cobaltstrike | 99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-12-2024 16:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
Size

6.0MB
MD5

e10a24d8eb6e6a129bdf4a5d515f9834
SHA1

785c5b90592599ed6cb82cd52b9f38706058b79e
SHA256

99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd
SHA512

8924276df8517eb7200a53069cec794a432ec57288ff954626950718f8b8905ac8f62c7f8c93c955339fa00f2d66a57733bd5198b7dfa2b3bacce6fdf3f2cd76
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lU3:eOl56utgpPF8u/73

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a000000012280-3.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001660e-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016890-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c89-17.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ca0-25.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cab-29.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cf0-35.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017570-44.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f1-49.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f7-54.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018683-59.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019237-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939f-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019358-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001927a-135.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019056-109.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019354-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019299-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924f-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019203-114.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018fdf-104.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d83-99.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d7b-94.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018be7-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018745-84.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871c-79.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870c-74.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018706-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-64.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d22-40.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 55 IoCs

miner

resource	yara_rule
behavioral1/memory/2380-0-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/files/0x000a000000012280-3.dat	xmrig
behavioral1/files/0x000800000001660e-11.dat	xmrig
behavioral1/files/0x0008000000016890-15.dat	xmrig
behavioral1/files/0x0007000000016c89-17.dat	xmrig
behavioral1/files/0x0007000000016ca0-25.dat	xmrig
behavioral1/files/0x0007000000016cab-29.dat	xmrig
behavioral1/files/0x0009000000016cf0-35.dat	xmrig
behavioral1/files/0x0008000000017570-44.dat	xmrig
behavioral1/files/0x00060000000175f1-49.dat	xmrig
behavioral1/files/0x00060000000175f7-54.dat	xmrig
behavioral1/files/0x000d000000018683-59.dat	xmrig
behavioral1/files/0x0005000000019237-119.dat	xmrig
behavioral1/files/0x0005000000019261-127.dat	xmrig
behavioral1/files/0x000500000001939f-159.dat	xmrig
behavioral1/files/0x0005000000019358-151.dat	xmrig
behavioral1/files/0x00050000000192a1-143.dat	xmrig
behavioral1/files/0x000500000001927a-135.dat	xmrig
behavioral1/files/0x0006000000019056-109.dat	xmrig
behavioral1/files/0x00050000000193cc-162.dat	xmrig
behavioral1/files/0x000500000001938e-156.dat	xmrig
behavioral1/memory/2380-1715-0x00000000025A0000-0x00000000028F4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019354-148.dat	xmrig
behavioral1/files/0x0005000000019299-141.dat	xmrig
behavioral1/files/0x0005000000019274-132.dat	xmrig
behavioral1/files/0x000500000001924f-124.dat	xmrig
behavioral1/files/0x0005000000019203-114.dat	xmrig
behavioral1/files/0x0006000000018fdf-104.dat	xmrig
behavioral1/files/0x0006000000018d83-99.dat	xmrig
behavioral1/files/0x0006000000018d7b-94.dat	xmrig
behavioral1/files/0x0006000000018be7-89.dat	xmrig
behavioral1/files/0x0005000000018745-84.dat	xmrig
behavioral1/files/0x000500000001871c-79.dat	xmrig
behavioral1/files/0x000500000001870c-74.dat	xmrig
behavioral1/files/0x0005000000018706-69.dat	xmrig
behavioral1/files/0x0005000000018697-64.dat	xmrig
behavioral1/files/0x0008000000016d22-40.dat	xmrig
behavioral1/memory/2836-2038-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2680-2145-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2560-2318-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2752-3700-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/2560-3706-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2580-3704-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2672-3703-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2724-3702-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2836-3701-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/1952-3843-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2880-3842-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2908-3845-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2552-3841-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2380-3846-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/848-3840-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2584-3839-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/1912-3847-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/2680-4024-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2752	ArKUBFk.exe
2836	aiMDEAM.exe
2680	ryayvce.exe
2560	dYGdbKk.exe
2672	raROvUe.exe
2580	nyZpKJn.exe
2724	PwNzfpJ.exe
2552	cCxhNns.exe
2584	GXIOPJp.exe
1912	ZymseAE.exe
848	UqgWuMm.exe
1952	XKIwEdy.exe
2880	RmdPytt.exe
2908	tEnahrV.exe
3044	UvdsXTn.exe
1736	jldblDu.exe
2888	pDQpoKx.exe
288	ZFEffPq.exe
2444	sLvWtZK.exe
1496	IfBzUqF.exe
316	wRoMXny.exe
1288	Nevarth.exe
872	RVspsZd.exe
2744	aqnStSO.exe
1724	LhvQpmE.exe
2448	KNmorbv.exe
2212	vwuJRua.exe
2980	bLneCda.exe
876	smzzkhm.exe
2732	FyQIemD.exe
952	wEicIVE.exe
2152	lHpSiUC.exe
2092	lfimHhL.exe
1248	UxtCtYm.exe
1920	cujiNaI.exe
2296	HFcCDTd.exe
3068	ekVokhN.exe
1000	EgRWVxy.exe
3056	BLGvrAa.exe
2472	FLRGDVT.exe
1948	BbbAXSx.exe
2076	ILnFkuw.exe
1596	PstoAZY.exe
2248	mbzdXxp.exe
2688	eaSYGZC.exe
1160	WsgdeyA.exe
2728	XZtXSVQ.exe
1084	ZGMCSgb.exe
1452	menKMWs.exe
1608	WrJrSQy.exe
2848	WjrQVrG.exe
908	RyDkFHK.exe
1324	ufdudCj.exe
2932	JkuJHmL.exe
2952	kQSxTPU.exe
1576	RzXlouS.exe
1720	SWgIfkK.exe
3000	qnbSESo.exe
760	hphqIfl.exe
2000	FqXkUKK.exe
2064	uqDLfMp.exe
1784	iZnjGND.exe
2180	KrsjOUM.exe
2056	EjMHjxg.exe

Loads dropped DLL 64 IoCs

pid	Process
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe

UPX packed file 54 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2380-0-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/files/0x000a000000012280-3.dat	upx
behavioral1/files/0x000800000001660e-11.dat	upx
behavioral1/files/0x0008000000016890-15.dat	upx
behavioral1/files/0x0007000000016c89-17.dat	upx
behavioral1/files/0x0007000000016ca0-25.dat	upx
behavioral1/files/0x0007000000016cab-29.dat	upx
behavioral1/files/0x0009000000016cf0-35.dat	upx
behavioral1/files/0x0008000000017570-44.dat	upx
behavioral1/files/0x00060000000175f1-49.dat	upx
behavioral1/files/0x00060000000175f7-54.dat	upx
behavioral1/files/0x000d000000018683-59.dat	upx
behavioral1/files/0x0005000000019237-119.dat	upx
behavioral1/files/0x0005000000019261-127.dat	upx
behavioral1/files/0x000500000001939f-159.dat	upx
behavioral1/files/0x0005000000019358-151.dat	upx
behavioral1/files/0x00050000000192a1-143.dat	upx
behavioral1/files/0x000500000001927a-135.dat	upx
behavioral1/files/0x0006000000019056-109.dat	upx
behavioral1/files/0x00050000000193cc-162.dat	upx
behavioral1/files/0x000500000001938e-156.dat	upx
behavioral1/files/0x0005000000019354-148.dat	upx
behavioral1/files/0x0005000000019299-141.dat	upx
behavioral1/files/0x0005000000019274-132.dat	upx
behavioral1/files/0x000500000001924f-124.dat	upx
behavioral1/files/0x0005000000019203-114.dat	upx
behavioral1/files/0x0006000000018fdf-104.dat	upx
behavioral1/files/0x0006000000018d83-99.dat	upx
behavioral1/files/0x0006000000018d7b-94.dat	upx
behavioral1/files/0x0006000000018be7-89.dat	upx
behavioral1/files/0x0005000000018745-84.dat	upx
behavioral1/files/0x000500000001871c-79.dat	upx
behavioral1/files/0x000500000001870c-74.dat	upx
behavioral1/files/0x0005000000018706-69.dat	upx
behavioral1/files/0x0005000000018697-64.dat	upx
behavioral1/files/0x0008000000016d22-40.dat	upx
behavioral1/memory/2836-2038-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2680-2145-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2560-2318-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2752-3700-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2560-3706-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2580-3704-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2672-3703-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2724-3702-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2836-3701-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/1952-3843-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2880-3842-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2908-3845-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2552-3841-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2380-3846-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/848-3840-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2584-3839-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/1912-3847-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/2680-4024-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\FszRWHw.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\HkZNzuX.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\NwDPBhd.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\wuQcNGU.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\CtElULN.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\eqRUsaD.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\eOkSbdX.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\RTUgTXs.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\EGKsZrH.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\GpDTiho.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\hzKqWBT.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\zYWbbuU.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\YFMfBrM.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\JwgMBUy.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\DYeOCDe.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\ITnCIlR.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\WEQTOmg.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\kRfznAe.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\HSjzxsR.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\diQmajl.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\reDyFoM.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\tEnahrV.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\JCgkMkc.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\JhnmLtw.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\BfuEOOj.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\PJbFCNm.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\XqRYdzl.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\wmXbJBs.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\IUVtKkw.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\vILQYnS.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\DdxCsSD.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\IBHFrbb.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\gqtzaRg.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\sYrRzGI.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\gDrtPNT.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\VJMSxFx.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\kedNxOt.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\edAJTWp.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\pQUbBwr.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\RctOcXO.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\HNhiKxY.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\UvdsXTn.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\ITrvvnV.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\WlmmZNc.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\gOYGnmE.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\ZsmXBjA.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\oKULCLE.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\EwTsBYa.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\SlUjMzW.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\mLdmbzs.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\pVNKCWN.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\hRcrhaq.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\oZfDhsc.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\tYwhRfn.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\XAvlDhp.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\EUWIFsi.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\YozruPg.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\vfFTxhC.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\GGBVPlW.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\YVxocpQ.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\fETXQSX.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\YFpUFlO.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\qbuNSJj.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
File created	C:\Windows\System\GTUqBTu.exe	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2752	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	31
PID 2380 wrote to memory of 2752	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	31
PID 2380 wrote to memory of 2752	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	31
PID 2380 wrote to memory of 2836	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	32
PID 2380 wrote to memory of 2836	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	32
PID 2380 wrote to memory of 2836	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	32
PID 2380 wrote to memory of 2680	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	33
PID 2380 wrote to memory of 2680	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	33
PID 2380 wrote to memory of 2680	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	33
PID 2380 wrote to memory of 2560	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	34
PID 2380 wrote to memory of 2560	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	34
PID 2380 wrote to memory of 2560	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	34
PID 2380 wrote to memory of 2672	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	35
PID 2380 wrote to memory of 2672	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	35
PID 2380 wrote to memory of 2672	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	35
PID 2380 wrote to memory of 2580	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	36
PID 2380 wrote to memory of 2580	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	36
PID 2380 wrote to memory of 2580	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	36
PID 2380 wrote to memory of 2724	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	37
PID 2380 wrote to memory of 2724	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	37
PID 2380 wrote to memory of 2724	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	37
PID 2380 wrote to memory of 2552	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	38
PID 2380 wrote to memory of 2552	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	38
PID 2380 wrote to memory of 2552	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	38
PID 2380 wrote to memory of 2584	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	39
PID 2380 wrote to memory of 2584	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	39
PID 2380 wrote to memory of 2584	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	39
PID 2380 wrote to memory of 1912	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	40
PID 2380 wrote to memory of 1912	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	40
PID 2380 wrote to memory of 1912	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	40
PID 2380 wrote to memory of 848	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	41
PID 2380 wrote to memory of 848	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	41
PID 2380 wrote to memory of 848	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	41
PID 2380 wrote to memory of 1952	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	42
PID 2380 wrote to memory of 1952	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	42
PID 2380 wrote to memory of 1952	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	42
PID 2380 wrote to memory of 2880	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	43
PID 2380 wrote to memory of 2880	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	43
PID 2380 wrote to memory of 2880	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	43
PID 2380 wrote to memory of 2908	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	44
PID 2380 wrote to memory of 2908	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	44
PID 2380 wrote to memory of 2908	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	44
PID 2380 wrote to memory of 3044	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	45
PID 2380 wrote to memory of 3044	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	45
PID 2380 wrote to memory of 3044	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	45
PID 2380 wrote to memory of 1736	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	46
PID 2380 wrote to memory of 1736	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	46
PID 2380 wrote to memory of 1736	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	46
PID 2380 wrote to memory of 2888	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	47
PID 2380 wrote to memory of 2888	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	47
PID 2380 wrote to memory of 2888	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	47
PID 2380 wrote to memory of 288	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	48
PID 2380 wrote to memory of 288	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	48
PID 2380 wrote to memory of 288	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	48
PID 2380 wrote to memory of 2444	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	49
PID 2380 wrote to memory of 2444	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	49
PID 2380 wrote to memory of 2444	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	49
PID 2380 wrote to memory of 1496	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	50
PID 2380 wrote to memory of 1496	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	50
PID 2380 wrote to memory of 1496	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	50
PID 2380 wrote to memory of 316	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	51
PID 2380 wrote to memory of 316	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	51
PID 2380 wrote to memory of 316	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	51
PID 2380 wrote to memory of 1288	2380	JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_99957800444a03a22e86275f53246e51ea64de8e5995d51c1de678a050285afd.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Windows\System\ArKUBFk.exe
  C:\Windows\System\ArKUBFk.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\aiMDEAM.exe
  C:\Windows\System\aiMDEAM.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\ryayvce.exe
  C:\Windows\System\ryayvce.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\dYGdbKk.exe
  C:\Windows\System\dYGdbKk.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\raROvUe.exe
  C:\Windows\System\raROvUe.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\nyZpKJn.exe
  C:\Windows\System\nyZpKJn.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\PwNzfpJ.exe
  C:\Windows\System\PwNzfpJ.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\cCxhNns.exe
  C:\Windows\System\cCxhNns.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\GXIOPJp.exe
  C:\Windows\System\GXIOPJp.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\ZymseAE.exe
  C:\Windows\System\ZymseAE.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\UqgWuMm.exe
  C:\Windows\System\UqgWuMm.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\XKIwEdy.exe
  C:\Windows\System\XKIwEdy.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\RmdPytt.exe
  C:\Windows\System\RmdPytt.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\tEnahrV.exe
  C:\Windows\System\tEnahrV.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\UvdsXTn.exe
  C:\Windows\System\UvdsXTn.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\jldblDu.exe
  C:\Windows\System\jldblDu.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\pDQpoKx.exe
  C:\Windows\System\pDQpoKx.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\ZFEffPq.exe
  C:\Windows\System\ZFEffPq.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\sLvWtZK.exe
  C:\Windows\System\sLvWtZK.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\IfBzUqF.exe
  C:\Windows\System\IfBzUqF.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\wRoMXny.exe
  C:\Windows\System\wRoMXny.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\Nevarth.exe
  C:\Windows\System\Nevarth.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\RVspsZd.exe
  C:\Windows\System\RVspsZd.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\aqnStSO.exe
  C:\Windows\System\aqnStSO.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\LhvQpmE.exe
  C:\Windows\System\LhvQpmE.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\mbzdXxp.exe
  C:\Windows\System\mbzdXxp.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\KNmorbv.exe
  C:\Windows\System\KNmorbv.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\WsgdeyA.exe
  C:\Windows\System\WsgdeyA.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\vwuJRua.exe
  C:\Windows\System\vwuJRua.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\ZGMCSgb.exe
  C:\Windows\System\ZGMCSgb.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\bLneCda.exe
  C:\Windows\System\bLneCda.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\menKMWs.exe
  C:\Windows\System\menKMWs.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\smzzkhm.exe
  C:\Windows\System\smzzkhm.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\WrJrSQy.exe
  C:\Windows\System\WrJrSQy.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\FyQIemD.exe
  C:\Windows\System\FyQIemD.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\RyDkFHK.exe
  C:\Windows\System\RyDkFHK.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\wEicIVE.exe
  C:\Windows\System\wEicIVE.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\ufdudCj.exe
  C:\Windows\System\ufdudCj.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\lHpSiUC.exe
  C:\Windows\System\lHpSiUC.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\kQSxTPU.exe
  C:\Windows\System\kQSxTPU.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\lfimHhL.exe
  C:\Windows\System\lfimHhL.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\RzXlouS.exe
  C:\Windows\System\RzXlouS.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\UxtCtYm.exe
  C:\Windows\System\UxtCtYm.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\SWgIfkK.exe
  C:\Windows\System\SWgIfkK.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\cujiNaI.exe
  C:\Windows\System\cujiNaI.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\qnbSESo.exe
  C:\Windows\System\qnbSESo.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\HFcCDTd.exe
  C:\Windows\System\HFcCDTd.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\hphqIfl.exe
  C:\Windows\System\hphqIfl.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\ekVokhN.exe
  C:\Windows\System\ekVokhN.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\FqXkUKK.exe
  C:\Windows\System\FqXkUKK.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\EgRWVxy.exe
  C:\Windows\System\EgRWVxy.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\uqDLfMp.exe
  C:\Windows\System\uqDLfMp.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\BLGvrAa.exe
  C:\Windows\System\BLGvrAa.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\iZnjGND.exe
  C:\Windows\System\iZnjGND.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\FLRGDVT.exe
  C:\Windows\System\FLRGDVT.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\KrsjOUM.exe
  C:\Windows\System\KrsjOUM.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\BbbAXSx.exe
  C:\Windows\System\BbbAXSx.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\EjMHjxg.exe
  C:\Windows\System\EjMHjxg.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\ILnFkuw.exe
  C:\Windows\System\ILnFkuw.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\NqcqwZw.exe
  C:\Windows\System\NqcqwZw.exe
  2⤵
  PID:1600
- C:\Windows\System\PstoAZY.exe
  C:\Windows\System\PstoAZY.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\PRpsBNg.exe
  C:\Windows\System\PRpsBNg.exe
  2⤵
  PID:2784
- C:\Windows\System\eaSYGZC.exe
  C:\Windows\System\eaSYGZC.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\nvQjONt.exe
  C:\Windows\System\nvQjONt.exe
  2⤵
  PID:2792
- C:\Windows\System\XZtXSVQ.exe
  C:\Windows\System\XZtXSVQ.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\aoHAnqu.exe
  C:\Windows\System\aoHAnqu.exe
  2⤵
  PID:2564
- C:\Windows\System\WjrQVrG.exe
  C:\Windows\System\WjrQVrG.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\jLFQldj.exe
  C:\Windows\System\jLFQldj.exe
  2⤵
  PID:1672
- C:\Windows\System\JkuJHmL.exe
  C:\Windows\System\JkuJHmL.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\AkekBXX.exe
  C:\Windows\System\AkekBXX.exe
  2⤵
  PID:484
- C:\Windows\System\tINFYBG.exe
  C:\Windows\System\tINFYBG.exe
  2⤵
  PID:408
- C:\Windows\System\rswVKVb.exe
  C:\Windows\System\rswVKVb.exe
  2⤵
  PID:984
- C:\Windows\System\PcCApCa.exe
  C:\Windows\System\PcCApCa.exe
  2⤵
  PID:1088
- C:\Windows\System\SNcBSKX.exe
  C:\Windows\System\SNcBSKX.exe
  2⤵
  PID:1544
- C:\Windows\System\cWtCrrD.exe
  C:\Windows\System\cWtCrrD.exe
  2⤵
  PID:1728
- C:\Windows\System\edZEDCh.exe
  C:\Windows\System\edZEDCh.exe
  2⤵
  PID:2524
- C:\Windows\System\dydnIrx.exe
  C:\Windows\System\dydnIrx.exe
  2⤵
  PID:2512
- C:\Windows\System\PwdsdSg.exe
  C:\Windows\System\PwdsdSg.exe
  2⤵
  PID:2620
- C:\Windows\System\ykevKSp.exe
  C:\Windows\System\ykevKSp.exe
  2⤵
  PID:1244
- C:\Windows\System\wvVHTQT.exe
  C:\Windows\System\wvVHTQT.exe
  2⤵
  PID:1588
- C:\Windows\System\YuBevrC.exe
  C:\Windows\System\YuBevrC.exe
  2⤵
  PID:820
- C:\Windows\System\fkMLgnb.exe
  C:\Windows\System\fkMLgnb.exe
  2⤵
  PID:2588
- C:\Windows\System\jbrZJnn.exe
  C:\Windows\System\jbrZJnn.exe
  2⤵
  PID:2080
- C:\Windows\System\ccQluAH.exe
  C:\Windows\System\ccQluAH.exe
  2⤵
  PID:2604
- C:\Windows\System\jHYojCJ.exe
  C:\Windows\System\jHYojCJ.exe
  2⤵
  PID:2256
- C:\Windows\System\GBqmNQy.exe
  C:\Windows\System\GBqmNQy.exe
  2⤵
  PID:916
- C:\Windows\System\IOIZUvr.exe
  C:\Windows\System\IOIZUvr.exe
  2⤵
  PID:1752
- C:\Windows\System\DNCVbqf.exe
  C:\Windows\System\DNCVbqf.exe
  2⤵
  PID:1980
- C:\Windows\System\McXJquC.exe
  C:\Windows\System\McXJquC.exe
  2⤵
  PID:812
- C:\Windows\System\agQextk.exe
  C:\Windows\System\agQextk.exe
  2⤵
  PID:2904
- C:\Windows\System\NjBYtGc.exe
  C:\Windows\System\NjBYtGc.exe
  2⤵
  PID:2764
- C:\Windows\System\HpNQQtQ.exe
  C:\Windows\System\HpNQQtQ.exe
  2⤵
  PID:1592
- C:\Windows\System\qCKWgmy.exe
  C:\Windows\System\qCKWgmy.exe
  2⤵
  PID:2172
- C:\Windows\System\vAiOZdo.exe
  C:\Windows\System\vAiOZdo.exe
  2⤵
  PID:1624
- C:\Windows\System\QEqLACZ.exe
  C:\Windows\System\QEqLACZ.exe
  2⤵
  PID:1864
- C:\Windows\System\FozEWYw.exe
  C:\Windows\System\FozEWYw.exe
  2⤵
  PID:2648
- C:\Windows\System\RvfzUZe.exe
  C:\Windows\System\RvfzUZe.exe
  2⤵
  PID:544
- C:\Windows\System\oZfDhsc.exe
  C:\Windows\System\oZfDhsc.exe
  2⤵
  PID:2640
- C:\Windows\System\HkZNzuX.exe
  C:\Windows\System\HkZNzuX.exe
  2⤵
  PID:2360
- C:\Windows\System\hgcxWyk.exe
  C:\Windows\System\hgcxWyk.exe
  2⤵
  PID:2420
- C:\Windows\System\CQwDlHb.exe
  C:\Windows\System\CQwDlHb.exe
  2⤵
  PID:1328
- C:\Windows\System\kdgzDdW.exe
  C:\Windows\System\kdgzDdW.exe
  2⤵
  PID:2508
- C:\Windows\System\zYWbbuU.exe
  C:\Windows\System\zYWbbuU.exe
  2⤵
  PID:2452
- C:\Windows\System\teUxnqi.exe
  C:\Windows\System\teUxnqi.exe
  2⤵
  PID:3012
- C:\Windows\System\dyosFkh.exe
  C:\Windows\System\dyosFkh.exe
  2⤵
  PID:3008
- C:\Windows\System\qdfTFnw.exe
  C:\Windows\System\qdfTFnw.exe
  2⤵
  PID:1932
- C:\Windows\System\ITrvvnV.exe
  C:\Windows\System\ITrvvnV.exe
  2⤵
  PID:1052
- C:\Windows\System\FiaAHMa.exe
  C:\Windows\System\FiaAHMa.exe
  2⤵
  PID:2320
- C:\Windows\System\MXmQrmN.exe
  C:\Windows\System\MXmQrmN.exe
  2⤵
  PID:1488
- C:\Windows\System\vBOzcjQ.exe
  C:\Windows\System\vBOzcjQ.exe
  2⤵
  PID:580
- C:\Windows\System\utHHJvD.exe
  C:\Windows\System\utHHJvD.exe
  2⤵
  PID:1996
- C:\Windows\System\yqiTULo.exe
  C:\Windows\System\yqiTULo.exe
  2⤵
  PID:2624
- C:\Windows\System\aygqhKV.exe
  C:\Windows\System\aygqhKV.exe
  2⤵
  PID:1612
- C:\Windows\System\RVeaFnb.exe
  C:\Windows\System\RVeaFnb.exe
  2⤵
  PID:1196
- C:\Windows\System\uNPnAYH.exe
  C:\Windows\System\uNPnAYH.exe
  2⤵
  PID:1748
- C:\Windows\System\YnFzxKi.exe
  C:\Windows\System\YnFzxKi.exe
  2⤵
  PID:2824
- C:\Windows\System\cQoUMOP.exe
  C:\Windows\System\cQoUMOP.exe
  2⤵
  PID:1320
- C:\Windows\System\szsFnlu.exe
  C:\Windows\System\szsFnlu.exe
  2⤵
  PID:1812
- C:\Windows\System\vmsSfWT.exe
  C:\Windows\System\vmsSfWT.exe
  2⤵
  PID:1744
- C:\Windows\System\uKvtIMx.exe
  C:\Windows\System\uKvtIMx.exe
  2⤵
  PID:3076
- C:\Windows\System\tfDNZUV.exe
  C:\Windows\System\tfDNZUV.exe
  2⤵
  PID:3096
- C:\Windows\System\dvqgepK.exe
  C:\Windows\System\dvqgepK.exe
  2⤵
  PID:3116
- C:\Windows\System\kcbZgMz.exe
  C:\Windows\System\kcbZgMz.exe
  2⤵
  PID:3132
- C:\Windows\System\oAdJGPV.exe
  C:\Windows\System\oAdJGPV.exe
  2⤵
  PID:3152
- C:\Windows\System\NywcPec.exe
  C:\Windows\System\NywcPec.exe
  2⤵
  PID:3176
- C:\Windows\System\dBfkdBC.exe
  C:\Windows\System\dBfkdBC.exe
  2⤵
  PID:3196
- C:\Windows\System\ZHLfHuI.exe
  C:\Windows\System\ZHLfHuI.exe
  2⤵
  PID:3216
- C:\Windows\System\SQplaKX.exe
  C:\Windows\System\SQplaKX.exe
  2⤵
  PID:3232
- C:\Windows\System\pBTxIVL.exe
  C:\Windows\System\pBTxIVL.exe
  2⤵
  PID:3252
- C:\Windows\System\rKnreyI.exe
  C:\Windows\System\rKnreyI.exe
  2⤵
  PID:3272
- C:\Windows\System\OdqoJlT.exe
  C:\Windows\System\OdqoJlT.exe
  2⤵
  PID:3292
- C:\Windows\System\ZsRrhEF.exe
  C:\Windows\System\ZsRrhEF.exe
  2⤵
  PID:3312
- C:\Windows\System\vbNaWkg.exe
  C:\Windows\System\vbNaWkg.exe
  2⤵
  PID:3328
- C:\Windows\System\wNraemJ.exe
  C:\Windows\System\wNraemJ.exe
  2⤵
  PID:3360
- C:\Windows\System\HXelqGx.exe
  C:\Windows\System\HXelqGx.exe
  2⤵
  PID:3376
- C:\Windows\System\jGdkPxm.exe
  C:\Windows\System\jGdkPxm.exe
  2⤵
  PID:3396
- C:\Windows\System\OgbGoMl.exe
  C:\Windows\System\OgbGoMl.exe
  2⤵
  PID:3412
- C:\Windows\System\IBNIpaD.exe
  C:\Windows\System\IBNIpaD.exe
  2⤵
  PID:3428
- C:\Windows\System\gXAwjus.exe
  C:\Windows\System\gXAwjus.exe
  2⤵
  PID:3448
- C:\Windows\System\ZDvQvQS.exe
  C:\Windows\System\ZDvQvQS.exe
  2⤵
  PID:3464
- C:\Windows\System\vTrDGNi.exe
  C:\Windows\System\vTrDGNi.exe
  2⤵
  PID:3484
- C:\Windows\System\oTotdCN.exe
  C:\Windows\System\oTotdCN.exe
  2⤵
  PID:3500
- C:\Windows\System\bILyTia.exe
  C:\Windows\System\bILyTia.exe
  2⤵
  PID:3520
- C:\Windows\System\zmMVVsI.exe
  C:\Windows\System\zmMVVsI.exe
  2⤵
  PID:3536
- C:\Windows\System\tDOiDkJ.exe
  C:\Windows\System\tDOiDkJ.exe
  2⤵
  PID:3556
- C:\Windows\System\rgpcnxs.exe
  C:\Windows\System\rgpcnxs.exe
  2⤵
  PID:3572
- C:\Windows\System\kcFtREg.exe
  C:\Windows\System\kcFtREg.exe
  2⤵
  PID:3592
- C:\Windows\System\EwYkSur.exe
  C:\Windows\System\EwYkSur.exe
  2⤵
  PID:3616
- C:\Windows\System\jqLGaAI.exe
  C:\Windows\System\jqLGaAI.exe
  2⤵
  PID:3660
- C:\Windows\System\qjVjMJE.exe
  C:\Windows\System\qjVjMJE.exe
  2⤵
  PID:3680
- C:\Windows\System\CjHRRiz.exe
  C:\Windows\System\CjHRRiz.exe
  2⤵
  PID:3696
- C:\Windows\System\NUomxgJ.exe
  C:\Windows\System\NUomxgJ.exe
  2⤵
  PID:3720
- C:\Windows\System\YFoiIea.exe
  C:\Windows\System\YFoiIea.exe
  2⤵
  PID:3736
- C:\Windows\System\wpaoOso.exe
  C:\Windows\System\wpaoOso.exe
  2⤵
  PID:3760
- C:\Windows\System\ROlFbfh.exe
  C:\Windows\System\ROlFbfh.exe
  2⤵
  PID:3780
- C:\Windows\System\uEmrHmP.exe
  C:\Windows\System\uEmrHmP.exe
  2⤵
  PID:3800
- C:\Windows\System\CcwaThG.exe
  C:\Windows\System\CcwaThG.exe
  2⤵
  PID:3816
- C:\Windows\System\xwAGhzz.exe
  C:\Windows\System\xwAGhzz.exe
  2⤵
  PID:3840
- C:\Windows\System\VVVTDzu.exe
  C:\Windows\System\VVVTDzu.exe
  2⤵
  PID:3856
- C:\Windows\System\AnBzMsL.exe
  C:\Windows\System\AnBzMsL.exe
  2⤵
  PID:3876
- C:\Windows\System\YDMjwyY.exe
  C:\Windows\System\YDMjwyY.exe
  2⤵
  PID:3892
- C:\Windows\System\MUfEkpn.exe
  C:\Windows\System\MUfEkpn.exe
  2⤵
  PID:3912
- C:\Windows\System\aWjUXAg.exe
  C:\Windows\System\aWjUXAg.exe
  2⤵
  PID:3940
- C:\Windows\System\EMOVsut.exe
  C:\Windows\System\EMOVsut.exe
  2⤵
  PID:3960
- C:\Windows\System\ViNFuUm.exe
  C:\Windows\System\ViNFuUm.exe
  2⤵
  PID:3976
- C:\Windows\System\uhbTbIH.exe
  C:\Windows\System\uhbTbIH.exe
  2⤵
  PID:3992
- C:\Windows\System\AsWEeFA.exe
  C:\Windows\System\AsWEeFA.exe
  2⤵
  PID:4012
- C:\Windows\System\nYsuzPh.exe
  C:\Windows\System\nYsuzPh.exe
  2⤵
  PID:4032
- C:\Windows\System\cmZepAd.exe
  C:\Windows\System\cmZepAd.exe
  2⤵
  PID:4048
- C:\Windows\System\ECofaax.exe
  C:\Windows\System\ECofaax.exe
  2⤵
  PID:4064
- C:\Windows\System\ZiDxRxU.exe
  C:\Windows\System\ZiDxRxU.exe
  2⤵
  PID:4084
- C:\Windows\System\nukAvsE.exe
  C:\Windows\System\nukAvsE.exe
  2⤵
  PID:1652
- C:\Windows\System\EwTsBYa.exe
  C:\Windows\System\EwTsBYa.exe
  2⤵
  PID:2272
- C:\Windows\System\YFpUFlO.exe
  C:\Windows\System\YFpUFlO.exe
  2⤵
  PID:1872
- C:\Windows\System\VQzzZPP.exe
  C:\Windows\System\VQzzZPP.exe
  2⤵
  PID:1036
- C:\Windows\System\JTSWgyk.exe
  C:\Windows\System\JTSWgyk.exe
  2⤵
  PID:3016
- C:\Windows\System\aCnUQIT.exe
  C:\Windows\System\aCnUQIT.exe
  2⤵
  PID:2832
- C:\Windows\System\nsyesat.exe
  C:\Windows\System\nsyesat.exe
  2⤵
  PID:2440
- C:\Windows\System\BiRXjPl.exe
  C:\Windows\System\BiRXjPl.exe
  2⤵
  PID:1168
- C:\Windows\System\sGukfFp.exe
  C:\Windows\System\sGukfFp.exe
  2⤵
  PID:856
- C:\Windows\System\UGUiITQ.exe
  C:\Windows\System\UGUiITQ.exe
  2⤵
  PID:3112
- C:\Windows\System\WkxvIWo.exe
  C:\Windows\System\WkxvIWo.exe
  2⤵
  PID:2748
- C:\Windows\System\FwkaRTQ.exe
  C:\Windows\System\FwkaRTQ.exe
  2⤵
  PID:3092
- C:\Windows\System\CaoENYP.exe
  C:\Windows\System\CaoENYP.exe
  2⤵
  PID:3172
- C:\Windows\System\FKsuPGy.exe
  C:\Windows\System\FKsuPGy.exe
  2⤵
  PID:3344
- C:\Windows\System\DPZjNPX.exe
  C:\Windows\System\DPZjNPX.exe
  2⤵
  PID:3424
- C:\Windows\System\slQrrYG.exe
  C:\Windows\System\slQrrYG.exe
  2⤵
  PID:3240
- C:\Windows\System\zpxLCuJ.exe
  C:\Windows\System\zpxLCuJ.exe
  2⤵
  PID:3320
- C:\Windows\System\XIiHBuE.exe
  C:\Windows\System\XIiHBuE.exe
  2⤵
  PID:3496
- C:\Windows\System\vOVIBBG.exe
  C:\Windows\System\vOVIBBG.exe
  2⤵
  PID:3600
- C:\Windows\System\vvtxlfo.exe
  C:\Windows\System\vvtxlfo.exe
  2⤵
  PID:3372
- C:\Windows\System\iygFRVU.exe
  C:\Windows\System\iygFRVU.exe
  2⤵
  PID:3548
- C:\Windows\System\CwufbzQ.exe
  C:\Windows\System\CwufbzQ.exe
  2⤵
  PID:3624
- C:\Windows\System\exGvlJX.exe
  C:\Windows\System\exGvlJX.exe
  2⤵
  PID:3544
- C:\Windows\System\nHECUBr.exe
  C:\Windows\System\nHECUBr.exe
  2⤵
  PID:3440
- C:\Windows\System\hANNJYE.exe
  C:\Windows\System\hANNJYE.exe
  2⤵
  PID:3712
- C:\Windows\System\HLbgQDF.exe
  C:\Windows\System\HLbgQDF.exe
  2⤵
  PID:3748
- C:\Windows\System\LcIsQCl.exe
  C:\Windows\System\LcIsQCl.exe
  2⤵
  PID:3828
- C:\Windows\System\DgPqBHB.exe
  C:\Windows\System\DgPqBHB.exe
  2⤵
  PID:3872
- C:\Windows\System\bxMoekk.exe
  C:\Windows\System\bxMoekk.exe
  2⤵
  PID:3948
- C:\Windows\System\deZAMOa.exe
  C:\Windows\System\deZAMOa.exe
  2⤵
  PID:3632
- C:\Windows\System\HRoYLIK.exe
  C:\Windows\System\HRoYLIK.exe
  2⤵
  PID:3656
- C:\Windows\System\GQZXaTB.exe
  C:\Windows\System\GQZXaTB.exe
  2⤵
  PID:4056
- C:\Windows\System\jfpnzvJ.exe
  C:\Windows\System\jfpnzvJ.exe
  2⤵
  PID:3732
- C:\Windows\System\WZnmzwn.exe
  C:\Windows\System\WZnmzwn.exe
  2⤵
  PID:2756
- C:\Windows\System\sYrRzGI.exe
  C:\Windows\System\sYrRzGI.exe
  2⤵
  PID:3808
- C:\Windows\System\XqRYdzl.exe
  C:\Windows\System\XqRYdzl.exe
  2⤵
  PID:3888
- C:\Windows\System\eWdlXqu.exe
  C:\Windows\System\eWdlXqu.exe
  2⤵
  PID:3928
- C:\Windows\System\mTLqUTj.exe
  C:\Windows\System\mTLqUTj.exe
  2⤵
  PID:2712
- C:\Windows\System\fAlHeOJ.exe
  C:\Windows\System\fAlHeOJ.exe
  2⤵
  PID:2328
- C:\Windows\System\RSJDPcd.exe
  C:\Windows\System\RSJDPcd.exe
  2⤵
  PID:1976
- C:\Windows\System\SGcmHKB.exe
  C:\Windows\System\SGcmHKB.exe
  2⤵
  PID:4076
- C:\Windows\System\EesNYsD.exe
  C:\Windows\System\EesNYsD.exe
  2⤵
  PID:4000
- C:\Windows\System\yvpKAJJ.exe
  C:\Windows\System\yvpKAJJ.exe
  2⤵
  PID:3184
- C:\Windows\System\jZvIzxO.exe
  C:\Windows\System\jZvIzxO.exe
  2⤵
  PID:3260
- C:\Windows\System\scrYJkf.exe
  C:\Windows\System\scrYJkf.exe
  2⤵
  PID:3268
- C:\Windows\System\gFwGLWJ.exe
  C:\Windows\System\gFwGLWJ.exe
  2⤵
  PID:3160
- C:\Windows\System\SEnImtI.exe
  C:\Windows\System\SEnImtI.exe
  2⤵
  PID:3392
- C:\Windows\System\SlUjMzW.exe
  C:\Windows\System\SlUjMzW.exe
  2⤵
  PID:3284
- C:\Windows\System\ESrmbnD.exe
  C:\Windows\System\ESrmbnD.exe
  2⤵
  PID:3532
- C:\Windows\System\YChTFjG.exe
  C:\Windows\System\YChTFjG.exe
  2⤵
  PID:3460
- C:\Windows\System\qbuNSJj.exe
  C:\Windows\System\qbuNSJj.exe
  2⤵
  PID:3408
- C:\Windows\System\tANPAEi.exe
  C:\Windows\System\tANPAEi.exe
  2⤵
  PID:3676
- C:\Windows\System\tntYNeS.exe
  C:\Windows\System\tntYNeS.exe
  2⤵
  PID:3472
- C:\Windows\System\vtJLWvU.exe
  C:\Windows\System\vtJLWvU.exe
  2⤵
  PID:3752
- C:\Windows\System\RjpcRqB.exe
  C:\Windows\System\RjpcRqB.exe
  2⤵
  PID:3864
- C:\Windows\System\KcsRauQ.exe
  C:\Windows\System\KcsRauQ.exe
  2⤵
  PID:3956
- C:\Windows\System\ebQJXWD.exe
  C:\Windows\System\ebQJXWD.exe
  2⤵
  PID:3988
- C:\Windows\System\BMrfOrZ.exe
  C:\Windows\System\BMrfOrZ.exe
  2⤵
  PID:4024
- C:\Windows\System\DMGibAO.exe
  C:\Windows\System\DMGibAO.exe
  2⤵
  PID:2344
- C:\Windows\System\wbfcVkm.exe
  C:\Windows\System\wbfcVkm.exe
  2⤵
  PID:3852
- C:\Windows\System\bfuBLbk.exe
  C:\Windows\System\bfuBLbk.exe
  2⤵
  PID:3936
- C:\Windows\System\quDrNhT.exe
  C:\Windows\System\quDrNhT.exe
  2⤵
  PID:2464
- C:\Windows\System\YJJECUP.exe
  C:\Windows\System\YJJECUP.exe
  2⤵
  PID:2052
- C:\Windows\System\jZFBRln.exe
  C:\Windows\System\jZFBRln.exe
  2⤵
  PID:3144
- C:\Windows\System\AXqzMZw.exe
  C:\Windows\System\AXqzMZw.exe
  2⤵
  PID:3300
- C:\Windows\System\KeCRVZb.exe
  C:\Windows\System\KeCRVZb.exe
  2⤵
  PID:3168
- C:\Windows\System\rgwMrIW.exe
  C:\Windows\System\rgwMrIW.exe
  2⤵
  PID:3208
- C:\Windows\System\WWivNQZ.exe
  C:\Windows\System\WWivNQZ.exe
  2⤵
  PID:3456
- C:\Windows\System\phUKajz.exe
  C:\Windows\System\phUKajz.exe
  2⤵
  PID:3368
- C:\Windows\System\sGOukLs.exe
  C:\Windows\System\sGOukLs.exe
  2⤵
  PID:3672
- C:\Windows\System\eZBkuwG.exe
  C:\Windows\System\eZBkuwG.exe
  2⤵
  PID:3792
- C:\Windows\System\FoAPNUa.exe
  C:\Windows\System\FoAPNUa.exe
  2⤵
  PID:3644
- C:\Windows\System\YUIcaMf.exe
  C:\Windows\System\YUIcaMf.exe
  2⤵
  PID:2660
- C:\Windows\System\CwqDcbR.exe
  C:\Windows\System\CwqDcbR.exe
  2⤵
  PID:4020
- C:\Windows\System\SvvRPjM.exe
  C:\Windows\System\SvvRPjM.exe
  2⤵
  PID:4008
- C:\Windows\System\awwJgEo.exe
  C:\Windows\System\awwJgEo.exe
  2⤵
  PID:568
- C:\Windows\System\smOmpVt.exe
  C:\Windows\System\smOmpVt.exe
  2⤵
  PID:3264
- C:\Windows\System\kvlODNy.exe
  C:\Windows\System\kvlODNy.exe
  2⤵
  PID:4112
- C:\Windows\System\avboWzB.exe
  C:\Windows\System\avboWzB.exe
  2⤵
  PID:4132
- C:\Windows\System\GKgOWvt.exe
  C:\Windows\System\GKgOWvt.exe
  2⤵
  PID:4156
- C:\Windows\System\xonGnFb.exe
  C:\Windows\System\xonGnFb.exe
  2⤵
  PID:4176
- C:\Windows\System\HLtKiFw.exe
  C:\Windows\System\HLtKiFw.exe
  2⤵
  PID:4196
- C:\Windows\System\zrTrDdA.exe
  C:\Windows\System\zrTrDdA.exe
  2⤵
  PID:4216
- C:\Windows\System\lVOPgtb.exe
  C:\Windows\System\lVOPgtb.exe
  2⤵
  PID:4232
- C:\Windows\System\ckpboXG.exe
  C:\Windows\System\ckpboXG.exe
  2⤵
  PID:4252
- C:\Windows\System\mOZQvEH.exe
  C:\Windows\System\mOZQvEH.exe
  2⤵
  PID:4272
- C:\Windows\System\VkAVSrt.exe
  C:\Windows\System\VkAVSrt.exe
  2⤵
  PID:4296
- C:\Windows\System\qGQxPwr.exe
  C:\Windows\System\qGQxPwr.exe
  2⤵
  PID:4312
- C:\Windows\System\BmMXHVG.exe
  C:\Windows\System\BmMXHVG.exe
  2⤵
  PID:4336
- C:\Windows\System\gjSkyGS.exe
  C:\Windows\System\gjSkyGS.exe
  2⤵
  PID:4352
- C:\Windows\System\COJKzDL.exe
  C:\Windows\System\COJKzDL.exe
  2⤵
  PID:4372
- C:\Windows\System\XsbGKxl.exe
  C:\Windows\System\XsbGKxl.exe
  2⤵
  PID:4392
- C:\Windows\System\ZYmNVSr.exe
  C:\Windows\System\ZYmNVSr.exe
  2⤵
  PID:4412
- C:\Windows\System\PbLFJZd.exe
  C:\Windows\System\PbLFJZd.exe
  2⤵
  PID:4432
- C:\Windows\System\PyRWJmm.exe
  C:\Windows\System\PyRWJmm.exe
  2⤵
  PID:4456
- C:\Windows\System\taoQQji.exe
  C:\Windows\System\taoQQji.exe
  2⤵
  PID:4472
- C:\Windows\System\jezHejO.exe
  C:\Windows\System\jezHejO.exe
  2⤵
  PID:4492
- C:\Windows\System\mLdmbzs.exe
  C:\Windows\System\mLdmbzs.exe
  2⤵
  PID:4516
- C:\Windows\System\jUWlWvN.exe
  C:\Windows\System\jUWlWvN.exe
  2⤵
  PID:4536
- C:\Windows\System\mrquwgS.exe
  C:\Windows\System\mrquwgS.exe
  2⤵
  PID:4552
- C:\Windows\System\Wuvejas.exe
  C:\Windows\System\Wuvejas.exe
  2⤵
  PID:4576
- C:\Windows\System\euItDSO.exe
  C:\Windows\System\euItDSO.exe
  2⤵
  PID:4596
- C:\Windows\System\pISgAxj.exe
  C:\Windows\System\pISgAxj.exe
  2⤵
  PID:4616
- C:\Windows\System\AsIfEKj.exe
  C:\Windows\System\AsIfEKj.exe
  2⤵
  PID:4632
- C:\Windows\System\HIAsJZp.exe
  C:\Windows\System\HIAsJZp.exe
  2⤵
  PID:4656
- C:\Windows\System\GTUqBTu.exe
  C:\Windows\System\GTUqBTu.exe
  2⤵
  PID:4672
- C:\Windows\System\wSEqxno.exe
  C:\Windows\System\wSEqxno.exe
  2⤵
  PID:4692
- C:\Windows\System\MPTrblq.exe
  C:\Windows\System\MPTrblq.exe
  2⤵
  PID:4712
- C:\Windows\System\xVhMwjp.exe
  C:\Windows\System\xVhMwjp.exe
  2⤵
  PID:4732
- C:\Windows\System\TIhqwkh.exe
  C:\Windows\System\TIhqwkh.exe
  2⤵
  PID:4756
- C:\Windows\System\ezRZdZv.exe
  C:\Windows\System\ezRZdZv.exe
  2⤵
  PID:4776
- C:\Windows\System\YVlzIdv.exe
  C:\Windows\System\YVlzIdv.exe
  2⤵
  PID:4792
- C:\Windows\System\SLosoce.exe
  C:\Windows\System\SLosoce.exe
  2⤵
  PID:4816
- C:\Windows\System\SuThdTO.exe
  C:\Windows\System\SuThdTO.exe
  2⤵
  PID:4832
- C:\Windows\System\CBowIMG.exe
  C:\Windows\System\CBowIMG.exe
  2⤵
  PID:4852
- C:\Windows\System\YFMfBrM.exe
  C:\Windows\System\YFMfBrM.exe
  2⤵
  PID:4872
- C:\Windows\System\HTcqJYa.exe
  C:\Windows\System\HTcqJYa.exe
  2⤵
  PID:4896
- C:\Windows\System\VTyeJiW.exe
  C:\Windows\System\VTyeJiW.exe
  2⤵
  PID:4912
- C:\Windows\System\bmxNiBo.exe
  C:\Windows\System\bmxNiBo.exe
  2⤵
  PID:4936
- C:\Windows\System\nnbnEeo.exe
  C:\Windows\System\nnbnEeo.exe
  2⤵
  PID:4956
- C:\Windows\System\vZaVrXI.exe
  C:\Windows\System\vZaVrXI.exe
  2⤵
  PID:4976
- C:\Windows\System\iewgccA.exe
  C:\Windows\System\iewgccA.exe
  2⤵
  PID:4992
- C:\Windows\System\nhpmBVs.exe
  C:\Windows\System\nhpmBVs.exe
  2⤵
  PID:5016
- C:\Windows\System\bIoEKkG.exe
  C:\Windows\System\bIoEKkG.exe
  2⤵
  PID:5032
- C:\Windows\System\fjyRlyD.exe
  C:\Windows\System\fjyRlyD.exe
  2⤵
  PID:5056
- C:\Windows\System\swJEPjL.exe
  C:\Windows\System\swJEPjL.exe
  2⤵
  PID:5072
- C:\Windows\System\NwDPBhd.exe
  C:\Windows\System\NwDPBhd.exe
  2⤵
  PID:5096
- C:\Windows\System\XxqPBom.exe
  C:\Windows\System\XxqPBom.exe
  2⤵
  PID:5116
- C:\Windows\System\cYsanDa.exe
  C:\Windows\System\cYsanDa.exe
  2⤵
  PID:3228
- C:\Windows\System\MAvQNRY.exe
  C:\Windows\System\MAvQNRY.exe
  2⤵
  PID:3564
- C:\Windows\System\ixbonnZ.exe
  C:\Windows\System\ixbonnZ.exe
  2⤵
  PID:3508
- C:\Windows\System\LyujPxd.exe
  C:\Windows\System\LyujPxd.exe
  2⤵
  PID:3756
- C:\Windows\System\iIQMADv.exe
  C:\Windows\System\iIQMADv.exe
  2⤵
  PID:3836
- C:\Windows\System\SPFnpuz.exe
  C:\Windows\System\SPFnpuz.exe
  2⤵
  PID:3924
- C:\Windows\System\PeqrcJE.exe
  C:\Windows\System\PeqrcJE.exe
  2⤵
  PID:1552
- C:\Windows\System\uqdOGwH.exe
  C:\Windows\System\uqdOGwH.exe
  2⤵
  PID:4120
- C:\Windows\System\PxiTvwa.exe
  C:\Windows\System\PxiTvwa.exe
  2⤵
  PID:4164
- C:\Windows\System\AruRTlW.exe
  C:\Windows\System\AruRTlW.exe
  2⤵
  PID:4152
- C:\Windows\System\yVYqHVi.exe
  C:\Windows\System\yVYqHVi.exe
  2⤵
  PID:4192
- C:\Windows\System\WzAXAzh.exe
  C:\Windows\System\WzAXAzh.exe
  2⤵
  PID:4248
- C:\Windows\System\LPnoMaX.exe
  C:\Windows\System\LPnoMaX.exe
  2⤵
  PID:4280
- C:\Windows\System\TjuCYNX.exe
  C:\Windows\System\TjuCYNX.exe
  2⤵
  PID:4304
- C:\Windows\System\KVeGPfz.exe
  C:\Windows\System\KVeGPfz.exe
  2⤵
  PID:4344
- C:\Windows\System\JISvHNU.exe
  C:\Windows\System\JISvHNU.exe
  2⤵
  PID:4380
- C:\Windows\System\mKkbpFq.exe
  C:\Windows\System\mKkbpFq.exe
  2⤵
  PID:4404
- C:\Windows\System\YGDAHbM.exe
  C:\Windows\System\YGDAHbM.exe
  2⤵
  PID:4440
- C:\Windows\System\SepKOSj.exe
  C:\Windows\System\SepKOSj.exe
  2⤵
  PID:4484
- C:\Windows\System\JCgkMkc.exe
  C:\Windows\System\JCgkMkc.exe
  2⤵
  PID:4508
- C:\Windows\System\mKBmtMr.exe
  C:\Windows\System\mKBmtMr.exe
  2⤵
  PID:4544
- C:\Windows\System\WXktwbQ.exe
  C:\Windows\System\WXktwbQ.exe
  2⤵
  PID:4568
- C:\Windows\System\tJXduzY.exe
  C:\Windows\System\tJXduzY.exe
  2⤵
  PID:4612
- C:\Windows\System\WlmmZNc.exe
  C:\Windows\System\WlmmZNc.exe
  2⤵
  PID:4648
- C:\Windows\System\IAggOCu.exe
  C:\Windows\System\IAggOCu.exe
  2⤵
  PID:4668
- C:\Windows\System\OUsBOnT.exe
  C:\Windows\System\OUsBOnT.exe
  2⤵
  PID:4700
- C:\Windows\System\jLvbHoU.exe
  C:\Windows\System\jLvbHoU.exe
  2⤵
  PID:4764
- C:\Windows\System\tzQWPPy.exe
  C:\Windows\System\tzQWPPy.exe
  2⤵
  PID:4748
- C:\Windows\System\tUVFjiS.exe
  C:\Windows\System\tUVFjiS.exe
  2⤵
  PID:4812
- C:\Windows\System\oGNeXBy.exe
  C:\Windows\System\oGNeXBy.exe
  2⤵
  PID:4848
- C:\Windows\System\hzhqlFW.exe
  C:\Windows\System\hzhqlFW.exe
  2⤵
  PID:4892
- C:\Windows\System\xQGehZX.exe
  C:\Windows\System\xQGehZX.exe
  2⤵
  PID:4904
- C:\Windows\System\LcuBJnt.exe
  C:\Windows\System\LcuBJnt.exe
  2⤵
  PID:4944
- C:\Windows\System\wlJsesN.exe
  C:\Windows\System\wlJsesN.exe
  2⤵
  PID:4948
- C:\Windows\System\NDyJqYR.exe
  C:\Windows\System\NDyJqYR.exe
  2⤵
  PID:5012
- C:\Windows\System\dfYjdZB.exe
  C:\Windows\System\dfYjdZB.exe
  2⤵
  PID:5048
- C:\Windows\System\IPksWtR.exe
  C:\Windows\System\IPksWtR.exe
  2⤵
  PID:5088
- C:\Windows\System\yHFMDhs.exe
  C:\Windows\System\yHFMDhs.exe
  2⤵
  PID:5104
- C:\Windows\System\odyuKbZ.exe
  C:\Windows\System\odyuKbZ.exe
  2⤵
  PID:3308
- C:\Windows\System\wPwoZjg.exe
  C:\Windows\System\wPwoZjg.exe
  2⤵
  PID:3480
- C:\Windows\System\EPgyAOs.exe
  C:\Windows\System\EPgyAOs.exe
  2⤵
  PID:3668
- C:\Windows\System\hARtVlK.exe
  C:\Windows\System\hARtVlK.exe
  2⤵
  PID:2740
- C:\Windows\System\FbXlwJZ.exe
  C:\Windows\System\FbXlwJZ.exe
  2⤵
  PID:4108
- C:\Windows\System\zrjCISh.exe
  C:\Windows\System\zrjCISh.exe
  2⤵
  PID:4144
- C:\Windows\System\GCxWHFL.exe
  C:\Windows\System\GCxWHFL.exe
  2⤵
  PID:4264
- C:\Windows\System\cRCCttQ.exe
  C:\Windows\System\cRCCttQ.exe
  2⤵
  PID:4268
- C:\Windows\System\eiKgcUH.exe
  C:\Windows\System\eiKgcUH.exe
  2⤵
  PID:4308
- C:\Windows\System\MlANbCM.exe
  C:\Windows\System\MlANbCM.exe
  2⤵
  PID:4408
- C:\Windows\System\DCtVDib.exe
  C:\Windows\System\DCtVDib.exe
  2⤵
  PID:4480
- C:\Windows\System\WtMyRVG.exe
  C:\Windows\System\WtMyRVG.exe
  2⤵
  PID:4512
- C:\Windows\System\peKjvAX.exe
  C:\Windows\System\peKjvAX.exe
  2⤵
  PID:4564
- C:\Windows\System\eOkSbdX.exe
  C:\Windows\System\eOkSbdX.exe
  2⤵
  PID:4548
- C:\Windows\System\JwkiQcO.exe
  C:\Windows\System\JwkiQcO.exe
  2⤵
  PID:4652
- C:\Windows\System\WWoBhwm.exe
  C:\Windows\System\WWoBhwm.exe
  2⤵
  PID:4720
- C:\Windows\System\OPITWmC.exe
  C:\Windows\System\OPITWmC.exe
  2⤵
  PID:4800
- C:\Windows\System\FfcPpld.exe
  C:\Windows\System\FfcPpld.exe
  2⤵
  PID:4840
- C:\Windows\System\TmgNZVT.exe
  C:\Windows\System\TmgNZVT.exe
  2⤵
  PID:4868
- C:\Windows\System\JhnmLtw.exe
  C:\Windows\System\JhnmLtw.exe
  2⤵
  PID:4928
- C:\Windows\System\SpJJrSv.exe
  C:\Windows\System\SpJJrSv.exe
  2⤵
  PID:4988
- C:\Windows\System\tsZLQRQ.exe
  C:\Windows\System\tsZLQRQ.exe
  2⤵
  PID:5044
- C:\Windows\System\dThrCIq.exe
  C:\Windows\System\dThrCIq.exe
  2⤵
  PID:3288
- C:\Windows\System\YVntyhi.exe
  C:\Windows\System\YVntyhi.exe
  2⤵
  PID:3908
- C:\Windows\System\jAbvzQT.exe
  C:\Windows\System\jAbvzQT.exe
  2⤵
  PID:3848
- C:\Windows\System\UWQGUSa.exe
  C:\Windows\System\UWQGUSa.exe
  2⤵
  PID:3148
- C:\Windows\System\gDrtPNT.exe
  C:\Windows\System\gDrtPNT.exe
  2⤵
  PID:4148
- C:\Windows\System\ATqhzcF.exe
  C:\Windows\System\ATqhzcF.exe
  2⤵
  PID:4292
- C:\Windows\System\MeScACp.exe
  C:\Windows\System\MeScACp.exe
  2⤵
  PID:4388
- C:\Windows\System\zZKOicb.exe
  C:\Windows\System\zZKOicb.exe
  2⤵
  PID:4532
- C:\Windows\System\IrKzhKr.exe
  C:\Windows\System\IrKzhKr.exe
  2⤵
  PID:4592
- C:\Windows\System\OMMAnqr.exe
  C:\Windows\System\OMMAnqr.exe
  2⤵
  PID:4680
- C:\Windows\System\APIgxUd.exe
  C:\Windows\System\APIgxUd.exe
  2⤵
  PID:4768
- C:\Windows\System\pVNKCWN.exe
  C:\Windows\System\pVNKCWN.exe
  2⤵
  PID:4828
- C:\Windows\System\lQgTsVf.exe
  C:\Windows\System\lQgTsVf.exe
  2⤵
  PID:4932
- C:\Windows\System\wuQcNGU.exe
  C:\Windows\System\wuQcNGU.exe
  2⤵
  PID:5040
- C:\Windows\System\tCWPkPi.exe
  C:\Windows\System\tCWPkPi.exe
  2⤵
  PID:5128
- C:\Windows\System\hMgihel.exe
  C:\Windows\System\hMgihel.exe
  2⤵
  PID:5152
- C:\Windows\System\rpudqtp.exe
  C:\Windows\System\rpudqtp.exe
  2⤵
  PID:5172
- C:\Windows\System\gtLRSlP.exe
  C:\Windows\System\gtLRSlP.exe
  2⤵
  PID:5192
- C:\Windows\System\zjkmTol.exe
  C:\Windows\System\zjkmTol.exe
  2⤵
  PID:5212
- C:\Windows\System\dLumAaz.exe
  C:\Windows\System\dLumAaz.exe
  2⤵
  PID:5232
- C:\Windows\System\HPZNMZM.exe
  C:\Windows\System\HPZNMZM.exe
  2⤵
  PID:5252
- C:\Windows\System\CHDrefs.exe
  C:\Windows\System\CHDrefs.exe
  2⤵
  PID:5272
- C:\Windows\System\JwgMBUy.exe
  C:\Windows\System\JwgMBUy.exe
  2⤵
  PID:5292
- C:\Windows\System\hNipVjS.exe
  C:\Windows\System\hNipVjS.exe
  2⤵
  PID:5312
- C:\Windows\System\VqWDiDh.exe
  C:\Windows\System\VqWDiDh.exe
  2⤵
  PID:5332
- C:\Windows\System\gOYGnmE.exe
  C:\Windows\System\gOYGnmE.exe
  2⤵
  PID:5352
- C:\Windows\System\vBkuSCj.exe
  C:\Windows\System\vBkuSCj.exe
  2⤵
  PID:5372
- C:\Windows\System\WhadOtk.exe
  C:\Windows\System\WhadOtk.exe
  2⤵
  PID:5392
- C:\Windows\System\WXYGtkk.exe
  C:\Windows\System\WXYGtkk.exe
  2⤵
  PID:5412
- C:\Windows\System\VmEMWyt.exe
  C:\Windows\System\VmEMWyt.exe
  2⤵
  PID:5432
- C:\Windows\System\ECcHJNq.exe
  C:\Windows\System\ECcHJNq.exe
  2⤵
  PID:5452
- C:\Windows\System\nAdZZeB.exe
  C:\Windows\System\nAdZZeB.exe
  2⤵
  PID:5472
- C:\Windows\System\VhuiTFJ.exe
  C:\Windows\System\VhuiTFJ.exe
  2⤵
  PID:5492
- C:\Windows\System\sVfqvhG.exe
  C:\Windows\System\sVfqvhG.exe
  2⤵
  PID:5512
- C:\Windows\System\LtqXBca.exe
  C:\Windows\System\LtqXBca.exe
  2⤵
  PID:5532
- C:\Windows\System\GDtqOCN.exe
  C:\Windows\System\GDtqOCN.exe
  2⤵
  PID:5552
- C:\Windows\System\SgQEdLr.exe
  C:\Windows\System\SgQEdLr.exe
  2⤵
  PID:5572
- C:\Windows\System\OBjPEcX.exe
  C:\Windows\System\OBjPEcX.exe
  2⤵
  PID:5592
- C:\Windows\System\jRtBLyK.exe
  C:\Windows\System\jRtBLyK.exe
  2⤵
  PID:5612
- C:\Windows\System\ipGAywf.exe
  C:\Windows\System\ipGAywf.exe
  2⤵
  PID:5632
- C:\Windows\System\yQHlxbb.exe
  C:\Windows\System\yQHlxbb.exe
  2⤵
  PID:5652
- C:\Windows\System\UrCiDBA.exe
  C:\Windows\System\UrCiDBA.exe
  2⤵
  PID:5672
- C:\Windows\System\QnsNqvS.exe
  C:\Windows\System\QnsNqvS.exe
  2⤵
  PID:5692
- C:\Windows\System\VGLjEvO.exe
  C:\Windows\System\VGLjEvO.exe
  2⤵
  PID:5712
- C:\Windows\System\YaULEvo.exe
  C:\Windows\System\YaULEvo.exe
  2⤵
  PID:5732
- C:\Windows\System\VJMSxFx.exe
  C:\Windows\System\VJMSxFx.exe
  2⤵
  PID:5752
- C:\Windows\System\afjDUAw.exe
  C:\Windows\System\afjDUAw.exe
  2⤵
  PID:5772
- C:\Windows\System\uqLQpza.exe
  C:\Windows\System\uqLQpza.exe
  2⤵
  PID:5788
- C:\Windows\System\ZojNRSh.exe
  C:\Windows\System\ZojNRSh.exe
  2⤵
  PID:5808
- C:\Windows\System\VRzZssp.exe
  C:\Windows\System\VRzZssp.exe
  2⤵
  PID:5828
- C:\Windows\System\wSNtxxb.exe
  C:\Windows\System\wSNtxxb.exe
  2⤵
  PID:5848
- C:\Windows\System\kedNxOt.exe
  C:\Windows\System\kedNxOt.exe
  2⤵
  PID:5872
- C:\Windows\System\icDLapa.exe
  C:\Windows\System\icDLapa.exe
  2⤵
  PID:5892
- C:\Windows\System\qqHbsXb.exe
  C:\Windows\System\qqHbsXb.exe
  2⤵
  PID:5908
- C:\Windows\System\LNxVUEi.exe
  C:\Windows\System\LNxVUEi.exe
  2⤵
  PID:5932
- C:\Windows\System\DdgJjhV.exe
  C:\Windows\System\DdgJjhV.exe
  2⤵
  PID:5948
- C:\Windows\System\JaTgLSa.exe
  C:\Windows\System\JaTgLSa.exe
  2⤵
  PID:5972
- C:\Windows\System\OthAGsF.exe
  C:\Windows\System\OthAGsF.exe
  2⤵
  PID:5992
- C:\Windows\System\ysMfhyt.exe
  C:\Windows\System\ysMfhyt.exe
  2⤵
  PID:6012
- C:\Windows\System\dADIKKq.exe
  C:\Windows\System\dADIKKq.exe
  2⤵
  PID:6032
- C:\Windows\System\ftKorvU.exe
  C:\Windows\System\ftKorvU.exe
  2⤵
  PID:6052
- C:\Windows\System\AlUeogj.exe
  C:\Windows\System\AlUeogj.exe
  2⤵
  PID:6072
- C:\Windows\System\BAFrbIF.exe
  C:\Windows\System\BAFrbIF.exe
  2⤵
  PID:6092
- C:\Windows\System\TOqbrng.exe
  C:\Windows\System\TOqbrng.exe
  2⤵
  PID:6112
- C:\Windows\System\AIuHTAl.exe
  C:\Windows\System\AIuHTAl.exe
  2⤵
  PID:6132
- C:\Windows\System\shJdubi.exe
  C:\Windows\System\shJdubi.exe
  2⤵
  PID:3588
- C:\Windows\System\iEiFsKF.exe
  C:\Windows\System\iEiFsKF.exe
  2⤵
  PID:3348
- C:\Windows\System\xHVjOqt.exe
  C:\Windows\System\xHVjOqt.exe
  2⤵
  PID:4204
- C:\Windows\System\XVVDIwq.exe
  C:\Windows\System\XVVDIwq.exe
  2⤵
  PID:4288
- C:\Windows\System\tvwnlVe.exe
  C:\Windows\System\tvwnlVe.exe
  2⤵
  PID:4528
- C:\Windows\System\ZsmXBjA.exe
  C:\Windows\System\ZsmXBjA.exe
  2⤵
  PID:4500
- C:\Windows\System\uXtBCmE.exe
  C:\Windows\System\uXtBCmE.exe
  2⤵
  PID:4740
- C:\Windows\System\zrOhJTb.exe
  C:\Windows\System\zrOhJTb.exe
  2⤵
  PID:4924
- C:\Windows\System\GzgQPXm.exe
  C:\Windows\System\GzgQPXm.exe
  2⤵
  PID:5008
- C:\Windows\System\yZVeRuP.exe
  C:\Windows\System\yZVeRuP.exe
  2⤵
  PID:5160
- C:\Windows\System\BZucJfn.exe
  C:\Windows\System\BZucJfn.exe
  2⤵
  PID:5180
- C:\Windows\System\zSaGPuD.exe
  C:\Windows\System\zSaGPuD.exe
  2⤵
  PID:5220
- C:\Windows\System\tGRFtia.exe
  C:\Windows\System\tGRFtia.exe
  2⤵
  PID:5244
- C:\Windows\System\XdPDWHw.exe
  C:\Windows\System\XdPDWHw.exe
  2⤵
  PID:5268
- C:\Windows\System\vgAcAhb.exe
  C:\Windows\System\vgAcAhb.exe
  2⤵
  PID:5304
- C:\Windows\System\QTbjTrD.exe
  C:\Windows\System\QTbjTrD.exe
  2⤵
  PID:5348
- C:\Windows\System\sTokeuV.exe
  C:\Windows\System\sTokeuV.exe
  2⤵
  PID:5384
- C:\Windows\System\FJAAOxv.exe
  C:\Windows\System\FJAAOxv.exe
  2⤵
  PID:5420
- C:\Windows\System\uDEqUZP.exe
  C:\Windows\System\uDEqUZP.exe
  2⤵
  PID:2780
- C:\Windows\System\CufeASB.exe
  C:\Windows\System\CufeASB.exe
  2⤵
  PID:5484
- C:\Windows\System\ustrhNR.exe
  C:\Windows\System\ustrhNR.exe
  2⤵
  PID:5520
- C:\Windows\System\DYeOCDe.exe
  C:\Windows\System\DYeOCDe.exe
  2⤵
  PID:5540
- C:\Windows\System\QQsKHjv.exe
  C:\Windows\System\QQsKHjv.exe
  2⤵
  PID:3052
- C:\Windows\System\uyWmuhv.exe
  C:\Windows\System\uyWmuhv.exe
  2⤵
  PID:5584
- C:\Windows\System\WvPGqOB.exe
  C:\Windows\System\WvPGqOB.exe
  2⤵
  PID:5648
- C:\Windows\System\ibgZMom.exe
  C:\Windows\System\ibgZMom.exe
  2⤵
  PID:5680
- C:\Windows\System\YiEtCHl.exe
  C:\Windows\System\YiEtCHl.exe
  2⤵
  PID:5728
- C:\Windows\System\TOFDOeE.exe
  C:\Windows\System\TOFDOeE.exe
  2⤵
  PID:5740
- C:\Windows\System\xoyMARb.exe
  C:\Windows\System\xoyMARb.exe
  2⤵
  PID:5744
- C:\Windows\System\QEuETbr.exe
  C:\Windows\System\QEuETbr.exe
  2⤵
  PID:5800
- C:\Windows\System\YQvgFOi.exe
  C:\Windows\System\YQvgFOi.exe
  2⤵
  PID:5820
- C:\Windows\System\GqyoHKM.exe
  C:\Windows\System\GqyoHKM.exe
  2⤵
  PID:5864
- C:\Windows\System\jZJmDmn.exe
  C:\Windows\System\jZJmDmn.exe
  2⤵
  PID:5900
- C:\Windows\System\bEKGwZC.exe
  C:\Windows\System\bEKGwZC.exe
  2⤵
  PID:5940
- C:\Windows\System\Vfnghea.exe
  C:\Windows\System\Vfnghea.exe
  2⤵
  PID:5944
- C:\Windows\System\YzmqytD.exe
  C:\Windows\System\YzmqytD.exe
  2⤵
  PID:5984
- C:\Windows\System\etAgOOU.exe
  C:\Windows\System\etAgOOU.exe
  2⤵
  PID:6020
- C:\Windows\System\zhQciIO.exe
  C:\Windows\System\zhQciIO.exe
  2⤵
  PID:2772
- C:\Windows\System\HaAtcjy.exe
  C:\Windows\System\HaAtcjy.exe
  2⤵
  PID:6068
- C:\Windows\System\iuZLLgV.exe
  C:\Windows\System\iuZLLgV.exe
  2⤵
  PID:6124
- C:\Windows\System\xVcRFyO.exe
  C:\Windows\System\xVcRFyO.exe
  2⤵
  PID:3516
- C:\Windows\System\FCIjxDM.exe
  C:\Windows\System\FCIjxDM.exe
  2⤵
  PID:4332
- C:\Windows\System\HOHgnJo.exe
  C:\Windows\System\HOHgnJo.exe
  2⤵
  PID:4708
- C:\Windows\System\ejwYhoH.exe
  C:\Windows\System\ejwYhoH.exe
  2⤵
  PID:4824
- C:\Windows\System\PkiEbYV.exe
  C:\Windows\System\PkiEbYV.exe
  2⤵
  PID:4804
- C:\Windows\System\NpTioDR.exe
  C:\Windows\System\NpTioDR.exe
  2⤵
  PID:5000
- C:\Windows\System\ITnCIlR.exe
  C:\Windows\System\ITnCIlR.exe
  2⤵
  PID:5208
- C:\Windows\System\QOfeptL.exe
  C:\Windows\System\QOfeptL.exe
  2⤵
  PID:5224
- C:\Windows\System\hrZUgnA.exe
  C:\Windows\System\hrZUgnA.exe
  2⤵
  PID:5300
- C:\Windows\System\LvKDSdD.exe
  C:\Windows\System\LvKDSdD.exe
  2⤵
  PID:5364
- C:\Windows\System\CMYCnEv.exe
  C:\Windows\System\CMYCnEv.exe
  2⤵
  PID:5404
- C:\Windows\System\xlgwHVD.exe
  C:\Windows\System\xlgwHVD.exe
  2⤵
  PID:5460
- C:\Windows\System\oHsvTXP.exe
  C:\Windows\System\oHsvTXP.exe
  2⤵
  PID:5524
- C:\Windows\System\wmXbJBs.exe
  C:\Windows\System\wmXbJBs.exe
  2⤵
  PID:5588
- C:\Windows\System\vawkYFd.exe
  C:\Windows\System\vawkYFd.exe
  2⤵
  PID:5624
- C:\Windows\System\KInDsfC.exe
  C:\Windows\System\KInDsfC.exe
  2⤵
  PID:5684
- C:\Windows\System\NumaEgJ.exe
  C:\Windows\System\NumaEgJ.exe
  2⤵
  PID:5708
- C:\Windows\System\TpnpblM.exe
  C:\Windows\System\TpnpblM.exe
  2⤵
  PID:5764
- C:\Windows\System\hRcrhaq.exe
  C:\Windows\System\hRcrhaq.exe
  2⤵
  PID:5840
- C:\Windows\System\lHkeLKQ.exe
  C:\Windows\System\lHkeLKQ.exe
  2⤵
  PID:5920
- C:\Windows\System\dafTUBD.exe
  C:\Windows\System\dafTUBD.exe
  2⤵
  PID:5928
- C:\Windows\System\CtElULN.exe
  C:\Windows\System\CtElULN.exe
  2⤵
  PID:5968
- C:\Windows\System\rDXZXdP.exe
  C:\Windows\System\rDXZXdP.exe
  2⤵
  PID:6024
- C:\Windows\System\ASUQKzs.exe
  C:\Windows\System\ASUQKzs.exe
  2⤵
  PID:6108
- C:\Windows\System\jDTZbrB.exe
  C:\Windows\System\jDTZbrB.exe
  2⤵
  PID:2600
- C:\Windows\System\aVGFMKH.exe
  C:\Windows\System\aVGFMKH.exe
  2⤵
  PID:5108
- C:\Windows\System\AtztPVZ.exe
  C:\Windows\System\AtztPVZ.exe
  2⤵
  PID:4428
- C:\Windows\System\MxghCMK.exe
  C:\Windows\System\MxghCMK.exe
  2⤵
  PID:5144
- C:\Windows\System\PbvPWww.exe
  C:\Windows\System\PbvPWww.exe
  2⤵
  PID:5204
- C:\Windows\System\piRmgjx.exe
  C:\Windows\System\piRmgjx.exe
  2⤵
  PID:5328
- C:\Windows\System\ELxvHuy.exe
  C:\Windows\System\ELxvHuy.exe
  2⤵
  PID:5340
- C:\Windows\System\wrgLBzL.exe
  C:\Windows\System\wrgLBzL.exe
  2⤵
  PID:5428
- C:\Windows\System\BFvQvkf.exe
  C:\Windows\System\BFvQvkf.exe
  2⤵
  PID:5488
- C:\Windows\System\qssDYKV.exe
  C:\Windows\System\qssDYKV.exe
  2⤵
  PID:5548
- C:\Windows\System\BZqrnyJ.exe
  C:\Windows\System\BZqrnyJ.exe
  2⤵
  PID:5668
- C:\Windows\System\PKdMrwp.exe
  C:\Windows\System\PKdMrwp.exe
  2⤵
  PID:5720
- C:\Windows\System\HDnsmob.exe
  C:\Windows\System\HDnsmob.exe
  2⤵
  PID:3040
- C:\Windows\System\wjhfxWA.exe
  C:\Windows\System\wjhfxWA.exe
  2⤵
  PID:5904
- C:\Windows\System\ozgWrBX.exe
  C:\Windows\System\ozgWrBX.exe
  2⤵
  PID:5980
- C:\Windows\System\KVbLHHl.exe
  C:\Windows\System\KVbLHHl.exe
  2⤵
  PID:6100
- C:\Windows\System\YyNfKzR.exe
  C:\Windows\System\YyNfKzR.exe
  2⤵
  PID:5052
- C:\Windows\System\BUOXYIB.exe
  C:\Windows\System\BUOXYIB.exe
  2⤵
  PID:4452
- C:\Windows\System\ArocLma.exe
  C:\Windows\System\ArocLma.exe
  2⤵
  PID:4808
- C:\Windows\System\pQUbBwr.exe
  C:\Windows\System\pQUbBwr.exe
  2⤵
  PID:2840
- C:\Windows\System\WdByWnZ.exe
  C:\Windows\System\WdByWnZ.exe
  2⤵
  PID:5344
- C:\Windows\System\oXlQJSE.exe
  C:\Windows\System\oXlQJSE.exe
  2⤵
  PID:5448
- C:\Windows\System\OsKjCYK.exe
  C:\Windows\System\OsKjCYK.exe
  2⤵
  PID:5560
- C:\Windows\System\jucGFtN.exe
  C:\Windows\System\jucGFtN.exe
  2⤵
  PID:5660
- C:\Windows\System\KkjaHaN.exe
  C:\Windows\System\KkjaHaN.exe
  2⤵
  PID:1732
- C:\Windows\System\itJCyEt.exe
  C:\Windows\System\itJCyEt.exe
  2⤵
  PID:2612
- C:\Windows\System\zIMrdhy.exe
  C:\Windows\System\zIMrdhy.exe
  2⤵
  PID:2956
- C:\Windows\System\vfFTxhC.exe
  C:\Windows\System\vfFTxhC.exe
  2⤵
  PID:2796
- C:\Windows\System\urenCec.exe
  C:\Windows\System\urenCec.exe
  2⤵
  PID:6060
- C:\Windows\System\DdwIvCO.exe
  C:\Windows\System\DdwIvCO.exe
  2⤵
  PID:5200
- C:\Windows\System\QmQPCum.exe
  C:\Windows\System\QmQPCum.exe
  2⤵
  PID:2820
- C:\Windows\System\hgUYjSY.exe
  C:\Windows\System\hgUYjSY.exe
  2⤵
  PID:1640
- C:\Windows\System\iJPSZkH.exe
  C:\Windows\System\iJPSZkH.exe
  2⤵
  PID:5580
- C:\Windows\System\ULTjaBv.exe
  C:\Windows\System\ULTjaBv.exe
  2⤵
  PID:5880
- C:\Windows\System\ADCTQIs.exe
  C:\Windows\System\ADCTQIs.exe
  2⤵
  PID:1396
- C:\Windows\System\alJHJKw.exe
  C:\Windows\System\alJHJKw.exe
  2⤵
  PID:2280
- C:\Windows\System\qlnTurW.exe
  C:\Windows\System\qlnTurW.exe
  2⤵
  PID:4004
- C:\Windows\System\XrcWFwI.exe
  C:\Windows\System\XrcWFwI.exe
  2⤵
  PID:2616
- C:\Windows\System\KeudYmE.exe
  C:\Windows\System\KeudYmE.exe
  2⤵
  PID:1516
- C:\Windows\System\HZYyzbr.exe
  C:\Windows\System\HZYyzbr.exe
  2⤵
  PID:2876
- C:\Windows\System\uSlWcky.exe
  C:\Windows\System\uSlWcky.exe
  2⤵
  PID:2592
- C:\Windows\System\rpiywsi.exe
  C:\Windows\System\rpiywsi.exe
  2⤵
  PID:5856
- C:\Windows\System\bCuKVOu.exe
  C:\Windows\System\bCuKVOu.exe
  2⤵
  PID:4684
- C:\Windows\System\oLEgQmc.exe
  C:\Windows\System\oLEgQmc.exe
  2⤵
  PID:2668
- C:\Windows\System\tjxLRGN.exe
  C:\Windows\System\tjxLRGN.exe
  2⤵
  PID:448
- C:\Windows\System\AHbYCXp.exe
  C:\Windows\System\AHbYCXp.exe
  2⤵
  PID:5620
- C:\Windows\System\QnnvUri.exe
  C:\Windows\System\QnnvUri.exe
  2⤵
  PID:5888
- C:\Windows\System\NpKtNaN.exe
  C:\Windows\System\NpKtNaN.exe
  2⤵
  PID:956
- C:\Windows\System\AQmSYLV.exe
  C:\Windows\System\AQmSYLV.exe
  2⤵
  PID:1152
- C:\Windows\System\vclTafw.exe
  C:\Windows\System\vclTafw.exe
  2⤵
  PID:2944
- C:\Windows\System\wXxoXBd.exe
  C:\Windows\System\wXxoXBd.exe
  2⤵
  PID:6004
- C:\Windows\System\bkSUZhr.exe
  C:\Windows\System\bkSUZhr.exe
  2⤵
  PID:6156
- C:\Windows\System\flHMIFs.exe
  C:\Windows\System\flHMIFs.exe
  2⤵
  PID:6172
- C:\Windows\System\JzOhUeP.exe
  C:\Windows\System\JzOhUeP.exe
  2⤵
  PID:6196
- C:\Windows\System\fWMSqyL.exe
  C:\Windows\System\fWMSqyL.exe
  2⤵
  PID:6212
- C:\Windows\System\FDekZnK.exe
  C:\Windows\System\FDekZnK.exe
  2⤵
  PID:6236
- C:\Windows\System\TRAfLMo.exe
  C:\Windows\System\TRAfLMo.exe
  2⤵
  PID:6252
- C:\Windows\System\xUIQtrf.exe
  C:\Windows\System\xUIQtrf.exe
  2⤵
  PID:6276
- C:\Windows\System\PbLUgwD.exe
  C:\Windows\System\PbLUgwD.exe
  2⤵
  PID:6296
- C:\Windows\System\vDbVwZZ.exe
  C:\Windows\System\vDbVwZZ.exe
  2⤵
  PID:6316
- C:\Windows\System\HLYGHeT.exe
  C:\Windows\System\HLYGHeT.exe
  2⤵
  PID:6332
- C:\Windows\System\LVgbKin.exe
  C:\Windows\System\LVgbKin.exe
  2⤵
  PID:6356
- C:\Windows\System\PnVMYfE.exe
  C:\Windows\System\PnVMYfE.exe
  2⤵
  PID:6376
- C:\Windows\System\tQdXVwz.exe
  C:\Windows\System\tQdXVwz.exe
  2⤵
  PID:6408
- C:\Windows\System\pXNYRHt.exe
  C:\Windows\System\pXNYRHt.exe
  2⤵
  PID:6424
- C:\Windows\System\XbxCsFh.exe
  C:\Windows\System\XbxCsFh.exe
  2⤵
  PID:6444
- C:\Windows\System\IkYdwDE.exe
  C:\Windows\System\IkYdwDE.exe
  2⤵
  PID:6460
- C:\Windows\System\FoaSxwd.exe
  C:\Windows\System\FoaSxwd.exe
  2⤵
  PID:6476
- C:\Windows\System\qERQubG.exe
  C:\Windows\System\qERQubG.exe
  2⤵
  PID:6492
- C:\Windows\System\kCFJQdA.exe
  C:\Windows\System\kCFJQdA.exe
  2⤵
  PID:6512
- C:\Windows\System\tqyxVKb.exe
  C:\Windows\System\tqyxVKb.exe
  2⤵
  PID:6532
- C:\Windows\System\pwIAXVj.exe
  C:\Windows\System\pwIAXVj.exe
  2⤵
  PID:6548
- C:\Windows\System\zNvIJOP.exe
  C:\Windows\System\zNvIJOP.exe
  2⤵
  PID:6564
- C:\Windows\System\rUWkSZr.exe
  C:\Windows\System\rUWkSZr.exe
  2⤵
  PID:6580
- C:\Windows\System\bCQcBFL.exe
  C:\Windows\System\bCQcBFL.exe
  2⤵
  PID:6596
- C:\Windows\System\ChfeUbp.exe
  C:\Windows\System\ChfeUbp.exe
  2⤵
  PID:6612
- C:\Windows\System\ioUFJZh.exe
  C:\Windows\System\ioUFJZh.exe
  2⤵
  PID:6628
- C:\Windows\System\JkfLirT.exe
  C:\Windows\System\JkfLirT.exe
  2⤵
  PID:6672
- C:\Windows\System\wpZfMup.exe
  C:\Windows\System\wpZfMup.exe
  2⤵
  PID:6696
- C:\Windows\System\ylMUjmw.exe
  C:\Windows\System\ylMUjmw.exe
  2⤵
  PID:6712
- C:\Windows\System\bJHiDuk.exe
  C:\Windows\System\bJHiDuk.exe
  2⤵
  PID:6728
- C:\Windows\System\lYXIiqT.exe
  C:\Windows\System\lYXIiqT.exe
  2⤵
  PID:6744
- C:\Windows\System\PcfrhqC.exe
  C:\Windows\System\PcfrhqC.exe
  2⤵
  PID:6764
- C:\Windows\System\yBarDCn.exe
  C:\Windows\System\yBarDCn.exe
  2⤵
  PID:6784
- C:\Windows\System\LjTFHLe.exe
  C:\Windows\System\LjTFHLe.exe
  2⤵
  PID:6800
- C:\Windows\System\kJTKkJA.exe
  C:\Windows\System\kJTKkJA.exe
  2⤵
  PID:6848
- C:\Windows\System\TQoTnFE.exe
  C:\Windows\System\TQoTnFE.exe
  2⤵
  PID:6864
- C:\Windows\System\GrHLvMg.exe
  C:\Windows\System\GrHLvMg.exe
  2⤵
  PID:6888
- C:\Windows\System\ujyWtfn.exe
  C:\Windows\System\ujyWtfn.exe
  2⤵
  PID:6904
- C:\Windows\System\rfBkrvg.exe
  C:\Windows\System\rfBkrvg.exe
  2⤵
  PID:6920
- C:\Windows\System\bCumzsX.exe
  C:\Windows\System\bCumzsX.exe
  2⤵
  PID:6940
- C:\Windows\System\WTZrstr.exe
  C:\Windows\System\WTZrstr.exe
  2⤵
  PID:6956
- C:\Windows\System\sucOzBS.exe
  C:\Windows\System\sucOzBS.exe
  2⤵
  PID:6972
- C:\Windows\System\Jwuvjqv.exe
  C:\Windows\System\Jwuvjqv.exe
  2⤵
  PID:6992
- C:\Windows\System\XLlpkXo.exe
  C:\Windows\System\XLlpkXo.exe
  2⤵
  PID:7016
- C:\Windows\System\pGgSVdP.exe
  C:\Windows\System\pGgSVdP.exe
  2⤵
  PID:7032
- C:\Windows\System\nbeJcSk.exe
  C:\Windows\System\nbeJcSk.exe
  2⤵
  PID:7048
- C:\Windows\System\CXvdLfL.exe
  C:\Windows\System\CXvdLfL.exe
  2⤵
  PID:7068
- C:\Windows\System\kIUcKla.exe
  C:\Windows\System\kIUcKla.exe
  2⤵
  PID:7088
- C:\Windows\System\alwlpFM.exe
  C:\Windows\System\alwlpFM.exe
  2⤵
  PID:7104
- C:\Windows\System\ofbzCvD.exe
  C:\Windows\System\ofbzCvD.exe
  2⤵
  PID:7124
- C:\Windows\System\JMQtCsA.exe
  C:\Windows\System\JMQtCsA.exe
  2⤵
  PID:2816
- C:\Windows\System\tYwhRfn.exe
  C:\Windows\System\tYwhRfn.exe
  2⤵
  PID:2176
- C:\Windows\System\lgJjzli.exe
  C:\Windows\System\lgJjzli.exe
  2⤵
  PID:2160
- C:\Windows\System\NdbEoCQ.exe
  C:\Windows\System\NdbEoCQ.exe
  2⤵
  PID:3028
- C:\Windows\System\OBXCVNR.exe
  C:\Windows\System\OBXCVNR.exe
  2⤵
  PID:6180
- C:\Windows\System\rELeySU.exe
  C:\Windows\System\rELeySU.exe
  2⤵
  PID:6192
- C:\Windows\System\BxJYbxD.exe
  C:\Windows\System\BxJYbxD.exe
  2⤵
  PID:6220
- C:\Windows\System\dqLwyed.exe
  C:\Windows\System\dqLwyed.exe
  2⤵
  PID:3020
- C:\Windows\System\yaLFlIm.exe
  C:\Windows\System\yaLFlIm.exe
  2⤵
  PID:6244
- C:\Windows\System\UOgkpGt.exe
  C:\Windows\System\UOgkpGt.exe
  2⤵
  PID:6272
- C:\Windows\System\PpuNkrw.exe
  C:\Windows\System\PpuNkrw.exe
  2⤵
  PID:6288
- C:\Windows\System\DUnFvXw.exe
  C:\Windows\System\DUnFvXw.exe
  2⤵
  PID:6340
- C:\Windows\System\cTPJAsI.exe
  C:\Windows\System\cTPJAsI.exe
  2⤵
  PID:1380
- C:\Windows\System\gGdcjRS.exe
  C:\Windows\System\gGdcjRS.exe
  2⤵
  PID:680
- C:\Windows\System\leowclk.exe
  C:\Windows\System\leowclk.exe
  2⤵
  PID:1636
- C:\Windows\System\vngjALc.exe
  C:\Windows\System\vngjALc.exe
  2⤵
  PID:1944
- C:\Windows\System\YhZqsAQ.exe
  C:\Windows\System\YhZqsAQ.exe
  2⤵
  PID:6452
- C:\Windows\System\JtcQZPP.exe
  C:\Windows\System\JtcQZPP.exe
  2⤵
  PID:6396
- C:\Windows\System\onDTExK.exe
  C:\Windows\System\onDTExK.exe
  2⤵
  PID:6432
- C:\Windows\System\YUGVklN.exe
  C:\Windows\System\YUGVklN.exe
  2⤵
  PID:6472
- C:\Windows\System\FbSBprC.exe
  C:\Windows\System\FbSBprC.exe
  2⤵
  PID:6540
- C:\Windows\System\xZJqqpE.exe
  C:\Windows\System\xZJqqpE.exe
  2⤵
  PID:6604
- C:\Windows\System\Qapmphc.exe
  C:\Windows\System\Qapmphc.exe
  2⤵
  PID:6520
- C:\Windows\System\yJXTSEn.exe
  C:\Windows\System\yJXTSEn.exe
  2⤵
  PID:6588
- C:\Windows\System\mDAwdeT.exe
  C:\Windows\System\mDAwdeT.exe
  2⤵
  PID:6680
- C:\Windows\System\ZSWGDiq.exe
  C:\Windows\System\ZSWGDiq.exe
  2⤵
  PID:6684
- C:\Windows\System\brEUvoX.exe
  C:\Windows\System\brEUvoX.exe
  2⤵
  PID:6792
- C:\Windows\System\eLYnYbk.exe
  C:\Windows\System\eLYnYbk.exe
  2⤵
  PID:6704
- C:\Windows\System\eZOtnTo.exe
  C:\Windows\System\eZOtnTo.exe
  2⤵
  PID:6736
- C:\Windows\System\JTbrzbM.exe
  C:\Windows\System\JTbrzbM.exe
  2⤵
  PID:6808
- C:\Windows\System\hNNDNpy.exe
  C:\Windows\System\hNNDNpy.exe
  2⤵
  PID:6832
- C:\Windows\System\PGtEFvH.exe
  C:\Windows\System\PGtEFvH.exe
  2⤵
  PID:6384
- C:\Windows\System\SshbRLF.exe
  C:\Windows\System\SshbRLF.exe
  2⤵
  PID:6880
- C:\Windows\System\afarIiN.exe
  C:\Windows\System\afarIiN.exe
  2⤵
  PID:6896
- C:\Windows\System\werScyb.exe
  C:\Windows\System\werScyb.exe
  2⤵
  PID:6952
- C:\Windows\System\AoyTfcU.exe
  C:\Windows\System\AoyTfcU.exe
  2⤵
  PID:7000
- C:\Windows\System\UQZUTPK.exe
  C:\Windows\System\UQZUTPK.exe
  2⤵
  PID:7076
- C:\Windows\System\uXYvxBR.exe
  C:\Windows\System\uXYvxBR.exe
  2⤵
  PID:7116
- C:\Windows\System\BfuEOOj.exe
  C:\Windows\System\BfuEOOj.exe
  2⤵
  PID:6988
- C:\Windows\System\WWnPbBH.exe
  C:\Windows\System\WWnPbBH.exe
  2⤵
  PID:7064
- C:\Windows\System\YHZCDUH.exe
  C:\Windows\System\YHZCDUH.exe
  2⤵
  PID:7144
- C:\Windows\System\kspMtol.exe
  C:\Windows\System\kspMtol.exe
  2⤵
  PID:6148
- C:\Windows\System\qdwLeYi.exe
  C:\Windows\System\qdwLeYi.exe
  2⤵
  PID:6232
- C:\Windows\System\xCwLOss.exe
  C:\Windows\System\xCwLOss.exe
  2⤵
  PID:7152
- C:\Windows\System\PkJiequ.exe
  C:\Windows\System\PkJiequ.exe
  2⤵
  PID:328
- C:\Windows\System\jdXECFC.exe
  C:\Windows\System\jdXECFC.exe
  2⤵
  PID:6372
- C:\Windows\System\vwsznda.exe
  C:\Windows\System\vwsznda.exe
  2⤵
  PID:6468
- C:\Windows\System\uqPHXtz.exe
  C:\Windows\System\uqPHXtz.exe
  2⤵
  PID:7160
- C:\Windows\System\TlKfcWj.exe
  C:\Windows\System\TlKfcWj.exe
  2⤵
  PID:2572
- C:\Windows\System\XCKWgKX.exe
  C:\Windows\System\XCKWgKX.exe
  2⤵
  PID:6284
- C:\Windows\System\mhZvkWe.exe
  C:\Windows\System\mhZvkWe.exe
  2⤵
  PID:6368
- C:\Windows\System\VwSNsse.exe
  C:\Windows\System\VwSNsse.exe
  2⤵
  PID:6484
- C:\Windows\System\hSvQTsP.exe
  C:\Windows\System\hSvQTsP.exe
  2⤵
  PID:6560
- C:\Windows\System\ZEnHInY.exe
  C:\Windows\System\ZEnHInY.exe
  2⤵
  PID:6756
- C:\Windows\System\kZmfAxF.exe
  C:\Windows\System\kZmfAxF.exe
  2⤵
  PID:6844
- C:\Windows\System\UuYITLI.exe
  C:\Windows\System\UuYITLI.exe
  2⤵
  PID:6916
- C:\Windows\System\yysLpOK.exe
  C:\Windows\System\yysLpOK.exe
  2⤵
  PID:6928
- C:\Windows\System\pnDHnJc.exe
  C:\Windows\System\pnDHnJc.exe
  2⤵
  PID:7028
- C:\Windows\System\tGGBuyT.exe
  C:\Windows\System\tGGBuyT.exe
  2⤵
  PID:6260
- C:\Windows\System\UvkQQBc.exe
  C:\Windows\System\UvkQQBc.exe
  2⤵
  PID:6576
- C:\Windows\System\EoBtnsf.exe
  C:\Windows\System\EoBtnsf.exe
  2⤵
  PID:2368
- C:\Windows\System\qlcSnJj.exe
  C:\Windows\System\qlcSnJj.exe
  2⤵
  PID:7184
- C:\Windows\System\OkbSdka.exe
  C:\Windows\System\OkbSdka.exe
  2⤵
  PID:7204
- C:\Windows\System\rVqFJRh.exe
  C:\Windows\System\rVqFJRh.exe
  2⤵
  PID:7228
- C:\Windows\System\LEgLLYC.exe
  C:\Windows\System\LEgLLYC.exe
  2⤵
  PID:7248
- C:\Windows\System\HsSofwN.exe
  C:\Windows\System\HsSofwN.exe
  2⤵
  PID:7264
- C:\Windows\System\AUFCyhc.exe
  C:\Windows\System\AUFCyhc.exe
  2⤵
  PID:7280
- C:\Windows\System\kYxNatp.exe
  C:\Windows\System\kYxNatp.exe
  2⤵
  PID:7296
- C:\Windows\System\WxBRacb.exe
  C:\Windows\System\WxBRacb.exe
  2⤵
  PID:7312
- C:\Windows\System\FhKDGky.exe
  C:\Windows\System\FhKDGky.exe
  2⤵
  PID:7332
- C:\Windows\System\KKmjwJA.exe
  C:\Windows\System\KKmjwJA.exe
  2⤵
  PID:7348
- C:\Windows\System\pDbzFhd.exe
  C:\Windows\System\pDbzFhd.exe
  2⤵
  PID:7364
- C:\Windows\System\bpTWZxu.exe
  C:\Windows\System\bpTWZxu.exe
  2⤵
  PID:7536
- C:\Windows\System\jrMpsWm.exe
  C:\Windows\System\jrMpsWm.exe
  2⤵
  PID:7552
- C:\Windows\System\KNRHSGC.exe
  C:\Windows\System\KNRHSGC.exe
  2⤵
  PID:7568
- C:\Windows\System\kGhqucO.exe
  C:\Windows\System\kGhqucO.exe
  2⤵
  PID:7584
- C:\Windows\System\utSYOcd.exe
  C:\Windows\System\utSYOcd.exe
  2⤵
  PID:7604
- C:\Windows\System\dteambg.exe
  C:\Windows\System\dteambg.exe
  2⤵
  PID:7620
- C:\Windows\System\pPiAsnI.exe
  C:\Windows\System\pPiAsnI.exe
  2⤵
  PID:7636
- C:\Windows\System\kegrEDp.exe
  C:\Windows\System\kegrEDp.exe
  2⤵
  PID:7652
- C:\Windows\System\TLkjFXA.exe
  C:\Windows\System\TLkjFXA.exe
  2⤵
  PID:7668
- C:\Windows\System\vyxBJpm.exe
  C:\Windows\System\vyxBJpm.exe
  2⤵
  PID:7684
- C:\Windows\System\wzejfnD.exe
  C:\Windows\System\wzejfnD.exe
  2⤵
  PID:7700
- C:\Windows\System\lRjmJjw.exe
  C:\Windows\System\lRjmJjw.exe
  2⤵
  PID:7716
- C:\Windows\System\CWzklWq.exe
  C:\Windows\System\CWzklWq.exe
  2⤵
  PID:7732
- C:\Windows\System\RAECvVy.exe
  C:\Windows\System\RAECvVy.exe
  2⤵
  PID:7752
- C:\Windows\System\gwoUsGm.exe
  C:\Windows\System\gwoUsGm.exe
  2⤵
  PID:7768
- C:\Windows\System\KDQlgyb.exe
  C:\Windows\System\KDQlgyb.exe
  2⤵
  PID:7784
- C:\Windows\System\tUoiCyN.exe
  C:\Windows\System\tUoiCyN.exe
  2⤵
  PID:7800
- C:\Windows\System\TakLOGT.exe
  C:\Windows\System\TakLOGT.exe
  2⤵
  PID:7816
- C:\Windows\System\zSJGkPz.exe
  C:\Windows\System\zSJGkPz.exe
  2⤵
  PID:7832
- C:\Windows\System\etvyVcR.exe
  C:\Windows\System\etvyVcR.exe
  2⤵
  PID:7848
- C:\Windows\System\RctOcXO.exe
  C:\Windows\System\RctOcXO.exe
  2⤵
  PID:7868
- C:\Windows\System\nTQuOuQ.exe
  C:\Windows\System\nTQuOuQ.exe
  2⤵
  PID:7888
- C:\Windows\System\wyYYqSN.exe
  C:\Windows\System\wyYYqSN.exe
  2⤵
  PID:7912
- C:\Windows\System\wcnUcHl.exe
  C:\Windows\System\wcnUcHl.exe
  2⤵
  PID:7928
- C:\Windows\System\MtRcIiM.exe
  C:\Windows\System\MtRcIiM.exe
  2⤵
  PID:7952
- C:\Windows\System\RXmNhbO.exe
  C:\Windows\System\RXmNhbO.exe
  2⤵
  PID:7980
- C:\Windows\System\rYDVZSU.exe
  C:\Windows\System\rYDVZSU.exe
  2⤵
  PID:8016
- C:\Windows\System\xxWuXzX.exe
  C:\Windows\System\xxWuXzX.exe
  2⤵
  PID:8040
- C:\Windows\System\XYfJfzA.exe
  C:\Windows\System\XYfJfzA.exe
  2⤵
  PID:8056
- C:\Windows\System\euivVtz.exe
  C:\Windows\System\euivVtz.exe
  2⤵
  PID:8080
- C:\Windows\System\HfwaxyH.exe
  C:\Windows\System\HfwaxyH.exe
  2⤵
  PID:8108
- C:\Windows\System\DkgSBzJ.exe
  C:\Windows\System\DkgSBzJ.exe
  2⤵
  PID:8124
- C:\Windows\System\PJbFCNm.exe
  C:\Windows\System\PJbFCNm.exe
  2⤵
  PID:8140
- C:\Windows\System\TjKQgqg.exe
  C:\Windows\System\TjKQgqg.exe
  2⤵
  PID:8156
- C:\Windows\System\wZFkjkF.exe
  C:\Windows\System\wZFkjkF.exe
  2⤵
  PID:8172
- C:\Windows\System\yhGNuUW.exe
  C:\Windows\System\yhGNuUW.exe
  2⤵
  PID:6392
- C:\Windows\System\SFKelFp.exe
  C:\Windows\System\SFKelFp.exe
  2⤵
  PID:6876
- C:\Windows\System\JvOXaja.exe
  C:\Windows\System\JvOXaja.exe
  2⤵
  PID:6648
- C:\Windows\System\veeHbNa.exe
  C:\Windows\System\veeHbNa.exe
  2⤵
  PID:7176
- C:\Windows\System\SdKeqzE.exe
  C:\Windows\System\SdKeqzE.exe
  2⤵
  PID:7220
- C:\Windows\System\poRLijE.exe
  C:\Windows\System\poRLijE.exe
  2⤵
  PID:7288
- C:\Windows\System\OHYRLBg.exe
  C:\Windows\System\OHYRLBg.exe
  2⤵
  PID:6660
- C:\Windows\System\TIyExjw.exe
  C:\Windows\System\TIyExjw.exe
  2⤵
  PID:7356
- C:\Windows\System\bQuggCQ.exe
  C:\Windows\System\bQuggCQ.exe
  2⤵
  PID:6816
- C:\Windows\System\YSDtyUS.exe
  C:\Windows\System\YSDtyUS.exe
  2⤵
  PID:6840
- C:\Windows\System\zwhStsh.exe
  C:\Windows\System\zwhStsh.exe
  2⤵
  PID:7372
- C:\Windows\System\qajmOaG.exe
  C:\Windows\System\qajmOaG.exe
  2⤵
  PID:6760
- C:\Windows\System\MXzzTMD.exe
  C:\Windows\System\MXzzTMD.exe
  2⤵
  PID:6828
- C:\Windows\System\LqqVwrH.exe
  C:\Windows\System\LqqVwrH.exe
  2⤵
  PID:6948
- C:\Windows\System\HpIYDnR.exe
  C:\Windows\System\HpIYDnR.exe
  2⤵
  PID:6188
- C:\Windows\System\PNuKXiH.exe
  C:\Windows\System\PNuKXiH.exe
  2⤵
  PID:6420
- C:\Windows\System\EDPCBZq.exe
  C:\Windows\System\EDPCBZq.exe
  2⤵
  PID:576
- C:\Windows\System\dZtKSEk.exe
  C:\Windows\System\dZtKSEk.exe
  2⤵
  PID:6504
- C:\Windows\System\VzuirHd.exe
  C:\Windows\System\VzuirHd.exe
  2⤵
  PID:6224
- C:\Windows\System\UiGyzgn.exe
  C:\Windows\System\UiGyzgn.exe
  2⤵
  PID:7244
- C:\Windows\System\fvDhCeT.exe
  C:\Windows\System\fvDhCeT.exe
  2⤵
  PID:7344
- C:\Windows\System\IbAImFS.exe
  C:\Windows\System\IbAImFS.exe
  2⤵
  PID:7392
- C:\Windows\System\gEFAqBR.exe
  C:\Windows\System\gEFAqBR.exe
  2⤵
  PID:7408
- C:\Windows\System\RNzLQku.exe
  C:\Windows\System\RNzLQku.exe
  2⤵
  PID:7544
- C:\Windows\System\OBvqgQz.exe
  C:\Windows\System\OBvqgQz.exe
  2⤵
  PID:7436
- C:\Windows\System\AOyUySl.exe
  C:\Windows\System\AOyUySl.exe
  2⤵
  PID:7452
- C:\Windows\System\bobjFII.exe
  C:\Windows\System\bobjFII.exe
  2⤵
  PID:7472
- C:\Windows\System\NeubqRP.exe
  C:\Windows\System\NeubqRP.exe
  2⤵
  PID:7496
- C:\Windows\System\jrxoUmZ.exe
  C:\Windows\System\jrxoUmZ.exe
  2⤵
  PID:7512
- C:\Windows\System\LWjPaLX.exe
  C:\Windows\System\LWjPaLX.exe
  2⤵
  PID:7376
- C:\Windows\System\qPFGDKy.exe
  C:\Windows\System\qPFGDKy.exe
  2⤵
  PID:7600
- C:\Windows\System\aOZeMjp.exe
  C:\Windows\System\aOZeMjp.exe
  2⤵
  PID:7580
- C:\Windows\System\dnDYeSZ.exe
  C:\Windows\System\dnDYeSZ.exe
  2⤵
  PID:7616
- C:\Windows\System\edAJTWp.exe
  C:\Windows\System\edAJTWp.exe
  2⤵
  PID:7676
- C:\Windows\System\PKCGQki.exe
  C:\Windows\System\PKCGQki.exe
  2⤵
  PID:7692
- C:\Windows\System\ESkIhVx.exe
  C:\Windows\System\ESkIhVx.exe
  2⤵
  PID:7764
- C:\Windows\System\mKVxGJa.exe
  C:\Windows\System\mKVxGJa.exe
  2⤵
  PID:7828
- C:\Windows\System\JDfknGy.exe
  C:\Windows\System\JDfknGy.exe
  2⤵
  PID:7780
- C:\Windows\System\IyBSWES.exe
  C:\Windows\System\IyBSWES.exe
  2⤵
  PID:7844
- C:\Windows\System\KMwNVmH.exe
  C:\Windows\System\KMwNVmH.exe
  2⤵
  PID:7824
- C:\Windows\System\hwVycCB.exe
  C:\Windows\System\hwVycCB.exe
  2⤵
  PID:7896
- C:\Windows\System\vumIcHd.exe
  C:\Windows\System\vumIcHd.exe
  2⤵
  PID:7944
- C:\Windows\System\akOvDor.exe
  C:\Windows\System\akOvDor.exe
  2⤵
  PID:7964
- C:\Windows\System\joXJELa.exe
  C:\Windows\System\joXJELa.exe
  2⤵
  PID:8036
- C:\Windows\System\nOExwqb.exe
  C:\Windows\System\nOExwqb.exe
  2⤵
  PID:8116
- C:\Windows\System\fkdCXvZ.exe
  C:\Windows\System\fkdCXvZ.exe
  2⤵
  PID:8184
- C:\Windows\System\AGJZDXS.exe
  C:\Windows\System\AGJZDXS.exe
  2⤵
  PID:8104
- C:\Windows\System\HPEGUIm.exe
  C:\Windows\System\HPEGUIm.exe
  2⤵
  PID:8004
- C:\Windows\System\JdlMyuw.exe
  C:\Windows\System\JdlMyuw.exe
  2⤵
  PID:8092
- C:\Windows\System\GfGAxiF.exe
  C:\Windows\System\GfGAxiF.exe
  2⤵
  PID:8168
- C:\Windows\System\zHXbbgY.exe
  C:\Windows\System\zHXbbgY.exe
  2⤵
  PID:7256
- C:\Windows\System\WIHQtZK.exe
  C:\Windows\System\WIHQtZK.exe
  2⤵
  PID:7216
- C:\Windows\System\frbftlb.exe
  C:\Windows\System\frbftlb.exe
  2⤵
  PID:6968
- C:\Windows\System\wplmnhx.exe
  C:\Windows\System\wplmnhx.exe
  2⤵
  PID:6752
- C:\Windows\System\wGLeKhJ.exe
  C:\Windows\System\wGLeKhJ.exe
  2⤵
  PID:7156
- C:\Windows\System\kjibJws.exe
  C:\Windows\System\kjibJws.exe
  2⤵
  PID:6168
- C:\Windows\System\YtaswDF.exe
  C:\Windows\System\YtaswDF.exe
  2⤵
  PID:7272
- C:\Windows\System\zquMvGG.exe
  C:\Windows\System\zquMvGG.exe
  2⤵
  PID:5264
- C:\Windows\System\ngOpArF.exe
  C:\Windows\System\ngOpArF.exe
  2⤵
  PID:7400
- C:\Windows\System\IKjjlih.exe
  C:\Windows\System\IKjjlih.exe
  2⤵
  PID:7432
- C:\Windows\System\WbDsRUo.exe
  C:\Windows\System\WbDsRUo.exe
  2⤵
  PID:7508
- C:\Windows\System\klSMusv.exe
  C:\Windows\System\klSMusv.exe
  2⤵
  PID:7592
- C:\Windows\System\AYrloEw.exe
  C:\Windows\System\AYrloEw.exe
  2⤵
  PID:7708
- C:\Windows\System\LfBWIDw.exe
  C:\Windows\System\LfBWIDw.exe
  2⤵
  PID:6312
- C:\Windows\System\SkfKHcT.exe
  C:\Windows\System\SkfKHcT.exe
  2⤵
  PID:7196
- C:\Windows\System\KrgQoXv.exe
  C:\Windows\System\KrgQoXv.exe
  2⤵
  PID:7388
- C:\Windows\System\QiuXKvC.exe
  C:\Windows\System\QiuXKvC.exe
  2⤵
  PID:7448
- C:\Windows\System\GTYCBlZ.exe
  C:\Windows\System\GTYCBlZ.exe
  2⤵
  PID:7524
- C:\Windows\System\CJOvQap.exe
  C:\Windows\System\CJOvQap.exe
  2⤵
  PID:7648
- C:\Windows\System\edYgkYn.exe
  C:\Windows\System\edYgkYn.exe
  2⤵
  PID:7776
- C:\Windows\System\ZqrwbUQ.exe
  C:\Windows\System\ZqrwbUQ.exe
  2⤵
  PID:7908
- C:\Windows\System\FXQjcVj.exe
  C:\Windows\System\FXQjcVj.exe
  2⤵
  PID:7860
- C:\Windows\System\trWqJNk.exe
  C:\Windows\System\trWqJNk.exe
  2⤵
  PID:7924
- C:\Windows\System\kLJhNrW.exe
  C:\Windows\System\kLJhNrW.exe
  2⤵
  PID:8028
- C:\Windows\System\vQumcov.exe
  C:\Windows\System\vQumcov.exe
  2⤵
  PID:8180
- C:\Windows\System\DVYRQIN.exe
  C:\Windows\System\DVYRQIN.exe
  2⤵
  PID:8048
- C:\Windows\System\aMEkRTx.exe
  C:\Windows\System\aMEkRTx.exe
  2⤵
  PID:1988
- C:\Windows\System\qNQwogb.exe
  C:\Windows\System\qNQwogb.exe
  2⤵
  PID:7008
- C:\Windows\System\PuWZMOW.exe
  C:\Windows\System\PuWZMOW.exe
  2⤵
  PID:6872
- C:\Windows\System\KyMxyMm.exe
  C:\Windows\System\KyMxyMm.exe
  2⤵
  PID:6824
- C:\Windows\System\mVmwfhG.exe
  C:\Windows\System\mVmwfhG.exe
  2⤵
  PID:7324
- C:\Windows\System\qXXhpeB.exe
  C:\Windows\System\qXXhpeB.exe
  2⤵
  PID:7468
- C:\Windows\System\lqHkScA.exe
  C:\Windows\System\lqHkScA.exe
  2⤵
  PID:7212
- C:\Windows\System\ieFSKgR.exe
  C:\Windows\System\ieFSKgR.exe
  2⤵
  PID:7140
- C:\Windows\System\gqOqzpF.exe
  C:\Windows\System\gqOqzpF.exe
  2⤵
  PID:2352
- C:\Windows\System\MoMVWPx.exe
  C:\Windows\System\MoMVWPx.exe
  2⤵
  PID:7576
- C:\Windows\System\MaHSSXz.exe
  C:\Windows\System\MaHSSXz.exe
  2⤵
  PID:7792
- C:\Windows\System\yKWhaiF.exe
  C:\Windows\System\yKWhaiF.exe
  2⤵
  PID:7904
- C:\Windows\System\PwFaUQE.exe
  C:\Windows\System\PwFaUQE.exe
  2⤵
  PID:7240
- C:\Windows\System\mwsiZyA.exe
  C:\Windows\System\mwsiZyA.exe
  2⤵
  PID:7748
- C:\Windows\System\vnubsEG.exe
  C:\Windows\System\vnubsEG.exe
  2⤵
  PID:8076
- C:\Windows\System\fAvWRiE.exe
  C:\Windows\System\fAvWRiE.exe
  2⤵
  PID:8132
- C:\Windows\System\SlFiLWx.exe
  C:\Windows\System\SlFiLWx.exe
  2⤵
  PID:8136
- C:\Windows\System\aOjrNef.exe
  C:\Windows\System\aOjrNef.exe
  2⤵
  PID:7664
- C:\Windows\System\zeCWcPD.exe
  C:\Windows\System\zeCWcPD.exe
  2⤵
  PID:2924
- C:\Windows\System\cXUXEos.exe
  C:\Windows\System\cXUXEos.exe
  2⤵
  PID:7096
- C:\Windows\System\kPgtHIz.exe
  C:\Windows\System\kPgtHIz.exe
  2⤵
  PID:7428
- C:\Windows\System\GofHwHe.exe
  C:\Windows\System\GofHwHe.exe
  2⤵
  PID:7444
- C:\Windows\System\KbATRvN.exe
  C:\Windows\System\KbATRvN.exe
  2⤵
  PID:8100
- C:\Windows\System\XguzXjN.exe
  C:\Windows\System\XguzXjN.exe
  2⤵
  PID:7520
- C:\Windows\System\eqRUsaD.exe
  C:\Windows\System\eqRUsaD.exe
  2⤵
  PID:7660
- C:\Windows\System\iSWYOCK.exe
  C:\Windows\System\iSWYOCK.exe
  2⤵
  PID:7328
- C:\Windows\System\MtGXdjd.exe
  C:\Windows\System\MtGXdjd.exe
  2⤵
  PID:7420
- C:\Windows\System\pJPJWck.exe
  C:\Windows\System\pJPJWck.exe
  2⤵
  PID:8196
- C:\Windows\System\veYDQBs.exe
  C:\Windows\System\veYDQBs.exe
  2⤵
  PID:8212
- C:\Windows\System\mjYuNLJ.exe
  C:\Windows\System\mjYuNLJ.exe
  2⤵
  PID:8228
- C:\Windows\System\MAuCmlk.exe
  C:\Windows\System\MAuCmlk.exe
  2⤵
  PID:8244
- C:\Windows\System\JXWiuBo.exe
  C:\Windows\System\JXWiuBo.exe
  2⤵
  PID:8260
- C:\Windows\System\JWSHopo.exe
  C:\Windows\System\JWSHopo.exe
  2⤵
  PID:8276
- C:\Windows\System\MSpTipP.exe
  C:\Windows\System\MSpTipP.exe
  2⤵
  PID:8292
- C:\Windows\System\MMraNsD.exe
  C:\Windows\System\MMraNsD.exe
  2⤵
  PID:8308
- C:\Windows\System\djeHbgK.exe
  C:\Windows\System\djeHbgK.exe
  2⤵
  PID:8324
- C:\Windows\System\gYkqJBJ.exe
  C:\Windows\System\gYkqJBJ.exe
  2⤵
  PID:8340
- C:\Windows\System\QfFohIw.exe
  C:\Windows\System\QfFohIw.exe
  2⤵
  PID:8356
- C:\Windows\System\fQdGQII.exe
  C:\Windows\System\fQdGQII.exe
  2⤵
  PID:8372
- C:\Windows\System\gKWwoHS.exe
  C:\Windows\System\gKWwoHS.exe
  2⤵
  PID:8388
- C:\Windows\System\CKxzOOp.exe
  C:\Windows\System\CKxzOOp.exe
  2⤵
  PID:8404
- C:\Windows\System\sEFbLBB.exe
  C:\Windows\System\sEFbLBB.exe
  2⤵
  PID:8420
- C:\Windows\System\dXjaVgT.exe
  C:\Windows\System\dXjaVgT.exe
  2⤵
  PID:8436
- C:\Windows\System\urnVYJx.exe
  C:\Windows\System\urnVYJx.exe
  2⤵
  PID:8452
- C:\Windows\System\HoSHybd.exe
  C:\Windows\System\HoSHybd.exe
  2⤵
  PID:8468
- C:\Windows\System\tscIGEd.exe
  C:\Windows\System\tscIGEd.exe
  2⤵
  PID:8484
- C:\Windows\System\aUYNakw.exe
  C:\Windows\System\aUYNakw.exe
  2⤵
  PID:8500
- C:\Windows\System\krijnvV.exe
  C:\Windows\System\krijnvV.exe
  2⤵
  PID:8520
- C:\Windows\System\pbcPdfm.exe
  C:\Windows\System\pbcPdfm.exe
  2⤵
  PID:8536
- C:\Windows\System\FwEGTqy.exe
  C:\Windows\System\FwEGTqy.exe
  2⤵
  PID:8552
- C:\Windows\System\lMvUxnr.exe
  C:\Windows\System\lMvUxnr.exe
  2⤵
  PID:8568
- C:\Windows\System\isXKUtj.exe
  C:\Windows\System\isXKUtj.exe
  2⤵
  PID:8584
- C:\Windows\System\dAtfgMi.exe
  C:\Windows\System\dAtfgMi.exe
  2⤵
  PID:8604
- C:\Windows\System\vVFPqXG.exe
  C:\Windows\System\vVFPqXG.exe
  2⤵
  PID:8620
- C:\Windows\System\zRJNomm.exe
  C:\Windows\System\zRJNomm.exe
  2⤵
  PID:8636
- C:\Windows\System\UWahMKW.exe
  C:\Windows\System\UWahMKW.exe
  2⤵
  PID:8652
- C:\Windows\System\omhlyhC.exe
  C:\Windows\System\omhlyhC.exe
  2⤵
  PID:8668
- C:\Windows\System\LhTIMWP.exe
  C:\Windows\System\LhTIMWP.exe
  2⤵
  PID:8684
- C:\Windows\System\GkCDkbm.exe
  C:\Windows\System\GkCDkbm.exe
  2⤵
  PID:8700
- C:\Windows\System\wignbje.exe
  C:\Windows\System\wignbje.exe
  2⤵
  PID:8716
- C:\Windows\System\BpCEotX.exe
  C:\Windows\System\BpCEotX.exe
  2⤵
  PID:8732
- C:\Windows\System\ikGdugu.exe
  C:\Windows\System\ikGdugu.exe
  2⤵
  PID:8748
- C:\Windows\System\XkxQfWo.exe
  C:\Windows\System\XkxQfWo.exe
  2⤵
  PID:8764
- C:\Windows\System\SMZMAGG.exe
  C:\Windows\System\SMZMAGG.exe
  2⤵
  PID:8780
- C:\Windows\System\hqSSPKn.exe
  C:\Windows\System\hqSSPKn.exe
  2⤵
  PID:8796
- C:\Windows\System\RzPGhCw.exe
  C:\Windows\System\RzPGhCw.exe
  2⤵
  PID:8812
- C:\Windows\System\zhoCmNs.exe
  C:\Windows\System\zhoCmNs.exe
  2⤵
  PID:8828
- C:\Windows\System\yzBlhma.exe
  C:\Windows\System\yzBlhma.exe
  2⤵
  PID:8844
- C:\Windows\System\oNRuGCZ.exe
  C:\Windows\System\oNRuGCZ.exe
  2⤵
  PID:8860
- C:\Windows\System\gJjCuTy.exe
  C:\Windows\System\gJjCuTy.exe
  2⤵
  PID:8876
- C:\Windows\System\mGNIxTm.exe
  C:\Windows\System\mGNIxTm.exe
  2⤵
  PID:8892
- C:\Windows\System\LNISiFV.exe
  C:\Windows\System\LNISiFV.exe
  2⤵
  PID:8908
- C:\Windows\System\mifZYjL.exe
  C:\Windows\System\mifZYjL.exe
  2⤵
  PID:8924
- C:\Windows\System\ckYCHtZ.exe
  C:\Windows\System\ckYCHtZ.exe
  2⤵
  PID:8940
- C:\Windows\System\DGSVLCv.exe
  C:\Windows\System\DGSVLCv.exe
  2⤵
  PID:8956
- C:\Windows\System\pYgUmqc.exe
  C:\Windows\System\pYgUmqc.exe
  2⤵
  PID:8972
- C:\Windows\System\byrqkor.exe
  C:\Windows\System\byrqkor.exe
  2⤵
  PID:8988
- C:\Windows\System\GGBVPlW.exe
  C:\Windows\System\GGBVPlW.exe
  2⤵
  PID:9004
- C:\Windows\System\EPYCJyZ.exe
  C:\Windows\System\EPYCJyZ.exe
  2⤵
  PID:9020
- C:\Windows\System\FdgcZHs.exe
  C:\Windows\System\FdgcZHs.exe
  2⤵
  PID:9052
- C:\Windows\System\nvDSAFu.exe
  C:\Windows\System\nvDSAFu.exe
  2⤵
  PID:9088
- C:\Windows\System\lYQXYdZ.exe
  C:\Windows\System\lYQXYdZ.exe
  2⤵
  PID:9104
- C:\Windows\System\XDrZVBz.exe
  C:\Windows\System\XDrZVBz.exe
  2⤵
  PID:9120
- C:\Windows\System\qGJmgOf.exe
  C:\Windows\System\qGJmgOf.exe
  2⤵
  PID:9144
- C:\Windows\System\XluNOPL.exe
  C:\Windows\System\XluNOPL.exe
  2⤵
  PID:9160
- C:\Windows\System\gBBPfWL.exe
  C:\Windows\System\gBBPfWL.exe
  2⤵
  PID:9176
- C:\Windows\System\DIbWFOf.exe
  C:\Windows\System\DIbWFOf.exe
  2⤵
  PID:9196
- C:\Windows\System\tUgxTKb.exe
  C:\Windows\System\tUgxTKb.exe
  2⤵
  PID:9212
- C:\Windows\System\aLTuliM.exe
  C:\Windows\System\aLTuliM.exe
  2⤵
  PID:8152
- C:\Windows\System\eXhPmyM.exe
  C:\Windows\System\eXhPmyM.exe
  2⤵
  PID:7492
- C:\Windows\System\PWOrAvW.exe
  C:\Windows\System\PWOrAvW.exe
  2⤵
  PID:2548
- C:\Windows\System\IvQGDVx.exe
  C:\Windows\System\IvQGDVx.exe
  2⤵
  PID:8240
- C:\Windows\System\xjKGlZR.exe
  C:\Windows\System\xjKGlZR.exe
  2⤵
  PID:8284
- C:\Windows\System\eMHeuuE.exe
  C:\Windows\System\eMHeuuE.exe
  2⤵
  PID:8300
- C:\Windows\System\EdArAMS.exe
  C:\Windows\System\EdArAMS.exe
  2⤵
  PID:8316
- C:\Windows\System\iAlewnr.exe
  C:\Windows\System\iAlewnr.exe
  2⤵
  PID:7880
- C:\Windows\System\dKNirGE.exe
  C:\Windows\System\dKNirGE.exe
  2⤵
  PID:8428
- C:\Windows\System\MTCiOTs.exe
  C:\Windows\System\MTCiOTs.exe
  2⤵
  PID:8380
- C:\Windows\System\DdxCsSD.exe
  C:\Windows\System\DdxCsSD.exe
  2⤵
  PID:8464
- C:\Windows\System\jtBWdWC.exe
  C:\Windows\System\jtBWdWC.exe
  2⤵
  PID:8512
- C:\Windows\System\xSbQtMF.exe
  C:\Windows\System\xSbQtMF.exe
  2⤵
  PID:8576
- C:\Windows\System\DAyuoEX.exe
  C:\Windows\System\DAyuoEX.exe
  2⤵
  PID:8492
- C:\Windows\System\RCIqAOJ.exe
  C:\Windows\System\RCIqAOJ.exe
  2⤵
  PID:8560
- C:\Windows\System\EGKsZrH.exe
  C:\Windows\System\EGKsZrH.exe
  2⤵
  PID:8600
- C:\Windows\System\zuVoFNM.exe
  C:\Windows\System\zuVoFNM.exe
  2⤵
  PID:8692
- C:\Windows\System\TFhDZWu.exe
  C:\Windows\System\TFhDZWu.exe
  2⤵
  PID:8728
- C:\Windows\System\WvQOlzS.exe
  C:\Windows\System\WvQOlzS.exe
  2⤵
  PID:8792
- C:\Windows\System\NvqCyxO.exe
  C:\Windows\System\NvqCyxO.exe
  2⤵
  PID:8856
- C:\Windows\System\QSDgZgG.exe
  C:\Windows\System\QSDgZgG.exe
  2⤵
  PID:8920
- C:\Windows\System\zSgiHEo.exe
  C:\Windows\System\zSgiHEo.exe
  2⤵
  PID:8648
- C:\Windows\System\lQtCXLO.exe
  C:\Windows\System\lQtCXLO.exe
  2⤵
  PID:8712
- C:\Windows\System\LsRYuto.exe
  C:\Windows\System\LsRYuto.exe
  2⤵
  PID:8776
- C:\Windows\System\uMHjUVh.exe
  C:\Windows\System\uMHjUVh.exe
  2⤵
  PID:8840
- C:\Windows\System\JmHodGP.exe
  C:\Windows\System\JmHodGP.exe
  2⤵
  PID:8904
- C:\Windows\System\RTUgTXs.exe
  C:\Windows\System\RTUgTXs.exe
  2⤵
  PID:8968
- C:\Windows\System\vPPTjZK.exe
  C:\Windows\System\vPPTjZK.exe
  2⤵
  PID:8984
- C:\Windows\System\LwbcQha.exe
  C:\Windows\System\LwbcQha.exe
  2⤵
  PID:8996
- C:\Windows\System\dkcQfmB.exe
  C:\Windows\System\dkcQfmB.exe
  2⤵
  PID:9036
- C:\Windows\System\cJeZavr.exe
  C:\Windows\System\cJeZavr.exe
  2⤵
  PID:9064
- C:\Windows\System\dLQnYct.exe
  C:\Windows\System\dLQnYct.exe
  2⤵
  PID:9080
- C:\Windows\System\Ubaxyyv.exe
  C:\Windows\System\Ubaxyyv.exe
  2⤵
  PID:9100
- C:\Windows\System\uYLvlhn.exe
  C:\Windows\System\uYLvlhn.exe
  2⤵
  PID:9128
- C:\Windows\System\DAEdqIR.exe
  C:\Windows\System\DAEdqIR.exe
  2⤵
  PID:9132
- C:\Windows\System\ZbTJFjY.exe
  C:\Windows\System\ZbTJFjY.exe
  2⤵
  PID:6624
- C:\Windows\System\YxOanlr.exe
  C:\Windows\System\YxOanlr.exe
  2⤵
  PID:6508
- C:\Windows\System\INYgPgN.exe
  C:\Windows\System\INYgPgN.exe
  2⤵
  PID:8332
- C:\Windows\System\FFCzdnG.exe
  C:\Windows\System\FFCzdnG.exe
  2⤵
  PID:8384
- C:\Windows\System\JsuGlxF.exe
  C:\Windows\System\JsuGlxF.exe
  2⤵
  PID:8496
- C:\Windows\System\lhjqPCG.exe
  C:\Windows\System\lhjqPCG.exe
  2⤵
  PID:8236
- C:\Windows\System\WXJoPxc.exe
  C:\Windows\System\WXJoPxc.exe
  2⤵
  PID:8508
- C:\Windows\System\SHCiyZo.exe
  C:\Windows\System\SHCiyZo.exe
  2⤵
  PID:8364
- C:\Windows\System\QITjLJW.exe
  C:\Windows\System\QITjLJW.exe
  2⤵
  PID:8528
- C:\Windows\System\OkQjKLh.exe
  C:\Windows\System\OkQjKLh.exe
  2⤵
  PID:8852
- C:\Windows\System\AkaYDer.exe
  C:\Windows\System\AkaYDer.exe
  2⤵
  PID:8788
- C:\Windows\System\IWmheNs.exe
  C:\Windows\System\IWmheNs.exe
  2⤵
  PID:8708
- C:\Windows\System\jmTKUvo.exe
  C:\Windows\System\jmTKUvo.exe
  2⤵
  PID:8952
- C:\Windows\System\aCDpXAy.exe
  C:\Windows\System\aCDpXAy.exe
  2⤵
  PID:8872
- C:\Windows\System\CucXJwo.exe
  C:\Windows\System\CucXJwo.exe
  2⤵
  PID:7112
- C:\Windows\System\GCRLlJe.exe
  C:\Windows\System\GCRLlJe.exe
  2⤵
  PID:9048
- C:\Windows\System\MTAmStP.exe
  C:\Windows\System\MTAmStP.exe
  2⤵
  PID:9096
- C:\Windows\System\OvhWSOo.exe
  C:\Windows\System\OvhWSOo.exe
  2⤵
  PID:8032
- C:\Windows\System\rFUmJmt.exe
  C:\Windows\System\rFUmJmt.exe
  2⤵
  PID:9188
- C:\Windows\System\eLrRqaA.exe
  C:\Windows\System\eLrRqaA.exe
  2⤵
  PID:8252
- C:\Windows\System\FMFOWhN.exe
  C:\Windows\System\FMFOWhN.exe
  2⤵
  PID:8476
- C:\Windows\System\kuAXkmC.exe
  C:\Windows\System\kuAXkmC.exe
  2⤵
  PID:8616
- C:\Windows\System\uVVzlRR.exe
  C:\Windows\System\uVVzlRR.exe
  2⤵
  PID:8660
- C:\Windows\System\TbMosXd.exe
  C:\Windows\System\TbMosXd.exe
  2⤵
  PID:8644
- C:\Windows\System\SQkCWUm.exe
  C:\Windows\System\SQkCWUm.exe
  2⤵
  PID:9172
- C:\Windows\System\diQmajl.exe
  C:\Windows\System\diQmajl.exe
  2⤵
  PID:6636
- C:\Windows\System\buFJZgI.exe
  C:\Windows\System\buFJZgI.exe
  2⤵
  PID:8612
- C:\Windows\System\UGJGYSN.exe
  C:\Windows\System\UGJGYSN.exe
  2⤵
  PID:9208
- C:\Windows\System\CPKofen.exe
  C:\Windows\System\CPKofen.exe
  2⤵
  PID:9220
- C:\Windows\System\wNTsFIi.exe
  C:\Windows\System\wNTsFIi.exe
  2⤵
  PID:9236
- C:\Windows\System\RLMLkfk.exe
  C:\Windows\System\RLMLkfk.exe
  2⤵
  PID:9252
- C:\Windows\System\NSXblQx.exe
  C:\Windows\System\NSXblQx.exe
  2⤵
  PID:9268
- C:\Windows\System\VmwoeVN.exe
  C:\Windows\System\VmwoeVN.exe
  2⤵
  PID:9284
- C:\Windows\System\GSoeXNQ.exe
  C:\Windows\System\GSoeXNQ.exe
  2⤵
  PID:9300
- C:\Windows\System\oKULCLE.exe
  C:\Windows\System\oKULCLE.exe
  2⤵
  PID:9316
- C:\Windows\System\USkBpnb.exe
  C:\Windows\System\USkBpnb.exe
  2⤵
  PID:9336
- C:\Windows\System\TYoOnPS.exe
  C:\Windows\System\TYoOnPS.exe
  2⤵
  PID:9352
- C:\Windows\System\FPrTemt.exe
  C:\Windows\System\FPrTemt.exe
  2⤵
  PID:9368
- C:\Windows\System\rzKSCKb.exe
  C:\Windows\System\rzKSCKb.exe
  2⤵
  PID:9400
- C:\Windows\System\yBbusIM.exe
  C:\Windows\System\yBbusIM.exe
  2⤵
  PID:9420
- C:\Windows\System\LjvTDff.exe
  C:\Windows\System\LjvTDff.exe
  2⤵
  PID:9436
- C:\Windows\System\yXytenu.exe
  C:\Windows\System\yXytenu.exe
  2⤵
  PID:9540
- C:\Windows\System\LdmliHq.exe
  C:\Windows\System\LdmliHq.exe
  2⤵
  PID:9556
- C:\Windows\System\UQasDsV.exe
  C:\Windows\System\UQasDsV.exe
  2⤵
  PID:9600
- C:\Windows\System\stlHTXH.exe
  C:\Windows\System\stlHTXH.exe
  2⤵
  PID:9616
- C:\Windows\System\BLkvcLu.exe
  C:\Windows\System\BLkvcLu.exe
  2⤵
  PID:9632
- C:\Windows\System\ZsNsMDG.exe
  C:\Windows\System\ZsNsMDG.exe
  2⤵
  PID:9648
- C:\Windows\System\mCxqWaP.exe
  C:\Windows\System\mCxqWaP.exe
  2⤵
  PID:9664
- C:\Windows\System\mAHETnb.exe
  C:\Windows\System\mAHETnb.exe
  2⤵
  PID:9680
- C:\Windows\System\VmXiWBu.exe
  C:\Windows\System\VmXiWBu.exe
  2⤵
  PID:9696
- C:\Windows\System\adCRAvj.exe
  C:\Windows\System\adCRAvj.exe
  2⤵
  PID:9712
- C:\Windows\System\WEvtDJJ.exe
  C:\Windows\System\WEvtDJJ.exe
  2⤵
  PID:9728
- C:\Windows\System\JywANbx.exe
  C:\Windows\System\JywANbx.exe
  2⤵
  PID:9744
- C:\Windows\System\kBBpWqP.exe
  C:\Windows\System\kBBpWqP.exe
  2⤵
  PID:9760
- C:\Windows\System\wiVNsOq.exe
  C:\Windows\System\wiVNsOq.exe
  2⤵
  PID:9776
- C:\Windows\System\kkWTPIf.exe
  C:\Windows\System\kkWTPIf.exe
  2⤵
  PID:9792
- C:\Windows\System\yqhaxkd.exe
  C:\Windows\System\yqhaxkd.exe
  2⤵
  PID:9808
- C:\Windows\System\xKlgwfh.exe
  C:\Windows\System\xKlgwfh.exe
  2⤵
  PID:9840
- C:\Windows\System\JERqjnM.exe
  C:\Windows\System\JERqjnM.exe
  2⤵
  PID:9864
- C:\Windows\System\SNlObTP.exe
  C:\Windows\System\SNlObTP.exe
  2⤵
  PID:9884
- C:\Windows\System\akfqdWi.exe
  C:\Windows\System\akfqdWi.exe
  2⤵
  PID:9908
- C:\Windows\System\wVZzKGt.exe
  C:\Windows\System\wVZzKGt.exe
  2⤵
  PID:9924
- C:\Windows\System\RlaOnNg.exe
  C:\Windows\System\RlaOnNg.exe
  2⤵
  PID:9940
- C:\Windows\System\yEjzpsr.exe
  C:\Windows\System\yEjzpsr.exe
  2⤵
  PID:9956
- C:\Windows\System\OcgwiCb.exe
  C:\Windows\System\OcgwiCb.exe
  2⤵
  PID:9972
- C:\Windows\System\bTnLcNF.exe
  C:\Windows\System\bTnLcNF.exe
  2⤵
  PID:9988
- C:\Windows\System\QUkgKGV.exe
  C:\Windows\System\QUkgKGV.exe
  2⤵
  PID:10004
- C:\Windows\System\AHVheLD.exe
  C:\Windows\System\AHVheLD.exe
  2⤵
  PID:10020
- C:\Windows\System\jwnojYq.exe
  C:\Windows\System\jwnojYq.exe
  2⤵
  PID:10036
- C:\Windows\System\mkKMLFY.exe
  C:\Windows\System\mkKMLFY.exe
  2⤵
  PID:10052
- C:\Windows\System\fScNrUN.exe
  C:\Windows\System\fScNrUN.exe
  2⤵
  PID:10068
- C:\Windows\System\IkwuOCC.exe
  C:\Windows\System\IkwuOCC.exe
  2⤵
  PID:10084
- C:\Windows\System\GDsXkcT.exe
  C:\Windows\System\GDsXkcT.exe
  2⤵
  PID:10100
- C:\Windows\System\yGrsQZr.exe
  C:\Windows\System\yGrsQZr.exe
  2⤵
  PID:10116
- C:\Windows\System\gMOgvwg.exe
  C:\Windows\System\gMOgvwg.exe
  2⤵
  PID:10132
- C:\Windows\System\viYzbaf.exe
  C:\Windows\System\viYzbaf.exe
  2⤵
  PID:10148
- C:\Windows\System\CWfpSBF.exe
  C:\Windows\System\CWfpSBF.exe
  2⤵
  PID:10164
- C:\Windows\System\WzgDVvk.exe
  C:\Windows\System\WzgDVvk.exe
  2⤵
  PID:10180
- C:\Windows\System\gTNjJYM.exe
  C:\Windows\System\gTNjJYM.exe
  2⤵
  PID:10196
- C:\Windows\System\DLcIZle.exe
  C:\Windows\System\DLcIZle.exe
  2⤵
  PID:10212
- C:\Windows\System\dCWJwmO.exe
  C:\Windows\System\dCWJwmO.exe
  2⤵
  PID:10228
- C:\Windows\System\lysNNXb.exe
  C:\Windows\System\lysNNXb.exe
  2⤵
  PID:8760
- C:\Windows\System\hYZYxvI.exe
  C:\Windows\System\hYZYxvI.exe
  2⤵
  PID:9016
- C:\Windows\System\JUFbKeC.exe
  C:\Windows\System\JUFbKeC.exe
  2⤵
  PID:9140
- C:\Windows\System\lCDEAwN.exe
  C:\Windows\System\lCDEAwN.exe
  2⤵
  PID:9264
- C:\Windows\System\yRiWgin.exe
  C:\Windows\System\yRiWgin.exe
  2⤵
  PID:9044
- C:\Windows\System\HNhiKxY.exe
  C:\Windows\System\HNhiKxY.exe
  2⤵
  PID:8348
- C:\Windows\System\eJFvYKR.exe
  C:\Windows\System\eJFvYKR.exe
  2⤵
  PID:9244
- C:\Windows\System\aAhAMgi.exe
  C:\Windows\System\aAhAMgi.exe
  2⤵
  PID:9308
- C:\Windows\System\CtPGibp.exe
  C:\Windows\System\CtPGibp.exe
  2⤵
  PID:9344
- C:\Windows\System\rAfMTBh.exe
  C:\Windows\System\rAfMTBh.exe
  2⤵
  PID:9364
- C:\Windows\System\vlqYSyM.exe
  C:\Windows\System\vlqYSyM.exe
  2⤵
  PID:9428
- C:\Windows\System\pNVSpvO.exe
  C:\Windows\System\pNVSpvO.exe
  2⤵
  PID:9444
- C:\Windows\System\HXJpQFD.exe
  C:\Windows\System\HXJpQFD.exe
  2⤵
  PID:9640
- C:\Windows\System\XeYartC.exe
  C:\Windows\System\XeYartC.exe
  2⤵
  PID:9692
- C:\Windows\System\LVonvlq.exe
  C:\Windows\System\LVonvlq.exe
  2⤵
  PID:9752
- C:\Windows\System\sZWhMrO.exe
  C:\Windows\System\sZWhMrO.exe
  2⤵
  PID:9788
- C:\Windows\System\joPhWqW.exe
  C:\Windows\System\joPhWqW.exe
  2⤵
  PID:9820
- C:\Windows\System\WtQSSHU.exe
  C:\Windows\System\WtQSSHU.exe
  2⤵
  PID:9916
- C:\Windows\System\pkadWDx.exe
  C:\Windows\System\pkadWDx.exe
  2⤵
  PID:9964
- C:\Windows\System\qrHOYeG.exe
  C:\Windows\System\qrHOYeG.exe
  2⤵
  PID:9904
- C:\Windows\System\XAvlDhp.exe
  C:\Windows\System\XAvlDhp.exe
  2⤵
  PID:10000
- C:\Windows\System\OtnBMWL.exe
  C:\Windows\System\OtnBMWL.exe
  2⤵
  PID:10016
- C:\Windows\System\jHqKJHD.exe
  C:\Windows\System\jHqKJHD.exe
  2⤵
  PID:10060
- C:\Windows\System\IBHFrbb.exe
  C:\Windows\System\IBHFrbb.exe
  2⤵
  PID:10160
- C:\Windows\System\uGdKAsd.exe
  C:\Windows\System\uGdKAsd.exe
  2⤵
  PID:10124
- C:\Windows\System\InPdkYh.exe
  C:\Windows\System\InPdkYh.exe
  2⤵
  PID:10092
- C:\Windows\System\jPBLhQm.exe
  C:\Windows\System\jPBLhQm.exe
  2⤵
  PID:10236
- C:\Windows\System\DOxGKLZ.exe
  C:\Windows\System\DOxGKLZ.exe
  2⤵
  PID:10220
- C:\Windows\System\cscUaEA.exe
  C:\Windows\System\cscUaEA.exe
  2⤵
  PID:9152
- C:\Windows\System\avucIVY.exe
  C:\Windows\System\avucIVY.exe
  2⤵
  PID:9292
- C:\Windows\System\VHaaQXT.exe
  C:\Windows\System\VHaaQXT.exe
  2⤵
  PID:9296
- C:\Windows\System\HtWUzws.exe
  C:\Windows\System\HtWUzws.exe
  2⤵
  PID:9280
- C:\Windows\System\ZMILLwk.exe
  C:\Windows\System\ZMILLwk.exe
  2⤵
  PID:9388
- C:\Windows\System\XFamsZS.exe
  C:\Windows\System\XFamsZS.exe
  2⤵
  PID:9416
- C:\Windows\System\IGAJitw.exe
  C:\Windows\System\IGAJitw.exe
  2⤵
  PID:9136
- C:\Windows\System\eogbeif.exe
  C:\Windows\System\eogbeif.exe
  2⤵
  PID:9500
- C:\Windows\System\fagNDZG.exe
  C:\Windows\System\fagNDZG.exe
  2⤵
  PID:9468
- C:\Windows\System\yZEOwDz.exe
  C:\Windows\System\yZEOwDz.exe
  2⤵
  PID:9492
- C:\Windows\System\PAbmbJc.exe
  C:\Windows\System\PAbmbJc.exe
  2⤵
  PID:9524
- C:\Windows\System\pupvDpY.exe
  C:\Windows\System\pupvDpY.exe
  2⤵
  PID:9552
- C:\Windows\System\tDEbpWa.exe
  C:\Windows\System\tDEbpWa.exe
  2⤵
  PID:9568
- C:\Windows\System\FMAWWbA.exe
  C:\Windows\System\FMAWWbA.exe
  2⤵
  PID:9592
- C:\Windows\System\pajNjeI.exe
  C:\Windows\System\pajNjeI.exe
  2⤵
  PID:9628
- C:\Windows\System\lvZLbQB.exe
  C:\Windows\System\lvZLbQB.exe
  2⤵
  PID:9656
- C:\Windows\System\pPSiFoi.exe
  C:\Windows\System\pPSiFoi.exe
  2⤵
  PID:9736
- C:\Windows\System\DViJOZr.exe
  C:\Windows\System\DViJOZr.exe
  2⤵
  PID:9784
- C:\Windows\System\ZpOsBan.exe
  C:\Windows\System\ZpOsBan.exe
  2⤵
  PID:9824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\GXIOPJp.exe

Filesize
6.0MB

MD5
0c8a81f5258c9bc44f2719a24bda75bc

SHA1
70dd9427d628ebb48b2daa7023de6df30adee67a

SHA256
53a4c90e5a3a8a51024de19d5b4a6879d113a989aa4e80a0f2a7b54e0c2a9a26

SHA512
afbbc580471cbedabe247666ed49b2540fb2119702151e6bc267a390d335cf2eb0966a08720a16b910e9550df5179e0388c9408c989c38a2119058fa67b15180

Download Submit
C:\Windows\system\IfBzUqF.exe

Filesize
6.0MB

MD5
1f8ed46f9e4a9383c3067310df031346

SHA1
f10b677ce5b85f2e69f23148fc5777e9a2a4bcee

SHA256
0c1e49f7d3177c18f81e01ad2162d34e8770ddce8f2954396a9a493bc3f5c64e

SHA512
8ecb578ee905ccfdda3752f5e48f8db9bc7dca57138d191305dfcd18e2fe7f65d404b66eeee20430a96d5beee4e4fd6e1d1b875d175998ca99ce7bf973e77788

Download Submit
C:\Windows\system\KNmorbv.exe

Filesize
6.0MB

MD5
068d385b932a9a1e67bb27b1b62cbecd

SHA1
4bbfa5e47496667faeacedec1214ef5fff2b21ab

SHA256
9974ff769356c5aa4bfc2ee7f4ee436614108304c9eabc1dfd0c085753b7e7f6

SHA512
4b6fa0b1f6e53be2a49f1ee940a1c96827ebeed9bf30493d329a29b1289403bd00aa460ede4e1678d25ef2853f9986ff6665769a1b2999085dc8793d1c3e6b8e

Download Submit
C:\Windows\system\LhvQpmE.exe

Filesize
6.0MB

MD5
6ef4254d4a73b7d0d6d3f2bd78498507

SHA1
6ae0699c14cadfa1f48b14c4ac9492b800c4b9a4

SHA256
c66c8c91ea98af75637c78bc3c0c89b732a1d51bfa00c77c198bdc9728714f8a

SHA512
d303f97168e510fe2d3c6f68599ca269e1abd7fb3a2297be969e9ac10826b36ca454bcbe5c994816cdf55e66a68dd9d846af236fabe68d4d4537aa1edacc4dae

Download Submit
C:\Windows\system\Nevarth.exe

Filesize
6.0MB

MD5
95ebdc0bc47762e60cfae3c8ac2c9214

SHA1
02ed9f18de087ba46e4e010238eaa1fb97428c37

SHA256
a648a53fcf3508ff2a7de98ea4a3ce739603d875329b5b27f1e27e0584d3451f

SHA512
a33be9aa3d5ff2e7790a8a8a326a54d45de3126e53be6069d3e566cc587eb53f74887088cfc543446defcbb23674356f4a0d9f59f79207166ae7e524db6484f6

Download Submit
C:\Windows\system\PwNzfpJ.exe

Filesize
6.0MB

MD5
0327ee8a76ae34665d3c0bb47a1b81b6

SHA1
d3b0174fc41b13ebb9c8a2635d0fdacec76f90cf

SHA256
fcd222c6d3fd26ad91baabcffd2e5c1c70e10fb342ba8d452edbc372e8a9b1c3

SHA512
36aeeb797498b72da1e052db7acf216d44205fda741856da5d42de5c160ef2fc21d596f0017db6d0896d7e34711903f5baf886a904796be472166972a4b0fb83

Download Submit
C:\Windows\system\RVspsZd.exe

Filesize
6.0MB

MD5
9486ba6750c7e713550956a30639c789

SHA1
58f2d67657fe4f17fb916f5668c16173dfd568cb

SHA256
efde215e30c0cce28add2f6760d79c651c12e55fbe6d61b8f53d3f1021716c47

SHA512
6e17144d5847e3586adc04f2e88685ca0fd2c0e15aa75b55f78c1174a26e7fc88901a06c9d5fb7692400f2ea4eb662455e289b8a470d2ef9c37ff551183a3be2

Download Submit
C:\Windows\system\RmdPytt.exe

Filesize
6.0MB

MD5
0f31371d57158dcc4ed26fdfac5e9aeb

SHA1
ebe94711363706f0bb377640c2cae26393218f9c

SHA256
022f94abfadb30018ad1bebdeceafdaf5316f234c299a0805f171533f8e2f722

SHA512
f2ac5bbab4012fa59fd2b9b139a65157c8548df1f28dcf449e6910d520bec1ca22dd1a3a4d06716803429eabfefa0334f11a53566528334c70bfac90b34052a8

Download Submit
C:\Windows\system\UqgWuMm.exe

Filesize
6.0MB

MD5
4790ce5c2e9dcf134cfacd64c26134e6

SHA1
8c5d3b2ce1684198e580bca7c32ede0332305010

SHA256
83bcd90997147a6fd5cdb6ce8e28aadc6984db321f8dee94a85e552c71a1687a

SHA512
4dbdd3766e519c6b1bbca93ee59041dd2edfecbb1174e50a7b6d7e83f6638b46bbd8b338b914c17ceebfdf700f3ee207bb17491f8531d516f581dcbd7011ff5a

Download Submit
C:\Windows\system\UvdsXTn.exe

Filesize
6.0MB

MD5
f04bd005f7bca1cb9025c46ec312f04c

SHA1
ab6dac8eaf7c7739ba9a33254a49ffdc2dbe24d4

SHA256
8bae037f1abd842d5ed4f7b62235dcbba10ea4d07aeb57d402c6a53affceec5d

SHA512
0996adb76666e4410490a01cce91f2561d9225e82c292414eebfce87ee30b9a18c7beeee0fc0512b312f3af02476ccc1f40c1d477c57937e1a91196687f7f30a

Download Submit
C:\Windows\system\XKIwEdy.exe

Filesize
6.0MB

MD5
85d7fa66fa0342a144f6c73b1b5b6d8b

SHA1
0921247d4ac236fdba85ddfe8302645b4dd8adbc

SHA256
154d28ab24cefd655ce473be05add6703aca4b12649268a683e8ca5e9ffa06d0

SHA512
c3b75b2f184a69bf4dfb8c2d680b5643586f586f974546431464612ffb78c7732c8524232d6de951f60f4fbfb8afbfcfc62c6ac93a30a3a6ea92c666ed1cec39

Download Submit
C:\Windows\system\ZFEffPq.exe

Filesize
6.0MB

MD5
e79f0e6323c354185d0fb6cefa1737f8

SHA1
6e345fe3b7b2ec9a519439ba401b0210908d1da9

SHA256
68c8359a754114ca86ce6507f3f220d60cf2cc840ee66266ebab5442b9e65c88

SHA512
67052a145b79ee601fa0c94f3eadb0fab4a74919331d52e4dbe627c2068161d2d331b41195cbd56ce74448b941ec515b6be04d67e02f103f9e35a5c9b02b31b2

Download Submit
C:\Windows\system\ZymseAE.exe

Filesize
6.0MB

MD5
eab3d90df84a9fa112da25575519e077

SHA1
a26fc686d587a25ad71f24ee0832aa0df1c44410

SHA256
d85f995bcada4d3d74f87d54111a2da0ce615598f17f8b6d4130a4c98570c5be

SHA512
39cc1d1f9bcc26f3b616ac73b28d5ae1b09f2f36bc6b8298c6cdb43a4daf51b7891c9f2c9fd8011d3271bd7e8b7b36ea19564aa755d9326a867dc7efcb58ad6d

Download Submit
C:\Windows\system\aiMDEAM.exe

Filesize
6.0MB

MD5
0a1dcdf5a90976b453efb0e89089b7c8

SHA1
5cfa693518ab75f1d69704d44a8a2e286d41ef36

SHA256
38a0a6a8fe45dac8e18e7ec1cb022ec4575eec634f2c606b4e8972ba22d7f0e6

SHA512
b4866a2b3370f5684a44031dee9d911dc38579685f75595caf64526c56095dd52f4a5ee589df23b27c3bec5afa33da16da68d5d31cf4b22cae2291c0be628da2

Download Submit
C:\Windows\system\aqnStSO.exe

Filesize
6.0MB

MD5
45b413e181675d436d1acd2e4fc5ac0b

SHA1
2d3d9d96322875a84abb5298d63ac8292651cd13

SHA256
b46fe3fa08205c77ae067d16e78ea738eba65914aacf5fa935b440ba3e5e7bf4

SHA512
23fcbc02865070e34a5ef8749e03c1f41b0088c3773f29990aa4772a19658e8220ea7f8e6e6cce467757a128b97a54c5b9f4400e3feff4186ad2339e94bbee89

Download Submit
C:\Windows\system\bLneCda.exe

Filesize
6.0MB

MD5
ab19b8f8ef4423448f64d5d885bef085

SHA1
7714f6910eee5a0a7297811ab40f47d6b373d608

SHA256
a9e3c1aa6f2fa76220d831847552ea1cb01019facded1d71d0ddc416e2979ed1

SHA512
2a34fd1bb5cd70d8e1f66a35b46ab1c2cf28c142170e9cd2e643725ed3404081cdc471d6a4e022e6ec6153e396830b4fcf7f258e4c5ab6974261fe5e39d1627f

Download Submit
C:\Windows\system\cCxhNns.exe

Filesize
6.0MB

MD5
08b226662a6efd4326c74a740e1408c1

SHA1
ad06be4209a5de0fe69838889ecff99a5e85003e

SHA256
771c04eb2e357411626e1ca07d6a5db4a08d1f8f34962745ae28329def969928

SHA512
1d286819ddf5c85b76fd860bba7490f93e333942d7591f41cdecc9d9a7c7c95408334da0b85ac46c2ccbc98690514648986631e60aa79515b0e2b4e7077014bb

Download Submit
C:\Windows\system\jldblDu.exe

Filesize
6.0MB

MD5
3ceac91b3a6cd89798f9a53e8beda2bf

SHA1
2fe58cdc496c55bfc6b04c123d4c8bac9fcc9282

SHA256
c3a88e29e7ff5d3a5ca3780c9ec20b124fa0cf0d1f85959b2726d9e3429acd71

SHA512
5b8be72026ffe4f32389f6fabadeca3d2cfa01893b67851045b3956fd7cbfb11141bbd2aa28ab7cd5bc3a0c0442c61e59f9481713ac8843eda68b1501736f08c

Download Submit
C:\Windows\system\nyZpKJn.exe

Filesize
6.0MB

MD5
0694af2521db5a701a1ca8a53204bbb9

SHA1
afac7e8704e07108dd7b9a7e6c9e5bd0ba0d7e3a

SHA256
b368670bf89648939032e326f1be25e09587ef29198bb5dace50a0f5ace3459f

SHA512
b7310ea96946760bbc728a364f5ba74ba97c70de63f3825937110e821e8d5d4197779b50e3db9f0f9b4dd258387ecbc1bdae6c0865556ee6ff5e6745d4bd3960

Download Submit
C:\Windows\system\pDQpoKx.exe

Filesize
6.0MB

MD5
8a46d97e205e6fa8561562f3924d0a09

SHA1
9878781e43ba79501aca44798eebb564cebbebee

SHA256
7a09ac474a6584994a770c2b484392c5a6e2166d61f78bdb6b1dcf9214286dd9

SHA512
86e7d982ea5b65d1f629811be5bc06b9133d818df3bad26b17c92ae8f9e22a3bdc3ae0398622911ed7357d6827a271e87e8638aa2113a67e9f203fcb5f2d0c2a

Download Submit
C:\Windows\system\raROvUe.exe

Filesize
6.0MB

MD5
2274a311283e4fdb0ac328416b3cdc59

SHA1
76309a5ff444f8643ca8213f07e462eaa4ce22ce

SHA256
f2d03f6e65ec74111581bf6bc142487c8bd99474ff5f005dcd6c870f42ae0337

SHA512
199e65a0a5d21f039f589a1d4f2de5a856d63948cd464f9e0dc63b0a4a6a5fac2daeb6c0b4d5cc838488837fd907a122b663436e0434533c2660bdd059d4470d

Download Submit
C:\Windows\system\ryayvce.exe

Filesize
6.0MB

MD5
97e3c944b1a24ec1785434fdc35176dd

SHA1
18b0e793cc159a5feec556d8f955ce22e24ae4fa

SHA256
fc4fe6f88b3b619be4a2d8e11ef41b874701853955f9ee6733e60719ff6d276e

SHA512
615129d5735a3bc31aa7abc93fef57dcfb8b05d64dc02f629278456dfb43f4c22792ff09d16bb8c2a8e14fa6cd605dc5be47c546c113ecf7dbb274ad45fa9eb7

Download Submit
C:\Windows\system\sLvWtZK.exe

Filesize
6.0MB

MD5
4e29cb0e824b16fb39ad2cf9c928c883

SHA1
21eadce7ee50a0680a3444d38bdb37798cb38cac

SHA256
a73d92c23ff79644a98c1c00b2730f53549461ab696efacb452172ce57fb942b

SHA512
35c4d70e97bc310f27ff30c6d3e511348c43fcdbb969a98f454242c2d5ad1a8d8608d8ced9819d429bd2535b21035f8a88465f2a34c843b42fd39e55e006a505

Download Submit
C:\Windows\system\smzzkhm.exe

Filesize
6.0MB

MD5
1dfc7a0810beb2db82c5890bca01b66d

SHA1
7c8fdbaf3754d290257ba94b5e4d58477c4f6c3b

SHA256
dbb1b49a8fadeda398fe8bc96989f7c9e292306b208625e7831982104e749f75

SHA512
245bbea909d20b1db0d6ea7db3acc6a4583584aa7bd0a09ab0a5694a386ce1f96901ec1b82ddeba0f612c2cad1212bc06cccab3e36e5a526c79d6b124fc19ba5

Download Submit
C:\Windows\system\tEnahrV.exe

Filesize
6.0MB

MD5
88e44d1957cce7fb9d1cce92b606c81d

SHA1
55b29896052ba288c924433c802b3af4c092033f

SHA256
5b915911e59ba837d907ba9de18c2f7a332d50f5733265518de575b2a614d605

SHA512
f513e5b50a66253f4e38b5b1d3370aa970b672cb4daad317e368ad9f9d1f632a0516263f10f3a18411f829593c1e2779985a5a9a7fad6db7f0e3734d57c655e9

Download Submit
C:\Windows\system\vwuJRua.exe

Filesize
6.0MB

MD5
2f395c1cb14a94e433d56766543e0b5c

SHA1
2b16c610599d9db2e23fda5a3b94eecc75f54ca7

SHA256
0e75d513a75ae9243ac6457220705bc14f1c7c9fb3ab4f86d1ec6a6ee24187d3

SHA512
ef03adacfe28ce0738620b001f725f4349e3c9194b15ce0f113434d5f96bf20e23467e77cfbec93c744ad68537e759bca346b75a53d80191ce1b93dbbab1aab5

Download Submit
C:\Windows\system\wRoMXny.exe

Filesize
6.0MB

MD5
f32e937ee888abaa44a9067005f2f891

SHA1
d1d33700bc8c9c5f6ddacf7e0d478b1334a390ec

SHA256
dabd8062a589f636cc01b7713ed75f7f4c88a04d748d6744d42cb71876105258

SHA512
cf7e36dd6039b710dd21f5b4ab4c9f5c1a39f4d90527db10c7090db212cb641686dcdb080eac0403cbd849c8f16a088890a5ee52c0f6853ac8094a85fb92b29d

Download Submit
\Windows\system\ArKUBFk.exe

Filesize
6.0MB

MD5
db3e7f473bf254000480a9df2d65e8bf

SHA1
dbc3470a32321d9fbc85ef789eedcb2fd78bd854

SHA256
9b93f8bb9d87d88bea51f0b132638f68d473ce4ebf2a0a9a10de1d6a5d08d58f

SHA512
5ac7981187c69548aa8086898b2dc8a183480976babd9a6e5b6bd0f082363552b3dbed9ad5621918d6b0bb347cfeebd4808470eddbfd7a327d5738d55705057e

Download Submit
\Windows\system\FyQIemD.exe

Filesize
6.0MB

MD5
5e1e3484902c739442eb2eac9df7d8c7

SHA1
c1bba802c7855f84b8eb8508f8f750f88ab18b81

SHA256
d0116ed0b2ef8db48cc80b276727f627f5903d2e24134cf93230b1b9219e4f80

SHA512
277c98a6b32d1803866420b790cc6f39fe6277e49a02cd83cd2b57f1e5af994f4ab8bcd35fe61c9d1f29217ae42fbabe8c3f6d78a126f1383041ef6b0f73b10a

Download Submit
\Windows\system\WrJrSQy.exe

Filesize
6.0MB

MD5
373319e21a2c7b71a7b427d43b978f59

SHA1
782dff56549373a6d918b627432a49b7478e7db3

SHA256
8a139464e07e575992447f31bedc4d115868ebfe737f26f9b2736cb4e51b5405

SHA512
e31d5614a95d2d4c4fdcf6e1230612c407786a0a546f6e7bac18522d21e5d1c106d6ad798a174796bc943d3a44e90970524aeaf5e976783322f536a7211c0e63

Download Submit
\Windows\system\WsgdeyA.exe

Filesize
6.0MB

MD5
dfaa865c525091375b9e654f16fc5b93

SHA1
0740aa47e5cbb287bdf03092502d22e05a67f855

SHA256
0869f0b5b089b43576628dea88cc569c6489d193d4e44da7432f48fb369a9947

SHA512
e5521c5b0042acb7b24e55115b0c2cdb386fb1e2dddb05eb0a70fb603294dbf50c227256960c75f18faacd28b84c81bac246f4de97e6b3c31bcc53295c1f2e89

Download Submit
\Windows\system\ZGMCSgb.exe

Filesize
6.0MB

MD5
7a4cc5ea46d4501cde3bc3d7886e40f7

SHA1
63986c6ed1bcb27225fcdddfa5ba3ed952703c2e

SHA256
9a7759495ea444926964cb4f50e2a4cf434731a1ba3215d0a4025c4c6cc97d9c

SHA512
aa1cfaeca25e3e177bae714386d75599f38143b59c18e190a5aa7d428b072a263bfdec433140319a22c2a1fcb1faa4c8b94e15262e833a74608e7daaa2d02d40

Download Submit
\Windows\system\dYGdbKk.exe

Filesize
6.0MB

MD5
4ad18ad189aea1eb8548cafe7730866b

SHA1
00777f35c0dd464f0ea7ae2ae61a96250603943e

SHA256
e782c121106cdc5801f4fb121a9f4280bdffff09e44a7c99ca6e36432d1ab729

SHA512
98d06dffd161b3d31451b7abb776c4e3db1fbe5dd500e493220507d6ffccf1bee1512258201bb5a4eac004ea7f53d330caf94e48519a6b0e3d88764cf06d9dbe

Download Submit
\Windows\system\mbzdXxp.exe

Filesize
6.0MB

MD5
7764570ad2f0a242174771d5e1e0063c

SHA1
943b99dae9d1c4b0428649fb837ce8c648d1e4f6

SHA256
638dfc4d9de1b1756cd46e7455d56575876f57b92b10e43b823faa7a79165117

SHA512
016ebf75d503bb8ae12820419f5042b84ce1db2646345e57f33873daa16bba456669ece3c78689392e001c0658adda71c2f729dfc2de4ccb1950236427f7cc10

Download Submit
\Windows\system\menKMWs.exe

Filesize
6.0MB

MD5
ab7f3764f58f208d7c4f5161509f863d

SHA1
f7bb478aea18608f59c8829a87c3a33c98a6c3ed

SHA256
2557b01018ea39d41d4f0b9a77939d6a2f01e95ba92e7da8cdf2913508878036

SHA512
4d31ca6828bb64bb7580e879660076d1a1ce97a526086bc2ede375596515a922b263f4e67c60137c06697d7cac7f44fd06391e28132c08bb708fb0f4d34eb7a9

Download Submit
memory/848-3840-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/1912-3847-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/1952-3843-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2380-0-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2380-1716-0x00000000025A0000-0x00000000028F4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-2039-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-2146-0x00000000025A0000-0x00000000028F4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-3846-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-1715-0x00000000025A0000-0x00000000028F4000-memory.dmp

Filesize
3.3MB

Download
memory/2552-3841-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2560-3706-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-2318-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-3704-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-3839-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3703-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-2145-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-4024-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3702-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3700-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3701-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2836-2038-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2880-3842-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2908-3845-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download