cobaltstrike | 038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
23-12-2024 16:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
Size

6.0MB
MD5

91ec0cbd5362cbb7cd1263ed267ff921
SHA1

1a6388114c44310e4b7a391522e59cb636efd479
SHA256

038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c
SHA512

dae3a49a0409636825bdf80c8c39334063355ad3538cfd6210a2ca15b372892de83f05b1f9b6378286c2ed9205c0ead89b1484a79c8bbf46564076649d2bf747
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUR:eOl56utgpPF8u/7R

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b00000001225e-6.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001930d-16.dat	cobalt_reflective_dll
behavioral1/files/0x000b00000001926b-10.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001932d-22.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001933b-33.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019374-38.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193b5-49.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001939b-44.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09e-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a427-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a499-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-196.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-186.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a9-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-179.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48d-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48b-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a359-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a307-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07e-107.dat	cobalt_reflective_dll
behavioral1/files/0x0036000000019240-98.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a075-92.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f94-82.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dbf-63.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f8a-69.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193b3-62.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2188-0-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/files/0x000b00000001225e-6.dat	xmrig
behavioral1/memory/2692-8-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/files/0x000700000001930d-16.dat	xmrig
behavioral1/memory/2796-21-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2876-19-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/files/0x000b00000001926b-10.dat	xmrig
behavioral1/files/0x000700000001932d-22.dat	xmrig
behavioral1/files/0x000600000001933b-33.dat	xmrig
behavioral1/files/0x0006000000019374-38.dat	xmrig
behavioral1/files/0x00070000000193b5-49.dat	xmrig
behavioral1/files/0x000600000001939b-44.dat	xmrig
behavioral1/memory/2656-65-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2724-72-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2216-95-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a09e-110.dat	xmrig
behavioral1/files/0x000500000001a427-145.dat	xmrig
behavioral1/files/0x000500000001a499-168.dat	xmrig
behavioral1/memory/1520-1006-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2188-1226-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2188-763-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2424-506-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/1516-262-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4b5-196.dat	xmrig
behavioral1/files/0x000500000001a4b3-190.dat	xmrig
behavioral1/files/0x000500000001a4b1-186.dat	xmrig
behavioral1/files/0x000500000001a4a9-176.dat	xmrig
behavioral1/files/0x000500000001a4af-179.dat	xmrig
behavioral1/files/0x000500000001a48d-165.dat	xmrig
behavioral1/files/0x000500000001a46f-155.dat	xmrig
behavioral1/files/0x000500000001a41d-136.dat	xmrig
behavioral1/files/0x000500000001a48b-160.dat	xmrig
behavioral1/files/0x000500000001a42d-150.dat	xmrig
behavioral1/files/0x000500000001a41e-140.dat	xmrig
behavioral1/files/0x000500000001a359-126.dat	xmrig
behavioral1/files/0x000500000001a41b-130.dat	xmrig
behavioral1/memory/2656-113-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2188-118-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a307-117.dat	xmrig
behavioral1/memory/2784-109-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/files/0x000500000001a07e-107.dat	xmrig
behavioral1/memory/2600-102-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/1520-101-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/files/0x0036000000019240-98.dat	xmrig
behavioral1/memory/2188-94-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a075-92.dat	xmrig
behavioral1/memory/2628-86-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2424-85-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2972-83-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/files/0x0005000000019f94-82.dat	xmrig
behavioral1/memory/2896-66-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2784-64-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/files/0x0005000000019dbf-63.dat	xmrig
behavioral1/files/0x0005000000019f8a-69.dat	xmrig
behavioral1/files/0x00070000000193b3-62.dat	xmrig
behavioral1/memory/2876-61-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2600-60-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2796-59-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2628-48-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2972-40-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2724-35-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2188-34-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2896-31-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2784-4168-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2692	CtyDYDi.exe
2876	ltamkym.exe
2796	MnDvIaz.exe
2896	BglGNEO.exe
2724	KQmrkln.exe
2972	uRKpumB.exe
2628	XfFGyyL.exe
2600	qBsoJSP.exe
2784	lzAvzyB.exe
2656	Jusdzax.exe
1516	tzaywZV.exe
2424	pBspILw.exe
2216	UNZYsOM.exe
1520	pHIJUzq.exe
904	EcBZqxF.exe
2848	WVvJKPU.exe
568	CZEhUzc.exe
996	tfrNdFb.exe
804	nNhmMsv.exe
2060	CnojrJL.exe
2948	FhOuCnN.exe
1548	OSIucPq.exe
948	zyEgPHt.exe
332	SYWhLIf.exe
772	zlnNGDC.exe
2016	SjpVjIy.exe
944	lqwvkBJ.exe
2464	HsZNUeh.exe
832	MmvgASK.exe
1616	fAHyeAe.exe
824	jTKHVtD.exe
1244	pQNofTo.exe
1188	prxIqBj.exe
2928	oxUIVES.exe
1684	Hekhvfz.exe
2104	loOHizF.exe
1676	tMLxBnh.exe
264	kWXizhg.exe
2180	ijzmjAe.exe
1536	cdnhhvw.exe
1992	dyWOgfC.exe
3012	vgYQBWu.exe
2300	WXhNlXQ.exe
1656	XSEXADE.exe
1220	LKPUsCU.exe
316	hKzbsdL.exe
1672	RltozLk.exe
652	BhZAJWO.exe
1928	FnuMCZK.exe
1488	AzSXiur.exe
1596	FVJgMgv.exe
2588	lGNNJmJ.exe
2712	PjOTsuM.exe
2864	UnSBAQm.exe
2652	YHRWZiY.exe
1844	vQODoXK.exe
1980	rSudZAI.exe
900	DticKId.exe
1868	GpihOfB.exe
2820	ZbrkHiL.exe
2168	NjbxoRD.exe
2476	wAKLYlb.exe
328	KLMKzoX.exe
448	ARVDGcV.exe

Loads dropped DLL 64 IoCs

pid	Process
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2188-0-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/files/0x000b00000001225e-6.dat	upx
behavioral1/memory/2692-8-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/files/0x000700000001930d-16.dat	upx
behavioral1/memory/2796-21-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2876-19-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/files/0x000b00000001926b-10.dat	upx
behavioral1/files/0x000700000001932d-22.dat	upx
behavioral1/files/0x000600000001933b-33.dat	upx
behavioral1/files/0x0006000000019374-38.dat	upx
behavioral1/files/0x00070000000193b5-49.dat	upx
behavioral1/files/0x000600000001939b-44.dat	upx
behavioral1/memory/2656-65-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2724-72-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2216-95-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/files/0x000500000001a09e-110.dat	upx
behavioral1/files/0x000500000001a427-145.dat	upx
behavioral1/files/0x000500000001a499-168.dat	upx
behavioral1/memory/1520-1006-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2424-506-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/1516-262-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/files/0x000500000001a4b5-196.dat	upx
behavioral1/files/0x000500000001a4b3-190.dat	upx
behavioral1/files/0x000500000001a4b1-186.dat	upx
behavioral1/files/0x000500000001a4a9-176.dat	upx
behavioral1/files/0x000500000001a4af-179.dat	upx
behavioral1/files/0x000500000001a48d-165.dat	upx
behavioral1/files/0x000500000001a46f-155.dat	upx
behavioral1/files/0x000500000001a41d-136.dat	upx
behavioral1/files/0x000500000001a48b-160.dat	upx
behavioral1/files/0x000500000001a42d-150.dat	upx
behavioral1/files/0x000500000001a41e-140.dat	upx
behavioral1/files/0x000500000001a359-126.dat	upx
behavioral1/files/0x000500000001a41b-130.dat	upx
behavioral1/memory/2656-113-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/files/0x000500000001a307-117.dat	upx
behavioral1/memory/2784-109-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/files/0x000500000001a07e-107.dat	upx
behavioral1/memory/2600-102-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/1520-101-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/files/0x0036000000019240-98.dat	upx
behavioral1/files/0x000500000001a075-92.dat	upx
behavioral1/memory/2628-86-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2424-85-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2972-83-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/files/0x0005000000019f94-82.dat	upx
behavioral1/memory/2896-66-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2784-64-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/files/0x0005000000019dbf-63.dat	upx
behavioral1/files/0x0005000000019f8a-69.dat	upx
behavioral1/files/0x00070000000193b3-62.dat	upx
behavioral1/memory/2876-61-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2600-60-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2796-59-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2628-48-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2972-40-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2724-35-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2188-34-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2896-31-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2784-4168-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2972-4167-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/1520-4170-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2424-4169-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2656-4166-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\UgGUFjX.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\XFMcrfP.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\prxIqBj.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\ikgxmss.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\IzfMwiW.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\EjWuXnZ.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\DfpEeMj.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\ztOHJZX.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\iuLgyxe.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\JqxDxQk.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\XkVNNpI.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\kLMWvby.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\jTkKsyN.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\OagnzaK.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\INvWrZR.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\bzQHxmy.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\KjNTmVu.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\wWXgncX.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\NEfxodZ.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\vueGnUV.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\qLCzaAB.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\IBeiaph.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\oRLKHxH.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\lRVljOd.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\CniLhvN.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\eyJycOZ.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\OvgcYTV.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\vdNjUyd.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\qvVdWnF.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\OrkbyDx.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\zQDIYeH.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\iPvgrPB.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\PMRFgEa.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\uEJIxHW.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\yJpVFIz.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\AtZieEz.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\nRizgtE.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\nranaXx.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\MhDaDsa.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\kGpsLRh.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\vWLCjNI.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\Rckawey.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\IciEoGN.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\HBcBLQM.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\VuHFOZl.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\TNrbVgM.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\hxJlEYv.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\UkNCejC.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\NrJPJUs.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\dBxypMg.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\GKyRgEY.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\dTZusbe.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\kZzmsbH.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\SWnyRKe.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\AbuleBS.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\jIYjOge.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\sJfewUn.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\lLRiaVS.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\RcozJwp.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\uDpMIHE.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\vivJclW.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\PuHRJjA.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\wOABBSd.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
File created	C:\Windows\System\cipubPA.exe	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2692	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	31
PID 2188 wrote to memory of 2692	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	31
PID 2188 wrote to memory of 2692	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	31
PID 2188 wrote to memory of 2796	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	32
PID 2188 wrote to memory of 2796	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	32
PID 2188 wrote to memory of 2796	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	32
PID 2188 wrote to memory of 2876	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	33
PID 2188 wrote to memory of 2876	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	33
PID 2188 wrote to memory of 2876	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	33
PID 2188 wrote to memory of 2896	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	34
PID 2188 wrote to memory of 2896	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	34
PID 2188 wrote to memory of 2896	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	34
PID 2188 wrote to memory of 2724	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	35
PID 2188 wrote to memory of 2724	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	35
PID 2188 wrote to memory of 2724	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	35
PID 2188 wrote to memory of 2972	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	36
PID 2188 wrote to memory of 2972	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	36
PID 2188 wrote to memory of 2972	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	36
PID 2188 wrote to memory of 2628	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	37
PID 2188 wrote to memory of 2628	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	37
PID 2188 wrote to memory of 2628	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	37
PID 2188 wrote to memory of 2784	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	38
PID 2188 wrote to memory of 2784	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	38
PID 2188 wrote to memory of 2784	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	38
PID 2188 wrote to memory of 2600	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	39
PID 2188 wrote to memory of 2600	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	39
PID 2188 wrote to memory of 2600	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	39
PID 2188 wrote to memory of 2656	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	40
PID 2188 wrote to memory of 2656	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	40
PID 2188 wrote to memory of 2656	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	40
PID 2188 wrote to memory of 1516	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	41
PID 2188 wrote to memory of 1516	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	41
PID 2188 wrote to memory of 1516	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	41
PID 2188 wrote to memory of 2424	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	42
PID 2188 wrote to memory of 2424	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	42
PID 2188 wrote to memory of 2424	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	42
PID 2188 wrote to memory of 2216	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	43
PID 2188 wrote to memory of 2216	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	43
PID 2188 wrote to memory of 2216	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	43
PID 2188 wrote to memory of 1520	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	44
PID 2188 wrote to memory of 1520	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	44
PID 2188 wrote to memory of 1520	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	44
PID 2188 wrote to memory of 904	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	45
PID 2188 wrote to memory of 904	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	45
PID 2188 wrote to memory of 904	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	45
PID 2188 wrote to memory of 568	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	46
PID 2188 wrote to memory of 568	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	46
PID 2188 wrote to memory of 568	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	46
PID 2188 wrote to memory of 2848	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	47
PID 2188 wrote to memory of 2848	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	47
PID 2188 wrote to memory of 2848	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	47
PID 2188 wrote to memory of 996	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	48
PID 2188 wrote to memory of 996	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	48
PID 2188 wrote to memory of 996	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	48
PID 2188 wrote to memory of 804	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	49
PID 2188 wrote to memory of 804	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	49
PID 2188 wrote to memory of 804	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	49
PID 2188 wrote to memory of 2060	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	50
PID 2188 wrote to memory of 2060	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	50
PID 2188 wrote to memory of 2060	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	50
PID 2188 wrote to memory of 2948	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	51
PID 2188 wrote to memory of 2948	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	51
PID 2188 wrote to memory of 2948	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	51
PID 2188 wrote to memory of 1548	2188	JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe	52

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_038b8e70d7795397dd91336ddc719c8720317514db8adfdc6fd2825348f1905c.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\System\CtyDYDi.exe
  C:\Windows\System\CtyDYDi.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\MnDvIaz.exe
  C:\Windows\System\MnDvIaz.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\ltamkym.exe
  C:\Windows\System\ltamkym.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\BglGNEO.exe
  C:\Windows\System\BglGNEO.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\KQmrkln.exe
  C:\Windows\System\KQmrkln.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\uRKpumB.exe
  C:\Windows\System\uRKpumB.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\XfFGyyL.exe
  C:\Windows\System\XfFGyyL.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\lzAvzyB.exe
  C:\Windows\System\lzAvzyB.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\qBsoJSP.exe
  C:\Windows\System\qBsoJSP.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\Jusdzax.exe
  C:\Windows\System\Jusdzax.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\tzaywZV.exe
  C:\Windows\System\tzaywZV.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\pBspILw.exe
  C:\Windows\System\pBspILw.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\UNZYsOM.exe
  C:\Windows\System\UNZYsOM.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\pHIJUzq.exe
  C:\Windows\System\pHIJUzq.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\EcBZqxF.exe
  C:\Windows\System\EcBZqxF.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\CZEhUzc.exe
  C:\Windows\System\CZEhUzc.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\WVvJKPU.exe
  C:\Windows\System\WVvJKPU.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\tfrNdFb.exe
  C:\Windows\System\tfrNdFb.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\nNhmMsv.exe
  C:\Windows\System\nNhmMsv.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\CnojrJL.exe
  C:\Windows\System\CnojrJL.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\FhOuCnN.exe
  C:\Windows\System\FhOuCnN.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\OSIucPq.exe
  C:\Windows\System\OSIucPq.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\zyEgPHt.exe
  C:\Windows\System\zyEgPHt.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\SYWhLIf.exe
  C:\Windows\System\SYWhLIf.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\zlnNGDC.exe
  C:\Windows\System\zlnNGDC.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\SjpVjIy.exe
  C:\Windows\System\SjpVjIy.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\lqwvkBJ.exe
  C:\Windows\System\lqwvkBJ.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\HsZNUeh.exe
  C:\Windows\System\HsZNUeh.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\MmvgASK.exe
  C:\Windows\System\MmvgASK.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\fAHyeAe.exe
  C:\Windows\System\fAHyeAe.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\jTKHVtD.exe
  C:\Windows\System\jTKHVtD.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\pQNofTo.exe
  C:\Windows\System\pQNofTo.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\prxIqBj.exe
  C:\Windows\System\prxIqBj.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\oxUIVES.exe
  C:\Windows\System\oxUIVES.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\Hekhvfz.exe
  C:\Windows\System\Hekhvfz.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\loOHizF.exe
  C:\Windows\System\loOHizF.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\tMLxBnh.exe
  C:\Windows\System\tMLxBnh.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\kWXizhg.exe
  C:\Windows\System\kWXizhg.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\ijzmjAe.exe
  C:\Windows\System\ijzmjAe.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\cdnhhvw.exe
  C:\Windows\System\cdnhhvw.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\dyWOgfC.exe
  C:\Windows\System\dyWOgfC.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\vgYQBWu.exe
  C:\Windows\System\vgYQBWu.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\WXhNlXQ.exe
  C:\Windows\System\WXhNlXQ.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\XSEXADE.exe
  C:\Windows\System\XSEXADE.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\LKPUsCU.exe
  C:\Windows\System\LKPUsCU.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\hKzbsdL.exe
  C:\Windows\System\hKzbsdL.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\RltozLk.exe
  C:\Windows\System\RltozLk.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\BhZAJWO.exe
  C:\Windows\System\BhZAJWO.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\FnuMCZK.exe
  C:\Windows\System\FnuMCZK.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\AzSXiur.exe
  C:\Windows\System\AzSXiur.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\FVJgMgv.exe
  C:\Windows\System\FVJgMgv.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\PjOTsuM.exe
  C:\Windows\System\PjOTsuM.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\lGNNJmJ.exe
  C:\Windows\System\lGNNJmJ.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\UnSBAQm.exe
  C:\Windows\System\UnSBAQm.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\YHRWZiY.exe
  C:\Windows\System\YHRWZiY.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\rSudZAI.exe
  C:\Windows\System\rSudZAI.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\vQODoXK.exe
  C:\Windows\System\vQODoXK.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\DticKId.exe
  C:\Windows\System\DticKId.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\GpihOfB.exe
  C:\Windows\System\GpihOfB.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\ZbrkHiL.exe
  C:\Windows\System\ZbrkHiL.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\NjbxoRD.exe
  C:\Windows\System\NjbxoRD.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\KLMKzoX.exe
  C:\Windows\System\KLMKzoX.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\wAKLYlb.exe
  C:\Windows\System\wAKLYlb.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\ARVDGcV.exe
  C:\Windows\System\ARVDGcV.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\NmyNlRH.exe
  C:\Windows\System\NmyNlRH.exe
  2⤵
  PID:1920
- C:\Windows\System\uDpMIHE.exe
  C:\Windows\System\uDpMIHE.exe
  2⤵
  PID:536
- C:\Windows\System\bDdIXpQ.exe
  C:\Windows\System\bDdIXpQ.exe
  2⤵
  PID:972
- C:\Windows\System\KXtlpFP.exe
  C:\Windows\System\KXtlpFP.exe
  2⤵
  PID:600
- C:\Windows\System\hypamUN.exe
  C:\Windows\System\hypamUN.exe
  2⤵
  PID:288
- C:\Windows\System\knPJeol.exe
  C:\Windows\System\knPJeol.exe
  2⤵
  PID:2912
- C:\Windows\System\NTuWozs.exe
  C:\Windows\System\NTuWozs.exe
  2⤵
  PID:1600
- C:\Windows\System\DfDlmYd.exe
  C:\Windows\System\DfDlmYd.exe
  2⤵
  PID:1620
- C:\Windows\System\ikgxmss.exe
  C:\Windows\System\ikgxmss.exe
  2⤵
  PID:2244
- C:\Windows\System\ECDYBYo.exe
  C:\Windows\System\ECDYBYo.exe
  2⤵
  PID:2272
- C:\Windows\System\INvWrZR.exe
  C:\Windows\System\INvWrZR.exe
  2⤵
  PID:2520
- C:\Windows\System\MCGylub.exe
  C:\Windows\System\MCGylub.exe
  2⤵
  PID:2508
- C:\Windows\System\kORgdYL.exe
  C:\Windows\System\kORgdYL.exe
  2⤵
  PID:2304
- C:\Windows\System\ATxKccl.exe
  C:\Windows\System\ATxKccl.exe
  2⤵
  PID:880
- C:\Windows\System\NdROzrU.exe
  C:\Windows\System\NdROzrU.exe
  2⤵
  PID:1216
- C:\Windows\System\TNrbVgM.exe
  C:\Windows\System\TNrbVgM.exe
  2⤵
  PID:1456
- C:\Windows\System\bnKxeBY.exe
  C:\Windows\System\bnKxeBY.exe
  2⤵
  PID:2532
- C:\Windows\System\CXZOnNF.exe
  C:\Windows\System\CXZOnNF.exe
  2⤵
  PID:2868
- C:\Windows\System\aVmzlLk.exe
  C:\Windows\System\aVmzlLk.exe
  2⤵
  PID:2384
- C:\Windows\System\vZxmQDy.exe
  C:\Windows\System\vZxmQDy.exe
  2⤵
  PID:2436
- C:\Windows\System\GXUMmYa.exe
  C:\Windows\System\GXUMmYa.exe
  2⤵
  PID:2512
- C:\Windows\System\yyRMfZe.exe
  C:\Windows\System\yyRMfZe.exe
  2⤵
  PID:3056
- C:\Windows\System\ztOHJZX.exe
  C:\Windows\System\ztOHJZX.exe
  2⤵
  PID:1884
- C:\Windows\System\OQBoRhr.exe
  C:\Windows\System\OQBoRhr.exe
  2⤵
  PID:2220
- C:\Windows\System\nvDcPlQ.exe
  C:\Windows\System\nvDcPlQ.exe
  2⤵
  PID:3088
- C:\Windows\System\skhxJNO.exe
  C:\Windows\System\skhxJNO.exe
  2⤵
  PID:3112
- C:\Windows\System\QhPYrPi.exe
  C:\Windows\System\QhPYrPi.exe
  2⤵
  PID:3128
- C:\Windows\System\aIkJFXF.exe
  C:\Windows\System\aIkJFXF.exe
  2⤵
  PID:3148
- C:\Windows\System\OGLXsjJ.exe
  C:\Windows\System\OGLXsjJ.exe
  2⤵
  PID:3176
- C:\Windows\System\QvwetOG.exe
  C:\Windows\System\QvwetOG.exe
  2⤵
  PID:3196
- C:\Windows\System\SVpJwDT.exe
  C:\Windows\System\SVpJwDT.exe
  2⤵
  PID:3212
- C:\Windows\System\vkXtOKb.exe
  C:\Windows\System\vkXtOKb.exe
  2⤵
  PID:3232
- C:\Windows\System\WqZvyRt.exe
  C:\Windows\System\WqZvyRt.exe
  2⤵
  PID:3248
- C:\Windows\System\mzwLoIS.exe
  C:\Windows\System\mzwLoIS.exe
  2⤵
  PID:3268
- C:\Windows\System\wHdSalo.exe
  C:\Windows\System\wHdSalo.exe
  2⤵
  PID:3288
- C:\Windows\System\fQjYJRw.exe
  C:\Windows\System\fQjYJRw.exe
  2⤵
  PID:3308
- C:\Windows\System\iLWxJrb.exe
  C:\Windows\System\iLWxJrb.exe
  2⤵
  PID:3324
- C:\Windows\System\kGpsLRh.exe
  C:\Windows\System\kGpsLRh.exe
  2⤵
  PID:3344
- C:\Windows\System\oPPuXAT.exe
  C:\Windows\System\oPPuXAT.exe
  2⤵
  PID:3360
- C:\Windows\System\JSYCQAO.exe
  C:\Windows\System\JSYCQAO.exe
  2⤵
  PID:3396
- C:\Windows\System\GkFaugX.exe
  C:\Windows\System\GkFaugX.exe
  2⤵
  PID:3416
- C:\Windows\System\HALzJNe.exe
  C:\Windows\System\HALzJNe.exe
  2⤵
  PID:3436
- C:\Windows\System\HNzJfPl.exe
  C:\Windows\System\HNzJfPl.exe
  2⤵
  PID:3452
- C:\Windows\System\yOlArDX.exe
  C:\Windows\System\yOlArDX.exe
  2⤵
  PID:3476
- C:\Windows\System\GUyClEG.exe
  C:\Windows\System\GUyClEG.exe
  2⤵
  PID:3492
- C:\Windows\System\sFSMVGv.exe
  C:\Windows\System\sFSMVGv.exe
  2⤵
  PID:3516
- C:\Windows\System\JjKqrEW.exe
  C:\Windows\System\JjKqrEW.exe
  2⤵
  PID:3536
- C:\Windows\System\YmcagQC.exe
  C:\Windows\System\YmcagQC.exe
  2⤵
  PID:3552
- C:\Windows\System\IOeBlxg.exe
  C:\Windows\System\IOeBlxg.exe
  2⤵
  PID:3576
- C:\Windows\System\somjJsE.exe
  C:\Windows\System\somjJsE.exe
  2⤵
  PID:3596
- C:\Windows\System\bzQHxmy.exe
  C:\Windows\System\bzQHxmy.exe
  2⤵
  PID:3616
- C:\Windows\System\teFPveh.exe
  C:\Windows\System\teFPveh.exe
  2⤵
  PID:3632
- C:\Windows\System\nUnbTAL.exe
  C:\Windows\System\nUnbTAL.exe
  2⤵
  PID:3656
- C:\Windows\System\DUrVmgv.exe
  C:\Windows\System\DUrVmgv.exe
  2⤵
  PID:3676
- C:\Windows\System\ppCdAzG.exe
  C:\Windows\System\ppCdAzG.exe
  2⤵
  PID:3692
- C:\Windows\System\KAuarcq.exe
  C:\Windows\System\KAuarcq.exe
  2⤵
  PID:3712
- C:\Windows\System\DVNiqyY.exe
  C:\Windows\System\DVNiqyY.exe
  2⤵
  PID:3728
- C:\Windows\System\upmoOnq.exe
  C:\Windows\System\upmoOnq.exe
  2⤵
  PID:3748
- C:\Windows\System\KwQrjHM.exe
  C:\Windows\System\KwQrjHM.exe
  2⤵
  PID:3768
- C:\Windows\System\kOIkxXr.exe
  C:\Windows\System\kOIkxXr.exe
  2⤵
  PID:3792
- C:\Windows\System\LydDgdx.exe
  C:\Windows\System\LydDgdx.exe
  2⤵
  PID:3808
- C:\Windows\System\PlsCoOn.exe
  C:\Windows\System\PlsCoOn.exe
  2⤵
  PID:3832
- C:\Windows\System\dPKPzBh.exe
  C:\Windows\System\dPKPzBh.exe
  2⤵
  PID:3852
- C:\Windows\System\oZLgHnE.exe
  C:\Windows\System\oZLgHnE.exe
  2⤵
  PID:3876
- C:\Windows\System\YBfaVLX.exe
  C:\Windows\System\YBfaVLX.exe
  2⤵
  PID:3896
- C:\Windows\System\kfLKsvY.exe
  C:\Windows\System\kfLKsvY.exe
  2⤵
  PID:3912
- C:\Windows\System\LqAIjyn.exe
  C:\Windows\System\LqAIjyn.exe
  2⤵
  PID:3932
- C:\Windows\System\iNbHXNj.exe
  C:\Windows\System\iNbHXNj.exe
  2⤵
  PID:3952
- C:\Windows\System\zhAatmk.exe
  C:\Windows\System\zhAatmk.exe
  2⤵
  PID:3968
- C:\Windows\System\iURYGKs.exe
  C:\Windows\System\iURYGKs.exe
  2⤵
  PID:3988
- C:\Windows\System\LSdRdcl.exe
  C:\Windows\System\LSdRdcl.exe
  2⤵
  PID:4012
- C:\Windows\System\TuGkyIR.exe
  C:\Windows\System\TuGkyIR.exe
  2⤵
  PID:4044
- C:\Windows\System\DOiMhNd.exe
  C:\Windows\System\DOiMhNd.exe
  2⤵
  PID:4060
- C:\Windows\System\NByjcIM.exe
  C:\Windows\System\NByjcIM.exe
  2⤵
  PID:4080
- C:\Windows\System\HTQzbGP.exe
  C:\Windows\System\HTQzbGP.exe
  2⤵
  PID:2932
- C:\Windows\System\seiGpaa.exe
  C:\Windows\System\seiGpaa.exe
  2⤵
  PID:2096
- C:\Windows\System\umdgetA.exe
  C:\Windows\System\umdgetA.exe
  2⤵
  PID:2832
- C:\Windows\System\PVfoWBU.exe
  C:\Windows\System\PVfoWBU.exe
  2⤵
  PID:1900
- C:\Windows\System\jQnObxw.exe
  C:\Windows\System\jQnObxw.exe
  2⤵
  PID:1704
- C:\Windows\System\nKWNDex.exe
  C:\Windows\System\nKWNDex.exe
  2⤵
  PID:2524
- C:\Windows\System\QkaIonF.exe
  C:\Windows\System\QkaIonF.exe
  2⤵
  PID:776
- C:\Windows\System\iPvgrPB.exe
  C:\Windows\System\iPvgrPB.exe
  2⤵
  PID:1796
- C:\Windows\System\XanBWxl.exe
  C:\Windows\System\XanBWxl.exe
  2⤵
  PID:988
- C:\Windows\System\jaEgnmd.exe
  C:\Windows\System\jaEgnmd.exe
  2⤵
  PID:3052
- C:\Windows\System\ygeTDew.exe
  C:\Windows\System\ygeTDew.exe
  2⤵
  PID:876
- C:\Windows\System\qJzNBHV.exe
  C:\Windows\System\qJzNBHV.exe
  2⤵
  PID:2672
- C:\Windows\System\xORNSmI.exe
  C:\Windows\System\xORNSmI.exe
  2⤵
  PID:2776
- C:\Windows\System\dHnjUsA.exe
  C:\Windows\System\dHnjUsA.exe
  2⤵
  PID:1052
- C:\Windows\System\PTtbygK.exe
  C:\Windows\System\PTtbygK.exe
  2⤵
  PID:3096
- C:\Windows\System\BhJekJA.exe
  C:\Windows\System\BhJekJA.exe
  2⤵
  PID:1484
- C:\Windows\System\qLFCrVy.exe
  C:\Windows\System\qLFCrVy.exe
  2⤵
  PID:3140
- C:\Windows\System\ttIIsnR.exe
  C:\Windows\System\ttIIsnR.exe
  2⤵
  PID:3124
- C:\Windows\System\IzfMwiW.exe
  C:\Windows\System\IzfMwiW.exe
  2⤵
  PID:3172
- C:\Windows\System\jkamPEy.exe
  C:\Windows\System\jkamPEy.exe
  2⤵
  PID:3228
- C:\Windows\System\KuKjCGa.exe
  C:\Windows\System\KuKjCGa.exe
  2⤵
  PID:3296
- C:\Windows\System\JAJvamg.exe
  C:\Windows\System\JAJvamg.exe
  2⤵
  PID:3280
- C:\Windows\System\PeHOllv.exe
  C:\Windows\System\PeHOllv.exe
  2⤵
  PID:3204
- C:\Windows\System\jpwUFDx.exe
  C:\Windows\System\jpwUFDx.exe
  2⤵
  PID:3240
- C:\Windows\System\AbuleBS.exe
  C:\Windows\System\AbuleBS.exe
  2⤵
  PID:3380
- C:\Windows\System\KeWQbUy.exe
  C:\Windows\System\KeWQbUy.exe
  2⤵
  PID:3404
- C:\Windows\System\JtpBmFz.exe
  C:\Windows\System\JtpBmFz.exe
  2⤵
  PID:3428
- C:\Windows\System\xsgFeeC.exe
  C:\Windows\System\xsgFeeC.exe
  2⤵
  PID:3464
- C:\Windows\System\mYdQdJU.exe
  C:\Windows\System\mYdQdJU.exe
  2⤵
  PID:3488
- C:\Windows\System\csFksgC.exe
  C:\Windows\System\csFksgC.exe
  2⤵
  PID:3532
- C:\Windows\System\HlCRHek.exe
  C:\Windows\System\HlCRHek.exe
  2⤵
  PID:3584
- C:\Windows\System\yDVwpuf.exe
  C:\Windows\System\yDVwpuf.exe
  2⤵
  PID:3628
- C:\Windows\System\vGkLNag.exe
  C:\Windows\System\vGkLNag.exe
  2⤵
  PID:3612
- C:\Windows\System\PJgYQPK.exe
  C:\Windows\System\PJgYQPK.exe
  2⤵
  PID:3652
- C:\Windows\System\gDTVSYF.exe
  C:\Windows\System\gDTVSYF.exe
  2⤵
  PID:3704
- C:\Windows\System\YfLBJrJ.exe
  C:\Windows\System\YfLBJrJ.exe
  2⤵
  PID:3720
- C:\Windows\System\NzAYGsr.exe
  C:\Windows\System\NzAYGsr.exe
  2⤵
  PID:3780
- C:\Windows\System\pHndkYw.exe
  C:\Windows\System\pHndkYw.exe
  2⤵
  PID:3760
- C:\Windows\System\EQrNGtS.exe
  C:\Windows\System\EQrNGtS.exe
  2⤵
  PID:3724
- C:\Windows\System\EClTQJb.exe
  C:\Windows\System\EClTQJb.exe
  2⤵
  PID:3844
- C:\Windows\System\vqzbmvS.exe
  C:\Windows\System\vqzbmvS.exe
  2⤵
  PID:3940
- C:\Windows\System\xEYvaeB.exe
  C:\Windows\System\xEYvaeB.exe
  2⤵
  PID:3892
- C:\Windows\System\olZLOsC.exe
  C:\Windows\System\olZLOsC.exe
  2⤵
  PID:3980
- C:\Windows\System\xIekwog.exe
  C:\Windows\System\xIekwog.exe
  2⤵
  PID:3996
- C:\Windows\System\SxEOeJf.exe
  C:\Windows\System\SxEOeJf.exe
  2⤵
  PID:3920
- C:\Windows\System\QWbEjiO.exe
  C:\Windows\System\QWbEjiO.exe
  2⤵
  PID:4076
- C:\Windows\System\zoqwupa.exe
  C:\Windows\System\zoqwupa.exe
  2⤵
  PID:940
- C:\Windows\System\xGJSLEJ.exe
  C:\Windows\System\xGJSLEJ.exe
  2⤵
  PID:2368
- C:\Windows\System\pDuFqBk.exe
  C:\Windows\System\pDuFqBk.exe
  2⤵
  PID:4092
- C:\Windows\System\QDjvGMi.exe
  C:\Windows\System\QDjvGMi.exe
  2⤵
  PID:1612
- C:\Windows\System\QZWGRHF.exe
  C:\Windows\System\QZWGRHF.exe
  2⤵
  PID:1924
- C:\Windows\System\ShhGTID.exe
  C:\Windows\System\ShhGTID.exe
  2⤵
  PID:2252
- C:\Windows\System\cJYywOe.exe
  C:\Windows\System\cJYywOe.exe
  2⤵
  PID:2148
- C:\Windows\System\GBJbJNu.exe
  C:\Windows\System\GBJbJNu.exe
  2⤵
  PID:3084
- C:\Windows\System\EXaSfhr.exe
  C:\Windows\System\EXaSfhr.exe
  2⤵
  PID:2172
- C:\Windows\System\vDANcsl.exe
  C:\Windows\System\vDANcsl.exe
  2⤵
  PID:2860
- C:\Windows\System\DgPNvRo.exe
  C:\Windows\System\DgPNvRo.exe
  2⤵
  PID:3188
- C:\Windows\System\AgmNwxk.exe
  C:\Windows\System\AgmNwxk.exe
  2⤵
  PID:3340
- C:\Windows\System\zwDfIVd.exe
  C:\Windows\System\zwDfIVd.exe
  2⤵
  PID:3356
- C:\Windows\System\VnCfTcz.exe
  C:\Windows\System\VnCfTcz.exe
  2⤵
  PID:3460
- C:\Windows\System\JiOjpIB.exe
  C:\Windows\System\JiOjpIB.exe
  2⤵
  PID:3260
- C:\Windows\System\lCtlrLU.exe
  C:\Windows\System\lCtlrLU.exe
  2⤵
  PID:3256
- C:\Windows\System\pGZnvHW.exe
  C:\Windows\System\pGZnvHW.exe
  2⤵
  PID:3548
- C:\Windows\System\NFAwjbC.exe
  C:\Windows\System\NFAwjbC.exe
  2⤵
  PID:3640
- C:\Windows\System\UwJtLSv.exe
  C:\Windows\System\UwJtLSv.exe
  2⤵
  PID:3820
- C:\Windows\System\tfDSoOk.exe
  C:\Windows\System\tfDSoOk.exe
  2⤵
  PID:3840
- C:\Windows\System\bXliUUO.exe
  C:\Windows\System\bXliUUO.exe
  2⤵
  PID:3484
- C:\Windows\System\KOWAnNz.exe
  C:\Windows\System\KOWAnNz.exe
  2⤵
  PID:3560
- C:\Windows\System\CpOgxAL.exe
  C:\Windows\System\CpOgxAL.exe
  2⤵
  PID:3948
- C:\Windows\System\NTMVtHA.exe
  C:\Windows\System\NTMVtHA.exe
  2⤵
  PID:4008
- C:\Windows\System\GCBSBxU.exe
  C:\Windows\System\GCBSBxU.exe
  2⤵
  PID:3764
- C:\Windows\System\pnkgiDu.exe
  C:\Windows\System\pnkgiDu.exe
  2⤵
  PID:3776
- C:\Windows\System\jTHQXAF.exe
  C:\Windows\System\jTHQXAF.exe
  2⤵
  PID:2680
- C:\Windows\System\hxJlEYv.exe
  C:\Windows\System\hxJlEYv.exe
  2⤵
  PID:2664
- C:\Windows\System\MufAEPg.exe
  C:\Windows\System\MufAEPg.exe
  2⤵
  PID:4116
- C:\Windows\System\rhupShA.exe
  C:\Windows\System\rhupShA.exe
  2⤵
  PID:4132
- C:\Windows\System\aFySqYK.exe
  C:\Windows\System\aFySqYK.exe
  2⤵
  PID:4152
- C:\Windows\System\OXikghf.exe
  C:\Windows\System\OXikghf.exe
  2⤵
  PID:4172
- C:\Windows\System\bJhwAbz.exe
  C:\Windows\System\bJhwAbz.exe
  2⤵
  PID:4188
- C:\Windows\System\xlYIXXn.exe
  C:\Windows\System\xlYIXXn.exe
  2⤵
  PID:4212
- C:\Windows\System\LWDhbsW.exe
  C:\Windows\System\LWDhbsW.exe
  2⤵
  PID:4232
- C:\Windows\System\ZdxTnIg.exe
  C:\Windows\System\ZdxTnIg.exe
  2⤵
  PID:4252
- C:\Windows\System\jcvqNwZ.exe
  C:\Windows\System\jcvqNwZ.exe
  2⤵
  PID:4300
- C:\Windows\System\lHyxMeS.exe
  C:\Windows\System\lHyxMeS.exe
  2⤵
  PID:4320
- C:\Windows\System\PpZbDMh.exe
  C:\Windows\System\PpZbDMh.exe
  2⤵
  PID:4340
- C:\Windows\System\EUCKisq.exe
  C:\Windows\System\EUCKisq.exe
  2⤵
  PID:4356
- C:\Windows\System\pUTkSVh.exe
  C:\Windows\System\pUTkSVh.exe
  2⤵
  PID:4372
- C:\Windows\System\qzTBajd.exe
  C:\Windows\System\qzTBajd.exe
  2⤵
  PID:4388
- C:\Windows\System\jACADrO.exe
  C:\Windows\System\jACADrO.exe
  2⤵
  PID:4404
- C:\Windows\System\CKGfnOE.exe
  C:\Windows\System\CKGfnOE.exe
  2⤵
  PID:4432
- C:\Windows\System\foLPrFh.exe
  C:\Windows\System\foLPrFh.exe
  2⤵
  PID:4460
- C:\Windows\System\ektlPav.exe
  C:\Windows\System\ektlPav.exe
  2⤵
  PID:4488
- C:\Windows\System\JIoKKWY.exe
  C:\Windows\System\JIoKKWY.exe
  2⤵
  PID:4508
- C:\Windows\System\qSBzVZD.exe
  C:\Windows\System\qSBzVZD.exe
  2⤵
  PID:4524
- C:\Windows\System\xIcHGMA.exe
  C:\Windows\System\xIcHGMA.exe
  2⤵
  PID:4548
- C:\Windows\System\vrfhziy.exe
  C:\Windows\System\vrfhziy.exe
  2⤵
  PID:4568
- C:\Windows\System\BsECbec.exe
  C:\Windows\System\BsECbec.exe
  2⤵
  PID:4588
- C:\Windows\System\IJAgIas.exe
  C:\Windows\System\IJAgIas.exe
  2⤵
  PID:4604
- C:\Windows\System\AqpVYmW.exe
  C:\Windows\System\AqpVYmW.exe
  2⤵
  PID:4628
- C:\Windows\System\rOdtjoY.exe
  C:\Windows\System\rOdtjoY.exe
  2⤵
  PID:4644
- C:\Windows\System\yJowrVQ.exe
  C:\Windows\System\yJowrVQ.exe
  2⤵
  PID:4664
- C:\Windows\System\YkmBdhk.exe
  C:\Windows\System\YkmBdhk.exe
  2⤵
  PID:4680
- C:\Windows\System\AMidOaI.exe
  C:\Windows\System\AMidOaI.exe
  2⤵
  PID:4704
- C:\Windows\System\hgwZBcX.exe
  C:\Windows\System\hgwZBcX.exe
  2⤵
  PID:4720
- C:\Windows\System\noVtkZB.exe
  C:\Windows\System\noVtkZB.exe
  2⤵
  PID:4736
- C:\Windows\System\AcqKTrx.exe
  C:\Windows\System\AcqKTrx.exe
  2⤵
  PID:4752
- C:\Windows\System\TnOgVVn.exe
  C:\Windows\System\TnOgVVn.exe
  2⤵
  PID:4768
- C:\Windows\System\gVHGjoV.exe
  C:\Windows\System\gVHGjoV.exe
  2⤵
  PID:4784
- C:\Windows\System\QXAPXvI.exe
  C:\Windows\System\QXAPXvI.exe
  2⤵
  PID:4804
- C:\Windows\System\BDvzDyT.exe
  C:\Windows\System\BDvzDyT.exe
  2⤵
  PID:4828
- C:\Windows\System\UqBZmEz.exe
  C:\Windows\System\UqBZmEz.exe
  2⤵
  PID:4852
- C:\Windows\System\OvgcYTV.exe
  C:\Windows\System\OvgcYTV.exe
  2⤵
  PID:4876
- C:\Windows\System\vivJclW.exe
  C:\Windows\System\vivJclW.exe
  2⤵
  PID:4896
- C:\Windows\System\oCLYSAt.exe
  C:\Windows\System\oCLYSAt.exe
  2⤵
  PID:4916
- C:\Windows\System\jIYjOge.exe
  C:\Windows\System\jIYjOge.exe
  2⤵
  PID:4952
- C:\Windows\System\BkQMtGy.exe
  C:\Windows\System\BkQMtGy.exe
  2⤵
  PID:4968
- C:\Windows\System\XZklUWj.exe
  C:\Windows\System\XZklUWj.exe
  2⤵
  PID:4992
- C:\Windows\System\HVyiUkB.exe
  C:\Windows\System\HVyiUkB.exe
  2⤵
  PID:5008
- C:\Windows\System\oWGSbQm.exe
  C:\Windows\System\oWGSbQm.exe
  2⤵
  PID:5028
- C:\Windows\System\erxNWUc.exe
  C:\Windows\System\erxNWUc.exe
  2⤵
  PID:5052
- C:\Windows\System\UjVSVTP.exe
  C:\Windows\System\UjVSVTP.exe
  2⤵
  PID:5068
- C:\Windows\System\SWPJIGX.exe
  C:\Windows\System\SWPJIGX.exe
  2⤵
  PID:5092
- C:\Windows\System\LWxZjWX.exe
  C:\Windows\System\LWxZjWX.exe
  2⤵
  PID:5112
- C:\Windows\System\whwFoeK.exe
  C:\Windows\System\whwFoeK.exe
  2⤵
  PID:1740
- C:\Windows\System\FtkRYxl.exe
  C:\Windows\System\FtkRYxl.exe
  2⤵
  PID:1636
- C:\Windows\System\uCriUzo.exe
  C:\Windows\System\uCriUzo.exe
  2⤵
  PID:3472
- C:\Windows\System\vbulApK.exe
  C:\Windows\System\vbulApK.exe
  2⤵
  PID:3624
- C:\Windows\System\fFyeuoi.exe
  C:\Windows\System\fFyeuoi.exe
  2⤵
  PID:3976
- C:\Windows\System\LmaQAfs.exe
  C:\Windows\System\LmaQAfs.exe
  2⤵
  PID:4052
- C:\Windows\System\GnuFhhK.exe
  C:\Windows\System\GnuFhhK.exe
  2⤵
  PID:2616
- C:\Windows\System\jIQIjRS.exe
  C:\Windows\System\jIQIjRS.exe
  2⤵
  PID:1576
- C:\Windows\System\fRIvmbF.exe
  C:\Windows\System\fRIvmbF.exe
  2⤵
  PID:3572
- C:\Windows\System\VUfydWG.exe
  C:\Windows\System\VUfydWG.exe
  2⤵
  PID:4036
- C:\Windows\System\SEHGgaI.exe
  C:\Windows\System\SEHGgaI.exe
  2⤵
  PID:1756
- C:\Windows\System\FXEDkPg.exe
  C:\Windows\System\FXEDkPg.exe
  2⤵
  PID:3432
- C:\Windows\System\anNEndd.exe
  C:\Windows\System\anNEndd.exe
  2⤵
  PID:3744
- C:\Windows\System\uXgUNGq.exe
  C:\Windows\System\uXgUNGq.exe
  2⤵
  PID:3164
- C:\Windows\System\PuHRJjA.exe
  C:\Windows\System\PuHRJjA.exe
  2⤵
  PID:4124
- C:\Windows\System\xEcdWuy.exe
  C:\Windows\System\xEcdWuy.exe
  2⤵
  PID:4196
- C:\Windows\System\xgchtYT.exe
  C:\Windows\System\xgchtYT.exe
  2⤵
  PID:3872
- C:\Windows\System\JTdGYaS.exe
  C:\Windows\System\JTdGYaS.exe
  2⤵
  PID:3016
- C:\Windows\System\ujrlosT.exe
  C:\Windows\System\ujrlosT.exe
  2⤵
  PID:4184
- C:\Windows\System\BaKVcGx.exe
  C:\Windows\System\BaKVcGx.exe
  2⤵
  PID:4068
- C:\Windows\System\TKjTrko.exe
  C:\Windows\System\TKjTrko.exe
  2⤵
  PID:1748
- C:\Windows\System\alUiMZV.exe
  C:\Windows\System\alUiMZV.exe
  2⤵
  PID:4384
- C:\Windows\System\ZrlEQJL.exe
  C:\Windows\System\ZrlEQJL.exe
  2⤵
  PID:4428
- C:\Windows\System\iBeNvDx.exe
  C:\Windows\System\iBeNvDx.exe
  2⤵
  PID:4272
- C:\Windows\System\RUkLjYZ.exe
  C:\Windows\System\RUkLjYZ.exe
  2⤵
  PID:4296
- C:\Windows\System\gNNfCTw.exe
  C:\Windows\System\gNNfCTw.exe
  2⤵
  PID:4440
- C:\Windows\System\fUzijxS.exe
  C:\Windows\System\fUzijxS.exe
  2⤵
  PID:4364
- C:\Windows\System\MUswSdH.exe
  C:\Windows\System\MUswSdH.exe
  2⤵
  PID:4520
- C:\Windows\System\MRqgHuq.exe
  C:\Windows\System\MRqgHuq.exe
  2⤵
  PID:4596
- C:\Windows\System\MpCoYfj.exe
  C:\Windows\System\MpCoYfj.exe
  2⤵
  PID:4452
- C:\Windows\System\mFTFexK.exe
  C:\Windows\System\mFTFexK.exe
  2⤵
  PID:4532
- C:\Windows\System\fXxCtcU.exe
  C:\Windows\System\fXxCtcU.exe
  2⤵
  PID:4580
- C:\Windows\System\rWcRbig.exe
  C:\Windows\System\rWcRbig.exe
  2⤵
  PID:4624
- C:\Windows\System\QCqjmbg.exe
  C:\Windows\System\QCqjmbg.exe
  2⤵
  PID:4656
- C:\Windows\System\KjNTmVu.exe
  C:\Windows\System\KjNTmVu.exe
  2⤵
  PID:4780
- C:\Windows\System\sZPlYWI.exe
  C:\Windows\System\sZPlYWI.exe
  2⤵
  PID:4860
- C:\Windows\System\DjNDFcm.exe
  C:\Windows\System\DjNDFcm.exe
  2⤵
  PID:4692
- C:\Windows\System\qLNxmdK.exe
  C:\Windows\System\qLNxmdK.exe
  2⤵
  PID:4800
- C:\Windows\System\ZcRSTWK.exe
  C:\Windows\System\ZcRSTWK.exe
  2⤵
  PID:4908
- C:\Windows\System\AVSavlh.exe
  C:\Windows\System\AVSavlh.exe
  2⤵
  PID:4836
- C:\Windows\System\wYOTMJG.exe
  C:\Windows\System\wYOTMJG.exe
  2⤵
  PID:5036
- C:\Windows\System\fimwvdc.exe
  C:\Windows\System\fimwvdc.exe
  2⤵
  PID:5084
- C:\Windows\System\iFsbKyx.exe
  C:\Windows\System\iFsbKyx.exe
  2⤵
  PID:4924
- C:\Windows\System\dazLxiJ.exe
  C:\Windows\System\dazLxiJ.exe
  2⤵
  PID:4948
- C:\Windows\System\ebbQtWN.exe
  C:\Windows\System\ebbQtWN.exe
  2⤵
  PID:5016
- C:\Windows\System\IHPYPyB.exe
  C:\Windows\System\IHPYPyB.exe
  2⤵
  PID:5100
- C:\Windows\System\pelsqsZ.exe
  C:\Windows\System\pelsqsZ.exe
  2⤵
  PID:3468
- C:\Windows\System\exnSSlu.exe
  C:\Windows\System\exnSSlu.exe
  2⤵
  PID:3984
- C:\Windows\System\UFlTiQN.exe
  C:\Windows\System\UFlTiQN.exe
  2⤵
  PID:3828
- C:\Windows\System\fDCWDxd.exe
  C:\Windows\System\fDCWDxd.exe
  2⤵
  PID:2548
- C:\Windows\System\UVTbfMG.exe
  C:\Windows\System\UVTbfMG.exe
  2⤵
  PID:2288
- C:\Windows\System\uNRpvfQ.exe
  C:\Windows\System\uNRpvfQ.exe
  2⤵
  PID:3220
- C:\Windows\System\RAnQuAT.exe
  C:\Windows\System\RAnQuAT.exe
  2⤵
  PID:3244
- C:\Windows\System\EBlysfJ.exe
  C:\Windows\System\EBlysfJ.exe
  2⤵
  PID:1200
- C:\Windows\System\ZHCeAlc.exe
  C:\Windows\System\ZHCeAlc.exe
  2⤵
  PID:4112
- C:\Windows\System\BbFIUSx.exe
  C:\Windows\System\BbFIUSx.exe
  2⤵
  PID:3168
- C:\Windows\System\hoxWRUh.exe
  C:\Windows\System\hoxWRUh.exe
  2⤵
  PID:4248
- C:\Windows\System\qudOnfv.exe
  C:\Windows\System\qudOnfv.exe
  2⤵
  PID:4228
- C:\Windows\System\XVfPPSt.exe
  C:\Windows\System\XVfPPSt.exe
  2⤵
  PID:4312
- C:\Windows\System\BrkALGK.exe
  C:\Windows\System\BrkALGK.exe
  2⤵
  PID:4348
- C:\Windows\System\bTWefZE.exe
  C:\Windows\System\bTWefZE.exe
  2⤵
  PID:4328
- C:\Windows\System\ZerpKqH.exe
  C:\Windows\System\ZerpKqH.exe
  2⤵
  PID:4264
- C:\Windows\System\INaRerr.exe
  C:\Windows\System\INaRerr.exe
  2⤵
  PID:4516
- C:\Windows\System\lxPpQCn.exe
  C:\Windows\System\lxPpQCn.exe
  2⤵
  PID:4500
- C:\Windows\System\cITpLxk.exe
  C:\Windows\System\cITpLxk.exe
  2⤵
  PID:4636
- C:\Windows\System\wOABBSd.exe
  C:\Windows\System\wOABBSd.exe
  2⤵
  PID:4396
- C:\Windows\System\uCINtSd.exe
  C:\Windows\System\uCINtSd.exe
  2⤵
  PID:4872
- C:\Windows\System\OfYCzQS.exe
  C:\Windows\System\OfYCzQS.exe
  2⤵
  PID:4716
- C:\Windows\System\VtbFSWX.exe
  C:\Windows\System\VtbFSWX.exe
  2⤵
  PID:4820
- C:\Windows\System\xtmZqPP.exe
  C:\Windows\System\xtmZqPP.exe
  2⤵
  PID:4700
- C:\Windows\System\gcSzldo.exe
  C:\Windows\System\gcSzldo.exe
  2⤵
  PID:4732
- C:\Windows\System\GabsiQr.exe
  C:\Windows\System\GabsiQr.exe
  2⤵
  PID:4980
- C:\Windows\System\sJfewUn.exe
  C:\Windows\System\sJfewUn.exe
  2⤵
  PID:4932
- C:\Windows\System\RtVvglA.exe
  C:\Windows\System\RtVvglA.exe
  2⤵
  PID:4984
- C:\Windows\System\tNUgvXa.exe
  C:\Windows\System\tNUgvXa.exe
  2⤵
  PID:3860
- C:\Windows\System\AmijayL.exe
  C:\Windows\System\AmijayL.exe
  2⤵
  PID:3384
- C:\Windows\System\lLmOkGi.exe
  C:\Windows\System\lLmOkGi.exe
  2⤵
  PID:5104
- C:\Windows\System\rEPpQmF.exe
  C:\Windows\System\rEPpQmF.exe
  2⤵
  PID:3392
- C:\Windows\System\yJPdsZm.exe
  C:\Windows\System\yJPdsZm.exe
  2⤵
  PID:3672
- C:\Windows\System\xWNQMbh.exe
  C:\Windows\System\xWNQMbh.exe
  2⤵
  PID:3740
- C:\Windows\System\HlTjyCl.exe
  C:\Windows\System\HlTjyCl.exe
  2⤵
  PID:3264
- C:\Windows\System\oeZdBIb.exe
  C:\Windows\System\oeZdBIb.exe
  2⤵
  PID:4100
- C:\Windows\System\UfFosJt.exe
  C:\Windows\System\UfFosJt.exe
  2⤵
  PID:2728
- C:\Windows\System\HEZVLdp.exe
  C:\Windows\System\HEZVLdp.exe
  2⤵
  PID:4332
- C:\Windows\System\MXtHnaD.exe
  C:\Windows\System\MXtHnaD.exe
  2⤵
  PID:4480
- C:\Windows\System\UlhrigF.exe
  C:\Windows\System\UlhrigF.exe
  2⤵
  PID:4616
- C:\Windows\System\uweRTOR.exe
  C:\Windows\System\uweRTOR.exe
  2⤵
  PID:4776
- C:\Windows\System\LjNNJdX.exe
  C:\Windows\System\LjNNJdX.exe
  2⤵
  PID:5136
- C:\Windows\System\VzLltaw.exe
  C:\Windows\System\VzLltaw.exe
  2⤵
  PID:5152
- C:\Windows\System\WEXmAKS.exe
  C:\Windows\System\WEXmAKS.exe
  2⤵
  PID:5172
- C:\Windows\System\kUMXdkD.exe
  C:\Windows\System\kUMXdkD.exe
  2⤵
  PID:5196
- C:\Windows\System\nTHApes.exe
  C:\Windows\System\nTHApes.exe
  2⤵
  PID:5228
- C:\Windows\System\cUpPujl.exe
  C:\Windows\System\cUpPujl.exe
  2⤵
  PID:5248
- C:\Windows\System\sOyyeGz.exe
  C:\Windows\System\sOyyeGz.exe
  2⤵
  PID:5268
- C:\Windows\System\feDWQcv.exe
  C:\Windows\System\feDWQcv.exe
  2⤵
  PID:5284
- C:\Windows\System\iWiaoEp.exe
  C:\Windows\System\iWiaoEp.exe
  2⤵
  PID:5308
- C:\Windows\System\eeMrRHw.exe
  C:\Windows\System\eeMrRHw.exe
  2⤵
  PID:5324
- C:\Windows\System\hpYbtoj.exe
  C:\Windows\System\hpYbtoj.exe
  2⤵
  PID:5344
- C:\Windows\System\SBEoYqG.exe
  C:\Windows\System\SBEoYqG.exe
  2⤵
  PID:5360
- C:\Windows\System\XkVNNpI.exe
  C:\Windows\System\XkVNNpI.exe
  2⤵
  PID:5380
- C:\Windows\System\xLmbLYp.exe
  C:\Windows\System\xLmbLYp.exe
  2⤵
  PID:5396
- C:\Windows\System\ldIGmCi.exe
  C:\Windows\System\ldIGmCi.exe
  2⤵
  PID:5412
- C:\Windows\System\cURrcib.exe
  C:\Windows\System\cURrcib.exe
  2⤵
  PID:5428
- C:\Windows\System\pZLhXcN.exe
  C:\Windows\System\pZLhXcN.exe
  2⤵
  PID:5448
- C:\Windows\System\FczhDKE.exe
  C:\Windows\System\FczhDKE.exe
  2⤵
  PID:5468
- C:\Windows\System\VcJeuyF.exe
  C:\Windows\System\VcJeuyF.exe
  2⤵
  PID:5504
- C:\Windows\System\DmRuMgw.exe
  C:\Windows\System\DmRuMgw.exe
  2⤵
  PID:5524
- C:\Windows\System\audlKfa.exe
  C:\Windows\System\audlKfa.exe
  2⤵
  PID:5544
- C:\Windows\System\lBOALVo.exe
  C:\Windows\System\lBOALVo.exe
  2⤵
  PID:5564
- C:\Windows\System\JuNPqpG.exe
  C:\Windows\System\JuNPqpG.exe
  2⤵
  PID:5580
- C:\Windows\System\efSVVMw.exe
  C:\Windows\System\efSVVMw.exe
  2⤵
  PID:5596
- C:\Windows\System\OvTOaDe.exe
  C:\Windows\System\OvTOaDe.exe
  2⤵
  PID:5620
- C:\Windows\System\pLtfjBV.exe
  C:\Windows\System\pLtfjBV.exe
  2⤵
  PID:5636
- C:\Windows\System\DyVJZDl.exe
  C:\Windows\System\DyVJZDl.exe
  2⤵
  PID:5664
- C:\Windows\System\uDqNAEr.exe
  C:\Windows\System\uDqNAEr.exe
  2⤵
  PID:5684
- C:\Windows\System\cLeQwaZ.exe
  C:\Windows\System\cLeQwaZ.exe
  2⤵
  PID:5712
- C:\Windows\System\Lxldpka.exe
  C:\Windows\System\Lxldpka.exe
  2⤵
  PID:5732
- C:\Windows\System\PMRFgEa.exe
  C:\Windows\System\PMRFgEa.exe
  2⤵
  PID:5748
- C:\Windows\System\aCBSNKG.exe
  C:\Windows\System\aCBSNKG.exe
  2⤵
  PID:5776
- C:\Windows\System\NLNrjvC.exe
  C:\Windows\System\NLNrjvC.exe
  2⤵
  PID:5796
- C:\Windows\System\VKnPleM.exe
  C:\Windows\System\VKnPleM.exe
  2⤵
  PID:5812
- C:\Windows\System\GKnuQsH.exe
  C:\Windows\System\GKnuQsH.exe
  2⤵
  PID:5832
- C:\Windows\System\dhjBrmI.exe
  C:\Windows\System\dhjBrmI.exe
  2⤵
  PID:5852
- C:\Windows\System\PjYeZZE.exe
  C:\Windows\System\PjYeZZE.exe
  2⤵
  PID:5868
- C:\Windows\System\nHvIqZm.exe
  C:\Windows\System\nHvIqZm.exe
  2⤵
  PID:5888
- C:\Windows\System\MFENFnx.exe
  C:\Windows\System\MFENFnx.exe
  2⤵
  PID:5912
- C:\Windows\System\MjeUnTu.exe
  C:\Windows\System\MjeUnTu.exe
  2⤵
  PID:5928
- C:\Windows\System\NgkBlDt.exe
  C:\Windows\System\NgkBlDt.exe
  2⤵
  PID:5952
- C:\Windows\System\xBglErW.exe
  C:\Windows\System\xBglErW.exe
  2⤵
  PID:5972
- C:\Windows\System\BRmVlvY.exe
  C:\Windows\System\BRmVlvY.exe
  2⤵
  PID:5988
- C:\Windows\System\xmRMHjI.exe
  C:\Windows\System\xmRMHjI.exe
  2⤵
  PID:6008
- C:\Windows\System\liwqOym.exe
  C:\Windows\System\liwqOym.exe
  2⤵
  PID:6024
- C:\Windows\System\AtQhDLe.exe
  C:\Windows\System\AtQhDLe.exe
  2⤵
  PID:6044
- C:\Windows\System\mjNSUpn.exe
  C:\Windows\System\mjNSUpn.exe
  2⤵
  PID:6072
- C:\Windows\System\zoxYXBF.exe
  C:\Windows\System\zoxYXBF.exe
  2⤵
  PID:6096
- C:\Windows\System\LDFJyha.exe
  C:\Windows\System\LDFJyha.exe
  2⤵
  PID:6112
- C:\Windows\System\pQPvFlE.exe
  C:\Windows\System\pQPvFlE.exe
  2⤵
  PID:6136
- C:\Windows\System\lVNAWEG.exe
  C:\Windows\System\lVNAWEG.exe
  2⤵
  PID:4496
- C:\Windows\System\DDiLPDO.exe
  C:\Windows\System\DDiLPDO.exe
  2⤵
  PID:4368
- C:\Windows\System\MkBOvgq.exe
  C:\Windows\System\MkBOvgq.exe
  2⤵
  PID:4764
- C:\Windows\System\UIaYqoc.exe
  C:\Windows\System\UIaYqoc.exe
  2⤵
  PID:4848
- C:\Windows\System\nRPrUoZ.exe
  C:\Windows\System\nRPrUoZ.exe
  2⤵
  PID:5076
- C:\Windows\System\xWhkVkz.exe
  C:\Windows\System\xWhkVkz.exe
  2⤵
  PID:1000
- C:\Windows\System\rQVUfuy.exe
  C:\Windows\System\rQVUfuy.exe
  2⤵
  PID:4088
- C:\Windows\System\ugTBrpn.exe
  C:\Windows\System\ugTBrpn.exe
  2⤵
  PID:4688
- C:\Windows\System\PrsHMmT.exe
  C:\Windows\System\PrsHMmT.exe
  2⤵
  PID:4944
- C:\Windows\System\lLSwesR.exe
  C:\Windows\System\lLSwesR.exe
  2⤵
  PID:4936
- C:\Windows\System\JpFUpVm.exe
  C:\Windows\System\JpFUpVm.exe
  2⤵
  PID:3144
- C:\Windows\System\HpvFQij.exe
  C:\Windows\System\HpvFQij.exe
  2⤵
  PID:4032
- C:\Windows\System\UoWCgCT.exe
  C:\Windows\System\UoWCgCT.exe
  2⤵
  PID:4748
- C:\Windows\System\QywFNjs.exe
  C:\Windows\System\QywFNjs.exe
  2⤵
  PID:5192
- C:\Windows\System\TEzmMkC.exe
  C:\Windows\System\TEzmMkC.exe
  2⤵
  PID:4284
- C:\Windows\System\aJRZRJW.exe
  C:\Windows\System\aJRZRJW.exe
  2⤵
  PID:5244
- C:\Windows\System\MBKUlVg.exe
  C:\Windows\System\MBKUlVg.exe
  2⤵
  PID:5160
- C:\Windows\System\EwoJzQq.exe
  C:\Windows\System\EwoJzQq.exe
  2⤵
  PID:5204
- C:\Windows\System\HIbbmOE.exe
  C:\Windows\System\HIbbmOE.exe
  2⤵
  PID:5216
- C:\Windows\System\riTQshC.exe
  C:\Windows\System\riTQshC.exe
  2⤵
  PID:5388
- C:\Windows\System\SnhIRCr.exe
  C:\Windows\System\SnhIRCr.exe
  2⤵
  PID:5296
- C:\Windows\System\tVETESo.exe
  C:\Windows\System\tVETESo.exe
  2⤵
  PID:5304
- C:\Windows\System\UFTTjHT.exe
  C:\Windows\System\UFTTjHT.exe
  2⤵
  PID:5516
- C:\Windows\System\tdGpWLD.exe
  C:\Windows\System\tdGpWLD.exe
  2⤵
  PID:5404
- C:\Windows\System\lLRiaVS.exe
  C:\Windows\System\lLRiaVS.exe
  2⤵
  PID:5332
- C:\Windows\System\TwzSXKM.exe
  C:\Windows\System\TwzSXKM.exe
  2⤵
  PID:5592
- C:\Windows\System\yFAdBjb.exe
  C:\Windows\System\yFAdBjb.exe
  2⤵
  PID:5480
- C:\Windows\System\ivnkGZk.exe
  C:\Windows\System\ivnkGZk.exe
  2⤵
  PID:5500
- C:\Windows\System\nngEDZX.exe
  C:\Windows\System\nngEDZX.exe
  2⤵
  PID:5676
- C:\Windows\System\GbSkYec.exe
  C:\Windows\System\GbSkYec.exe
  2⤵
  PID:5644
- C:\Windows\System\uQPwLkf.exe
  C:\Windows\System\uQPwLkf.exe
  2⤵
  PID:5604
- C:\Windows\System\jGPnRUd.exe
  C:\Windows\System\jGPnRUd.exe
  2⤵
  PID:5700
- C:\Windows\System\MseMbvA.exe
  C:\Windows\System\MseMbvA.exe
  2⤵
  PID:5772
- C:\Windows\System\WHudWEI.exe
  C:\Windows\System\WHudWEI.exe
  2⤵
  PID:5840
- C:\Windows\System\UkNCejC.exe
  C:\Windows\System\UkNCejC.exe
  2⤵
  PID:5784
- C:\Windows\System\nDUpZOx.exe
  C:\Windows\System\nDUpZOx.exe
  2⤵
  PID:5788
- C:\Windows\System\wJGgCuV.exe
  C:\Windows\System\wJGgCuV.exe
  2⤵
  PID:5824
- C:\Windows\System\AVUVZdj.exe
  C:\Windows\System\AVUVZdj.exe
  2⤵
  PID:6004
- C:\Windows\System\GxTOEQA.exe
  C:\Windows\System\GxTOEQA.exe
  2⤵
  PID:6036
- C:\Windows\System\ifiGSKN.exe
  C:\Windows\System\ifiGSKN.exe
  2⤵
  PID:5896
- C:\Windows\System\nySruhF.exe
  C:\Windows\System\nySruhF.exe
  2⤵
  PID:6088
- C:\Windows\System\aChPiqO.exe
  C:\Windows\System\aChPiqO.exe
  2⤵
  PID:5936
- C:\Windows\System\PGCTzVp.exe
  C:\Windows\System\PGCTzVp.exe
  2⤵
  PID:6016
- C:\Windows\System\UCLHJtD.exe
  C:\Windows\System\UCLHJtD.exe
  2⤵
  PID:6124
- C:\Windows\System\wcyEgrB.exe
  C:\Windows\System\wcyEgrB.exe
  2⤵
  PID:2268
- C:\Windows\System\kLDRcMw.exe
  C:\Windows\System\kLDRcMw.exe
  2⤵
  PID:6108
- C:\Windows\System\sWSiyaI.exe
  C:\Windows\System\sWSiyaI.exe
  2⤵
  PID:2144
- C:\Windows\System\STjnClm.exe
  C:\Windows\System\STjnClm.exe
  2⤵
  PID:5756
- C:\Windows\System\fUkGYtL.exe
  C:\Windows\System\fUkGYtL.exe
  2⤵
  PID:5004
- C:\Windows\System\COPwIEH.exe
  C:\Windows\System\COPwIEH.exe
  2⤵
  PID:4208
- C:\Windows\System\RRVGxzb.exe
  C:\Windows\System\RRVGxzb.exe
  2⤵
  PID:5180
- C:\Windows\System\pwvkBjp.exe
  C:\Windows\System\pwvkBjp.exe
  2⤵
  PID:2108
- C:\Windows\System\mYJjIfx.exe
  C:\Windows\System\mYJjIfx.exe
  2⤵
  PID:5168
- C:\Windows\System\nHYuDIN.exe
  C:\Windows\System\nHYuDIN.exe
  2⤵
  PID:5276
- C:\Windows\System\kndbino.exe
  C:\Windows\System\kndbino.exe
  2⤵
  PID:4484
- C:\Windows\System\WJvhViP.exe
  C:\Windows\System\WJvhViP.exe
  2⤵
  PID:5128
- C:\Windows\System\COVzzAD.exe
  C:\Windows\System\COVzzAD.exe
  2⤵
  PID:5220
- C:\Windows\System\GyGtmaV.exe
  C:\Windows\System\GyGtmaV.exe
  2⤵
  PID:5436
- C:\Windows\System\eeCZSkd.exe
  C:\Windows\System\eeCZSkd.exe
  2⤵
  PID:5376
- C:\Windows\System\TKJXteX.exe
  C:\Windows\System\TKJXteX.exe
  2⤵
  PID:5336
- C:\Windows\System\lRVljOd.exe
  C:\Windows\System\lRVljOd.exe
  2⤵
  PID:5556
- C:\Windows\System\yagAEOe.exe
  C:\Windows\System\yagAEOe.exe
  2⤵
  PID:5576
- C:\Windows\System\aAcbWgv.exe
  C:\Windows\System\aAcbWgv.exe
  2⤵
  PID:5608
- C:\Windows\System\LpqYwvO.exe
  C:\Windows\System\LpqYwvO.exe
  2⤵
  PID:5708
- C:\Windows\System\qbrnDns.exe
  C:\Windows\System\qbrnDns.exe
  2⤵
  PID:5760
- C:\Windows\System\UEzkswX.exe
  C:\Windows\System\UEzkswX.exe
  2⤵
  PID:5744
- C:\Windows\System\ATeNSHQ.exe
  C:\Windows\System\ATeNSHQ.exe
  2⤵
  PID:5964
- C:\Windows\System\xUeAUgs.exe
  C:\Windows\System\xUeAUgs.exe
  2⤵
  PID:5860
- C:\Windows\System\VWmTYAv.exe
  C:\Windows\System\VWmTYAv.exe
  2⤵
  PID:5944
- C:\Windows\System\BSURZXv.exe
  C:\Windows\System\BSURZXv.exe
  2⤵
  PID:6020
- C:\Windows\System\EGRIXAV.exe
  C:\Windows\System\EGRIXAV.exe
  2⤵
  PID:6132
- C:\Windows\System\BtuSaXc.exe
  C:\Windows\System\BtuSaXc.exe
  2⤵
  PID:4676
- C:\Windows\System\IXrpSgf.exe
  C:\Windows\System\IXrpSgf.exe
  2⤵
  PID:4864
- C:\Windows\System\hzPesOu.exe
  C:\Windows\System\hzPesOu.exe
  2⤵
  PID:5048
- C:\Windows\System\ZcMSZYO.exe
  C:\Windows\System\ZcMSZYO.exe
  2⤵
  PID:4540
- C:\Windows\System\dadXelR.exe
  C:\Windows\System\dadXelR.exe
  2⤵
  PID:5132
- C:\Windows\System\LHWqzaW.exe
  C:\Windows\System\LHWqzaW.exe
  2⤵
  PID:4744
- C:\Windows\System\iCMMWUl.exe
  C:\Windows\System\iCMMWUl.exe
  2⤵
  PID:5280
- C:\Windows\System\BZREQiH.exe
  C:\Windows\System\BZREQiH.exe
  2⤵
  PID:5292
- C:\Windows\System\TEDIIHE.exe
  C:\Windows\System\TEDIIHE.exe
  2⤵
  PID:5352
- C:\Windows\System\zgPRIYV.exe
  C:\Windows\System\zgPRIYV.exe
  2⤵
  PID:5464
- C:\Windows\System\SdYduDv.exe
  C:\Windows\System\SdYduDv.exe
  2⤵
  PID:5492
- C:\Windows\System\YaJSKfo.exe
  C:\Windows\System\YaJSKfo.exe
  2⤵
  PID:5536
- C:\Windows\System\dZVWYPI.exe
  C:\Windows\System\dZVWYPI.exe
  2⤵
  PID:6164
- C:\Windows\System\nkswYpS.exe
  C:\Windows\System\nkswYpS.exe
  2⤵
  PID:6180
- C:\Windows\System\vWLCjNI.exe
  C:\Windows\System\vWLCjNI.exe
  2⤵
  PID:6212
- C:\Windows\System\BcclzwX.exe
  C:\Windows\System\BcclzwX.exe
  2⤵
  PID:6228
- C:\Windows\System\cGSllgj.exe
  C:\Windows\System\cGSllgj.exe
  2⤵
  PID:6248
- C:\Windows\System\DQDgaKJ.exe
  C:\Windows\System\DQDgaKJ.exe
  2⤵
  PID:6268
- C:\Windows\System\sCKCuAY.exe
  C:\Windows\System\sCKCuAY.exe
  2⤵
  PID:6288
- C:\Windows\System\HMEMfmK.exe
  C:\Windows\System\HMEMfmK.exe
  2⤵
  PID:6304
- C:\Windows\System\OkjauCC.exe
  C:\Windows\System\OkjauCC.exe
  2⤵
  PID:6324
- C:\Windows\System\oiXXUGa.exe
  C:\Windows\System\oiXXUGa.exe
  2⤵
  PID:6340
- C:\Windows\System\GokESbB.exe
  C:\Windows\System\GokESbB.exe
  2⤵
  PID:6360
- C:\Windows\System\NMTtwOO.exe
  C:\Windows\System\NMTtwOO.exe
  2⤵
  PID:6384
- C:\Windows\System\KikTyFa.exe
  C:\Windows\System\KikTyFa.exe
  2⤵
  PID:6404
- C:\Windows\System\XjkxLEc.exe
  C:\Windows\System\XjkxLEc.exe
  2⤵
  PID:6424
- C:\Windows\System\wdzGJHy.exe
  C:\Windows\System\wdzGJHy.exe
  2⤵
  PID:6440
- C:\Windows\System\nsXapcH.exe
  C:\Windows\System\nsXapcH.exe
  2⤵
  PID:6460
- C:\Windows\System\LmiArmo.exe
  C:\Windows\System\LmiArmo.exe
  2⤵
  PID:6484
- C:\Windows\System\GRDCqaC.exe
  C:\Windows\System\GRDCqaC.exe
  2⤵
  PID:6504
- C:\Windows\System\GNgUpGx.exe
  C:\Windows\System\GNgUpGx.exe
  2⤵
  PID:6528
- C:\Windows\System\MDPXWyv.exe
  C:\Windows\System\MDPXWyv.exe
  2⤵
  PID:6552
- C:\Windows\System\MJBBFSQ.exe
  C:\Windows\System\MJBBFSQ.exe
  2⤵
  PID:6576
- C:\Windows\System\DtoYRLJ.exe
  C:\Windows\System\DtoYRLJ.exe
  2⤵
  PID:6596
- C:\Windows\System\ZoUvsfq.exe
  C:\Windows\System\ZoUvsfq.exe
  2⤵
  PID:6612
- C:\Windows\System\zMHEgtB.exe
  C:\Windows\System\zMHEgtB.exe
  2⤵
  PID:6636
- C:\Windows\System\XoMecBi.exe
  C:\Windows\System\XoMecBi.exe
  2⤵
  PID:6652
- C:\Windows\System\VniISHp.exe
  C:\Windows\System\VniISHp.exe
  2⤵
  PID:6668
- C:\Windows\System\TbaciBu.exe
  C:\Windows\System\TbaciBu.exe
  2⤵
  PID:6684
- C:\Windows\System\aquvCCw.exe
  C:\Windows\System\aquvCCw.exe
  2⤵
  PID:6700
- C:\Windows\System\cipubPA.exe
  C:\Windows\System\cipubPA.exe
  2⤵
  PID:6716
- C:\Windows\System\NBmxaSa.exe
  C:\Windows\System\NBmxaSa.exe
  2⤵
  PID:6744
- C:\Windows\System\KejIxoZ.exe
  C:\Windows\System\KejIxoZ.exe
  2⤵
  PID:6760
- C:\Windows\System\cxMudCJ.exe
  C:\Windows\System\cxMudCJ.exe
  2⤵
  PID:6776
- C:\Windows\System\axWkpPD.exe
  C:\Windows\System\axWkpPD.exe
  2⤵
  PID:6800
- C:\Windows\System\eTiprhm.exe
  C:\Windows\System\eTiprhm.exe
  2⤵
  PID:6820
- C:\Windows\System\QlXDhBf.exe
  C:\Windows\System\QlXDhBf.exe
  2⤵
  PID:6844
- C:\Windows\System\GTNiZJx.exe
  C:\Windows\System\GTNiZJx.exe
  2⤵
  PID:6864
- C:\Windows\System\MvHXklF.exe
  C:\Windows\System\MvHXklF.exe
  2⤵
  PID:6880
- C:\Windows\System\QBeBEqh.exe
  C:\Windows\System\QBeBEqh.exe
  2⤵
  PID:6896
- C:\Windows\System\NPnnuDg.exe
  C:\Windows\System\NPnnuDg.exe
  2⤵
  PID:6920
- C:\Windows\System\eMeAODQ.exe
  C:\Windows\System\eMeAODQ.exe
  2⤵
  PID:6940
- C:\Windows\System\UmVNfHl.exe
  C:\Windows\System\UmVNfHl.exe
  2⤵
  PID:6968
- C:\Windows\System\fATQysZ.exe
  C:\Windows\System\fATQysZ.exe
  2⤵
  PID:6996
- C:\Windows\System\yKifAiq.exe
  C:\Windows\System\yKifAiq.exe
  2⤵
  PID:7016
- C:\Windows\System\ZqZKXOt.exe
  C:\Windows\System\ZqZKXOt.exe
  2⤵
  PID:7040
- C:\Windows\System\ytSEmsq.exe
  C:\Windows\System\ytSEmsq.exe
  2⤵
  PID:7060
- C:\Windows\System\EGCRKuN.exe
  C:\Windows\System\EGCRKuN.exe
  2⤵
  PID:7080
- C:\Windows\System\jSgtBkC.exe
  C:\Windows\System\jSgtBkC.exe
  2⤵
  PID:7100
- C:\Windows\System\Rckawey.exe
  C:\Windows\System\Rckawey.exe
  2⤵
  PID:7120
- C:\Windows\System\INepfTa.exe
  C:\Windows\System\INepfTa.exe
  2⤵
  PID:7140
- C:\Windows\System\mEcftGn.exe
  C:\Windows\System\mEcftGn.exe
  2⤵
  PID:7160
- C:\Windows\System\OTtaYST.exe
  C:\Windows\System\OTtaYST.exe
  2⤵
  PID:5476
- C:\Windows\System\DpoTwTt.exe
  C:\Windows\System\DpoTwTt.exe
  2⤵
  PID:5612
- C:\Windows\System\lElqjah.exe
  C:\Windows\System\lElqjah.exe
  2⤵
  PID:5696
- C:\Windows\System\RxFlzfW.exe
  C:\Windows\System\RxFlzfW.exe
  2⤵
  PID:6056
- C:\Windows\System\PofQrpl.exe
  C:\Windows\System\PofQrpl.exe
  2⤵
  PID:5060
- C:\Windows\System\pdvfAIS.exe
  C:\Windows\System\pdvfAIS.exe
  2⤵
  PID:5960
- C:\Windows\System\qbansRp.exe
  C:\Windows\System\qbansRp.exe
  2⤵
  PID:2608
- C:\Windows\System\FjyDzjA.exe
  C:\Windows\System\FjyDzjA.exe
  2⤵
  PID:5164
- C:\Windows\System\ZRqGxSv.exe
  C:\Windows\System\ZRqGxSv.exe
  2⤵
  PID:5496
- C:\Windows\System\iTPwsWe.exe
  C:\Windows\System\iTPwsWe.exe
  2⤵
  PID:6156
- C:\Windows\System\FWTXCSi.exe
  C:\Windows\System\FWTXCSi.exe
  2⤵
  PID:2260
- C:\Windows\System\LWuhqjW.exe
  C:\Windows\System\LWuhqjW.exe
  2⤵
  PID:2632
- C:\Windows\System\HCEKVAV.exe
  C:\Windows\System\HCEKVAV.exe
  2⤵
  PID:6200
- C:\Windows\System\NrJPJUs.exe
  C:\Windows\System\NrJPJUs.exe
  2⤵
  PID:4544
- C:\Windows\System\JzbxUys.exe
  C:\Windows\System\JzbxUys.exe
  2⤵
  PID:6236
- C:\Windows\System\flPZgiS.exe
  C:\Windows\System\flPZgiS.exe
  2⤵
  PID:6280
- C:\Windows\System\WVHpYlk.exe
  C:\Windows\System\WVHpYlk.exe
  2⤵
  PID:6172
- C:\Windows\System\orpwvjZ.exe
  C:\Windows\System\orpwvjZ.exe
  2⤵
  PID:5560
- C:\Windows\System\NEfxodZ.exe
  C:\Windows\System\NEfxodZ.exe
  2⤵
  PID:6264
- C:\Windows\System\xevGQXb.exe
  C:\Windows\System\xevGQXb.exe
  2⤵
  PID:6352
- C:\Windows\System\TEwiOMJ.exe
  C:\Windows\System\TEwiOMJ.exe
  2⤵
  PID:6436
- C:\Windows\System\gWmCPAJ.exe
  C:\Windows\System\gWmCPAJ.exe
  2⤵
  PID:6260
- C:\Windows\System\UMEdPEU.exe
  C:\Windows\System\UMEdPEU.exe
  2⤵
  PID:6300
- C:\Windows\System\vAOcWaK.exe
  C:\Windows\System\vAOcWaK.exe
  2⤵
  PID:6520
- C:\Windows\System\GnlGvrV.exe
  C:\Windows\System\GnlGvrV.exe
  2⤵
  PID:6560
- C:\Windows\System\ybHPhLD.exe
  C:\Windows\System\ybHPhLD.exe
  2⤵
  PID:6608
- C:\Windows\System\hVPixTj.exe
  C:\Windows\System\hVPixTj.exe
  2⤵
  PID:6452
- C:\Windows\System\PoVpNNn.exe
  C:\Windows\System\PoVpNNn.exe
  2⤵
  PID:6420
- C:\Windows\System\NDEcBbS.exe
  C:\Windows\System\NDEcBbS.exe
  2⤵
  PID:6536
- C:\Windows\System\uvmxqBG.exe
  C:\Windows\System\uvmxqBG.exe
  2⤵
  PID:2080
- C:\Windows\System\qlPnPYt.exe
  C:\Windows\System\qlPnPYt.exe
  2⤵
  PID:6788
- C:\Windows\System\WUnNfPx.exe
  C:\Windows\System\WUnNfPx.exe
  2⤵
  PID:6840
- C:\Windows\System\RASXvzL.exe
  C:\Windows\System\RASXvzL.exe
  2⤵
  PID:6592
- C:\Windows\System\lWqeYuc.exe
  C:\Windows\System\lWqeYuc.exe
  2⤵
  PID:6632
- C:\Windows\System\KOKaRXb.exe
  C:\Windows\System\KOKaRXb.exe
  2⤵
  PID:6696
- C:\Windows\System\gGYoTGc.exe
  C:\Windows\System\gGYoTGc.exe
  2⤵
  PID:6736
- C:\Windows\System\nquEftb.exe
  C:\Windows\System\nquEftb.exe
  2⤵
  PID:6912
- C:\Windows\System\fMJhVZE.exe
  C:\Windows\System\fMJhVZE.exe
  2⤵
  PID:6860
- C:\Windows\System\VRtapDS.exe
  C:\Windows\System\VRtapDS.exe
  2⤵
  PID:6772
- C:\Windows\System\MnFyTqX.exe
  C:\Windows\System\MnFyTqX.exe
  2⤵
  PID:6956
- C:\Windows\System\GMORraD.exe
  C:\Windows\System\GMORraD.exe
  2⤵
  PID:6992
- C:\Windows\System\GFtVSpO.exe
  C:\Windows\System\GFtVSpO.exe
  2⤵
  PID:7012
- C:\Windows\System\qKkcZyl.exe
  C:\Windows\System\qKkcZyl.exe
  2⤵
  PID:7056
- C:\Windows\System\PPxabvt.exe
  C:\Windows\System\PPxabvt.exe
  2⤵
  PID:7068
- C:\Windows\System\AnTpHWw.exe
  C:\Windows\System\AnTpHWw.exe
  2⤵
  PID:2460
- C:\Windows\System\fXAZjZX.exe
  C:\Windows\System\fXAZjZX.exe
  2⤵
  PID:7136
- C:\Windows\System\yBWOhmh.exe
  C:\Windows\System\yBWOhmh.exe
  2⤵
  PID:7156
- C:\Windows\System\lbaIvlV.exe
  C:\Windows\System\lbaIvlV.exe
  2⤵
  PID:5740
- C:\Windows\System\BlFHiDR.exe
  C:\Windows\System\BlFHiDR.exe
  2⤵
  PID:5804
- C:\Windows\System\euGWrlr.exe
  C:\Windows\System\euGWrlr.exe
  2⤵
  PID:2160
- C:\Windows\System\TmOUxsN.exe
  C:\Windows\System\TmOUxsN.exe
  2⤵
  PID:5880
- C:\Windows\System\Kuhqsfr.exe
  C:\Windows\System\Kuhqsfr.exe
  2⤵
  PID:1296
- C:\Windows\System\EDnGWOc.exe
  C:\Windows\System\EDnGWOc.exe
  2⤵
  PID:6160
- C:\Windows\System\sVDpfGy.exe
  C:\Windows\System\sVDpfGy.exe
  2⤵
  PID:3332
- C:\Windows\System\zSFNyrh.exe
  C:\Windows\System\zSFNyrh.exe
  2⤵
  PID:1564
- C:\Windows\System\UOCBmIq.exe
  C:\Windows\System\UOCBmIq.exe
  2⤵
  PID:1776
- C:\Windows\System\SwhWvGy.exe
  C:\Windows\System\SwhWvGy.exe
  2⤵
  PID:6320
- C:\Windows\System\GYTOhdF.exe
  C:\Windows\System\GYTOhdF.exe
  2⤵
  PID:1004
- C:\Windows\System\ZafvnOn.exe
  C:\Windows\System\ZafvnOn.exe
  2⤵
  PID:6396
- C:\Windows\System\mUXLoBO.exe
  C:\Windows\System\mUXLoBO.exe
  2⤵
  PID:6224
- C:\Windows\System\ZIcjrxj.exe
  C:\Windows\System\ZIcjrxj.exe
  2⤵
  PID:6220
- C:\Windows\System\bIcrsFo.exe
  C:\Windows\System\bIcrsFo.exe
  2⤵
  PID:6336
- C:\Windows\System\LahfXsx.exe
  C:\Windows\System\LahfXsx.exe
  2⤵
  PID:6564
- C:\Windows\System\KVPZerY.exe
  C:\Windows\System\KVPZerY.exe
  2⤵
  PID:6492
- C:\Windows\System\TvMqWGX.exe
  C:\Windows\System\TvMqWGX.exe
  2⤵
  PID:6540
- C:\Windows\System\tbsuNsf.exe
  C:\Windows\System\tbsuNsf.exe
  2⤵
  PID:6756
- C:\Windows\System\SNDlPZx.exe
  C:\Windows\System\SNDlPZx.exe
  2⤵
  PID:6588
- C:\Windows\System\ulrZSFd.exe
  C:\Windows\System\ulrZSFd.exe
  2⤵
  PID:6692
- C:\Windows\System\ocPrCbl.exe
  C:\Windows\System\ocPrCbl.exe
  2⤵
  PID:6728
- C:\Windows\System\ZgpPaIx.exe
  C:\Windows\System\ZgpPaIx.exe
  2⤵
  PID:6856
- C:\Windows\System\ZpLILsu.exe
  C:\Windows\System\ZpLILsu.exe
  2⤵
  PID:6928
- C:\Windows\System\VrNxPHi.exe
  C:\Windows\System\VrNxPHi.exe
  2⤵
  PID:7004
- C:\Windows\System\ZWKXTjk.exe
  C:\Windows\System\ZWKXTjk.exe
  2⤵
  PID:6976
- C:\Windows\System\yRkYBIb.exe
  C:\Windows\System\yRkYBIb.exe
  2⤵
  PID:1588
- C:\Windows\System\PWtJOMn.exe
  C:\Windows\System\PWtJOMn.exe
  2⤵
  PID:7148
- C:\Windows\System\UtysKeL.exe
  C:\Windows\System\UtysKeL.exe
  2⤵
  PID:5720
- C:\Windows\System\qeLXdEF.exe
  C:\Windows\System\qeLXdEF.exe
  2⤵
  PID:5692
- C:\Windows\System\TmebyVQ.exe
  C:\Windows\System\TmebyVQ.exe
  2⤵
  PID:5920
- C:\Windows\System\IWwORTK.exe
  C:\Windows\System\IWwORTK.exe
  2⤵
  PID:3908
- C:\Windows\System\dvVHdxX.exe
  C:\Windows\System\dvVHdxX.exe
  2⤵
  PID:4160
- C:\Windows\System\duVvswE.exe
  C:\Windows\System\duVvswE.exe
  2⤵
  PID:4576
- C:\Windows\System\xvRphYM.exe
  C:\Windows\System\xvRphYM.exe
  2⤵
  PID:5588
- C:\Windows\System\SBCoASA.exe
  C:\Windows\System\SBCoASA.exe
  2⤵
  PID:2828
- C:\Windows\System\cGEWZlh.exe
  C:\Windows\System\cGEWZlh.exe
  2⤵
  PID:1228
- C:\Windows\System\UPKsmDE.exe
  C:\Windows\System\UPKsmDE.exe
  2⤵
  PID:6524
- C:\Windows\System\mdOPmjX.exe
  C:\Windows\System\mdOPmjX.exe
  2⤵
  PID:6496
- C:\Windows\System\xxzdgoB.exe
  C:\Windows\System\xxzdgoB.exe
  2⤵
  PID:6836
- C:\Windows\System\VPYlUPA.exe
  C:\Windows\System\VPYlUPA.exe
  2⤵
  PID:6876
- C:\Windows\System\vQWszcd.exe
  C:\Windows\System\vQWszcd.exe
  2⤵
  PID:6628
- C:\Windows\System\zLWhbdS.exe
  C:\Windows\System\zLWhbdS.exe
  2⤵
  PID:6816
- C:\Windows\System\wdXFvJb.exe
  C:\Windows\System\wdXFvJb.exe
  2⤵
  PID:6952
- C:\Windows\System\AryYCDd.exe
  C:\Windows\System\AryYCDd.exe
  2⤵
  PID:7112
- C:\Windows\System\QkwLNWM.exe
  C:\Windows\System\QkwLNWM.exe
  2⤵
  PID:7180
- C:\Windows\System\ynGLWGy.exe
  C:\Windows\System\ynGLWGy.exe
  2⤵
  PID:7204
- C:\Windows\System\vkgYrgf.exe
  C:\Windows\System\vkgYrgf.exe
  2⤵
  PID:7220
- C:\Windows\System\VXDyxWF.exe
  C:\Windows\System\VXDyxWF.exe
  2⤵
  PID:7240
- C:\Windows\System\JdxgIRJ.exe
  C:\Windows\System\JdxgIRJ.exe
  2⤵
  PID:7264
- C:\Windows\System\QsVmEZz.exe
  C:\Windows\System\QsVmEZz.exe
  2⤵
  PID:7280
- C:\Windows\System\RcozJwp.exe
  C:\Windows\System\RcozJwp.exe
  2⤵
  PID:7304
- C:\Windows\System\ydaIoQT.exe
  C:\Windows\System\ydaIoQT.exe
  2⤵
  PID:7324
- C:\Windows\System\zZoePSn.exe
  C:\Windows\System\zZoePSn.exe
  2⤵
  PID:7344
- C:\Windows\System\YSWBwQj.exe
  C:\Windows\System\YSWBwQj.exe
  2⤵
  PID:7360
- C:\Windows\System\uzGMWKI.exe
  C:\Windows\System\uzGMWKI.exe
  2⤵
  PID:7384
- C:\Windows\System\ZyxAuXm.exe
  C:\Windows\System\ZyxAuXm.exe
  2⤵
  PID:7404
- C:\Windows\System\eYlOegI.exe
  C:\Windows\System\eYlOegI.exe
  2⤵
  PID:7424
- C:\Windows\System\Zpoofal.exe
  C:\Windows\System\Zpoofal.exe
  2⤵
  PID:7444
- C:\Windows\System\xtIlbtn.exe
  C:\Windows\System\xtIlbtn.exe
  2⤵
  PID:7460
- C:\Windows\System\dLufDAU.exe
  C:\Windows\System\dLufDAU.exe
  2⤵
  PID:7484
- C:\Windows\System\BoakBGB.exe
  C:\Windows\System\BoakBGB.exe
  2⤵
  PID:7504
- C:\Windows\System\crLzjsE.exe
  C:\Windows\System\crLzjsE.exe
  2⤵
  PID:7524
- C:\Windows\System\sKINGiK.exe
  C:\Windows\System\sKINGiK.exe
  2⤵
  PID:7548
- C:\Windows\System\XaaBsfF.exe
  C:\Windows\System\XaaBsfF.exe
  2⤵
  PID:7568
- C:\Windows\System\DDPTJwC.exe
  C:\Windows\System\DDPTJwC.exe
  2⤵
  PID:7588
- C:\Windows\System\hmFvjHb.exe
  C:\Windows\System\hmFvjHb.exe
  2⤵
  PID:7604
- C:\Windows\System\uEJIxHW.exe
  C:\Windows\System\uEJIxHW.exe
  2⤵
  PID:7628
- C:\Windows\System\lWhiKRh.exe
  C:\Windows\System\lWhiKRh.exe
  2⤵
  PID:7648
- C:\Windows\System\RsPrTTp.exe
  C:\Windows\System\RsPrTTp.exe
  2⤵
  PID:7668
- C:\Windows\System\uXBSAEg.exe
  C:\Windows\System\uXBSAEg.exe
  2⤵
  PID:7684
- C:\Windows\System\yfdpRQm.exe
  C:\Windows\System\yfdpRQm.exe
  2⤵
  PID:7708
- C:\Windows\System\fNgnXPJ.exe
  C:\Windows\System\fNgnXPJ.exe
  2⤵
  PID:7728
- C:\Windows\System\YcePwDe.exe
  C:\Windows\System\YcePwDe.exe
  2⤵
  PID:7748
- C:\Windows\System\hxIgzTb.exe
  C:\Windows\System\hxIgzTb.exe
  2⤵
  PID:7764
- C:\Windows\System\RVKlOAf.exe
  C:\Windows\System\RVKlOAf.exe
  2⤵
  PID:7788
- C:\Windows\System\pAysQdq.exe
  C:\Windows\System\pAysQdq.exe
  2⤵
  PID:7808
- C:\Windows\System\OJobStN.exe
  C:\Windows\System\OJobStN.exe
  2⤵
  PID:7828
- C:\Windows\System\BJpHHYV.exe
  C:\Windows\System\BJpHHYV.exe
  2⤵
  PID:7848
- C:\Windows\System\kLMWvby.exe
  C:\Windows\System\kLMWvby.exe
  2⤵
  PID:7868
- C:\Windows\System\UvtsYdX.exe
  C:\Windows\System\UvtsYdX.exe
  2⤵
  PID:7888
- C:\Windows\System\JFkxaBn.exe
  C:\Windows\System\JFkxaBn.exe
  2⤵
  PID:7908
- C:\Windows\System\GyuWSsP.exe
  C:\Windows\System\GyuWSsP.exe
  2⤵
  PID:7928
- C:\Windows\System\MpOzKYW.exe
  C:\Windows\System\MpOzKYW.exe
  2⤵
  PID:7948
- C:\Windows\System\knUwgkw.exe
  C:\Windows\System\knUwgkw.exe
  2⤵
  PID:7964
- C:\Windows\System\sJHQmLA.exe
  C:\Windows\System\sJHQmLA.exe
  2⤵
  PID:7988
- C:\Windows\System\ypIrOLE.exe
  C:\Windows\System\ypIrOLE.exe
  2⤵
  PID:8008
- C:\Windows\System\XyvirVp.exe
  C:\Windows\System\XyvirVp.exe
  2⤵
  PID:8028
- C:\Windows\System\EKYAAJr.exe
  C:\Windows\System\EKYAAJr.exe
  2⤵
  PID:8048
- C:\Windows\System\ZQHnUtw.exe
  C:\Windows\System\ZQHnUtw.exe
  2⤵
  PID:8064
- C:\Windows\System\AzZuSUc.exe
  C:\Windows\System\AzZuSUc.exe
  2⤵
  PID:8084
- C:\Windows\System\CURaNjI.exe
  C:\Windows\System\CURaNjI.exe
  2⤵
  PID:8112
- C:\Windows\System\lyszhxr.exe
  C:\Windows\System\lyszhxr.exe
  2⤵
  PID:8132
- C:\Windows\System\ZHGqGBj.exe
  C:\Windows\System\ZHGqGBj.exe
  2⤵
  PID:8152
- C:\Windows\System\xYNnamb.exe
  C:\Windows\System\xYNnamb.exe
  2⤵
  PID:8168
- C:\Windows\System\pdMPaCh.exe
  C:\Windows\System\pdMPaCh.exe
  2⤵
  PID:8184
- C:\Windows\System\SEfCOWL.exe
  C:\Windows\System\SEfCOWL.exe
  2⤵
  PID:7128
- C:\Windows\System\pRYErTr.exe
  C:\Windows\System\pRYErTr.exe
  2⤵
  PID:5424
- C:\Windows\System\OrkbyDx.exe
  C:\Windows\System\OrkbyDx.exe
  2⤵
  PID:3848
- C:\Windows\System\XcLOAzi.exe
  C:\Windows\System\XcLOAzi.exe
  2⤵
  PID:2256
- C:\Windows\System\HxzKRvv.exe
  C:\Windows\System\HxzKRvv.exe
  2⤵
  PID:6348
- C:\Windows\System\JBsHjPY.exe
  C:\Windows\System\JBsHjPY.exe
  2⤵
  PID:6372
- C:\Windows\System\MzsPsqh.exe
  C:\Windows\System\MzsPsqh.exe
  2⤵
  PID:6572
- C:\Windows\System\dNjuhmD.exe
  C:\Windows\System\dNjuhmD.exe
  2⤵
  PID:6828
- C:\Windows\System\WCSDjzI.exe
  C:\Windows\System\WCSDjzI.exe
  2⤵
  PID:6784
- C:\Windows\System\cgqNtkV.exe
  C:\Windows\System\cgqNtkV.exe
  2⤵
  PID:2732
- C:\Windows\System\FPFZeyr.exe
  C:\Windows\System\FPFZeyr.exe
  2⤵
  PID:7032
- C:\Windows\System\FPFPcfr.exe
  C:\Windows\System\FPFPcfr.exe
  2⤵
  PID:2716
- C:\Windows\System\pcWiOAo.exe
  C:\Windows\System\pcWiOAo.exe
  2⤵
  PID:7248
- C:\Windows\System\eWMHuHa.exe
  C:\Windows\System\eWMHuHa.exe
  2⤵
  PID:7232
- C:\Windows\System\DiRBcLx.exe
  C:\Windows\System\DiRBcLx.exe
  2⤵
  PID:7296
- C:\Windows\System\YPdlHhe.exe
  C:\Windows\System\YPdlHhe.exe
  2⤵
  PID:7312
- C:\Windows\System\fLTfHEG.exe
  C:\Windows\System\fLTfHEG.exe
  2⤵
  PID:7368
- C:\Windows\System\pQiBnKu.exe
  C:\Windows\System\pQiBnKu.exe
  2⤵
  PID:7356
- C:\Windows\System\KLcLEOb.exe
  C:\Windows\System\KLcLEOb.exe
  2⤵
  PID:7416
- C:\Windows\System\RMUXnRT.exe
  C:\Windows\System\RMUXnRT.exe
  2⤵
  PID:7456
- C:\Windows\System\FGBCLDx.exe
  C:\Windows\System\FGBCLDx.exe
  2⤵
  PID:7496
- C:\Windows\System\mPhVjRg.exe
  C:\Windows\System\mPhVjRg.exe
  2⤵
  PID:7512
- C:\Windows\System\RzPoZsS.exe
  C:\Windows\System\RzPoZsS.exe
  2⤵
  PID:7516
- C:\Windows\System\lcmGAQs.exe
  C:\Windows\System\lcmGAQs.exe
  2⤵
  PID:7560
- C:\Windows\System\FKAARer.exe
  C:\Windows\System\FKAARer.exe
  2⤵
  PID:7616
- C:\Windows\System\GiAuwZB.exe
  C:\Windows\System\GiAuwZB.exe
  2⤵
  PID:7640
- C:\Windows\System\WJTltyq.exe
  C:\Windows\System\WJTltyq.exe
  2⤵
  PID:7700
- C:\Windows\System\gurercP.exe
  C:\Windows\System\gurercP.exe
  2⤵
  PID:7680
- C:\Windows\System\tiBPZKe.exe
  C:\Windows\System\tiBPZKe.exe
  2⤵
  PID:7772
- C:\Windows\System\tZUfgoP.exe
  C:\Windows\System\tZUfgoP.exe
  2⤵
  PID:7756
- C:\Windows\System\odSAmrV.exe
  C:\Windows\System\odSAmrV.exe
  2⤵
  PID:2996
- C:\Windows\System\FfHZYMU.exe
  C:\Windows\System\FfHZYMU.exe
  2⤵
  PID:7836
- C:\Windows\System\LGarqTn.exe
  C:\Windows\System\LGarqTn.exe
  2⤵
  PID:7844
- C:\Windows\System\BgcZzVn.exe
  C:\Windows\System\BgcZzVn.exe
  2⤵
  PID:7876
- C:\Windows\System\HtJxPTV.exe
  C:\Windows\System\HtJxPTV.exe
  2⤵
  PID:7972
- C:\Windows\System\aETwkKu.exe
  C:\Windows\System\aETwkKu.exe
  2⤵
  PID:7924
- C:\Windows\System\xbrBHmT.exe
  C:\Windows\System\xbrBHmT.exe
  2⤵
  PID:7956
- C:\Windows\System\IciEoGN.exe
  C:\Windows\System\IciEoGN.exe
  2⤵
  PID:8004
- C:\Windows\System\UIpirfK.exe
  C:\Windows\System\UIpirfK.exe
  2⤵
  PID:8092
- C:\Windows\System\fMAzFHp.exe
  C:\Windows\System\fMAzFHp.exe
  2⤵
  PID:8140
- C:\Windows\System\pYiWMvO.exe
  C:\Windows\System\pYiWMvO.exe
  2⤵
  PID:8144
- C:\Windows\System\VzAMjEF.exe
  C:\Windows\System\VzAMjEF.exe
  2⤵
  PID:8124
- C:\Windows\System\zHQOCTm.exe
  C:\Windows\System\zHQOCTm.exe
  2⤵
  PID:4816
- C:\Windows\System\yjbOUim.exe
  C:\Windows\System\yjbOUim.exe
  2⤵
  PID:2756
- C:\Windows\System\YuigXgi.exe
  C:\Windows\System\YuigXgi.exe
  2⤵
  PID:6376
- C:\Windows\System\RXfABnB.exe
  C:\Windows\System\RXfABnB.exe
  2⤵
  PID:6724
- C:\Windows\System\EtdBhDy.exe
  C:\Windows\System\EtdBhDy.exe
  2⤵
  PID:6192
- C:\Windows\System\Xwuycsc.exe
  C:\Windows\System\Xwuycsc.exe
  2⤵
  PID:7024
- C:\Windows\System\pQiMbqr.exe
  C:\Windows\System\pQiMbqr.exe
  2⤵
  PID:6544
- C:\Windows\System\IBBEsoy.exe
  C:\Windows\System\IBBEsoy.exe
  2⤵
  PID:7048
- C:\Windows\System\JAhncWw.exe
  C:\Windows\System\JAhncWw.exe
  2⤵
  PID:7192
- C:\Windows\System\NXLdkwy.exe
  C:\Windows\System\NXLdkwy.exe
  2⤵
  PID:7292
- C:\Windows\System\bLaalGu.exe
  C:\Windows\System\bLaalGu.exe
  2⤵
  PID:7372
- C:\Windows\System\qRCpCxn.exe
  C:\Windows\System\qRCpCxn.exe
  2⤵
  PID:7452
- C:\Windows\System\EUEZNLi.exe
  C:\Windows\System\EUEZNLi.exe
  2⤵
  PID:2696
- C:\Windows\System\swLZPMB.exe
  C:\Windows\System\swLZPMB.exe
  2⤵
  PID:7436
- C:\Windows\System\KejJRGM.exe
  C:\Windows\System\KejJRGM.exe
  2⤵
  PID:7544
- C:\Windows\System\ORpGrml.exe
  C:\Windows\System\ORpGrml.exe
  2⤵
  PID:7612
- C:\Windows\System\lZeNQrg.exe
  C:\Windows\System\lZeNQrg.exe
  2⤵
  PID:7696
- C:\Windows\System\aQuCWuJ.exe
  C:\Windows\System\aQuCWuJ.exe
  2⤵
  PID:7660
- C:\Windows\System\aGUBbNb.exe
  C:\Windows\System\aGUBbNb.exe
  2⤵
  PID:7740
- C:\Windows\System\mgZScgy.exe
  C:\Windows\System\mgZScgy.exe
  2⤵
  PID:7800
- C:\Windows\System\oHmSAPW.exe
  C:\Windows\System\oHmSAPW.exe
  2⤵
  PID:7904
- C:\Windows\System\NUlKAgy.exe
  C:\Windows\System\NUlKAgy.exe
  2⤵
  PID:7860
- C:\Windows\System\CyAOMZE.exe
  C:\Windows\System\CyAOMZE.exe
  2⤵
  PID:7976
- C:\Windows\System\KzZglze.exe
  C:\Windows\System\KzZglze.exe
  2⤵
  PID:8016
- C:\Windows\System\pCvllUY.exe
  C:\Windows\System\pCvllUY.exe
  2⤵
  PID:8040
- C:\Windows\System\hxpbCko.exe
  C:\Windows\System\hxpbCko.exe
  2⤵
  PID:8128
- C:\Windows\System\HBcBLQM.exe
  C:\Windows\System\HBcBLQM.exe
  2⤵
  PID:6040
- C:\Windows\System\wUhzlxz.exe
  C:\Windows\System\wUhzlxz.exe
  2⤵
  PID:6708
- C:\Windows\System\DfjKBNS.exe
  C:\Windows\System\DfjKBNS.exe
  2⤵
  PID:6064
- C:\Windows\System\jaulUvn.exe
  C:\Windows\System\jaulUvn.exe
  2⤵
  PID:6276
- C:\Windows\System\BpYnKJh.exe
  C:\Windows\System\BpYnKJh.exe
  2⤵
  PID:6852
- C:\Windows\System\mBjCaBU.exe
  C:\Windows\System\mBjCaBU.exe
  2⤵
  PID:7256
- C:\Windows\System\nXDydJR.exe
  C:\Windows\System\nXDydJR.exe
  2⤵
  PID:7376
- C:\Windows\System\uYZXPNu.exe
  C:\Windows\System\uYZXPNu.exe
  2⤵
  PID:7396
- C:\Windows\System\HLfIQRF.exe
  C:\Windows\System\HLfIQRF.exe
  2⤵
  PID:7412
- C:\Windows\System\usTNHyv.exe
  C:\Windows\System\usTNHyv.exe
  2⤵
  PID:7556
- C:\Windows\System\MTplOQo.exe
  C:\Windows\System\MTplOQo.exe
  2⤵
  PID:7636
- C:\Windows\System\qyFkMSL.exe
  C:\Windows\System\qyFkMSL.exe
  2⤵
  PID:2612
- C:\Windows\System\TriamQu.exe
  C:\Windows\System\TriamQu.exe
  2⤵
  PID:7784
- C:\Windows\System\yJpVFIz.exe
  C:\Windows\System\yJpVFIz.exe
  2⤵
  PID:7816
- C:\Windows\System\nKOxMZB.exe
  C:\Windows\System\nKOxMZB.exe
  2⤵
  PID:7916
- C:\Windows\System\pjiSInt.exe
  C:\Windows\System\pjiSInt.exe
  2⤵
  PID:8100
- C:\Windows\System\cdynJGH.exe
  C:\Windows\System\cdynJGH.exe
  2⤵
  PID:5456
- C:\Windows\System\wymJoKm.exe
  C:\Windows\System\wymJoKm.exe
  2⤵
  PID:2800
- C:\Windows\System\HBPmJId.exe
  C:\Windows\System\HBPmJId.exe
  2⤵
  PID:6432
- C:\Windows\System\vueGnUV.exe
  C:\Windows\System\vueGnUV.exe
  2⤵
  PID:3048
- C:\Windows\System\QqeNdwa.exe
  C:\Windows\System\QqeNdwa.exe
  2⤵
  PID:7380
- C:\Windows\System\YeONJbN.exe
  C:\Windows\System\YeONJbN.exe
  2⤵
  PID:7468
- C:\Windows\System\DltqYnA.exe
  C:\Windows\System\DltqYnA.exe
  2⤵
  PID:7536
- C:\Windows\System\IlzJynE.exe
  C:\Windows\System\IlzJynE.exe
  2⤵
  PID:7596
- C:\Windows\System\lbezCLU.exe
  C:\Windows\System\lbezCLU.exe
  2⤵
  PID:7980
- C:\Windows\System\bWzEktv.exe
  C:\Windows\System\bWzEktv.exe
  2⤵
  PID:8020
- C:\Windows\System\OZAsQTi.exe
  C:\Windows\System\OZAsQTi.exe
  2⤵
  PID:7796
- C:\Windows\System\wQRumpj.exe
  C:\Windows\System\wQRumpj.exe
  2⤵
  PID:8108
- C:\Windows\System\SGVlENL.exe
  C:\Windows\System\SGVlENL.exe
  2⤵
  PID:6752
- C:\Windows\System\QOafovs.exe
  C:\Windows\System\QOafovs.exe
  2⤵
  PID:8204
- C:\Windows\System\jBMQkKZ.exe
  C:\Windows\System\jBMQkKZ.exe
  2⤵
  PID:8220
- C:\Windows\System\GvNzqBx.exe
  C:\Windows\System\GvNzqBx.exe
  2⤵
  PID:8236
- C:\Windows\System\tbGYHss.exe
  C:\Windows\System\tbGYHss.exe
  2⤵
  PID:8264
- C:\Windows\System\flRfqQO.exe
  C:\Windows\System\flRfqQO.exe
  2⤵
  PID:8280
- C:\Windows\System\jnTJhuj.exe
  C:\Windows\System\jnTJhuj.exe
  2⤵
  PID:8304
- C:\Windows\System\adHqqhJ.exe
  C:\Windows\System\adHqqhJ.exe
  2⤵
  PID:8324
- C:\Windows\System\RXvuyek.exe
  C:\Windows\System\RXvuyek.exe
  2⤵
  PID:8344
- C:\Windows\System\ILcvFFA.exe
  C:\Windows\System\ILcvFFA.exe
  2⤵
  PID:8360
- C:\Windows\System\AtZieEz.exe
  C:\Windows\System\AtZieEz.exe
  2⤵
  PID:8380
- C:\Windows\System\PfJGwce.exe
  C:\Windows\System\PfJGwce.exe
  2⤵
  PID:8400
- C:\Windows\System\giIDdEO.exe
  C:\Windows\System\giIDdEO.exe
  2⤵
  PID:8416
- C:\Windows\System\nZPSJnq.exe
  C:\Windows\System\nZPSJnq.exe
  2⤵
  PID:8436
- C:\Windows\System\EvdrqrW.exe
  C:\Windows\System\EvdrqrW.exe
  2⤵
  PID:8456
- C:\Windows\System\phwbJLQ.exe
  C:\Windows\System\phwbJLQ.exe
  2⤵
  PID:8472
- C:\Windows\System\VuHFOZl.exe
  C:\Windows\System\VuHFOZl.exe
  2⤵
  PID:8492
- C:\Windows\System\nrNtqcR.exe
  C:\Windows\System\nrNtqcR.exe
  2⤵
  PID:8508
- C:\Windows\System\fzTGbGr.exe
  C:\Windows\System\fzTGbGr.exe
  2⤵
  PID:8528
- C:\Windows\System\gaNNITR.exe
  C:\Windows\System\gaNNITR.exe
  2⤵
  PID:8548
- C:\Windows\System\nRizgtE.exe
  C:\Windows\System\nRizgtE.exe
  2⤵
  PID:8564
- C:\Windows\System\veNozJJ.exe
  C:\Windows\System\veNozJJ.exe
  2⤵
  PID:8616
- C:\Windows\System\WZjTSYt.exe
  C:\Windows\System\WZjTSYt.exe
  2⤵
  PID:8636
- C:\Windows\System\bGvFoVv.exe
  C:\Windows\System\bGvFoVv.exe
  2⤵
  PID:8664
- C:\Windows\System\qalmTIA.exe
  C:\Windows\System\qalmTIA.exe
  2⤵
  PID:8684
- C:\Windows\System\XACxhgh.exe
  C:\Windows\System\XACxhgh.exe
  2⤵
  PID:8700
- C:\Windows\System\oPKlLPF.exe
  C:\Windows\System\oPKlLPF.exe
  2⤵
  PID:8716
- C:\Windows\System\PORlmZN.exe
  C:\Windows\System\PORlmZN.exe
  2⤵
  PID:8732
- C:\Windows\System\sEVljBb.exe
  C:\Windows\System\sEVljBb.exe
  2⤵
  PID:8748
- C:\Windows\System\xZPMpaP.exe
  C:\Windows\System\xZPMpaP.exe
  2⤵
  PID:8764
- C:\Windows\System\okozBBA.exe
  C:\Windows\System\okozBBA.exe
  2⤵
  PID:8796
- C:\Windows\System\cXRhLkY.exe
  C:\Windows\System\cXRhLkY.exe
  2⤵
  PID:8844
- C:\Windows\System\AAtYebG.exe
  C:\Windows\System\AAtYebG.exe
  2⤵
  PID:8884
- C:\Windows\System\rOsDEmZ.exe
  C:\Windows\System\rOsDEmZ.exe
  2⤵
  PID:8900
- C:\Windows\System\GKyRgEY.exe
  C:\Windows\System\GKyRgEY.exe
  2⤵
  PID:8916
- C:\Windows\System\UhJLvGZ.exe
  C:\Windows\System\UhJLvGZ.exe
  2⤵
  PID:8932
- C:\Windows\System\IQaXIil.exe
  C:\Windows\System\IQaXIil.exe
  2⤵
  PID:8948
- C:\Windows\System\pfSgzeS.exe
  C:\Windows\System\pfSgzeS.exe
  2⤵
  PID:8964
- C:\Windows\System\mxLZEoI.exe
  C:\Windows\System\mxLZEoI.exe
  2⤵
  PID:8980
- C:\Windows\System\ofsIXao.exe
  C:\Windows\System\ofsIXao.exe
  2⤵
  PID:8996
- C:\Windows\System\fUhYDgk.exe
  C:\Windows\System\fUhYDgk.exe
  2⤵
  PID:9012
- C:\Windows\System\ZlelpGj.exe
  C:\Windows\System\ZlelpGj.exe
  2⤵
  PID:9028
- C:\Windows\System\rTFRViY.exe
  C:\Windows\System\rTFRViY.exe
  2⤵
  PID:9044
- C:\Windows\System\zrCHdzB.exe
  C:\Windows\System\zrCHdzB.exe
  2⤵
  PID:9060
- C:\Windows\System\NIRUtbv.exe
  C:\Windows\System\NIRUtbv.exe
  2⤵
  PID:9092
- C:\Windows\System\CniLhvN.exe
  C:\Windows\System\CniLhvN.exe
  2⤵
  PID:9116
- C:\Windows\System\KqyBdiK.exe
  C:\Windows\System\KqyBdiK.exe
  2⤵
  PID:9136
- C:\Windows\System\opRwaMS.exe
  C:\Windows\System\opRwaMS.exe
  2⤵
  PID:9156
- C:\Windows\System\yXdtOCj.exe
  C:\Windows\System\yXdtOCj.exe
  2⤵
  PID:9172
- C:\Windows\System\HUJkmFX.exe
  C:\Windows\System\HUJkmFX.exe
  2⤵
  PID:9188
- C:\Windows\System\mRswtCN.exe
  C:\Windows\System\mRswtCN.exe
  2⤵
  PID:9204
- C:\Windows\System\yABQDou.exe
  C:\Windows\System\yABQDou.exe
  2⤵
  PID:7276
- C:\Windows\System\IWZUuRp.exe
  C:\Windows\System\IWZUuRp.exe
  2⤵
  PID:2856
- C:\Windows\System\ctPHFpK.exe
  C:\Windows\System\ctPHFpK.exe
  2⤵
  PID:2064
- C:\Windows\System\mtoPUFf.exe
  C:\Windows\System\mtoPUFf.exe
  2⤵
  PID:8060
- C:\Windows\System\QgGbmvg.exe
  C:\Windows\System\QgGbmvg.exe
  2⤵
  PID:292
- C:\Windows\System\mKEvtfe.exe
  C:\Windows\System\mKEvtfe.exe
  2⤵
  PID:8196
- C:\Windows\System\dUpXwVA.exe
  C:\Windows\System\dUpXwVA.exe
  2⤵
  PID:2088
- C:\Windows\System\xVrZTTY.exe
  C:\Windows\System\xVrZTTY.exe
  2⤵
  PID:7600
- C:\Windows\System\FLoYUqI.exe
  C:\Windows\System\FLoYUqI.exe
  2⤵
  PID:8276
- C:\Windows\System\tNAhSdB.exe
  C:\Windows\System\tNAhSdB.exe
  2⤵
  PID:7724
- C:\Windows\System\cfRmArR.exe
  C:\Windows\System\cfRmArR.exe
  2⤵
  PID:2340
- C:\Windows\System\oMXIAGm.exe
  C:\Windows\System\oMXIAGm.exe
  2⤵
  PID:8464
- C:\Windows\System\OWDYJUh.exe
  C:\Windows\System\OWDYJUh.exe
  2⤵
  PID:796
- C:\Windows\System\IRYxqGM.exe
  C:\Windows\System\IRYxqGM.exe
  2⤵
  PID:8504
- C:\Windows\System\IXFALtF.exe
  C:\Windows\System\IXFALtF.exe
  2⤵
  PID:1452
- C:\Windows\System\OdrchKu.exe
  C:\Windows\System\OdrchKu.exe
  2⤵
  PID:8300
- C:\Windows\System\XXaFylo.exe
  C:\Windows\System\XXaFylo.exe
  2⤵
  PID:8332
- C:\Windows\System\yNPBtCE.exe
  C:\Windows\System\yNPBtCE.exe
  2⤵
  PID:8408
- C:\Windows\System\LqkORbA.exe
  C:\Windows\System\LqkORbA.exe
  2⤵
  PID:4840
- C:\Windows\System\TUPnNOQ.exe
  C:\Windows\System\TUPnNOQ.exe
  2⤵
  PID:8480
- C:\Windows\System\AymGTNU.exe
  C:\Windows\System\AymGTNU.exe
  2⤵
  PID:2348
- C:\Windows\System\hSxcxXA.exe
  C:\Windows\System\hSxcxXA.exe
  2⤵
  PID:8608
- C:\Windows\System\eeRmWdj.exe
  C:\Windows\System\eeRmWdj.exe
  2⤵
  PID:8652
- C:\Windows\System\MsBrmMp.exe
  C:\Windows\System\MsBrmMp.exe
  2⤵
  PID:1668
- C:\Windows\System\ZtNykKR.exe
  C:\Windows\System\ZtNykKR.exe
  2⤵
  PID:8756
- C:\Windows\System\tBLJxHF.exe
  C:\Windows\System\tBLJxHF.exe
  2⤵
  PID:1032
- C:\Windows\System\fACtttZ.exe
  C:\Windows\System\fACtttZ.exe
  2⤵
  PID:8820
- C:\Windows\System\cDcJlyq.exe
  C:\Windows\System\cDcJlyq.exe
  2⤵
  PID:8836
- C:\Windows\System\WSumLsG.exe
  C:\Windows\System\WSumLsG.exe
  2⤵
  PID:572
- C:\Windows\System\jIkvOGx.exe
  C:\Windows\System\jIkvOGx.exe
  2⤵
  PID:8772
- C:\Windows\System\LHuCeUX.exe
  C:\Windows\System\LHuCeUX.exe
  2⤵
  PID:8808
- C:\Windows\System\bqcyvsn.exe
  C:\Windows\System\bqcyvsn.exe
  2⤵
  PID:1300
- C:\Windows\System\vcphCCs.exe
  C:\Windows\System\vcphCCs.exe
  2⤵
  PID:2552
- C:\Windows\System\HNrHqgW.exe
  C:\Windows\System\HNrHqgW.exe
  2⤵
  PID:1012
- C:\Windows\System\LPgsZrM.exe
  C:\Windows\System\LPgsZrM.exe
  2⤵
  PID:2444
- C:\Windows\System\ZxDYGgi.exe
  C:\Windows\System\ZxDYGgi.exe
  2⤵
  PID:8960
- C:\Windows\System\RsObVhT.exe
  C:\Windows\System\RsObVhT.exe
  2⤵
  PID:8944
- C:\Windows\System\VjTdCMV.exe
  C:\Windows\System\VjTdCMV.exe
  2⤵
  PID:8912
- C:\Windows\System\WigzWuc.exe
  C:\Windows\System\WigzWuc.exe
  2⤵
  PID:9084
- C:\Windows\System\WNKmmCc.exe
  C:\Windows\System\WNKmmCc.exe
  2⤵
  PID:9072
- C:\Windows\System\cvZnZJN.exe
  C:\Windows\System\cvZnZJN.exe
  2⤵
  PID:9164
- C:\Windows\System\nsQBSIe.exe
  C:\Windows\System\nsQBSIe.exe
  2⤵
  PID:9104
- C:\Windows\System\jTkKsyN.exe
  C:\Windows\System\jTkKsyN.exe
  2⤵
  PID:9008
- C:\Windows\System\IYkodKG.exe
  C:\Windows\System\IYkodKG.exe
  2⤵
  PID:9020
- C:\Windows\System\SbImuRo.exe
  C:\Windows\System\SbImuRo.exe
  2⤵
  PID:9184
- C:\Windows\System\RiKeRii.exe
  C:\Windows\System\RiKeRii.exe
  2⤵
  PID:7052
- C:\Windows\System\VsJFDWn.exe
  C:\Windows\System\VsJFDWn.exe
  2⤵
  PID:7900
- C:\Windows\System\qmpaLdW.exe
  C:\Windows\System\qmpaLdW.exe
  2⤵
  PID:8320
- C:\Windows\System\XSeTCDy.exe
  C:\Windows\System\XSeTCDy.exe
  2⤵
  PID:2280
- C:\Windows\System\FFqAvAx.exe
  C:\Windows\System\FFqAvAx.exe
  2⤵
  PID:8392
- C:\Windows\System\hOSSutA.exe
  C:\Windows\System\hOSSutA.exe
  2⤵
  PID:2840
- C:\Windows\System\ypqiCDM.exe
  C:\Windows\System\ypqiCDM.exe
  2⤵
  PID:8432
- C:\Windows\System\rovhibL.exe
  C:\Windows\System\rovhibL.exe
  2⤵
  PID:8212
- C:\Windows\System\bHyWIuJ.exe
  C:\Windows\System\bHyWIuJ.exe
  2⤵
  PID:8296
- C:\Windows\System\wvWrIrJ.exe
  C:\Windows\System\wvWrIrJ.exe
  2⤵
  PID:8452
- C:\Windows\System\Snnkhtu.exe
  C:\Windows\System\Snnkhtu.exe
  2⤵
  PID:8516
- C:\Windows\System\tIlSZJc.exe
  C:\Windows\System\tIlSZJc.exe
  2⤵
  PID:8412
- C:\Windows\System\gwSYdVo.exe
  C:\Windows\System\gwSYdVo.exe
  2⤵
  PID:8584
- C:\Windows\System\vdNjUyd.exe
  C:\Windows\System\vdNjUyd.exe
  2⤵
  PID:2584
- C:\Windows\System\gHOHIvA.exe
  C:\Windows\System\gHOHIvA.exe
  2⤵
  PID:8600
- C:\Windows\System\UQoBYsb.exe
  C:\Windows\System\UQoBYsb.exe
  2⤵
  PID:8804
- C:\Windows\System\IzwiWGt.exe
  C:\Windows\System\IzwiWGt.exe
  2⤵
  PID:8832
- C:\Windows\System\tFvaFfb.exe
  C:\Windows\System\tFvaFfb.exe
  2⤵
  PID:8744
- C:\Windows\System\QANobRG.exe
  C:\Windows\System\QANobRG.exe
  2⤵
  PID:764
- C:\Windows\System\IHqdVyv.exe
  C:\Windows\System\IHqdVyv.exe
  2⤵
  PID:1424
- C:\Windows\System\sWtAZMu.exe
  C:\Windows\System\sWtAZMu.exe
  2⤵
  PID:8880
- C:\Windows\System\HcXBPiM.exe
  C:\Windows\System\HcXBPiM.exe
  2⤵
  PID:8892
- C:\Windows\System\pAjIidk.exe
  C:\Windows\System\pAjIidk.exe
  2⤵
  PID:8940
- C:\Windows\System\falBJfk.exe
  C:\Windows\System\falBJfk.exe
  2⤵
  PID:9036
- C:\Windows\System\yTiSqEk.exe
  C:\Windows\System\yTiSqEk.exe
  2⤵
  PID:9004
- C:\Windows\System\EcOUODA.exe
  C:\Windows\System\EcOUODA.exe
  2⤵
  PID:9112
- C:\Windows\System\PWFsqMO.exe
  C:\Windows\System\PWFsqMO.exe
  2⤵
  PID:9144
- C:\Windows\System\fmkGoNf.exe
  C:\Windows\System\fmkGoNf.exe
  2⤵
  PID:8200
- C:\Windows\System\WmLOEvG.exe
  C:\Windows\System\WmLOEvG.exe
  2⤵
  PID:7692
- C:\Windows\System\jEyoVQY.exe
  C:\Windows\System\jEyoVQY.exe
  2⤵
  PID:2924
- C:\Windows\System\OkcKDmG.exe
  C:\Windows\System\OkcKDmG.exe
  2⤵
  PID:9148
- C:\Windows\System\vPkLdFc.exe
  C:\Windows\System\vPkLdFc.exe
  2⤵
  PID:8244
- C:\Windows\System\YZXGuMT.exe
  C:\Windows\System\YZXGuMT.exe
  2⤵
  PID:8336
- C:\Windows\System\UuyopiZ.exe
  C:\Windows\System\UuyopiZ.exe
  2⤵
  PID:1292
- C:\Windows\System\ntpGDlw.exe
  C:\Windows\System\ntpGDlw.exe
  2⤵
  PID:2684
- C:\Windows\System\hRUiYAL.exe
  C:\Windows\System\hRUiYAL.exe
  2⤵
  PID:8292
- C:\Windows\System\EpOuiwo.exe
  C:\Windows\System\EpOuiwo.exe
  2⤵
  PID:8444
- C:\Windows\System\jDybkNF.exe
  C:\Windows\System\jDybkNF.exe
  2⤵
  PID:5648
- C:\Windows\System\UHAMBhJ.exe
  C:\Windows\System\UHAMBhJ.exe
  2⤵
  PID:2560
- C:\Windows\System\FbgktDo.exe
  C:\Windows\System\FbgktDo.exe
  2⤵
  PID:8648
- C:\Windows\System\eyJycOZ.exe
  C:\Windows\System\eyJycOZ.exe
  2⤵
  PID:8672
- C:\Windows\System\WfwMKPB.exe
  C:\Windows\System\WfwMKPB.exe
  2⤵
  PID:8680
- C:\Windows\System\eOItDvR.exe
  C:\Windows\System\eOItDvR.exe
  2⤵
  PID:8824
- C:\Windows\System\gkDwRkD.exe
  C:\Windows\System\gkDwRkD.exe
  2⤵
  PID:8860
- C:\Windows\System\mBgycPg.exe
  C:\Windows\System\mBgycPg.exe
  2⤵
  PID:8956
- C:\Windows\System\CaMZmxa.exe
  C:\Windows\System\CaMZmxa.exe
  2⤵
  PID:9052
- C:\Windows\System\wtsBeqK.exe
  C:\Windows\System\wtsBeqK.exe
  2⤵
  PID:9128
- C:\Windows\System\RrfpKgN.exe
  C:\Windows\System\RrfpKgN.exe
  2⤵
  PID:6948
- C:\Windows\System\YyQCCFX.exe
  C:\Windows\System\YyQCCFX.exe
  2⤵
  PID:2092
- C:\Windows\System\nxcFUQR.exe
  C:\Windows\System\nxcFUQR.exe
  2⤵
  PID:2604
- C:\Windows\System\yZOaXUF.exe
  C:\Windows\System\yZOaXUF.exe
  2⤵
  PID:8368
- C:\Windows\System\zQDIYeH.exe
  C:\Windows\System\zQDIYeH.exe
  2⤵
  PID:8524
- C:\Windows\System\vQiqOfr.exe
  C:\Windows\System\vQiqOfr.exe
  2⤵
  PID:1876
- C:\Windows\System\lsqtQDc.exe
  C:\Windows\System\lsqtQDc.exe
  2⤵
  PID:8692
- C:\Windows\System\RjgklkI.exe
  C:\Windows\System\RjgklkI.exe
  2⤵
  PID:8864
- C:\Windows\System\paFxLuc.exe
  C:\Windows\System\paFxLuc.exe
  2⤵
  PID:9100
- C:\Windows\System\uDRcxTU.exe
  C:\Windows\System\uDRcxTU.exe
  2⤵
  PID:8312
- C:\Windows\System\kZzXVAj.exe
  C:\Windows\System\kZzXVAj.exe
  2⤵
  PID:8428
- C:\Windows\System\XbdYaOF.exe
  C:\Windows\System\XbdYaOF.exe
  2⤵
  PID:7260
- C:\Windows\System\lRjIPYg.exe
  C:\Windows\System\lRjIPYg.exe
  2⤵
  PID:8612
- C:\Windows\System\zyxQUQh.exe
  C:\Windows\System\zyxQUQh.exe
  2⤵
  PID:8588
- C:\Windows\System\MkqNXfx.exe
  C:\Windows\System\MkqNXfx.exe
  2⤵
  PID:9040
- C:\Windows\System\pmJNnoU.exe
  C:\Windows\System\pmJNnoU.exe
  2⤵
  PID:8424
- C:\Windows\System\iuLgyxe.exe
  C:\Windows\System\iuLgyxe.exe
  2⤵
  PID:8792
- C:\Windows\System\FAmCZEo.exe
  C:\Windows\System\FAmCZEo.exe
  2⤵
  PID:9232
- C:\Windows\System\EInPACZ.exe
  C:\Windows\System\EInPACZ.exe
  2⤵
  PID:9248
- C:\Windows\System\VyPQwZF.exe
  C:\Windows\System\VyPQwZF.exe
  2⤵
  PID:9264
- C:\Windows\System\rlVVwxD.exe
  C:\Windows\System\rlVVwxD.exe
  2⤵
  PID:9280
- C:\Windows\System\PELspql.exe
  C:\Windows\System\PELspql.exe
  2⤵
  PID:9296
- C:\Windows\System\cZKNaBX.exe
  C:\Windows\System\cZKNaBX.exe
  2⤵
  PID:9312
- C:\Windows\System\nranaXx.exe
  C:\Windows\System\nranaXx.exe
  2⤵
  PID:9328
- C:\Windows\System\Slxnuxg.exe
  C:\Windows\System\Slxnuxg.exe
  2⤵
  PID:9344
- C:\Windows\System\myGpFij.exe
  C:\Windows\System\myGpFij.exe
  2⤵
  PID:9396
- C:\Windows\System\sOMpkYr.exe
  C:\Windows\System\sOMpkYr.exe
  2⤵
  PID:9412
- C:\Windows\System\rAUsaGo.exe
  C:\Windows\System\rAUsaGo.exe
  2⤵
  PID:9540
- C:\Windows\System\wzFUQPG.exe
  C:\Windows\System\wzFUQPG.exe
  2⤵
  PID:9564
- C:\Windows\System\IxsDDLt.exe
  C:\Windows\System\IxsDDLt.exe
  2⤵
  PID:9632
- C:\Windows\System\EnLPwrn.exe
  C:\Windows\System\EnLPwrn.exe
  2⤵
  PID:9672
- C:\Windows\System\ImnJgtl.exe
  C:\Windows\System\ImnJgtl.exe
  2⤵
  PID:9712
- C:\Windows\System\OMvfTTN.exe
  C:\Windows\System\OMvfTTN.exe
  2⤵
  PID:9732
- C:\Windows\System\QjSAPEp.exe
  C:\Windows\System\QjSAPEp.exe
  2⤵
  PID:9752
- C:\Windows\System\ckWHjxj.exe
  C:\Windows\System\ckWHjxj.exe
  2⤵
  PID:9776
- C:\Windows\System\IfSJWqt.exe
  C:\Windows\System\IfSJWqt.exe
  2⤵
  PID:9796
- C:\Windows\System\WsIRmrU.exe
  C:\Windows\System\WsIRmrU.exe
  2⤵
  PID:9812
- C:\Windows\System\ZjPPKfr.exe
  C:\Windows\System\ZjPPKfr.exe
  2⤵
  PID:9832
- C:\Windows\System\oDLpiKs.exe
  C:\Windows\System\oDLpiKs.exe
  2⤵
  PID:9848
- C:\Windows\System\ZZzbOVx.exe
  C:\Windows\System\ZZzbOVx.exe
  2⤵
  PID:9864
- C:\Windows\System\YxscumO.exe
  C:\Windows\System\YxscumO.exe
  2⤵
  PID:9880
- C:\Windows\System\pfLLMAU.exe
  C:\Windows\System\pfLLMAU.exe
  2⤵
  PID:9896
- C:\Windows\System\XvgJeBH.exe
  C:\Windows\System\XvgJeBH.exe
  2⤵
  PID:9912
- C:\Windows\System\PeyBPcZ.exe
  C:\Windows\System\PeyBPcZ.exe
  2⤵
  PID:9928
- C:\Windows\System\kEcrOJb.exe
  C:\Windows\System\kEcrOJb.exe
  2⤵
  PID:9944
- C:\Windows\System\ABVbNZf.exe
  C:\Windows\System\ABVbNZf.exe
  2⤵
  PID:9960
- C:\Windows\System\NevkzPN.exe
  C:\Windows\System\NevkzPN.exe
  2⤵
  PID:9976
- C:\Windows\System\SbiABVJ.exe
  C:\Windows\System\SbiABVJ.exe
  2⤵
  PID:9992
- C:\Windows\System\eotMpgQ.exe
  C:\Windows\System\eotMpgQ.exe
  2⤵
  PID:10008
- C:\Windows\System\XuVNGpE.exe
  C:\Windows\System\XuVNGpE.exe
  2⤵
  PID:10024
- C:\Windows\System\JqxDxQk.exe
  C:\Windows\System\JqxDxQk.exe
  2⤵
  PID:10040
- C:\Windows\System\wRPdaSk.exe
  C:\Windows\System\wRPdaSk.exe
  2⤵
  PID:10056
- C:\Windows\System\DeoCdEG.exe
  C:\Windows\System\DeoCdEG.exe
  2⤵
  PID:10072
- C:\Windows\System\iXSJtrY.exe
  C:\Windows\System\iXSJtrY.exe
  2⤵
  PID:10088
- C:\Windows\System\pEIFMxW.exe
  C:\Windows\System\pEIFMxW.exe
  2⤵
  PID:10120
- C:\Windows\System\xIjgaIN.exe
  C:\Windows\System\xIjgaIN.exe
  2⤵
  PID:10192
- C:\Windows\System\FcNyLzJ.exe
  C:\Windows\System\FcNyLzJ.exe
  2⤵
  PID:10208
- C:\Windows\System\fBCavrU.exe
  C:\Windows\System\fBCavrU.exe
  2⤵
  PID:10228
- C:\Windows\System\amFxkUT.exe
  C:\Windows\System\amFxkUT.exe
  2⤵
  PID:8924
- C:\Windows\System\KkDUYXv.exe
  C:\Windows\System\KkDUYXv.exe
  2⤵
  PID:9276
- C:\Windows\System\TfKSaLt.exe
  C:\Windows\System\TfKSaLt.exe
  2⤵
  PID:9224
- C:\Windows\System\AIbSpjH.exe
  C:\Windows\System\AIbSpjH.exe
  2⤵
  PID:9288
- C:\Windows\System\gNCaMkg.exe
  C:\Windows\System\gNCaMkg.exe
  2⤵
  PID:9340
- C:\Windows\System\WpqsqVt.exe
  C:\Windows\System\WpqsqVt.exe
  2⤵
  PID:8928
- C:\Windows\System\LBYqJxG.exe
  C:\Windows\System\LBYqJxG.exe
  2⤵
  PID:9380
- C:\Windows\System\nwEXjCC.exe
  C:\Windows\System\nwEXjCC.exe
  2⤵
  PID:9364
- C:\Windows\System\UedgxMK.exe
  C:\Windows\System\UedgxMK.exe
  2⤵
  PID:9408
- C:\Windows\System\QRmwkyF.exe
  C:\Windows\System\QRmwkyF.exe
  2⤵
  PID:9432
- C:\Windows\System\IOOdUih.exe
  C:\Windows\System\IOOdUih.exe
  2⤵
  PID:9448
- C:\Windows\System\NkrdZHo.exe
  C:\Windows\System\NkrdZHo.exe
  2⤵
  PID:9464
- C:\Windows\System\OagnzaK.exe
  C:\Windows\System\OagnzaK.exe
  2⤵
  PID:9480
- C:\Windows\System\RSPfPFx.exe
  C:\Windows\System\RSPfPFx.exe
  2⤵
  PID:9556
- C:\Windows\System\gZERuaD.exe
  C:\Windows\System\gZERuaD.exe
  2⤵
  PID:9516
- C:\Windows\System\WXCJtMp.exe
  C:\Windows\System\WXCJtMp.exe
  2⤵
  PID:9536
- C:\Windows\System\QqtrWvi.exe
  C:\Windows\System\QqtrWvi.exe
  2⤵
  PID:9580
- C:\Windows\System\yioDrVT.exe
  C:\Windows\System\yioDrVT.exe
  2⤵
  PID:9600
- C:\Windows\System\civhHzL.exe
  C:\Windows\System\civhHzL.exe
  2⤵
  PID:9640
- C:\Windows\System\TSjWUAY.exe
  C:\Windows\System\TSjWUAY.exe
  2⤵
  PID:9660
- C:\Windows\System\XpbCXXX.exe
  C:\Windows\System\XpbCXXX.exe
  2⤵
  PID:9692
- C:\Windows\System\rhBQceN.exe
  C:\Windows\System\rhBQceN.exe
  2⤵
  PID:9788
- C:\Windows\System\AyyXKLi.exe
  C:\Windows\System\AyyXKLi.exe
  2⤵
  PID:9872
- C:\Windows\System\vmSXdTP.exe
  C:\Windows\System\vmSXdTP.exe
  2⤵
  PID:9828
- C:\Windows\System\HiOzwub.exe
  C:\Windows\System\HiOzwub.exe
  2⤵
  PID:9924
- C:\Windows\System\TLlPRHe.exe
  C:\Windows\System\TLlPRHe.exe
  2⤵
  PID:9988
- C:\Windows\System\Qzmzljf.exe
  C:\Windows\System\Qzmzljf.exe
  2⤵
  PID:9936
- C:\Windows\System\ZpuXGph.exe
  C:\Windows\System\ZpuXGph.exe
  2⤵
  PID:9840
- C:\Windows\System\idCCqYz.exe
  C:\Windows\System\idCCqYz.exe
  2⤵
  PID:9968
- C:\Windows\System\tTLXNWV.exe
  C:\Windows\System\tTLXNWV.exe
  2⤵
  PID:10032
- C:\Windows\System\GPOZPPe.exe
  C:\Windows\System\GPOZPPe.exe
  2⤵
  PID:10100
- C:\Windows\System\YiLdrFD.exe
  C:\Windows\System\YiLdrFD.exe
  2⤵
  PID:10112
- C:\Windows\System\JosyYNR.exe
  C:\Windows\System\JosyYNR.exe
  2⤵
  PID:10148
- C:\Windows\System\LQJioVt.exe
  C:\Windows\System\LQJioVt.exe
  2⤵
  PID:10160
- C:\Windows\System\gkTmuaw.exe
  C:\Windows\System\gkTmuaw.exe
  2⤵
  PID:10188
- C:\Windows\System\ktbksdR.exe
  C:\Windows\System\ktbksdR.exe
  2⤵
  PID:10220
- C:\Windows\System\vipdsDW.exe
  C:\Windows\System\vipdsDW.exe
  2⤵
  PID:9260
- C:\Windows\System\LHlSoLm.exe
  C:\Windows\System\LHlSoLm.exe
  2⤵
  PID:9528
- C:\Windows\System\EjWuXnZ.exe
  C:\Windows\System\EjWuXnZ.exe
  2⤵
  PID:9500
- C:\Windows\System\unMnUcj.exe
  C:\Windows\System\unMnUcj.exe
  2⤵
  PID:9552
- C:\Windows\System\PKfEDjL.exe
  C:\Windows\System\PKfEDjL.exe
  2⤵
  PID:10204
- C:\Windows\System\LCnoBdR.exe
  C:\Windows\System\LCnoBdR.exe
  2⤵
  PID:2752
- C:\Windows\System\pHEgRtg.exe
  C:\Windows\System\pHEgRtg.exe
  2⤵
  PID:9708
- C:\Windows\System\jbfNveY.exe
  C:\Windows\System\jbfNveY.exe
  2⤵
  PID:9744
- C:\Windows\System\gjbttnB.exe
  C:\Windows\System\gjbttnB.exe
  2⤵
  PID:9644
- C:\Windows\System\lgVacyS.exe
  C:\Windows\System\lgVacyS.exe
  2⤵
  PID:9472
- C:\Windows\System\RXeUvqe.exe
  C:\Windows\System\RXeUvqe.exe
  2⤵
  PID:7420
- C:\Windows\System\acFoimh.exe
  C:\Windows\System\acFoimh.exe
  2⤵
  PID:9384
- C:\Windows\System\DDYMtEl.exe
  C:\Windows\System\DDYMtEl.exe
  2⤵
  PID:9512
- C:\Windows\System\teDHnWG.exe
  C:\Windows\System\teDHnWG.exe
  2⤵
  PID:9584
- C:\Windows\System\XvLvQAp.exe
  C:\Windows\System\XvLvQAp.exe
  2⤵
  PID:9784
- C:\Windows\System\bnAOMXD.exe
  C:\Windows\System\bnAOMXD.exe
  2⤵
  PID:9972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CnojrJL.exe

Filesize
6.0MB

MD5
3f7101f0250c03e6dcf7086e866593d3

SHA1
298b9689eeff90186d63d8580c016abb8e5b3ea8

SHA256
830d87eba254667a80c240f02e78567b2e7d045ab7758e16e02766446ba750f2

SHA512
9105a0bb3e75e966e8e6695e1a6f8ea7dbef5896c500e9d026b76ac8e96b0162d40d571c1bb6cff8c2313473fb71330f2c9ac4b2651f84260e7db65f6e560a20

Download Submit
C:\Windows\system\CtyDYDi.exe

Filesize
6.0MB

MD5
f2fbaf8642a8f5471ffda5e37693e2a0

SHA1
50462a83d0d89518a82ca551a4e2658665ff8db4

SHA256
e869a98ca9bb2a6e8806baa838ab01581fb901e7585aa187446981cf1a1fde12

SHA512
2edcdf19ffc48162b76ed62cf95d48201007b7ce0c6bcf90b00d77bbd78f6e8ebc5236e76dc391e1decbd110c075d60e3d1e59002cfa51187d7b14261aa07ebe

Download Submit
C:\Windows\system\EcBZqxF.exe

Filesize
6.0MB

MD5
d57d02876acfd4b8391a49eabf148c5c

SHA1
22ed2a046761c1978feea96d7376fd816bfaeb87

SHA256
fcdd6fdd5af67314e84192399a7ed6cf3af6dcd46d39a9cffb622b0892552953

SHA512
cabbb0c82b4b8bf00510bfdc5956e468266f2207d4a0468b63d8c24f06aed69f9c50ff04abd7f5ea0b161150f0f926f8ccf3dc18b231ea421ab18c1cc97c2529

Download Submit
C:\Windows\system\FhOuCnN.exe

Filesize
6.0MB

MD5
ec4d52b47dc2bb55609ae998abf1a05b

SHA1
a5e2d91823bff46caee0fe625809f19ff03602e8

SHA256
05c79e6e4cdca23df315b406d580a77204a3759d1af3f6456ba986b4d32cd389

SHA512
b8de154af94aa2253d609c05a133c086e78fcccb2ec4e0a7f1f5e3a6eb95df6f29a5ebf8e95a81d143ac74adf55b459d32feced082a9039bb8a30d60f21fcc54

Download Submit
C:\Windows\system\HsZNUeh.exe

Filesize
6.0MB

MD5
3dcac4a8b00b0f580883eb81ea2b8bbb

SHA1
c9dafc7250edeccca5598fdc68290c6c8a88248b

SHA256
8630a50b813a19b79a6835177349a11112a62a8448ffde35ba5374961964bd74

SHA512
b9d64c6667225701f601213efb1397b9b3325d91ae45c2aa9d99241f522345c51c668274642704f974cfff5481084fcb1c65a7b086f09f5e149a9a49b9e7dbfa

Download Submit
C:\Windows\system\Jusdzax.exe

Filesize
6.0MB

MD5
fa6b166a4bceb89b3fceff51c51f5bda

SHA1
1a9c54b2b2da10ab61a6574a103629746dacb552

SHA256
b6594a00fb79372e4cb1d2e323fb95f5bda70409abd13bf22b687854a3a9fd4c

SHA512
9947b61483645375297a3fbb38287496ca52c17964c122038f51ff961a66b2fd100842e2a8305ce51643a44b3a623e65638bca555b0e07100c06fa1c3ae53dcf

Download Submit
C:\Windows\system\KQmrkln.exe

Filesize
6.0MB

MD5
8e941f450d3ee094cd1feb23f5611647

SHA1
bceac305bf19b3750db476bf47bbfe29ea8e6ad1

SHA256
7c399b6ef008819e32b47194b8ec053c53c4ca8192787de711f3f9dc1558597b

SHA512
e6b551a6c3268f4c2093462b6401ae9a391c8f44e384040ecca843782133138ebe46bf79515dcd816a5246f204c6b533050eb1806bb9009602496ec247d9b2ef

Download Submit
C:\Windows\system\MmvgASK.exe

Filesize
6.0MB

MD5
7a13987939decf087f84f61eb40909fd

SHA1
aaa77dd69150e1e927cfb67bbf8cdf102da7baa3

SHA256
ae8d69b028faf0b243f8a62a4b676fbfa2d2c10b2391e176db2b264ada11590f

SHA512
402508174703d39747344c5f11bd00a13764dc74c322cc4c959c5bf763e9d79a876ce46c838c42648dc5e066486048b927cabb18103dfd63986aa8f3a7a9e30d

Download Submit
C:\Windows\system\MnDvIaz.exe

Filesize
6.0MB

MD5
55d3e9c976290c5ffe248775768765f1

SHA1
08fca0b9b90dff5ddd2ea476d9dad000a8fec451

SHA256
a13303da779af86616adaad034e5a0d38210a222f8b4a3bd48c1c60428c847cf

SHA512
a80733d195090826e275f03a9bdb3b2667f48947a5b6f2a294c5abb0926e296df6d850fb96d793fe4ae23dc96c0f75e94e71307e80a9843aba2f20d5d5832df7

Download Submit
C:\Windows\system\OSIucPq.exe

Filesize
6.0MB

MD5
6c4f6cb27ab1bcb2d1c21595bd85f855

SHA1
0a3aed84741f58af75d7a0b723f3747f5dbc1f47

SHA256
26dd39e431bcb6ad200affdb7b6564829c61d000b686bd0fd19553337dff2a5f

SHA512
bec5a3be6a61039088b8c8072ea2d5277dee0ceebdc60fb172f98dba1cb7c68a424312b028136e7adbf8d7cb4e2e3fa09e00ba353d7863d55913fd211ac7964f

Download Submit
C:\Windows\system\SYWhLIf.exe

Filesize
6.0MB

MD5
064c445f59b20a4e4c11912790caa5e1

SHA1
c7f78f734b9a2f6b1a1a7e630e462ce8d81b3d6c

SHA256
56a8399d37896a75425f0384c9bfff401e2804cb67c33fc15fc713bdff62c9e5

SHA512
238814b8a51389579d22ffcc45eeb37a8e87e4f5c11f7b07788d801dd9a69fedec9fd2ec6b5f05858a2cc6bd73dc9018638571f48ba7fb1961a4121e09dba8ce

Download Submit
C:\Windows\system\SjpVjIy.exe

Filesize
6.0MB

MD5
84831024949d77ec59d0df66ee86510f

SHA1
015fdf17d0f8c8f18d59a09bccff7162c3609619

SHA256
7c800a6bd1babab7632da7ca3648deeaef4f63492af748c71425fda48a38739b

SHA512
e7624658a6c1d7e7a7743059bcbfb69921648bdc009db408ea096354396adcb5a67007a83b1a06996c47da440196ceea2aca2ea7d660bf62adb871a62742228c

Download Submit
C:\Windows\system\UNZYsOM.exe

Filesize
6.0MB

MD5
bd8154e5a4b38bf263ed64f88c0075be

SHA1
46b9071cfc8d41908164e61554ef89436298e61b

SHA256
bdf0744e6f17629d7e70085ae824ece57bda2e6a35f9a488c5b6eb99a9abf3ae

SHA512
b7b58513af2df58127d1da1a6c602a334f8737074d1c93ebef89af5c7fe4de89318d1534d4a2353d6611b896a4302d6095a55a4d3ef1afcb221b987e9301b8d7

Download Submit
C:\Windows\system\WVvJKPU.exe

Filesize
6.0MB

MD5
93f54c10a3ad24b21766024594aea80f

SHA1
d184a591094b10f63588c945f81958ef5064dcd6

SHA256
1fe009fea1b9a21ad887ab046f88ba2b2fa1af3c73303c758dc6983544021b0a

SHA512
14d7307fc1bb5d126dc6d97154e88c5a87a0721dc17b74be411de77d036002ed3a4c2dd98e2060d86d63b1669971a5d5cf936475f1b567000308419728a74482

Download Submit
C:\Windows\system\XfFGyyL.exe

Filesize
6.0MB

MD5
1b746f8d2f11ff984589217705036b83

SHA1
54086ee3a1e1023d0f8bb318ff587378e2de7644

SHA256
102214670a5830d5e649444289f53de7da262d811a97d65d8ee7b486dcf12bd2

SHA512
05b5c3d1b263d7c96e1127f805e152e9d799529f02b561cb7bc62fc339ebdf71a959a139e4071e9f60cf2d4d9e296001dd2298cdd401fd85d06bba8d12676a6d

Download Submit
C:\Windows\system\fAHyeAe.exe

Filesize
6.0MB

MD5
31e1cece4c40306aa96cf2c4b8c9e328

SHA1
60e4a9e4e7b9646da5c1d33228690b1e866ebd5a

SHA256
fcdb32d1b0c7518fe9df32da0a4aa04765bf4523c9412d74c14484c0222f0de1

SHA512
914aaa3441bb61e7bcef539a5ab57bb5767ee4b569c55896589acfea4cc80a49f04886e8d03a9508ee1ff97f3cfad04b97b7e533311aa25df641f8e531bd64e1

Download Submit
C:\Windows\system\jTKHVtD.exe

Filesize
6.0MB

MD5
e33962c45730ca10bfff95f350f1ca0f

SHA1
088431cc980bb6ead879a6ad2a7c5b43a8d65292

SHA256
9f876e659b9922d295658e7e186cb7aeb9a35fae9fa68d275d99e75309dc6109

SHA512
4366ed8e853e3b765018f6848fd3f6eb6d5d00dd8d3baef2d00a87a37c7dfec9d33b0efdbdac165f77c52d9d0272d26ecf74d33e5a31c39b849643d2aa52c32e

Download Submit
C:\Windows\system\ltamkym.exe

Filesize
6.0MB

MD5
3779c589347b684f34f2221dc8742e2a

SHA1
208fcb7bb31dac4ea1a034271b38ec0e390fc7f7

SHA256
074ffa2bf1b17aacd1fc9b8e42a3c5346049e6bfec2ef53fce938f2e78a33107

SHA512
220ec182179ac99c06a6d255b87db32b0c806eea858a10c51def73fc4e3e96fee2e9c1000461aa9fa5804175cc3528f0232cdac62c01ce5c30ed3fbd0372bdb7

Download Submit
C:\Windows\system\lzAvzyB.exe

Filesize
6.0MB

MD5
6af05512b173bf8e234a6c1c12efc530

SHA1
a9c0a532908c28d7bf4bf5c0ddb6c7f3507811d0

SHA256
81cd09963988edbbb91cc13fc0429a141e800901921ae42e05368207968a11c7

SHA512
3fb739794b2a41e2c91172ac9c0222038f419cef49ed7ea7e40ef833bde67002bc8df03d28af22d03b6212999c05de383b6fc2d7d88a12753f9fb883e63f7024

Download Submit
C:\Windows\system\nNhmMsv.exe

Filesize
6.0MB

MD5
7ea2f0a3368e41b14c1bb00957a6ebd7

SHA1
27424a15e3fd8a7168e8fba24ce2f35e60f855c0

SHA256
33cc58e4e0a2a197c33c9603ed66f4f9495591f1fc3ca26133d8315c787721ea

SHA512
550a0513aa46c90668741da26b0dcaa61c22c7d3c29818ef77d8bd35f9c0fb62a8d4c7a216fb85750dcf6282eb4249deeceb238e44953dc207cf8bd645ae634b

Download Submit
C:\Windows\system\pBspILw.exe

Filesize
6.0MB

MD5
fd912e8c640d6124914ed266768ba0b5

SHA1
75e963261a031e12c1599b245f4eca2e06f99c24

SHA256
bb921b312374922107202a94758386d95ee33ba5575dba25730b891d660a5aaf

SHA512
709a8c17d4bbe2f4126e3eff2c367bb10c0ffb41e98412e0f5ebcdba8cf212877e3734272fbbd9b73b8a28988a8841f23bc9c9784fbd946842e20e54f622ca9d

Download Submit
C:\Windows\system\pHIJUzq.exe

Filesize
6.0MB

MD5
af4ca86b8900a529809c031d69433946

SHA1
8b321db025e57781dec750a3c90ea940b244ed6c

SHA256
c0f2c8c7ae133faa93d7f479e988fe60e4e19d6d6b89760e7144c506a07ad2a5

SHA512
ede59c022fb0c07a1eb1d693b3af512906fb1b8d99b57bc7aaa1137c6503859e2419d556586169d367980a157b1f0cd5d5cd16a19057fa6f625e1f31cfbe4669

Download Submit
C:\Windows\system\pQNofTo.exe

Filesize
6.0MB

MD5
1b5f9a025c4a1214d9851a7ee8e69cf6

SHA1
cf3b7cf6cc5616f95b945fee4c889b9bded14512

SHA256
9ae97db4c2d60d6155f13607811c4818487e032cfa6bbea9b6b72e43c307e1ee

SHA512
cba954aa4dc2a0bb9495f77bfbfdee4988a578e0220efae0aa364534fd493c937422acc3d8130adb5751a23b7b9d0178d8424a32aaa98df5820eff3bad5cb67d

Download Submit
C:\Windows\system\tfrNdFb.exe

Filesize
6.0MB

MD5
0d87e88dd2b29d67ee9fa4006edf932e

SHA1
060a9cdfcbac7b008f39a94c7e44f8ab94171091

SHA256
015d3fb065277cf16341a8e2849759fc0768b56c71a52d3390222c8b8110d79b

SHA512
5c0d9b46f0a36601377706b5b89e19d011971dfff635e6ccfe63d191886794d88a39aa9d274f6fab75d2d61999c11c829cf10d97f20cf60f838d07dbde3c0a8f

Download Submit
C:\Windows\system\tzaywZV.exe

Filesize
6.0MB

MD5
a3393e6072e3d6fdab9a3b0f151c4453

SHA1
91ac180a2c08f8bbe9ba9eb72a06a74433102305

SHA256
d35270f86b6bbe6ccc7d29e08e6fcdb483735fbcd694ab666b7a170839404210

SHA512
6b6046a40830bd7a7d450b38315e11a7d4f1c91bc70953199be40bbea529129f60c43cd5af452ae0a963c39669da703bc1dc09bd55d2b7f26a5cf8b491fafc56

Download Submit
C:\Windows\system\uRKpumB.exe

Filesize
6.0MB

MD5
898804186434c6fef8006761426b0ba2

SHA1
6222a3a1d686bb65b9a06a0bcd4b908a37527007

SHA256
b97c46faa45d250d7ba37900e44b5026315a95a535829071ec3ae8dfe37527dc

SHA512
c8bc7529ea3303a6b3a9bcffed6e4fc142167e0b76fb4208f6ac0cd3a323d45e0f98714f9ad5fe92539d23d125be0d6a3efa0556908dc703d6fea8768f5ad7fb

Download Submit
C:\Windows\system\zlnNGDC.exe

Filesize
6.0MB

MD5
97c7c45c4f364877d104364d6bde1ae0

SHA1
feeb4086fc324b2f99179cbcc3fd4ed1fbcf1e3a

SHA256
888102d66a968de81da2f44a07197251e4de3b72ec267fd2f5f575974396019e

SHA512
016dd62ae9a7afd6ac832e93dec336ea5e8a5c68a343f637a151c9b7a8e0afd16e8bf6c1bbefeb5fee5da0de6819dbf95f03edd269cfc6bc7fa76be0df8b86ec

Download Submit
C:\Windows\system\zyEgPHt.exe

Filesize
6.0MB

MD5
c8075bda5bd6187858a4fa13bc2f22cf

SHA1
3d50d1175f9fd6ce8dc94349cc90ffe847ee3664

SHA256
9251e3ac36a00b460d4147516e147c42f29f72183389ea078f8e684ac5e2e12e

SHA512
5aa2b3f318b713dc61c3a3a8206ce08b5c90f46d54b21ef28bfdcff0ecb0a75160d8263cb1a668a27a8de1807959c863c230738feaca01a10b9e649006d29f3b

Download Submit
\Windows\system\BglGNEO.exe

Filesize
6.0MB

MD5
2df8dabcebf59b81c81376595cd4cd5d

SHA1
31698aec3035d266024860c674436826e6128b1f

SHA256
d5c13a847c22669e26885cb8b6f1c7be3c96e0f6247c78a0fd3e6f1f437b332b

SHA512
858969846dd710c2ce59bdaded4e50c43f8dfd6afb63b64948190613b73432a56de56d5b9c36ebdc40f9562a9ecae7cf099986ead7a97865916057d0b20b1c54

Download Submit
\Windows\system\CZEhUzc.exe

Filesize
6.0MB

MD5
8f43106109fd675c3965bd951d863b12

SHA1
17ab729d807ccb3c3a5a72614c04b7b83435afe3

SHA256
685a60c08e8d06b6bbdc315b4a8b085e96087a8de10a4e754d270228943bf667

SHA512
625d57fe0ac1bf087b0ce3148c0dcc3282a512522f2914b7d2ef87a58fe3df6ed3ceae812639ed5da96e91b1f94a59656ea161618c211e850307597d32017823

Download Submit
\Windows\system\lqwvkBJ.exe

Filesize
6.0MB

MD5
a6cfeb65e17caf1c3cd5d3637b35659e

SHA1
72097e636468400225d3a2f5c028f467f4bd564c

SHA256
795b6f8a4252bc4d4f53a96c508f2dd110f41c84f83d5f8aa80aefc753a41aae

SHA512
b82b5f3cb8008365e9c2cac684be3abb0756dc414daaae6c19eccfaebb652180195a334699d83ada16eac2ca80f017ffea03ca021dc67a4c13698617cf933ba7

Download Submit
\Windows\system\qBsoJSP.exe

Filesize
6.0MB

MD5
be9928694699dae822253b9a980de6b1

SHA1
7dbd3a1812b2d4ba395b97ff22c3ef3dcadf9b39

SHA256
8a8206f5f48da5179a803a8da57069a02449a4e276c0655dd0582a8f9cf18f5d

SHA512
81e2c294bbb27d9dc9fb1d5ddb950598ce5ba50226f6417161f107455dc8f770e880a54b8df2030a13250543d0f8815f4659b6c479692cd4902dbf380424e49a

Download Submit
memory/1516-262-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/1516-4176-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/1520-1006-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/1520-101-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/1520-4170-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-118-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-100-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2188-505-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2188-763-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-1226-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-1005-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2188-58-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2188-0-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2188-261-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2188-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2188-99-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2188-57-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2188-71-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2188-15-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-84-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2188-94-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2188-29-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2188-32-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2188-54-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2188-34-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2216-95-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-4174-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2424-85-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2424-4169-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2424-506-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2600-60-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-4175-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-102-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-48-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2628-4177-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2628-86-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2656-4166-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2656-113-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2656-65-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2692-4171-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2692-8-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2724-72-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2724-4173-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2724-35-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2784-64-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2784-109-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2784-4168-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2796-4165-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-59-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-21-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-19-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2876-61-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2876-4172-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2896-31-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2896-66-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2972-4167-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2972-83-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2972-40-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download