cobaltstrike | 0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-12-2024 05:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
Size

6.0MB
MD5

8e363ad99c896e0f647fe84aea675a21
SHA1

c6010e8f23af8883e98fb9d902d5847f1e57bd85
SHA256

0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4
SHA512

108ac06f8fc14be9595af3a90a6df895e7dd58189fd5359494dcb7c23e00514f798ddda9e2bf544c056a0c2940a378b94b6c2abdf7c67a16381f3487266054e8
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lU1:eOl56utgpPF8u/71

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012118-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016edb-11.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001707c-15.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173f3-21.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001746a-30.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017403-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017488-36.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174a6-38.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019268-50.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019387-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b3-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019433-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019465-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d7-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019485-151.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016de4-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019479-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947d-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946a-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945b-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019450-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019446-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-75.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-60.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-55.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174c3-45.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 40 IoCs

miner

resource	yara_rule
behavioral1/memory/1620-0-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/files/0x0007000000012118-6.dat	xmrig
behavioral1/files/0x0008000000016edb-11.dat	xmrig
behavioral1/files/0x000800000001707c-15.dat	xmrig
behavioral1/files/0x00080000000173f3-21.dat	xmrig
behavioral1/files/0x000700000001746a-30.dat	xmrig
behavioral1/files/0x0007000000017403-26.dat	xmrig
behavioral1/files/0x0007000000017488-36.dat	xmrig
behavioral1/files/0x00080000000174a6-38.dat	xmrig
behavioral1/files/0x0005000000019268-50.dat	xmrig
behavioral1/files/0x0005000000019365-80.dat	xmrig
behavioral1/files/0x0005000000019387-90.dat	xmrig
behavioral1/files/0x00050000000193b3-100.dat	xmrig
behavioral1/files/0x0005000000019433-110.dat	xmrig
behavioral1/files/0x0005000000019465-126.dat	xmrig
behavioral1/files/0x00050000000194d7-160.dat	xmrig
behavioral1/files/0x0005000000019485-151.dat	xmrig
behavioral1/files/0x0009000000016de4-154.dat	xmrig
behavioral1/files/0x0005000000019479-139.dat	xmrig
behavioral1/files/0x000500000001947d-145.dat	xmrig
behavioral1/files/0x000500000001946a-135.dat	xmrig
behavioral1/files/0x000500000001945b-127.dat	xmrig
behavioral1/files/0x0005000000019450-121.dat	xmrig
behavioral1/files/0x0005000000019446-115.dat	xmrig
behavioral1/files/0x00050000000193c1-105.dat	xmrig
behavioral1/files/0x00050000000193a4-95.dat	xmrig
behavioral1/files/0x0005000000019377-85.dat	xmrig
behavioral1/files/0x0005000000019319-75.dat	xmrig
behavioral1/files/0x000500000001929a-70.dat	xmrig
behavioral1/files/0x0005000000019278-65.dat	xmrig
behavioral1/files/0x0005000000019275-60.dat	xmrig
behavioral1/files/0x000500000001926c-55.dat	xmrig
behavioral1/files/0x00080000000174c3-45.dat	xmrig
behavioral1/memory/3064-2550-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2988-2555-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2520-2584-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/1620-3983-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/2988-4010-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/3064-4011-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2520-4012-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2844	KLauxSH.exe
3064	udkxXcf.exe
2988	avwZYQy.exe
2520	airhpuu.exe
2076	jCNjwTb.exe
2476	uuHFjOg.exe
2744	qBqZOOg.exe
2832	cIBVsyD.exe
2756	HVhtUvb.exe
2736	jAMoLSG.exe
2908	BYvOAim.exe
2704	uIvsual.exe
2624	uvJwuvp.exe
2716	nFaQpft.exe
2616	AGJPBNB.exe
1880	xjiksMu.exe
2328	FmhpMfb.exe
2164	RvnMFXQ.exe
1132	ENviazg.exe
1908	CwMazBS.exe
992	oiXLyAv.exe
964	yqWSQcX.exe
2364	IlSQPNQ.exe
1652	xOvhjYV.exe
1824	ZVsQDhT.exe
1448	itfexht.exe
2952	BpwNvIp.exe
2884	qQxyweC.exe
1564	YTpxxuD.exe
2284	fXUEntc.exe
2136	wqgaXBZ.exe
2192	vCjKsRZ.exe
408	fIdeKAf.exe
1176	LzfUHxP.exe
2580	pWXEKgX.exe
956	ZuUxrjP.exe
1868	LdrvHAt.exe
952	GAeMwfq.exe
1136	uuVMUmz.exe
832	ztMuHkp.exe
1696	AbylRLp.exe
3008	rfFitJu.exe
1892	dnWXLBC.exe
896	nmsmsss.exe
1472	HnbpNyr.exe
2500	xTHcwxI.exe
1724	DVKtwLp.exe
2340	lcjcphU.exe
700	WUhPxNZ.exe
2488	oJNIHBC.exe
752	ZqntybC.exe
1668	kgghYWz.exe
1412	TWKmkzL.exe
996	ixOTsMn.exe
884	oHCbQHC.exe
876	DKhTwma.exe
2464	IQkiGtR.exe
1520	KcQhTNL.exe
2460	foZObef.exe
2680	mwQaANW.exe
2064	QnRzKKg.exe
796	ZoaRNRd.exe
2536	mCpxmHe.exe
2708	UhTWjyg.exe

Loads dropped DLL 64 IoCs

pid	Process
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe

UPX packed file 40 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1620-0-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/files/0x0007000000012118-6.dat	upx
behavioral1/files/0x0008000000016edb-11.dat	upx
behavioral1/files/0x000800000001707c-15.dat	upx
behavioral1/files/0x00080000000173f3-21.dat	upx
behavioral1/files/0x000700000001746a-30.dat	upx
behavioral1/files/0x0007000000017403-26.dat	upx
behavioral1/files/0x0007000000017488-36.dat	upx
behavioral1/files/0x00080000000174a6-38.dat	upx
behavioral1/files/0x0005000000019268-50.dat	upx
behavioral1/files/0x0005000000019365-80.dat	upx
behavioral1/files/0x0005000000019387-90.dat	upx
behavioral1/files/0x00050000000193b3-100.dat	upx
behavioral1/files/0x0005000000019433-110.dat	upx
behavioral1/files/0x0005000000019465-126.dat	upx
behavioral1/files/0x00050000000194d7-160.dat	upx
behavioral1/files/0x0005000000019485-151.dat	upx
behavioral1/files/0x0009000000016de4-154.dat	upx
behavioral1/files/0x0005000000019479-139.dat	upx
behavioral1/files/0x000500000001947d-145.dat	upx
behavioral1/files/0x000500000001946a-135.dat	upx
behavioral1/files/0x000500000001945b-127.dat	upx
behavioral1/files/0x0005000000019450-121.dat	upx
behavioral1/files/0x0005000000019446-115.dat	upx
behavioral1/files/0x00050000000193c1-105.dat	upx
behavioral1/files/0x00050000000193a4-95.dat	upx
behavioral1/files/0x0005000000019377-85.dat	upx
behavioral1/files/0x0005000000019319-75.dat	upx
behavioral1/files/0x000500000001929a-70.dat	upx
behavioral1/files/0x0005000000019278-65.dat	upx
behavioral1/files/0x0005000000019275-60.dat	upx
behavioral1/files/0x000500000001926c-55.dat	upx
behavioral1/files/0x00080000000174c3-45.dat	upx
behavioral1/memory/3064-2550-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2988-2555-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2520-2584-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/1620-3983-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2988-4010-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/3064-4011-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2520-4012-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JebshZQ.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\znbcMRk.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\pxLmwTf.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\pOopfOp.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\DKhTwma.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\jwFLixR.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\cHYQyIY.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\AlFOxYY.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\kpJldFZ.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\aTFXoxD.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\hlmIqom.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\sCdPfHc.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\YPLuLha.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\PlxYZem.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\sPclniG.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\KIBygkb.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\SvOHwFj.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\yqWSQcX.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\kLlygmH.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\LpsjENl.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\eHcgvcH.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\OYtcYXz.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\IlSQPNQ.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\dIoPBFo.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\eAtcNDf.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\mnGutqI.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\gjBQsNX.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\KaXBtvl.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\daVqqSR.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\RKXiiGU.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\GQtzprs.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\FUQrRGL.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\FlPUbEA.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\kHDomZG.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\ENviazg.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\ebQmCFO.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\uyZjHSn.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\eJGkmag.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\nKNNSQr.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\TPaawfa.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\YWQvMAp.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\hoOUMBp.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\WdOVorx.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\SwGMsVy.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\jthyrIJ.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\suyGTJu.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\RUJzknU.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\DimwDTa.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\uvJwuvp.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\ecvYgkW.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\baMNkLq.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\MnIIlGd.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\aMkMhsY.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\OhdevJm.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\UKVkduT.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\ekMJgVU.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\zPoBUxr.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\jbYblDs.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\kATmMVm.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\XbPohrj.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\qzwijEC.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\jfthNVg.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\uWAaWkb.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
File created	C:\Windows\System\airhpuu.exe	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 2844	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	31
PID 1620 wrote to memory of 2844	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	31
PID 1620 wrote to memory of 2844	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	31
PID 1620 wrote to memory of 3064	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	32
PID 1620 wrote to memory of 3064	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	32
PID 1620 wrote to memory of 3064	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	32
PID 1620 wrote to memory of 2988	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	33
PID 1620 wrote to memory of 2988	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	33
PID 1620 wrote to memory of 2988	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	33
PID 1620 wrote to memory of 2520	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	34
PID 1620 wrote to memory of 2520	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	34
PID 1620 wrote to memory of 2520	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	34
PID 1620 wrote to memory of 2076	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	35
PID 1620 wrote to memory of 2076	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	35
PID 1620 wrote to memory of 2076	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	35
PID 1620 wrote to memory of 2476	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	36
PID 1620 wrote to memory of 2476	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	36
PID 1620 wrote to memory of 2476	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	36
PID 1620 wrote to memory of 2744	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	37
PID 1620 wrote to memory of 2744	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	37
PID 1620 wrote to memory of 2744	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	37
PID 1620 wrote to memory of 2832	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	38
PID 1620 wrote to memory of 2832	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	38
PID 1620 wrote to memory of 2832	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	38
PID 1620 wrote to memory of 2756	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	39
PID 1620 wrote to memory of 2756	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	39
PID 1620 wrote to memory of 2756	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	39
PID 1620 wrote to memory of 2736	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	40
PID 1620 wrote to memory of 2736	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	40
PID 1620 wrote to memory of 2736	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	40
PID 1620 wrote to memory of 2908	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	41
PID 1620 wrote to memory of 2908	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	41
PID 1620 wrote to memory of 2908	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	41
PID 1620 wrote to memory of 2704	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	42
PID 1620 wrote to memory of 2704	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	42
PID 1620 wrote to memory of 2704	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	42
PID 1620 wrote to memory of 2624	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	43
PID 1620 wrote to memory of 2624	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	43
PID 1620 wrote to memory of 2624	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	43
PID 1620 wrote to memory of 2716	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	44
PID 1620 wrote to memory of 2716	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	44
PID 1620 wrote to memory of 2716	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	44
PID 1620 wrote to memory of 2616	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	45
PID 1620 wrote to memory of 2616	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	45
PID 1620 wrote to memory of 2616	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	45
PID 1620 wrote to memory of 1880	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	46
PID 1620 wrote to memory of 1880	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	46
PID 1620 wrote to memory of 1880	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	46
PID 1620 wrote to memory of 2328	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	47
PID 1620 wrote to memory of 2328	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	47
PID 1620 wrote to memory of 2328	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	47
PID 1620 wrote to memory of 2164	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	48
PID 1620 wrote to memory of 2164	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	48
PID 1620 wrote to memory of 2164	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	48
PID 1620 wrote to memory of 1132	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	49
PID 1620 wrote to memory of 1132	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	49
PID 1620 wrote to memory of 1132	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	49
PID 1620 wrote to memory of 1908	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	50
PID 1620 wrote to memory of 1908	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	50
PID 1620 wrote to memory of 1908	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	50
PID 1620 wrote to memory of 992	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	51
PID 1620 wrote to memory of 992	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	51
PID 1620 wrote to memory of 992	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	51
PID 1620 wrote to memory of 964	1620	JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0c71b22fd68ae671479cfea8fafdada8bb1a7f23c5312a154dc23fe4163b4ca4.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Windows\System\KLauxSH.exe
  C:\Windows\System\KLauxSH.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\udkxXcf.exe
  C:\Windows\System\udkxXcf.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\avwZYQy.exe
  C:\Windows\System\avwZYQy.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\airhpuu.exe
  C:\Windows\System\airhpuu.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\jCNjwTb.exe
  C:\Windows\System\jCNjwTb.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\uuHFjOg.exe
  C:\Windows\System\uuHFjOg.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\qBqZOOg.exe
  C:\Windows\System\qBqZOOg.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\cIBVsyD.exe
  C:\Windows\System\cIBVsyD.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\HVhtUvb.exe
  C:\Windows\System\HVhtUvb.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\jAMoLSG.exe
  C:\Windows\System\jAMoLSG.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\BYvOAim.exe
  C:\Windows\System\BYvOAim.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\uIvsual.exe
  C:\Windows\System\uIvsual.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\uvJwuvp.exe
  C:\Windows\System\uvJwuvp.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\nFaQpft.exe
  C:\Windows\System\nFaQpft.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\AGJPBNB.exe
  C:\Windows\System\AGJPBNB.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\xjiksMu.exe
  C:\Windows\System\xjiksMu.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\FmhpMfb.exe
  C:\Windows\System\FmhpMfb.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\RvnMFXQ.exe
  C:\Windows\System\RvnMFXQ.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\ENviazg.exe
  C:\Windows\System\ENviazg.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\CwMazBS.exe
  C:\Windows\System\CwMazBS.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\oiXLyAv.exe
  C:\Windows\System\oiXLyAv.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\yqWSQcX.exe
  C:\Windows\System\yqWSQcX.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\IlSQPNQ.exe
  C:\Windows\System\IlSQPNQ.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\xOvhjYV.exe
  C:\Windows\System\xOvhjYV.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\ZVsQDhT.exe
  C:\Windows\System\ZVsQDhT.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\itfexht.exe
  C:\Windows\System\itfexht.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\BpwNvIp.exe
  C:\Windows\System\BpwNvIp.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\qQxyweC.exe
  C:\Windows\System\qQxyweC.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\YTpxxuD.exe
  C:\Windows\System\YTpxxuD.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\fXUEntc.exe
  C:\Windows\System\fXUEntc.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\wqgaXBZ.exe
  C:\Windows\System\wqgaXBZ.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\vCjKsRZ.exe
  C:\Windows\System\vCjKsRZ.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\fIdeKAf.exe
  C:\Windows\System\fIdeKAf.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\LzfUHxP.exe
  C:\Windows\System\LzfUHxP.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\pWXEKgX.exe
  C:\Windows\System\pWXEKgX.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\LdrvHAt.exe
  C:\Windows\System\LdrvHAt.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\ZuUxrjP.exe
  C:\Windows\System\ZuUxrjP.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\GAeMwfq.exe
  C:\Windows\System\GAeMwfq.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\uuVMUmz.exe
  C:\Windows\System\uuVMUmz.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\ztMuHkp.exe
  C:\Windows\System\ztMuHkp.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\AbylRLp.exe
  C:\Windows\System\AbylRLp.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\rfFitJu.exe
  C:\Windows\System\rfFitJu.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\dnWXLBC.exe
  C:\Windows\System\dnWXLBC.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\nmsmsss.exe
  C:\Windows\System\nmsmsss.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\HnbpNyr.exe
  C:\Windows\System\HnbpNyr.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\DVKtwLp.exe
  C:\Windows\System\DVKtwLp.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\xTHcwxI.exe
  C:\Windows\System\xTHcwxI.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\lcjcphU.exe
  C:\Windows\System\lcjcphU.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\WUhPxNZ.exe
  C:\Windows\System\WUhPxNZ.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\kgghYWz.exe
  C:\Windows\System\kgghYWz.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\oJNIHBC.exe
  C:\Windows\System\oJNIHBC.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\TWKmkzL.exe
  C:\Windows\System\TWKmkzL.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\ZqntybC.exe
  C:\Windows\System\ZqntybC.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\ixOTsMn.exe
  C:\Windows\System\ixOTsMn.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\oHCbQHC.exe
  C:\Windows\System\oHCbQHC.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\DKhTwma.exe
  C:\Windows\System\DKhTwma.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\IQkiGtR.exe
  C:\Windows\System\IQkiGtR.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\foZObef.exe
  C:\Windows\System\foZObef.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\KcQhTNL.exe
  C:\Windows\System\KcQhTNL.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\mwQaANW.exe
  C:\Windows\System\mwQaANW.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\QnRzKKg.exe
  C:\Windows\System\QnRzKKg.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\mCpxmHe.exe
  C:\Windows\System\mCpxmHe.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\ZoaRNRd.exe
  C:\Windows\System\ZoaRNRd.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\NkVFjNa.exe
  C:\Windows\System\NkVFjNa.exe
  2⤵
  PID:320
- C:\Windows\System\UhTWjyg.exe
  C:\Windows\System\UhTWjyg.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\GUbwBfu.exe
  C:\Windows\System\GUbwBfu.exe
  2⤵
  PID:2764
- C:\Windows\System\XxODRwM.exe
  C:\Windows\System\XxODRwM.exe
  2⤵
  PID:2016
- C:\Windows\System\wXqFAPI.exe
  C:\Windows\System\wXqFAPI.exe
  2⤵
  PID:2776
- C:\Windows\System\RsqjGFL.exe
  C:\Windows\System\RsqjGFL.exe
  2⤵
  PID:2672
- C:\Windows\System\DRsnzfq.exe
  C:\Windows\System\DRsnzfq.exe
  2⤵
  PID:2496
- C:\Windows\System\letCHmS.exe
  C:\Windows\System\letCHmS.exe
  2⤵
  PID:1996
- C:\Windows\System\ynzpNft.exe
  C:\Windows\System\ynzpNft.exe
  2⤵
  PID:2688
- C:\Windows\System\ehyaCwd.exe
  C:\Windows\System\ehyaCwd.exe
  2⤵
  PID:1308
- C:\Windows\System\zPoBUxr.exe
  C:\Windows\System\zPoBUxr.exe
  2⤵
  PID:1940
- C:\Windows\System\SUKgPux.exe
  C:\Windows\System\SUKgPux.exe
  2⤵
  PID:1364
- C:\Windows\System\PumsUxD.exe
  C:\Windows\System\PumsUxD.exe
  2⤵
  PID:2932
- C:\Windows\System\DDWONgF.exe
  C:\Windows\System\DDWONgF.exe
  2⤵
  PID:2640
- C:\Windows\System\whVjEAf.exe
  C:\Windows\System\whVjEAf.exe
  2⤵
  PID:2984
- C:\Windows\System\hNWoTXm.exe
  C:\Windows\System\hNWoTXm.exe
  2⤵
  PID:236
- C:\Windows\System\UGSFEzn.exe
  C:\Windows\System\UGSFEzn.exe
  2⤵
  PID:2272
- C:\Windows\System\cgpaKQx.exe
  C:\Windows\System\cgpaKQx.exe
  2⤵
  PID:1312
- C:\Windows\System\sGwxSHX.exe
  C:\Windows\System\sGwxSHX.exe
  2⤵
  PID:2116
- C:\Windows\System\AeWEDmN.exe
  C:\Windows\System\AeWEDmN.exe
  2⤵
  PID:288
- C:\Windows\System\XQdpjQH.exe
  C:\Windows\System\XQdpjQH.exe
  2⤵
  PID:1712
- C:\Windows\System\pApMZeq.exe
  C:\Windows\System\pApMZeq.exe
  2⤵
  PID:1640
- C:\Windows\System\QoCeFhv.exe
  C:\Windows\System\QoCeFhv.exe
  2⤵
  PID:1988
- C:\Windows\System\dgJYFip.exe
  C:\Windows\System\dgJYFip.exe
  2⤵
  PID:852
- C:\Windows\System\fRHXCxD.exe
  C:\Windows\System\fRHXCxD.exe
  2⤵
  PID:556
- C:\Windows\System\imZDeTH.exe
  C:\Windows\System\imZDeTH.exe
  2⤵
  PID:2352
- C:\Windows\System\Sfiadtz.exe
  C:\Windows\System\Sfiadtz.exe
  2⤵
  PID:2196
- C:\Windows\System\KfOCOLG.exe
  C:\Windows\System\KfOCOLG.exe
  2⤵
  PID:544
- C:\Windows\System\GfPwrjX.exe
  C:\Windows\System\GfPwrjX.exe
  2⤵
  PID:2436
- C:\Windows\System\tEMZvgU.exe
  C:\Windows\System\tEMZvgU.exe
  2⤵
  PID:1876
- C:\Windows\System\FIsxnHk.exe
  C:\Windows\System\FIsxnHk.exe
  2⤵
  PID:1516
- C:\Windows\System\qZAoBMf.exe
  C:\Windows\System\qZAoBMf.exe
  2⤵
  PID:3048
- C:\Windows\System\JhIAWQu.exe
  C:\Windows\System\JhIAWQu.exe
  2⤵
  PID:2516
- C:\Windows\System\FkUaOfC.exe
  C:\Windows\System\FkUaOfC.exe
  2⤵
  PID:3000
- C:\Windows\System\stIdoJg.exe
  C:\Windows\System\stIdoJg.exe
  2⤵
  PID:2236
- C:\Windows\System\cvrEFoc.exe
  C:\Windows\System\cvrEFoc.exe
  2⤵
  PID:2816
- C:\Windows\System\FlPUbEA.exe
  C:\Windows\System\FlPUbEA.exe
  2⤵
  PID:2876
- C:\Windows\System\PmpsReg.exe
  C:\Windows\System\PmpsReg.exe
  2⤵
  PID:2676
- C:\Windows\System\UAIPqrq.exe
  C:\Windows\System\UAIPqrq.exe
  2⤵
  PID:1692
- C:\Windows\System\gxDAonR.exe
  C:\Windows\System\gxDAonR.exe
  2⤵
  PID:1740
- C:\Windows\System\bzYTiQG.exe
  C:\Windows\System\bzYTiQG.exe
  2⤵
  PID:2040
- C:\Windows\System\BLasqdq.exe
  C:\Windows\System\BLasqdq.exe
  2⤵
  PID:1372
- C:\Windows\System\CIVjKOU.exe
  C:\Windows\System\CIVjKOU.exe
  2⤵
  PID:3068
- C:\Windows\System\ddJhbrS.exe
  C:\Windows\System\ddJhbrS.exe
  2⤵
  PID:2212
- C:\Windows\System\WYFQhRi.exe
  C:\Windows\System\WYFQhRi.exe
  2⤵
  PID:3016
- C:\Windows\System\tvBkSXv.exe
  C:\Windows\System\tvBkSXv.exe
  2⤵
  PID:1688
- C:\Windows\System\CmsHnZe.exe
  C:\Windows\System\CmsHnZe.exe
  2⤵
  PID:1468
- C:\Windows\System\vkhGcPb.exe
  C:\Windows\System\vkhGcPb.exe
  2⤵
  PID:1208
- C:\Windows\System\sFvwCjP.exe
  C:\Windows\System\sFvwCjP.exe
  2⤵
  PID:1632
- C:\Windows\System\hoOUMBp.exe
  C:\Windows\System\hoOUMBp.exe
  2⤵
  PID:572
- C:\Windows\System\lGQgjel.exe
  C:\Windows\System\lGQgjel.exe
  2⤵
  PID:1236
- C:\Windows\System\EJyofcV.exe
  C:\Windows\System\EJyofcV.exe
  2⤵
  PID:2248
- C:\Windows\System\xYUXnCT.exe
  C:\Windows\System\xYUXnCT.exe
  2⤵
  PID:1524
- C:\Windows\System\ieNJCff.exe
  C:\Windows\System\ieNJCff.exe
  2⤵
  PID:3084
- C:\Windows\System\JxkEuIJ.exe
  C:\Windows\System\JxkEuIJ.exe
  2⤵
  PID:3104
- C:\Windows\System\nCIiyCL.exe
  C:\Windows\System\nCIiyCL.exe
  2⤵
  PID:3124
- C:\Windows\System\mBTbtAw.exe
  C:\Windows\System\mBTbtAw.exe
  2⤵
  PID:3144
- C:\Windows\System\XiYoopG.exe
  C:\Windows\System\XiYoopG.exe
  2⤵
  PID:3164
- C:\Windows\System\XrEqQEy.exe
  C:\Windows\System\XrEqQEy.exe
  2⤵
  PID:3184
- C:\Windows\System\LbiJrmt.exe
  C:\Windows\System\LbiJrmt.exe
  2⤵
  PID:3204
- C:\Windows\System\YPmnGrL.exe
  C:\Windows\System\YPmnGrL.exe
  2⤵
  PID:3224
- C:\Windows\System\ybFVGNB.exe
  C:\Windows\System\ybFVGNB.exe
  2⤵
  PID:3244
- C:\Windows\System\EvlJqer.exe
  C:\Windows\System\EvlJqer.exe
  2⤵
  PID:3264
- C:\Windows\System\oxQUFTi.exe
  C:\Windows\System\oxQUFTi.exe
  2⤵
  PID:3284
- C:\Windows\System\GxDiarU.exe
  C:\Windows\System\GxDiarU.exe
  2⤵
  PID:3304
- C:\Windows\System\KiaXsUx.exe
  C:\Windows\System\KiaXsUx.exe
  2⤵
  PID:3324
- C:\Windows\System\xlLzAHK.exe
  C:\Windows\System\xlLzAHK.exe
  2⤵
  PID:3344
- C:\Windows\System\gpxqrAE.exe
  C:\Windows\System\gpxqrAE.exe
  2⤵
  PID:3364
- C:\Windows\System\iOXPeOO.exe
  C:\Windows\System\iOXPeOO.exe
  2⤵
  PID:3384
- C:\Windows\System\XxLuRHR.exe
  C:\Windows\System\XxLuRHR.exe
  2⤵
  PID:3404
- C:\Windows\System\JPzALyv.exe
  C:\Windows\System\JPzALyv.exe
  2⤵
  PID:3424
- C:\Windows\System\JZaJLIs.exe
  C:\Windows\System\JZaJLIs.exe
  2⤵
  PID:3444
- C:\Windows\System\IphcqgJ.exe
  C:\Windows\System\IphcqgJ.exe
  2⤵
  PID:3464
- C:\Windows\System\xBVYHQe.exe
  C:\Windows\System\xBVYHQe.exe
  2⤵
  PID:3484
- C:\Windows\System\Nacqjgx.exe
  C:\Windows\System\Nacqjgx.exe
  2⤵
  PID:3504
- C:\Windows\System\aAdxQby.exe
  C:\Windows\System\aAdxQby.exe
  2⤵
  PID:3524
- C:\Windows\System\FMuUxbB.exe
  C:\Windows\System\FMuUxbB.exe
  2⤵
  PID:3544
- C:\Windows\System\jyqXFqk.exe
  C:\Windows\System\jyqXFqk.exe
  2⤵
  PID:3564
- C:\Windows\System\puzwmzY.exe
  C:\Windows\System\puzwmzY.exe
  2⤵
  PID:3584
- C:\Windows\System\PQdWdJD.exe
  C:\Windows\System\PQdWdJD.exe
  2⤵
  PID:3604
- C:\Windows\System\bRfuijX.exe
  C:\Windows\System\bRfuijX.exe
  2⤵
  PID:3624
- C:\Windows\System\RCsFXrw.exe
  C:\Windows\System\RCsFXrw.exe
  2⤵
  PID:3644
- C:\Windows\System\LECajoc.exe
  C:\Windows\System\LECajoc.exe
  2⤵
  PID:3664
- C:\Windows\System\CpJStNX.exe
  C:\Windows\System\CpJStNX.exe
  2⤵
  PID:3684
- C:\Windows\System\VoEzrqh.exe
  C:\Windows\System\VoEzrqh.exe
  2⤵
  PID:3704
- C:\Windows\System\ehTwFUI.exe
  C:\Windows\System\ehTwFUI.exe
  2⤵
  PID:3724
- C:\Windows\System\gjBQsNX.exe
  C:\Windows\System\gjBQsNX.exe
  2⤵
  PID:3744
- C:\Windows\System\TMXNuuO.exe
  C:\Windows\System\TMXNuuO.exe
  2⤵
  PID:3764
- C:\Windows\System\EwzgSfc.exe
  C:\Windows\System\EwzgSfc.exe
  2⤵
  PID:3784
- C:\Windows\System\DUAEXNI.exe
  C:\Windows\System\DUAEXNI.exe
  2⤵
  PID:3804
- C:\Windows\System\BzChvSr.exe
  C:\Windows\System\BzChvSr.exe
  2⤵
  PID:3824
- C:\Windows\System\vAdCymp.exe
  C:\Windows\System\vAdCymp.exe
  2⤵
  PID:3844
- C:\Windows\System\jbYblDs.exe
  C:\Windows\System\jbYblDs.exe
  2⤵
  PID:3864
- C:\Windows\System\cryQBcP.exe
  C:\Windows\System\cryQBcP.exe
  2⤵
  PID:3884
- C:\Windows\System\xFOQyUd.exe
  C:\Windows\System\xFOQyUd.exe
  2⤵
  PID:3904
- C:\Windows\System\WcKorSq.exe
  C:\Windows\System\WcKorSq.exe
  2⤵
  PID:3924
- C:\Windows\System\ufZtBQZ.exe
  C:\Windows\System\ufZtBQZ.exe
  2⤵
  PID:3944
- C:\Windows\System\cgwopFo.exe
  C:\Windows\System\cgwopFo.exe
  2⤵
  PID:3964
- C:\Windows\System\kBGuipg.exe
  C:\Windows\System\kBGuipg.exe
  2⤵
  PID:3984
- C:\Windows\System\urIIKlX.exe
  C:\Windows\System\urIIKlX.exe
  2⤵
  PID:4004
- C:\Windows\System\IdlLrjc.exe
  C:\Windows\System\IdlLrjc.exe
  2⤵
  PID:4024
- C:\Windows\System\FAiAxrg.exe
  C:\Windows\System\FAiAxrg.exe
  2⤵
  PID:4044
- C:\Windows\System\DFgQDxe.exe
  C:\Windows\System\DFgQDxe.exe
  2⤵
  PID:4064
- C:\Windows\System\ivPxQXP.exe
  C:\Windows\System\ivPxQXP.exe
  2⤵
  PID:4084
- C:\Windows\System\dVQcqKq.exe
  C:\Windows\System\dVQcqKq.exe
  2⤵
  PID:484
- C:\Windows\System\OUPGTaE.exe
  C:\Windows\System\OUPGTaE.exe
  2⤵
  PID:2720
- C:\Windows\System\AMRThTj.exe
  C:\Windows\System\AMRThTj.exe
  2⤵
  PID:2836
- C:\Windows\System\cRhmInJ.exe
  C:\Windows\System\cRhmInJ.exe
  2⤵
  PID:1716
- C:\Windows\System\jXgoaAw.exe
  C:\Windows\System\jXgoaAw.exe
  2⤵
  PID:980
- C:\Windows\System\bJkvBho.exe
  C:\Windows\System\bJkvBho.exe
  2⤵
  PID:2224
- C:\Windows\System\KeNOtCk.exe
  C:\Windows\System\KeNOtCk.exe
  2⤵
  PID:1092
- C:\Windows\System\aVpBrgF.exe
  C:\Windows\System\aVpBrgF.exe
  2⤵
  PID:1648
- C:\Windows\System\KdIVxRA.exe
  C:\Windows\System\KdIVxRA.exe
  2⤵
  PID:632
- C:\Windows\System\GQuMTEK.exe
  C:\Windows\System\GQuMTEK.exe
  2⤵
  PID:1636
- C:\Windows\System\FsPKPEd.exe
  C:\Windows\System\FsPKPEd.exe
  2⤵
  PID:1076
- C:\Windows\System\IXHgEMu.exe
  C:\Windows\System\IXHgEMu.exe
  2⤵
  PID:1856
- C:\Windows\System\DaERcnj.exe
  C:\Windows\System\DaERcnj.exe
  2⤵
  PID:3080
- C:\Windows\System\OgLxDHK.exe
  C:\Windows\System\OgLxDHK.exe
  2⤵
  PID:3112
- C:\Windows\System\NibaTYr.exe
  C:\Windows\System\NibaTYr.exe
  2⤵
  PID:3136
- C:\Windows\System\YGtaCPM.exe
  C:\Windows\System\YGtaCPM.exe
  2⤵
  PID:3180
- C:\Windows\System\FvJqvLo.exe
  C:\Windows\System\FvJqvLo.exe
  2⤵
  PID:3220
- C:\Windows\System\zIiolPa.exe
  C:\Windows\System\zIiolPa.exe
  2⤵
  PID:3260
- C:\Windows\System\BJEtKQj.exe
  C:\Windows\System\BJEtKQj.exe
  2⤵
  PID:3280
- C:\Windows\System\DdpJvHp.exe
  C:\Windows\System\DdpJvHp.exe
  2⤵
  PID:3332
- C:\Windows\System\rfGxUzA.exe
  C:\Windows\System\rfGxUzA.exe
  2⤵
  PID:3316
- C:\Windows\System\AWCaHoz.exe
  C:\Windows\System\AWCaHoz.exe
  2⤵
  PID:3380
- C:\Windows\System\meiCkkf.exe
  C:\Windows\System\meiCkkf.exe
  2⤵
  PID:3396
- C:\Windows\System\ALXQYZL.exe
  C:\Windows\System\ALXQYZL.exe
  2⤵
  PID:3452
- C:\Windows\System\HUoodZA.exe
  C:\Windows\System\HUoodZA.exe
  2⤵
  PID:3480
- C:\Windows\System\DFQaxyB.exe
  C:\Windows\System\DFQaxyB.exe
  2⤵
  PID:3532
- C:\Windows\System\WdOVorx.exe
  C:\Windows\System\WdOVorx.exe
  2⤵
  PID:3536
- C:\Windows\System\YQwrmth.exe
  C:\Windows\System\YQwrmth.exe
  2⤵
  PID:3580
- C:\Windows\System\SUyznYo.exe
  C:\Windows\System\SUyznYo.exe
  2⤵
  PID:3596
- C:\Windows\System\gVpBFGF.exe
  C:\Windows\System\gVpBFGF.exe
  2⤵
  PID:3652
- C:\Windows\System\FbAJtMB.exe
  C:\Windows\System\FbAJtMB.exe
  2⤵
  PID:3680
- C:\Windows\System\akWFiRC.exe
  C:\Windows\System\akWFiRC.exe
  2⤵
  PID:3712
- C:\Windows\System\EazzRiM.exe
  C:\Windows\System\EazzRiM.exe
  2⤵
  PID:3736
- C:\Windows\System\Jqddnif.exe
  C:\Windows\System\Jqddnif.exe
  2⤵
  PID:3756
- C:\Windows\System\SfdSuzC.exe
  C:\Windows\System\SfdSuzC.exe
  2⤵
  PID:3812
- C:\Windows\System\RlciBRK.exe
  C:\Windows\System\RlciBRK.exe
  2⤵
  PID:3852
- C:\Windows\System\RHQXZPn.exe
  C:\Windows\System\RHQXZPn.exe
  2⤵
  PID:3880
- C:\Windows\System\uPWgipx.exe
  C:\Windows\System\uPWgipx.exe
  2⤵
  PID:3912
- C:\Windows\System\kDjyHdi.exe
  C:\Windows\System\kDjyHdi.exe
  2⤵
  PID:3936
- C:\Windows\System\bMKGysz.exe
  C:\Windows\System\bMKGysz.exe
  2⤵
  PID:3980
- C:\Windows\System\QGnmZwx.exe
  C:\Windows\System\QGnmZwx.exe
  2⤵
  PID:4012
- C:\Windows\System\yMhBXZn.exe
  C:\Windows\System\yMhBXZn.exe
  2⤵
  PID:4036
- C:\Windows\System\MFciiRs.exe
  C:\Windows\System\MFciiRs.exe
  2⤵
  PID:4080
- C:\Windows\System\UvIopxT.exe
  C:\Windows\System\UvIopxT.exe
  2⤵
  PID:2964
- C:\Windows\System\oJxluaX.exe
  C:\Windows\System\oJxluaX.exe
  2⤵
  PID:2796
- C:\Windows\System\OMFgqPQ.exe
  C:\Windows\System\OMFgqPQ.exe
  2⤵
  PID:1764
- C:\Windows\System\NfGrKAr.exe
  C:\Windows\System\NfGrKAr.exe
  2⤵
  PID:2784
- C:\Windows\System\XUXQawX.exe
  C:\Windows\System\XUXQawX.exe
  2⤵
  PID:1532
- C:\Windows\System\QNwFTyr.exe
  C:\Windows\System\QNwFTyr.exe
  2⤵
  PID:2184
- C:\Windows\System\qeuvQVw.exe
  C:\Windows\System\qeuvQVw.exe
  2⤵
  PID:2388
- C:\Windows\System\ndlYhEB.exe
  C:\Windows\System\ndlYhEB.exe
  2⤵
  PID:1848
- C:\Windows\System\urjKzeG.exe
  C:\Windows\System\urjKzeG.exe
  2⤵
  PID:3116
- C:\Windows\System\kHDomZG.exe
  C:\Windows\System\kHDomZG.exe
  2⤵
  PID:3172
- C:\Windows\System\zJALJPs.exe
  C:\Windows\System\zJALJPs.exe
  2⤵
  PID:3216
- C:\Windows\System\ecvYgkW.exe
  C:\Windows\System\ecvYgkW.exe
  2⤵
  PID:3320
- C:\Windows\System\PQOVvXF.exe
  C:\Windows\System\PQOVvXF.exe
  2⤵
  PID:3392
- C:\Windows\System\GMzWahe.exe
  C:\Windows\System\GMzWahe.exe
  2⤵
  PID:3416
- C:\Windows\System\lByQPmD.exe
  C:\Windows\System\lByQPmD.exe
  2⤵
  PID:3496
- C:\Windows\System\zFoqNJa.exe
  C:\Windows\System\zFoqNJa.exe
  2⤵
  PID:3572
- C:\Windows\System\AFZMIGI.exe
  C:\Windows\System\AFZMIGI.exe
  2⤵
  PID:3600
- C:\Windows\System\sWmjuww.exe
  C:\Windows\System\sWmjuww.exe
  2⤵
  PID:3656
- C:\Windows\System\BhnGZYJ.exe
  C:\Windows\System\BhnGZYJ.exe
  2⤵
  PID:3732
- C:\Windows\System\HbHnHHi.exe
  C:\Windows\System\HbHnHHi.exe
  2⤵
  PID:3780
- C:\Windows\System\OnmJfFN.exe
  C:\Windows\System\OnmJfFN.exe
  2⤵
  PID:3840
- C:\Windows\System\DUptfQP.exe
  C:\Windows\System\DUptfQP.exe
  2⤵
  PID:3896
- C:\Windows\System\RZPtCqF.exe
  C:\Windows\System\RZPtCqF.exe
  2⤵
  PID:3972
- C:\Windows\System\RiSjdZt.exe
  C:\Windows\System\RiSjdZt.exe
  2⤵
  PID:4040
- C:\Windows\System\PEoaaXd.exe
  C:\Windows\System\PEoaaXd.exe
  2⤵
  PID:4092
- C:\Windows\System\NyipKyS.exe
  C:\Windows\System\NyipKyS.exe
  2⤵
  PID:2852
- C:\Windows\System\jJuuJcQ.exe
  C:\Windows\System\jJuuJcQ.exe
  2⤵
  PID:764
- C:\Windows\System\nkQLFFG.exe
  C:\Windows\System\nkQLFFG.exe
  2⤵
  PID:2240
- C:\Windows\System\WQDRtPs.exe
  C:\Windows\System\WQDRtPs.exe
  2⤵
  PID:1732
- C:\Windows\System\PXkVAAT.exe
  C:\Windows\System\PXkVAAT.exe
  2⤵
  PID:3100
- C:\Windows\System\EdsEcxn.exe
  C:\Windows\System\EdsEcxn.exe
  2⤵
  PID:3232
- C:\Windows\System\UIHgoBM.exe
  C:\Windows\System\UIHgoBM.exe
  2⤵
  PID:3360
- C:\Windows\System\khkfuIK.exe
  C:\Windows\System\khkfuIK.exe
  2⤵
  PID:4108
- C:\Windows\System\elygRvT.exe
  C:\Windows\System\elygRvT.exe
  2⤵
  PID:4128
- C:\Windows\System\BJpBYwj.exe
  C:\Windows\System\BJpBYwj.exe
  2⤵
  PID:4148
- C:\Windows\System\ucVSydF.exe
  C:\Windows\System\ucVSydF.exe
  2⤵
  PID:4168
- C:\Windows\System\yTETmXR.exe
  C:\Windows\System\yTETmXR.exe
  2⤵
  PID:4188
- C:\Windows\System\SjjgDmq.exe
  C:\Windows\System\SjjgDmq.exe
  2⤵
  PID:4208
- C:\Windows\System\IXDxNBX.exe
  C:\Windows\System\IXDxNBX.exe
  2⤵
  PID:4228
- C:\Windows\System\LZHoBse.exe
  C:\Windows\System\LZHoBse.exe
  2⤵
  PID:4248
- C:\Windows\System\OKDZINj.exe
  C:\Windows\System\OKDZINj.exe
  2⤵
  PID:4268
- C:\Windows\System\PHckxjR.exe
  C:\Windows\System\PHckxjR.exe
  2⤵
  PID:4288
- C:\Windows\System\ofGTaIL.exe
  C:\Windows\System\ofGTaIL.exe
  2⤵
  PID:4308
- C:\Windows\System\GMZmixE.exe
  C:\Windows\System\GMZmixE.exe
  2⤵
  PID:4332
- C:\Windows\System\edkGSxk.exe
  C:\Windows\System\edkGSxk.exe
  2⤵
  PID:4352
- C:\Windows\System\nKNNSQr.exe
  C:\Windows\System\nKNNSQr.exe
  2⤵
  PID:4372
- C:\Windows\System\kATmMVm.exe
  C:\Windows\System\kATmMVm.exe
  2⤵
  PID:4392
- C:\Windows\System\jIGzWMC.exe
  C:\Windows\System\jIGzWMC.exe
  2⤵
  PID:4412
- C:\Windows\System\zaTlCLd.exe
  C:\Windows\System\zaTlCLd.exe
  2⤵
  PID:4432
- C:\Windows\System\WgUoXwW.exe
  C:\Windows\System\WgUoXwW.exe
  2⤵
  PID:4452
- C:\Windows\System\AAivWVf.exe
  C:\Windows\System\AAivWVf.exe
  2⤵
  PID:4472
- C:\Windows\System\VfUkjtH.exe
  C:\Windows\System\VfUkjtH.exe
  2⤵
  PID:4492
- C:\Windows\System\dIbnVUs.exe
  C:\Windows\System\dIbnVUs.exe
  2⤵
  PID:4512
- C:\Windows\System\HplKAoc.exe
  C:\Windows\System\HplKAoc.exe
  2⤵
  PID:4532
- C:\Windows\System\DcUKyvB.exe
  C:\Windows\System\DcUKyvB.exe
  2⤵
  PID:4552
- C:\Windows\System\rWVGysN.exe
  C:\Windows\System\rWVGysN.exe
  2⤵
  PID:4572
- C:\Windows\System\DOzLcDn.exe
  C:\Windows\System\DOzLcDn.exe
  2⤵
  PID:4592
- C:\Windows\System\JHtXpqq.exe
  C:\Windows\System\JHtXpqq.exe
  2⤵
  PID:4612
- C:\Windows\System\YjbdxEg.exe
  C:\Windows\System\YjbdxEg.exe
  2⤵
  PID:4632
- C:\Windows\System\MJBlzak.exe
  C:\Windows\System\MJBlzak.exe
  2⤵
  PID:4652
- C:\Windows\System\IIRrKLw.exe
  C:\Windows\System\IIRrKLw.exe
  2⤵
  PID:4672
- C:\Windows\System\dJMqdtp.exe
  C:\Windows\System\dJMqdtp.exe
  2⤵
  PID:4692
- C:\Windows\System\ALwPaSG.exe
  C:\Windows\System\ALwPaSG.exe
  2⤵
  PID:4712
- C:\Windows\System\RoCOezZ.exe
  C:\Windows\System\RoCOezZ.exe
  2⤵
  PID:4736
- C:\Windows\System\EwjNmKm.exe
  C:\Windows\System\EwjNmKm.exe
  2⤵
  PID:4756
- C:\Windows\System\kzcaclp.exe
  C:\Windows\System\kzcaclp.exe
  2⤵
  PID:4776
- C:\Windows\System\oeDTdry.exe
  C:\Windows\System\oeDTdry.exe
  2⤵
  PID:4796
- C:\Windows\System\aTFXoxD.exe
  C:\Windows\System\aTFXoxD.exe
  2⤵
  PID:4816
- C:\Windows\System\bBJcVlE.exe
  C:\Windows\System\bBJcVlE.exe
  2⤵
  PID:4836
- C:\Windows\System\zFoVpys.exe
  C:\Windows\System\zFoVpys.exe
  2⤵
  PID:4856
- C:\Windows\System\SRtnYXh.exe
  C:\Windows\System\SRtnYXh.exe
  2⤵
  PID:4876
- C:\Windows\System\tWljhfq.exe
  C:\Windows\System\tWljhfq.exe
  2⤵
  PID:4896
- C:\Windows\System\hZRmBGR.exe
  C:\Windows\System\hZRmBGR.exe
  2⤵
  PID:4916
- C:\Windows\System\DAguLKz.exe
  C:\Windows\System\DAguLKz.exe
  2⤵
  PID:4936
- C:\Windows\System\RuneSsI.exe
  C:\Windows\System\RuneSsI.exe
  2⤵
  PID:4956
- C:\Windows\System\ZzZfxKX.exe
  C:\Windows\System\ZzZfxKX.exe
  2⤵
  PID:4976
- C:\Windows\System\pBVgbyU.exe
  C:\Windows\System\pBVgbyU.exe
  2⤵
  PID:4996
- C:\Windows\System\mjwvXWS.exe
  C:\Windows\System\mjwvXWS.exe
  2⤵
  PID:5016
- C:\Windows\System\jGjFshC.exe
  C:\Windows\System\jGjFshC.exe
  2⤵
  PID:5036
- C:\Windows\System\CTKCFLi.exe
  C:\Windows\System\CTKCFLi.exe
  2⤵
  PID:5056
- C:\Windows\System\crSHXAf.exe
  C:\Windows\System\crSHXAf.exe
  2⤵
  PID:5076
- C:\Windows\System\ZUUNbAE.exe
  C:\Windows\System\ZUUNbAE.exe
  2⤵
  PID:5096
- C:\Windows\System\ZxRhXqc.exe
  C:\Windows\System\ZxRhXqc.exe
  2⤵
  PID:5116
- C:\Windows\System\kFzvWOy.exe
  C:\Windows\System\kFzvWOy.exe
  2⤵
  PID:3440
- C:\Windows\System\zjumdqD.exe
  C:\Windows\System\zjumdqD.exe
  2⤵
  PID:3516
- C:\Windows\System\ULNWFeD.exe
  C:\Windows\System\ULNWFeD.exe
  2⤵
  PID:3700
- C:\Windows\System\JHtZpcj.exe
  C:\Windows\System\JHtZpcj.exe
  2⤵
  PID:3760
- C:\Windows\System\RzDWuzB.exe
  C:\Windows\System\RzDWuzB.exe
  2⤵
  PID:3872
- C:\Windows\System\oyXrSfg.exe
  C:\Windows\System\oyXrSfg.exe
  2⤵
  PID:3996
- C:\Windows\System\hipYhKt.exe
  C:\Windows\System\hipYhKt.exe
  2⤵
  PID:4032
- C:\Windows\System\fZddKUi.exe
  C:\Windows\System\fZddKUi.exe
  2⤵
  PID:2052
- C:\Windows\System\eihdJzv.exe
  C:\Windows\System\eihdJzv.exe
  2⤵
  PID:1980
- C:\Windows\System\HmHsDJv.exe
  C:\Windows\System\HmHsDJv.exe
  2⤵
  PID:3156
- C:\Windows\System\XIBglPw.exe
  C:\Windows\System\XIBglPw.exe
  2⤵
  PID:3340
- C:\Windows\System\DbITJpI.exe
  C:\Windows\System\DbITJpI.exe
  2⤵
  PID:4116
- C:\Windows\System\bWrKDQk.exe
  C:\Windows\System\bWrKDQk.exe
  2⤵
  PID:4140
- C:\Windows\System\mwRydtw.exe
  C:\Windows\System\mwRydtw.exe
  2⤵
  PID:4160
- C:\Windows\System\TVSiAtH.exe
  C:\Windows\System\TVSiAtH.exe
  2⤵
  PID:4200
- C:\Windows\System\LAksjOO.exe
  C:\Windows\System\LAksjOO.exe
  2⤵
  PID:4240
- C:\Windows\System\Frpjliv.exe
  C:\Windows\System\Frpjliv.exe
  2⤵
  PID:4284
- C:\Windows\System\pQVDQFO.exe
  C:\Windows\System\pQVDQFO.exe
  2⤵
  PID:4316
- C:\Windows\System\rmmjbCC.exe
  C:\Windows\System\rmmjbCC.exe
  2⤵
  PID:4344
- C:\Windows\System\HOtQBNn.exe
  C:\Windows\System\HOtQBNn.exe
  2⤵
  PID:4384
- C:\Windows\System\ojvGBBA.exe
  C:\Windows\System\ojvGBBA.exe
  2⤵
  PID:4428
- C:\Windows\System\gxJIrsj.exe
  C:\Windows\System\gxJIrsj.exe
  2⤵
  PID:4460
- C:\Windows\System\ZcIBMVv.exe
  C:\Windows\System\ZcIBMVv.exe
  2⤵
  PID:4488
- C:\Windows\System\PffTlJu.exe
  C:\Windows\System\PffTlJu.exe
  2⤵
  PID:4520
- C:\Windows\System\DUXbCJp.exe
  C:\Windows\System\DUXbCJp.exe
  2⤵
  PID:4544
- C:\Windows\System\IQMiTDx.exe
  C:\Windows\System\IQMiTDx.exe
  2⤵
  PID:4564
- C:\Windows\System\SnfdoEz.exe
  C:\Windows\System\SnfdoEz.exe
  2⤵
  PID:4628
- C:\Windows\System\uENQLAb.exe
  C:\Windows\System\uENQLAb.exe
  2⤵
  PID:4644
- C:\Windows\System\rtCBplZ.exe
  C:\Windows\System\rtCBplZ.exe
  2⤵
  PID:4708
- C:\Windows\System\lDmeQlY.exe
  C:\Windows\System\lDmeQlY.exe
  2⤵
  PID:4744
- C:\Windows\System\EsPCXTo.exe
  C:\Windows\System\EsPCXTo.exe
  2⤵
  PID:4748
- C:\Windows\System\vtbuEFo.exe
  C:\Windows\System\vtbuEFo.exe
  2⤵
  PID:4792
- C:\Windows\System\DLhxoMF.exe
  C:\Windows\System\DLhxoMF.exe
  2⤵
  PID:4832
- C:\Windows\System\cAHLKiG.exe
  C:\Windows\System\cAHLKiG.exe
  2⤵
  PID:4848
- C:\Windows\System\CiMMZLT.exe
  C:\Windows\System\CiMMZLT.exe
  2⤵
  PID:4912
- C:\Windows\System\BLJGcXz.exe
  C:\Windows\System\BLJGcXz.exe
  2⤵
  PID:4932
- C:\Windows\System\PdKRkoC.exe
  C:\Windows\System\PdKRkoC.exe
  2⤵
  PID:4964
- C:\Windows\System\oxLjIKr.exe
  C:\Windows\System\oxLjIKr.exe
  2⤵
  PID:4988
- C:\Windows\System\LvPMfwg.exe
  C:\Windows\System\LvPMfwg.exe
  2⤵
  PID:5032
- C:\Windows\System\dmIBAwp.exe
  C:\Windows\System\dmIBAwp.exe
  2⤵
  PID:5048
- C:\Windows\System\RIVbPZh.exe
  C:\Windows\System\RIVbPZh.exe
  2⤵
  PID:5104
- C:\Windows\System\puSeVcp.exe
  C:\Windows\System\puSeVcp.exe
  2⤵
  PID:3592
- C:\Windows\System\xYEFzvj.exe
  C:\Windows\System\xYEFzvj.exe
  2⤵
  PID:3692
- C:\Windows\System\czNGxhJ.exe
  C:\Windows\System\czNGxhJ.exe
  2⤵
  PID:3740
- C:\Windows\System\pOopfOp.exe
  C:\Windows\System\pOopfOp.exe
  2⤵
  PID:3800
- C:\Windows\System\MTKqjLH.exe
  C:\Windows\System\MTKqjLH.exe
  2⤵
  PID:2208
- C:\Windows\System\lhdQhnz.exe
  C:\Windows\System\lhdQhnz.exe
  2⤵
  PID:1212
- C:\Windows\System\GXKuAni.exe
  C:\Windows\System\GXKuAni.exe
  2⤵
  PID:3300
- C:\Windows\System\loyaEVr.exe
  C:\Windows\System\loyaEVr.exe
  2⤵
  PID:4120
- C:\Windows\System\xbtyTNh.exe
  C:\Windows\System\xbtyTNh.exe
  2⤵
  PID:4176
- C:\Windows\System\uPsVEuz.exe
  C:\Windows\System\uPsVEuz.exe
  2⤵
  PID:4244
- C:\Windows\System\fRrFbJy.exe
  C:\Windows\System\fRrFbJy.exe
  2⤵
  PID:4296
- C:\Windows\System\lyhdaWs.exe
  C:\Windows\System\lyhdaWs.exe
  2⤵
  PID:4368
- C:\Windows\System\baMNkLq.exe
  C:\Windows\System\baMNkLq.exe
  2⤵
  PID:4420
- C:\Windows\System\zpnaOVs.exe
  C:\Windows\System\zpnaOVs.exe
  2⤵
  PID:4468
- C:\Windows\System\mNewvhx.exe
  C:\Windows\System\mNewvhx.exe
  2⤵
  PID:4508
- C:\Windows\System\sKmqZrz.exe
  C:\Windows\System\sKmqZrz.exe
  2⤵
  PID:4548
- C:\Windows\System\wimQSAn.exe
  C:\Windows\System\wimQSAn.exe
  2⤵
  PID:4620
- C:\Windows\System\oBibewE.exe
  C:\Windows\System\oBibewE.exe
  2⤵
  PID:4704
- C:\Windows\System\JopzAzh.exe
  C:\Windows\System\JopzAzh.exe
  2⤵
  PID:4732
- C:\Windows\System\AHQlqwE.exe
  C:\Windows\System\AHQlqwE.exe
  2⤵
  PID:4804
- C:\Windows\System\wWXabmk.exe
  C:\Windows\System\wWXabmk.exe
  2⤵
  PID:4852
- C:\Windows\System\UiBApaA.exe
  C:\Windows\System\UiBApaA.exe
  2⤵
  PID:4884
- C:\Windows\System\fnGmSki.exe
  C:\Windows\System\fnGmSki.exe
  2⤵
  PID:4948
- C:\Windows\System\SwGMsVy.exe
  C:\Windows\System\SwGMsVy.exe
  2⤵
  PID:5044
- C:\Windows\System\ZHlcWtt.exe
  C:\Windows\System\ZHlcWtt.exe
  2⤵
  PID:5112
- C:\Windows\System\soVeByw.exe
  C:\Windows\System\soVeByw.exe
  2⤵
  PID:3492
- C:\Windows\System\bexITVR.exe
  C:\Windows\System\bexITVR.exe
  2⤵
  PID:3672
- C:\Windows\System\MLrFoXr.exe
  C:\Windows\System\MLrFoXr.exe
  2⤵
  PID:2976
- C:\Windows\System\NaPPyhk.exe
  C:\Windows\System\NaPPyhk.exe
  2⤵
  PID:2268
- C:\Windows\System\FPrMPdP.exe
  C:\Windows\System\FPrMPdP.exe
  2⤵
  PID:4104
- C:\Windows\System\mGgzcwS.exe
  C:\Windows\System\mGgzcwS.exe
  2⤵
  PID:4220
- C:\Windows\System\xBwqcvt.exe
  C:\Windows\System\xBwqcvt.exe
  2⤵
  PID:4340
- C:\Windows\System\GuNYwBq.exe
  C:\Windows\System\GuNYwBq.exe
  2⤵
  PID:4380
- C:\Windows\System\eQyIPbL.exe
  C:\Windows\System\eQyIPbL.exe
  2⤵
  PID:4464
- C:\Windows\System\HRuzhDZ.exe
  C:\Windows\System\HRuzhDZ.exe
  2⤵
  PID:5136
- C:\Windows\System\ovjrCvn.exe
  C:\Windows\System\ovjrCvn.exe
  2⤵
  PID:5156
- C:\Windows\System\njCJBHb.exe
  C:\Windows\System\njCJBHb.exe
  2⤵
  PID:5176
- C:\Windows\System\NawxLan.exe
  C:\Windows\System\NawxLan.exe
  2⤵
  PID:5196
- C:\Windows\System\FymnjVb.exe
  C:\Windows\System\FymnjVb.exe
  2⤵
  PID:5216
- C:\Windows\System\oaDmMBd.exe
  C:\Windows\System\oaDmMBd.exe
  2⤵
  PID:5236
- C:\Windows\System\GpkkCaL.exe
  C:\Windows\System\GpkkCaL.exe
  2⤵
  PID:5256
- C:\Windows\System\nkYpRGg.exe
  C:\Windows\System\nkYpRGg.exe
  2⤵
  PID:5276
- C:\Windows\System\GuOFIbE.exe
  C:\Windows\System\GuOFIbE.exe
  2⤵
  PID:5296
- C:\Windows\System\AAzEbWj.exe
  C:\Windows\System\AAzEbWj.exe
  2⤵
  PID:5316
- C:\Windows\System\WLILTUl.exe
  C:\Windows\System\WLILTUl.exe
  2⤵
  PID:5336
- C:\Windows\System\jmuIzew.exe
  C:\Windows\System\jmuIzew.exe
  2⤵
  PID:5360
- C:\Windows\System\qRALVyi.exe
  C:\Windows\System\qRALVyi.exe
  2⤵
  PID:5380
- C:\Windows\System\AwGVmTy.exe
  C:\Windows\System\AwGVmTy.exe
  2⤵
  PID:5400
- C:\Windows\System\MQGnIka.exe
  C:\Windows\System\MQGnIka.exe
  2⤵
  PID:5420
- C:\Windows\System\cOtRroS.exe
  C:\Windows\System\cOtRroS.exe
  2⤵
  PID:5440
- C:\Windows\System\dIoPBFo.exe
  C:\Windows\System\dIoPBFo.exe
  2⤵
  PID:5460
- C:\Windows\System\fxKGckO.exe
  C:\Windows\System\fxKGckO.exe
  2⤵
  PID:5480
- C:\Windows\System\OiOSGws.exe
  C:\Windows\System\OiOSGws.exe
  2⤵
  PID:5500
- C:\Windows\System\XoNLZhG.exe
  C:\Windows\System\XoNLZhG.exe
  2⤵
  PID:5520
- C:\Windows\System\BEFrTaj.exe
  C:\Windows\System\BEFrTaj.exe
  2⤵
  PID:5540
- C:\Windows\System\yVlAoqs.exe
  C:\Windows\System\yVlAoqs.exe
  2⤵
  PID:5560
- C:\Windows\System\FdFMvrM.exe
  C:\Windows\System\FdFMvrM.exe
  2⤵
  PID:5580
- C:\Windows\System\sjCirHn.exe
  C:\Windows\System\sjCirHn.exe
  2⤵
  PID:5600
- C:\Windows\System\BGBLepN.exe
  C:\Windows\System\BGBLepN.exe
  2⤵
  PID:5620
- C:\Windows\System\CqHkvyB.exe
  C:\Windows\System\CqHkvyB.exe
  2⤵
  PID:5640
- C:\Windows\System\IGyLlSB.exe
  C:\Windows\System\IGyLlSB.exe
  2⤵
  PID:5660
- C:\Windows\System\qYYodwz.exe
  C:\Windows\System\qYYodwz.exe
  2⤵
  PID:5680
- C:\Windows\System\pPNdlYw.exe
  C:\Windows\System\pPNdlYw.exe
  2⤵
  PID:5700
- C:\Windows\System\TzPGhHz.exe
  C:\Windows\System\TzPGhHz.exe
  2⤵
  PID:5720
- C:\Windows\System\wLJvrEe.exe
  C:\Windows\System\wLJvrEe.exe
  2⤵
  PID:5740
- C:\Windows\System\DMVkFxH.exe
  C:\Windows\System\DMVkFxH.exe
  2⤵
  PID:5760
- C:\Windows\System\pAMzmnI.exe
  C:\Windows\System\pAMzmnI.exe
  2⤵
  PID:5780
- C:\Windows\System\ouOwNRa.exe
  C:\Windows\System\ouOwNRa.exe
  2⤵
  PID:5800
- C:\Windows\System\jwFLixR.exe
  C:\Windows\System\jwFLixR.exe
  2⤵
  PID:5820
- C:\Windows\System\bUEkusG.exe
  C:\Windows\System\bUEkusG.exe
  2⤵
  PID:5840
- C:\Windows\System\DSxtpcg.exe
  C:\Windows\System\DSxtpcg.exe
  2⤵
  PID:5860
- C:\Windows\System\pRpxkPv.exe
  C:\Windows\System\pRpxkPv.exe
  2⤵
  PID:5880
- C:\Windows\System\UZrKRQr.exe
  C:\Windows\System\UZrKRQr.exe
  2⤵
  PID:5900
- C:\Windows\System\bMBFwPQ.exe
  C:\Windows\System\bMBFwPQ.exe
  2⤵
  PID:5920
- C:\Windows\System\BRSMiof.exe
  C:\Windows\System\BRSMiof.exe
  2⤵
  PID:5940
- C:\Windows\System\VFNbUpl.exe
  C:\Windows\System\VFNbUpl.exe
  2⤵
  PID:5960
- C:\Windows\System\YxizQxN.exe
  C:\Windows\System\YxizQxN.exe
  2⤵
  PID:5980
- C:\Windows\System\kzkYMPK.exe
  C:\Windows\System\kzkYMPK.exe
  2⤵
  PID:6000
- C:\Windows\System\DbBGuat.exe
  C:\Windows\System\DbBGuat.exe
  2⤵
  PID:6020
- C:\Windows\System\MnIIlGd.exe
  C:\Windows\System\MnIIlGd.exe
  2⤵
  PID:6040
- C:\Windows\System\IQszMUu.exe
  C:\Windows\System\IQszMUu.exe
  2⤵
  PID:6060
- C:\Windows\System\yCIPJvX.exe
  C:\Windows\System\yCIPJvX.exe
  2⤵
  PID:6080
- C:\Windows\System\tHCokjs.exe
  C:\Windows\System\tHCokjs.exe
  2⤵
  PID:6100
- C:\Windows\System\wWyUkfM.exe
  C:\Windows\System\wWyUkfM.exe
  2⤵
  PID:6120
- C:\Windows\System\GlpcgBz.exe
  C:\Windows\System\GlpcgBz.exe
  2⤵
  PID:6140
- C:\Windows\System\jxktJjh.exe
  C:\Windows\System\jxktJjh.exe
  2⤵
  PID:4568
- C:\Windows\System\JIwYRvO.exe
  C:\Windows\System\JIwYRvO.exe
  2⤵
  PID:4688
- C:\Windows\System\pcPgWya.exe
  C:\Windows\System\pcPgWya.exe
  2⤵
  PID:4784
- C:\Windows\System\UMqUCDY.exe
  C:\Windows\System\UMqUCDY.exe
  2⤵
  PID:4928
- C:\Windows\System\sLiBFOU.exe
  C:\Windows\System\sLiBFOU.exe
  2⤵
  PID:4968
- C:\Windows\System\VSfjcFT.exe
  C:\Windows\System\VSfjcFT.exe
  2⤵
  PID:5052
- C:\Windows\System\zdEMfKH.exe
  C:\Windows\System\zdEMfKH.exe
  2⤵
  PID:3520
- C:\Windows\System\hduPoDj.exe
  C:\Windows\System\hduPoDj.exe
  2⤵
  PID:3856
- C:\Windows\System\iMLypjG.exe
  C:\Windows\System\iMLypjG.exe
  2⤵
  PID:4204
- C:\Windows\System\QXrtfRN.exe
  C:\Windows\System\QXrtfRN.exe
  2⤵
  PID:4304
- C:\Windows\System\aoVTqmA.exe
  C:\Windows\System\aoVTqmA.exe
  2⤵
  PID:4448
- C:\Windows\System\FGdhokK.exe
  C:\Windows\System\FGdhokK.exe
  2⤵
  PID:5128
- C:\Windows\System\lurOuEw.exe
  C:\Windows\System\lurOuEw.exe
  2⤵
  PID:5172
- C:\Windows\System\cwCVkUy.exe
  C:\Windows\System\cwCVkUy.exe
  2⤵
  PID:5212
- C:\Windows\System\lrXknSz.exe
  C:\Windows\System\lrXknSz.exe
  2⤵
  PID:5248
- C:\Windows\System\YosPnRF.exe
  C:\Windows\System\YosPnRF.exe
  2⤵
  PID:5284
- C:\Windows\System\nTAtlGn.exe
  C:\Windows\System\nTAtlGn.exe
  2⤵
  PID:5324
- C:\Windows\System\ynpxkUq.exe
  C:\Windows\System\ynpxkUq.exe
  2⤵
  PID:5344
- C:\Windows\System\liYXFLY.exe
  C:\Windows\System\liYXFLY.exe
  2⤵
  PID:5372
- C:\Windows\System\DoKmzqN.exe
  C:\Windows\System\DoKmzqN.exe
  2⤵
  PID:5416
- C:\Windows\System\qcnWUTk.exe
  C:\Windows\System\qcnWUTk.exe
  2⤵
  PID:5436
- C:\Windows\System\jygvxwF.exe
  C:\Windows\System\jygvxwF.exe
  2⤵
  PID:5476
- C:\Windows\System\fMPGhUl.exe
  C:\Windows\System\fMPGhUl.exe
  2⤵
  PID:5528
- C:\Windows\System\SwWyfIW.exe
  C:\Windows\System\SwWyfIW.exe
  2⤵
  PID:5548
- C:\Windows\System\vUOthZy.exe
  C:\Windows\System\vUOthZy.exe
  2⤵
  PID:5572
- C:\Windows\System\QrlLHwF.exe
  C:\Windows\System\QrlLHwF.exe
  2⤵
  PID:5616
- C:\Windows\System\fskNBon.exe
  C:\Windows\System\fskNBon.exe
  2⤵
  PID:5636
- C:\Windows\System\xseGDAz.exe
  C:\Windows\System\xseGDAz.exe
  2⤵
  PID:5688
- C:\Windows\System\NwHhghD.exe
  C:\Windows\System\NwHhghD.exe
  2⤵
  PID:5716
- C:\Windows\System\CVahhtx.exe
  C:\Windows\System\CVahhtx.exe
  2⤵
  PID:5748
- C:\Windows\System\lXbzpKB.exe
  C:\Windows\System\lXbzpKB.exe
  2⤵
  PID:5772
- C:\Windows\System\GzBLyTO.exe
  C:\Windows\System\GzBLyTO.exe
  2⤵
  PID:5792
- C:\Windows\System\rFtcLlB.exe
  C:\Windows\System\rFtcLlB.exe
  2⤵
  PID:5832
- C:\Windows\System\jvTloXn.exe
  C:\Windows\System\jvTloXn.exe
  2⤵
  PID:5876
- C:\Windows\System\xbnwnqy.exe
  C:\Windows\System\xbnwnqy.exe
  2⤵
  PID:5916
- C:\Windows\System\uyZfLSH.exe
  C:\Windows\System\uyZfLSH.exe
  2⤵
  PID:5948
- C:\Windows\System\xelXKTq.exe
  C:\Windows\System\xelXKTq.exe
  2⤵
  PID:5972
- C:\Windows\System\KCWFSGj.exe
  C:\Windows\System\KCWFSGj.exe
  2⤵
  PID:6016
- C:\Windows\System\gVwWase.exe
  C:\Windows\System\gVwWase.exe
  2⤵
  PID:6056
- C:\Windows\System\wrKefil.exe
  C:\Windows\System\wrKefil.exe
  2⤵
  PID:6096
- C:\Windows\System\ueboyfR.exe
  C:\Windows\System\ueboyfR.exe
  2⤵
  PID:6128
- C:\Windows\System\BzOtrlh.exe
  C:\Windows\System\BzOtrlh.exe
  2⤵
  PID:4524
- C:\Windows\System\KGLirjG.exe
  C:\Windows\System\KGLirjG.exe
  2⤵
  PID:4664
- C:\Windows\System\wiqZVGs.exe
  C:\Windows\System\wiqZVGs.exe
  2⤵
  PID:4888
- C:\Windows\System\REOjdAW.exe
  C:\Windows\System\REOjdAW.exe
  2⤵
  PID:5012
- C:\Windows\System\qRxtLrL.exe
  C:\Windows\System\qRxtLrL.exe
  2⤵
  PID:3356
- C:\Windows\System\iZEzIde.exe
  C:\Windows\System\iZEzIde.exe
  2⤵
  PID:4144
- C:\Windows\System\FRpzOYm.exe
  C:\Windows\System\FRpzOYm.exe
  2⤵
  PID:4260
- C:\Windows\System\qXZdxLQ.exe
  C:\Windows\System\qXZdxLQ.exe
  2⤵
  PID:4440
- C:\Windows\System\AcLPGdE.exe
  C:\Windows\System\AcLPGdE.exe
  2⤵
  PID:5188
- C:\Windows\System\qTSHfgg.exe
  C:\Windows\System\qTSHfgg.exe
  2⤵
  PID:5228
- C:\Windows\System\EHMLxVk.exe
  C:\Windows\System\EHMLxVk.exe
  2⤵
  PID:5304
- C:\Windows\System\MkyEREo.exe
  C:\Windows\System\MkyEREo.exe
  2⤵
  PID:5376
- C:\Windows\System\wqIxzHw.exe
  C:\Windows\System\wqIxzHw.exe
  2⤵
  PID:5448
- C:\Windows\System\UexUHNr.exe
  C:\Windows\System\UexUHNr.exe
  2⤵
  PID:5468
- C:\Windows\System\gvNGVrr.exe
  C:\Windows\System\gvNGVrr.exe
  2⤵
  PID:5492
- C:\Windows\System\XCgXizE.exe
  C:\Windows\System\XCgXizE.exe
  2⤵
  PID:5568
- C:\Windows\System\WwQnKcT.exe
  C:\Windows\System\WwQnKcT.exe
  2⤵
  PID:5676
- C:\Windows\System\SEVPfAO.exe
  C:\Windows\System\SEVPfAO.exe
  2⤵
  PID:5732
- C:\Windows\System\xrlSpLR.exe
  C:\Windows\System\xrlSpLR.exe
  2⤵
  PID:5816
- C:\Windows\System\DdGbiKZ.exe
  C:\Windows\System\DdGbiKZ.exe
  2⤵
  PID:5828
- C:\Windows\System\DatmqiX.exe
  C:\Windows\System\DatmqiX.exe
  2⤵
  PID:5868
- C:\Windows\System\gcAvgeW.exe
  C:\Windows\System\gcAvgeW.exe
  2⤵
  PID:5932
- C:\Windows\System\YGOCaNR.exe
  C:\Windows\System\YGOCaNR.exe
  2⤵
  PID:5952
- C:\Windows\System\MNVsEnZ.exe
  C:\Windows\System\MNVsEnZ.exe
  2⤵
  PID:6052
- C:\Windows\System\CYCxiKA.exe
  C:\Windows\System\CYCxiKA.exe
  2⤵
  PID:6112
- C:\Windows\System\eAhBPyb.exe
  C:\Windows\System\eAhBPyb.exe
  2⤵
  PID:4772
- C:\Windows\System\AGlmNUO.exe
  C:\Windows\System\AGlmNUO.exe
  2⤵
  PID:4752
- C:\Windows\System\aGLFvmG.exe
  C:\Windows\System\aGLFvmG.exe
  2⤵
  PID:3900
- C:\Windows\System\lWQJwDJ.exe
  C:\Windows\System\lWQJwDJ.exe
  2⤵
  PID:3256
- C:\Windows\System\kWhOgbV.exe
  C:\Windows\System\kWhOgbV.exe
  2⤵
  PID:5132
- C:\Windows\System\ErqGiFs.exe
  C:\Windows\System\ErqGiFs.exe
  2⤵
  PID:5252
- C:\Windows\System\pKludPt.exe
  C:\Windows\System\pKludPt.exe
  2⤵
  PID:5328
- C:\Windows\System\RGGCUyl.exe
  C:\Windows\System\RGGCUyl.exe
  2⤵
  PID:5352
- C:\Windows\System\AIdnEcq.exe
  C:\Windows\System\AIdnEcq.exe
  2⤵
  PID:5508
- C:\Windows\System\ifEIuiZ.exe
  C:\Windows\System\ifEIuiZ.exe
  2⤵
  PID:5576
- C:\Windows\System\uHQJWtA.exe
  C:\Windows\System\uHQJWtA.exe
  2⤵
  PID:5736
- C:\Windows\System\LTNAfIT.exe
  C:\Windows\System\LTNAfIT.exe
  2⤵
  PID:5752
- C:\Windows\System\Mxwdlby.exe
  C:\Windows\System\Mxwdlby.exe
  2⤵
  PID:6160
- C:\Windows\System\DbRhVEB.exe
  C:\Windows\System\DbRhVEB.exe
  2⤵
  PID:6180
- C:\Windows\System\PcbvqBY.exe
  C:\Windows\System\PcbvqBY.exe
  2⤵
  PID:6200
- C:\Windows\System\BGMbXTD.exe
  C:\Windows\System\BGMbXTD.exe
  2⤵
  PID:6220
- C:\Windows\System\WOyBtbi.exe
  C:\Windows\System\WOyBtbi.exe
  2⤵
  PID:6240
- C:\Windows\System\lDhCrEW.exe
  C:\Windows\System\lDhCrEW.exe
  2⤵
  PID:6260
- C:\Windows\System\MjWLcNH.exe
  C:\Windows\System\MjWLcNH.exe
  2⤵
  PID:6280
- C:\Windows\System\QcpfWYW.exe
  C:\Windows\System\QcpfWYW.exe
  2⤵
  PID:6300
- C:\Windows\System\afbvZKR.exe
  C:\Windows\System\afbvZKR.exe
  2⤵
  PID:6320
- C:\Windows\System\KPxUxQQ.exe
  C:\Windows\System\KPxUxQQ.exe
  2⤵
  PID:6340
- C:\Windows\System\YvNzfPw.exe
  C:\Windows\System\YvNzfPw.exe
  2⤵
  PID:6360
- C:\Windows\System\NmaqJrm.exe
  C:\Windows\System\NmaqJrm.exe
  2⤵
  PID:6380
- C:\Windows\System\nNcvjjA.exe
  C:\Windows\System\nNcvjjA.exe
  2⤵
  PID:6400
- C:\Windows\System\bJYraaU.exe
  C:\Windows\System\bJYraaU.exe
  2⤵
  PID:6420
- C:\Windows\System\qdJkhei.exe
  C:\Windows\System\qdJkhei.exe
  2⤵
  PID:6440
- C:\Windows\System\wmGHpHH.exe
  C:\Windows\System\wmGHpHH.exe
  2⤵
  PID:6460
- C:\Windows\System\rIvMraS.exe
  C:\Windows\System\rIvMraS.exe
  2⤵
  PID:6480
- C:\Windows\System\RQBmDPn.exe
  C:\Windows\System\RQBmDPn.exe
  2⤵
  PID:6500
- C:\Windows\System\xHbwwUX.exe
  C:\Windows\System\xHbwwUX.exe
  2⤵
  PID:6520
- C:\Windows\System\THUuxJy.exe
  C:\Windows\System\THUuxJy.exe
  2⤵
  PID:6540
- C:\Windows\System\ClnapFJ.exe
  C:\Windows\System\ClnapFJ.exe
  2⤵
  PID:6560
- C:\Windows\System\xMfwNYi.exe
  C:\Windows\System\xMfwNYi.exe
  2⤵
  PID:6580
- C:\Windows\System\FzQFikX.exe
  C:\Windows\System\FzQFikX.exe
  2⤵
  PID:6600
- C:\Windows\System\AuRiitB.exe
  C:\Windows\System\AuRiitB.exe
  2⤵
  PID:6620
- C:\Windows\System\pndNfXF.exe
  C:\Windows\System\pndNfXF.exe
  2⤵
  PID:6640
- C:\Windows\System\iWOhWXz.exe
  C:\Windows\System\iWOhWXz.exe
  2⤵
  PID:6660
- C:\Windows\System\rsArOtQ.exe
  C:\Windows\System\rsArOtQ.exe
  2⤵
  PID:6680
- C:\Windows\System\UlzMuvU.exe
  C:\Windows\System\UlzMuvU.exe
  2⤵
  PID:6700
- C:\Windows\System\zXuhEeU.exe
  C:\Windows\System\zXuhEeU.exe
  2⤵
  PID:6720
- C:\Windows\System\RtqlFfh.exe
  C:\Windows\System\RtqlFfh.exe
  2⤵
  PID:6740
- C:\Windows\System\DSXVJEu.exe
  C:\Windows\System\DSXVJEu.exe
  2⤵
  PID:6760
- C:\Windows\System\dutavSG.exe
  C:\Windows\System\dutavSG.exe
  2⤵
  PID:6780
- C:\Windows\System\nLqSoac.exe
  C:\Windows\System\nLqSoac.exe
  2⤵
  PID:6804
- C:\Windows\System\OownPTu.exe
  C:\Windows\System\OownPTu.exe
  2⤵
  PID:6824
- C:\Windows\System\rrtwEcL.exe
  C:\Windows\System\rrtwEcL.exe
  2⤵
  PID:6844
- C:\Windows\System\jRaxhvH.exe
  C:\Windows\System\jRaxhvH.exe
  2⤵
  PID:6864
- C:\Windows\System\ZOieNAY.exe
  C:\Windows\System\ZOieNAY.exe
  2⤵
  PID:6884
- C:\Windows\System\BrWKpIu.exe
  C:\Windows\System\BrWKpIu.exe
  2⤵
  PID:6904
- C:\Windows\System\UajPsuN.exe
  C:\Windows\System\UajPsuN.exe
  2⤵
  PID:6924
- C:\Windows\System\gPcQTMp.exe
  C:\Windows\System\gPcQTMp.exe
  2⤵
  PID:6944
- C:\Windows\System\SaVWbeA.exe
  C:\Windows\System\SaVWbeA.exe
  2⤵
  PID:6964
- C:\Windows\System\AgwcwyG.exe
  C:\Windows\System\AgwcwyG.exe
  2⤵
  PID:6984
- C:\Windows\System\yBlwbHh.exe
  C:\Windows\System\yBlwbHh.exe
  2⤵
  PID:7004
- C:\Windows\System\MfTQkLL.exe
  C:\Windows\System\MfTQkLL.exe
  2⤵
  PID:7024
- C:\Windows\System\gdgDVtj.exe
  C:\Windows\System\gdgDVtj.exe
  2⤵
  PID:7044
- C:\Windows\System\sisoZJt.exe
  C:\Windows\System\sisoZJt.exe
  2⤵
  PID:7064
- C:\Windows\System\WPkqQSl.exe
  C:\Windows\System\WPkqQSl.exe
  2⤵
  PID:7084
- C:\Windows\System\RqqlYQH.exe
  C:\Windows\System\RqqlYQH.exe
  2⤵
  PID:7104
- C:\Windows\System\LAfRQaC.exe
  C:\Windows\System\LAfRQaC.exe
  2⤵
  PID:7124
- C:\Windows\System\txUwphs.exe
  C:\Windows\System\txUwphs.exe
  2⤵
  PID:7144
- C:\Windows\System\ClwoCda.exe
  C:\Windows\System\ClwoCda.exe
  2⤵
  PID:7164
- C:\Windows\System\GiLGZGQ.exe
  C:\Windows\System\GiLGZGQ.exe
  2⤵
  PID:5896
- C:\Windows\System\HVOPmkX.exe
  C:\Windows\System\HVOPmkX.exe
  2⤵
  PID:5996
- C:\Windows\System\VdqRjfJ.exe
  C:\Windows\System\VdqRjfJ.exe
  2⤵
  PID:6068
- C:\Windows\System\waYLlPy.exe
  C:\Windows\System\waYLlPy.exe
  2⤵
  PID:4864
- C:\Windows\System\RqGEzgf.exe
  C:\Windows\System\RqGEzgf.exe
  2⤵
  PID:3132
- C:\Windows\System\xJrQpYO.exe
  C:\Windows\System\xJrQpYO.exe
  2⤵
  PID:5224
- C:\Windows\System\yrORysz.exe
  C:\Windows\System\yrORysz.exe
  2⤵
  PID:5292
- C:\Windows\System\QQBXhqr.exe
  C:\Windows\System\QQBXhqr.exe
  2⤵
  PID:5512
- C:\Windows\System\tUpjFwP.exe
  C:\Windows\System\tUpjFwP.exe
  2⤵
  PID:5596
- C:\Windows\System\rJaEklw.exe
  C:\Windows\System\rJaEklw.exe
  2⤵
  PID:5668
- C:\Windows\System\XwABMOE.exe
  C:\Windows\System\XwABMOE.exe
  2⤵
  PID:6176
- C:\Windows\System\jGFfLTx.exe
  C:\Windows\System\jGFfLTx.exe
  2⤵
  PID:6216
- C:\Windows\System\uDJRwmx.exe
  C:\Windows\System\uDJRwmx.exe
  2⤵
  PID:6248
- C:\Windows\System\rSoNsXL.exe
  C:\Windows\System\rSoNsXL.exe
  2⤵
  PID:6268
- C:\Windows\System\CGvzxIH.exe
  C:\Windows\System\CGvzxIH.exe
  2⤵
  PID:6292
- C:\Windows\System\UvfvGxU.exe
  C:\Windows\System\UvfvGxU.exe
  2⤵
  PID:6336
- C:\Windows\System\sMXhiMT.exe
  C:\Windows\System\sMXhiMT.exe
  2⤵
  PID:6352
- C:\Windows\System\hrmFxSR.exe
  C:\Windows\System\hrmFxSR.exe
  2⤵
  PID:6396
- C:\Windows\System\tPvwWRo.exe
  C:\Windows\System\tPvwWRo.exe
  2⤵
  PID:6448
- C:\Windows\System\eAtcNDf.exe
  C:\Windows\System\eAtcNDf.exe
  2⤵
  PID:6468
- C:\Windows\System\zBckePP.exe
  C:\Windows\System\zBckePP.exe
  2⤵
  PID:6492
- C:\Windows\System\XUbwiej.exe
  C:\Windows\System\XUbwiej.exe
  2⤵
  PID:6536
- C:\Windows\System\NNgiAux.exe
  C:\Windows\System\NNgiAux.exe
  2⤵
  PID:6552
- C:\Windows\System\KnRDzDR.exe
  C:\Windows\System\KnRDzDR.exe
  2⤵
  PID:6592
- C:\Windows\System\hRvxFyx.exe
  C:\Windows\System\hRvxFyx.exe
  2⤵
  PID:6636
- C:\Windows\System\BbODgtq.exe
  C:\Windows\System\BbODgtq.exe
  2⤵
  PID:6668
- C:\Windows\System\KWYlYLO.exe
  C:\Windows\System\KWYlYLO.exe
  2⤵
  PID:6692
- C:\Windows\System\xMvTjYr.exe
  C:\Windows\System\xMvTjYr.exe
  2⤵
  PID:6716
- C:\Windows\System\aMkMhsY.exe
  C:\Windows\System\aMkMhsY.exe
  2⤵
  PID:6768
- C:\Windows\System\XILMLSq.exe
  C:\Windows\System\XILMLSq.exe
  2⤵
  PID:6792
- C:\Windows\System\QzEqZDe.exe
  C:\Windows\System\QzEqZDe.exe
  2⤵
  PID:6832
- C:\Windows\System\fSblMma.exe
  C:\Windows\System\fSblMma.exe
  2⤵
  PID:6892
- C:\Windows\System\zTuSUzX.exe
  C:\Windows\System\zTuSUzX.exe
  2⤵
  PID:6932
- C:\Windows\System\Vwhhmmj.exe
  C:\Windows\System\Vwhhmmj.exe
  2⤵
  PID:6920
- C:\Windows\System\FLXirRY.exe
  C:\Windows\System\FLXirRY.exe
  2⤵
  PID:6980
- C:\Windows\System\kHvJwlO.exe
  C:\Windows\System\kHvJwlO.exe
  2⤵
  PID:7020
- C:\Windows\System\XbPohrj.exe
  C:\Windows\System\XbPohrj.exe
  2⤵
  PID:7036
- C:\Windows\System\lwiulCX.exe
  C:\Windows\System\lwiulCX.exe
  2⤵
  PID:7100
- C:\Windows\System\kHCACcj.exe
  C:\Windows\System\kHCACcj.exe
  2⤵
  PID:7112
- C:\Windows\System\NbDfZFn.exe
  C:\Windows\System\NbDfZFn.exe
  2⤵
  PID:7136
- C:\Windows\System\eCArSZq.exe
  C:\Windows\System\eCArSZq.exe
  2⤵
  PID:7160
- C:\Windows\System\IMmBEEG.exe
  C:\Windows\System\IMmBEEG.exe
  2⤵
  PID:6008
- C:\Windows\System\kIErhTP.exe
  C:\Windows\System\kIErhTP.exe
  2⤵
  PID:584
- C:\Windows\System\XLkDrgh.exe
  C:\Windows\System\XLkDrgh.exe
  2⤵
  PID:4972
- C:\Windows\System\hlmIqom.exe
  C:\Windows\System\hlmIqom.exe
  2⤵
  PID:5552
- C:\Windows\System\cfxIKjM.exe
  C:\Windows\System\cfxIKjM.exe
  2⤵
  PID:5652
- C:\Windows\System\bZkCWWn.exe
  C:\Windows\System\bZkCWWn.exe
  2⤵
  PID:5768
- C:\Windows\System\okOZisx.exe
  C:\Windows\System\okOZisx.exe
  2⤵
  PID:6228
- C:\Windows\System\RkpfVuk.exe
  C:\Windows\System\RkpfVuk.exe
  2⤵
  PID:6296
- C:\Windows\System\YRLHWWl.exe
  C:\Windows\System\YRLHWWl.exe
  2⤵
  PID:6328
- C:\Windows\System\bfvzIqE.exe
  C:\Windows\System\bfvzIqE.exe
  2⤵
  PID:6416
- C:\Windows\System\PbcGXNd.exe
  C:\Windows\System\PbcGXNd.exe
  2⤵
  PID:6388
- C:\Windows\System\OCCIrUy.exe
  C:\Windows\System\OCCIrUy.exe
  2⤵
  PID:6496
- C:\Windows\System\LQpetsr.exe
  C:\Windows\System\LQpetsr.exe
  2⤵
  PID:6556
- C:\Windows\System\KrLNHWw.exe
  C:\Windows\System\KrLNHWw.exe
  2⤵
  PID:6596
- C:\Windows\System\bJBCThH.exe
  C:\Windows\System\bJBCThH.exe
  2⤵
  PID:6696
- C:\Windows\System\aNOtGTV.exe
  C:\Windows\System\aNOtGTV.exe
  2⤵
  PID:6748
- C:\Windows\System\cLJKBAU.exe
  C:\Windows\System\cLJKBAU.exe
  2⤵
  PID:6756
- C:\Windows\System\wqibdlY.exe
  C:\Windows\System\wqibdlY.exe
  2⤵
  PID:6788
- C:\Windows\System\djOxvOz.exe
  C:\Windows\System\djOxvOz.exe
  2⤵
  PID:6880
- C:\Windows\System\AOJrEgS.exe
  C:\Windows\System\AOJrEgS.exe
  2⤵
  PID:6956
- C:\Windows\System\yzpjOeZ.exe
  C:\Windows\System\yzpjOeZ.exe
  2⤵
  PID:7040
- C:\Windows\System\xcqZuOC.exe
  C:\Windows\System\xcqZuOC.exe
  2⤵
  PID:7060
- C:\Windows\System\wexOQWv.exe
  C:\Windows\System\wexOQWv.exe
  2⤵
  PID:7056
- C:\Windows\System\qzhmkDq.exe
  C:\Windows\System\qzhmkDq.exe
  2⤵
  PID:5956
- C:\Windows\System\qbFItdQ.exe
  C:\Windows\System\qbFItdQ.exe
  2⤵
  PID:6028
- C:\Windows\System\IkdaxNU.exe
  C:\Windows\System\IkdaxNU.exe
  2⤵
  PID:6036
- C:\Windows\System\oeBKxxo.exe
  C:\Windows\System\oeBKxxo.exe
  2⤵
  PID:5456
- C:\Windows\System\TgDduzB.exe
  C:\Windows\System\TgDduzB.exe
  2⤵
  PID:6212
- C:\Windows\System\xvMaApw.exe
  C:\Windows\System\xvMaApw.exe
  2⤵
  PID:6316
- C:\Windows\System\TienbMl.exe
  C:\Windows\System\TienbMl.exe
  2⤵
  PID:6256
- C:\Windows\System\FvviXfO.exe
  C:\Windows\System\FvviXfO.exe
  2⤵
  PID:6412
- C:\Windows\System\ZsYsYTM.exe
  C:\Windows\System\ZsYsYTM.exe
  2⤵
  PID:6572
- C:\Windows\System\rmSTTIb.exe
  C:\Windows\System\rmSTTIb.exe
  2⤵
  PID:6628
- C:\Windows\System\SGzsCJM.exe
  C:\Windows\System\SGzsCJM.exe
  2⤵
  PID:6652
- C:\Windows\System\zkKhdGd.exe
  C:\Windows\System\zkKhdGd.exe
  2⤵
  PID:6732
- C:\Windows\System\bkYUZzy.exe
  C:\Windows\System\bkYUZzy.exe
  2⤵
  PID:7176
- C:\Windows\System\RilFQtm.exe
  C:\Windows\System\RilFQtm.exe
  2⤵
  PID:7196
- C:\Windows\System\cHYQyIY.exe
  C:\Windows\System\cHYQyIY.exe
  2⤵
  PID:7220
- C:\Windows\System\zCKwahl.exe
  C:\Windows\System\zCKwahl.exe
  2⤵
  PID:7240
- C:\Windows\System\iYqyKBh.exe
  C:\Windows\System\iYqyKBh.exe
  2⤵
  PID:7260
- C:\Windows\System\ZRdPHkQ.exe
  C:\Windows\System\ZRdPHkQ.exe
  2⤵
  PID:7280
- C:\Windows\System\CzSvdYq.exe
  C:\Windows\System\CzSvdYq.exe
  2⤵
  PID:7300
- C:\Windows\System\WlghDCy.exe
  C:\Windows\System\WlghDCy.exe
  2⤵
  PID:7320
- C:\Windows\System\vwtzFIt.exe
  C:\Windows\System\vwtzFIt.exe
  2⤵
  PID:7340
- C:\Windows\System\scXcQpv.exe
  C:\Windows\System\scXcQpv.exe
  2⤵
  PID:7356
- C:\Windows\System\blHHhIg.exe
  C:\Windows\System\blHHhIg.exe
  2⤵
  PID:7380
- C:\Windows\System\xTkAKCT.exe
  C:\Windows\System\xTkAKCT.exe
  2⤵
  PID:7400
- C:\Windows\System\oeUkmuy.exe
  C:\Windows\System\oeUkmuy.exe
  2⤵
  PID:7416
- C:\Windows\System\DeKEEKn.exe
  C:\Windows\System\DeKEEKn.exe
  2⤵
  PID:7440
- C:\Windows\System\acSdVTT.exe
  C:\Windows\System\acSdVTT.exe
  2⤵
  PID:7460
- C:\Windows\System\kNhGHHG.exe
  C:\Windows\System\kNhGHHG.exe
  2⤵
  PID:7480
- C:\Windows\System\qzwijEC.exe
  C:\Windows\System\qzwijEC.exe
  2⤵
  PID:7500
- C:\Windows\System\jCQQzSv.exe
  C:\Windows\System\jCQQzSv.exe
  2⤵
  PID:7520
- C:\Windows\System\uMstkhi.exe
  C:\Windows\System\uMstkhi.exe
  2⤵
  PID:7540
- C:\Windows\System\ihxUHyB.exe
  C:\Windows\System\ihxUHyB.exe
  2⤵
  PID:7556
- C:\Windows\System\mhxOYur.exe
  C:\Windows\System\mhxOYur.exe
  2⤵
  PID:7576
- C:\Windows\System\oAtyffy.exe
  C:\Windows\System\oAtyffy.exe
  2⤵
  PID:7600
- C:\Windows\System\GvNysAb.exe
  C:\Windows\System\GvNysAb.exe
  2⤵
  PID:7620
- C:\Windows\System\KOeiuHE.exe
  C:\Windows\System\KOeiuHE.exe
  2⤵
  PID:7640
- C:\Windows\System\kRuTvEV.exe
  C:\Windows\System\kRuTvEV.exe
  2⤵
  PID:7660
- C:\Windows\System\UzsodSC.exe
  C:\Windows\System\UzsodSC.exe
  2⤵
  PID:7680
- C:\Windows\System\djaasGF.exe
  C:\Windows\System\djaasGF.exe
  2⤵
  PID:7700
- C:\Windows\System\xWwdvIW.exe
  C:\Windows\System\xWwdvIW.exe
  2⤵
  PID:7720
- C:\Windows\System\mShtnYm.exe
  C:\Windows\System\mShtnYm.exe
  2⤵
  PID:7740
- C:\Windows\System\jthyrIJ.exe
  C:\Windows\System\jthyrIJ.exe
  2⤵
  PID:7756
- C:\Windows\System\fhnCnRQ.exe
  C:\Windows\System\fhnCnRQ.exe
  2⤵
  PID:7776
- C:\Windows\System\iaigCVd.exe
  C:\Windows\System\iaigCVd.exe
  2⤵
  PID:7800
- C:\Windows\System\HguPQQi.exe
  C:\Windows\System\HguPQQi.exe
  2⤵
  PID:7820
- C:\Windows\System\TibJoJy.exe
  C:\Windows\System\TibJoJy.exe
  2⤵
  PID:7840
- C:\Windows\System\SmstdPi.exe
  C:\Windows\System\SmstdPi.exe
  2⤵
  PID:7860
- C:\Windows\System\DZKHnns.exe
  C:\Windows\System\DZKHnns.exe
  2⤵
  PID:7880
- C:\Windows\System\PCkgeJi.exe
  C:\Windows\System\PCkgeJi.exe
  2⤵
  PID:7900
- C:\Windows\System\VZrRKDi.exe
  C:\Windows\System\VZrRKDi.exe
  2⤵
  PID:7920
- C:\Windows\System\Kfidira.exe
  C:\Windows\System\Kfidira.exe
  2⤵
  PID:7940
- C:\Windows\System\laFMwcH.exe
  C:\Windows\System\laFMwcH.exe
  2⤵
  PID:7960
- C:\Windows\System\AIiuCSz.exe
  C:\Windows\System\AIiuCSz.exe
  2⤵
  PID:7980
- C:\Windows\System\nZNTrGA.exe
  C:\Windows\System\nZNTrGA.exe
  2⤵
  PID:8000
- C:\Windows\System\ARqvoyo.exe
  C:\Windows\System\ARqvoyo.exe
  2⤵
  PID:8020
- C:\Windows\System\kKHTuBG.exe
  C:\Windows\System\kKHTuBG.exe
  2⤵
  PID:8040
- C:\Windows\System\HxyNBbN.exe
  C:\Windows\System\HxyNBbN.exe
  2⤵
  PID:8060
- C:\Windows\System\JOJtJqm.exe
  C:\Windows\System\JOJtJqm.exe
  2⤵
  PID:8080
- C:\Windows\System\IOlfbcs.exe
  C:\Windows\System\IOlfbcs.exe
  2⤵
  PID:8100
- C:\Windows\System\sCdPfHc.exe
  C:\Windows\System\sCdPfHc.exe
  2⤵
  PID:8120
- C:\Windows\System\xfCaYna.exe
  C:\Windows\System\xfCaYna.exe
  2⤵
  PID:8140
- C:\Windows\System\flUlRPW.exe
  C:\Windows\System\flUlRPW.exe
  2⤵
  PID:8160
- C:\Windows\System\tADikMy.exe
  C:\Windows\System\tADikMy.exe
  2⤵
  PID:8180
- C:\Windows\System\JfEqFiz.exe
  C:\Windows\System\JfEqFiz.exe
  2⤵
  PID:6896
- C:\Windows\System\kCYSAZq.exe
  C:\Windows\System\kCYSAZq.exe
  2⤵
  PID:7032
- C:\Windows\System\adXNnkJ.exe
  C:\Windows\System\adXNnkJ.exe
  2⤵
  PID:7076
- C:\Windows\System\vAqVOib.exe
  C:\Windows\System\vAqVOib.exe
  2⤵
  PID:5908
- C:\Windows\System\sIGUeMo.exe
  C:\Windows\System\sIGUeMo.exe
  2⤵
  PID:6148
- C:\Windows\System\CWKbDVz.exe
  C:\Windows\System\CWKbDVz.exe
  2⤵
  PID:6156
- C:\Windows\System\kcpvQgp.exe
  C:\Windows\System\kcpvQgp.exe
  2⤵
  PID:6208
- C:\Windows\System\QjmRFIs.exe
  C:\Windows\System\QjmRFIs.exe
  2⤵
  PID:6512
- C:\Windows\System\rvDvlrK.exe
  C:\Windows\System\rvDvlrK.exe
  2⤵
  PID:6836
- C:\Windows\System\LTQQcyf.exe
  C:\Windows\System\LTQQcyf.exe
  2⤵
  PID:6800
- C:\Windows\System\AkAfWNF.exe
  C:\Windows\System\AkAfWNF.exe
  2⤵
  PID:7216
- C:\Windows\System\yokgqPM.exe
  C:\Windows\System\yokgqPM.exe
  2⤵
  PID:3044
- C:\Windows\System\uNjiZBn.exe
  C:\Windows\System\uNjiZBn.exe
  2⤵
  PID:7236
- C:\Windows\System\ddRIkbc.exe
  C:\Windows\System\ddRIkbc.exe
  2⤵
  PID:7268
- C:\Windows\System\qQtohjz.exe
  C:\Windows\System\qQtohjz.exe
  2⤵
  PID:7312
- C:\Windows\System\pOKNQcu.exe
  C:\Windows\System\pOKNQcu.exe
  2⤵
  PID:7364
- C:\Windows\System\OVHvUPS.exe
  C:\Windows\System\OVHvUPS.exe
  2⤵
  PID:7408
- C:\Windows\System\rDdPcuY.exe
  C:\Windows\System\rDdPcuY.exe
  2⤵
  PID:7448
- C:\Windows\System\OvKKNYr.exe
  C:\Windows\System\OvKKNYr.exe
  2⤵
  PID:7432
- C:\Windows\System\MYoAavY.exe
  C:\Windows\System\MYoAavY.exe
  2⤵
  PID:7496
- C:\Windows\System\KHTZWOn.exe
  C:\Windows\System\KHTZWOn.exe
  2⤵
  PID:7516
- C:\Windows\System\BfNQkrK.exe
  C:\Windows\System\BfNQkrK.exe
  2⤵
  PID:7564
- C:\Windows\System\MKwpreR.exe
  C:\Windows\System\MKwpreR.exe
  2⤵
  PID:7612
- C:\Windows\System\EJaIaih.exe
  C:\Windows\System\EJaIaih.exe
  2⤵
  PID:7592
- C:\Windows\System\Vcljhgm.exe
  C:\Windows\System\Vcljhgm.exe
  2⤵
  PID:7632
- C:\Windows\System\KauCIat.exe
  C:\Windows\System\KauCIat.exe
  2⤵
  PID:7676
- C:\Windows\System\LpsjENl.exe
  C:\Windows\System\LpsjENl.exe
  2⤵
  PID:7716
- C:\Windows\System\Xjmmpht.exe
  C:\Windows\System\Xjmmpht.exe
  2⤵
  PID:7772
- C:\Windows\System\piIEgLw.exe
  C:\Windows\System\piIEgLw.exe
  2⤵
  PID:7784
- C:\Windows\System\HzOmQCb.exe
  C:\Windows\System\HzOmQCb.exe
  2⤵
  PID:3060
- C:\Windows\System\GXJjggb.exe
  C:\Windows\System\GXJjggb.exe
  2⤵
  PID:7856
- C:\Windows\System\CIMYEDF.exe
  C:\Windows\System\CIMYEDF.exe
  2⤵
  PID:7872
- C:\Windows\System\bcqwppv.exe
  C:\Windows\System\bcqwppv.exe
  2⤵
  PID:7936
- C:\Windows\System\QOvOZyE.exe
  C:\Windows\System\QOvOZyE.exe
  2⤵
  PID:7968
- C:\Windows\System\UkPxqOt.exe
  C:\Windows\System\UkPxqOt.exe
  2⤵
  PID:7988
- C:\Windows\System\wTZXlaq.exe
  C:\Windows\System\wTZXlaq.exe
  2⤵
  PID:8012
- C:\Windows\System\rsFSyKH.exe
  C:\Windows\System\rsFSyKH.exe
  2⤵
  PID:8056
- C:\Windows\System\lnMQIXI.exe
  C:\Windows\System\lnMQIXI.exe
  2⤵
  PID:8096
- C:\Windows\System\fJRRdDU.exe
  C:\Windows\System\fJRRdDU.exe
  2⤵
  PID:8136
- C:\Windows\System\RqWInBu.exe
  C:\Windows\System\RqWInBu.exe
  2⤵
  PID:8148
- C:\Windows\System\pWgcVRd.exe
  C:\Windows\System\pWgcVRd.exe
  2⤵
  PID:8188
- C:\Windows\System\GEDXFwY.exe
  C:\Windows\System\GEDXFwY.exe
  2⤵
  PID:6876
- C:\Windows\System\ncGJhnw.exe
  C:\Windows\System\ncGJhnw.exe
  2⤵
  PID:7140
- C:\Windows\System\cdlXFCq.exe
  C:\Windows\System\cdlXFCq.exe
  2⤵
  PID:6136
- C:\Windows\System\Zgfmyzg.exe
  C:\Windows\System\Zgfmyzg.exe
  2⤵
  PID:6276
- C:\Windows\System\BvwQNbd.exe
  C:\Windows\System\BvwQNbd.exe
  2⤵
  PID:6548
- C:\Windows\System\ugqnULK.exe
  C:\Windows\System\ugqnULK.exe
  2⤵
  PID:6728
- C:\Windows\System\lcQgZMT.exe
  C:\Windows\System\lcQgZMT.exe
  2⤵
  PID:7192
- C:\Windows\System\XHALfBX.exe
  C:\Windows\System\XHALfBX.exe
  2⤵
  PID:7292
- C:\Windows\System\gqMkEtb.exe
  C:\Windows\System\gqMkEtb.exe
  2⤵
  PID:7332
- C:\Windows\System\mmZuNer.exe
  C:\Windows\System\mmZuNer.exe
  2⤵
  PID:7352
- C:\Windows\System\HQbRLPo.exe
  C:\Windows\System\HQbRLPo.exe
  2⤵
  PID:7476
- C:\Windows\System\qYWiOwe.exe
  C:\Windows\System\qYWiOwe.exe
  2⤵
  PID:7528
- C:\Windows\System\cAZWjTZ.exe
  C:\Windows\System\cAZWjTZ.exe
  2⤵
  PID:7568
- C:\Windows\System\qhefjBM.exe
  C:\Windows\System\qhefjBM.exe
  2⤵
  PID:7588
- C:\Windows\System\wltQCjC.exe
  C:\Windows\System\wltQCjC.exe
  2⤵
  PID:7696
- C:\Windows\System\HLvoYAY.exe
  C:\Windows\System\HLvoYAY.exe
  2⤵
  PID:7692
- C:\Windows\System\GAttuAn.exe
  C:\Windows\System\GAttuAn.exe
  2⤵
  PID:7808
- C:\Windows\System\ndWjkfM.exe
  C:\Windows\System\ndWjkfM.exe
  2⤵
  PID:7788
- C:\Windows\System\mvuSNyw.exe
  C:\Windows\System\mvuSNyw.exe
  2⤵
  PID:7836
- C:\Windows\System\VwDtIRm.exe
  C:\Windows\System\VwDtIRm.exe
  2⤵
  PID:7948
- C:\Windows\System\OhdevJm.exe
  C:\Windows\System\OhdevJm.exe
  2⤵
  PID:7992
- C:\Windows\System\XtDqVMI.exe
  C:\Windows\System\XtDqVMI.exe
  2⤵
  PID:8088
- C:\Windows\System\jMJXqWs.exe
  C:\Windows\System\jMJXqWs.exe
  2⤵
  PID:8108
- C:\Windows\System\mRmDYYQ.exe
  C:\Windows\System\mRmDYYQ.exe
  2⤵
  PID:8128
- C:\Windows\System\JkyiKTI.exe
  C:\Windows\System\JkyiKTI.exe
  2⤵
  PID:8172
- C:\Windows\System\fbatMbq.exe
  C:\Windows\System\fbatMbq.exe
  2⤵
  PID:5264
- C:\Windows\System\sAqZRZO.exe
  C:\Windows\System\sAqZRZO.exe
  2⤵
  PID:6612
- C:\Windows\System\zJbiBvr.exe
  C:\Windows\System\zJbiBvr.exe
  2⤵
  PID:6648
- C:\Windows\System\GwKnUmW.exe
  C:\Windows\System\GwKnUmW.exe
  2⤵
  PID:7316
- C:\Windows\System\KzDUAjs.exe
  C:\Windows\System\KzDUAjs.exe
  2⤵
  PID:7308
- C:\Windows\System\fziLQdq.exe
  C:\Windows\System\fziLQdq.exe
  2⤵
  PID:7392
- C:\Windows\System\KUixeiZ.exe
  C:\Windows\System\KUixeiZ.exe
  2⤵
  PID:7548
- C:\Windows\System\ZJfgtaY.exe
  C:\Windows\System\ZJfgtaY.exe
  2⤵
  PID:7656
- C:\Windows\System\jjPhQZo.exe
  C:\Windows\System\jjPhQZo.exe
  2⤵
  PID:1860
- C:\Windows\System\LgrRdvf.exe
  C:\Windows\System\LgrRdvf.exe
  2⤵
  PID:7712
- C:\Windows\System\IANbNlf.exe
  C:\Windows\System\IANbNlf.exe
  2⤵
  PID:7812
- C:\Windows\System\YPLuLha.exe
  C:\Windows\System\YPLuLha.exe
  2⤵
  PID:7928
- C:\Windows\System\mFugvye.exe
  C:\Windows\System\mFugvye.exe
  2⤵
  PID:7952
- C:\Windows\System\NkwaDqv.exe
  C:\Windows\System\NkwaDqv.exe
  2⤵
  PID:7976
- C:\Windows\System\SVCkqEX.exe
  C:\Windows\System\SVCkqEX.exe
  2⤵
  PID:6996
- C:\Windows\System\ARgUDAq.exe
  C:\Windows\System\ARgUDAq.exe
  2⤵
  PID:5308
- C:\Windows\System\EOJXebu.exe
  C:\Windows\System\EOJXebu.exe
  2⤵
  PID:6656
- C:\Windows\System\fNQnrbK.exe
  C:\Windows\System\fNQnrbK.exe
  2⤵
  PID:6772
- C:\Windows\System\ZVCMnmC.exe
  C:\Windows\System\ZVCMnmC.exe
  2⤵
  PID:1004
- C:\Windows\System\LXSTtuY.exe
  C:\Windows\System\LXSTtuY.exe
  2⤵
  PID:8208
- C:\Windows\System\uzsszfB.exe
  C:\Windows\System\uzsszfB.exe
  2⤵
  PID:8228
- C:\Windows\System\ESCpwFw.exe
  C:\Windows\System\ESCpwFw.exe
  2⤵
  PID:8252
- C:\Windows\System\GqkvrhM.exe
  C:\Windows\System\GqkvrhM.exe
  2⤵
  PID:8272
- C:\Windows\System\EIHAbPv.exe
  C:\Windows\System\EIHAbPv.exe
  2⤵
  PID:8288
- C:\Windows\System\vgBnevn.exe
  C:\Windows\System\vgBnevn.exe
  2⤵
  PID:8312
- C:\Windows\System\ZWBRkGf.exe
  C:\Windows\System\ZWBRkGf.exe
  2⤵
  PID:8332
- C:\Windows\System\iZeSBzf.exe
  C:\Windows\System\iZeSBzf.exe
  2⤵
  PID:8352
- C:\Windows\System\RbPrFXl.exe
  C:\Windows\System\RbPrFXl.exe
  2⤵
  PID:8372
- C:\Windows\System\gjdSHNF.exe
  C:\Windows\System\gjdSHNF.exe
  2⤵
  PID:8392
- C:\Windows\System\ebQmCFO.exe
  C:\Windows\System\ebQmCFO.exe
  2⤵
  PID:8412
- C:\Windows\System\dZInKbu.exe
  C:\Windows\System\dZInKbu.exe
  2⤵
  PID:8432
- C:\Windows\System\phdObHb.exe
  C:\Windows\System\phdObHb.exe
  2⤵
  PID:8452
- C:\Windows\System\aVztBXw.exe
  C:\Windows\System\aVztBXw.exe
  2⤵
  PID:8472
- C:\Windows\System\nnIqEOR.exe
  C:\Windows\System\nnIqEOR.exe
  2⤵
  PID:8492
- C:\Windows\System\YUMpvRw.exe
  C:\Windows\System\YUMpvRw.exe
  2⤵
  PID:8508
- C:\Windows\System\UWojsha.exe
  C:\Windows\System\UWojsha.exe
  2⤵
  PID:8532
- C:\Windows\System\pqzyKIk.exe
  C:\Windows\System\pqzyKIk.exe
  2⤵
  PID:8552
- C:\Windows\System\InWaeoo.exe
  C:\Windows\System\InWaeoo.exe
  2⤵
  PID:8572
- C:\Windows\System\PHtNppw.exe
  C:\Windows\System\PHtNppw.exe
  2⤵
  PID:8588
- C:\Windows\System\eNcFhwz.exe
  C:\Windows\System\eNcFhwz.exe
  2⤵
  PID:8612
- C:\Windows\System\EWpaGdq.exe
  C:\Windows\System\EWpaGdq.exe
  2⤵
  PID:8632
- C:\Windows\System\VDtGmyM.exe
  C:\Windows\System\VDtGmyM.exe
  2⤵
  PID:8652
- C:\Windows\System\etteTNd.exe
  C:\Windows\System\etteTNd.exe
  2⤵
  PID:8672
- C:\Windows\System\MbkzmNp.exe
  C:\Windows\System\MbkzmNp.exe
  2⤵
  PID:8692
- C:\Windows\System\UAZPBus.exe
  C:\Windows\System\UAZPBus.exe
  2⤵
  PID:8712
- C:\Windows\System\KmQGDez.exe
  C:\Windows\System\KmQGDez.exe
  2⤵
  PID:8732
- C:\Windows\System\ABcMGtS.exe
  C:\Windows\System\ABcMGtS.exe
  2⤵
  PID:8752
- C:\Windows\System\PBTtwlC.exe
  C:\Windows\System\PBTtwlC.exe
  2⤵
  PID:8772
- C:\Windows\System\dztzYRg.exe
  C:\Windows\System\dztzYRg.exe
  2⤵
  PID:8792
- C:\Windows\System\suyGTJu.exe
  C:\Windows\System\suyGTJu.exe
  2⤵
  PID:8812
- C:\Windows\System\KNvsNcE.exe
  C:\Windows\System\KNvsNcE.exe
  2⤵
  PID:8832
- C:\Windows\System\lIZvAzz.exe
  C:\Windows\System\lIZvAzz.exe
  2⤵
  PID:8852
- C:\Windows\System\ZnHerIh.exe
  C:\Windows\System\ZnHerIh.exe
  2⤵
  PID:8872
- C:\Windows\System\UYkoNtu.exe
  C:\Windows\System\UYkoNtu.exe
  2⤵
  PID:8892
- C:\Windows\System\PlxYZem.exe
  C:\Windows\System\PlxYZem.exe
  2⤵
  PID:8912
- C:\Windows\System\FepRwFE.exe
  C:\Windows\System\FepRwFE.exe
  2⤵
  PID:8928
- C:\Windows\System\GtxqCyq.exe
  C:\Windows\System\GtxqCyq.exe
  2⤵
  PID:8944
- C:\Windows\System\NdmeCCj.exe
  C:\Windows\System\NdmeCCj.exe
  2⤵
  PID:8960
- C:\Windows\System\BMubPnj.exe
  C:\Windows\System\BMubPnj.exe
  2⤵
  PID:8976
- C:\Windows\System\BrbQBxW.exe
  C:\Windows\System\BrbQBxW.exe
  2⤵
  PID:8996
- C:\Windows\System\DARfODB.exe
  C:\Windows\System\DARfODB.exe
  2⤵
  PID:9012
- C:\Windows\System\QKYXqhc.exe
  C:\Windows\System\QKYXqhc.exe
  2⤵
  PID:9028
- C:\Windows\System\cwJqDpe.exe
  C:\Windows\System\cwJqDpe.exe
  2⤵
  PID:9044
- C:\Windows\System\GZspwxR.exe
  C:\Windows\System\GZspwxR.exe
  2⤵
  PID:9064
- C:\Windows\System\ZbTiArD.exe
  C:\Windows\System\ZbTiArD.exe
  2⤵
  PID:9080
- C:\Windows\System\WRPXsnR.exe
  C:\Windows\System\WRPXsnR.exe
  2⤵
  PID:9096
- C:\Windows\System\hMkjwOr.exe
  C:\Windows\System\hMkjwOr.exe
  2⤵
  PID:9112
- C:\Windows\System\TrlVAxB.exe
  C:\Windows\System\TrlVAxB.exe
  2⤵
  PID:9132
- C:\Windows\System\TBcVGOF.exe
  C:\Windows\System\TBcVGOF.exe
  2⤵
  PID:9152
- C:\Windows\System\KaXBtvl.exe
  C:\Windows\System\KaXBtvl.exe
  2⤵
  PID:9168
- C:\Windows\System\eBKhmrQ.exe
  C:\Windows\System\eBKhmrQ.exe
  2⤵
  PID:9184
- C:\Windows\System\ltTfvWn.exe
  C:\Windows\System\ltTfvWn.exe
  2⤵
  PID:9200
- C:\Windows\System\uCpAFwb.exe
  C:\Windows\System\uCpAFwb.exe
  2⤵
  PID:7472
- C:\Windows\System\unstoqn.exe
  C:\Windows\System\unstoqn.exe
  2⤵
  PID:7436
- C:\Windows\System\tyHUXmV.exe
  C:\Windows\System\tyHUXmV.exe
  2⤵
  PID:7688
- C:\Windows\System\cxEuRmE.exe
  C:\Windows\System\cxEuRmE.exe
  2⤵
  PID:7816
- C:\Windows\System\yJjiWxw.exe
  C:\Windows\System\yJjiWxw.exe
  2⤵
  PID:7908
- C:\Windows\System\MFOazEJ.exe
  C:\Windows\System\MFOazEJ.exe
  2⤵
  PID:8068
- C:\Windows\System\sOPiWYg.exe
  C:\Windows\System\sOPiWYg.exe
  2⤵
  PID:6252
- C:\Windows\System\jpwgvHy.exe
  C:\Windows\System\jpwgvHy.exe
  2⤵
  PID:8204
- C:\Windows\System\IVuCSgp.exe
  C:\Windows\System\IVuCSgp.exe
  2⤵
  PID:8244
- C:\Windows\System\vTSjmXU.exe
  C:\Windows\System\vTSjmXU.exe
  2⤵
  PID:8284
- C:\Windows\System\ShtkAHb.exe
  C:\Windows\System\ShtkAHb.exe
  2⤵
  PID:8300
- C:\Windows\System\GPSvKrV.exe
  C:\Windows\System\GPSvKrV.exe
  2⤵
  PID:8304
- C:\Windows\System\sChgoNU.exe
  C:\Windows\System\sChgoNU.exe
  2⤵
  PID:2524
- C:\Windows\System\sXJtcRl.exe
  C:\Windows\System\sXJtcRl.exe
  2⤵
  PID:8384
- C:\Windows\System\hcVizkG.exe
  C:\Windows\System\hcVizkG.exe
  2⤵
  PID:8428
- C:\Windows\System\wBhlIpa.exe
  C:\Windows\System\wBhlIpa.exe
  2⤵
  PID:8564
- C:\Windows\System\NJHtMYh.exe
  C:\Windows\System\NJHtMYh.exe
  2⤵
  PID:8604
- C:\Windows\System\daVqqSR.exe
  C:\Windows\System\daVqqSR.exe
  2⤵
  PID:2812
- C:\Windows\System\uSNIkHF.exe
  C:\Windows\System\uSNIkHF.exe
  2⤵
  PID:8644
- C:\Windows\System\NvVCNfH.exe
  C:\Windows\System\NvVCNfH.exe
  2⤵
  PID:2740
- C:\Windows\System\NBmUeEV.exe
  C:\Windows\System\NBmUeEV.exe
  2⤵
  PID:8688
- C:\Windows\System\xNwEkUK.exe
  C:\Windows\System\xNwEkUK.exe
  2⤵
  PID:8708
- C:\Windows\System\QuVWDXO.exe
  C:\Windows\System\QuVWDXO.exe
  2⤵
  PID:8724
- C:\Windows\System\dHsZeMB.exe
  C:\Windows\System\dHsZeMB.exe
  2⤵
  PID:8768
- C:\Windows\System\EvmTnXf.exe
  C:\Windows\System\EvmTnXf.exe
  2⤵
  PID:8780
- C:\Windows\System\gBoDGZl.exe
  C:\Windows\System\gBoDGZl.exe
  2⤵
  PID:8808
- C:\Windows\System\HGYIodw.exe
  C:\Windows\System\HGYIodw.exe
  2⤵
  PID:8848
- C:\Windows\System\DNWbjyF.exe
  C:\Windows\System\DNWbjyF.exe
  2⤵
  PID:8904
- C:\Windows\System\pFQqlmS.exe
  C:\Windows\System\pFQqlmS.exe
  2⤵
  PID:8968
- C:\Windows\System\mPDrvwR.exe
  C:\Windows\System\mPDrvwR.exe
  2⤵
  PID:9024
- C:\Windows\System\lsdIpoY.exe
  C:\Windows\System\lsdIpoY.exe
  2⤵
  PID:9036
- C:\Windows\System\INqGRJB.exe
  C:\Windows\System\INqGRJB.exe
  2⤵
  PID:2824
- C:\Windows\System\iOygjRl.exe
  C:\Windows\System\iOygjRl.exe
  2⤵
  PID:9072
- C:\Windows\System\ohbiKgW.exe
  C:\Windows\System\ohbiKgW.exe
  2⤵
  PID:9092
- C:\Windows\System\DMmXFAs.exe
  C:\Windows\System\DMmXFAs.exe
  2⤵
  PID:9108
- C:\Windows\System\hcanFhl.exe
  C:\Windows\System\hcanFhl.exe
  2⤵
  PID:2312
- C:\Windows\System\VDskfGR.exe
  C:\Windows\System\VDskfGR.exe
  2⤵
  PID:9176
- C:\Windows\System\TKcgagt.exe
  C:\Windows\System\TKcgagt.exe
  2⤵
  PID:9196
- C:\Windows\System\akCXEkh.exe
  C:\Windows\System\akCXEkh.exe
  2⤵
  PID:7428
- C:\Windows\System\OLydcGj.exe
  C:\Windows\System\OLydcGj.exe
  2⤵
  PID:2244
- C:\Windows\System\VpvvxBh.exe
  C:\Windows\System\VpvvxBh.exe
  2⤵
  PID:7916
- C:\Windows\System\DhPKaOM.exe
  C:\Windows\System\DhPKaOM.exe
  2⤵
  PID:7012
- C:\Windows\System\lghVNhF.exe
  C:\Windows\System\lghVNhF.exe
  2⤵
  PID:8132
- C:\Windows\System\LcYmlBg.exe
  C:\Windows\System\LcYmlBg.exe
  2⤵
  PID:6132
- C:\Windows\System\SQXBBId.exe
  C:\Windows\System\SQXBBId.exe
  2⤵
  PID:1644
- C:\Windows\System\rCMAFPg.exe
  C:\Windows\System\rCMAFPg.exe
  2⤵
  PID:2572
- C:\Windows\System\YfhxmSd.exe
  C:\Windows\System\YfhxmSd.exe
  2⤵
  PID:8216
- C:\Windows\System\wWIwXDe.exe
  C:\Windows\System\wWIwXDe.exe
  2⤵
  PID:2216
- C:\Windows\System\PuTLAMo.exe
  C:\Windows\System\PuTLAMo.exe
  2⤵
  PID:2752
- C:\Windows\System\pPzzaNH.exe
  C:\Windows\System\pPzzaNH.exe
  2⤵
  PID:8320
- C:\Windows\System\BHMkeCl.exe
  C:\Windows\System\BHMkeCl.exe
  2⤵
  PID:2896
- C:\Windows\System\lyuIrQe.exe
  C:\Windows\System\lyuIrQe.exe
  2⤵
  PID:2428
- C:\Windows\System\KJkXgCM.exe
  C:\Windows\System\KJkXgCM.exe
  2⤵
  PID:8348
- C:\Windows\System\hfqTnYC.exe
  C:\Windows\System\hfqTnYC.exe
  2⤵
  PID:8484
- C:\Windows\System\HTjjxgH.exe
  C:\Windows\System\HTjjxgH.exe
  2⤵
  PID:8468
- C:\Windows\System\CAzUUBz.exe
  C:\Windows\System\CAzUUBz.exe
  2⤵
  PID:8464
- C:\Windows\System\gbLVkfY.exe
  C:\Windows\System\gbLVkfY.exe
  2⤵
  PID:8520
- C:\Windows\System\lDXWObA.exe
  C:\Windows\System\lDXWObA.exe
  2⤵
  PID:8548
- C:\Windows\System\CCWwMuS.exe
  C:\Windows\System\CCWwMuS.exe
  2⤵
  PID:8628
- C:\Windows\System\NHWkmrL.exe
  C:\Windows\System\NHWkmrL.exe
  2⤵
  PID:8664
- C:\Windows\System\jGmxeCQ.exe
  C:\Windows\System\jGmxeCQ.exe
  2⤵
  PID:8720
- C:\Windows\System\THfGyhL.exe
  C:\Windows\System\THfGyhL.exe
  2⤵
  PID:8748
- C:\Windows\System\UitidfA.exe
  C:\Windows\System\UitidfA.exe
  2⤵
  PID:8820
- C:\Windows\System\JgfOKXM.exe
  C:\Windows\System\JgfOKXM.exe
  2⤵
  PID:2264
- C:\Windows\System\fWOVtmS.exe
  C:\Windows\System\fWOVtmS.exe
  2⤵
  PID:8868
- C:\Windows\System\xwvCCIz.exe
  C:\Windows\System\xwvCCIz.exe
  2⤵
  PID:1396
- C:\Windows\System\JzUAKPF.exe
  C:\Windows\System\JzUAKPF.exe
  2⤵
  PID:8668
- C:\Windows\System\NYMXCti.exe
  C:\Windows\System\NYMXCti.exe
  2⤵
  PID:8992
- C:\Windows\System\szYNvNT.exe
  C:\Windows\System\szYNvNT.exe
  2⤵
  PID:2892
- C:\Windows\System\HRJZwaG.exe
  C:\Windows\System\HRJZwaG.exe
  2⤵
  PID:1928
- C:\Windows\System\bAieGKl.exe
  C:\Windows\System\bAieGKl.exe
  2⤵
  PID:9128
- C:\Windows\System\BcTUYDU.exe
  C:\Windows\System\BcTUYDU.exe
  2⤵
  PID:9164
- C:\Windows\System\AlFOxYY.exe
  C:\Windows\System\AlFOxYY.exe
  2⤵
  PID:2808
- C:\Windows\System\wuzBVVO.exe
  C:\Windows\System\wuzBVVO.exe
  2⤵
  PID:804
- C:\Windows\System\rbxfHUO.exe
  C:\Windows\System\rbxfHUO.exe
  2⤵
  PID:7256
- C:\Windows\System\LgXEtiv.exe
  C:\Windows\System\LgXEtiv.exe
  2⤵
  PID:2292
- C:\Windows\System\aNGzuLw.exe
  C:\Windows\System\aNGzuLw.exe
  2⤵
  PID:1852
- C:\Windows\System\GKIJVlU.exe
  C:\Windows\System\GKIJVlU.exe
  2⤵
  PID:7764
- C:\Windows\System\ADsCDNV.exe
  C:\Windows\System\ADsCDNV.exe
  2⤵
  PID:9192
- C:\Windows\System\QwrOBLo.exe
  C:\Windows\System\QwrOBLo.exe
  2⤵
  PID:1428
- C:\Windows\System\QeoopPT.exe
  C:\Windows\System\QeoopPT.exe
  2⤵
  PID:2700
- C:\Windows\System\eTENkwT.exe
  C:\Windows\System\eTENkwT.exe
  2⤵
  PID:8344
- C:\Windows\System\tXQRkgg.exe
  C:\Windows\System\tXQRkgg.exe
  2⤵
  PID:8480
- C:\Windows\System\dFuTzxV.exe
  C:\Windows\System\dFuTzxV.exe
  2⤵
  PID:8568
- C:\Windows\System\hyobXDb.exe
  C:\Windows\System\hyobXDb.exe
  2⤵
  PID:8528
- C:\Windows\System\zpgawcH.exe
  C:\Windows\System\zpgawcH.exe
  2⤵
  PID:2336
- C:\Windows\System\jvYHKRd.exe
  C:\Windows\System\jvYHKRd.exe
  2⤵
  PID:8744
- C:\Windows\System\MwioWhc.exe
  C:\Windows\System\MwioWhc.exe
  2⤵
  PID:8540
- C:\Windows\System\YVTHUiC.exe
  C:\Windows\System\YVTHUiC.exe
  2⤵
  PID:8760
- C:\Windows\System\JrzRQPc.exe
  C:\Windows\System\JrzRQPc.exe
  2⤵
  PID:8864
- C:\Windows\System\mcTTvGy.exe
  C:\Windows\System\mcTTvGy.exe
  2⤵
  PID:1912
- C:\Windows\System\ghSlSJM.exe
  C:\Windows\System\ghSlSJM.exe
  2⤵
  PID:9140
- C:\Windows\System\dDyqBgC.exe
  C:\Windows\System\dDyqBgC.exe
  2⤵
  PID:9212
- C:\Windows\System\PSrwZJw.exe
  C:\Windows\System\PSrwZJw.exe
  2⤵
  PID:2600
- C:\Windows\System\VGPkvZf.exe
  C:\Windows\System\VGPkvZf.exe
  2⤵
  PID:1844
- C:\Windows\System\VrIjzKW.exe
  C:\Windows\System\VrIjzKW.exe
  2⤵
  PID:8240
- C:\Windows\System\pGBESgI.exe
  C:\Windows\System\pGBESgI.exe
  2⤵
  PID:8460
- C:\Windows\System\IUcAiRY.exe
  C:\Windows\System\IUcAiRY.exe
  2⤵
  PID:6348
- C:\Windows\System\PGUHwvG.exe
  C:\Windows\System\PGUHwvG.exe
  2⤵
  PID:1836
- C:\Windows\System\jaKBgQZ.exe
  C:\Windows\System\jaKBgQZ.exe
  2⤵
  PID:2644
- C:\Windows\System\BITUeSQ.exe
  C:\Windows\System\BITUeSQ.exe
  2⤵
  PID:8784
- C:\Windows\System\XVIaeLJ.exe
  C:\Windows\System\XVIaeLJ.exe
  2⤵
  PID:8956
- C:\Windows\System\VQTQFhR.exe
  C:\Windows\System\VQTQFhR.exe
  2⤵
  PID:9008
- C:\Windows\System\Mzeligm.exe
  C:\Windows\System\Mzeligm.exe
  2⤵
  PID:7232
- C:\Windows\System\ynvraJW.exe
  C:\Windows\System\ynvraJW.exe
  2⤵
  PID:8248
- C:\Windows\System\vECuoVX.exe
  C:\Windows\System\vECuoVX.exe
  2⤵
  PID:8440
- C:\Windows\System\sKaumrX.exe
  C:\Windows\System\sKaumrX.exe
  2⤵
  PID:2848
- C:\Windows\System\euEGsqa.exe
  C:\Windows\System\euEGsqa.exe
  2⤵
  PID:8560
- C:\Windows\System\fIMEYJC.exe
  C:\Windows\System\fIMEYJC.exe
  2⤵
  PID:1536
- C:\Windows\System\FersHFB.exe
  C:\Windows\System\FersHFB.exe
  2⤵
  PID:8924
- C:\Windows\System\OyPQlNH.exe
  C:\Windows\System\OyPQlNH.exe
  2⤵
  PID:7868
- C:\Windows\System\lRQnbpX.exe
  C:\Windows\System\lRQnbpX.exe
  2⤵
  PID:9220
- C:\Windows\System\sDHFQsq.exe
  C:\Windows\System\sDHFQsq.exe
  2⤵
  PID:9240
- C:\Windows\System\eObOlSw.exe
  C:\Windows\System\eObOlSw.exe
  2⤵
  PID:9256
- C:\Windows\System\rRLZXei.exe
  C:\Windows\System\rRLZXei.exe
  2⤵
  PID:9272
- C:\Windows\System\KyQNfFq.exe
  C:\Windows\System\KyQNfFq.exe
  2⤵
  PID:9288
- C:\Windows\System\PaobsZt.exe
  C:\Windows\System\PaobsZt.exe
  2⤵
  PID:9304
- C:\Windows\System\ZqYiVcr.exe
  C:\Windows\System\ZqYiVcr.exe
  2⤵
  PID:9320
- C:\Windows\System\YXTReyc.exe
  C:\Windows\System\YXTReyc.exe
  2⤵
  PID:9336
- C:\Windows\System\pOJLxlA.exe
  C:\Windows\System\pOJLxlA.exe
  2⤵
  PID:9356
- C:\Windows\System\APlhuZa.exe
  C:\Windows\System\APlhuZa.exe
  2⤵
  PID:9408
- C:\Windows\System\hpRAMqg.exe
  C:\Windows\System\hpRAMqg.exe
  2⤵
  PID:9424
- C:\Windows\System\jrrRSrH.exe
  C:\Windows\System\jrrRSrH.exe
  2⤵
  PID:9520
- C:\Windows\System\cgaVIAO.exe
  C:\Windows\System\cgaVIAO.exe
  2⤵
  PID:9536
- C:\Windows\System\rBoRyXN.exe
  C:\Windows\System\rBoRyXN.exe
  2⤵
  PID:9552
- C:\Windows\System\IbkWEML.exe
  C:\Windows\System\IbkWEML.exe
  2⤵
  PID:9568
- C:\Windows\System\qgmpwSb.exe
  C:\Windows\System\qgmpwSb.exe
  2⤵
  PID:9584
- C:\Windows\System\Iiyduxb.exe
  C:\Windows\System\Iiyduxb.exe
  2⤵
  PID:9600
- C:\Windows\System\gusMQyt.exe
  C:\Windows\System\gusMQyt.exe
  2⤵
  PID:9616
- C:\Windows\System\NxUUOMQ.exe
  C:\Windows\System\NxUUOMQ.exe
  2⤵
  PID:9632
- C:\Windows\System\BiGAuAr.exe
  C:\Windows\System\BiGAuAr.exe
  2⤵
  PID:9648
- C:\Windows\System\XANiiMI.exe
  C:\Windows\System\XANiiMI.exe
  2⤵
  PID:9664
- C:\Windows\System\uUFHUap.exe
  C:\Windows\System\uUFHUap.exe
  2⤵
  PID:9680
- C:\Windows\System\kvrpOFt.exe
  C:\Windows\System\kvrpOFt.exe
  2⤵
  PID:9696
- C:\Windows\System\GuLYVSL.exe
  C:\Windows\System\GuLYVSL.exe
  2⤵
  PID:9716
- C:\Windows\System\XCXjefV.exe
  C:\Windows\System\XCXjefV.exe
  2⤵
  PID:9736
- C:\Windows\System\iuaQbTb.exe
  C:\Windows\System\iuaQbTb.exe
  2⤵
  PID:9840
- C:\Windows\System\ChZJrKJ.exe
  C:\Windows\System\ChZJrKJ.exe
  2⤵
  PID:9860
- C:\Windows\System\HRBhHqD.exe
  C:\Windows\System\HRBhHqD.exe
  2⤵
  PID:9884
- C:\Windows\System\MmznAIN.exe
  C:\Windows\System\MmznAIN.exe
  2⤵
  PID:9900
- C:\Windows\System\WuPiGmz.exe
  C:\Windows\System\WuPiGmz.exe
  2⤵
  PID:9916
- C:\Windows\System\sPclniG.exe
  C:\Windows\System\sPclniG.exe
  2⤵
  PID:9932
- C:\Windows\System\paynOej.exe
  C:\Windows\System\paynOej.exe
  2⤵
  PID:9948
- C:\Windows\System\fHtfguQ.exe
  C:\Windows\System\fHtfguQ.exe
  2⤵
  PID:9964
- C:\Windows\System\onzWhdR.exe
  C:\Windows\System\onzWhdR.exe
  2⤵
  PID:9980
- C:\Windows\System\TUJFgEV.exe
  C:\Windows\System\TUJFgEV.exe
  2⤵
  PID:10000
- C:\Windows\System\nynmmmq.exe
  C:\Windows\System\nynmmmq.exe
  2⤵
  PID:10028
- C:\Windows\System\jfthNVg.exe
  C:\Windows\System\jfthNVg.exe
  2⤵
  PID:10056
- C:\Windows\System\wRhRlbz.exe
  C:\Windows\System\wRhRlbz.exe
  2⤵
  PID:10084
- C:\Windows\System\pDJnwIm.exe
  C:\Windows\System\pDJnwIm.exe
  2⤵
  PID:10108
- C:\Windows\System\FakWJnE.exe
  C:\Windows\System\FakWJnE.exe
  2⤵
  PID:10124
- C:\Windows\System\LrZOEHi.exe
  C:\Windows\System\LrZOEHi.exe
  2⤵
  PID:10140
- C:\Windows\System\xMNYoLi.exe
  C:\Windows\System\xMNYoLi.exe
  2⤵
  PID:10160
- C:\Windows\System\MpoBVLb.exe
  C:\Windows\System\MpoBVLb.exe
  2⤵
  PID:10176
- C:\Windows\System\sgPCjnC.exe
  C:\Windows\System\sgPCjnC.exe
  2⤵
  PID:10196
- C:\Windows\System\OGRpjTj.exe
  C:\Windows\System\OGRpjTj.exe
  2⤵
  PID:10212
- C:\Windows\System\sgcxVnE.exe
  C:\Windows\System\sgcxVnE.exe
  2⤵
  PID:10228
- C:\Windows\System\Pjoooek.exe
  C:\Windows\System\Pjoooek.exe
  2⤵
  PID:1496
- C:\Windows\System\iROOdZH.exe
  C:\Windows\System\iROOdZH.exe
  2⤵
  PID:9056
- C:\Windows\System\GsqcWok.exe
  C:\Windows\System\GsqcWok.exe
  2⤵
  PID:9236
- C:\Windows\System\NbuyZtn.exe
  C:\Windows\System\NbuyZtn.exe
  2⤵
  PID:9284
- C:\Windows\System\BjGfEAy.exe
  C:\Windows\System\BjGfEAy.exe
  2⤵
  PID:9296
- C:\Windows\System\eHijdDh.exe
  C:\Windows\System\eHijdDh.exe
  2⤵
  PID:9312
- C:\Windows\System\RMwBBRJ.exe
  C:\Windows\System\RMwBBRJ.exe
  2⤵
  PID:9368
- C:\Windows\System\UFioibw.exe
  C:\Windows\System\UFioibw.exe
  2⤵
  PID:9380
- C:\Windows\System\uyZjHSn.exe
  C:\Windows\System\uyZjHSn.exe
  2⤵
  PID:9400
- C:\Windows\System\aIxaqJo.exe
  C:\Windows\System\aIxaqJo.exe
  2⤵
  PID:9420
- C:\Windows\System\qaCMsrU.exe
  C:\Windows\System\qaCMsrU.exe
  2⤵
  PID:9464
- C:\Windows\System\kOdeKbb.exe
  C:\Windows\System\kOdeKbb.exe
  2⤵
  PID:9468
- C:\Windows\System\zjHRqLh.exe
  C:\Windows\System\zjHRqLh.exe
  2⤵
  PID:9352
- C:\Windows\System\ybIaNFP.exe
  C:\Windows\System\ybIaNFP.exe
  2⤵
  PID:9500
- C:\Windows\System\CAHEixw.exe
  C:\Windows\System\CAHEixw.exe
  2⤵
  PID:9512
- C:\Windows\System\XOFjwia.exe
  C:\Windows\System\XOFjwia.exe
  2⤵
  PID:9560
- C:\Windows\System\eNDrhxX.exe
  C:\Windows\System\eNDrhxX.exe
  2⤵
  PID:9580
- C:\Windows\System\daQsEbq.exe
  C:\Windows\System\daQsEbq.exe
  2⤵
  PID:9644
- C:\Windows\System\BOcJIRu.exe
  C:\Windows\System\BOcJIRu.exe
  2⤵
  PID:9592
- C:\Windows\System\fFEFrkI.exe
  C:\Windows\System\fFEFrkI.exe
  2⤵
  PID:9628
- C:\Windows\System\ROBzvKo.exe
  C:\Windows\System\ROBzvKo.exe
  2⤵
  PID:9656
- C:\Windows\System\RBmyJWN.exe
  C:\Windows\System\RBmyJWN.exe
  2⤵
  PID:9732
- C:\Windows\System\saIsCJO.exe
  C:\Windows\System\saIsCJO.exe
  2⤵
  PID:9756
- C:\Windows\System\wIPLUNp.exe
  C:\Windows\System\wIPLUNp.exe
  2⤵
  PID:9764
- C:\Windows\System\PkrlRBh.exe
  C:\Windows\System\PkrlRBh.exe
  2⤵
  PID:9776
- C:\Windows\System\mLBIfHm.exe
  C:\Windows\System\mLBIfHm.exe
  2⤵
  PID:9800
- C:\Windows\System\zzIhvND.exe
  C:\Windows\System\zzIhvND.exe
  2⤵
  PID:9816
- C:\Windows\System\mcxzsNf.exe
  C:\Windows\System\mcxzsNf.exe
  2⤵
  PID:9836
- C:\Windows\System\KIBygkb.exe
  C:\Windows\System\KIBygkb.exe
  2⤵
  PID:9880
- C:\Windows\System\eSdFIVW.exe
  C:\Windows\System\eSdFIVW.exe
  2⤵
  PID:10008
- C:\Windows\System\NBXjyrh.exe
  C:\Windows\System\NBXjyrh.exe
  2⤵
  PID:9940
- C:\Windows\System\RvmoXYY.exe
  C:\Windows\System\RvmoXYY.exe
  2⤵
  PID:9892
- C:\Windows\System\YWQvMAp.exe
  C:\Windows\System\YWQvMAp.exe
  2⤵
  PID:9896
- C:\Windows\System\ybZKJvv.exe
  C:\Windows\System\ybZKJvv.exe
  2⤵
  PID:10012
- C:\Windows\System\uuTELEM.exe
  C:\Windows\System\uuTELEM.exe
  2⤵
  PID:10064
- C:\Windows\System\jnMBmRs.exe
  C:\Windows\System\jnMBmRs.exe
  2⤵
  PID:10080
- C:\Windows\System\zvMYSuo.exe
  C:\Windows\System\zvMYSuo.exe
  2⤵
  PID:10148
- C:\Windows\System\TgEvTfw.exe
  C:\Windows\System\TgEvTfw.exe
  2⤵
  PID:10048
- C:\Windows\System\GUIGBgq.exe
  C:\Windows\System\GUIGBgq.exe
  2⤵
  PID:10104
- C:\Windows\System\STXQbXZ.exe
  C:\Windows\System\STXQbXZ.exe
  2⤵
  PID:2948
- C:\Windows\System\NLqYidm.exe
  C:\Windows\System\NLqYidm.exe
  2⤵
  PID:2492
- C:\Windows\System\zUHHrSg.exe
  C:\Windows\System\zUHHrSg.exe
  2⤵
  PID:9268
- C:\Windows\System\wGvGRAz.exe
  C:\Windows\System\wGvGRAz.exe
  2⤵
  PID:9392
- C:\Windows\System\dIhrxsz.exe
  C:\Windows\System\dIhrxsz.exe
  2⤵
  PID:9496
- C:\Windows\System\GmFCoNn.exe
  C:\Windows\System\GmFCoNn.exe
  2⤵
  PID:9612
- C:\Windows\System\zJsLwxH.exe
  C:\Windows\System\zJsLwxH.exe
  2⤵
  PID:9724
- C:\Windows\System\TsBkqFz.exe
  C:\Windows\System\TsBkqFz.exe
  2⤵
  PID:9792
- C:\Windows\System\hhYEvts.exe
  C:\Windows\System\hhYEvts.exe
  2⤵
  PID:9908
- C:\Windows\System\BMsomMJ.exe
  C:\Windows\System\BMsomMJ.exe
  2⤵
  PID:9924
- C:\Windows\System\nqFuNtq.exe
  C:\Windows\System\nqFuNtq.exe
  2⤵
  PID:10076
- C:\Windows\System\QLvLHqW.exe
  C:\Windows\System\QLvLHqW.exe
  2⤵
  PID:9848
- C:\Windows\System\plEkQRH.exe
  C:\Windows\System\plEkQRH.exe
  2⤵
  PID:9676
- C:\Windows\System\augyEYc.exe
  C:\Windows\System\augyEYc.exe
  2⤵
  PID:9744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AGJPBNB.exe

Filesize
6.0MB

MD5
89520f38719c38112a6cd6e083aa361a

SHA1
7b149b034d4dd57f82306f27d218f2831b148f23

SHA256
8642e063f2d46a05d54e4d7974054de39b30ec5a459997c0264ea905e23ef47b

SHA512
dd5558ad1be4c8e07d92a4e3bf0877c082df51501bdd95560a211a9a42930a4b137d01e7f8b08184739c2726bd64823c19280f701a4b88f19fda3a29586bfaf7

Download Submit
C:\Windows\system\BYvOAim.exe

Filesize
6.0MB

MD5
5a46c0f0f50bf56322326dba5f57a537

SHA1
6e0e271cc7c16d131b2fcb62602b85a8429bde6c

SHA256
5521b5ce5924d0d815f09f2ec5a0e262322f05596cf2ba5a67a95db8e81c6ac5

SHA512
5cda96d38eca0c70b287f0a08481a5df79703b41782cd5a915a0580f57e18f8c0d9bb50e0d4c38f768dfe915a9ba5f791e3e912bda98c4d7c8d023bad1685ba3

Download Submit
C:\Windows\system\BpwNvIp.exe

Filesize
6.0MB

MD5
1503eb50df1f5b2b526b94aedd90640f

SHA1
0c9327f5262f72ccfab8bf8695930384a6c72a86

SHA256
b2c85910dea4b44dc27eeba25eb6bb7c0af0330b56370a0afe1d3e4061925ee4

SHA512
0d230f83fa32355faac2c860e194bb5837acf1fa374fcee565fd42667a5cecfee3ddca550d8e0de0dec48ac1b3c51e24ad602cdabf535de17bf5080f3b330c94

Download Submit
C:\Windows\system\CwMazBS.exe

Filesize
6.0MB

MD5
cd00603573c70e9854bc453e570d60c2

SHA1
84b1a94e9ede237c15b720666fa12b7461143471

SHA256
e2fc7ddd883f8316ca2f9f663263dfd22b01ff712a3077b3430c71460e3f48cc

SHA512
e5f197e5592def3cae963cb8b696600dca7fad50c3550e2674c57368c988fce9c4e3644ef436cbe60481940413cbe3ec03dde27fceb85d91bf85d8c820cb7d9a

Download Submit
C:\Windows\system\ENviazg.exe

Filesize
6.0MB

MD5
236e87e36a7cf7ab9e15ece3b23e1d3e

SHA1
65f0a6f1ad8cd6b254b161224ea00b7ecd6f8ffb

SHA256
9cbbd4f8c0392985cda8e062b3109b8f5594d31ec1ab5b9b605746579d2c973f

SHA512
1428da5a30d7db4e4d0d079217c5a1a89511431e836b9d9096ba921bb5175f2c33188ba80f9b9dcb190a9c48f7a22dd2ed4308bb1a04ca3bc1e30a26b83ea425

Download Submit
C:\Windows\system\FmhpMfb.exe

Filesize
6.0MB

MD5
bf25cad4c4e452106bccdfda6f87636f

SHA1
f724e2c00f38b1531a6d5df879954e760c8dbfec

SHA256
34a39dc85a85c1a6ae7c77dfa808218518347d4b67c81d6d4001d71c5cb8c681

SHA512
93af49ec3064b1b56f5085ec983a8bfa86592565f81f328143b72d7ab4f804c75ef0d0ff45823fbb1ec705c390c4291dbac6d830ae9a95f97fe202081b8bd388

Download Submit
C:\Windows\system\HVhtUvb.exe

Filesize
6.0MB

MD5
98d4b98e9b595d5eedb792ddcdd6b0ef

SHA1
d6861d3fa7d576cea22f564e702ae87d67b3f6a8

SHA256
5d3a67ba1c8ea7406a624915ec45168cc797dd0ea438a55bb6fb153a4911f522

SHA512
210a152dbba2cf3686e75fd39c0d463e9f388f55d30da03c848f09ff09ae87cc307072c260f11b25739f7a73f2bb24f3633d894dbc0cd9b29ffa736f94e6ab43

Download Submit
C:\Windows\system\IlSQPNQ.exe

Filesize
6.0MB

MD5
02378d581465a712a521303633a8d09b

SHA1
f2c631d1703442d52fcd1c1350429c5a17627d07

SHA256
cb5c5a707c1c773e06420ff0b3b0544160272da1191ad68ef2fe2d3a0f90e7f9

SHA512
2de6a5da87989591e84c4fd9e69f2ffb35032eb3569333dcf2dae423b6ed69b28eb1ee143d426f5145b36ad2a8858a0336e211fe14c88afe8eb187ad462c90cd

Download Submit
C:\Windows\system\KLauxSH.exe

Filesize
6.0MB

MD5
c30dd2194698aa71a18c3648d9e1de76

SHA1
6353ee506f80a39b3307c1da4dd9a842e184c62d

SHA256
6face8f01c7dfab867949251d104ad5690b23895b76931dcb7a06f30789cfa52

SHA512
3db9b3b99c40f3559d1a601956c69274d305c9177e5564022fbc05d7e1b19b87ddf9f3c72f7a44317b36784e04d44d293f6b2fca29bc4c01d35a00d334e91c4d

Download Submit
C:\Windows\system\RvnMFXQ.exe

Filesize
6.0MB

MD5
14941c88e96e4479b23fc7e9130d050c

SHA1
d09375d5369f871c0817f601a17b4235da68b2e4

SHA256
a35938bc3eac9ac46ce058a8f7724166f23260d3e39abcfcf391f2b479a0ce3d

SHA512
c182b9526be428ffffb822c237f8fecf5a4651db5a4f8c10563767665cd5c4657a813ce35a89a18588154bb662c79d74ca32d65128b6710da012500876ef72bc

Download Submit
C:\Windows\system\YTpxxuD.exe

Filesize
6.0MB

MD5
1e0f995e9fa3ca14f8a5d98e849802ae

SHA1
8d66fc0b25bc110081623471c9a84fc199500f44

SHA256
c939e25198e9658c32552c719a253233a5fe6d7f5bbfc76a470e4d30d9f45207

SHA512
6751deac249d3524e7b3f5e7959444ec44a9cac4cbcc1c98ef08e2bfb39df1c9f6da7463497309e4a3efa1f35711ca7ff86d5d005e877166f47f5753578266ea

Download Submit
C:\Windows\system\ZVsQDhT.exe

Filesize
6.0MB

MD5
468371d9aa1c626769ac0bb87abf055b

SHA1
ba4ee677df93af50d05d6efef2a8a9a82ce278b9

SHA256
40c810819fc9274877507f6924b45722606e86eef065139214727930a1d6d7dd

SHA512
5f661e3c812dc264fa8b9c7b0d06335dba5b906230976cd31509169398cc2d445c02133393275480aca765d6788d6e662b9ae1702401219e9da0a38867dd17af

Download Submit
C:\Windows\system\airhpuu.exe

Filesize
6.0MB

MD5
d12bd80c85d5186459905c9fc0e84313

SHA1
bf207a2ac8da097c3ddf5958d005bbe4ced8abe8

SHA256
b3cc1919c9cbce3c63fdd1f785e46cb7436958cafbfffbbc47e3d6d2ba2625be

SHA512
b12dcba71b355b3e165c9b062103ffbcbb085a425de73441234e1b7df1e58a03ecc6eed88248b0a43b0aa4ab24a142092aa0df3992258a45dc889dfab7b6bb0f

Download Submit
C:\Windows\system\avwZYQy.exe

Filesize
6.0MB

MD5
8a2bccdcda04e7107574ed9cdc8714af

SHA1
2989408bb01410533dafe7871868554230b31714

SHA256
975e2f9c68de99816923e225ba95cd5859714842248a6a13b85eee367fb1a158

SHA512
ab348423555ab0e17618e0d77fa66bac510ab7f5ab031c2d38d50538dbb5c226627e6e430d6550c40fc5b97066200a05bda62372fb738f9d75bb392ccd5709a9

Download Submit
C:\Windows\system\fXUEntc.exe

Filesize
6.0MB

MD5
c1be9211b8b332974e0127d0a90f0fb5

SHA1
834e5d0554f05ad8bac6fb7bf9eb23a59a179cee

SHA256
9c03e153bdf8fe97f2b71892104a1b0d364a6e87690e5fbf6e2664864bcc6e1b

SHA512
7b3a34bb8535d4c5d604a2e488ca21c8623562075b7f8afeed2e063fa8e834f9c3ce9307c1827f90e2e225d848ccdfc885bf03db35845fa8e818dfc27bb23f7c

Download Submit
C:\Windows\system\jAMoLSG.exe

Filesize
6.0MB

MD5
05bd3bb121138a6279597f39f129dd5a

SHA1
69f45fb8fa58d2980573af7ce295e5b7afe9b68d

SHA256
3af310d7408681d061b0cce43456419e6b0d2e7278f9cfb02ad3e0163ff2c551

SHA512
8609493b7c79bef2ae8400bacd4349a31fa76658306bc462d8b87dfa5e39d5315c5fd5b28ee7bc589dd57ecade36ccd16f6a8289e125b1a9dba7909507b7d9ad

Download Submit
C:\Windows\system\jCNjwTb.exe

Filesize
6.0MB

MD5
c153005393c48dc078ce48bddc5cf4fb

SHA1
50f6c214e3ee55a40b9ad13ebb4c561adc5479a2

SHA256
7aacfc6f8c4dbcd54acf75146bdd8b231fd8e11dbf58eedd633916399bcec755

SHA512
2528c085bd8cd5224487e5084db6f389133ea02f624fdcce46dbd2e951d4d82dcbd40543842153fe28669cca026efd53c7de49848c4a4e3328175398552f03c5

Download Submit
C:\Windows\system\nFaQpft.exe

Filesize
6.0MB

MD5
01972f8309d8550b4de45d4524352aba

SHA1
a8bcb6ce2fc3f6eb2e0d54fd7fef5f9541f55e5d

SHA256
0270808f2ce4d668ba93b53ce490f9abf956622cf9a0bf14df78612b694faa48

SHA512
44865fc5bf4574993b0add8ed2b59a7c53c52f0ababf53551363da62219ef793a573734cce3783e071f8687caac6888c6c7ea82137b219c8384381d6192e50df

Download Submit
C:\Windows\system\oiXLyAv.exe

Filesize
6.0MB

MD5
3ec293a379c05791939119eaab0ff87b

SHA1
ce986767a2c5341ff1ec8c156553549ae5474788

SHA256
8b8cd0fd1351dc45f978ce2b2bdec1fa6dadc99e6b817f38bad940ef5f4b2e1a

SHA512
2822e3d659477ea4cf7a4ec4492bcffa7a6dda13f049bed37acf1c9a26ff36e272f185c0f064871488bcf5e772ba5edad4a56dd6a2c2d9353571a5f61196545d

Download Submit
C:\Windows\system\qBqZOOg.exe

Filesize
6.0MB

MD5
5731b6a2c857069de9bf8d95f5563389

SHA1
6493b3396deb0f6be39615a5906fe036355dd2c1

SHA256
eaaca57b40c93254fbf4c1e04bf5c448dbc0fe4eb1a763e68ed4983094941a8f

SHA512
7062b9d57a6f5706b5bd9dce581fddffd732ce18bdcda49259e9d4d9c38270925c52e8f16239e1502293583dc7224193ae1ad289d3e8aabd399f48c8642887a8

Download Submit
C:\Windows\system\qQxyweC.exe

Filesize
6.0MB

MD5
2c9a905d8f2d3c4045d795653d7e8abb

SHA1
9347706c0022029e7be3395df373c0f799978f53

SHA256
75e19e68786b62169ce4a05e1b9cbbb48b44043c948459a4f837ea6bfac441a6

SHA512
6e1ca2b292ad57de86bdcc2b8164085332ef6f721a918e438e1739acfd828698a9484ae20f720e2efc79b67775455dfd81443d6de1fd02ba04e142ddfe5003aa

Download Submit
C:\Windows\system\uIvsual.exe

Filesize
6.0MB

MD5
f8951429908c9f9f89af6aec10f74972

SHA1
779dc2f47f5f90a45397348c40b932801c796838

SHA256
089d4d40a1eda02fd318747172087bb7f6515abc5c62a2d83dea9c2989e4779b

SHA512
5fb43f3feffb7a46e50c1948cf3749d77fe864b5b14b7d86bc02c0e13931c3612075450246a7aaa9d94df4622abe5a5c3c4c91bab0fc5d7adab975b5b394459f

Download Submit
C:\Windows\system\udkxXcf.exe

Filesize
6.0MB

MD5
095afef9d8e2ac07e47cd49e9401d40d

SHA1
8031e3027e148d6e1e172795cf9a6ac97a52c20c

SHA256
853aa187753ebdc675cefc4bac25afdcd1340e0c90016ba1221a222934bf09e1

SHA512
02245b483e4bd1c5e1d053713e177edd824e935eb42e4adbce5f13b1197b0afab9ec821a43926a076a73d79aa417bdf8b5abdb7cfc2f618872f36dcc1f0d85f8

Download Submit
C:\Windows\system\uuHFjOg.exe

Filesize
6.0MB

MD5
07a28b7700eb3955a61eb0e09e45406e

SHA1
f75ead945d775c53ab8eb5835d822f7d1640a1c5

SHA256
1f5ed6aaed1f656d2a410f9f7293783ab090df42a7c0047408f9f487643ec350

SHA512
8309659fc8a85a9f30b0a2180ae06133f2d7a055b439025733b4db165fc0e33f26abc57ae707cfa0d364eb00637069492c4addd7800e3d3e25f1c63d87fb0688

Download Submit
C:\Windows\system\uvJwuvp.exe

Filesize
6.0MB

MD5
39990e6f4acc1e81daf5c727b75e9bb4

SHA1
4467d3707022185ff2047d10504e6150b84eb778

SHA256
5519c6cb370fa1a3a301019ff68310ac5e1be28a4db0efb63f432db8b78e7d3e

SHA512
12e618c21c2dcaeb2d9dbd1a3d159d8eaf9fe411c39eb2dbee94cf951b1a48335ede646fd90048814f3ce4e4ff4a71932a6c5b4cefc09823692da3a425a3edc8

Download Submit
C:\Windows\system\vCjKsRZ.exe

Filesize
6.0MB

MD5
58db2363e68087580b97f81489ebbf23

SHA1
450fa84c45bdcdd7ebc82fedcfa199a71a5b7dc8

SHA256
119f02bb85fc218db4e69fe7fbca4dd3b25e8f445f1d5bfb62f9dc1b4a2ef065

SHA512
f64318239c004287b845af5f5f5c19f4a757eb010749d96ccf04bb557bd4f60c665d8b7797b0556cf52340583eb1dff7c9e5ef071e0a9f4184ba3f37b6e04483

Download Submit
C:\Windows\system\wqgaXBZ.exe

Filesize
6.0MB

MD5
8d2ef246ecd3b5c88f8ec909fed25d0c

SHA1
15b5f58dfddebfa8d47a38cda545c196aa9ee2d5

SHA256
09050b1351db27768c03e348a8f638710720ffd25ea5a1f7bc685b580a59953d

SHA512
9b99a945e600c2e9a07c87729889ef2a470cba8a9f311a595a40eee1af783e2bf882ead477c34d4906a86fd123db112dabfdb582d5560621b890db52d7c2714b

Download Submit
C:\Windows\system\xOvhjYV.exe

Filesize
6.0MB

MD5
c642725c504f44b2f3867b0862e371d9

SHA1
bc215e5ae8150d753e76a9b9de5e119f9a673189

SHA256
8b8c3af2f6fb2154f59041e63487df856f9951d01eb802e247d3f380ceecf25f

SHA512
19a15ef8455fe8377aa479f29542d2da3fcdc9abd1207fd3b55c3d4d8a8dca43123425f84a57161a491311e2c51b6733f252e9f80540ba3fca8cb11594cb5174

Download Submit
C:\Windows\system\xjiksMu.exe

Filesize
6.0MB

MD5
461107511dc17dfc4cbd4dcda9851ad3

SHA1
6aad201a09402fd3755449360559440088fbac21

SHA256
ba5661ef5dfcf46e6f5dbb1d51b996227e4a118098d425ad5c20934adcef7f88

SHA512
bf518705bbbcb30bdfd55150cb1bc0efd61fb8b44af37ff978e95fe0b149a345f2b66189a4b695c8ac1255e5b6c0e63cb82c410e16ac2538dd4358e96aa001cc

Download Submit
C:\Windows\system\yqWSQcX.exe

Filesize
6.0MB

MD5
b45350c397c690e66bc6f4384e57c2e0

SHA1
a11ba402f91e4d74c6aa8d010afe3de0b9e256bc

SHA256
bacc8324b6e8e6612f5a57aa70a4c559fbb46f30551893f4e5342723525e1339

SHA512
283daf592acf3d121997613b87ba860c2ac34402eb28c5c077fdb3fcc19b9fae5b1d45da5f032ca21130ecc0a02e4279d0776b83bcbfdd963a097895d606b53e

Download Submit
\Windows\system\cIBVsyD.exe

Filesize
6.0MB

MD5
7580ff7a14f81fd3a5b37c9d9972eb93

SHA1
5caa0641764a91e96ec6a78e76aa01306f100368

SHA256
fa6c934fc331c9391ba982b72513c08dce4c6f5b3b1f616159a691816c8d0318

SHA512
6603beb55ed34a369292c8af472707456e157ef02e824dda011d519437295bc3fc9d2f8cb0e8264e8c2d7a7faf8e98eb549f74897c45e4e11389702828c7c88e

Download Submit
\Windows\system\itfexht.exe

Filesize
6.0MB

MD5
8d034e2527ffa2c2d243d2c154047afc

SHA1
74b4559ebfe4ee3c7ca9089fe409268e8592bc7f

SHA256
1660036cffb8f933da56699b3b50c59c16e4360bd05f421fb13c650fdc9279e8

SHA512
8a56b3651f0cf0f8e91f72869878a2d19864a9fe5167611584b7590d70115e89c56c1901c9f76674554e1ecfab5cd4d683c5650fad3f85fa35123c935433a602

Download Submit
memory/1620-2595-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/1620-1-0x0000000000100000-0x0000000000110000-memory.dmp

Filesize
64KB

Download
memory/1620-2548-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-2551-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/1620-2564-0x00000000021F0000-0x0000000002544000-memory.dmp

Filesize
3.3MB

Download
memory/1620-0-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/1620-3983-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2520-2584-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-4012-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-2555-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2988-4010-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/3064-2550-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-4011-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download