xmrig | 2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 05:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
Size

2.6MB
MD5

ebe6dec2384f7688b8cfa2ab58f128ab
SHA1

da557b76a43ab2c9bd22245f582477247fdb3340
SHA256

2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7
SHA512

efa22b81711f68d7c99d3d2620743955555688eea2a938bc54090df8fcc3cfb4ff4e34ba166279871f641b3617ad13c25f3131ab331c119fbf77783512d3d12d
SSDEEP

49152:EnCbL83y9FdfE0pZ0zCa4wI156uL3pgrCEdMKPFotsgEBrX:EniLf9FdfE0pZB156utgpPFotBE5

Score

10^/10

xmrig miner upx

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2492-0-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/files/0x000c000000012262-3.dat	xmrig
behavioral1/memory/2876-8-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/files/0x00080000000162e9-9.dat	xmrig
behavioral1/memory/2764-14-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/files/0x0014000000015e9a-11.dat	xmrig
behavioral1/files/0x0007000000016458-23.dat	xmrig
behavioral1/memory/2808-24-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/3044-27-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/files/0x000900000001660b-35.dat	xmrig
behavioral1/memory/2492-36-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2692-34-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/files/0x000700000001658d-33.dat	xmrig
behavioral1/memory/2648-40-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2492-18-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2876-41-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2808-43-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d2c-51.dat	xmrig
behavioral1/files/0x00090000000167e3-56.dat	xmrig
behavioral1/memory/2588-60-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2256-61-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/3044-50-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/files/0x0002000000018334-63.dat	xmrig
behavioral1/memory/2692-62-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2492-54-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x0005000000019326-69.dat	xmrig
behavioral1/memory/2648-70-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2492-71-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/1612-66-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x0005000000019394-83.dat	xmrig
behavioral1/files/0x000500000001932a-75.dat	xmrig
behavioral1/memory/2492-79-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2196-84-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a0-89.dat	xmrig
behavioral1/files/0x00050000000193b8-95.dat	xmrig
behavioral1/memory/1728-99-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/files/0x0005000000019470-106.dat	xmrig
behavioral1/memory/592-107-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2492-111-0x0000000002040000-0x0000000002394000-memory.dmp	xmrig
behavioral1/files/0x00050000000193c7-100.dat	xmrig
behavioral1/memory/2492-105-0x0000000002040000-0x0000000002394000-memory.dmp	xmrig
behavioral1/files/0x0005000000019480-117.dat	xmrig
behavioral1/files/0x0005000000019489-123.dat	xmrig
behavioral1/files/0x000500000001948c-126.dat	xmrig
behavioral1/files/0x00050000000195ab-184.dat	xmrig
behavioral1/files/0x00050000000195ad-189.dat	xmrig
behavioral1/memory/1612-209-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2196-326-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2492-400-0x0000000002040000-0x0000000002394000-memory.dmp	xmrig
behavioral1/memory/2608-303-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x00050000000195af-194.dat	xmrig
behavioral1/files/0x00050000000195a9-180.dat	xmrig
behavioral1/files/0x00050000000195a7-173.dat	xmrig
behavioral1/memory/2492-170-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x000500000001957c-168.dat	xmrig
behavioral1/files/0x0005000000019515-158.dat	xmrig
behavioral1/files/0x0005000000019547-163.dat	xmrig
behavioral1/files/0x00050000000194ef-148.dat	xmrig
behavioral1/files/0x000500000001950f-153.dat	xmrig
behavioral1/files/0x00050000000194eb-143.dat	xmrig
behavioral1/files/0x00050000000194a3-138.dat	xmrig
behavioral1/files/0x0005000000019490-133.dat	xmrig
behavioral1/memory/3000-103-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2876-2024-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2876	NMgsTtc.exe
2764	xuikxPx.exe
2808	sxdADwo.exe
3044	lfZRkkp.exe
2692	xZgNOsR.exe
2648	nzYPxbU.exe
2588	VoKKEBB.exe
2256	QPeXfAe.exe
1612	NUCmmrN.exe
2608	dyqEXOE.exe
2196	catdobJ.exe
1728	gmNEfhM.exe
3000	uqjWjWO.exe
592	woPxdFS.exe
2704	bnyByPl.exe
2980	gKObVtK.exe
3036	UbokZEJ.exe
2416	OztRTFN.exe
1992	OVNyxOy.exe
2136	FcvBIJf.exe
672	pWwmNxL.exe
2148	YVzPxfl.exe
2160	kFWirdW.exe
2168	aPmLRxF.exe
2396	FsGFONi.exe
2132	sutbRtD.exe
2504	WQEGJhk.exe
1960	umpvnFF.exe
1608	TZSTrZu.exe
2076	HXpuEUu.exe
680	RcdZnqM.exe
2116	ZRhhfIT.exe
2460	QvRmDKY.exe
1536	YmyWMDt.exe
1756	fFdsHsH.exe
280	tkFPwcZ.exe
2556	enfGYlw.exe
1780	xeyggdf.exe
1464	kuNfPxE.exe
908	BQRMSPv.exe
2540	dwcYqLF.exe
2312	uuSaRLQ.exe
2228	mIIUjnz.exe
1548	OlqlLGf.exe
2352	KbryXeb.exe
2720	rqVKCsx.exe
2364	kAQfObC.exe
1256	wyFrQuQ.exe
740	hHraXQs.exe
2280	uOUeEyN.exe
2292	AREmLBG.exe
1596	NSKAIpO.exe
1688	LhJkgNG.exe
2836	lhqnFof.exe
2660	cOYsYNj.exe
2900	TAfoVsD.exe
2868	CdNzaRX.exe
2248	NhycCsq.exe
2684	BOEQoex.exe
2680	ZSKcfVx.exe
1520	gJBXgDv.exe
336	FASufFk.exe
2108	ILRdaoK.exe
2324	XkyMSNt.exe

Loads dropped DLL 64 IoCs

pid	Process
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2492-0-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/files/0x000c000000012262-3.dat	upx
behavioral1/memory/2876-8-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/files/0x00080000000162e9-9.dat	upx
behavioral1/memory/2764-14-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/files/0x0014000000015e9a-11.dat	upx
behavioral1/files/0x0007000000016458-23.dat	upx
behavioral1/memory/2808-24-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/3044-27-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/files/0x000900000001660b-35.dat	upx
behavioral1/memory/2492-36-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2692-34-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/files/0x000700000001658d-33.dat	upx
behavioral1/memory/2648-40-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2876-41-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2808-43-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/files/0x0007000000016d2c-51.dat	upx
behavioral1/files/0x00090000000167e3-56.dat	upx
behavioral1/memory/2588-60-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2256-61-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/3044-50-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/files/0x0002000000018334-63.dat	upx
behavioral1/memory/2692-62-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/files/0x0005000000019326-69.dat	upx
behavioral1/memory/2648-70-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/1612-66-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/files/0x0005000000019394-83.dat	upx
behavioral1/files/0x000500000001932a-75.dat	upx
behavioral1/memory/2196-84-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/files/0x00050000000193a0-89.dat	upx
behavioral1/files/0x00050000000193b8-95.dat	upx
behavioral1/memory/1728-99-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/files/0x0005000000019470-106.dat	upx
behavioral1/memory/592-107-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/files/0x00050000000193c7-100.dat	upx
behavioral1/files/0x0005000000019480-117.dat	upx
behavioral1/files/0x0005000000019489-123.dat	upx
behavioral1/files/0x000500000001948c-126.dat	upx
behavioral1/files/0x00050000000195ab-184.dat	upx
behavioral1/files/0x00050000000195ad-189.dat	upx
behavioral1/memory/1612-209-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2196-326-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2608-303-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/files/0x00050000000195af-194.dat	upx
behavioral1/files/0x00050000000195a9-180.dat	upx
behavioral1/files/0x00050000000195a7-173.dat	upx
behavioral1/files/0x000500000001957c-168.dat	upx
behavioral1/files/0x0005000000019515-158.dat	upx
behavioral1/files/0x0005000000019547-163.dat	upx
behavioral1/files/0x00050000000194ef-148.dat	upx
behavioral1/files/0x000500000001950f-153.dat	upx
behavioral1/files/0x00050000000194eb-143.dat	upx
behavioral1/files/0x00050000000194a3-138.dat	upx
behavioral1/files/0x0005000000019490-133.dat	upx
behavioral1/memory/3000-103-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2876-2024-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2764-2073-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/3044-2095-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2808-2101-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2692-2388-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2588-2392-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2648-2376-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2256-2400-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/1612-2425-0x000000013F510000-0x000000013F864000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\NmhMShm.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\jKUNLno.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\mLehgPG.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\JfhdAzh.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\WXAYCqO.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\wPVNBHJ.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\wyJnbhj.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\kyEvVtW.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\VLOkRmq.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\bGhokLO.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\dekDajL.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\qNYsVmU.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\NvNHffw.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\xYgVxlg.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\ldoRzmo.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\QYVKmpk.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\mMfToZd.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\ZwRJFIT.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\FLXycrO.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\yaehkEK.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\ZFCVDmp.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\kGRvADb.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\reODUOk.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\JKuUDab.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\sUMfcVV.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\rtkMguW.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\gReDjct.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\SrQKSel.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\hvobjTl.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\bzhCOSA.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\geJtfWv.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\PLQFxqs.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\QYbbaOA.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\ClEKZGs.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\jafqWOd.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\MENkKtQ.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\OldCKfZ.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\kILJkGz.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\NiKKaOw.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\ENAJRHR.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\vrIhKIv.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\QmxozNH.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\vijQzWq.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\CazPddi.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\fzeRoRO.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\LqIQERd.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\TnOiOwO.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\RoyTZxP.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\TVAQiga.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\FiQMlsn.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\mBzLPnR.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\guayFAM.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\msrBxGu.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\OSsLfeP.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\EpvSBxF.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\qxbfgzc.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\ogoTaVo.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\ehvlVZs.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\CTvtWza.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\MrtzfIe.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\UUSpyIx.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\WDVdaBi.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\LhJnziX.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
File created	C:\Windows\System\KZtkVjX.exe	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 2876	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	31
PID 2492 wrote to memory of 2876	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	31
PID 2492 wrote to memory of 2876	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	31
PID 2492 wrote to memory of 2764	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	32
PID 2492 wrote to memory of 2764	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	32
PID 2492 wrote to memory of 2764	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	32
PID 2492 wrote to memory of 2808	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	33
PID 2492 wrote to memory of 2808	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	33
PID 2492 wrote to memory of 2808	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	33
PID 2492 wrote to memory of 3044	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	34
PID 2492 wrote to memory of 3044	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	34
PID 2492 wrote to memory of 3044	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	34
PID 2492 wrote to memory of 2692	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	35
PID 2492 wrote to memory of 2692	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	35
PID 2492 wrote to memory of 2692	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	35
PID 2492 wrote to memory of 2648	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	36
PID 2492 wrote to memory of 2648	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	36
PID 2492 wrote to memory of 2648	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	36
PID 2492 wrote to memory of 2256	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	37
PID 2492 wrote to memory of 2256	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	37
PID 2492 wrote to memory of 2256	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	37
PID 2492 wrote to memory of 2588	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	38
PID 2492 wrote to memory of 2588	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	38
PID 2492 wrote to memory of 2588	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	38
PID 2492 wrote to memory of 1612	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	39
PID 2492 wrote to memory of 1612	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	39
PID 2492 wrote to memory of 1612	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	39
PID 2492 wrote to memory of 2608	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	40
PID 2492 wrote to memory of 2608	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	40
PID 2492 wrote to memory of 2608	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	40
PID 2492 wrote to memory of 2196	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	41
PID 2492 wrote to memory of 2196	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	41
PID 2492 wrote to memory of 2196	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	41
PID 2492 wrote to memory of 1728	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	42
PID 2492 wrote to memory of 1728	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	42
PID 2492 wrote to memory of 1728	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	42
PID 2492 wrote to memory of 3000	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	43
PID 2492 wrote to memory of 3000	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	43
PID 2492 wrote to memory of 3000	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	43
PID 2492 wrote to memory of 592	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	44
PID 2492 wrote to memory of 592	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	44
PID 2492 wrote to memory of 592	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	44
PID 2492 wrote to memory of 2980	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	45
PID 2492 wrote to memory of 2980	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	45
PID 2492 wrote to memory of 2980	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	45
PID 2492 wrote to memory of 2704	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	46
PID 2492 wrote to memory of 2704	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	46
PID 2492 wrote to memory of 2704	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	46
PID 2492 wrote to memory of 3036	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	47
PID 2492 wrote to memory of 3036	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	47
PID 2492 wrote to memory of 3036	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	47
PID 2492 wrote to memory of 2416	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	48
PID 2492 wrote to memory of 2416	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	48
PID 2492 wrote to memory of 2416	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	48
PID 2492 wrote to memory of 1992	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	49
PID 2492 wrote to memory of 1992	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	49
PID 2492 wrote to memory of 1992	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	49
PID 2492 wrote to memory of 2136	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	50
PID 2492 wrote to memory of 2136	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	50
PID 2492 wrote to memory of 2136	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	50
PID 2492 wrote to memory of 672	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	51
PID 2492 wrote to memory of 672	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	51
PID 2492 wrote to memory of 672	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	51
PID 2492 wrote to memory of 2148	2492	JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2b3284f4faa57dcfb3abc8ea9b55a1d917abe840ffd114f709f8c1dfcc9776f7.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Windows\System\NMgsTtc.exe
  C:\Windows\System\NMgsTtc.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\xuikxPx.exe
  C:\Windows\System\xuikxPx.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\sxdADwo.exe
  C:\Windows\System\sxdADwo.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\lfZRkkp.exe
  C:\Windows\System\lfZRkkp.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\xZgNOsR.exe
  C:\Windows\System\xZgNOsR.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\nzYPxbU.exe
  C:\Windows\System\nzYPxbU.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\QPeXfAe.exe
  C:\Windows\System\QPeXfAe.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\VoKKEBB.exe
  C:\Windows\System\VoKKEBB.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\NUCmmrN.exe
  C:\Windows\System\NUCmmrN.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\dyqEXOE.exe
  C:\Windows\System\dyqEXOE.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\catdobJ.exe
  C:\Windows\System\catdobJ.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\gmNEfhM.exe
  C:\Windows\System\gmNEfhM.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\uqjWjWO.exe
  C:\Windows\System\uqjWjWO.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\woPxdFS.exe
  C:\Windows\System\woPxdFS.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\gKObVtK.exe
  C:\Windows\System\gKObVtK.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\bnyByPl.exe
  C:\Windows\System\bnyByPl.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\UbokZEJ.exe
  C:\Windows\System\UbokZEJ.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\OztRTFN.exe
  C:\Windows\System\OztRTFN.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\OVNyxOy.exe
  C:\Windows\System\OVNyxOy.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\FcvBIJf.exe
  C:\Windows\System\FcvBIJf.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\pWwmNxL.exe
  C:\Windows\System\pWwmNxL.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\YVzPxfl.exe
  C:\Windows\System\YVzPxfl.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\kFWirdW.exe
  C:\Windows\System\kFWirdW.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\aPmLRxF.exe
  C:\Windows\System\aPmLRxF.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\FsGFONi.exe
  C:\Windows\System\FsGFONi.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\sutbRtD.exe
  C:\Windows\System\sutbRtD.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\WQEGJhk.exe
  C:\Windows\System\WQEGJhk.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\umpvnFF.exe
  C:\Windows\System\umpvnFF.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\TZSTrZu.exe
  C:\Windows\System\TZSTrZu.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\HXpuEUu.exe
  C:\Windows\System\HXpuEUu.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\RcdZnqM.exe
  C:\Windows\System\RcdZnqM.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\ZRhhfIT.exe
  C:\Windows\System\ZRhhfIT.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\QvRmDKY.exe
  C:\Windows\System\QvRmDKY.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\YmyWMDt.exe
  C:\Windows\System\YmyWMDt.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\fFdsHsH.exe
  C:\Windows\System\fFdsHsH.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\tkFPwcZ.exe
  C:\Windows\System\tkFPwcZ.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\enfGYlw.exe
  C:\Windows\System\enfGYlw.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\xeyggdf.exe
  C:\Windows\System\xeyggdf.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\kuNfPxE.exe
  C:\Windows\System\kuNfPxE.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\BQRMSPv.exe
  C:\Windows\System\BQRMSPv.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\dwcYqLF.exe
  C:\Windows\System\dwcYqLF.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\uuSaRLQ.exe
  C:\Windows\System\uuSaRLQ.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\mIIUjnz.exe
  C:\Windows\System\mIIUjnz.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\OlqlLGf.exe
  C:\Windows\System\OlqlLGf.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\KbryXeb.exe
  C:\Windows\System\KbryXeb.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\rqVKCsx.exe
  C:\Windows\System\rqVKCsx.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\kAQfObC.exe
  C:\Windows\System\kAQfObC.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\wyFrQuQ.exe
  C:\Windows\System\wyFrQuQ.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\hHraXQs.exe
  C:\Windows\System\hHraXQs.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\uOUeEyN.exe
  C:\Windows\System\uOUeEyN.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\AREmLBG.exe
  C:\Windows\System\AREmLBG.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\NSKAIpO.exe
  C:\Windows\System\NSKAIpO.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\LhJkgNG.exe
  C:\Windows\System\LhJkgNG.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\lhqnFof.exe
  C:\Windows\System\lhqnFof.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\TAfoVsD.exe
  C:\Windows\System\TAfoVsD.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\cOYsYNj.exe
  C:\Windows\System\cOYsYNj.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\CdNzaRX.exe
  C:\Windows\System\CdNzaRX.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\NhycCsq.exe
  C:\Windows\System\NhycCsq.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\BOEQoex.exe
  C:\Windows\System\BOEQoex.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\ZSKcfVx.exe
  C:\Windows\System\ZSKcfVx.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\gJBXgDv.exe
  C:\Windows\System\gJBXgDv.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\FASufFk.exe
  C:\Windows\System\FASufFk.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\ILRdaoK.exe
  C:\Windows\System\ILRdaoK.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\XkyMSNt.exe
  C:\Windows\System\XkyMSNt.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\ARahEli.exe
  C:\Windows\System\ARahEli.exe
  2⤵
  PID:1740
- C:\Windows\System\exctTTZ.exe
  C:\Windows\System\exctTTZ.exe
  2⤵
  PID:2828
- C:\Windows\System\PZfUGtm.exe
  C:\Windows\System\PZfUGtm.exe
  2⤵
  PID:2424
- C:\Windows\System\rrNqZKP.exe
  C:\Windows\System\rrNqZKP.exe
  2⤵
  PID:820
- C:\Windows\System\ncruclP.exe
  C:\Windows\System\ncruclP.exe
  2⤵
  PID:2024
- C:\Windows\System\FpfFPpY.exe
  C:\Windows\System\FpfFPpY.exe
  2⤵
  PID:1680
- C:\Windows\System\ivOBHcg.exe
  C:\Windows\System\ivOBHcg.exe
  2⤵
  PID:2332
- C:\Windows\System\EtQwRjk.exe
  C:\Windows\System\EtQwRjk.exe
  2⤵
  PID:1476
- C:\Windows\System\YfsCfAp.exe
  C:\Windows\System\YfsCfAp.exe
  2⤵
  PID:1484
- C:\Windows\System\QmxozNH.exe
  C:\Windows\System\QmxozNH.exe
  2⤵
  PID:1140
- C:\Windows\System\EoYhgpV.exe
  C:\Windows\System\EoYhgpV.exe
  2⤵
  PID:1916
- C:\Windows\System\RaZliZL.exe
  C:\Windows\System\RaZliZL.exe
  2⤵
  PID:2596
- C:\Windows\System\NvCrZLx.exe
  C:\Windows\System\NvCrZLx.exe
  2⤵
  PID:520
- C:\Windows\System\FnNtxvv.exe
  C:\Windows\System\FnNtxvv.exe
  2⤵
  PID:824
- C:\Windows\System\PTgFhDb.exe
  C:\Windows\System\PTgFhDb.exe
  2⤵
  PID:2164
- C:\Windows\System\KsbSmVp.exe
  C:\Windows\System\KsbSmVp.exe
  2⤵
  PID:2348
- C:\Windows\System\yvnSExP.exe
  C:\Windows\System\yvnSExP.exe
  2⤵
  PID:1644
- C:\Windows\System\ECaHZhj.exe
  C:\Windows\System\ECaHZhj.exe
  2⤵
  PID:932
- C:\Windows\System\omRVuFA.exe
  C:\Windows\System\omRVuFA.exe
  2⤵
  PID:952
- C:\Windows\System\clLhpGS.exe
  C:\Windows\System\clLhpGS.exe
  2⤵
  PID:1868
- C:\Windows\System\voZbaFi.exe
  C:\Windows\System\voZbaFi.exe
  2⤵
  PID:1952
- C:\Windows\System\ZKTScOK.exe
  C:\Windows\System\ZKTScOK.exe
  2⤵
  PID:1772
- C:\Windows\System\OCkKROM.exe
  C:\Windows\System\OCkKROM.exe
  2⤵
  PID:640
- C:\Windows\System\yAcWiZv.exe
  C:\Windows\System\yAcWiZv.exe
  2⤵
  PID:788
- C:\Windows\System\LwuDdDC.exe
  C:\Windows\System\LwuDdDC.exe
  2⤵
  PID:2548
- C:\Windows\System\VzQleFl.exe
  C:\Windows\System\VzQleFl.exe
  2⤵
  PID:1804
- C:\Windows\System\lfcoGIP.exe
  C:\Windows\System\lfcoGIP.exe
  2⤵
  PID:1488
- C:\Windows\System\WOrCFKs.exe
  C:\Windows\System\WOrCFKs.exe
  2⤵
  PID:684
- C:\Windows\System\ceZGRar.exe
  C:\Windows\System\ceZGRar.exe
  2⤵
  PID:1008
- C:\Windows\System\kbhwqYY.exe
  C:\Windows\System\kbhwqYY.exe
  2⤵
  PID:2464
- C:\Windows\System\sQIFIxk.exe
  C:\Windows\System\sQIFIxk.exe
  2⤵
  PID:992
- C:\Windows\System\oNhqOlI.exe
  C:\Windows\System\oNhqOlI.exe
  2⤵
  PID:2844
- C:\Windows\System\OZjXyEM.exe
  C:\Windows\System\OZjXyEM.exe
  2⤵
  PID:2784
- C:\Windows\System\FAkbQqT.exe
  C:\Windows\System\FAkbQqT.exe
  2⤵
  PID:3064
- C:\Windows\System\mLskEwL.exe
  C:\Windows\System\mLskEwL.exe
  2⤵
  PID:2456
- C:\Windows\System\ntuYigL.exe
  C:\Windows\System\ntuYigL.exe
  2⤵
  PID:2700
- C:\Windows\System\zvBaVHG.exe
  C:\Windows\System\zvBaVHG.exe
  2⤵
  PID:2800
- C:\Windows\System\jlIynhR.exe
  C:\Windows\System\jlIynhR.exe
  2⤵
  PID:1716
- C:\Windows\System\EpvSBxF.exe
  C:\Windows\System\EpvSBxF.exe
  2⤵
  PID:632
- C:\Windows\System\FXwXwhk.exe
  C:\Windows\System\FXwXwhk.exe
  2⤵
  PID:2696
- C:\Windows\System\ZiNRplU.exe
  C:\Windows\System\ZiNRplU.exe
  2⤵
  PID:1696
- C:\Windows\System\YmIMsrD.exe
  C:\Windows\System\YmIMsrD.exe
  2⤵
  PID:1320
- C:\Windows\System\dCSuPpH.exe
  C:\Windows\System\dCSuPpH.exe
  2⤵
  PID:2128
- C:\Windows\System\MZsosic.exe
  C:\Windows\System\MZsosic.exe
  2⤵
  PID:2380
- C:\Windows\System\yOzcuOs.exe
  C:\Windows\System\yOzcuOs.exe
  2⤵
  PID:2928
- C:\Windows\System\JoZsNWN.exe
  C:\Windows\System\JoZsNWN.exe
  2⤵
  PID:2992
- C:\Windows\System\OefKSsk.exe
  C:\Windows\System\OefKSsk.exe
  2⤵
  PID:320
- C:\Windows\System\iHRTYoY.exe
  C:\Windows\System\iHRTYoY.exe
  2⤵
  PID:2452
- C:\Windows\System\mluHTbn.exe
  C:\Windows\System\mluHTbn.exe
  2⤵
  PID:2144
- C:\Windows\System\RwWFDqp.exe
  C:\Windows\System\RwWFDqp.exe
  2⤵
  PID:2508
- C:\Windows\System\yttitMe.exe
  C:\Windows\System\yttitMe.exe
  2⤵
  PID:1360
- C:\Windows\System\vRFAFLy.exe
  C:\Windows\System\vRFAFLy.exe
  2⤵
  PID:2428
- C:\Windows\System\hklQAvc.exe
  C:\Windows\System\hklQAvc.exe
  2⤵
  PID:1844
- C:\Windows\System\SwWOmxV.exe
  C:\Windows\System\SwWOmxV.exe
  2⤵
  PID:1764
- C:\Windows\System\jYvFShA.exe
  C:\Windows\System\jYvFShA.exe
  2⤵
  PID:928
- C:\Windows\System\JlLlecv.exe
  C:\Windows\System\JlLlecv.exe
  2⤵
  PID:2408
- C:\Windows\System\tRfvnIn.exe
  C:\Windows\System\tRfvnIn.exe
  2⤵
  PID:1028
- C:\Windows\System\xzhZCKt.exe
  C:\Windows\System\xzhZCKt.exe
  2⤵
  PID:1808
- C:\Windows\System\OBLWVSE.exe
  C:\Windows\System\OBLWVSE.exe
  2⤵
  PID:1964
- C:\Windows\System\HOSlbPn.exe
  C:\Windows\System\HOSlbPn.exe
  2⤵
  PID:1252
- C:\Windows\System\JQFuvja.exe
  C:\Windows\System\JQFuvja.exe
  2⤵
  PID:2488
- C:\Windows\System\jbMlsAV.exe
  C:\Windows\System\jbMlsAV.exe
  2⤵
  PID:2668
- C:\Windows\System\FhMQrVs.exe
  C:\Windows\System\FhMQrVs.exe
  2⤵
  PID:2768
- C:\Windows\System\gwhIsDm.exe
  C:\Windows\System\gwhIsDm.exe
  2⤵
  PID:2916
- C:\Windows\System\mAsZIbX.exe
  C:\Windows\System\mAsZIbX.exe
  2⤵
  PID:2796
- C:\Windows\System\kZgjglW.exe
  C:\Windows\System\kZgjglW.exe
  2⤵
  PID:2752
- C:\Windows\System\yhcsRYw.exe
  C:\Windows\System\yhcsRYw.exe
  2⤵
  PID:1036
- C:\Windows\System\MGimjla.exe
  C:\Windows\System\MGimjla.exe
  2⤵
  PID:1328
- C:\Windows\System\XMpRNsN.exe
  C:\Windows\System\XMpRNsN.exe
  2⤵
  PID:1928
- C:\Windows\System\fBGivsD.exe
  C:\Windows\System\fBGivsD.exe
  2⤵
  PID:2376
- C:\Windows\System\LGLSTUD.exe
  C:\Windows\System\LGLSTUD.exe
  2⤵
  PID:2988
- C:\Windows\System\YuZkZpA.exe
  C:\Windows\System\YuZkZpA.exe
  2⤵
  PID:2964
- C:\Windows\System\llCCoqX.exe
  C:\Windows\System\llCCoqX.exe
  2⤵
  PID:1924
- C:\Windows\System\svGWteG.exe
  C:\Windows\System\svGWteG.exe
  2⤵
  PID:1300
- C:\Windows\System\uqevXRd.exe
  C:\Windows\System\uqevXRd.exe
  2⤵
  PID:3020
- C:\Windows\System\JlVWaaX.exe
  C:\Windows\System\JlVWaaX.exe
  2⤵
  PID:1292
- C:\Windows\System\usPBWGc.exe
  C:\Windows\System\usPBWGc.exe
  2⤵
  PID:764
- C:\Windows\System\gNvUmyH.exe
  C:\Windows\System\gNvUmyH.exe
  2⤵
  PID:736
- C:\Windows\System\eunUGae.exe
  C:\Windows\System\eunUGae.exe
  2⤵
  PID:1784
- C:\Windows\System\ehvlVZs.exe
  C:\Windows\System\ehvlVZs.exe
  2⤵
  PID:1544
- C:\Windows\System\PaevsmY.exe
  C:\Windows\System\PaevsmY.exe
  2⤵
  PID:564
- C:\Windows\System\byCaKUW.exe
  C:\Windows\System\byCaKUW.exe
  2⤵
  PID:1000
- C:\Windows\System\LEvJmfW.exe
  C:\Windows\System\LEvJmfW.exe
  2⤵
  PID:2520
- C:\Windows\System\mJeYaGL.exe
  C:\Windows\System\mJeYaGL.exe
  2⤵
  PID:2220
- C:\Windows\System\TDFmSFJ.exe
  C:\Windows\System\TDFmSFJ.exe
  2⤵
  PID:388
- C:\Windows\System\KiroxZc.exe
  C:\Windows\System\KiroxZc.exe
  2⤵
  PID:2996
- C:\Windows\System\jprhMQk.exe
  C:\Windows\System\jprhMQk.exe
  2⤵
  PID:292
- C:\Windows\System\cZwbyzY.exe
  C:\Windows\System\cZwbyzY.exe
  2⤵
  PID:2204
- C:\Windows\System\QDHldTd.exe
  C:\Windows\System\QDHldTd.exe
  2⤵
  PID:3032
- C:\Windows\System\LNalRwA.exe
  C:\Windows\System\LNalRwA.exe
  2⤵
  PID:2632
- C:\Windows\System\AKaQvOK.exe
  C:\Windows\System\AKaQvOK.exe
  2⤵
  PID:760
- C:\Windows\System\uiJZrwp.exe
  C:\Windows\System\uiJZrwp.exe
  2⤵
  PID:1508
- C:\Windows\System\RfZhyqg.exe
  C:\Windows\System\RfZhyqg.exe
  2⤵
  PID:3008
- C:\Windows\System\rNpVlXQ.exe
  C:\Windows\System\rNpVlXQ.exe
  2⤵
  PID:1384
- C:\Windows\System\pbwcXcy.exe
  C:\Windows\System\pbwcXcy.exe
  2⤵
  PID:2748
- C:\Windows\System\kejiwwE.exe
  C:\Windows\System\kejiwwE.exe
  2⤵
  PID:2288
- C:\Windows\System\cKZHCwV.exe
  C:\Windows\System\cKZHCwV.exe
  2⤵
  PID:2620
- C:\Windows\System\TyRWqUO.exe
  C:\Windows\System\TyRWqUO.exe
  2⤵
  PID:2968
- C:\Windows\System\mlyxkTb.exe
  C:\Windows\System\mlyxkTb.exe
  2⤵
  PID:1976
- C:\Windows\System\vZawpRE.exe
  C:\Windows\System\vZawpRE.exe
  2⤵
  PID:872
- C:\Windows\System\VfaTiIj.exe
  C:\Windows\System\VfaTiIj.exe
  2⤵
  PID:1376
- C:\Windows\System\BrDrveV.exe
  C:\Windows\System\BrDrveV.exe
  2⤵
  PID:868
- C:\Windows\System\DDxRRub.exe
  C:\Windows\System\DDxRRub.exe
  2⤵
  PID:2084
- C:\Windows\System\SeefWiu.exe
  C:\Windows\System\SeefWiu.exe
  2⤵
  PID:2888
- C:\Windows\System\ckVPBHS.exe
  C:\Windows\System\ckVPBHS.exe
  2⤵
  PID:1852
- C:\Windows\System\usstOWq.exe
  C:\Windows\System\usstOWq.exe
  2⤵
  PID:2068
- C:\Windows\System\NYHfmzP.exe
  C:\Windows\System\NYHfmzP.exe
  2⤵
  PID:812
- C:\Windows\System\GGObjsk.exe
  C:\Windows\System\GGObjsk.exe
  2⤵
  PID:1288
- C:\Windows\System\PxyLJVV.exe
  C:\Windows\System\PxyLJVV.exe
  2⤵
  PID:2788
- C:\Windows\System\TxFxctQ.exe
  C:\Windows\System\TxFxctQ.exe
  2⤵
  PID:2872
- C:\Windows\System\IjhMgaw.exe
  C:\Windows\System\IjhMgaw.exe
  2⤵
  PID:2816
- C:\Windows\System\IYUVvGj.exe
  C:\Windows\System\IYUVvGj.exe
  2⤵
  PID:744
- C:\Windows\System\DBhNwjd.exe
  C:\Windows\System\DBhNwjd.exe
  2⤵
  PID:2624
- C:\Windows\System\QuCWBUS.exe
  C:\Windows\System\QuCWBUS.exe
  2⤵
  PID:2096
- C:\Windows\System\BtkvTNu.exe
  C:\Windows\System\BtkvTNu.exe
  2⤵
  PID:2320
- C:\Windows\System\kidvfXg.exe
  C:\Windows\System\kidvfXg.exe
  2⤵
  PID:2372
- C:\Windows\System\nPwFrvb.exe
  C:\Windows\System\nPwFrvb.exe
  2⤵
  PID:3004
- C:\Windows\System\etRYTyM.exe
  C:\Windows\System\etRYTyM.exe
  2⤵
  PID:1936
- C:\Windows\System\tPcSnXP.exe
  C:\Windows\System\tPcSnXP.exe
  2⤵
  PID:3096
- C:\Windows\System\jcwfYVa.exe
  C:\Windows\System\jcwfYVa.exe
  2⤵
  PID:3112
- C:\Windows\System\ADNSmXF.exe
  C:\Windows\System\ADNSmXF.exe
  2⤵
  PID:3128
- C:\Windows\System\GdlcxSj.exe
  C:\Windows\System\GdlcxSj.exe
  2⤵
  PID:3144
- C:\Windows\System\gMoQklH.exe
  C:\Windows\System\gMoQklH.exe
  2⤵
  PID:3168
- C:\Windows\System\UJqywhb.exe
  C:\Windows\System\UJqywhb.exe
  2⤵
  PID:3188
- C:\Windows\System\sPnTiGp.exe
  C:\Windows\System\sPnTiGp.exe
  2⤵
  PID:3208
- C:\Windows\System\sJOMKtg.exe
  C:\Windows\System\sJOMKtg.exe
  2⤵
  PID:3224
- C:\Windows\System\qFMvGbf.exe
  C:\Windows\System\qFMvGbf.exe
  2⤵
  PID:3244
- C:\Windows\System\ndrWCcv.exe
  C:\Windows\System\ndrWCcv.exe
  2⤵
  PID:3264
- C:\Windows\System\guudsga.exe
  C:\Windows\System\guudsga.exe
  2⤵
  PID:3296
- C:\Windows\System\XuJCgCa.exe
  C:\Windows\System\XuJCgCa.exe
  2⤵
  PID:3312
- C:\Windows\System\ftWzCmO.exe
  C:\Windows\System\ftWzCmO.exe
  2⤵
  PID:3328
- C:\Windows\System\YXCyTUI.exe
  C:\Windows\System\YXCyTUI.exe
  2⤵
  PID:3344
- C:\Windows\System\XYExpKa.exe
  C:\Windows\System\XYExpKa.exe
  2⤵
  PID:3364
- C:\Windows\System\AAonUgd.exe
  C:\Windows\System\AAonUgd.exe
  2⤵
  PID:3384
- C:\Windows\System\rTjrRxR.exe
  C:\Windows\System\rTjrRxR.exe
  2⤵
  PID:3416
- C:\Windows\System\FjYFcRP.exe
  C:\Windows\System\FjYFcRP.exe
  2⤵
  PID:3436
- C:\Windows\System\WWtRfpY.exe
  C:\Windows\System\WWtRfpY.exe
  2⤵
  PID:3460
- C:\Windows\System\GcudbeV.exe
  C:\Windows\System\GcudbeV.exe
  2⤵
  PID:3476
- C:\Windows\System\IZiCurG.exe
  C:\Windows\System\IZiCurG.exe
  2⤵
  PID:3492
- C:\Windows\System\kOxTXHa.exe
  C:\Windows\System\kOxTXHa.exe
  2⤵
  PID:3508
- C:\Windows\System\UCbZzvn.exe
  C:\Windows\System\UCbZzvn.exe
  2⤵
  PID:3528
- C:\Windows\System\XhlDktY.exe
  C:\Windows\System\XhlDktY.exe
  2⤵
  PID:3548
- C:\Windows\System\XsCucur.exe
  C:\Windows\System\XsCucur.exe
  2⤵
  PID:3564
- C:\Windows\System\fDJOkfs.exe
  C:\Windows\System\fDJOkfs.exe
  2⤵
  PID:3584
- C:\Windows\System\vIxceYm.exe
  C:\Windows\System\vIxceYm.exe
  2⤵
  PID:3612
- C:\Windows\System\cTHXmGA.exe
  C:\Windows\System\cTHXmGA.exe
  2⤵
  PID:3628
- C:\Windows\System\GLTzFgs.exe
  C:\Windows\System\GLTzFgs.exe
  2⤵
  PID:3644
- C:\Windows\System\vUWPFoO.exe
  C:\Windows\System\vUWPFoO.exe
  2⤵
  PID:3684
- C:\Windows\System\AHnOFGQ.exe
  C:\Windows\System\AHnOFGQ.exe
  2⤵
  PID:3700
- C:\Windows\System\KEmmXUt.exe
  C:\Windows\System\KEmmXUt.exe
  2⤵
  PID:3720
- C:\Windows\System\DHhkUOG.exe
  C:\Windows\System\DHhkUOG.exe
  2⤵
  PID:3736
- C:\Windows\System\WveCBIy.exe
  C:\Windows\System\WveCBIy.exe
  2⤵
  PID:3760
- C:\Windows\System\VULSOaO.exe
  C:\Windows\System\VULSOaO.exe
  2⤵
  PID:3776
- C:\Windows\System\PXWfoKi.exe
  C:\Windows\System\PXWfoKi.exe
  2⤵
  PID:3792
- C:\Windows\System\FzKyaKe.exe
  C:\Windows\System\FzKyaKe.exe
  2⤵
  PID:3824
- C:\Windows\System\kLgYPvY.exe
  C:\Windows\System\kLgYPvY.exe
  2⤵
  PID:3840
- C:\Windows\System\gVMLiQN.exe
  C:\Windows\System\gVMLiQN.exe
  2⤵
  PID:3864
- C:\Windows\System\ySxOOUG.exe
  C:\Windows\System\ySxOOUG.exe
  2⤵
  PID:3880
- C:\Windows\System\JpQfikb.exe
  C:\Windows\System\JpQfikb.exe
  2⤵
  PID:3896
- C:\Windows\System\CzMiRmJ.exe
  C:\Windows\System\CzMiRmJ.exe
  2⤵
  PID:3920
- C:\Windows\System\ZtXDGMa.exe
  C:\Windows\System\ZtXDGMa.exe
  2⤵
  PID:3936
- C:\Windows\System\DlQfwsU.exe
  C:\Windows\System\DlQfwsU.exe
  2⤵
  PID:3952
- C:\Windows\System\EwGsTpD.exe
  C:\Windows\System\EwGsTpD.exe
  2⤵
  PID:3972
- C:\Windows\System\jfjklzW.exe
  C:\Windows\System\jfjklzW.exe
  2⤵
  PID:3988
- C:\Windows\System\ZMgehgB.exe
  C:\Windows\System\ZMgehgB.exe
  2⤵
  PID:4004
- C:\Windows\System\prescAf.exe
  C:\Windows\System\prescAf.exe
  2⤵
  PID:4024
- C:\Windows\System\pAUApzc.exe
  C:\Windows\System\pAUApzc.exe
  2⤵
  PID:4044
- C:\Windows\System\HOGmHdz.exe
  C:\Windows\System\HOGmHdz.exe
  2⤵
  PID:4064
- C:\Windows\System\WsxoeOp.exe
  C:\Windows\System\WsxoeOp.exe
  2⤵
  PID:2560
- C:\Windows\System\yBLjYIW.exe
  C:\Windows\System\yBLjYIW.exe
  2⤵
  PID:1920
- C:\Windows\System\CDKREzE.exe
  C:\Windows\System\CDKREzE.exe
  2⤵
  PID:1616
- C:\Windows\System\OnwaLhZ.exe
  C:\Windows\System\OnwaLhZ.exe
  2⤵
  PID:3120
- C:\Windows\System\ZFesLSm.exe
  C:\Windows\System\ZFesLSm.exe
  2⤵
  PID:3164
- C:\Windows\System\fFNyZNJ.exe
  C:\Windows\System\fFNyZNJ.exe
  2⤵
  PID:3236
- C:\Windows\System\OygOXsu.exe
  C:\Windows\System\OygOXsu.exe
  2⤵
  PID:3276
- C:\Windows\System\kLRUkpX.exe
  C:\Windows\System\kLRUkpX.exe
  2⤵
  PID:3352
- C:\Windows\System\vYElmfc.exe
  C:\Windows\System\vYElmfc.exe
  2⤵
  PID:3104
- C:\Windows\System\NpdEXdG.exe
  C:\Windows\System\NpdEXdG.exe
  2⤵
  PID:3220
- C:\Windows\System\SGWlIBC.exe
  C:\Windows\System\SGWlIBC.exe
  2⤵
  PID:3404
- C:\Windows\System\pWMqOWU.exe
  C:\Windows\System\pWMqOWU.exe
  2⤵
  PID:3308
- C:\Windows\System\DTxZiCK.exe
  C:\Windows\System\DTxZiCK.exe
  2⤵
  PID:3340
- C:\Windows\System\NFNCCUC.exe
  C:\Windows\System\NFNCCUC.exe
  2⤵
  PID:3424
- C:\Windows\System\XosHuJI.exe
  C:\Windows\System\XosHuJI.exe
  2⤵
  PID:3484
- C:\Windows\System\qonGQZa.exe
  C:\Windows\System\qonGQZa.exe
  2⤵
  PID:1340
- C:\Windows\System\ybIlxsJ.exe
  C:\Windows\System\ybIlxsJ.exe
  2⤵
  PID:3596
- C:\Windows\System\gEAlcVp.exe
  C:\Windows\System\gEAlcVp.exe
  2⤵
  PID:3640
- C:\Windows\System\bdgBrLz.exe
  C:\Windows\System\bdgBrLz.exe
  2⤵
  PID:3576
- C:\Windows\System\MuuTDpp.exe
  C:\Windows\System\MuuTDpp.exe
  2⤵
  PID:3580
- C:\Windows\System\PzvxbEw.exe
  C:\Windows\System\PzvxbEw.exe
  2⤵
  PID:3656
- C:\Windows\System\hBIfZFa.exe
  C:\Windows\System\hBIfZFa.exe
  2⤵
  PID:3696
- C:\Windows\System\KkcGOtx.exe
  C:\Windows\System\KkcGOtx.exe
  2⤵
  PID:3716
- C:\Windows\System\DSyCuoo.exe
  C:\Windows\System\DSyCuoo.exe
  2⤵
  PID:3788
- C:\Windows\System\ETYJRPj.exe
  C:\Windows\System\ETYJRPj.exe
  2⤵
  PID:3772
- C:\Windows\System\jLtALST.exe
  C:\Windows\System\jLtALST.exe
  2⤵
  PID:3816
- C:\Windows\System\dKTLDvU.exe
  C:\Windows\System\dKTLDvU.exe
  2⤵
  PID:3872
- C:\Windows\System\XWvGvks.exe
  C:\Windows\System\XWvGvks.exe
  2⤵
  PID:3928
- C:\Windows\System\tlavAfU.exe
  C:\Windows\System\tlavAfU.exe
  2⤵
  PID:3916
- C:\Windows\System\wNHkRwM.exe
  C:\Windows\System\wNHkRwM.exe
  2⤵
  PID:4000
- C:\Windows\System\rLEAAfI.exe
  C:\Windows\System\rLEAAfI.exe
  2⤵
  PID:4036
- C:\Windows\System\UpUEWHP.exe
  C:\Windows\System\UpUEWHP.exe
  2⤵
  PID:4088
- C:\Windows\System\xlHEDgO.exe
  C:\Windows\System\xlHEDgO.exe
  2⤵
  PID:3944
- C:\Windows\System\kOvaUNB.exe
  C:\Windows\System\kOvaUNB.exe
  2⤵
  PID:3088
- C:\Windows\System\kYEzEJi.exe
  C:\Windows\System\kYEzEJi.exe
  2⤵
  PID:2716
- C:\Windows\System\NlaYyqH.exe
  C:\Windows\System\NlaYyqH.exe
  2⤵
  PID:3196
- C:\Windows\System\Ocoziwi.exe
  C:\Windows\System\Ocoziwi.exe
  2⤵
  PID:3288
- C:\Windows\System\GoLaPtw.exe
  C:\Windows\System\GoLaPtw.exe
  2⤵
  PID:3400
- C:\Windows\System\whVAXPG.exe
  C:\Windows\System\whVAXPG.exe
  2⤵
  PID:3180
- C:\Windows\System\WOcgBEs.exe
  C:\Windows\System\WOcgBEs.exe
  2⤵
  PID:3452
- C:\Windows\System\uZhNsrH.exe
  C:\Windows\System\uZhNsrH.exe
  2⤵
  PID:3524
- C:\Windows\System\dAPKVeX.exe
  C:\Windows\System\dAPKVeX.exe
  2⤵
  PID:3516
- C:\Windows\System\ouVePAa.exe
  C:\Windows\System\ouVePAa.exe
  2⤵
  PID:3604
- C:\Windows\System\PhdqZSb.exe
  C:\Windows\System\PhdqZSb.exe
  2⤵
  PID:3536
- C:\Windows\System\uTnlHLH.exe
  C:\Windows\System\uTnlHLH.exe
  2⤵
  PID:3572
- C:\Windows\System\UWuLKND.exe
  C:\Windows\System\UWuLKND.exe
  2⤵
  PID:3768
- C:\Windows\System\KgoWxlm.exe
  C:\Windows\System\KgoWxlm.exe
  2⤵
  PID:3832
- C:\Windows\System\qpvXLbD.exe
  C:\Windows\System\qpvXLbD.exe
  2⤵
  PID:3744
- C:\Windows\System\YkgDsbp.exe
  C:\Windows\System\YkgDsbp.exe
  2⤵
  PID:3800
- C:\Windows\System\oLgqNXM.exe
  C:\Windows\System\oLgqNXM.exe
  2⤵
  PID:4040
- C:\Windows\System\XPlJUJV.exe
  C:\Windows\System\XPlJUJV.exe
  2⤵
  PID:3996
- C:\Windows\System\eYGuwaC.exe
  C:\Windows\System\eYGuwaC.exe
  2⤵
  PID:3980
- C:\Windows\System\QTmGVme.exe
  C:\Windows\System\QTmGVme.exe
  2⤵
  PID:3964
- C:\Windows\System\wyJnbhj.exe
  C:\Windows\System\wyJnbhj.exe
  2⤵
  PID:3272
- C:\Windows\System\JZsSDNi.exe
  C:\Windows\System\JZsSDNi.exe
  2⤵
  PID:3256
- C:\Windows\System\QsSBRDm.exe
  C:\Windows\System\QsSBRDm.exe
  2⤵
  PID:3108
- C:\Windows\System\JPmzkdk.exe
  C:\Windows\System\JPmzkdk.exe
  2⤵
  PID:3184
- C:\Windows\System\QYdVhbf.exe
  C:\Windows\System\QYdVhbf.exe
  2⤵
  PID:3472
- C:\Windows\System\uAbxVFz.exe
  C:\Windows\System\uAbxVFz.exe
  2⤵
  PID:3708
- C:\Windows\System\uEPfStH.exe
  C:\Windows\System\uEPfStH.exe
  2⤵
  PID:3836
- C:\Windows\System\tRBHESM.exe
  C:\Windows\System\tRBHESM.exe
  2⤵
  PID:3904
- C:\Windows\System\BeZYnrD.exe
  C:\Windows\System\BeZYnrD.exe
  2⤵
  PID:3892
- C:\Windows\System\WLXaylS.exe
  C:\Windows\System\WLXaylS.exe
  2⤵
  PID:3152
- C:\Windows\System\yeQpPDV.exe
  C:\Windows\System\yeQpPDV.exe
  2⤵
  PID:4016
- C:\Windows\System\DGGZcCj.exe
  C:\Windows\System\DGGZcCj.exe
  2⤵
  PID:3204
- C:\Windows\System\jsQXwsd.exe
  C:\Windows\System\jsQXwsd.exe
  2⤵
  PID:3324
- C:\Windows\System\NfHRNxU.exe
  C:\Windows\System\NfHRNxU.exe
  2⤵
  PID:3260
- C:\Windows\System\WKLgUMt.exe
  C:\Windows\System\WKLgUMt.exe
  2⤵
  PID:3520
- C:\Windows\System\oStXcCv.exe
  C:\Windows\System\oStXcCv.exe
  2⤵
  PID:3660
- C:\Windows\System\PnCfDVn.exe
  C:\Windows\System\PnCfDVn.exe
  2⤵
  PID:3076
- C:\Windows\System\qYDbivy.exe
  C:\Windows\System\qYDbivy.exe
  2⤵
  PID:936
- C:\Windows\System\ddcpJsX.exe
  C:\Windows\System\ddcpJsX.exe
  2⤵
  PID:3232
- C:\Windows\System\eeXCVQW.exe
  C:\Windows\System\eeXCVQW.exe
  2⤵
  PID:3448
- C:\Windows\System\jFNroBD.exe
  C:\Windows\System\jFNroBD.exe
  2⤵
  PID:3908
- C:\Windows\System\vMlNwAK.exe
  C:\Windows\System\vMlNwAK.exe
  2⤵
  PID:3860
- C:\Windows\System\QhoQuTr.exe
  C:\Windows\System\QhoQuTr.exe
  2⤵
  PID:3468
- C:\Windows\System\nnpObIB.exe
  C:\Windows\System\nnpObIB.exe
  2⤵
  PID:3888
- C:\Windows\System\bHlzJqO.exe
  C:\Windows\System\bHlzJqO.exe
  2⤵
  PID:4112
- C:\Windows\System\YARXyAn.exe
  C:\Windows\System\YARXyAn.exe
  2⤵
  PID:4128
- C:\Windows\System\GRtAAEu.exe
  C:\Windows\System\GRtAAEu.exe
  2⤵
  PID:4144
- C:\Windows\System\fLzMCUv.exe
  C:\Windows\System\fLzMCUv.exe
  2⤵
  PID:4160
- C:\Windows\System\zTeXxLg.exe
  C:\Windows\System\zTeXxLg.exe
  2⤵
  PID:4180
- C:\Windows\System\sWRPZDK.exe
  C:\Windows\System\sWRPZDK.exe
  2⤵
  PID:4200
- C:\Windows\System\rlzvyAq.exe
  C:\Windows\System\rlzvyAq.exe
  2⤵
  PID:4228
- C:\Windows\System\cQZdsJY.exe
  C:\Windows\System\cQZdsJY.exe
  2⤵
  PID:4252
- C:\Windows\System\sgKitXd.exe
  C:\Windows\System\sgKitXd.exe
  2⤵
  PID:4268
- C:\Windows\System\hNYlAkd.exe
  C:\Windows\System\hNYlAkd.exe
  2⤵
  PID:4284
- C:\Windows\System\VArzquF.exe
  C:\Windows\System\VArzquF.exe
  2⤵
  PID:4308
- C:\Windows\System\IOjcoSf.exe
  C:\Windows\System\IOjcoSf.exe
  2⤵
  PID:4344
- C:\Windows\System\QNEXyAU.exe
  C:\Windows\System\QNEXyAU.exe
  2⤵
  PID:4364
- C:\Windows\System\QECoTqr.exe
  C:\Windows\System\QECoTqr.exe
  2⤵
  PID:4380
- C:\Windows\System\OJYhVdG.exe
  C:\Windows\System\OJYhVdG.exe
  2⤵
  PID:4400
- C:\Windows\System\krZayHD.exe
  C:\Windows\System\krZayHD.exe
  2⤵
  PID:4416
- C:\Windows\System\vxmgsdF.exe
  C:\Windows\System\vxmgsdF.exe
  2⤵
  PID:4448
- C:\Windows\System\ixZosFe.exe
  C:\Windows\System\ixZosFe.exe
  2⤵
  PID:4468
- C:\Windows\System\rkXRktK.exe
  C:\Windows\System\rkXRktK.exe
  2⤵
  PID:4484
- C:\Windows\System\MvyaAgX.exe
  C:\Windows\System\MvyaAgX.exe
  2⤵
  PID:4504
- C:\Windows\System\QtbpoXo.exe
  C:\Windows\System\QtbpoXo.exe
  2⤵
  PID:4524
- C:\Windows\System\hQUycJH.exe
  C:\Windows\System\hQUycJH.exe
  2⤵
  PID:4544
- C:\Windows\System\WwiQBte.exe
  C:\Windows\System\WwiQBte.exe
  2⤵
  PID:4564
- C:\Windows\System\ajACIji.exe
  C:\Windows\System\ajACIji.exe
  2⤵
  PID:4592
- C:\Windows\System\HmRxEWC.exe
  C:\Windows\System\HmRxEWC.exe
  2⤵
  PID:4612
- C:\Windows\System\QIAxIET.exe
  C:\Windows\System\QIAxIET.exe
  2⤵
  PID:4628
- C:\Windows\System\hFyLygE.exe
  C:\Windows\System\hFyLygE.exe
  2⤵
  PID:4644
- C:\Windows\System\REIxQWe.exe
  C:\Windows\System\REIxQWe.exe
  2⤵
  PID:4680
- C:\Windows\System\oSwvTFC.exe
  C:\Windows\System\oSwvTFC.exe
  2⤵
  PID:4696
- C:\Windows\System\WuSTlyp.exe
  C:\Windows\System\WuSTlyp.exe
  2⤵
  PID:4712
- C:\Windows\System\qJxEqBX.exe
  C:\Windows\System\qJxEqBX.exe
  2⤵
  PID:4732
- C:\Windows\System\uUGIYCm.exe
  C:\Windows\System\uUGIYCm.exe
  2⤵
  PID:4752
- C:\Windows\System\KhHwqtI.exe
  C:\Windows\System\KhHwqtI.exe
  2⤵
  PID:4772
- C:\Windows\System\hHjEbww.exe
  C:\Windows\System\hHjEbww.exe
  2⤵
  PID:4788
- C:\Windows\System\vEhtIlF.exe
  C:\Windows\System\vEhtIlF.exe
  2⤵
  PID:4808
- C:\Windows\System\vvEnzsn.exe
  C:\Windows\System\vvEnzsn.exe
  2⤵
  PID:4824
- C:\Windows\System\eGdHmtf.exe
  C:\Windows\System\eGdHmtf.exe
  2⤵
  PID:4844
- C:\Windows\System\OldCKfZ.exe
  C:\Windows\System\OldCKfZ.exe
  2⤵
  PID:4884
- C:\Windows\System\TTJQtGt.exe
  C:\Windows\System\TTJQtGt.exe
  2⤵
  PID:4900
- C:\Windows\System\NWxjIdI.exe
  C:\Windows\System\NWxjIdI.exe
  2⤵
  PID:4924
- C:\Windows\System\RQqfuvN.exe
  C:\Windows\System\RQqfuvN.exe
  2⤵
  PID:4940
- C:\Windows\System\LooURGu.exe
  C:\Windows\System\LooURGu.exe
  2⤵
  PID:4960
- C:\Windows\System\ITSRdnX.exe
  C:\Windows\System\ITSRdnX.exe
  2⤵
  PID:4980
- C:\Windows\System\tUAefmA.exe
  C:\Windows\System\tUAefmA.exe
  2⤵
  PID:4996
- C:\Windows\System\xAIBtJa.exe
  C:\Windows\System\xAIBtJa.exe
  2⤵
  PID:5012
- C:\Windows\System\VwDIjPg.exe
  C:\Windows\System\VwDIjPg.exe
  2⤵
  PID:5028
- C:\Windows\System\kEwWwcW.exe
  C:\Windows\System\kEwWwcW.exe
  2⤵
  PID:5048
- C:\Windows\System\LDQpGOa.exe
  C:\Windows\System\LDQpGOa.exe
  2⤵
  PID:5080
- C:\Windows\System\HrYkmSK.exe
  C:\Windows\System\HrYkmSK.exe
  2⤵
  PID:5096
- C:\Windows\System\udeANkv.exe
  C:\Windows\System\udeANkv.exe
  2⤵
  PID:5116
- C:\Windows\System\DjcnKIT.exe
  C:\Windows\System\DjcnKIT.exe
  2⤵
  PID:3160
- C:\Windows\System\kILJkGz.exe
  C:\Windows\System\kILJkGz.exe
  2⤵
  PID:4152
- C:\Windows\System\eqaAIit.exe
  C:\Windows\System\eqaAIit.exe
  2⤵
  PID:4168
- C:\Windows\System\kUWeWzR.exe
  C:\Windows\System\kUWeWzR.exe
  2⤵
  PID:4188
- C:\Windows\System\oXxKeTr.exe
  C:\Windows\System\oXxKeTr.exe
  2⤵
  PID:4220
- C:\Windows\System\sjqfwwR.exe
  C:\Windows\System\sjqfwwR.exe
  2⤵
  PID:4240
- C:\Windows\System\OUajmqM.exe
  C:\Windows\System\OUajmqM.exe
  2⤵
  PID:4316
- C:\Windows\System\ZFCVDmp.exe
  C:\Windows\System\ZFCVDmp.exe
  2⤵
  PID:4336
- C:\Windows\System\HlprqRr.exe
  C:\Windows\System\HlprqRr.exe
  2⤵
  PID:4296
- C:\Windows\System\oSvKVdC.exe
  C:\Windows\System\oSvKVdC.exe
  2⤵
  PID:4300
- C:\Windows\System\CFwELHs.exe
  C:\Windows\System\CFwELHs.exe
  2⤵
  PID:4264
- C:\Windows\System\yyDHvpH.exe
  C:\Windows\System\yyDHvpH.exe
  2⤵
  PID:4496
- C:\Windows\System\PecOwsD.exe
  C:\Windows\System\PecOwsD.exe
  2⤵
  PID:4540
- C:\Windows\System\JkWgkhB.exe
  C:\Windows\System\JkWgkhB.exe
  2⤵
  PID:4576
- C:\Windows\System\BYaAmiE.exe
  C:\Windows\System\BYaAmiE.exe
  2⤵
  PID:4476
- C:\Windows\System\Iqqfjkh.exe
  C:\Windows\System\Iqqfjkh.exe
  2⤵
  PID:4552
- C:\Windows\System\EGcnPVB.exe
  C:\Windows\System\EGcnPVB.exe
  2⤵
  PID:4620
- C:\Windows\System\fRBKDib.exe
  C:\Windows\System\fRBKDib.exe
  2⤵
  PID:4664
- C:\Windows\System\AkxGlrO.exe
  C:\Windows\System\AkxGlrO.exe
  2⤵
  PID:4604
- C:\Windows\System\iXdjfCe.exe
  C:\Windows\System\iXdjfCe.exe
  2⤵
  PID:4708
- C:\Windows\System\mQLWuxo.exe
  C:\Windows\System\mQLWuxo.exe
  2⤵
  PID:4748
- C:\Windows\System\FldvkUL.exe
  C:\Windows\System\FldvkUL.exe
  2⤵
  PID:4856
- C:\Windows\System\HedMqJm.exe
  C:\Windows\System\HedMqJm.exe
  2⤵
  PID:4872
- C:\Windows\System\rdsfGPj.exe
  C:\Windows\System\rdsfGPj.exe
  2⤵
  PID:4728
- C:\Windows\System\rfnSxny.exe
  C:\Windows\System\rfnSxny.exe
  2⤵
  PID:4836
- C:\Windows\System\rYJPryo.exe
  C:\Windows\System\rYJPryo.exe
  2⤵
  PID:4896
- C:\Windows\System\jLswnVN.exe
  C:\Windows\System\jLswnVN.exe
  2⤵
  PID:4932
- C:\Windows\System\AbHjhsF.exe
  C:\Windows\System\AbHjhsF.exe
  2⤵
  PID:4992
- C:\Windows\System\rtkMguW.exe
  C:\Windows\System\rtkMguW.exe
  2⤵
  PID:4968
- C:\Windows\System\ABTbMlZ.exe
  C:\Windows\System\ABTbMlZ.exe
  2⤵
  PID:5008
- C:\Windows\System\JQuAYKF.exe
  C:\Windows\System\JQuAYKF.exe
  2⤵
  PID:5044
- C:\Windows\System\LzJLhAy.exe
  C:\Windows\System\LzJLhAy.exe
  2⤵
  PID:5104
- C:\Windows\System\UMwbEgO.exe
  C:\Windows\System\UMwbEgO.exe
  2⤵
  PID:4156
- C:\Windows\System\qotdNNO.exe
  C:\Windows\System\qotdNNO.exe
  2⤵
  PID:4104
- C:\Windows\System\BYRdnGY.exe
  C:\Windows\System\BYRdnGY.exe
  2⤵
  PID:4108
- C:\Windows\System\qVOWEDD.exe
  C:\Windows\System\qVOWEDD.exe
  2⤵
  PID:4192
- C:\Windows\System\XJjLqIX.exe
  C:\Windows\System\XJjLqIX.exe
  2⤵
  PID:4332
- C:\Windows\System\HOqDuNp.exe
  C:\Windows\System\HOqDuNp.exe
  2⤵
  PID:4352
- C:\Windows\System\TakzlPO.exe
  C:\Windows\System\TakzlPO.exe
  2⤵
  PID:4320
- C:\Windows\System\aijGxlL.exe
  C:\Windows\System\aijGxlL.exe
  2⤵
  PID:4572
- C:\Windows\System\qRbphHQ.exe
  C:\Windows\System\qRbphHQ.exe
  2⤵
  PID:4532
- C:\Windows\System\zRAVNuf.exe
  C:\Windows\System\zRAVNuf.exe
  2⤵
  PID:4580
- C:\Windows\System\DdIhUOl.exe
  C:\Windows\System\DdIhUOl.exe
  2⤵
  PID:4640
- C:\Windows\System\xbgqOKT.exe
  C:\Windows\System\xbgqOKT.exe
  2⤵
  PID:4784
- C:\Windows\System\MMlmkss.exe
  C:\Windows\System\MMlmkss.exe
  2⤵
  PID:4600
- C:\Windows\System\WJqqAcJ.exe
  C:\Windows\System\WJqqAcJ.exe
  2⤵
  PID:4852
- C:\Windows\System\PkHVUDz.exe
  C:\Windows\System\PkHVUDz.exe
  2⤵
  PID:4760
- C:\Windows\System\WxCmLId.exe
  C:\Windows\System\WxCmLId.exe
  2⤵
  PID:4908
- C:\Windows\System\NMKdEBP.exe
  C:\Windows\System\NMKdEBP.exe
  2⤵
  PID:4956
- C:\Windows\System\dMxHjyW.exe
  C:\Windows\System\dMxHjyW.exe
  2⤵
  PID:4976
- C:\Windows\System\JbzlSnm.exe
  C:\Windows\System\JbzlSnm.exe
  2⤵
  PID:5072
- C:\Windows\System\aXwtXTl.exe
  C:\Windows\System\aXwtXTl.exe
  2⤵
  PID:5112
- C:\Windows\System\DIXWsvH.exe
  C:\Windows\System\DIXWsvH.exe
  2⤵
  PID:4212
- C:\Windows\System\EOmhlop.exe
  C:\Windows\System\EOmhlop.exe
  2⤵
  PID:4356
- C:\Windows\System\RlifBxN.exe
  C:\Windows\System\RlifBxN.exe
  2⤵
  PID:4280
- C:\Windows\System\VJcafAt.exe
  C:\Windows\System\VJcafAt.exe
  2⤵
  PID:4512
- C:\Windows\System\xadDbRI.exe
  C:\Windows\System\xadDbRI.exe
  2⤵
  PID:4412
- C:\Windows\System\PLHdjMa.exe
  C:\Windows\System\PLHdjMa.exe
  2⤵
  PID:4804
- C:\Windows\System\MNqicFB.exe
  C:\Windows\System\MNqicFB.exe
  2⤵
  PID:4652
- C:\Windows\System\OtmsbJA.exe
  C:\Windows\System\OtmsbJA.exe
  2⤵
  PID:4800
- C:\Windows\System\xCJpMvr.exe
  C:\Windows\System\xCJpMvr.exe
  2⤵
  PID:4744
- C:\Windows\System\ldoRzmo.exe
  C:\Windows\System\ldoRzmo.exe
  2⤵
  PID:4916
- C:\Windows\System\FzvsDhC.exe
  C:\Windows\System\FzvsDhC.exe
  2⤵
  PID:4988
- C:\Windows\System\FywaxTS.exe
  C:\Windows\System\FywaxTS.exe
  2⤵
  PID:5036
- C:\Windows\System\UNuaofF.exe
  C:\Windows\System\UNuaofF.exe
  2⤵
  PID:4208
- C:\Windows\System\bAYZovI.exe
  C:\Windows\System\bAYZovI.exe
  2⤵
  PID:4276
- C:\Windows\System\dSTzWPF.exe
  C:\Windows\System\dSTzWPF.exe
  2⤵
  PID:4560
- C:\Windows\System\olHBFvW.exe
  C:\Windows\System\olHBFvW.exe
  2⤵
  PID:4820
- C:\Windows\System\WAonlPH.exe
  C:\Windows\System\WAonlPH.exe
  2⤵
  PID:4936
- C:\Windows\System\yZFwfVu.exe
  C:\Windows\System\yZFwfVu.exe
  2⤵
  PID:5076
- C:\Windows\System\sEbDWAj.exe
  C:\Windows\System\sEbDWAj.exe
  2⤵
  PID:4880
- C:\Windows\System\QsmxqSp.exe
  C:\Windows\System\QsmxqSp.exe
  2⤵
  PID:4464
- C:\Windows\System\WZIvlJP.exe
  C:\Windows\System\WZIvlJP.exe
  2⤵
  PID:4704
- C:\Windows\System\ZFTGDQw.exe
  C:\Windows\System\ZFTGDQw.exe
  2⤵
  PID:4868
- C:\Windows\System\KOxHuQR.exe
  C:\Windows\System\KOxHuQR.exe
  2⤵
  PID:5092
- C:\Windows\System\qRSblVn.exe
  C:\Windows\System\qRSblVn.exe
  2⤵
  PID:4424
- C:\Windows\System\Nmcoaxu.exe
  C:\Windows\System\Nmcoaxu.exe
  2⤵
  PID:5056
- C:\Windows\System\cylBwMA.exe
  C:\Windows\System\cylBwMA.exe
  2⤵
  PID:5128
- C:\Windows\System\aYegwBU.exe
  C:\Windows\System\aYegwBU.exe
  2⤵
  PID:5144
- C:\Windows\System\TQrOJgA.exe
  C:\Windows\System\TQrOJgA.exe
  2⤵
  PID:5164
- C:\Windows\System\uIaTANx.exe
  C:\Windows\System\uIaTANx.exe
  2⤵
  PID:5180
- C:\Windows\System\TVAQiga.exe
  C:\Windows\System\TVAQiga.exe
  2⤵
  PID:5204
- C:\Windows\System\xcyUpix.exe
  C:\Windows\System\xcyUpix.exe
  2⤵
  PID:5220
- C:\Windows\System\kijwXUK.exe
  C:\Windows\System\kijwXUK.exe
  2⤵
  PID:5236
- C:\Windows\System\nlUuoyh.exe
  C:\Windows\System\nlUuoyh.exe
  2⤵
  PID:5252
- C:\Windows\System\sngyjNn.exe
  C:\Windows\System\sngyjNn.exe
  2⤵
  PID:5272
- C:\Windows\System\FmnCUTK.exe
  C:\Windows\System\FmnCUTK.exe
  2⤵
  PID:5292
- C:\Windows\System\EIgMxnv.exe
  C:\Windows\System\EIgMxnv.exe
  2⤵
  PID:5316
- C:\Windows\System\CmBmLWz.exe
  C:\Windows\System\CmBmLWz.exe
  2⤵
  PID:5332
- C:\Windows\System\xlgWkmb.exe
  C:\Windows\System\xlgWkmb.exe
  2⤵
  PID:5352
- C:\Windows\System\WeCCoFq.exe
  C:\Windows\System\WeCCoFq.exe
  2⤵
  PID:5380
- C:\Windows\System\tKGIrVk.exe
  C:\Windows\System\tKGIrVk.exe
  2⤵
  PID:5396
- C:\Windows\System\wFlyQcA.exe
  C:\Windows\System\wFlyQcA.exe
  2⤵
  PID:5428
- C:\Windows\System\ZwnCcJj.exe
  C:\Windows\System\ZwnCcJj.exe
  2⤵
  PID:5448
- C:\Windows\System\DSljuAy.exe
  C:\Windows\System\DSljuAy.exe
  2⤵
  PID:5464
- C:\Windows\System\oGvXYoU.exe
  C:\Windows\System\oGvXYoU.exe
  2⤵
  PID:5480
- C:\Windows\System\OocjAXe.exe
  C:\Windows\System\OocjAXe.exe
  2⤵
  PID:5504
- C:\Windows\System\PbgCdmb.exe
  C:\Windows\System\PbgCdmb.exe
  2⤵
  PID:5528
- C:\Windows\System\XcVmWlI.exe
  C:\Windows\System\XcVmWlI.exe
  2⤵
  PID:5544
- C:\Windows\System\trCosdI.exe
  C:\Windows\System\trCosdI.exe
  2⤵
  PID:5572
- C:\Windows\System\SwAGIAq.exe
  C:\Windows\System\SwAGIAq.exe
  2⤵
  PID:5588
- C:\Windows\System\hWGSTpR.exe
  C:\Windows\System\hWGSTpR.exe
  2⤵
  PID:5604
- C:\Windows\System\fdzUEpE.exe
  C:\Windows\System\fdzUEpE.exe
  2⤵
  PID:5624
- C:\Windows\System\weCXooY.exe
  C:\Windows\System\weCXooY.exe
  2⤵
  PID:5640
- C:\Windows\System\jdxjYEA.exe
  C:\Windows\System\jdxjYEA.exe
  2⤵
  PID:5656
- C:\Windows\System\vijQzWq.exe
  C:\Windows\System\vijQzWq.exe
  2⤵
  PID:5680
- C:\Windows\System\MoawVXU.exe
  C:\Windows\System\MoawVXU.exe
  2⤵
  PID:5708
- C:\Windows\System\lMRyFqe.exe
  C:\Windows\System\lMRyFqe.exe
  2⤵
  PID:5724
- C:\Windows\System\apJXPoE.exe
  C:\Windows\System\apJXPoE.exe
  2⤵
  PID:5744
- C:\Windows\System\EHUdnIN.exe
  C:\Windows\System\EHUdnIN.exe
  2⤵
  PID:5768
- C:\Windows\System\kNbJOhQ.exe
  C:\Windows\System\kNbJOhQ.exe
  2⤵
  PID:5784
- C:\Windows\System\fSpPwVn.exe
  C:\Windows\System\fSpPwVn.exe
  2⤵
  PID:5808
- C:\Windows\System\wgYeIkR.exe
  C:\Windows\System\wgYeIkR.exe
  2⤵
  PID:5828
- C:\Windows\System\iUiDYwP.exe
  C:\Windows\System\iUiDYwP.exe
  2⤵
  PID:5848
- C:\Windows\System\lszJpfV.exe
  C:\Windows\System\lszJpfV.exe
  2⤵
  PID:5868
- C:\Windows\System\YBplDOZ.exe
  C:\Windows\System\YBplDOZ.exe
  2⤵
  PID:5884
- C:\Windows\System\CoObAQe.exe
  C:\Windows\System\CoObAQe.exe
  2⤵
  PID:5908
- C:\Windows\System\PmSFVYn.exe
  C:\Windows\System\PmSFVYn.exe
  2⤵
  PID:5928
- C:\Windows\System\RxjTGow.exe
  C:\Windows\System\RxjTGow.exe
  2⤵
  PID:5948
- C:\Windows\System\ydtzMaD.exe
  C:\Windows\System\ydtzMaD.exe
  2⤵
  PID:5968
- C:\Windows\System\rZOmlem.exe
  C:\Windows\System\rZOmlem.exe
  2⤵
  PID:5988
- C:\Windows\System\NhZbpjf.exe
  C:\Windows\System\NhZbpjf.exe
  2⤵
  PID:6004
- C:\Windows\System\QiZaKYM.exe
  C:\Windows\System\QiZaKYM.exe
  2⤵
  PID:6024
- C:\Windows\System\YaypOlV.exe
  C:\Windows\System\YaypOlV.exe
  2⤵
  PID:6040
- C:\Windows\System\RneTAzH.exe
  C:\Windows\System\RneTAzH.exe
  2⤵
  PID:6056
- C:\Windows\System\dwnyrUz.exe
  C:\Windows\System\dwnyrUz.exe
  2⤵
  PID:6072
- C:\Windows\System\qqnntmh.exe
  C:\Windows\System\qqnntmh.exe
  2⤵
  PID:6092
- C:\Windows\System\ghwzSDD.exe
  C:\Windows\System\ghwzSDD.exe
  2⤵
  PID:6108
- C:\Windows\System\KUyHtdj.exe
  C:\Windows\System\KUyHtdj.exe
  2⤵
  PID:6128
- C:\Windows\System\KuBNWtx.exe
  C:\Windows\System\KuBNWtx.exe
  2⤵
  PID:4328
- C:\Windows\System\pqSnIHI.exe
  C:\Windows\System\pqSnIHI.exe
  2⤵
  PID:5140
- C:\Windows\System\GnqCExj.exe
  C:\Windows\System\GnqCExj.exe
  2⤵
  PID:5188
- C:\Windows\System\fXTkdDa.exe
  C:\Windows\System\fXTkdDa.exe
  2⤵
  PID:5196
- C:\Windows\System\ZjOsBcc.exe
  C:\Windows\System\ZjOsBcc.exe
  2⤵
  PID:5268
- C:\Windows\System\ZWfOTWQ.exe
  C:\Windows\System\ZWfOTWQ.exe
  2⤵
  PID:5284
- C:\Windows\System\tZxyVjc.exe
  C:\Windows\System\tZxyVjc.exe
  2⤵
  PID:5216
- C:\Windows\System\ayFtLTU.exe
  C:\Windows\System\ayFtLTU.exe
  2⤵
  PID:5340
- C:\Windows\System\Vnilhuo.exe
  C:\Windows\System\Vnilhuo.exe
  2⤵
  PID:5392
- C:\Windows\System\cfkcwfy.exe
  C:\Windows\System\cfkcwfy.exe
  2⤵
  PID:5368
- C:\Windows\System\XFUsKYY.exe
  C:\Windows\System\XFUsKYY.exe
  2⤵
  PID:5416
- C:\Windows\System\KAIVyof.exe
  C:\Windows\System\KAIVyof.exe
  2⤵
  PID:5420
- C:\Windows\System\ckLaHpj.exe
  C:\Windows\System\ckLaHpj.exe
  2⤵
  PID:5488
- C:\Windows\System\JGiMPCy.exe
  C:\Windows\System\JGiMPCy.exe
  2⤵
  PID:5524
- C:\Windows\System\xHIRolu.exe
  C:\Windows\System\xHIRolu.exe
  2⤵
  PID:5564
- C:\Windows\System\ujmZxnt.exe
  C:\Windows\System\ujmZxnt.exe
  2⤵
  PID:5600
- C:\Windows\System\VgvpOWK.exe
  C:\Windows\System\VgvpOWK.exe
  2⤵
  PID:5648
- C:\Windows\System\cKyPfnU.exe
  C:\Windows\System\cKyPfnU.exe
  2⤵
  PID:5700
- C:\Windows\System\kZuPmku.exe
  C:\Windows\System\kZuPmku.exe
  2⤵
  PID:5752
- C:\Windows\System\QIZdSXX.exe
  C:\Windows\System\QIZdSXX.exe
  2⤵
  PID:5740
- C:\Windows\System\kyEvVtW.exe
  C:\Windows\System\kyEvVtW.exe
  2⤵
  PID:5816
- C:\Windows\System\FNefsTo.exe
  C:\Windows\System\FNefsTo.exe
  2⤵
  PID:5824
- C:\Windows\System\lhVGGUN.exe
  C:\Windows\System\lhVGGUN.exe
  2⤵
  PID:5864
- C:\Windows\System\zeElQUg.exe
  C:\Windows\System\zeElQUg.exe
  2⤵
  PID:5904
- C:\Windows\System\KYbYmXN.exe
  C:\Windows\System\KYbYmXN.exe
  2⤵
  PID:5924
- C:\Windows\System\zyzSkzj.exe
  C:\Windows\System\zyzSkzj.exe
  2⤵
  PID:5960
- C:\Windows\System\jyoDwUn.exe
  C:\Windows\System\jyoDwUn.exe
  2⤵
  PID:6036
- C:\Windows\System\IzTRVSs.exe
  C:\Windows\System\IzTRVSs.exe
  2⤵
  PID:5064
- C:\Windows\System\oLZmYFK.exe
  C:\Windows\System\oLZmYFK.exe
  2⤵
  PID:4392
- C:\Windows\System\rqZicie.exe
  C:\Windows\System\rqZicie.exe
  2⤵
  PID:6052
- C:\Windows\System\AhcKHYA.exe
  C:\Windows\System\AhcKHYA.exe
  2⤵
  PID:6116
- C:\Windows\System\FNFlnwK.exe
  C:\Windows\System\FNFlnwK.exe
  2⤵
  PID:6140
- C:\Windows\System\ndvcVIS.exe
  C:\Windows\System\ndvcVIS.exe
  2⤵
  PID:5264
- C:\Windows\System\mUrafCn.exe
  C:\Windows\System\mUrafCn.exe
  2⤵
  PID:5324
- C:\Windows\System\GpQzSkd.exe
  C:\Windows\System\GpQzSkd.exe
  2⤵
  PID:5312
- C:\Windows\System\MGVFvBz.exe
  C:\Windows\System\MGVFvBz.exe
  2⤵
  PID:5372
- C:\Windows\System\MXMCrAl.exe
  C:\Windows\System\MXMCrAl.exe
  2⤵
  PID:5444
- C:\Windows\System\NvVZfTk.exe
  C:\Windows\System\NvVZfTk.exe
  2⤵
  PID:5308
- C:\Windows\System\yJurATc.exe
  C:\Windows\System\yJurATc.exe
  2⤵
  PID:5552
- C:\Windows\System\aatwWPF.exe
  C:\Windows\System\aatwWPF.exe
  2⤵
  PID:5460
- C:\Windows\System\nBTDqYv.exe
  C:\Windows\System\nBTDqYv.exe
  2⤵
  PID:5664
- C:\Windows\System\GQieEdf.exe
  C:\Windows\System\GQieEdf.exe
  2⤵
  PID:5612
- C:\Windows\System\TKUIwsB.exe
  C:\Windows\System\TKUIwsB.exe
  2⤵
  PID:5732
- C:\Windows\System\KsJovQa.exe
  C:\Windows\System\KsJovQa.exe
  2⤵
  PID:5760
- C:\Windows\System\WKdRans.exe
  C:\Windows\System\WKdRans.exe
  2⤵
  PID:5820
- C:\Windows\System\zwgpaEY.exe
  C:\Windows\System\zwgpaEY.exe
  2⤵
  PID:5876
- C:\Windows\System\fdMMZmI.exe
  C:\Windows\System\fdMMZmI.exe
  2⤵
  PID:5940
- C:\Windows\System\QhxpWqn.exe
  C:\Windows\System\QhxpWqn.exe
  2⤵
  PID:6032
- C:\Windows\System\eiTHDPT.exe
  C:\Windows\System\eiTHDPT.exe
  2⤵
  PID:4656
- C:\Windows\System\ONqLzCL.exe
  C:\Windows\System\ONqLzCL.exe
  2⤵
  PID:6048
- C:\Windows\System\qMEHivZ.exe
  C:\Windows\System\qMEHivZ.exe
  2⤵
  PID:4136
- C:\Windows\System\knBECiE.exe
  C:\Windows\System\knBECiE.exe
  2⤵
  PID:5280
- C:\Windows\System\EXnXxEd.exe
  C:\Windows\System\EXnXxEd.exe
  2⤵
  PID:5412
- C:\Windows\System\brYSgbV.exe
  C:\Windows\System\brYSgbV.exe
  2⤵
  PID:5500
- C:\Windows\System\ekxYVBy.exe
  C:\Windows\System\ekxYVBy.exe
  2⤵
  PID:5560
- C:\Windows\System\uxpnSZb.exe
  C:\Windows\System\uxpnSZb.exe
  2⤵
  PID:5596
- C:\Windows\System\RawhfOZ.exe
  C:\Windows\System\RawhfOZ.exe
  2⤵
  PID:5688
- C:\Windows\System\CAbGMdj.exe
  C:\Windows\System\CAbGMdj.exe
  2⤵
  PID:5792
- C:\Windows\System\icANFLi.exe
  C:\Windows\System\icANFLi.exe
  2⤵
  PID:5804
- C:\Windows\System\UePNmwI.exe
  C:\Windows\System\UePNmwI.exe
  2⤵
  PID:5856
- C:\Windows\System\GwFdnQd.exe
  C:\Windows\System\GwFdnQd.exe
  2⤵
  PID:5996
- C:\Windows\System\yLaefLq.exe
  C:\Windows\System\yLaefLq.exe
  2⤵
  PID:6088
- C:\Windows\System\VLHsEvH.exe
  C:\Windows\System\VLHsEvH.exe
  2⤵
  PID:5228
- C:\Windows\System\KbkpVBl.exe
  C:\Windows\System\KbkpVBl.exe
  2⤵
  PID:5516
- C:\Windows\System\oTikNXX.exe
  C:\Windows\System\oTikNXX.exe
  2⤵
  PID:5672
- C:\Windows\System\zXvpFuo.exe
  C:\Windows\System\zXvpFuo.exe
  2⤵
  PID:5716
- C:\Windows\System\dhIciSc.exe
  C:\Windows\System\dhIciSc.exe
  2⤵
  PID:5800
- C:\Windows\System\LISBnka.exe
  C:\Windows\System\LISBnka.exe
  2⤵
  PID:6020
- C:\Windows\System\IWlBXrK.exe
  C:\Windows\System\IWlBXrK.exe
  2⤵
  PID:5860
- C:\Windows\System\VDctxYA.exe
  C:\Windows\System\VDctxYA.exe
  2⤵
  PID:5440
- C:\Windows\System\ieYaxEw.exe
  C:\Windows\System\ieYaxEw.exe
  2⤵
  PID:5584
- C:\Windows\System\EXUkBog.exe
  C:\Windows\System\EXUkBog.exe
  2⤵
  PID:5896
- C:\Windows\System\VLOkRmq.exe
  C:\Windows\System\VLOkRmq.exe
  2⤵
  PID:4080
- C:\Windows\System\iGRGtVD.exe
  C:\Windows\System\iGRGtVD.exe
  2⤵
  PID:5720
- C:\Windows\System\FFsynhF.exe
  C:\Windows\System\FFsynhF.exe
  2⤵
  PID:5936
- C:\Windows\System\SpUSPWi.exe
  C:\Windows\System\SpUSPWi.exe
  2⤵
  PID:5300
- C:\Windows\System\NPnKxuv.exe
  C:\Windows\System\NPnKxuv.exe
  2⤵
  PID:5984
- C:\Windows\System\wTbUzzq.exe
  C:\Windows\System\wTbUzzq.exe
  2⤵
  PID:6148
- C:\Windows\System\bGhokLO.exe
  C:\Windows\System\bGhokLO.exe
  2⤵
  PID:6168
- C:\Windows\System\HewtShS.exe
  C:\Windows\System\HewtShS.exe
  2⤵
  PID:6188
- C:\Windows\System\jqGPbeZ.exe
  C:\Windows\System\jqGPbeZ.exe
  2⤵
  PID:6204
- C:\Windows\System\cjTrdEj.exe
  C:\Windows\System\cjTrdEj.exe
  2⤵
  PID:6220
- C:\Windows\System\RoUMtnK.exe
  C:\Windows\System\RoUMtnK.exe
  2⤵
  PID:6240
- C:\Windows\System\oaOXWVk.exe
  C:\Windows\System\oaOXWVk.exe
  2⤵
  PID:6260
- C:\Windows\System\hZnhKES.exe
  C:\Windows\System\hZnhKES.exe
  2⤵
  PID:6276
- C:\Windows\System\lTBYsCU.exe
  C:\Windows\System\lTBYsCU.exe
  2⤵
  PID:6300
- C:\Windows\System\gVJbcqp.exe
  C:\Windows\System\gVJbcqp.exe
  2⤵
  PID:6332
- C:\Windows\System\ADqwJZa.exe
  C:\Windows\System\ADqwJZa.exe
  2⤵
  PID:6348
- C:\Windows\System\GGSKphp.exe
  C:\Windows\System\GGSKphp.exe
  2⤵
  PID:6372
- C:\Windows\System\hyNPWYg.exe
  C:\Windows\System\hyNPWYg.exe
  2⤵
  PID:6388
- C:\Windows\System\eaHPxCJ.exe
  C:\Windows\System\eaHPxCJ.exe
  2⤵
  PID:6412
- C:\Windows\System\zAMyTpK.exe
  C:\Windows\System\zAMyTpK.exe
  2⤵
  PID:6428
- C:\Windows\System\jXlIPLk.exe
  C:\Windows\System\jXlIPLk.exe
  2⤵
  PID:6452
- C:\Windows\System\PkEpnKQ.exe
  C:\Windows\System\PkEpnKQ.exe
  2⤵
  PID:6468
- C:\Windows\System\DSlEcMK.exe
  C:\Windows\System\DSlEcMK.exe
  2⤵
  PID:6492
- C:\Windows\System\FiQMlsn.exe
  C:\Windows\System\FiQMlsn.exe
  2⤵
  PID:6508
- C:\Windows\System\jtmFSSj.exe
  C:\Windows\System\jtmFSSj.exe
  2⤵
  PID:6524
- C:\Windows\System\qKXXISY.exe
  C:\Windows\System\qKXXISY.exe
  2⤵
  PID:6544
- C:\Windows\System\LTBQjnu.exe
  C:\Windows\System\LTBQjnu.exe
  2⤵
  PID:6564
- C:\Windows\System\uPuQfOv.exe
  C:\Windows\System\uPuQfOv.exe
  2⤵
  PID:6580
- C:\Windows\System\pZgMaFA.exe
  C:\Windows\System\pZgMaFA.exe
  2⤵
  PID:6604
- C:\Windows\System\vjQCEuD.exe
  C:\Windows\System\vjQCEuD.exe
  2⤵
  PID:6624
- C:\Windows\System\mPdDJmC.exe
  C:\Windows\System\mPdDJmC.exe
  2⤵
  PID:6648
- C:\Windows\System\mUvqXCl.exe
  C:\Windows\System\mUvqXCl.exe
  2⤵
  PID:6668
- C:\Windows\System\ymHWeFC.exe
  C:\Windows\System\ymHWeFC.exe
  2⤵
  PID:6684
- C:\Windows\System\FAgFrzS.exe
  C:\Windows\System\FAgFrzS.exe
  2⤵
  PID:6704
- C:\Windows\System\edpPicg.exe
  C:\Windows\System\edpPicg.exe
  2⤵
  PID:6728
- C:\Windows\System\iDBRViW.exe
  C:\Windows\System\iDBRViW.exe
  2⤵
  PID:6748
- C:\Windows\System\eZAcfVQ.exe
  C:\Windows\System\eZAcfVQ.exe
  2⤵
  PID:6764
- C:\Windows\System\xHEZDnF.exe
  C:\Windows\System\xHEZDnF.exe
  2⤵
  PID:6784
- C:\Windows\System\lmThEIb.exe
  C:\Windows\System\lmThEIb.exe
  2⤵
  PID:6804
- C:\Windows\System\CecuoTx.exe
  C:\Windows\System\CecuoTx.exe
  2⤵
  PID:6824
- C:\Windows\System\VTUhbvN.exe
  C:\Windows\System\VTUhbvN.exe
  2⤵
  PID:6840
- C:\Windows\System\ZwXXVIn.exe
  C:\Windows\System\ZwXXVIn.exe
  2⤵
  PID:6868
- C:\Windows\System\aIBCwLt.exe
  C:\Windows\System\aIBCwLt.exe
  2⤵
  PID:6888
- C:\Windows\System\mNAQYZc.exe
  C:\Windows\System\mNAQYZc.exe
  2⤵
  PID:6908
- C:\Windows\System\xdvqoiP.exe
  C:\Windows\System\xdvqoiP.exe
  2⤵
  PID:6932
- C:\Windows\System\pABBPoc.exe
  C:\Windows\System\pABBPoc.exe
  2⤵
  PID:6948
- C:\Windows\System\VlWFvBj.exe
  C:\Windows\System\VlWFvBj.exe
  2⤵
  PID:6964
- C:\Windows\System\Ouyxdnw.exe
  C:\Windows\System\Ouyxdnw.exe
  2⤵
  PID:6988
- C:\Windows\System\RNLPbeO.exe
  C:\Windows\System\RNLPbeO.exe
  2⤵
  PID:7008
- C:\Windows\System\ofrlUNa.exe
  C:\Windows\System\ofrlUNa.exe
  2⤵
  PID:7024
- C:\Windows\System\SjpKLcW.exe
  C:\Windows\System\SjpKLcW.exe
  2⤵
  PID:7040
- C:\Windows\System\bEdnIBD.exe
  C:\Windows\System\bEdnIBD.exe
  2⤵
  PID:7064
- C:\Windows\System\EVEGNII.exe
  C:\Windows\System\EVEGNII.exe
  2⤵
  PID:7080
- C:\Windows\System\djCkvwg.exe
  C:\Windows\System\djCkvwg.exe
  2⤵
  PID:7100
- C:\Windows\System\anuETMk.exe
  C:\Windows\System\anuETMk.exe
  2⤵
  PID:7128
- C:\Windows\System\yKlRpwP.exe
  C:\Windows\System\yKlRpwP.exe
  2⤵
  PID:7152
- C:\Windows\System\dfTHVeL.exe
  C:\Windows\System\dfTHVeL.exe
  2⤵
  PID:5136
- C:\Windows\System\CAyZdvh.exe
  C:\Windows\System\CAyZdvh.exe
  2⤵
  PID:6160
- C:\Windows\System\YUXoaKh.exe
  C:\Windows\System\YUXoaKh.exe
  2⤵
  PID:6232
- C:\Windows\System\CcxtKaV.exe
  C:\Windows\System\CcxtKaV.exe
  2⤵
  PID:6176
- C:\Windows\System\dOqIrEY.exe
  C:\Windows\System\dOqIrEY.exe
  2⤵
  PID:6320
- C:\Windows\System\kHhEQAV.exe
  C:\Windows\System\kHhEQAV.exe
  2⤵
  PID:6212
- C:\Windows\System\CtwRXaP.exe
  C:\Windows\System\CtwRXaP.exe
  2⤵
  PID:6284
- C:\Windows\System\uxaBVsV.exe
  C:\Windows\System\uxaBVsV.exe
  2⤵
  PID:6340
- C:\Windows\System\rCCWyOe.exe
  C:\Windows\System\rCCWyOe.exe
  2⤵
  PID:6360
- C:\Windows\System\WgIGyaJ.exe
  C:\Windows\System\WgIGyaJ.exe
  2⤵
  PID:6408
- C:\Windows\System\caWvyNq.exe
  C:\Windows\System\caWvyNq.exe
  2⤵
  PID:6476
- C:\Windows\System\VpBipqv.exe
  C:\Windows\System\VpBipqv.exe
  2⤵
  PID:6480
- C:\Windows\System\MrcnyML.exe
  C:\Windows\System\MrcnyML.exe
  2⤵
  PID:6520
- C:\Windows\System\mbYIYZJ.exe
  C:\Windows\System\mbYIYZJ.exe
  2⤵
  PID:6536
- C:\Windows\System\zXzyuNT.exe
  C:\Windows\System\zXzyuNT.exe
  2⤵
  PID:6576
- C:\Windows\System\huomhge.exe
  C:\Windows\System\huomhge.exe
  2⤵
  PID:6640
- C:\Windows\System\bviXtOm.exe
  C:\Windows\System\bviXtOm.exe
  2⤵
  PID:5192
- C:\Windows\System\NGXNCaa.exe
  C:\Windows\System\NGXNCaa.exe
  2⤵
  PID:6656
- C:\Windows\System\vUIqzIe.exe
  C:\Windows\System\vUIqzIe.exe
  2⤵
  PID:6700
- C:\Windows\System\ivPhfAX.exe
  C:\Windows\System\ivPhfAX.exe
  2⤵
  PID:6740
- C:\Windows\System\QZoxauu.exe
  C:\Windows\System\QZoxauu.exe
  2⤵
  PID:6772
- C:\Windows\System\pTwtOPa.exe
  C:\Windows\System\pTwtOPa.exe
  2⤵
  PID:6836
- C:\Windows\System\DYKfusQ.exe
  C:\Windows\System\DYKfusQ.exe
  2⤵
  PID:6864
- C:\Windows\System\nECeQoD.exe
  C:\Windows\System\nECeQoD.exe
  2⤵
  PID:6916
- C:\Windows\System\WTRnNjK.exe
  C:\Windows\System\WTRnNjK.exe
  2⤵
  PID:6920
- C:\Windows\System\TvaqQPe.exe
  C:\Windows\System\TvaqQPe.exe
  2⤵
  PID:6940
- C:\Windows\System\zTZNoPU.exe
  C:\Windows\System\zTZNoPU.exe
  2⤵
  PID:7032
- C:\Windows\System\BnBQaRn.exe
  C:\Windows\System\BnBQaRn.exe
  2⤵
  PID:6980
- C:\Windows\System\UUgfdbv.exe
  C:\Windows\System\UUgfdbv.exe
  2⤵
  PID:7016
- C:\Windows\System\SRcfgqo.exe
  C:\Windows\System\SRcfgqo.exe
  2⤵
  PID:6976
- C:\Windows\System\OmGfxKL.exe
  C:\Windows\System\OmGfxKL.exe
  2⤵
  PID:7148
- C:\Windows\System\WUuheeP.exe
  C:\Windows\System\WUuheeP.exe
  2⤵
  PID:5976
- C:\Windows\System\pgheZRK.exe
  C:\Windows\System\pgheZRK.exe
  2⤵
  PID:6100
- C:\Windows\System\ffVdjAw.exe
  C:\Windows\System\ffVdjAw.exe
  2⤵
  PID:6256
- C:\Windows\System\VTjPAow.exe
  C:\Windows\System\VTjPAow.exe
  2⤵
  PID:6296
- C:\Windows\System\LHbqwsM.exe
  C:\Windows\System\LHbqwsM.exe
  2⤵
  PID:6180
- C:\Windows\System\SffrAVk.exe
  C:\Windows\System\SffrAVk.exe
  2⤵
  PID:6436
- C:\Windows\System\oWrDmGX.exe
  C:\Windows\System\oWrDmGX.exe
  2⤵
  PID:6448
- C:\Windows\System\VHRmPex.exe
  C:\Windows\System\VHRmPex.exe
  2⤵
  PID:6516
- C:\Windows\System\XacyTnS.exe
  C:\Windows\System\XacyTnS.exe
  2⤵
  PID:6572
- C:\Windows\System\AWHNQUP.exe
  C:\Windows\System\AWHNQUP.exe
  2⤵
  PID:6620
- C:\Windows\System\xlJFVLi.exe
  C:\Windows\System\xlJFVLi.exe
  2⤵
  PID:6660
- C:\Windows\System\tQcVnjn.exe
  C:\Windows\System\tQcVnjn.exe
  2⤵
  PID:6780
- C:\Windows\System\RIGFnvw.exe
  C:\Windows\System\RIGFnvw.exe
  2⤵
  PID:6848
- C:\Windows\System\rVxIsVU.exe
  C:\Windows\System\rVxIsVU.exe
  2⤵
  PID:6856
- C:\Windows\System\rYlIcHJ.exe
  C:\Windows\System\rYlIcHJ.exe
  2⤵
  PID:7108
- C:\Windows\System\UjPpIGc.exe
  C:\Windows\System\UjPpIGc.exe
  2⤵
  PID:7120
- C:\Windows\System\gYlgFKs.exe
  C:\Windows\System\gYlgFKs.exe
  2⤵
  PID:6924
- C:\Windows\System\LXOILvB.exe
  C:\Windows\System\LXOILvB.exe
  2⤵
  PID:7092
- C:\Windows\System\YbJMlka.exe
  C:\Windows\System\YbJMlka.exe
  2⤵
  PID:6268
- C:\Windows\System\qtkzFiN.exe
  C:\Windows\System\qtkzFiN.exe
  2⤵
  PID:6308
- C:\Windows\System\CVzIzAS.exe
  C:\Windows\System\CVzIzAS.exe
  2⤵
  PID:6292
- C:\Windows\System\EvZTqbJ.exe
  C:\Windows\System\EvZTqbJ.exe
  2⤵
  PID:6344
- C:\Windows\System\FQOjcwN.exe
  C:\Windows\System\FQOjcwN.exe
  2⤵
  PID:6592
- C:\Windows\System\nFOBedT.exe
  C:\Windows\System\nFOBedT.exe
  2⤵
  PID:6596
- C:\Windows\System\oshxYIS.exe
  C:\Windows\System\oshxYIS.exe
  2⤵
  PID:6600
- C:\Windows\System\UbCUvPd.exe
  C:\Windows\System\UbCUvPd.exe
  2⤵
  PID:6720
- C:\Windows\System\zeQdkcu.exe
  C:\Windows\System\zeQdkcu.exe
  2⤵
  PID:6820
- C:\Windows\System\AOzAUcb.exe
  C:\Windows\System\AOzAUcb.exe
  2⤵
  PID:7116
- C:\Windows\System\EVSIYbN.exe
  C:\Windows\System\EVSIYbN.exe
  2⤵
  PID:7052
- C:\Windows\System\juVEPmT.exe
  C:\Windows\System\juVEPmT.exe
  2⤵
  PID:6164
- C:\Windows\System\wOGyAKN.exe
  C:\Windows\System\wOGyAKN.exe
  2⤵
  PID:6248
- C:\Windows\System\qmewveX.exe
  C:\Windows\System\qmewveX.exe
  2⤵
  PID:6316
- C:\Windows\System\crXTnmC.exe
  C:\Windows\System\crXTnmC.exe
  2⤵
  PID:6796
- C:\Windows\System\RJgdKRN.exe
  C:\Windows\System\RJgdKRN.exe
  2⤵
  PID:6896
- C:\Windows\System\VeorFXJ.exe
  C:\Windows\System\VeorFXJ.exe
  2⤵
  PID:6756
- C:\Windows\System\hcJBXUK.exe
  C:\Windows\System\hcJBXUK.exe
  2⤵
  PID:7060
- C:\Windows\System\kXgJBoh.exe
  C:\Windows\System\kXgJBoh.exe
  2⤵
  PID:6612
- C:\Windows\System\zGxsHTG.exe
  C:\Windows\System\zGxsHTG.exe
  2⤵
  PID:6852
- C:\Windows\System\TVeOpUZ.exe
  C:\Windows\System\TVeOpUZ.exe
  2⤵
  PID:6504
- C:\Windows\System\dWAxCAQ.exe
  C:\Windows\System\dWAxCAQ.exe
  2⤵
  PID:6588
- C:\Windows\System\icuopuF.exe
  C:\Windows\System\icuopuF.exe
  2⤵
  PID:6832
- C:\Windows\System\xDGtcrl.exe
  C:\Windows\System\xDGtcrl.exe
  2⤵
  PID:6560
- C:\Windows\System\bIqDRpS.exe
  C:\Windows\System\bIqDRpS.exe
  2⤵
  PID:7096
- C:\Windows\System\hPeRBrv.exe
  C:\Windows\System\hPeRBrv.exe
  2⤵
  PID:2812
- C:\Windows\System\gzlWsSy.exe
  C:\Windows\System\gzlWsSy.exe
  2⤵
  PID:900
- C:\Windows\System\LHIKaKr.exe
  C:\Windows\System\LHIKaKr.exe
  2⤵
  PID:7048
- C:\Windows\System\vtJXDLx.exe
  C:\Windows\System\vtJXDLx.exe
  2⤵
  PID:904
- C:\Windows\System\XmoYAMU.exe
  C:\Windows\System\XmoYAMU.exe
  2⤵
  PID:7184
- C:\Windows\System\AGihDDq.exe
  C:\Windows\System\AGihDDq.exe
  2⤵
  PID:7208
- C:\Windows\System\vyNkJuZ.exe
  C:\Windows\System\vyNkJuZ.exe
  2⤵
  PID:7224
- C:\Windows\System\bNdNKkV.exe
  C:\Windows\System\bNdNKkV.exe
  2⤵
  PID:7248
- C:\Windows\System\mRHKDUq.exe
  C:\Windows\System\mRHKDUq.exe
  2⤵
  PID:7264
- C:\Windows\System\wqIXJIl.exe
  C:\Windows\System\wqIXJIl.exe
  2⤵
  PID:7280
- C:\Windows\System\LCHbKCG.exe
  C:\Windows\System\LCHbKCG.exe
  2⤵
  PID:7308
- C:\Windows\System\nKLBtAq.exe
  C:\Windows\System\nKLBtAq.exe
  2⤵
  PID:7324
- C:\Windows\System\lJDbmGo.exe
  C:\Windows\System\lJDbmGo.exe
  2⤵
  PID:7348
- C:\Windows\System\PqxNLCZ.exe
  C:\Windows\System\PqxNLCZ.exe
  2⤵
  PID:7368
- C:\Windows\System\ICgtKua.exe
  C:\Windows\System\ICgtKua.exe
  2⤵
  PID:7384
- C:\Windows\System\PFVLCNL.exe
  C:\Windows\System\PFVLCNL.exe
  2⤵
  PID:7404
- C:\Windows\System\woxcmmo.exe
  C:\Windows\System\woxcmmo.exe
  2⤵
  PID:7424
- C:\Windows\System\WhLpPJO.exe
  C:\Windows\System\WhLpPJO.exe
  2⤵
  PID:7444
- C:\Windows\System\WtctGnC.exe
  C:\Windows\System\WtctGnC.exe
  2⤵
  PID:7468
- C:\Windows\System\sVMpZSO.exe
  C:\Windows\System\sVMpZSO.exe
  2⤵
  PID:7484
- C:\Windows\System\bgAZIIR.exe
  C:\Windows\System\bgAZIIR.exe
  2⤵
  PID:7500
- C:\Windows\System\QTKnejH.exe
  C:\Windows\System\QTKnejH.exe
  2⤵
  PID:7520
- C:\Windows\System\XOgyIlU.exe
  C:\Windows\System\XOgyIlU.exe
  2⤵
  PID:7540
- C:\Windows\System\NiKKaOw.exe
  C:\Windows\System\NiKKaOw.exe
  2⤵
  PID:7564
- C:\Windows\System\tbAzHkt.exe
  C:\Windows\System\tbAzHkt.exe
  2⤵
  PID:7588
- C:\Windows\System\qZssOvw.exe
  C:\Windows\System\qZssOvw.exe
  2⤵
  PID:7608
- C:\Windows\System\hVPdtwV.exe
  C:\Windows\System\hVPdtwV.exe
  2⤵
  PID:7624
- C:\Windows\System\sXCrpOe.exe
  C:\Windows\System\sXCrpOe.exe
  2⤵
  PID:7648
- C:\Windows\System\oWpZqHk.exe
  C:\Windows\System\oWpZqHk.exe
  2⤵
  PID:7668
- C:\Windows\System\ZBvvrWH.exe
  C:\Windows\System\ZBvvrWH.exe
  2⤵
  PID:7688
- C:\Windows\System\SBzviDz.exe
  C:\Windows\System\SBzviDz.exe
  2⤵
  PID:7708
- C:\Windows\System\iHvjyVV.exe
  C:\Windows\System\iHvjyVV.exe
  2⤵
  PID:7728
- C:\Windows\System\uIxvnBy.exe
  C:\Windows\System\uIxvnBy.exe
  2⤵
  PID:7748
- C:\Windows\System\bceZruA.exe
  C:\Windows\System\bceZruA.exe
  2⤵
  PID:7768
- C:\Windows\System\FBgRgwM.exe
  C:\Windows\System\FBgRgwM.exe
  2⤵
  PID:7784
- C:\Windows\System\HrqLDYG.exe
  C:\Windows\System\HrqLDYG.exe
  2⤵
  PID:7800
- C:\Windows\System\pSeJRRX.exe
  C:\Windows\System\pSeJRRX.exe
  2⤵
  PID:7828
- C:\Windows\System\MLpgxDi.exe
  C:\Windows\System\MLpgxDi.exe
  2⤵
  PID:7852
- C:\Windows\System\EyXeVoP.exe
  C:\Windows\System\EyXeVoP.exe
  2⤵
  PID:7872
- C:\Windows\System\hCKuBOZ.exe
  C:\Windows\System\hCKuBOZ.exe
  2⤵
  PID:7888
- C:\Windows\System\oiVepbW.exe
  C:\Windows\System\oiVepbW.exe
  2⤵
  PID:7904
- C:\Windows\System\mAOoAEG.exe
  C:\Windows\System\mAOoAEG.exe
  2⤵
  PID:7920
- C:\Windows\System\MOFlbSH.exe
  C:\Windows\System\MOFlbSH.exe
  2⤵
  PID:7952
- C:\Windows\System\FuHRlGI.exe
  C:\Windows\System\FuHRlGI.exe
  2⤵
  PID:7972
- C:\Windows\System\UUvNXys.exe
  C:\Windows\System\UUvNXys.exe
  2⤵
  PID:7988
- C:\Windows\System\KOqTuzA.exe
  C:\Windows\System\KOqTuzA.exe
  2⤵
  PID:8012
- C:\Windows\System\yjJVJkm.exe
  C:\Windows\System\yjJVJkm.exe
  2⤵
  PID:8032
- C:\Windows\System\kWcaaNd.exe
  C:\Windows\System\kWcaaNd.exe
  2⤵
  PID:8048
- C:\Windows\System\GmocoDd.exe
  C:\Windows\System\GmocoDd.exe
  2⤵
  PID:8076
- C:\Windows\System\ZcfVxat.exe
  C:\Windows\System\ZcfVxat.exe
  2⤵
  PID:8092
- C:\Windows\System\PzpMbGa.exe
  C:\Windows\System\PzpMbGa.exe
  2⤵
  PID:8112
- C:\Windows\System\hregXdd.exe
  C:\Windows\System\hregXdd.exe
  2⤵
  PID:8128
- C:\Windows\System\xwFwNMZ.exe
  C:\Windows\System\xwFwNMZ.exe
  2⤵
  PID:8156
- C:\Windows\System\vAMidOU.exe
  C:\Windows\System\vAMidOU.exe
  2⤵
  PID:8172
- C:\Windows\System\UmOTolq.exe
  C:\Windows\System\UmOTolq.exe
  2⤵
  PID:6400
- C:\Windows\System\qxzufVB.exe
  C:\Windows\System\qxzufVB.exe
  2⤵
  PID:6368
- C:\Windows\System\MENkKtQ.exe
  C:\Windows\System\MENkKtQ.exe
  2⤵
  PID:7204
- C:\Windows\System\yQXlunY.exe
  C:\Windows\System\yQXlunY.exe
  2⤵
  PID:7232
- C:\Windows\System\bHDmSJI.exe
  C:\Windows\System\bHDmSJI.exe
  2⤵
  PID:7260
- C:\Windows\System\MeHUrIa.exe
  C:\Windows\System\MeHUrIa.exe
  2⤵
  PID:7296
- C:\Windows\System\vuwoRDL.exe
  C:\Windows\System\vuwoRDL.exe
  2⤵
  PID:7340
- C:\Windows\System\izjQAnq.exe
  C:\Windows\System\izjQAnq.exe
  2⤵
  PID:7396
- C:\Windows\System\OXuqXIt.exe
  C:\Windows\System\OXuqXIt.exe
  2⤵
  PID:7412
- C:\Windows\System\kERCsDY.exe
  C:\Windows\System\kERCsDY.exe
  2⤵
  PID:7452
- C:\Windows\System\uJhUPMY.exe
  C:\Windows\System\uJhUPMY.exe
  2⤵
  PID:7460
- C:\Windows\System\BAWSYzD.exe
  C:\Windows\System\BAWSYzD.exe
  2⤵
  PID:7512
- C:\Windows\System\YMaGKOP.exe
  C:\Windows\System\YMaGKOP.exe
  2⤵
  PID:7528
- C:\Windows\System\LedhWGA.exe
  C:\Windows\System\LedhWGA.exe
  2⤵
  PID:7584
- C:\Windows\System\VFiaMHe.exe
  C:\Windows\System\VFiaMHe.exe
  2⤵
  PID:7596
- C:\Windows\System\MLqmpor.exe
  C:\Windows\System\MLqmpor.exe
  2⤵
  PID:7620
- C:\Windows\System\mLwglzq.exe
  C:\Windows\System\mLwglzq.exe
  2⤵
  PID:7664
- C:\Windows\System\WlNfBEt.exe
  C:\Windows\System\WlNfBEt.exe
  2⤵
  PID:7680
- C:\Windows\System\LyLITfz.exe
  C:\Windows\System\LyLITfz.exe
  2⤵
  PID:7736
- C:\Windows\System\qJGBYgU.exe
  C:\Windows\System\qJGBYgU.exe
  2⤵
  PID:7812
- C:\Windows\System\rvIKltj.exe
  C:\Windows\System\rvIKltj.exe
  2⤵
  PID:7824
- C:\Windows\System\MjutEWc.exe
  C:\Windows\System\MjutEWc.exe
  2⤵
  PID:7848
- C:\Windows\System\ddoPTSn.exe
  C:\Windows\System\ddoPTSn.exe
  2⤵
  PID:7880
- C:\Windows\System\wQBtMOv.exe
  C:\Windows\System\wQBtMOv.exe
  2⤵
  PID:7884
- C:\Windows\System\mQHNIVQ.exe
  C:\Windows\System\mQHNIVQ.exe
  2⤵
  PID:7968
- C:\Windows\System\RTSWqNd.exe
  C:\Windows\System\RTSWqNd.exe
  2⤵
  PID:8020
- C:\Windows\System\fHSlcPX.exe
  C:\Windows\System\fHSlcPX.exe
  2⤵
  PID:8004
- C:\Windows\System\SKINsme.exe
  C:\Windows\System\SKINsme.exe
  2⤵
  PID:8060
- C:\Windows\System\oXbrKoR.exe
  C:\Windows\System\oXbrKoR.exe
  2⤵
  PID:8108
- C:\Windows\System\RMMnMvC.exe
  C:\Windows\System\RMMnMvC.exe
  2⤵
  PID:8148
- C:\Windows\System\oZymMCG.exe
  C:\Windows\System\oZymMCG.exe
  2⤵
  PID:8168
- C:\Windows\System\YmXXdPo.exe
  C:\Windows\System\YmXXdPo.exe
  2⤵
  PID:7180
- C:\Windows\System\EKgKZFv.exe
  C:\Windows\System\EKgKZFv.exe
  2⤵
  PID:7216
- C:\Windows\System\tJcrYJE.exe
  C:\Windows\System\tJcrYJE.exe
  2⤵
  PID:7244
- C:\Windows\System\dXzxCGe.exe
  C:\Windows\System\dXzxCGe.exe
  2⤵
  PID:7300
- C:\Windows\System\JGZduOa.exe
  C:\Windows\System\JGZduOa.exe
  2⤵
  PID:7320
- C:\Windows\System\NFmLFmV.exe
  C:\Windows\System\NFmLFmV.exe
  2⤵
  PID:7440
- C:\Windows\System\XclTVjT.exe
  C:\Windows\System\XclTVjT.exe
  2⤵
  PID:7420
- C:\Windows\System\BEpoTxA.exe
  C:\Windows\System\BEpoTxA.exe
  2⤵
  PID:7704
- C:\Windows\System\FBQeRZM.exe
  C:\Windows\System\FBQeRZM.exe
  2⤵
  PID:7492
- C:\Windows\System\GKcYaCA.exe
  C:\Windows\System\GKcYaCA.exe
  2⤵
  PID:7604
- C:\Windows\System\xpUHeHN.exe
  C:\Windows\System\xpUHeHN.exe
  2⤵
  PID:7744
- C:\Windows\System\oMpsDJV.exe
  C:\Windows\System\oMpsDJV.exe
  2⤵
  PID:7756
- C:\Windows\System\UebNARW.exe
  C:\Windows\System\UebNARW.exe
  2⤵
  PID:7864
- C:\Windows\System\UbNkvBQ.exe
  C:\Windows\System\UbNkvBQ.exe
  2⤵
  PID:5536
- C:\Windows\System\DdTOjdy.exe
  C:\Windows\System\DdTOjdy.exe
  2⤵
  PID:7932
- C:\Windows\System\hTywkVs.exe
  C:\Windows\System\hTywkVs.exe
  2⤵
  PID:7996
- C:\Windows\System\wXKxwYR.exe
  C:\Windows\System\wXKxwYR.exe
  2⤵
  PID:8024
- C:\Windows\System\hfBMIVH.exe
  C:\Windows\System\hfBMIVH.exe
  2⤵
  PID:8040
- C:\Windows\System\fCtaocJ.exe
  C:\Windows\System\fCtaocJ.exe
  2⤵
  PID:7808
- C:\Windows\System\PXAKlze.exe
  C:\Windows\System\PXAKlze.exe
  2⤵
  PID:8068
- C:\Windows\System\IFSreAx.exe
  C:\Windows\System\IFSreAx.exe
  2⤵
  PID:7292
- C:\Windows\System\dxHpbFp.exe
  C:\Windows\System\dxHpbFp.exe
  2⤵
  PID:7376
- C:\Windows\System\kPYHzQF.exe
  C:\Windows\System\kPYHzQF.exe
  2⤵
  PID:7656
- C:\Windows\System\tBohosM.exe
  C:\Windows\System\tBohosM.exe
  2⤵
  PID:7560
- C:\Windows\System\CZBHgxq.exe
  C:\Windows\System\CZBHgxq.exe
  2⤵
  PID:7580
- C:\Windows\System\DOBeMWx.exe
  C:\Windows\System\DOBeMWx.exe
  2⤵
  PID:7764
- C:\Windows\System\GHblgph.exe
  C:\Windows\System\GHblgph.exe
  2⤵
  PID:8064
- C:\Windows\System\ZGXmngm.exe
  C:\Windows\System\ZGXmngm.exe
  2⤵
  PID:7948
- C:\Windows\System\heJOnZH.exe
  C:\Windows\System\heJOnZH.exe
  2⤵
  PID:7860
- C:\Windows\System\tumiHFd.exe
  C:\Windows\System\tumiHFd.exe
  2⤵
  PID:7936
- C:\Windows\System\iHOSCQm.exe
  C:\Windows\System\iHOSCQm.exe
  2⤵
  PID:8136
- C:\Windows\System\fYhPzPF.exe
  C:\Windows\System\fYhPzPF.exe
  2⤵
  PID:7360
- C:\Windows\System\nVbfihr.exe
  C:\Windows\System\nVbfihr.exe
  2⤵
  PID:7000
- C:\Windows\System\uSfBHVd.exe
  C:\Windows\System\uSfBHVd.exe
  2⤵
  PID:7640
- C:\Windows\System\IchaVKy.exe
  C:\Windows\System\IchaVKy.exe
  2⤵
  PID:7536
- C:\Windows\System\XVDpQNN.exe
  C:\Windows\System\XVDpQNN.exe
  2⤵
  PID:7840
- C:\Windows\System\OgXQobt.exe
  C:\Windows\System\OgXQobt.exe
  2⤵
  PID:8144
- C:\Windows\System\fRDtwST.exe
  C:\Windows\System\fRDtwST.exe
  2⤵
  PID:7700
- C:\Windows\System\xFhapWS.exe
  C:\Windows\System\xFhapWS.exe
  2⤵
  PID:7572
- C:\Windows\System\kJQGGvR.exe
  C:\Windows\System\kJQGGvR.exe
  2⤵
  PID:7336
- C:\Windows\System\QzvKOLf.exe
  C:\Windows\System\QzvKOLf.exe
  2⤵
  PID:7716
- C:\Windows\System\myjAjaU.exe
  C:\Windows\System\myjAjaU.exe
  2⤵
  PID:8188
- C:\Windows\System\zEPflop.exe
  C:\Windows\System\zEPflop.exe
  2⤵
  PID:7576
- C:\Windows\System\xsxtcIl.exe
  C:\Windows\System\xsxtcIl.exe
  2⤵
  PID:7836
- C:\Windows\System\ugSFCEa.exe
  C:\Windows\System\ugSFCEa.exe
  2⤵
  PID:8180
- C:\Windows\System\dtzAkVb.exe
  C:\Windows\System\dtzAkVb.exe
  2⤵
  PID:7980
- C:\Windows\System\vpzMbVt.exe
  C:\Windows\System\vpzMbVt.exe
  2⤵
  PID:8072
- C:\Windows\System\vqkPlvu.exe
  C:\Windows\System\vqkPlvu.exe
  2⤵
  PID:7196
- C:\Windows\System\pRgAlbc.exe
  C:\Windows\System\pRgAlbc.exe
  2⤵
  PID:8212
- C:\Windows\System\YcILbtx.exe
  C:\Windows\System\YcILbtx.exe
  2⤵
  PID:8228
- C:\Windows\System\XerqgWY.exe
  C:\Windows\System\XerqgWY.exe
  2⤵
  PID:8248
- C:\Windows\System\MIpbaEP.exe
  C:\Windows\System\MIpbaEP.exe
  2⤵
  PID:8268
- C:\Windows\System\CBXWowR.exe
  C:\Windows\System\CBXWowR.exe
  2⤵
  PID:8284
- C:\Windows\System\lFjzeSf.exe
  C:\Windows\System\lFjzeSf.exe
  2⤵
  PID:8308
- C:\Windows\System\ZnxgRQI.exe
  C:\Windows\System\ZnxgRQI.exe
  2⤵
  PID:8328
- C:\Windows\System\FMlfOpA.exe
  C:\Windows\System\FMlfOpA.exe
  2⤵
  PID:8344
- C:\Windows\System\mjzUdeJ.exe
  C:\Windows\System\mjzUdeJ.exe
  2⤵
  PID:8360
- C:\Windows\System\KEuWwRR.exe
  C:\Windows\System\KEuWwRR.exe
  2⤵
  PID:8380
- C:\Windows\System\HBZOFhf.exe
  C:\Windows\System\HBZOFhf.exe
  2⤵
  PID:8400
- C:\Windows\System\bhiDdYm.exe
  C:\Windows\System\bhiDdYm.exe
  2⤵
  PID:8436
- C:\Windows\System\iNKGDzB.exe
  C:\Windows\System\iNKGDzB.exe
  2⤵
  PID:8452
- C:\Windows\System\cuowipA.exe
  C:\Windows\System\cuowipA.exe
  2⤵
  PID:8468
- C:\Windows\System\FJcsctA.exe
  C:\Windows\System\FJcsctA.exe
  2⤵
  PID:8488
- C:\Windows\System\zcrbVOx.exe
  C:\Windows\System\zcrbVOx.exe
  2⤵
  PID:8508
- C:\Windows\System\oKDJIVp.exe
  C:\Windows\System\oKDJIVp.exe
  2⤵
  PID:8524
- C:\Windows\System\zRoNLux.exe
  C:\Windows\System\zRoNLux.exe
  2⤵
  PID:8552
- C:\Windows\System\ZctrZkh.exe
  C:\Windows\System\ZctrZkh.exe
  2⤵
  PID:8568
- C:\Windows\System\XoMhQzw.exe
  C:\Windows\System\XoMhQzw.exe
  2⤵
  PID:8592
- C:\Windows\System\fprayee.exe
  C:\Windows\System\fprayee.exe
  2⤵
  PID:8608
- C:\Windows\System\BluAFeB.exe
  C:\Windows\System\BluAFeB.exe
  2⤵
  PID:8628
- C:\Windows\System\RGtinkF.exe
  C:\Windows\System\RGtinkF.exe
  2⤵
  PID:8652
- C:\Windows\System\eQNmAfC.exe
  C:\Windows\System\eQNmAfC.exe
  2⤵
  PID:8668
- C:\Windows\System\pNnPbRh.exe
  C:\Windows\System\pNnPbRh.exe
  2⤵
  PID:8688
- C:\Windows\System\RachLvE.exe
  C:\Windows\System\RachLvE.exe
  2⤵
  PID:8708
- C:\Windows\System\UMGdZvt.exe
  C:\Windows\System\UMGdZvt.exe
  2⤵
  PID:8732
- C:\Windows\System\EhWSFoc.exe
  C:\Windows\System\EhWSFoc.exe
  2⤵
  PID:8772
- C:\Windows\System\onocGFD.exe
  C:\Windows\System\onocGFD.exe
  2⤵
  PID:8788
- C:\Windows\System\QcoJFZY.exe
  C:\Windows\System\QcoJFZY.exe
  2⤵
  PID:8808
- C:\Windows\System\eWAMNbg.exe
  C:\Windows\System\eWAMNbg.exe
  2⤵
  PID:8824
- C:\Windows\System\EQqTDeX.exe
  C:\Windows\System\EQqTDeX.exe
  2⤵
  PID:8844
- C:\Windows\System\mPxIeCo.exe
  C:\Windows\System\mPxIeCo.exe
  2⤵
  PID:8860
- C:\Windows\System\oSGqMLd.exe
  C:\Windows\System\oSGqMLd.exe
  2⤵
  PID:8876
- C:\Windows\System\iLPMFoY.exe
  C:\Windows\System\iLPMFoY.exe
  2⤵
  PID:8892
- C:\Windows\System\zWGsMKX.exe
  C:\Windows\System\zWGsMKX.exe
  2⤵
  PID:8908
- C:\Windows\System\ixBGwVV.exe
  C:\Windows\System\ixBGwVV.exe
  2⤵
  PID:8924
- C:\Windows\System\bhTHyJM.exe
  C:\Windows\System\bhTHyJM.exe
  2⤵
  PID:8948
- C:\Windows\System\yiqorfJ.exe
  C:\Windows\System\yiqorfJ.exe
  2⤵
  PID:8968
- C:\Windows\System\MdJALSy.exe
  C:\Windows\System\MdJALSy.exe
  2⤵
  PID:8984
- C:\Windows\System\ysjoYFs.exe
  C:\Windows\System\ysjoYFs.exe
  2⤵
  PID:9000
- C:\Windows\System\rskOQcH.exe
  C:\Windows\System\rskOQcH.exe
  2⤵
  PID:9020
- C:\Windows\System\AULeJAZ.exe
  C:\Windows\System\AULeJAZ.exe
  2⤵
  PID:9044
- C:\Windows\System\dkgFNoX.exe
  C:\Windows\System\dkgFNoX.exe
  2⤵
  PID:9068
- C:\Windows\System\gXbevhn.exe
  C:\Windows\System\gXbevhn.exe
  2⤵
  PID:9084
- C:\Windows\System\fNGBqTs.exe
  C:\Windows\System\fNGBqTs.exe
  2⤵
  PID:9112
- C:\Windows\System\ptyLHcN.exe
  C:\Windows\System\ptyLHcN.exe
  2⤵
  PID:9128
- C:\Windows\System\YztyfDP.exe
  C:\Windows\System\YztyfDP.exe
  2⤵
  PID:9144
- C:\Windows\System\MXQlyfi.exe
  C:\Windows\System\MXQlyfi.exe
  2⤵
  PID:9160
- C:\Windows\System\IstqIDV.exe
  C:\Windows\System\IstqIDV.exe
  2⤵
  PID:9180
- C:\Windows\System\MQJZROi.exe
  C:\Windows\System\MQJZROi.exe
  2⤵
  PID:9196
- C:\Windows\System\bCHMtPD.exe
  C:\Windows\System\bCHMtPD.exe
  2⤵
  PID:8140
- C:\Windows\System\ifiDzvg.exe
  C:\Windows\System\ifiDzvg.exe
  2⤵
  PID:8220
- C:\Windows\System\sXAqdVd.exe
  C:\Windows\System\sXAqdVd.exe
  2⤵
  PID:8256
- C:\Windows\System\VbCTxbo.exe
  C:\Windows\System\VbCTxbo.exe
  2⤵
  PID:8292
- C:\Windows\System\MXAYwbY.exe
  C:\Windows\System\MXAYwbY.exe
  2⤵
  PID:8396
- C:\Windows\System\DLlVPtM.exe
  C:\Windows\System\DLlVPtM.exe
  2⤵
  PID:8424
- C:\Windows\System\VbTJgUZ.exe
  C:\Windows\System\VbTJgUZ.exe
  2⤵
  PID:8460
- C:\Windows\System\vebJWjj.exe
  C:\Windows\System\vebJWjj.exe
  2⤵
  PID:8504
- C:\Windows\System\NrYEwiL.exe
  C:\Windows\System\NrYEwiL.exe
  2⤵
  PID:8540
- C:\Windows\System\GuHgMCc.exe
  C:\Windows\System\GuHgMCc.exe
  2⤵
  PID:8520
- C:\Windows\System\YTJEiun.exe
  C:\Windows\System\YTJEiun.exe
  2⤵
  PID:8560
- C:\Windows\System\RDUypmg.exe
  C:\Windows\System\RDUypmg.exe
  2⤵
  PID:8616
- C:\Windows\System\MxNELMw.exe
  C:\Windows\System\MxNELMw.exe
  2⤵
  PID:8648
- C:\Windows\System\vPRclxt.exe
  C:\Windows\System\vPRclxt.exe
  2⤵
  PID:8644
- C:\Windows\System\JCgvVzq.exe
  C:\Windows\System\JCgvVzq.exe
  2⤵
  PID:8716
- C:\Windows\System\MroidEA.exe
  C:\Windows\System\MroidEA.exe
  2⤵
  PID:8748
- C:\Windows\System\rzeERAo.exe
  C:\Windows\System\rzeERAo.exe
  2⤵
  PID:8780
- C:\Windows\System\VNVXGqJ.exe
  C:\Windows\System\VNVXGqJ.exe
  2⤵
  PID:8800
- C:\Windows\System\kzcazWU.exe
  C:\Windows\System\kzcazWU.exe
  2⤵
  PID:8840
- C:\Windows\System\kGRvADb.exe
  C:\Windows\System\kGRvADb.exe
  2⤵
  PID:8940
- C:\Windows\System\pJiGRmi.exe
  C:\Windows\System\pJiGRmi.exe
  2⤵
  PID:8820
- C:\Windows\System\eDEnNrP.exe
  C:\Windows\System\eDEnNrP.exe
  2⤵
  PID:8992
- C:\Windows\System\aXiucez.exe
  C:\Windows\System\aXiucez.exe
  2⤵
  PID:9036
- C:\Windows\System\OpHbgzE.exe
  C:\Windows\System\OpHbgzE.exe
  2⤵
  PID:8852
- C:\Windows\System\oNZcNjO.exe
  C:\Windows\System\oNZcNjO.exe
  2⤵
  PID:9064
- C:\Windows\System\gHMGLyy.exe
  C:\Windows\System\gHMGLyy.exe
  2⤵
  PID:9104
- C:\Windows\System\lZGyEgA.exe
  C:\Windows\System\lZGyEgA.exe
  2⤵
  PID:9076
- C:\Windows\System\ENAJRHR.exe
  C:\Windows\System\ENAJRHR.exe
  2⤵
  PID:9124
- C:\Windows\System\ePBIsWy.exe
  C:\Windows\System\ePBIsWy.exe
  2⤵
  PID:9192
- C:\Windows\System\yqpsBOK.exe
  C:\Windows\System\yqpsBOK.exe
  2⤵
  PID:8276
- C:\Windows\System\CrjRGol.exe
  C:\Windows\System\CrjRGol.exe
  2⤵
  PID:8304
- C:\Windows\System\PQcUtVy.exe
  C:\Windows\System\PQcUtVy.exe
  2⤵
  PID:8320
- C:\Windows\System\OqbWheS.exe
  C:\Windows\System\OqbWheS.exe
  2⤵
  PID:8416
- C:\Windows\System\VfRnYmc.exe
  C:\Windows\System\VfRnYmc.exe
  2⤵
  PID:8536
- C:\Windows\System\HJZqsIO.exe
  C:\Windows\System\HJZqsIO.exe
  2⤵
  PID:8584
- C:\Windows\System\XkANdbi.exe
  C:\Windows\System\XkANdbi.exe
  2⤵
  PID:8624
- C:\Windows\System\OuNkfhS.exe
  C:\Windows\System\OuNkfhS.exe
  2⤵
  PID:8600
- C:\Windows\System\TmEBXRC.exe
  C:\Windows\System\TmEBXRC.exe
  2⤵
  PID:8700
- C:\Windows\System\AVNWRHG.exe
  C:\Windows\System\AVNWRHG.exe
  2⤵
  PID:8744
- C:\Windows\System\RkHokFp.exe
  C:\Windows\System\RkHokFp.exe
  2⤵
  PID:8816
- C:\Windows\System\UTGFfGI.exe
  C:\Windows\System\UTGFfGI.exe
  2⤵
  PID:8904
- C:\Windows\System\bCVvddS.exe
  C:\Windows\System\bCVvddS.exe
  2⤵
  PID:8980
- C:\Windows\System\eLNIDQk.exe
  C:\Windows\System\eLNIDQk.exe
  2⤵
  PID:8960
- C:\Windows\System\oWZlnBk.exe
  C:\Windows\System\oWZlnBk.exe
  2⤵
  PID:8856
- C:\Windows\System\neuaPzx.exe
  C:\Windows\System\neuaPzx.exe
  2⤵
  PID:9136
- C:\Windows\System\lrTVvwX.exe
  C:\Windows\System\lrTVvwX.exe
  2⤵
  PID:9188
- C:\Windows\System\jckbWCp.exe
  C:\Windows\System\jckbWCp.exe
  2⤵
  PID:9208
- C:\Windows\System\SEOAqWQ.exe
  C:\Windows\System\SEOAqWQ.exe
  2⤵
  PID:8208
- C:\Windows\System\cRyoxPr.exe
  C:\Windows\System\cRyoxPr.exe
  2⤵
  PID:8356
- C:\Windows\System\XkpEADQ.exe
  C:\Windows\System\XkpEADQ.exe
  2⤵
  PID:8412
- C:\Windows\System\GeeXZYm.exe
  C:\Windows\System\GeeXZYm.exe
  2⤵
  PID:8496
- C:\Windows\System\nEfNkiG.exe
  C:\Windows\System\nEfNkiG.exe
  2⤵
  PID:8724
- C:\Windows\System\rravzFC.exe
  C:\Windows\System\rravzFC.exe
  2⤵
  PID:9016
- C:\Windows\System\QQOynom.exe
  C:\Windows\System\QQOynom.exe
  2⤵
  PID:8704
- C:\Windows\System\PAohBHO.exe
  C:\Windows\System\PAohBHO.exe
  2⤵
  PID:8936
- C:\Windows\System\UJVNtxN.exe
  C:\Windows\System\UJVNtxN.exe
  2⤵
  PID:8920
- C:\Windows\System\vJjWPmt.exe
  C:\Windows\System\vJjWPmt.exe
  2⤵
  PID:9176
- C:\Windows\System\KqZtDVp.exe
  C:\Windows\System\KqZtDVp.exe
  2⤵
  PID:8764
- C:\Windows\System\HksKcfL.exe
  C:\Windows\System\HksKcfL.exe
  2⤵
  PID:8368
- C:\Windows\System\YrGXYVz.exe
  C:\Windows\System\YrGXYVz.exe
  2⤵
  PID:9032
- C:\Windows\System\VIBJIPz.exe
  C:\Windows\System\VIBJIPz.exe
  2⤵
  PID:9212
- C:\Windows\System\WufCZzt.exe
  C:\Windows\System\WufCZzt.exe
  2⤵
  PID:8768
- C:\Windows\System\QFTHZNw.exe
  C:\Windows\System\QFTHZNw.exe
  2⤵
  PID:9028
- C:\Windows\System\sNTZRkj.exe
  C:\Windows\System\sNTZRkj.exe
  2⤵
  PID:8264
- C:\Windows\System\RMpsaQJ.exe
  C:\Windows\System\RMpsaQJ.exe
  2⤵
  PID:8760
- C:\Windows\System\kYaBTot.exe
  C:\Windows\System\kYaBTot.exe
  2⤵
  PID:8280
- C:\Windows\System\PGUVljE.exe
  C:\Windows\System\PGUVljE.exe
  2⤵
  PID:9056
- C:\Windows\System\sAQwOOU.exe
  C:\Windows\System\sAQwOOU.exe
  2⤵
  PID:8956
- C:\Windows\System\oXUqPAm.exe
  C:\Windows\System\oXUqPAm.exe
  2⤵
  PID:8464
- C:\Windows\System\jIpXHGh.exe
  C:\Windows\System\jIpXHGh.exe
  2⤵
  PID:8916
- C:\Windows\System\LTASTsY.exe
  C:\Windows\System\LTASTsY.exe
  2⤵
  PID:9120
- C:\Windows\System\dfJBixZ.exe
  C:\Windows\System\dfJBixZ.exe
  2⤵
  PID:9052
- C:\Windows\System\BjIhHfw.exe
  C:\Windows\System\BjIhHfw.exe
  2⤵
  PID:2552
- C:\Windows\System\RjkvQBI.exe
  C:\Windows\System\RjkvQBI.exe
  2⤵
  PID:1428
- C:\Windows\System\geJtfWv.exe
  C:\Windows\System\geJtfWv.exe
  2⤵
  PID:8740
- C:\Windows\System\jklXwGV.exe
  C:\Windows\System\jklXwGV.exe
  2⤵
  PID:892
- C:\Windows\System\IDbgqtB.exe
  C:\Windows\System\IDbgqtB.exe
  2⤵
  PID:9232
- C:\Windows\System\TCcGcmO.exe
  C:\Windows\System\TCcGcmO.exe
  2⤵
  PID:9256
- C:\Windows\System\uUgWxGa.exe
  C:\Windows\System\uUgWxGa.exe
  2⤵
  PID:9272
- C:\Windows\System\LEyFlss.exe
  C:\Windows\System\LEyFlss.exe
  2⤵
  PID:9292
- C:\Windows\System\bGtKSDd.exe
  C:\Windows\System\bGtKSDd.exe
  2⤵
  PID:9312
- C:\Windows\System\siqDYUW.exe
  C:\Windows\System\siqDYUW.exe
  2⤵
  PID:9340
- C:\Windows\System\HSYiHdY.exe
  C:\Windows\System\HSYiHdY.exe
  2⤵
  PID:9356
- C:\Windows\System\nvYaLrH.exe
  C:\Windows\System\nvYaLrH.exe
  2⤵
  PID:9376
- C:\Windows\System\ztnUpPH.exe
  C:\Windows\System\ztnUpPH.exe
  2⤵
  PID:9392
- C:\Windows\System\azitQEx.exe
  C:\Windows\System\azitQEx.exe
  2⤵
  PID:9408
- C:\Windows\System\lpGlyrb.exe
  C:\Windows\System\lpGlyrb.exe
  2⤵
  PID:9428
- C:\Windows\System\TRSfmfG.exe
  C:\Windows\System\TRSfmfG.exe
  2⤵
  PID:9460
- C:\Windows\System\qtROXEN.exe
  C:\Windows\System\qtROXEN.exe
  2⤵
  PID:9476
- C:\Windows\System\iXONrUm.exe
  C:\Windows\System\iXONrUm.exe
  2⤵
  PID:9492
- C:\Windows\System\EhbpaKT.exe
  C:\Windows\System\EhbpaKT.exe
  2⤵
  PID:9512
- C:\Windows\System\ujUhLGb.exe
  C:\Windows\System\ujUhLGb.exe
  2⤵
  PID:9532
- C:\Windows\System\QXPYbuJ.exe
  C:\Windows\System\QXPYbuJ.exe
  2⤵
  PID:9548
- C:\Windows\System\ZnmdSiz.exe
  C:\Windows\System\ZnmdSiz.exe
  2⤵
  PID:9572
- C:\Windows\System\NbvPGWb.exe
  C:\Windows\System\NbvPGWb.exe
  2⤵
  PID:9600
- C:\Windows\System\itljQUS.exe
  C:\Windows\System\itljQUS.exe
  2⤵
  PID:9616
- C:\Windows\System\ulEpNVo.exe
  C:\Windows\System\ulEpNVo.exe
  2⤵
  PID:9640
- C:\Windows\System\lLKXXzU.exe
  C:\Windows\System\lLKXXzU.exe
  2⤵
  PID:9656
- C:\Windows\System\ziKVFuH.exe
  C:\Windows\System\ziKVFuH.exe
  2⤵
  PID:9680
- C:\Windows\System\HMgAhly.exe
  C:\Windows\System\HMgAhly.exe
  2⤵
  PID:9696
- C:\Windows\System\NERaadl.exe
  C:\Windows\System\NERaadl.exe
  2⤵
  PID:9712
- C:\Windows\System\RrHVfbH.exe
  C:\Windows\System\RrHVfbH.exe
  2⤵
  PID:9732
- C:\Windows\System\qCFPwFa.exe
  C:\Windows\System\qCFPwFa.exe
  2⤵
  PID:9748
- C:\Windows\System\PUmklGR.exe
  C:\Windows\System\PUmklGR.exe
  2⤵
  PID:9780
- C:\Windows\System\BRAHwSX.exe
  C:\Windows\System\BRAHwSX.exe
  2⤵
  PID:9796
- C:\Windows\System\iUyNNKq.exe
  C:\Windows\System\iUyNNKq.exe
  2⤵
  PID:9820
- C:\Windows\System\oyRIblJ.exe
  C:\Windows\System\oyRIblJ.exe
  2⤵
  PID:9836
- C:\Windows\System\VQjLiBK.exe
  C:\Windows\System\VQjLiBK.exe
  2⤵
  PID:9856
- C:\Windows\System\dgCAdsg.exe
  C:\Windows\System\dgCAdsg.exe
  2⤵
  PID:9872
- C:\Windows\System\dAzbYky.exe
  C:\Windows\System\dAzbYky.exe
  2⤵
  PID:9888
- C:\Windows\System\NxmbYlU.exe
  C:\Windows\System\NxmbYlU.exe
  2⤵
  PID:9904
- C:\Windows\System\XmjhyUU.exe
  C:\Windows\System\XmjhyUU.exe
  2⤵
  PID:9932
- C:\Windows\System\bAfFCHM.exe
  C:\Windows\System\bAfFCHM.exe
  2⤵
  PID:9948
- C:\Windows\System\rJJWuhh.exe
  C:\Windows\System\rJJWuhh.exe
  2⤵
  PID:9984
- C:\Windows\System\bLKkeKx.exe
  C:\Windows\System\bLKkeKx.exe
  2⤵
  PID:10000
- C:\Windows\System\DdRyyGi.exe
  C:\Windows\System\DdRyyGi.exe
  2⤵
  PID:10020
- C:\Windows\System\pwcuYYk.exe
  C:\Windows\System\pwcuYYk.exe
  2⤵
  PID:10040
- C:\Windows\System\PIELKqM.exe
  C:\Windows\System\PIELKqM.exe
  2⤵
  PID:10060
- C:\Windows\System\xLvdXLH.exe
  C:\Windows\System\xLvdXLH.exe
  2⤵
  PID:10080
- C:\Windows\System\hMKpRBh.exe
  C:\Windows\System\hMKpRBh.exe
  2⤵
  PID:10100
- C:\Windows\System\ekBNjvH.exe
  C:\Windows\System\ekBNjvH.exe
  2⤵
  PID:10120
- C:\Windows\System\zMLxMWx.exe
  C:\Windows\System\zMLxMWx.exe
  2⤵
  PID:10136
- C:\Windows\System\kkYgVWb.exe
  C:\Windows\System\kkYgVWb.exe
  2⤵
  PID:10152
- C:\Windows\System\yKPrziP.exe
  C:\Windows\System\yKPrziP.exe
  2⤵
  PID:10168
- C:\Windows\System\IgFruzp.exe
  C:\Windows\System\IgFruzp.exe
  2⤵
  PID:10192
- C:\Windows\System\SdMrPCg.exe
  C:\Windows\System\SdMrPCg.exe
  2⤵
  PID:10224
- C:\Windows\System\wNJgsLt.exe
  C:\Windows\System\wNJgsLt.exe
  2⤵
  PID:9220
- C:\Windows\System\FyOyAxI.exe
  C:\Windows\System\FyOyAxI.exe
  2⤵
  PID:1312
- C:\Windows\System\jLJVCoj.exe
  C:\Windows\System\jLJVCoj.exe
  2⤵
  PID:9268
- C:\Windows\System\GECvptw.exe
  C:\Windows\System\GECvptw.exe
  2⤵
  PID:9320
- C:\Windows\System\jCyqgYe.exe
  C:\Windows\System\jCyqgYe.exe
  2⤵
  PID:9284
- C:\Windows\System\ivlhotu.exe
  C:\Windows\System\ivlhotu.exe
  2⤵
  PID:9328
- C:\Windows\System\iCwzMuB.exe
  C:\Windows\System\iCwzMuB.exe
  2⤵
  PID:9384
- C:\Windows\System\RyIJDZP.exe
  C:\Windows\System\RyIJDZP.exe
  2⤵
  PID:9420
- C:\Windows\System\oaRSWPN.exe
  C:\Windows\System\oaRSWPN.exe
  2⤵
  PID:9468
- C:\Windows\System\DWtexlz.exe
  C:\Windows\System\DWtexlz.exe
  2⤵
  PID:9504
- C:\Windows\System\TgDLxna.exe
  C:\Windows\System\TgDLxna.exe
  2⤵
  PID:9456
- C:\Windows\System\PjhpRQV.exe
  C:\Windows\System\PjhpRQV.exe
  2⤵
  PID:9524
- C:\Windows\System\hVgUbNo.exe
  C:\Windows\System\hVgUbNo.exe
  2⤵
  PID:9568
- C:\Windows\System\vweQAog.exe
  C:\Windows\System\vweQAog.exe
  2⤵
  PID:9624
- C:\Windows\System\oMSBKLL.exe
  C:\Windows\System\oMSBKLL.exe
  2⤵
  PID:9648
- C:\Windows\System\wuQVuGT.exe
  C:\Windows\System\wuQVuGT.exe
  2⤵
  PID:9672
- C:\Windows\System\RQcoqiY.exe
  C:\Windows\System\RQcoqiY.exe
  2⤵
  PID:9708
- C:\Windows\System\ijadRSs.exe
  C:\Windows\System\ijadRSs.exe
  2⤵
  PID:9724
- C:\Windows\System\cSFaKMG.exe
  C:\Windows\System\cSFaKMG.exe
  2⤵
  PID:9764
- C:\Windows\System\ZnYbkWW.exe
  C:\Windows\System\ZnYbkWW.exe
  2⤵
  PID:9788
- C:\Windows\System\oSpsKmh.exe
  C:\Windows\System\oSpsKmh.exe
  2⤵
  PID:9812
- C:\Windows\System\xzMAzja.exe
  C:\Windows\System\xzMAzja.exe
  2⤵
  PID:9896
- C:\Windows\System\MrcHTdj.exe
  C:\Windows\System\MrcHTdj.exe
  2⤵
  PID:9940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\FcvBIJf.exe

Filesize
2.6MB

MD5
ccbb256b383e343ef09e63e97d895d7e

SHA1
191e03d4a1ecfc208fad90c615ba261a1e2d39fe

SHA256
dd1d96932f7f6d76ccfee6a454c9d7a41669abf7f95606b79f774709586428b1

SHA512
9f9fb23facba1c23d97f52ec52068a3876f071d0e4a3ab4854779ee2d94b5a724056080dc29b7ab6d2f46174cd6d4c699ab6d90bbda568c65870a9ac093e450a

Download Submit
C:\Windows\system\FsGFONi.exe

Filesize
2.6MB

MD5
37a8f4eec4b4e29a887db9d4909e1299

SHA1
743cdbd2becbc067163b16e0c359ec3c9d337d6d

SHA256
77d3e5b0bf21700b5978285a2b3b4f161194288d984a462f06015db785320725

SHA512
b794f5d75609efe578a95a9e273de594cbbdf4e68f28f497b94dc43d7dd353d21e4f998085b6409939a827181d13160c3829739c5ba78703bf1abaf29f9f0441

Download Submit
C:\Windows\system\HXpuEUu.exe

Filesize
2.6MB

MD5
11ef0483d6a803e32090ac392c6ab4c5

SHA1
863d4cf7a638f7e677cafee69cce0e12d655df7c

SHA256
876ab737a50f078e40c605e395e629929b971fae2b6b246327393350807a0d8a

SHA512
d2f71d298d07de3176ac60378f942690402b3e00fd906903aaa5a5e61ae03a08f11c5663d35648958b93e7a00f07c3f5effe53ecefc2652a5539db3c1063b8ef

Download Submit
C:\Windows\system\OztRTFN.exe

Filesize
2.6MB

MD5
af1c33e778843292ab36788d9a469a27

SHA1
874bc4ac561f3b36edf5cb9e2acc79acebc11ba4

SHA256
e61c298de9361b002dc63929720a2709c0dffef1f6f5994061b33bf6d0188833

SHA512
e59224b7870558c302d0bcae8a8d9ab2588f1ed81fa2fc656901191dd47d833eb51ffef2a10d89605821c07be99bc8af859f56f033f26012edb279616147e4e6

Download Submit
C:\Windows\system\QPeXfAe.exe

Filesize
2.6MB

MD5
64172f73264bb2eab29d0c0a210b448a

SHA1
38fbde9b8ae90fc9d60bcc881e671be56f606d58

SHA256
0acc1cd4434d15599e8c9c52fb5a54b42b9b0c03002f64664271f70245bf0239

SHA512
ea91c7849f153afcc918ebd88ba3659a587a72870e149db42fae8afcfabd75195280b29a2f69ac81ff3f82f8dadd9e4bc412f8cb3a974f3faa3fe299bfc3fbb7

Download Submit
C:\Windows\system\RcdZnqM.exe

Filesize
2.6MB

MD5
aa8d20ab8cb31985a194ab003d634971

SHA1
1ff6939aa06f9fcf5588077e0dcb56cc8ffc2f6c

SHA256
7754e86fad64a8c70e092482f89d9c17cf5c3dc6f876c25690c87698b90030c5

SHA512
383c9d0c1740b72abcb2a1cbe881003aebf018be3a69f42e46354f29178d5339714ab63db7afbbccd3f46e485af295acc938e5d805b66eb2414da4b3fb4c699d

Download Submit
C:\Windows\system\TZSTrZu.exe

Filesize
2.6MB

MD5
512b028947256c8a636b3e4b2e9c6421

SHA1
ffb106b695f1590de0d11acc12e33f1216d5f2f9

SHA256
f6293b7e5d6bc8d9783431083f4bb3424eea763106e5dc32ba5e4c4e44201e46

SHA512
2c985e1b45c3d42da488362bb70544257332ea905c02ed1d17df3b59656836611a0db6b2dbb6419bcd03026932d0e2eb995758d00ec0c91bab1b8ed42e7ac3a0

Download Submit
C:\Windows\system\UbokZEJ.exe

Filesize
2.6MB

MD5
4c93938889fc016802d9b55ef3875876

SHA1
84eefa14c0f47e20c8cdd83e6d4b34244198edfb

SHA256
bc62a087bf6480a6c140e61543bf1594f7db8e8d8bb6e3661656df699fa721c0

SHA512
09dc0b451c274927fd5bd249fea7961aeaffd91b008b4b8c02f678914948415c566986d6d6c9092ed56635ddb4b4331a70ab5756e27e31eb49ca248a1bd5cda9

Download Submit
C:\Windows\system\WQEGJhk.exe

Filesize
2.6MB

MD5
6fc6ad7ac3f81adb74e67912ab24451f

SHA1
118c3ba8677d9fcc286e9b1e40f58f37b2942385

SHA256
fe5a8daf19a9be21fa76d0920b3fd5dea3236a3d142dc443880d69c8f8ebed85

SHA512
c0e7a3f8d606c3ffcbe1f2cf92930365d6332cd44671103f375812742b9daffd7374e21988cd1c1ff9397dd710b6e72d7c19ce24deffb27d3ee90628e5988d1c

Download Submit
C:\Windows\system\YVzPxfl.exe

Filesize
2.6MB

MD5
2410889089db878745a64d08cad5a1af

SHA1
022040641c6002e6477730f142a4aaa3a2ddab3d

SHA256
e43f54676763f1a9e45c675c0d421bc81370b71776e5b1752d5818dfa2c4f8c3

SHA512
8d454bdbe8f65fd36ceb400db88188a2bea553a04744d7cbc87680a6ca44d1e70594b9a3473f8af3e521ddda36f297b404b9062b85dcb368f6b09b9c275e130f

Download Submit
C:\Windows\system\ZRhhfIT.exe

Filesize
2.6MB

MD5
640be7c29b3dab4753a70543b9071ea9

SHA1
457bab595b259311d1c3a041e18632f9d88650f7

SHA256
90aa11ac7ad7b9b917f83618a81bb64298ec94cec2f22b6b19cd97d19feb5086

SHA512
e868cc1c21919772eace88315126dfb9fe92023cedc4df4cd3d73690428f3532142658782462e62d6af5ccd34cb202a26fb1a28f1c602951559fbc2b13912a74

Download Submit
C:\Windows\system\aPmLRxF.exe

Filesize
2.6MB

MD5
0a3338a9f263e68e2d5a94a7e51f2201

SHA1
ecbe342084f71b7f2c0643f05e9469140c5a6f93

SHA256
df62261ace2478f8f739cbbb03d49422456c1648c8dce44c4bd34aae5f30ccbd

SHA512
6c81cb03239b8410c90b327a8c4ee15111cb1e3aa9817ca44ba587c578f50643fa73f3e6e1953f3047c6932eaecc229f9004b22a096196db91a45ebe88f6f7e6

Download Submit
C:\Windows\system\kFWirdW.exe

Filesize
2.6MB

MD5
c4512ba16390899e38512e51ca032bfa

SHA1
4c786c9cda71134e2c450cee5285c83680d7fb3a

SHA256
afe355b9c45cb9faf79c0bf8142a8a843208f898e1dc823b061afe4e7252bbc6

SHA512
19191d32b658b98824009a2d4b719430543d36518083d120f28af8e23ae7d837d4945ce941da77b5f065c9eefa4824ee404817e3e58d89a7dea18f83c61cc522

Download Submit
C:\Windows\system\lfZRkkp.exe

Filesize
2.6MB

MD5
f4057b65b84aff7682a8317c90c2ab3f

SHA1
1eb6bbc2e844ebe36153964a8e261c532059556d

SHA256
492b935e60efb4a7c402fc883c8ba1d6b411920fd8da686c89ba52bbd26574a3

SHA512
d7d1a242ecff2f8395c37d076229e4a0c72876e7a18dcc89e7f9e1663aad56e29a3acb29ba1825e0c551872ccd90d3bccf8dcd5c9d389b4478b902853e1e9c98

Download Submit
C:\Windows\system\pWwmNxL.exe

Filesize
2.6MB

MD5
74354abd3293eec8ea5ebe9c7d1bcd3e

SHA1
677f4c32589c3e82321f8042eb048aefc5472d9d

SHA256
b0491e866603d40d0e12c1c19e1a94d3d23a9741cf3e9c8fd15a8d2329e1ae08

SHA512
61768f5af1453fc3f5540ef4871eeb6890d9784c47b319a8259ea20cdaabdae162d98b5c0de91a72c887e40e3d359875b1420cdabfd719ae568ed63f1956e7a4

Download Submit
C:\Windows\system\sutbRtD.exe

Filesize
2.6MB

MD5
039b2c1533203e55af3639526e73f255

SHA1
b6e78c384a6f228bae55bd064cf183480f509991

SHA256
187f3558470ce9b17f26944ec4dff042b85c34d604b2c6cd170a55e41fd6c684

SHA512
ccad98363e8301fcac075fa28d6a879259d0a7977b1542b3168b74e82fe9fec936d6db93c6b11e4efcdae80b021b34f25730898be979d93bd1d78e1c6c2a0398

Download Submit
C:\Windows\system\sxdADwo.exe

Filesize
2.6MB

MD5
728f8d6a041d0822f420556f928058d6

SHA1
3a14bad576b6cb55f3081f7bad4faad549f3455e

SHA256
d9b60cba81a5f327374ef798482e8d4c61c975988f5cc2e0ea8175cf68457509

SHA512
16158c3ef2c50b17d2471b8a2a93cb4b3a42594806fcef60a79576f0827585061473b9517dff73b6537a92c7314547f406eafded0958b9f6e2446993a9b1569e

Download Submit
C:\Windows\system\umpvnFF.exe

Filesize
2.6MB

MD5
5dd67177d894a9d4e0057b8cce608067

SHA1
05e63947eb42da85a1a11086b729597ee9077c09

SHA256
b7e67c46c7775e5e3cef5f83de6fa506c42932dce31b56f6b4db38e955ac4a7f

SHA512
90a64b6fc865db863bc4c85ccac8917e35a4ed8dc358fa6e100c016ecc88463843ba44afb23cfd3bdee654915475a5d366b6fc9ffd551c0908ed4049153306fe

Download Submit
C:\Windows\system\xZgNOsR.exe

Filesize
2.6MB

MD5
7753b81df2bdf9cc6c2515d3d414e524

SHA1
5b3c3803792ae5380517a0d38cf6522148bdc36f

SHA256
3a7225a97390a243b2951fff4598f692de923a1ef31d12e9dd1cba0a72d6f6b3

SHA512
c480977091d4c07bd798a3ad65f0c8e6e4b086e3abbc034b7ff4c7165abd5c6816926aa8b8a87d30414d56909b98d825e99ec716e257f7a9fdd3786c13536a6e

Download Submit
\Windows\system\NMgsTtc.exe

Filesize
2.6MB

MD5
269bdd0594767a6ee2b7ff169d4760b9

SHA1
1f2328983350ca88d7598146ff61d4c56eec5e4a

SHA256
d8ef9d56206648f00e7aa71db7d8d99c7db1662db716a9ce0bf0b873eb8850de

SHA512
5def693554df38e4484fcf42843a1293f06096c2778e54d20fd44d18935eca231a7ab56366e74b4714706933a834bd2d74c49ac7f9aa075f125fa4ea330f2428

Download Submit
\Windows\system\NUCmmrN.exe

Filesize
2.6MB

MD5
3440f37c000a4ff35876ef59dfcb744d

SHA1
6aaf20c7e0d896afd9c5d00cce8ceb454af7f3af

SHA256
016cb2051018fa03ab09fa6e9b178602b9317426fe0e76e77b79d8d95a9fbd4e

SHA512
263aea3baf06c7d76f3a1715e3c29416570fe5c34ad3c4e14af2ad5ea7776231fe9b8fe0103c1f09523a53019dd9c7ff2ec229d8b2af45062bc130e5645e884a

Download Submit
\Windows\system\OVNyxOy.exe

Filesize
2.6MB

MD5
67b1b049e99367be85626a678b0f7e4c

SHA1
12238815c6661dcf20951796fe3aa92668f236bb

SHA256
4e308186b090f80b5a454d321423322ec334746e73f4c6e56016eb74e3b942b1

SHA512
956811367ba6159618fd5f2e893775017e88e2440de2a49d96c3e9bc18a8b0ae072254cc23347e714456d8ab2ff95b100a53fdeb3d7802c08416a3346f6fa0bf

Download Submit
\Windows\system\VoKKEBB.exe

Filesize
2.6MB

MD5
28eb7e325a28fbf2aba26f6e758d8dac

SHA1
4bff9b2f41f646efd464f60a3187cd230d08d1f4

SHA256
8df8710533e6e9bc102222bb3455f42064dcf6785ff2e69eb7fe6ee8a9849638

SHA512
2a8ea2709c521e29ad0cab64e91f33c4cfa0f886f76c2eb0e019296a7e1f904e1516930ee77a21944bc35b39190f537e4f998e9eb509f41314a21a449bd0533e

Download Submit
\Windows\system\bnyByPl.exe

Filesize
2.6MB

MD5
24a793322039070cd807a9ef8bad693e

SHA1
69aad63cc84c1ad2d564592a97276d1cda3e4451

SHA256
ce44b38feff0928c756f956c471fbadb205b4242927f11b676e2b7b2e9fb79f0

SHA512
e9b953552f0c8fa47cf247dde65724587c58f44e63ca7b33ba820a79857df35a6de342bec63795c12e013031fb38701a9d7b4a202373768136c7c876575430d0

Download Submit
\Windows\system\catdobJ.exe

Filesize
2.6MB

MD5
7c2d0e9df0788724ee1bc8ea9a7ebda9

SHA1
e8b9ad5ed5686270be1bb64be7c60a153e96e68e

SHA256
0ba071a7cbf833cf7a8cbc3d50fd06bf6cd8487dd526ec6de4501d5fe73843c0

SHA512
20a3b421436972b4f84318d30d52364341bd4cf169e1f4085570f41de5c0c6f411d4c7fca5bcb3ed91211db7f5d38354b32c4124245215b894716fd76dfcc484

Download Submit
\Windows\system\dyqEXOE.exe

Filesize
2.6MB

MD5
026f83413d97f2b11611a2e72def6ff8

SHA1
7d5035e04e85611a31698793b2f6a6c53c8239df

SHA256
7724d7915966c98c9e1f4b5b92a694076373bf71cedbb04d475a3040b374c310

SHA512
5f4a8d3315f597ddfee8faae1a925bea22122f1917e9feacb69cf7be9f5b97b26ae0577d4b0a9c57fee34c10474c85e82a2b0f08feef2f7c98494b4d73fe0967

Download Submit
\Windows\system\gKObVtK.exe

Filesize
2.6MB

MD5
578076465f6f6df795bf62f6cb77398a

SHA1
d7da1565aee45d7562f3855ade76e95f405e6b15

SHA256
97289077745b2a6699a44d6fb2b9ef04192c58abb1ab6ec1352cd66c286f1ed3

SHA512
2941140d2b6af4e2e92eeca90acf7f6a768c8ea8a57a0c11a02de2fb5ddb6b29bacc33be0a882393fbd184900f8f1484b14eac0543dbf5ac7c83a98529fa8930

Download Submit
\Windows\system\gmNEfhM.exe

Filesize
2.6MB

MD5
356e28dcb11f4251a9b6cfa59b68fdad

SHA1
871eeabd2339a4c3f30ceb366e61458bf5122f71

SHA256
6888a527114ecda74d2458a20feef7c677aaad96ec2167225a9717b567fcd594

SHA512
3c85459128d4da50cf36a1336c6975afcfdd362233e6ec3f60988534a7e60526565dc4223503dfd3c4494b5466308e21eb510b2161e778fdcc90c49127965782

Download Submit
\Windows\system\nzYPxbU.exe

Filesize
2.6MB

MD5
9efa737e98097b95ece33b74925475f7

SHA1
de82c6dab8c62c316ced9eb2d68aecfa57808632

SHA256
6d2718c5e77b12b43d51f05a7fb7d5ccc2c158e24c28c8eefe160d54c8c99bbe

SHA512
d344e81c2bb2377f34fc252e9106569a957e307c6ea01b39568f266b1723ba9643228bb4a45f2c5973df0c218094a1c412236f0927257fd83791dc10d5c43174

Download Submit
\Windows\system\uqjWjWO.exe

Filesize
2.6MB

MD5
3e7be5976cf79b6691a4743b5c11b622

SHA1
9706d15d23677a1f28cbb3ab9216e72e151c3b49

SHA256
bfa59de4d7284d1eb7166514f650e4b70c5a0a380c44c2cc23161d4661218db7

SHA512
134e0c1bce0de93f483b4b89bcb929e9a15495b37f1c917dd0e9a2dcf32bcbcc9a27f7943b29adbb0dc3e16d941cb978a8335f6269f23bfea3853cbc55f04c9a

Download Submit
\Windows\system\woPxdFS.exe

Filesize
2.6MB

MD5
adc805d9f7e168a992fbb951a489c0d1

SHA1
915ca266ead214daaf2cc23e22677d6a8c23d0be

SHA256
4de62767b33645ec2a4efdc59302c276a84ed2034bb9762296a5ec93458d1ef6

SHA512
678292231a57362d825fa9f9b277a51d9e6ff700e352062f460e5bb6e49e2a1b3f114ebe813347a0977e937e8839bdbcc182ad1f1652a82132ff88e8a9ecd59a

Download Submit
\Windows\system\xuikxPx.exe

Filesize
2.6MB

MD5
04c191fdd72c544a4acd95dc947424bf

SHA1
ef74705c3a3b3500329e3a5b3af008756fe5b59b

SHA256
1c17f5a228b46ea7e1170d002334e78bbb2367e2b72fab2cc94a599c7bbcbfe5

SHA512
774f2831130030cb60eb1452783c9b7196b0fe55b7f15c1f29c3af055b3e0180fc1022d226dd3cd7e3496382a9ea20ac01afeba44d57f960091a5f18abd60a73

Download Submit
memory/592-2668-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/592-107-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/1612-2425-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/1612-66-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/1612-209-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/1728-2667-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/1728-99-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2196-326-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2196-2585-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2196-84-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2256-2400-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2256-61-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2492-79-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2492-28-0x0000000002040000-0x0000000002394000-memory.dmp

Filesize
3.3MB

Download
memory/2492-111-0x0000000002040000-0x0000000002394000-memory.dmp

Filesize
3.3MB

Download
memory/2492-0-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2492-105-0x0000000002040000-0x0000000002394000-memory.dmp

Filesize
3.3MB

Download
memory/2492-42-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2492-58-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2492-39-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2492-18-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2492-112-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2492-82-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2492-71-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2492-351-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2492-400-0x0000000002040000-0x0000000002394000-memory.dmp

Filesize
3.3MB

Download
memory/2492-356-0x0000000002040000-0x0000000002394000-memory.dmp

Filesize
3.3MB

Download
memory/2492-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2492-32-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2492-54-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2492-36-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2492-170-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2492-76-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-60-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-2392-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-2584-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2608-303-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2648-70-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-2376-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-40-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-62-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2692-34-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2692-2388-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2764-2073-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2764-14-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2808-2101-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2808-43-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2808-24-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2876-2024-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2876-8-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2876-41-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/3000-103-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-2666-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-2095-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/3044-50-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/3044-27-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download