cobaltstrike | 71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25/12/2024, 13:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
Size

6.0MB
MD5

c7a58e9ecc8190f4697406e34deef8cc
SHA1

aaea78f743d0e2d52dd363d81a295afa83957184
SHA256

71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78
SHA512

3575c782c898152e808bfc2c4bea6122b45ee31f053b42acc6fd83c6aa47f77e211497e673c7f87af04f7279956df3331fd6e58a42f2907ac05c36d8b9516684
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUu:eOl56utgpPF8u/7u

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00090000000120f9-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d49-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016f45-25.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d71-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017342-30.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000191f8-66.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001921d-81.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019369-101.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019371-106.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001938e-121.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001945c-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958b-160.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-155.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001948d-150.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193f0-141.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193e6-136.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193d1-131.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193a8-126.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019382-116.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001937b-111.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019345-96.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019329-91.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019232-86.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019219-76.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019214-71.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000191df-61.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000191d1-56.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000191cf-51.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000017355-41.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001739f-46.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017349-36.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d5a-10.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 60 IoCs

miner

resource	yara_rule
behavioral1/memory/1904-0-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/files/0x00090000000120f9-6.dat	xmrig
behavioral1/files/0x0008000000016d49-11.dat	xmrig
behavioral1/files/0x0007000000016f45-25.dat	xmrig
behavioral1/files/0x0008000000016d71-21.dat	xmrig
behavioral1/files/0x0007000000017342-30.dat	xmrig
behavioral1/files/0x00060000000191f8-66.dat	xmrig
behavioral1/files/0x000600000001921d-81.dat	xmrig
behavioral1/files/0x0006000000019369-101.dat	xmrig
behavioral1/files/0x0006000000019371-106.dat	xmrig
behavioral1/files/0x000600000001938e-121.dat	xmrig
behavioral1/files/0x000600000001945c-146.dat	xmrig
behavioral1/memory/1904-1958-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2848-1957-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2564-1917-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2708-1876-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2808-1831-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2584-2032-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2696-2094-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/1904-2158-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2608-2157-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/files/0x000500000001958b-160.dat	xmrig
behavioral1/files/0x00050000000194e2-155.dat	xmrig
behavioral1/files/0x000600000001948d-150.dat	xmrig
behavioral1/files/0x00060000000193f0-141.dat	xmrig
behavioral1/files/0x00060000000193e6-136.dat	xmrig
behavioral1/files/0x00060000000193d1-131.dat	xmrig
behavioral1/files/0x00060000000193a8-126.dat	xmrig
behavioral1/files/0x0006000000019382-116.dat	xmrig
behavioral1/memory/2576-2224-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/files/0x000600000001937b-111.dat	xmrig
behavioral1/files/0x0006000000019345-96.dat	xmrig
behavioral1/files/0x0006000000019329-91.dat	xmrig
behavioral1/files/0x0006000000019232-86.dat	xmrig
behavioral1/files/0x0006000000019219-76.dat	xmrig
behavioral1/files/0x0006000000019214-71.dat	xmrig
behavioral1/files/0x00060000000191df-61.dat	xmrig
behavioral1/files/0x00060000000191d1-56.dat	xmrig
behavioral1/files/0x00060000000191cf-51.dat	xmrig
behavioral1/files/0x0009000000017355-41.dat	xmrig
behavioral1/files/0x000800000001739f-46.dat	xmrig
behavioral1/files/0x0007000000017349-36.dat	xmrig
behavioral1/files/0x0009000000016d5a-10.dat	xmrig
behavioral1/memory/2532-2262-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2224-2298-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/1904-2296-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2716-2319-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/1904-2714-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/1904-2849-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2808-2995-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2708-2999-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2848-3000-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2564-3021-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2576-3020-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2584-3019-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2224-3015-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2716-3011-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2696-3010-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2532-3008-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2608-3004-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2716	UTKERpC.exe
2808	BFDHKYn.exe
2708	UazONHl.exe
2564	YpQXwmX.exe
2848	xfaiIwG.exe
2584	lGpjWOM.exe
2696	UABsVrK.exe
2608	MjuOprU.exe
2576	ezCesmC.exe
2532	hsAYUhI.exe
2224	TsHUJZs.exe
1884	carNAem.exe
2884	QmRklnv.exe
2896	yRECwsv.exe
3028	HQBUlAN.exe
2156	PYVFyQI.exe
708	yRhLTfG.exe
1128	ZMDYsbz.exe
1392	HDxshXy.exe
800	ADGLovU.exe
684	RrESqLz.exe
1320	fAkdTLT.exe
2396	akEndBg.exe
2840	XxlqvDJ.exe
2816	SPelyWd.exe
2268	ERySbrf.exe
2136	ZvAsIbj.exe
2060	AVGKHyL.exe
2944	xkwBvSO.exe
2380	BQjQbBe.exe
1860	iADFnsK.exe
1364	VJDosqD.exe
2516	hDNPHrb.exe
1056	uAjBNAj.exe
1708	yoqIsHO.exe
2228	IcdcpcE.exe
2020	eZXgefQ.exe
1548	IRlPQwt.exe
2316	XdVcvzq.exe
2420	wvxmfcA.exe
1252	UfpQqAw.exe
1992	evwiXcB.exe
996	cVTcHDD.exe
376	cJpqHcN.exe
2000	DIzbtci.exe
1780	eScesXx.exe
1864	CqfBGqP.exe
2960	zJFQRIf.exe
1868	gnRGAXE.exe
1012	UwMoaxj.exe
696	kqhtkik.exe
892	ihyFUbH.exe
1432	IsqAfRX.exe
2480	vRRdaJZ.exe
1584	nICPSYx.exe
1592	xGAtdWM.exe
2800	jxBchbW.exe
2752	yWOnAYf.exe
2128	vKKzsDp.exe
2728	PmUIrxA.exe
2560	dThXqKM.exe
3040	PkETmDN.exe
3052	SYDTieN.exe
1832	iJrflhl.exe

Loads dropped DLL 64 IoCs

pid	Process
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe

UPX packed file 56 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1904-0-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/files/0x00090000000120f9-6.dat	upx
behavioral1/files/0x0008000000016d49-11.dat	upx
behavioral1/files/0x0007000000016f45-25.dat	upx
behavioral1/files/0x0008000000016d71-21.dat	upx
behavioral1/files/0x0007000000017342-30.dat	upx
behavioral1/files/0x00060000000191f8-66.dat	upx
behavioral1/files/0x000600000001921d-81.dat	upx
behavioral1/files/0x0006000000019369-101.dat	upx
behavioral1/files/0x0006000000019371-106.dat	upx
behavioral1/files/0x000600000001938e-121.dat	upx
behavioral1/files/0x000600000001945c-146.dat	upx
behavioral1/memory/2848-1957-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2564-1917-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2708-1876-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2808-1831-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2584-2032-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2696-2094-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2608-2157-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/files/0x000500000001958b-160.dat	upx
behavioral1/files/0x00050000000194e2-155.dat	upx
behavioral1/files/0x000600000001948d-150.dat	upx
behavioral1/files/0x00060000000193f0-141.dat	upx
behavioral1/files/0x00060000000193e6-136.dat	upx
behavioral1/files/0x00060000000193d1-131.dat	upx
behavioral1/files/0x00060000000193a8-126.dat	upx
behavioral1/files/0x0006000000019382-116.dat	upx
behavioral1/memory/2576-2224-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/files/0x000600000001937b-111.dat	upx
behavioral1/files/0x0006000000019345-96.dat	upx
behavioral1/files/0x0006000000019329-91.dat	upx
behavioral1/files/0x0006000000019232-86.dat	upx
behavioral1/files/0x0006000000019219-76.dat	upx
behavioral1/files/0x0006000000019214-71.dat	upx
behavioral1/files/0x00060000000191df-61.dat	upx
behavioral1/files/0x00060000000191d1-56.dat	upx
behavioral1/files/0x00060000000191cf-51.dat	upx
behavioral1/files/0x0009000000017355-41.dat	upx
behavioral1/files/0x000800000001739f-46.dat	upx
behavioral1/files/0x0007000000017349-36.dat	upx
behavioral1/files/0x0009000000016d5a-10.dat	upx
behavioral1/memory/2532-2262-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2224-2298-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2716-2319-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/1904-2714-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2808-2995-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2708-2999-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2848-3000-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2564-3021-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2576-3020-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2584-3019-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2224-3015-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2716-3011-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2696-3010-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2532-3008-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2608-3004-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JDktXCJ.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\dmwFEqz.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\TgAUxbf.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\bkeMLDe.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\biqcFXl.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\DyfhAye.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\UTKERpC.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\aNznyEF.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\QLWBgPe.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\rmXQmxD.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\hwhLhxT.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\yqlpKYk.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\rAizgOW.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\nBdFHFR.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\rsVHLnO.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\VkrkAvF.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\kZLEAhH.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\huEoYGr.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\IrUPrwW.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\hzBQLyc.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\ITCXaqT.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\nOVSSvD.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\NmGVLWO.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\mIEhkHq.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\hwbOKOd.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\BpjQPlQ.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\FJSvRTi.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\JSMFAYY.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\QUdRZlt.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\NwUZLVg.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\XIpNccw.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\TgZgIWT.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\QsyQYER.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\kiNJywG.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\oQmLSaF.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\XFTmkqQ.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\jsxyToX.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\pTeCCNh.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\XmlaMlU.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\uWRrYCj.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\SibnxgN.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\gnRGAXE.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\QQzHxwb.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\GWiMgAn.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\TKZRWIB.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\dNqQydV.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\ZFMetIk.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\mQoUVXx.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\zlLNPiP.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\atXVSDQ.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\WKItoZV.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\XFwuspE.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\WwWSPMD.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\YpQXwmX.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\OCcsakr.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\RrXXMEg.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\gWauvcb.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\hhLgTeE.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\bSSehUr.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\XRMjLEF.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\EBuiGfg.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\nTguLfe.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\mrtWDkX.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
File created	C:\Windows\System\LuIiSfE.exe	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1904 wrote to memory of 2716	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	32
PID 1904 wrote to memory of 2716	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	32
PID 1904 wrote to memory of 2716	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	32
PID 1904 wrote to memory of 2808	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	33
PID 1904 wrote to memory of 2808	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	33
PID 1904 wrote to memory of 2808	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	33
PID 1904 wrote to memory of 2708	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	34
PID 1904 wrote to memory of 2708	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	34
PID 1904 wrote to memory of 2708	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	34
PID 1904 wrote to memory of 2564	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	35
PID 1904 wrote to memory of 2564	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	35
PID 1904 wrote to memory of 2564	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	35
PID 1904 wrote to memory of 2848	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	36
PID 1904 wrote to memory of 2848	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	36
PID 1904 wrote to memory of 2848	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	36
PID 1904 wrote to memory of 2584	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	37
PID 1904 wrote to memory of 2584	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	37
PID 1904 wrote to memory of 2584	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	37
PID 1904 wrote to memory of 2696	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	38
PID 1904 wrote to memory of 2696	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	38
PID 1904 wrote to memory of 2696	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	38
PID 1904 wrote to memory of 2608	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	39
PID 1904 wrote to memory of 2608	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	39
PID 1904 wrote to memory of 2608	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	39
PID 1904 wrote to memory of 2576	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	40
PID 1904 wrote to memory of 2576	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	40
PID 1904 wrote to memory of 2576	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	40
PID 1904 wrote to memory of 2532	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	41
PID 1904 wrote to memory of 2532	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	41
PID 1904 wrote to memory of 2532	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	41
PID 1904 wrote to memory of 2224	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	42
PID 1904 wrote to memory of 2224	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	42
PID 1904 wrote to memory of 2224	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	42
PID 1904 wrote to memory of 1884	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	43
PID 1904 wrote to memory of 1884	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	43
PID 1904 wrote to memory of 1884	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	43
PID 1904 wrote to memory of 2884	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	44
PID 1904 wrote to memory of 2884	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	44
PID 1904 wrote to memory of 2884	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	44
PID 1904 wrote to memory of 2896	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	45
PID 1904 wrote to memory of 2896	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	45
PID 1904 wrote to memory of 2896	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	45
PID 1904 wrote to memory of 3028	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	46
PID 1904 wrote to memory of 3028	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	46
PID 1904 wrote to memory of 3028	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	46
PID 1904 wrote to memory of 2156	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	47
PID 1904 wrote to memory of 2156	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	47
PID 1904 wrote to memory of 2156	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	47
PID 1904 wrote to memory of 708	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	48
PID 1904 wrote to memory of 708	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	48
PID 1904 wrote to memory of 708	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	48
PID 1904 wrote to memory of 1128	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	49
PID 1904 wrote to memory of 1128	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	49
PID 1904 wrote to memory of 1128	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	49
PID 1904 wrote to memory of 1392	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	50
PID 1904 wrote to memory of 1392	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	50
PID 1904 wrote to memory of 1392	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	50
PID 1904 wrote to memory of 800	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	51
PID 1904 wrote to memory of 800	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	51
PID 1904 wrote to memory of 800	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	51
PID 1904 wrote to memory of 684	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	52
PID 1904 wrote to memory of 684	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	52
PID 1904 wrote to memory of 684	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	52
PID 1904 wrote to memory of 1320	1904	JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe	53

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_71f191388bd5e138733b4d64dc4d7223dac344d0ee95ffeaceced662e42d0c78.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1904
- C:\Windows\System\UTKERpC.exe
  C:\Windows\System\UTKERpC.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\BFDHKYn.exe
  C:\Windows\System\BFDHKYn.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\UazONHl.exe
  C:\Windows\System\UazONHl.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\YpQXwmX.exe
  C:\Windows\System\YpQXwmX.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\xfaiIwG.exe
  C:\Windows\System\xfaiIwG.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\lGpjWOM.exe
  C:\Windows\System\lGpjWOM.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\UABsVrK.exe
  C:\Windows\System\UABsVrK.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\MjuOprU.exe
  C:\Windows\System\MjuOprU.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\ezCesmC.exe
  C:\Windows\System\ezCesmC.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\hsAYUhI.exe
  C:\Windows\System\hsAYUhI.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\TsHUJZs.exe
  C:\Windows\System\TsHUJZs.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\carNAem.exe
  C:\Windows\System\carNAem.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\QmRklnv.exe
  C:\Windows\System\QmRklnv.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\yRECwsv.exe
  C:\Windows\System\yRECwsv.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\HQBUlAN.exe
  C:\Windows\System\HQBUlAN.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\PYVFyQI.exe
  C:\Windows\System\PYVFyQI.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\yRhLTfG.exe
  C:\Windows\System\yRhLTfG.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\ZMDYsbz.exe
  C:\Windows\System\ZMDYsbz.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\HDxshXy.exe
  C:\Windows\System\HDxshXy.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\ADGLovU.exe
  C:\Windows\System\ADGLovU.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\RrESqLz.exe
  C:\Windows\System\RrESqLz.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\fAkdTLT.exe
  C:\Windows\System\fAkdTLT.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\akEndBg.exe
  C:\Windows\System\akEndBg.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\XxlqvDJ.exe
  C:\Windows\System\XxlqvDJ.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\SPelyWd.exe
  C:\Windows\System\SPelyWd.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\ERySbrf.exe
  C:\Windows\System\ERySbrf.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\ZvAsIbj.exe
  C:\Windows\System\ZvAsIbj.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\AVGKHyL.exe
  C:\Windows\System\AVGKHyL.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\xkwBvSO.exe
  C:\Windows\System\xkwBvSO.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\BQjQbBe.exe
  C:\Windows\System\BQjQbBe.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\iADFnsK.exe
  C:\Windows\System\iADFnsK.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\VJDosqD.exe
  C:\Windows\System\VJDosqD.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\hDNPHrb.exe
  C:\Windows\System\hDNPHrb.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\uAjBNAj.exe
  C:\Windows\System\uAjBNAj.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\yoqIsHO.exe
  C:\Windows\System\yoqIsHO.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\IcdcpcE.exe
  C:\Windows\System\IcdcpcE.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\eZXgefQ.exe
  C:\Windows\System\eZXgefQ.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\IRlPQwt.exe
  C:\Windows\System\IRlPQwt.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\XdVcvzq.exe
  C:\Windows\System\XdVcvzq.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\wvxmfcA.exe
  C:\Windows\System\wvxmfcA.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\UfpQqAw.exe
  C:\Windows\System\UfpQqAw.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\evwiXcB.exe
  C:\Windows\System\evwiXcB.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\cVTcHDD.exe
  C:\Windows\System\cVTcHDD.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\cJpqHcN.exe
  C:\Windows\System\cJpqHcN.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\DIzbtci.exe
  C:\Windows\System\DIzbtci.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\eScesXx.exe
  C:\Windows\System\eScesXx.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\CqfBGqP.exe
  C:\Windows\System\CqfBGqP.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\zJFQRIf.exe
  C:\Windows\System\zJFQRIf.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\gnRGAXE.exe
  C:\Windows\System\gnRGAXE.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\UwMoaxj.exe
  C:\Windows\System\UwMoaxj.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\kqhtkik.exe
  C:\Windows\System\kqhtkik.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\ihyFUbH.exe
  C:\Windows\System\ihyFUbH.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\IsqAfRX.exe
  C:\Windows\System\IsqAfRX.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\vRRdaJZ.exe
  C:\Windows\System\vRRdaJZ.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\nICPSYx.exe
  C:\Windows\System\nICPSYx.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\xGAtdWM.exe
  C:\Windows\System\xGAtdWM.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\jxBchbW.exe
  C:\Windows\System\jxBchbW.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\yWOnAYf.exe
  C:\Windows\System\yWOnAYf.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\vKKzsDp.exe
  C:\Windows\System\vKKzsDp.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\PmUIrxA.exe
  C:\Windows\System\PmUIrxA.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\dThXqKM.exe
  C:\Windows\System\dThXqKM.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\PkETmDN.exe
  C:\Windows\System\PkETmDN.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\SYDTieN.exe
  C:\Windows\System\SYDTieN.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\iJrflhl.exe
  C:\Windows\System\iJrflhl.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\wLzwXtm.exe
  C:\Windows\System\wLzwXtm.exe
  2⤵
  PID:1800
- C:\Windows\System\snptMRD.exe
  C:\Windows\System\snptMRD.exe
  2⤵
  PID:2356
- C:\Windows\System\FgOZWAT.exe
  C:\Windows\System\FgOZWAT.exe
  2⤵
  PID:2068
- C:\Windows\System\WLKeORI.exe
  C:\Windows\System\WLKeORI.exe
  2⤵
  PID:2376
- C:\Windows\System\rhujHiE.exe
  C:\Windows\System\rhujHiE.exe
  2⤵
  PID:2384
- C:\Windows\System\OLoAeAN.exe
  C:\Windows\System\OLoAeAN.exe
  2⤵
  PID:2736
- C:\Windows\System\NTcSbMf.exe
  C:\Windows\System\NTcSbMf.exe
  2⤵
  PID:1568
- C:\Windows\System\XRMjLEF.exe
  C:\Windows\System\XRMjLEF.exe
  2⤵
  PID:2160
- C:\Windows\System\dkxMPns.exe
  C:\Windows\System\dkxMPns.exe
  2⤵
  PID:1792
- C:\Windows\System\dTzXQXc.exe
  C:\Windows\System\dTzXQXc.exe
  2⤵
  PID:2092
- C:\Windows\System\RsbdbVS.exe
  C:\Windows\System\RsbdbVS.exe
  2⤵
  PID:2180
- C:\Windows\System\xGuszkY.exe
  C:\Windows\System\xGuszkY.exe
  2⤵
  PID:3004
- C:\Windows\System\TKapZSt.exe
  C:\Windows\System\TKapZSt.exe
  2⤵
  PID:1496
- C:\Windows\System\OTYEwaJ.exe
  C:\Windows\System\OTYEwaJ.exe
  2⤵
  PID:2980
- C:\Windows\System\aNznyEF.exe
  C:\Windows\System\aNznyEF.exe
  2⤵
  PID:1872
- C:\Windows\System\YDhGUZP.exe
  C:\Windows\System\YDhGUZP.exe
  2⤵
  PID:1040
- C:\Windows\System\SpaGoot.exe
  C:\Windows\System\SpaGoot.exe
  2⤵
  PID:272
- C:\Windows\System\yeEqLxg.exe
  C:\Windows\System\yeEqLxg.exe
  2⤵
  PID:2080
- C:\Windows\System\tvAkdqQ.exe
  C:\Windows\System\tvAkdqQ.exe
  2⤵
  PID:2100
- C:\Windows\System\BrCYzwe.exe
  C:\Windows\System\BrCYzwe.exe
  2⤵
  PID:112
- C:\Windows\System\aZjFxFp.exe
  C:\Windows\System\aZjFxFp.exe
  2⤵
  PID:2332
- C:\Windows\System\gWnZRxL.exe
  C:\Windows\System\gWnZRxL.exe
  2⤵
  PID:3024
- C:\Windows\System\hwcZCXN.exe
  C:\Windows\System\hwcZCXN.exe
  2⤵
  PID:904
- C:\Windows\System\oDxqmpQ.exe
  C:\Windows\System\oDxqmpQ.exe
  2⤵
  PID:2484
- C:\Windows\System\TdTrMdT.exe
  C:\Windows\System\TdTrMdT.exe
  2⤵
  PID:2704
- C:\Windows\System\cJCJNMC.exe
  C:\Windows\System\cJCJNMC.exe
  2⤵
  PID:2796
- C:\Windows\System\TtfKtUs.exe
  C:\Windows\System\TtfKtUs.exe
  2⤵
  PID:2688
- C:\Windows\System\eSLxhhQ.exe
  C:\Windows\System\eSLxhhQ.exe
  2⤵
  PID:2876
- C:\Windows\System\FkTOUTd.exe
  C:\Windows\System\FkTOUTd.exe
  2⤵
  PID:2624
- C:\Windows\System\iSsXiMD.exe
  C:\Windows\System\iSsXiMD.exe
  2⤵
  PID:2924
- C:\Windows\System\FCyvKMi.exe
  C:\Windows\System\FCyvKMi.exe
  2⤵
  PID:3020
- C:\Windows\System\frxDZjG.exe
  C:\Windows\System\frxDZjG.exe
  2⤵
  PID:1664
- C:\Windows\System\uxtnwaT.exe
  C:\Windows\System\uxtnwaT.exe
  2⤵
  PID:2240
- C:\Windows\System\IxtkjpA.exe
  C:\Windows\System\IxtkjpA.exe
  2⤵
  PID:528
- C:\Windows\System\eAsYAQJ.exe
  C:\Windows\System\eAsYAQJ.exe
  2⤵
  PID:2648
- C:\Windows\System\oQmLSaF.exe
  C:\Windows\System\oQmLSaF.exe
  2⤵
  PID:1892
- C:\Windows\System\pUyEHfJ.exe
  C:\Windows\System\pUyEHfJ.exe
  2⤵
  PID:712
- C:\Windows\System\LoKMatu.exe
  C:\Windows\System\LoKMatu.exe
  2⤵
  PID:1256
- C:\Windows\System\QIRNqMx.exe
  C:\Windows\System\QIRNqMx.exe
  2⤵
  PID:2996
- C:\Windows\System\SQaAohV.exe
  C:\Windows\System\SQaAohV.exe
  2⤵
  PID:564
- C:\Windows\System\bksUGqD.exe
  C:\Windows\System\bksUGqD.exe
  2⤵
  PID:1632
- C:\Windows\System\Gvpgpgx.exe
  C:\Windows\System\Gvpgpgx.exe
  2⤵
  PID:1852
- C:\Windows\System\vKnMPoJ.exe
  C:\Windows\System\vKnMPoJ.exe
  2⤵
  PID:2340
- C:\Windows\System\VlpvfbE.exe
  C:\Windows\System\VlpvfbE.exe
  2⤵
  PID:3012
- C:\Windows\System\EjOapQo.exe
  C:\Windows\System\EjOapQo.exe
  2⤵
  PID:1588
- C:\Windows\System\eXIWten.exe
  C:\Windows\System\eXIWten.exe
  2⤵
  PID:2940
- C:\Windows\System\HWMEtwr.exe
  C:\Windows\System\HWMEtwr.exe
  2⤵
  PID:2956
- C:\Windows\System\VkrkAvF.exe
  C:\Windows\System\VkrkAvF.exe
  2⤵
  PID:2680
- C:\Windows\System\hYcxIGe.exe
  C:\Windows\System\hYcxIGe.exe
  2⤵
  PID:1716
- C:\Windows\System\IJdzBnl.exe
  C:\Windows\System\IJdzBnl.exe
  2⤵
  PID:2868
- C:\Windows\System\VqQjUVz.exe
  C:\Windows\System\VqQjUVz.exe
  2⤵
  PID:1640
- C:\Windows\System\ImxKeLg.exe
  C:\Windows\System\ImxKeLg.exe
  2⤵
  PID:1784
- C:\Windows\System\NbaCEtN.exe
  C:\Windows\System\NbaCEtN.exe
  2⤵
  PID:1980
- C:\Windows\System\CguysXh.exe
  C:\Windows\System\CguysXh.exe
  2⤵
  PID:2120
- C:\Windows\System\uUHLlzI.exe
  C:\Windows\System\uUHLlzI.exe
  2⤵
  PID:1692
- C:\Windows\System\FfIjnQT.exe
  C:\Windows\System\FfIjnQT.exe
  2⤵
  PID:2328
- C:\Windows\System\UCeAkeU.exe
  C:\Windows\System\UCeAkeU.exe
  2⤵
  PID:1688
- C:\Windows\System\iKDJsiw.exe
  C:\Windows\System\iKDJsiw.exe
  2⤵
  PID:2344
- C:\Windows\System\VxfUeKQ.exe
  C:\Windows\System\VxfUeKQ.exe
  2⤵
  PID:2692
- C:\Windows\System\CbOJSGj.exe
  C:\Windows\System\CbOJSGj.exe
  2⤵
  PID:3076
- C:\Windows\System\xvoKvaY.exe
  C:\Windows\System\xvoKvaY.exe
  2⤵
  PID:3092
- C:\Windows\System\syqgXkb.exe
  C:\Windows\System\syqgXkb.exe
  2⤵
  PID:3116
- C:\Windows\System\LgstAlk.exe
  C:\Windows\System\LgstAlk.exe
  2⤵
  PID:3136
- C:\Windows\System\pjTOdgf.exe
  C:\Windows\System\pjTOdgf.exe
  2⤵
  PID:3156
- C:\Windows\System\gWJMLvJ.exe
  C:\Windows\System\gWJMLvJ.exe
  2⤵
  PID:3176
- C:\Windows\System\pSrSmtc.exe
  C:\Windows\System\pSrSmtc.exe
  2⤵
  PID:3196
- C:\Windows\System\FUMaToj.exe
  C:\Windows\System\FUMaToj.exe
  2⤵
  PID:3216
- C:\Windows\System\tQNOiGY.exe
  C:\Windows\System\tQNOiGY.exe
  2⤵
  PID:3236
- C:\Windows\System\EBuiGfg.exe
  C:\Windows\System\EBuiGfg.exe
  2⤵
  PID:3256
- C:\Windows\System\gFDOcAB.exe
  C:\Windows\System\gFDOcAB.exe
  2⤵
  PID:3276
- C:\Windows\System\mmApOfk.exe
  C:\Windows\System\mmApOfk.exe
  2⤵
  PID:3296
- C:\Windows\System\QswKsoU.exe
  C:\Windows\System\QswKsoU.exe
  2⤵
  PID:3316
- C:\Windows\System\FIVukKY.exe
  C:\Windows\System\FIVukKY.exe
  2⤵
  PID:3332
- C:\Windows\System\PfSontm.exe
  C:\Windows\System\PfSontm.exe
  2⤵
  PID:3348
- C:\Windows\System\hyNoqjS.exe
  C:\Windows\System\hyNoqjS.exe
  2⤵
  PID:3372
- C:\Windows\System\LeXYDkd.exe
  C:\Windows\System\LeXYDkd.exe
  2⤵
  PID:3392
- C:\Windows\System\zfxllKf.exe
  C:\Windows\System\zfxllKf.exe
  2⤵
  PID:3416
- C:\Windows\System\aAQIeSN.exe
  C:\Windows\System\aAQIeSN.exe
  2⤵
  PID:3436
- C:\Windows\System\pHPGZup.exe
  C:\Windows\System\pHPGZup.exe
  2⤵
  PID:3456
- C:\Windows\System\rnQNJCX.exe
  C:\Windows\System\rnQNJCX.exe
  2⤵
  PID:3476
- C:\Windows\System\atsNver.exe
  C:\Windows\System\atsNver.exe
  2⤵
  PID:3492
- C:\Windows\System\miRmtbb.exe
  C:\Windows\System\miRmtbb.exe
  2⤵
  PID:3512
- C:\Windows\System\pxXnliX.exe
  C:\Windows\System\pxXnliX.exe
  2⤵
  PID:3536
- C:\Windows\System\BDohMQT.exe
  C:\Windows\System\BDohMQT.exe
  2⤵
  PID:3556
- C:\Windows\System\cFUDoiR.exe
  C:\Windows\System\cFUDoiR.exe
  2⤵
  PID:3576
- C:\Windows\System\GXPmWyu.exe
  C:\Windows\System\GXPmWyu.exe
  2⤵
  PID:3592
- C:\Windows\System\nnBcine.exe
  C:\Windows\System\nnBcine.exe
  2⤵
  PID:3616
- C:\Windows\System\PndVBCL.exe
  C:\Windows\System\PndVBCL.exe
  2⤵
  PID:3636
- C:\Windows\System\jyECRhT.exe
  C:\Windows\System\jyECRhT.exe
  2⤵
  PID:3656
- C:\Windows\System\tXIfXLi.exe
  C:\Windows\System\tXIfXLi.exe
  2⤵
  PID:3672
- C:\Windows\System\OxRKZJa.exe
  C:\Windows\System\OxRKZJa.exe
  2⤵
  PID:3696
- C:\Windows\System\dDdUxWt.exe
  C:\Windows\System\dDdUxWt.exe
  2⤵
  PID:3716
- C:\Windows\System\IWJmgnh.exe
  C:\Windows\System\IWJmgnh.exe
  2⤵
  PID:3736
- C:\Windows\System\kAuKYBg.exe
  C:\Windows\System\kAuKYBg.exe
  2⤵
  PID:3756
- C:\Windows\System\AMaioGw.exe
  C:\Windows\System\AMaioGw.exe
  2⤵
  PID:3776
- C:\Windows\System\gSWZrgP.exe
  C:\Windows\System\gSWZrgP.exe
  2⤵
  PID:3792
- C:\Windows\System\UeJfznV.exe
  C:\Windows\System\UeJfznV.exe
  2⤵
  PID:3816
- C:\Windows\System\jHiygGq.exe
  C:\Windows\System\jHiygGq.exe
  2⤵
  PID:3836
- C:\Windows\System\tHhLpMS.exe
  C:\Windows\System\tHhLpMS.exe
  2⤵
  PID:3856
- C:\Windows\System\xDkvlOl.exe
  C:\Windows\System\xDkvlOl.exe
  2⤵
  PID:3872
- C:\Windows\System\flrOYnD.exe
  C:\Windows\System\flrOYnD.exe
  2⤵
  PID:3896
- C:\Windows\System\nTguLfe.exe
  C:\Windows\System\nTguLfe.exe
  2⤵
  PID:3916
- C:\Windows\System\mrtWDkX.exe
  C:\Windows\System\mrtWDkX.exe
  2⤵
  PID:3932
- C:\Windows\System\BWeByxQ.exe
  C:\Windows\System\BWeByxQ.exe
  2⤵
  PID:3948
- C:\Windows\System\rgJwESh.exe
  C:\Windows\System\rgJwESh.exe
  2⤵
  PID:3972
- C:\Windows\System\ZASILnx.exe
  C:\Windows\System\ZASILnx.exe
  2⤵
  PID:3996
- C:\Windows\System\MJjuMZn.exe
  C:\Windows\System\MJjuMZn.exe
  2⤵
  PID:4012
- C:\Windows\System\jcfJwjG.exe
  C:\Windows\System\jcfJwjG.exe
  2⤵
  PID:4032
- C:\Windows\System\jTZgtzz.exe
  C:\Windows\System\jTZgtzz.exe
  2⤵
  PID:4056
- C:\Windows\System\GolEIyO.exe
  C:\Windows\System\GolEIyO.exe
  2⤵
  PID:4076
- C:\Windows\System\kZLEAhH.exe
  C:\Windows\System\kZLEAhH.exe
  2⤵
  PID:2596
- C:\Windows\System\pZIODuv.exe
  C:\Windows\System\pZIODuv.exe
  2⤵
  PID:2188
- C:\Windows\System\zehFBzo.exe
  C:\Windows\System\zehFBzo.exe
  2⤵
  PID:444
- C:\Windows\System\XIpNccw.exe
  C:\Windows\System\XIpNccw.exe
  2⤵
  PID:2164
- C:\Windows\System\waGDMwK.exe
  C:\Windows\System\waGDMwK.exe
  2⤵
  PID:1544
- C:\Windows\System\XYNjZup.exe
  C:\Windows\System\XYNjZup.exe
  2⤵
  PID:1200
- C:\Windows\System\FLVLdUX.exe
  C:\Windows\System\FLVLdUX.exe
  2⤵
  PID:1728
- C:\Windows\System\CnJfbif.exe
  C:\Windows\System\CnJfbif.exe
  2⤵
  PID:3108
- C:\Windows\System\UzEBhMm.exe
  C:\Windows\System\UzEBhMm.exe
  2⤵
  PID:3152
- C:\Windows\System\fmTbaBT.exe
  C:\Windows\System\fmTbaBT.exe
  2⤵
  PID:3124
- C:\Windows\System\wzoJGDi.exe
  C:\Windows\System\wzoJGDi.exe
  2⤵
  PID:3188
- C:\Windows\System\UpHCkcn.exe
  C:\Windows\System\UpHCkcn.exe
  2⤵
  PID:3204
- C:\Windows\System\edXHVZZ.exe
  C:\Windows\System\edXHVZZ.exe
  2⤵
  PID:3264
- C:\Windows\System\hrsDPHN.exe
  C:\Windows\System\hrsDPHN.exe
  2⤵
  PID:3292
- C:\Windows\System\fnWfoyo.exe
  C:\Windows\System\fnWfoyo.exe
  2⤵
  PID:3344
- C:\Windows\System\BQRFtut.exe
  C:\Windows\System\BQRFtut.exe
  2⤵
  PID:3360
- C:\Windows\System\wPboxqS.exe
  C:\Windows\System\wPboxqS.exe
  2⤵
  PID:3384
- C:\Windows\System\PLFfYTG.exe
  C:\Windows\System\PLFfYTG.exe
  2⤵
  PID:3432
- C:\Windows\System\wRNldSz.exe
  C:\Windows\System\wRNldSz.exe
  2⤵
  PID:3448
- C:\Windows\System\YTcpbuH.exe
  C:\Windows\System\YTcpbuH.exe
  2⤵
  PID:3504
- C:\Windows\System\rNYqQEA.exe
  C:\Windows\System\rNYqQEA.exe
  2⤵
  PID:3552
- C:\Windows\System\EpmmhpX.exe
  C:\Windows\System\EpmmhpX.exe
  2⤵
  PID:3564
- C:\Windows\System\nPhANxF.exe
  C:\Windows\System\nPhANxF.exe
  2⤵
  PID:3624
- C:\Windows\System\hRUJwON.exe
  C:\Windows\System\hRUJwON.exe
  2⤵
  PID:3632
- C:\Windows\System\zZZolHM.exe
  C:\Windows\System\zZZolHM.exe
  2⤵
  PID:3652
- C:\Windows\System\OCcsakr.exe
  C:\Windows\System\OCcsakr.exe
  2⤵
  PID:3704
- C:\Windows\System\EgCBTqw.exe
  C:\Windows\System\EgCBTqw.exe
  2⤵
  PID:3732
- C:\Windows\System\GpUgrDx.exe
  C:\Windows\System\GpUgrDx.exe
  2⤵
  PID:3764
- C:\Windows\System\UWrqFKL.exe
  C:\Windows\System\UWrqFKL.exe
  2⤵
  PID:3800
- C:\Windows\System\SZlIyld.exe
  C:\Windows\System\SZlIyld.exe
  2⤵
  PID:3828
- C:\Windows\System\RDUgppX.exe
  C:\Windows\System\RDUgppX.exe
  2⤵
  PID:3852
- C:\Windows\System\vEaLiTJ.exe
  C:\Windows\System\vEaLiTJ.exe
  2⤵
  PID:3888
- C:\Windows\System\cEIiOtw.exe
  C:\Windows\System\cEIiOtw.exe
  2⤵
  PID:3924
- C:\Windows\System\xIPnXrJ.exe
  C:\Windows\System\xIPnXrJ.exe
  2⤵
  PID:3992
- C:\Windows\System\eDMBMqk.exe
  C:\Windows\System\eDMBMqk.exe
  2⤵
  PID:3968
- C:\Windows\System\HLsZkcf.exe
  C:\Windows\System\HLsZkcf.exe
  2⤵
  PID:4008
- C:\Windows\System\DBRUFAo.exe
  C:\Windows\System\DBRUFAo.exe
  2⤵
  PID:4004
- C:\Windows\System\qhfmKNj.exe
  C:\Windows\System\qhfmKNj.exe
  2⤵
  PID:4088
- C:\Windows\System\QyNsXEi.exe
  C:\Windows\System\QyNsXEi.exe
  2⤵
  PID:956
- C:\Windows\System\HIQgobU.exe
  C:\Windows\System\HIQgobU.exe
  2⤵
  PID:2444
- C:\Windows\System\RTcIjhp.exe
  C:\Windows\System\RTcIjhp.exe
  2⤵
  PID:2700
- C:\Windows\System\hgvTwPw.exe
  C:\Windows\System\hgvTwPw.exe
  2⤵
  PID:568
- C:\Windows\System\QLWBgPe.exe
  C:\Windows\System\QLWBgPe.exe
  2⤵
  PID:3088
- C:\Windows\System\gGycFXD.exe
  C:\Windows\System\gGycFXD.exe
  2⤵
  PID:3232
- C:\Windows\System\MyTUSCN.exe
  C:\Windows\System\MyTUSCN.exe
  2⤵
  PID:3244
- C:\Windows\System\trYNkJk.exe
  C:\Windows\System\trYNkJk.exe
  2⤵
  PID:3328
- C:\Windows\System\NGCplXd.exe
  C:\Windows\System\NGCplXd.exe
  2⤵
  PID:3308
- C:\Windows\System\pCJCbkH.exe
  C:\Windows\System\pCJCbkH.exe
  2⤵
  PID:3388
- C:\Windows\System\LJjosGq.exe
  C:\Windows\System\LJjosGq.exe
  2⤵
  PID:3500
- C:\Windows\System\Xraqhpw.exe
  C:\Windows\System\Xraqhpw.exe
  2⤵
  PID:3484
- C:\Windows\System\ubDcFBT.exe
  C:\Windows\System\ubDcFBT.exe
  2⤵
  PID:3588
- C:\Windows\System\VXPPKmR.exe
  C:\Windows\System\VXPPKmR.exe
  2⤵
  PID:3644
- C:\Windows\System\GHKQiLD.exe
  C:\Windows\System\GHKQiLD.exe
  2⤵
  PID:3692
- C:\Windows\System\OijQywn.exe
  C:\Windows\System\OijQywn.exe
  2⤵
  PID:3812
- C:\Windows\System\voXzZOy.exe
  C:\Windows\System\voXzZOy.exe
  2⤵
  PID:3832
- C:\Windows\System\fmApuvJ.exe
  C:\Windows\System\fmApuvJ.exe
  2⤵
  PID:3908
- C:\Windows\System\DtTYCVN.exe
  C:\Windows\System\DtTYCVN.exe
  2⤵
  PID:3884
- C:\Windows\System\DyKkoNI.exe
  C:\Windows\System\DyKkoNI.exe
  2⤵
  PID:4024
- C:\Windows\System\eXziJzC.exe
  C:\Windows\System\eXziJzC.exe
  2⤵
  PID:4068
- C:\Windows\System\muFHNLq.exe
  C:\Windows\System\muFHNLq.exe
  2⤵
  PID:4084
- C:\Windows\System\AtKXgOP.exe
  C:\Windows\System\AtKXgOP.exe
  2⤵
  PID:2856
- C:\Windows\System\CjBgQFo.exe
  C:\Windows\System\CjBgQFo.exe
  2⤵
  PID:1068
- C:\Windows\System\huEoYGr.exe
  C:\Windows\System\huEoYGr.exe
  2⤵
  PID:3112
- C:\Windows\System\XUoqNRv.exe
  C:\Windows\System\XUoqNRv.exe
  2⤵
  PID:3284
- C:\Windows\System\RIKMAnB.exe
  C:\Windows\System\RIKMAnB.exe
  2⤵
  PID:3404
- C:\Windows\System\zYIInxD.exe
  C:\Windows\System\zYIInxD.exe
  2⤵
  PID:3468
- C:\Windows\System\NCAFZaN.exe
  C:\Windows\System\NCAFZaN.exe
  2⤵
  PID:3444
- C:\Windows\System\fkctyGA.exe
  C:\Windows\System\fkctyGA.exe
  2⤵
  PID:3608
- C:\Windows\System\WJTaYeD.exe
  C:\Windows\System\WJTaYeD.exe
  2⤵
  PID:3752
- C:\Windows\System\uECtLWo.exe
  C:\Windows\System\uECtLWo.exe
  2⤵
  PID:3904
- C:\Windows\System\SlTryPK.exe
  C:\Windows\System\SlTryPK.exe
  2⤵
  PID:4116
- C:\Windows\System\WhhlFKB.exe
  C:\Windows\System\WhhlFKB.exe
  2⤵
  PID:4136
- C:\Windows\System\WaPKomv.exe
  C:\Windows\System\WaPKomv.exe
  2⤵
  PID:4156
- C:\Windows\System\caBOpVp.exe
  C:\Windows\System\caBOpVp.exe
  2⤵
  PID:4172
- C:\Windows\System\JIvqWZL.exe
  C:\Windows\System\JIvqWZL.exe
  2⤵
  PID:4196
- C:\Windows\System\ZZWOkhb.exe
  C:\Windows\System\ZZWOkhb.exe
  2⤵
  PID:4216
- C:\Windows\System\pbhhYHH.exe
  C:\Windows\System\pbhhYHH.exe
  2⤵
  PID:4232
- C:\Windows\System\srUuvre.exe
  C:\Windows\System\srUuvre.exe
  2⤵
  PID:4256
- C:\Windows\System\Puubhqh.exe
  C:\Windows\System\Puubhqh.exe
  2⤵
  PID:4276
- C:\Windows\System\jBwoOhC.exe
  C:\Windows\System\jBwoOhC.exe
  2⤵
  PID:4296
- C:\Windows\System\iGnfEUM.exe
  C:\Windows\System\iGnfEUM.exe
  2⤵
  PID:4316
- C:\Windows\System\PBXfkWG.exe
  C:\Windows\System\PBXfkWG.exe
  2⤵
  PID:4336
- C:\Windows\System\DEtSqDh.exe
  C:\Windows\System\DEtSqDh.exe
  2⤵
  PID:4356
- C:\Windows\System\pmkfxeb.exe
  C:\Windows\System\pmkfxeb.exe
  2⤵
  PID:4372
- C:\Windows\System\TgAUxbf.exe
  C:\Windows\System\TgAUxbf.exe
  2⤵
  PID:4396
- C:\Windows\System\HWzARdJ.exe
  C:\Windows\System\HWzARdJ.exe
  2⤵
  PID:4416
- C:\Windows\System\MvLIMOG.exe
  C:\Windows\System\MvLIMOG.exe
  2⤵
  PID:4436
- C:\Windows\System\rmXQmxD.exe
  C:\Windows\System\rmXQmxD.exe
  2⤵
  PID:4452
- C:\Windows\System\dPTspxr.exe
  C:\Windows\System\dPTspxr.exe
  2⤵
  PID:4472
- C:\Windows\System\bMTkYYP.exe
  C:\Windows\System\bMTkYYP.exe
  2⤵
  PID:4496
- C:\Windows\System\MbIdlwe.exe
  C:\Windows\System\MbIdlwe.exe
  2⤵
  PID:4520
- C:\Windows\System\soFGMUx.exe
  C:\Windows\System\soFGMUx.exe
  2⤵
  PID:4536
- C:\Windows\System\wLDfTUV.exe
  C:\Windows\System\wLDfTUV.exe
  2⤵
  PID:4556
- C:\Windows\System\wUQdXIk.exe
  C:\Windows\System\wUQdXIk.exe
  2⤵
  PID:4580
- C:\Windows\System\eclmEjH.exe
  C:\Windows\System\eclmEjH.exe
  2⤵
  PID:4600
- C:\Windows\System\TgZgIWT.exe
  C:\Windows\System\TgZgIWT.exe
  2⤵
  PID:4620
- C:\Windows\System\PNOOdaO.exe
  C:\Windows\System\PNOOdaO.exe
  2⤵
  PID:4640
- C:\Windows\System\gUtMQXL.exe
  C:\Windows\System\gUtMQXL.exe
  2⤵
  PID:4656
- C:\Windows\System\iSRpznl.exe
  C:\Windows\System\iSRpznl.exe
  2⤵
  PID:4676
- C:\Windows\System\fKrerxw.exe
  C:\Windows\System\fKrerxw.exe
  2⤵
  PID:4700
- C:\Windows\System\IWpkxXJ.exe
  C:\Windows\System\IWpkxXJ.exe
  2⤵
  PID:4720
- C:\Windows\System\LkCUjMe.exe
  C:\Windows\System\LkCUjMe.exe
  2⤵
  PID:4736
- C:\Windows\System\LBxfaME.exe
  C:\Windows\System\LBxfaME.exe
  2⤵
  PID:4760
- C:\Windows\System\toHuhbu.exe
  C:\Windows\System\toHuhbu.exe
  2⤵
  PID:4780
- C:\Windows\System\MarYTQg.exe
  C:\Windows\System\MarYTQg.exe
  2⤵
  PID:4800
- C:\Windows\System\wMljHUS.exe
  C:\Windows\System\wMljHUS.exe
  2⤵
  PID:4820
- C:\Windows\System\QnixFSR.exe
  C:\Windows\System\QnixFSR.exe
  2⤵
  PID:4840
- C:\Windows\System\izPXbGW.exe
  C:\Windows\System\izPXbGW.exe
  2⤵
  PID:4860
- C:\Windows\System\ksLmXOG.exe
  C:\Windows\System\ksLmXOG.exe
  2⤵
  PID:4880
- C:\Windows\System\gjoqUVj.exe
  C:\Windows\System\gjoqUVj.exe
  2⤵
  PID:4900
- C:\Windows\System\MffWebb.exe
  C:\Windows\System\MffWebb.exe
  2⤵
  PID:4920
- C:\Windows\System\KTOLlle.exe
  C:\Windows\System\KTOLlle.exe
  2⤵
  PID:4940
- C:\Windows\System\riyEBbv.exe
  C:\Windows\System\riyEBbv.exe
  2⤵
  PID:4960
- C:\Windows\System\MOplSpT.exe
  C:\Windows\System\MOplSpT.exe
  2⤵
  PID:4976
- C:\Windows\System\UMimQlg.exe
  C:\Windows\System\UMimQlg.exe
  2⤵
  PID:5000
- C:\Windows\System\dACioqB.exe
  C:\Windows\System\dACioqB.exe
  2⤵
  PID:5016
- C:\Windows\System\txRATru.exe
  C:\Windows\System\txRATru.exe
  2⤵
  PID:5040
- C:\Windows\System\HxLlqbF.exe
  C:\Windows\System\HxLlqbF.exe
  2⤵
  PID:5060
- C:\Windows\System\FAfzGAy.exe
  C:\Windows\System\FAfzGAy.exe
  2⤵
  PID:5080
- C:\Windows\System\qgBoMln.exe
  C:\Windows\System\qgBoMln.exe
  2⤵
  PID:5100
- C:\Windows\System\tDVugPV.exe
  C:\Windows\System\tDVugPV.exe
  2⤵
  PID:5116
- C:\Windows\System\rcoeiZl.exe
  C:\Windows\System\rcoeiZl.exe
  2⤵
  PID:3844
- C:\Windows\System\KKqkbiG.exe
  C:\Windows\System\KKqkbiG.exe
  2⤵
  PID:3960
- C:\Windows\System\JDktXCJ.exe
  C:\Windows\System\JDktXCJ.exe
  2⤵
  PID:3964
- C:\Windows\System\hwhLhxT.exe
  C:\Windows\System\hwhLhxT.exe
  2⤵
  PID:1756
- C:\Windows\System\QSULOpw.exe
  C:\Windows\System\QSULOpw.exe
  2⤵
  PID:3172
- C:\Windows\System\QFVHJkg.exe
  C:\Windows\System\QFVHJkg.exe
  2⤵
  PID:3312
- C:\Windows\System\rwjlhgP.exe
  C:\Windows\System\rwjlhgP.exe
  2⤵
  PID:3524
- C:\Windows\System\KXnBqKT.exe
  C:\Windows\System\KXnBqKT.exe
  2⤵
  PID:3748
- C:\Windows\System\MIcPnHo.exe
  C:\Windows\System\MIcPnHo.exe
  2⤵
  PID:3728
- C:\Windows\System\zXHaASZ.exe
  C:\Windows\System\zXHaASZ.exe
  2⤵
  PID:4108
- C:\Windows\System\KeaAtGi.exe
  C:\Windows\System\KeaAtGi.exe
  2⤵
  PID:4168
- C:\Windows\System\hhTkMld.exe
  C:\Windows\System\hhTkMld.exe
  2⤵
  PID:4180
- C:\Windows\System\htAMXrP.exe
  C:\Windows\System\htAMXrP.exe
  2⤵
  PID:4208
- C:\Windows\System\mxRmver.exe
  C:\Windows\System\mxRmver.exe
  2⤵
  PID:4248
- C:\Windows\System\FcmnhkW.exe
  C:\Windows\System\FcmnhkW.exe
  2⤵
  PID:4288
- C:\Windows\System\NZPdVuc.exe
  C:\Windows\System\NZPdVuc.exe
  2⤵
  PID:4332
- C:\Windows\System\WcfTQOv.exe
  C:\Windows\System\WcfTQOv.exe
  2⤵
  PID:4348
- C:\Windows\System\WIPIMRT.exe
  C:\Windows\System\WIPIMRT.exe
  2⤵
  PID:4380
- C:\Windows\System\HjkRBCw.exe
  C:\Windows\System\HjkRBCw.exe
  2⤵
  PID:4448
- C:\Windows\System\WCjyTRG.exe
  C:\Windows\System\WCjyTRG.exe
  2⤵
  PID:4480
- C:\Windows\System\DLQlAIL.exe
  C:\Windows\System\DLQlAIL.exe
  2⤵
  PID:4488
- C:\Windows\System\VCGlGNo.exe
  C:\Windows\System\VCGlGNo.exe
  2⤵
  PID:4568
- C:\Windows\System\EadPNOW.exe
  C:\Windows\System\EadPNOW.exe
  2⤵
  PID:4512
- C:\Windows\System\TcQrtsY.exe
  C:\Windows\System\TcQrtsY.exe
  2⤵
  PID:4596
- C:\Windows\System\hVUxoQj.exe
  C:\Windows\System\hVUxoQj.exe
  2⤵
  PID:4636
- C:\Windows\System\UCLgcOe.exe
  C:\Windows\System\UCLgcOe.exe
  2⤵
  PID:4696
- C:\Windows\System\IOvzXNn.exe
  C:\Windows\System\IOvzXNn.exe
  2⤵
  PID:4672
- C:\Windows\System\hYMOOGm.exe
  C:\Windows\System\hYMOOGm.exe
  2⤵
  PID:4744
- C:\Windows\System\uSOJIfX.exe
  C:\Windows\System\uSOJIfX.exe
  2⤵
  PID:4776
- C:\Windows\System\ngYXnap.exe
  C:\Windows\System\ngYXnap.exe
  2⤵
  PID:4808
- C:\Windows\System\tCKLLtx.exe
  C:\Windows\System\tCKLLtx.exe
  2⤵
  PID:4848
- C:\Windows\System\SdqJPoB.exe
  C:\Windows\System\SdqJPoB.exe
  2⤵
  PID:4876
- C:\Windows\System\KJZLCHN.exe
  C:\Windows\System\KJZLCHN.exe
  2⤵
  PID:4908
- C:\Windows\System\YmDBtoA.exe
  C:\Windows\System\YmDBtoA.exe
  2⤵
  PID:4932
- C:\Windows\System\NZBQEcu.exe
  C:\Windows\System\NZBQEcu.exe
  2⤵
  PID:4972
- C:\Windows\System\zevWyaw.exe
  C:\Windows\System\zevWyaw.exe
  2⤵
  PID:4992
- C:\Windows\System\yKYSaMC.exe
  C:\Windows\System\yKYSaMC.exe
  2⤵
  PID:5032
- C:\Windows\System\kuiOJCV.exe
  C:\Windows\System\kuiOJCV.exe
  2⤵
  PID:5096
- C:\Windows\System\wICJYDF.exe
  C:\Windows\System\wICJYDF.exe
  2⤵
  PID:5072
- C:\Windows\System\qahrqwv.exe
  C:\Windows\System\qahrqwv.exe
  2⤵
  PID:5112
- C:\Windows\System\GFdTWrO.exe
  C:\Windows\System\GFdTWrO.exe
  2⤵
  PID:4052
- C:\Windows\System\eAKeQqU.exe
  C:\Windows\System\eAKeQqU.exe
  2⤵
  PID:1340
- C:\Windows\System\MvxzKtS.exe
  C:\Windows\System\MvxzKtS.exe
  2⤵
  PID:3212
- C:\Windows\System\yllXBlk.exe
  C:\Windows\System\yllXBlk.exe
  2⤵
  PID:3572
- C:\Windows\System\sKHLugc.exe
  C:\Windows\System\sKHLugc.exe
  2⤵
  PID:4124
- C:\Windows\System\LiYkhxb.exe
  C:\Windows\System\LiYkhxb.exe
  2⤵
  PID:4132
- C:\Windows\System\rcSNggy.exe
  C:\Windows\System\rcSNggy.exe
  2⤵
  PID:4244
- C:\Windows\System\iRAdhZu.exe
  C:\Windows\System\iRAdhZu.exe
  2⤵
  PID:4264
- C:\Windows\System\SFCmicJ.exe
  C:\Windows\System\SFCmicJ.exe
  2⤵
  PID:4304
- C:\Windows\System\tLzpULW.exe
  C:\Windows\System\tLzpULW.exe
  2⤵
  PID:4404
- C:\Windows\System\FdLwRUx.exe
  C:\Windows\System\FdLwRUx.exe
  2⤵
  PID:4392
- C:\Windows\System\WJrVAtH.exe
  C:\Windows\System\WJrVAtH.exe
  2⤵
  PID:4464
- C:\Windows\System\fGZkLvJ.exe
  C:\Windows\System\fGZkLvJ.exe
  2⤵
  PID:4516
- C:\Windows\System\VCKhHie.exe
  C:\Windows\System\VCKhHie.exe
  2⤵
  PID:4588
- C:\Windows\System\EfrANKf.exe
  C:\Windows\System\EfrANKf.exe
  2⤵
  PID:4632
- C:\Windows\System\OGpABav.exe
  C:\Windows\System\OGpABav.exe
  2⤵
  PID:4728
- C:\Windows\System\rqsfYdH.exe
  C:\Windows\System\rqsfYdH.exe
  2⤵
  PID:4752
- C:\Windows\System\asqoWuV.exe
  C:\Windows\System\asqoWuV.exe
  2⤵
  PID:4828
- C:\Windows\System\cbNUKhu.exe
  C:\Windows\System\cbNUKhu.exe
  2⤵
  PID:4896
- C:\Windows\System\KEAKIRC.exe
  C:\Windows\System\KEAKIRC.exe
  2⤵
  PID:4956
- C:\Windows\System\IrUPrwW.exe
  C:\Windows\System\IrUPrwW.exe
  2⤵
  PID:5012
- C:\Windows\System\NKapjrg.exe
  C:\Windows\System\NKapjrg.exe
  2⤵
  PID:5052
- C:\Windows\System\uaywPpA.exe
  C:\Windows\System\uaywPpA.exe
  2⤵
  PID:5108
- C:\Windows\System\WUVZvIJ.exe
  C:\Windows\System\WUVZvIJ.exe
  2⤵
  PID:4028
- C:\Windows\System\NvCKosz.exe
  C:\Windows\System\NvCKosz.exe
  2⤵
  PID:3128
- C:\Windows\System\idmaYSx.exe
  C:\Windows\System\idmaYSx.exe
  2⤵
  PID:3544
- C:\Windows\System\qdpKNIt.exe
  C:\Windows\System\qdpKNIt.exe
  2⤵
  PID:4152
- C:\Windows\System\pbqGeRN.exe
  C:\Windows\System\pbqGeRN.exe
  2⤵
  PID:4252
- C:\Windows\System\uQFvies.exe
  C:\Windows\System\uQFvies.exe
  2⤵
  PID:4444
- C:\Windows\System\aHZEBmW.exe
  C:\Windows\System\aHZEBmW.exe
  2⤵
  PID:4312
- C:\Windows\System\IIggmOq.exe
  C:\Windows\System\IIggmOq.exe
  2⤵
  PID:4572
- C:\Windows\System\cRJimcg.exe
  C:\Windows\System\cRJimcg.exe
  2⤵
  PID:4612
- C:\Windows\System\CGSWPxu.exe
  C:\Windows\System\CGSWPxu.exe
  2⤵
  PID:4732
- C:\Windows\System\RrXXMEg.exe
  C:\Windows\System\RrXXMEg.exe
  2⤵
  PID:4812
- C:\Windows\System\aJLiMuh.exe
  C:\Windows\System\aJLiMuh.exe
  2⤵
  PID:4872
- C:\Windows\System\bjLgsKQ.exe
  C:\Windows\System\bjLgsKQ.exe
  2⤵
  PID:4936
- C:\Windows\System\odsHVbB.exe
  C:\Windows\System\odsHVbB.exe
  2⤵
  PID:5088
- C:\Windows\System\oepzIMt.exe
  C:\Windows\System\oepzIMt.exe
  2⤵
  PID:2592
- C:\Windows\System\VZUrfEi.exe
  C:\Windows\System\VZUrfEi.exe
  2⤵
  PID:3868
- C:\Windows\System\EAcgMwf.exe
  C:\Windows\System\EAcgMwf.exe
  2⤵
  PID:5140
- C:\Windows\System\vgPznaq.exe
  C:\Windows\System\vgPznaq.exe
  2⤵
  PID:5160
- C:\Windows\System\vkEnpna.exe
  C:\Windows\System\vkEnpna.exe
  2⤵
  PID:5180
- C:\Windows\System\gCiadOK.exe
  C:\Windows\System\gCiadOK.exe
  2⤵
  PID:5200
- C:\Windows\System\hHxJCzK.exe
  C:\Windows\System\hHxJCzK.exe
  2⤵
  PID:5220
- C:\Windows\System\XKmVUbi.exe
  C:\Windows\System\XKmVUbi.exe
  2⤵
  PID:5240
- C:\Windows\System\loyyzYX.exe
  C:\Windows\System\loyyzYX.exe
  2⤵
  PID:5260
- C:\Windows\System\mWzeypl.exe
  C:\Windows\System\mWzeypl.exe
  2⤵
  PID:5280
- C:\Windows\System\ICyIrGU.exe
  C:\Windows\System\ICyIrGU.exe
  2⤵
  PID:5296
- C:\Windows\System\RSAfERS.exe
  C:\Windows\System\RSAfERS.exe
  2⤵
  PID:5320
- C:\Windows\System\oApypWx.exe
  C:\Windows\System\oApypWx.exe
  2⤵
  PID:5340
- C:\Windows\System\VwdnFAx.exe
  C:\Windows\System\VwdnFAx.exe
  2⤵
  PID:5356
- C:\Windows\System\hLuNnhG.exe
  C:\Windows\System\hLuNnhG.exe
  2⤵
  PID:5380
- C:\Windows\System\NWqLEvk.exe
  C:\Windows\System\NWqLEvk.exe
  2⤵
  PID:5400
- C:\Windows\System\wTYNTmV.exe
  C:\Windows\System\wTYNTmV.exe
  2⤵
  PID:5420
- C:\Windows\System\HeWUNfy.exe
  C:\Windows\System\HeWUNfy.exe
  2⤵
  PID:5440
- C:\Windows\System\USqyslS.exe
  C:\Windows\System\USqyslS.exe
  2⤵
  PID:5460
- C:\Windows\System\XjnlMWE.exe
  C:\Windows\System\XjnlMWE.exe
  2⤵
  PID:5476
- C:\Windows\System\Ipwiudd.exe
  C:\Windows\System\Ipwiudd.exe
  2⤵
  PID:5496
- C:\Windows\System\zwozkhB.exe
  C:\Windows\System\zwozkhB.exe
  2⤵
  PID:5520
- C:\Windows\System\bvGEJzt.exe
  C:\Windows\System\bvGEJzt.exe
  2⤵
  PID:5540
- C:\Windows\System\pchUXOj.exe
  C:\Windows\System\pchUXOj.exe
  2⤵
  PID:5560
- C:\Windows\System\VvqVxXI.exe
  C:\Windows\System\VvqVxXI.exe
  2⤵
  PID:5580
- C:\Windows\System\wcjDTxW.exe
  C:\Windows\System\wcjDTxW.exe
  2⤵
  PID:5600
- C:\Windows\System\yqlpKYk.exe
  C:\Windows\System\yqlpKYk.exe
  2⤵
  PID:5616
- C:\Windows\System\xHdVwvb.exe
  C:\Windows\System\xHdVwvb.exe
  2⤵
  PID:5632
- C:\Windows\System\WeNkPvj.exe
  C:\Windows\System\WeNkPvj.exe
  2⤵
  PID:5660
- C:\Windows\System\MNGltxd.exe
  C:\Windows\System\MNGltxd.exe
  2⤵
  PID:5676
- C:\Windows\System\nRIlBCz.exe
  C:\Windows\System\nRIlBCz.exe
  2⤵
  PID:5696
- C:\Windows\System\FcNfIyK.exe
  C:\Windows\System\FcNfIyK.exe
  2⤵
  PID:5716
- C:\Windows\System\WUmxlVA.exe
  C:\Windows\System\WUmxlVA.exe
  2⤵
  PID:5732
- C:\Windows\System\NMTYJae.exe
  C:\Windows\System\NMTYJae.exe
  2⤵
  PID:5760
- C:\Windows\System\NHFPpEf.exe
  C:\Windows\System\NHFPpEf.exe
  2⤵
  PID:5776
- C:\Windows\System\dbeXtcJ.exe
  C:\Windows\System\dbeXtcJ.exe
  2⤵
  PID:5800
- C:\Windows\System\WyYqSif.exe
  C:\Windows\System\WyYqSif.exe
  2⤵
  PID:5820
- C:\Windows\System\HRSJQTe.exe
  C:\Windows\System\HRSJQTe.exe
  2⤵
  PID:5840
- C:\Windows\System\ajpcFtG.exe
  C:\Windows\System\ajpcFtG.exe
  2⤵
  PID:5860
- C:\Windows\System\bFIirqm.exe
  C:\Windows\System\bFIirqm.exe
  2⤵
  PID:5880
- C:\Windows\System\JLBctJf.exe
  C:\Windows\System\JLBctJf.exe
  2⤵
  PID:5900
- C:\Windows\System\eUSqDKw.exe
  C:\Windows\System\eUSqDKw.exe
  2⤵
  PID:5916
- C:\Windows\System\WeVJTKS.exe
  C:\Windows\System\WeVJTKS.exe
  2⤵
  PID:5936
- C:\Windows\System\MoWoGJE.exe
  C:\Windows\System\MoWoGJE.exe
  2⤵
  PID:5960
- C:\Windows\System\gvMfSdE.exe
  C:\Windows\System\gvMfSdE.exe
  2⤵
  PID:5980
- C:\Windows\System\QsyQYER.exe
  C:\Windows\System\QsyQYER.exe
  2⤵
  PID:5996
- C:\Windows\System\xJijmAj.exe
  C:\Windows\System\xJijmAj.exe
  2⤵
  PID:6020
- C:\Windows\System\VYOGXiX.exe
  C:\Windows\System\VYOGXiX.exe
  2⤵
  PID:6040
- C:\Windows\System\ImgaFJi.exe
  C:\Windows\System\ImgaFJi.exe
  2⤵
  PID:6060
- C:\Windows\System\aApNduF.exe
  C:\Windows\System\aApNduF.exe
  2⤵
  PID:6080
- C:\Windows\System\oCWNtus.exe
  C:\Windows\System\oCWNtus.exe
  2⤵
  PID:6100
- C:\Windows\System\VQXBGKL.exe
  C:\Windows\System\VQXBGKL.exe
  2⤵
  PID:6116
- C:\Windows\System\CgjtjoE.exe
  C:\Windows\System\CgjtjoE.exe
  2⤵
  PID:6136
- C:\Windows\System\OAOpIKi.exe
  C:\Windows\System\OAOpIKi.exe
  2⤵
  PID:4212
- C:\Windows\System\yJGPLMQ.exe
  C:\Windows\System\yJGPLMQ.exe
  2⤵
  PID:4292
- C:\Windows\System\ZmHXkVf.exe
  C:\Windows\System\ZmHXkVf.exe
  2⤵
  PID:4428
- C:\Windows\System\yqVsNIe.exe
  C:\Windows\System\yqVsNIe.exe
  2⤵
  PID:4616
- C:\Windows\System\ZjugyFd.exe
  C:\Windows\System\ZjugyFd.exe
  2⤵
  PID:4792
- C:\Windows\System\FjTQZjk.exe
  C:\Windows\System\FjTQZjk.exe
  2⤵
  PID:5048
- C:\Windows\System\rhHXfaR.exe
  C:\Windows\System\rhHXfaR.exe
  2⤵
  PID:5076
- C:\Windows\System\catlizq.exe
  C:\Windows\System\catlizq.exe
  2⤵
  PID:852
- C:\Windows\System\JyQqEiw.exe
  C:\Windows\System\JyQqEiw.exe
  2⤵
  PID:5152
- C:\Windows\System\nOpywwp.exe
  C:\Windows\System\nOpywwp.exe
  2⤵
  PID:5196
- C:\Windows\System\IYwjZLi.exe
  C:\Windows\System\IYwjZLi.exe
  2⤵
  PID:5216
- C:\Windows\System\rRVKCug.exe
  C:\Windows\System\rRVKCug.exe
  2⤵
  PID:5256
- C:\Windows\System\JXrKjqt.exe
  C:\Windows\System\JXrKjqt.exe
  2⤵
  PID:2804
- C:\Windows\System\KWSktLe.exe
  C:\Windows\System\KWSktLe.exe
  2⤵
  PID:5312
- C:\Windows\System\JNXarar.exe
  C:\Windows\System\JNXarar.exe
  2⤵
  PID:5348
- C:\Windows\System\MPXXLzo.exe
  C:\Windows\System\MPXXLzo.exe
  2⤵
  PID:5388
- C:\Windows\System\XriNdyZ.exe
  C:\Windows\System\XriNdyZ.exe
  2⤵
  PID:5428
- C:\Windows\System\mChvBMr.exe
  C:\Windows\System\mChvBMr.exe
  2⤵
  PID:5412
- C:\Windows\System\SNNGtzZ.exe
  C:\Windows\System\SNNGtzZ.exe
  2⤵
  PID:5452
- C:\Windows\System\rnAqsXE.exe
  C:\Windows\System\rnAqsXE.exe
  2⤵
  PID:5484
- C:\Windows\System\ATuuZRD.exe
  C:\Windows\System\ATuuZRD.exe
  2⤵
  PID:5528
- C:\Windows\System\qwxtxdu.exe
  C:\Windows\System\qwxtxdu.exe
  2⤵
  PID:5588
- C:\Windows\System\DpYakrd.exe
  C:\Windows\System\DpYakrd.exe
  2⤵
  PID:5592
- C:\Windows\System\UGZqQko.exe
  C:\Windows\System\UGZqQko.exe
  2⤵
  PID:5644
- C:\Windows\System\cLuwHrg.exe
  C:\Windows\System\cLuwHrg.exe
  2⤵
  PID:5672
- C:\Windows\System\LirEJfs.exe
  C:\Windows\System\LirEJfs.exe
  2⤵
  PID:5692
- C:\Windows\System\gWauvcb.exe
  C:\Windows\System\gWauvcb.exe
  2⤵
  PID:5728
- C:\Windows\System\AjgZmqu.exe
  C:\Windows\System\AjgZmqu.exe
  2⤵
  PID:5788
- C:\Windows\System\xpoBurC.exe
  C:\Windows\System\xpoBurC.exe
  2⤵
  PID:5792
- C:\Windows\System\inQUyEy.exe
  C:\Windows\System\inQUyEy.exe
  2⤵
  PID:5836
- C:\Windows\System\zDTGbBM.exe
  C:\Windows\System\zDTGbBM.exe
  2⤵
  PID:5868
- C:\Windows\System\wHeoaQR.exe
  C:\Windows\System\wHeoaQR.exe
  2⤵
  PID:5888
- C:\Windows\System\fNTutRU.exe
  C:\Windows\System\fNTutRU.exe
  2⤵
  PID:5944
- C:\Windows\System\uNUcMgG.exe
  C:\Windows\System\uNUcMgG.exe
  2⤵
  PID:5968
- C:\Windows\System\nGXjqqT.exe
  C:\Windows\System\nGXjqqT.exe
  2⤵
  PID:5976
- C:\Windows\System\cIlqhVo.exe
  C:\Windows\System\cIlqhVo.exe
  2⤵
  PID:6032
- C:\Windows\System\ZzhpPhC.exe
  C:\Windows\System\ZzhpPhC.exe
  2⤵
  PID:6056
- C:\Windows\System\NlXHoGf.exe
  C:\Windows\System\NlXHoGf.exe
  2⤵
  PID:6112
- C:\Windows\System\TrEFySR.exe
  C:\Windows\System\TrEFySR.exe
  2⤵
  PID:3612
- C:\Windows\System\esdDxZw.exe
  C:\Windows\System\esdDxZw.exe
  2⤵
  PID:6124
- C:\Windows\System\SNyfwBS.exe
  C:\Windows\System\SNyfwBS.exe
  2⤵
  PID:4432
- C:\Windows\System\CUOFqDI.exe
  C:\Windows\System\CUOFqDI.exe
  2⤵
  PID:4768
- C:\Windows\System\fiwLjeO.exe
  C:\Windows\System\fiwLjeO.exe
  2⤵
  PID:5128
- C:\Windows\System\TTvgohN.exe
  C:\Windows\System\TTvgohN.exe
  2⤵
  PID:3944
- C:\Windows\System\XvdxUvM.exe
  C:\Windows\System\XvdxUvM.exe
  2⤵
  PID:5176
- C:\Windows\System\sxIdbYr.exe
  C:\Windows\System\sxIdbYr.exe
  2⤵
  PID:5236
- C:\Windows\System\nzpzYDm.exe
  C:\Windows\System\nzpzYDm.exe
  2⤵
  PID:5276
- C:\Windows\System\jOLglqb.exe
  C:\Windows\System\jOLglqb.exe
  2⤵
  PID:5368
- C:\Windows\System\HrkYyJX.exe
  C:\Windows\System\HrkYyJX.exe
  2⤵
  PID:5396
- C:\Windows\System\ZejdGwB.exe
  C:\Windows\System\ZejdGwB.exe
  2⤵
  PID:5456
- C:\Windows\System\GQPxGkm.exe
  C:\Windows\System\GQPxGkm.exe
  2⤵
  PID:5516
- C:\Windows\System\atXVSDQ.exe
  C:\Windows\System\atXVSDQ.exe
  2⤵
  PID:5572
- C:\Windows\System\gIVIrbA.exe
  C:\Windows\System\gIVIrbA.exe
  2⤵
  PID:5668
- C:\Windows\System\pavPbgM.exe
  C:\Windows\System\pavPbgM.exe
  2⤵
  PID:5608
- C:\Windows\System\HEWTQgO.exe
  C:\Windows\System\HEWTQgO.exe
  2⤵
  PID:5688
- C:\Windows\System\LDOWUWW.exe
  C:\Windows\System\LDOWUWW.exe
  2⤵
  PID:5796
- C:\Windows\System\KSHHTXw.exe
  C:\Windows\System\KSHHTXw.exe
  2⤵
  PID:5816
- C:\Windows\System\eXHDDqx.exe
  C:\Windows\System\eXHDDqx.exe
  2⤵
  PID:5924
- C:\Windows\System\DmqNNaa.exe
  C:\Windows\System\DmqNNaa.exe
  2⤵
  PID:5876
- C:\Windows\System\kztCbGa.exe
  C:\Windows\System\kztCbGa.exe
  2⤵
  PID:5948
- C:\Windows\System\KNVCsQY.exe
  C:\Windows\System\KNVCsQY.exe
  2⤵
  PID:6036
- C:\Windows\System\OOgRopO.exe
  C:\Windows\System\OOgRopO.exe
  2⤵
  PID:6092
- C:\Windows\System\EHTDldn.exe
  C:\Windows\System\EHTDldn.exe
  2⤵
  PID:4528
- C:\Windows\System\KilBQAd.exe
  C:\Windows\System\KilBQAd.exe
  2⤵
  PID:4460
- C:\Windows\System\XJeiCUI.exe
  C:\Windows\System\XJeiCUI.exe
  2⤵
  PID:4608
- C:\Windows\System\ewCDhzc.exe
  C:\Windows\System\ewCDhzc.exe
  2⤵
  PID:4044
- C:\Windows\System\HAtUNdp.exe
  C:\Windows\System\HAtUNdp.exe
  2⤵
  PID:5188
- C:\Windows\System\YGrnxly.exe
  C:\Windows\System\YGrnxly.exe
  2⤵
  PID:5308
- C:\Windows\System\OqNNDBi.exe
  C:\Windows\System\OqNNDBi.exe
  2⤵
  PID:5416
- C:\Windows\System\vAHvqbb.exe
  C:\Windows\System\vAHvqbb.exe
  2⤵
  PID:5552
- C:\Windows\System\qucbffq.exe
  C:\Windows\System\qucbffq.exe
  2⤵
  PID:5532
- C:\Windows\System\CuXwjUD.exe
  C:\Windows\System\CuXwjUD.exe
  2⤵
  PID:5628
- C:\Windows\System\qRvIPWN.exe
  C:\Windows\System\qRvIPWN.exe
  2⤵
  PID:5772
- C:\Windows\System\sDPgdpS.exe
  C:\Windows\System\sDPgdpS.exe
  2⤵
  PID:5896
- C:\Windows\System\rAizgOW.exe
  C:\Windows\System\rAizgOW.exe
  2⤵
  PID:5956
- C:\Windows\System\JSMFAYY.exe
  C:\Windows\System\JSMFAYY.exe
  2⤵
  PID:6076
- C:\Windows\System\ZIwjFRb.exe
  C:\Windows\System\ZIwjFRb.exe
  2⤵
  PID:6148
- C:\Windows\System\BUqsEkT.exe
  C:\Windows\System\BUqsEkT.exe
  2⤵
  PID:6168
- C:\Windows\System\usxzCpt.exe
  C:\Windows\System\usxzCpt.exe
  2⤵
  PID:6188
- C:\Windows\System\BeCjgEm.exe
  C:\Windows\System\BeCjgEm.exe
  2⤵
  PID:6208
- C:\Windows\System\wmKYeKx.exe
  C:\Windows\System\wmKYeKx.exe
  2⤵
  PID:6228
- C:\Windows\System\SXMLAUd.exe
  C:\Windows\System\SXMLAUd.exe
  2⤵
  PID:6248
- C:\Windows\System\qDJPxlv.exe
  C:\Windows\System\qDJPxlv.exe
  2⤵
  PID:6268
- C:\Windows\System\UIFYKxy.exe
  C:\Windows\System\UIFYKxy.exe
  2⤵
  PID:6288
- C:\Windows\System\qqHreop.exe
  C:\Windows\System\qqHreop.exe
  2⤵
  PID:6308
- C:\Windows\System\QKpDYqU.exe
  C:\Windows\System\QKpDYqU.exe
  2⤵
  PID:6328
- C:\Windows\System\khKlkku.exe
  C:\Windows\System\khKlkku.exe
  2⤵
  PID:6348
- C:\Windows\System\InaRRXC.exe
  C:\Windows\System\InaRRXC.exe
  2⤵
  PID:6368
- C:\Windows\System\KgKROiZ.exe
  C:\Windows\System\KgKROiZ.exe
  2⤵
  PID:6388
- C:\Windows\System\jogVmhj.exe
  C:\Windows\System\jogVmhj.exe
  2⤵
  PID:6408
- C:\Windows\System\wpQmozW.exe
  C:\Windows\System\wpQmozW.exe
  2⤵
  PID:6428
- C:\Windows\System\dNqQydV.exe
  C:\Windows\System\dNqQydV.exe
  2⤵
  PID:6448
- C:\Windows\System\PsmOoxB.exe
  C:\Windows\System\PsmOoxB.exe
  2⤵
  PID:6468
- C:\Windows\System\oAvLDZK.exe
  C:\Windows\System\oAvLDZK.exe
  2⤵
  PID:6492
- C:\Windows\System\gMuZNTh.exe
  C:\Windows\System\gMuZNTh.exe
  2⤵
  PID:6516
- C:\Windows\System\AFAiokU.exe
  C:\Windows\System\AFAiokU.exe
  2⤵
  PID:6540
- C:\Windows\System\WXIjhFt.exe
  C:\Windows\System\WXIjhFt.exe
  2⤵
  PID:6560
- C:\Windows\System\HJFXUld.exe
  C:\Windows\System\HJFXUld.exe
  2⤵
  PID:6580
- C:\Windows\System\KHiyovD.exe
  C:\Windows\System\KHiyovD.exe
  2⤵
  PID:6600
- C:\Windows\System\hwbOKOd.exe
  C:\Windows\System\hwbOKOd.exe
  2⤵
  PID:6620
- C:\Windows\System\eBxMaKx.exe
  C:\Windows\System\eBxMaKx.exe
  2⤵
  PID:6640
- C:\Windows\System\RFtuPli.exe
  C:\Windows\System\RFtuPli.exe
  2⤵
  PID:6660
- C:\Windows\System\PxyQlJs.exe
  C:\Windows\System\PxyQlJs.exe
  2⤵
  PID:6680
- C:\Windows\System\jNCWkNx.exe
  C:\Windows\System\jNCWkNx.exe
  2⤵
  PID:6700
- C:\Windows\System\iStLctj.exe
  C:\Windows\System\iStLctj.exe
  2⤵
  PID:6720
- C:\Windows\System\jrEDaAS.exe
  C:\Windows\System\jrEDaAS.exe
  2⤵
  PID:6740
- C:\Windows\System\UjVnQPy.exe
  C:\Windows\System\UjVnQPy.exe
  2⤵
  PID:6760
- C:\Windows\System\GxnNUos.exe
  C:\Windows\System\GxnNUos.exe
  2⤵
  PID:6780
- C:\Windows\System\FCoxZAS.exe
  C:\Windows\System\FCoxZAS.exe
  2⤵
  PID:6800
- C:\Windows\System\zmQDnVS.exe
  C:\Windows\System\zmQDnVS.exe
  2⤵
  PID:6820
- C:\Windows\System\XFTmkqQ.exe
  C:\Windows\System\XFTmkqQ.exe
  2⤵
  PID:6840
- C:\Windows\System\VUzCvMu.exe
  C:\Windows\System\VUzCvMu.exe
  2⤵
  PID:6860
- C:\Windows\System\tDRxBWy.exe
  C:\Windows\System\tDRxBWy.exe
  2⤵
  PID:6880
- C:\Windows\System\RTcVLKO.exe
  C:\Windows\System\RTcVLKO.exe
  2⤵
  PID:6900
- C:\Windows\System\qmQMHWe.exe
  C:\Windows\System\qmQMHWe.exe
  2⤵
  PID:6920
- C:\Windows\System\yVYVvdO.exe
  C:\Windows\System\yVYVvdO.exe
  2⤵
  PID:6940
- C:\Windows\System\qLGPFKX.exe
  C:\Windows\System\qLGPFKX.exe
  2⤵
  PID:6960
- C:\Windows\System\ltONqgC.exe
  C:\Windows\System\ltONqgC.exe
  2⤵
  PID:6980
- C:\Windows\System\xFahLfd.exe
  C:\Windows\System\xFahLfd.exe
  2⤵
  PID:7000
- C:\Windows\System\hmZzYkU.exe
  C:\Windows\System\hmZzYkU.exe
  2⤵
  PID:7020
- C:\Windows\System\zCntZxt.exe
  C:\Windows\System\zCntZxt.exe
  2⤵
  PID:7040
- C:\Windows\System\WTTxZko.exe
  C:\Windows\System\WTTxZko.exe
  2⤵
  PID:7060
- C:\Windows\System\AbmVYoA.exe
  C:\Windows\System\AbmVYoA.exe
  2⤵
  PID:7080
- C:\Windows\System\bGdwMgf.exe
  C:\Windows\System\bGdwMgf.exe
  2⤵
  PID:7100
- C:\Windows\System\WeLQOln.exe
  C:\Windows\System\WeLQOln.exe
  2⤵
  PID:7120
- C:\Windows\System\czzGqaL.exe
  C:\Windows\System\czzGqaL.exe
  2⤵
  PID:7140
- C:\Windows\System\sbqrTTU.exe
  C:\Windows\System\sbqrTTU.exe
  2⤵
  PID:7160
- C:\Windows\System\CUoanJS.exe
  C:\Windows\System\CUoanJS.exe
  2⤵
  PID:6132
- C:\Windows\System\vEBDRWT.exe
  C:\Windows\System\vEBDRWT.exe
  2⤵
  PID:4712
- C:\Windows\System\woVliOp.exe
  C:\Windows\System\woVliOp.exe
  2⤵
  PID:5228
- C:\Windows\System\WJlWnEK.exe
  C:\Windows\System\WJlWnEK.exe
  2⤵
  PID:5376
- C:\Windows\System\QdtYmyQ.exe
  C:\Windows\System\QdtYmyQ.exe
  2⤵
  PID:5408
- C:\Windows\System\jsxyToX.exe
  C:\Windows\System\jsxyToX.exe
  2⤵
  PID:5508
- C:\Windows\System\husWQtp.exe
  C:\Windows\System\husWQtp.exe
  2⤵
  PID:5656
- C:\Windows\System\vFwZbYv.exe
  C:\Windows\System\vFwZbYv.exe
  2⤵
  PID:5908
- C:\Windows\System\YJPfVTL.exe
  C:\Windows\System\YJPfVTL.exe
  2⤵
  PID:5952
- C:\Windows\System\xdOeidb.exe
  C:\Windows\System\xdOeidb.exe
  2⤵
  PID:6176
- C:\Windows\System\AVEwOZV.exe
  C:\Windows\System\AVEwOZV.exe
  2⤵
  PID:6160
- C:\Windows\System\LLVwAKt.exe
  C:\Windows\System\LLVwAKt.exe
  2⤵
  PID:6216
- C:\Windows\System\tMluJRV.exe
  C:\Windows\System\tMluJRV.exe
  2⤵
  PID:6244
- C:\Windows\System\aMZwZOd.exe
  C:\Windows\System\aMZwZOd.exe
  2⤵
  PID:6284
- C:\Windows\System\oNOONPM.exe
  C:\Windows\System\oNOONPM.exe
  2⤵
  PID:6316
- C:\Windows\System\hdzfSUg.exe
  C:\Windows\System\hdzfSUg.exe
  2⤵
  PID:6340
- C:\Windows\System\mlnDyKe.exe
  C:\Windows\System\mlnDyKe.exe
  2⤵
  PID:6384
- C:\Windows\System\LSVVXdb.exe
  C:\Windows\System\LSVVXdb.exe
  2⤵
  PID:6416
- C:\Windows\System\jFPezhh.exe
  C:\Windows\System\jFPezhh.exe
  2⤵
  PID:2720
- C:\Windows\System\etHdHMz.exe
  C:\Windows\System\etHdHMz.exe
  2⤵
  PID:6460
- C:\Windows\System\HXWlXnJ.exe
  C:\Windows\System\HXWlXnJ.exe
  2⤵
  PID:6508
- C:\Windows\System\ImApdnp.exe
  C:\Windows\System\ImApdnp.exe
  2⤵
  PID:6548
- C:\Windows\System\lzatVhV.exe
  C:\Windows\System\lzatVhV.exe
  2⤵
  PID:6588
- C:\Windows\System\WXDGIQn.exe
  C:\Windows\System\WXDGIQn.exe
  2⤵
  PID:6616
- C:\Windows\System\ZscegIn.exe
  C:\Windows\System\ZscegIn.exe
  2⤵
  PID:6668
- C:\Windows\System\FrKUYQG.exe
  C:\Windows\System\FrKUYQG.exe
  2⤵
  PID:6696
- C:\Windows\System\yDHgAHH.exe
  C:\Windows\System\yDHgAHH.exe
  2⤵
  PID:6728
- C:\Windows\System\LUsWzUc.exe
  C:\Windows\System\LUsWzUc.exe
  2⤵
  PID:6752
- C:\Windows\System\FVYWWgk.exe
  C:\Windows\System\FVYWWgk.exe
  2⤵
  PID:6796
- C:\Windows\System\duuVdQv.exe
  C:\Windows\System\duuVdQv.exe
  2⤵
  PID:6828
- C:\Windows\System\asWWeTo.exe
  C:\Windows\System\asWWeTo.exe
  2⤵
  PID:6868
- C:\Windows\System\wHxigFf.exe
  C:\Windows\System\wHxigFf.exe
  2⤵
  PID:6908
- C:\Windows\System\dmwFEqz.exe
  C:\Windows\System\dmwFEqz.exe
  2⤵
  PID:6928
- C:\Windows\System\CiNueYO.exe
  C:\Windows\System\CiNueYO.exe
  2⤵
  PID:2788
- C:\Windows\System\KylhPBl.exe
  C:\Windows\System\KylhPBl.exe
  2⤵
  PID:6972
- C:\Windows\System\RMPCjSK.exe
  C:\Windows\System\RMPCjSK.exe
  2⤵
  PID:7036
- C:\Windows\System\EtYdKfD.exe
  C:\Windows\System\EtYdKfD.exe
  2⤵
  PID:7068
- C:\Windows\System\noBXDBo.exe
  C:\Windows\System\noBXDBo.exe
  2⤵
  PID:7116
- C:\Windows\System\hQdWxqo.exe
  C:\Windows\System\hQdWxqo.exe
  2⤵
  PID:7128
- C:\Windows\System\xMIercI.exe
  C:\Windows\System\xMIercI.exe
  2⤵
  PID:2952
- C:\Windows\System\LihRWyh.exe
  C:\Windows\System\LihRWyh.exe
  2⤵
  PID:4128
- C:\Windows\System\kdTZrce.exe
  C:\Windows\System\kdTZrce.exe
  2⤵
  PID:5328
- C:\Windows\System\OpoFvlV.exe
  C:\Windows\System\OpoFvlV.exe
  2⤵
  PID:5364
- C:\Windows\System\qPCBQSc.exe
  C:\Windows\System\qPCBQSc.exe
  2⤵
  PID:2732
- C:\Windows\System\vkzpgzT.exe
  C:\Windows\System\vkzpgzT.exe
  2⤵
  PID:5912
- C:\Windows\System\PUIDYUT.exe
  C:\Windows\System\PUIDYUT.exe
  2⤵
  PID:6164
- C:\Windows\System\OblHqBV.exe
  C:\Windows\System\OblHqBV.exe
  2⤵
  PID:6204
- C:\Windows\System\RMhnnNH.exe
  C:\Windows\System\RMhnnNH.exe
  2⤵
  PID:6260
- C:\Windows\System\yDVxSbE.exe
  C:\Windows\System\yDVxSbE.exe
  2⤵
  PID:6184
- C:\Windows\System\RMCaYrC.exe
  C:\Windows\System\RMCaYrC.exe
  2⤵
  PID:6304
- C:\Windows\System\MyAjdgY.exe
  C:\Windows\System\MyAjdgY.exe
  2⤵
  PID:6396
- C:\Windows\System\usukuTI.exe
  C:\Windows\System\usukuTI.exe
  2⤵
  PID:2364
- C:\Windows\System\nTAXtXO.exe
  C:\Windows\System\nTAXtXO.exe
  2⤵
  PID:6376
- C:\Windows\System\ImsnifB.exe
  C:\Windows\System\ImsnifB.exe
  2⤵
  PID:6500
- C:\Windows\System\ZkqfWta.exe
  C:\Windows\System\ZkqfWta.exe
  2⤵
  PID:6628
- C:\Windows\System\QUdRZlt.exe
  C:\Windows\System\QUdRZlt.exe
  2⤵
  PID:6688
- C:\Windows\System\wJGTWkB.exe
  C:\Windows\System\wJGTWkB.exe
  2⤵
  PID:588
- C:\Windows\System\eTStUvb.exe
  C:\Windows\System\eTStUvb.exe
  2⤵
  PID:6732
- C:\Windows\System\bBGqnZx.exe
  C:\Windows\System\bBGqnZx.exe
  2⤵
  PID:6636
- C:\Windows\System\GXsVHHK.exe
  C:\Windows\System\GXsVHHK.exe
  2⤵
  PID:6712
- C:\Windows\System\LeYlOYJ.exe
  C:\Windows\System\LeYlOYJ.exe
  2⤵
  PID:6812
- C:\Windows\System\DqRTWKZ.exe
  C:\Windows\System\DqRTWKZ.exe
  2⤵
  PID:6872
- C:\Windows\System\mrIDCRf.exe
  C:\Windows\System\mrIDCRf.exe
  2⤵
  PID:6856
- C:\Windows\System\LpIyyUb.exe
  C:\Windows\System\LpIyyUb.exe
  2⤵
  PID:7028
- C:\Windows\System\rtRXsAS.exe
  C:\Windows\System\rtRXsAS.exe
  2⤵
  PID:2556
- C:\Windows\System\IhzhcbT.exe
  C:\Windows\System\IhzhcbT.exe
  2⤵
  PID:7016
- C:\Windows\System\AifGrMP.exe
  C:\Windows\System\AifGrMP.exe
  2⤵
  PID:7152
- C:\Windows\System\FOCkMze.exe
  C:\Windows\System\FOCkMze.exe
  2⤵
  PID:4916
- C:\Windows\System\ytCwjnj.exe
  C:\Windows\System\ytCwjnj.exe
  2⤵
  PID:5848
- C:\Windows\System\ozSgVLL.exe
  C:\Windows\System\ozSgVLL.exe
  2⤵
  PID:2824
- C:\Windows\System\KqLatZS.exe
  C:\Windows\System\KqLatZS.exe
  2⤵
  PID:5752
- C:\Windows\System\uReOIYC.exe
  C:\Windows\System\uReOIYC.exe
  2⤵
  PID:2912
- C:\Windows\System\rjAHyzP.exe
  C:\Windows\System\rjAHyzP.exe
  2⤵
  PID:6220
- C:\Windows\System\OXYWeou.exe
  C:\Windows\System\OXYWeou.exe
  2⤵
  PID:2836
- C:\Windows\System\qhwGuKE.exe
  C:\Windows\System\qhwGuKE.exe
  2⤵
  PID:2620
- C:\Windows\System\CNVOHwv.exe
  C:\Windows\System\CNVOHwv.exe
  2⤵
  PID:6404
- C:\Windows\System\IEyZnCL.exe
  C:\Windows\System\IEyZnCL.exe
  2⤵
  PID:264
- C:\Windows\System\SJIujgJ.exe
  C:\Windows\System\SJIujgJ.exe
  2⤵
  PID:6364
- C:\Windows\System\oaQHZnc.exe
  C:\Windows\System\oaQHZnc.exe
  2⤵
  PID:2832
- C:\Windows\System\KrAmNus.exe
  C:\Windows\System\KrAmNus.exe
  2⤵
  PID:520
- C:\Windows\System\sDNkDfC.exe
  C:\Windows\System\sDNkDfC.exe
  2⤵
  PID:1428
- C:\Windows\System\cMbwYAx.exe
  C:\Windows\System\cMbwYAx.exe
  2⤵
  PID:2408
- C:\Windows\System\HcIYfFR.exe
  C:\Windows\System\HcIYfFR.exe
  2⤵
  PID:2988
- C:\Windows\System\iPFXvpz.exe
  C:\Windows\System\iPFXvpz.exe
  2⤵
  PID:6772
- C:\Windows\System\LbhFhUV.exe
  C:\Windows\System\LbhFhUV.exe
  2⤵
  PID:464
- C:\Windows\System\ChynjkJ.exe
  C:\Windows\System\ChynjkJ.exe
  2⤵
  PID:6808
- C:\Windows\System\rHdUdxx.exe
  C:\Windows\System\rHdUdxx.exe
  2⤵
  PID:1848
- C:\Windows\System\rvUCdxG.exe
  C:\Windows\System\rvUCdxG.exe
  2⤵
  PID:7108
- C:\Windows\System\GcbrOzg.exe
  C:\Windows\System\GcbrOzg.exe
  2⤵
  PID:7088
- C:\Windows\System\bjMtbNk.exe
  C:\Windows\System\bjMtbNk.exe
  2⤵
  PID:840
- C:\Windows\System\yHmPhMX.exe
  C:\Windows\System\yHmPhMX.exe
  2⤵
  PID:3032
- C:\Windows\System\HOsHciJ.exe
  C:\Windows\System\HOsHciJ.exe
  2⤵
  PID:5472
- C:\Windows\System\LelmCXR.exe
  C:\Windows\System\LelmCXR.exe
  2⤵
  PID:4628
- C:\Windows\System\UFLvsJA.exe
  C:\Windows\System\UFLvsJA.exe
  2⤵
  PID:5744
- C:\Windows\System\MwPiTCG.exe
  C:\Windows\System\MwPiTCG.exe
  2⤵
  PID:1608
- C:\Windows\System\VYLDGOu.exe
  C:\Windows\System\VYLDGOu.exe
  2⤵
  PID:6236
- C:\Windows\System\hzBQLyc.exe
  C:\Windows\System\hzBQLyc.exe
  2⤵
  PID:6276
- C:\Windows\System\NHpobvN.exe
  C:\Windows\System\NHpobvN.exe
  2⤵
  PID:6196
- C:\Windows\System\nBdFHFR.exe
  C:\Windows\System\nBdFHFR.exe
  2⤵
  PID:6300
- C:\Windows\System\AFoPVbT.exe
  C:\Windows\System\AFoPVbT.exe
  2⤵
  PID:1896
- C:\Windows\System\VsdKnTP.exe
  C:\Windows\System\VsdKnTP.exe
  2⤵
  PID:1636
- C:\Windows\System\MVbgOCF.exe
  C:\Windows\System\MVbgOCF.exe
  2⤵
  PID:404
- C:\Windows\System\deaKFVI.exe
  C:\Windows\System\deaKFVI.exe
  2⤵
  PID:616
- C:\Windows\System\xVYSJaF.exe
  C:\Windows\System\xVYSJaF.exe
  2⤵
  PID:7076
- C:\Windows\System\UGwheeg.exe
  C:\Windows\System\UGwheeg.exe
  2⤵
  PID:6988
- C:\Windows\System\QCgfHih.exe
  C:\Windows\System\QCgfHih.exe
  2⤵
  PID:7132
- C:\Windows\System\XEsowNO.exe
  C:\Windows\System\XEsowNO.exe
  2⤵
  PID:7180
- C:\Windows\System\gYpXJbC.exe
  C:\Windows\System\gYpXJbC.exe
  2⤵
  PID:7196
- C:\Windows\System\bBBcURU.exe
  C:\Windows\System\bBBcURU.exe
  2⤵
  PID:7212
- C:\Windows\System\qOhFuxX.exe
  C:\Windows\System\qOhFuxX.exe
  2⤵
  PID:7228
- C:\Windows\System\lkXPauG.exe
  C:\Windows\System\lkXPauG.exe
  2⤵
  PID:7248
- C:\Windows\System\pxpLvrU.exe
  C:\Windows\System\pxpLvrU.exe
  2⤵
  PID:7264
- C:\Windows\System\TZLZQIR.exe
  C:\Windows\System\TZLZQIR.exe
  2⤵
  PID:7280
- C:\Windows\System\UKxEuAz.exe
  C:\Windows\System\UKxEuAz.exe
  2⤵
  PID:7300
- C:\Windows\System\wjncuKn.exe
  C:\Windows\System\wjncuKn.exe
  2⤵
  PID:7316
- C:\Windows\System\uOphHJV.exe
  C:\Windows\System\uOphHJV.exe
  2⤵
  PID:7332
- C:\Windows\System\PCnQbUT.exe
  C:\Windows\System\PCnQbUT.exe
  2⤵
  PID:7352
- C:\Windows\System\utXHoVW.exe
  C:\Windows\System\utXHoVW.exe
  2⤵
  PID:7368
- C:\Windows\System\RqjTJEu.exe
  C:\Windows\System\RqjTJEu.exe
  2⤵
  PID:7400
- C:\Windows\System\Swggznn.exe
  C:\Windows\System\Swggznn.exe
  2⤵
  PID:7416
- C:\Windows\System\zXkpCFh.exe
  C:\Windows\System\zXkpCFh.exe
  2⤵
  PID:7432
- C:\Windows\System\SakcWUi.exe
  C:\Windows\System\SakcWUi.exe
  2⤵
  PID:7452
- C:\Windows\System\HVEqoyG.exe
  C:\Windows\System\HVEqoyG.exe
  2⤵
  PID:7468
- C:\Windows\System\HEfnPUy.exe
  C:\Windows\System\HEfnPUy.exe
  2⤵
  PID:7576
- C:\Windows\System\GAOtwdM.exe
  C:\Windows\System\GAOtwdM.exe
  2⤵
  PID:7680
- C:\Windows\System\nyoeYyt.exe
  C:\Windows\System\nyoeYyt.exe
  2⤵
  PID:7712
- C:\Windows\System\EjJOEeq.exe
  C:\Windows\System\EjJOEeq.exe
  2⤵
  PID:7732
- C:\Windows\System\vUFgBKf.exe
  C:\Windows\System\vUFgBKf.exe
  2⤵
  PID:7752
- C:\Windows\System\XmqJAkZ.exe
  C:\Windows\System\XmqJAkZ.exe
  2⤵
  PID:7772
- C:\Windows\System\UTdbzUo.exe
  C:\Windows\System\UTdbzUo.exe
  2⤵
  PID:7792
- C:\Windows\System\mOUWhFT.exe
  C:\Windows\System\mOUWhFT.exe
  2⤵
  PID:7812
- C:\Windows\System\Uyxjqhx.exe
  C:\Windows\System\Uyxjqhx.exe
  2⤵
  PID:7828
- C:\Windows\System\uyqnDvP.exe
  C:\Windows\System\uyqnDvP.exe
  2⤵
  PID:7848
- C:\Windows\System\RIYKVRC.exe
  C:\Windows\System\RIYKVRC.exe
  2⤵
  PID:7868
- C:\Windows\System\ZDaqMGa.exe
  C:\Windows\System\ZDaqMGa.exe
  2⤵
  PID:7884
- C:\Windows\System\zHoawgh.exe
  C:\Windows\System\zHoawgh.exe
  2⤵
  PID:7904
- C:\Windows\System\CNScRFZ.exe
  C:\Windows\System\CNScRFZ.exe
  2⤵
  PID:7920
- C:\Windows\System\aGhMmyD.exe
  C:\Windows\System\aGhMmyD.exe
  2⤵
  PID:7940
- C:\Windows\System\THXvfmF.exe
  C:\Windows\System\THXvfmF.exe
  2⤵
  PID:7972
- C:\Windows\System\ereoLnp.exe
  C:\Windows\System\ereoLnp.exe
  2⤵
  PID:7992
- C:\Windows\System\oFzfleC.exe
  C:\Windows\System\oFzfleC.exe
  2⤵
  PID:8008
- C:\Windows\System\HdrEEcN.exe
  C:\Windows\System\HdrEEcN.exe
  2⤵
  PID:8028
- C:\Windows\System\zuvCKtP.exe
  C:\Windows\System\zuvCKtP.exe
  2⤵
  PID:8056
- C:\Windows\System\mPAnlEF.exe
  C:\Windows\System\mPAnlEF.exe
  2⤵
  PID:8072
- C:\Windows\System\JVEyehJ.exe
  C:\Windows\System\JVEyehJ.exe
  2⤵
  PID:8096
- C:\Windows\System\kzQmMjF.exe
  C:\Windows\System\kzQmMjF.exe
  2⤵
  PID:8116
- C:\Windows\System\dNZQfQb.exe
  C:\Windows\System\dNZQfQb.exe
  2⤵
  PID:8132
- C:\Windows\System\iIcaKUi.exe
  C:\Windows\System\iIcaKUi.exe
  2⤵
  PID:8152
- C:\Windows\System\yhwPvVu.exe
  C:\Windows\System\yhwPvVu.exe
  2⤵
  PID:8176
- C:\Windows\System\EHypiXo.exe
  C:\Windows\System\EHypiXo.exe
  2⤵
  PID:3864
- C:\Windows\System\pMUQiLY.exe
  C:\Windows\System\pMUQiLY.exe
  2⤵
  PID:2492
- C:\Windows\System\OYAQxsO.exe
  C:\Windows\System\OYAQxsO.exe
  2⤵
  PID:6916
- C:\Windows\System\Wkrddfz.exe
  C:\Windows\System\Wkrddfz.exe
  2⤵
  PID:7208
- C:\Windows\System\zlqyCvo.exe
  C:\Windows\System\zlqyCvo.exe
  2⤵
  PID:2052
- C:\Windows\System\VlofPJe.exe
  C:\Windows\System\VlofPJe.exe
  2⤵
  PID:7308
- C:\Windows\System\XwhQfmJ.exe
  C:\Windows\System\XwhQfmJ.exe
  2⤵
  PID:2108
- C:\Windows\System\Klxdudu.exe
  C:\Windows\System\Klxdudu.exe
  2⤵
  PID:2632
- C:\Windows\System\mHJDJfx.exe
  C:\Windows\System\mHJDJfx.exe
  2⤵
  PID:6708
- C:\Windows\System\Szpeqbf.exe
  C:\Windows\System\Szpeqbf.exe
  2⤵
  PID:2616
- C:\Windows\System\ZCsdRHK.exe
  C:\Windows\System\ZCsdRHK.exe
  2⤵
  PID:7256
- C:\Windows\System\OAbsTrA.exe
  C:\Windows\System\OAbsTrA.exe
  2⤵
  PID:7360
- C:\Windows\System\WKItoZV.exe
  C:\Windows\System\WKItoZV.exe
  2⤵
  PID:7348
- C:\Windows\System\qijkKtf.exe
  C:\Windows\System\qijkKtf.exe
  2⤵
  PID:7440
- C:\Windows\System\PNHUBxE.exe
  C:\Windows\System\PNHUBxE.exe
  2⤵
  PID:7388
- C:\Windows\System\lYAWAnP.exe
  C:\Windows\System\lYAWAnP.exe
  2⤵
  PID:7460
- C:\Windows\System\CvaQjQC.exe
  C:\Windows\System\CvaQjQC.exe
  2⤵
  PID:7048
- C:\Windows\System\BQArrlE.exe
  C:\Windows\System\BQArrlE.exe
  2⤵
  PID:7520
- C:\Windows\System\LITFYjX.exe
  C:\Windows\System\LITFYjX.exe
  2⤵
  PID:7536
- C:\Windows\System\dylibWS.exe
  C:\Windows\System\dylibWS.exe
  2⤵
  PID:7564
- C:\Windows\System\jQhHbYa.exe
  C:\Windows\System\jQhHbYa.exe
  2⤵
  PID:7584
- C:\Windows\System\OIOzFYj.exe
  C:\Windows\System\OIOzFYj.exe
  2⤵
  PID:7604
- C:\Windows\System\xYkNthn.exe
  C:\Windows\System\xYkNthn.exe
  2⤵
  PID:7628
- C:\Windows\System\AXXKoMu.exe
  C:\Windows\System\AXXKoMu.exe
  2⤵
  PID:7244
- C:\Windows\System\QQzHxwb.exe
  C:\Windows\System\QQzHxwb.exe
  2⤵
  PID:7664
- C:\Windows\System\BFmrFgT.exe
  C:\Windows\System\BFmrFgT.exe
  2⤵
  PID:7708
- C:\Windows\System\LMtqDZG.exe
  C:\Windows\System\LMtqDZG.exe
  2⤵
  PID:7720
- C:\Windows\System\BPeNojt.exe
  C:\Windows\System\BPeNojt.exe
  2⤵
  PID:7780
- C:\Windows\System\YDYOGZa.exe
  C:\Windows\System\YDYOGZa.exe
  2⤵
  PID:7800
- C:\Windows\System\TNCgQrA.exe
  C:\Windows\System\TNCgQrA.exe
  2⤵
  PID:7844
- C:\Windows\System\abVrXoW.exe
  C:\Windows\System\abVrXoW.exe
  2⤵
  PID:7864
- C:\Windows\System\xmRHlVJ.exe
  C:\Windows\System\xmRHlVJ.exe
  2⤵
  PID:7912
- C:\Windows\System\oYDIlAS.exe
  C:\Windows\System\oYDIlAS.exe
  2⤵
  PID:7896
- C:\Windows\System\JoFLJhs.exe
  C:\Windows\System\JoFLJhs.exe
  2⤵
  PID:7936
- C:\Windows\System\eSVuWxZ.exe
  C:\Windows\System\eSVuWxZ.exe
  2⤵
  PID:7968
- C:\Windows\System\xtqPtRA.exe
  C:\Windows\System\xtqPtRA.exe
  2⤵
  PID:7644
- C:\Windows\System\RnGWxNe.exe
  C:\Windows\System\RnGWxNe.exe
  2⤵
  PID:7988
- C:\Windows\System\FWiMOjt.exe
  C:\Windows\System\FWiMOjt.exe
  2⤵
  PID:8048
- C:\Windows\System\pnXspzW.exe
  C:\Windows\System\pnXspzW.exe
  2⤵
  PID:8112
- C:\Windows\System\bYgbuJA.exe
  C:\Windows\System\bYgbuJA.exe
  2⤵
  PID:8092
- C:\Windows\System\suRGYzF.exe
  C:\Windows\System\suRGYzF.exe
  2⤵
  PID:8172
- C:\Windows\System\juIkoMk.exe
  C:\Windows\System\juIkoMk.exe
  2⤵
  PID:6552
- C:\Windows\System\ydmYwys.exe
  C:\Windows\System\ydmYwys.exe
  2⤵
  PID:7240
- C:\Windows\System\ArBHlXL.exe
  C:\Windows\System\ArBHlXL.exe
  2⤵
  PID:5640
- C:\Windows\System\CCtDygn.exe
  C:\Windows\System\CCtDygn.exe
  2⤵
  PID:2908
- C:\Windows\System\TUwIbnr.exe
  C:\Windows\System\TUwIbnr.exe
  2⤵
  PID:6568
- C:\Windows\System\nSYPLIE.exe
  C:\Windows\System\nSYPLIE.exe
  2⤵
  PID:8040
- C:\Windows\System\FtdgcDw.exe
  C:\Windows\System\FtdgcDw.exe
  2⤵
  PID:7292
- C:\Windows\System\KOYxbIY.exe
  C:\Windows\System\KOYxbIY.exe
  2⤵
  PID:7516
- C:\Windows\System\XrLjSxC.exe
  C:\Windows\System\XrLjSxC.exe
  2⤵
  PID:7560
- C:\Windows\System\aahspEy.exe
  C:\Windows\System\aahspEy.exe
  2⤵
  PID:7620
- C:\Windows\System\RzxVONj.exe
  C:\Windows\System\RzxVONj.exe
  2⤵
  PID:7344
- C:\Windows\System\LUJOVcM.exe
  C:\Windows\System\LUJOVcM.exe
  2⤵
  PID:7696
- C:\Windows\System\lDtDsNr.exe
  C:\Windows\System\lDtDsNr.exe
  2⤵
  PID:7532
- C:\Windows\System\WtkrWUO.exe
  C:\Windows\System\WtkrWUO.exe
  2⤵
  PID:7616
- C:\Windows\System\SBiowmT.exe
  C:\Windows\System\SBiowmT.exe
  2⤵
  PID:7624
- C:\Windows\System\XUYrHBY.exe
  C:\Windows\System\XUYrHBY.exe
  2⤵
  PID:7760
- C:\Windows\System\KvbkOMx.exe
  C:\Windows\System\KvbkOMx.exe
  2⤵
  PID:7876
- C:\Windows\System\jIQbhCz.exe
  C:\Windows\System\jIQbhCz.exe
  2⤵
  PID:7636
- C:\Windows\System\TKglHIC.exe
  C:\Windows\System\TKglHIC.exe
  2⤵
  PID:7956
- C:\Windows\System\ZcwbuRa.exe
  C:\Windows\System\ZcwbuRa.exe
  2⤵
  PID:8004
- C:\Windows\System\wwpXSYe.exe
  C:\Windows\System\wwpXSYe.exe
  2⤵
  PID:8024
- C:\Windows\System\GJJWOBp.exe
  C:\Windows\System\GJJWOBp.exe
  2⤵
  PID:8088
- C:\Windows\System\TZKoNGt.exe
  C:\Windows\System\TZKoNGt.exe
  2⤵
  PID:8148
- C:\Windows\System\DabxIEO.exe
  C:\Windows\System\DabxIEO.exe
  2⤵
  PID:7748
- C:\Windows\System\IMVUWmf.exe
  C:\Windows\System\IMVUWmf.exe
  2⤵
  PID:2936
- C:\Windows\System\jXnBiUr.exe
  C:\Windows\System\jXnBiUr.exe
  2⤵
  PID:1060
- C:\Windows\System\DMVjWhe.exe
  C:\Windows\System\DMVjWhe.exe
  2⤵
  PID:7204
- C:\Windows\System\honxMAF.exe
  C:\Windows\System\honxMAF.exe
  2⤵
  PID:1356
- C:\Windows\System\GFRTVxR.exe
  C:\Windows\System\GFRTVxR.exe
  2⤵
  PID:8168
- C:\Windows\System\fKsCdfd.exe
  C:\Windows\System\fKsCdfd.exe
  2⤵
  PID:7192
- C:\Windows\System\UBQeeDx.exe
  C:\Windows\System\UBQeeDx.exe
  2⤵
  PID:7324
- C:\Windows\System\BkcDQbE.exe
  C:\Windows\System\BkcDQbE.exe
  2⤵
  PID:6992
- C:\Windows\System\RicbTyD.exe
  C:\Windows\System\RicbTyD.exe
  2⤵
  PID:7396
- C:\Windows\System\TCUTgcY.exe
  C:\Windows\System\TCUTgcY.exe
  2⤵
  PID:7556
- C:\Windows\System\KZHdCqs.exe
  C:\Windows\System\KZHdCqs.exe
  2⤵
  PID:7612
- C:\Windows\System\FfexpbO.exe
  C:\Windows\System\FfexpbO.exe
  2⤵
  PID:6436
- C:\Windows\System\coBOekC.exe
  C:\Windows\System\coBOekC.exe
  2⤵
  PID:7808
- C:\Windows\System\mJTaSFQ.exe
  C:\Windows\System\mJTaSFQ.exe
  2⤵
  PID:7860
- C:\Windows\System\CKTkljF.exe
  C:\Windows\System\CKTkljF.exe
  2⤵
  PID:7900
- C:\Windows\System\HIaGigV.exe
  C:\Windows\System\HIaGigV.exe
  2⤵
  PID:8188
- C:\Windows\System\RWjgzPb.exe
  C:\Windows\System\RWjgzPb.exe
  2⤵
  PID:5336
- C:\Windows\System\UYeDDpu.exe
  C:\Windows\System\UYeDDpu.exe
  2⤵
  PID:8108
- C:\Windows\System\eBOkfxY.exe
  C:\Windows\System\eBOkfxY.exe
  2⤵
  PID:7276
- C:\Windows\System\LkhFSqk.exe
  C:\Windows\System\LkhFSqk.exe
  2⤵
  PID:7964
- C:\Windows\System\QnIAyQJ.exe
  C:\Windows\System\QnIAyQJ.exe
  2⤵
  PID:7428
- C:\Windows\System\XzlsfNL.exe
  C:\Windows\System\XzlsfNL.exe
  2⤵
  PID:6572
- C:\Windows\System\sjcqctN.exe
  C:\Windows\System\sjcqctN.exe
  2⤵
  PID:7340
- C:\Windows\System\DRXLzMx.exe
  C:\Windows\System\DRXLzMx.exe
  2⤵
  PID:7700
- C:\Windows\System\oFPBttn.exe
  C:\Windows\System\oFPBttn.exe
  2⤵
  PID:7856
- C:\Windows\System\sUwnPvI.exe
  C:\Windows\System\sUwnPvI.exe
  2⤵
  PID:8064
- C:\Windows\System\vAPKyzh.exe
  C:\Windows\System\vAPKyzh.exe
  2⤵
  PID:7692
- C:\Windows\System\LQKuJdh.exe
  C:\Windows\System\LQKuJdh.exe
  2⤵
  PID:7652
- C:\Windows\System\wcfCCMh.exe
  C:\Windows\System\wcfCCMh.exe
  2⤵
  PID:8208
- C:\Windows\System\GcaZMqi.exe
  C:\Windows\System\GcaZMqi.exe
  2⤵
  PID:8224
- C:\Windows\System\ZVfCfhX.exe
  C:\Windows\System\ZVfCfhX.exe
  2⤵
  PID:8312
- C:\Windows\System\rSRyjiq.exe
  C:\Windows\System\rSRyjiq.exe
  2⤵
  PID:8420
- C:\Windows\System\tOIHQvO.exe
  C:\Windows\System\tOIHQvO.exe
  2⤵
  PID:8436
- C:\Windows\System\oyhCJip.exe
  C:\Windows\System\oyhCJip.exe
  2⤵
  PID:8452
- C:\Windows\System\gGmphZO.exe
  C:\Windows\System\gGmphZO.exe
  2⤵
  PID:8484
- C:\Windows\System\ahGWEWr.exe
  C:\Windows\System\ahGWEWr.exe
  2⤵
  PID:8500
- C:\Windows\System\VEWFEvh.exe
  C:\Windows\System\VEWFEvh.exe
  2⤵
  PID:8516
- C:\Windows\System\LHsHVfZ.exe
  C:\Windows\System\LHsHVfZ.exe
  2⤵
  PID:8544
- C:\Windows\System\mRQDtxJ.exe
  C:\Windows\System\mRQDtxJ.exe
  2⤵
  PID:8564
- C:\Windows\System\pVfKKOJ.exe
  C:\Windows\System\pVfKKOJ.exe
  2⤵
  PID:8580
- C:\Windows\System\hJDQiPO.exe
  C:\Windows\System\hJDQiPO.exe
  2⤵
  PID:8596
- C:\Windows\System\rsVHLnO.exe
  C:\Windows\System\rsVHLnO.exe
  2⤵
  PID:8612
- C:\Windows\System\xDFmpaI.exe
  C:\Windows\System\xDFmpaI.exe
  2⤵
  PID:8628
- C:\Windows\System\CEhKNob.exe
  C:\Windows\System\CEhKNob.exe
  2⤵
  PID:8644
- C:\Windows\System\FLXBtUF.exe
  C:\Windows\System\FLXBtUF.exe
  2⤵
  PID:8660
- C:\Windows\System\XmcfWgx.exe
  C:\Windows\System\XmcfWgx.exe
  2⤵
  PID:8676
- C:\Windows\System\lyfwdGq.exe
  C:\Windows\System\lyfwdGq.exe
  2⤵
  PID:8724
- C:\Windows\System\EPFJfZC.exe
  C:\Windows\System\EPFJfZC.exe
  2⤵
  PID:8740
- C:\Windows\System\tuEplOl.exe
  C:\Windows\System\tuEplOl.exe
  2⤵
  PID:8764
- C:\Windows\System\EnyVufI.exe
  C:\Windows\System\EnyVufI.exe
  2⤵
  PID:8780
- C:\Windows\System\gZxThaE.exe
  C:\Windows\System\gZxThaE.exe
  2⤵
  PID:8796
- C:\Windows\System\LmIlFOf.exe
  C:\Windows\System\LmIlFOf.exe
  2⤵
  PID:8812
- C:\Windows\System\eIPidsm.exe
  C:\Windows\System\eIPidsm.exe
  2⤵
  PID:8828
- C:\Windows\System\iyrGjvV.exe
  C:\Windows\System\iyrGjvV.exe
  2⤵
  PID:8844
- C:\Windows\System\rxcnKyt.exe
  C:\Windows\System\rxcnKyt.exe
  2⤵
  PID:8860
- C:\Windows\System\IrebHFe.exe
  C:\Windows\System\IrebHFe.exe
  2⤵
  PID:8876
- C:\Windows\System\SyDAwJz.exe
  C:\Windows\System\SyDAwJz.exe
  2⤵
  PID:8892
- C:\Windows\System\CzOKxXe.exe
  C:\Windows\System\CzOKxXe.exe
  2⤵
  PID:8908
- C:\Windows\System\xjFMGBn.exe
  C:\Windows\System\xjFMGBn.exe
  2⤵
  PID:8924
- C:\Windows\System\pbornrg.exe
  C:\Windows\System\pbornrg.exe
  2⤵
  PID:8940
- C:\Windows\System\SVosWuq.exe
  C:\Windows\System\SVosWuq.exe
  2⤵
  PID:8956
- C:\Windows\System\aiHyFnG.exe
  C:\Windows\System\aiHyFnG.exe
  2⤵
  PID:8972
- C:\Windows\System\eufcjyU.exe
  C:\Windows\System\eufcjyU.exe
  2⤵
  PID:8992
- C:\Windows\System\RHRwMqz.exe
  C:\Windows\System\RHRwMqz.exe
  2⤵
  PID:9008
- C:\Windows\System\aTrJMrc.exe
  C:\Windows\System\aTrJMrc.exe
  2⤵
  PID:9024
- C:\Windows\System\GDBozHy.exe
  C:\Windows\System\GDBozHy.exe
  2⤵
  PID:9040
- C:\Windows\System\oPHuCVf.exe
  C:\Windows\System\oPHuCVf.exe
  2⤵
  PID:9060
- C:\Windows\System\xyPGjQG.exe
  C:\Windows\System\xyPGjQG.exe
  2⤵
  PID:9076
- C:\Windows\System\VLlxERx.exe
  C:\Windows\System\VLlxERx.exe
  2⤵
  PID:9104
- C:\Windows\System\LPfVcaH.exe
  C:\Windows\System\LPfVcaH.exe
  2⤵
  PID:9120
- C:\Windows\System\pTeCCNh.exe
  C:\Windows\System\pTeCCNh.exe
  2⤵
  PID:9136
- C:\Windows\System\IZcsusr.exe
  C:\Windows\System\IZcsusr.exe
  2⤵
  PID:9152
- C:\Windows\System\sxRlSTG.exe
  C:\Windows\System\sxRlSTG.exe
  2⤵
  PID:9168
- C:\Windows\System\PDrHLgK.exe
  C:\Windows\System\PDrHLgK.exe
  2⤵
  PID:9184
- C:\Windows\System\HJveGTj.exe
  C:\Windows\System\HJveGTj.exe
  2⤵
  PID:9200
- C:\Windows\System\WZDDypw.exe
  C:\Windows\System\WZDDypw.exe
  2⤵
  PID:7288
- C:\Windows\System\jUeKSmX.exe
  C:\Windows\System\jUeKSmX.exe
  2⤵
  PID:8232
- C:\Windows\System\VBQxCqT.exe
  C:\Windows\System\VBQxCqT.exe
  2⤵
  PID:8220
- C:\Windows\System\aNduuCQ.exe
  C:\Windows\System\aNduuCQ.exe
  2⤵
  PID:8160
- C:\Windows\System\hhLgTeE.exe
  C:\Windows\System\hhLgTeE.exe
  2⤵
  PID:7376
- C:\Windows\System\KInSOSi.exe
  C:\Windows\System\KInSOSi.exe
  2⤵
  PID:7740
- C:\Windows\System\uGMPZiD.exe
  C:\Windows\System\uGMPZiD.exe
  2⤵
  PID:8236
- C:\Windows\System\blFGCdM.exe
  C:\Windows\System\blFGCdM.exe
  2⤵
  PID:8248
- C:\Windows\System\KGTqKwX.exe
  C:\Windows\System\KGTqKwX.exe
  2⤵
  PID:8268
- C:\Windows\System\LOdsrzJ.exe
  C:\Windows\System\LOdsrzJ.exe
  2⤵
  PID:8356
- C:\Windows\System\iGPErGP.exe
  C:\Windows\System\iGPErGP.exe
  2⤵
  PID:8380
- C:\Windows\System\hITtRfR.exe
  C:\Windows\System\hITtRfR.exe
  2⤵
  PID:8396
- C:\Windows\System\qaHvbiG.exe
  C:\Windows\System\qaHvbiG.exe
  2⤵
  PID:8412
- C:\Windows\System\YEwjkvJ.exe
  C:\Windows\System\YEwjkvJ.exe
  2⤵
  PID:8432
- C:\Windows\System\mCqLDYI.exe
  C:\Windows\System\mCqLDYI.exe
  2⤵
  PID:8476
- C:\Windows\System\FRBzedj.exe
  C:\Windows\System\FRBzedj.exe
  2⤵
  PID:8508
- C:\Windows\System\rofBEQd.exe
  C:\Windows\System\rofBEQd.exe
  2⤵
  PID:8528
- C:\Windows\System\PKXjEtI.exe
  C:\Windows\System\PKXjEtI.exe
  2⤵
  PID:8608
- C:\Windows\System\XosHMEB.exe
  C:\Windows\System\XosHMEB.exe
  2⤵
  PID:8576
- C:\Windows\System\HFjudtc.exe
  C:\Windows\System\HFjudtc.exe
  2⤵
  PID:8672
- C:\Windows\System\dLzokdN.exe
  C:\Windows\System\dLzokdN.exe
  2⤵
  PID:8624
- C:\Windows\System\OjlMJHP.exe
  C:\Windows\System\OjlMJHP.exe
  2⤵
  PID:8656
- C:\Windows\System\APFFgvi.exe
  C:\Windows\System\APFFgvi.exe
  2⤵
  PID:8692
- C:\Windows\System\UXLBQwD.exe
  C:\Windows\System\UXLBQwD.exe
  2⤵
  PID:8752
- C:\Windows\System\hZixfWS.exe
  C:\Windows\System\hZixfWS.exe
  2⤵
  PID:8720
- C:\Windows\System\bkeMLDe.exe
  C:\Windows\System\bkeMLDe.exe
  2⤵
  PID:8756
- C:\Windows\System\FCiqsZn.exe
  C:\Windows\System\FCiqsZn.exe
  2⤵
  PID:8852
- C:\Windows\System\nocPjMc.exe
  C:\Windows\System\nocPjMc.exe
  2⤵
  PID:8884
- C:\Windows\System\yoNjqaH.exe
  C:\Windows\System\yoNjqaH.exe
  2⤵
  PID:8948
- C:\Windows\System\UXogTZH.exe
  C:\Windows\System\UXogTZH.exe
  2⤵
  PID:8804
- C:\Windows\System\SoEwqzx.exe
  C:\Windows\System\SoEwqzx.exe
  2⤵
  PID:8900
- C:\Windows\System\SbCSmkp.exe
  C:\Windows\System\SbCSmkp.exe
  2⤵
  PID:8964
- C:\Windows\System\gnnzEXr.exe
  C:\Windows\System\gnnzEXr.exe
  2⤵
  PID:9032
- C:\Windows\System\yclknco.exe
  C:\Windows\System\yclknco.exe
  2⤵
  PID:8736
- C:\Windows\System\WpyYbre.exe
  C:\Windows\System\WpyYbre.exe
  2⤵
  PID:9100
- C:\Windows\System\YAAOOZG.exe
  C:\Windows\System\YAAOOZG.exe
  2⤵
  PID:9176
- C:\Windows\System\evOimfu.exe
  C:\Windows\System\evOimfu.exe
  2⤵
  PID:7824
- C:\Windows\System\LiTHucK.exe
  C:\Windows\System\LiTHucK.exe
  2⤵
  PID:9088
- C:\Windows\System\HqlxiGz.exe
  C:\Windows\System\HqlxiGz.exe
  2⤵
  PID:8204
- C:\Windows\System\rmqZmtw.exe
  C:\Windows\System\rmqZmtw.exe
  2⤵
  PID:8104
- C:\Windows\System\dzuUWby.exe
  C:\Windows\System\dzuUWby.exe
  2⤵
  PID:9132
- C:\Windows\System\wePfWji.exe
  C:\Windows\System\wePfWji.exe
  2⤵
  PID:8296
- C:\Windows\System\OjQqink.exe
  C:\Windows\System\OjQqink.exe
  2⤵
  PID:8288
- C:\Windows\System\SUedwZH.exe
  C:\Windows\System\SUedwZH.exe
  2⤵
  PID:8364
- C:\Windows\System\hKRXSNL.exe
  C:\Windows\System\hKRXSNL.exe
  2⤵
  PID:8352
- C:\Windows\System\GWiMgAn.exe
  C:\Windows\System\GWiMgAn.exe
  2⤵
  PID:8320
- C:\Windows\System\AgbrNBT.exe
  C:\Windows\System\AgbrNBT.exe
  2⤵
  PID:8344
- C:\Windows\System\LEfsrYM.exe
  C:\Windows\System\LEfsrYM.exe
  2⤵
  PID:8392
- C:\Windows\System\ubuBkhn.exe
  C:\Windows\System\ubuBkhn.exe
  2⤵
  PID:8444
- C:\Windows\System\PvCdqZL.exe
  C:\Windows\System\PvCdqZL.exe
  2⤵
  PID:8468
- C:\Windows\System\LmyXZuG.exe
  C:\Windows\System\LmyXZuG.exe
  2⤵
  PID:8592
- C:\Windows\System\YRvOded.exe
  C:\Windows\System\YRvOded.exe
  2⤵
  PID:8792
- C:\Windows\System\QtUZOur.exe
  C:\Windows\System\QtUZOur.exe
  2⤵
  PID:8560
- C:\Windows\System\IKiGcit.exe
  C:\Windows\System\IKiGcit.exe
  2⤵
  PID:8284
- C:\Windows\System\jOiXcKN.exe
  C:\Windows\System\jOiXcKN.exe
  2⤵
  PID:8868
- C:\Windows\System\uuresWY.exe
  C:\Windows\System\uuresWY.exe
  2⤵
  PID:9128
- C:\Windows\System\LoSSbZN.exe
  C:\Windows\System\LoSSbZN.exe
  2⤵
  PID:8328
- C:\Windows\System\maYGiJT.exe
  C:\Windows\System\maYGiJT.exe
  2⤵
  PID:8448
- C:\Windows\System\HAwEqTZ.exe
  C:\Windows\System\HAwEqTZ.exe
  2⤵
  PID:8716
- C:\Windows\System\bnnVnGS.exe
  C:\Windows\System\bnnVnGS.exe
  2⤵
  PID:8916
- C:\Windows\System\HCehdEB.exe
  C:\Windows\System\HCehdEB.exe
  2⤵
  PID:8984
- C:\Windows\System\OPafANE.exe
  C:\Windows\System\OPafANE.exe
  2⤵
  PID:8308
- C:\Windows\System\JKNqSAe.exe
  C:\Windows\System\JKNqSAe.exe
  2⤵
  PID:8084
- C:\Windows\System\kUxsxJp.exe
  C:\Windows\System\kUxsxJp.exe
  2⤵
  PID:7600
- C:\Windows\System\lZnPMPs.exe
  C:\Windows\System\lZnPMPs.exe
  2⤵
  PID:1776
- C:\Windows\System\JWBJCdU.exe
  C:\Windows\System\JWBJCdU.exe
  2⤵
  PID:7660
- C:\Windows\System\VQiYhhW.exe
  C:\Windows\System\VQiYhhW.exe
  2⤵
  PID:8416
- C:\Windows\System\sDyRzVo.exe
  C:\Windows\System\sDyRzVo.exe
  2⤵
  PID:8512
- C:\Windows\System\qNpLrxC.exe
  C:\Windows\System\qNpLrxC.exe
  2⤵
  PID:8824
- C:\Windows\System\iFgdmzD.exe
  C:\Windows\System\iFgdmzD.exe
  2⤵
  PID:9016
- C:\Windows\System\vCtqAWR.exe
  C:\Windows\System\vCtqAWR.exe
  2⤵
  PID:8712
- C:\Windows\System\EYRtqOk.exe
  C:\Windows\System\EYRtqOk.exe
  2⤵
  PID:9196
- C:\Windows\System\jltOLhD.exe
  C:\Windows\System\jltOLhD.exe
  2⤵
  PID:8280
- C:\Windows\System\ZARCING.exe
  C:\Windows\System\ZARCING.exe
  2⤵
  PID:8408
- C:\Windows\System\IhKNFFh.exe
  C:\Windows\System\IhKNFFh.exe
  2⤵
  PID:9112
- C:\Windows\System\BbHKlkL.exe
  C:\Windows\System\BbHKlkL.exe
  2⤵
  PID:9144
- C:\Windows\System\dzpvpqD.exe
  C:\Windows\System\dzpvpqD.exe
  2⤵
  PID:8652
- C:\Windows\System\XIztFuv.exe
  C:\Windows\System\XIztFuv.exe
  2⤵
  PID:8272
- C:\Windows\System\zePBPZF.exe
  C:\Windows\System\zePBPZF.exe
  2⤵
  PID:9236
- C:\Windows\System\zdTBcxp.exe
  C:\Windows\System\zdTBcxp.exe
  2⤵
  PID:9252
- C:\Windows\System\mpLSTEP.exe
  C:\Windows\System\mpLSTEP.exe
  2⤵
  PID:9272
- C:\Windows\System\wtjieNL.exe
  C:\Windows\System\wtjieNL.exe
  2⤵
  PID:9292
- C:\Windows\System\LwTjVdj.exe
  C:\Windows\System\LwTjVdj.exe
  2⤵
  PID:9308
- C:\Windows\System\bSzmfBJ.exe
  C:\Windows\System\bSzmfBJ.exe
  2⤵
  PID:9324
- C:\Windows\System\ghWvXpu.exe
  C:\Windows\System\ghWvXpu.exe
  2⤵
  PID:9340
- C:\Windows\System\yUeSMcz.exe
  C:\Windows\System\yUeSMcz.exe
  2⤵
  PID:9364
- C:\Windows\System\KmHuzzQ.exe
  C:\Windows\System\KmHuzzQ.exe
  2⤵
  PID:9412
- C:\Windows\System\rAuxZkT.exe
  C:\Windows\System\rAuxZkT.exe
  2⤵
  PID:9428
- C:\Windows\System\TjQmuCN.exe
  C:\Windows\System\TjQmuCN.exe
  2⤵
  PID:9444
- C:\Windows\System\DyRidWM.exe
  C:\Windows\System\DyRidWM.exe
  2⤵
  PID:9464
- C:\Windows\System\gtJldok.exe
  C:\Windows\System\gtJldok.exe
  2⤵
  PID:9484
- C:\Windows\System\PxbRmHn.exe
  C:\Windows\System\PxbRmHn.exe
  2⤵
  PID:9504
- C:\Windows\System\HatZlMw.exe
  C:\Windows\System\HatZlMw.exe
  2⤵
  PID:9520
- C:\Windows\System\zOuctnu.exe
  C:\Windows\System\zOuctnu.exe
  2⤵
  PID:9536
- C:\Windows\System\biqcFXl.exe
  C:\Windows\System\biqcFXl.exe
  2⤵
  PID:9580
- C:\Windows\System\LuIiSfE.exe
  C:\Windows\System\LuIiSfE.exe
  2⤵
  PID:9596
- C:\Windows\System\JHlDInt.exe
  C:\Windows\System\JHlDInt.exe
  2⤵
  PID:9620
- C:\Windows\System\VWLXBIc.exe
  C:\Windows\System\VWLXBIc.exe
  2⤵
  PID:9636
- C:\Windows\System\pgZtqny.exe
  C:\Windows\System\pgZtqny.exe
  2⤵
  PID:9656
- C:\Windows\System\JQpTAcK.exe
  C:\Windows\System\JQpTAcK.exe
  2⤵
  PID:9672
- C:\Windows\System\jTVLaXh.exe
  C:\Windows\System\jTVLaXh.exe
  2⤵
  PID:9688
- C:\Windows\System\CVvyagD.exe
  C:\Windows\System\CVvyagD.exe
  2⤵
  PID:9712
- C:\Windows\System\JeTPXAP.exe
  C:\Windows\System\JeTPXAP.exe
  2⤵
  PID:9744
- C:\Windows\System\eilYVBX.exe
  C:\Windows\System\eilYVBX.exe
  2⤵
  PID:9764
- C:\Windows\System\oZEhuYf.exe
  C:\Windows\System\oZEhuYf.exe
  2⤵
  PID:9780
- C:\Windows\System\VHPrkas.exe
  C:\Windows\System\VHPrkas.exe
  2⤵
  PID:9796
- C:\Windows\System\SUtDQpm.exe
  C:\Windows\System\SUtDQpm.exe
  2⤵
  PID:9812
- C:\Windows\System\jEGurAP.exe
  C:\Windows\System\jEGurAP.exe
  2⤵
  PID:9828
- C:\Windows\System\iBCcbMX.exe
  C:\Windows\System\iBCcbMX.exe
  2⤵
  PID:9844
- C:\Windows\System\tNphasj.exe
  C:\Windows\System\tNphasj.exe
  2⤵
  PID:9860
- C:\Windows\System\UaAeBRM.exe
  C:\Windows\System\UaAeBRM.exe
  2⤵
  PID:9876
- C:\Windows\System\VVKgagv.exe
  C:\Windows\System\VVKgagv.exe
  2⤵
  PID:9892
- C:\Windows\System\WlQZueH.exe
  C:\Windows\System\WlQZueH.exe
  2⤵
  PID:9908
- C:\Windows\System\VXXbqzR.exe
  C:\Windows\System\VXXbqzR.exe
  2⤵
  PID:9924
- C:\Windows\System\LyaNEgW.exe
  C:\Windows\System\LyaNEgW.exe
  2⤵
  PID:9940
- C:\Windows\System\jlyWnSj.exe
  C:\Windows\System\jlyWnSj.exe
  2⤵
  PID:9956
- C:\Windows\System\POQKeLm.exe
  C:\Windows\System\POQKeLm.exe
  2⤵
  PID:9972
- C:\Windows\System\rpCgSaM.exe
  C:\Windows\System\rpCgSaM.exe
  2⤵
  PID:9988
- C:\Windows\System\qBuLJMF.exe
  C:\Windows\System\qBuLJMF.exe
  2⤵
  PID:10004
- C:\Windows\System\XFwuspE.exe
  C:\Windows\System\XFwuspE.exe
  2⤵
  PID:10024
- C:\Windows\System\ABghmEl.exe
  C:\Windows\System\ABghmEl.exe
  2⤵
  PID:10040
- C:\Windows\System\KmHRAwl.exe
  C:\Windows\System\KmHRAwl.exe
  2⤵
  PID:10056
- C:\Windows\System\HQyEBZG.exe
  C:\Windows\System\HQyEBZG.exe
  2⤵
  PID:10072
- C:\Windows\System\PZXSPXw.exe
  C:\Windows\System\PZXSPXw.exe
  2⤵
  PID:10096
- C:\Windows\System\qmgfeFq.exe
  C:\Windows\System\qmgfeFq.exe
  2⤵
  PID:10116
- C:\Windows\System\VtZGLQJ.exe
  C:\Windows\System\VtZGLQJ.exe
  2⤵
  PID:10132
- C:\Windows\System\xjSbGXH.exe
  C:\Windows\System\xjSbGXH.exe
  2⤵
  PID:10148
- C:\Windows\System\VAPHOhK.exe
  C:\Windows\System\VAPHOhK.exe
  2⤵
  PID:10192
- C:\Windows\System\vGOPloc.exe
  C:\Windows\System\vGOPloc.exe
  2⤵
  PID:10212
- C:\Windows\System\dVIOqzO.exe
  C:\Windows\System\dVIOqzO.exe
  2⤵
  PID:9244
- C:\Windows\System\QjFYVKz.exe
  C:\Windows\System\QjFYVKz.exe
  2⤵
  PID:9356
- C:\Windows\System\sVKssXF.exe
  C:\Windows\System\sVKssXF.exe
  2⤵
  PID:9000
- C:\Windows\System\kRJKEuT.exe
  C:\Windows\System\kRJKEuT.exe
  2⤵
  PID:8292
- C:\Windows\System\LJykdOk.exe
  C:\Windows\System\LJykdOk.exe
  2⤵
  PID:8588
- C:\Windows\System\CPRXsfr.exe
  C:\Windows\System\CPRXsfr.exe
  2⤵
  PID:9528
- C:\Windows\System\BGGocaG.exe
  C:\Windows\System\BGGocaG.exe
  2⤵
  PID:9436
- C:\Windows\System\aWSBjVd.exe
  C:\Windows\System\aWSBjVd.exe
  2⤵
  PID:9512
- C:\Windows\System\dTkfmUA.exe
  C:\Windows\System\dTkfmUA.exe
  2⤵
  PID:9564
- C:\Windows\System\aEmGWCj.exe
  C:\Windows\System\aEmGWCj.exe
  2⤵
  PID:9604
- C:\Windows\System\HclCCxd.exe
  C:\Windows\System\HclCCxd.exe
  2⤵
  PID:9608
- C:\Windows\System\cfQkNPL.exe
  C:\Windows\System\cfQkNPL.exe
  2⤵
  PID:9680
- C:\Windows\System\riTYUzg.exe
  C:\Windows\System\riTYUzg.exe
  2⤵
  PID:9700
- C:\Windows\System\SDDeIVP.exe
  C:\Windows\System\SDDeIVP.exe
  2⤵
  PID:9056
- C:\Windows\System\huvgVam.exe
  C:\Windows\System\huvgVam.exe
  2⤵
  PID:9384
- C:\Windows\System\DkiyjXu.exe
  C:\Windows\System\DkiyjXu.exe
  2⤵
  PID:9408
- C:\Windows\System\ItSsIlg.exe
  C:\Windows\System\ItSsIlg.exe
  2⤵
  PID:9752
- C:\Windows\System\AMUSJrE.exe
  C:\Windows\System\AMUSJrE.exe
  2⤵
  PID:9852
- C:\Windows\System\OJiMFhD.exe
  C:\Windows\System\OJiMFhD.exe
  2⤵
  PID:9916
- C:\Windows\System\PGLGIQr.exe
  C:\Windows\System\PGLGIQr.exe
  2⤵
  PID:9984
- C:\Windows\System\XhVFBvz.exe
  C:\Windows\System\XhVFBvz.exe
  2⤵
  PID:10048
- C:\Windows\System\qHFKScn.exe
  C:\Windows\System\qHFKScn.exe
  2⤵
  PID:10088
- C:\Windows\System\agRlMWT.exe
  C:\Windows\System\agRlMWT.exe
  2⤵
  PID:10128
- C:\Windows\System\KKaeJae.exe
  C:\Windows\System\KKaeJae.exe
  2⤵
  PID:10168
- C:\Windows\System\dSXvnyT.exe
  C:\Windows\System\dSXvnyT.exe
  2⤵
  PID:10180
- C:\Windows\System\qLWJEZF.exe
  C:\Windows\System\qLWJEZF.exe
  2⤵
  PID:9872
- C:\Windows\System\QPdtUqQ.exe
  C:\Windows\System\QPdtUqQ.exe
  2⤵
  PID:9776
- C:\Windows\System\gJePiIp.exe
  C:\Windows\System\gJePiIp.exe
  2⤵
  PID:10140
- C:\Windows\System\mTJauUx.exe
  C:\Windows\System\mTJauUx.exe
  2⤵
  PID:10032
- C:\Windows\System\LxTDsCT.exe
  C:\Windows\System\LxTDsCT.exe
  2⤵
  PID:10200
- C:\Windows\System\YdHHkbb.exe
  C:\Windows\System\YdHHkbb.exe
  2⤵
  PID:10220
- C:\Windows\System\zdSSPpA.exe
  C:\Windows\System\zdSSPpA.exe
  2⤵
  PID:9320
- C:\Windows\System\dCXfzgF.exe
  C:\Windows\System\dCXfzgF.exe
  2⤵
  PID:8732
- C:\Windows\System\VrdHwgF.exe
  C:\Windows\System\VrdHwgF.exe
  2⤵
  PID:9208
- C:\Windows\System\kGsnVWo.exe
  C:\Windows\System\kGsnVWo.exe
  2⤵
  PID:9496
- C:\Windows\System\NLJghBw.exe
  C:\Windows\System\NLJghBw.exe
  2⤵
  PID:9268
- C:\Windows\System\tDUOTZf.exe
  C:\Windows\System\tDUOTZf.exe
  2⤵
  PID:9376
- C:\Windows\System\BgpkNyB.exe
  C:\Windows\System\BgpkNyB.exe
  2⤵
  PID:10224
- C:\Windows\System\qThIjDd.exe
  C:\Windows\System\qThIjDd.exe
  2⤵
  PID:9440
- C:\Windows\System\ucppuRF.exe
  C:\Windows\System\ucppuRF.exe
  2⤵
  PID:9548
- C:\Windows\System\gJpphAC.exe
  C:\Windows\System\gJpphAC.exe
  2⤵
  PID:9628
- C:\Windows\System\fcApPwz.exe
  C:\Windows\System\fcApPwz.exe
  2⤵
  PID:9632
- C:\Windows\System\yNSZGSo.exe
  C:\Windows\System\yNSZGSo.exe
  2⤵
  PID:9696
- C:\Windows\System\LPHhGcq.exe
  C:\Windows\System\LPHhGcq.exe
  2⤵
  PID:9228
- C:\Windows\System\NgRiaCV.exe
  C:\Windows\System\NgRiaCV.exe
  2⤵
  PID:9380
- C:\Windows\System\CyshCtL.exe
  C:\Windows\System\CyshCtL.exe
  2⤵
  PID:9760
- C:\Windows\System\bpzpQSl.exe
  C:\Windows\System\bpzpQSl.exe
  2⤵
  PID:9820
- C:\Windows\System\gBkRnqk.exe
  C:\Windows\System\gBkRnqk.exe
  2⤵
  PID:9884
- C:\Windows\System\NwUZLVg.exe
  C:\Windows\System\NwUZLVg.exe
  2⤵
  PID:10124
- C:\Windows\System\gNHnlrB.exe
  C:\Windows\System\gNHnlrB.exe
  2⤵
  PID:10092
- C:\Windows\System\wzVaixO.exe
  C:\Windows\System\wzVaixO.exe
  2⤵
  PID:10084
- C:\Windows\System\NbBQcmN.exe
  C:\Windows\System\NbBQcmN.exe
  2⤵
  PID:9996
- C:\Windows\System\OcfzKwz.exe
  C:\Windows\System\OcfzKwz.exe
  2⤵
  PID:8700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ADGLovU.exe

Filesize
6.0MB

MD5
cb367abe8c0a8265b63cfa91c8db6171

SHA1
b6b656dd0c95ba214da0ced6298d6617f43a40cc

SHA256
1295372e6c309fc1b44b40336dac8d4354bec3187fd284c7909ddcd962cccef3

SHA512
d21dd84c923cdf89ed17ee3f776207eaf1490f6935e73b370e2194efdc60447ef82c807825edf45b1482b8f57c1677e8b681f8dc7a6ab30bab82c5f102473c8b

Download Submit
C:\Windows\system\AVGKHyL.exe

Filesize
6.0MB

MD5
11583820929fca8c8db3903a90b1b52b

SHA1
8a110a708fe3815c9bb1cf194736af7c7da018fa

SHA256
7fadaf719f4f9a5542100832891bc55ebc4cfc8916f2ae75f5a1211fc10b92fc

SHA512
1e30f63e34b5029bff842eeb81f7b8f926eac295e0a192b7c959fb0978dc7043ebc10c947a83065b00f913b93d4c3d93ca22fa33898639b42c640adb574cc98a

Download Submit
C:\Windows\system\BFDHKYn.exe

Filesize
6.0MB

MD5
03a183d3d00be32e1ddef535fc470816

SHA1
cfe7b731b90bd7af9bfcfd9eb26f0971c1d30a4f

SHA256
a5da75419d11041612f719d805536b888f29bc3353a95d0bf167243be7c3c9cf

SHA512
2d1129b287b038bdf747024f4b5cafc1e073ef35a833d331ee4a86ddeb99e9986d7b2604081062300dd0941f4b109a65bce0072553b93ff03bd3f9d6f17ae83e

Download Submit
C:\Windows\system\BQjQbBe.exe

Filesize
6.0MB

MD5
a3abef9ba1dfa4dd4a887cd5b7fcf5c6

SHA1
9f8de033027bbdc3b2483b9e0e597ab433e31b22

SHA256
a42eb3084cca58c490b10929fed019a4eb0f879494e873a7df99dbabffd7862c

SHA512
ac2f84c4f44638b4374709b789e4feb0b11128bb35141db5dc8fe9c864baa8a57261711894a2893d4ff910e393c86a0c00b27d40fe58c7cf7908eabedf691a71

Download Submit
C:\Windows\system\ERySbrf.exe

Filesize
6.0MB

MD5
d7718cc6b37659f576dc031d216a3daf

SHA1
974aa3d33da37dbf55a09c649454aeaad733ccb2

SHA256
318bd2049ee99062fdb8ae3d3c1a5345b04d84df74ec057876aeeebf485d4c3c

SHA512
88e727fb7b421a1e1919538cdaedea524c0001e2f56f3c084f2eb122340c48524d07678dca25f4906338ee7035ab4e4048f05e93bae99ea2c04b2564d601ee2a

Download Submit
C:\Windows\system\HDxshXy.exe

Filesize
6.0MB

MD5
c47fd8faf1ee8a1ab6884cfeedefcd5e

SHA1
d3f3bb8834e6d12d21e2d2670aa978c4a7b431c8

SHA256
2b172a3a3954f1d8b5fc615f9689711387a30453de2c4b26beb00424a95d2495

SHA512
d4154ed3e847bb393794d6608a2bcf6483412abb782b42a3a10f3ca55d5d7c2e05edf8911a69d7cee23e7c45c948a2ee9a952889678c431f67aeeaabb398960a

Download Submit
C:\Windows\system\HQBUlAN.exe

Filesize
6.0MB

MD5
8861e9d02de4358572de0b7bc0fb820f

SHA1
c1471ce209b83ccecb06ebe4b009116b27fe3de9

SHA256
5c1931a24dbd707f6359371ff4405011dfec41d65b4bc9a69bf85a3e862cd3ab

SHA512
7f7f31301ba04bba8c351ae14e032e2374a0acf252aeda884f4ce713d57a5872aa8a3ce57be0c327abe3d31a57f785917d9e826a7876f2057e7579092b37a217

Download Submit
C:\Windows\system\MjuOprU.exe

Filesize
6.0MB

MD5
f179102407d2cd951d78047d4162c0f3

SHA1
70b80235eb5299fc313ba1b9b6ee35ad9c68e214

SHA256
749b8533294a41b237b3422c56b5df931a04043d9cee6be920ae22a45d5e97c7

SHA512
8b2bd88306c308f25a9024b33c6c37a71ed3d69043d329bc2809bb692e9eb1421173e3ec401ad508bfb49765809fab8027cacb378f713b1d19f5c5afdc1c5563

Download Submit
C:\Windows\system\PYVFyQI.exe

Filesize
6.0MB

MD5
caddba08971b609b36b2db301d65988b

SHA1
c83c0872f3b2e6a6ce95ea7264d6efe7062e68b0

SHA256
ad16e4e0c30eb08f272556b38838f803c91e07eafeadb4d3ad0c4457fcc65d7e

SHA512
743528f7e64db2a6b20f27f8d6db738caefce8fb01745c5478c4b7759e65dce118a2f491a62c2144130f2142f09998f5bc95c6af4fc789fc5fd719f4c8dbe5d6

Download Submit
C:\Windows\system\QmRklnv.exe

Filesize
6.0MB

MD5
43c7ce68f007ab409257e790e62a9952

SHA1
c925ecc1ad6b4c4193ce8c25a3321235a348d73c

SHA256
f51550f5bfb3f0ca7ccc28660c3f6fda7cb23162253371da98ca0cc1eb8b34c2

SHA512
c6ad7cdb3de9c50869fee0c0a35892d595169d078878e674e23c5c52889d2e344c912fd0225017be9ec165a72a0c6e000b5d2f301ec174c6c7de0eb9779af3ec

Download Submit
C:\Windows\system\RrESqLz.exe

Filesize
6.0MB

MD5
c7e7dea40143f2908cb8d2abadddb2bd

SHA1
558f876409ea1a144c267d5886ed09070a8051d9

SHA256
9378985b5aa9cdd09525041c728486b57bbbfb6bb44746053534f94d3c407369

SHA512
ca54179c9edcd893fe8f0fb67a1770ca371ab59b3fc8d627da4f4289e349f35b9372a1ed7c030859402c868dce9514e313a96aa8c36ab079e3f24c99dfcf1e56

Download Submit
C:\Windows\system\SPelyWd.exe

Filesize
6.0MB

MD5
312b8438ef6f66f0abff681b2e0c14df

SHA1
63d8a14179f0b860c2011264f2e72419317f7918

SHA256
9c7887ed6ca93f8bb9b01c10d668cc94d2542657ab5bc029dfdb8edc0683d6c8

SHA512
984bcd4f5e2ed557b1aa462ccb2313526e40ba2083b92004725cbab6f0f149a47a7d72db48d552bc7b243ea1cdf891d351ab7b69c1a45856b42d2ce08695116e

Download Submit
C:\Windows\system\TsHUJZs.exe

Filesize
6.0MB

MD5
b621b4cfa94a08711647703520c59f7b

SHA1
4ce8fa0605d42e6da23fbf7244a1da4d6fb2669d

SHA256
f252b508f8174e0456350b1fab0a34df65e6bfa22c10dcfba0089c0daa3278b1

SHA512
72f3503dbbc37e77315d82b42f0cd7847f336f4ca588bcf0dbf82c7e93203b6ab3501ac8ce7da186166a90145eb1746ac07714e5da6efed661b3d7f28eaaa362

Download Submit
C:\Windows\system\UABsVrK.exe

Filesize
6.0MB

MD5
5bf42a8c119b4d0f59b4699930bb6862

SHA1
19ecefcd1b6ddf8db7af4640835ed4a43a5febeb

SHA256
f9f8f728232eac6ef7242f62f9a1e11698d3305178a4d497b5e2df46fd21c092

SHA512
b98bd6654b773c98a44cc8c2e9d0692b26a7e992f1e559cd3a7f3c1cc8111ed30ab235e14c5b288fc34942a75ea4f695589568de0dd1c7f56578dc7a54cabd67

Download Submit
C:\Windows\system\UTKERpC.exe

Filesize
6.0MB

MD5
8af89f4c1bf672c65b34fbdfc54a4fa1

SHA1
768ba9bca37533f0fc76cb40509386bb7748b7c8

SHA256
879baf36e5eff6665fc806a9164304c7c2a33d6fa04f3df004315b59d2e28c73

SHA512
8fea33f4f825af4ae5e6de544dbb203bb991a45c56a704fff042d9108be02120a8d8e6f0f22ceaa011290faf6108e7a2e9b85864d3a6b489edebbc81660f951a

Download Submit
C:\Windows\system\UazONHl.exe

Filesize
6.0MB

MD5
2a17739b1cb3379a416d4c3c0ed8977a

SHA1
c6f3908fa9619b9e7ce1669716c2e702a872ff9d

SHA256
47c3c14acd77539d0d76689ff62dfc32dde8bac8897dcf4eb8988afb3dc081f7

SHA512
2f446aaa013aa6e529731766cb176a37d241781eb59f1984df52d0d0207cdfbcb5750e101b38f29e4f2ab696ea2b672750919b37e79dbc0090cc262fd721faa7

Download Submit
C:\Windows\system\VJDosqD.exe

Filesize
6.0MB

MD5
15e6a73e3223e58d252e12b0d9809c7e

SHA1
fb50168a2330db47852408de2658beb695ecb6a7

SHA256
cdc96a75536d3f94a0012f9af85590758e04adb163d0683a966b2186525ccba1

SHA512
8f9e422e96e412601d585dfe9794ce02658c7d0083ff9e23cb811d310a400e32d1b3fb8dd92b1d8c35db66aa6885d8c78130376e65ac86453b92fd0ed04c7d20

Download Submit
C:\Windows\system\XxlqvDJ.exe

Filesize
6.0MB

MD5
bb8869cb1eb4983ac0f0d04016b6840a

SHA1
507fbd513621ed45d972e353567acfd83b4a6dc3

SHA256
276e6f203a970f0393d1a8c46c2f804b383f87a9928cc147f1a5c00e21a0f008

SHA512
261a7eb31c2f45fc933f709a519d9508efdbec461267b899fd6082e15f9093bb6b939996f4eae0f14f075364bae381f25a08d61828f87e0f64518379e99a05b6

Download Submit
C:\Windows\system\YpQXwmX.exe

Filesize
6.0MB

MD5
a11d79e65884e6855f91dbe24a2c6c36

SHA1
07897ae978f0377e1831a5aed4a84210fcd0d2f2

SHA256
451717dc02b9dad44ccd37c92bab96241b590af2d0dfabc7a57d5164bf27c946

SHA512
c006d73001b93cfdd19a687ce1ee00d43701f25d4b01ef870a9b9ef0bc92ceab9cadff07ae135ef93d6db906b2486bf17b0ef42087c3b467550a4947a5dde488

Download Submit
C:\Windows\system\ZMDYsbz.exe

Filesize
6.0MB

MD5
4138c15ab532fd177fc49089b37e2f1e

SHA1
18bb186ad4fa65e881d3241f6c6d1c5e615d8fd2

SHA256
023638a000c2591153ab50d1d2c621e88e127ab3c0aafa4881215b5377788a03

SHA512
c25fb64a0971818316b09770c41c80f65b7f35b2d3bc21fc64a78ddf9e09777f495d68b2d6621766846f6c7e97f6788e933e2e2fbdb5688d1255e742a66f1fdf

Download Submit
C:\Windows\system\ZvAsIbj.exe

Filesize
6.0MB

MD5
0581938b06a160fe081d9a8e428175e9

SHA1
a50c34029d985dc31a8c31f5ced511099ca6502e

SHA256
f0522846ad6e0db4d4405a5c43c241a82a7e0bac2d175b13955ca5b0aab15bd8

SHA512
22a71f832f28f66c49f0839034202ea726938dd774adf71fc44a89d308dfe43f38c26c0adfa1d4c7a2bf3ee690a1151e895533ba2f0d74af32b1f80f42cab55e

Download Submit
C:\Windows\system\akEndBg.exe

Filesize
6.0MB

MD5
754dabe1628d81065bb22769758d40d9

SHA1
269a11dc2a76cdc00873ba3cad64b1dfcd3cd4b5

SHA256
8596dc7b9f7686f7791bf8a661607cfedd3e4a80c60eb60dd22dc4f96b721ce7

SHA512
e3996f57e4612125327c73a00b296f979868527a9f60acc065680144c53076b2d52f3a7b11f2d430822236799b3aefde1ec2beb884a8aca105724b788060a661

Download Submit
C:\Windows\system\carNAem.exe

Filesize
6.0MB

MD5
dc5dd34c3a1cc3268c0e489b74128a6a

SHA1
0283f614da5d7d0c05823fe4c695f8eb8e9ae189

SHA256
ebb20346ce9f222837540969ccf62bb21c156f5c816e3ec35c2fbc652689e542

SHA512
e8ba05675c74413ded344fed40c1a34df6ebfc223e949c4103de4b1230e9a3acd26afcbbb44aa569178be57a69a7b585eb96761cae2331f9dbffde24ed273d2f

Download Submit
C:\Windows\system\ezCesmC.exe

Filesize
6.0MB

MD5
9f917b14e89dc4e8fb59285ae4031531

SHA1
838d7ccdd864a0ff0683c84566a13482724d00f8

SHA256
6ae5b4cff28d21609a216816ef63dab8ac2815655f5281bbf8df0c363f66071d

SHA512
9ed540ebb3669f1e55fcd0ec46b9acb0e3d7d8c8496e2a70071c3d95333ee71d04d38d4f342fb80d66760b75a80dcf9aa50e13392b40b45a1db7329adbd6e8ff

Download Submit
C:\Windows\system\fAkdTLT.exe

Filesize
6.0MB

MD5
2bfb657721ed5ed14ed8d79354ef4f40

SHA1
640f6f9c61b9828800b4d5b967573d54a6cda1f6

SHA256
2a8438dee370beb660dd02c2b3043d596aa71d1bc9993a8f7a29f0637f900a83

SHA512
7558024ad003e07f5364b3a93e45e8bef69ef54d36c6fe9b3ef7ec0fecdddd4f88797e2460d5775f30c49508fab0a78b39e10ceb30fcf6b503e783ba921c3e19

Download Submit
C:\Windows\system\hsAYUhI.exe

Filesize
6.0MB

MD5
e2f7392c79a74dd3f1fb355aa64f9e12

SHA1
d3a39138e72de609ce6dc6650ae037935979a68b

SHA256
889733a98d2431cdb1fada2b3e642411eff01feed25a86fe28f8431cd652d234

SHA512
4edec162ec0d47ecd36af00420d872963bf7423c9adae0ae37fd5688197636a626e7491900fc99c01bd60f7398d498ce3801cb5f3ecbf38e197387b757d6b2e4

Download Submit
C:\Windows\system\iADFnsK.exe

Filesize
6.0MB

MD5
4188da52ebbe3a50487e0c7506c99559

SHA1
148c8b7394b5ea7116b2ee90fe090a615dad6bc4

SHA256
daa2c9a20c52ddca36b60ef2daa4b6cabdbb163e6cb94039254a6b884e8643e1

SHA512
e0859e90bb6e1b4c9300d60bdff49707b809f73208b0d2c50ee863b0c7bbfa921d690598164b41af14e67581d873cf3ad0f1d9c7fb4d8ec9fccaf8774dce1c01

Download Submit
C:\Windows\system\lGpjWOM.exe

Filesize
6.0MB

MD5
796cdd3dd08c5a425e6e33661f791585

SHA1
55e54cb4d3568bcd875263ae6ef8dbf5459f3b3e

SHA256
6f905094eca831f391b5cf597fc0e1c78ba1179cbf8f63452009368d777f4434

SHA512
cfe14bfae3f8fc9c180ab3fc2a2da539ec56c908fa8c80ab57482fab1735764b4ac5601bb8eccb1ba37ef74bd3d32419c044ab4698bd4acdece45614339ab570

Download Submit
C:\Windows\system\xfaiIwG.exe

Filesize
6.0MB

MD5
4c2520450b0205f20946cecc0cfe8280

SHA1
f00b5aadcb1b0148ca2b899b7fdba7e043cc3ab7

SHA256
e302f7d88a6e0b5d262a7037f26e5fa84f8d1f0fb61fa557cb5827ac871b5e25

SHA512
95c7b011a97b310dfb55e48e34a74eee741c3f11a3cf185ae52d30e5235d2d8cc43942b97430c87c5014334a66cf196d1484382af9d8a3b4ca13cd0b9e8a2bb8

Download Submit
C:\Windows\system\xkwBvSO.exe

Filesize
6.0MB

MD5
45c74e6f3a216ccd74c8d5afe17ffd3c

SHA1
2d9a1081e2675ea53ceae4e63f09fd7e89b14a29

SHA256
cf9d09ec5d1cb1343e7cdc601182ad936094da5f90374893aacd6e3e97e8e6c0

SHA512
f935f38abbb649d0fe9ad8112cb6ea2398323f47ee9d84e1dd4d13730754e14253b8cdae9b390aaf0848f31885c75098405593045a115c2c407c594cb2e64257

Download Submit
C:\Windows\system\yRECwsv.exe

Filesize
6.0MB

MD5
f066bbe8afe4516141a79b92c46df8a5

SHA1
49e0f35e825c7024f23b6714e016c02b992da15a

SHA256
96d41748e81a3e631308cac23c84784f4273639a3b977d3dc0142c329a38ae77

SHA512
8779f1c795f88bd9192c8a56050f002b8ef23dcb14a936c15dfa4a33c2b322775a18ac48dcf59f1edbdc136a073ad2590da0547509623bbabb7cfc970695c6b7

Download Submit
C:\Windows\system\yRhLTfG.exe

Filesize
6.0MB

MD5
fd379c6c8498cf8cf8f7da3f147f86f9

SHA1
bdc857d0eab13d35cd2803f2dba7b9284207077e

SHA256
eea86498037818f82342ffc45547db34868131ace40f7313c49291edeb878509

SHA512
1ac90d8789e757d2be793a4074500370b91e09b2f2bf126f526dd89dbbb1ceafd3666fa36c6f3568c3e429d1788842e5ef8018cf20a009042f2c1e27890c87e9

Download Submit
memory/1904-2715-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/1904-2871-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/1904-2158-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/1904-2096-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/1904-2899-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/1904-2225-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/1904-2904-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/1904-2044-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/1904-2877-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/1904-1788-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/1904-1786-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/1904-1832-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/1904-2878-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/1904-2872-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/1904-1878-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/1904-2849-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/1904-2850-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/1904-1958-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/1904-1918-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/1904-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1904-2841-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/1904-2842-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/1904-2296-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/1904-0-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/1904-2714-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2224-2298-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2224-3015-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2532-2262-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2532-3008-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2564-1917-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2564-3021-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2576-2224-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2576-3020-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2584-2032-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2584-3019-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2608-2157-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2608-3004-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2696-2094-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3010-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2708-2999-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-1876-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-2319-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2716-3011-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2808-2995-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1831-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2848-3000-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2848-1957-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download