	upx
behavioral1/memory/2836-2005-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2964-2071-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2652-2087-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2956-2457-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2552-2552-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2640-2603-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2532-2613-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/1868-4039-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2652-4062-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2532-4064-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2552-4063-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2836-4060-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2964-4055-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2956-4054-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2640-4053-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2576-4052-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\czHWvvD.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\EmVWnSZ.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\ABrZVLM.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\mXwkMaI.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\rgLSzMX.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\zvHqzDm.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\sWSqgGe.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\ljtxaZt.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\YGPxCqt.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\fedHNnZ.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\ITEfRBp.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\WddUDEZ.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\azYqXlW.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\MzGfZjv.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\YwbESNc.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\tmyViZS.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\PycrULc.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\PHsCdzx.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\NcHhLoT.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\skYxFdH.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\pIKvwuY.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\qFxdufQ.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\OBGdLpJ.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\kTiBJkT.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\cMybzaE.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\mIZdYKB.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\PcPppZp.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\eXsKJwf.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\yVBHQwD.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\OEoLurF.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\LEibLBi.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\XKTqvkW.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\CnhLrBZ.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\baNNyeD.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\vhpNdRz.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\DDQanHf.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\nHtXXDp.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\oziUNvb.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\JdUtVuf.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\mbaGNpg.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\IudssWo.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\JSLuWXX.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\nXpgfld.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\TnXGVNb.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\UdetczI.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\ejzsecf.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\yiQJVlD.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\uhnlcdJ.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\zJCratJ.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\wveeYPT.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\CQDafSz.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\oyZhGQM.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\EFmaFab.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\IJirckm.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\WqrRyvf.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\dNYJqeB.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\LXvAYAK.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\gckNCZz.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\WkrPpzi.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\LkfjIiM.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\whUwdEo.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\vphZEiq.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\FShMMxg.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
File created	C:\Windows\System\ZcplFzS.exe	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 2668	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	31
PID 1868 wrote to memory of 2668	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	31
PID 1868 wrote to memory of 2668	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	31
PID 1868 wrote to memory of 2836	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	32
PID 1868 wrote to memory of 2836	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	32
PID 1868 wrote to memory of 2836	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	32
PID 1868 wrote to memory of 2964	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	33
PID 1868 wrote to memory of 2964	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	33
PID 1868 wrote to memory of 2964	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	33
PID 1868 wrote to memory of 2652	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	34
PID 1868 wrote to memory of 2652	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	34
PID 1868 wrote to memory of 2652	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	34
PID 1868 wrote to memory of 2956	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	35
PID 1868 wrote to memory of 2956	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	35
PID 1868 wrote to memory of 2956	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	35
PID 1868 wrote to memory of 2868	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	36
PID 1868 wrote to memory of 2868	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	36
PID 1868 wrote to memory of 2868	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	36
PID 1868 wrote to memory of 2556	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	37
PID 1868 wrote to memory of 2556	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	37
PID 1868 wrote to memory of 2556	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	37
PID 1868 wrote to memory of 2552	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	38
PID 1868 wrote to memory of 2552	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	38
PID 1868 wrote to memory of 2552	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	38
PID 1868 wrote to memory of 2640	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	39
PID 1868 wrote to memory of 2640	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	39
PID 1868 wrote to memory of 2640	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	39
PID 1868 wrote to memory of 2532	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	40
PID 1868 wrote to memory of 2532	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	40
PID 1868 wrote to memory of 2532	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	40
PID 1868 wrote to memory of 2576	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	41
PID 1868 wrote to memory of 2576	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	41
PID 1868 wrote to memory of 2576	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	41
PID 1868 wrote to memory of 3028	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	42
PID 1868 wrote to memory of 3028	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	42
PID 1868 wrote to memory of 3028	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	42
PID 1868 wrote to memory of 2184	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	43
PID 1868 wrote to memory of 2184	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	43
PID 1868 wrote to memory of 2184	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	43
PID 1868 wrote to memory of 752	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	44
PID 1868 wrote to memory of 752	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	44
PID 1868 wrote to memory of 752	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	44
PID 1868 wrote to memory of 1224	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	45
PID 1868 wrote to memory of 1224	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	45
PID 1868 wrote to memory of 1224	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	45
PID 1868 wrote to memory of 1916	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	46
PID 1868 wrote to memory of 1916	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	46
PID 1868 wrote to memory of 1916	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	46
PID 1868 wrote to memory of 1080	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	47
PID 1868 wrote to memory of 1080	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	47
PID 1868 wrote to memory of 1080	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	47
PID 1868 wrote to memory of 2000	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	48
PID 1868 wrote to memory of 2000	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	48
PID 1868 wrote to memory of 2000	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	48
PID 1868 wrote to memory of 2756	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	49
PID 1868 wrote to memory of 2756	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	49
PID 1868 wrote to memory of 2756	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	49
PID 1868 wrote to memory of 2980	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	50
PID 1868 wrote to memory of 2980	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	50
PID 1868 wrote to memory of 2980	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	50
PID 1868 wrote to memory of 1984	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	51
PID 1868 wrote to memory of 1984	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	51
PID 1868 wrote to memory of 1984	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	51
PID 1868 wrote to memory of 2940	1868	JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3bf698131bb92f80fdef93e64efd8a818845a41df9fcbc66ae50e9fdd49f623c.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Windows\System\OrejPAU.exe
  C:\Windows\System\OrejPAU.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\crXMhon.exe
  C:\Windows\System\crXMhon.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\XQYMedE.exe
  C:\Windows\System\XQYMedE.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\KufehMX.exe
  C:\Windows\System\KufehMX.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\okGHQAT.exe
  C:\Windows\System\okGHQAT.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\ngKKeLA.exe
  C:\Windows\System\ngKKeLA.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\xuGYBcg.exe
  C:\Windows\System\xuGYBcg.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\GZgTDDS.exe
  C:\Windows\System\GZgTDDS.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\uvthxTt.exe
  C:\Windows\System\uvthxTt.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\ySBnlAu.exe
  C:\Windows\System\ySBnlAu.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\obfmuro.exe
  C:\Windows\System\obfmuro.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\tZsxSuA.exe
  C:\Windows\System\tZsxSuA.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\ADXriGX.exe
  C:\Windows\System\ADXriGX.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\hQPbwSf.exe
  C:\Windows\System\hQPbwSf.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\ejvIBoZ.exe
  C:\Windows\System\ejvIBoZ.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\msMsbiH.exe
  C:\Windows\System\msMsbiH.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\hxoFCBH.exe
  C:\Windows\System\hxoFCBH.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\OaQTEZs.exe
  C:\Windows\System\OaQTEZs.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\uqoiYHa.exe
  C:\Windows\System\uqoiYHa.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\lpzAGwG.exe
  C:\Windows\System\lpzAGwG.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\SDDmyFb.exe
  C:\Windows\System\SDDmyFb.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\BPAmulg.exe
  C:\Windows\System\BPAmulg.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\oyZhGQM.exe
  C:\Windows\System\oyZhGQM.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\lpgFLJW.exe
  C:\Windows\System\lpgFLJW.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\iSZtNiT.exe
  C:\Windows\System\iSZtNiT.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\QzKwXJE.exe
  C:\Windows\System\QzKwXJE.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\VGwoXeo.exe
  C:\Windows\System\VGwoXeo.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\BKmioGQ.exe
  C:\Windows\System\BKmioGQ.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\DJOkeTt.exe
  C:\Windows\System\DJOkeTt.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\UmApbUf.exe
  C:\Windows\System\UmApbUf.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\JIawUNg.exe
  C:\Windows\System\JIawUNg.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\jpqlpyp.exe
  C:\Windows\System\jpqlpyp.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\cuxElhx.exe
  C:\Windows\System\cuxElhx.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\fANsGIi.exe
  C:\Windows\System\fANsGIi.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\LelzWhM.exe
  C:\Windows\System\LelzWhM.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\sqhXlWO.exe
  C:\Windows\System\sqhXlWO.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\VFEquTV.exe
  C:\Windows\System\VFEquTV.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\TrILjSZ.exe
  C:\Windows\System\TrILjSZ.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\ZDksBAT.exe
  C:\Windows\System\ZDksBAT.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\NYNZQAJ.exe
  C:\Windows\System\NYNZQAJ.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\MsgkoMn.exe
  C:\Windows\System\MsgkoMn.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\VjNjhkC.exe
  C:\Windows\System\VjNjhkC.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\oIWnDeN.exe
  C:\Windows\System\oIWnDeN.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\KCCEpTE.exe
  C:\Windows\System\KCCEpTE.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\nIBFomg.exe
  C:\Windows\System\nIBFomg.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\UKArxOh.exe
  C:\Windows\System\UKArxOh.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\kgrTCKq.exe
  C:\Windows\System\kgrTCKq.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\ykwFCgx.exe
  C:\Windows\System\ykwFCgx.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\EwmYQjv.exe
  C:\Windows\System\EwmYQjv.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\rMGupKZ.exe
  C:\Windows\System\rMGupKZ.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\mJwKBcE.exe
  C:\Windows\System\mJwKBcE.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\GyETmfg.exe
  C:\Windows\System\GyETmfg.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\ZevLLnG.exe
  C:\Windows\System\ZevLLnG.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\vhpNdRz.exe
  C:\Windows\System\vhpNdRz.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\quHiBGm.exe
  C:\Windows\System\quHiBGm.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\wRgHLDg.exe
  C:\Windows\System\wRgHLDg.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\cDqZIIi.exe
  C:\Windows\System\cDqZIIi.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\nFPFJCI.exe
  C:\Windows\System\nFPFJCI.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\NUUpWmt.exe
  C:\Windows\System\NUUpWmt.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\SLmEcwt.exe
  C:\Windows\System\SLmEcwt.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\lvuGsPM.exe
  C:\Windows\System\lvuGsPM.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\tiFJSno.exe
  C:\Windows\System\tiFJSno.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\JlMpZLl.exe
  C:\Windows\System\JlMpZLl.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\FHgTAqt.exe
  C:\Windows\System\FHgTAqt.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\FaEiOoM.exe
  C:\Windows\System\FaEiOoM.exe
  2⤵
  PID:1084
- C:\Windows\System\nrycpOB.exe
  C:\Windows\System\nrycpOB.exe
  2⤵
  PID:2508
- C:\Windows\System\KhEzmrg.exe
  C:\Windows\System\KhEzmrg.exe
  2⤵
  PID:2372
- C:\Windows\System\KTOksSr.exe
  C:\Windows\System\KTOksSr.exe
  2⤵
  PID:2708
- C:\Windows\System\QratHwW.exe
  C:\Windows\System\QratHwW.exe
  2⤵
  PID:1848
- C:\Windows\System\orJxWiR.exe
  C:\Windows\System\orJxWiR.exe
  2⤵
  PID:580
- C:\Windows\System\kdwUFFb.exe
  C:\Windows\System\kdwUFFb.exe
  2⤵
  PID:1768
- C:\Windows\System\hESyHOT.exe
  C:\Windows\System\hESyHOT.exe
  2⤵
  PID:768
- C:\Windows\System\mTAcyEZ.exe
  C:\Windows\System\mTAcyEZ.exe
  2⤵
  PID:2336
- C:\Windows\System\faUtjnD.exe
  C:\Windows\System\faUtjnD.exe
  2⤵
  PID:2072
- C:\Windows\System\oTOYMrG.exe
  C:\Windows\System\oTOYMrG.exe
  2⤵
  PID:2144
- C:\Windows\System\ZbOkRJu.exe
  C:\Windows\System\ZbOkRJu.exe
  2⤵
  PID:2156
- C:\Windows\System\EudoiUG.exe
  C:\Windows\System\EudoiUG.exe
  2⤵
  PID:1532
- C:\Windows\System\dGGsYJi.exe
  C:\Windows\System\dGGsYJi.exe
  2⤵
  PID:680
- C:\Windows\System\ARMmMLo.exe
  C:\Windows\System\ARMmMLo.exe
  2⤵
  PID:1612
- C:\Windows\System\YrTEfiV.exe
  C:\Windows\System\YrTEfiV.exe
  2⤵
  PID:3004
- C:\Windows\System\hfXqVIi.exe
  C:\Windows\System\hfXqVIi.exe
  2⤵
  PID:1464
- C:\Windows\System\ABrZVLM.exe
  C:\Windows\System\ABrZVLM.exe
  2⤵
  PID:2124
- C:\Windows\System\mIZdYKB.exe
  C:\Windows\System\mIZdYKB.exe
  2⤵
  PID:3068
- C:\Windows\System\UigBuvO.exe
  C:\Windows\System\UigBuvO.exe
  2⤵
  PID:788
- C:\Windows\System\wUGRBoG.exe
  C:\Windows\System\wUGRBoG.exe
  2⤵
  PID:236
- C:\Windows\System\XAEXoIQ.exe
  C:\Windows\System\XAEXoIQ.exe
  2⤵
  PID:1972
- C:\Windows\System\JJlcTwv.exe
  C:\Windows\System\JJlcTwv.exe
  2⤵
  PID:944
- C:\Windows\System\wvBeIIa.exe
  C:\Windows\System\wvBeIIa.exe
  2⤵
  PID:2384
- C:\Windows\System\EFmaFab.exe
  C:\Windows\System\EFmaFab.exe
  2⤵
  PID:2200
- C:\Windows\System\kLppPEX.exe
  C:\Windows\System\kLppPEX.exe
  2⤵
  PID:2820
- C:\Windows\System\NZvxLqA.exe
  C:\Windows\System\NZvxLqA.exe
  2⤵
  PID:1500
- C:\Windows\System\vPeoLxi.exe
  C:\Windows\System\vPeoLxi.exe
  2⤵
  PID:532
- C:\Windows\System\CUbTMgC.exe
  C:\Windows\System\CUbTMgC.exe
  2⤵
  PID:1008
- C:\Windows\System\BnQxafq.exe
  C:\Windows\System\BnQxafq.exe
  2⤵
  PID:1632
- C:\Windows\System\nojnPnv.exe
  C:\Windows\System\nojnPnv.exe
  2⤵
  PID:2480
- C:\Windows\System\nibSxjw.exe
  C:\Windows\System\nibSxjw.exe
  2⤵
  PID:1816
- C:\Windows\System\PcPppZp.exe
  C:\Windows\System\PcPppZp.exe
  2⤵
  PID:2180
- C:\Windows\System\qkxaDHV.exe
  C:\Windows\System\qkxaDHV.exe
  2⤵
  PID:2616
- C:\Windows\System\yPGQfnM.exe
  C:\Windows\System\yPGQfnM.exe
  2⤵
  PID:2776
- C:\Windows\System\IxnOEne.exe
  C:\Windows\System\IxnOEne.exe
  2⤵
  PID:604
- C:\Windows\System\nlbooXm.exe
  C:\Windows\System\nlbooXm.exe
  2⤵
  PID:1412
- C:\Windows\System\vYDDLJr.exe
  C:\Windows\System\vYDDLJr.exe
  2⤵
  PID:1772
- C:\Windows\System\uPvonjg.exe
  C:\Windows\System\uPvonjg.exe
  2⤵
  PID:1996
- C:\Windows\System\BXrOYIU.exe
  C:\Windows\System\BXrOYIU.exe
  2⤵
  PID:1276
- C:\Windows\System\dQYSnGd.exe
  C:\Windows\System\dQYSnGd.exe
  2⤵
  PID:3008
- C:\Windows\System\rZupXNK.exe
  C:\Windows\System\rZupXNK.exe
  2⤵
  PID:1468
- C:\Windows\System\CJXtENC.exe
  C:\Windows\System\CJXtENC.exe
  2⤵
  PID:2484
- C:\Windows\System\bIaaGgt.exe
  C:\Windows\System\bIaaGgt.exe
  2⤵
  PID:572
- C:\Windows\System\OnvXdMJ.exe
  C:\Windows\System\OnvXdMJ.exe
  2⤵
  PID:1644
- C:\Windows\System\NgwDWGT.exe
  C:\Windows\System\NgwDWGT.exe
  2⤵
  PID:1732
- C:\Windows\System\pdHSqhW.exe
  C:\Windows\System\pdHSqhW.exe
  2⤵
  PID:2276
- C:\Windows\System\mYOFhaX.exe
  C:\Windows\System\mYOFhaX.exe
  2⤵
  PID:2828
- C:\Windows\System\HNlmCeS.exe
  C:\Windows\System\HNlmCeS.exe
  2⤵
  PID:2600
- C:\Windows\System\tmtewYG.exe
  C:\Windows\System\tmtewYG.exe
  2⤵
  PID:2528
- C:\Windows\System\ubukCcl.exe
  C:\Windows\System\ubukCcl.exe
  2⤵
  PID:2460
- C:\Windows\System\ghleaKt.exe
  C:\Windows\System\ghleaKt.exe
  2⤵
  PID:556
- C:\Windows\System\NcgCtdw.exe
  C:\Windows\System\NcgCtdw.exe
  2⤵
  PID:1192
- C:\Windows\System\wlFPfPk.exe
  C:\Windows\System\wlFPfPk.exe
  2⤵
  PID:2100
- C:\Windows\System\tqcLwBT.exe
  C:\Windows\System\tqcLwBT.exe
  2⤵
  PID:3080
- C:\Windows\System\ijWSJvN.exe
  C:\Windows\System\ijWSJvN.exe
  2⤵
  PID:3100
- C:\Windows\System\iDYuzis.exe
  C:\Windows\System\iDYuzis.exe
  2⤵
  PID:3116
- C:\Windows\System\eXsKJwf.exe
  C:\Windows\System\eXsKJwf.exe
  2⤵
  PID:3132
- C:\Windows\System\zJCratJ.exe
  C:\Windows\System\zJCratJ.exe
  2⤵
  PID:3156
- C:\Windows\System\QZEVKFG.exe
  C:\Windows\System\QZEVKFG.exe
  2⤵
  PID:3180
- C:\Windows\System\DRQmHVS.exe
  C:\Windows\System\DRQmHVS.exe
  2⤵
  PID:3204
- C:\Windows\System\wQzcXUG.exe
  C:\Windows\System\wQzcXUG.exe
  2⤵
  PID:3220
- C:\Windows\System\aURKkgo.exe
  C:\Windows\System\aURKkgo.exe
  2⤵
  PID:3236
- C:\Windows\System\jmYZbmD.exe
  C:\Windows\System\jmYZbmD.exe
  2⤵
  PID:3252
- C:\Windows\System\TrmkNcN.exe
  C:\Windows\System\TrmkNcN.exe
  2⤵
  PID:3268
- C:\Windows\System\HTuxfee.exe
  C:\Windows\System\HTuxfee.exe
  2⤵
  PID:3284
- C:\Windows\System\lmBucuu.exe
  C:\Windows\System\lmBucuu.exe
  2⤵
  PID:3304
- C:\Windows\System\xdscTbf.exe
  C:\Windows\System\xdscTbf.exe
  2⤵
  PID:3320
- C:\Windows\System\kdYjEHH.exe
  C:\Windows\System\kdYjEHH.exe
  2⤵
  PID:3336
- C:\Windows\System\zPUmRiX.exe
  C:\Windows\System\zPUmRiX.exe
  2⤵
  PID:3356
- C:\Windows\System\KmtrKyu.exe
  C:\Windows\System\KmtrKyu.exe
  2⤵
  PID:3384
- C:\Windows\System\BatRsHY.exe
  C:\Windows\System\BatRsHY.exe
  2⤵
  PID:3408
- C:\Windows\System\cUBRnAZ.exe
  C:\Windows\System\cUBRnAZ.exe
  2⤵
  PID:3440
- C:\Windows\System\XSMXwrL.exe
  C:\Windows\System\XSMXwrL.exe
  2⤵
  PID:3468
- C:\Windows\System\IJirckm.exe
  C:\Windows\System\IJirckm.exe
  2⤵
  PID:3488
- C:\Windows\System\jSMNNjh.exe
  C:\Windows\System\jSMNNjh.exe
  2⤵
  PID:3508
- C:\Windows\System\HSUEsfI.exe
  C:\Windows\System\HSUEsfI.exe
  2⤵
  PID:3528
- C:\Windows\System\TdbccDe.exe
  C:\Windows\System\TdbccDe.exe
  2⤵
  PID:3548
- C:\Windows\System\QofGcyt.exe
  C:\Windows\System\QofGcyt.exe
  2⤵
  PID:3568
- C:\Windows\System\ThAYYei.exe
  C:\Windows\System\ThAYYei.exe
  2⤵
  PID:3588
- C:\Windows\System\vmltLfO.exe
  C:\Windows\System\vmltLfO.exe
  2⤵
  PID:3608
- C:\Windows\System\rIrrtSP.exe
  C:\Windows\System\rIrrtSP.exe
  2⤵
  PID:3628
- C:\Windows\System\KqzRKzH.exe
  C:\Windows\System\KqzRKzH.exe
  2⤵
  PID:3648
- C:\Windows\System\hAZRmwI.exe
  C:\Windows\System\hAZRmwI.exe
  2⤵
  PID:3668
- C:\Windows\System\GEVhrJQ.exe
  C:\Windows\System\GEVhrJQ.exe
  2⤵
  PID:3688
- C:\Windows\System\mWIWXeN.exe
  C:\Windows\System\mWIWXeN.exe
  2⤵
  PID:3704
- C:\Windows\System\FFUZYpC.exe
  C:\Windows\System\FFUZYpC.exe
  2⤵
  PID:3720
- C:\Windows\System\eZknfsM.exe
  C:\Windows\System\eZknfsM.exe
  2⤵
  PID:3748
- C:\Windows\System\btFWieP.exe
  C:\Windows\System\btFWieP.exe
  2⤵
  PID:3764
- C:\Windows\System\tvhPvwG.exe
  C:\Windows\System\tvhPvwG.exe
  2⤵
  PID:3788
- C:\Windows\System\UUILCoX.exe
  C:\Windows\System\UUILCoX.exe
  2⤵
  PID:3804
- C:\Windows\System\KyqoHAu.exe
  C:\Windows\System\KyqoHAu.exe
  2⤵
  PID:3828
- C:\Windows\System\BeCRkDq.exe
  C:\Windows\System\BeCRkDq.exe
  2⤵
  PID:3844
- C:\Windows\System\JFUbatX.exe
  C:\Windows\System\JFUbatX.exe
  2⤵
  PID:3864
- C:\Windows\System\otPdWof.exe
  C:\Windows\System\otPdWof.exe
  2⤵
  PID:3880
- C:\Windows\System\AyioDCG.exe
  C:\Windows\System\AyioDCG.exe
  2⤵
  PID:3900
- C:\Windows\System\EEkActv.exe
  C:\Windows\System\EEkActv.exe
  2⤵
  PID:3924
- C:\Windows\System\JPWtyXU.exe
  C:\Windows\System\JPWtyXU.exe
  2⤵
  PID:3944
- C:\Windows\System\lgLBWoM.exe
  C:\Windows\System\lgLBWoM.exe
  2⤵
  PID:3964
- C:\Windows\System\FiQnzkD.exe
  C:\Windows\System\FiQnzkD.exe
  2⤵
  PID:3984
- C:\Windows\System\pqqHEcj.exe
  C:\Windows\System\pqqHEcj.exe
  2⤵
  PID:4004
- C:\Windows\System\ubFuqMp.exe
  C:\Windows\System\ubFuqMp.exe
  2⤵
  PID:4028
- C:\Windows\System\NhCOSlB.exe
  C:\Windows\System\NhCOSlB.exe
  2⤵
  PID:4044
- C:\Windows\System\FeDwzKr.exe
  C:\Windows\System\FeDwzKr.exe
  2⤵
  PID:4068
- C:\Windows\System\AGYeGQg.exe
  C:\Windows\System\AGYeGQg.exe
  2⤵
  PID:4084
- C:\Windows\System\WPlHyIB.exe
  C:\Windows\System\WPlHyIB.exe
  2⤵
  PID:480
- C:\Windows\System\cWyEgpu.exe
  C:\Windows\System\cWyEgpu.exe
  2⤵
  PID:2040
- C:\Windows\System\yVBHQwD.exe
  C:\Windows\System\yVBHQwD.exe
  2⤵
  PID:2420
- C:\Windows\System\CmrSshN.exe
  C:\Windows\System\CmrSshN.exe
  2⤵
  PID:656
- C:\Windows\System\RInPcTG.exe
  C:\Windows\System\RInPcTG.exe
  2⤵
  PID:1000
- C:\Windows\System\cWGAuXY.exe
  C:\Windows\System\cWGAuXY.exe
  2⤵
  PID:2228
- C:\Windows\System\LlxydqH.exe
  C:\Windows\System\LlxydqH.exe
  2⤵
  PID:876
- C:\Windows\System\VHPntcb.exe
  C:\Windows\System\VHPntcb.exe
  2⤵
  PID:2116
- C:\Windows\System\cRRfkkC.exe
  C:\Windows\System\cRRfkkC.exe
  2⤵
  PID:2632
- C:\Windows\System\mtRBhyZ.exe
  C:\Windows\System\mtRBhyZ.exe
  2⤵
  PID:404
- C:\Windows\System\YnmzCXj.exe
  C:\Windows\System\YnmzCXj.exe
  2⤵
  PID:3088
- C:\Windows\System\xCKaSBa.exe
  C:\Windows\System\xCKaSBa.exe
  2⤵
  PID:3128
- C:\Windows\System\vvUDONu.exe
  C:\Windows\System\vvUDONu.exe
  2⤵
  PID:3076
- C:\Windows\System\RvxYfjx.exe
  C:\Windows\System\RvxYfjx.exe
  2⤵
  PID:3108
- C:\Windows\System\VElqRQd.exe
  C:\Windows\System\VElqRQd.exe
  2⤵
  PID:3192
- C:\Windows\System\ekJtqAr.exe
  C:\Windows\System\ekJtqAr.exe
  2⤵
  PID:3280
- C:\Windows\System\AMvIjDx.exe
  C:\Windows\System\AMvIjDx.exe
  2⤵
  PID:3352
- C:\Windows\System\pehtgKL.exe
  C:\Windows\System\pehtgKL.exe
  2⤵
  PID:3364
- C:\Windows\System\JJQgDeN.exe
  C:\Windows\System\JJQgDeN.exe
  2⤵
  PID:3232
- C:\Windows\System\CrToMhE.exe
  C:\Windows\System\CrToMhE.exe
  2⤵
  PID:3264
- C:\Windows\System\QXkadIJ.exe
  C:\Windows\System\QXkadIJ.exe
  2⤵
  PID:3452
- C:\Windows\System\RUthryw.exe
  C:\Windows\System\RUthryw.exe
  2⤵
  PID:3464
- C:\Windows\System\dcdHwMo.exe
  C:\Windows\System\dcdHwMo.exe
  2⤵
  PID:3504
- C:\Windows\System\zSmEBcb.exe
  C:\Windows\System\zSmEBcb.exe
  2⤵
  PID:3500
- C:\Windows\System\uOguLLG.exe
  C:\Windows\System\uOguLLG.exe
  2⤵
  PID:3540
- C:\Windows\System\ITbKxrb.exe
  C:\Windows\System\ITbKxrb.exe
  2⤵
  PID:3564
- C:\Windows\System\OEoLurF.exe
  C:\Windows\System\OEoLurF.exe
  2⤵
  PID:3624
- C:\Windows\System\wveeYPT.exe
  C:\Windows\System\wveeYPT.exe
  2⤵
  PID:3640
- C:\Windows\System\QlmqRgO.exe
  C:\Windows\System\QlmqRgO.exe
  2⤵
  PID:3684
- C:\Windows\System\StOczCC.exe
  C:\Windows\System\StOczCC.exe
  2⤵
  PID:3712
- C:\Windows\System\hZqZMBM.exe
  C:\Windows\System\hZqZMBM.exe
  2⤵
  PID:3772
- C:\Windows\System\cWCJQzK.exe
  C:\Windows\System\cWCJQzK.exe
  2⤵
  PID:3812
- C:\Windows\System\cKRWmYl.exe
  C:\Windows\System\cKRWmYl.exe
  2⤵
  PID:3800
- C:\Windows\System\scPCrDW.exe
  C:\Windows\System\scPCrDW.exe
  2⤵
  PID:3888
- C:\Windows\System\jrMVwCu.exe
  C:\Windows\System\jrMVwCu.exe
  2⤵
  PID:3936
- C:\Windows\System\HMFSxAG.exe
  C:\Windows\System\HMFSxAG.exe
  2⤵
  PID:3908
- C:\Windows\System\DWAroBU.exe
  C:\Windows\System\DWAroBU.exe
  2⤵
  PID:3980
- C:\Windows\System\KwWZosr.exe
  C:\Windows\System\KwWZosr.exe
  2⤵
  PID:3956
- C:\Windows\System\JnJuIhO.exe
  C:\Windows\System\JnJuIhO.exe
  2⤵
  PID:3996
- C:\Windows\System\gDvjuNM.exe
  C:\Windows\System\gDvjuNM.exe
  2⤵
  PID:4000
- C:\Windows\System\FyXnqyt.exe
  C:\Windows\System\FyXnqyt.exe
  2⤵
  PID:3000
- C:\Windows\System\KIvhadd.exe
  C:\Windows\System\KIvhadd.exe
  2⤵
  PID:1724
- C:\Windows\System\pcIkCKn.exe
  C:\Windows\System\pcIkCKn.exe
  2⤵
  PID:2232
- C:\Windows\System\MsOFnUt.exe
  C:\Windows\System\MsOFnUt.exe
  2⤵
  PID:2572
- C:\Windows\System\MzGfZjv.exe
  C:\Windows\System\MzGfZjv.exe
  2⤵
  PID:1608
- C:\Windows\System\mrWNZZH.exe
  C:\Windows\System\mrWNZZH.exe
  2⤵
  PID:2204
- C:\Windows\System\hmYxIKu.exe
  C:\Windows\System\hmYxIKu.exe
  2⤵
  PID:828
- C:\Windows\System\tXYcbeV.exe
  C:\Windows\System\tXYcbeV.exe
  2⤵
  PID:2732
- C:\Windows\System\VaKpcKT.exe
  C:\Windows\System\VaKpcKT.exe
  2⤵
  PID:3216
- C:\Windows\System\VqNpfna.exe
  C:\Windows\System\VqNpfna.exe
  2⤵
  PID:3144
- C:\Windows\System\wCUubeX.exe
  C:\Windows\System\wCUubeX.exe
  2⤵
  PID:3316
- C:\Windows\System\YHBZmHh.exe
  C:\Windows\System\YHBZmHh.exe
  2⤵
  PID:3296
- C:\Windows\System\bJPxaTB.exe
  C:\Windows\System\bJPxaTB.exe
  2⤵
  PID:3400
- C:\Windows\System\OMCCttI.exe
  C:\Windows\System\OMCCttI.exe
  2⤵
  PID:3328
- C:\Windows\System\AKSukvG.exe
  C:\Windows\System\AKSukvG.exe
  2⤵
  PID:3524
- C:\Windows\System\DBYFkQR.exe
  C:\Windows\System\DBYFkQR.exe
  2⤵
  PID:3584
- C:\Windows\System\JrkcYly.exe
  C:\Windows\System\JrkcYly.exe
  2⤵
  PID:3556
- C:\Windows\System\VwmwAVj.exe
  C:\Windows\System\VwmwAVj.exe
  2⤵
  PID:3636
- C:\Windows\System\NEdnOxB.exe
  C:\Windows\System\NEdnOxB.exe
  2⤵
  PID:3728
- C:\Windows\System\YNEijbP.exe
  C:\Windows\System\YNEijbP.exe
  2⤵
  PID:3760
- C:\Windows\System\OgrjizZ.exe
  C:\Windows\System\OgrjizZ.exe
  2⤵
  PID:3756
- C:\Windows\System\etUKRrY.exe
  C:\Windows\System\etUKRrY.exe
  2⤵
  PID:3932
- C:\Windows\System\UkNGwRk.exe
  C:\Windows\System\UkNGwRk.exe
  2⤵
  PID:4024
- C:\Windows\System\xNiWVaA.exe
  C:\Windows\System\xNiWVaA.exe
  2⤵
  PID:3872
- C:\Windows\System\RoovooL.exe
  C:\Windows\System\RoovooL.exe
  2⤵
  PID:1420
- C:\Windows\System\SGKUtPJ.exe
  C:\Windows\System\SGKUtPJ.exe
  2⤵
  PID:4056
- C:\Windows\System\TSfmuYC.exe
  C:\Windows\System\TSfmuYC.exe
  2⤵
  PID:1512
- C:\Windows\System\yUQKqSI.exe
  C:\Windows\System\yUQKqSI.exe
  2⤵
  PID:2996
- C:\Windows\System\KGqMGuG.exe
  C:\Windows\System\KGqMGuG.exe
  2⤵
  PID:3244
- C:\Windows\System\ZOwoDBy.exe
  C:\Windows\System\ZOwoDBy.exe
  2⤵
  PID:2284
- C:\Windows\System\DgBfkrr.exe
  C:\Windows\System\DgBfkrr.exe
  2⤵
  PID:3196
- C:\Windows\System\EzMGvHF.exe
  C:\Windows\System\EzMGvHF.exe
  2⤵
  PID:952
- C:\Windows\System\OjexHBy.exe
  C:\Windows\System\OjexHBy.exe
  2⤵
  PID:3124
- C:\Windows\System\XLhYilv.exe
  C:\Windows\System\XLhYilv.exe
  2⤵
  PID:3372
- C:\Windows\System\LxRnulD.exe
  C:\Windows\System\LxRnulD.exe
  2⤵
  PID:3580
- C:\Windows\System\hIdOZSr.exe
  C:\Windows\System\hIdOZSr.exe
  2⤵
  PID:3700
- C:\Windows\System\ryGGhmt.exe
  C:\Windows\System\ryGGhmt.exe
  2⤵
  PID:4104
- C:\Windows\System\wOVjOhI.exe
  C:\Windows\System\wOVjOhI.exe
  2⤵
  PID:4120
- C:\Windows\System\oGdycGM.exe
  C:\Windows\System\oGdycGM.exe
  2⤵
  PID:4136
- C:\Windows\System\hbpbZFU.exe
  C:\Windows\System\hbpbZFU.exe
  2⤵
  PID:4152
- C:\Windows\System\rafWUUi.exe
  C:\Windows\System\rafWUUi.exe
  2⤵
  PID:4168
- C:\Windows\System\DyEUAQZ.exe
  C:\Windows\System\DyEUAQZ.exe
  2⤵
  PID:4188
- C:\Windows\System\MugOVCg.exe
  C:\Windows\System\MugOVCg.exe
  2⤵
  PID:4204
- C:\Windows\System\xMkdzih.exe
  C:\Windows\System\xMkdzih.exe
  2⤵
  PID:4220
- C:\Windows\System\TQQHTjK.exe
  C:\Windows\System\TQQHTjK.exe
  2⤵
  PID:4252
- C:\Windows\System\XOYPGHy.exe
  C:\Windows\System\XOYPGHy.exe
  2⤵
  PID:4280
- C:\Windows\System\AlzJXQI.exe
  C:\Windows\System\AlzJXQI.exe
  2⤵
  PID:4296
- C:\Windows\System\ZySflvG.exe
  C:\Windows\System\ZySflvG.exe
  2⤵
  PID:4312
- C:\Windows\System\CtWkFZW.exe
  C:\Windows\System\CtWkFZW.exe
  2⤵
  PID:4336
- C:\Windows\System\LkfjIiM.exe
  C:\Windows\System\LkfjIiM.exe
  2⤵
  PID:4356
- C:\Windows\System\whUwdEo.exe
  C:\Windows\System\whUwdEo.exe
  2⤵
  PID:4380
- C:\Windows\System\steyFVP.exe
  C:\Windows\System\steyFVP.exe
  2⤵
  PID:4400
- C:\Windows\System\npXhZvm.exe
  C:\Windows\System\npXhZvm.exe
  2⤵
  PID:4416
- C:\Windows\System\oNJwkRw.exe
  C:\Windows\System\oNJwkRw.exe
  2⤵
  PID:4472
- C:\Windows\System\sHjqOVT.exe
  C:\Windows\System\sHjqOVT.exe
  2⤵
  PID:4496
- C:\Windows\System\mGWUlnR.exe
  C:\Windows\System\mGWUlnR.exe
  2⤵
  PID:4516
- C:\Windows\System\JVrBDTD.exe
  C:\Windows\System\JVrBDTD.exe
  2⤵
  PID:4536
- C:\Windows\System\oeNaLAZ.exe
  C:\Windows\System\oeNaLAZ.exe
  2⤵
  PID:4552
- C:\Windows\System\haADAEw.exe
  C:\Windows\System\haADAEw.exe
  2⤵
  PID:4572
- C:\Windows\System\TDeQHXv.exe
  C:\Windows\System\TDeQHXv.exe
  2⤵
  PID:4592
- C:\Windows\System\lAIcILL.exe
  C:\Windows\System\lAIcILL.exe
  2⤵
  PID:4608
- C:\Windows\System\efTWpOC.exe
  C:\Windows\System\efTWpOC.exe
  2⤵
  PID:4624
- C:\Windows\System\ExIsSNV.exe
  C:\Windows\System\ExIsSNV.exe
  2⤵
  PID:4644
- C:\Windows\System\iyrLRQS.exe
  C:\Windows\System\iyrLRQS.exe
  2⤵
  PID:4668
- C:\Windows\System\kopCeIS.exe
  C:\Windows\System\kopCeIS.exe
  2⤵
  PID:4688
- C:\Windows\System\rpbuEVx.exe
  C:\Windows\System\rpbuEVx.exe
  2⤵
  PID:4708
- C:\Windows\System\WqrRyvf.exe
  C:\Windows\System\WqrRyvf.exe
  2⤵
  PID:4728
- C:\Windows\System\yHEChga.exe
  C:\Windows\System\yHEChga.exe
  2⤵
  PID:4744
- C:\Windows\System\QRUPMRv.exe
  C:\Windows\System\QRUPMRv.exe
  2⤵
  PID:4760
- C:\Windows\System\WPUzuQF.exe
  C:\Windows\System\WPUzuQF.exe
  2⤵
  PID:4776
- C:\Windows\System\sbNsMVX.exe
  C:\Windows\System\sbNsMVX.exe
  2⤵
  PID:4792
- C:\Windows\System\czShYxs.exe
  C:\Windows\System\czShYxs.exe
  2⤵
  PID:4808
- C:\Windows\System\OmIDHmQ.exe
  C:\Windows\System\OmIDHmQ.exe
  2⤵
  PID:4824
- C:\Windows\System\pMbMTkT.exe
  C:\Windows\System\pMbMTkT.exe
  2⤵
  PID:4840
- C:\Windows\System\AwZkHYo.exe
  C:\Windows\System\AwZkHYo.exe
  2⤵
  PID:4856
- C:\Windows\System\DFyBixD.exe
  C:\Windows\System\DFyBixD.exe
  2⤵
  PID:4872
- C:\Windows\System\OfFQmxQ.exe
  C:\Windows\System\OfFQmxQ.exe
  2⤵
  PID:4888
- C:\Windows\System\vphZEiq.exe
  C:\Windows\System\vphZEiq.exe
  2⤵
  PID:4904
- C:\Windows\System\FWzJCWS.exe
  C:\Windows\System\FWzJCWS.exe
  2⤵
  PID:4920
- C:\Windows\System\YsYFUnJ.exe
  C:\Windows\System\YsYFUnJ.exe
  2⤵
  PID:4940
- C:\Windows\System\sJrAPEe.exe
  C:\Windows\System\sJrAPEe.exe
  2⤵
  PID:4976
- C:\Windows\System\Udmvkpy.exe
  C:\Windows\System\Udmvkpy.exe
  2⤵
  PID:5004
- C:\Windows\System\XEceBtg.exe
  C:\Windows\System\XEceBtg.exe
  2⤵
  PID:5028
- C:\Windows\System\aJGSkTe.exe
  C:\Windows\System\aJGSkTe.exe
  2⤵
  PID:5048
- C:\Windows\System\MKHvtdy.exe
  C:\Windows\System\MKHvtdy.exe
  2⤵
  PID:5064
- C:\Windows\System\xyRxgNg.exe
  C:\Windows\System\xyRxgNg.exe
  2⤵
  PID:5080
- C:\Windows\System\YGPxCqt.exe
  C:\Windows\System\YGPxCqt.exe
  2⤵
  PID:5096
- C:\Windows\System\kiQPofZ.exe
  C:\Windows\System\kiQPofZ.exe
  2⤵
  PID:5112
- C:\Windows\System\slgvkOt.exe
  C:\Windows\System\slgvkOt.exe
  2⤵
  PID:3972
- C:\Windows\System\kqCUNWA.exe
  C:\Windows\System\kqCUNWA.exe
  2⤵
  PID:1860
- C:\Windows\System\CKgckwS.exe
  C:\Windows\System\CKgckwS.exe
  2⤵
  PID:4160
- C:\Windows\System\SLqeCSq.exe
  C:\Windows\System\SLqeCSq.exe
  2⤵
  PID:4200
- C:\Windows\System\dFARQin.exe
  C:\Windows\System\dFARQin.exe
  2⤵
  PID:4240
- C:\Windows\System\UnpDfvR.exe
  C:\Windows\System\UnpDfvR.exe
  2⤵
  PID:4292
- C:\Windows\System\UkqCliR.exe
  C:\Windows\System\UkqCliR.exe
  2⤵
  PID:3736
- C:\Windows\System\asoEOEY.exe
  C:\Windows\System\asoEOEY.exe
  2⤵
  PID:3856
- C:\Windows\System\JdJnkkY.exe
  C:\Windows\System\JdJnkkY.exe
  2⤵
  PID:3876
- C:\Windows\System\HYuTFSx.exe
  C:\Windows\System\HYuTFSx.exe
  2⤵
  PID:4016
- C:\Windows\System\zCnRqOj.exe
  C:\Windows\System\zCnRqOj.exe
  2⤵
  PID:1456
- C:\Windows\System\GFOHbNG.exe
  C:\Windows\System\GFOHbNG.exe
  2⤵
  PID:4408
- C:\Windows\System\yLfonnl.exe
  C:\Windows\System\yLfonnl.exe
  2⤵
  PID:4184
- C:\Windows\System\kigFpGk.exe
  C:\Windows\System\kigFpGk.exe
  2⤵
  PID:4388
- C:\Windows\System\beXnozu.exe
  C:\Windows\System\beXnozu.exe
  2⤵
  PID:4344
- C:\Windows\System\ePlggGV.exe
  C:\Windows\System\ePlggGV.exe
  2⤵
  PID:4216
- C:\Windows\System\iyHtWmm.exe
  C:\Windows\System\iyHtWmm.exe
  2⤵
  PID:4144
- C:\Windows\System\xCyLCoS.exe
  C:\Windows\System\xCyLCoS.exe
  2⤵
  PID:4480
- C:\Windows\System\AZrDjVg.exe
  C:\Windows\System\AZrDjVg.exe
  2⤵
  PID:4532
- C:\Windows\System\gdNMQpl.exe
  C:\Windows\System\gdNMQpl.exe
  2⤵
  PID:4600
- C:\Windows\System\YTEqFvz.exe
  C:\Windows\System\YTEqFvz.exe
  2⤵
  PID:4676
- C:\Windows\System\ztKLpDN.exe
  C:\Windows\System\ztKLpDN.exe
  2⤵
  PID:4724
- C:\Windows\System\bHPNIFA.exe
  C:\Windows\System\bHPNIFA.exe
  2⤵
  PID:4436
- C:\Windows\System\aQRRxSy.exe
  C:\Windows\System\aQRRxSy.exe
  2⤵
  PID:4756
- C:\Windows\System\lkSGRiE.exe
  C:\Windows\System\lkSGRiE.exe
  2⤵
  PID:4816
- C:\Windows\System\bQTEIGc.exe
  C:\Windows\System\bQTEIGc.exe
  2⤵
  PID:4884
- C:\Windows\System\Rokxwvg.exe
  C:\Windows\System\Rokxwvg.exe
  2⤵
  PID:4964
- C:\Windows\System\ZCnWJQN.exe
  C:\Windows\System\ZCnWJQN.exe
  2⤵
  PID:5020
- C:\Windows\System\luDGUhc.exe
  C:\Windows\System\luDGUhc.exe
  2⤵
  PID:4468
- C:\Windows\System\YTkmpRO.exe
  C:\Windows\System\YTkmpRO.exe
  2⤵
  PID:4548
- C:\Windows\System\owyvift.exe
  C:\Windows\System\owyvift.exe
  2⤵
  PID:4588
- C:\Windows\System\msNlSmk.exe
  C:\Windows\System\msNlSmk.exe
  2⤵
  PID:4664
- C:\Windows\System\qkmKyIM.exe
  C:\Windows\System\qkmKyIM.exe
  2⤵
  PID:4652
- C:\Windows\System\psdPSaP.exe
  C:\Windows\System\psdPSaP.exe
  2⤵
  PID:3776
- C:\Windows\System\iODpItC.exe
  C:\Windows\System\iODpItC.exe
  2⤵
  PID:4996
- C:\Windows\System\XVJGALm.exe
  C:\Windows\System\XVJGALm.exe
  2⤵
  PID:4092
- C:\Windows\System\yhooMIi.exe
  C:\Windows\System\yhooMIi.exe
  2⤵
  PID:5076
- C:\Windows\System\MTYiBnC.exe
  C:\Windows\System\MTYiBnC.exe
  2⤵
  PID:4984
- C:\Windows\System\TebGujH.exe
  C:\Windows\System\TebGujH.exe
  2⤵
  PID:4868
- C:\Windows\System\fCbbwxC.exe
  C:\Windows\System\fCbbwxC.exe
  2⤵
  PID:4800
- C:\Windows\System\KpwXgsS.exe
  C:\Windows\System\KpwXgsS.exe
  2⤵
  PID:3248
- C:\Windows\System\fedHNnZ.exe
  C:\Windows\System\fedHNnZ.exe
  2⤵
  PID:3424
- C:\Windows\System\dFRxeAk.exe
  C:\Windows\System\dFRxeAk.exe
  2⤵
  PID:3520
- C:\Windows\System\RWHzWBp.exe
  C:\Windows\System\RWHzWBp.exe
  2⤵
  PID:4228
- C:\Windows\System\mshyDSI.exe
  C:\Windows\System\mshyDSI.exe
  2⤵
  PID:3660
- C:\Windows\System\rMEAjfs.exe
  C:\Windows\System\rMEAjfs.exe
  2⤵
  PID:4020
- C:\Windows\System\jzfjFLP.exe
  C:\Windows\System\jzfjFLP.exe
  2⤵
  PID:4080
- C:\Windows\System\GseFhsY.exe
  C:\Windows\System\GseFhsY.exe
  2⤵
  PID:4376
- C:\Windows\System\bkQLwjs.exe
  C:\Windows\System\bkQLwjs.exe
  2⤵
  PID:1692
- C:\Windows\System\BKjQEXc.exe
  C:\Windows\System\BKjQEXc.exe
  2⤵
  PID:4352
- C:\Windows\System\GMGXzdw.exe
  C:\Windows\System\GMGXzdw.exe
  2⤵
  PID:4180
- C:\Windows\System\ylwWglF.exe
  C:\Windows\System\ylwWglF.exe
  2⤵
  PID:4112
- C:\Windows\System\YPanGOo.exe
  C:\Windows\System\YPanGOo.exe
  2⤵
  PID:4564
- C:\Windows\System\KzKegLq.exe
  C:\Windows\System\KzKegLq.exe
  2⤵
  PID:4428
- C:\Windows\System\WtstSKx.exe
  C:\Windows\System\WtstSKx.exe
  2⤵
  PID:4784
- C:\Windows\System\HlaAsiK.exe
  C:\Windows\System\HlaAsiK.exe
  2⤵
  PID:4452
- C:\Windows\System\YMfdcuO.exe
  C:\Windows\System\YMfdcuO.exe
  2⤵
  PID:4852
- C:\Windows\System\Eljehiz.exe
  C:\Windows\System\Eljehiz.exe
  2⤵
  PID:5012
- C:\Windows\System\vOrIxwB.exe
  C:\Windows\System\vOrIxwB.exe
  2⤵
  PID:4584
- C:\Windows\System\scBXyWA.exe
  C:\Windows\System\scBXyWA.exe
  2⤵
  PID:5092
- C:\Windows\System\tuTVlHE.exe
  C:\Windows\System\tuTVlHE.exe
  2⤵
  PID:4704
- C:\Windows\System\yNyLTKy.exe
  C:\Windows\System\yNyLTKy.exe
  2⤵
  PID:4992
- C:\Windows\System\MnucPRw.exe
  C:\Windows\System\MnucPRw.exe
  2⤵
  PID:272
- C:\Windows\System\ZZQYfLz.exe
  C:\Windows\System\ZZQYfLz.exe
  2⤵
  PID:5036
- C:\Windows\System\DayHCCu.exe
  C:\Windows\System\DayHCCu.exe
  2⤵
  PID:4804
- C:\Windows\System\eWExXbZ.exe
  C:\Windows\System\eWExXbZ.exe
  2⤵
  PID:4100
- C:\Windows\System\cfoVGLM.exe
  C:\Windows\System\cfoVGLM.exe
  2⤵
  PID:3456
- C:\Windows\System\rElLbHL.exe
  C:\Windows\System\rElLbHL.exe
  2⤵
  PID:4248
- C:\Windows\System\rOVsCVl.exe
  C:\Windows\System\rOVsCVl.exe
  2⤵
  PID:4324
- C:\Windows\System\VOpsDYu.exe
  C:\Windows\System\VOpsDYu.exe
  2⤵
  PID:4328
- C:\Windows\System\VvoZYLH.exe
  C:\Windows\System\VvoZYLH.exe
  2⤵
  PID:3276
- C:\Windows\System\CLskxmA.exe
  C:\Windows\System\CLskxmA.exe
  2⤵
  PID:4176
- C:\Windows\System\wawerVS.exe
  C:\Windows\System\wawerVS.exe
  2⤵
  PID:4484
- C:\Windows\System\goEzWQu.exe
  C:\Windows\System\goEzWQu.exe
  2⤵
  PID:4432
- C:\Windows\System\RQxjSiN.exe
  C:\Windows\System\RQxjSiN.exe
  2⤵
  PID:4956
- C:\Windows\System\OuDNqtN.exe
  C:\Windows\System\OuDNqtN.exe
  2⤵
  PID:4848
- C:\Windows\System\fFwUqki.exe
  C:\Windows\System\fFwUqki.exe
  2⤵
  PID:4580
- C:\Windows\System\PsWCAbK.exe
  C:\Windows\System\PsWCAbK.exe
  2⤵
  PID:4768
- C:\Windows\System\WrFNWhE.exe
  C:\Windows\System\WrFNWhE.exe
  2⤵
  PID:3952
- C:\Windows\System\lJfHQDj.exe
  C:\Windows\System\lJfHQDj.exe
  2⤵
  PID:4900
- C:\Windows\System\RTRJGSu.exe
  C:\Windows\System\RTRJGSu.exe
  2⤵
  PID:3176
- C:\Windows\System\oBobvlT.exe
  C:\Windows\System\oBobvlT.exe
  2⤵
  PID:4288
- C:\Windows\System\TRFexta.exe
  C:\Windows\System\TRFexta.exe
  2⤵
  PID:4368
- C:\Windows\System\wWTnnRo.exe
  C:\Windows\System\wWTnnRo.exe
  2⤵
  PID:4492
- C:\Windows\System\HbqQveG.exe
  C:\Windows\System\HbqQveG.exe
  2⤵
  PID:3696
- C:\Windows\System\geXOJcB.exe
  C:\Windows\System\geXOJcB.exe
  2⤵
  PID:5140
- C:\Windows\System\BMvhYkz.exe
  C:\Windows\System\BMvhYkz.exe
  2⤵
  PID:5160
- C:\Windows\System\MnnhdwA.exe
  C:\Windows\System\MnnhdwA.exe
  2⤵
  PID:5180
- C:\Windows\System\dufBIsi.exe
  C:\Windows\System\dufBIsi.exe
  2⤵
  PID:5200
- C:\Windows\System\rvpCrUv.exe
  C:\Windows\System\rvpCrUv.exe
  2⤵
  PID:5220
- C:\Windows\System\wFiTPvp.exe
  C:\Windows\System\wFiTPvp.exe
  2⤵
  PID:5240
- C:\Windows\System\ZLZHLxP.exe
  C:\Windows\System\ZLZHLxP.exe
  2⤵
  PID:5260
- C:\Windows\System\MUmWEqK.exe
  C:\Windows\System\MUmWEqK.exe
  2⤵
  PID:5280
- C:\Windows\System\bLKDWQq.exe
  C:\Windows\System\bLKDWQq.exe
  2⤵
  PID:5300
- C:\Windows\System\QquxErG.exe
  C:\Windows\System\QquxErG.exe
  2⤵
  PID:5320
- C:\Windows\System\FsYMHMt.exe
  C:\Windows\System\FsYMHMt.exe
  2⤵
  PID:5340
- C:\Windows\System\bWqjjjQ.exe
  C:\Windows\System\bWqjjjQ.exe
  2⤵
  PID:5360
- C:\Windows\System\tRBQHyw.exe
  C:\Windows\System\tRBQHyw.exe
  2⤵
  PID:5380
- C:\Windows\System\kQpUAKW.exe
  C:\Windows\System\kQpUAKW.exe
  2⤵
  PID:5400
- C:\Windows\System\cSIhXhN.exe
  C:\Windows\System\cSIhXhN.exe
  2⤵
  PID:5420
- C:\Windows\System\geiKYdz.exe
  C:\Windows\System\geiKYdz.exe
  2⤵
  PID:5440
- C:\Windows\System\skYxFdH.exe
  C:\Windows\System\skYxFdH.exe
  2⤵
  PID:5460
- C:\Windows\System\KvcBQyZ.exe
  C:\Windows\System\KvcBQyZ.exe
  2⤵
  PID:5480
- C:\Windows\System\SgyIHea.exe
  C:\Windows\System\SgyIHea.exe
  2⤵
  PID:5500
- C:\Windows\System\FukoAyJ.exe
  C:\Windows\System\FukoAyJ.exe
  2⤵
  PID:5520
- C:\Windows\System\UTohfOP.exe
  C:\Windows\System\UTohfOP.exe
  2⤵
  PID:5540
- C:\Windows\System\reGbnYP.exe
  C:\Windows\System\reGbnYP.exe
  2⤵
  PID:5560
- C:\Windows\System\rxLBoZs.exe
  C:\Windows\System\rxLBoZs.exe
  2⤵
  PID:5580
- C:\Windows\System\qxBgmyR.exe
  C:\Windows\System\qxBgmyR.exe
  2⤵
  PID:5600
- C:\Windows\System\DHcIMSw.exe
  C:\Windows\System\DHcIMSw.exe
  2⤵
  PID:5620
- C:\Windows\System\ugGftlG.exe
  C:\Windows\System\ugGftlG.exe
  2⤵
  PID:5640
- C:\Windows\System\CzPgrqx.exe
  C:\Windows\System\CzPgrqx.exe
  2⤵
  PID:5660
- C:\Windows\System\kjEzYez.exe
  C:\Windows\System\kjEzYez.exe
  2⤵
  PID:5680
- C:\Windows\System\VrgNjnj.exe
  C:\Windows\System\VrgNjnj.exe
  2⤵
  PID:5700
- C:\Windows\System\uFGajnQ.exe
  C:\Windows\System\uFGajnQ.exe
  2⤵
  PID:5720
- C:\Windows\System\tiDjpyy.exe
  C:\Windows\System\tiDjpyy.exe
  2⤵
  PID:5740
- C:\Windows\System\NAaMiLZ.exe
  C:\Windows\System\NAaMiLZ.exe
  2⤵
  PID:5760
- C:\Windows\System\TXTbjHq.exe
  C:\Windows\System\TXTbjHq.exe
  2⤵
  PID:5780
- C:\Windows\System\GEgJlAQ.exe
  C:\Windows\System\GEgJlAQ.exe
  2⤵
  PID:5800
- C:\Windows\System\ArguMkA.exe
  C:\Windows\System\ArguMkA.exe
  2⤵
  PID:5820
- C:\Windows\System\AelKgwl.exe
  C:\Windows\System\AelKgwl.exe
  2⤵
  PID:5840
- C:\Windows\System\XcVetFT.exe
  C:\Windows\System\XcVetFT.exe
  2⤵
  PID:5860
- C:\Windows\System\ZNtMoIK.exe
  C:\Windows\System\ZNtMoIK.exe
  2⤵
  PID:5880
- C:\Windows\System\zLRsLdO.exe
  C:\Windows\System\zLRsLdO.exe
  2⤵
  PID:5900
- C:\Windows\System\fsKTpkr.exe
  C:\Windows\System\fsKTpkr.exe
  2⤵
  PID:5920
- C:\Windows\System\alFvOuw.exe
  C:\Windows\System\alFvOuw.exe
  2⤵
  PID:5940
- C:\Windows\System\pczEOJf.exe
  C:\Windows\System\pczEOJf.exe
  2⤵
  PID:5960
- C:\Windows\System\ZVgHuMq.exe
  C:\Windows\System\ZVgHuMq.exe
  2⤵
  PID:5980
- C:\Windows\System\uuNYWvx.exe
  C:\Windows\System\uuNYWvx.exe
  2⤵
  PID:6000
- C:\Windows\System\BJzDvWK.exe
  C:\Windows\System\BJzDvWK.exe
  2⤵
  PID:6020
- C:\Windows\System\XSIIsSe.exe
  C:\Windows\System\XSIIsSe.exe
  2⤵
  PID:6040
- C:\Windows\System\TOKZPOI.exe
  C:\Windows\System\TOKZPOI.exe
  2⤵
  PID:6060
- C:\Windows\System\WhkCpoZ.exe
  C:\Windows\System\WhkCpoZ.exe
  2⤵
  PID:6080
- C:\Windows\System\FShMMxg.exe
  C:\Windows\System\FShMMxg.exe
  2⤵
  PID:6100
- C:\Windows\System\SKvIBBY.exe
  C:\Windows\System\SKvIBBY.exe
  2⤵
  PID:6120
- C:\Windows\System\kgKrkXp.exe
  C:\Windows\System\kgKrkXp.exe
  2⤵
  PID:6140
- C:\Windows\System\SrRFonH.exe
  C:\Windows\System\SrRFonH.exe
  2⤵
  PID:4448
- C:\Windows\System\EpLTeZP.exe
  C:\Windows\System\EpLTeZP.exe
  2⤵
  PID:5016
- C:\Windows\System\GfpyjaA.exe
  C:\Windows\System\GfpyjaA.exe
  2⤵
  PID:4616
- C:\Windows\System\nbKPfTI.exe
  C:\Windows\System\nbKPfTI.exe
  2⤵
  PID:2680
- C:\Windows\System\mxPzBMF.exe
  C:\Windows\System\mxPzBMF.exe
  2⤵
  PID:3376
- C:\Windows\System\MQPNjgU.exe
  C:\Windows\System\MQPNjgU.exe
  2⤵
  PID:1636
- C:\Windows\System\hmtXbQw.exe
  C:\Windows\System\hmtXbQw.exe
  2⤵
  PID:3344
- C:\Windows\System\itlYHzr.exe
  C:\Windows\System\itlYHzr.exe
  2⤵
  PID:5156
- C:\Windows\System\cfIRNok.exe
  C:\Windows\System\cfIRNok.exe
  2⤵
  PID:5168
- C:\Windows\System\OYPQVUi.exe
  C:\Windows\System\OYPQVUi.exe
  2⤵
  PID:5192
- C:\Windows\System\tLzIjLJ.exe
  C:\Windows\System\tLzIjLJ.exe
  2⤵
  PID:5236
- C:\Windows\System\jWnyFEi.exe
  C:\Windows\System\jWnyFEi.exe
  2⤵
  PID:5256
- C:\Windows\System\cdskqIJ.exe
  C:\Windows\System\cdskqIJ.exe
  2⤵
  PID:5292
- C:\Windows\System\sxDEEXW.exe
  C:\Windows\System\sxDEEXW.exe
  2⤵
  PID:5328
- C:\Windows\System\gwdJOBk.exe
  C:\Windows\System\gwdJOBk.exe
  2⤵
  PID:5352
- C:\Windows\System\QcNTlyq.exe
  C:\Windows\System\QcNTlyq.exe
  2⤵
  PID:5372
- C:\Windows\System\ZcplFzS.exe
  C:\Windows\System\ZcplFzS.exe
  2⤵
  PID:5412
- C:\Windows\System\KrPIooZ.exe
  C:\Windows\System\KrPIooZ.exe
  2⤵
  PID:5476
- C:\Windows\System\NXPVniP.exe
  C:\Windows\System\NXPVniP.exe
  2⤵
  PID:5488
- C:\Windows\System\OvoZLTg.exe
  C:\Windows\System\OvoZLTg.exe
  2⤵
  PID:5512
- C:\Windows\System\idhQoYK.exe
  C:\Windows\System\idhQoYK.exe
  2⤵
  PID:5532
- C:\Windows\System\rojLjGT.exe
  C:\Windows\System\rojLjGT.exe
  2⤵
  PID:5568
- C:\Windows\System\lGnPMIP.exe
  C:\Windows\System\lGnPMIP.exe
  2⤵
  PID:5616
- C:\Windows\System\lVpbRij.exe
  C:\Windows\System\lVpbRij.exe
  2⤵
  PID:5648
- C:\Windows\System\kQjUSDE.exe
  C:\Windows\System\kQjUSDE.exe
  2⤵
  PID:5672
- C:\Windows\System\BynayDk.exe
  C:\Windows\System\BynayDk.exe
  2⤵
  PID:5716
- C:\Windows\System\VHOLgDL.exe
  C:\Windows\System\VHOLgDL.exe
  2⤵
  PID:5748
- C:\Windows\System\wXlpcxb.exe
  C:\Windows\System\wXlpcxb.exe
  2⤵
  PID:5772
- C:\Windows\System\FuUPQFV.exe
  C:\Windows\System\FuUPQFV.exe
  2⤵
  PID:5816
- C:\Windows\System\bDziWlx.exe
  C:\Windows\System\bDziWlx.exe
  2⤵
  PID:5848
- C:\Windows\System\lLKhsHB.exe
  C:\Windows\System\lLKhsHB.exe
  2⤵
  PID:5872
- C:\Windows\System\PvcFCDs.exe
  C:\Windows\System\PvcFCDs.exe
  2⤵
  PID:5916
- C:\Windows\System\Qzieqpw.exe
  C:\Windows\System\Qzieqpw.exe
  2⤵
  PID:5956
- C:\Windows\System\ZrgQTDx.exe
  C:\Windows\System\ZrgQTDx.exe
  2⤵
  PID:5976
- C:\Windows\System\fomcTAm.exe
  C:\Windows\System\fomcTAm.exe
  2⤵
  PID:5992
- C:\Windows\System\CgQIhuF.exe
  C:\Windows\System\CgQIhuF.exe
  2⤵
  PID:6012
- C:\Windows\System\EkAsdmA.exe
  C:\Windows\System\EkAsdmA.exe
  2⤵
  PID:6048
- C:\Windows\System\tYKvBtZ.exe
  C:\Windows\System\tYKvBtZ.exe
  2⤵
  PID:6108
- C:\Windows\System\hPCgqGk.exe
  C:\Windows\System\hPCgqGk.exe
  2⤵
  PID:4636
- C:\Windows\System\cjqRkgb.exe
  C:\Windows\System\cjqRkgb.exe
  2⤵
  PID:5060
- C:\Windows\System\xgaHePV.exe
  C:\Windows\System\xgaHePV.exe
  2⤵
  PID:4740
- C:\Windows\System\CcyhlJu.exe
  C:\Windows\System\CcyhlJu.exe
  2⤵
  PID:5044
- C:\Windows\System\AwQnnLx.exe
  C:\Windows\System\AwQnnLx.exe
  2⤵
  PID:3852
- C:\Windows\System\ZyzRPla.exe
  C:\Windows\System\ZyzRPla.exe
  2⤵
  PID:4260
- C:\Windows\System\jDdcuzH.exe
  C:\Windows\System\jDdcuzH.exe
  2⤵
  PID:5196
- C:\Windows\System\CQDafSz.exe
  C:\Windows\System\CQDafSz.exe
  2⤵
  PID:5268
- C:\Windows\System\LSUemTF.exe
  C:\Windows\System\LSUemTF.exe
  2⤵
  PID:5288
- C:\Windows\System\oPZSYGj.exe
  C:\Windows\System\oPZSYGj.exe
  2⤵
  PID:5316
- C:\Windows\System\YwbESNc.exe
  C:\Windows\System\YwbESNc.exe
  2⤵
  PID:5396
- C:\Windows\System\zrsbPFj.exe
  C:\Windows\System\zrsbPFj.exe
  2⤵
  PID:5456
- C:\Windows\System\pmmivDJ.exe
  C:\Windows\System\pmmivDJ.exe
  2⤵
  PID:5492
- C:\Windows\System\ipreyDq.exe
  C:\Windows\System\ipreyDq.exe
  2⤵
  PID:2848
- C:\Windows\System\gDsWNxT.exe
  C:\Windows\System\gDsWNxT.exe
  2⤵
  PID:5592
- C:\Windows\System\LbnmOHf.exe
  C:\Windows\System\LbnmOHf.exe
  2⤵
  PID:5676
- C:\Windows\System\tBEZQjZ.exe
  C:\Windows\System\tBEZQjZ.exe
  2⤵
  PID:5728
- C:\Windows\System\ejzsecf.exe
  C:\Windows\System\ejzsecf.exe
  2⤵
  PID:5768
- C:\Windows\System\JqpWEyg.exe
  C:\Windows\System\JqpWEyg.exe
  2⤵
  PID:5832
- C:\Windows\System\fsTVFGJ.exe
  C:\Windows\System\fsTVFGJ.exe
  2⤵
  PID:5928
- C:\Windows\System\tmyViZS.exe
  C:\Windows\System\tmyViZS.exe
  2⤵
  PID:2696
- C:\Windows\System\PXXPhCX.exe
  C:\Windows\System\PXXPhCX.exe
  2⤵
  PID:5968
- C:\Windows\System\kZDmTCR.exe
  C:\Windows\System\kZDmTCR.exe
  2⤵
  PID:6036
- C:\Windows\System\KUXDkWP.exe
  C:\Windows\System\KUXDkWP.exe
  2⤵
  PID:6052
- C:\Windows\System\zgswMNg.exe
  C:\Windows\System\zgswMNg.exe
  2⤵
  PID:6112
- C:\Windows\System\UOQZEQL.exe
  C:\Windows\System\UOQZEQL.exe
  2⤵
  PID:4504
- C:\Windows\System\pnruDfD.exe
  C:\Windows\System\pnruDfD.exe
  2⤵
  PID:4896
- C:\Windows\System\pRwYgia.exe
  C:\Windows\System\pRwYgia.exe
  2⤵
  PID:5176
- C:\Windows\System\VBVhHGY.exe
  C:\Windows\System\VBVhHGY.exe
  2⤵
  PID:5276
- C:\Windows\System\sfGKzbR.exe
  C:\Windows\System\sfGKzbR.exe
  2⤵
  PID:5312
- C:\Windows\System\onGoRYQ.exe
  C:\Windows\System\onGoRYQ.exe
  2⤵
  PID:5376
- C:\Windows\System\varuWgM.exe
  C:\Windows\System\varuWgM.exe
  2⤵
  PID:5516
- C:\Windows\System\oGSuGeA.exe
  C:\Windows\System\oGSuGeA.exe
  2⤵
  PID:5496
- C:\Windows\System\xOVVKTI.exe
  C:\Windows\System\xOVVKTI.exe
  2⤵
  PID:5652
- C:\Windows\System\HDBuuXa.exe
  C:\Windows\System\HDBuuXa.exe
  2⤵
  PID:5808
- C:\Windows\System\dHTVixV.exe
  C:\Windows\System\dHTVixV.exe
  2⤵
  PID:5896
- C:\Windows\System\APPAaOl.exe
  C:\Windows\System\APPAaOl.exe
  2⤵
  PID:2700
- C:\Windows\System\PycrULc.exe
  C:\Windows\System\PycrULc.exe
  2⤵
  PID:6016
- C:\Windows\System\khpfAPi.exe
  C:\Windows\System\khpfAPi.exe
  2⤵
  PID:6156
- C:\Windows\System\GJCYoHo.exe
  C:\Windows\System\GJCYoHo.exe
  2⤵
  PID:6176
- C:\Windows\System\ThUzJfl.exe
  C:\Windows\System\ThUzJfl.exe
  2⤵
  PID:6196
- C:\Windows\System\rPVlFYu.exe
  C:\Windows\System\rPVlFYu.exe
  2⤵
  PID:6216
- C:\Windows\System\tpwBXpa.exe
  C:\Windows\System\tpwBXpa.exe
  2⤵
  PID:6236
- C:\Windows\System\KmnfXxa.exe
  C:\Windows\System\KmnfXxa.exe
  2⤵
  PID:6256
- C:\Windows\System\ZSYxGJq.exe
  C:\Windows\System\ZSYxGJq.exe
  2⤵
  PID:6276
- C:\Windows\System\bTALVjE.exe
  C:\Windows\System\bTALVjE.exe
  2⤵
  PID:6296
- C:\Windows\System\SPiZdNz.exe
  C:\Windows\System\SPiZdNz.exe
  2⤵
  PID:6316
- C:\Windows\System\ODXVRox.exe
  C:\Windows\System\ODXVRox.exe
  2⤵
  PID:6336
- C:\Windows\System\VXZCaWG.exe
  C:\Windows\System\VXZCaWG.exe
  2⤵
  PID:6356
- C:\Windows\System\kLKcioS.exe
  C:\Windows\System\kLKcioS.exe
  2⤵
  PID:6376
- C:\Windows\System\JOCqzkS.exe
  C:\Windows\System\JOCqzkS.exe
  2⤵
  PID:6396
- C:\Windows\System\SfBoreP.exe
  C:\Windows\System\SfBoreP.exe
  2⤵
  PID:6416
- C:\Windows\System\olCsRkN.exe
  C:\Windows\System\olCsRkN.exe
  2⤵
  PID:6436
- C:\Windows\System\ZUzmLCk.exe
  C:\Windows\System\ZUzmLCk.exe
  2⤵
  PID:6456
- C:\Windows\System\ITEfRBp.exe
  C:\Windows\System\ITEfRBp.exe
  2⤵
  PID:6476
- C:\Windows\System\zoNGDaE.exe
  C:\Windows\System\zoNGDaE.exe
  2⤵
  PID:6496
- C:\Windows\System\gclRCCp.exe
  C:\Windows\System\gclRCCp.exe
  2⤵
  PID:6516
- C:\Windows\System\CsxcpMP.exe
  C:\Windows\System\CsxcpMP.exe
  2⤵
  PID:6536
- C:\Windows\System\bocUndp.exe
  C:\Windows\System\bocUndp.exe
  2⤵
  PID:6556
- C:\Windows\System\ajpDyyu.exe
  C:\Windows\System\ajpDyyu.exe
  2⤵
  PID:6576
- C:\Windows\System\YIBgIUe.exe
  C:\Windows\System\YIBgIUe.exe
  2⤵
  PID:6596
- C:\Windows\System\ReLDDAi.exe
  C:\Windows\System\ReLDDAi.exe
  2⤵
  PID:6616
- C:\Windows\System\pIKvwuY.exe
  C:\Windows\System\pIKvwuY.exe
  2⤵
  PID:6636
- C:\Windows\System\pqIQLzr.exe
  C:\Windows\System\pqIQLzr.exe
  2⤵
  PID:6656
- C:\Windows\System\NHkxOYt.exe
  C:\Windows\System\NHkxOYt.exe
  2⤵
  PID:6676
- C:\Windows\System\oRckCWu.exe
  C:\Windows\System\oRckCWu.exe
  2⤵
  PID:6696
- C:\Windows\System\eqZJlJm.exe
  C:\Windows\System\eqZJlJm.exe
  2⤵
  PID:6716
- C:\Windows\System\HREXJIw.exe
  C:\Windows\System\HREXJIw.exe
  2⤵
  PID:6736
- C:\Windows\System\oQyPjoT.exe
  C:\Windows\System\oQyPjoT.exe
  2⤵
  PID:6756
- C:\Windows\System\IudssWo.exe
  C:\Windows\System\IudssWo.exe
  2⤵
  PID:6776
- C:\Windows\System\DDQanHf.exe
  C:\Windows\System\DDQanHf.exe
  2⤵
  PID:6796
- C:\Windows\System\LEibLBi.exe
  C:\Windows\System\LEibLBi.exe
  2⤵
  PID:6816
- C:\Windows\System\dApYQAd.exe
  C:\Windows\System\dApYQAd.exe
  2⤵
  PID:6836
- C:\Windows\System\KxRxVLT.exe
  C:\Windows\System\KxRxVLT.exe
  2⤵
  PID:6856
- C:\Windows\System\YdzDJbl.exe
  C:\Windows\System\YdzDJbl.exe
  2⤵
  PID:6876
- C:\Windows\System\PWwdkny.exe
  C:\Windows\System\PWwdkny.exe
  2⤵
  PID:6900
- C:\Windows\System\kgKIzVZ.exe
  C:\Windows\System\kgKIzVZ.exe
  2⤵
  PID:6920
- C:\Windows\System\JDuIoWC.exe
  C:\Windows\System\JDuIoWC.exe
  2⤵
  PID:6940
- C:\Windows\System\HsRZauw.exe
  C:\Windows\System\HsRZauw.exe
  2⤵
  PID:6960
- C:\Windows\System\fblApzc.exe
  C:\Windows\System\fblApzc.exe
  2⤵
  PID:6980
- C:\Windows\System\FtrTruy.exe
  C:\Windows\System\FtrTruy.exe
  2⤵
  PID:7000
- C:\Windows\System\qeJpano.exe
  C:\Windows\System\qeJpano.exe
  2⤵
  PID:7020
- C:\Windows\System\gdycMmS.exe
  C:\Windows\System\gdycMmS.exe
  2⤵
  PID:7040
- C:\Windows\System\GaNspAo.exe
  C:\Windows\System\GaNspAo.exe
  2⤵
  PID:7060
- C:\Windows\System\xQYqNLm.exe
  C:\Windows\System\xQYqNLm.exe
  2⤵
  PID:7080
- C:\Windows\System\YXSSGom.exe
  C:\Windows\System\YXSSGom.exe
  2⤵
  PID:7100
- C:\Windows\System\kTiBJkT.exe
  C:\Windows\System\kTiBJkT.exe
  2⤵
  PID:7120
- C:\Windows\System\KYVMtyy.exe
  C:\Windows\System\KYVMtyy.exe
  2⤵
  PID:7140
- C:\Windows\System\Uuphuuk.exe
  C:\Windows\System\Uuphuuk.exe
  2⤵
  PID:7160
- C:\Windows\System\yioVroD.exe
  C:\Windows\System\yioVroD.exe
  2⤵
  PID:6128
- C:\Windows\System\cghGUUe.exe
  C:\Windows\System\cghGUUe.exe
  2⤵
  PID:4720
- C:\Windows\System\ekyuLWc.exe
  C:\Windows\System\ekyuLWc.exe
  2⤵
  PID:5172
- C:\Windows\System\urEiECl.exe
  C:\Windows\System\urEiECl.exe
  2⤵
  PID:5272
- C:\Windows\System\BDDOtld.exe
  C:\Windows\System\BDDOtld.exe
  2⤵
  PID:5348
- C:\Windows\System\PasgIgZ.exe
  C:\Windows\System\PasgIgZ.exe
  2⤵
  PID:5536
- C:\Windows\System\olOfiQN.exe
  C:\Windows\System\olOfiQN.exe
  2⤵
  PID:5696
- C:\Windows\System\khMavVH.exe
  C:\Windows\System\khMavVH.exe
  2⤵
  PID:2536
- C:\Windows\System\aVhMSCO.exe
  C:\Windows\System\aVhMSCO.exe
  2⤵
  PID:5876
- C:\Windows\System\DCyUVEi.exe
  C:\Windows\System\DCyUVEi.exe
  2⤵
  PID:2688
- C:\Windows\System\HdlLVHa.exe
  C:\Windows\System\HdlLVHa.exe
  2⤵
  PID:6172
- C:\Windows\System\tEmTcgu.exe
  C:\Windows\System\tEmTcgu.exe
  2⤵
  PID:6204
- C:\Windows\System\OmyoORo.exe
  C:\Windows\System\OmyoORo.exe
  2⤵
  PID:6208
- C:\Windows\System\hKdxrEg.exe
  C:\Windows\System\hKdxrEg.exe
  2⤵
  PID:6252
- C:\Windows\System\GbtnUST.exe
  C:\Windows\System\GbtnUST.exe
  2⤵
  PID:6292
- C:\Windows\System\DlgJzXR.exe
  C:\Windows\System\DlgJzXR.exe
  2⤵
  PID:6344
- C:\Windows\System\gckNCZz.exe
  C:\Windows\System\gckNCZz.exe
  2⤵
  PID:6364
- C:\Windows\System\VWMycIx.exe
  C:\Windows\System\VWMycIx.exe
  2⤵
  PID:6388
- C:\Windows\System\qgcrdLu.exe
  C:\Windows\System\qgcrdLu.exe
  2⤵
  PID:6432
- C:\Windows\System\SgjnSzK.exe
  C:\Windows\System\SgjnSzK.exe
  2⤵
  PID:6448
- C:\Windows\System\YvtiRlP.exe
  C:\Windows\System\YvtiRlP.exe
  2⤵
  PID:6484
- C:\Windows\System\civtNtg.exe
  C:\Windows\System\civtNtg.exe
  2⤵
  PID:6508
- C:\Windows\System\KnOaaOI.exe
  C:\Windows\System\KnOaaOI.exe
  2⤵
  PID:6552
- C:\Windows\System\JnNSPbZ.exe
  C:\Windows\System\JnNSPbZ.exe
  2⤵
  PID:6584
- C:\Windows\System\YUxPEuO.exe
  C:\Windows\System\YUxPEuO.exe
  2⤵
  PID:6608
- C:\Windows\System\qbFVLws.exe
  C:\Windows\System\qbFVLws.exe
  2⤵
  PID:6652
- C:\Windows\System\nHtXXDp.exe
  C:\Windows\System\nHtXXDp.exe
  2⤵
  PID:6684
- C:\Windows\System\FPlEJAN.exe
  C:\Windows\System\FPlEJAN.exe
  2⤵
  PID:6708
- C:\Windows\System\ZRbXMot.exe
  C:\Windows\System\ZRbXMot.exe
  2⤵
  PID:6728
- C:\Windows\System\hBUdFlF.exe
  C:\Windows\System\hBUdFlF.exe
  2⤵
  PID:6784
- C:\Windows\System\GqzcQiF.exe
  C:\Windows\System\GqzcQiF.exe
  2⤵
  PID:2312
- C:\Windows\System\nnxGrWE.exe
  C:\Windows\System\nnxGrWE.exe
  2⤵
  PID:6808
- C:\Windows\System\bXtKZIX.exe
  C:\Windows\System\bXtKZIX.exe
  2⤵
  PID:6848
- C:\Windows\System\WkrPpzi.exe
  C:\Windows\System\WkrPpzi.exe
  2⤵
  PID:2740
- C:\Windows\System\bGTjDOW.exe
  C:\Windows\System\bGTjDOW.exe
  2⤵
  PID:6896
- C:\Windows\System\kCkycvo.exe
  C:\Windows\System\kCkycvo.exe
  2⤵
  PID:6928
- C:\Windows\System\MrezsUa.exe
  C:\Windows\System\MrezsUa.exe
  2⤵
  PID:6952
- C:\Windows\System\vWHUviS.exe
  C:\Windows\System\vWHUviS.exe
  2⤵
  PID:6992
- C:\Windows\System\LKZrIMO.exe
  C:\Windows\System\LKZrIMO.exe
  2⤵
  PID:7016
- C:\Windows\System\syODskG.exe
  C:\Windows\System\syODskG.exe
  2⤵
  PID:7076
- C:\Windows\System\qJVjLoP.exe
  C:\Windows\System\qJVjLoP.exe
  2⤵
  PID:7116
- C:\Windows\System\MnhjbwO.exe
  C:\Windows\System\MnhjbwO.exe
  2⤵
  PID:7128
- C:\Windows\System\TNVFuNi.exe
  C:\Windows\System\TNVFuNi.exe
  2⤵
  PID:7132
- C:\Windows\System\fnvhkUn.exe
  C:\Windows\System\fnvhkUn.exe
  2⤵
  PID:6028
- C:\Windows\System\gdbTHka.exe
  C:\Windows\System\gdbTHka.exe
  2⤵
  PID:5216
- C:\Windows\System\eJFfUvr.exe
  C:\Windows\System\eJFfUvr.exe
  2⤵
  PID:5408
- C:\Windows\System\yckknou.exe
  C:\Windows\System\yckknou.exe
  2⤵
  PID:5588
- C:\Windows\System\qqbSNnN.exe
  C:\Windows\System\qqbSNnN.exe
  2⤵
  PID:5828
- C:\Windows\System\ZYsahAU.exe
  C:\Windows\System\ZYsahAU.exe
  2⤵
  PID:6184
- C:\Windows\System\omwGXnF.exe
  C:\Windows\System\omwGXnF.exe
  2⤵
  PID:2604
- C:\Windows\System\XESrWur.exe
  C:\Windows\System\XESrWur.exe
  2⤵
  PID:6244
- C:\Windows\System\YctzDDy.exe
  C:\Windows\System\YctzDDy.exe
  2⤵
  PID:6268
- C:\Windows\System\cMybzaE.exe
  C:\Windows\System\cMybzaE.exe
  2⤵
  PID:6324
- C:\Windows\System\wuxeOCP.exe
  C:\Windows\System\wuxeOCP.exe
  2⤵
  PID:6328
- C:\Windows\System\hMWUlKO.exe
  C:\Windows\System\hMWUlKO.exe
  2⤵
  PID:6452
- C:\Windows\System\OdPdRvS.exe
  C:\Windows\System\OdPdRvS.exe
  2⤵
  PID:6472
- C:\Windows\System\oziUNvb.exe
  C:\Windows\System\oziUNvb.exe
  2⤵
  PID:6568
- C:\Windows\System\cUsTfsP.exe
  C:\Windows\System\cUsTfsP.exe
  2⤵
  PID:2344
- C:\Windows\System\xYPnTMy.exe
  C:\Windows\System\xYPnTMy.exe
  2⤵
  PID:6588
- C:\Windows\System\nHVdLJE.exe
  C:\Windows\System\nHVdLJE.exe
  2⤵
  PID:2176
- C:\Windows\System\toyJkTM.exe
  C:\Windows\System\toyJkTM.exe
  2⤵
  PID:6648
- C:\Windows\System\SOLnUtq.exe
  C:\Windows\System\SOLnUtq.exe
  2⤵
  PID:1900
- C:\Windows\System\gpeIqSM.exe
  C:\Windows\System\gpeIqSM.exe
  2⤵
  PID:6688
- C:\Windows\System\BkMKRtq.exe
  C:\Windows\System\BkMKRtq.exe
  2⤵
  PID:2092
- C:\Windows\System\CgwELcL.exe
  C:\Windows\System\CgwELcL.exe
  2⤵
  PID:1216
- C:\Windows\System\sPuUEbc.exe
  C:\Windows\System\sPuUEbc.exe
  2⤵
  PID:6812
- C:\Windows\System\nYAcdfe.exe
  C:\Windows\System\nYAcdfe.exe
  2⤵
  PID:336
- C:\Windows\System\hwmZNZr.exe
  C:\Windows\System\hwmZNZr.exe
  2⤵
  PID:6868
- C:\Windows\System\WXJSJQF.exe
  C:\Windows\System\WXJSJQF.exe
  2⤵
  PID:1920
- C:\Windows\System\RDhPDvb.exe
  C:\Windows\System\RDhPDvb.exe
  2⤵
  PID:6956
- C:\Windows\System\rNtumYP.exe
  C:\Windows\System\rNtumYP.exe
  2⤵
  PID:6976
- C:\Windows\System\jsPWyFd.exe
  C:\Windows\System\jsPWyFd.exe
  2⤵
  PID:7036
- C:\Windows\System\dNYJqeB.exe
  C:\Windows\System\dNYJqeB.exe
  2⤵
  PID:7052
- C:\Windows\System\CxACyyO.exe
  C:\Windows\System\CxACyyO.exe
  2⤵
  PID:7156
- C:\Windows\System\CDEeJrn.exe
  C:\Windows\System\CDEeJrn.exe
  2⤵
  PID:2884
- C:\Windows\System\JLVFXqY.exe
  C:\Windows\System\JLVFXqY.exe
  2⤵
  PID:2988
- C:\Windows\System\CdJZqUk.exe
  C:\Windows\System\CdJZqUk.exe
  2⤵
  PID:444
- C:\Windows\System\JdUtVuf.exe
  C:\Windows\System\JdUtVuf.exe
  2⤵
  PID:6392
- C:\Windows\System\hDXRMFf.exe
  C:\Windows\System\hDXRMFf.exe
  2⤵
  PID:2720
- C:\Windows\System\OINvPcg.exe
  C:\Windows\System\OINvPcg.exe
  2⤵
  PID:6312
- C:\Windows\System\vpfEWiF.exe
  C:\Windows\System\vpfEWiF.exe
  2⤵
  PID:6444
- C:\Windows\System\NHpDHgL.exe
  C:\Windows\System\NHpDHgL.exe
  2⤵
  PID:1408
- C:\Windows\System\SmOIQIp.exe
  C:\Windows\System\SmOIQIp.exe
  2⤵
  PID:2896
- C:\Windows\System\KaSUOts.exe
  C:\Windows\System\KaSUOts.exe
  2⤵
  PID:2952
- C:\Windows\System\RyPRUhF.exe
  C:\Windows\System\RyPRUhF.exe
  2⤵
  PID:6692
- C:\Windows\System\kgujVBT.exe
  C:\Windows\System\kgujVBT.exe
  2⤵
  PID:2172
- C:\Windows\System\ldMWYAE.exe
  C:\Windows\System\ldMWYAE.exe
  2⤵
  PID:2580
- C:\Windows\System\ijZehBP.exe
  C:\Windows\System\ijZehBP.exe
  2⤵
  PID:7136
- C:\Windows\System\Hisemjj.exe
  C:\Windows\System\Hisemjj.exe
  2⤵
  PID:6604
- C:\Windows\System\csSYMpA.exe
  C:\Windows\System\csSYMpA.exe
  2⤵
  PID:6824
- C:\Windows\System\ozCPkOb.exe
  C:\Windows\System\ozCPkOb.exe
  2⤵
  PID:6916
- C:\Windows\System\woTWKrB.exe
  C:\Windows\System\woTWKrB.exe
  2⤵
  PID:4132
- C:\Windows\System\atfAUJA.exe
  C:\Windows\System\atfAUJA.exe
  2⤵
  PID:5736
- C:\Windows\System\ENLWGNy.exe
  C:\Windows\System\ENLWGNy.exe
  2⤵
  PID:5708
- C:\Windows\System\PSHytFL.exe
  C:\Windows\System\PSHytFL.exe
  2⤵
  PID:2832
- C:\Windows\System\qrikVwW.exe
  C:\Windows\System\qrikVwW.exe
  2⤵
  PID:6224
- C:\Windows\System\DUNKwIc.exe
  C:\Windows\System\DUNKwIc.exe
  2⤵
  PID:5572
- C:\Windows\System\JPwrdzS.exe
  C:\Windows\System\JPwrdzS.exe
  2⤵
  PID:6284
- C:\Windows\System\oBqgqsF.exe
  C:\Windows\System\oBqgqsF.exe
  2⤵
  PID:6764
- C:\Windows\System\WpxHNWb.exe
  C:\Windows\System\WpxHNWb.exe
  2⤵
  PID:6564
- C:\Windows\System\btvMvWd.exe
  C:\Windows\System\btvMvWd.exe
  2⤵
  PID:7092
- C:\Windows\System\YyMUjxU.exe
  C:\Windows\System\YyMUjxU.exe
  2⤵
  PID:6572
- C:\Windows\System\wvBWiaT.exe
  C:\Windows\System\wvBWiaT.exe
  2⤵
  PID:6884
- C:\Windows\System\QYqyURp.exe
  C:\Windows\System\QYqyURp.exe
  2⤵
  PID:6148
- C:\Windows\System\LaSHddo.exe
  C:\Windows\System\LaSHddo.exe
  2⤵
  PID:2548
- C:\Windows\System\FMqhDam.exe
  C:\Windows\System\FMqhDam.exe
  2⤵
  PID:7068
- C:\Windows\System\wsSEqgG.exe
  C:\Windows\System\wsSEqgG.exe
  2⤵
  PID:960
- C:\Windows\System\PeTyEnY.exe
  C:\Windows\System\PeTyEnY.exe
  2⤵
  PID:6528
- C:\Windows\System\osXXAwI.exe
  C:\Windows\System\osXXAwI.exe
  2⤵
  PID:7032
- C:\Windows\System\OdKTgah.exe
  C:\Windows\System\OdKTgah.exe
  2⤵
  PID:836
- C:\Windows\System\DvZirvn.exe
  C:\Windows\System\DvZirvn.exe
  2⤵
  PID:5468
- C:\Windows\System\rrDVtTE.exe
  C:\Windows\System\rrDVtTE.exe
  2⤵
  PID:2256
- C:\Windows\System\PpOCutT.exe
  C:\Windows\System\PpOCutT.exe
  2⤵
  PID:6188
- C:\Windows\System\wumiTsZ.exe
  C:\Windows\System\wumiTsZ.exe
  2⤵
  PID:7176
- C:\Windows\System\HaYhSQs.exe
  C:\Windows\System\HaYhSQs.exe
  2⤵
  PID:7196
- C:\Windows\System\rSvifts.exe
  C:\Windows\System\rSvifts.exe
  2⤵
  PID:7212
- C:\Windows\System\TCWzkgK.exe
  C:\Windows\System\TCWzkgK.exe
  2⤵
  PID:7232
- C:\Windows\System\zuQtnqy.exe
  C:\Windows\System\zuQtnqy.exe
  2⤵
  PID:7252
- C:\Windows\System\ITWDxOw.exe
  C:\Windows\System\ITWDxOw.exe
  2⤵
  PID:7268
- C:\Windows\System\ycwXgWe.exe
  C:\Windows\System\ycwXgWe.exe
  2⤵
  PID:7296
- C:\Windows\System\sOfdVSz.exe
  C:\Windows\System\sOfdVSz.exe
  2⤵
  PID:7312
- C:\Windows\System\rrXzfAH.exe
  C:\Windows\System\rrXzfAH.exe
  2⤵
  PID:7328
- C:\Windows\System\oiOrcdj.exe
  C:\Windows\System\oiOrcdj.exe
  2⤵
  PID:7344
- C:\Windows\System\zklKqDP.exe
  C:\Windows\System\zklKqDP.exe
  2⤵
  PID:7360
- C:\Windows\System\KIilgxV.exe
  C:\Windows\System\KIilgxV.exe
  2⤵
  PID:7380
- C:\Windows\System\inrbXva.exe
  C:\Windows\System\inrbXva.exe
  2⤵
  PID:7396
- C:\Windows\System\UQuezJm.exe
  C:\Windows\System\UQuezJm.exe
  2⤵
  PID:7420
- C:\Windows\System\iRUwbyn.exe
  C:\Windows\System\iRUwbyn.exe
  2⤵
  PID:7436
- C:\Windows\System\ZbLCaUZ.exe
  C:\Windows\System\ZbLCaUZ.exe
  2⤵
  PID:7464
- C:\Windows\System\vjremIK.exe
  C:\Windows\System\vjremIK.exe
  2⤵
  PID:7492
- C:\Windows\System\wnInhNj.exe
  C:\Windows\System\wnInhNj.exe
  2⤵
  PID:7520
- C:\Windows\System\uSbnifv.exe
  C:\Windows\System\uSbnifv.exe
  2⤵
  PID:7544
- C:\Windows\System\TyUbbIL.exe
  C:\Windows\System\TyUbbIL.exe
  2⤵
  PID:7564
- C:\Windows\System\MFNQHOR.exe
  C:\Windows\System\MFNQHOR.exe
  2⤵
  PID:7584
- C:\Windows\System\RsXTxbq.exe
  C:\Windows\System\RsXTxbq.exe
  2⤵
  PID:7604
- C:\Windows\System\fKnTTXq.exe
  C:\Windows\System\fKnTTXq.exe
  2⤵
  PID:7620
- C:\Windows\System\fgyhGMd.exe
  C:\Windows\System\fgyhGMd.exe
  2⤵
  PID:7640
- C:\Windows\System\SosMdTZ.exe
  C:\Windows\System\SosMdTZ.exe
  2⤵
  PID:7656
- C:\Windows\System\FtXdkpz.exe
  C:\Windows\System\FtXdkpz.exe
  2⤵
  PID:7676
- C:\Windows\System\aIjJtLv.exe
  C:\Windows\System\aIjJtLv.exe
  2⤵
  PID:7692
- C:\Windows\System\inxLIkK.exe
  C:\Windows\System\inxLIkK.exe
  2⤵
  PID:7708
- C:\Windows\System\GtGQIjQ.exe
  C:\Windows\System\GtGQIjQ.exe
  2⤵
  PID:7724
- C:\Windows\System\NcHhUjt.exe
  C:\Windows\System\NcHhUjt.exe
  2⤵
  PID:7740
- C:\Windows\System\ZXTGdrv.exe
  C:\Windows\System\ZXTGdrv.exe
  2⤵
  PID:7756
- C:\Windows\System\UVFNXyc.exe
  C:\Windows\System\UVFNXyc.exe
  2⤵
  PID:7780
- C:\Windows\System\mjYJgig.exe
  C:\Windows\System\mjYJgig.exe
  2⤵
  PID:7800
- C:\Windows\System\WwpNleo.exe
  C:\Windows\System\WwpNleo.exe
  2⤵
  PID:7816
- C:\Windows\System\fPQkSrG.exe
  C:\Windows\System\fPQkSrG.exe
  2⤵
  PID:7832
- C:\Windows\System\KBzJguH.exe
  C:\Windows\System\KBzJguH.exe
  2⤵
  PID:7852
- C:\Windows\System\KfZUqFw.exe
  C:\Windows\System\KfZUqFw.exe
  2⤵
  PID:7872
- C:\Windows\System\iBWsOpy.exe
  C:\Windows\System\iBWsOpy.exe
  2⤵
  PID:7892
- C:\Windows\System\HiCziko.exe
  C:\Windows\System\HiCziko.exe
  2⤵
  PID:7912
- C:\Windows\System\kluWsDa.exe
  C:\Windows\System\kluWsDa.exe
  2⤵
  PID:7928
- C:\Windows\System\yZwQAHQ.exe
  C:\Windows\System\yZwQAHQ.exe
  2⤵
  PID:7948
- C:\Windows\System\FeYfLVg.exe
  C:\Windows\System\FeYfLVg.exe
  2⤵
  PID:7972
- C:\Windows\System\VKpXHvz.exe
  C:\Windows\System\VKpXHvz.exe
  2⤵
  PID:7992
- C:\Windows\System\LEYvxjn.exe
  C:\Windows\System\LEYvxjn.exe
  2⤵
  PID:8016
- C:\Windows\System\VDxSLrJ.exe
  C:\Windows\System\VDxSLrJ.exe
  2⤵
  PID:8080
- C:\Windows\System\GMvdyRt.exe
  C:\Windows\System\GMvdyRt.exe
  2⤵
  PID:8100
- C:\Windows\System\SWdGmvH.exe
  C:\Windows\System\SWdGmvH.exe
  2⤵
  PID:8116
- C:\Windows\System\kmXlovu.exe
  C:\Windows\System\kmXlovu.exe
  2⤵
  PID:8132
- C:\Windows\System\VCuncNh.exe
  C:\Windows\System\VCuncNh.exe
  2⤵
  PID:8148
- C:\Windows\System\FszZjrb.exe
  C:\Windows\System\FszZjrb.exe
  2⤵
  PID:8164
- C:\Windows\System\naayWtX.exe
  C:\Windows\System\naayWtX.exe
  2⤵
  PID:8180
- C:\Windows\System\eWdhsWT.exe
  C:\Windows\System\eWdhsWT.exe
  2⤵
  PID:2716
- C:\Windows\System\TrYDLrH.exe
  C:\Windows\System\TrYDLrH.exe
  2⤵
  PID:6152
- C:\Windows\System\mqhCsPJ.exe
  C:\Windows\System\mqhCsPJ.exe
  2⤵
  PID:7224
- C:\Windows\System\oODBCUM.exe
  C:\Windows\System\oODBCUM.exe
  2⤵
  PID:7276
- C:\Windows\System\JtGHPVP.exe
  C:\Windows\System\JtGHPVP.exe
  2⤵
  PID:7320
- C:\Windows\System\fxMcmdA.exe
  C:\Windows\System\fxMcmdA.exe
  2⤵
  PID:7388
- C:\Windows\System\NMwssJN.exe
  C:\Windows\System\NMwssJN.exe
  2⤵
  PID:7432
- C:\Windows\System\OofNxaB.exe
  C:\Windows\System\OofNxaB.exe
  2⤵
  PID:7448
- C:\Windows\System\AbXjrRM.exe
  C:\Windows\System\AbXjrRM.exe
  2⤵
  PID:7452
- C:\Windows\System\xSlxFlw.exe
  C:\Windows\System\xSlxFlw.exe
  2⤵
  PID:7308
- C:\Windows\System\jzKMXNx.exe
  C:\Windows\System\jzKMXNx.exe
  2⤵
  PID:7368
- C:\Windows\System\towgmRN.exe
  C:\Windows\System\towgmRN.exe
  2⤵
  PID:7504
- C:\Windows\System\rDjAeFG.exe
  C:\Windows\System\rDjAeFG.exe
  2⤵
  PID:7556
- C:\Windows\System\JyRaSrI.exe
  C:\Windows\System\JyRaSrI.exe
  2⤵
  PID:7600
- C:\Windows\System\MkElhSc.exe
  C:\Windows\System\MkElhSc.exe
  2⤵
  PID:7664
- C:\Windows\System\fNxTTXr.exe
  C:\Windows\System\fNxTTXr.exe
  2⤵
  PID:7700
- C:\Windows\System\KGJvQUD.exe
  C:\Windows\System\KGJvQUD.exe
  2⤵
  PID:7572
- C:\Windows\System\ksqIfmH.exe
  C:\Windows\System\ksqIfmH.exe
  2⤵
  PID:7752
- C:\Windows\System\iPNNwgQ.exe
  C:\Windows\System\iPNNwgQ.exe
  2⤵
  PID:7828
- C:\Windows\System\LfqimOw.exe
  C:\Windows\System\LfqimOw.exe
  2⤵
  PID:7900
- C:\Windows\System\ymeFdcA.exe
  C:\Windows\System\ymeFdcA.exe
  2⤵
  PID:7936
- C:\Windows\System\XyQneib.exe
  C:\Windows\System\XyQneib.exe
  2⤵
  PID:7768
- C:\Windows\System\XvTIWsb.exe
  C:\Windows\System\XvTIWsb.exe
  2⤵
  PID:7812
- C:\Windows\System\VrIfRMj.exe
  C:\Windows\System\VrIfRMj.exe
  2⤵
  PID:7880
- C:\Windows\System\zjUGnPR.exe
  C:\Windows\System\zjUGnPR.exe
  2⤵
  PID:7988
- C:\Windows\System\JSLuWXX.exe
  C:\Windows\System\JSLuWXX.exe
  2⤵
  PID:8032
- C:\Windows\System\GgBvUMp.exe
  C:\Windows\System\GgBvUMp.exe
  2⤵
  PID:7964
- C:\Windows\System\gWNTSsM.exe
  C:\Windows\System\gWNTSsM.exe
  2⤵
  PID:8072
- C:\Windows\System\dAZqGLQ.exe
  C:\Windows\System\dAZqGLQ.exe
  2⤵
  PID:8140
- C:\Windows\System\niBwFSW.exe
  C:\Windows\System\niBwFSW.exe
  2⤵
  PID:8156
- C:\Windows\System\uxtGbNX.exe
  C:\Windows\System\uxtGbNX.exe
  2⤵
  PID:8088
- C:\Windows\System\VuncDGj.exe
  C:\Windows\System\VuncDGj.exe
  2⤵
  PID:8128
- C:\Windows\System\cEdFTmJ.exe
  C:\Windows\System\cEdFTmJ.exe
  2⤵
  PID:7184
- C:\Windows\System\yZEYiRZ.exe
  C:\Windows\System\yZEYiRZ.exe
  2⤵
  PID:7476
- C:\Windows\System\AoPfRGG.exe
  C:\Windows\System\AoPfRGG.exe
  2⤵
  PID:1824
- C:\Windows\System\PAFUCTy.exe
  C:\Windows\System\PAFUCTy.exe
  2⤵
  PID:7412
- C:\Windows\System\aDYICLK.exe
  C:\Windows\System\aDYICLK.exe
  2⤵
  PID:7528
- C:\Windows\System\qmVEGUH.exe
  C:\Windows\System\qmVEGUH.exe
  2⤵
  PID:7284
- C:\Windows\System\UOctOUm.exe
  C:\Windows\System\UOctOUm.exe
  2⤵
  PID:7428
- C:\Windows\System\OWoMQIr.exe
  C:\Windows\System\OWoMQIr.exe
  2⤵
  PID:7512
- C:\Windows\System\aGOeEuQ.exe
  C:\Windows\System\aGOeEuQ.exe
  2⤵
  PID:7636
- C:\Windows\System\uropTQt.exe
  C:\Windows\System\uropTQt.exe
  2⤵
  PID:7592
- C:\Windows\System\UvTYYNj.exe
  C:\Windows\System\UvTYYNj.exe
  2⤵
  PID:7540
- C:\Windows\System\RKieGMw.exe
  C:\Windows\System\RKieGMw.exe
  2⤵
  PID:7668
- C:\Windows\System\baShsaY.exe
  C:\Windows\System\baShsaY.exe
  2⤵
  PID:7824
- C:\Windows\System\mXwkMaI.exe
  C:\Windows\System\mXwkMaI.exe
  2⤵
  PID:7652
- C:\Windows\System\HVZGFdd.exe
  C:\Windows\System\HVZGFdd.exe
  2⤵
  PID:7888
- C:\Windows\System\XBRjyse.exe
  C:\Windows\System\XBRjyse.exe
  2⤵
  PID:8036
- C:\Windows\System\rgLSzMX.exe
  C:\Windows\System\rgLSzMX.exe
  2⤵
  PID:7960
- C:\Windows\System\eTrUvQd.exe
  C:\Windows\System\eTrUvQd.exe
  2⤵
  PID:7956
- C:\Windows\System\daydwlg.exe
  C:\Windows\System\daydwlg.exe
  2⤵
  PID:8012
- C:\Windows\System\EFVtMpk.exe
  C:\Windows\System\EFVtMpk.exe
  2⤵
  PID:7244
- C:\Windows\System\LybGGUh.exe
  C:\Windows\System\LybGGUh.exe
  2⤵
  PID:7532
- C:\Windows\System\Ptvxivz.exe
  C:\Windows\System\Ptvxivz.exe
  2⤵
  PID:7736
- C:\Windows\System\ChrkNrr.exe
  C:\Windows\System\ChrkNrr.exe
  2⤵
  PID:7204
- C:\Windows\System\EtWWrGZ.exe
  C:\Windows\System\EtWWrGZ.exe
  2⤵
  PID:2364
- C:\Windows\System\QMHqdCo.exe
  C:\Windows\System\QMHqdCo.exe
  2⤵
  PID:7352
- C:\Windows\System\hjGEAGM.exe
  C:\Windows\System\hjGEAGM.exe
  2⤵
  PID:7944
- C:\Windows\System\nHJwvDF.exe
  C:\Windows\System\nHJwvDF.exe
  2⤵
  PID:7720
- C:\Windows\System\lEEldoX.exe
  C:\Windows\System\lEEldoX.exe
  2⤵
  PID:7612
- C:\Windows\System\IZdqsqG.exe
  C:\Windows\System\IZdqsqG.exe
  2⤵
  PID:7408
- C:\Windows\System\ABtQxUr.exe
  C:\Windows\System\ABtQxUr.exe
  2⤵
  PID:7596
- C:\Windows\System\qWEfugJ.exe
  C:\Windows\System\qWEfugJ.exe
  2⤵
  PID:8056
- C:\Windows\System\ZJWoHbY.exe
  C:\Windows\System\ZJWoHbY.exe
  2⤵
  PID:8112
- C:\Windows\System\RmAHHrs.exe
  C:\Windows\System\RmAHHrs.exe
  2⤵
  PID:7840
- C:\Windows\System\LSOQWqI.exe
  C:\Windows\System\LSOQWqI.exe
  2⤵
  PID:7444
- C:\Windows\System\DvnaOrb.exe
  C:\Windows\System\DvnaOrb.exe
  2⤵
  PID:7808
- C:\Windows\System\wAtsrBi.exe
  C:\Windows\System\wAtsrBi.exe
  2⤵
  PID:8196
- C:\Windows\System\yiQJVlD.exe
  C:\Windows\System\yiQJVlD.exe
  2⤵
  PID:8212
- C:\Windows\System\dRjUaVW.exe
  C:\Windows\System\dRjUaVW.exe
  2⤵
  PID:8228
- C:\Windows\System\qfMUELE.exe
  C:\Windows\System\qfMUELE.exe
  2⤵
  PID:8244
- C:\Windows\System\LnhYyxA.exe
  C:\Windows\System\LnhYyxA.exe
  2⤵
  PID:8260
- C:\Windows\System\UJFkAwD.exe
  C:\Windows\System\UJFkAwD.exe
  2⤵
  PID:8276
- C:\Windows\System\mVkmefM.exe
  C:\Windows\System\mVkmefM.exe
  2⤵
  PID:8292
- C:\Windows\System\IZtorHQ.exe
  C:\Windows\System\IZtorHQ.exe
  2⤵
  PID:8308
- C:\Windows\System\OZGUtJW.exe
  C:\Windows\System\OZGUtJW.exe
  2⤵
  PID:8324
- C:\Windows\System\yzIaHtr.exe
  C:\Windows\System\yzIaHtr.exe
  2⤵
  PID:8340
- C:\Windows\System\xqBnuXq.exe
  C:\Windows\System\xqBnuXq.exe
  2⤵
  PID:8356
- C:\Windows\System\cZBBmjL.exe
  C:\Windows\System\cZBBmjL.exe
  2⤵
  PID:8372
- C:\Windows\System\KmFLTEs.exe
  C:\Windows\System\KmFLTEs.exe
  2⤵
  PID:8392
- C:\Windows\System\JHMkdCn.exe
  C:\Windows\System\JHMkdCn.exe
  2⤵
  PID:8408
- C:\Windows\System\AzcFYtx.exe
  C:\Windows\System\AzcFYtx.exe
  2⤵
  PID:8424
- C:\Windows\System\fWvxsvB.exe
  C:\Windows\System\fWvxsvB.exe
  2⤵
  PID:8440
- C:\Windows\System\QWxSqEC.exe
  C:\Windows\System\QWxSqEC.exe
  2⤵
  PID:8456
- C:\Windows\System\CchAxim.exe
  C:\Windows\System\CchAxim.exe
  2⤵
  PID:8472
- C:\Windows\System\nXpgfld.exe
  C:\Windows\System\nXpgfld.exe
  2⤵
  PID:8488
- C:\Windows\System\eQFFTsL.exe
  C:\Windows\System\eQFFTsL.exe
  2⤵
  PID:8504
- C:\Windows\System\mYCCzJc.exe
  C:\Windows\System\mYCCzJc.exe
  2⤵
  PID:8520
- C:\Windows\System\wCbnIIQ.exe
  C:\Windows\System\wCbnIIQ.exe
  2⤵
  PID:8536
- C:\Windows\System\pWuPFcF.exe
  C:\Windows\System\pWuPFcF.exe
  2⤵
  PID:8552
- C:\Windows\System\SirPpzm.exe
  C:\Windows\System\SirPpzm.exe
  2⤵
  PID:8568
- C:\Windows\System\SuDuYEA.exe
  C:\Windows\System\SuDuYEA.exe
  2⤵
  PID:8584
- C:\Windows\System\cuvVueQ.exe
  C:\Windows\System\cuvVueQ.exe
  2⤵
  PID:8600
- C:\Windows\System\KxkDnWq.exe
  C:\Windows\System\KxkDnWq.exe
  2⤵
  PID:8620
- C:\Windows\System\zvHqzDm.exe
  C:\Windows\System\zvHqzDm.exe
  2⤵
  PID:8636
- C:\Windows\System\OTuMIEx.exe
  C:\Windows\System\OTuMIEx.exe
  2⤵
  PID:8652
- C:\Windows\System\FzODRSG.exe
  C:\Windows\System\FzODRSG.exe
  2⤵
  PID:8668
- C:\Windows\System\iXSHaHH.exe
  C:\Windows\System\iXSHaHH.exe
  2⤵
  PID:8684
- C:\Windows\System\ulDepUY.exe
  C:\Windows\System\ulDepUY.exe
  2⤵
  PID:8700
- C:\Windows\System\XKTqvkW.exe
  C:\Windows\System\XKTqvkW.exe
  2⤵
  PID:8716
- C:\Windows\System\gRsKytQ.exe
  C:\Windows\System\gRsKytQ.exe
  2⤵
  PID:8732
- C:\Windows\System\NUyYNsJ.exe
  C:\Windows\System\NUyYNsJ.exe
  2⤵
  PID:8748
- C:\Windows\System\cDWNBNg.exe
  C:\Windows\System\cDWNBNg.exe
  2⤵
  PID:8764
- C:\Windows\System\oGoJzhV.exe
  C:\Windows\System\oGoJzhV.exe
  2⤵
  PID:8780
- C:\Windows\System\SswGeKh.exe
  C:\Windows\System\SswGeKh.exe
  2⤵
  PID:8796
- C:\Windows\System\EfgGaow.exe
  C:\Windows\System\EfgGaow.exe
  2⤵
  PID:8812
- C:\Windows\System\cgOFgbb.exe
  C:\Windows\System\cgOFgbb.exe
  2⤵
  PID:8828
- C:\Windows\System\xguyMGs.exe
  C:\Windows\System\xguyMGs.exe
  2⤵
  PID:8844
- C:\Windows\System\QZaLhCd.exe
  C:\Windows\System\QZaLhCd.exe
  2⤵
  PID:8860
- C:\Windows\System\bvwzxXM.exe
  C:\Windows\System\bvwzxXM.exe
  2⤵
  PID:8876
- C:\Windows\System\jePYTPa.exe
  C:\Windows\System\jePYTPa.exe
  2⤵
  PID:8944
- C:\Windows\System\BBpMmVP.exe
  C:\Windows\System\BBpMmVP.exe
  2⤵
  PID:8972
- C:\Windows\System\QqtrkNj.exe
  C:\Windows\System\QqtrkNj.exe
  2⤵
  PID:8988
- C:\Windows\System\JVciDwX.exe
  C:\Windows\System\JVciDwX.exe
  2⤵
  PID:9004
- C:\Windows\System\aVChGaE.exe
  C:\Windows\System\aVChGaE.exe
  2⤵
  PID:9040
- C:\Windows\System\RTFvRkP.exe
  C:\Windows\System\RTFvRkP.exe
  2⤵
  PID:9072
- C:\Windows\System\NtnYQYu.exe
  C:\Windows\System\NtnYQYu.exe
  2⤵
  PID:9088
- C:\Windows\System\NpDSChF.exe
  C:\Windows\System\NpDSChF.exe
  2⤵
  PID:9124
- C:\Windows\System\LAcWZmG.exe
  C:\Windows\System\LAcWZmG.exe
  2⤵
  PID:9152
- C:\Windows\System\ajBsoYF.exe
  C:\Windows\System\ajBsoYF.exe
  2⤵
  PID:8400
- C:\Windows\System\BraNTUd.exe
  C:\Windows\System\BraNTUd.exe
  2⤵
  PID:8464
- C:\Windows\System\WQmhNIV.exe
  C:\Windows\System\WQmhNIV.exe
  2⤵
  PID:8528
- C:\Windows\System\mgvpsay.exe
  C:\Windows\System\mgvpsay.exe
  2⤵
  PID:7552
- C:\Windows\System\BHhZarS.exe
  C:\Windows\System\BHhZarS.exe
  2⤵
  PID:7220
- C:\Windows\System\aiifYRi.exe
  C:\Windows\System\aiifYRi.exe
  2⤵
  PID:7868
- C:\Windows\System\MUtGQhg.exe
  C:\Windows\System\MUtGQhg.exe
  2⤵
  PID:8712
- C:\Windows\System\EMnNbLd.exe
  C:\Windows\System\EMnNbLd.exe
  2⤵
  PID:7796
- C:\Windows\System\VZxJlNS.exe
  C:\Windows\System\VZxJlNS.exe
  2⤵
  PID:8576
- C:\Windows\System\NiIhMVN.exe
  C:\Windows\System\NiIhMVN.exe
  2⤵
  PID:7688
- C:\Windows\System\uzQAqge.exe
  C:\Windows\System\uzQAqge.exe
  2⤵
  PID:8284
- C:\Windows\System\ilIYsbn.exe
  C:\Windows\System\ilIYsbn.exe
  2⤵
  PID:8744
- C:\Windows\System\IuAhNzD.exe
  C:\Windows\System\IuAhNzD.exe
  2⤵
  PID:8480
- C:\Windows\System\RAmCIlT.exe
  C:\Windows\System\RAmCIlT.exe
  2⤵
  PID:8544
- C:\Windows\System\PYHAUoz.exe
  C:\Windows\System\PYHAUoz.exe
  2⤵
  PID:8740
- C:\Windows\System\IesJbSp.exe
  C:\Windows\System\IesJbSp.exe
  2⤵
  PID:8756
- C:\Windows\System\uvfhLgY.exe
  C:\Windows\System\uvfhLgY.exe
  2⤵
  PID:8820
- C:\Windows\System\cTMevBC.exe
  C:\Windows\System\cTMevBC.exe
  2⤵
  PID:8824
- C:\Windows\System\tVCtfpx.exe
  C:\Windows\System\tVCtfpx.exe
  2⤵
  PID:8884
- C:\Windows\System\IEYvfMQ.exe
  C:\Windows\System\IEYvfMQ.exe
  2⤵
  PID:8916
- C:\Windows\System\QFsJeOq.exe
  C:\Windows\System\QFsJeOq.exe
  2⤵
  PID:8936
- C:\Windows\System\uhnlcdJ.exe
  C:\Windows\System\uhnlcdJ.exe
  2⤵
  PID:8996
- C:\Windows\System\OSKxQOS.exe
  C:\Windows\System\OSKxQOS.exe
  2⤵
  PID:8984
- C:\Windows\System\JerNUhC.exe
  C:\Windows\System\JerNUhC.exe
  2⤵
  PID:8940
- C:\Windows\System\fxdJTYF.exe
  C:\Windows\System\fxdJTYF.exe
  2⤵
  PID:9048
- C:\Windows\System\BbgSdxy.exe
  C:\Windows\System\BbgSdxy.exe
  2⤵
  PID:9096
- C:\Windows\System\JkRIxYI.exe
  C:\Windows\System\JkRIxYI.exe
  2⤵
  PID:9108
- C:\Windows\System\RxkwpFX.exe
  C:\Windows\System\RxkwpFX.exe
  2⤵
  PID:9196
- C:\Windows\System\ddFnUQv.exe
  C:\Windows\System\ddFnUQv.exe
  2⤵
  PID:9176
- C:\Windows\System\cwuymEd.exe
  C:\Windows\System\cwuymEd.exe
  2⤵
  PID:9192
- C:\Windows\System\fhwSmhz.exe
  C:\Windows\System\fhwSmhz.exe
  2⤵
  PID:9212
- C:\Windows\System\pVkfGON.exe
  C:\Windows\System\pVkfGON.exe
  2⤵
  PID:8048
- C:\Windows\System\cCHHrlT.exe
  C:\Windows\System\cCHHrlT.exe
  2⤵
  PID:9144
- C:\Windows\System\FpUlCGz.exe
  C:\Windows\System\FpUlCGz.exe
  2⤵
  PID:8240
- C:\Windows\System\kMPIYsV.exe
  C:\Windows\System\kMPIYsV.exe
  2⤵
  PID:8332
- C:\Windows\System\QuhxHdn.exe
  C:\Windows\System\QuhxHdn.exe
  2⤵
  PID:9068
- C:\Windows\System\sWSqgGe.exe
  C:\Windows\System\sWSqgGe.exe
  2⤵
  PID:8592
- C:\Windows\System\teXHusp.exe
  C:\Windows\System\teXHusp.exe
  2⤵
  PID:8252
- C:\Windows\System\uzBvLsI.exe
  C:\Windows\System\uzBvLsI.exe
  2⤵
  PID:8348
- C:\Windows\System\xdTHuTo.exe
  C:\Windows\System\xdTHuTo.exe
  2⤵
  PID:8416
- C:\Windows\System\yKhqNFP.exe
  C:\Windows\System\yKhqNFP.exe
  2⤵
  PID:8320
- C:\Windows\System\flNhlUy.exe
  C:\Windows\System\flNhlUy.exe
  2⤵
  PID:8452
- C:\Windows\System\saEYeBF.exe
  C:\Windows\System\saEYeBF.exe
  2⤵
  PID:8364
- C:\Windows\System\aMicOiu.exe
  C:\Windows\System\aMicOiu.exe
  2⤵
  PID:8696
- C:\Windows\System\XPvRnro.exe
  C:\Windows\System\XPvRnro.exe
  2⤵
  PID:8760
- C:\Windows\System\sofKiHw.exe
  C:\Windows\System\sofKiHw.exe
  2⤵
  PID:8840
- C:\Windows\System\BqVZrtJ.exe
  C:\Windows\System\BqVZrtJ.exe
  2⤵
  PID:8852
- C:\Windows\System\LTFySXp.exe
  C:\Windows\System\LTFySXp.exe
  2⤵
  PID:8628
- C:\Windows\System\UbfFStv.exe
  C:\Windows\System\UbfFStv.exe
  2⤵
  PID:8388
- C:\Windows\System\yKIaHAB.exe
  C:\Windows\System\yKIaHAB.exe
  2⤵
  PID:8932
- C:\Windows\System\AkowxoT.exe
  C:\Windows\System\AkowxoT.exe
  2⤵
  PID:9016
- C:\Windows\System\veRREgk.exe
  C:\Windows\System\veRREgk.exe
  2⤵
  PID:9036
- C:\Windows\System\hGYrxKA.exe
  C:\Windows\System\hGYrxKA.exe
  2⤵
  PID:9056
- C:\Windows\System\nqNgOtz.exe
  C:\Windows\System\nqNgOtz.exe
  2⤵
  PID:9120
- C:\Windows\System\YGiHUme.exe
  C:\Windows\System\YGiHUme.exe
  2⤵
  PID:9168
- C:\Windows\System\MTJHPSO.exe
  C:\Windows\System\MTJHPSO.exe
  2⤵
  PID:8664
- C:\Windows\System\JyosmFJ.exe
  C:\Windows\System\JyosmFJ.exe
  2⤵
  PID:2516
- C:\Windows\System\OwwdKHm.exe
  C:\Windows\System\OwwdKHm.exe
  2⤵
  PID:8236
- C:\Windows\System\xBtHUyj.exe
  C:\Windows\System\xBtHUyj.exe
  2⤵
  PID:8124
- C:\Windows\System\iixrgBh.exe
  C:\Windows\System\iixrgBh.exe
  2⤵
  PID:8564
- C:\Windows\System\KaWKcUl.exe
  C:\Windows\System\KaWKcUl.exe
  2⤵
  PID:8108
- C:\Windows\System\kleZOLI.exe
  C:\Windows\System\kleZOLI.exe
  2⤵
  PID:8256
- C:\Windows\System\zUUUoNy.exe
  C:\Windows\System\zUUUoNy.exe
  2⤵
  PID:8608
- C:\Windows\System\cCREvrQ.exe
  C:\Windows\System\cCREvrQ.exe
  2⤵
  PID:8776
- C:\Windows\System\BxwRajm.exe
  C:\Windows\System\BxwRajm.exe
  2⤵
  PID:8928
- C:\Windows\System\vJXdbSh.exe
  C:\Windows\System\vJXdbSh.exe
  2⤵
  PID:9188
- C:\Windows\System\eLNwaWH.exe
  C:\Windows\System\eLNwaWH.exe
  2⤵
  PID:9060
- C:\Windows\System\jbgBmMM.exe
  C:\Windows\System\jbgBmMM.exe
  2⤵
  PID:8432
- C:\Windows\System\hJjRBEp.exe
  C:\Windows\System\hJjRBEp.exe
  2⤵
  PID:8380
- C:\Windows\System\OBKdAHs.exe
  C:\Windows\System\OBKdAHs.exe
  2⤵
  PID:7792
- C:\Windows\System\oCywhXM.exe
  C:\Windows\System\oCywhXM.exe
  2⤵
  PID:8580
- C:\Windows\System\yarYPjp.exe
  C:\Windows\System\yarYPjp.exe
  2⤵
  PID:8868
- C:\Windows\System\UjrNCGV.exe
  C:\Windows\System\UjrNCGV.exe
  2⤵
  PID:9164
- C:\Windows\System\UCRkQOI.exe
  C:\Windows\System\UCRkQOI.exe
  2⤵
  PID:8300
- C:\Windows\System\YBhuKBc.exe
  C:\Windows\System\YBhuKBc.exe
  2⤵
  PID:8420
- C:\Windows\System\qFxdufQ.exe
  C:\Windows\System\qFxdufQ.exe
  2⤵
  PID:8924
- C:\Windows\System\QXseSLT.exe
  C:\Windows\System\QXseSLT.exe
  2⤵
  PID:9136
- C:\Windows\System\ZEjBKlS.exe
  C:\Windows\System\ZEjBKlS.exe
  2⤵
  PID:9220
- C:\Windows\System\VstFBnX.exe
  C:\Windows\System\VstFBnX.exe
  2⤵
  PID:9236
- C:\Windows\System\pcyuHXa.exe
  C:\Windows\System\pcyuHXa.exe
  2⤵
  PID:9252
- C:\Windows\System\HiLAMWi.exe
  C:\Windows\System\HiLAMWi.exe
  2⤵
  PID:9268
- C:\Windows\System\dgEkRDQ.exe
  C:\Windows\System\dgEkRDQ.exe
  2⤵
  PID:9292
- C:\Windows\System\GLcHNDb.exe
  C:\Windows\System\GLcHNDb.exe
  2⤵
  PID:9312
- C:\Windows\System\GBhkMde.exe
  C:\Windows\System\GBhkMde.exe
  2⤵
  PID:9332
- C:\Windows\System\KdRyChe.exe
  C:\Windows\System\KdRyChe.exe
  2⤵
  PID:9356
- C:\Windows\System\YYyMBwI.exe
  C:\Windows\System\YYyMBwI.exe
  2⤵
  PID:9380
- C:\Windows\System\LFoPxBP.exe
  C:\Windows\System\LFoPxBP.exe
  2⤵
  PID:9396
- C:\Windows\System\laOGJVT.exe
  C:\Windows\System\laOGJVT.exe
  2⤵
  PID:9416
- C:\Windows\System\exIGElk.exe
  C:\Windows\System\exIGElk.exe
  2⤵
  PID:9432
- C:\Windows\System\UbxsnqJ.exe
  C:\Windows\System\UbxsnqJ.exe
  2⤵
  PID:9464
- C:\Windows\System\hbguWOc.exe
  C:\Windows\System\hbguWOc.exe
  2⤵
  PID:9488
- C:\Windows\System\FzMJRbH.exe
  C:\Windows\System\FzMJRbH.exe
  2⤵
  PID:9508
- C:\Windows\System\izzoARy.exe
  C:\Windows\System\izzoARy.exe
  2⤵
  PID:9524
- C:\Windows\System\dhvWGla.exe
  C:\Windows\System\dhvWGla.exe
  2⤵
  PID:9548
- C:\Windows\System\XKcsrMr.exe
  C:\Windows\System\XKcsrMr.exe
  2⤵
  PID:9564
- C:\Windows\System\RhQlDOH.exe
  C:\Windows\System\RhQlDOH.exe
  2⤵
  PID:9580
- C:\Windows\System\xlYzmFy.exe
  C:\Windows\System\xlYzmFy.exe
  2⤵
  PID:9596
- C:\Windows\System\CbJPjqY.exe
  C:\Windows\System\CbJPjqY.exe
  2⤵
  PID:9616
- C:\Windows\System\crEOLDN.exe
  C:\Windows\System\crEOLDN.exe
  2⤵
  PID:9632
- C:\Windows\System\gvBuEfG.exe
  C:\Windows\System\gvBuEfG.exe
  2⤵
  PID:9652
- C:\Windows\System\VeDyGFI.exe
  C:\Windows\System\VeDyGFI.exe
  2⤵
  PID:9672
- C:\Windows\System\QAifyav.exe
  C:\Windows\System\QAifyav.exe
  2⤵
  PID:9692
- C:\Windows\System\eBHEhfy.exe
  C:\Windows\System\eBHEhfy.exe
  2⤵
  PID:9708
- C:\Windows\System\umzwmoR.exe
  C:\Windows\System\umzwmoR.exe
  2⤵
  PID:9724
- C:\Windows\System\czHWvvD.exe
  C:\Windows\System\czHWvvD.exe
  2⤵
  PID:9748
- C:\Windows\System\dCoZsvV.exe
  C:\Windows\System\dCoZsvV.exe
  2⤵
  PID:9768
- C:\Windows\System\YvccieQ.exe
  C:\Windows\System\YvccieQ.exe
  2⤵
  PID:9784
- C:\Windows\System\gBQYewW.exe
  C:\Windows\System\gBQYewW.exe
  2⤵
  PID:9800
- C:\Windows\System\HsPQBMW.exe
  C:\Windows\System\HsPQBMW.exe
  2⤵
  PID:9820
- C:\Windows\System\ucKwDsU.exe
  C:\Windows\System\ucKwDsU.exe
  2⤵
  PID:9848
- C:\Windows\System\JjZmKvl.exe
  C:\Windows\System\JjZmKvl.exe
  2⤵
  PID:9872
- C:\Windows\System\yrmoKPh.exe
  C:\Windows\System\yrmoKPh.exe
  2⤵
  PID:9908
- C:\Windows\System\yKtkZhT.exe
  C:\Windows\System\yKtkZhT.exe
  2⤵
  PID:9928
- C:\Windows\System\PHsCdzx.exe
  C:\Windows\System\PHsCdzx.exe
  2⤵
  PID:9948
- C:\Windows\System\urOWRjQ.exe
  C:\Windows\System\urOWRjQ.exe
  2⤵
  PID:9968
- C:\Windows\System\YpGkhNG.exe
  C:\Windows\System\YpGkhNG.exe
  2⤵
  PID:9988
- C:\Windows\System\NcHhLoT.exe
  C:\Windows\System\NcHhLoT.exe
  2⤵
  PID:10008
- C:\Windows\System\NoXgPEH.exe
  C:\Windows\System\NoXgPEH.exe
  2⤵
  PID:10028
- C:\Windows\System\sVFcuDU.exe
  C:\Windows\System\sVFcuDU.exe
  2⤵
  PID:10060
- C:\Windows\System\hzdjVOp.exe
  C:\Windows\System\hzdjVOp.exe
  2⤵
  PID:10108
- C:\Windows\System\vpLCHiQ.exe
  C:\Windows\System\vpLCHiQ.exe
  2⤵
  PID:10128
- C:\Windows\System\IGorXKn.exe
  C:\Windows\System\IGorXKn.exe
  2⤵
  PID:10148
- C:\Windows\System\ISAqJMX.exe
  C:\Windows\System\ISAqJMX.exe
  2⤵
  PID:10164
- C:\Windows\System\rYvLDVS.exe
  C:\Windows\System\rYvLDVS.exe
  2⤵
  PID:10188
- C:\Windows\System\TnYJSSK.exe
  C:\Windows\System\TnYJSSK.exe
  2⤵
  PID:10208
- C:\Windows\System\GflgJOn.exe
  C:\Windows\System\GflgJOn.exe
  2⤵
  PID:8728
- C:\Windows\System\hfXuYqG.exe
  C:\Windows\System\hfXuYqG.exe
  2⤵
  PID:7108
- C:\Windows\System\WgEbzah.exe
  C:\Windows\System\WgEbzah.exe
  2⤵
  PID:8596
- C:\Windows\System\TKGNPog.exe
  C:\Windows\System\TKGNPog.exe
  2⤵
  PID:9280
- C:\Windows\System\AndCBrA.exe
  C:\Windows\System\AndCBrA.exe
  2⤵
  PID:9324
- C:\Windows\System\jfgKzce.exe
  C:\Windows\System\jfgKzce.exe
  2⤵
  PID:9376
- C:\Windows\System\DvInXOo.exe
  C:\Windows\System\DvInXOo.exe
  2⤵
  PID:9444
- C:\Windows\System\RGOmmWe.exe
  C:\Windows\System\RGOmmWe.exe
  2⤵
  PID:9536
- C:\Windows\System\oKNnopj.exe
  C:\Windows\System\oKNnopj.exe
  2⤵
  PID:9604
- C:\Windows\System\osYTEDz.exe
  C:\Windows\System\osYTEDz.exe
  2⤵
  PID:9648
- C:\Windows\System\rbkUItA.exe
  C:\Windows\System\rbkUItA.exe
  2⤵
  PID:9716
- C:\Windows\System\luITrvO.exe
  C:\Windows\System\luITrvO.exe
  2⤵
  PID:9760
- C:\Windows\System\wRHsZMj.exe
  C:\Windows\System\wRHsZMj.exe
  2⤵
  PID:9796
- C:\Windows\System\rhhjiCQ.exe
  C:\Windows\System\rhhjiCQ.exe
  2⤵
  PID:9776
- C:\Windows\System\hfhQxzG.exe
  C:\Windows\System\hfhQxzG.exe
  2⤵
  PID:9668
- C:\Windows\System\YUlnQMW.exe
  C:\Windows\System\YUlnQMW.exe
  2⤵
  PID:9084
- C:\Windows\System\wFXbQsF.exe
  C:\Windows\System\wFXbQsF.exe
  2⤵
  PID:9208
- C:\Windows\System\jTvjYhe.exe
  C:\Windows\System\jTvjYhe.exe
  2⤵
  PID:9264
- C:\Windows\System\XixUWGC.exe
  C:\Windows\System\XixUWGC.exe
  2⤵
  PID:9344
- C:\Windows\System\GyPehkg.exe
  C:\Windows\System\GyPehkg.exe
  2⤵
  PID:9424
- C:\Windows\System\BFZLYPY.exe
  C:\Windows\System\BFZLYPY.exe
  2⤵
  PID:9516
- C:\Windows\System\hLkUGtO.exe
  C:\Windows\System\hLkUGtO.exe
  2⤵
  PID:9624
- C:\Windows\System\WzWggSQ.exe
  C:\Windows\System\WzWggSQ.exe
  2⤵
  PID:9732
- C:\Windows\System\AoGIodo.exe
  C:\Windows\System\AoGIodo.exe
  2⤵
  PID:9840
- C:\Windows\System\ZJkJfHQ.exe
  C:\Windows\System\ZJkJfHQ.exe
  2⤵
  PID:9884
- C:\Windows\System\srUeszW.exe
  C:\Windows\System\srUeszW.exe
  2⤵
  PID:9172
- C:\Windows\System\mqikgCk.exe
  C:\Windows\System\mqikgCk.exe
  2⤵
  PID:9976
- C:\Windows\System\HrmqExT.exe
  C:\Windows\System\HrmqExT.exe
  2⤵
  PID:10020
- C:\Windows\System\siwPnwu.exe
  C:\Windows\System\siwPnwu.exe
  2⤵
  PID:9860
- C:\Windows\System\PLnXHch.exe
  C:\Windows\System\PLnXHch.exe
  2⤵
  PID:9924
- C:\Windows\System\EWwRhAT.exe
  C:\Windows\System\EWwRhAT.exe
  2⤵
  PID:9996
- C:\Windows\System\gQZeacp.exe
  C:\Windows\System\gQZeacp.exe
  2⤵
  PID:10076
- C:\Windows\System\DkrAqWn.exe
  C:\Windows\System\DkrAqWn.exe
  2⤵
  PID:10100
- C:\Windows\System\XHtvufP.exe
  C:\Windows\System\XHtvufP.exe
  2⤵
  PID:10140
- C:\Windows\System\kdpEebs.exe
  C:\Windows\System\kdpEebs.exe
  2⤵
  PID:10216
- C:\Windows\System\TnXGVNb.exe
  C:\Windows\System\TnXGVNb.exe
  2⤵
  PID:10236
- C:\Windows\System\slDKyPV.exe
  C:\Windows\System\slDKyPV.exe
  2⤵
  PID:9320
- C:\Windows\System\XZAMzXb.exe
  C:\Windows\System\XZAMzXb.exe
  2⤵
  PID:10196
- C:\Windows\System\HmFCKpa.exe
  C:\Windows\System\HmFCKpa.exe
  2⤵
  PID:10204
- C:\Windows\System\wRkXXOG.exe
  C:\Windows\System\wRkXXOG.exe
  2⤵
  PID:9244
- C:\Windows\System\JHNBWcr.exe
  C:\Windows\System\JHNBWcr.exe
  2⤵
  PID:9412
- C:\Windows\System\aapJZQT.exe
  C:\Windows\System\aapJZQT.exe
  2⤵
  PID:9640
- C:\Windows\System\IDBaBLd.exe
  C:\Windows\System\IDBaBLd.exe
  2⤵
  PID:8904
- C:\Windows\System\rlLeMjk.exe
  C:\Windows\System\rlLeMjk.exe
  2⤵
  PID:8024
- C:\Windows\System\izdVcEL.exe
  C:\Windows\System\izdVcEL.exe
  2⤵
  PID:8964
- C:\Windows\System\jmcieHd.exe
  C:\Windows\System\jmcieHd.exe
  2⤵
  PID:9592
- C:\Windows\System\UfuOyRC.exe
  C:\Windows\System\UfuOyRC.exe
  2⤵
  PID:9232
- C:\Windows\System\XBtEQaT.exe
  C:\Windows\System\XBtEQaT.exe
  2⤵
  PID:9472
- C:\Windows\System\azYqXlW.exe
  C:\Windows\System\azYqXlW.exe
  2⤵
  PID:9700
- C:\Windows\System\qHzkcsz.exe
  C:\Windows\System\qHzkcsz.exe
  2⤵
  PID:9936
- C:\Windows\System\yHvmLtF.exe
  C:\Windows\System\yHvmLtF.exe
  2⤵
  PID:9740
- C:\Windows\System\mbaGNpg.exe
  C:\Windows\System\mbaGNpg.exe
  2⤵
  PID:9856
- C:\Windows\System\fAyECXn.exe
  C:\Windows\System\fAyECXn.exe
  2⤵
  PID:9812
- C:\Windows\System\rUkyoLm.exe
  C:\Windows\System\rUkyoLm.exe
  2⤵
  PID:9964
- C:\Windows\System\XvmFehJ.exe
  C:\Windows\System\XvmFehJ.exe
  2⤵
  PID:10036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ADXriGX.exe

Filesize
6.0MB

MD5
41bb90f00a3a816b92186ad44d958b39

SHA1
109f81deb26bfd26c88c4b0b031e617f44179ca5

SHA256
2b90cd9d8ce0a6f8681a27cff6e733a305a91bdaed3a7716300fd6382f9292ba

SHA512
ca25642768ca60cdeac7576e3ec48a81e596f69a4230bfdc42a1b53422197eb7587b677bd9764859427b9ce1c90f9be5d319131016ffe8b02fb5c499c5e51930

Download Submit
C:\Windows\system\BKmioGQ.exe

Filesize
6.0MB

MD5
af37ffa6d22306baafb2be912c589b96

SHA1
9212a3401713515ce68c9a49673b22608a9c852b

SHA256
29a96ea24f6b1785d4fe3684a61f6c0579eef620acbae2acf94717d83b11af94

SHA512
da6c9127c3b10c3d07925f348e391e3fa577a935f13005b76c564a2bb00bba810d82d7a300015e3b4e2f646f353e8017ff555457de159640dc88f3e9a958ca83

Download Submit
C:\Windows\system\BPAmulg.exe

Filesize
6.0MB

MD5
5a0d47ac50621dca2b457247937ddfd5

SHA1
8f212e939845226c840b66b8ab5dc16ab1281845

SHA256
fae3d58e034e90ca4013ec2df8780bf9d73711058dcc7ac2fd4869454944e429

SHA512
0718f0a60e7f1c04a7706732e75bc16ebb0f591bdbc21bac4de80c7c8b9928ddc378d4d01e347d0a9fff40c9b98d29ad3bf4ef207811b3306716411d77fb9059

Download Submit
C:\Windows\system\DJOkeTt.exe

Filesize
6.0MB

MD5
4301acad217742a85465ac9a84ad0227

SHA1
67f6e684faed8c007c7a7551cdb41c42c6e3e3d1

SHA256
e3a65d62c2930c0cd06bc74ed3958be0ededf65465494e533ae44f2879933fba

SHA512
7d6738f2a718a6a39e6b96c7676b0e05d8102f0e486624d18e3afab8c9088765f349e34557ffa5c1e063317e8a1f3dcc2453a7113b5eba9ceb162c005628902a

Download Submit
C:\Windows\system\GZgTDDS.exe

Filesize
6.0MB

MD5
fef5996dfdee071e9cafdcee7eafea10

SHA1
8a47ae18fe9fde9beee87ed874a6035d808e018f

SHA256
75674b154b98a3ea70c70b1c2a09893c4439d9f76e18a9af02d9eeb9060f0b92

SHA512
1647b65210d06a01113c9a02777739477733673b65ace1913a6aec87add7fbe285f94af005e524bc991bb949a828e4d3d72ad6f1a4e0c825e727474e2caa56c7

Download Submit
C:\Windows\system\JIawUNg.exe

Filesize
6.0MB

MD5
d28c45b63407e982c3545d9d20c684f7

SHA1
b124681d7c79145e9b0f4b1c3022e9a426963857

SHA256
b5252809531b5e3184f0ed46915458d58dce54b5c5e019adf7bbf0a6ad01a006

SHA512
e788d4d6accd968359040bf4c91621ff98c6ec0d0baf2205fadfe66a1a847d0c4bd9bce5928e22ec22d4d5014eb63f5dc83a19224c96f51163339e0d5899b372

Download Submit
C:\Windows\system\OaQTEZs.exe

Filesize
6.0MB

MD5
7d3bf06e3905109160a500c8f05d62aa

SHA1
8c6b8c1351e341db57f3bbf3cd11b090e2debb49

SHA256
4b51c96d967769bc88ccd03d2ac33590b7a5374aca7c875dcb246761c053b59a

SHA512
ea3ae8700cb6e2bd0f31f63e89ebb76dd37b4536d8ee3cea1d9bedd3edfaccab52760121ad3cc86d20d7cb086191f9ac7b206a6ce9ae360053db630617c47b6c

Download Submit
C:\Windows\system\QzKwXJE.exe

Filesize
6.0MB

MD5
b7f72a901f5b118d2f8ca69fcc2992cd

SHA1
af5056264827f7fa01d2ce9375032d6b006bf2d9

SHA256
4e21d6e30acfdebe5ecc228ad10a1c02521cf983d8e83194ef2cc43f3858f9cf

SHA512
6418beaf9e085fa9c2e96773397b5d777d8cef74e7146755a37b976d23ea4f4b671ce265446612ff698c141019d7786762ad3bd2459b8976fb087f6d40004647

Download Submit
C:\Windows\system\SDDmyFb.exe

Filesize
6.0MB

MD5
39f5f6ee33a943c70477c21714912dc7

SHA1
5ff0f0b8c3807cfd5338bfff657f373d19e48d74

SHA256
015809b8bfadfa0a5ba22175b41cdf297a30fa5259f48c14d5600bf24d47218b

SHA512
88a2284c96d9acba28f51cdf9def161fc8873ce30aa5b7a7fdd03debeb85100872e2e58c302973cc2df7a45efbd4766b4a9b47f96ad24df0419784c098a93ec9

Download Submit
C:\Windows\system\UmApbUf.exe

Filesize
6.0MB

MD5
b12b5aabb6dd8c9cbb319c305fbe8996

SHA1
a9aa95d96b790775e9128c441dbffbc3414710ed

SHA256
7216bea4064169dbcc03a28e75879e66e221450389c750451b69e57380140f5c

SHA512
85b13e9cf709a85e1f9d400c291a7fcdcf2ef36a31ef9a73b1ff46391c4ee830a4d2ff5d9026c25f0eeec812de4e460a3703405706eac2679a0ace8e53d1a053

Download Submit
C:\Windows\system\VGwoXeo.exe

Filesize
6.0MB

MD5
ffa9857c876871b8e6b807fa1972deca

SHA1
cd991f7d9aea4de462b174668d832c324466f28c

SHA256
ec691384828ab524cfd22bf860ef72038a25471ffd62d8ab25118f0cf20d53a6

SHA512
1a77aec0e313dfad970e41b3b6dfe27a7e00022395894d1a3f16ba8bf1d0dc6858f5697983fe75106793b2b82f64905b1171007cc35e60855d34e6a363ab51d5

Download Submit
C:\Windows\system\XQYMedE.exe

Filesize
6.0MB

MD5
d8791b53432743407182d7f5fcfaebba

SHA1
539614961d4fb52ab9095f9964c73037a9d702f3

SHA256
7f9efc3547575e0a9618f33d701cf5047b1a81c7488e14b825d447e00dac23eb

SHA512
ee228ed9d895bd22055d3e342414e4190cb102ef531de39cd3efbcded7551999ddc14d3dbe34aa0dd1eab2517209f982af800c0a4ac3164ff091b9763b536a86

Download Submit
C:\Windows\system\ejvIBoZ.exe

Filesize
6.0MB

MD5
6eb6dd7d94b9138632d4f2d22c2cced8

SHA1
c24ad5d9169fe874d05bbb50c756a84ada612416

SHA256
8a12c7d3291be75622dfc82469adcebefd215c5aaa327f7d242d035f3d1e265b

SHA512
6ad1840f693c2a0f77d8535f5676ef9bdbc8334f829e346c1c408437f4129f72016097cd760b2622ef13f408952964cb01adb05f1a4c02c261ba56a7168b091c

Download Submit
C:\Windows\system\hQPbwSf.exe

Filesize
6.0MB

MD5
eb6d3705f1575509d8cb4471c9d4c146

SHA1
56d3e76cd37f80d11f6711c92a6307135eff9af5

SHA256
e28d8391324a3b861773fc97d73b6a4e5ddda6c077391d22e51ba50dece1a5df

SHA512
1b95632d3882dd20cd2b4773867074fddabb1b5f02344ecdddc79567f3f5ff4aeaa0770dfe8c41eae57b2cfb33ea7160633cea833fdaf468428185b8403641d0

Download Submit
C:\Windows\system\hxoFCBH.exe

Filesize
6.0MB

MD5
dac995cd5bfbd59eadd9ed224e87265d

SHA1
a5da744c6795b501953b81a5da3b9a9c3dc535e3

SHA256
de70dab999f81c638a177be5cd8945663169ae7b3fb6601670caf91fc70ee7c5

SHA512
47329fee1e6db303d969ba1cbe0b495635b577f370f5f5223a2279f3166a13753f182db50e4d4781cb6e4ecc9a9a63e084ad6774d0defa645329c321355dbf61

Download Submit
C:\Windows\system\iSZtNiT.exe

Filesize
6.0MB

MD5
7521247ea53db6793d6e51bd5fcd5fba

SHA1
b1fe428fd3008a7073e5ba1a17446403ebfff57e

SHA256
c41284584ac79f43bffc6e76d34dfe66d8006c43c22813f1ec58f8b006777504

SHA512
09570974badaa6b855b8699edbb2416ffb30ded658eae3fe0141ecd8822ae0a648c16c9bbbfc1afd78379d051686f9a15e1ef396c19efb8ceca5a6728ab30a26

Download Submit
C:\Windows\system\jpqlpyp.exe

Filesize
6.0MB

MD5
09cbd659b9989ad92caeafe364960677

SHA1
bd6f4d487c16f677ae3b6f2c8e3d285c1ec84dfd

SHA256
b3635c3e2f80260ea59f28080bd4a1553a0a895eb7a4b0e2564d6de1dd4c4100

SHA512
73baa614e9cea7376025bab0184f06467bce7eec82aa3d27d545d3409ab3da2b96ba15ec8b3fae1d52948e8692a11e3f78ee09beb856dcac2e7b6194b4e059de

Download Submit
C:\Windows\system\lpgFLJW.exe

Filesize
6.0MB

MD5
4bf2c1244861f46a11155b6fa662eaf0

SHA1
23ecfc1b5332fc3e7f7c8b27bed5d362fe90df73

SHA256
9b8e00b0f06264770045d34450c963b6209c072d7fc3fe56ce0b0e0ebce2b5c8

SHA512
9be3952519e15a17072aee2e6f0c6e9ca246b61ad20325353bfb41eb93e870ecdde7b2aae9ae046c084de4695cb39a13d87b29f88b37522066fc09d82e9d9c35

Download Submit
C:\Windows\system\lpzAGwG.exe

Filesize
6.0MB

MD5
157e536b6b4ec1a5d32635a988acecac

SHA1
2d08696ef50b4d1d97d704603f5f57c8b543e378

SHA256
83ec7de2973abf4d7097bf5b15eea58adc05373189cf3dcb7c0435c4cee1cd33

SHA512
0b3e74a0a859eba542b9d8924d70db5a4bee7edadca044947b5c8ca7b2b2c17e4be84b845612e053c2b47d7d01f6475fb0570b2140c37fd1314c7ece54a2e4ef

Download Submit
C:\Windows\system\msMsbiH.exe

Filesize
6.0MB

MD5
e10234505cac49f35434d7c466081a78

SHA1
d1089f3d1c3ce04fdee58c828307962788ddc5a8

SHA256
4936308a1eb4915ec0c1c02e8f809da771bf8926da638a8441caa5b17786f325

SHA512
20377058e2b2c340acfa1c61d6cecb1bfeae3b8740b323cc34b3156b8e884d5488cadee7907ee6a83b35925b028bc6eabb6e00175a5bd7f1e5ce2ef891e40609

Download Submit
C:\Windows\system\ngKKeLA.exe

Filesize
6.0MB

MD5
f794345a4e40757bc03014d22f9a1483

SHA1
4902d686e412d8257c413829523a4adb17075278

SHA256
8d87d8bc843757055903bba03181db25bc9b6561182d42dc45c6bba7e43089a6

SHA512
5b580b53d3e1b9281d43820efb4247f8229e46ba99cc148458853adc721622a2efbb073c7d2f55df8ee62cacf703d24778e29e7b19afe7bb33b6ce998991cee3

Download Submit
C:\Windows\system\obfmuro.exe

Filesize
6.0MB

MD5
8d264a635fca359e44e3b07385a5d629

SHA1
7feb501ce0788fd0b2c8b12807458ea181df9a05

SHA256
0053f2f18c608649d03810d59d4637793b1d972792139c32c5bfd56f6f90bf6a

SHA512
ac304e8e9de72cb7b7c3d4c8e59cbae77da10b0444ea14e7df9f207cbd9a077eac220ae6b45ca4a6210ed0616204f71fe7b541a7c38ed3aef373f39b70edd6b2

Download Submit
C:\Windows\system\okGHQAT.exe

Filesize
6.0MB

MD5
447982db652a4f0d222eba4a96683e9e

SHA1
203fe30d59fe69a5685ba8c62ec6a619fbe251df

SHA256
08dcc343a7583fa95f17b46d115e149b7e06e8727ac691214d229db558bb0f13

SHA512
e901aba9b34461324f2c12d24357d7e7f75cdf2b0e3a198061fcb21426ccea932105ed6ab25d54d79f5ee1a32afadf6a8e6bbcfb58b7637ecd8862971c77390c

Download Submit
C:\Windows\system\oyZhGQM.exe

Filesize
6.0MB

MD5
7f77eddc99289773683ad2ba02db9d32

SHA1
1b2f5d675ab85768f552769d5090ebd0290fca16

SHA256
57d6bf8d4da0545c1b2b9a368e533c0529360895254deaaa37b071ddb0a17343

SHA512
c9933eef37541b6ce3c5b0b8d93e0ae5dffc018fc90e388b25a65d2fdcf26c61f25ada0af1ded785cdd18b47f009cc7547dc2d2605db39a6f99300b4da9cff32

Download Submit
C:\Windows\system\tZsxSuA.exe

Filesize
6.0MB

MD5
69e3b41453c7f61c5bc905ade56353a7

SHA1
6d9d9372c24b726e3a3db3d0632d591a826f7662

SHA256
f79d791e91de8b0fd8d91eb0d469f8c0ffbde73d81c1c48ae991da936ddd9ff2

SHA512
b7b777526dd1982cddddb4da2c9ed4c69afe38e4f0e42966c6ab34069d155c166444b7f172d528f21e86dbbe430f743a180ac84a31ee5e9bf4192e6ea5100f64

Download Submit
C:\Windows\system\uqoiYHa.exe

Filesize
6.0MB

MD5
440e8d1a505ec2d5a46aff0e4b9a5a5e

SHA1
dd362c952571ea37a48fcb1faf2b1f730ec0e0d8

SHA256
81b408959c65f1a7b88cc0824f138f0522fc5242c023d68a809e424f0934e320

SHA512
190815e9e57efc8cb6b7f05b578c9caa83daa26d3f609a147239e276e2ae82c5bb2cf31932e7d95788783b4e485b4be83d34202ffc4d1f530f427a58acaacc25

Download Submit
C:\Windows\system\uvthxTt.exe

Filesize
6.0MB

MD5
f73500e010404c5586e666924bf030ec

SHA1
5a4d6d35e11fc2639da259055bccb55931b3c752

SHA256
1221b6337c534606826b62b8cd1d2c2616d186b996d07e606758a07437e4fb27

SHA512
838f9ca15918f1ac2c9e521a07718fee5b56fc4f2291f8e14d8d3f77653f9e0e48e8dc6e85fbb637383e289ef9ae9d8e9cd375ae9a034eee145c43562d2b81e9

Download Submit
C:\Windows\system\xuGYBcg.exe

Filesize
6.0MB

MD5
a538266e48cd581ab3858bf5c3eae695

SHA1
709ab819110c771f1bf8a8f509d4510e3f53e50e

SHA256
5138a7b848c9ed699085b9b218a012ace783ea845408fefb4b43d6287d1ca1ab

SHA512
27c42cecaa9ea3c5e8d049cdcdbcc647a05d81abfe029a076eca39c931c687a2996c2cbaeee1fa14564af78d87bf46ba266de2dd41e20eb61a8a908b79c59037

Download Submit
C:\Windows\system\ySBnlAu.exe

Filesize
6.0MB

MD5
3a30d2f6bfc77a6dd963ab171adb28a6

SHA1
604ae52025b39ba91b64137bb7e862bb48f180ee

SHA256
40ede0fcc4cd8a94f12f8b0ac7579f52ae08a37f546f7b6190a5fdc7d786fe51

SHA512
99889d33631a5d71f197882514690a07e736d640bf5ebdad4ff8cba04bce0731926f8f412998f07fff02b116d29a549365511950f8ce46fc2b4d6713c451a057

Download Submit
\Windows\system\KufehMX.exe

Filesize
6.0MB

MD5
95222a193bc62d0514bd7d75564abfce

SHA1
f36250773307b18631ce3e0a16bdd70936aa259d

SHA256
2179d882bb973696148d57b1890e81347c42117a06dc8af5c56c24bebc6c8815

SHA512
8e2ac0c95a244008e39eb553a46b919f528e762026c77f1cd0c0a61ee6f4603a41297e0e291ae944f01a0b68ddc026a9a1818b6c3622112812ed1297167eec0c

Download Submit
\Windows\system\OrejPAU.exe

Filesize
6.0MB

MD5
c93e3000d19ab2cb9f8370af30b848f9

SHA1
161e6abf51fd022e4e423e6a5cdd7d90ac4173c0

SHA256
4be4f69cf52a757caed444cae9f5658d4efca417f921da5e82874f5e1337caaf

SHA512
f0702196abc453b3046a21d2aab868bc2dca45906c8053f1f0f2b1c9124b3132a6a6ecc78c8f545931aff9c658b5f26cddb736c32ac2e2af1b526482032ea705

Download Submit
\Windows\system\crXMhon.exe

Filesize
6.0MB

MD5
8aa4730b3fa2489ef2f609854ebfd7f1

SHA1
3db85ca688bcc732ae2c88c3b6a7098ee483d245

SHA256
75d373681645df94ffc1b0f15523f42c3f3f16ac98afec1aac3c96b2cf2531b0

SHA512
2102fba2c4d85a5fa957609149f8c09c69859b0f944b11346c6572c2a4056f7d927612187e399720687018aa2c3e24e3b88e34875fdc65c96c969f0996510291

Download Submit
memory/1868-2073-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1868-2604-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/1868-123-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1868-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1868-2031-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1868-0-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1868-2092-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/1868-4039-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1868-2614-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/1868-2553-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2532-4064-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2532-2613-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2552-4063-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2552-2552-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-4052-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-2603-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2640-4053-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2652-2087-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2652-4062-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2836-2005-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2836-4060-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2956-2457-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2956-4054-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2964-2071-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2964-4055-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download