xmrig | 2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-12-2024 13:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
Size

1.9MB
MD5

67e2468ce67a5407b693b4b2326286f8
SHA1

cde9cb0c73539c1400af9f0618754fbbcab8f02a
SHA256

2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa
SHA512

176e7004d1515d0a690ec5c6d2ec5c5a36339b79d82cfdf48cb37cba6f4b10e629cefdc701c9a99b9a2b10671ebd8728e53634bb90949ffef4898323c1d86a2c
SSDEEP

49152:EnCbL83y9FdfE0pZ0zCa4wI156uL3pgrCEdMKPu:EniLf9FdfE0pZB156utgpPu

Score

10^/10

xmrig miner upx

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1716-0-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/files/0x000c000000012261-6.dat	xmrig
behavioral1/files/0x0008000000016eca-13.dat	xmrig
behavioral1/memory/1444-16-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/3008-15-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/1716-11-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x000800000001706d-20.dat	xmrig
behavioral1/memory/2172-22-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/files/0x00070000000173f1-23.dat	xmrig
behavioral1/memory/2856-28-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/files/0x00070000000173fc-36.dat	xmrig
behavioral1/memory/1716-40-0x0000000001E80000-0x00000000021D4000-memory.dmp	xmrig
behavioral1/memory/2808-43-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/1716-37-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2196-34-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2660-50-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/files/0x0009000000016dd1-48.dat	xmrig
behavioral1/files/0x00070000000173f4-33.dat	xmrig
behavioral1/files/0x0005000000019244-64.dat	xmrig
behavioral1/files/0x0005000000019263-79.dat	xmrig
behavioral1/memory/2700-91-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2648-100-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019356-108.dat	xmrig
behavioral1/memory/2652-120-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/files/0x000500000001937b-117.dat	xmrig
behavioral1/files/0x000500000001936b-132.dat	xmrig
behavioral1/memory/1716-128-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/2980-127-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/1296-126-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/1716-124-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/files/0x0005000000019397-121.dat	xmrig
behavioral1/files/0x0005000000019353-115.dat	xmrig
behavioral1/memory/2548-107-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001928c-106.dat	xmrig
behavioral1/memory/1716-105-0x0000000001E80000-0x00000000021D4000-memory.dmp	xmrig
behavioral1/memory/2856-134-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/files/0x0005000000019284-96.dat	xmrig
behavioral1/memory/2884-85-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/1716-87-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/files/0x0005000000019266-82.dat	xmrig
behavioral1/files/0x0005000000019256-69.dat	xmrig
behavioral1/files/0x0005000000019259-74.dat	xmrig
behavioral1/memory/2196-135-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/files/0x0008000000017487-61.dat	xmrig
behavioral1/files/0x0008000000017472-55.dat	xmrig
behavioral1/files/0x00050000000193a5-139.dat	xmrig
behavioral1/files/0x0005000000019423-145.dat	xmrig
behavioral1/files/0x0005000000019426-150.dat	xmrig
behavioral1/files/0x0005000000019438-155.dat	xmrig
behavioral1/files/0x0005000000019442-161.dat	xmrig
behavioral1/files/0x000500000001944d-164.dat	xmrig
behavioral1/memory/2808-430-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/1716-238-0x0000000001E80000-0x00000000021D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001946e-186.dat	xmrig
behavioral1/files/0x00050000000194ae-191.dat	xmrig
behavioral1/files/0x000500000001945c-176.dat	xmrig
behavioral1/files/0x000500000001946b-180.dat	xmrig
behavioral1/files/0x0005000000019458-171.dat	xmrig
behavioral1/memory/2660-923-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/3008-4007-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/1444-4008-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2172-4009-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2856-4010-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2196-4011-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3008	kcPOGwI.exe
1444	HYIbRbm.exe
2172	wOUjfpB.exe
2856	QcCVFxe.exe
2196	cKbpeVx.exe
2808	BRNUGuT.exe
2660	nZRcyge.exe
2652	TTkKqkA.exe
2884	YlZoNYD.exe
2700	uIdrNbu.exe
2648	WCSjuee.exe
2548	etjgaty.exe
1296	HphcFsH.exe
2980	CnIDPXU.exe
1808	wusUmdo.exe
1984	vnHsljY.exe
1092	fFvEyJk.exe
2360	CIQIXHB.exe
540	bsGjfOU.exe
1932	yorfGRA.exe
1692	TdkQJUK.exe
1556	ORRUvAG.exe
2756	rRmycHr.exe
2764	nAvmxWF.exe
2976	KaCWhqM.exe
2112	qgSsIDc.exe
2064	JFTvnjX.exe
348	TSDBryH.exe
2256	jDWzXLM.exe
1624	MwsyaWK.exe
672	qCaLmLi.exe
1356	vYAgeNs.exe
932	sidnDuA.exe
992	afgYdKV.exe
2000	UptJXSj.exe
2004	TCrZLOu.exe
396	PbWmFQe.exe
1532	xEZRwmN.exe
2080	qjYxXPT.exe
1800	HqdJXIv.exe
2632	KfuIohG.exe
2304	jNYbMuq.exe
2308	iwJMWyR.exe
2056	pGrUjLZ.exe
1000	hMefMyu.exe
872	DIFRaOO.exe
1896	EIAmXRm.exe
2392	rBgUXaF.exe
1492	fKYIiLT.exe
2276	oXoUskX.exe
1628	CBnEPVL.exe
1576	rqLDosJ.exe
1720	CyVPzwz.exe
3012	KjoNXcM.exe
1712	hsSDHnl.exe
1780	BjgzHvs.exe
2944	iCPfPhT.exe
2128	JgNdsyj.exe
2788	fJJOcHK.exe
3064	mdSOfvK.exe
2560	ccwVBka.exe
2588	oiVrstn.exe
2584	uKxZSAD.exe
2996	nmyhXOq.exe

Loads dropped DLL 64 IoCs

pid	Process
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1716-0-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/files/0x000c000000012261-6.dat	upx
behavioral1/files/0x0008000000016eca-13.dat	upx
behavioral1/memory/1444-16-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/3008-15-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x000800000001706d-20.dat	upx
behavioral1/memory/2172-22-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/files/0x00070000000173f1-23.dat	upx
behavioral1/memory/2856-28-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/files/0x00070000000173fc-36.dat	upx
behavioral1/memory/2808-43-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/1716-37-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2196-34-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2660-50-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/files/0x0009000000016dd1-48.dat	upx
behavioral1/files/0x00070000000173f4-33.dat	upx
behavioral1/files/0x0005000000019244-64.dat	upx
behavioral1/files/0x0005000000019263-79.dat	upx
behavioral1/memory/2700-91-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2648-100-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x0005000000019356-108.dat	upx
behavioral1/memory/2652-120-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/files/0x000500000001937b-117.dat	upx
behavioral1/files/0x000500000001936b-132.dat	upx
behavioral1/memory/2980-127-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/1296-126-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/files/0x0005000000019397-121.dat	upx
behavioral1/files/0x0005000000019353-115.dat	upx
behavioral1/memory/2548-107-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/files/0x000500000001928c-106.dat	upx
behavioral1/memory/2856-134-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/files/0x0005000000019284-96.dat	upx
behavioral1/memory/2884-85-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/files/0x0005000000019266-82.dat	upx
behavioral1/files/0x0005000000019256-69.dat	upx
behavioral1/files/0x0005000000019259-74.dat	upx
behavioral1/memory/2196-135-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/files/0x0008000000017487-61.dat	upx
behavioral1/files/0x0008000000017472-55.dat	upx
behavioral1/files/0x00050000000193a5-139.dat	upx
behavioral1/files/0x0005000000019423-145.dat	upx
behavioral1/files/0x0005000000019426-150.dat	upx
behavioral1/files/0x0005000000019438-155.dat	upx
behavioral1/files/0x0005000000019442-161.dat	upx
behavioral1/files/0x000500000001944d-164.dat	upx
behavioral1/memory/2808-430-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/1716-238-0x0000000001E80000-0x00000000021D4000-memory.dmp	upx
behavioral1/files/0x000500000001946e-186.dat	upx
behavioral1/files/0x00050000000194ae-191.dat	upx
behavioral1/files/0x000500000001945c-176.dat	upx
behavioral1/files/0x000500000001946b-180.dat	upx
behavioral1/files/0x0005000000019458-171.dat	upx
behavioral1/memory/2660-923-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/3008-4007-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/1444-4008-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2172-4009-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2856-4010-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2196-4011-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2808-4012-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2660-4013-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2652-4014-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/1296-4015-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2700-4018-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2548-4017-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\CGAgMZo.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\jChkMKK.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\knEkGvk.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\uVTyVSN.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\znzGwpi.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\ZFKJdNo.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\pxehSck.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\cWJdzSp.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\eeqWhzv.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\DiNXLaa.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\ENWdOpq.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\NgHSRxf.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\MMiVpNi.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\zvQrUfF.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\RsJrvGU.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\ggBFerd.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\TywsIGk.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\YRIXHhU.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\AWRQlBU.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\kASYCah.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\laSDCcP.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\LxOSqmM.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\TZDNXtX.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\mshYisO.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\CsxDWSk.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\hRfckfh.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\WgoXWjJ.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\oDUnSac.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\ODsDWDU.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\gJOaLBE.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\RkUjrmk.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\hMefMyu.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\IQIyncI.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\dRnLkrE.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\rXFcDyX.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\ZpofgwP.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\YnVvQpQ.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\YUnJrHM.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\NmWhqhP.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\gENmYMk.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\XkuRZGi.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\ccUniGC.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\RzUZJgG.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\XxRYiEo.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\MLCMsRP.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\EWcIxIL.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\RbTRRif.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\zhLICun.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\HhPewuY.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\xgbaOfZ.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\pArVKhr.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\LjjCWwO.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\rGmecLO.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\ZmtFFbD.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\JPeTvWf.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\NMqhSzt.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\AKaxLyV.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\lFdTksB.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\ORhIYSN.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\PAYsXCb.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\etjgaty.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\xyOPMVH.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\fxLHgXn.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
File created	C:\Windows\System\DjfMqmt.exe	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 3008	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	32
PID 1716 wrote to memory of 3008	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	32
PID 1716 wrote to memory of 3008	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	32
PID 1716 wrote to memory of 1444	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	33
PID 1716 wrote to memory of 1444	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	33
PID 1716 wrote to memory of 1444	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	33
PID 1716 wrote to memory of 2172	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	34
PID 1716 wrote to memory of 2172	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	34
PID 1716 wrote to memory of 2172	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	34
PID 1716 wrote to memory of 2856	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	35
PID 1716 wrote to memory of 2856	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	35
PID 1716 wrote to memory of 2856	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	35
PID 1716 wrote to memory of 2196	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	36
PID 1716 wrote to memory of 2196	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	36
PID 1716 wrote to memory of 2196	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	36
PID 1716 wrote to memory of 2808	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	37
PID 1716 wrote to memory of 2808	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	37
PID 1716 wrote to memory of 2808	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	37
PID 1716 wrote to memory of 2660	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	38
PID 1716 wrote to memory of 2660	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	38
PID 1716 wrote to memory of 2660	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	38
PID 1716 wrote to memory of 2652	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	39
PID 1716 wrote to memory of 2652	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	39
PID 1716 wrote to memory of 2652	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	39
PID 1716 wrote to memory of 2884	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	40
PID 1716 wrote to memory of 2884	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	40
PID 1716 wrote to memory of 2884	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	40
PID 1716 wrote to memory of 2700	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	41
PID 1716 wrote to memory of 2700	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	41
PID 1716 wrote to memory of 2700	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	41
PID 1716 wrote to memory of 2648	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	42
PID 1716 wrote to memory of 2648	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	42
PID 1716 wrote to memory of 2648	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	42
PID 1716 wrote to memory of 2548	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	43
PID 1716 wrote to memory of 2548	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	43
PID 1716 wrote to memory of 2548	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	43
PID 1716 wrote to memory of 2980	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	44
PID 1716 wrote to memory of 2980	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	44
PID 1716 wrote to memory of 2980	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	44
PID 1716 wrote to memory of 1296	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	45
PID 1716 wrote to memory of 1296	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	45
PID 1716 wrote to memory of 1296	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	45
PID 1716 wrote to memory of 1808	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	46
PID 1716 wrote to memory of 1808	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	46
PID 1716 wrote to memory of 1808	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	46
PID 1716 wrote to memory of 1984	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	47
PID 1716 wrote to memory of 1984	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	47
PID 1716 wrote to memory of 1984	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	47
PID 1716 wrote to memory of 1092	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	48
PID 1716 wrote to memory of 1092	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	48
PID 1716 wrote to memory of 1092	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	48
PID 1716 wrote to memory of 2360	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	49
PID 1716 wrote to memory of 2360	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	49
PID 1716 wrote to memory of 2360	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	49
PID 1716 wrote to memory of 1932	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	50
PID 1716 wrote to memory of 1932	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	50
PID 1716 wrote to memory of 1932	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	50
PID 1716 wrote to memory of 540	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	51
PID 1716 wrote to memory of 540	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	51
PID 1716 wrote to memory of 540	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	51
PID 1716 wrote to memory of 1692	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	52
PID 1716 wrote to memory of 1692	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	52
PID 1716 wrote to memory of 1692	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	52
PID 1716 wrote to memory of 1556	1716	JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe	53

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2973a68e4b2e535474ed0895e6d3d7d4957da2bd63ccca8c8b2ae2cb576f31aa.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Windows\System\kcPOGwI.exe
  C:\Windows\System\kcPOGwI.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\HYIbRbm.exe
  C:\Windows\System\HYIbRbm.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\wOUjfpB.exe
  C:\Windows\System\wOUjfpB.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\QcCVFxe.exe
  C:\Windows\System\QcCVFxe.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\cKbpeVx.exe
  C:\Windows\System\cKbpeVx.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\BRNUGuT.exe
  C:\Windows\System\BRNUGuT.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\nZRcyge.exe
  C:\Windows\System\nZRcyge.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\TTkKqkA.exe
  C:\Windows\System\TTkKqkA.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\YlZoNYD.exe
  C:\Windows\System\YlZoNYD.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\uIdrNbu.exe
  C:\Windows\System\uIdrNbu.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\WCSjuee.exe
  C:\Windows\System\WCSjuee.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\etjgaty.exe
  C:\Windows\System\etjgaty.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\CnIDPXU.exe
  C:\Windows\System\CnIDPXU.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\HphcFsH.exe
  C:\Windows\System\HphcFsH.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\wusUmdo.exe
  C:\Windows\System\wusUmdo.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\vnHsljY.exe
  C:\Windows\System\vnHsljY.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\fFvEyJk.exe
  C:\Windows\System\fFvEyJk.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\CIQIXHB.exe
  C:\Windows\System\CIQIXHB.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\yorfGRA.exe
  C:\Windows\System\yorfGRA.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\bsGjfOU.exe
  C:\Windows\System\bsGjfOU.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\TdkQJUK.exe
  C:\Windows\System\TdkQJUK.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\ORRUvAG.exe
  C:\Windows\System\ORRUvAG.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\rRmycHr.exe
  C:\Windows\System\rRmycHr.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\nAvmxWF.exe
  C:\Windows\System\nAvmxWF.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\KaCWhqM.exe
  C:\Windows\System\KaCWhqM.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\qgSsIDc.exe
  C:\Windows\System\qgSsIDc.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\JFTvnjX.exe
  C:\Windows\System\JFTvnjX.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\TSDBryH.exe
  C:\Windows\System\TSDBryH.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\jDWzXLM.exe
  C:\Windows\System\jDWzXLM.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\MwsyaWK.exe
  C:\Windows\System\MwsyaWK.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\qCaLmLi.exe
  C:\Windows\System\qCaLmLi.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\vYAgeNs.exe
  C:\Windows\System\vYAgeNs.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\sidnDuA.exe
  C:\Windows\System\sidnDuA.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\afgYdKV.exe
  C:\Windows\System\afgYdKV.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\UptJXSj.exe
  C:\Windows\System\UptJXSj.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\TCrZLOu.exe
  C:\Windows\System\TCrZLOu.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\PbWmFQe.exe
  C:\Windows\System\PbWmFQe.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\xEZRwmN.exe
  C:\Windows\System\xEZRwmN.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\qjYxXPT.exe
  C:\Windows\System\qjYxXPT.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\HqdJXIv.exe
  C:\Windows\System\HqdJXIv.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\KfuIohG.exe
  C:\Windows\System\KfuIohG.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\jNYbMuq.exe
  C:\Windows\System\jNYbMuq.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\iwJMWyR.exe
  C:\Windows\System\iwJMWyR.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\pGrUjLZ.exe
  C:\Windows\System\pGrUjLZ.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\hMefMyu.exe
  C:\Windows\System\hMefMyu.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\DIFRaOO.exe
  C:\Windows\System\DIFRaOO.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\EIAmXRm.exe
  C:\Windows\System\EIAmXRm.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\rBgUXaF.exe
  C:\Windows\System\rBgUXaF.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\fKYIiLT.exe
  C:\Windows\System\fKYIiLT.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\oXoUskX.exe
  C:\Windows\System\oXoUskX.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\CBnEPVL.exe
  C:\Windows\System\CBnEPVL.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\rqLDosJ.exe
  C:\Windows\System\rqLDosJ.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\CyVPzwz.exe
  C:\Windows\System\CyVPzwz.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\KjoNXcM.exe
  C:\Windows\System\KjoNXcM.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\hsSDHnl.exe
  C:\Windows\System\hsSDHnl.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\BjgzHvs.exe
  C:\Windows\System\BjgzHvs.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\iCPfPhT.exe
  C:\Windows\System\iCPfPhT.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\JgNdsyj.exe
  C:\Windows\System\JgNdsyj.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\fJJOcHK.exe
  C:\Windows\System\fJJOcHK.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\mdSOfvK.exe
  C:\Windows\System\mdSOfvK.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\ccwVBka.exe
  C:\Windows\System\ccwVBka.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\oiVrstn.exe
  C:\Windows\System\oiVrstn.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\uKxZSAD.exe
  C:\Windows\System\uKxZSAD.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\nmyhXOq.exe
  C:\Windows\System\nmyhXOq.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\avPvfVn.exe
  C:\Windows\System\avPvfVn.exe
  2⤵
  PID:2384
- C:\Windows\System\HzILImX.exe
  C:\Windows\System\HzILImX.exe
  2⤵
  PID:756
- C:\Windows\System\mLQAhEC.exe
  C:\Windows\System\mLQAhEC.exe
  2⤵
  PID:2164
- C:\Windows\System\vrXUDQW.exe
  C:\Windows\System\vrXUDQW.exe
  2⤵
  PID:2592
- C:\Windows\System\ckcYfmi.exe
  C:\Windows\System\ckcYfmi.exe
  2⤵
  PID:2408
- C:\Windows\System\HeYuPiT.exe
  C:\Windows\System\HeYuPiT.exe
  2⤵
  PID:2376
- C:\Windows\System\KsFFKLG.exe
  C:\Windows\System\KsFFKLG.exe
  2⤵
  PID:2564
- C:\Windows\System\mRlAAeg.exe
  C:\Windows\System\mRlAAeg.exe
  2⤵
  PID:852
- C:\Windows\System\QebECUd.exe
  C:\Windows\System\QebECUd.exe
  2⤵
  PID:2672
- C:\Windows\System\rGkOCma.exe
  C:\Windows\System\rGkOCma.exe
  2⤵
  PID:2984
- C:\Windows\System\zGKbHJw.exe
  C:\Windows\System\zGKbHJw.exe
  2⤵
  PID:2068
- C:\Windows\System\cdcmhyX.exe
  C:\Windows\System\cdcmhyX.exe
  2⤵
  PID:1892
- C:\Windows\System\qOpYnWg.exe
  C:\Windows\System\qOpYnWg.exe
  2⤵
  PID:2152
- C:\Windows\System\GChKZme.exe
  C:\Windows\System\GChKZme.exe
  2⤵
  PID:588
- C:\Windows\System\TKNiNZt.exe
  C:\Windows\System\TKNiNZt.exe
  2⤵
  PID:2088
- C:\Windows\System\KRmuBqU.exe
  C:\Windows\System\KRmuBqU.exe
  2⤵
  PID:1944
- C:\Windows\System\TZDNXtX.exe
  C:\Windows\System\TZDNXtX.exe
  2⤵
  PID:2016
- C:\Windows\System\CRtzeLy.exe
  C:\Windows\System\CRtzeLy.exe
  2⤵
  PID:2876
- C:\Windows\System\uFhZFzQ.exe
  C:\Windows\System\uFhZFzQ.exe
  2⤵
  PID:2864
- C:\Windows\System\qYdMVNj.exe
  C:\Windows\System\qYdMVNj.exe
  2⤵
  PID:1776
- C:\Windows\System\JdytRpO.exe
  C:\Windows\System\JdytRpO.exe
  2⤵
  PID:3004
- C:\Windows\System\DCzvUXv.exe
  C:\Windows\System\DCzvUXv.exe
  2⤵
  PID:2720
- C:\Windows\System\FaLsdlh.exe
  C:\Windows\System\FaLsdlh.exe
  2⤵
  PID:276
- C:\Windows\System\OEkKvof.exe
  C:\Windows\System\OEkKvof.exe
  2⤵
  PID:948
- C:\Windows\System\uYCbHVY.exe
  C:\Windows\System\uYCbHVY.exe
  2⤵
  PID:2268
- C:\Windows\System\iiuXqIR.exe
  C:\Windows\System\iiuXqIR.exe
  2⤵
  PID:884
- C:\Windows\System\ZMQDNgn.exe
  C:\Windows\System\ZMQDNgn.exe
  2⤵
  PID:1520
- C:\Windows\System\tLKMvzh.exe
  C:\Windows\System\tLKMvzh.exe
  2⤵
  PID:1336
- C:\Windows\System\SJUXXjd.exe
  C:\Windows\System\SJUXXjd.exe
  2⤵
  PID:2232
- C:\Windows\System\vXdBrkK.exe
  C:\Windows\System\vXdBrkK.exe
  2⤵
  PID:820
- C:\Windows\System\HhPewuY.exe
  C:\Windows\System\HhPewuY.exe
  2⤵
  PID:2284
- C:\Windows\System\EkPTxVX.exe
  C:\Windows\System\EkPTxVX.exe
  2⤵
  PID:2488
- C:\Windows\System\FzbKFKK.exe
  C:\Windows\System\FzbKFKK.exe
  2⤵
  PID:112
- C:\Windows\System\uNzXFZx.exe
  C:\Windows\System\uNzXFZx.exe
  2⤵
  PID:2040
- C:\Windows\System\XVLiaRc.exe
  C:\Windows\System\XVLiaRc.exe
  2⤵
  PID:876
- C:\Windows\System\FCymVox.exe
  C:\Windows\System\FCymVox.exe
  2⤵
  PID:2336
- C:\Windows\System\FGJjejQ.exe
  C:\Windows\System\FGJjejQ.exe
  2⤵
  PID:3024
- C:\Windows\System\KjqbtFk.exe
  C:\Windows\System\KjqbtFk.exe
  2⤵
  PID:2248
- C:\Windows\System\ODsDWDU.exe
  C:\Windows\System\ODsDWDU.exe
  2⤵
  PID:2664
- C:\Windows\System\ezVuKJs.exe
  C:\Windows\System\ezVuKJs.exe
  2⤵
  PID:2904
- C:\Windows\System\HxlRsqd.exe
  C:\Windows\System\HxlRsqd.exe
  2⤵
  PID:2824
- C:\Windows\System\epoMtoX.exe
  C:\Windows\System\epoMtoX.exe
  2⤵
  PID:2596
- C:\Windows\System\cciSPzt.exe
  C:\Windows\System\cciSPzt.exe
  2⤵
  PID:1472
- C:\Windows\System\JWEzBaD.exe
  C:\Windows\System\JWEzBaD.exe
  2⤵
  PID:2752
- C:\Windows\System\pmvXhCy.exe
  C:\Windows\System\pmvXhCy.exe
  2⤵
  PID:1996
- C:\Windows\System\UtZLkBp.exe
  C:\Windows\System\UtZLkBp.exe
  2⤵
  PID:1484
- C:\Windows\System\ShrcOlW.exe
  C:\Windows\System\ShrcOlW.exe
  2⤵
  PID:2828
- C:\Windows\System\oMIDOvj.exe
  C:\Windows\System\oMIDOvj.exe
  2⤵
  PID:2992
- C:\Windows\System\DUavfKp.exe
  C:\Windows\System\DUavfKp.exe
  2⤵
  PID:1240
- C:\Windows\System\PQHKIgA.exe
  C:\Windows\System\PQHKIgA.exe
  2⤵
  PID:1236
- C:\Windows\System\qNcqQLD.exe
  C:\Windows\System\qNcqQLD.exe
  2⤵
  PID:1316
- C:\Windows\System\RgMWDCS.exe
  C:\Windows\System\RgMWDCS.exe
  2⤵
  PID:1680
- C:\Windows\System\WazBCnF.exe
  C:\Windows\System\WazBCnF.exe
  2⤵
  PID:2520
- C:\Windows\System\SKcbQaM.exe
  C:\Windows\System\SKcbQaM.exe
  2⤵
  PID:2740
- C:\Windows\System\pcbiSrw.exe
  C:\Windows\System\pcbiSrw.exe
  2⤵
  PID:2396
- C:\Windows\System\ATMmiSC.exe
  C:\Windows\System\ATMmiSC.exe
  2⤵
  PID:2096
- C:\Windows\System\PsbaDuz.exe
  C:\Windows\System\PsbaDuz.exe
  2⤵
  PID:2104
- C:\Windows\System\gTyVVdu.exe
  C:\Windows\System\gTyVVdu.exe
  2⤵
  PID:836
- C:\Windows\System\WeEXeKQ.exe
  C:\Windows\System\WeEXeKQ.exe
  2⤵
  PID:900
- C:\Windows\System\GWhiVBx.exe
  C:\Windows\System\GWhiVBx.exe
  2⤵
  PID:1528
- C:\Windows\System\UxZYaVe.exe
  C:\Windows\System\UxZYaVe.exe
  2⤵
  PID:1008
- C:\Windows\System\ABvyPIE.exe
  C:\Windows\System\ABvyPIE.exe
  2⤵
  PID:1056
- C:\Windows\System\zzYiMSM.exe
  C:\Windows\System\zzYiMSM.exe
  2⤵
  PID:556
- C:\Windows\System\XOyyBHr.exe
  C:\Windows\System\XOyyBHr.exe
  2⤵
  PID:1552
- C:\Windows\System\CvCcdoM.exe
  C:\Windows\System\CvCcdoM.exe
  2⤵
  PID:2964
- C:\Windows\System\sVuWhNb.exe
  C:\Windows\System\sVuWhNb.exe
  2⤵
  PID:1792
- C:\Windows\System\ZmtFFbD.exe
  C:\Windows\System\ZmtFFbD.exe
  2⤵
  PID:1276
- C:\Windows\System\VlZEphM.exe
  C:\Windows\System\VlZEphM.exe
  2⤵
  PID:2544
- C:\Windows\System\QMAqHbG.exe
  C:\Windows\System\QMAqHbG.exe
  2⤵
  PID:2580
- C:\Windows\System\QnvyVJx.exe
  C:\Windows\System\QnvyVJx.exe
  2⤵
  PID:1988
- C:\Windows\System\YcsnjYB.exe
  C:\Windows\System\YcsnjYB.exe
  2⤵
  PID:1940
- C:\Windows\System\mxzMprx.exe
  C:\Windows\System\mxzMprx.exe
  2⤵
  PID:2364
- C:\Windows\System\KLmOIeB.exe
  C:\Windows\System\KLmOIeB.exe
  2⤵
  PID:2676
- C:\Windows\System\YOIAfWd.exe
  C:\Windows\System\YOIAfWd.exe
  2⤵
  PID:1560
- C:\Windows\System\PjUqAsR.exe
  C:\Windows\System\PjUqAsR.exe
  2⤵
  PID:2140
- C:\Windows\System\ylqeZGx.exe
  C:\Windows\System\ylqeZGx.exe
  2⤵
  PID:1908
- C:\Windows\System\fHQISWv.exe
  C:\Windows\System\fHQISWv.exe
  2⤵
  PID:2748
- C:\Windows\System\MkFdKrC.exe
  C:\Windows\System\MkFdKrC.exe
  2⤵
  PID:1992
- C:\Windows\System\VFNOUUs.exe
  C:\Windows\System\VFNOUUs.exe
  2⤵
  PID:448
- C:\Windows\System\yhXrfuD.exe
  C:\Windows\System\yhXrfuD.exe
  2⤵
  PID:2776
- C:\Windows\System\ukiXoSJ.exe
  C:\Windows\System\ukiXoSJ.exe
  2⤵
  PID:2428
- C:\Windows\System\lVHkTwn.exe
  C:\Windows\System\lVHkTwn.exe
  2⤵
  PID:1684
- C:\Windows\System\KRZfHVo.exe
  C:\Windows\System\KRZfHVo.exe
  2⤵
  PID:1696
- C:\Windows\System\IVIetfn.exe
  C:\Windows\System\IVIetfn.exe
  2⤵
  PID:2968
- C:\Windows\System\jChkMKK.exe
  C:\Windows\System\jChkMKK.exe
  2⤵
  PID:2400
- C:\Windows\System\iHWMYgl.exe
  C:\Windows\System\iHWMYgl.exe
  2⤵
  PID:2160
- C:\Windows\System\nzXLmyY.exe
  C:\Windows\System\nzXLmyY.exe
  2⤵
  PID:3032
- C:\Windows\System\xGHNPPE.exe
  C:\Windows\System\xGHNPPE.exe
  2⤵
  PID:2440
- C:\Windows\System\EnZmNPt.exe
  C:\Windows\System\EnZmNPt.exe
  2⤵
  PID:1104
- C:\Windows\System\PNYEnua.exe
  C:\Windows\System\PNYEnua.exe
  2⤵
  PID:1184
- C:\Windows\System\GVnyitm.exe
  C:\Windows\System\GVnyitm.exe
  2⤵
  PID:1844
- C:\Windows\System\SkMdjmV.exe
  C:\Windows\System\SkMdjmV.exe
  2⤵
  PID:2868
- C:\Windows\System\CIzNmEC.exe
  C:\Windows\System\CIzNmEC.exe
  2⤵
  PID:596
- C:\Windows\System\RJeZsgs.exe
  C:\Windows\System\RJeZsgs.exe
  2⤵
  PID:2716
- C:\Windows\System\ooLaajP.exe
  C:\Windows\System\ooLaajP.exe
  2⤵
  PID:2312
- C:\Windows\System\WKDqeou.exe
  C:\Windows\System\WKDqeou.exe
  2⤵
  PID:2872
- C:\Windows\System\lJYmzIm.exe
  C:\Windows\System\lJYmzIm.exe
  2⤵
  PID:956
- C:\Windows\System\bWoawhx.exe
  C:\Windows\System\bWoawhx.exe
  2⤵
  PID:2988
- C:\Windows\System\yjDWzJN.exe
  C:\Windows\System\yjDWzJN.exe
  2⤵
  PID:684
- C:\Windows\System\qXScbAe.exe
  C:\Windows\System\qXScbAe.exe
  2⤵
  PID:988
- C:\Windows\System\IeBeVCC.exe
  C:\Windows\System\IeBeVCC.exe
  2⤵
  PID:2480
- C:\Windows\System\iaCVvrF.exe
  C:\Windows\System\iaCVvrF.exe
  2⤵
  PID:3048
- C:\Windows\System\RbTRRif.exe
  C:\Windows\System\RbTRRif.exe
  2⤵
  PID:1728
- C:\Windows\System\WeGWIjA.exe
  C:\Windows\System\WeGWIjA.exe
  2⤵
  PID:2136
- C:\Windows\System\XmrDEBu.exe
  C:\Windows\System\XmrDEBu.exe
  2⤵
  PID:2928
- C:\Windows\System\leNzstQ.exe
  C:\Windows\System\leNzstQ.exe
  2⤵
  PID:1540
- C:\Windows\System\cLwvHYY.exe
  C:\Windows\System\cLwvHYY.exe
  2⤵
  PID:2288
- C:\Windows\System\DiNXLaa.exe
  C:\Windows\System\DiNXLaa.exe
  2⤵
  PID:2640
- C:\Windows\System\Dycziil.exe
  C:\Windows\System\Dycziil.exe
  2⤵
  PID:776
- C:\Windows\System\TPtTQXa.exe
  C:\Windows\System\TPtTQXa.exe
  2⤵
  PID:380
- C:\Windows\System\PqhOOaA.exe
  C:\Windows\System\PqhOOaA.exe
  2⤵
  PID:1044
- C:\Windows\System\TRyxUBH.exe
  C:\Windows\System\TRyxUBH.exe
  2⤵
  PID:3080
- C:\Windows\System\ZyPrMqd.exe
  C:\Windows\System\ZyPrMqd.exe
  2⤵
  PID:3108
- C:\Windows\System\ozwLCBF.exe
  C:\Windows\System\ozwLCBF.exe
  2⤵
  PID:3124
- C:\Windows\System\TsKHzdj.exe
  C:\Windows\System\TsKHzdj.exe
  2⤵
  PID:3144
- C:\Windows\System\PjBvbzO.exe
  C:\Windows\System\PjBvbzO.exe
  2⤵
  PID:3168
- C:\Windows\System\fAbPsaj.exe
  C:\Windows\System\fAbPsaj.exe
  2⤵
  PID:3184
- C:\Windows\System\dNIaRKV.exe
  C:\Windows\System\dNIaRKV.exe
  2⤵
  PID:3200
- C:\Windows\System\HNXhxRx.exe
  C:\Windows\System\HNXhxRx.exe
  2⤵
  PID:3216
- C:\Windows\System\DQZtLRr.exe
  C:\Windows\System\DQZtLRr.exe
  2⤵
  PID:3232
- C:\Windows\System\SDitYJB.exe
  C:\Windows\System\SDitYJB.exe
  2⤵
  PID:3296
- C:\Windows\System\EwVUxVJ.exe
  C:\Windows\System\EwVUxVJ.exe
  2⤵
  PID:3312
- C:\Windows\System\BcwciRl.exe
  C:\Windows\System\BcwciRl.exe
  2⤵
  PID:3328
- C:\Windows\System\cnHXbWW.exe
  C:\Windows\System\cnHXbWW.exe
  2⤵
  PID:3344
- C:\Windows\System\ZHjimlr.exe
  C:\Windows\System\ZHjimlr.exe
  2⤵
  PID:3364
- C:\Windows\System\XccvKBi.exe
  C:\Windows\System\XccvKBi.exe
  2⤵
  PID:3380
- C:\Windows\System\qpRpnSC.exe
  C:\Windows\System\qpRpnSC.exe
  2⤵
  PID:3396
- C:\Windows\System\vRPDtdb.exe
  C:\Windows\System\vRPDtdb.exe
  2⤵
  PID:3416
- C:\Windows\System\JPeTvWf.exe
  C:\Windows\System\JPeTvWf.exe
  2⤵
  PID:3432
- C:\Windows\System\ZgtrVUS.exe
  C:\Windows\System\ZgtrVUS.exe
  2⤵
  PID:3448
- C:\Windows\System\NHQxMCz.exe
  C:\Windows\System\NHQxMCz.exe
  2⤵
  PID:3472
- C:\Windows\System\tElsgAI.exe
  C:\Windows\System\tElsgAI.exe
  2⤵
  PID:3488
- C:\Windows\System\xetMlIx.exe
  C:\Windows\System\xetMlIx.exe
  2⤵
  PID:3508
- C:\Windows\System\HspDXGV.exe
  C:\Windows\System\HspDXGV.exe
  2⤵
  PID:3588
- C:\Windows\System\gQQKtII.exe
  C:\Windows\System\gQQKtII.exe
  2⤵
  PID:3616
- C:\Windows\System\jGHvklM.exe
  C:\Windows\System\jGHvklM.exe
  2⤵
  PID:3632
- C:\Windows\System\vdsMHqf.exe
  C:\Windows\System\vdsMHqf.exe
  2⤵
  PID:3648
- C:\Windows\System\KUOFFNY.exe
  C:\Windows\System\KUOFFNY.exe
  2⤵
  PID:3668
- C:\Windows\System\lLDBzzH.exe
  C:\Windows\System\lLDBzzH.exe
  2⤵
  PID:3684
- C:\Windows\System\dBTuGkd.exe
  C:\Windows\System\dBTuGkd.exe
  2⤵
  PID:3704
- C:\Windows\System\lfwTcar.exe
  C:\Windows\System\lfwTcar.exe
  2⤵
  PID:3720
- C:\Windows\System\BKRRcVr.exe
  C:\Windows\System\BKRRcVr.exe
  2⤵
  PID:3740
- C:\Windows\System\lFdTksB.exe
  C:\Windows\System\lFdTksB.exe
  2⤵
  PID:3756
- C:\Windows\System\uzuzFxR.exe
  C:\Windows\System\uzuzFxR.exe
  2⤵
  PID:3776
- C:\Windows\System\AMpadys.exe
  C:\Windows\System\AMpadys.exe
  2⤵
  PID:3792
- C:\Windows\System\afqNHkw.exe
  C:\Windows\System\afqNHkw.exe
  2⤵
  PID:3812
- C:\Windows\System\nXibEvw.exe
  C:\Windows\System\nXibEvw.exe
  2⤵
  PID:3828
- C:\Windows\System\tWnVdjZ.exe
  C:\Windows\System\tWnVdjZ.exe
  2⤵
  PID:3844
- C:\Windows\System\yFxkxzd.exe
  C:\Windows\System\yFxkxzd.exe
  2⤵
  PID:3864
- C:\Windows\System\gwAVSDK.exe
  C:\Windows\System\gwAVSDK.exe
  2⤵
  PID:3884
- C:\Windows\System\DrXsApm.exe
  C:\Windows\System\DrXsApm.exe
  2⤵
  PID:3900
- C:\Windows\System\QDzfemx.exe
  C:\Windows\System\QDzfemx.exe
  2⤵
  PID:3920
- C:\Windows\System\NxQWwHY.exe
  C:\Windows\System\NxQWwHY.exe
  2⤵
  PID:3936
- C:\Windows\System\dzIdybn.exe
  C:\Windows\System\dzIdybn.exe
  2⤵
  PID:3956
- C:\Windows\System\YJYRGOJ.exe
  C:\Windows\System\YJYRGOJ.exe
  2⤵
  PID:3972
- C:\Windows\System\FBminMb.exe
  C:\Windows\System\FBminMb.exe
  2⤵
  PID:3988
- C:\Windows\System\HWobbdm.exe
  C:\Windows\System\HWobbdm.exe
  2⤵
  PID:4008
- C:\Windows\System\NwPjCKX.exe
  C:\Windows\System\NwPjCKX.exe
  2⤵
  PID:4024
- C:\Windows\System\XwvnReh.exe
  C:\Windows\System\XwvnReh.exe
  2⤵
  PID:4044
- C:\Windows\System\RJNkaoQ.exe
  C:\Windows\System\RJNkaoQ.exe
  2⤵
  PID:4060
- C:\Windows\System\fPCrplH.exe
  C:\Windows\System\fPCrplH.exe
  2⤵
  PID:4088
- C:\Windows\System\ZkCrlck.exe
  C:\Windows\System\ZkCrlck.exe
  2⤵
  PID:2956
- C:\Windows\System\eEBZYIB.exe
  C:\Windows\System\eEBZYIB.exe
  2⤵
  PID:3248
- C:\Windows\System\OksAuOE.exe
  C:\Windows\System\OksAuOE.exe
  2⤵
  PID:3212
- C:\Windows\System\PdHVjVr.exe
  C:\Windows\System\PdHVjVr.exe
  2⤵
  PID:3260
- C:\Windows\System\NhGpOOs.exe
  C:\Windows\System\NhGpOOs.exe
  2⤵
  PID:3268
- C:\Windows\System\XqKBpvE.exe
  C:\Windows\System\XqKBpvE.exe
  2⤵
  PID:3276
- C:\Windows\System\jXNVhBr.exe
  C:\Windows\System\jXNVhBr.exe
  2⤵
  PID:3192
- C:\Windows\System\JYFulas.exe
  C:\Windows\System\JYFulas.exe
  2⤵
  PID:3244
- C:\Windows\System\FRIhevh.exe
  C:\Windows\System\FRIhevh.exe
  2⤵
  PID:3352
- C:\Windows\System\IoYjRZj.exe
  C:\Windows\System\IoYjRZj.exe
  2⤵
  PID:3464
- C:\Windows\System\MuyfCFb.exe
  C:\Windows\System\MuyfCFb.exe
  2⤵
  PID:3504
- C:\Windows\System\VVIJhWA.exe
  C:\Windows\System\VVIJhWA.exe
  2⤵
  PID:3340
- C:\Windows\System\FlxDvHd.exe
  C:\Windows\System\FlxDvHd.exe
  2⤵
  PID:3444
- C:\Windows\System\bEOFaCU.exe
  C:\Windows\System\bEOFaCU.exe
  2⤵
  PID:3356
- C:\Windows\System\JwFvNPY.exe
  C:\Windows\System\JwFvNPY.exe
  2⤵
  PID:3564
- C:\Windows\System\qAUxKND.exe
  C:\Windows\System\qAUxKND.exe
  2⤵
  PID:3596
- C:\Windows\System\cQCbEVd.exe
  C:\Windows\System\cQCbEVd.exe
  2⤵
  PID:3640
- C:\Windows\System\kpXTVAK.exe
  C:\Windows\System\kpXTVAK.exe
  2⤵
  PID:3712
- C:\Windows\System\LmaJTeG.exe
  C:\Windows\System\LmaJTeG.exe
  2⤵
  PID:3788
- C:\Windows\System\wlwrJJE.exe
  C:\Windows\System\wlwrJJE.exe
  2⤵
  PID:3856
- C:\Windows\System\bYQmbMk.exe
  C:\Windows\System\bYQmbMk.exe
  2⤵
  PID:3656
- C:\Windows\System\UmvSZxH.exe
  C:\Windows\System\UmvSZxH.exe
  2⤵
  PID:3964
- C:\Windows\System\PTUbvgL.exe
  C:\Windows\System\PTUbvgL.exe
  2⤵
  PID:4032
- C:\Windows\System\QRQhpSN.exe
  C:\Windows\System\QRQhpSN.exe
  2⤵
  PID:4072
- C:\Windows\System\YnVvQpQ.exe
  C:\Windows\System\YnVvQpQ.exe
  2⤵
  PID:3092
- C:\Windows\System\mshYisO.exe
  C:\Windows\System\mshYisO.exe
  2⤵
  PID:3768
- C:\Windows\System\hkFNbss.exe
  C:\Windows\System\hkFNbss.exe
  2⤵
  PID:3100
- C:\Windows\System\CgXclqf.exe
  C:\Windows\System\CgXclqf.exe
  2⤵
  PID:3256
- C:\Windows\System\krgRaoO.exe
  C:\Windows\System\krgRaoO.exe
  2⤵
  PID:3876
- C:\Windows\System\BqDgGce.exe
  C:\Windows\System\BqDgGce.exe
  2⤵
  PID:3132
- C:\Windows\System\QiamJys.exe
  C:\Windows\System\QiamJys.exe
  2⤵
  PID:3984
- C:\Windows\System\vWwrmhf.exe
  C:\Windows\System\vWwrmhf.exe
  2⤵
  PID:4056
- C:\Windows\System\ruGkEQu.exe
  C:\Windows\System\ruGkEQu.exe
  2⤵
  PID:3180
- C:\Windows\System\KCxUaKT.exe
  C:\Windows\System\KCxUaKT.exe
  2⤵
  PID:3288
- C:\Windows\System\IjWzHeJ.exe
  C:\Windows\System\IjWzHeJ.exe
  2⤵
  PID:2120
- C:\Windows\System\vBEIGlg.exe
  C:\Windows\System\vBEIGlg.exe
  2⤵
  PID:3980
- C:\Windows\System\ttDWKAm.exe
  C:\Windows\System\ttDWKAm.exe
  2⤵
  PID:3152
- C:\Windows\System\rXaCzmS.exe
  C:\Windows\System\rXaCzmS.exe
  2⤵
  PID:3324
- C:\Windows\System\MGFOqPA.exe
  C:\Windows\System\MGFOqPA.exe
  2⤵
  PID:3456
- C:\Windows\System\zvVQOhi.exe
  C:\Windows\System\zvVQOhi.exe
  2⤵
  PID:3440
- C:\Windows\System\ENWdOpq.exe
  C:\Windows\System\ENWdOpq.exe
  2⤵
  PID:3516
- C:\Windows\System\bFsSZGj.exe
  C:\Windows\System\bFsSZGj.exe
  2⤵
  PID:3556
- C:\Windows\System\oycXbYX.exe
  C:\Windows\System\oycXbYX.exe
  2⤵
  PID:3928
- C:\Windows\System\TIGNAyR.exe
  C:\Windows\System\TIGNAyR.exe
  2⤵
  PID:3624
- C:\Windows\System\ckBmWeq.exe
  C:\Windows\System\ckBmWeq.exe
  2⤵
  PID:4004
- C:\Windows\System\MYJNFDU.exe
  C:\Windows\System\MYJNFDU.exe
  2⤵
  PID:3892
- C:\Windows\System\LAymxdT.exe
  C:\Windows\System\LAymxdT.exe
  2⤵
  PID:3732
- C:\Windows\System\IQIyncI.exe
  C:\Windows\System\IQIyncI.exe
  2⤵
  PID:3840
- C:\Windows\System\vnbFRkg.exe
  C:\Windows\System\vnbFRkg.exe
  2⤵
  PID:3916
- C:\Windows\System\VndXvyL.exe
  C:\Windows\System\VndXvyL.exe
  2⤵
  PID:3264
- C:\Windows\System\tvuNlxp.exe
  C:\Windows\System\tvuNlxp.exe
  2⤵
  PID:3804
- C:\Windows\System\arjOYwA.exe
  C:\Windows\System\arjOYwA.exe
  2⤵
  PID:3160
- C:\Windows\System\xyOPMVH.exe
  C:\Windows\System\xyOPMVH.exe
  2⤵
  PID:880
- C:\Windows\System\FsbFKjh.exe
  C:\Windows\System\FsbFKjh.exe
  2⤵
  PID:484
- C:\Windows\System\ZFRQXdZ.exe
  C:\Windows\System\ZFRQXdZ.exe
  2⤵
  PID:3120
- C:\Windows\System\YIaXLFZ.exe
  C:\Windows\System\YIaXLFZ.exe
  2⤵
  PID:3320
- C:\Windows\System\gzplYdj.exe
  C:\Windows\System\gzplYdj.exe
  2⤵
  PID:3404
- C:\Windows\System\uizqZHY.exe
  C:\Windows\System\uizqZHY.exe
  2⤵
  PID:3580
- C:\Windows\System\vnQVxHy.exe
  C:\Windows\System\vnQVxHy.exe
  2⤵
  PID:3852
- C:\Windows\System\lSvwneB.exe
  C:\Windows\System\lSvwneB.exe
  2⤵
  PID:3800
- C:\Windows\System\sHfRMTv.exe
  C:\Windows\System\sHfRMTv.exe
  2⤵
  PID:3764
- C:\Windows\System\cwaNhkQ.exe
  C:\Windows\System\cwaNhkQ.exe
  2⤵
  PID:3952
- C:\Windows\System\APdNdYu.exe
  C:\Windows\System\APdNdYu.exe
  2⤵
  PID:3292
- C:\Windows\System\AZCapbK.exe
  C:\Windows\System\AZCapbK.exe
  2⤵
  PID:3428
- C:\Windows\System\bxZclvH.exe
  C:\Windows\System\bxZclvH.exe
  2⤵
  PID:3568
- C:\Windows\System\fagUDoB.exe
  C:\Windows\System\fagUDoB.exe
  2⤵
  PID:3908
- C:\Windows\System\MByAWXk.exe
  C:\Windows\System\MByAWXk.exe
  2⤵
  PID:3912
- C:\Windows\System\faPzHwA.exe
  C:\Windows\System\faPzHwA.exe
  2⤵
  PID:3272
- C:\Windows\System\zUyKdUk.exe
  C:\Windows\System\zUyKdUk.exe
  2⤵
  PID:3376
- C:\Windows\System\HyhRidO.exe
  C:\Windows\System\HyhRidO.exe
  2⤵
  PID:3612
- C:\Windows\System\luOLIzz.exe
  C:\Windows\System\luOLIzz.exe
  2⤵
  PID:3500
- C:\Windows\System\CpCirGQ.exe
  C:\Windows\System\CpCirGQ.exe
  2⤵
  PID:3560
- C:\Windows\System\mLtrXBF.exe
  C:\Windows\System\mLtrXBF.exe
  2⤵
  PID:3932
- C:\Windows\System\YTSGWuO.exe
  C:\Windows\System\YTSGWuO.exe
  2⤵
  PID:3104
- C:\Windows\System\wPbBVaB.exe
  C:\Windows\System\wPbBVaB.exe
  2⤵
  PID:4116
- C:\Windows\System\wJELmGz.exe
  C:\Windows\System\wJELmGz.exe
  2⤵
  PID:4132
- C:\Windows\System\BrQdgMp.exe
  C:\Windows\System\BrQdgMp.exe
  2⤵
  PID:4156
- C:\Windows\System\pCYiHsx.exe
  C:\Windows\System\pCYiHsx.exe
  2⤵
  PID:4176
- C:\Windows\System\FKKkkkI.exe
  C:\Windows\System\FKKkkkI.exe
  2⤵
  PID:4196
- C:\Windows\System\dCVwdOb.exe
  C:\Windows\System\dCVwdOb.exe
  2⤵
  PID:4224
- C:\Windows\System\CPSOfKB.exe
  C:\Windows\System\CPSOfKB.exe
  2⤵
  PID:4240
- C:\Windows\System\akQaSKV.exe
  C:\Windows\System\akQaSKV.exe
  2⤵
  PID:4260
- C:\Windows\System\OxqvIbJ.exe
  C:\Windows\System\OxqvIbJ.exe
  2⤵
  PID:4276
- C:\Windows\System\aLnzkwh.exe
  C:\Windows\System\aLnzkwh.exe
  2⤵
  PID:4296
- C:\Windows\System\jIUvRVg.exe
  C:\Windows\System\jIUvRVg.exe
  2⤵
  PID:4320
- C:\Windows\System\IXXUWXX.exe
  C:\Windows\System\IXXUWXX.exe
  2⤵
  PID:4336
- C:\Windows\System\glNEKjT.exe
  C:\Windows\System\glNEKjT.exe
  2⤵
  PID:4356
- C:\Windows\System\UYLzbJa.exe
  C:\Windows\System\UYLzbJa.exe
  2⤵
  PID:4376
- C:\Windows\System\tMPkBQW.exe
  C:\Windows\System\tMPkBQW.exe
  2⤵
  PID:4396
- C:\Windows\System\yCUvjDD.exe
  C:\Windows\System\yCUvjDD.exe
  2⤵
  PID:4420
- C:\Windows\System\IZidiBY.exe
  C:\Windows\System\IZidiBY.exe
  2⤵
  PID:4440
- C:\Windows\System\sTsMirW.exe
  C:\Windows\System\sTsMirW.exe
  2⤵
  PID:4456
- C:\Windows\System\ACIwTWT.exe
  C:\Windows\System\ACIwTWT.exe
  2⤵
  PID:4488
- C:\Windows\System\esodyAo.exe
  C:\Windows\System\esodyAo.exe
  2⤵
  PID:4504
- C:\Windows\System\hJyEqcg.exe
  C:\Windows\System\hJyEqcg.exe
  2⤵
  PID:4520
- C:\Windows\System\jGnEmbB.exe
  C:\Windows\System\jGnEmbB.exe
  2⤵
  PID:4536
- C:\Windows\System\alAYFDQ.exe
  C:\Windows\System\alAYFDQ.exe
  2⤵
  PID:4552
- C:\Windows\System\fcTayhH.exe
  C:\Windows\System\fcTayhH.exe
  2⤵
  PID:4568
- C:\Windows\System\VSyKPFU.exe
  C:\Windows\System\VSyKPFU.exe
  2⤵
  PID:4584
- C:\Windows\System\REMsyyb.exe
  C:\Windows\System\REMsyyb.exe
  2⤵
  PID:4600
- C:\Windows\System\yWgVaJN.exe
  C:\Windows\System\yWgVaJN.exe
  2⤵
  PID:4616
- C:\Windows\System\kbdnuBJ.exe
  C:\Windows\System\kbdnuBJ.exe
  2⤵
  PID:4632
- C:\Windows\System\icUsGpP.exe
  C:\Windows\System\icUsGpP.exe
  2⤵
  PID:4648
- C:\Windows\System\pArVKhr.exe
  C:\Windows\System\pArVKhr.exe
  2⤵
  PID:4696
- C:\Windows\System\nEgMChk.exe
  C:\Windows\System\nEgMChk.exe
  2⤵
  PID:4728
- C:\Windows\System\uVnvBFA.exe
  C:\Windows\System\uVnvBFA.exe
  2⤵
  PID:4744
- C:\Windows\System\xKQuBiW.exe
  C:\Windows\System\xKQuBiW.exe
  2⤵
  PID:4760
- C:\Windows\System\iwumzmo.exe
  C:\Windows\System\iwumzmo.exe
  2⤵
  PID:4780
- C:\Windows\System\KOgMVFH.exe
  C:\Windows\System\KOgMVFH.exe
  2⤵
  PID:4800
- C:\Windows\System\CgoAGEw.exe
  C:\Windows\System\CgoAGEw.exe
  2⤵
  PID:4816
- C:\Windows\System\ljvEjhp.exe
  C:\Windows\System\ljvEjhp.exe
  2⤵
  PID:4832
- C:\Windows\System\rEXbWMm.exe
  C:\Windows\System\rEXbWMm.exe
  2⤵
  PID:4856
- C:\Windows\System\BKSLeBE.exe
  C:\Windows\System\BKSLeBE.exe
  2⤵
  PID:4872
- C:\Windows\System\HdRmRZB.exe
  C:\Windows\System\HdRmRZB.exe
  2⤵
  PID:4892
- C:\Windows\System\LQYrCZO.exe
  C:\Windows\System\LQYrCZO.exe
  2⤵
  PID:4908
- C:\Windows\System\iqjzrNn.exe
  C:\Windows\System\iqjzrNn.exe
  2⤵
  PID:4928
- C:\Windows\System\krfnzQn.exe
  C:\Windows\System\krfnzQn.exe
  2⤵
  PID:4944
- C:\Windows\System\CtyjVqV.exe
  C:\Windows\System\CtyjVqV.exe
  2⤵
  PID:4960
- C:\Windows\System\mudhQkR.exe
  C:\Windows\System\mudhQkR.exe
  2⤵
  PID:4976
- C:\Windows\System\yrZJHVb.exe
  C:\Windows\System\yrZJHVb.exe
  2⤵
  PID:4992
- C:\Windows\System\HmYwofj.exe
  C:\Windows\System\HmYwofj.exe
  2⤵
  PID:5012
- C:\Windows\System\hZnumEu.exe
  C:\Windows\System\hZnumEu.exe
  2⤵
  PID:5032
- C:\Windows\System\sQNRnZO.exe
  C:\Windows\System\sQNRnZO.exe
  2⤵
  PID:5048
- C:\Windows\System\nsrExrF.exe
  C:\Windows\System\nsrExrF.exe
  2⤵
  PID:5064
- C:\Windows\System\tTXkntW.exe
  C:\Windows\System\tTXkntW.exe
  2⤵
  PID:5092
- C:\Windows\System\FzRcyvY.exe
  C:\Windows\System\FzRcyvY.exe
  2⤵
  PID:5112
- C:\Windows\System\oYixaEM.exe
  C:\Windows\System\oYixaEM.exe
  2⤵
  PID:4124
- C:\Windows\System\nbvtxMD.exe
  C:\Windows\System\nbvtxMD.exe
  2⤵
  PID:3948
- C:\Windows\System\WkffYvG.exe
  C:\Windows\System\WkffYvG.exe
  2⤵
  PID:4208
- C:\Windows\System\QDJmIvZ.exe
  C:\Windows\System\QDJmIvZ.exe
  2⤵
  PID:4188
- C:\Windows\System\EXMqSpS.exe
  C:\Windows\System\EXMqSpS.exe
  2⤵
  PID:4288
- C:\Windows\System\bdcFyXl.exe
  C:\Windows\System\bdcFyXl.exe
  2⤵
  PID:3872
- C:\Windows\System\fYZrtYC.exe
  C:\Windows\System\fYZrtYC.exe
  2⤵
  PID:4192
- C:\Windows\System\OLjPLWy.exe
  C:\Windows\System\OLjPLWy.exe
  2⤵
  PID:4144
- C:\Windows\System\HXYIhpp.exe
  C:\Windows\System\HXYIhpp.exe
  2⤵
  PID:4412
- C:\Windows\System\mDfoNoG.exe
  C:\Windows\System\mDfoNoG.exe
  2⤵
  PID:4448
- C:\Windows\System\fjzsiaR.exe
  C:\Windows\System\fjzsiaR.exe
  2⤵
  PID:4496
- C:\Windows\System\lougaso.exe
  C:\Windows\System\lougaso.exe
  2⤵
  PID:4388
- C:\Windows\System\OXHNldZ.exe
  C:\Windows\System\OXHNldZ.exe
  2⤵
  PID:4432
- C:\Windows\System\TYngqKF.exe
  C:\Windows\System\TYngqKF.exe
  2⤵
  PID:4512
- C:\Windows\System\oVDolsS.exe
  C:\Windows\System\oVDolsS.exe
  2⤵
  PID:4612
- C:\Windows\System\OAJHVzY.exe
  C:\Windows\System\OAJHVzY.exe
  2⤵
  PID:4580
- C:\Windows\System\RGFkOen.exe
  C:\Windows\System\RGFkOen.exe
  2⤵
  PID:4592
- C:\Windows\System\gcZHkmU.exe
  C:\Windows\System\gcZHkmU.exe
  2⤵
  PID:4656
- C:\Windows\System\YEosliR.exe
  C:\Windows\System\YEosliR.exe
  2⤵
  PID:4680
- C:\Windows\System\oJMZVJH.exe
  C:\Windows\System\oJMZVJH.exe
  2⤵
  PID:4624
- C:\Windows\System\nEaLNWN.exe
  C:\Windows\System\nEaLNWN.exe
  2⤵
  PID:4712
- C:\Windows\System\xgbaOfZ.exe
  C:\Windows\System\xgbaOfZ.exe
  2⤵
  PID:4768
- C:\Windows\System\ljfZIvq.exe
  C:\Windows\System\ljfZIvq.exe
  2⤵
  PID:4812
- C:\Windows\System\rwqbrPE.exe
  C:\Windows\System\rwqbrPE.exe
  2⤵
  PID:4884
- C:\Windows\System\BBkkwyL.exe
  C:\Windows\System\BBkkwyL.exe
  2⤵
  PID:4952
- C:\Windows\System\AzdaNCB.exe
  C:\Windows\System\AzdaNCB.exe
  2⤵
  PID:5020
- C:\Windows\System\uEPwFEg.exe
  C:\Windows\System\uEPwFEg.exe
  2⤵
  PID:5060
- C:\Windows\System\gjpVQff.exe
  C:\Windows\System\gjpVQff.exe
  2⤵
  PID:4756
- C:\Windows\System\iHrFOTN.exe
  C:\Windows\System\iHrFOTN.exe
  2⤵
  PID:4216
- C:\Windows\System\elfAaoZ.exe
  C:\Windows\System\elfAaoZ.exe
  2⤵
  PID:4796
- C:\Windows\System\jVsIktG.exe
  C:\Windows\System\jVsIktG.exe
  2⤵
  PID:4252
- C:\Windows\System\FepzLLb.exe
  C:\Windows\System\FepzLLb.exe
  2⤵
  PID:3896
- C:\Windows\System\jSAqvOT.exe
  C:\Windows\System\jSAqvOT.exe
  2⤵
  PID:4752
- C:\Windows\System\ePJyuCc.exe
  C:\Windows\System\ePJyuCc.exe
  2⤵
  PID:4468
- C:\Windows\System\dHUIhnP.exe
  C:\Windows\System\dHUIhnP.exe
  2⤵
  PID:4368
- C:\Windows\System\ojnnxlb.exe
  C:\Windows\System\ojnnxlb.exe
  2⤵
  PID:4844
- C:\Windows\System\FeiWYnU.exe
  C:\Windows\System\FeiWYnU.exe
  2⤵
  PID:4940
- C:\Windows\System\HsuOpAB.exe
  C:\Windows\System\HsuOpAB.exe
  2⤵
  PID:4968
- C:\Windows\System\hYxdGwq.exe
  C:\Windows\System\hYxdGwq.exe
  2⤵
  PID:5008
- C:\Windows\System\ooTNiHG.exe
  C:\Windows\System\ooTNiHG.exe
  2⤵
  PID:4332
- C:\Windows\System\EZdkpAC.exe
  C:\Windows\System\EZdkpAC.exe
  2⤵
  PID:5084
- C:\Windows\System\iuTbbod.exe
  C:\Windows\System\iuTbbod.exe
  2⤵
  PID:4304
- C:\Windows\System\OdvuhNO.exe
  C:\Windows\System\OdvuhNO.exe
  2⤵
  PID:4544
- C:\Windows\System\GHvzsVA.exe
  C:\Windows\System\GHvzsVA.exe
  2⤵
  PID:4532
- C:\Windows\System\Efwavmf.exe
  C:\Windows\System\Efwavmf.exe
  2⤵
  PID:4676
- C:\Windows\System\CFzbwym.exe
  C:\Windows\System\CFzbwym.exe
  2⤵
  PID:4988
- C:\Windows\System\OtbzNya.exe
  C:\Windows\System\OtbzNya.exe
  2⤵
  PID:4788
- C:\Windows\System\CICkMjq.exe
  C:\Windows\System\CICkMjq.exe
  2⤵
  PID:4100
- C:\Windows\System\DPXGUVT.exe
  C:\Windows\System\DPXGUVT.exe
  2⤵
  PID:3628
- C:\Windows\System\EoddGWm.exe
  C:\Windows\System\EoddGWm.exe
  2⤵
  PID:4708
- C:\Windows\System\LSvtuKX.exe
  C:\Windows\System\LSvtuKX.exe
  2⤵
  PID:4428
- C:\Windows\System\iNLIujk.exe
  C:\Windows\System\iNLIujk.exe
  2⤵
  PID:4772
- C:\Windows\System\omhJcPh.exe
  C:\Windows\System\omhJcPh.exe
  2⤵
  PID:4916
- C:\Windows\System\zsYAwfh.exe
  C:\Windows\System\zsYAwfh.exe
  2⤵
  PID:4172
- C:\Windows\System\mAMMiaA.exe
  C:\Windows\System\mAMMiaA.exe
  2⤵
  PID:4660
- C:\Windows\System\qPRvtXz.exe
  C:\Windows\System\qPRvtXz.exe
  2⤵
  PID:3576
- C:\Windows\System\nRiQWIF.exe
  C:\Windows\System\nRiQWIF.exe
  2⤵
  PID:4848
- C:\Windows\System\WlWsUnX.exe
  C:\Windows\System\WlWsUnX.exe
  2⤵
  PID:5124
- C:\Windows\System\GikOgJv.exe
  C:\Windows\System\GikOgJv.exe
  2⤵
  PID:5140
- C:\Windows\System\ZfAuVuc.exe
  C:\Windows\System\ZfAuVuc.exe
  2⤵
  PID:5172
- C:\Windows\System\feqylIl.exe
  C:\Windows\System\feqylIl.exe
  2⤵
  PID:5256
- C:\Windows\System\OIJbzYE.exe
  C:\Windows\System\OIJbzYE.exe
  2⤵
  PID:5272
- C:\Windows\System\lqnRHWN.exe
  C:\Windows\System\lqnRHWN.exe
  2⤵
  PID:5292
- C:\Windows\System\PvMRvEq.exe
  C:\Windows\System\PvMRvEq.exe
  2⤵
  PID:5308
- C:\Windows\System\gGtAikl.exe
  C:\Windows\System\gGtAikl.exe
  2⤵
  PID:5324
- C:\Windows\System\uVTyVSN.exe
  C:\Windows\System\uVTyVSN.exe
  2⤵
  PID:5340
- C:\Windows\System\yMmuBzc.exe
  C:\Windows\System\yMmuBzc.exe
  2⤵
  PID:5356
- C:\Windows\System\uNEihHM.exe
  C:\Windows\System\uNEihHM.exe
  2⤵
  PID:5372
- C:\Windows\System\cAuBLWR.exe
  C:\Windows\System\cAuBLWR.exe
  2⤵
  PID:5396
- C:\Windows\System\NvWxUrl.exe
  C:\Windows\System\NvWxUrl.exe
  2⤵
  PID:5436
- C:\Windows\System\ZvQuRah.exe
  C:\Windows\System\ZvQuRah.exe
  2⤵
  PID:5452
- C:\Windows\System\THZCtJg.exe
  C:\Windows\System\THZCtJg.exe
  2⤵
  PID:5472
- C:\Windows\System\OyvYmUU.exe
  C:\Windows\System\OyvYmUU.exe
  2⤵
  PID:5496
- C:\Windows\System\UZEOAPl.exe
  C:\Windows\System\UZEOAPl.exe
  2⤵
  PID:5512
- C:\Windows\System\NhLUIQk.exe
  C:\Windows\System\NhLUIQk.exe
  2⤵
  PID:5532
- C:\Windows\System\znzGwpi.exe
  C:\Windows\System\znzGwpi.exe
  2⤵
  PID:5548
- C:\Windows\System\zMvpqnn.exe
  C:\Windows\System\zMvpqnn.exe
  2⤵
  PID:5564
- C:\Windows\System\fUzjNyX.exe
  C:\Windows\System\fUzjNyX.exe
  2⤵
  PID:5584
- C:\Windows\System\SMyjXCq.exe
  C:\Windows\System\SMyjXCq.exe
  2⤵
  PID:5600
- C:\Windows\System\dahirpl.exe
  C:\Windows\System\dahirpl.exe
  2⤵
  PID:5620
- C:\Windows\System\hHZbWgf.exe
  C:\Windows\System\hHZbWgf.exe
  2⤵
  PID:5636
- C:\Windows\System\ESJIIbq.exe
  C:\Windows\System\ESJIIbq.exe
  2⤵
  PID:5652
- C:\Windows\System\nnrSyXo.exe
  C:\Windows\System\nnrSyXo.exe
  2⤵
  PID:5668
- C:\Windows\System\vYhmDUK.exe
  C:\Windows\System\vYhmDUK.exe
  2⤵
  PID:5684
- C:\Windows\System\XsRhPkL.exe
  C:\Windows\System\XsRhPkL.exe
  2⤵
  PID:5700
- C:\Windows\System\wTNEKDd.exe
  C:\Windows\System\wTNEKDd.exe
  2⤵
  PID:5716
- C:\Windows\System\rHKoYAK.exe
  C:\Windows\System\rHKoYAK.exe
  2⤵
  PID:5736
- C:\Windows\System\kNFHBKr.exe
  C:\Windows\System\kNFHBKr.exe
  2⤵
  PID:5756
- C:\Windows\System\vyozQpb.exe
  C:\Windows\System\vyozQpb.exe
  2⤵
  PID:5776
- C:\Windows\System\yaqZMVW.exe
  C:\Windows\System\yaqZMVW.exe
  2⤵
  PID:5796
- C:\Windows\System\YpkIoYN.exe
  C:\Windows\System\YpkIoYN.exe
  2⤵
  PID:5816
- C:\Windows\System\hukuDqr.exe
  C:\Windows\System\hukuDqr.exe
  2⤵
  PID:5832
- C:\Windows\System\rkALPgw.exe
  C:\Windows\System\rkALPgw.exe
  2⤵
  PID:5852
- C:\Windows\System\pYsiESM.exe
  C:\Windows\System\pYsiESM.exe
  2⤵
  PID:5868
- C:\Windows\System\olkpSDz.exe
  C:\Windows\System\olkpSDz.exe
  2⤵
  PID:5884
- C:\Windows\System\HUGCAbo.exe
  C:\Windows\System\HUGCAbo.exe
  2⤵
  PID:5900
- C:\Windows\System\KqEbGIW.exe
  C:\Windows\System\KqEbGIW.exe
  2⤵
  PID:5916
- C:\Windows\System\rbXZbYV.exe
  C:\Windows\System\rbXZbYV.exe
  2⤵
  PID:5932
- C:\Windows\System\RfSysvB.exe
  C:\Windows\System\RfSysvB.exe
  2⤵
  PID:5948
- C:\Windows\System\uhcHLtF.exe
  C:\Windows\System\uhcHLtF.exe
  2⤵
  PID:5964
- C:\Windows\System\IlBXhrC.exe
  C:\Windows\System\IlBXhrC.exe
  2⤵
  PID:5980
- C:\Windows\System\PiVUqNH.exe
  C:\Windows\System\PiVUqNH.exe
  2⤵
  PID:5996
- C:\Windows\System\vSyTXZU.exe
  C:\Windows\System\vSyTXZU.exe
  2⤵
  PID:6012
- C:\Windows\System\zIBFGjg.exe
  C:\Windows\System\zIBFGjg.exe
  2⤵
  PID:6028
- C:\Windows\System\bLvUXiM.exe
  C:\Windows\System\bLvUXiM.exe
  2⤵
  PID:6044
- C:\Windows\System\lIMygRx.exe
  C:\Windows\System\lIMygRx.exe
  2⤵
  PID:6060
- C:\Windows\System\HrPsylf.exe
  C:\Windows\System\HrPsylf.exe
  2⤵
  PID:6076
- C:\Windows\System\mfBymgs.exe
  C:\Windows\System\mfBymgs.exe
  2⤵
  PID:6092
- C:\Windows\System\LjjCWwO.exe
  C:\Windows\System\LjjCWwO.exe
  2⤵
  PID:6112
- C:\Windows\System\uZqSkGQ.exe
  C:\Windows\System\uZqSkGQ.exe
  2⤵
  PID:6132
- C:\Windows\System\RXtEZdm.exe
  C:\Windows\System\RXtEZdm.exe
  2⤵
  PID:4348
- C:\Windows\System\BUVuisV.exe
  C:\Windows\System\BUVuisV.exe
  2⤵
  PID:4232
- C:\Windows\System\yuciMho.exe
  C:\Windows\System\yuciMho.exe
  2⤵
  PID:5156
- C:\Windows\System\AEahqPs.exe
  C:\Windows\System\AEahqPs.exe
  2⤵
  PID:4236
- C:\Windows\System\OQFiUWi.exe
  C:\Windows\System\OQFiUWi.exe
  2⤵
  PID:4560
- C:\Windows\System\JnvBxOF.exe
  C:\Windows\System\JnvBxOF.exe
  2⤵
  PID:4548
- C:\Windows\System\LfGdSPW.exe
  C:\Windows\System\LfGdSPW.exe
  2⤵
  PID:4736
- C:\Windows\System\hkjbEcb.exe
  C:\Windows\System\hkjbEcb.exe
  2⤵
  PID:5180
- C:\Windows\System\zKMSyVe.exe
  C:\Windows\System\zKMSyVe.exe
  2⤵
  PID:5200
- C:\Windows\System\wswEZDH.exe
  C:\Windows\System\wswEZDH.exe
  2⤵
  PID:4864
- C:\Windows\System\xupXsLQ.exe
  C:\Windows\System\xupXsLQ.exe
  2⤵
  PID:5228
- C:\Windows\System\lAUtOUo.exe
  C:\Windows\System\lAUtOUo.exe
  2⤵
  PID:5304
- C:\Windows\System\HJHfRju.exe
  C:\Windows\System\HJHfRju.exe
  2⤵
  PID:5392
- C:\Windows\System\ZLvJEwm.exe
  C:\Windows\System\ZLvJEwm.exe
  2⤵
  PID:5420
- C:\Windows\System\tjKUBKF.exe
  C:\Windows\System\tjKUBKF.exe
  2⤵
  PID:5424
- C:\Windows\System\BLYtOJm.exe
  C:\Windows\System\BLYtOJm.exe
  2⤵
  PID:5468
- C:\Windows\System\IpGDbMn.exe
  C:\Windows\System\IpGDbMn.exe
  2⤵
  PID:5316
- C:\Windows\System\JbauIoS.exe
  C:\Windows\System\JbauIoS.exe
  2⤵
  PID:5352
- C:\Windows\System\ZmFfAwO.exe
  C:\Windows\System\ZmFfAwO.exe
  2⤵
  PID:5508
- C:\Windows\System\qXWgiDl.exe
  C:\Windows\System\qXWgiDl.exe
  2⤵
  PID:5576
- C:\Windows\System\ODaQZfG.exe
  C:\Windows\System\ODaQZfG.exe
  2⤵
  PID:5524
- C:\Windows\System\JGgubHD.exe
  C:\Windows\System\JGgubHD.exe
  2⤵
  PID:5484
- C:\Windows\System\mVLVthK.exe
  C:\Windows\System\mVLVthK.exe
  2⤵
  PID:6120
- C:\Windows\System\yizAQWE.exe
  C:\Windows\System\yizAQWE.exe
  2⤵
  PID:5828
- C:\Windows\System\fTujuGO.exe
  C:\Windows\System\fTujuGO.exe
  2⤵
  PID:5928
- C:\Windows\System\HnWCDKT.exe
  C:\Windows\System\HnWCDKT.exe
  2⤵
  PID:5992
- C:\Windows\System\ZrBQxKu.exe
  C:\Windows\System\ZrBQxKu.exe
  2⤵
  PID:6056
- C:\Windows\System\xLsejBe.exe
  C:\Windows\System\xLsejBe.exe
  2⤵
  PID:6004
- C:\Windows\System\LJkbAbz.exe
  C:\Windows\System\LJkbAbz.exe
  2⤵
  PID:5768
- C:\Windows\System\tsZCZrI.exe
  C:\Windows\System\tsZCZrI.exe
  2⤵
  PID:6140
- C:\Windows\System\bNyukCn.exe
  C:\Windows\System\bNyukCn.exe
  2⤵
  PID:5072
- C:\Windows\System\HrNbauw.exe
  C:\Windows\System\HrNbauw.exe
  2⤵
  PID:4344
- C:\Windows\System\aqoAZjr.exe
  C:\Windows\System\aqoAZjr.exe
  2⤵
  PID:5692
- C:\Windows\System\kIVCaGX.exe
  C:\Windows\System\kIVCaGX.exe
  2⤵
  PID:6100
- C:\Windows\System\urjVKzF.exe
  C:\Windows\System\urjVKzF.exe
  2⤵
  PID:6040
- C:\Windows\System\QgdSUCf.exe
  C:\Windows\System\QgdSUCf.exe
  2⤵
  PID:5972
- C:\Windows\System\GNILOID.exe
  C:\Windows\System\GNILOID.exe
  2⤵
  PID:5148
- C:\Windows\System\fxLHgXn.exe
  C:\Windows\System\fxLHgXn.exe
  2⤵
  PID:5000
- C:\Windows\System\ejoDeni.exe
  C:\Windows\System\ejoDeni.exe
  2⤵
  PID:5944
- C:\Windows\System\cvlZxaF.exe
  C:\Windows\System\cvlZxaF.exe
  2⤵
  PID:5880
- C:\Windows\System\TywsIGk.exe
  C:\Windows\System\TywsIGk.exe
  2⤵
  PID:5808
- C:\Windows\System\InDogCo.exe
  C:\Windows\System\InDogCo.exe
  2⤵
  PID:5732
- C:\Windows\System\CymxqZy.exe
  C:\Windows\System\CymxqZy.exe
  2⤵
  PID:4140
- C:\Windows\System\WVHGIqA.exe
  C:\Windows\System\WVHGIqA.exe
  2⤵
  PID:5300
- C:\Windows\System\DJPzdQO.exe
  C:\Windows\System\DJPzdQO.exe
  2⤵
  PID:5416
- C:\Windows\System\EHkSgqy.exe
  C:\Windows\System\EHkSgqy.exe
  2⤵
  PID:6084
- C:\Windows\System\auQJxDV.exe
  C:\Windows\System\auQJxDV.exe
  2⤵
  PID:5608
- C:\Windows\System\xhmIpLe.exe
  C:\Windows\System\xhmIpLe.exe
  2⤵
  PID:5708
- C:\Windows\System\AELDxip.exe
  C:\Windows\System\AELDxip.exe
  2⤵
  PID:5596
- C:\Windows\System\QCWuWaH.exe
  C:\Windows\System\QCWuWaH.exe
  2⤵
  PID:5384
- C:\Windows\System\BrpvsnV.exe
  C:\Windows\System\BrpvsnV.exe
  2⤵
  PID:5288
- C:\Windows\System\znQJUQE.exe
  C:\Windows\System\znQJUQE.exe
  2⤵
  PID:4724
- C:\Windows\System\FtebljT.exe
  C:\Windows\System\FtebljT.exe
  2⤵
  PID:4484
- C:\Windows\System\hNXfvBA.exe
  C:\Windows\System\hNXfvBA.exe
  2⤵
  PID:5824
- C:\Windows\System\hxQCrBe.exe
  C:\Windows\System\hxQCrBe.exe
  2⤵
  PID:6124
- C:\Windows\System\fKHJZbB.exe
  C:\Windows\System\fKHJZbB.exe
  2⤵
  PID:5664
- C:\Windows\System\kXGGwpT.exe
  C:\Windows\System\kXGGwpT.exe
  2⤵
  PID:4284
- C:\Windows\System\UsGxuZA.exe
  C:\Windows\System\UsGxuZA.exe
  2⤵
  PID:5844
- C:\Windows\System\vbvTrcm.exe
  C:\Windows\System\vbvTrcm.exe
  2⤵
  PID:6104
- C:\Windows\System\LSgCSUL.exe
  C:\Windows\System\LSgCSUL.exe
  2⤵
  PID:5136
- C:\Windows\System\DNWoGVM.exe
  C:\Windows\System\DNWoGVM.exe
  2⤵
  PID:5976
- C:\Windows\System\uGcwCAr.exe
  C:\Windows\System\uGcwCAr.exe
  2⤵
  PID:2252
- C:\Windows\System\UIfUaNW.exe
  C:\Windows\System\UIfUaNW.exe
  2⤵
  PID:6052
- C:\Windows\System\XHXxjSB.exe
  C:\Windows\System\XHXxjSB.exe
  2⤵
  PID:6036
- C:\Windows\System\LdvVVqM.exe
  C:\Windows\System\LdvVVqM.exe
  2⤵
  PID:5460
- C:\Windows\System\ekLUdPm.exe
  C:\Windows\System\ekLUdPm.exe
  2⤵
  PID:5492
- C:\Windows\System\uziiLFU.exe
  C:\Windows\System\uziiLFU.exe
  2⤵
  PID:5224
- C:\Windows\System\nxApqtz.exe
  C:\Windows\System\nxApqtz.exe
  2⤵
  PID:5752
- C:\Windows\System\OZpfNLl.exe
  C:\Windows\System\OZpfNLl.exe
  2⤵
  PID:5744
- C:\Windows\System\dDZlvFP.exe
  C:\Windows\System\dDZlvFP.exe
  2⤵
  PID:4920
- C:\Windows\System\JljKdSE.exe
  C:\Windows\System\JljKdSE.exe
  2⤵
  PID:4672
- C:\Windows\System\faouWmk.exe
  C:\Windows\System\faouWmk.exe
  2⤵
  PID:5912
- C:\Windows\System\yQdZbTS.exe
  C:\Windows\System\yQdZbTS.exe
  2⤵
  PID:5724
- C:\Windows\System\RdGGaJh.exe
  C:\Windows\System\RdGGaJh.exe
  2⤵
  PID:5644
- C:\Windows\System\YJWhwLL.exe
  C:\Windows\System\YJWhwLL.exe
  2⤵
  PID:5616
- C:\Windows\System\PIJGsqH.exe
  C:\Windows\System\PIJGsqH.exe
  2⤵
  PID:5764
- C:\Windows\System\khOoSFZ.exe
  C:\Windows\System\khOoSFZ.exe
  2⤵
  PID:5368
- C:\Windows\System\WBcbEtL.exe
  C:\Windows\System\WBcbEtL.exe
  2⤵
  PID:5192
- C:\Windows\System\qtWzoSW.exe
  C:\Windows\System\qtWzoSW.exe
  2⤵
  PID:5896
- C:\Windows\System\hnFLtbs.exe
  C:\Windows\System\hnFLtbs.exe
  2⤵
  PID:5988
- C:\Windows\System\VJRSANm.exe
  C:\Windows\System\VJRSANm.exe
  2⤵
  PID:5712
- C:\Windows\System\hckdCmX.exe
  C:\Windows\System\hckdCmX.exe
  2⤵
  PID:4112
- C:\Windows\System\PhzgRkL.exe
  C:\Windows\System\PhzgRkL.exe
  2⤵
  PID:6068
- C:\Windows\System\SaZTgue.exe
  C:\Windows\System\SaZTgue.exe
  2⤵
  PID:4828
- C:\Windows\System\zNABwPY.exe
  C:\Windows\System\zNABwPY.exe
  2⤵
  PID:5504
- C:\Windows\System\QxWBVDp.exe
  C:\Windows\System\QxWBVDp.exe
  2⤵
  PID:6160
- C:\Windows\System\qfwWvSt.exe
  C:\Windows\System\qfwWvSt.exe
  2⤵
  PID:6176
- C:\Windows\System\RsJrvGU.exe
  C:\Windows\System\RsJrvGU.exe
  2⤵
  PID:6196
- C:\Windows\System\qbswcEU.exe
  C:\Windows\System\qbswcEU.exe
  2⤵
  PID:6212
- C:\Windows\System\aobbnxk.exe
  C:\Windows\System\aobbnxk.exe
  2⤵
  PID:6228
- C:\Windows\System\dnQfjtQ.exe
  C:\Windows\System\dnQfjtQ.exe
  2⤵
  PID:6244
- C:\Windows\System\QJInEhE.exe
  C:\Windows\System\QJInEhE.exe
  2⤵
  PID:6260
- C:\Windows\System\LrjVrpO.exe
  C:\Windows\System\LrjVrpO.exe
  2⤵
  PID:6276
- C:\Windows\System\RoSGVJV.exe
  C:\Windows\System\RoSGVJV.exe
  2⤵
  PID:6296
- C:\Windows\System\FtBpyoL.exe
  C:\Windows\System\FtBpyoL.exe
  2⤵
  PID:6316
- C:\Windows\System\ggBFerd.exe
  C:\Windows\System\ggBFerd.exe
  2⤵
  PID:6336
- C:\Windows\System\pNqLxVx.exe
  C:\Windows\System\pNqLxVx.exe
  2⤵
  PID:6352
- C:\Windows\System\wOlfhIP.exe
  C:\Windows\System\wOlfhIP.exe
  2⤵
  PID:6372
- C:\Windows\System\gJOaLBE.exe
  C:\Windows\System\gJOaLBE.exe
  2⤵
  PID:6432
- C:\Windows\System\anoiloo.exe
  C:\Windows\System\anoiloo.exe
  2⤵
  PID:6460
- C:\Windows\System\KEXqURJ.exe
  C:\Windows\System\KEXqURJ.exe
  2⤵
  PID:6480
- C:\Windows\System\DpsDbuZ.exe
  C:\Windows\System\DpsDbuZ.exe
  2⤵
  PID:6500
- C:\Windows\System\jPTuJkL.exe
  C:\Windows\System\jPTuJkL.exe
  2⤵
  PID:6520
- C:\Windows\System\VubGuqY.exe
  C:\Windows\System\VubGuqY.exe
  2⤵
  PID:6540
- C:\Windows\System\JeCydzn.exe
  C:\Windows\System\JeCydzn.exe
  2⤵
  PID:6560
- C:\Windows\System\CUJnvZa.exe
  C:\Windows\System\CUJnvZa.exe
  2⤵
  PID:6576
- C:\Windows\System\tkdKoAU.exe
  C:\Windows\System\tkdKoAU.exe
  2⤵
  PID:6592
- C:\Windows\System\JkoMsOA.exe
  C:\Windows\System\JkoMsOA.exe
  2⤵
  PID:6612
- C:\Windows\System\yaUtspv.exe
  C:\Windows\System\yaUtspv.exe
  2⤵
  PID:6628
- C:\Windows\System\XJJaUuh.exe
  C:\Windows\System\XJJaUuh.exe
  2⤵
  PID:6644
- C:\Windows\System\QYMBvgH.exe
  C:\Windows\System\QYMBvgH.exe
  2⤵
  PID:6664
- C:\Windows\System\ZFKJdNo.exe
  C:\Windows\System\ZFKJdNo.exe
  2⤵
  PID:6684
- C:\Windows\System\fwpTIEl.exe
  C:\Windows\System\fwpTIEl.exe
  2⤵
  PID:6704
- C:\Windows\System\kcdYRXD.exe
  C:\Windows\System\kcdYRXD.exe
  2⤵
  PID:6724
- C:\Windows\System\NvcOIBT.exe
  C:\Windows\System\NvcOIBT.exe
  2⤵
  PID:6740
- C:\Windows\System\CsxDWSk.exe
  C:\Windows\System\CsxDWSk.exe
  2⤵
  PID:6756
- C:\Windows\System\atjIFLc.exe
  C:\Windows\System\atjIFLc.exe
  2⤵
  PID:6772
- C:\Windows\System\JPEtaVS.exe
  C:\Windows\System\JPEtaVS.exe
  2⤵
  PID:6788
- C:\Windows\System\NgHSRxf.exe
  C:\Windows\System\NgHSRxf.exe
  2⤵
  PID:6840
- C:\Windows\System\PZRNjFW.exe
  C:\Windows\System\PZRNjFW.exe
  2⤵
  PID:6860
- C:\Windows\System\rNelyqh.exe
  C:\Windows\System\rNelyqh.exe
  2⤵
  PID:6884
- C:\Windows\System\QhXzkqW.exe
  C:\Windows\System\QhXzkqW.exe
  2⤵
  PID:6900
- C:\Windows\System\zeRCizA.exe
  C:\Windows\System\zeRCizA.exe
  2⤵
  PID:6916
- C:\Windows\System\wxAgUxa.exe
  C:\Windows\System\wxAgUxa.exe
  2⤵
  PID:6932
- C:\Windows\System\NkyEktN.exe
  C:\Windows\System\NkyEktN.exe
  2⤵
  PID:6948
- C:\Windows\System\ImVZVwy.exe
  C:\Windows\System\ImVZVwy.exe
  2⤵
  PID:6964
- C:\Windows\System\LNJjOXQ.exe
  C:\Windows\System\LNJjOXQ.exe
  2⤵
  PID:6980
- C:\Windows\System\IjteYre.exe
  C:\Windows\System\IjteYre.exe
  2⤵
  PID:6996
- C:\Windows\System\PAYsXCb.exe
  C:\Windows\System\PAYsXCb.exe
  2⤵
  PID:7016
- C:\Windows\System\SRckBgB.exe
  C:\Windows\System\SRckBgB.exe
  2⤵
  PID:7036
- C:\Windows\System\qmmRMWV.exe
  C:\Windows\System\qmmRMWV.exe
  2⤵
  PID:7056
- C:\Windows\System\AtFPwCP.exe
  C:\Windows\System\AtFPwCP.exe
  2⤵
  PID:7076
- C:\Windows\System\yUKCIkD.exe
  C:\Windows\System\yUKCIkD.exe
  2⤵
  PID:7092
- C:\Windows\System\mKQQzoI.exe
  C:\Windows\System\mKQQzoI.exe
  2⤵
  PID:7108
- C:\Windows\System\yCoAFDf.exe
  C:\Windows\System\yCoAFDf.exe
  2⤵
  PID:7124
- C:\Windows\System\ymqcvgF.exe
  C:\Windows\System\ymqcvgF.exe
  2⤵
  PID:7140
- C:\Windows\System\Qiwlsnk.exe
  C:\Windows\System\Qiwlsnk.exe
  2⤵
  PID:7160
- C:\Windows\System\NzgNUAM.exe
  C:\Windows\System\NzgNUAM.exe
  2⤵
  PID:4628
- C:\Windows\System\gSgiGyG.exe
  C:\Windows\System\gSgiGyG.exe
  2⤵
  PID:6152
- C:\Windows\System\EHdturs.exe
  C:\Windows\System\EHdturs.exe
  2⤵
  PID:6192
- C:\Windows\System\twgbtvn.exe
  C:\Windows\System\twgbtvn.exe
  2⤵
  PID:6252
- C:\Windows\System\wBvMAnA.exe
  C:\Windows\System\wBvMAnA.exe
  2⤵
  PID:6292
- C:\Windows\System\RPSrxQp.exe
  C:\Windows\System\RPSrxQp.exe
  2⤵
  PID:6368
- C:\Windows\System\aewreQO.exe
  C:\Windows\System\aewreQO.exe
  2⤵
  PID:6388
- C:\Windows\System\pAcqdIT.exe
  C:\Windows\System\pAcqdIT.exe
  2⤵
  PID:6396
- C:\Windows\System\MMiVpNi.exe
  C:\Windows\System\MMiVpNi.exe
  2⤵
  PID:6444
- C:\Windows\System\dFDxNhL.exe
  C:\Windows\System\dFDxNhL.exe
  2⤵
  PID:6312
- C:\Windows\System\skQnjrd.exe
  C:\Windows\System\skQnjrd.exe
  2⤵
  PID:6456
- C:\Windows\System\MsUtFPp.exe
  C:\Windows\System\MsUtFPp.exe
  2⤵
  PID:6532
- C:\Windows\System\sapjRDv.exe
  C:\Windows\System\sapjRDv.exe
  2⤵
  PID:6600
- C:\Windows\System\mFUcidh.exe
  C:\Windows\System\mFUcidh.exe
  2⤵
  PID:6472
- C:\Windows\System\gHoUlyP.exe
  C:\Windows\System\gHoUlyP.exe
  2⤵
  PID:6676
- C:\Windows\System\pfKemNp.exe
  C:\Windows\System\pfKemNp.exe
  2⤵
  PID:6236
- C:\Windows\System\HwQdCPW.exe
  C:\Windows\System\HwQdCPW.exe
  2⤵
  PID:6304
- C:\Windows\System\qxoILHN.exe
  C:\Windows\System\qxoILHN.exe
  2⤵
  PID:6752
- C:\Windows\System\mcHVUXI.exe
  C:\Windows\System\mcHVUXI.exe
  2⤵
  PID:6652
- C:\Windows\System\WvIKdzd.exe
  C:\Windows\System\WvIKdzd.exe
  2⤵
  PID:6848
- C:\Windows\System\EhENHTi.exe
  C:\Windows\System\EhENHTi.exe
  2⤵
  PID:6588
- C:\Windows\System\aWsUMPm.exe
  C:\Windows\System\aWsUMPm.exe
  2⤵
  PID:6824
- C:\Windows\System\KIaStvC.exe
  C:\Windows\System\KIaStvC.exe
  2⤵
  PID:6732
- C:\Windows\System\rXrCQBV.exe
  C:\Windows\System\rXrCQBV.exe
  2⤵
  PID:6988
- C:\Windows\System\AcpZJMk.exe
  C:\Windows\System\AcpZJMk.exe
  2⤵
  PID:6868
- C:\Windows\System\fuLuQfC.exe
  C:\Windows\System\fuLuQfC.exe
  2⤵
  PID:6808
- C:\Windows\System\udaOCLE.exe
  C:\Windows\System\udaOCLE.exe
  2⤵
  PID:6880
- C:\Windows\System\nObVFKb.exe
  C:\Windows\System\nObVFKb.exe
  2⤵
  PID:6992
- C:\Windows\System\cGtGpNm.exe
  C:\Windows\System\cGtGpNm.exe
  2⤵
  PID:7064
- C:\Windows\System\XrKfJsV.exe
  C:\Windows\System\XrKfJsV.exe
  2⤵
  PID:7136
- C:\Windows\System\SQuNrCr.exe
  C:\Windows\System\SQuNrCr.exe
  2⤵
  PID:5364
- C:\Windows\System\iSIpfqz.exe
  C:\Windows\System\iSIpfqz.exe
  2⤵
  PID:5772
- C:\Windows\System\PGLKLKS.exe
  C:\Windows\System\PGLKLKS.exe
  2⤵
  PID:7116
- C:\Windows\System\hEOPMMj.exe
  C:\Windows\System\hEOPMMj.exe
  2⤵
  PID:7156
- C:\Windows\System\HgRshsS.exe
  C:\Windows\System\HgRshsS.exe
  2⤵
  PID:5332
- C:\Windows\System\iKWSfRv.exe
  C:\Windows\System\iKWSfRv.exe
  2⤵
  PID:7004
- C:\Windows\System\XPpEfCw.exe
  C:\Windows\System\XPpEfCw.exe
  2⤵
  PID:7048
- C:\Windows\System\Aqkuunj.exe
  C:\Windows\System\Aqkuunj.exe
  2⤵
  PID:6364
- C:\Windows\System\aLXZbqS.exe
  C:\Windows\System\aLXZbqS.exe
  2⤵
  PID:6328
- C:\Windows\System\wPsTIMf.exe
  C:\Windows\System\wPsTIMf.exe
  2⤵
  PID:6408
- C:\Windows\System\eXViQCJ.exe
  C:\Windows\System\eXViQCJ.exe
  2⤵
  PID:6452
- C:\Windows\System\iAksDTV.exe
  C:\Windows\System\iAksDTV.exe
  2⤵
  PID:6568
- C:\Windows\System\XkuRZGi.exe
  C:\Windows\System\XkuRZGi.exe
  2⤵
  PID:6528
- C:\Windows\System\UQJwrXd.exe
  C:\Windows\System\UQJwrXd.exe
  2⤵
  PID:6624
- C:\Windows\System\BTizrlM.exe
  C:\Windows\System\BTizrlM.exe
  2⤵
  PID:6696
- C:\Windows\System\IoJGUrW.exe
  C:\Windows\System\IoJGUrW.exe
  2⤵
  PID:6748
- C:\Windows\System\ZSqIYWH.exe
  C:\Windows\System\ZSqIYWH.exe
  2⤵
  PID:6712
- C:\Windows\System\xfpmdxc.exe
  C:\Windows\System\xfpmdxc.exe
  2⤵
  PID:6660
- C:\Windows\System\HNHiyUt.exe
  C:\Windows\System\HNHiyUt.exe
  2⤵
  PID:6820
- C:\Windows\System\gjVrImp.exe
  C:\Windows\System\gjVrImp.exe
  2⤵
  PID:6552
- C:\Windows\System\jPjabYT.exe
  C:\Windows\System\jPjabYT.exe
  2⤵
  PID:7032
- C:\Windows\System\zFTvReJ.exe
  C:\Windows\System\zFTvReJ.exe
  2⤵
  PID:5676
- C:\Windows\System\ClwJfEU.exe
  C:\Windows\System\ClwJfEU.exe
  2⤵
  PID:7088
- C:\Windows\System\VSoEXcT.exe
  C:\Windows\System\VSoEXcT.exe
  2⤵
  PID:6380
- C:\Windows\System\mddjEUW.exe
  C:\Windows\System\mddjEUW.exe
  2⤵
  PID:6604
- C:\Windows\System\WviMlXA.exe
  C:\Windows\System\WviMlXA.exe
  2⤵
  PID:6448
- C:\Windows\System\ZNqUBQp.exe
  C:\Windows\System\ZNqUBQp.exe
  2⤵
  PID:6492
- C:\Windows\System\XbkfvKN.exe
  C:\Windows\System\XbkfvKN.exe
  2⤵
  PID:7072
- C:\Windows\System\cixuCVi.exe
  C:\Windows\System\cixuCVi.exe
  2⤵
  PID:5680
- C:\Windows\System\rIlgqyd.exe
  C:\Windows\System\rIlgqyd.exe
  2⤵
  PID:6972
- C:\Windows\System\DmQzOvV.exe
  C:\Windows\System\DmQzOvV.exe
  2⤵
  PID:6812
- C:\Windows\System\xMEnRFV.exe
  C:\Windows\System\xMEnRFV.exe
  2⤵
  PID:6892
- C:\Windows\System\ZkCpGSq.exe
  C:\Windows\System\ZkCpGSq.exe
  2⤵
  PID:6924
- C:\Windows\System\UEISOZA.exe
  C:\Windows\System\UEISOZA.exe
  2⤵
  PID:6784
- C:\Windows\System\HBqBCKU.exe
  C:\Windows\System\HBqBCKU.exe
  2⤵
  PID:6556
- C:\Windows\System\QdoinSQ.exe
  C:\Windows\System\QdoinSQ.exe
  2⤵
  PID:6956
- C:\Windows\System\HOKdNpy.exe
  C:\Windows\System\HOKdNpy.exe
  2⤵
  PID:6440
- C:\Windows\System\UZDSque.exe
  C:\Windows\System\UZDSque.exe
  2⤵
  PID:6024
- C:\Windows\System\ebnAuBl.exe
  C:\Windows\System\ebnAuBl.exe
  2⤵
  PID:6404
- C:\Windows\System\LBttedS.exe
  C:\Windows\System\LBttedS.exe
  2⤵
  PID:6108
- C:\Windows\System\HHcjBiU.exe
  C:\Windows\System\HHcjBiU.exe
  2⤵
  PID:6804
- C:\Windows\System\cEKTPhJ.exe
  C:\Windows\System\cEKTPhJ.exe
  2⤵
  PID:7148
- C:\Windows\System\tMnilfL.exe
  C:\Windows\System\tMnilfL.exe
  2⤵
  PID:6268
- C:\Windows\System\kIIIfBL.exe
  C:\Windows\System\kIIIfBL.exe
  2⤵
  PID:5488
- C:\Windows\System\kXLYSzm.exe
  C:\Windows\System\kXLYSzm.exe
  2⤵
  PID:6516
- C:\Windows\System\Clewgfe.exe
  C:\Windows\System\Clewgfe.exe
  2⤵
  PID:6488
- C:\Windows\System\glSNUbp.exe
  C:\Windows\System\glSNUbp.exe
  2⤵
  PID:6400
- C:\Windows\System\kSMEZub.exe
  C:\Windows\System\kSMEZub.exe
  2⤵
  PID:6672
- C:\Windows\System\vFuhZaO.exe
  C:\Windows\System\vFuhZaO.exe
  2⤵
  PID:7172
- C:\Windows\System\WTbSRbv.exe
  C:\Windows\System\WTbSRbv.exe
  2⤵
  PID:7188
- C:\Windows\System\rNBBnun.exe
  C:\Windows\System\rNBBnun.exe
  2⤵
  PID:7212
- C:\Windows\System\nYChWCq.exe
  C:\Windows\System\nYChWCq.exe
  2⤵
  PID:7228
- C:\Windows\System\DeboKkW.exe
  C:\Windows\System\DeboKkW.exe
  2⤵
  PID:7248
- C:\Windows\System\zVDqZWT.exe
  C:\Windows\System\zVDqZWT.exe
  2⤵
  PID:7268
- C:\Windows\System\QxPDgVe.exe
  C:\Windows\System\QxPDgVe.exe
  2⤵
  PID:7284
- C:\Windows\System\lHChDxy.exe
  C:\Windows\System\lHChDxy.exe
  2⤵
  PID:7304
- C:\Windows\System\VVEGyAq.exe
  C:\Windows\System\VVEGyAq.exe
  2⤵
  PID:7324
- C:\Windows\System\zykmVsn.exe
  C:\Windows\System\zykmVsn.exe
  2⤵
  PID:7344
- C:\Windows\System\KvkxCTr.exe
  C:\Windows\System\KvkxCTr.exe
  2⤵
  PID:7364
- C:\Windows\System\qQuWXyM.exe
  C:\Windows\System\qQuWXyM.exe
  2⤵
  PID:7380
- C:\Windows\System\CQlzhNB.exe
  C:\Windows\System\CQlzhNB.exe
  2⤵
  PID:7400
- C:\Windows\System\UyxfQDx.exe
  C:\Windows\System\UyxfQDx.exe
  2⤵
  PID:7420
- C:\Windows\System\OmJIdMS.exe
  C:\Windows\System\OmJIdMS.exe
  2⤵
  PID:7440
- C:\Windows\System\KSjMWGJ.exe
  C:\Windows\System\KSjMWGJ.exe
  2⤵
  PID:7464
- C:\Windows\System\oXSQJmS.exe
  C:\Windows\System\oXSQJmS.exe
  2⤵
  PID:7488
- C:\Windows\System\KetQxLl.exe
  C:\Windows\System\KetQxLl.exe
  2⤵
  PID:7544
- C:\Windows\System\ucQLcVv.exe
  C:\Windows\System\ucQLcVv.exe
  2⤵
  PID:7560
- C:\Windows\System\djZjyAd.exe
  C:\Windows\System\djZjyAd.exe
  2⤵
  PID:7576
- C:\Windows\System\THFgHcB.exe
  C:\Windows\System\THFgHcB.exe
  2⤵
  PID:7620
- C:\Windows\System\OYOaACT.exe
  C:\Windows\System\OYOaACT.exe
  2⤵
  PID:7636
- C:\Windows\System\fGeWJuG.exe
  C:\Windows\System\fGeWJuG.exe
  2⤵
  PID:7652
- C:\Windows\System\jcXYRNV.exe
  C:\Windows\System\jcXYRNV.exe
  2⤵
  PID:7668
- C:\Windows\System\EamQMAP.exe
  C:\Windows\System\EamQMAP.exe
  2⤵
  PID:7696
- C:\Windows\System\oLudYGG.exe
  C:\Windows\System\oLudYGG.exe
  2⤵
  PID:7712
- C:\Windows\System\ChIBEjZ.exe
  C:\Windows\System\ChIBEjZ.exe
  2⤵
  PID:7728
- C:\Windows\System\LIWxxSj.exe
  C:\Windows\System\LIWxxSj.exe
  2⤵
  PID:7744
- C:\Windows\System\zJudFFe.exe
  C:\Windows\System\zJudFFe.exe
  2⤵
  PID:7764
- C:\Windows\System\usdmgHm.exe
  C:\Windows\System\usdmgHm.exe
  2⤵
  PID:7780
- C:\Windows\System\mBSIDFa.exe
  C:\Windows\System\mBSIDFa.exe
  2⤵
  PID:7796
- C:\Windows\System\RIrUMrH.exe
  C:\Windows\System\RIrUMrH.exe
  2⤵
  PID:7812
- C:\Windows\System\HJobgcr.exe
  C:\Windows\System\HJobgcr.exe
  2⤵
  PID:7832
- C:\Windows\System\tBpUwXZ.exe
  C:\Windows\System\tBpUwXZ.exe
  2⤵
  PID:7852
- C:\Windows\System\kWACxNK.exe
  C:\Windows\System\kWACxNK.exe
  2⤵
  PID:7868
- C:\Windows\System\CGqjopK.exe
  C:\Windows\System\CGqjopK.exe
  2⤵
  PID:7888
- C:\Windows\System\RVCeTGB.exe
  C:\Windows\System\RVCeTGB.exe
  2⤵
  PID:7904
- C:\Windows\System\eICFhqR.exe
  C:\Windows\System\eICFhqR.exe
  2⤵
  PID:7924
- C:\Windows\System\ElAFDwr.exe
  C:\Windows\System\ElAFDwr.exe
  2⤵
  PID:7940
- C:\Windows\System\ibiNhHg.exe
  C:\Windows\System\ibiNhHg.exe
  2⤵
  PID:7996
- C:\Windows\System\VerTvkn.exe
  C:\Windows\System\VerTvkn.exe
  2⤵
  PID:8016
- C:\Windows\System\TGjBHPf.exe
  C:\Windows\System\TGjBHPf.exe
  2⤵
  PID:8036
- C:\Windows\System\mZneKdP.exe
  C:\Windows\System\mZneKdP.exe
  2⤵
  PID:8056
- C:\Windows\System\knEkGvk.exe
  C:\Windows\System\knEkGvk.exe
  2⤵
  PID:8076
- C:\Windows\System\HjVispG.exe
  C:\Windows\System\HjVispG.exe
  2⤵
  PID:8096
- C:\Windows\System\ZPOqDnb.exe
  C:\Windows\System\ZPOqDnb.exe
  2⤵
  PID:8112
- C:\Windows\System\hRfckfh.exe
  C:\Windows\System\hRfckfh.exe
  2⤵
  PID:8132
- C:\Windows\System\bGsDOiM.exe
  C:\Windows\System\bGsDOiM.exe
  2⤵
  PID:8152
- C:\Windows\System\JMfxMUC.exe
  C:\Windows\System\JMfxMUC.exe
  2⤵
  PID:8168
- C:\Windows\System\cirUAlp.exe
  C:\Windows\System\cirUAlp.exe
  2⤵
  PID:8184
- C:\Windows\System\UiLehWP.exe
  C:\Windows\System\UiLehWP.exe
  2⤵
  PID:5556
- C:\Windows\System\JOddvSe.exe
  C:\Windows\System\JOddvSe.exe
  2⤵
  PID:7208
- C:\Windows\System\AGdFZCm.exe
  C:\Windows\System\AGdFZCm.exe
  2⤵
  PID:7320
- C:\Windows\System\yoDffoT.exe
  C:\Windows\System\yoDffoT.exe
  2⤵
  PID:7428
- C:\Windows\System\kXpnrXt.exe
  C:\Windows\System\kXpnrXt.exe
  2⤵
  PID:7256
- C:\Windows\System\zvQrUfF.exe
  C:\Windows\System\zvQrUfF.exe
  2⤵
  PID:7044
- C:\Windows\System\tuOuTwZ.exe
  C:\Windows\System\tuOuTwZ.exe
  2⤵
  PID:4476
- C:\Windows\System\hMXdeYt.exe
  C:\Windows\System\hMXdeYt.exe
  2⤵
  PID:7224
- C:\Windows\System\xpkAdzh.exe
  C:\Windows\System\xpkAdzh.exe
  2⤵
  PID:7476
- C:\Windows\System\fhPzgaq.exe
  C:\Windows\System\fhPzgaq.exe
  2⤵
  PID:7340
- C:\Windows\System\vulmqsc.exe
  C:\Windows\System\vulmqsc.exe
  2⤵
  PID:7416
- C:\Windows\System\dtNrHbC.exe
  C:\Windows\System\dtNrHbC.exe
  2⤵
  PID:7552
- C:\Windows\System\BOpxZMm.exe
  C:\Windows\System\BOpxZMm.exe
  2⤵
  PID:7596
- C:\Windows\System\MgIQpCO.exe
  C:\Windows\System\MgIQpCO.exe
  2⤵
  PID:6608
- C:\Windows\System\XVddkiY.exe
  C:\Windows\System\XVddkiY.exe
  2⤵
  PID:7460
- C:\Windows\System\mrcuhsm.exe
  C:\Windows\System\mrcuhsm.exe
  2⤵
  PID:7512
- C:\Windows\System\qWJtkEQ.exe
  C:\Windows\System\qWJtkEQ.exe
  2⤵
  PID:7496
- C:\Windows\System\hWudrBL.exe
  C:\Windows\System\hWudrBL.exe
  2⤵
  PID:7608
- C:\Windows\System\ORhIYSN.exe
  C:\Windows\System\ORhIYSN.exe
  2⤵
  PID:7676
- C:\Windows\System\MOTmUsE.exe
  C:\Windows\System\MOTmUsE.exe
  2⤵
  PID:7688
- C:\Windows\System\peUMHvG.exe
  C:\Windows\System\peUMHvG.exe
  2⤵
  PID:7752
- C:\Windows\System\YRIXHhU.exe
  C:\Windows\System\YRIXHhU.exe
  2⤵
  PID:7792
- C:\Windows\System\AQZuCpq.exe
  C:\Windows\System\AQZuCpq.exe
  2⤵
  PID:7708
- C:\Windows\System\OJtsVVv.exe
  C:\Windows\System\OJtsVVv.exe
  2⤵
  PID:7740
- C:\Windows\System\epKBrnI.exe
  C:\Windows\System\epKBrnI.exe
  2⤵
  PID:7968
- C:\Windows\System\FIyJIhF.exe
  C:\Windows\System\FIyJIhF.exe
  2⤵
  PID:7916
- C:\Windows\System\ErreQNM.exe
  C:\Windows\System\ErreQNM.exe
  2⤵
  PID:7844
- C:\Windows\System\WEkpaNa.exe
  C:\Windows\System\WEkpaNa.exe
  2⤵
  PID:7912
- C:\Windows\System\AcqlcQm.exe
  C:\Windows\System\AcqlcQm.exe
  2⤵
  PID:7956
- C:\Windows\System\rSdXvKP.exe
  C:\Windows\System\rSdXvKP.exe
  2⤵
  PID:8008
- C:\Windows\System\GIFVbio.exe
  C:\Windows\System\GIFVbio.exe
  2⤵
  PID:8064
- C:\Windows\System\tHqJbuF.exe
  C:\Windows\System\tHqJbuF.exe
  2⤵
  PID:8088
- C:\Windows\System\ZhxlBmj.exe
  C:\Windows\System\ZhxlBmj.exe
  2⤵
  PID:8128
- C:\Windows\System\yLxlHIG.exe
  C:\Windows\System\yLxlHIG.exe
  2⤵
  PID:8164
- C:\Windows\System\CDQVdFd.exe
  C:\Windows\System\CDQVdFd.exe
  2⤵
  PID:7280
- C:\Windows\System\AITZryP.exe
  C:\Windows\System\AITZryP.exe
  2⤵
  PID:7196
- C:\Windows\System\JjcLZaI.exe
  C:\Windows\System\JjcLZaI.exe
  2⤵
  PID:7396
- C:\Windows\System\BuqnJwo.exe
  C:\Windows\System\BuqnJwo.exe
  2⤵
  PID:7220
- C:\Windows\System\ScDHgSE.exe
  C:\Windows\System\ScDHgSE.exe
  2⤵
  PID:6960
- C:\Windows\System\bbjUNzr.exe
  C:\Windows\System\bbjUNzr.exe
  2⤵
  PID:7184
- C:\Windows\System\yISewGO.exe
  C:\Windows\System\yISewGO.exe
  2⤵
  PID:7408
- C:\Windows\System\JSuatBs.exe
  C:\Windows\System\JSuatBs.exe
  2⤵
  PID:7332
- C:\Windows\System\meOqlhX.exe
  C:\Windows\System\meOqlhX.exe
  2⤵
  PID:7588
- C:\Windows\System\JrDosIK.exe
  C:\Windows\System\JrDosIK.exe
  2⤵
  PID:7532
- C:\Windows\System\zhLICun.exe
  C:\Windows\System\zhLICun.exe
  2⤵
  PID:7632
- C:\Windows\System\tokPMCp.exe
  C:\Windows\System\tokPMCp.exe
  2⤵
  PID:7604
- C:\Windows\System\hiwcynL.exe
  C:\Windows\System\hiwcynL.exe
  2⤵
  PID:7724
- C:\Windows\System\oAbIoHj.exe
  C:\Windows\System\oAbIoHj.exe
  2⤵
  PID:7704
- C:\Windows\System\EbzTonN.exe
  C:\Windows\System\EbzTonN.exe
  2⤵
  PID:7840
- C:\Windows\System\smcnjQm.exe
  C:\Windows\System\smcnjQm.exe
  2⤵
  PID:7680
- C:\Windows\System\KclSAth.exe
  C:\Windows\System\KclSAth.exe
  2⤵
  PID:7684
- C:\Windows\System\tuXCnbM.exe
  C:\Windows\System\tuXCnbM.exe
  2⤵
  PID:8044
- C:\Windows\System\kwSzdwM.exe
  C:\Windows\System\kwSzdwM.exe
  2⤵
  PID:8124
- C:\Windows\System\OAEDfwP.exe
  C:\Windows\System\OAEDfwP.exe
  2⤵
  PID:7240
- C:\Windows\System\gkemkhm.exe
  C:\Windows\System\gkemkhm.exe
  2⤵
  PID:8144
- C:\Windows\System\kNnbfdj.exe
  C:\Windows\System\kNnbfdj.exe
  2⤵
  PID:7276
- C:\Windows\System\aiPhchW.exe
  C:\Windows\System\aiPhchW.exe
  2⤵
  PID:7376
- C:\Windows\System\WEBoCcH.exe
  C:\Windows\System\WEBoCcH.exe
  2⤵
  PID:7616
- C:\Windows\System\sEVLvkz.exe
  C:\Windows\System\sEVLvkz.exe
  2⤵
  PID:7880
- C:\Windows\System\LkMryEQ.exe
  C:\Windows\System\LkMryEQ.exe
  2⤵
  PID:760
- C:\Windows\System\MafxAaN.exe
  C:\Windows\System\MafxAaN.exe
  2⤵
  PID:7776
- C:\Windows\System\bATsMNM.exe
  C:\Windows\System\bATsMNM.exe
  2⤵
  PID:7524
- C:\Windows\System\ObKsRWG.exe
  C:\Windows\System\ObKsRWG.exe
  2⤵
  PID:7788
- C:\Windows\System\pIOYTzH.exe
  C:\Windows\System\pIOYTzH.exe
  2⤵
  PID:7316
- C:\Windows\System\AovMExb.exe
  C:\Windows\System\AovMExb.exe
  2⤵
  PID:8120
- C:\Windows\System\aKsviKr.exe
  C:\Windows\System\aKsviKr.exe
  2⤵
  PID:8160
- C:\Windows\System\dyFHCFP.exe
  C:\Windows\System\dyFHCFP.exe
  2⤵
  PID:7388
- C:\Windows\System\ulVciXB.exe
  C:\Windows\System\ulVciXB.exe
  2⤵
  PID:7244
- C:\Windows\System\otQhmOw.exe
  C:\Windows\System\otQhmOw.exe
  2⤵
  PID:7204
- C:\Windows\System\KejbKYF.exe
  C:\Windows\System\KejbKYF.exe
  2⤵
  PID:7980
- C:\Windows\System\rOavgSJ.exe
  C:\Windows\System\rOavgSJ.exe
  2⤵
  PID:6348
- C:\Windows\System\tkZEKiH.exe
  C:\Windows\System\tkZEKiH.exe
  2⤵
  PID:7336
- C:\Windows\System\gykXael.exe
  C:\Windows\System\gykXael.exe
  2⤵
  PID:7360
- C:\Windows\System\IcDBoDd.exe
  C:\Windows\System\IcDBoDd.exe
  2⤵
  PID:7520
- C:\Windows\System\pxehSck.exe
  C:\Windows\System\pxehSck.exe
  2⤵
  PID:7484
- C:\Windows\System\geRMMcK.exe
  C:\Windows\System\geRMMcK.exe
  2⤵
  PID:8032
- C:\Windows\System\XmdEVsz.exe
  C:\Windows\System\XmdEVsz.exe
  2⤵
  PID:7992
- C:\Windows\System\LSjGWfT.exe
  C:\Windows\System\LSjGWfT.exe
  2⤵
  PID:7984
- C:\Windows\System\EXhEtiO.exe
  C:\Windows\System\EXhEtiO.exe
  2⤵
  PID:6188
- C:\Windows\System\oDNcBvf.exe
  C:\Windows\System\oDNcBvf.exe
  2⤵
  PID:7972
- C:\Windows\System\jTkfZPA.exe
  C:\Windows\System\jTkfZPA.exe
  2⤵
  PID:8108
- C:\Windows\System\XmUknEP.exe
  C:\Windows\System\XmUknEP.exe
  2⤵
  PID:7600
- C:\Windows\System\ALsRibu.exe
  C:\Windows\System\ALsRibu.exe
  2⤵
  PID:8180
- C:\Windows\System\xdkxOTy.exe
  C:\Windows\System\xdkxOTy.exe
  2⤵
  PID:7296
- C:\Windows\System\TiTAJZy.exe
  C:\Windows\System\TiTAJZy.exe
  2⤵
  PID:8052
- C:\Windows\System\AeVWIjs.exe
  C:\Windows\System\AeVWIjs.exe
  2⤵
  PID:8208
- C:\Windows\System\HezJZyy.exe
  C:\Windows\System\HezJZyy.exe
  2⤵
  PID:8244
- C:\Windows\System\EkRCrnw.exe
  C:\Windows\System\EkRCrnw.exe
  2⤵
  PID:8260
- C:\Windows\System\SoNXZKa.exe
  C:\Windows\System\SoNXZKa.exe
  2⤵
  PID:8276
- C:\Windows\System\GTYikci.exe
  C:\Windows\System\GTYikci.exe
  2⤵
  PID:8292
- C:\Windows\System\QmkqnLA.exe
  C:\Windows\System\QmkqnLA.exe
  2⤵
  PID:8308
- C:\Windows\System\IMlhHSv.exe
  C:\Windows\System\IMlhHSv.exe
  2⤵
  PID:8332
- C:\Windows\System\rERVmDe.exe
  C:\Windows\System\rERVmDe.exe
  2⤵
  PID:8360
- C:\Windows\System\zPubFAX.exe
  C:\Windows\System\zPubFAX.exe
  2⤵
  PID:8376
- C:\Windows\System\lgESnCC.exe
  C:\Windows\System\lgESnCC.exe
  2⤵
  PID:8392
- C:\Windows\System\CDOHfUP.exe
  C:\Windows\System\CDOHfUP.exe
  2⤵
  PID:8408
- C:\Windows\System\ejGMLBX.exe
  C:\Windows\System\ejGMLBX.exe
  2⤵
  PID:8424
- C:\Windows\System\MiLXPEP.exe
  C:\Windows\System\MiLXPEP.exe
  2⤵
  PID:8448
- C:\Windows\System\sKogIVM.exe
  C:\Windows\System\sKogIVM.exe
  2⤵
  PID:8484
- C:\Windows\System\ZeOQCzu.exe
  C:\Windows\System\ZeOQCzu.exe
  2⤵
  PID:8500
- C:\Windows\System\SGwjAOu.exe
  C:\Windows\System\SGwjAOu.exe
  2⤵
  PID:8516
- C:\Windows\System\CBAPKeZ.exe
  C:\Windows\System\CBAPKeZ.exe
  2⤵
  PID:8532
- C:\Windows\System\lclIywJ.exe
  C:\Windows\System\lclIywJ.exe
  2⤵
  PID:8552
- C:\Windows\System\gHYEXBN.exe
  C:\Windows\System\gHYEXBN.exe
  2⤵
  PID:8572
- C:\Windows\System\LbFINDk.exe
  C:\Windows\System\LbFINDk.exe
  2⤵
  PID:8588
- C:\Windows\System\XGzRAol.exe
  C:\Windows\System\XGzRAol.exe
  2⤵
  PID:8604
- C:\Windows\System\LfeYpgx.exe
  C:\Windows\System\LfeYpgx.exe
  2⤵
  PID:8628
- C:\Windows\System\hzzdusG.exe
  C:\Windows\System\hzzdusG.exe
  2⤵
  PID:8652
- C:\Windows\System\lMXzXrs.exe
  C:\Windows\System\lMXzXrs.exe
  2⤵
  PID:8672
- C:\Windows\System\jMpkdWV.exe
  C:\Windows\System\jMpkdWV.exe
  2⤵
  PID:8700
- C:\Windows\System\EBxdDtX.exe
  C:\Windows\System\EBxdDtX.exe
  2⤵
  PID:8724
- C:\Windows\System\CiCIJBD.exe
  C:\Windows\System\CiCIJBD.exe
  2⤵
  PID:8740
- C:\Windows\System\rIPBcsd.exe
  C:\Windows\System\rIPBcsd.exe
  2⤵
  PID:8756
- C:\Windows\System\TWxqwfW.exe
  C:\Windows\System\TWxqwfW.exe
  2⤵
  PID:8772
- C:\Windows\System\tjHUxfL.exe
  C:\Windows\System\tjHUxfL.exe
  2⤵
  PID:8796
- C:\Windows\System\tOaCIwE.exe
  C:\Windows\System\tOaCIwE.exe
  2⤵
  PID:8816
- C:\Windows\System\nhmdHJu.exe
  C:\Windows\System\nhmdHJu.exe
  2⤵
  PID:8832
- C:\Windows\System\UOFDWDP.exe
  C:\Windows\System\UOFDWDP.exe
  2⤵
  PID:8852
- C:\Windows\System\cVbxomq.exe
  C:\Windows\System\cVbxomq.exe
  2⤵
  PID:8872
- C:\Windows\System\GwrOzNJ.exe
  C:\Windows\System\GwrOzNJ.exe
  2⤵
  PID:8892
- C:\Windows\System\lbLdSjf.exe
  C:\Windows\System\lbLdSjf.exe
  2⤵
  PID:8912
- C:\Windows\System\ZYkvSVy.exe
  C:\Windows\System\ZYkvSVy.exe
  2⤵
  PID:8928
- C:\Windows\System\kFdBjaH.exe
  C:\Windows\System\kFdBjaH.exe
  2⤵
  PID:8948
- C:\Windows\System\ZYwnUaF.exe
  C:\Windows\System\ZYwnUaF.exe
  2⤵
  PID:8972
- C:\Windows\System\fZcpHSl.exe
  C:\Windows\System\fZcpHSl.exe
  2⤵
  PID:9008
- C:\Windows\System\GWiPiuy.exe
  C:\Windows\System\GWiPiuy.exe
  2⤵
  PID:9028
- C:\Windows\System\TLnjBgu.exe
  C:\Windows\System\TLnjBgu.exe
  2⤵
  PID:9048
- C:\Windows\System\SHEoHcA.exe
  C:\Windows\System\SHEoHcA.exe
  2⤵
  PID:9064
- C:\Windows\System\CGAgMZo.exe
  C:\Windows\System\CGAgMZo.exe
  2⤵
  PID:9080
- C:\Windows\System\cHVZHmo.exe
  C:\Windows\System\cHVZHmo.exe
  2⤵
  PID:9104
- C:\Windows\System\DlEHbyL.exe
  C:\Windows\System\DlEHbyL.exe
  2⤵
  PID:9120
- C:\Windows\System\mAFgnWq.exe
  C:\Windows\System\mAFgnWq.exe
  2⤵
  PID:9140
- C:\Windows\System\gSJjcIY.exe
  C:\Windows\System\gSJjcIY.exe
  2⤵
  PID:9156
- C:\Windows\System\IklUJay.exe
  C:\Windows\System\IklUJay.exe
  2⤵
  PID:9180
- C:\Windows\System\zSXpUsO.exe
  C:\Windows\System\zSXpUsO.exe
  2⤵
  PID:9200
- C:\Windows\System\LMyNilS.exe
  C:\Windows\System\LMyNilS.exe
  2⤵
  PID:7456
- C:\Windows\System\VnsQHCb.exe
  C:\Windows\System\VnsQHCb.exe
  2⤵
  PID:7648
- C:\Windows\System\sdVSKAs.exe
  C:\Windows\System\sdVSKAs.exe
  2⤵
  PID:8232
- C:\Windows\System\OgYOvdW.exe
  C:\Windows\System\OgYOvdW.exe
  2⤵
  PID:8288
- C:\Windows\System\oyUVvsy.exe
  C:\Windows\System\oyUVvsy.exe
  2⤵
  PID:7932
- C:\Windows\System\FbDTwdk.exe
  C:\Windows\System\FbDTwdk.exe
  2⤵
  PID:8388
- C:\Windows\System\FZWhbry.exe
  C:\Windows\System\FZWhbry.exe
  2⤵
  PID:8328
- C:\Windows\System\afXeFGn.exe
  C:\Windows\System\afXeFGn.exe
  2⤵
  PID:8456
- C:\Windows\System\FIZnqEa.exe
  C:\Windows\System\FIZnqEa.exe
  2⤵
  PID:8400
- C:\Windows\System\TUzFjxJ.exe
  C:\Windows\System\TUzFjxJ.exe
  2⤵
  PID:8468
- C:\Windows\System\CYLzSDv.exe
  C:\Windows\System\CYLzSDv.exe
  2⤵
  PID:8508
- C:\Windows\System\JayoOBp.exe
  C:\Windows\System\JayoOBp.exe
  2⤵
  PID:8548
- C:\Windows\System\EhniWSS.exe
  C:\Windows\System\EhniWSS.exe
  2⤵
  PID:8560
- C:\Windows\System\ZAnrKLd.exe
  C:\Windows\System\ZAnrKLd.exe
  2⤵
  PID:8640
- C:\Windows\System\QvOCdjB.exe
  C:\Windows\System\QvOCdjB.exe
  2⤵
  PID:8624
- C:\Windows\System\kxueCDx.exe
  C:\Windows\System\kxueCDx.exe
  2⤵
  PID:8692
- C:\Windows\System\MjxqtUe.exe
  C:\Windows\System\MjxqtUe.exe
  2⤵
  PID:8240
- C:\Windows\System\bLXBIju.exe
  C:\Windows\System\bLXBIju.exe
  2⤵
  PID:8752
- C:\Windows\System\HXIbDDz.exe
  C:\Windows\System\HXIbDDz.exe
  2⤵
  PID:8824
- C:\Windows\System\jlWOfne.exe
  C:\Windows\System\jlWOfne.exe
  2⤵
  PID:8864
- C:\Windows\System\DHkQKgg.exe
  C:\Windows\System\DHkQKgg.exe
  2⤵
  PID:8768
- C:\Windows\System\bCZdivi.exe
  C:\Windows\System\bCZdivi.exe
  2⤵
  PID:8848
- C:\Windows\System\RXXMnwk.exe
  C:\Windows\System\RXXMnwk.exe
  2⤵
  PID:8844
- C:\Windows\System\oSWGSrj.exe
  C:\Windows\System\oSWGSrj.exe
  2⤵
  PID:8968
- C:\Windows\System\RHmPvPW.exe
  C:\Windows\System\RHmPvPW.exe
  2⤵
  PID:8984
- C:\Windows\System\pFGwFje.exe
  C:\Windows\System\pFGwFje.exe
  2⤵
  PID:9004
- C:\Windows\System\uuawJQE.exe
  C:\Windows\System\uuawJQE.exe
  2⤵
  PID:9036
- C:\Windows\System\cCDYvos.exe
  C:\Windows\System\cCDYvos.exe
  2⤵
  PID:9076
- C:\Windows\System\oKHtDwB.exe
  C:\Windows\System\oKHtDwB.exe
  2⤵
  PID:9148
- C:\Windows\System\NMWqpnL.exe
  C:\Windows\System\NMWqpnL.exe
  2⤵
  PID:9164
- C:\Windows\System\tzGZDlo.exe
  C:\Windows\System\tzGZDlo.exe
  2⤵
  PID:9192
- C:\Windows\System\cWJdzSp.exe
  C:\Windows\System\cWJdzSp.exe
  2⤵
  PID:7828
- C:\Windows\System\AcJdBFq.exe
  C:\Windows\System\AcJdBFq.exe
  2⤵
  PID:8228
- C:\Windows\System\UxnrTCZ.exe
  C:\Windows\System\UxnrTCZ.exe
  2⤵
  PID:8384
- C:\Windows\System\DYaUJju.exe
  C:\Windows\System\DYaUJju.exe
  2⤵
  PID:8220
- C:\Windows\System\XUBHPUm.exe
  C:\Windows\System\XUBHPUm.exe
  2⤵
  PID:8544
- C:\Windows\System\NGECHtt.exe
  C:\Windows\System\NGECHtt.exe
  2⤵
  PID:8436
- C:\Windows\System\YUnJrHM.exe
  C:\Windows\System\YUnJrHM.exe
  2⤵
  PID:8476
- C:\Windows\System\YwatrpS.exe
  C:\Windows\System\YwatrpS.exe
  2⤵
  PID:8528
- C:\Windows\System\gSQYany.exe
  C:\Windows\System\gSQYany.exe
  2⤵
  PID:8596
- C:\Windows\System\qMsJSBc.exe
  C:\Windows\System\qMsJSBc.exe
  2⤵
  PID:8616
- C:\Windows\System\sJuQUTr.exe
  C:\Windows\System\sJuQUTr.exe
  2⤵
  PID:8688
- C:\Windows\System\iznjYKe.exe
  C:\Windows\System\iznjYKe.exe
  2⤵
  PID:8720
- C:\Windows\System\XedvKWi.exe
  C:\Windows\System\XedvKWi.exe
  2⤵
  PID:8936
- C:\Windows\System\VMKVslu.exe
  C:\Windows\System\VMKVslu.exe
  2⤵
  PID:8884
- C:\Windows\System\cojCLlf.exe
  C:\Windows\System\cojCLlf.exe
  2⤵
  PID:8888
- C:\Windows\System\UjegxEZ.exe
  C:\Windows\System\UjegxEZ.exe
  2⤵
  PID:9044
- C:\Windows\System\NjBeSLR.exe
  C:\Windows\System\NjBeSLR.exe
  2⤵
  PID:9024
- C:\Windows\System\wrjbzPc.exe
  C:\Windows\System\wrjbzPc.exe
  2⤵
  PID:9132
- C:\Windows\System\eozSJbW.exe
  C:\Windows\System\eozSJbW.exe
  2⤵
  PID:8204
- C:\Windows\System\oFkWAaJ.exe
  C:\Windows\System\oFkWAaJ.exe
  2⤵
  PID:9176
- C:\Windows\System\KuktfRn.exe
  C:\Windows\System\KuktfRn.exe
  2⤵
  PID:8348
- C:\Windows\System\JFdeFgF.exe
  C:\Windows\System\JFdeFgF.exe
  2⤵
  PID:8540
- C:\Windows\System\jefgVWE.exe
  C:\Windows\System\jefgVWE.exe
  2⤵
  PID:8664
- C:\Windows\System\wchzhhK.exe
  C:\Windows\System\wchzhhK.exe
  2⤵
  PID:8340
- C:\Windows\System\xCtwniF.exe
  C:\Windows\System\xCtwniF.exe
  2⤵
  PID:9000
- C:\Windows\System\FFOWPaW.exe
  C:\Windows\System\FFOWPaW.exe
  2⤵
  PID:8784
- C:\Windows\System\TBUwlDT.exe
  C:\Windows\System\TBUwlDT.exe
  2⤵
  PID:8716
- C:\Windows\System\uzzhnKF.exe
  C:\Windows\System\uzzhnKF.exe
  2⤵
  PID:8920
- C:\Windows\System\RtbLteT.exe
  C:\Windows\System\RtbLteT.exe
  2⤵
  PID:9088
- C:\Windows\System\fBnjbRG.exe
  C:\Windows\System\fBnjbRG.exe
  2⤵
  PID:8988
- C:\Windows\System\clMvlqP.exe
  C:\Windows\System\clMvlqP.exe
  2⤵
  PID:9136
- C:\Windows\System\YnTCFfe.exe
  C:\Windows\System\YnTCFfe.exe
  2⤵
  PID:8668
- C:\Windows\System\CLGhGSG.exe
  C:\Windows\System\CLGhGSG.exe
  2⤵
  PID:8648
- C:\Windows\System\JBCbWen.exe
  C:\Windows\System\JBCbWen.exe
  2⤵
  PID:8860
- C:\Windows\System\RzUZJgG.exe
  C:\Windows\System\RzUZJgG.exe
  2⤵
  PID:8712
- C:\Windows\System\aMVOzJy.exe
  C:\Windows\System\aMVOzJy.exe
  2⤵
  PID:8980
- C:\Windows\System\FjlkcVJ.exe
  C:\Windows\System\FjlkcVJ.exe
  2⤵
  PID:9128
- C:\Windows\System\twrEitJ.exe
  C:\Windows\System\twrEitJ.exe
  2⤵
  PID:9208
- C:\Windows\System\UznBZio.exe
  C:\Windows\System\UznBZio.exe
  2⤵
  PID:8568
- C:\Windows\System\RHVUdBy.exe
  C:\Windows\System\RHVUdBy.exe
  2⤵
  PID:8904
- C:\Windows\System\gxPjAzg.exe
  C:\Windows\System\gxPjAzg.exe
  2⤵
  PID:8940
- C:\Windows\System\ZwxnEHO.exe
  C:\Windows\System\ZwxnEHO.exe
  2⤵
  PID:9168
- C:\Windows\System\RBiZWhb.exe
  C:\Windows\System\RBiZWhb.exe
  2⤵
  PID:8368
- C:\Windows\System\iFMsHHr.exe
  C:\Windows\System\iFMsHHr.exe
  2⤵
  PID:8900
- C:\Windows\System\AZLfaah.exe
  C:\Windows\System\AZLfaah.exe
  2⤵
  PID:8324
- C:\Windows\System\KUkjthv.exe
  C:\Windows\System\KUkjthv.exe
  2⤵
  PID:9020
- C:\Windows\System\ARVuJqY.exe
  C:\Windows\System\ARVuJqY.exe
  2⤵
  PID:9224
- C:\Windows\System\WFnnPRT.exe
  C:\Windows\System\WFnnPRT.exe
  2⤵
  PID:9252
- C:\Windows\System\djPLKQY.exe
  C:\Windows\System\djPLKQY.exe
  2⤵
  PID:9272
- C:\Windows\System\aTdfkjr.exe
  C:\Windows\System\aTdfkjr.exe
  2⤵
  PID:9308
- C:\Windows\System\sWMVXWI.exe
  C:\Windows\System\sWMVXWI.exe
  2⤵
  PID:9324
- C:\Windows\System\sKhzFGz.exe
  C:\Windows\System\sKhzFGz.exe
  2⤵
  PID:9344
- C:\Windows\System\VMWIgeC.exe
  C:\Windows\System\VMWIgeC.exe
  2⤵
  PID:9360
- C:\Windows\System\HXUzIWY.exe
  C:\Windows\System\HXUzIWY.exe
  2⤵
  PID:9384
- C:\Windows\System\TerTlvp.exe
  C:\Windows\System\TerTlvp.exe
  2⤵
  PID:9404
- C:\Windows\System\eHEeGmi.exe
  C:\Windows\System\eHEeGmi.exe
  2⤵
  PID:9420
- C:\Windows\System\NBBhzXc.exe
  C:\Windows\System\NBBhzXc.exe
  2⤵
  PID:9440
- C:\Windows\System\IUCHcZD.exe
  C:\Windows\System\IUCHcZD.exe
  2⤵
  PID:9460
- C:\Windows\System\LUZxEOu.exe
  C:\Windows\System\LUZxEOu.exe
  2⤵
  PID:9476
- C:\Windows\System\xVPIzFZ.exe
  C:\Windows\System\xVPIzFZ.exe
  2⤵
  PID:9492
- C:\Windows\System\nONgrsV.exe
  C:\Windows\System\nONgrsV.exe
  2⤵
  PID:9512
- C:\Windows\System\bFJqiVP.exe
  C:\Windows\System\bFJqiVP.exe
  2⤵
  PID:9536
- C:\Windows\System\vMqoJTk.exe
  C:\Windows\System\vMqoJTk.exe
  2⤵
  PID:9552
- C:\Windows\System\WqArhzM.exe
  C:\Windows\System\WqArhzM.exe
  2⤵
  PID:9584
- C:\Windows\System\kXjMesh.exe
  C:\Windows\System\kXjMesh.exe
  2⤵
  PID:9608
- C:\Windows\System\GMWzwMb.exe
  C:\Windows\System\GMWzwMb.exe
  2⤵
  PID:9624
- C:\Windows\System\vgMLRsf.exe
  C:\Windows\System\vgMLRsf.exe
  2⤵
  PID:9640
- C:\Windows\System\ahHSKSm.exe
  C:\Windows\System\ahHSKSm.exe
  2⤵
  PID:9664
- C:\Windows\System\dRnLkrE.exe
  C:\Windows\System\dRnLkrE.exe
  2⤵
  PID:9680
- C:\Windows\System\WfTZjap.exe
  C:\Windows\System\WfTZjap.exe
  2⤵
  PID:9708
- C:\Windows\System\HnuiuMI.exe
  C:\Windows\System\HnuiuMI.exe
  2⤵
  PID:9724
- C:\Windows\System\oRWDRyt.exe
  C:\Windows\System\oRWDRyt.exe
  2⤵
  PID:9744
- C:\Windows\System\oJgXQyl.exe
  C:\Windows\System\oJgXQyl.exe
  2⤵
  PID:9760
- C:\Windows\System\RrhYUXU.exe
  C:\Windows\System\RrhYUXU.exe
  2⤵
  PID:9780
- C:\Windows\System\bPhdxIW.exe
  C:\Windows\System\bPhdxIW.exe
  2⤵
  PID:9804
- C:\Windows\System\qyKIPGi.exe
  C:\Windows\System\qyKIPGi.exe
  2⤵
  PID:9820
- C:\Windows\System\YpCPEQf.exe
  C:\Windows\System\YpCPEQf.exe
  2⤵
  PID:9836
- C:\Windows\System\DjfMqmt.exe
  C:\Windows\System\DjfMqmt.exe
  2⤵
  PID:9856
- C:\Windows\System\FVqSxeY.exe
  C:\Windows\System\FVqSxeY.exe
  2⤵
  PID:9876
- C:\Windows\System\MNSNtzU.exe
  C:\Windows\System\MNSNtzU.exe
  2⤵
  PID:9916
- C:\Windows\System\aUVSbpn.exe
  C:\Windows\System\aUVSbpn.exe
  2⤵
  PID:9932
- C:\Windows\System\cuCwwHt.exe
  C:\Windows\System\cuCwwHt.exe
  2⤵
  PID:9956
- C:\Windows\System\OhShJFq.exe
  C:\Windows\System\OhShJFq.exe
  2⤵
  PID:9972
- C:\Windows\System\YFOvVrD.exe
  C:\Windows\System\YFOvVrD.exe
  2⤵
  PID:9988
- C:\Windows\System\zTCtpea.exe
  C:\Windows\System\zTCtpea.exe
  2⤵
  PID:10004
- C:\Windows\System\doZIgBJ.exe
  C:\Windows\System\doZIgBJ.exe
  2⤵
  PID:10020
- C:\Windows\System\vFcqdaj.exe
  C:\Windows\System\vFcqdaj.exe
  2⤵
  PID:10036
- C:\Windows\System\sfLnUbM.exe
  C:\Windows\System\sfLnUbM.exe
  2⤵
  PID:10052
- C:\Windows\System\EjxpfNk.exe
  C:\Windows\System\EjxpfNk.exe
  2⤵
  PID:10068
- C:\Windows\System\eczNofJ.exe
  C:\Windows\System\eczNofJ.exe
  2⤵
  PID:10084
- C:\Windows\System\mXzeuEI.exe
  C:\Windows\System\mXzeuEI.exe
  2⤵
  PID:10100
- C:\Windows\System\CNjtdzN.exe
  C:\Windows\System\CNjtdzN.exe
  2⤵
  PID:10144
- C:\Windows\System\FthkXnO.exe
  C:\Windows\System\FthkXnO.exe
  2⤵
  PID:10188
- C:\Windows\System\oFCieQH.exe
  C:\Windows\System\oFCieQH.exe
  2⤵
  PID:10204
- C:\Windows\System\WNAjsdp.exe
  C:\Windows\System\WNAjsdp.exe
  2⤵
  PID:10220
- C:\Windows\System\fNQhBqW.exe
  C:\Windows\System\fNQhBqW.exe
  2⤵
  PID:9220
- C:\Windows\System\DmaQjoV.exe
  C:\Windows\System\DmaQjoV.exe
  2⤵
  PID:9264
- C:\Windows\System\MNPpgeW.exe
  C:\Windows\System\MNPpgeW.exe
  2⤵
  PID:8636
- C:\Windows\System\PpLMMRz.exe
  C:\Windows\System\PpLMMRz.exe
  2⤵
  PID:9296
- C:\Windows\System\MymCCWM.exe
  C:\Windows\System\MymCCWM.exe
  2⤵
  PID:9316
- C:\Windows\System\ridizPq.exe
  C:\Windows\System\ridizPq.exe
  2⤵
  PID:9352
- C:\Windows\System\OQFzXOY.exe
  C:\Windows\System\OQFzXOY.exe
  2⤵
  PID:9372
- C:\Windows\System\ERkadnw.exe
  C:\Windows\System\ERkadnw.exe
  2⤵
  PID:9396
- C:\Windows\System\AFHVoMI.exe
  C:\Windows\System\AFHVoMI.exe
  2⤵
  PID:9436
- C:\Windows\System\ueEwxrJ.exe
  C:\Windows\System\ueEwxrJ.exe
  2⤵
  PID:9508
- C:\Windows\System\XxRYiEo.exe
  C:\Windows\System\XxRYiEo.exe
  2⤵
  PID:9484
- C:\Windows\System\KipWWrX.exe
  C:\Windows\System\KipWWrX.exe
  2⤵
  PID:9456
- C:\Windows\System\fDeUgii.exe
  C:\Windows\System\fDeUgii.exe
  2⤵
  PID:9520
- C:\Windows\System\uUVAupr.exe
  C:\Windows\System\uUVAupr.exe
  2⤵
  PID:9660
- C:\Windows\System\yNLreUz.exe
  C:\Windows\System\yNLreUz.exe
  2⤵
  PID:9688
- C:\Windows\System\nTFbPFy.exe
  C:\Windows\System\nTFbPFy.exe
  2⤵
  PID:9700
- C:\Windows\System\mjouNeU.exe
  C:\Windows\System\mjouNeU.exe
  2⤵
  PID:9752
- C:\Windows\System\CrWDQFz.exe
  C:\Windows\System\CrWDQFz.exe
  2⤵
  PID:9792
- C:\Windows\System\wikhvJF.exe
  C:\Windows\System\wikhvJF.exe
  2⤵
  PID:9772
- C:\Windows\System\vNNCTLz.exe
  C:\Windows\System\vNNCTLz.exe
  2⤵
  PID:9816
- C:\Windows\System\arIilRL.exe
  C:\Windows\System\arIilRL.exe
  2⤵
  PID:9872
- C:\Windows\System\lrvDtWj.exe
  C:\Windows\System\lrvDtWj.exe
  2⤵
  PID:9904
- C:\Windows\System\DRSsBno.exe
  C:\Windows\System\DRSsBno.exe
  2⤵
  PID:9940
- C:\Windows\System\HQjpevP.exe
  C:\Windows\System\HQjpevP.exe
  2⤵
  PID:9996
- C:\Windows\System\mMsmejT.exe
  C:\Windows\System\mMsmejT.exe
  2⤵
  PID:10032
- C:\Windows\System\GLOPDkh.exe
  C:\Windows\System\GLOPDkh.exe
  2⤵
  PID:10092
- C:\Windows\System\ZtRkphJ.exe
  C:\Windows\System\ZtRkphJ.exe
  2⤵
  PID:10012
- C:\Windows\System\IWNDAsL.exe
  C:\Windows\System\IWNDAsL.exe
  2⤵
  PID:10112
- C:\Windows\System\dymwahp.exe
  C:\Windows\System\dymwahp.exe
  2⤵
  PID:10128
- C:\Windows\System\sufukit.exe
  C:\Windows\System\sufukit.exe
  2⤵
  PID:10160
- C:\Windows\System\GRVyACd.exe
  C:\Windows\System\GRVyACd.exe
  2⤵
  PID:10196
- C:\Windows\System\HSfhEQo.exe
  C:\Windows\System\HSfhEQo.exe
  2⤵
  PID:8996
- C:\Windows\System\aNZfEXK.exe
  C:\Windows\System\aNZfEXK.exe
  2⤵
  PID:9244
- C:\Windows\System\RReDcDE.exe
  C:\Windows\System\RReDcDE.exe
  2⤵
  PID:9500
- C:\Windows\System\fYqKctj.exe
  C:\Windows\System\fYqKctj.exe
  2⤵
  PID:9568
- C:\Windows\System\hMRkAYe.exe
  C:\Windows\System\hMRkAYe.exe
  2⤵
  PID:9448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\HYIbRbm.exe

Filesize
1.9MB

MD5
0ceecb19c8eedf12532ce8d1bcb4035a

SHA1
455bf8187349c0e9582377f94f869c3e12941cdf

SHA256
0dbee9c4d907e3fac67ecfd12385e4a2b087332dfea99604d27e7abf4b251a27

SHA512
f5189660fb330005837dde439f9d4b5dbcbaaa1a766e6008ea9f292aba6ac2441477d7425ae61dadb36047573556e769ca1249668b26f53164d3ea5f8409a9e0

Download Submit
C:\Windows\system\KaCWhqM.exe

Filesize
2.0MB

MD5
f57b7a42cdf2cca914abd89a3ec74e74

SHA1
54cd78a2916da4e285f90e64a8e1671905ba0608

SHA256
641416a568b487b44e8f8e38f169329b881be536ea8903e12ce443ad53180a3b

SHA512
e79b5c3060f2f34d11fae3221d2c0d296add9fc6fe99ab9d9934b63e3e551d0f65d6aea70bb04fa0f1956eadd7e70ead3e34b8e7e636b78c61561f33e7ac7641

Download Submit
C:\Windows\system\MwsyaWK.exe

Filesize
2.0MB

MD5
2445ed540149cd876bc93e7e6a045d9e

SHA1
c51299d48740eb4c110141904a88b6108b2505a6

SHA256
b84e2887f8f6d5187662911bed93cfbb6067fa65f336754856cf0d734025fef8

SHA512
c69fa1fd48e838102df2cd9926297465e3f9578a179ed541f7a31f1c4df4d8ed0ecab021edada5372e87bd4e8bca578f1adbaaf61db4225fe78935d3508559cd

Download Submit
C:\Windows\system\TSDBryH.exe

Filesize
2.0MB

MD5
6b5a2b925944a01e0b288cf26174bf40

SHA1
bb74797dce4ca86164916c641e38ffeeff0bd509

SHA256
708a648b9ff634b3851bc6e3461df098927b6e23412cc73302569f3b121097f0

SHA512
67901e7dc79b93cb4a3e722be7324bcb108626a8a2d092fc7f415a90596e60dedcabe33b6bfeec61a531afdf9d76cb8b45733d237c680569e4f6aa2a122f6633

Download Submit
C:\Windows\system\TTkKqkA.exe

Filesize
2.0MB

MD5
14faf1a2dd98cb557ccb172eb5f30d77

SHA1
59f5e9f726c7c20429f66e115ec2f3ac3e6309b3

SHA256
d614c6dc01000be090456c1c4549e57013da0a65efeb354b19fbbb22c99e3212

SHA512
3db001e5112e58ad0e4950e8d4f63fa098382ec2b796099380ee69d4c804399f74f7e77f7f9255755262a75448448b0f01d634ee63bd3828f06605bf46c7a1c8

Download Submit
C:\Windows\system\WCSjuee.exe

Filesize
2.0MB

MD5
78d067eb7851811740c88686ce3f9e1f

SHA1
2e46cd2a3d5ff7a3cec2f1e05a67131a35a800a1

SHA256
330489d0e6d83ae90b2730d671e5297ebe7213f1d7d96c08208cb523bf462b6c

SHA512
5c4f725042a7d9372025af0a2eb9a612890fabffdf5e0e5d7eb21673439d4ef07a1c15f028c74793cea4c92118e2fd9978ef72b8639b258f8cb5c24001c92542

Download Submit
C:\Windows\system\YlZoNYD.exe

Filesize
2.0MB

MD5
f0b0fa6ea2d75ca5f004ab5a72e77acb

SHA1
449f36ff4ad85f548567f4031886d9db6bc31697

SHA256
f401b2af1ab04adf0ea14d316c78a2ac9667df0bcc2866d8bde893341404c224

SHA512
73dc9ad8ba00f74548c1798a9fb5fe1e21fc5873c0c214a7a253297c0f426923a65d669e934db356ddb8174b4c681467d97fdc7c3a6cc01375a55a4fa24e9707

Download Submit
C:\Windows\system\cKbpeVx.exe

Filesize
2.0MB

MD5
17865ddcbcbc9b86d73a7034747e057c

SHA1
bb0a0c89ac2d52ae41b996ec2685d55f45bc6f3e

SHA256
4b23aecef09a223e065eb070ffae27f4070aaa117f71ce7cb6a98db6bc81ee95

SHA512
e7353e87ab751902b038de091e93349b7875891b559e73bbac693dfd284b35f5b8d08008cbaf0823bcd42d866bbfd92874ae9f50882f484c0e23e5237ddb69b8

Download Submit
C:\Windows\system\etjgaty.exe

Filesize
2.0MB

MD5
9163fec26465c77e8e96562b98c55ef4

SHA1
cae503ae17d9e698d2d4ad685fb8d915dd042479

SHA256
76eac373cf46a9087d3dd6ed3a246d5bdd24547bf91a9cad3c8f6dba93db47dd

SHA512
b20a98c0ade48d8e14cfb83b66a0630aac9d8d9d38e91b4ba62697f8888d05c48e62c9eea71534182538df20490d470acdb6357ab1e9eb35e97a3c9ea82b3d10

Download Submit
C:\Windows\system\fFvEyJk.exe

Filesize
2.0MB

MD5
1b884cdcba564260e311f02c2f1fd06f

SHA1
ef63f98d23ef9446431c688ef87353ccc691e1ec

SHA256
6ef7931e37c7f918e2ae5a6add03888b5a164331a1109f3d546f1d9e7d9dc456

SHA512
ae92952e4c780a52b0bfaabb82eea9b87544076dfd027f2f1c4d74f19ba767a84491799ebfa2526cf834557e4d36a154c80286b8d371a74fb2d0808b75a269fe

Download Submit
C:\Windows\system\jDWzXLM.exe

Filesize
2.0MB

MD5
f5f5df250f77f27ca6d2e95f3e2327e8

SHA1
e6794a112bdb8b4ff1ced418bc7192397011fb48

SHA256
880f7a538889948bd68e21a07342d9700fe3adf88054ee96727e4cbe53b2a11f

SHA512
b38ff85439084776328ecaf19f981290ed6dbd9b70b8db37393ab1abd32df09dbc22d72e8c9ce8793efd0b2892f2d6e1e393fcc1cd36b86a6f612671dd486095

Download Submit
C:\Windows\system\kcPOGwI.exe

Filesize
1.9MB

MD5
62f76677f68fc6a01f8cdd2437ea5f0d

SHA1
f8d5ecaecc43e6880c9af01d61662677897de5e8

SHA256
fe8f0559cd49d322ee5780ab34fba4c770bc88105c0a4305bf41b33b24b0c0b6

SHA512
8910a736e6725a02224dd867add31331abaa7ea2ec91ab875ce80aa3e09b6fa7a2f18e1fe512892100a685682a95670e2bb1a90c74d052df17dfb7925d20bb92

Download Submit
C:\Windows\system\nAvmxWF.exe

Filesize
2.0MB

MD5
ff87f090ba2bc7b8f7109e5a0be1a775

SHA1
1fd29b06ae93bf4e1d2e20248a3b074f72daae6d

SHA256
9fb4c464c8f97563268a284da0093afbf22b5e7f05ca696d221d40f4957c9efc

SHA512
1d49cbb10a9d0a51a7c5e112a42fdb125581c836bc61e88b85f6705844950b071171342019def77411717a379ba1234d37365e6793b01ef112d430952f594427

Download Submit
C:\Windows\system\nZRcyge.exe

Filesize
2.0MB

MD5
c93a6abd7ee41c1729595e90b9817783

SHA1
2ce27a41e715d559702363176c8b2f75280c646c

SHA256
883fbae1ffef069e20e8420b90a76311f8029e96f6b2231a4aa7b1fc59157a0a

SHA512
98b60f6d9314ad07ec4d87d633dbfc9a9954e686c2e68d7049435bbba2d34c781bfb1835f0c38e8f55762b90bee17589676e863dcad811547f126b967c126b8c

Download Submit
C:\Windows\system\qCaLmLi.exe

Filesize
2.0MB

MD5
9ec02d32a4f7a063a81ca6ff9ce4154f

SHA1
151d789d309fef1bda3e0c0264e00c4bd887c1b6

SHA256
65c050e81068b2c4db50c2d3de00127b4b5703af92f1abecd64261aeebaf3d12

SHA512
102f82501b2139f1a16ba6362be5c09437b6718de620acbea543fe24e1449cdcab2e0981dafd6e8158e84aab634df5862330db59e46077ad996f2e91923190db

Download Submit
C:\Windows\system\qgSsIDc.exe

Filesize
2.0MB

MD5
bc8076522903153396623196c3bbfc63

SHA1
a3ed892532da96b8ab0858878f0117f552e3aa99

SHA256
e020af0e85a02f641910a4d04d85bb5f20a371b34f14d4e79ddf71dc266dbb86

SHA512
9cf9aa31500ba29c2d10a318fa9e39d5c559fab696b70597ff64728967ab0a5fde905221ed3830e3c4162d98ad5250f9ec2226156f8d5931ae8e24d820dfb37d

Download Submit
C:\Windows\system\rRmycHr.exe

Filesize
2.0MB

MD5
fdda79dc2d3bbc10080db113c09d8fcd

SHA1
3b3aaef2a052e18172222ec227cb0d62400afee8

SHA256
1591e39b3022afe9dac2b1aa7f7cad0d8c856be3070ffb2a78955f9c5045932b

SHA512
f2e2d61c2a77e956140e9954bda4bfa8e38f1db2e6ea6b4dc7ea9456ce80673588b772fa18b6b2ebcc17703427209fc13657d958ae5fe54255eb3014eed5b2d9

Download Submit
C:\Windows\system\uIdrNbu.exe

Filesize
2.0MB

MD5
be79bb704f66f4a01c5eb581928cdc0d

SHA1
a488ebc291c634f5ff1563e9115992014205d14d

SHA256
fe9a8232465bcc62e233a3537b8545317010a57e3f1e89fcf257e30ac06ab99e

SHA512
82761cb087a4f116c2bc261bee801527d745c7c1cc9e25b365771df03989319746e7978b4655ada0dec2b4360d4f8c629e8e1a5eacdc6031ca10219d3285406d

Download Submit
C:\Windows\system\vYAgeNs.exe

Filesize
2.0MB

MD5
cef231446f4d245f70f3bae75f276415

SHA1
3aaa9b4823f72fb81ebbbfdde5d81d89729e3149

SHA256
e67ac3690d183e6a634e062b06513d2a950d8f09183c3c190a199c0945ddb459

SHA512
354319734f25ded793c5dd1ddb03857157cb63e02af9973d6fff8d3725518d828f65ba8ad78e729e6205201ffd10ca582f4d60299cff07aaefb4f1038483f490

Download Submit
C:\Windows\system\vnHsljY.exe

Filesize
2.0MB

MD5
0215e3702ba848630f28613bdbe3682b

SHA1
1ac67f1ed5a0fa0914021b10b80dfe34ce0eac6f

SHA256
590892b2345a6d579b089040d14388cda3dcc49a85e491f7864ac5d704bf3633

SHA512
73f5c73a15adc9823412f441d3ef353581639ab8b2815f25a8f2c4223e32906453b58811ac89363708f0edd560976a17c9a190e58577fab366fb5e139dffda4c

Download Submit
C:\Windows\system\wOUjfpB.exe

Filesize
1.9MB

MD5
21cc4dd5529f7ee1fc374619dd76c09c

SHA1
f8d70f28085df66e5009c67635dac26f36661dfb

SHA256
468057d56ac25995b7575b19a49e7def97ca1e36c49936bebab4f0cddaf8c9ec

SHA512
85fdeae0d4d34afd2cbb9bf4e9ef4ba405626535e8c29dc24972677f5214bf7bf52b9476c38e91a98c11e1b4210d4baa093bb3b47d4dad35d8ff77c440a4f335

Download Submit
C:\Windows\system\wusUmdo.exe

Filesize
2.0MB

MD5
0fdb9bb99873e3ceb456b3698eed8441

SHA1
c9d435caa61d274392caebaa7db12981b0759224

SHA256
ed3c61625b11f6c471bcb59b7f18aa874b5e7ea88f0ce6221e4ed1d85212335a

SHA512
7c730556726d3e62edbfde34cc495e9ffa010f412a22a71f735069b8f8bec15532625f3e216f8d69acfe4dc0aab79645be00272120cf9602561303998491b39c

Download Submit
C:\Windows\system\yorfGRA.exe

Filesize
2.0MB

MD5
777bae9d87f47e56b3027e43f312291a

SHA1
06fa4101dc4b5e475f65af8f225086f4b95d7af8

SHA256
86147aa4e0024801aea3e2944fb92c676d66f51e7b848de8bd5022a0bdb72b0d

SHA512
6dbfe652fd95fae3420e7185791b4fd0e41146d1aaeb54451d474e53eb3b649c869863f4462feae0507ac8ca7d343c8acf386c2a3d513f4023392b1a5000e1f6

Download Submit
\Windows\system\BRNUGuT.exe

Filesize
2.0MB

MD5
41cd4aba11f4236dc1ec6edf6ab95d51

SHA1
8cbf50c72513dced22fa4bb13234021e3843560e

SHA256
373a41dbf054408bcefa1a8c9615498b53e0979ab627f36a233b5e8870c306a8

SHA512
0835e76851141eda14bdb49f107e4747103594851a67b5ece1c1a4e8d048cc263d49d31ddd2059c746270de23d8db638b0d8d6bb8af5f844212cae06843e5d76

Download Submit
\Windows\system\CIQIXHB.exe

Filesize
2.0MB

MD5
a48f7ca75164c3c755561cc5c3d1ad9a

SHA1
9b725b10b1b9bb27ebcb086e6540d3dc10cfc98a

SHA256
6a99c5cdf8afe315eddf055ea54e26c0949d0492819be78ec95c78f610af65eb

SHA512
8c7c4362d896a573a24548cf5a964e976740aec29964fbb5f0a07a8ececa0a07ba6f802a124765175a6cbcb7c89a7522e93581790bda3e05b462f6b0975b632a

Download Submit
\Windows\system\CnIDPXU.exe

Filesize
2.0MB

MD5
beaa566d5afd5f59e057ca8923407dce

SHA1
41df53db7004242006fb44a765c5932f22fbd801

SHA256
b7410c68c33a40a10c4dbf593e4bc96d74391a09177af69061345bce35c56eba

SHA512
cfb3568187e9d1a0dcf6828fd80fa332a70632524e6b0416f3eb5ed8e4e020140cb363defad50ada3318a7da5246889efa19e3140830538f3113b625c6a117cb

Download Submit
\Windows\system\HphcFsH.exe

Filesize
2.0MB

MD5
2fad459c266a25123cdc253d7bd2341f

SHA1
38a80cf7f7d4847c72869e21b63f59110f91cf40

SHA256
9238d53a3d9e5cd363c86cd570159b469c002a39b14484e4f9a0b4cb59b43df8

SHA512
45e1efbc2663fcd95057573c1db8a49c24b4d91d6648622aca24a9c0341307b1f95d179caafef1739e8f4d37b06a99f5a9a96f213003a8b9b0ec76c4e5e4cd95

Download Submit
\Windows\system\JFTvnjX.exe

Filesize
2.0MB

MD5
ecbbe3018868c5af23ee072bced277cb

SHA1
5c34df20b8968ddb55d1ea9de406c4ea90ed250f

SHA256
41a9d6792737d070a48a6592a3ede700d1f791abaf9d4c0774a3881533649392

SHA512
b9cbd8343470341e4878e3c84a3fa2b353b04e5fcfed4e117ab34f8472635d901baa2add1d5ab5a855d8e6f4af0bc6be89b693f0a41ac0a951c7147fe9ca50d0

Download Submit
\Windows\system\ORRUvAG.exe

Filesize
2.0MB

MD5
270359fa10b6b9eca878de104d91e0cd

SHA1
46bf5c1e89f1dd51053dc2222846e88bb4cd834d

SHA256
4527cdc7d88123c86fac35941a74802879c2784ec06d5009f9f9b6bb899b4b0a

SHA512
d78a82d2eec0a01017f2b54b44e6d9291520b1a1e83b8377ff444936fdd00655839747083c4d51de37d0a570c8e8df2f5ad87943f96e6a84821a320ccbeaf6e2

Download Submit
\Windows\system\QcCVFxe.exe

Filesize
1.9MB

MD5
450efd09127343c980ef8c41a69f7c2d

SHA1
1e0cd4ba12b89f85f67043f46b532c90894e83f5

SHA256
8e77943eea112c425642978daa7a114396aa37d1c1517b1b2fbcaa65a1c48c73

SHA512
5c284b7ac8f2fe4a20a904fbf7807c1d53b6032581e1cdb79bef4c6c0feacce4ae8a7996d9dd7ac1d861a64925a0b14a658a1cf87441cdb770cdd195104e5e73

Download Submit
\Windows\system\TdkQJUK.exe

Filesize
2.0MB

MD5
a1d113a4caed34406acabfeeefa7b08f

SHA1
b8412064ad410491101ff47cfeeb6229a291a9d4

SHA256
90ed31a19c2f4ad34c44ba59e35fe2d2b1c531654f5fccd147727984e4a24ddd

SHA512
106d88cc66a9678f17423249c24dae3f11eb8bbe1565b2b98139a8750500e621bdbadddf415b723a837132871c5a97a679f83f8f375585cb1c2fe7bc8060be8b

Download Submit
\Windows\system\bsGjfOU.exe

Filesize
2.0MB

MD5
6839142c7ee37d2218e08b0d327bfef9

SHA1
6ebb1c6f2984aa8936db8d3ae1e110876f89788c

SHA256
0a32a614406cc6abba8b8e2431419688bb1379fdd35ec89032f5e6d0ccbf029c

SHA512
079da9c607d209a79bb45d26ad307692173b23e25b31750bf20c3d88139cd3b0ca68c2168554075506e55057238328ae90fc426f410aaefb163d370b2760e830

Download Submit
memory/1296-126-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/1296-4015-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/1444-16-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/1444-4008-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/1716-40-0x0000000001E80000-0x00000000021D4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-45-0x0000000001E80000-0x00000000021D4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-124-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/1716-1240-0x0000000001E80000-0x00000000021D4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-125-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/1716-105-0x0000000001E80000-0x00000000021D4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-112-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/1716-947-0x0000000001E80000-0x00000000021D4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-659-0x0000000001E80000-0x00000000021D4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-92-0x0000000001E80000-0x00000000021D4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1716-87-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/1716-128-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/1716-78-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/1716-49-0x0000000001E80000-0x00000000021D4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-0-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/1716-12-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/1716-26-0x0000000001E80000-0x00000000021D4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-238-0x0000000001E80000-0x00000000021D4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-32-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1716-11-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/1716-37-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2172-4009-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2172-22-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2196-4011-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2196-135-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2196-34-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2548-4017-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-107-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-100-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-4019-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-120-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2652-4014-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2660-923-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2660-4013-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2660-50-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2700-91-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2700-4018-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2808-4012-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2808-43-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2808-430-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/2856-28-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2856-4010-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2856-134-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2884-85-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2884-4016-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2980-127-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2980-4020-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/3008-15-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/3008-4007-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download