cobaltstrike | 446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 00:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
Size

6.0MB
MD5

50bedbd745bd278a4fe57b46e4cb4d19
SHA1

1944a282f5c4b593f6cfe435de1ecb559f0a8551
SHA256

446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8
SHA512

f2df0a2bc3dd3fcd7446593f9d17987fb9e955a1e8f0a3f0d79913be3abd51ad87ba7ada1ef2a57a0da915460386fbe082068793bd2627951aa260d602a3aef7
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUI:eOl56utgpPF8u/7I

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001225c-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000014b28-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000014bda-16.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014c23-24.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014cde-33.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014f7b-42.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015016-49.dat	cobalt_reflective_dll
behavioral1/files/0x003500000001487e-53.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4e-85.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016db3-90.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd2-105.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017051-136.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd6-135.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ee0-125.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dc7-100.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016db8-95.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4a-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d46-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d33-69.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d11-64.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cf8-59.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000170b5-142.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017546-144.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175c6-151.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175cc-156.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175d2-161.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ee-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001875d-190.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186d2-177.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186de-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018669-171.dat	cobalt_reflective_dll
behavioral1/files/0x0031000000018654-167.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1860-0-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/files/0x000a00000001225c-6.dat	xmrig
behavioral1/memory/2444-9-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/files/0x0008000000014b28-11.dat	xmrig
behavioral1/files/0x0008000000014bda-16.dat	xmrig
behavioral1/memory/2592-23-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/3040-19-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/files/0x0007000000014c23-24.dat	xmrig
behavioral1/memory/2720-35-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/files/0x0007000000014cde-33.dat	xmrig
behavioral1/memory/1860-36-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2892-37-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/files/0x0007000000014f7b-42.dat	xmrig
behavioral1/memory/1860-43-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2704-45-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x0007000000015016-49.dat	xmrig
behavioral1/memory/2840-52-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x003500000001487e-53.dat	xmrig
behavioral1/files/0x0006000000016d4e-85.dat	xmrig
behavioral1/files/0x0006000000016db3-90.dat	xmrig
behavioral1/files/0x0006000000016dd2-105.dat	xmrig
behavioral1/memory/1860-109-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/1860-112-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2664-130-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/files/0x0006000000017051-136.dat	xmrig
behavioral1/files/0x0006000000016dd6-135.dat	xmrig
behavioral1/memory/2592-133-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2576-118-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/596-128-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/1680-126-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016ee0-125.dat	xmrig
behavioral1/memory/628-121-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/1860-120-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2516-113-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2556-111-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/1860-110-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/3040-108-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/files/0x0006000000016dc7-100.dat	xmrig
behavioral1/files/0x0006000000016db8-95.dat	xmrig
behavioral1/files/0x0006000000016d4a-80.dat	xmrig
behavioral1/files/0x0006000000016d46-75.dat	xmrig
behavioral1/files/0x0006000000016d33-69.dat	xmrig
behavioral1/files/0x0006000000016d11-64.dat	xmrig
behavioral1/files/0x0007000000016cf8-59.dat	xmrig
behavioral1/files/0x00060000000170b5-142.dat	xmrig
behavioral1/files/0x0006000000017546-144.dat	xmrig
behavioral1/files/0x00060000000175c6-151.dat	xmrig
behavioral1/files/0x00060000000175cc-156.dat	xmrig
behavioral1/files/0x00060000000175d2-161.dat	xmrig
behavioral1/memory/1860-766-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig
behavioral1/memory/2704-390-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x00050000000186ee-187.dat	xmrig
behavioral1/files/0x000500000001875d-190.dat	xmrig
behavioral1/files/0x00050000000186d2-177.dat	xmrig
behavioral1/files/0x00050000000186de-180.dat	xmrig
behavioral1/files/0x0005000000018669-171.dat	xmrig
behavioral1/files/0x0031000000018654-167.dat	xmrig
behavioral1/memory/2720-3517-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2892-3518-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2704-3521-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2592-3525-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2444-3541-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/628-3546-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2664-3553-0x000000013F3B0000-0x000000013F704000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2444	uYyykRR.exe
3040	mgYkgGy.exe
2592	MQMqiEh.exe
2720	SzdCgzX.exe
2892	XgCfkmq.exe
2704	YnqwdCS.exe
2840	xGIrsRX.exe
2664	XZSllpa.exe
2556	kilcdXe.exe
2516	ipjLNYA.exe
2576	YZdDXHN.exe
628	GwrHjrC.exe
1680	VUGYfES.exe
596	zfVDxrk.exe
1112	tdVfbSh.exe
572	NdSoaGF.exe
1660	WPXdQrJ.exe
2560	ttSyALg.exe
1248	ToMcWWh.exe
1336	rWXOLoj.exe
1648	NBPqpNr.exe
1080	uwXCAbt.exe
2472	RaBoqBu.exe
2968	ZdiNAUs.exe
2872	VSSYiXa.exe
1980	fjVnyeo.exe
2216	KxxPbXK.exe
1796	kuIRRms.exe
2916	QyEsyzX.exe
2428	jnMNRnM.exe
2484	PmDGsbp.exe
1828	XLySeuK.exe
3048	mBpFAzg.exe
1768	JWDMoES.exe
2124	vKLCcPi.exe
2072	WuHdDxE.exe
964	GptBklb.exe
1792	RVBnCnC.exe
2268	SDDrdUk.exe
2092	IlKDjCO.exe
1744	RBPdIMU.exe
2200	aOhEGRa.exe
868	nilBxQL.exe
2132	pytWDNS.exe
1968	QdzPgEb.exe
2256	TREStUT.exe
2252	MXKCROL.exe
996	JETgThb.exe
2884	uHVAYJa.exe
2424	miEJDbH.exe
1956	GoGmlSa.exe
2392	zvyfKZk.exe
1620	UbMiPRM.exe
2880	xxOQqWk.exe
2648	uNUBYBW.exe
2652	KQNYnsJ.exe
2708	XNWcrUg.exe
3000	OwPBfQW.exe
2500	wChCRUI.exe
1664	MPMHEml.exe
1824	zCYntPJ.exe
476	HnehNCW.exe
1092	JLHXXnJ.exe
2488	nguZQqF.exe

Loads dropped DLL 64 IoCs

pid	Process
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1860-0-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/1860-8-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/files/0x000a00000001225c-6.dat	upx
behavioral1/memory/2444-9-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/files/0x0008000000014b28-11.dat	upx
behavioral1/files/0x0008000000014bda-16.dat	upx
behavioral1/memory/2592-23-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/3040-19-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/files/0x0007000000014c23-24.dat	upx
behavioral1/memory/2720-35-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/files/0x0007000000014cde-33.dat	upx
behavioral1/memory/2892-37-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/files/0x0007000000014f7b-42.dat	upx
behavioral1/memory/1860-43-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2704-45-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x0007000000015016-49.dat	upx
behavioral1/memory/2840-52-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x003500000001487e-53.dat	upx
behavioral1/files/0x0006000000016d4e-85.dat	upx
behavioral1/files/0x0006000000016db3-90.dat	upx
behavioral1/files/0x0006000000016dd2-105.dat	upx
behavioral1/memory/2664-130-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/files/0x0006000000017051-136.dat	upx
behavioral1/files/0x0006000000016dd6-135.dat	upx
behavioral1/memory/2592-133-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2576-118-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/596-128-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/1680-126-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x0006000000016ee0-125.dat	upx
behavioral1/memory/628-121-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2516-113-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2556-111-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/3040-108-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/files/0x0006000000016dc7-100.dat	upx
behavioral1/files/0x0006000000016db8-95.dat	upx
behavioral1/files/0x0006000000016d4a-80.dat	upx
behavioral1/files/0x0006000000016d46-75.dat	upx
behavioral1/files/0x0006000000016d33-69.dat	upx
behavioral1/files/0x0006000000016d11-64.dat	upx
behavioral1/files/0x0007000000016cf8-59.dat	upx
behavioral1/files/0x00060000000170b5-142.dat	upx
behavioral1/files/0x0006000000017546-144.dat	upx
behavioral1/files/0x00060000000175c6-151.dat	upx
behavioral1/files/0x00060000000175cc-156.dat	upx
behavioral1/files/0x00060000000175d2-161.dat	upx
behavioral1/memory/2704-390-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x00050000000186ee-187.dat	upx
behavioral1/files/0x000500000001875d-190.dat	upx
behavioral1/files/0x00050000000186d2-177.dat	upx
behavioral1/files/0x00050000000186de-180.dat	upx
behavioral1/files/0x0005000000018669-171.dat	upx
behavioral1/files/0x0031000000018654-167.dat	upx
behavioral1/memory/2720-3517-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2892-3518-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2704-3521-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2592-3525-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2444-3541-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/628-3546-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2664-3553-0x000000013F3B0000-0x000000013F704000-memory.dmp	upx
behavioral1/memory/2516-3542-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/596-3564-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/3040-3581-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2840-3574-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/1680-3585-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ObzLQbu.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\FVRcEvm.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\VwebWfA.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\wDwLGNY.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\yGSWCnC.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\QWCdaof.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\jrRxAff.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\UmYfNfN.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\GjIrQrk.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\VyvRcvA.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\SEqyHop.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\tbuYClk.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\IzqifJc.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\OWspDCB.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\ohFegiz.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\KPsNFHc.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\XokoQOE.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\cDmLoLl.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\EKePWMW.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\ezoiGsd.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\uUlGdpB.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\YxpThTv.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\XsRvqdY.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\sUanYZt.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\mGMRGPu.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\LJhvonc.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\xEECKZy.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\MbGZyrN.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\eWXHoPZ.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\RTVZBXq.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\GdFOtGj.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\EWOiscu.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\ojykkPJ.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\tNElMuF.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\GHPhQZe.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\FHhypVT.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\XykIIxy.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\eLMRMkZ.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\yIbwuFU.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\CNtEWvL.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\MXdptiO.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\PSYremd.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\zywYvJk.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\WAbeYbU.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\JHfJVbB.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\HFzmkuh.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\PxmpHSk.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\vceGOkv.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\RyxQAhC.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\JmIAvEY.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\NAPpFOR.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\aFEiFHn.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\MhehfRQ.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\BcAdZfc.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\WAoYyta.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\dTIunZz.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\ofuifny.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\RREvNmb.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\plkzvMw.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\veCpITf.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\GZGsLZr.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\lKXlqqo.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\nblhWSd.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
File created	C:\Windows\System\PpBheUX.exe	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1860 wrote to memory of 2444	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	29
PID 1860 wrote to memory of 2444	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	29
PID 1860 wrote to memory of 2444	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	29
PID 1860 wrote to memory of 2592	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	30
PID 1860 wrote to memory of 2592	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	30
PID 1860 wrote to memory of 2592	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	30
PID 1860 wrote to memory of 3040	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	31
PID 1860 wrote to memory of 3040	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	31
PID 1860 wrote to memory of 3040	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	31
PID 1860 wrote to memory of 2720	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	32
PID 1860 wrote to memory of 2720	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	32
PID 1860 wrote to memory of 2720	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	32
PID 1860 wrote to memory of 2892	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	33
PID 1860 wrote to memory of 2892	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	33
PID 1860 wrote to memory of 2892	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	33
PID 1860 wrote to memory of 2704	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	34
PID 1860 wrote to memory of 2704	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	34
PID 1860 wrote to memory of 2704	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	34
PID 1860 wrote to memory of 2840	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	35
PID 1860 wrote to memory of 2840	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	35
PID 1860 wrote to memory of 2840	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	35
PID 1860 wrote to memory of 2664	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	36
PID 1860 wrote to memory of 2664	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	36
PID 1860 wrote to memory of 2664	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	36
PID 1860 wrote to memory of 2556	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	37
PID 1860 wrote to memory of 2556	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	37
PID 1860 wrote to memory of 2556	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	37
PID 1860 wrote to memory of 2516	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	38
PID 1860 wrote to memory of 2516	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	38
PID 1860 wrote to memory of 2516	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	38
PID 1860 wrote to memory of 2576	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	39
PID 1860 wrote to memory of 2576	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	39
PID 1860 wrote to memory of 2576	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	39
PID 1860 wrote to memory of 628	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	40
PID 1860 wrote to memory of 628	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	40
PID 1860 wrote to memory of 628	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	40
PID 1860 wrote to memory of 1680	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	41
PID 1860 wrote to memory of 1680	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	41
PID 1860 wrote to memory of 1680	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	41
PID 1860 wrote to memory of 596	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	42
PID 1860 wrote to memory of 596	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	42
PID 1860 wrote to memory of 596	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	42
PID 1860 wrote to memory of 1112	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	43
PID 1860 wrote to memory of 1112	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	43
PID 1860 wrote to memory of 1112	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	43
PID 1860 wrote to memory of 572	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	44
PID 1860 wrote to memory of 572	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	44
PID 1860 wrote to memory of 572	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	44
PID 1860 wrote to memory of 1660	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	45
PID 1860 wrote to memory of 1660	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	45
PID 1860 wrote to memory of 1660	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	45
PID 1860 wrote to memory of 2560	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	46
PID 1860 wrote to memory of 2560	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	46
PID 1860 wrote to memory of 2560	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	46
PID 1860 wrote to memory of 1336	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	47
PID 1860 wrote to memory of 1336	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	47
PID 1860 wrote to memory of 1336	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	47
PID 1860 wrote to memory of 1248	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	48
PID 1860 wrote to memory of 1248	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	48
PID 1860 wrote to memory of 1248	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	48
PID 1860 wrote to memory of 1648	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	49
PID 1860 wrote to memory of 1648	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	49
PID 1860 wrote to memory of 1648	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	49
PID 1860 wrote to memory of 1080	1860	JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe	50

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_446c731458d3d11e4318af472c3a999529434352bc1b4edc6224e87ab7a322b8.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1860
- C:\Windows\System\uYyykRR.exe
  C:\Windows\System\uYyykRR.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\MQMqiEh.exe
  C:\Windows\System\MQMqiEh.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\mgYkgGy.exe
  C:\Windows\System\mgYkgGy.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\SzdCgzX.exe
  C:\Windows\System\SzdCgzX.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\XgCfkmq.exe
  C:\Windows\System\XgCfkmq.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\YnqwdCS.exe
  C:\Windows\System\YnqwdCS.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\xGIrsRX.exe
  C:\Windows\System\xGIrsRX.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\XZSllpa.exe
  C:\Windows\System\XZSllpa.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\kilcdXe.exe
  C:\Windows\System\kilcdXe.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\ipjLNYA.exe
  C:\Windows\System\ipjLNYA.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\YZdDXHN.exe
  C:\Windows\System\YZdDXHN.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\GwrHjrC.exe
  C:\Windows\System\GwrHjrC.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\VUGYfES.exe
  C:\Windows\System\VUGYfES.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\zfVDxrk.exe
  C:\Windows\System\zfVDxrk.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\tdVfbSh.exe
  C:\Windows\System\tdVfbSh.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\NdSoaGF.exe
  C:\Windows\System\NdSoaGF.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\WPXdQrJ.exe
  C:\Windows\System\WPXdQrJ.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\ttSyALg.exe
  C:\Windows\System\ttSyALg.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\rWXOLoj.exe
  C:\Windows\System\rWXOLoj.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\ToMcWWh.exe
  C:\Windows\System\ToMcWWh.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\NBPqpNr.exe
  C:\Windows\System\NBPqpNr.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\uwXCAbt.exe
  C:\Windows\System\uwXCAbt.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\RaBoqBu.exe
  C:\Windows\System\RaBoqBu.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\ZdiNAUs.exe
  C:\Windows\System\ZdiNAUs.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\VSSYiXa.exe
  C:\Windows\System\VSSYiXa.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\fjVnyeo.exe
  C:\Windows\System\fjVnyeo.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\KxxPbXK.exe
  C:\Windows\System\KxxPbXK.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\kuIRRms.exe
  C:\Windows\System\kuIRRms.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\QyEsyzX.exe
  C:\Windows\System\QyEsyzX.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\jnMNRnM.exe
  C:\Windows\System\jnMNRnM.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\PmDGsbp.exe
  C:\Windows\System\PmDGsbp.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\XLySeuK.exe
  C:\Windows\System\XLySeuK.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\mBpFAzg.exe
  C:\Windows\System\mBpFAzg.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\JWDMoES.exe
  C:\Windows\System\JWDMoES.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\vKLCcPi.exe
  C:\Windows\System\vKLCcPi.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\WuHdDxE.exe
  C:\Windows\System\WuHdDxE.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\GptBklb.exe
  C:\Windows\System\GptBklb.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\RVBnCnC.exe
  C:\Windows\System\RVBnCnC.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\SDDrdUk.exe
  C:\Windows\System\SDDrdUk.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\IlKDjCO.exe
  C:\Windows\System\IlKDjCO.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\RBPdIMU.exe
  C:\Windows\System\RBPdIMU.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\aOhEGRa.exe
  C:\Windows\System\aOhEGRa.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\nilBxQL.exe
  C:\Windows\System\nilBxQL.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\pytWDNS.exe
  C:\Windows\System\pytWDNS.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\QdzPgEb.exe
  C:\Windows\System\QdzPgEb.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\TREStUT.exe
  C:\Windows\System\TREStUT.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\MXKCROL.exe
  C:\Windows\System\MXKCROL.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\JETgThb.exe
  C:\Windows\System\JETgThb.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\uHVAYJa.exe
  C:\Windows\System\uHVAYJa.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\miEJDbH.exe
  C:\Windows\System\miEJDbH.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\GoGmlSa.exe
  C:\Windows\System\GoGmlSa.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\zvyfKZk.exe
  C:\Windows\System\zvyfKZk.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\UbMiPRM.exe
  C:\Windows\System\UbMiPRM.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\xxOQqWk.exe
  C:\Windows\System\xxOQqWk.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\uNUBYBW.exe
  C:\Windows\System\uNUBYBW.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\KQNYnsJ.exe
  C:\Windows\System\KQNYnsJ.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\XNWcrUg.exe
  C:\Windows\System\XNWcrUg.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\OwPBfQW.exe
  C:\Windows\System\OwPBfQW.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\wChCRUI.exe
  C:\Windows\System\wChCRUI.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\MPMHEml.exe
  C:\Windows\System\MPMHEml.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\zCYntPJ.exe
  C:\Windows\System\zCYntPJ.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\HnehNCW.exe
  C:\Windows\System\HnehNCW.exe
  2⤵
  - Executes dropped EXE
  PID:476
- C:\Windows\System\JLHXXnJ.exe
  C:\Windows\System\JLHXXnJ.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\nguZQqF.exe
  C:\Windows\System\nguZQqF.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\NgjjBss.exe
  C:\Windows\System\NgjjBss.exe
  2⤵
  PID:2800
- C:\Windows\System\UgMVBAX.exe
  C:\Windows\System\UgMVBAX.exe
  2⤵
  PID:1808
- C:\Windows\System\zwtyfbW.exe
  C:\Windows\System\zwtyfbW.exe
  2⤵
  PID:3044
- C:\Windows\System\ZlorEXC.exe
  C:\Windows\System\ZlorEXC.exe
  2⤵
  PID:2724
- C:\Windows\System\BuVBMuC.exe
  C:\Windows\System\BuVBMuC.exe
  2⤵
  PID:2836
- C:\Windows\System\peMBhHw.exe
  C:\Windows\System\peMBhHw.exe
  2⤵
  PID:1712
- C:\Windows\System\piYfvxu.exe
  C:\Windows\System\piYfvxu.exe
  2⤵
  PID:2400
- C:\Windows\System\sGTbrVP.exe
  C:\Windows\System\sGTbrVP.exe
  2⤵
  PID:1996
- C:\Windows\System\KIOqhCM.exe
  C:\Windows\System\KIOqhCM.exe
  2⤵
  PID:1756
- C:\Windows\System\kUpgNIx.exe
  C:\Windows\System\kUpgNIx.exe
  2⤵
  PID:1836
- C:\Windows\System\LdZwGUs.exe
  C:\Windows\System\LdZwGUs.exe
  2⤵
  PID:2608
- C:\Windows\System\mmNKMon.exe
  C:\Windows\System\mmNKMon.exe
  2⤵
  PID:2228
- C:\Windows\System\phuNmkv.exe
  C:\Windows\System\phuNmkv.exe
  2⤵
  PID:2332
- C:\Windows\System\QUjrIux.exe
  C:\Windows\System\QUjrIux.exe
  2⤵
  PID:2680
- C:\Windows\System\IWspXoB.exe
  C:\Windows\System\IWspXoB.exe
  2⤵
  PID:1724
- C:\Windows\System\fkcIahW.exe
  C:\Windows\System\fkcIahW.exe
  2⤵
  PID:1004
- C:\Windows\System\GrceHHm.exe
  C:\Windows\System\GrceHHm.exe
  2⤵
  PID:1700
- C:\Windows\System\HJpsAVs.exe
  C:\Windows\System\HJpsAVs.exe
  2⤵
  PID:444
- C:\Windows\System\tQZOFVH.exe
  C:\Windows\System\tQZOFVH.exe
  2⤵
  PID:1328
- C:\Windows\System\wQxuuBA.exe
  C:\Windows\System\wQxuuBA.exe
  2⤵
  PID:1368
- C:\Windows\System\ISEemJP.exe
  C:\Windows\System\ISEemJP.exe
  2⤵
  PID:1164
- C:\Windows\System\yeuuDAa.exe
  C:\Windows\System\yeuuDAa.exe
  2⤵
  PID:888
- C:\Windows\System\mnHdprI.exe
  C:\Windows\System\mnHdprI.exe
  2⤵
  PID:916
- C:\Windows\System\RfKaKtH.exe
  C:\Windows\System\RfKaKtH.exe
  2⤵
  PID:1528
- C:\Windows\System\fyIRZrX.exe
  C:\Windows\System\fyIRZrX.exe
  2⤵
  PID:1928
- C:\Windows\System\hoPJDon.exe
  C:\Windows\System\hoPJDon.exe
  2⤵
  PID:2176
- C:\Windows\System\xTxlozX.exe
  C:\Windows\System\xTxlozX.exe
  2⤵
  PID:1520
- C:\Windows\System\NhAEmos.exe
  C:\Windows\System\NhAEmos.exe
  2⤵
  PID:1844
- C:\Windows\System\mIwsSsN.exe
  C:\Windows\System\mIwsSsN.exe
  2⤵
  PID:1588
- C:\Windows\System\CwTCznF.exe
  C:\Windows\System\CwTCznF.exe
  2⤵
  PID:2296
- C:\Windows\System\CTWfHFH.exe
  C:\Windows\System\CTWfHFH.exe
  2⤵
  PID:2748
- C:\Windows\System\PKetlRs.exe
  C:\Windows\System\PKetlRs.exe
  2⤵
  PID:2508
- C:\Windows\System\YiwLAVa.exe
  C:\Windows\System\YiwLAVa.exe
  2⤵
  PID:2780
- C:\Windows\System\PNWJjoB.exe
  C:\Windows\System\PNWJjoB.exe
  2⤵
  PID:2740
- C:\Windows\System\jVtxbIj.exe
  C:\Windows\System\jVtxbIj.exe
  2⤵
  PID:2552
- C:\Windows\System\bSMnZwm.exe
  C:\Windows\System\bSMnZwm.exe
  2⤵
  PID:556
- C:\Windows\System\lIhOrnV.exe
  C:\Windows\System\lIhOrnV.exe
  2⤵
  PID:292
- C:\Windows\System\UKnZmew.exe
  C:\Windows\System\UKnZmew.exe
  2⤵
  PID:1752
- C:\Windows\System\azgVmlM.exe
  C:\Windows\System\azgVmlM.exe
  2⤵
  PID:2656
- C:\Windows\System\gRDuUns.exe
  C:\Windows\System\gRDuUns.exe
  2⤵
  PID:2888
- C:\Windows\System\eUUtdHb.exe
  C:\Windows\System\eUUtdHb.exe
  2⤵
  PID:1820
- C:\Windows\System\JyJtQvt.exe
  C:\Windows\System\JyJtQvt.exe
  2⤵
  PID:2020
- C:\Windows\System\InCKegQ.exe
  C:\Windows\System\InCKegQ.exe
  2⤵
  PID:1028
- C:\Windows\System\RoXfmix.exe
  C:\Windows\System\RoXfmix.exe
  2⤵
  PID:2076
- C:\Windows\System\ipPhQQg.exe
  C:\Windows\System\ipPhQQg.exe
  2⤵
  PID:2732
- C:\Windows\System\ZyWAtvp.exe
  C:\Windows\System\ZyWAtvp.exe
  2⤵
  PID:2480
- C:\Windows\System\xWvllfK.exe
  C:\Windows\System\xWvllfK.exe
  2⤵
  PID:1208
- C:\Windows\System\EUbDBaX.exe
  C:\Windows\System\EUbDBaX.exe
  2⤵
  PID:2140
- C:\Windows\System\nUcoefn.exe
  C:\Windows\System\nUcoefn.exe
  2⤵
  PID:1788
- C:\Windows\System\bOVlLEn.exe
  C:\Windows\System\bOVlLEn.exe
  2⤵
  PID:812
- C:\Windows\System\vxEKLOf.exe
  C:\Windows\System\vxEKLOf.exe
  2⤵
  PID:1784
- C:\Windows\System\GdFOtGj.exe
  C:\Windows\System\GdFOtGj.exe
  2⤵
  PID:2580
- C:\Windows\System\olblCHz.exe
  C:\Windows\System\olblCHz.exe
  2⤵
  PID:2084
- C:\Windows\System\UNwdUWE.exe
  C:\Windows\System\UNwdUWE.exe
  2⤵
  PID:2604
- C:\Windows\System\Gymokoq.exe
  C:\Windows\System\Gymokoq.exe
  2⤵
  PID:2788
- C:\Windows\System\ZYIvaiY.exe
  C:\Windows\System\ZYIvaiY.exe
  2⤵
  PID:2272
- C:\Windows\System\xkcgUVj.exe
  C:\Windows\System\xkcgUVj.exe
  2⤵
  PID:3004
- C:\Windows\System\NVfCnvT.exe
  C:\Windows\System\NVfCnvT.exe
  2⤵
  PID:2672
- C:\Windows\System\sojkwej.exe
  C:\Windows\System\sojkwej.exe
  2⤵
  PID:1492
- C:\Windows\System\FGElbVP.exe
  C:\Windows\System\FGElbVP.exe
  2⤵
  PID:796
- C:\Windows\System\kHztybL.exe
  C:\Windows\System\kHztybL.exe
  2⤵
  PID:2636
- C:\Windows\System\igigsXs.exe
  C:\Windows\System\igigsXs.exe
  2⤵
  PID:2236
- C:\Windows\System\aFEiFHn.exe
  C:\Windows\System\aFEiFHn.exe
  2⤵
  PID:1988
- C:\Windows\System\zbLnWbG.exe
  C:\Windows\System\zbLnWbG.exe
  2⤵
  PID:324
- C:\Windows\System\JEgtwtO.exe
  C:\Windows\System\JEgtwtO.exe
  2⤵
  PID:1244
- C:\Windows\System\FFDnhsv.exe
  C:\Windows\System\FFDnhsv.exe
  2⤵
  PID:1880
- C:\Windows\System\iZKvTYM.exe
  C:\Windows\System\iZKvTYM.exe
  2⤵
  PID:568
- C:\Windows\System\suEdRRw.exe
  C:\Windows\System\suEdRRw.exe
  2⤵
  PID:2044
- C:\Windows\System\RBntJST.exe
  C:\Windows\System\RBntJST.exe
  2⤵
  PID:2564
- C:\Windows\System\qRgDINu.exe
  C:\Windows\System\qRgDINu.exe
  2⤵
  PID:2632
- C:\Windows\System\tuOoZcj.exe
  C:\Windows\System\tuOoZcj.exe
  2⤵
  PID:648
- C:\Windows\System\gZzrEOW.exe
  C:\Windows\System\gZzrEOW.exe
  2⤵
  PID:2784
- C:\Windows\System\DjDMHRZ.exe
  C:\Windows\System\DjDMHRZ.exe
  2⤵
  PID:588
- C:\Windows\System\xgbsgjW.exe
  C:\Windows\System\xgbsgjW.exe
  2⤵
  PID:2744
- C:\Windows\System\JnRhpOo.exe
  C:\Windows\System\JnRhpOo.exe
  2⤵
  PID:1348
- C:\Windows\System\eQoicTX.exe
  C:\Windows\System\eQoicTX.exe
  2⤵
  PID:2368
- C:\Windows\System\SMGMyEh.exe
  C:\Windows\System\SMGMyEh.exe
  2⤵
  PID:2848
- C:\Windows\System\qIRMcek.exe
  C:\Windows\System\qIRMcek.exe
  2⤵
  PID:1760
- C:\Windows\System\jOzhKbQ.exe
  C:\Windows\System\jOzhKbQ.exe
  2⤵
  PID:1032
- C:\Windows\System\TdEeBQZ.exe
  C:\Windows\System\TdEeBQZ.exe
  2⤵
  PID:2224
- C:\Windows\System\ebunhAr.exe
  C:\Windows\System\ebunhAr.exe
  2⤵
  PID:1516
- C:\Windows\System\yrGJcyc.exe
  C:\Windows\System\yrGJcyc.exe
  2⤵
  PID:1676
- C:\Windows\System\oruMkcE.exe
  C:\Windows\System\oruMkcE.exe
  2⤵
  PID:2544
- C:\Windows\System\kLjmUBW.exe
  C:\Windows\System\kLjmUBW.exe
  2⤵
  PID:2992
- C:\Windows\System\WJYIXRI.exe
  C:\Windows\System\WJYIXRI.exe
  2⤵
  PID:2356
- C:\Windows\System\LVTTsGK.exe
  C:\Windows\System\LVTTsGK.exe
  2⤵
  PID:2908
- C:\Windows\System\LIySOWC.exe
  C:\Windows\System\LIySOWC.exe
  2⤵
  PID:1488
- C:\Windows\System\zlpOZeL.exe
  C:\Windows\System\zlpOZeL.exe
  2⤵
  PID:2504
- C:\Windows\System\tdHsfIc.exe
  C:\Windows\System\tdHsfIc.exe
  2⤵
  PID:1340
- C:\Windows\System\FSlGtBL.exe
  C:\Windows\System\FSlGtBL.exe
  2⤵
  PID:3076
- C:\Windows\System\WusGFuZ.exe
  C:\Windows\System\WusGFuZ.exe
  2⤵
  PID:3092
- C:\Windows\System\SzQkerR.exe
  C:\Windows\System\SzQkerR.exe
  2⤵
  PID:3108
- C:\Windows\System\ufXKXFk.exe
  C:\Windows\System\ufXKXFk.exe
  2⤵
  PID:3124
- C:\Windows\System\MGHbzlo.exe
  C:\Windows\System\MGHbzlo.exe
  2⤵
  PID:3140
- C:\Windows\System\ObeaEZF.exe
  C:\Windows\System\ObeaEZF.exe
  2⤵
  PID:3180
- C:\Windows\System\VGJutQz.exe
  C:\Windows\System\VGJutQz.exe
  2⤵
  PID:3196
- C:\Windows\System\xIcZaoz.exe
  C:\Windows\System\xIcZaoz.exe
  2⤵
  PID:3220
- C:\Windows\System\gFJXKQl.exe
  C:\Windows\System\gFJXKQl.exe
  2⤵
  PID:3236
- C:\Windows\System\yVFLGcW.exe
  C:\Windows\System\yVFLGcW.exe
  2⤵
  PID:3252
- C:\Windows\System\wdOtaFP.exe
  C:\Windows\System\wdOtaFP.exe
  2⤵
  PID:3272
- C:\Windows\System\twdxeAl.exe
  C:\Windows\System\twdxeAl.exe
  2⤵
  PID:3312
- C:\Windows\System\fOdXPrF.exe
  C:\Windows\System\fOdXPrF.exe
  2⤵
  PID:3336
- C:\Windows\System\pfnFUsL.exe
  C:\Windows\System\pfnFUsL.exe
  2⤵
  PID:3352
- C:\Windows\System\LWLASLL.exe
  C:\Windows\System\LWLASLL.exe
  2⤵
  PID:3376
- C:\Windows\System\EWOiscu.exe
  C:\Windows\System\EWOiscu.exe
  2⤵
  PID:3392
- C:\Windows\System\rnMEZMF.exe
  C:\Windows\System\rnMEZMF.exe
  2⤵
  PID:3420
- C:\Windows\System\HNHWPTX.exe
  C:\Windows\System\HNHWPTX.exe
  2⤵
  PID:3440
- C:\Windows\System\lBHirdL.exe
  C:\Windows\System\lBHirdL.exe
  2⤵
  PID:3456
- C:\Windows\System\XzfhYvq.exe
  C:\Windows\System\XzfhYvq.exe
  2⤵
  PID:3472
- C:\Windows\System\LeNMSEa.exe
  C:\Windows\System\LeNMSEa.exe
  2⤵
  PID:3488
- C:\Windows\System\PwhVKFR.exe
  C:\Windows\System\PwhVKFR.exe
  2⤵
  PID:3504
- C:\Windows\System\leJlyzA.exe
  C:\Windows\System\leJlyzA.exe
  2⤵
  PID:3520
- C:\Windows\System\pyMFLjv.exe
  C:\Windows\System\pyMFLjv.exe
  2⤵
  PID:3536
- C:\Windows\System\yeOnnds.exe
  C:\Windows\System\yeOnnds.exe
  2⤵
  PID:3552
- C:\Windows\System\tXxeSZw.exe
  C:\Windows\System\tXxeSZw.exe
  2⤵
  PID:3580
- C:\Windows\System\MimOGyB.exe
  C:\Windows\System\MimOGyB.exe
  2⤵
  PID:3596
- C:\Windows\System\yRQnRoz.exe
  C:\Windows\System\yRQnRoz.exe
  2⤵
  PID:3636
- C:\Windows\System\sNjGcDg.exe
  C:\Windows\System\sNjGcDg.exe
  2⤵
  PID:3652
- C:\Windows\System\PqCLSpl.exe
  C:\Windows\System\PqCLSpl.exe
  2⤵
  PID:3668
- C:\Windows\System\umvQlnR.exe
  C:\Windows\System\umvQlnR.exe
  2⤵
  PID:3688
- C:\Windows\System\fnbYjfW.exe
  C:\Windows\System\fnbYjfW.exe
  2⤵
  PID:3708
- C:\Windows\System\WMTyuyO.exe
  C:\Windows\System\WMTyuyO.exe
  2⤵
  PID:3728
- C:\Windows\System\CwDQrfc.exe
  C:\Windows\System\CwDQrfc.exe
  2⤵
  PID:3772
- C:\Windows\System\SkVnDOh.exe
  C:\Windows\System\SkVnDOh.exe
  2⤵
  PID:3788
- C:\Windows\System\vZGpWYr.exe
  C:\Windows\System\vZGpWYr.exe
  2⤵
  PID:3804
- C:\Windows\System\FJevllV.exe
  C:\Windows\System\FJevllV.exe
  2⤵
  PID:3828
- C:\Windows\System\oDDYNig.exe
  C:\Windows\System\oDDYNig.exe
  2⤵
  PID:3844
- C:\Windows\System\WcfbHYn.exe
  C:\Windows\System\WcfbHYn.exe
  2⤵
  PID:3860
- C:\Windows\System\NrHXxLa.exe
  C:\Windows\System\NrHXxLa.exe
  2⤵
  PID:3876
- C:\Windows\System\YRUfYIv.exe
  C:\Windows\System\YRUfYIv.exe
  2⤵
  PID:3900
- C:\Windows\System\vceGOkv.exe
  C:\Windows\System\vceGOkv.exe
  2⤵
  PID:3916
- C:\Windows\System\ejkUQEA.exe
  C:\Windows\System\ejkUQEA.exe
  2⤵
  PID:3936
- C:\Windows\System\PSYremd.exe
  C:\Windows\System\PSYremd.exe
  2⤵
  PID:3952
- C:\Windows\System\jvNBEkW.exe
  C:\Windows\System\jvNBEkW.exe
  2⤵
  PID:3968
- C:\Windows\System\gRVqIjw.exe
  C:\Windows\System\gRVqIjw.exe
  2⤵
  PID:3984
- C:\Windows\System\qRTSuie.exe
  C:\Windows\System\qRTSuie.exe
  2⤵
  PID:4008
- C:\Windows\System\dZujULB.exe
  C:\Windows\System\dZujULB.exe
  2⤵
  PID:4032
- C:\Windows\System\jPwHwuB.exe
  C:\Windows\System\jPwHwuB.exe
  2⤵
  PID:4052
- C:\Windows\System\xuLUkDx.exe
  C:\Windows\System\xuLUkDx.exe
  2⤵
  PID:4080
- C:\Windows\System\alASOjL.exe
  C:\Windows\System\alASOjL.exe
  2⤵
  PID:2776
- C:\Windows\System\RtRlmfg.exe
  C:\Windows\System\RtRlmfg.exe
  2⤵
  PID:532
- C:\Windows\System\wwRGHLT.exe
  C:\Windows\System\wwRGHLT.exe
  2⤵
  PID:3120
- C:\Windows\System\TGsxSwd.exe
  C:\Windows\System\TGsxSwd.exe
  2⤵
  PID:2548
- C:\Windows\System\JgJQZPl.exe
  C:\Windows\System\JgJQZPl.exe
  2⤵
  PID:3204
- C:\Windows\System\xGRUNfP.exe
  C:\Windows\System\xGRUNfP.exe
  2⤵
  PID:3216
- C:\Windows\System\obflgOW.exe
  C:\Windows\System\obflgOW.exe
  2⤵
  PID:3292
- C:\Windows\System\OJfQOEn.exe
  C:\Windows\System\OJfQOEn.exe
  2⤵
  PID:3308
- C:\Windows\System\JqOyozs.exe
  C:\Windows\System\JqOyozs.exe
  2⤵
  PID:3388
- C:\Windows\System\FpPaQhL.exe
  C:\Windows\System\FpPaQhL.exe
  2⤵
  PID:3428
- C:\Windows\System\pDwpfKu.exe
  C:\Windows\System\pDwpfKu.exe
  2⤵
  PID:3468
- C:\Windows\System\rAWUJwS.exe
  C:\Windows\System\rAWUJwS.exe
  2⤵
  PID:3532
- C:\Windows\System\buztYbA.exe
  C:\Windows\System\buztYbA.exe
  2⤵
  PID:3576
- C:\Windows\System\AwGuTHc.exe
  C:\Windows\System\AwGuTHc.exe
  2⤵
  PID:3232
- C:\Windows\System\jhxVKuE.exe
  C:\Windows\System\jhxVKuE.exe
  2⤵
  PID:3412
- C:\Windows\System\ZGiiapg.exe
  C:\Windows\System\ZGiiapg.exe
  2⤵
  PID:2304
- C:\Windows\System\vRihHlg.exe
  C:\Windows\System\vRihHlg.exe
  2⤵
  PID:3324
- C:\Windows\System\IkkPkNM.exe
  C:\Windows\System\IkkPkNM.exe
  2⤵
  PID:3360
- C:\Windows\System\TSAZZUG.exe
  C:\Windows\System\TSAZZUG.exe
  2⤵
  PID:3620
- C:\Windows\System\FHXpHiu.exe
  C:\Windows\System\FHXpHiu.exe
  2⤵
  PID:3704
- C:\Windows\System\kETOVjv.exe
  C:\Windows\System\kETOVjv.exe
  2⤵
  PID:3740
- C:\Windows\System\HhxcOio.exe
  C:\Windows\System\HhxcOio.exe
  2⤵
  PID:3544
- C:\Windows\System\CvipOHq.exe
  C:\Windows\System\CvipOHq.exe
  2⤵
  PID:3644
- C:\Windows\System\KHwbqdJ.exe
  C:\Windows\System\KHwbqdJ.exe
  2⤵
  PID:3720
- C:\Windows\System\EgKMUfo.exe
  C:\Windows\System\EgKMUfo.exe
  2⤵
  PID:3768
- C:\Windows\System\UesHVKh.exe
  C:\Windows\System\UesHVKh.exe
  2⤵
  PID:3824
- C:\Windows\System\uuNtXtd.exe
  C:\Windows\System\uuNtXtd.exe
  2⤵
  PID:3796
- C:\Windows\System\dKaRdlC.exe
  C:\Windows\System\dKaRdlC.exe
  2⤵
  PID:3912
- C:\Windows\System\EdydwuQ.exe
  C:\Windows\System\EdydwuQ.exe
  2⤵
  PID:3852
- C:\Windows\System\VHyjOuz.exe
  C:\Windows\System\VHyjOuz.exe
  2⤵
  PID:4024
- C:\Windows\System\OOTGbcf.exe
  C:\Windows\System\OOTGbcf.exe
  2⤵
  PID:2476
- C:\Windows\System\raDwYWu.exe
  C:\Windows\System\raDwYWu.exe
  2⤵
  PID:4004
- C:\Windows\System\BawYSaw.exe
  C:\Windows\System\BawYSaw.exe
  2⤵
  PID:3996
- C:\Windows\System\Netccee.exe
  C:\Windows\System\Netccee.exe
  2⤵
  PID:3896
- C:\Windows\System\dFCYyLu.exe
  C:\Windows\System\dFCYyLu.exe
  2⤵
  PID:3964
- C:\Windows\System\gpAhOIC.exe
  C:\Windows\System\gpAhOIC.exe
  2⤵
  PID:3160
- C:\Windows\System\cVLKAjr.exe
  C:\Windows\System\cVLKAjr.exe
  2⤵
  PID:3116
- C:\Windows\System\DTivSNC.exe
  C:\Windows\System\DTivSNC.exe
  2⤵
  PID:3172
- C:\Windows\System\ntnAwFn.exe
  C:\Windows\System\ntnAwFn.exe
  2⤵
  PID:3212
- C:\Windows\System\KPJgIIj.exe
  C:\Windows\System\KPJgIIj.exe
  2⤵
  PID:3296
- C:\Windows\System\XyUiliP.exe
  C:\Windows\System\XyUiliP.exe
  2⤵
  PID:640
- C:\Windows\System\LeBMgyQ.exe
  C:\Windows\System\LeBMgyQ.exe
  2⤵
  PID:1868
- C:\Windows\System\TRvkuWn.exe
  C:\Windows\System\TRvkuWn.exe
  2⤵
  PID:3100
- C:\Windows\System\ACHgqXH.exe
  C:\Windows\System\ACHgqXH.exe
  2⤵
  PID:3432
- C:\Windows\System\eNhxArf.exe
  C:\Windows\System\eNhxArf.exe
  2⤵
  PID:3564
- C:\Windows\System\GuIWker.exe
  C:\Windows\System\GuIWker.exe
  2⤵
  PID:320
- C:\Windows\System\BNxpScu.exe
  C:\Windows\System\BNxpScu.exe
  2⤵
  PID:3408
- C:\Windows\System\fdXweYu.exe
  C:\Windows\System\fdXweYu.exe
  2⤵
  PID:3608
- C:\Windows\System\AGHqRAG.exe
  C:\Windows\System\AGHqRAG.exe
  2⤵
  PID:3660
- C:\Windows\System\EsLbXYA.exe
  C:\Windows\System\EsLbXYA.exe
  2⤵
  PID:3588
- C:\Windows\System\MmMvRhV.exe
  C:\Windows\System\MmMvRhV.exe
  2⤵
  PID:3516
- C:\Windows\System\CVOQfSd.exe
  C:\Windows\System\CVOQfSd.exe
  2⤵
  PID:3748
- C:\Windows\System\zfviZki.exe
  C:\Windows\System\zfviZki.exe
  2⤵
  PID:548
- C:\Windows\System\ByjiNAK.exe
  C:\Windows\System\ByjiNAK.exe
  2⤵
  PID:4016
- C:\Windows\System\eWRVzbZ.exe
  C:\Windows\System\eWRVzbZ.exe
  2⤵
  PID:3992
- C:\Windows\System\aEBrVNw.exe
  C:\Windows\System\aEBrVNw.exe
  2⤵
  PID:4060
- C:\Windows\System\ZfDDRWw.exe
  C:\Windows\System\ZfDDRWw.exe
  2⤵
  PID:3888
- C:\Windows\System\SRBsrZZ.exe
  C:\Windows\System\SRBsrZZ.exe
  2⤵
  PID:4044
- C:\Windows\System\EVckbqq.exe
  C:\Windows\System\EVckbqq.exe
  2⤵
  PID:3960
- C:\Windows\System\kwtgehQ.exe
  C:\Windows\System\kwtgehQ.exe
  2⤵
  PID:3084
- C:\Windows\System\iedIIJv.exe
  C:\Windows\System\iedIIJv.exe
  2⤵
  PID:2248
- C:\Windows\System\qWSOCCA.exe
  C:\Windows\System\qWSOCCA.exe
  2⤵
  PID:3192
- C:\Windows\System\IWIArEq.exe
  C:\Windows\System\IWIArEq.exe
  2⤵
  PID:3572
- C:\Windows\System\nvtuLIb.exe
  C:\Windows\System\nvtuLIb.exe
  2⤵
  PID:904
- C:\Windows\System\yVukmsx.exe
  C:\Windows\System\yVukmsx.exe
  2⤵
  PID:3416
- C:\Windows\System\HLTlyOI.exe
  C:\Windows\System\HLTlyOI.exe
  2⤵
  PID:3676
- C:\Windows\System\qHacAio.exe
  C:\Windows\System\qHacAio.exe
  2⤵
  PID:3332
- C:\Windows\System\LquRxGa.exe
  C:\Windows\System\LquRxGa.exe
  2⤵
  PID:332
- C:\Windows\System\SoAQMdq.exe
  C:\Windows\System\SoAQMdq.exe
  2⤵
  PID:3448
- C:\Windows\System\hplWTIZ.exe
  C:\Windows\System\hplWTIZ.exe
  2⤵
  PID:3628
- C:\Windows\System\UkqoBiF.exe
  C:\Windows\System\UkqoBiF.exe
  2⤵
  PID:3764
- C:\Windows\System\irfUAPm.exe
  C:\Windows\System\irfUAPm.exe
  2⤵
  PID:4000
- C:\Windows\System\CgGquPl.exe
  C:\Windows\System\CgGquPl.exe
  2⤵
  PID:3156
- C:\Windows\System\HfCtNcy.exe
  C:\Windows\System\HfCtNcy.exe
  2⤵
  PID:3088
- C:\Windows\System\aFfLxcM.exe
  C:\Windows\System\aFfLxcM.exe
  2⤵
  PID:2496
- C:\Windows\System\cYnSirO.exe
  C:\Windows\System\cYnSirO.exe
  2⤵
  PID:3928
- C:\Windows\System\uIkPnjC.exe
  C:\Windows\System\uIkPnjC.exe
  2⤵
  PID:3856
- C:\Windows\System\uKjmFIX.exe
  C:\Windows\System\uKjmFIX.exe
  2⤵
  PID:3744
- C:\Windows\System\LaRvkqb.exe
  C:\Windows\System\LaRvkqb.exe
  2⤵
  PID:3612
- C:\Windows\System\zpnRHEN.exe
  C:\Windows\System\zpnRHEN.exe
  2⤵
  PID:4092
- C:\Windows\System\gPAyicW.exe
  C:\Windows\System\gPAyicW.exe
  2⤵
  PID:2772
- C:\Windows\System\ouVnxkV.exe
  C:\Windows\System\ouVnxkV.exe
  2⤵
  PID:2320
- C:\Windows\System\mvnPVMY.exe
  C:\Windows\System\mvnPVMY.exe
  2⤵
  PID:4064
- C:\Windows\System\lKxdExR.exe
  C:\Windows\System\lKxdExR.exe
  2⤵
  PID:2996
- C:\Windows\System\ygklcBs.exe
  C:\Windows\System\ygklcBs.exe
  2⤵
  PID:4112
- C:\Windows\System\ROIvRhj.exe
  C:\Windows\System\ROIvRhj.exe
  2⤵
  PID:4136
- C:\Windows\System\HTiVlSE.exe
  C:\Windows\System\HTiVlSE.exe
  2⤵
  PID:4160
- C:\Windows\System\IGvCtRa.exe
  C:\Windows\System\IGvCtRa.exe
  2⤵
  PID:4184
- C:\Windows\System\yiKwsrb.exe
  C:\Windows\System\yiKwsrb.exe
  2⤵
  PID:4204
- C:\Windows\System\lCKnBHL.exe
  C:\Windows\System\lCKnBHL.exe
  2⤵
  PID:4220
- C:\Windows\System\WqKNNpE.exe
  C:\Windows\System\WqKNNpE.exe
  2⤵
  PID:4244
- C:\Windows\System\FwXxAvT.exe
  C:\Windows\System\FwXxAvT.exe
  2⤵
  PID:4264
- C:\Windows\System\LBAMCeF.exe
  C:\Windows\System\LBAMCeF.exe
  2⤵
  PID:4288
- C:\Windows\System\HNiQhiA.exe
  C:\Windows\System\HNiQhiA.exe
  2⤵
  PID:4312
- C:\Windows\System\cTQTNdq.exe
  C:\Windows\System\cTQTNdq.exe
  2⤵
  PID:4328
- C:\Windows\System\WjjVpVr.exe
  C:\Windows\System\WjjVpVr.exe
  2⤵
  PID:4344
- C:\Windows\System\NLKsbdQ.exe
  C:\Windows\System\NLKsbdQ.exe
  2⤵
  PID:4364
- C:\Windows\System\GHPhQZe.exe
  C:\Windows\System\GHPhQZe.exe
  2⤵
  PID:4380
- C:\Windows\System\bhrwkHy.exe
  C:\Windows\System\bhrwkHy.exe
  2⤵
  PID:4404
- C:\Windows\System\WvROXuz.exe
  C:\Windows\System\WvROXuz.exe
  2⤵
  PID:4424
- C:\Windows\System\mGMRGPu.exe
  C:\Windows\System\mGMRGPu.exe
  2⤵
  PID:4448
- C:\Windows\System\NTBGvMo.exe
  C:\Windows\System\NTBGvMo.exe
  2⤵
  PID:4464
- C:\Windows\System\CxysUJG.exe
  C:\Windows\System\CxysUJG.exe
  2⤵
  PID:4480
- C:\Windows\System\JFYMbDD.exe
  C:\Windows\System\JFYMbDD.exe
  2⤵
  PID:4496
- C:\Windows\System\WimzatH.exe
  C:\Windows\System\WimzatH.exe
  2⤵
  PID:4516
- C:\Windows\System\FdZHnii.exe
  C:\Windows\System\FdZHnii.exe
  2⤵
  PID:4532
- C:\Windows\System\ytgKCvF.exe
  C:\Windows\System\ytgKCvF.exe
  2⤵
  PID:4548
- C:\Windows\System\ldxMIrU.exe
  C:\Windows\System\ldxMIrU.exe
  2⤵
  PID:4564
- C:\Windows\System\DSWLrTi.exe
  C:\Windows\System\DSWLrTi.exe
  2⤵
  PID:4580
- C:\Windows\System\NgtfLET.exe
  C:\Windows\System\NgtfLET.exe
  2⤵
  PID:4596
- C:\Windows\System\yXGKlbD.exe
  C:\Windows\System\yXGKlbD.exe
  2⤵
  PID:4612
- C:\Windows\System\dlqhxxp.exe
  C:\Windows\System\dlqhxxp.exe
  2⤵
  PID:4632
- C:\Windows\System\NrmuKMN.exe
  C:\Windows\System\NrmuKMN.exe
  2⤵
  PID:4672
- C:\Windows\System\baXQQDa.exe
  C:\Windows\System\baXQQDa.exe
  2⤵
  PID:4688
- C:\Windows\System\DOfYaaQ.exe
  C:\Windows\System\DOfYaaQ.exe
  2⤵
  PID:4708
- C:\Windows\System\vWjYvYI.exe
  C:\Windows\System\vWjYvYI.exe
  2⤵
  PID:4728
- C:\Windows\System\WrBUvoS.exe
  C:\Windows\System\WrBUvoS.exe
  2⤵
  PID:4760
- C:\Windows\System\xEECKZy.exe
  C:\Windows\System\xEECKZy.exe
  2⤵
  PID:4784
- C:\Windows\System\OgpbHaI.exe
  C:\Windows\System\OgpbHaI.exe
  2⤵
  PID:4800
- C:\Windows\System\UTXkpcl.exe
  C:\Windows\System\UTXkpcl.exe
  2⤵
  PID:4820
- C:\Windows\System\FvmTJcH.exe
  C:\Windows\System\FvmTJcH.exe
  2⤵
  PID:4836
- C:\Windows\System\dBYMlzd.exe
  C:\Windows\System\dBYMlzd.exe
  2⤵
  PID:4860
- C:\Windows\System\ymjLUcs.exe
  C:\Windows\System\ymjLUcs.exe
  2⤵
  PID:4880
- C:\Windows\System\gCmTekz.exe
  C:\Windows\System\gCmTekz.exe
  2⤵
  PID:4896
- C:\Windows\System\oifNGgx.exe
  C:\Windows\System\oifNGgx.exe
  2⤵
  PID:4912
- C:\Windows\System\ofuifny.exe
  C:\Windows\System\ofuifny.exe
  2⤵
  PID:4932
- C:\Windows\System\OMnkrKn.exe
  C:\Windows\System\OMnkrKn.exe
  2⤵
  PID:4948
- C:\Windows\System\GKlSidS.exe
  C:\Windows\System\GKlSidS.exe
  2⤵
  PID:4968
- C:\Windows\System\TWsNggn.exe
  C:\Windows\System\TWsNggn.exe
  2⤵
  PID:4984
- C:\Windows\System\GvRQOMZ.exe
  C:\Windows\System\GvRQOMZ.exe
  2⤵
  PID:5008
- C:\Windows\System\satLKvx.exe
  C:\Windows\System\satLKvx.exe
  2⤵
  PID:5040
- C:\Windows\System\WBBTKOH.exe
  C:\Windows\System\WBBTKOH.exe
  2⤵
  PID:5056
- C:\Windows\System\JduWUno.exe
  C:\Windows\System\JduWUno.exe
  2⤵
  PID:5080
- C:\Windows\System\xnOxfeX.exe
  C:\Windows\System\xnOxfeX.exe
  2⤵
  PID:5100
- C:\Windows\System\zfZwZaJ.exe
  C:\Windows\System\zfZwZaJ.exe
  2⤵
  PID:2360
- C:\Windows\System\cAGyHdv.exe
  C:\Windows\System\cAGyHdv.exe
  2⤵
  PID:4176
- C:\Windows\System\oOwrGMZ.exe
  C:\Windows\System\oOwrGMZ.exe
  2⤵
  PID:3280
- C:\Windows\System\WHDATOP.exe
  C:\Windows\System\WHDATOP.exe
  2⤵
  PID:3836
- C:\Windows\System\rmKhAzG.exe
  C:\Windows\System\rmKhAzG.exe
  2⤵
  PID:4216
- C:\Windows\System\BjyRdvV.exe
  C:\Windows\System\BjyRdvV.exe
  2⤵
  PID:4072
- C:\Windows\System\qvZfGjq.exe
  C:\Windows\System\qvZfGjq.exe
  2⤵
  PID:3260
- C:\Windows\System\BESKtiV.exe
  C:\Windows\System\BESKtiV.exe
  2⤵
  PID:4144
- C:\Windows\System\JtEXGaS.exe
  C:\Windows\System\JtEXGaS.exe
  2⤵
  PID:4260
- C:\Windows\System\iRwiguW.exe
  C:\Windows\System\iRwiguW.exe
  2⤵
  PID:4108
- C:\Windows\System\OIwogtA.exe
  C:\Windows\System\OIwogtA.exe
  2⤵
  PID:4272
- C:\Windows\System\qKJWaQU.exe
  C:\Windows\System\qKJWaQU.exe
  2⤵
  PID:4228
- C:\Windows\System\tjWeUnt.exe
  C:\Windows\System\tjWeUnt.exe
  2⤵
  PID:4308
- C:\Windows\System\JtYRAKI.exe
  C:\Windows\System\JtYRAKI.exe
  2⤵
  PID:4336
- C:\Windows\System\GlgGUiq.exe
  C:\Windows\System\GlgGUiq.exe
  2⤵
  PID:4352
- C:\Windows\System\HOffxBO.exe
  C:\Windows\System\HOffxBO.exe
  2⤵
  PID:4416
- C:\Windows\System\eEirdhk.exe
  C:\Windows\System\eEirdhk.exe
  2⤵
  PID:2352
- C:\Windows\System\FjgIVMs.exe
  C:\Windows\System\FjgIVMs.exe
  2⤵
  PID:4560
- C:\Windows\System\jUMATdy.exe
  C:\Windows\System\jUMATdy.exe
  2⤵
  PID:4472
- C:\Windows\System\sDLicPq.exe
  C:\Windows\System\sDLicPq.exe
  2⤵
  PID:4544
- C:\Windows\System\JxogtjX.exe
  C:\Windows\System\JxogtjX.exe
  2⤵
  PID:4620
- C:\Windows\System\RqFWYDk.exe
  C:\Windows\System\RqFWYDk.exe
  2⤵
  PID:4684
- C:\Windows\System\QPZGoRM.exe
  C:\Windows\System\QPZGoRM.exe
  2⤵
  PID:4768
- C:\Windows\System\davPnEH.exe
  C:\Windows\System\davPnEH.exe
  2⤵
  PID:4644
- C:\Windows\System\TZVuPll.exe
  C:\Windows\System\TZVuPll.exe
  2⤵
  PID:4660
- C:\Windows\System\bHpFfrg.exe
  C:\Windows\System\bHpFfrg.exe
  2⤵
  PID:4704
- C:\Windows\System\CrpQCJz.exe
  C:\Windows\System\CrpQCJz.exe
  2⤵
  PID:4748
- C:\Windows\System\gucyMLQ.exe
  C:\Windows\System\gucyMLQ.exe
  2⤵
  PID:4816
- C:\Windows\System\tEupwsQ.exe
  C:\Windows\System\tEupwsQ.exe
  2⤵
  PID:4848
- C:\Windows\System\IwrbjJa.exe
  C:\Windows\System\IwrbjJa.exe
  2⤵
  PID:4888
- C:\Windows\System\mFvjQbr.exe
  C:\Windows\System\mFvjQbr.exe
  2⤵
  PID:5000
- C:\Windows\System\jAANmVW.exe
  C:\Windows\System\jAANmVW.exe
  2⤵
  PID:5052
- C:\Windows\System\zfQaZhD.exe
  C:\Windows\System\zfQaZhD.exe
  2⤵
  PID:4980
- C:\Windows\System\WcvEVCk.exe
  C:\Windows\System\WcvEVCk.exe
  2⤵
  PID:4128
- C:\Windows\System\GGCwxlq.exe
  C:\Windows\System\GGCwxlq.exe
  2⤵
  PID:4796
- C:\Windows\System\eNgAfTp.exe
  C:\Windows\System\eNgAfTp.exe
  2⤵
  PID:4872
- C:\Windows\System\aEqdVNe.exe
  C:\Windows\System\aEqdVNe.exe
  2⤵
  PID:4944
- C:\Windows\System\GoMidId.exe
  C:\Windows\System\GoMidId.exe
  2⤵
  PID:5036
- C:\Windows\System\TYetqHS.exe
  C:\Windows\System\TYetqHS.exe
  2⤵
  PID:5076
- C:\Windows\System\saAqYXL.exe
  C:\Windows\System\saAqYXL.exe
  2⤵
  PID:4124
- C:\Windows\System\paDuNEB.exe
  C:\Windows\System\paDuNEB.exe
  2⤵
  PID:4100
- C:\Windows\System\yFcudtJ.exe
  C:\Windows\System\yFcudtJ.exe
  2⤵
  PID:2712
- C:\Windows\System\XsreFOQ.exe
  C:\Windows\System\XsreFOQ.exe
  2⤵
  PID:3948
- C:\Windows\System\UFvwleB.exe
  C:\Windows\System\UFvwleB.exe
  2⤵
  PID:4300
- C:\Windows\System\iirhahC.exe
  C:\Windows\System\iirhahC.exe
  2⤵
  PID:4284
- C:\Windows\System\dPFRifq.exe
  C:\Windows\System\dPFRifq.exe
  2⤵
  PID:4492
- C:\Windows\System\bFzZNcW.exe
  C:\Windows\System\bFzZNcW.exe
  2⤵
  PID:4556
- C:\Windows\System\NSamitU.exe
  C:\Windows\System\NSamitU.exe
  2⤵
  PID:4240
- C:\Windows\System\TERLycA.exe
  C:\Windows\System\TERLycA.exe
  2⤵
  PID:3036
- C:\Windows\System\DmQPdAb.exe
  C:\Windows\System\DmQPdAb.exe
  2⤵
  PID:4440
- C:\Windows\System\Inqsrxy.exe
  C:\Windows\System\Inqsrxy.exe
  2⤵
  PID:4576
- C:\Windows\System\ZbHiyqK.exe
  C:\Windows\System\ZbHiyqK.exe
  2⤵
  PID:4592
- C:\Windows\System\DbTwTxe.exe
  C:\Windows\System\DbTwTxe.exe
  2⤵
  PID:4608
- C:\Windows\System\QYhHEZV.exe
  C:\Windows\System\QYhHEZV.exe
  2⤵
  PID:4808
- C:\Windows\System\EKEglLt.exe
  C:\Windows\System\EKEglLt.exe
  2⤵
  PID:4756
- C:\Windows\System\OoseFRg.exe
  C:\Windows\System\OoseFRg.exe
  2⤵
  PID:4744
- C:\Windows\System\DniHbkt.exe
  C:\Windows\System\DniHbkt.exe
  2⤵
  PID:4852
- C:\Windows\System\ZiVJKRS.exe
  C:\Windows\System\ZiVJKRS.exe
  2⤵
  PID:4992
- C:\Windows\System\raUMMIM.exe
  C:\Windows\System\raUMMIM.exe
  2⤵
  PID:4832
- C:\Windows\System\EcByqeQ.exe
  C:\Windows\System\EcByqeQ.exe
  2⤵
  PID:5016
- C:\Windows\System\aBAvXqh.exe
  C:\Windows\System\aBAvXqh.exe
  2⤵
  PID:4168
- C:\Windows\System\yXZYsEm.exe
  C:\Windows\System\yXZYsEm.exe
  2⤵
  PID:5112
- C:\Windows\System\ZVoPsoz.exe
  C:\Windows\System\ZVoPsoz.exe
  2⤵
  PID:4324
- C:\Windows\System\xFshBCM.exe
  C:\Windows\System\xFshBCM.exe
  2⤵
  PID:3716
- C:\Windows\System\PkHEWxT.exe
  C:\Windows\System\PkHEWxT.exe
  2⤵
  PID:4212
- C:\Windows\System\seMmmEg.exe
  C:\Windows\System\seMmmEg.exe
  2⤵
  PID:704
- C:\Windows\System\NECtYjo.exe
  C:\Windows\System\NECtYjo.exe
  2⤵
  PID:4256
- C:\Windows\System\gMzxEst.exe
  C:\Windows\System\gMzxEst.exe
  2⤵
  PID:4196
- C:\Windows\System\VDvttka.exe
  C:\Windows\System\VDvttka.exe
  2⤵
  PID:4436
- C:\Windows\System\jqutjVz.exe
  C:\Windows\System\jqutjVz.exe
  2⤵
  PID:3664
- C:\Windows\System\FBoOeHq.exe
  C:\Windows\System\FBoOeHq.exe
  2⤵
  PID:4960
- C:\Windows\System\QSRzjqm.exe
  C:\Windows\System\QSRzjqm.exe
  2⤵
  PID:4376
- C:\Windows\System\SOOWsGj.exe
  C:\Windows\System\SOOWsGj.exe
  2⤵
  PID:4640
- C:\Windows\System\YqHhuoo.exe
  C:\Windows\System\YqHhuoo.exe
  2⤵
  PID:3780
- C:\Windows\System\LJhvonc.exe
  C:\Windows\System\LJhvonc.exe
  2⤵
  PID:4628
- C:\Windows\System\askrLbU.exe
  C:\Windows\System\askrLbU.exe
  2⤵
  PID:4296
- C:\Windows\System\JOnmUSE.exe
  C:\Windows\System\JOnmUSE.exe
  2⤵
  PID:5048
- C:\Windows\System\VYtulMO.exe
  C:\Windows\System\VYtulMO.exe
  2⤵
  PID:5024
- C:\Windows\System\ZUDyskW.exe
  C:\Windows\System\ZUDyskW.exe
  2⤵
  PID:3320
- C:\Windows\System\VOsXkMo.exe
  C:\Windows\System\VOsXkMo.exe
  2⤵
  PID:4588
- C:\Windows\System\jftBMvY.exe
  C:\Windows\System\jftBMvY.exe
  2⤵
  PID:3680
- C:\Windows\System\jJVcprb.exe
  C:\Windows\System\jJVcprb.exe
  2⤵
  PID:4388
- C:\Windows\System\YBvJAMf.exe
  C:\Windows\System\YBvJAMf.exe
  2⤵
  PID:4720
- C:\Windows\System\OKYMbPq.exe
  C:\Windows\System\OKYMbPq.exe
  2⤵
  PID:4908
- C:\Windows\System\NwzRzOs.exe
  C:\Windows\System\NwzRzOs.exe
  2⤵
  PID:4752
- C:\Windows\System\KsvIbpX.exe
  C:\Windows\System\KsvIbpX.exe
  2⤵
  PID:4868
- C:\Windows\System\MXiaDbU.exe
  C:\Windows\System\MXiaDbU.exe
  2⤵
  PID:1204
- C:\Windows\System\DLylfvG.exe
  C:\Windows\System\DLylfvG.exe
  2⤵
  PID:4524
- C:\Windows\System\NJRwdsu.exe
  C:\Windows\System\NJRwdsu.exe
  2⤵
  PID:2004
- C:\Windows\System\KgKvIBv.exe
  C:\Windows\System\KgKvIBv.exe
  2⤵
  PID:2232
- C:\Windows\System\TzpVjvl.exe
  C:\Windows\System\TzpVjvl.exe
  2⤵
  PID:5124
- C:\Windows\System\RygcoVH.exe
  C:\Windows\System\RygcoVH.exe
  2⤵
  PID:5148
- C:\Windows\System\EKePWMW.exe
  C:\Windows\System\EKePWMW.exe
  2⤵
  PID:5164
- C:\Windows\System\uUlGdpB.exe
  C:\Windows\System\uUlGdpB.exe
  2⤵
  PID:5180
- C:\Windows\System\TBmjeaZ.exe
  C:\Windows\System\TBmjeaZ.exe
  2⤵
  PID:5216
- C:\Windows\System\JnJloQW.exe
  C:\Windows\System\JnJloQW.exe
  2⤵
  PID:5232
- C:\Windows\System\aiCDioB.exe
  C:\Windows\System\aiCDioB.exe
  2⤵
  PID:5256
- C:\Windows\System\ZNwWYke.exe
  C:\Windows\System\ZNwWYke.exe
  2⤵
  PID:5272
- C:\Windows\System\Resimut.exe
  C:\Windows\System\Resimut.exe
  2⤵
  PID:5288
- C:\Windows\System\MbGZyrN.exe
  C:\Windows\System\MbGZyrN.exe
  2⤵
  PID:5316
- C:\Windows\System\lLFdKVm.exe
  C:\Windows\System\lLFdKVm.exe
  2⤵
  PID:5332
- C:\Windows\System\zPMkjLc.exe
  C:\Windows\System\zPMkjLc.exe
  2⤵
  PID:5352
- C:\Windows\System\BtlVFDX.exe
  C:\Windows\System\BtlVFDX.exe
  2⤵
  PID:5368
- C:\Windows\System\DAsdLPS.exe
  C:\Windows\System\DAsdLPS.exe
  2⤵
  PID:5388
- C:\Windows\System\rYGVRqk.exe
  C:\Windows\System\rYGVRqk.exe
  2⤵
  PID:5408
- C:\Windows\System\ggVhYtC.exe
  C:\Windows\System\ggVhYtC.exe
  2⤵
  PID:5428
- C:\Windows\System\AFsrdhT.exe
  C:\Windows\System\AFsrdhT.exe
  2⤵
  PID:5444
- C:\Windows\System\ThmarRJ.exe
  C:\Windows\System\ThmarRJ.exe
  2⤵
  PID:5464
- C:\Windows\System\NdsHvSz.exe
  C:\Windows\System\NdsHvSz.exe
  2⤵
  PID:5480
- C:\Windows\System\vsMmakM.exe
  C:\Windows\System\vsMmakM.exe
  2⤵
  PID:5496
- C:\Windows\System\nlUoTPB.exe
  C:\Windows\System\nlUoTPB.exe
  2⤵
  PID:5512
- C:\Windows\System\VAxvkCh.exe
  C:\Windows\System\VAxvkCh.exe
  2⤵
  PID:5532
- C:\Windows\System\LWPhSmB.exe
  C:\Windows\System\LWPhSmB.exe
  2⤵
  PID:5552
- C:\Windows\System\FYYEQLP.exe
  C:\Windows\System\FYYEQLP.exe
  2⤵
  PID:5600
- C:\Windows\System\vGDJvXz.exe
  C:\Windows\System\vGDJvXz.exe
  2⤵
  PID:5616
- C:\Windows\System\HrpTcgl.exe
  C:\Windows\System\HrpTcgl.exe
  2⤵
  PID:5636
- C:\Windows\System\xcFYIrX.exe
  C:\Windows\System\xcFYIrX.exe
  2⤵
  PID:5656
- C:\Windows\System\FOMfAPK.exe
  C:\Windows\System\FOMfAPK.exe
  2⤵
  PID:5680
- C:\Windows\System\KdkRbpd.exe
  C:\Windows\System\KdkRbpd.exe
  2⤵
  PID:5696
- C:\Windows\System\whjYCRI.exe
  C:\Windows\System\whjYCRI.exe
  2⤵
  PID:5712
- C:\Windows\System\SsHcjRx.exe
  C:\Windows\System\SsHcjRx.exe
  2⤵
  PID:5732
- C:\Windows\System\VcYPWQI.exe
  C:\Windows\System\VcYPWQI.exe
  2⤵
  PID:5748
- C:\Windows\System\oVFrirI.exe
  C:\Windows\System\oVFrirI.exe
  2⤵
  PID:5768
- C:\Windows\System\ULESKwT.exe
  C:\Windows\System\ULESKwT.exe
  2⤵
  PID:5784
- C:\Windows\System\xTkzPCo.exe
  C:\Windows\System\xTkzPCo.exe
  2⤵
  PID:5808
- C:\Windows\System\GajvyUE.exe
  C:\Windows\System\GajvyUE.exe
  2⤵
  PID:5824
- C:\Windows\System\gWYjlBP.exe
  C:\Windows\System\gWYjlBP.exe
  2⤵
  PID:5848
- C:\Windows\System\SzkRGEM.exe
  C:\Windows\System\SzkRGEM.exe
  2⤵
  PID:5872
- C:\Windows\System\FCEijht.exe
  C:\Windows\System\FCEijht.exe
  2⤵
  PID:5888
- C:\Windows\System\GuFFhKj.exe
  C:\Windows\System\GuFFhKj.exe
  2⤵
  PID:5916
- C:\Windows\System\ytWjAHW.exe
  C:\Windows\System\ytWjAHW.exe
  2⤵
  PID:5940
- C:\Windows\System\IDfIaqL.exe
  C:\Windows\System\IDfIaqL.exe
  2⤵
  PID:5960
- C:\Windows\System\mXpBRTK.exe
  C:\Windows\System\mXpBRTK.exe
  2⤵
  PID:5976
- C:\Windows\System\MMGdWFE.exe
  C:\Windows\System\MMGdWFE.exe
  2⤵
  PID:5996
- C:\Windows\System\SgHXdeM.exe
  C:\Windows\System\SgHXdeM.exe
  2⤵
  PID:6012
- C:\Windows\System\fQtkYjO.exe
  C:\Windows\System\fQtkYjO.exe
  2⤵
  PID:6032
- C:\Windows\System\ogwUWtZ.exe
  C:\Windows\System\ogwUWtZ.exe
  2⤵
  PID:6052
- C:\Windows\System\fmGcAes.exe
  C:\Windows\System\fmGcAes.exe
  2⤵
  PID:6068
- C:\Windows\System\xljKGLQ.exe
  C:\Windows\System\xljKGLQ.exe
  2⤵
  PID:6088
- C:\Windows\System\ooPfgpU.exe
  C:\Windows\System\ooPfgpU.exe
  2⤵
  PID:6120
- C:\Windows\System\oiUuTEz.exe
  C:\Windows\System\oiUuTEz.exe
  2⤵
  PID:6136
- C:\Windows\System\FqPopvI.exe
  C:\Windows\System\FqPopvI.exe
  2⤵
  PID:4320
- C:\Windows\System\hcRwApq.exe
  C:\Windows\System\hcRwApq.exe
  2⤵
  PID:4976
- C:\Windows\System\wdCVBIc.exe
  C:\Windows\System\wdCVBIc.exe
  2⤵
  PID:4512
- C:\Windows\System\lMbRUtC.exe
  C:\Windows\System\lMbRUtC.exe
  2⤵
  PID:5172
- C:\Windows\System\gihfkKL.exe
  C:\Windows\System\gihfkKL.exe
  2⤵
  PID:2060
- C:\Windows\System\BCHHDVc.exe
  C:\Windows\System\BCHHDVc.exe
  2⤵
  PID:5192
- C:\Windows\System\peTUrTX.exe
  C:\Windows\System\peTUrTX.exe
  2⤵
  PID:5208
- C:\Windows\System\wKPGjbR.exe
  C:\Windows\System\wKPGjbR.exe
  2⤵
  PID:5228
- C:\Windows\System\iubPkMm.exe
  C:\Windows\System\iubPkMm.exe
  2⤵
  PID:5252
- C:\Windows\System\RkZFRJB.exe
  C:\Windows\System\RkZFRJB.exe
  2⤵
  PID:5308
- C:\Windows\System\ZvBFYYY.exe
  C:\Windows\System\ZvBFYYY.exe
  2⤵
  PID:5376
- C:\Windows\System\lfIMrPo.exe
  C:\Windows\System\lfIMrPo.exe
  2⤵
  PID:5424
- C:\Windows\System\kPTMeij.exe
  C:\Windows\System\kPTMeij.exe
  2⤵
  PID:5460
- C:\Windows\System\bynWGOH.exe
  C:\Windows\System\bynWGOH.exe
  2⤵
  PID:5560
- C:\Windows\System\UcnCMeL.exe
  C:\Windows\System\UcnCMeL.exe
  2⤵
  PID:5360
- C:\Windows\System\yoLOKZa.exe
  C:\Windows\System\yoLOKZa.exe
  2⤵
  PID:5324
- C:\Windows\System\sktohTb.exe
  C:\Windows\System\sktohTb.exe
  2⤵
  PID:5328
- C:\Windows\System\jTpaolz.exe
  C:\Windows\System\jTpaolz.exe
  2⤵
  PID:5404
- C:\Windows\System\DnfxLYG.exe
  C:\Windows\System\DnfxLYG.exe
  2⤵
  PID:5508
- C:\Windows\System\kXGuaPk.exe
  C:\Windows\System\kXGuaPk.exe
  2⤵
  PID:5632
- C:\Windows\System\eYduPlG.exe
  C:\Windows\System\eYduPlG.exe
  2⤵
  PID:5704
- C:\Windows\System\UBCpCSK.exe
  C:\Windows\System\UBCpCSK.exe
  2⤵
  PID:5740
- C:\Windows\System\dznkOPb.exe
  C:\Windows\System\dznkOPb.exe
  2⤵
  PID:5820
- C:\Windows\System\FJeFsGW.exe
  C:\Windows\System\FJeFsGW.exe
  2⤵
  PID:5792
- C:\Windows\System\FChWowL.exe
  C:\Windows\System\FChWowL.exe
  2⤵
  PID:5796
- C:\Windows\System\lmzIBap.exe
  C:\Windows\System\lmzIBap.exe
  2⤵
  PID:5760
- C:\Windows\System\WxdFlqX.exe
  C:\Windows\System\WxdFlqX.exe
  2⤵
  PID:5900
- C:\Windows\System\uKVyaXE.exe
  C:\Windows\System\uKVyaXE.exe
  2⤵
  PID:5912
- C:\Windows\System\JsmGMYo.exe
  C:\Windows\System\JsmGMYo.exe
  2⤵
  PID:5928
- C:\Windows\System\OZzkEdo.exe
  C:\Windows\System\OZzkEdo.exe
  2⤵
  PID:5956
- C:\Windows\System\pgjHALS.exe
  C:\Windows\System\pgjHALS.exe
  2⤵
  PID:6024
- C:\Windows\System\dknefgs.exe
  C:\Windows\System\dknefgs.exe
  2⤵
  PID:6108
- C:\Windows\System\BEkwliN.exe
  C:\Windows\System\BEkwliN.exe
  2⤵
  PID:5132
- C:\Windows\System\MmgqNSU.exe
  C:\Windows\System\MmgqNSU.exe
  2⤵
  PID:6008
- C:\Windows\System\RyxQAhC.exe
  C:\Windows\System\RyxQAhC.exe
  2⤵
  PID:6076
- C:\Windows\System\dpYqqUD.exe
  C:\Windows\System\dpYqqUD.exe
  2⤵
  PID:5116
- C:\Windows\System\pnQckVX.exe
  C:\Windows\System\pnQckVX.exe
  2⤵
  PID:2404
- C:\Windows\System\jpGjwfv.exe
  C:\Windows\System\jpGjwfv.exe
  2⤵
  PID:5248
- C:\Windows\System\TgWrllR.exe
  C:\Windows\System\TgWrllR.exe
  2⤵
  PID:5268
- C:\Windows\System\jMAKLnb.exe
  C:\Windows\System\jMAKLnb.exe
  2⤵
  PID:5456
- C:\Windows\System\xDNUuff.exe
  C:\Windows\System\xDNUuff.exe
  2⤵
  PID:4460
- C:\Windows\System\XtDeRLL.exe
  C:\Windows\System\XtDeRLL.exe
  2⤵
  PID:5188
- C:\Windows\System\WdMqJbQ.exe
  C:\Windows\System\WdMqJbQ.exe
  2⤵
  PID:5672
- C:\Windows\System\fOEsrGd.exe
  C:\Windows\System\fOEsrGd.exe
  2⤵
  PID:5648
- C:\Windows\System\LPyfdQO.exe
  C:\Windows\System\LPyfdQO.exe
  2⤵
  PID:5728
- C:\Windows\System\BIzPDXr.exe
  C:\Windows\System\BIzPDXr.exe
  2⤵
  PID:5296
- C:\Windows\System\agDIWFc.exe
  C:\Windows\System\agDIWFc.exe
  2⤵
  PID:5544
- C:\Windows\System\jFCwgIX.exe
  C:\Windows\System\jFCwgIX.exe
  2⤵
  PID:5868
- C:\Windows\System\HcdyJlG.exe
  C:\Windows\System\HcdyJlG.exe
  2⤵
  PID:5520
- C:\Windows\System\NwoxdKp.exe
  C:\Windows\System\NwoxdKp.exe
  2⤵
  PID:5644
- C:\Windows\System\CwsZYfs.exe
  C:\Windows\System\CwsZYfs.exe
  2⤵
  PID:5924
- C:\Windows\System\yZgbwrt.exe
  C:\Windows\System\yZgbwrt.exe
  2⤵
  PID:5756
- C:\Windows\System\uLFXcXD.exe
  C:\Windows\System\uLFXcXD.exe
  2⤵
  PID:6116
- C:\Windows\System\kOPmHxD.exe
  C:\Windows\System\kOPmHxD.exe
  2⤵
  PID:6132
- C:\Windows\System\iUSbvof.exe
  C:\Windows\System\iUSbvof.exe
  2⤵
  PID:5972
- C:\Windows\System\gcoNjjx.exe
  C:\Windows\System\gcoNjjx.exe
  2⤵
  PID:4904
- C:\Windows\System\tHgicns.exe
  C:\Windows\System\tHgicns.exe
  2⤵
  PID:5576
- C:\Windows\System\JYdLFVP.exe
  C:\Windows\System\JYdLFVP.exe
  2⤵
  PID:5476
- C:\Windows\System\qZDyuSm.exe
  C:\Windows\System\qZDyuSm.exe
  2⤵
  PID:5200
- C:\Windows\System\BPclkww.exe
  C:\Windows\System\BPclkww.exe
  2⤵
  PID:5724
- C:\Windows\System\hrQIxTl.exe
  C:\Windows\System\hrQIxTl.exe
  2⤵
  PID:5840
- C:\Windows\System\bhGOOMD.exe
  C:\Windows\System\bhGOOMD.exe
  2⤵
  PID:5472
- C:\Windows\System\VhIlmTK.exe
  C:\Windows\System\VhIlmTK.exe
  2⤵
  PID:6020
- C:\Windows\System\cNzPTnF.exe
  C:\Windows\System\cNzPTnF.exe
  2⤵
  PID:5156
- C:\Windows\System\poJOypI.exe
  C:\Windows\System\poJOypI.exe
  2⤵
  PID:5280
- C:\Windows\System\wGTxRZQ.exe
  C:\Windows\System\wGTxRZQ.exe
  2⤵
  PID:5608
- C:\Windows\System\CVluQNk.exe
  C:\Windows\System\CVluQNk.exe
  2⤵
  PID:6044
- C:\Windows\System\zCwbMHt.exe
  C:\Windows\System\zCwbMHt.exe
  2⤵
  PID:6048
- C:\Windows\System\LHMkIts.exe
  C:\Windows\System\LHMkIts.exe
  2⤵
  PID:4956
- C:\Windows\System\zzMZYsA.exe
  C:\Windows\System\zzMZYsA.exe
  2⤵
  PID:3328
- C:\Windows\System\eMBPrmx.exe
  C:\Windows\System\eMBPrmx.exe
  2⤵
  PID:5896
- C:\Windows\System\MUQAdCc.exe
  C:\Windows\System\MUQAdCc.exe
  2⤵
  PID:5284
- C:\Windows\System\OXdCYlw.exe
  C:\Windows\System\OXdCYlw.exe
  2⤵
  PID:5348
- C:\Windows\System\QnMPcPT.exe
  C:\Windows\System\QnMPcPT.exe
  2⤵
  PID:5564
- C:\Windows\System\LTSJEWW.exe
  C:\Windows\System\LTSJEWW.exe
  2⤵
  PID:5144
- C:\Windows\System\PGSnFOs.exe
  C:\Windows\System\PGSnFOs.exe
  2⤵
  PID:6084
- C:\Windows\System\rnykEgo.exe
  C:\Windows\System\rnykEgo.exe
  2⤵
  PID:5628
- C:\Windows\System\MZtAsPb.exe
  C:\Windows\System\MZtAsPb.exe
  2⤵
  PID:5416
- C:\Windows\System\hLxWZXo.exe
  C:\Windows\System\hLxWZXo.exe
  2⤵
  PID:5400
- C:\Windows\System\hOFhwfy.exe
  C:\Windows\System\hOFhwfy.exe
  2⤵
  PID:5688
- C:\Windows\System\CEWMIjQ.exe
  C:\Windows\System\CEWMIjQ.exe
  2⤵
  PID:6096
- C:\Windows\System\RmaUmED.exe
  C:\Windows\System\RmaUmED.exe
  2⤵
  PID:5948
- C:\Windows\System\WGjWtSh.exe
  C:\Windows\System\WGjWtSh.exe
  2⤵
  PID:6168
- C:\Windows\System\MhehfRQ.exe
  C:\Windows\System\MhehfRQ.exe
  2⤵
  PID:6188
- C:\Windows\System\mQtpGXC.exe
  C:\Windows\System\mQtpGXC.exe
  2⤵
  PID:6204
- C:\Windows\System\AIdMDTL.exe
  C:\Windows\System\AIdMDTL.exe
  2⤵
  PID:6224
- C:\Windows\System\ANvJCOF.exe
  C:\Windows\System\ANvJCOF.exe
  2⤵
  PID:6240
- C:\Windows\System\BDPSxJg.exe
  C:\Windows\System\BDPSxJg.exe
  2⤵
  PID:6260
- C:\Windows\System\qgfmHCM.exe
  C:\Windows\System\qgfmHCM.exe
  2⤵
  PID:6276
- C:\Windows\System\rylNcYt.exe
  C:\Windows\System\rylNcYt.exe
  2⤵
  PID:6300
- C:\Windows\System\FuHdERU.exe
  C:\Windows\System\FuHdERU.exe
  2⤵
  PID:6336
- C:\Windows\System\wvvFKTe.exe
  C:\Windows\System\wvvFKTe.exe
  2⤵
  PID:6352
- C:\Windows\System\cKBmczP.exe
  C:\Windows\System\cKBmczP.exe
  2⤵
  PID:6368
- C:\Windows\System\clSnlEA.exe
  C:\Windows\System\clSnlEA.exe
  2⤵
  PID:6392
- C:\Windows\System\AfQDGZB.exe
  C:\Windows\System\AfQDGZB.exe
  2⤵
  PID:6408
- C:\Windows\System\Mfuhxgo.exe
  C:\Windows\System\Mfuhxgo.exe
  2⤵
  PID:6432
- C:\Windows\System\wrGXejJ.exe
  C:\Windows\System\wrGXejJ.exe
  2⤵
  PID:6448
- C:\Windows\System\gVHSfwg.exe
  C:\Windows\System\gVHSfwg.exe
  2⤵
  PID:6472
- C:\Windows\System\CLTDSpd.exe
  C:\Windows\System\CLTDSpd.exe
  2⤵
  PID:6496
- C:\Windows\System\haleGNv.exe
  C:\Windows\System\haleGNv.exe
  2⤵
  PID:6512
- C:\Windows\System\XLGjNgN.exe
  C:\Windows\System\XLGjNgN.exe
  2⤵
  PID:6532
- C:\Windows\System\acOhVsL.exe
  C:\Windows\System\acOhVsL.exe
  2⤵
  PID:6556
- C:\Windows\System\SbitzDK.exe
  C:\Windows\System\SbitzDK.exe
  2⤵
  PID:6576
- C:\Windows\System\BoHgBcD.exe
  C:\Windows\System\BoHgBcD.exe
  2⤵
  PID:6592
- C:\Windows\System\qgjRGdG.exe
  C:\Windows\System\qgjRGdG.exe
  2⤵
  PID:6612
- C:\Windows\System\VTNZgxN.exe
  C:\Windows\System\VTNZgxN.exe
  2⤵
  PID:6632
- C:\Windows\System\wJhoaay.exe
  C:\Windows\System\wJhoaay.exe
  2⤵
  PID:6652
- C:\Windows\System\eebasjX.exe
  C:\Windows\System\eebasjX.exe
  2⤵
  PID:6668
- C:\Windows\System\ABDKBjy.exe
  C:\Windows\System\ABDKBjy.exe
  2⤵
  PID:6684
- C:\Windows\System\azCHJVt.exe
  C:\Windows\System\azCHJVt.exe
  2⤵
  PID:6704
- C:\Windows\System\SOdmbiN.exe
  C:\Windows\System\SOdmbiN.exe
  2⤵
  PID:6724
- C:\Windows\System\intpfjY.exe
  C:\Windows\System\intpfjY.exe
  2⤵
  PID:6740
- C:\Windows\System\LpZmynT.exe
  C:\Windows\System\LpZmynT.exe
  2⤵
  PID:6756
- C:\Windows\System\MtTaJOH.exe
  C:\Windows\System\MtTaJOH.exe
  2⤵
  PID:6784
- C:\Windows\System\vtenNDy.exe
  C:\Windows\System\vtenNDy.exe
  2⤵
  PID:6804
- C:\Windows\System\NHsjptR.exe
  C:\Windows\System\NHsjptR.exe
  2⤵
  PID:6820
- C:\Windows\System\JmIAvEY.exe
  C:\Windows\System\JmIAvEY.exe
  2⤵
  PID:6852
- C:\Windows\System\VmlGvNL.exe
  C:\Windows\System\VmlGvNL.exe
  2⤵
  PID:6872
- C:\Windows\System\WOsEpZd.exe
  C:\Windows\System\WOsEpZd.exe
  2⤵
  PID:6888
- C:\Windows\System\qbUWPJX.exe
  C:\Windows\System\qbUWPJX.exe
  2⤵
  PID:6912
- C:\Windows\System\ztXYUyH.exe
  C:\Windows\System\ztXYUyH.exe
  2⤵
  PID:6932
- C:\Windows\System\eSOKQgz.exe
  C:\Windows\System\eSOKQgz.exe
  2⤵
  PID:6952
- C:\Windows\System\axptnjo.exe
  C:\Windows\System\axptnjo.exe
  2⤵
  PID:6976
- C:\Windows\System\vZDgHCE.exe
  C:\Windows\System\vZDgHCE.exe
  2⤵
  PID:6996
- C:\Windows\System\dFRgnsH.exe
  C:\Windows\System\dFRgnsH.exe
  2⤵
  PID:7012
- C:\Windows\System\FhDmEot.exe
  C:\Windows\System\FhDmEot.exe
  2⤵
  PID:7032
- C:\Windows\System\zPoCvZp.exe
  C:\Windows\System\zPoCvZp.exe
  2⤵
  PID:7056
- C:\Windows\System\jbzxGkC.exe
  C:\Windows\System\jbzxGkC.exe
  2⤵
  PID:7076
- C:\Windows\System\NuZpWUj.exe
  C:\Windows\System\NuZpWUj.exe
  2⤵
  PID:7092
- C:\Windows\System\gSzplyX.exe
  C:\Windows\System\gSzplyX.exe
  2⤵
  PID:7108
- C:\Windows\System\NjVhVEY.exe
  C:\Windows\System\NjVhVEY.exe
  2⤵
  PID:7132
- C:\Windows\System\aSokQwh.exe
  C:\Windows\System\aSokQwh.exe
  2⤵
  PID:7152
- C:\Windows\System\cjapxfe.exe
  C:\Windows\System\cjapxfe.exe
  2⤵
  PID:6156
- C:\Windows\System\JMqkDIn.exe
  C:\Windows\System\JMqkDIn.exe
  2⤵
  PID:5652
- C:\Windows\System\KwvRuNx.exe
  C:\Windows\System\KwvRuNx.exe
  2⤵
  PID:5204
- C:\Windows\System\UqGeSOP.exe
  C:\Windows\System\UqGeSOP.exe
  2⤵
  PID:6232
- C:\Windows\System\rMjWpTl.exe
  C:\Windows\System\rMjWpTl.exe
  2⤵
  PID:6308
- C:\Windows\System\GgeTqhu.exe
  C:\Windows\System\GgeTqhu.exe
  2⤵
  PID:6176
- C:\Windows\System\pScSfWu.exe
  C:\Windows\System\pScSfWu.exe
  2⤵
  PID:6220
- C:\Windows\System\smXFDEI.exe
  C:\Windows\System\smXFDEI.exe
  2⤵
  PID:6284
- C:\Windows\System\pdxKSwi.exe
  C:\Windows\System\pdxKSwi.exe
  2⤵
  PID:6364
- C:\Windows\System\pYxfMVT.exe
  C:\Windows\System\pYxfMVT.exe
  2⤵
  PID:6440
- C:\Windows\System\gEOEpkr.exe
  C:\Windows\System\gEOEpkr.exe
  2⤵
  PID:6348
- C:\Windows\System\jIsENbp.exe
  C:\Windows\System\jIsENbp.exe
  2⤵
  PID:6492
- C:\Windows\System\JokwkBt.exe
  C:\Windows\System\JokwkBt.exe
  2⤵
  PID:6460
- C:\Windows\System\JvqUtql.exe
  C:\Windows\System\JvqUtql.exe
  2⤵
  PID:6528
- C:\Windows\System\cdPEoGr.exe
  C:\Windows\System\cdPEoGr.exe
  2⤵
  PID:6552
- C:\Windows\System\pWJBRHR.exe
  C:\Windows\System\pWJBRHR.exe
  2⤵
  PID:6588
- C:\Windows\System\LKozhEk.exe
  C:\Windows\System\LKozhEk.exe
  2⤵
  PID:6640
- C:\Windows\System\YKiMHZb.exe
  C:\Windows\System\YKiMHZb.exe
  2⤵
  PID:6676
- C:\Windows\System\ukvlphB.exe
  C:\Windows\System\ukvlphB.exe
  2⤵
  PID:6628
- C:\Windows\System\BRGLsmq.exe
  C:\Windows\System\BRGLsmq.exe
  2⤵
  PID:6800
- C:\Windows\System\kZXRfuN.exe
  C:\Windows\System\kZXRfuN.exe
  2⤵
  PID:6660
- C:\Windows\System\fblxczB.exe
  C:\Windows\System\fblxczB.exe
  2⤵
  PID:6696
- C:\Windows\System\IOeGWjk.exe
  C:\Windows\System\IOeGWjk.exe
  2⤵
  PID:6880
- C:\Windows\System\IRQomEN.exe
  C:\Windows\System\IRQomEN.exe
  2⤵
  PID:6776
- C:\Windows\System\hxwtAyo.exe
  C:\Windows\System\hxwtAyo.exe
  2⤵
  PID:6864
- C:\Windows\System\aJzFgQI.exe
  C:\Windows\System\aJzFgQI.exe
  2⤵
  PID:6908
- C:\Windows\System\ulcFTjU.exe
  C:\Windows\System\ulcFTjU.exe
  2⤵
  PID:6944
- C:\Windows\System\MZHptCC.exe
  C:\Windows\System\MZHptCC.exe
  2⤵
  PID:6984
- C:\Windows\System\yjUKERE.exe
  C:\Windows\System\yjUKERE.exe
  2⤵
  PID:7040
- C:\Windows\System\lxJVqOd.exe
  C:\Windows\System\lxJVqOd.exe
  2⤵
  PID:7044
- C:\Windows\System\OHVpGfU.exe
  C:\Windows\System\OHVpGfU.exe
  2⤵
  PID:7068
- C:\Windows\System\sNdpmaz.exe
  C:\Windows\System\sNdpmaz.exe
  2⤵
  PID:7100
- C:\Windows\System\HOwxhtE.exe
  C:\Windows\System\HOwxhtE.exe
  2⤵
  PID:7140
- C:\Windows\System\mKGIjLW.exe
  C:\Windows\System\mKGIjLW.exe
  2⤵
  PID:5936
- C:\Windows\System\XPBexTD.exe
  C:\Windows\System\XPBexTD.exe
  2⤵
  PID:5136
- C:\Windows\System\rfofofV.exe
  C:\Windows\System\rfofofV.exe
  2⤵
  PID:1584
- C:\Windows\System\GNFnYAp.exe
  C:\Windows\System\GNFnYAp.exe
  2⤵
  PID:6332
- C:\Windows\System\OGuyrml.exe
  C:\Windows\System\OGuyrml.exe
  2⤵
  PID:6320
- C:\Windows\System\HYfjpjM.exe
  C:\Windows\System\HYfjpjM.exe
  2⤵
  PID:6428
- C:\Windows\System\cbqPkjq.exe
  C:\Windows\System\cbqPkjq.exe
  2⤵
  PID:6484
- C:\Windows\System\yzojpJy.exe
  C:\Windows\System\yzojpJy.exe
  2⤵
  PID:6468
- C:\Windows\System\DaekCAO.exe
  C:\Windows\System\DaekCAO.exe
  2⤵
  PID:6540
- C:\Windows\System\caqSguw.exe
  C:\Windows\System\caqSguw.exe
  2⤵
  PID:6568
- C:\Windows\System\BclDpkt.exe
  C:\Windows\System\BclDpkt.exe
  2⤵
  PID:6720
- C:\Windows\System\TbJCxnq.exe
  C:\Windows\System\TbJCxnq.exe
  2⤵
  PID:6836
- C:\Windows\System\FWdqCmz.exe
  C:\Windows\System\FWdqCmz.exe
  2⤵
  PID:6848
- C:\Windows\System\LNxJLKj.exe
  C:\Windows\System\LNxJLKj.exe
  2⤵
  PID:6884
- C:\Windows\System\WiqZKXj.exe
  C:\Windows\System\WiqZKXj.exe
  2⤵
  PID:6816
- C:\Windows\System\mnnrihS.exe
  C:\Windows\System\mnnrihS.exe
  2⤵
  PID:6960
- C:\Windows\System\vyQSmPD.exe
  C:\Windows\System\vyQSmPD.exe
  2⤵
  PID:6964
- C:\Windows\System\YyxfPuz.exe
  C:\Windows\System\YyxfPuz.exe
  2⤵
  PID:7024
- C:\Windows\System\snhkxME.exe
  C:\Windows\System\snhkxME.exe
  2⤵
  PID:7124
- C:\Windows\System\YqPSGSm.exe
  C:\Windows\System\YqPSGSm.exe
  2⤵
  PID:7120
- C:\Windows\System\JqObEiE.exe
  C:\Windows\System\JqObEiE.exe
  2⤵
  PID:6160
- C:\Windows\System\NBBEORG.exe
  C:\Windows\System\NBBEORG.exe
  2⤵
  PID:6292
- C:\Windows\System\wcqJRUV.exe
  C:\Windows\System\wcqJRUV.exe
  2⤵
  PID:6296
- C:\Windows\System\HZlydwq.exe
  C:\Windows\System\HZlydwq.exe
  2⤵
  PID:6212
- C:\Windows\System\nwcsAES.exe
  C:\Windows\System\nwcsAES.exe
  2⤵
  PID:6524
- C:\Windows\System\IEoCdzZ.exe
  C:\Windows\System\IEoCdzZ.exe
  2⤵
  PID:6604
- C:\Windows\System\rpYfPWP.exe
  C:\Windows\System\rpYfPWP.exe
  2⤵
  PID:6316
- C:\Windows\System\qreZcxu.exe
  C:\Windows\System\qreZcxu.exe
  2⤵
  PID:6796
- C:\Windows\System\fDrrSxr.exe
  C:\Windows\System\fDrrSxr.exe
  2⤵
  PID:6988
- C:\Windows\System\nWaAUde.exe
  C:\Windows\System\nWaAUde.exe
  2⤵
  PID:6972
- C:\Windows\System\HvHIZtO.exe
  C:\Windows\System\HvHIZtO.exe
  2⤵
  PID:7116
- C:\Windows\System\LAHLhgG.exe
  C:\Windows\System\LAHLhgG.exe
  2⤵
  PID:6252
- C:\Windows\System\vUKzotm.exe
  C:\Windows\System\vUKzotm.exe
  2⤵
  PID:7052
- C:\Windows\System\YVodWUx.exe
  C:\Windows\System\YVodWUx.exe
  2⤵
  PID:7164
- C:\Windows\System\sXWdEcJ.exe
  C:\Windows\System\sXWdEcJ.exe
  2⤵
  PID:6544
- C:\Windows\System\QgWSowF.exe
  C:\Windows\System\QgWSowF.exe
  2⤵
  PID:7144
- C:\Windows\System\OuyKpyb.exe
  C:\Windows\System\OuyKpyb.exe
  2⤵
  PID:6780
- C:\Windows\System\QNjzTMF.exe
  C:\Windows\System\QNjzTMF.exe
  2⤵
  PID:6692
- C:\Windows\System\iVklKix.exe
  C:\Windows\System\iVklKix.exe
  2⤵
  PID:6924
- C:\Windows\System\sYnTMhi.exe
  C:\Windows\System\sYnTMhi.exe
  2⤵
  PID:7072
- C:\Windows\System\OSCuVWq.exe
  C:\Windows\System\OSCuVWq.exe
  2⤵
  PID:6624
- C:\Windows\System\ljHaupy.exe
  C:\Windows\System\ljHaupy.exe
  2⤵
  PID:7184
- C:\Windows\System\yltFfxH.exe
  C:\Windows\System\yltFfxH.exe
  2⤵
  PID:7204
- C:\Windows\System\ProNGkU.exe
  C:\Windows\System\ProNGkU.exe
  2⤵
  PID:7220
- C:\Windows\System\gWejsXz.exe
  C:\Windows\System\gWejsXz.exe
  2⤵
  PID:7244
- C:\Windows\System\LzMyWzs.exe
  C:\Windows\System\LzMyWzs.exe
  2⤵
  PID:7268
- C:\Windows\System\tzbBidn.exe
  C:\Windows\System\tzbBidn.exe
  2⤵
  PID:7288
- C:\Windows\System\jyqvlwP.exe
  C:\Windows\System\jyqvlwP.exe
  2⤵
  PID:7308
- C:\Windows\System\sQvZBFC.exe
  C:\Windows\System\sQvZBFC.exe
  2⤵
  PID:7324
- C:\Windows\System\JAFoZra.exe
  C:\Windows\System\JAFoZra.exe
  2⤵
  PID:7340
- C:\Windows\System\FuuVJUK.exe
  C:\Windows\System\FuuVJUK.exe
  2⤵
  PID:7356
- C:\Windows\System\BPEqWvl.exe
  C:\Windows\System\BPEqWvl.exe
  2⤵
  PID:7380
- C:\Windows\System\FRJHIhv.exe
  C:\Windows\System\FRJHIhv.exe
  2⤵
  PID:7396
- C:\Windows\System\gWejeyE.exe
  C:\Windows\System\gWejeyE.exe
  2⤵
  PID:7420
- C:\Windows\System\iBkJLow.exe
  C:\Windows\System\iBkJLow.exe
  2⤵
  PID:7436
- C:\Windows\System\QaBnwMt.exe
  C:\Windows\System\QaBnwMt.exe
  2⤵
  PID:7460
- C:\Windows\System\gYlFmBq.exe
  C:\Windows\System\gYlFmBq.exe
  2⤵
  PID:7480
- C:\Windows\System\qgoyZwR.exe
  C:\Windows\System\qgoyZwR.exe
  2⤵
  PID:7500
- C:\Windows\System\kvwGLlg.exe
  C:\Windows\System\kvwGLlg.exe
  2⤵
  PID:7516
- C:\Windows\System\xyUuaou.exe
  C:\Windows\System\xyUuaou.exe
  2⤵
  PID:7536
- C:\Windows\System\tjCrVMQ.exe
  C:\Windows\System\tjCrVMQ.exe
  2⤵
  PID:7564
- C:\Windows\System\vspNEGK.exe
  C:\Windows\System\vspNEGK.exe
  2⤵
  PID:7580
- C:\Windows\System\IZvyvnJ.exe
  C:\Windows\System\IZvyvnJ.exe
  2⤵
  PID:7608
- C:\Windows\System\FCNBlDw.exe
  C:\Windows\System\FCNBlDw.exe
  2⤵
  PID:7628
- C:\Windows\System\GAkYnLb.exe
  C:\Windows\System\GAkYnLb.exe
  2⤵
  PID:7644
- C:\Windows\System\SJHefEr.exe
  C:\Windows\System\SJHefEr.exe
  2⤵
  PID:7668
- C:\Windows\System\ZunSeAn.exe
  C:\Windows\System\ZunSeAn.exe
  2⤵
  PID:7684
- C:\Windows\System\vVZupFv.exe
  C:\Windows\System\vVZupFv.exe
  2⤵
  PID:7708
- C:\Windows\System\JjDiOru.exe
  C:\Windows\System\JjDiOru.exe
  2⤵
  PID:7728
- C:\Windows\System\BHHPnyR.exe
  C:\Windows\System\BHHPnyR.exe
  2⤵
  PID:7748
- C:\Windows\System\rLwrBfO.exe
  C:\Windows\System\rLwrBfO.exe
  2⤵
  PID:7768
- C:\Windows\System\jAHctDs.exe
  C:\Windows\System\jAHctDs.exe
  2⤵
  PID:7788
- C:\Windows\System\IsPNFVb.exe
  C:\Windows\System\IsPNFVb.exe
  2⤵
  PID:7812
- C:\Windows\System\UDxEUXs.exe
  C:\Windows\System\UDxEUXs.exe
  2⤵
  PID:7828
- C:\Windows\System\QtRiwnE.exe
  C:\Windows\System\QtRiwnE.exe
  2⤵
  PID:7848
- C:\Windows\System\gYfjTFZ.exe
  C:\Windows\System\gYfjTFZ.exe
  2⤵
  PID:7864
- C:\Windows\System\NCCkWaA.exe
  C:\Windows\System\NCCkWaA.exe
  2⤵
  PID:7880
- C:\Windows\System\cqlPwmg.exe
  C:\Windows\System\cqlPwmg.exe
  2⤵
  PID:7904
- C:\Windows\System\gaUxEJK.exe
  C:\Windows\System\gaUxEJK.exe
  2⤵
  PID:7920
- C:\Windows\System\QpcttmJ.exe
  C:\Windows\System\QpcttmJ.exe
  2⤵
  PID:7936
- C:\Windows\System\tKAPDGN.exe
  C:\Windows\System\tKAPDGN.exe
  2⤵
  PID:7960
- C:\Windows\System\MXdptiO.exe
  C:\Windows\System\MXdptiO.exe
  2⤵
  PID:7988
- C:\Windows\System\qybXFNA.exe
  C:\Windows\System\qybXFNA.exe
  2⤵
  PID:8008
- C:\Windows\System\abIRuFL.exe
  C:\Windows\System\abIRuFL.exe
  2⤵
  PID:8028
- C:\Windows\System\jMRnwYe.exe
  C:\Windows\System\jMRnwYe.exe
  2⤵
  PID:8052
- C:\Windows\System\RlSQKxy.exe
  C:\Windows\System\RlSQKxy.exe
  2⤵
  PID:8072
- C:\Windows\System\TggScOn.exe
  C:\Windows\System\TggScOn.exe
  2⤵
  PID:8088
- C:\Windows\System\kjMXXAG.exe
  C:\Windows\System\kjMXXAG.exe
  2⤵
  PID:8112
- C:\Windows\System\ZjTxWDG.exe
  C:\Windows\System\ZjTxWDG.exe
  2⤵
  PID:8128
- C:\Windows\System\TuXQvIH.exe
  C:\Windows\System\TuXQvIH.exe
  2⤵
  PID:8144
- C:\Windows\System\jLrxbim.exe
  C:\Windows\System\jLrxbim.exe
  2⤵
  PID:8164
- C:\Windows\System\iIANcjo.exe
  C:\Windows\System\iIANcjo.exe
  2⤵
  PID:8180
- C:\Windows\System\AemoqFU.exe
  C:\Windows\System\AemoqFU.exe
  2⤵
  PID:7008
- C:\Windows\System\mQcQGHr.exe
  C:\Windows\System\mQcQGHr.exe
  2⤵
  PID:6152
- C:\Windows\System\vmZiBBc.exe
  C:\Windows\System\vmZiBBc.exe
  2⤵
  PID:7176
- C:\Windows\System\EjEhZWi.exe
  C:\Windows\System\EjEhZWi.exe
  2⤵
  PID:7196
- C:\Windows\System\dHSvzFj.exe
  C:\Windows\System\dHSvzFj.exe
  2⤵
  PID:6572
- C:\Windows\System\wMgQaWz.exe
  C:\Windows\System\wMgQaWz.exe
  2⤵
  PID:7256
- C:\Windows\System\oYmVlQW.exe
  C:\Windows\System\oYmVlQW.exe
  2⤵
  PID:7284
- C:\Windows\System\UAzjiZt.exe
  C:\Windows\System\UAzjiZt.exe
  2⤵
  PID:7336
- C:\Windows\System\kCWIYqU.exe
  C:\Windows\System\kCWIYqU.exe
  2⤵
  PID:7372
- C:\Windows\System\HYLNdDs.exe
  C:\Windows\System\HYLNdDs.exe
  2⤵
  PID:7444
- C:\Windows\System\jxbUEAU.exe
  C:\Windows\System\jxbUEAU.exe
  2⤵
  PID:6416
- C:\Windows\System\GlUqSZe.exe
  C:\Windows\System\GlUqSZe.exe
  2⤵
  PID:7316
- C:\Windows\System\rkvOhLA.exe
  C:\Windows\System\rkvOhLA.exe
  2⤵
  PID:7472
- C:\Windows\System\hjeGXhL.exe
  C:\Windows\System\hjeGXhL.exe
  2⤵
  PID:7428
- C:\Windows\System\lxSSchg.exe
  C:\Windows\System\lxSSchg.exe
  2⤵
  PID:7508
- C:\Windows\System\eJkajIO.exe
  C:\Windows\System\eJkajIO.exe
  2⤵
  PID:7544
- C:\Windows\System\IqshmRu.exe
  C:\Windows\System\IqshmRu.exe
  2⤵
  PID:7588
- C:\Windows\System\eBfxemE.exe
  C:\Windows\System\eBfxemE.exe
  2⤵
  PID:7640
- C:\Windows\System\nTgvLjr.exe
  C:\Windows\System\nTgvLjr.exe
  2⤵
  PID:7692
- C:\Windows\System\RbrygpC.exe
  C:\Windows\System\RbrygpC.exe
  2⤵
  PID:7700
- C:\Windows\System\IZyGlTc.exe
  C:\Windows\System\IZyGlTc.exe
  2⤵
  PID:7744
- C:\Windows\System\uvjmiSU.exe
  C:\Windows\System\uvjmiSU.exe
  2⤵
  PID:7756
- C:\Windows\System\VLSAgQm.exe
  C:\Windows\System\VLSAgQm.exe
  2⤵
  PID:7796
- C:\Windows\System\rzdfEms.exe
  C:\Windows\System\rzdfEms.exe
  2⤵
  PID:7856
- C:\Windows\System\etgloSW.exe
  C:\Windows\System\etgloSW.exe
  2⤵
  PID:7900
- C:\Windows\System\TekCgne.exe
  C:\Windows\System\TekCgne.exe
  2⤵
  PID:7916
- C:\Windows\System\eWUErfZ.exe
  C:\Windows\System\eWUErfZ.exe
  2⤵
  PID:8016
- C:\Windows\System\WAuzUuM.exe
  C:\Windows\System\WAuzUuM.exe
  2⤵
  PID:7876
- C:\Windows\System\GvVRltg.exe
  C:\Windows\System\GvVRltg.exe
  2⤵
  PID:7948
- C:\Windows\System\QJOeLNn.exe
  C:\Windows\System\QJOeLNn.exe
  2⤵
  PID:8036
- C:\Windows\System\QpfDTKl.exe
  C:\Windows\System\QpfDTKl.exe
  2⤵
  PID:8064
- C:\Windows\System\HMgiVRz.exe
  C:\Windows\System\HMgiVRz.exe
  2⤵
  PID:8136
- C:\Windows\System\nniDfpM.exe
  C:\Windows\System\nniDfpM.exe
  2⤵
  PID:7088
- C:\Windows\System\MfelJMr.exe
  C:\Windows\System\MfelJMr.exe
  2⤵
  PID:6844
- C:\Windows\System\fPhhrbj.exe
  C:\Windows\System\fPhhrbj.exe
  2⤵
  PID:7200
- C:\Windows\System\Bflnywx.exe
  C:\Windows\System\Bflnywx.exe
  2⤵
  PID:8152
- C:\Windows\System\SePFBiM.exe
  C:\Windows\System\SePFBiM.exe
  2⤵
  PID:6940
- C:\Windows\System\mdNAxAL.exe
  C:\Windows\System\mdNAxAL.exe
  2⤵
  PID:7240
- C:\Windows\System\XRmueWb.exe
  C:\Windows\System\XRmueWb.exe
  2⤵
  PID:7304
- C:\Windows\System\cVCBgME.exe
  C:\Windows\System\cVCBgME.exe
  2⤵
  PID:7532
- C:\Windows\System\GKelFfQ.exe
  C:\Windows\System\GKelFfQ.exe
  2⤵
  PID:7512
- C:\Windows\System\khgzyyl.exe
  C:\Windows\System\khgzyyl.exe
  2⤵
  PID:7492
- C:\Windows\System\ZDxNdij.exe
  C:\Windows\System\ZDxNdij.exe
  2⤵
  PID:7636
- C:\Windows\System\WuaSthH.exe
  C:\Windows\System\WuaSthH.exe
  2⤵
  PID:7740
- C:\Windows\System\hNuoKsO.exe
  C:\Windows\System\hNuoKsO.exe
  2⤵
  PID:7524
- C:\Windows\System\TmFtVKN.exe
  C:\Windows\System\TmFtVKN.exe
  2⤵
  PID:7932
- C:\Windows\System\XpMNinn.exe
  C:\Windows\System\XpMNinn.exe
  2⤵
  PID:7840
- C:\Windows\System\scWRPlH.exe
  C:\Windows\System\scWRPlH.exe
  2⤵
  PID:7572
- C:\Windows\System\KjqNrhS.exe
  C:\Windows\System\KjqNrhS.exe
  2⤵
  PID:7388
- C:\Windows\System\JVaqzXc.exe
  C:\Windows\System\JVaqzXc.exe
  2⤵
  PID:7784
- C:\Windows\System\yVNJFOC.exe
  C:\Windows\System\yVNJFOC.exe
  2⤵
  PID:7984
- C:\Windows\System\BBhtFmi.exe
  C:\Windows\System\BBhtFmi.exe
  2⤵
  PID:8024
- C:\Windows\System\nuVVyeT.exe
  C:\Windows\System\nuVVyeT.exe
  2⤵
  PID:7180
- C:\Windows\System\XmEKTin.exe
  C:\Windows\System\XmEKTin.exe
  2⤵
  PID:8120
- C:\Windows\System\ZpzqzYs.exe
  C:\Windows\System\ZpzqzYs.exe
  2⤵
  PID:8060
- C:\Windows\System\gETAoZA.exe
  C:\Windows\System\gETAoZA.exe
  2⤵
  PID:6488
- C:\Windows\System\SDYZspx.exe
  C:\Windows\System\SDYZspx.exe
  2⤵
  PID:7232
- C:\Windows\System\QxUsRzm.exe
  C:\Windows\System\QxUsRzm.exe
  2⤵
  PID:7488
- C:\Windows\System\YrNtGba.exe
  C:\Windows\System\YrNtGba.exe
  2⤵
  PID:7680
- C:\Windows\System\eybGicb.exe
  C:\Windows\System\eybGicb.exe
  2⤵
  PID:7968
- C:\Windows\System\nuHMjDh.exe
  C:\Windows\System\nuHMjDh.exe
  2⤵
  PID:7332
- C:\Windows\System\EZVFJRt.exe
  C:\Windows\System\EZVFJRt.exe
  2⤵
  PID:8004
- C:\Windows\System\vwupwwF.exe
  C:\Windows\System\vwupwwF.exe
  2⤵
  PID:7276
- C:\Windows\System\nEwGfrU.exe
  C:\Windows\System\nEwGfrU.exe
  2⤵
  PID:7228
- C:\Windows\System\bKswPwW.exe
  C:\Windows\System\bKswPwW.exe
  2⤵
  PID:7192
- C:\Windows\System\NWfsZjA.exe
  C:\Windows\System\NWfsZjA.exe
  2⤵
  PID:6480
- C:\Windows\System\EXrrlNz.exe
  C:\Windows\System\EXrrlNz.exe
  2⤵
  PID:8124
- C:\Windows\System\kPnFKCc.exe
  C:\Windows\System\kPnFKCc.exe
  2⤵
  PID:7716
- C:\Windows\System\PLgIRWD.exe
  C:\Windows\System\PLgIRWD.exe
  2⤵
  PID:7212
- C:\Windows\System\qETFDgW.exe
  C:\Windows\System\qETFDgW.exe
  2⤵
  PID:6992
- C:\Windows\System\dlURole.exe
  C:\Windows\System\dlURole.exe
  2⤵
  PID:7452
- C:\Windows\System\JQokGhX.exe
  C:\Windows\System\JQokGhX.exe
  2⤵
  PID:7820
- C:\Windows\System\QfGsHnP.exe
  C:\Windows\System\QfGsHnP.exe
  2⤵
  PID:8080
- C:\Windows\System\lPpYyQu.exe
  C:\Windows\System\lPpYyQu.exe
  2⤵
  PID:7980
- C:\Windows\System\xGGGrls.exe
  C:\Windows\System\xGGGrls.exe
  2⤵
  PID:7928
- C:\Windows\System\iowsYIM.exe
  C:\Windows\System\iowsYIM.exe
  2⤵
  PID:8156
- C:\Windows\System\VlSmnrh.exe
  C:\Windows\System\VlSmnrh.exe
  2⤵
  PID:7660
- C:\Windows\System\eFtAIQA.exe
  C:\Windows\System\eFtAIQA.exe
  2⤵
  PID:7468
- C:\Windows\System\kCZrHqJ.exe
  C:\Windows\System\kCZrHqJ.exe
  2⤵
  PID:8172
- C:\Windows\System\AgSgqHM.exe
  C:\Windows\System\AgSgqHM.exe
  2⤵
  PID:7764
- C:\Windows\System\DUKRpWT.exe
  C:\Windows\System\DUKRpWT.exe
  2⤵
  PID:7556
- C:\Windows\System\FTqscab.exe
  C:\Windows\System\FTqscab.exe
  2⤵
  PID:8204
- C:\Windows\System\rgNPhAH.exe
  C:\Windows\System\rgNPhAH.exe
  2⤵
  PID:8224
- C:\Windows\System\VdHQIoz.exe
  C:\Windows\System\VdHQIoz.exe
  2⤵
  PID:8244
- C:\Windows\System\YrOYrHR.exe
  C:\Windows\System\YrOYrHR.exe
  2⤵
  PID:8276
- C:\Windows\System\Krcqubf.exe
  C:\Windows\System\Krcqubf.exe
  2⤵
  PID:8296
- C:\Windows\System\BnIMmhN.exe
  C:\Windows\System\BnIMmhN.exe
  2⤵
  PID:8312
- C:\Windows\System\RoYxbLD.exe
  C:\Windows\System\RoYxbLD.exe
  2⤵
  PID:8336
- C:\Windows\System\ojBQwUl.exe
  C:\Windows\System\ojBQwUl.exe
  2⤵
  PID:8360
- C:\Windows\System\zhekwFn.exe
  C:\Windows\System\zhekwFn.exe
  2⤵
  PID:8376
- C:\Windows\System\wNCPQir.exe
  C:\Windows\System\wNCPQir.exe
  2⤵
  PID:8396
- C:\Windows\System\NNeqovY.exe
  C:\Windows\System\NNeqovY.exe
  2⤵
  PID:8416
- C:\Windows\System\Rtdtjql.exe
  C:\Windows\System\Rtdtjql.exe
  2⤵
  PID:8448
- C:\Windows\System\QjPMFmq.exe
  C:\Windows\System\QjPMFmq.exe
  2⤵
  PID:8464
- C:\Windows\System\ACTUdAt.exe
  C:\Windows\System\ACTUdAt.exe
  2⤵
  PID:8480
- C:\Windows\System\GvWviIb.exe
  C:\Windows\System\GvWviIb.exe
  2⤵
  PID:8512
- C:\Windows\System\LwCmiew.exe
  C:\Windows\System\LwCmiew.exe
  2⤵
  PID:8528
- C:\Windows\System\FrshrOz.exe
  C:\Windows\System\FrshrOz.exe
  2⤵
  PID:8544
- C:\Windows\System\DyeUcXj.exe
  C:\Windows\System\DyeUcXj.exe
  2⤵
  PID:8564
- C:\Windows\System\oyQJOBv.exe
  C:\Windows\System\oyQJOBv.exe
  2⤵
  PID:8580
- C:\Windows\System\KvwKKZo.exe
  C:\Windows\System\KvwKKZo.exe
  2⤵
  PID:8596
- C:\Windows\System\uehEHQo.exe
  C:\Windows\System\uehEHQo.exe
  2⤵
  PID:8612
- C:\Windows\System\lMaiXaT.exe
  C:\Windows\System\lMaiXaT.exe
  2⤵
  PID:8628
- C:\Windows\System\RMRNsUU.exe
  C:\Windows\System\RMRNsUU.exe
  2⤵
  PID:8644
- C:\Windows\System\xqdTIEP.exe
  C:\Windows\System\xqdTIEP.exe
  2⤵
  PID:8660
- C:\Windows\System\zYmAsTZ.exe
  C:\Windows\System\zYmAsTZ.exe
  2⤵
  PID:8676
- C:\Windows\System\wKZCeRV.exe
  C:\Windows\System\wKZCeRV.exe
  2⤵
  PID:8692
- C:\Windows\System\jNzYurY.exe
  C:\Windows\System\jNzYurY.exe
  2⤵
  PID:8708
- C:\Windows\System\irtGZEl.exe
  C:\Windows\System\irtGZEl.exe
  2⤵
  PID:8724
- C:\Windows\System\fvTBaOI.exe
  C:\Windows\System\fvTBaOI.exe
  2⤵
  PID:8740
- C:\Windows\System\uOPxaZN.exe
  C:\Windows\System\uOPxaZN.exe
  2⤵
  PID:8768
- C:\Windows\System\VcKfIqk.exe
  C:\Windows\System\VcKfIqk.exe
  2⤵
  PID:8788
- C:\Windows\System\CaFVMkd.exe
  C:\Windows\System\CaFVMkd.exe
  2⤵
  PID:8804
- C:\Windows\System\StECouD.exe
  C:\Windows\System\StECouD.exe
  2⤵
  PID:8832
- C:\Windows\System\RhIzPvf.exe
  C:\Windows\System\RhIzPvf.exe
  2⤵
  PID:8864
- C:\Windows\System\crJoBFT.exe
  C:\Windows\System\crJoBFT.exe
  2⤵
  PID:8880
- C:\Windows\System\plkzvMw.exe
  C:\Windows\System\plkzvMw.exe
  2⤵
  PID:8912
- C:\Windows\System\nPqNpuo.exe
  C:\Windows\System\nPqNpuo.exe
  2⤵
  PID:8932
- C:\Windows\System\bLnmAgS.exe
  C:\Windows\System\bLnmAgS.exe
  2⤵
  PID:8956
- C:\Windows\System\ucicUqo.exe
  C:\Windows\System\ucicUqo.exe
  2⤵
  PID:8980
- C:\Windows\System\EfpuESm.exe
  C:\Windows\System\EfpuESm.exe
  2⤵
  PID:9004
- C:\Windows\System\IInSPqh.exe
  C:\Windows\System\IInSPqh.exe
  2⤵
  PID:9044
- C:\Windows\System\YiZiFYH.exe
  C:\Windows\System\YiZiFYH.exe
  2⤵
  PID:9060
- C:\Windows\System\TvwYcwK.exe
  C:\Windows\System\TvwYcwK.exe
  2⤵
  PID:9076
- C:\Windows\System\OYXrpVM.exe
  C:\Windows\System\OYXrpVM.exe
  2⤵
  PID:9096
- C:\Windows\System\HeKoXdF.exe
  C:\Windows\System\HeKoXdF.exe
  2⤵
  PID:9124
- C:\Windows\System\zxyhDnm.exe
  C:\Windows\System\zxyhDnm.exe
  2⤵
  PID:9144
- C:\Windows\System\csgrLQc.exe
  C:\Windows\System\csgrLQc.exe
  2⤵
  PID:9164
- C:\Windows\System\AslOwHC.exe
  C:\Windows\System\AslOwHC.exe
  2⤵
  PID:9180
- C:\Windows\System\InoNvVb.exe
  C:\Windows\System\InoNvVb.exe
  2⤵
  PID:9200
- C:\Windows\System\glMjSps.exe
  C:\Windows\System\glMjSps.exe
  2⤵
  PID:8236
- C:\Windows\System\RVuDmbX.exe
  C:\Windows\System\RVuDmbX.exe
  2⤵
  PID:8220
- C:\Windows\System\RurtRdb.exe
  C:\Windows\System\RurtRdb.exe
  2⤵
  PID:7656
- C:\Windows\System\iGVtzCy.exe
  C:\Windows\System\iGVtzCy.exe
  2⤵
  PID:7552
- C:\Windows\System\pJzixfh.exe
  C:\Windows\System\pJzixfh.exe
  2⤵
  PID:8320
- C:\Windows\System\rvXPkud.exe
  C:\Windows\System\rvXPkud.exe
  2⤵
  PID:8284
- C:\Windows\System\CyUOiuu.exe
  C:\Windows\System\CyUOiuu.exe
  2⤵
  PID:8368
- C:\Windows\System\odrDUXG.exe
  C:\Windows\System\odrDUXG.exe
  2⤵
  PID:8356
- C:\Windows\System\uacCqqc.exe
  C:\Windows\System\uacCqqc.exe
  2⤵
  PID:8388
- C:\Windows\System\QVzxbQD.exe
  C:\Windows\System\QVzxbQD.exe
  2⤵
  PID:8444
- C:\Windows\System\yujnrYt.exe
  C:\Windows\System\yujnrYt.exe
  2⤵
  PID:8500
- C:\Windows\System\atXNlLv.exe
  C:\Windows\System\atXNlLv.exe
  2⤵
  PID:8540
- C:\Windows\System\npVFkMI.exe
  C:\Windows\System\npVFkMI.exe
  2⤵
  PID:8572
- C:\Windows\System\TekmznV.exe
  C:\Windows\System\TekmznV.exe
  2⤵
  PID:8640
- C:\Windows\System\bgLEMqw.exe
  C:\Windows\System\bgLEMqw.exe
  2⤵
  PID:8588
- C:\Windows\System\YEbIwke.exe
  C:\Windows\System\YEbIwke.exe
  2⤵
  PID:8736
- C:\Windows\System\SXQTqYt.exe
  C:\Windows\System\SXQTqYt.exe
  2⤵
  PID:8656
- C:\Windows\System\nuKYTky.exe
  C:\Windows\System\nuKYTky.exe
  2⤵
  PID:8756
- C:\Windows\System\gnXODgK.exe
  C:\Windows\System\gnXODgK.exe
  2⤵
  PID:8812
- C:\Windows\System\XccRGZr.exe
  C:\Windows\System\XccRGZr.exe
  2⤵
  PID:8872
- C:\Windows\System\ebccpUf.exe
  C:\Windows\System\ebccpUf.exe
  2⤵
  PID:8848
- C:\Windows\System\PwoXIaI.exe
  C:\Windows\System\PwoXIaI.exe
  2⤵
  PID:8892
- C:\Windows\System\ZPinQkm.exe
  C:\Windows\System\ZPinQkm.exe
  2⤵
  PID:8928
- C:\Windows\System\LoiUWBc.exe
  C:\Windows\System\LoiUWBc.exe
  2⤵
  PID:8952
- C:\Windows\System\QiocZhG.exe
  C:\Windows\System\QiocZhG.exe
  2⤵
  PID:9012
- C:\Windows\System\nSdjpFN.exe
  C:\Windows\System\nSdjpFN.exe
  2⤵
  PID:9028
- C:\Windows\System\HHuPqol.exe
  C:\Windows\System\HHuPqol.exe
  2⤵
  PID:9092
- C:\Windows\System\KXAhnOy.exe
  C:\Windows\System\KXAhnOy.exe
  2⤵
  PID:9172
- C:\Windows\System\MnYPiUw.exe
  C:\Windows\System\MnYPiUw.exe
  2⤵
  PID:7456
- C:\Windows\System\pkVFpob.exe
  C:\Windows\System\pkVFpob.exe
  2⤵
  PID:7616
- C:\Windows\System\pHpTZKy.exe
  C:\Windows\System\pHpTZKy.exe
  2⤵
  PID:9068
- C:\Windows\System\aerHsTm.exe
  C:\Windows\System\aerHsTm.exe
  2⤵
  PID:9116
- C:\Windows\System\KgTVQnQ.exe
  C:\Windows\System\KgTVQnQ.exe
  2⤵
  PID:9196
- C:\Windows\System\oDehvxX.exe
  C:\Windows\System\oDehvxX.exe
  2⤵
  PID:8252
- C:\Windows\System\KTNDJXr.exe
  C:\Windows\System\KTNDJXr.exe
  2⤵
  PID:8392
- C:\Windows\System\rVNgmfz.exe
  C:\Windows\System\rVNgmfz.exe
  2⤵
  PID:8308
- C:\Windows\System\IybjPYS.exe
  C:\Windows\System\IybjPYS.exe
  2⤵
  PID:8408
- C:\Windows\System\WDgVTyL.exe
  C:\Windows\System\WDgVTyL.exe
  2⤵
  PID:8436
- C:\Windows\System\agbLnTw.exe
  C:\Windows\System\agbLnTw.exe
  2⤵
  PID:8672
- C:\Windows\System\xqlScPv.exe
  C:\Windows\System\xqlScPv.exe
  2⤵
  PID:8760
- C:\Windows\System\aelKncx.exe
  C:\Windows\System\aelKncx.exe
  2⤵
  PID:8840
- C:\Windows\System\uysAGwp.exe
  C:\Windows\System\uysAGwp.exe
  2⤵
  PID:8732
- C:\Windows\System\gUqKSOT.exe
  C:\Windows\System\gUqKSOT.exe
  2⤵
  PID:8856
- C:\Windows\System\OWMoDhX.exe
  C:\Windows\System\OWMoDhX.exe
  2⤵
  PID:8908
- C:\Windows\System\RJTFUAy.exe
  C:\Windows\System\RJTFUAy.exe
  2⤵
  PID:9084
- C:\Windows\System\GEMCcJd.exe
  C:\Windows\System\GEMCcJd.exe
  2⤵
  PID:8288
- C:\Windows\System\HWorhqh.exe
  C:\Windows\System\HWorhqh.exe
  2⤵
  PID:8352
- C:\Windows\System\vkoXXXZ.exe
  C:\Windows\System\vkoXXXZ.exe
  2⤵
  PID:9136
- C:\Windows\System\eWXHoPZ.exe
  C:\Windows\System\eWXHoPZ.exe
  2⤵
  PID:9212
- C:\Windows\System\BKItEEy.exe
  C:\Windows\System\BKItEEy.exe
  2⤵
  PID:8348
- C:\Windows\System\YvXGqAQ.exe
  C:\Windows\System\YvXGqAQ.exe
  2⤵
  PID:8652
- C:\Windows\System\KBYPANb.exe
  C:\Windows\System\KBYPANb.exe
  2⤵
  PID:8636
- C:\Windows\System\KlNKGyg.exe
  C:\Windows\System\KlNKGyg.exe
  2⤵
  PID:8748
- C:\Windows\System\gAPVvpb.exe
  C:\Windows\System\gAPVvpb.exe
  2⤵
  PID:8844
- C:\Windows\System\LiSaAzT.exe
  C:\Windows\System\LiSaAzT.exe
  2⤵
  PID:8920
- C:\Windows\System\Abfjqjn.exe
  C:\Windows\System\Abfjqjn.exe
  2⤵
  PID:1012
- C:\Windows\System\JEkKYhx.exe
  C:\Windows\System\JEkKYhx.exe
  2⤵
  PID:9108
- C:\Windows\System\tqBVzXZ.exe
  C:\Windows\System\tqBVzXZ.exe
  2⤵
  PID:8404
- C:\Windows\System\gKpaqER.exe
  C:\Windows\System\gKpaqER.exe
  2⤵
  PID:8200
- C:\Windows\System\slmSZFp.exe
  C:\Windows\System\slmSZFp.exe
  2⤵
  PID:8620
- C:\Windows\System\wqUatMz.exe
  C:\Windows\System\wqUatMz.exe
  2⤵
  PID:8604
- C:\Windows\System\dUtxpDv.exe
  C:\Windows\System\dUtxpDv.exe
  2⤵
  PID:8940
- C:\Windows\System\zohLdVu.exe
  C:\Windows\System\zohLdVu.exe
  2⤵
  PID:8096
- C:\Windows\System\LQpvzgu.exe
  C:\Windows\System\LQpvzgu.exe
  2⤵
  PID:8688
- C:\Windows\System\etXhXQt.exe
  C:\Windows\System\etXhXQt.exe
  2⤵
  PID:9220
- C:\Windows\System\hBsJPDv.exe
  C:\Windows\System\hBsJPDv.exe
  2⤵
  PID:9236
- C:\Windows\System\jYijytK.exe
  C:\Windows\System\jYijytK.exe
  2⤵
  PID:9252
- C:\Windows\System\UiaUDbj.exe
  C:\Windows\System\UiaUDbj.exe
  2⤵
  PID:9280
- C:\Windows\System\iVffkAo.exe
  C:\Windows\System\iVffkAo.exe
  2⤵
  PID:9300
- C:\Windows\System\IebdQwV.exe
  C:\Windows\System\IebdQwV.exe
  2⤵
  PID:9324
- C:\Windows\System\aHdsmur.exe
  C:\Windows\System\aHdsmur.exe
  2⤵
  PID:9340
- C:\Windows\System\PijXpHm.exe
  C:\Windows\System\PijXpHm.exe
  2⤵
  PID:9364
- C:\Windows\System\RTVZBXq.exe
  C:\Windows\System\RTVZBXq.exe
  2⤵
  PID:9380
- C:\Windows\System\ovWwJHe.exe
  C:\Windows\System\ovWwJHe.exe
  2⤵
  PID:9408
- C:\Windows\System\ALYFWDN.exe
  C:\Windows\System\ALYFWDN.exe
  2⤵
  PID:9424
- C:\Windows\System\gWbBKST.exe
  C:\Windows\System\gWbBKST.exe
  2⤵
  PID:9440
- C:\Windows\System\fFmIvlX.exe
  C:\Windows\System\fFmIvlX.exe
  2⤵
  PID:9456
- C:\Windows\System\ezoiGsd.exe
  C:\Windows\System\ezoiGsd.exe
  2⤵
  PID:9472
- C:\Windows\System\aFHWrXb.exe
  C:\Windows\System\aFHWrXb.exe
  2⤵
  PID:9488
- C:\Windows\System\PpBheUX.exe
  C:\Windows\System\PpBheUX.exe
  2⤵
  PID:9504
- C:\Windows\System\GXbNYgM.exe
  C:\Windows\System\GXbNYgM.exe
  2⤵
  PID:9528
- C:\Windows\System\TsNzjDt.exe
  C:\Windows\System\TsNzjDt.exe
  2⤵
  PID:9552
- C:\Windows\System\UIhplWN.exe
  C:\Windows\System\UIhplWN.exe
  2⤵
  PID:9584
- C:\Windows\System\jzPyPCk.exe
  C:\Windows\System\jzPyPCk.exe
  2⤵
  PID:9604
- C:\Windows\System\uzsQPVc.exe
  C:\Windows\System\uzsQPVc.exe
  2⤵
  PID:9632
- C:\Windows\System\eIqugWQ.exe
  C:\Windows\System\eIqugWQ.exe
  2⤵
  PID:9660
- C:\Windows\System\QsLIBBZ.exe
  C:\Windows\System\QsLIBBZ.exe
  2⤵
  PID:9692
- C:\Windows\System\frzcKbs.exe
  C:\Windows\System\frzcKbs.exe
  2⤵
  PID:9708
- C:\Windows\System\isIPygS.exe
  C:\Windows\System\isIPygS.exe
  2⤵
  PID:9732
- C:\Windows\System\iqbbdxb.exe
  C:\Windows\System\iqbbdxb.exe
  2⤵
  PID:9748
- C:\Windows\System\mthdokg.exe
  C:\Windows\System\mthdokg.exe
  2⤵
  PID:9768
- C:\Windows\System\CtQsFWv.exe
  C:\Windows\System\CtQsFWv.exe
  2⤵
  PID:9792
- C:\Windows\System\ljmaYeT.exe
  C:\Windows\System\ljmaYeT.exe
  2⤵
  PID:9808
- C:\Windows\System\gCZHXSm.exe
  C:\Windows\System\gCZHXSm.exe
  2⤵
  PID:9828
- C:\Windows\System\CwmDILh.exe
  C:\Windows\System\CwmDILh.exe
  2⤵
  PID:9848
- C:\Windows\System\rJHlbZw.exe
  C:\Windows\System\rJHlbZw.exe
  2⤵
  PID:9868
- C:\Windows\System\jCegZuq.exe
  C:\Windows\System\jCegZuq.exe
  2⤵
  PID:9888
- C:\Windows\System\jVXjEFb.exe
  C:\Windows\System\jVXjEFb.exe
  2⤵
  PID:9912
- C:\Windows\System\rgPRiWi.exe
  C:\Windows\System\rgPRiWi.exe
  2⤵
  PID:9928
- C:\Windows\System\ypMmsaC.exe
  C:\Windows\System\ypMmsaC.exe
  2⤵
  PID:9948
- C:\Windows\System\CLKNOvI.exe
  C:\Windows\System\CLKNOvI.exe
  2⤵
  PID:9972
- C:\Windows\System\LeEXsZV.exe
  C:\Windows\System\LeEXsZV.exe
  2⤵
  PID:9988
- C:\Windows\System\SUUWOPR.exe
  C:\Windows\System\SUUWOPR.exe
  2⤵
  PID:10012
- C:\Windows\System\AvhYNQg.exe
  C:\Windows\System\AvhYNQg.exe
  2⤵
  PID:10028
- C:\Windows\System\eIbkMWd.exe
  C:\Windows\System\eIbkMWd.exe
  2⤵
  PID:10044
- C:\Windows\System\XRcOXUj.exe
  C:\Windows\System\XRcOXUj.exe
  2⤵
  PID:10068
- C:\Windows\System\aoMqGiw.exe
  C:\Windows\System\aoMqGiw.exe
  2⤵
  PID:10088
- C:\Windows\System\TWtJJQz.exe
  C:\Windows\System\TWtJJQz.exe
  2⤵
  PID:10104
- C:\Windows\System\sJBSwxC.exe
  C:\Windows\System\sJBSwxC.exe
  2⤵
  PID:10124
- C:\Windows\System\LfyhalM.exe
  C:\Windows\System\LfyhalM.exe
  2⤵
  PID:10144
- C:\Windows\System\HMtECIi.exe
  C:\Windows\System\HMtECIi.exe
  2⤵
  PID:10160
- C:\Windows\System\wXAEVeW.exe
  C:\Windows\System\wXAEVeW.exe
  2⤵
  PID:10192
- C:\Windows\System\mxqDSXB.exe
  C:\Windows\System\mxqDSXB.exe
  2⤵
  PID:10212
- C:\Windows\System\YDyqwjy.exe
  C:\Windows\System\YDyqwjy.exe
  2⤵
  PID:10228
- C:\Windows\System\qNsJbKn.exe
  C:\Windows\System\qNsJbKn.exe
  2⤵
  PID:9232
- C:\Windows\System\PRscScD.exe
  C:\Windows\System\PRscScD.exe
  2⤵
  PID:9244
- C:\Windows\System\MOQjbOZ.exe
  C:\Windows\System\MOQjbOZ.exe
  2⤵
  PID:8776
- C:\Windows\System\jEZObed.exe
  C:\Windows\System\jEZObed.exe
  2⤵
  PID:8860
- C:\Windows\System\hWxUBrG.exe
  C:\Windows\System\hWxUBrG.exe
  2⤵
  PID:9248
- C:\Windows\System\gxFenlB.exe
  C:\Windows\System\gxFenlB.exe
  2⤵
  PID:9268
- C:\Windows\System\ofWFzBz.exe
  C:\Windows\System\ofWFzBz.exe
  2⤵
  PID:9320
- C:\Windows\System\WCwcdBK.exe
  C:\Windows\System\WCwcdBK.exe
  2⤵
  PID:9372
- C:\Windows\System\LfYCpRq.exe
  C:\Windows\System\LfYCpRq.exe
  2⤵
  PID:9404
- C:\Windows\System\ESFzLgL.exe
  C:\Windows\System\ESFzLgL.exe
  2⤵
  PID:9448
- C:\Windows\System\UaDDYfX.exe
  C:\Windows\System\UaDDYfX.exe
  2⤵
  PID:9468
- C:\Windows\System\uvoMScC.exe
  C:\Windows\System\uvoMScC.exe
  2⤵
  PID:9512
- C:\Windows\System\lidaKbw.exe
  C:\Windows\System\lidaKbw.exe
  2⤵
  PID:9548
- C:\Windows\System\HtwRxZM.exe
  C:\Windows\System\HtwRxZM.exe
  2⤵
  PID:9560
- C:\Windows\System\iXKesfo.exe
  C:\Windows\System\iXKesfo.exe
  2⤵
  PID:9580
- C:\Windows\System\baxswLE.exe
  C:\Windows\System\baxswLE.exe
  2⤵
  PID:9624
- C:\Windows\System\GSriirc.exe
  C:\Windows\System\GSriirc.exe
  2⤵
  PID:9644
- C:\Windows\System\MnvJEEV.exe
  C:\Windows\System\MnvJEEV.exe
  2⤵
  PID:9680
- C:\Windows\System\awYBJet.exe
  C:\Windows\System\awYBJet.exe
  2⤵
  PID:9728
- C:\Windows\System\xEUxOsJ.exe
  C:\Windows\System\xEUxOsJ.exe
  2⤵
  PID:9764
- C:\Windows\System\RNmQRRp.exe
  C:\Windows\System\RNmQRRp.exe
  2⤵
  PID:9780
- C:\Windows\System\awfAkhR.exe
  C:\Windows\System\awfAkhR.exe
  2⤵
  PID:9840
- C:\Windows\System\WNtOYXZ.exe
  C:\Windows\System\WNtOYXZ.exe
  2⤵
  PID:9864
- C:\Windows\System\iKfGQFD.exe
  C:\Windows\System\iKfGQFD.exe
  2⤵
  PID:9884
- C:\Windows\System\RfusOnP.exe
  C:\Windows\System\RfusOnP.exe
  2⤵
  PID:9924
- C:\Windows\System\rZQrztY.exe
  C:\Windows\System\rZQrztY.exe
  2⤵
  PID:9980
- C:\Windows\System\igcwAzA.exe
  C:\Windows\System\igcwAzA.exe
  2⤵
  PID:9968
- C:\Windows\System\BspJPzH.exe
  C:\Windows\System\BspJPzH.exe
  2⤵
  PID:10024
- C:\Windows\System\DUeearL.exe
  C:\Windows\System\DUeearL.exe
  2⤵
  PID:10096
- C:\Windows\System\rRoSrlc.exe
  C:\Windows\System\rRoSrlc.exe
  2⤵
  PID:10140
- C:\Windows\System\RZUNWgI.exe
  C:\Windows\System\RZUNWgI.exe
  2⤵
  PID:10184
- C:\Windows\System\JnTFvaB.exe
  C:\Windows\System\JnTFvaB.exe
  2⤵
  PID:9272
- C:\Windows\System\BcAdZfc.exe
  C:\Windows\System\BcAdZfc.exe
  2⤵
  PID:8232
- C:\Windows\System\Fkpyjjf.exe
  C:\Windows\System\Fkpyjjf.exe
  2⤵
  PID:8344
- C:\Windows\System\byVuWUd.exe
  C:\Windows\System\byVuWUd.exe
  2⤵
  PID:9316
- C:\Windows\System\kPAWBHI.exe
  C:\Windows\System\kPAWBHI.exe
  2⤵
  PID:9292
- C:\Windows\System\BjmUNxc.exe
  C:\Windows\System\BjmUNxc.exe
  2⤵
  PID:10120
- C:\Windows\System\PNxhlSm.exe
  C:\Windows\System\PNxhlSm.exe
  2⤵
  PID:10076
- C:\Windows\System\TkEtbyQ.exe
  C:\Windows\System\TkEtbyQ.exe
  2⤵
  PID:9420
- C:\Windows\System\kPcpmGm.exe
  C:\Windows\System\kPcpmGm.exe
  2⤵
  PID:9396
- C:\Windows\System\cmAjwOP.exe
  C:\Windows\System\cmAjwOP.exe
  2⤵
  PID:9656
- C:\Windows\System\ZICKEBx.exe
  C:\Windows\System\ZICKEBx.exe
  2⤵
  PID:9684
- C:\Windows\System\ZPCdpio.exe
  C:\Windows\System\ZPCdpio.exe
  2⤵
  PID:9756
- C:\Windows\System\HbCCmWD.exe
  C:\Windows\System\HbCCmWD.exe
  2⤵
  PID:9544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\GwrHjrC.exe

Filesize
6.0MB

MD5
23b41051746034e4e275d33cceec7b91

SHA1
75b0995f690f4597e1eea5c59463e338cafabbdb

SHA256
bf94563dc0dee0e69f9b1490371ee9cce3ca617f1f7f17463df0b495099e0101

SHA512
b84e8067d1cd579d9e0ab62758854a3ff4f9a3b8f0e60b2b197c1d621e40390e7ddc02c5ae1cf02d18c9b94b251243969628af54564fbb484e7f7b38f1187fcc

Download Submit
C:\Windows\system\KxxPbXK.exe

Filesize
6.0MB

MD5
752dc6e248fa18b2d99748c7b4996fee

SHA1
44feb265a6ee1928d759b5c6d99e0b004c8411fe

SHA256
ed51dfd07fca29d5346e691b1e017c440124daf39987f7444eb114470bf60bfc

SHA512
5badebec34ebb0fff3d4fba1ea34d6417f080726684c03ef45118cee626a61355a15ab6af371f902c894897d4b49b0cda4125e0e419f3e894e93a8f703ea6746

Download Submit
C:\Windows\system\MQMqiEh.exe

Filesize
6.0MB

MD5
156bfcf95364fa88612ec525f04ffc6f

SHA1
97393e0f7dd7bb422f0f3afac9e4001a68717781

SHA256
7d9b2da4816effdcf63a83372eebcca63136d112239cb6a1832d7b302a9b96ef

SHA512
be2232b32896df569f05cbde70dc40ad00c0553e52d8d61d319017dea290571d14315ae9f7ce10bdb29f2f8f8d42a22990e0d50556cde2a938fe35607225d147

Download Submit
C:\Windows\system\NBPqpNr.exe

Filesize
6.0MB

MD5
cc1da298a0c6f590603899a20b6804ea

SHA1
e8c1c6ba4311ace1051fc43f3ccba316b38e3538

SHA256
036849c8a739f22c516c67abebd9df9854d48fd01b1422ac8bbe89888bc2e5fc

SHA512
b7a0da4af5070f787edde265ee39ad021682f2feb662b1b4116669c4f50011134333a9ffa48602aa8f19ee2e2d68e8a047031169cde654215530167699836f1f

Download Submit
C:\Windows\system\NdSoaGF.exe

Filesize
6.0MB

MD5
6657f2ef647a32c2b9636fc54552dfe5

SHA1
b5c1ad955994a63cc72a9e4439eb18d9347cb1eb

SHA256
6afdcd5b16d67c07f7e1f771b2b1dfa321247e8008b701616053c18827ccdad1

SHA512
705e40d02592411fff434a3c760c954813feb0d4180b88304d0d3fc6bdf64a56f18671c2d9857fb9f56848030c0b3191a41a1b2464bc02a09d42949864041619

Download Submit
C:\Windows\system\PmDGsbp.exe

Filesize
6.0MB

MD5
039df319b7858b93dfba94bc89c129d0

SHA1
a2b7ad6e15a9cde3e57578b061708a33b010332c

SHA256
d6b1db856e80bd484e372a51c7bdcfd97dd2d85e9aa8fd80b3e3a8c6d9c495cb

SHA512
0624cf39056d22666a323a6e5845b68b6154d1c5fc566d7b73bd20c75205a071336e2de263d7f193e409a26dc528f36f4e85bfdcd53a16fe81ba5916a2c4052d

Download Submit
C:\Windows\system\QyEsyzX.exe

Filesize
6.0MB

MD5
8881d38c918d8c3ecfc08deac30cc28b

SHA1
b9ebf89f2699b0f4984da9153601277eaff56863

SHA256
46d41e2e069f5f1ee5cfc5d290e2a08b61b271261c34c36a43701bbe138b20a6

SHA512
ab156b1e494941e642704ce26d1e23b902b1fc453461a797b91a7623990d4abde919881436f8bc38996354755293debcc4eac3ceb4d84fe761bbeb0ecf1e8e28

Download Submit
C:\Windows\system\ToMcWWh.exe

Filesize
6.0MB

MD5
b27d5ebd6825a697f12f2c441f933e50

SHA1
f9cceb6c45f9896c0ea38dd3f50e2f5f64d8bb4a

SHA256
017ad17e1a8be48974385693554e9e56c44b1900d8c75c88e9d29b326c465588

SHA512
140ab86762e1ca9ee25fe310c9c04e2a322cf50b9ec9f46f65acbdb964ff7867607d6951ee6f139264da838d43a50b732003ac70c34e8141b5cb7f97e45dad5e

Download Submit
C:\Windows\system\VSSYiXa.exe

Filesize
6.0MB

MD5
3d063cccaeb4adc37eb961b06c49b8f5

SHA1
8a466e4e1a762df8986d8f5b05233e5f9dea8eb4

SHA256
343ff4bbca46fad3b90581482c868950538c499110b47abc70f263e550eccd9b

SHA512
c05354e12191ee9a355730575711c054ad056a297e5673dd4d8403499f89deeb9c0200bda25969e0645d8d532f2862fd15b5d4e773ec940ca45e41ccbdfa9cf5

Download Submit
C:\Windows\system\VUGYfES.exe

Filesize
6.0MB

MD5
c29823e428ffdfc15469a38a342c84c0

SHA1
8b6265b2647e61b05a7f7226fd56a78f52e5c3e0

SHA256
f065b7333e6e9d5dc5790960f26615f52353f46a108ded0f199c086d410cf5ee

SHA512
a161d06e41b4d19d9c5f4d78a9ac2cc2a3a9216165d2c652e9643971eed80b1737e03bd48a71e89b2e448d316bd1a26b56aa0883ed66577a574dd82c76240377

Download Submit
C:\Windows\system\WPXdQrJ.exe

Filesize
6.0MB

MD5
82ab17cd1a8a721ac300bcd24e3258d9

SHA1
160b413e00b97f92cc8a945a5f4a8b8e1900c919

SHA256
0977f4084ee6a050fe68128e4c01fbc3edeca7d2d9e2d3b95c658b5e32967853

SHA512
18598475bebc51dfecc13a9588f717cb11192878cd842ba0c345ae7f3db4a1e52c6552cc13d1b3e5d72b6525fe6f2d1f53df84e5f36bfdc17d423ec13061b6b1

Download Submit
C:\Windows\system\XLySeuK.exe

Filesize
6.0MB

MD5
41cd3e55f9ea8670c3f008920a78cdf4

SHA1
cc65372eb942b8b70843b2bceb4cdbf2dfda18a8

SHA256
34c6883afeb53d77257514e01a7ce12ddce168f06cfaa3454081fb9f9b97091c

SHA512
ac6bf0bea3d16358ed00fa5048dc7ab059cdd3e1f5f3ca5b7642cfb78a608a43f50690ce8586e3e0589405fb0e16642499a5bda430dc2ded5612442ce9300562

Download Submit
C:\Windows\system\XgCfkmq.exe

Filesize
6.0MB

MD5
23d20edcd82e34864d6c0095974415ed

SHA1
de28ca167e3b259b6ff5e3dc9d9186702ea99348

SHA256
a5a340463eb44fdff8c7d5dfad50597e8e25f635fcebdb4a91c61b73f9b07d18

SHA512
7020e12a169f14db88ba2eacc40ced7eee624a4fb4b894eced9faab228d8464721a00460d41d683b583237a3e66fbe33709f993d3e70ffc72cf03e5a0a1efd6e

Download Submit
C:\Windows\system\YZdDXHN.exe

Filesize
6.0MB

MD5
f61286c9300c05dea4a6ec3921266c55

SHA1
39fe031909f826885dbd544f1fb877b053fbf9fe

SHA256
55f040180cfaf3d135a4027878851ef02700ed4e4298eef05097b20d8c14066e

SHA512
13efc927b766d6db27722b770a33803ffcbcfdd74085d5dae2747d31e171c519f2123e288900c79a7d24b7182189e849fd98248f5913aacdd23079fb8be02c49

Download Submit
C:\Windows\system\YnqwdCS.exe

Filesize
6.0MB

MD5
10f03a8551a14eb081a0ee6e2ae762dd

SHA1
fd03883e68be0c84495ffa70cd70e30fd1646d96

SHA256
ac6604b1122b5f49f94a6336ac0b750ca01b58e6af11e1f82cec6f12fe0e7e9d

SHA512
7c85337093587a310326f57a59b49ed0a83f79b5f125928c32b45e3b322888ae7d13ebcde64555e80da4abb48d7251cc7533f7052aedba8d1f420ddcba1ec1f5

Download Submit
C:\Windows\system\YsUrUJR.exe

Filesize
8B

MD5
8d102c8b9dcad6ecccfdb8a106567085

SHA1
ccbbb62ce86585ad44e013e6f5284d3fbd102636

SHA256
c958ee5f7dd8c8e21a17662941d2aea112fba85281c1f9a687b05f1cbea124d5

SHA512
41369d6d6d7d8368f3035b90818409c8baec11f52940d23540683f0d6444508b916e54dca16704a555c6f0ca0605170ffedaecb64d2244711492d4effb18d6a4

Download Submit
C:\Windows\system\ZdiNAUs.exe

Filesize
6.0MB

MD5
9615db488cd9d87cdc611c25e2af4a00

SHA1
cd0a1bc10779783051887daaa7266020c097d06b

SHA256
8dfd71a7ba818981ff3903cb787d64a1a0e4aaab05c3372a3ed362b84b57075c

SHA512
5e35c10ee2e05dbbfef787edb84d972784305ed5532da2ca20490e5fd060f65e2d80cd1f3877f798f67cf175fd9e349f1e6c6e26e5ab215017d5b6553e30862d

Download Submit
C:\Windows\system\fjVnyeo.exe

Filesize
6.0MB

MD5
0dde0c3bb50d764ec12bdc5e9c1e0f1e

SHA1
1b766c5fa3dd39b7f9de38637ac8c078e5da9f17

SHA256
9972d7ff90c73dfceb4a8b48a4dc99f87c44e4fa7a1fe2759ce3c294a6e8ff00

SHA512
d3d40b1107ae8454fc1bcd61e7e6acdc16f22f2eb9cbbe7a1d5d46fa4dd40f87a30a1cf0502235214e1fcba9ef92e4d8153b23094b229f24fce9b3db9cb377d4

Download Submit
C:\Windows\system\ipjLNYA.exe

Filesize
6.0MB

MD5
7250b8ac6ffd56cc37bda7e182e8676e

SHA1
f56818c7cdd974c059f38711f87bab85d52daf78

SHA256
afb31731d005eff2e43bd91046b6df0ab2513d69756a6d28ffd8723f4c43f87f

SHA512
fdb94c8c71da2024d8fbbeccf2b3c2261baf9a7382e1fefe6513b7664edd0b83ec423c61a1a0d150a4b7f233c2980e1f76411c8c032c46681ca968d21543bfbd

Download Submit
C:\Windows\system\jnMNRnM.exe

Filesize
6.0MB

MD5
492b9e24aebdb35ae75be7f48ad798c6

SHA1
8a4b8ad157d30b8a7b5ef11f24b70f36f9b8c9e3

SHA256
b166aefdabbd70c68b34a1a04735c56574c0dcf2f996ddf599745cacd79660c4

SHA512
fdade23eef23a1f521727ac13f42d3988e47c5b2c9f329a64e3b7fe229943842832f5def579757e1015624a041f5c0c0d13c1c9afa7f46209f0b60da4e14bc75

Download Submit
C:\Windows\system\kilcdXe.exe

Filesize
6.0MB

MD5
f4e8b307f12b8b479f0cdea3bf016520

SHA1
04f86aee3a01a38dfee9a9f5053b4f67c5883f14

SHA256
dcce5d6a255e59dcfe8c8ff53cba011f917e4bc5c3b11533dd5d5a0bd6d8ce1c

SHA512
a593515f9a537b3a6f0f96f367558c23b428bcce90407515803f49e0afa7cf71b46eefd5589705bcf7fa150ed921e09b9e0be7bedf1f6005e26f85ee32608e8e

Download Submit
C:\Windows\system\kuIRRms.exe

Filesize
6.0MB

MD5
8601f198c5363a9e82a36330561dbeea

SHA1
4bcf214e4f225b794e50019eeda289340b75ec77

SHA256
ec6b968e97b9675f6491bdf0aec9397344e0f3d78b3dc96e78b45223a679c9dd

SHA512
9d383c93332fcb9cafb6f0c40c5cd4950af1202d06a294877af4f9646774be4de9bfb3255b86493e8a9d126248dbe452b5bb8b79ff77064f9a1b8a81211e960b

Download Submit
C:\Windows\system\mgYkgGy.exe

Filesize
6.0MB

MD5
4b6bcb440a73d12e799cb7d5dccf313a

SHA1
05827a9ca5a865dce92d70cb167cd82a00301957

SHA256
8162b954ea51cf861ac8609a975643be1983a79270543d7815800ab55ff01e02

SHA512
76b60c5e00c635340ccb408404c5d8d4967cb1bc9c16028c6a536b23cafc471e0ba00dd535db5e6352b44b5e627dce3d9aaf7f68867f6c3257950fa4bb62b418

Download Submit
C:\Windows\system\rWXOLoj.exe

Filesize
6.0MB

MD5
70401fee9f82400213d33b9e9900a93c

SHA1
0cf0a7901f430a539b7b86f8e50ad89e4fe1812b

SHA256
ef2ad74f8e8ecb8e1353689bd0501c3ab46cd5f75480dbf512560e69c4fb2186

SHA512
1e7ce170885ee2743bd4880b2f2da82686dcf275377cbb99ae33fc8f4bca773eabe6f4aa258d738a853ae5639e357b03292c38ac9c0a6f865ca45dd40f5a61a4

Download Submit
C:\Windows\system\tdVfbSh.exe

Filesize
6.0MB

MD5
f0302d113f21f1f36a15dc24f2003a9f

SHA1
c344b4629de3654f27912d856626d6a95f6f56df

SHA256
c86f6f3055b1f3f9a1a877015a086bdb641bd794e2399f9328ce3d617a8daa5c

SHA512
cc7cb7646db8550d633e374fb47cdf10391791b3119243fa76b2cc968aa1d8f6fb938f93adea1cb09f878c026c56a3241c9135a8d8053f7cc4c4a54f66e2724b

Download Submit
C:\Windows\system\ttSyALg.exe

Filesize
6.0MB

MD5
602da25c7ea5b3898a3cc224826cf143

SHA1
e7e28a6dc850f94c2c1a3967e3f8cd69136c55c5

SHA256
706155ff7027dd383b005a4fba202c1c49c69876164f6438e993f356976697da

SHA512
ecf03a8dae54727a733b56387582560adf4b142749c577d32726e94dba988fcba64f887b6cce9a381a662cfd0fe205db396d1eaaf1e811593385bf01a5b787cb

Download Submit
C:\Windows\system\uYyykRR.exe

Filesize
6.0MB

MD5
ab2f1a4a0f19d30d67121f6fa5f7f69e

SHA1
c5a3a0232090e45867efd2bd55c15bb95e22e394

SHA256
4ed25673a8652e104290a72eb5b22406c4c9f2ec085d0a804dd3cb04439e9e61

SHA512
a38246e0d90c77743fab8b8f07995c77b332410b729ae82588bc27015cb8eedf4415514cf11111fbeb7a6a1210f195bfa50278cccb6b313c0fab94152aed7e4f

Download Submit
C:\Windows\system\uwXCAbt.exe

Filesize
6.0MB

MD5
abcdd7f12cd3beef089daab1e4f8a48e

SHA1
bbc59d23a317d4ef971ddf3bb5ba740b99fd2e85

SHA256
517fbbd8c30678dfff5fe602c908c37305a782dc9c203a1c4081898938b288ec

SHA512
f090fe4e30976b62fee765837e180abe4d95f020242706f6b6530858ac72438ef4f1d4d945000882daf9a7e46e8fcedad35253e74abbae16ceb048b5c6205227

Download Submit
C:\Windows\system\xGIrsRX.exe

Filesize
6.0MB

MD5
1a8a752693a08d80044e4f0d6107e921

SHA1
2f2ddce357a82ddaa71d5250dae1ece3d8fb100f

SHA256
bb97f1c1c699b43263fc7af46b525ec63d3c60588f87341cd1ce271131c33edc

SHA512
e9ebf70a93c177d75a1d55e133b6e906d6a054e430a84a2e891aaa7a1688840285b843af4a674eb7610b72913fa9e28c30faac8e53f4215904f16d6232b6ebaa

Download Submit
C:\Windows\system\zfVDxrk.exe

Filesize
6.0MB

MD5
4a21362f9ddf40d275169bed83ff72c8

SHA1
faa43f2a48a91c9ba29d9dca4f2dc53933ea2133

SHA256
cf10bcba15dbdd61ec80cb2fa7a8f90865636a436ae87491f5209456316aa510

SHA512
8d969898104f60116ab17149d6dfd915b02cdf257e7b40ee9a6bab14adbd89a5b3921449c5734fcbf26711401d52dbe65374d29a03f1b8175bb8f387154b17bf

Download Submit
\Windows\system\RaBoqBu.exe

Filesize
6.0MB

MD5
b39d5dd4cc204f7a94f083aecf7028d3

SHA1
7a7bca53dd2b45222053927906af4e6024cb984b

SHA256
74aad82a8ae3c2177df9febce4e2082c7e1aaf37abcab41a6c6e8f88b29e72eb

SHA512
d3cf706694818b871788a511d815c41d335555ba42c7d8616a7ff7e412af89be73e57bf6a0b5efe9f03787707c7f3b929a4d76875111a7297951076455db3582

Download Submit
\Windows\system\SzdCgzX.exe

Filesize
6.0MB

MD5
00993f8ff696bb9414a72152a4851db9

SHA1
1a6397b833bcbf5c8dfb2b3bc48d52526de406e7

SHA256
b0cfe17da337588cad8cd3dd717ae8fdbc95c019926b19e2403d9f9ce3eff435

SHA512
9da0c366d558ddb3f1ed04c67a8fafdbf52d13e7d8dcd16270fb30d4692c2ccd109dc7c262aeee042454759c29e0af2e3faf15955ba6c2579d5972452ca8e4ef

Download Submit
\Windows\system\XZSllpa.exe

Filesize
6.0MB

MD5
5398a28e8edbc913fa6904fecb3e220d

SHA1
443180bcc9dd4c7b7e0fd6f1e99241d49c5748d5

SHA256
173658b1e2c3433a435c4e2eec8c68a54b0a5c797f3f9bb360f75b370d09ab9a

SHA512
1ccc75192327356c1c2e3da275b5b3ff4d18d877d74dc62a70a5dfe240c3c78cfa72858fc0c7955e4f77f31278fa26a0cf447dafb9c2459e56ef5bedd51b7295

Download Submit
memory/596-3564-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/596-128-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/628-3546-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/628-121-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/1680-126-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-3585-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-120-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/1860-766-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/1860-129-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-0-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/1860-114-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/1860-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1860-8-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-110-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/1860-17-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/1860-21-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/1860-36-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/1860-587-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/1860-122-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/1860-112-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/1860-109-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/1860-127-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/1860-51-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/1860-29-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-41-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/1860-776-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/1860-43-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/1860-767-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2444-9-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-3541-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-113-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2516-3542-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2556-111-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2556-3587-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2576-3586-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2576-118-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2592-133-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2592-3525-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2592-23-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2664-3553-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2664-130-0x000000013F3B0000-0x000000013F704000-memory.dmp

Filesize
3.3MB

Download
memory/2704-3521-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2704-45-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2704-390-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3517-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-35-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-3574-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2840-52-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2892-3518-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2892-37-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/3040-108-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/3040-19-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/3040-3581-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download