xmrig | 596606f983b800d8c5f21a4dede8d310b9b047457d42f6dd5785c244884de3d0

Analysis

max time kernel
38s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27-04-2024 22:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
Size

1.7MB
MD5

03c1f1d1b4f6f25db55697178197e911
SHA1

bcdce77d95c524b2dae0bbcbc9154c8fda291e6e
SHA256

596606f983b800d8c5f21a4dede8d310b9b047457d42f6dd5785c244884de3d0
SHA512

30cabe5a72be742bd3e78ac2b59d7f78b0b6649f7c711f9acd0fbd3ee7abf026f781f4edc8186bbfc626ba4fc949cc45514016a0fc06114c4a40ea60ba3fc3d1
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82SGkMKPS:NABF

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 38 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/1080-60-0x00007FF6E0810000-0x00007FF6E0C02000-memory.dmp	xmrig
behavioral2/memory/5928-206-0x00007FF62E7F0000-0x00007FF62EBE2000-memory.dmp	xmrig
behavioral2/memory/5552-223-0x00007FF6252D0000-0x00007FF6256C2000-memory.dmp	xmrig
behavioral2/memory/644-229-0x00007FF6A1360000-0x00007FF6A1752000-memory.dmp	xmrig
behavioral2/memory/5924-228-0x00007FF62D5F0000-0x00007FF62D9E2000-memory.dmp	xmrig
behavioral2/memory/1656-227-0x00007FF6C08C0000-0x00007FF6C0CB2000-memory.dmp	xmrig
behavioral2/memory/5380-226-0x00007FF75C620000-0x00007FF75CA12000-memory.dmp	xmrig
behavioral2/memory/5328-225-0x00007FF7FC320000-0x00007FF7FC712000-memory.dmp	xmrig
behavioral2/memory/3376-224-0x00007FF66EDA0000-0x00007FF66F192000-memory.dmp	xmrig
behavioral2/memory/5932-216-0x00007FF7C34A0000-0x00007FF7C3892000-memory.dmp	xmrig
behavioral2/memory/5944-205-0x00007FF7543B0000-0x00007FF7547A2000-memory.dmp	xmrig
behavioral2/memory/4360-172-0x00007FF613F90000-0x00007FF614382000-memory.dmp	xmrig
behavioral2/memory/1960-157-0x00007FF67A250000-0x00007FF67A642000-memory.dmp	xmrig
behavioral2/memory/3272-143-0x00007FF71AAA0000-0x00007FF71AE92000-memory.dmp	xmrig
behavioral2/memory/5568-142-0x00007FF69E7B0000-0x00007FF69EBA2000-memory.dmp	xmrig
behavioral2/memory/1644-100-0x00007FF754950000-0x00007FF754D42000-memory.dmp	xmrig
behavioral2/memory/5444-83-0x00007FF7AB670000-0x00007FF7ABA62000-memory.dmp	xmrig
behavioral2/memory/5604-78-0x00007FF6A6A00000-0x00007FF6A6DF2000-memory.dmp	xmrig
behavioral2/memory/5048-68-0x00007FF6EF220000-0x00007FF6EF612000-memory.dmp	xmrig
behavioral2/memory/1428-1894-0x00007FF6F11D0000-0x00007FF6F15C2000-memory.dmp	xmrig
behavioral2/memory/4700-1885-0x00007FF608770000-0x00007FF608B62000-memory.dmp	xmrig
behavioral2/memory/5048-1951-0x00007FF6EF220000-0x00007FF6EF612000-memory.dmp	xmrig
behavioral2/memory/5604-1995-0x00007FF6A6A00000-0x00007FF6A6DF2000-memory.dmp	xmrig
behavioral2/memory/1080-1950-0x00007FF6E0810000-0x00007FF6E0C02000-memory.dmp	xmrig
behavioral2/memory/5552-1949-0x00007FF6252D0000-0x00007FF6256C2000-memory.dmp	xmrig
behavioral2/memory/5328-2128-0x00007FF7FC320000-0x00007FF7FC712000-memory.dmp	xmrig
behavioral2/memory/1960-2171-0x00007FF67A250000-0x00007FF67A642000-memory.dmp	xmrig
behavioral2/memory/1656-2168-0x00007FF6C08C0000-0x00007FF6C0CB2000-memory.dmp	xmrig
behavioral2/memory/5380-2188-0x00007FF75C620000-0x00007FF75CA12000-memory.dmp	xmrig
behavioral2/memory/4360-2211-0x00007FF613F90000-0x00007FF614382000-memory.dmp	xmrig
behavioral2/memory/644-2195-0x00007FF6A1360000-0x00007FF6A1752000-memory.dmp	xmrig
behavioral2/memory/5444-2194-0x00007FF7AB670000-0x00007FF7ABA62000-memory.dmp	xmrig
behavioral2/memory/5568-2185-0x00007FF69E7B0000-0x00007FF69EBA2000-memory.dmp	xmrig
behavioral2/memory/5944-2182-0x00007FF7543B0000-0x00007FF7547A2000-memory.dmp	xmrig
behavioral2/memory/5932-2187-0x00007FF7C34A0000-0x00007FF7C3892000-memory.dmp	xmrig
behavioral2/memory/5924-2179-0x00007FF62D5F0000-0x00007FF62D9E2000-memory.dmp	xmrig
behavioral2/memory/1644-2110-0x00007FF754950000-0x00007FF754D42000-memory.dmp	xmrig
behavioral2/memory/3272-2097-0x00007FF71AAA0000-0x00007FF71AE92000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

Processes:

powershell.exe

flow pid process

5 2056 powershell.exe
9 2056 powershell.exe

flow	pid	process
5	2056	powershell.exe
9	2056	powershell.exe

Executes dropped EXE 64 IoCs

Processes:

mYaIwnt.exeRVxrnoC.exeMmhnPXV.exeURwvArB.exeBDcvcNb.exeiofuoKI.exerEXmTQR.exePuvCSsU.exeDygsTHF.exeMDelRhP.exeyAWTQJZ.exeQwkzTrz.exeaibPgJP.exeQPJAYPL.exeoesYqty.exeTYFwmUM.exeAjsshjw.exeWLyNlOI.exeajrlzUc.exexMGTBBp.exeuPWiSit.exeWeiRNaP.exemLZHZeK.exejHHiyJi.exeFiZvsLq.exewXaCHSY.exeHqynVRK.exeUqdjdda.exeTxHBRVu.exexnFOSFz.exejqgddeS.exeCFJhyti.exeUnXJqnh.exetYaUuos.exeVgPGsCn.exeAUUYDEI.exeXmSaciP.exetHXhVZu.exeMqbsAky.exeYFzMwxy.exeYdKmmnb.exeveBgMCJ.exeAnaWMbt.exeVhigDJN.exexyJBzAF.exeqUHnfyM.exeAbiqqVS.exePmQiBmd.exeJsYTzuq.exeZPeTYDi.exeokVHfUR.exeGqzwxot.exenFSPaHd.execpdcefu.exeJlTqzhj.exeUcQpMQH.exeFvfUiLV.exekOiheza.exeKWbWpXB.exeNVFHMAp.exeOPJFEOX.execgQMITb.exeBzmQJqz.exeLiWxMEf.exe

pid	process
1428	mYaIwnt.exe
4700	RVxrnoC.exe
5552	MmhnPXV.exe
1080	URwvArB.exe
5048	BDcvcNb.exe
5604	iofuoKI.exe
5444	rEXmTQR.exe
1644	PuvCSsU.exe
3376	DygsTHF.exe
5328	MDelRhP.exe
5380	yAWTQJZ.exe
5568	QwkzTrz.exe
1656	aibPgJP.exe
3272	QPJAYPL.exe
1960	oesYqty.exe
4360	TYFwmUM.exe
5924	Ajsshjw.exe
5944	WLyNlOI.exe
5928	ajrlzUc.exe
5932	xMGTBBp.exe
644	uPWiSit.exe
5980	WeiRNaP.exe
2364	mLZHZeK.exe
5504	jHHiyJi.exe
4020	FiZvsLq.exe
2512	wXaCHSY.exe
5528	HqynVRK.exe
1320	Uqdjdda.exe
2420	TxHBRVu.exe
5292	xnFOSFz.exe
5820	jqgddeS.exe
1108	CFJhyti.exe
6064	UnXJqnh.exe
1660	tYaUuos.exe
5844	VgPGsCn.exe
3964	AUUYDEI.exe
3804	XmSaciP.exe
228	tHXhVZu.exe
3752	MqbsAky.exe
6032	YFzMwxy.exe
4160	YdKmmnb.exe
2840	veBgMCJ.exe
5132	AnaWMbt.exe
5032	VhigDJN.exe
1752	xyJBzAF.exe
4288	qUHnfyM.exe
2960	AbiqqVS.exe
2588	PmQiBmd.exe
3392	JsYTzuq.exe
5192	ZPeTYDi.exe
5124	okVHfUR.exe
3516	Gqzwxot.exe
4672	nFSPaHd.exe
4512	cpdcefu.exe
3772	JlTqzhj.exe
4916	UcQpMQH.exe
4112	FvfUiLV.exe
4992	kOiheza.exe
1856	KWbWpXB.exe
3536	NVFHMAp.exe
2468	OPJFEOX.exe
5556	cgQMITb.exe
5452	BzmQJqz.exe
5356	LiWxMEf.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3040-0-0x00007FF643C40000-0x00007FF644032000-memory.dmp	upx
C:\Windows\System\mYaIwnt.exe	upx
behavioral2/memory/1428-6-0x00007FF6F11D0000-0x00007FF6F15C2000-memory.dmp	upx
C:\Windows\System\RVxrnoC.exe	upx
behavioral2/memory/4700-14-0x00007FF608770000-0x00007FF608B62000-memory.dmp	upx
C:\Windows\System\MmhnPXV.exe	upx
C:\Windows\System\URwvArB.exe	upx
C:\Windows\System\BDcvcNb.exe	upx
C:\Windows\System\iofuoKI.exe	upx
C:\Windows\System\rEXmTQR.exe	upx
C:\Windows\System\PuvCSsU.exe	upx
behavioral2/memory/1080-60-0x00007FF6E0810000-0x00007FF6E0C02000-memory.dmp	upx
C:\Windows\System\yAWTQJZ.exe	upx
C:\Windows\System\QwkzTrz.exe	upx
C:\Windows\System\oesYqty.exe	upx
C:\Windows\System\ajrlzUc.exe	upx
C:\Windows\System\wXaCHSY.exe	upx
C:\Windows\System\uPWiSit.exe	upx
behavioral2/memory/5928-206-0x00007FF62E7F0000-0x00007FF62EBE2000-memory.dmp	upx
behavioral2/memory/5552-223-0x00007FF6252D0000-0x00007FF6256C2000-memory.dmp	upx
behavioral2/memory/644-229-0x00007FF6A1360000-0x00007FF6A1752000-memory.dmp	upx
behavioral2/memory/5924-228-0x00007FF62D5F0000-0x00007FF62D9E2000-memory.dmp	upx
behavioral2/memory/1656-227-0x00007FF6C08C0000-0x00007FF6C0CB2000-memory.dmp	upx
behavioral2/memory/5380-226-0x00007FF75C620000-0x00007FF75CA12000-memory.dmp	upx
behavioral2/memory/5328-225-0x00007FF7FC320000-0x00007FF7FC712000-memory.dmp	upx
behavioral2/memory/3376-224-0x00007FF66EDA0000-0x00007FF66F192000-memory.dmp	upx
behavioral2/memory/5932-216-0x00007FF7C34A0000-0x00007FF7C3892000-memory.dmp	upx
behavioral2/memory/5944-205-0x00007FF7543B0000-0x00007FF7547A2000-memory.dmp	upx
C:\Windows\System\VgPGsCn.exe	upx
C:\Windows\System\tYaUuos.exe	upx
C:\Windows\System\Uqdjdda.exe	upx
C:\Windows\System\HqynVRK.exe	upx
C:\Windows\System\TxHBRVu.exe	upx
C:\Windows\System\UnXJqnh.exe	upx
C:\Windows\System\CFJhyti.exe	upx
C:\Windows\System\FiZvsLq.exe	upx
C:\Windows\System\jqgddeS.exe	upx
behavioral2/memory/4360-172-0x00007FF613F90000-0x00007FF614382000-memory.dmp	upx
behavioral2/memory/1960-157-0x00007FF67A250000-0x00007FF67A642000-memory.dmp	upx
C:\Windows\System\jHHiyJi.exe	upx
C:\Windows\System\xnFOSFz.exe	upx
C:\Windows\System\mLZHZeK.exe	upx
C:\Windows\System\WLyNlOI.exe	upx
behavioral2/memory/3272-143-0x00007FF71AAA0000-0x00007FF71AE92000-memory.dmp	upx
behavioral2/memory/5568-142-0x00007FF69E7B0000-0x00007FF69EBA2000-memory.dmp	upx
C:\Windows\System\WeiRNaP.exe	upx
C:\Windows\System\TYFwmUM.exe	upx
C:\Windows\System\Ajsshjw.exe	upx
C:\Windows\System\xMGTBBp.exe	upx
behavioral2/memory/1644-100-0x00007FF754950000-0x00007FF754D42000-memory.dmp	upx
C:\Windows\System\QPJAYPL.exe	upx
C:\Windows\System\aibPgJP.exe	upx
behavioral2/memory/5444-83-0x00007FF7AB670000-0x00007FF7ABA62000-memory.dmp	upx
behavioral2/memory/5604-78-0x00007FF6A6A00000-0x00007FF6A6DF2000-memory.dmp	upx
C:\Windows\System\DygsTHF.exe	upx
behavioral2/memory/5048-68-0x00007FF6EF220000-0x00007FF6EF612000-memory.dmp	upx
C:\Windows\System\MDelRhP.exe	upx
behavioral2/memory/1428-1894-0x00007FF6F11D0000-0x00007FF6F15C2000-memory.dmp	upx
behavioral2/memory/4700-1885-0x00007FF608770000-0x00007FF608B62000-memory.dmp	upx
behavioral2/memory/5048-1951-0x00007FF6EF220000-0x00007FF6EF612000-memory.dmp	upx
behavioral2/memory/5604-1995-0x00007FF6A6A00000-0x00007FF6A6DF2000-memory.dmp	upx
behavioral2/memory/1080-1950-0x00007FF6E0810000-0x00007FF6E0C02000-memory.dmp	upx
behavioral2/memory/5552-1949-0x00007FF6252D0000-0x00007FF6256C2000-memory.dmp	upx
behavioral2/memory/5328-2128-0x00007FF7FC320000-0x00007FF7FC712000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

4 raw.githubusercontent.com
5 raw.githubusercontent.com

flow	ioc
4	raw.githubusercontent.com
5	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

Processes:

03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System\WeiRNaP.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\TxHBRVu.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\CFJhyti.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\iPbZgcY.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\oXLkrIr.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\iOTjSYT.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\uULtNCy.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\rnrtUgA.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\cNZiEJH.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\gcwmYAY.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\znxWWtN.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\xyJBzAF.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\qUHnfyM.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\rdPLzyb.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\InUYVHM.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\ugOcIVB.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\QtmFlpO.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\kgVvgxh.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\dZqbLQg.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\MOZdjrI.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\yCZAvWO.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\oesYqty.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\CxJSjgi.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\ZYEcyvP.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\CWoAYrp.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\WtYGqEK.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\pLUkDMu.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\LRYErwM.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\AiYrwTF.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\qtORPal.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\potrtuf.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\rEQLsAF.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\AdLniuv.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\omcQSRt.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\dENbFHE.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\MkLxLSE.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\kuJWmPv.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\PBmjsFQ.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\anDeNgw.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\vfdLiPa.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\yGrDUMD.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\NalmZxL.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\hYEjQkx.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\MDelRhP.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\tHXhVZu.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\PmQiBmd.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\nYvNvUc.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\UDlwKJR.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\veBvONH.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\TDYuLjU.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\tjddhWx.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\MzBLdIB.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\OmOCukX.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\lHrMWqD.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\BKuETFC.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\LKJVJuH.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\ppndApv.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\SqfZBmA.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\iKnsjkU.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\mGQokPg.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\tZNwkzU.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\RVxrnoC.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\AbiqqVS.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
File created	C:\Windows\System\IFGXRfY.exe	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

powershell.exe

pid process

2056 powershell.exe
2056 powershell.exe
2056 powershell.exe

pid	process
2056	powershell.exe
2056	powershell.exe
2056	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exepowershell.exe

description	pid	process
Token: SeLockMemoryPrivilege	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
Token: SeDebugPrivilege	2056	powershell.exe
Token: SeLockMemoryPrivilege	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe

description	pid	process	target process
PID 3040 wrote to memory of 2056	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	powershell.exe
PID 3040 wrote to memory of 2056	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	powershell.exe
PID 3040 wrote to memory of 1428	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	mYaIwnt.exe
PID 3040 wrote to memory of 1428	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	mYaIwnt.exe
PID 3040 wrote to memory of 4700	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	RVxrnoC.exe
PID 3040 wrote to memory of 4700	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	RVxrnoC.exe
PID 3040 wrote to memory of 5552	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	MmhnPXV.exe
PID 3040 wrote to memory of 5552	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	MmhnPXV.exe
PID 3040 wrote to memory of 1080	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	URwvArB.exe
PID 3040 wrote to memory of 1080	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	URwvArB.exe
PID 3040 wrote to memory of 5048	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	BDcvcNb.exe
PID 3040 wrote to memory of 5048	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	BDcvcNb.exe
PID 3040 wrote to memory of 5604	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	iofuoKI.exe
PID 3040 wrote to memory of 5604	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	iofuoKI.exe
PID 3040 wrote to memory of 5444	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	rEXmTQR.exe
PID 3040 wrote to memory of 5444	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	rEXmTQR.exe
PID 3040 wrote to memory of 1644	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	PuvCSsU.exe
PID 3040 wrote to memory of 1644	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	PuvCSsU.exe
PID 3040 wrote to memory of 3376	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	DygsTHF.exe
PID 3040 wrote to memory of 3376	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	DygsTHF.exe
PID 3040 wrote to memory of 5328	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	MDelRhP.exe
PID 3040 wrote to memory of 5328	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	MDelRhP.exe
PID 3040 wrote to memory of 5380	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	yAWTQJZ.exe
PID 3040 wrote to memory of 5380	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	yAWTQJZ.exe
PID 3040 wrote to memory of 5568	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	QwkzTrz.exe
PID 3040 wrote to memory of 5568	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	QwkzTrz.exe
PID 3040 wrote to memory of 1656	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	aibPgJP.exe
PID 3040 wrote to memory of 1656	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	aibPgJP.exe
PID 3040 wrote to memory of 3272	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	QPJAYPL.exe
PID 3040 wrote to memory of 3272	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	QPJAYPL.exe
PID 3040 wrote to memory of 1960	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	oesYqty.exe
PID 3040 wrote to memory of 1960	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	oesYqty.exe
PID 3040 wrote to memory of 4360	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	TYFwmUM.exe
PID 3040 wrote to memory of 4360	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	TYFwmUM.exe
PID 3040 wrote to memory of 644	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	uPWiSit.exe
PID 3040 wrote to memory of 644	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	uPWiSit.exe
PID 3040 wrote to memory of 5924	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	Ajsshjw.exe
PID 3040 wrote to memory of 5924	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	Ajsshjw.exe
PID 3040 wrote to memory of 5944	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	WLyNlOI.exe
PID 3040 wrote to memory of 5944	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	WLyNlOI.exe
PID 3040 wrote to memory of 5928	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	ajrlzUc.exe
PID 3040 wrote to memory of 5928	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	ajrlzUc.exe
PID 3040 wrote to memory of 5932	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	xMGTBBp.exe
PID 3040 wrote to memory of 5932	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	xMGTBBp.exe
PID 3040 wrote to memory of 5980	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	WeiRNaP.exe
PID 3040 wrote to memory of 5980	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	WeiRNaP.exe
PID 3040 wrote to memory of 2364	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	mLZHZeK.exe
PID 3040 wrote to memory of 2364	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	mLZHZeK.exe
PID 3040 wrote to memory of 5504	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	jHHiyJi.exe
PID 3040 wrote to memory of 5504	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	jHHiyJi.exe
PID 3040 wrote to memory of 4020	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	FiZvsLq.exe
PID 3040 wrote to memory of 4020	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	FiZvsLq.exe
PID 3040 wrote to memory of 2512	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	wXaCHSY.exe
PID 3040 wrote to memory of 2512	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	wXaCHSY.exe
PID 3040 wrote to memory of 5528	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	HqynVRK.exe
PID 3040 wrote to memory of 5528	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	HqynVRK.exe
PID 3040 wrote to memory of 1320	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	Uqdjdda.exe
PID 3040 wrote to memory of 1320	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	Uqdjdda.exe
PID 3040 wrote to memory of 2420	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	TxHBRVu.exe
PID 3040 wrote to memory of 2420	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	TxHBRVu.exe
PID 3040 wrote to memory of 1660	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	tYaUuos.exe
PID 3040 wrote to memory of 1660	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	tYaUuos.exe
PID 3040 wrote to memory of 5292	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	xnFOSFz.exe
PID 3040 wrote to memory of 5292	3040	03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe	xnFOSFz.exe

C:\Users\Admin\AppData\Local\Temp\03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\03c1f1d1b4f6f25db55697178197e911_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3040

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2056

C:\Windows\System\mYaIwnt.exe
C:\Windows\System\mYaIwnt.exe
2⤵
- Executes dropped EXE
PID:1428

C:\Windows\System\RVxrnoC.exe
C:\Windows\System\RVxrnoC.exe
2⤵
- Executes dropped EXE
PID:4700

C:\Windows\System\MmhnPXV.exe
C:\Windows\System\MmhnPXV.exe
2⤵
- Executes dropped EXE
PID:5552

C:\Windows\System\URwvArB.exe
C:\Windows\System\URwvArB.exe
2⤵
- Executes dropped EXE
PID:1080

C:\Windows\System\BDcvcNb.exe
C:\Windows\System\BDcvcNb.exe
2⤵
- Executes dropped EXE
PID:5048

C:\Windows\System\iofuoKI.exe
C:\Windows\System\iofuoKI.exe
2⤵
- Executes dropped EXE
PID:5604

C:\Windows\System\rEXmTQR.exe
C:\Windows\System\rEXmTQR.exe
2⤵
- Executes dropped EXE
PID:5444

C:\Windows\System\PuvCSsU.exe
C:\Windows\System\PuvCSsU.exe
2⤵
- Executes dropped EXE
PID:1644

C:\Windows\System\DygsTHF.exe
C:\Windows\System\DygsTHF.exe
2⤵
- Executes dropped EXE
PID:3376

C:\Windows\System\MDelRhP.exe
C:\Windows\System\MDelRhP.exe
2⤵
- Executes dropped EXE
PID:5328

C:\Windows\System\yAWTQJZ.exe
C:\Windows\System\yAWTQJZ.exe
2⤵
- Executes dropped EXE
PID:5380

C:\Windows\System\QwkzTrz.exe
C:\Windows\System\QwkzTrz.exe
2⤵
- Executes dropped EXE
PID:5568

C:\Windows\System\aibPgJP.exe
C:\Windows\System\aibPgJP.exe
2⤵
- Executes dropped EXE
PID:1656

C:\Windows\System\QPJAYPL.exe
C:\Windows\System\QPJAYPL.exe
2⤵
- Executes dropped EXE
PID:3272

C:\Windows\System\oesYqty.exe
C:\Windows\System\oesYqty.exe
2⤵
- Executes dropped EXE
PID:1960

C:\Windows\System\TYFwmUM.exe
C:\Windows\System\TYFwmUM.exe
2⤵
- Executes dropped EXE
PID:4360

C:\Windows\System\uPWiSit.exe
C:\Windows\System\uPWiSit.exe
2⤵
- Executes dropped EXE
PID:644

C:\Windows\System\Ajsshjw.exe
C:\Windows\System\Ajsshjw.exe
2⤵
- Executes dropped EXE
PID:5924

C:\Windows\System\WLyNlOI.exe
C:\Windows\System\WLyNlOI.exe
2⤵
- Executes dropped EXE
PID:5944

C:\Windows\System\ajrlzUc.exe
C:\Windows\System\ajrlzUc.exe
2⤵
- Executes dropped EXE
PID:5928

C:\Windows\System\xMGTBBp.exe
C:\Windows\System\xMGTBBp.exe
2⤵
- Executes dropped EXE
PID:5932

C:\Windows\System\WeiRNaP.exe
C:\Windows\System\WeiRNaP.exe
2⤵
- Executes dropped EXE
PID:5980

C:\Windows\System\mLZHZeK.exe
C:\Windows\System\mLZHZeK.exe
2⤵
- Executes dropped EXE
PID:2364

C:\Windows\System\jHHiyJi.exe
C:\Windows\System\jHHiyJi.exe
2⤵
- Executes dropped EXE
PID:5504

C:\Windows\System\FiZvsLq.exe
C:\Windows\System\FiZvsLq.exe
2⤵
- Executes dropped EXE
PID:4020

C:\Windows\System\wXaCHSY.exe
C:\Windows\System\wXaCHSY.exe
2⤵
- Executes dropped EXE
PID:2512

C:\Windows\System\HqynVRK.exe
C:\Windows\System\HqynVRK.exe
2⤵
- Executes dropped EXE
PID:5528

C:\Windows\System\Uqdjdda.exe
C:\Windows\System\Uqdjdda.exe
2⤵
- Executes dropped EXE
PID:1320

C:\Windows\System\TxHBRVu.exe
C:\Windows\System\TxHBRVu.exe
2⤵
- Executes dropped EXE
PID:2420

C:\Windows\System\tYaUuos.exe
C:\Windows\System\tYaUuos.exe
2⤵
- Executes dropped EXE
PID:1660

C:\Windows\System\xnFOSFz.exe
C:\Windows\System\xnFOSFz.exe
2⤵
- Executes dropped EXE
PID:5292

C:\Windows\System\jqgddeS.exe
C:\Windows\System\jqgddeS.exe
2⤵
- Executes dropped EXE
PID:5820

C:\Windows\System\CFJhyti.exe
C:\Windows\System\CFJhyti.exe
2⤵
- Executes dropped EXE
PID:1108

C:\Windows\System\UnXJqnh.exe
C:\Windows\System\UnXJqnh.exe
2⤵
- Executes dropped EXE
PID:6064

C:\Windows\System\VgPGsCn.exe
C:\Windows\System\VgPGsCn.exe
2⤵
- Executes dropped EXE
PID:5844

C:\Windows\System\AUUYDEI.exe
C:\Windows\System\AUUYDEI.exe
2⤵
- Executes dropped EXE
PID:3964

C:\Windows\System\XmSaciP.exe
C:\Windows\System\XmSaciP.exe
2⤵
- Executes dropped EXE
PID:3804

C:\Windows\System\tHXhVZu.exe
C:\Windows\System\tHXhVZu.exe
2⤵
- Executes dropped EXE
PID:228

C:\Windows\System\MqbsAky.exe
C:\Windows\System\MqbsAky.exe
2⤵
- Executes dropped EXE
PID:3752

C:\Windows\System\YFzMwxy.exe
C:\Windows\System\YFzMwxy.exe
2⤵
- Executes dropped EXE
PID:6032

C:\Windows\System\YdKmmnb.exe
C:\Windows\System\YdKmmnb.exe
2⤵
- Executes dropped EXE
PID:4160

C:\Windows\System\veBgMCJ.exe
C:\Windows\System\veBgMCJ.exe
2⤵
- Executes dropped EXE
PID:2840

C:\Windows\System\AnaWMbt.exe
C:\Windows\System\AnaWMbt.exe
2⤵
- Executes dropped EXE
PID:5132

C:\Windows\System\VhigDJN.exe
C:\Windows\System\VhigDJN.exe
2⤵
- Executes dropped EXE
PID:5032

C:\Windows\System\xyJBzAF.exe
C:\Windows\System\xyJBzAF.exe
2⤵
- Executes dropped EXE
PID:1752

C:\Windows\System\qUHnfyM.exe
C:\Windows\System\qUHnfyM.exe
2⤵
- Executes dropped EXE
PID:4288

C:\Windows\System\AbiqqVS.exe
C:\Windows\System\AbiqqVS.exe
2⤵
- Executes dropped EXE
PID:2960

C:\Windows\System\PmQiBmd.exe
C:\Windows\System\PmQiBmd.exe
2⤵
- Executes dropped EXE
PID:2588

C:\Windows\System\JsYTzuq.exe
C:\Windows\System\JsYTzuq.exe
2⤵
- Executes dropped EXE
PID:3392

C:\Windows\System\ZPeTYDi.exe
C:\Windows\System\ZPeTYDi.exe
2⤵
- Executes dropped EXE
PID:5192

C:\Windows\System\okVHfUR.exe
C:\Windows\System\okVHfUR.exe
2⤵
- Executes dropped EXE
PID:5124

C:\Windows\System\Gqzwxot.exe
C:\Windows\System\Gqzwxot.exe
2⤵
- Executes dropped EXE
PID:3516

C:\Windows\System\nFSPaHd.exe
C:\Windows\System\nFSPaHd.exe
2⤵
- Executes dropped EXE
PID:4672

C:\Windows\System\cpdcefu.exe
C:\Windows\System\cpdcefu.exe
2⤵
- Executes dropped EXE
PID:4512

C:\Windows\System\JlTqzhj.exe
C:\Windows\System\JlTqzhj.exe
2⤵
- Executes dropped EXE
PID:3772

C:\Windows\System\UcQpMQH.exe
C:\Windows\System\UcQpMQH.exe
2⤵
- Executes dropped EXE
PID:4916

C:\Windows\System\FvfUiLV.exe
C:\Windows\System\FvfUiLV.exe
2⤵
- Executes dropped EXE
PID:4112

C:\Windows\System\kOiheza.exe
C:\Windows\System\kOiheza.exe
2⤵
- Executes dropped EXE
PID:4992

C:\Windows\System\KWbWpXB.exe
C:\Windows\System\KWbWpXB.exe
2⤵
- Executes dropped EXE
PID:1856

C:\Windows\System\NVFHMAp.exe
C:\Windows\System\NVFHMAp.exe
2⤵
- Executes dropped EXE
PID:3536

C:\Windows\System\OPJFEOX.exe
C:\Windows\System\OPJFEOX.exe
2⤵
- Executes dropped EXE
PID:2468

C:\Windows\System\cgQMITb.exe
C:\Windows\System\cgQMITb.exe
2⤵
- Executes dropped EXE
PID:5556

C:\Windows\System\BzmQJqz.exe
C:\Windows\System\BzmQJqz.exe
2⤵
- Executes dropped EXE
PID:5452

C:\Windows\System\LiWxMEf.exe
C:\Windows\System\LiWxMEf.exe
2⤵
- Executes dropped EXE
PID:5356

C:\Windows\System\dumgQZR.exe
C:\Windows\System\dumgQZR.exe
2⤵
PID:4544

C:\Windows\System\GOsqWiz.exe
C:\Windows\System\GOsqWiz.exe
2⤵
PID:1448

C:\Windows\System\anDeNgw.exe
C:\Windows\System\anDeNgw.exe
2⤵
PID:4860

C:\Windows\System\jGiHJmt.exe
C:\Windows\System\jGiHJmt.exe
2⤵
PID:1716

C:\Windows\System\vSWlSDt.exe
C:\Windows\System\vSWlSDt.exe
2⤵
PID:2196

C:\Windows\System\LKJVJuH.exe
C:\Windows\System\LKJVJuH.exe
2⤵
PID:5964

C:\Windows\System\wKhfXtI.exe
C:\Windows\System\wKhfXtI.exe
2⤵
PID:6000

C:\Windows\System\rEQLsAF.exe
C:\Windows\System\rEQLsAF.exe
2⤵
PID:5500

C:\Windows\System\QYEredk.exe
C:\Windows\System\QYEredk.exe
2⤵
PID:1940

C:\Windows\System\QfXdAhU.exe
C:\Windows\System\QfXdAhU.exe
2⤵
PID:1084

C:\Windows\System\xTIljle.exe
C:\Windows\System\xTIljle.exe
2⤵
PID:2316

C:\Windows\System\gcwmYAY.exe
C:\Windows\System\gcwmYAY.exe
2⤵
PID:5384

C:\Windows\System\vfdLiPa.exe
C:\Windows\System\vfdLiPa.exe
2⤵
PID:5400

C:\Windows\System\nYvNvUc.exe
C:\Windows\System\nYvNvUc.exe
2⤵
PID:2168

C:\Windows\System\CxJSjgi.exe
C:\Windows\System\CxJSjgi.exe
2⤵
PID:5540

C:\Windows\System\SXAmgUy.exe
C:\Windows\System\SXAmgUy.exe
2⤵
PID:3084

C:\Windows\System\oBiUKTY.exe
C:\Windows\System\oBiUKTY.exe
2⤵
PID:3848

C:\Windows\System\BTqomKx.exe
C:\Windows\System\BTqomKx.exe
2⤵
PID:1996

C:\Windows\System\nsaTmXM.exe
C:\Windows\System\nsaTmXM.exe
2⤵
PID:4768

C:\Windows\System\bifqxLD.exe
C:\Windows\System\bifqxLD.exe
2⤵
PID:4248

C:\Windows\System\GcDdjTm.exe
C:\Windows\System\GcDdjTm.exe
2⤵
PID:5432

C:\Windows\System\rVwWDwJ.exe
C:\Windows\System\rVwWDwJ.exe
2⤵
PID:3120

C:\Windows\System\AOIAuvW.exe
C:\Windows\System\AOIAuvW.exe
2⤵
PID:3532

C:\Windows\System\MbnIpqn.exe
C:\Windows\System\MbnIpqn.exe
2⤵
PID:3952

C:\Windows\System\bhOivMZ.exe
C:\Windows\System\bhOivMZ.exe
2⤵
PID:1436

C:\Windows\System\JSEQgQK.exe
C:\Windows\System\JSEQgQK.exe
2⤵
PID:5164

C:\Windows\System\INQvWvM.exe
C:\Windows\System\INQvWvM.exe
2⤵
PID:5440

C:\Windows\System\VcFNAeP.exe
C:\Windows\System\VcFNAeP.exe
2⤵
PID:5344

C:\Windows\System\ZYgPAlG.exe
C:\Windows\System\ZYgPAlG.exe
2⤵
PID:5376

C:\Windows\System\RagYbSl.exe
C:\Windows\System\RagYbSl.exe
2⤵
PID:5920

C:\Windows\System\PLpHvKi.exe
C:\Windows\System\PLpHvKi.exe
2⤵
PID:5968

C:\Windows\System\BWhAqui.exe
C:\Windows\System\BWhAqui.exe
2⤵
PID:5472

C:\Windows\System\iWyspzj.exe
C:\Windows\System\iWyspzj.exe
2⤵
PID:6016

C:\Windows\System\kfnwatH.exe
C:\Windows\System\kfnwatH.exe
2⤵
PID:4600

C:\Windows\System\DTGJzfQ.exe
C:\Windows\System\DTGJzfQ.exe
2⤵
PID:2104

C:\Windows\System\ZXmomqG.exe
C:\Windows\System\ZXmomqG.exe
2⤵
PID:6036

C:\Windows\System\NyMSomh.exe
C:\Windows\System\NyMSomh.exe
2⤵
PID:1164

C:\Windows\System\RQSDtpK.exe
C:\Windows\System\RQSDtpK.exe
2⤵
PID:4488

C:\Windows\System\ZwIedPE.exe
C:\Windows\System\ZwIedPE.exe
2⤵
PID:2548

C:\Windows\System\UiRhnpZ.exe
C:\Windows\System\UiRhnpZ.exe
2⤵
PID:5320

C:\Windows\System\ArpmiWQ.exe
C:\Windows\System\ArpmiWQ.exe
2⤵
PID:2116

C:\Windows\System\sEdaABv.exe
C:\Windows\System\sEdaABv.exe
2⤵
PID:5100

C:\Windows\System\osjvNxu.exe
C:\Windows\System\osjvNxu.exe
2⤵
PID:5076

C:\Windows\System\tKIcgYd.exe
C:\Windows\System\tKIcgYd.exe
2⤵
PID:4520

C:\Windows\System\RavFlTO.exe
C:\Windows\System\RavFlTO.exe
2⤵
PID:5584

C:\Windows\System\ppndApv.exe
C:\Windows\System\ppndApv.exe
2⤵
PID:4560

C:\Windows\System\AdLniuv.exe
C:\Windows\System\AdLniuv.exe
2⤵
PID:4420

C:\Windows\System\yGrDUMD.exe
C:\Windows\System\yGrDUMD.exe
2⤵
PID:2852

C:\Windows\System\ZYEcyvP.exe
C:\Windows\System\ZYEcyvP.exe
2⤵
PID:3568

C:\Windows\System\WPWzkfN.exe
C:\Windows\System\WPWzkfN.exe
2⤵
PID:3288

C:\Windows\System\YEWkAVg.exe
C:\Windows\System\YEWkAVg.exe
2⤵
PID:4548

C:\Windows\System\lkXIfft.exe
C:\Windows\System\lkXIfft.exe
2⤵
PID:5776

C:\Windows\System\Vvbnmwn.exe
C:\Windows\System\Vvbnmwn.exe
2⤵
PID:4416

C:\Windows\System\omcQSRt.exe
C:\Windows\System\omcQSRt.exe
2⤵
PID:5896

C:\Windows\System\vooYNMG.exe
C:\Windows\System\vooYNMG.exe
2⤵
PID:5564

C:\Windows\System\TsmnDyH.exe
C:\Windows\System\TsmnDyH.exe
2⤵
PID:2184

C:\Windows\System\LiGQnyn.exe
C:\Windows\System\LiGQnyn.exe
2⤵
PID:5872

C:\Windows\System\iPbZgcY.exe
C:\Windows\System\iPbZgcY.exe
2⤵
PID:4868

C:\Windows\System\XDBdHID.exe
C:\Windows\System\XDBdHID.exe
2⤵
PID:3388

C:\Windows\System\NrIKXbS.exe
C:\Windows\System\NrIKXbS.exe
2⤵
PID:6068

C:\Windows\System\uVLKDOZ.exe
C:\Windows\System\uVLKDOZ.exe
2⤵
PID:2332

C:\Windows\System\sfpdRys.exe
C:\Windows\System\sfpdRys.exe
2⤵
PID:440

C:\Windows\System\IFGXRfY.exe
C:\Windows\System\IFGXRfY.exe
2⤵
PID:2228

C:\Windows\System\qzrWnzQ.exe
C:\Windows\System\qzrWnzQ.exe
2⤵
PID:3936

C:\Windows\System\GpLKVnX.exe
C:\Windows\System\GpLKVnX.exe
2⤵
PID:2188

C:\Windows\System\NalmZxL.exe
C:\Windows\System\NalmZxL.exe
2⤵
PID:6004

C:\Windows\System\PGgMPjn.exe
C:\Windows\System\PGgMPjn.exe
2⤵
PID:2816

C:\Windows\System\aQJimYB.exe
C:\Windows\System\aQJimYB.exe
2⤵
PID:4168

C:\Windows\System\esTmwJo.exe
C:\Windows\System\esTmwJo.exe
2⤵
PID:1648

C:\Windows\System\pRNmgVo.exe
C:\Windows\System\pRNmgVo.exe
2⤵
PID:6120

C:\Windows\System\wMMaUea.exe
C:\Windows\System\wMMaUea.exe
2⤵
PID:3384

C:\Windows\System\GtjwDNT.exe
C:\Windows\System\GtjwDNT.exe
2⤵
PID:5956

C:\Windows\System\UDlwKJR.exe
C:\Windows\System\UDlwKJR.exe
2⤵
PID:4192

C:\Windows\System\JTfxmiK.exe
C:\Windows\System\JTfxmiK.exe
2⤵
PID:5316

C:\Windows\System\qlAEyhz.exe
C:\Windows\System\qlAEyhz.exe
2⤵
PID:6052

C:\Windows\System\veBvONH.exe
C:\Windows\System\veBvONH.exe
2⤵
PID:2192

C:\Windows\System\yCZAvWO.exe
C:\Windows\System\yCZAvWO.exe
2⤵
PID:5412

C:\Windows\System\nGiMUtK.exe
C:\Windows\System\nGiMUtK.exe
2⤵
PID:6148

C:\Windows\System\zySiZlA.exe
C:\Windows\System\zySiZlA.exe
2⤵
PID:6172

C:\Windows\System\nsdJcZU.exe
C:\Windows\System\nsdJcZU.exe
2⤵
PID:6192

C:\Windows\System\CRiYXPm.exe
C:\Windows\System\CRiYXPm.exe
2⤵
PID:6212

C:\Windows\System\gCfdVKW.exe
C:\Windows\System\gCfdVKW.exe
2⤵
PID:6228

C:\Windows\System\CEogvNF.exe
C:\Windows\System\CEogvNF.exe
2⤵
PID:6252

C:\Windows\System\kXjVeWI.exe
C:\Windows\System\kXjVeWI.exe
2⤵
PID:6268

C:\Windows\System\lgyaROo.exe
C:\Windows\System\lgyaROo.exe
2⤵
PID:6296

C:\Windows\System\xwvaqaC.exe
C:\Windows\System\xwvaqaC.exe
2⤵
PID:6316

C:\Windows\System\FqrGhDh.exe
C:\Windows\System\FqrGhDh.exe
2⤵
PID:6336

C:\Windows\System\ijCuwRK.exe
C:\Windows\System\ijCuwRK.exe
2⤵
PID:6356

C:\Windows\System\EGfChIH.exe
C:\Windows\System\EGfChIH.exe
2⤵
PID:6376

C:\Windows\System\odcxEbJ.exe
C:\Windows\System\odcxEbJ.exe
2⤵
PID:6400

C:\Windows\System\KLiwOun.exe
C:\Windows\System\KLiwOun.exe
2⤵
PID:6424

C:\Windows\System\Fmmejjo.exe
C:\Windows\System\Fmmejjo.exe
2⤵
PID:6444

C:\Windows\System\VWoULSu.exe
C:\Windows\System\VWoULSu.exe
2⤵
PID:6476

C:\Windows\System\lWHbleQ.exe
C:\Windows\System\lWHbleQ.exe
2⤵
PID:6496

C:\Windows\System\snedOWI.exe
C:\Windows\System\snedOWI.exe
2⤵
PID:6516

C:\Windows\System\dZqbLQg.exe
C:\Windows\System\dZqbLQg.exe
2⤵
PID:6544

C:\Windows\System\yEDtgED.exe
C:\Windows\System\yEDtgED.exe
2⤵
PID:6572

C:\Windows\System\JHigQED.exe
C:\Windows\System\JHigQED.exe
2⤵
PID:6596

C:\Windows\System\CWoAYrp.exe
C:\Windows\System\CWoAYrp.exe
2⤵
PID:6620

C:\Windows\System\OkCRucu.exe
C:\Windows\System\OkCRucu.exe
2⤵
PID:6636

C:\Windows\System\KewhQIo.exe
C:\Windows\System\KewhQIo.exe
2⤵
PID:6656

C:\Windows\System\oKiWSTI.exe
C:\Windows\System\oKiWSTI.exe
2⤵
PID:6680

C:\Windows\System\uTOqDdh.exe
C:\Windows\System\uTOqDdh.exe
2⤵
PID:6700

C:\Windows\System\lbSiITy.exe
C:\Windows\System\lbSiITy.exe
2⤵
PID:6720

C:\Windows\System\wrdUeUV.exe
C:\Windows\System\wrdUeUV.exe
2⤵
PID:6744

C:\Windows\System\GQtYYNJ.exe
C:\Windows\System\GQtYYNJ.exe
2⤵
PID:6764

C:\Windows\System\CzjcScj.exe
C:\Windows\System\CzjcScj.exe
2⤵
PID:6788

C:\Windows\System\AArinnc.exe
C:\Windows\System\AArinnc.exe
2⤵
PID:6804

C:\Windows\System\nphGKDF.exe
C:\Windows\System\nphGKDF.exe
2⤵
PID:6828

C:\Windows\System\wwNNRYp.exe
C:\Windows\System\wwNNRYp.exe
2⤵
PID:6848

C:\Windows\System\PANmbHm.exe
C:\Windows\System\PANmbHm.exe
2⤵
PID:6868

C:\Windows\System\YdDQSYe.exe
C:\Windows\System\YdDQSYe.exe
2⤵
PID:6896

C:\Windows\System\ACAsOfy.exe
C:\Windows\System\ACAsOfy.exe
2⤵
PID:6912

C:\Windows\System\zZAwwUo.exe
C:\Windows\System\zZAwwUo.exe
2⤵
PID:6932

C:\Windows\System\FkqeoLr.exe
C:\Windows\System\FkqeoLr.exe
2⤵
PID:6952

C:\Windows\System\UDTSyJj.exe
C:\Windows\System\UDTSyJj.exe
2⤵
PID:6968

C:\Windows\System\pEWfJhp.exe
C:\Windows\System\pEWfJhp.exe
2⤵
PID:6992

C:\Windows\System\jQbfsOH.exe
C:\Windows\System\jQbfsOH.exe
2⤵
PID:7008

C:\Windows\System\ssqQlln.exe
C:\Windows\System\ssqQlln.exe
2⤵
PID:7032

C:\Windows\System\pzapaNT.exe
C:\Windows\System\pzapaNT.exe
2⤵
PID:7052

C:\Windows\System\YbJNdwB.exe
C:\Windows\System\YbJNdwB.exe
2⤵
PID:7072

C:\Windows\System\hYbxmmw.exe
C:\Windows\System\hYbxmmw.exe
2⤵
PID:7092

C:\Windows\System\auakGRu.exe
C:\Windows\System\auakGRu.exe
2⤵
PID:7116

C:\Windows\System\dOvoExt.exe
C:\Windows\System\dOvoExt.exe
2⤵
PID:7136

C:\Windows\System\MfsUhMQ.exe
C:\Windows\System\MfsUhMQ.exe
2⤵
PID:7156

C:\Windows\System\crTZwUS.exe
C:\Windows\System\crTZwUS.exe
2⤵
PID:4980

C:\Windows\System\zdDBzrb.exe
C:\Windows\System\zdDBzrb.exe
2⤵
PID:6132

C:\Windows\System\zIunSHi.exe
C:\Windows\System\zIunSHi.exe
2⤵
PID:3396

C:\Windows\System\cuVyYrZ.exe
C:\Windows\System\cuVyYrZ.exe
2⤵
PID:6208

C:\Windows\System\hRBOzpB.exe
C:\Windows\System\hRBOzpB.exe
2⤵
PID:6676

C:\Windows\System\FobPhWS.exe
C:\Windows\System\FobPhWS.exe
2⤵
PID:6392

C:\Windows\System\xPxPyVn.exe
C:\Windows\System\xPxPyVn.exe
2⤵
PID:6512

C:\Windows\System\wRnoypf.exe
C:\Windows\System\wRnoypf.exe
2⤵
PID:3976

C:\Windows\System\qKJVoLk.exe
C:\Windows\System\qKJVoLk.exe
2⤵
PID:2412

C:\Windows\System\dsIrXdy.exe
C:\Windows\System\dsIrXdy.exe
2⤵
PID:6248

C:\Windows\System\SlBmcva.exe
C:\Windows\System\SlBmcva.exe
2⤵
PID:6308

C:\Windows\System\QTnenFV.exe
C:\Windows\System\QTnenFV.exe
2⤵
PID:6288

C:\Windows\System\chyFwoY.exe
C:\Windows\System\chyFwoY.exe
2⤵
PID:6800

C:\Windows\System\AiYrwTF.exe
C:\Windows\System\AiYrwTF.exe
2⤵
PID:6372

C:\Windows\System\eljaCFG.exe
C:\Windows\System\eljaCFG.exe
2⤵
PID:6464

C:\Windows\System\vhzMhDr.exe
C:\Windows\System\vhzMhDr.exe
2⤵
PID:6860

C:\Windows\System\xSyZfpo.exe
C:\Windows\System\xSyZfpo.exe
2⤵
PID:7000

C:\Windows\System\ELkRJmN.exe
C:\Windows\System\ELkRJmN.exe
2⤵
PID:7084

C:\Windows\System\ZgJEJff.exe
C:\Windows\System\ZgJEJff.exe
2⤵
PID:7104

C:\Windows\System\rdPLzyb.exe
C:\Windows\System\rdPLzyb.exe
2⤵
PID:7016

C:\Windows\System\cQTdxYQ.exe
C:\Windows\System\cQTdxYQ.exe
2⤵
PID:7048

C:\Windows\System\uPFqkUT.exe
C:\Windows\System\uPFqkUT.exe
2⤵
PID:7176

C:\Windows\System\ZQgSAEX.exe
C:\Windows\System\ZQgSAEX.exe
2⤵
PID:7200

C:\Windows\System\KTJsGmv.exe
C:\Windows\System\KTJsGmv.exe
2⤵
PID:7216

C:\Windows\System\qxGHTzS.exe
C:\Windows\System\qxGHTzS.exe
2⤵
PID:7240

C:\Windows\System\zLvDdSO.exe
C:\Windows\System\zLvDdSO.exe
2⤵
PID:7260

C:\Windows\System\LRYErwM.exe
C:\Windows\System\LRYErwM.exe
2⤵
PID:7276

C:\Windows\System\pfxBUQE.exe
C:\Windows\System\pfxBUQE.exe
2⤵
PID:7296

C:\Windows\System\JDPLnYJ.exe
C:\Windows\System\JDPLnYJ.exe
2⤵
PID:7324

C:\Windows\System\iYWwCte.exe
C:\Windows\System\iYWwCte.exe
2⤵
PID:7340

C:\Windows\System\ZubdkyW.exe
C:\Windows\System\ZubdkyW.exe
2⤵
PID:7360

C:\Windows\System\aQCttIL.exe
C:\Windows\System\aQCttIL.exe
2⤵
PID:7388

C:\Windows\System\ZKbvxuK.exe
C:\Windows\System\ZKbvxuK.exe
2⤵
PID:7404

C:\Windows\System\NZDuTZM.exe
C:\Windows\System\NZDuTZM.exe
2⤵
PID:7424

C:\Windows\System\rvAGDOu.exe
C:\Windows\System\rvAGDOu.exe
2⤵
PID:7452

C:\Windows\System\FnNIOUF.exe
C:\Windows\System\FnNIOUF.exe
2⤵
PID:7472

C:\Windows\System\sNDPPZe.exe
C:\Windows\System\sNDPPZe.exe
2⤵
PID:7492

C:\Windows\System\nUATmPr.exe
C:\Windows\System\nUATmPr.exe
2⤵
PID:7516

C:\Windows\System\viKNRNe.exe
C:\Windows\System\viKNRNe.exe
2⤵
PID:7532

C:\Windows\System\MkLxLSE.exe
C:\Windows\System\MkLxLSE.exe
2⤵
PID:7552

C:\Windows\System\HxPJyoO.exe
C:\Windows\System\HxPJyoO.exe
2⤵
PID:7572

C:\Windows\System\CrotvSh.exe
C:\Windows\System\CrotvSh.exe
2⤵
PID:7592

C:\Windows\System\EmyPyaf.exe
C:\Windows\System\EmyPyaf.exe
2⤵
PID:7620

C:\Windows\System\wgpYtBQ.exe
C:\Windows\System\wgpYtBQ.exe
2⤵
PID:7636

C:\Windows\System\aMreUKb.exe
C:\Windows\System\aMreUKb.exe
2⤵
PID:7660

C:\Windows\System\leaQiMt.exe
C:\Windows\System\leaQiMt.exe
2⤵
PID:7680

C:\Windows\System\TDLvgUl.exe
C:\Windows\System\TDLvgUl.exe
2⤵
PID:7704

C:\Windows\System\SnFircE.exe
C:\Windows\System\SnFircE.exe
2⤵
PID:7724

C:\Windows\System\ioOzBJi.exe
C:\Windows\System\ioOzBJi.exe
2⤵
PID:7744

C:\Windows\System\agoTOLw.exe
C:\Windows\System\agoTOLw.exe
2⤵
PID:7764

C:\Windows\System\zTHJgwp.exe
C:\Windows\System\zTHJgwp.exe
2⤵
PID:7780

C:\Windows\System\jiNxQNN.exe
C:\Windows\System\jiNxQNN.exe
2⤵
PID:7804

C:\Windows\System\jbNxrGA.exe
C:\Windows\System\jbNxrGA.exe
2⤵
PID:7832

C:\Windows\System\InUYVHM.exe
C:\Windows\System\InUYVHM.exe
2⤵
PID:7852

C:\Windows\System\TDYuLjU.exe
C:\Windows\System\TDYuLjU.exe
2⤵
PID:7876

C:\Windows\System\LMDKFoY.exe
C:\Windows\System\LMDKFoY.exe
2⤵
PID:7892

C:\Windows\System\RPujkHA.exe
C:\Windows\System\RPujkHA.exe
2⤵
PID:7920

C:\Windows\System\dNQhKmE.exe
C:\Windows\System\dNQhKmE.exe
2⤵
PID:7940

C:\Windows\System\gtBAkxU.exe
C:\Windows\System\gtBAkxU.exe
2⤵
PID:7960

C:\Windows\System\lZKhFxw.exe
C:\Windows\System\lZKhFxw.exe
2⤵
PID:7980

C:\Windows\System\fcKVkdb.exe
C:\Windows\System\fcKVkdb.exe
2⤵
PID:8008

C:\Windows\System\nQlGsPy.exe
C:\Windows\System\nQlGsPy.exe
2⤵
PID:8028

C:\Windows\System\lHrMWqD.exe
C:\Windows\System\lHrMWqD.exe
2⤵
PID:8044

C:\Windows\System\ggYRXaX.exe
C:\Windows\System\ggYRXaX.exe
2⤵
PID:8060

C:\Windows\System\XMZiFRs.exe
C:\Windows\System\XMZiFRs.exe
2⤵
PID:8076

C:\Windows\System\GBltiGF.exe
C:\Windows\System\GBltiGF.exe
2⤵
PID:8100

C:\Windows\System\NQwkcgU.exe
C:\Windows\System\NQwkcgU.exe
2⤵
PID:8116

C:\Windows\System\lrDowvg.exe
C:\Windows\System\lrDowvg.exe
2⤵
PID:8136

C:\Windows\System\PUgVGmP.exe
C:\Windows\System\PUgVGmP.exe
2⤵
PID:8156

C:\Windows\System\kuJWmPv.exe
C:\Windows\System\kuJWmPv.exe
2⤵
PID:8184

C:\Windows\System\rwJRrij.exe
C:\Windows\System\rwJRrij.exe
2⤵
PID:8200

C:\Windows\System\ChlWvyj.exe
C:\Windows\System\ChlWvyj.exe
2⤵
PID:8216

C:\Windows\System\mLmCbEW.exe
C:\Windows\System\mLmCbEW.exe
2⤵
PID:8240

C:\Windows\System\hYEjQkx.exe
C:\Windows\System\hYEjQkx.exe
2⤵
PID:8256

C:\Windows\System\LXmPenN.exe
C:\Windows\System\LXmPenN.exe
2⤵
PID:8272

C:\Windows\System\QNCgLrD.exe
C:\Windows\System\QNCgLrD.exe
2⤵
PID:8292

C:\Windows\System\JGXFFYH.exe
C:\Windows\System\JGXFFYH.exe
2⤵
PID:8328

C:\Windows\System\wSBVeho.exe
C:\Windows\System\wSBVeho.exe
2⤵
PID:8348

C:\Windows\System\tIJosEC.exe
C:\Windows\System\tIJosEC.exe
2⤵
PID:8372

C:\Windows\System\FuhxSJc.exe
C:\Windows\System\FuhxSJc.exe
2⤵
PID:8388

C:\Windows\System\oSOgvcE.exe
C:\Windows\System\oSOgvcE.exe
2⤵
PID:8412

C:\Windows\System\hiHpDpp.exe
C:\Windows\System\hiHpDpp.exe
2⤵
PID:8436

C:\Windows\System\xgQPFXv.exe
C:\Windows\System\xgQPFXv.exe
2⤵
PID:8456

C:\Windows\System\sHAbbZP.exe
C:\Windows\System\sHAbbZP.exe
2⤵
PID:8480

C:\Windows\System\GJxGAeC.exe
C:\Windows\System\GJxGAeC.exe
2⤵
PID:8500

C:\Windows\System\YqwkkwF.exe
C:\Windows\System\YqwkkwF.exe
2⤵
PID:8528

C:\Windows\System\lHFWDVV.exe
C:\Windows\System\lHFWDVV.exe
2⤵
PID:8544

C:\Windows\System\AMaCUjK.exe
C:\Windows\System\AMaCUjK.exe
2⤵
PID:8568

C:\Windows\System\SjKrOGI.exe
C:\Windows\System\SjKrOGI.exe
2⤵
PID:8600

C:\Windows\System\MRsWMUB.exe
C:\Windows\System\MRsWMUB.exe
2⤵
PID:8620

C:\Windows\System\VPZHxpY.exe
C:\Windows\System\VPZHxpY.exe
2⤵
PID:8648

C:\Windows\System\SuwVgKm.exe
C:\Windows\System\SuwVgKm.exe
2⤵
PID:8668

C:\Windows\System\vdlOrqx.exe
C:\Windows\System\vdlOrqx.exe
2⤵
PID:8692

C:\Windows\System\kkwleSO.exe
C:\Windows\System\kkwleSO.exe
2⤵
PID:8712

C:\Windows\System\wQuurRg.exe
C:\Windows\System\wQuurRg.exe
2⤵
PID:8732

C:\Windows\System\IIffDTY.exe
C:\Windows\System\IIffDTY.exe
2⤵
PID:8752

C:\Windows\System\UQjGDFj.exe
C:\Windows\System\UQjGDFj.exe
2⤵
PID:8768

C:\Windows\System\ewhxhcI.exe
C:\Windows\System\ewhxhcI.exe
2⤵
PID:8788

C:\Windows\System\qtORPal.exe
C:\Windows\System\qtORPal.exe
2⤵
PID:8808

C:\Windows\System\QPPxtzO.exe
C:\Windows\System\QPPxtzO.exe
2⤵
PID:8824

C:\Windows\System\MHDncbr.exe
C:\Windows\System\MHDncbr.exe
2⤵
PID:8840

C:\Windows\System\tNkKjsN.exe
C:\Windows\System\tNkKjsN.exe
2⤵
PID:8856

C:\Windows\System\PBmjsFQ.exe
C:\Windows\System\PBmjsFQ.exe
2⤵
PID:8872

C:\Windows\System\beNpCRE.exe
C:\Windows\System\beNpCRE.exe
2⤵
PID:8896

C:\Windows\System\dREdzJp.exe
C:\Windows\System\dREdzJp.exe
2⤵
PID:8916

C:\Windows\System\lQyFYOz.exe
C:\Windows\System\lQyFYOz.exe
2⤵
PID:8932

C:\Windows\System\wRQFTSY.exe
C:\Windows\System\wRQFTSY.exe
2⤵
PID:8956

C:\Windows\System\wOWStVa.exe
C:\Windows\System\wOWStVa.exe
2⤵
PID:8984

C:\Windows\System\oXLkrIr.exe
C:\Windows\System\oXLkrIr.exe
2⤵
PID:9008

C:\Windows\System\qcPdWqM.exe
C:\Windows\System\qcPdWqM.exe
2⤵
PID:9024

C:\Windows\System\NkTZuwh.exe
C:\Windows\System\NkTZuwh.exe
2⤵
PID:9040

C:\Windows\System\vkPnIer.exe
C:\Windows\System\vkPnIer.exe
2⤵
PID:9060

C:\Windows\System\pxpzdSt.exe
C:\Windows\System\pxpzdSt.exe
2⤵
PID:9084

C:\Windows\System\wZLyOLp.exe
C:\Windows\System\wZLyOLp.exe
2⤵
PID:9100

C:\Windows\System\EohPmOx.exe
C:\Windows\System\EohPmOx.exe
2⤵
PID:9120

C:\Windows\System\yiPRsLZ.exe
C:\Windows\System\yiPRsLZ.exe
2⤵
PID:9148

C:\Windows\System\znxWWtN.exe
C:\Windows\System\znxWWtN.exe
2⤵
PID:9164

C:\Windows\System\dENbFHE.exe
C:\Windows\System\dENbFHE.exe
2⤵
PID:9184

C:\Windows\System\dceFVvA.exe
C:\Windows\System\dceFVvA.exe
2⤵
PID:9204

C:\Windows\System\mEHOAjf.exe
C:\Windows\System\mEHOAjf.exe
2⤵
PID:6436

C:\Windows\System\kMaWZCQ.exe
C:\Windows\System\kMaWZCQ.exe
2⤵
PID:6536

C:\Windows\System\uULtNCy.exe
C:\Windows\System\uULtNCy.exe
2⤵
PID:7268

C:\Windows\System\xSTOeem.exe
C:\Windows\System\xSTOeem.exe
2⤵
PID:3520

C:\Windows\System\ZdPWedG.exe
C:\Windows\System\ZdPWedG.exe
2⤵
PID:7416

C:\Windows\System\SqfZBmA.exe
C:\Windows\System\SqfZBmA.exe
2⤵
PID:7480

C:\Windows\System\xazpKnm.exe
C:\Windows\System\xazpKnm.exe
2⤵
PID:7560

C:\Windows\System\oRLudWU.exe
C:\Windows\System\oRLudWU.exe
2⤵
PID:7672

C:\Windows\System\yIynter.exe
C:\Windows\System\yIynter.exe
2⤵
PID:7732

C:\Windows\System\qTribiQ.exe
C:\Windows\System\qTribiQ.exe
2⤵
PID:7800

C:\Windows\System\YKrrLAB.exe
C:\Windows\System\YKrrLAB.exe
2⤵
PID:7872

C:\Windows\System\yzxBSWD.exe
C:\Windows\System\yzxBSWD.exe
2⤵
PID:7972

C:\Windows\System\xaGMyxX.exe
C:\Windows\System\xaGMyxX.exe
2⤵
PID:8052

C:\Windows\System\apZZnkG.exe
C:\Windows\System\apZZnkG.exe
2⤵
PID:7232

C:\Windows\System\aHxGjlb.exe
C:\Windows\System\aHxGjlb.exe
2⤵
PID:8132

C:\Windows\System\ldeaKNn.exe
C:\Windows\System\ldeaKNn.exe
2⤵
PID:8168

C:\Windows\System\HcOHUAk.exe
C:\Windows\System\HcOHUAk.exe
2⤵
PID:6168

C:\Windows\System\DirpSUz.exe
C:\Windows\System\DirpSUz.exe
2⤵
PID:6284

C:\Windows\System\sahIelv.exe
C:\Windows\System\sahIelv.exe
2⤵
PID:6440

C:\Windows\System\OOeRTnl.exe
C:\Windows\System\OOeRTnl.exe
2⤵
PID:8356

C:\Windows\System\IjdHrhg.exe
C:\Windows\System\IjdHrhg.exe
2⤵
PID:8424

C:\Windows\System\vDjxCNr.exe
C:\Windows\System\vDjxCNr.exe
2⤵
PID:9228

C:\Windows\System\uKCIUhb.exe
C:\Windows\System\uKCIUhb.exe
2⤵
PID:9256

C:\Windows\System\nlPjbmi.exe
C:\Windows\System\nlPjbmi.exe
2⤵
PID:9272

C:\Windows\System\VXtFeEe.exe
C:\Windows\System\VXtFeEe.exe
2⤵
PID:9292

C:\Windows\System\ucrxBbD.exe
C:\Windows\System\ucrxBbD.exe
2⤵
PID:9312

C:\Windows\System\FiyDuUb.exe
C:\Windows\System\FiyDuUb.exe
2⤵
PID:9328

C:\Windows\System\zHObVLz.exe
C:\Windows\System\zHObVLz.exe
2⤵
PID:9352

C:\Windows\System\tGOWeCx.exe
C:\Windows\System\tGOWeCx.exe
2⤵
PID:9368

C:\Windows\System\yBSbKdN.exe
C:\Windows\System\yBSbKdN.exe
2⤵
PID:9392

C:\Windows\System\MfOrwRg.exe
C:\Windows\System\MfOrwRg.exe
2⤵
PID:9416

C:\Windows\System\xDHPUZy.exe
C:\Windows\System\xDHPUZy.exe
2⤵
PID:9436

C:\Windows\System\ctBckpd.exe
C:\Windows\System\ctBckpd.exe
2⤵
PID:9460

C:\Windows\System\aSrpSRJ.exe
C:\Windows\System\aSrpSRJ.exe
2⤵
PID:9476

C:\Windows\System\YYtTPej.exe
C:\Windows\System\YYtTPej.exe
2⤵
PID:9500

C:\Windows\System\UAwpLzo.exe
C:\Windows\System\UAwpLzo.exe
2⤵
PID:9524

C:\Windows\System\iKnsjkU.exe
C:\Windows\System\iKnsjkU.exe
2⤵
PID:7712

C:\Windows\System\PpKctxF.exe
C:\Windows\System\PpKctxF.exe
2⤵
PID:7900

C:\Windows\System\DHhSqcK.exe
C:\Windows\System\DHhSqcK.exe
2⤵
PID:7948

C:\Windows\System\wyYJEng.exe
C:\Windows\System\wyYJEng.exe
2⤵
PID:9172

C:\Windows\System\dQrxATW.exe
C:\Windows\System\dQrxATW.exe
2⤵
PID:8016

C:\Windows\System\nTgPKbq.exe
C:\Windows\System\nTgPKbq.exe
2⤵
PID:8108

C:\Windows\System\ewoGURJ.exe
C:\Windows\System\ewoGURJ.exe
2⤵
PID:7820

C:\Windows\System\HFyAzWU.exe
C:\Windows\System\HFyAzWU.exe
2⤵
PID:7848

C:\Windows\System\aEeEWxi.exe
C:\Windows\System\aEeEWxi.exe
2⤵
PID:8224

C:\Windows\System\LgVryeU.exe
C:\Windows\System\LgVryeU.exe
2⤵
PID:8284

C:\Windows\System\hOVJkvV.exe
C:\Windows\System\hOVJkvV.exe
2⤵
PID:8344

C:\Windows\System\PJLTCvo.exe
C:\Windows\System\PJLTCvo.exe
2⤵
PID:8428

C:\Windows\System\tjddhWx.exe
C:\Windows\System\tjddhWx.exe
2⤵
PID:8464

C:\Windows\System\bepPBBE.exe
C:\Windows\System\bepPBBE.exe
2⤵
PID:9308

C:\Windows\System\dyyvrxc.exe
C:\Windows\System\dyyvrxc.exe
2⤵
PID:8564

C:\Windows\System\augOoHC.exe
C:\Windows\System\augOoHC.exe
2⤵
PID:9568

C:\Windows\System\TlbSjEW.exe
C:\Windows\System\TlbSjEW.exe
2⤵
PID:6616

C:\Windows\System\TZqaybf.exe
C:\Windows\System\TZqaybf.exe
2⤵
PID:6348

C:\Windows\System\hdfmpww.exe
C:\Windows\System\hdfmpww.exe
2⤵
PID:8552

C:\Windows\System\rtguagI.exe
C:\Windows\System\rtguagI.exe
2⤵
PID:8688

C:\Windows\System\SMZMQaU.exe
C:\Windows\System\SMZMQaU.exe
2⤵
PID:8748

C:\Windows\System\evgRkyD.exe
C:\Windows\System\evgRkyD.exe
2⤵
PID:9860

C:\Windows\System\eHywMxV.exe
C:\Windows\System\eHywMxV.exe
2⤵
PID:8940

C:\Windows\System\ugOcIVB.exe
C:\Windows\System\ugOcIVB.exe
2⤵
PID:9000

C:\Windows\System\MzBLdIB.exe
C:\Windows\System\MzBLdIB.exe
2⤵
PID:9592

C:\Windows\System\GfHnxVy.exe
C:\Windows\System\GfHnxVy.exe
2⤵
PID:9116

C:\Windows\System\odQRQJK.exe
C:\Windows\System\odQRQJK.exe
2⤵
PID:7044

C:\Windows\System\jjAJZDi.exe
C:\Windows\System\jjAJZDi.exe
2⤵
PID:7440

C:\Windows\System\OmOCukX.exe
C:\Windows\System\OmOCukX.exe
2⤵
PID:7720

C:\Windows\System\aZXvkoK.exe
C:\Windows\System\aZXvkoK.exe
2⤵
PID:6564

C:\Windows\System\CYDneJY.exe
C:\Windows\System\CYDneJY.exe
2⤵
PID:9508

C:\Windows\System\rnrtUgA.exe
C:\Windows\System\rnrtUgA.exe
2⤵
PID:9516

C:\Windows\System\VtYuxYj.exe
C:\Windows\System\VtYuxYj.exe
2⤵
PID:9696

C:\Windows\System\qAqRJjl.exe
C:\Windows\System\qAqRJjl.exe
2⤵
PID:9176

C:\Windows\System\JfXwzLq.exe
C:\Windows\System\JfXwzLq.exe
2⤵
PID:7436

C:\Windows\System\vDJaXaX.exe
C:\Windows\System\vDJaXaX.exe
2⤵
PID:4200

C:\Windows\System\JzjJeiv.exe
C:\Windows\System\JzjJeiv.exe
2⤵
PID:9052

C:\Windows\System\BKuETFC.exe
C:\Windows\System\BKuETFC.exe
2⤵
PID:9304

C:\Windows\System\qxyTlJM.exe
C:\Windows\System\qxyTlJM.exe
2⤵
PID:9832

C:\Windows\System\jZsLDiD.exe
C:\Windows\System\jZsLDiD.exe
2⤵
PID:8864

C:\Windows\System\aFNmxPE.exe
C:\Windows\System\aFNmxPE.exe
2⤵
PID:10144

C:\Windows\System\PyRNFPd.exe
C:\Windows\System\PyRNFPd.exe
2⤵
PID:8780

C:\Windows\System\pOoxQkV.exe
C:\Windows\System\pOoxQkV.exe
2⤵
PID:8848

C:\Windows\System\jorxyAJ.exe
C:\Windows\System\jorxyAJ.exe
2⤵
PID:7608

C:\Windows\System\FmqFRjB.exe
C:\Windows\System\FmqFRjB.exe
2⤵
PID:7692

C:\Windows\System\vWpKkjn.exe
C:\Windows\System\vWpKkjn.exe
2⤵
PID:7400

C:\Windows\System\fRLsqWv.exe
C:\Windows\System\fRLsqWv.exe
2⤵
PID:8288

C:\Windows\System\rbzunNV.exe
C:\Windows\System\rbzunNV.exe
2⤵
PID:6920

C:\Windows\System\rbhoKWr.exe
C:\Windows\System\rbhoKWr.exe
2⤵
PID:5016

C:\Windows\System\LndZWij.exe
C:\Windows\System\LndZWij.exe
2⤵
PID:8164

C:\Windows\System\potrtuf.exe
C:\Windows\System\potrtuf.exe
2⤵
PID:10248

C:\Windows\System\FfPtEHE.exe
C:\Windows\System\FfPtEHE.exe
2⤵
PID:10268

C:\Windows\System\GTzmqYp.exe
C:\Windows\System\GTzmqYp.exe
2⤵
PID:10288

C:\Windows\System\juoAAss.exe
C:\Windows\System\juoAAss.exe
2⤵
PID:10320

C:\Windows\System\RmGMzWj.exe
C:\Windows\System\RmGMzWj.exe
2⤵
PID:10344

C:\Windows\System\mseyYJo.exe
C:\Windows\System\mseyYJo.exe
2⤵
PID:10364

C:\Windows\System\ZOYjiXd.exe
C:\Windows\System\ZOYjiXd.exe
2⤵
PID:10384

C:\Windows\System\DZFcVSw.exe
C:\Windows\System\DZFcVSw.exe
2⤵
PID:10408

C:\Windows\System\tMPtzXc.exe
C:\Windows\System\tMPtzXc.exe
2⤵
PID:10424

C:\Windows\System\pwSfnFi.exe
C:\Windows\System\pwSfnFi.exe
2⤵
PID:10452

C:\Windows\System\tGjiRBC.exe
C:\Windows\System\tGjiRBC.exe
2⤵
PID:10496

C:\Windows\System\mGQokPg.exe
C:\Windows\System\mGQokPg.exe
2⤵
PID:10516

C:\Windows\System\QEHWROg.exe
C:\Windows\System\QEHWROg.exe
2⤵
PID:10540

C:\Windows\System\RMdIBSY.exe
C:\Windows\System\RMdIBSY.exe
2⤵
PID:10556

C:\Windows\System\SGrlDRE.exe
C:\Windows\System\SGrlDRE.exe
2⤵
PID:10640

C:\Windows\System\cNZiEJH.exe
C:\Windows\System\cNZiEJH.exe
2⤵
PID:10660

C:\Windows\System\YdlLVbn.exe
C:\Windows\System\YdlLVbn.exe
2⤵
PID:10676

C:\Windows\System\WtYGqEK.exe
C:\Windows\System\WtYGqEK.exe
2⤵
PID:10700

C:\Windows\System\qrxOeEx.exe
C:\Windows\System\qrxOeEx.exe
2⤵
PID:10720

C:\Windows\System\BPWqvoo.exe
C:\Windows\System\BPWqvoo.exe
2⤵
PID:10736

C:\Windows\System\epTdOqe.exe
C:\Windows\System\epTdOqe.exe
2⤵
PID:10756

C:\Windows\System\WZBcqgw.exe
C:\Windows\System\WZBcqgw.exe
2⤵
PID:10780

C:\Windows\System\kiqykTI.exe
C:\Windows\System\kiqykTI.exe
2⤵
PID:10800

C:\Windows\System\qwvLbtS.exe
C:\Windows\System\qwvLbtS.exe
2⤵
PID:10820

C:\Windows\System\ftuBUCM.exe
C:\Windows\System\ftuBUCM.exe
2⤵
PID:10844

C:\Windows\System\uShJRmn.exe
C:\Windows\System\uShJRmn.exe
2⤵
PID:10876

C:\Windows\System\InEhHrj.exe
C:\Windows\System\InEhHrj.exe
2⤵
PID:10900

C:\Windows\System\JFAnmDx.exe
C:\Windows\System\JFAnmDx.exe
2⤵
PID:10924

C:\Windows\System\smWQoXn.exe
C:\Windows\System\smWQoXn.exe
2⤵
PID:10940

C:\Windows\System\KXHcYJd.exe
C:\Windows\System\KXHcYJd.exe
2⤵
PID:10964

C:\Windows\System\ytxlejt.exe
C:\Windows\System\ytxlejt.exe
2⤵
PID:10984

C:\Windows\System\wfMZALL.exe
C:\Windows\System\wfMZALL.exe
2⤵
PID:11000

C:\Windows\System\tZNwkzU.exe
C:\Windows\System\tZNwkzU.exe
2⤵
PID:11024

C:\Windows\System\RYqYYrB.exe
C:\Windows\System\RYqYYrB.exe
2⤵
PID:11040

C:\Windows\System\KUVMguN.exe
C:\Windows\System\KUVMguN.exe
2⤵
PID:11068

C:\Windows\System\UCMKIBQ.exe
C:\Windows\System\UCMKIBQ.exe
2⤵
PID:11088

C:\Windows\System\oXbHMOX.exe
C:\Windows\System\oXbHMOX.exe
2⤵
PID:11108

C:\Windows\System\eHNFZhn.exe
C:\Windows\System\eHNFZhn.exe
2⤵
PID:11124

C:\Windows\System\meknsVz.exe
C:\Windows\System\meknsVz.exe
2⤵
PID:11152

C:\Windows\System\WKIEbeY.exe
C:\Windows\System\WKIEbeY.exe
2⤵
PID:11172

C:\Windows\System\kyyzAsr.exe
C:\Windows\System\kyyzAsr.exe
2⤵
PID:11192

C:\Windows\System\UqTsOyz.exe
C:\Windows\System\UqTsOyz.exe
2⤵
PID:11212

C:\Windows\System\dgwmwew.exe
C:\Windows\System\dgwmwew.exe
2⤵
PID:11232

C:\Windows\System\TUduxyL.exe
C:\Windows\System\TUduxyL.exe
2⤵
PID:11256

C:\Windows\System\mInXUjg.exe
C:\Windows\System\mInXUjg.exe
2⤵
PID:6824

C:\Windows\System\jeGTZQD.exe
C:\Windows\System\jeGTZQD.exe
2⤵
PID:9688

C:\Windows\System\ZyiAKKH.exe
C:\Windows\System\ZyiAKKH.exe
2⤵
PID:7248

C:\Windows\System\ktNKWuL.exe
C:\Windows\System\ktNKWuL.exe
2⤵
PID:7368

C:\Windows\System\nqWMgBc.exe
C:\Windows\System\nqWMgBc.exe
2⤵
PID:8448

C:\Windows\System\yHKUCcR.exe
C:\Windows\System\yHKUCcR.exe
2⤵
PID:8684

C:\Windows\System\qSriPgc.exe
C:\Windows\System\qSriPgc.exe
2⤵
PID:10280

C:\Windows\System\fuCMRQo.exe
C:\Windows\System\fuCMRQo.exe
2⤵
PID:9036

C:\Windows\System\QtmFlpO.exe
C:\Windows\System\QtmFlpO.exe
2⤵
PID:9732

C:\Windows\System\TuOkYGr.exe
C:\Windows\System\TuOkYGr.exe
2⤵
PID:10356

C:\Windows\System\OSJDSYH.exe
C:\Windows\System\OSJDSYH.exe
2⤵
PID:10716

C:\Windows\System\ZZrhWMF.exe
C:\Windows\System\ZZrhWMF.exe
2⤵
PID:2296

C:\Windows\System\xpmIkoT.exe
C:\Windows\System\xpmIkoT.exe
2⤵
PID:10816

C:\Windows\System\kgVvgxh.exe
C:\Windows\System\kgVvgxh.exe
2⤵
PID:1488

C:\Windows\System\JcgoFjP.exe
C:\Windows\System\JcgoFjP.exe
2⤵
PID:10312

C:\Windows\System\eTcCnFd.exe
C:\Windows\System\eTcCnFd.exe
2⤵
PID:11276

C:\Windows\System\OxFFYSO.exe
C:\Windows\System\OxFFYSO.exe
2⤵
PID:11296

C:\Windows\System\pLUkDMu.exe
C:\Windows\System\pLUkDMu.exe
2⤵
PID:11312

C:\Windows\System\tnJESWq.exe
C:\Windows\System\tnJESWq.exe
2⤵
PID:11328

C:\Windows\System\ZBOinBY.exe
C:\Windows\System\ZBOinBY.exe
2⤵
PID:11344

C:\Windows\System\iOTjSYT.exe
C:\Windows\System\iOTjSYT.exe
2⤵
PID:11360

C:\Windows\System\qfTAObE.exe
C:\Windows\System\qfTAObE.exe
2⤵
PID:11376

C:\Windows\System\tywjaJM.exe
C:\Windows\System\tywjaJM.exe
2⤵
PID:11396

C:\Windows\System\MuCuNBE.exe
C:\Windows\System\MuCuNBE.exe
2⤵
PID:11412

C:\Windows\System\YEPmazf.exe
C:\Windows\System\YEPmazf.exe
2⤵
PID:11436

C:\Windows\System\rNASHvl.exe
C:\Windows\System\rNASHvl.exe
2⤵
PID:11452

C:\Windows\System\NrsirWt.exe
C:\Windows\System\NrsirWt.exe
2⤵
PID:11496

C:\Windows\System\uzDdnsV.exe
C:\Windows\System\uzDdnsV.exe
2⤵
PID:11512

C:\Windows\System\kzGImbQ.exe
C:\Windows\System\kzGImbQ.exe
2⤵
PID:11540

C:\Windows\System\MOZdjrI.exe
C:\Windows\System\MOZdjrI.exe
2⤵
PID:11556

C:\Windows\System\slAUhdr.exe
C:\Windows\System\slAUhdr.exe
2⤵
PID:11584

C:\Windows\System\yzuOrIu.exe
C:\Windows\System\yzuOrIu.exe
2⤵
PID:11608

C:\Windows\System\wNlbjSI.exe
C:\Windows\System\wNlbjSI.exe
2⤵
PID:11632

C:\Windows\System\szBjSqW.exe
C:\Windows\System\szBjSqW.exe
2⤵
PID:11680

C:\Windows\System\xYHQcQj.exe
C:\Windows\System\xYHQcQj.exe
2⤵
PID:11700

C:\Windows\System\rXilCaJ.exe
C:\Windows\System\rXilCaJ.exe
2⤵
PID:11724

C:\Windows\System\qiIJsYQ.exe
C:\Windows\System\qiIJsYQ.exe
2⤵
PID:11744

C:\Windows\System\BmYtyco.exe
C:\Windows\System\BmYtyco.exe
2⤵
PID:11768

C:\Windows\System\mdqAuuk.exe
C:\Windows\System\mdqAuuk.exe
2⤵
PID:11792

C:\Windows\System\TgYXBxh.exe
C:\Windows\System\TgYXBxh.exe
2⤵
PID:11808

C:\Windows\System\BPeeUCZ.exe
C:\Windows\System\BPeeUCZ.exe
2⤵
PID:11836

C:\Windows\System\mQePZDl.exe
C:\Windows\System\mQePZDl.exe
2⤵
PID:11856

C:\Windows\System\mVqNAjh.exe
C:\Windows\System\mVqNAjh.exe
2⤵
PID:11884

C:\Windows\System\wMyMYmY.exe
C:\Windows\System\wMyMYmY.exe
2⤵
PID:11904

C:\Windows\System\aTNAAPR.exe
C:\Windows\System\aTNAAPR.exe
2⤵
PID:11920

C:\Windows\System\logdCDB.exe
C:\Windows\System\logdCDB.exe
2⤵
PID:11948

C:\Windows\System\gyxFBCZ.exe
C:\Windows\System\gyxFBCZ.exe
2⤵
PID:11972

C:\Windows\System\akPWvdl.exe
C:\Windows\System\akPWvdl.exe
2⤵
PID:11992

C:\Windows\System\ubOzKJa.exe
C:\Windows\System\ubOzKJa.exe
2⤵
PID:12012

C:\Windows\System\jXtqgNV.exe
C:\Windows\System\jXtqgNV.exe
2⤵
PID:12032

C:\Windows\System\oKcVPNS.exe
C:\Windows\System\oKcVPNS.exe
2⤵
PID:12056

C:\Windows\System\WLoDido.exe
C:\Windows\System\WLoDido.exe
2⤵
PID:12072

C:\Windows\System\roahrYx.exe
C:\Windows\System\roahrYx.exe
2⤵
PID:12088

C:\Windows\System\iQsFfZl.exe
C:\Windows\System\iQsFfZl.exe
2⤵
PID:12104

C:\Windows\System\QfDRkoC.exe
C:\Windows\System\QfDRkoC.exe
2⤵
PID:12124

C:\Windows\System\JnIMaPD.exe
C:\Windows\System\JnIMaPD.exe
2⤵
PID:12140

C:\Windows\System\BjMxZrA.exe
C:\Windows\System\BjMxZrA.exe
2⤵
PID:12160

C:\Windows\System\wuDPqnY.exe
C:\Windows\System\wuDPqnY.exe
2⤵
PID:12184

C:\Windows\System\oSzJoQH.exe
C:\Windows\System\oSzJoQH.exe
2⤵
PID:12200

C:\Windows\System\wcvlwYm.exe
C:\Windows\System\wcvlwYm.exe
2⤵
PID:12220

C:\Windows\System\CBzeWIS.exe
C:\Windows\System\CBzeWIS.exe
2⤵
PID:12236

C:\Windows\System\RHnBRIC.exe
C:\Windows\System\RHnBRIC.exe
2⤵
PID:12252

C:\Windows\System\clgWuhC.exe
C:\Windows\System\clgWuhC.exe
2⤵
PID:12268

C:\Windows\System\pUPDDzS.exe
C:\Windows\System\pUPDDzS.exe
2⤵
PID:8520

C:\Windows\System\CybiUkH.exe
C:\Windows\System\CybiUkH.exe
2⤵
PID:10404

C:\Windows\System\hJXWCxP.exe
C:\Windows\System\hJXWCxP.exe
2⤵
PID:2568

C:\Windows\System\MdxUJIh.exe
C:\Windows\System\MdxUJIh.exe
2⤵
PID:10684

C:\Windows\System\YuSydud.exe
C:\Windows\System\YuSydud.exe
2⤵
PID:10772

C:\Windows\System\CxgjwIl.exe
C:\Windows\System\CxgjwIl.exe
2⤵
PID:10936

C:\Windows\System\AYlQuGG.exe
C:\Windows\System\AYlQuGG.exe
2⤵
PID:8816

C:\Windows\System\Arhgfby.exe
C:\Windows\System\Arhgfby.exe
2⤵
PID:10980

C:\Windows\System\ZEHKoao.exe
C:\Windows\System\ZEHKoao.exe
2⤵
PID:11020

C:\Windows\System\ltqVPYe.exe
C:\Windows\System\ltqVPYe.exe
2⤵
PID:11056

C:\Windows\System\USDipQM.exe
C:\Windows\System\USDipQM.exe
2⤵
PID:11100

C:\Windows\System\VISNZQN.exe
C:\Windows\System\VISNZQN.exe
2⤵
PID:11252

C:\Windows\System\ysUKmdS.exe
C:\Windows\System\ysUKmdS.exe
2⤵
PID:10792

C:\Windows\System\rTesUeG.exe
C:\Windows\System\rTesUeG.exe
2⤵
PID:11272

C:\Windows\System\hJoazWQ.exe
C:\Windows\System\hJoazWQ.exe
2⤵
PID:11308

C:\Windows\System\uQsykFJ.exe
C:\Windows\System\uQsykFJ.exe
2⤵
PID:11336

C:\Windows\System\xZLoDrK.exe
C:\Windows\System\xZLoDrK.exe
2⤵
PID:10472

C:\Windows\System\Facxftf.exe
C:\Windows\System\Facxftf.exe
2⤵
PID:10524

C:\Windows\System\pejaXkw.exe
C:\Windows\System\pejaXkw.exe
2⤵
PID:10564

C:\Windows\System\npGpgGC.exe
C:\Windows\System\npGpgGC.exe
2⤵
PID:11392

C:\Windows\System\kPWCTRB.exe
C:\Windows\System\kPWCTRB.exe
2⤵
PID:10796

C:\Windows\System\NSnKCbo.exe
C:\Windows\System\NSnKCbo.exe
2⤵
PID:10868

C:\Windows\System\bXLmOzf.exe
C:\Windows\System\bXLmOzf.exe
2⤵
PID:11776

C:\Windows\System\eRwgmvU.exe
C:\Windows\System\eRwgmvU.exe
2⤵
PID:11820

C:\Windows\System\hzpekwP.exe
C:\Windows\System\hzpekwP.exe
2⤵
PID:12040

C:\Windows\System\LHMvmvp.exe
C:\Windows\System\LHMvmvp.exe
2⤵
PID:12084

C:\Windows\System\BVutdHb.exe
C:\Windows\System\BVutdHb.exe
2⤵
PID:11352

C:\Windows\System\MFTPexa.exe
C:\Windows\System\MFTPexa.exe
2⤵
PID:10596

C:\Windows\System\rhYronx.exe
C:\Windows\System\rhYronx.exe
2⤵
PID:11460

C:\Windows\System\FKQyRHx.exe
C:\Windows\System\FKQyRHx.exe
2⤵
PID:8056

C:\Windows\System\zxpoNZp.exe
C:\Windows\System\zxpoNZp.exe
2⤵
PID:9108

C:\Windows\System\hLbKoDs.exe
C:\Windows\System\hLbKoDs.exe
2⤵
PID:8384

C:\Windows\System\ZmkrAVv.exe
C:\Windows\System\ZmkrAVv.exe
2⤵
PID:11288

C:\Windows\System\XUYigNa.exe
C:\Windows\System\XUYigNa.exe
2⤵
PID:12244

C:\Windows\System\RBAODnj.exe
C:\Windows\System\RBAODnj.exe
2⤵
PID:11428

C:\Windows\System\tAAJXLJ.exe
C:\Windows\System\tAAJXLJ.exe
2⤵
PID:11304

C:\Windows\System\DhrLIIb.exe
C:\Windows\System\DhrLIIb.exe
2⤵
PID:12296

C:\Windows\System\izxSiBj.exe
C:\Windows\System\izxSiBj.exe
2⤵
PID:12312

C:\Windows\System\XLVybzj.exe
C:\Windows\System\XLVybzj.exe
2⤵
PID:12328

C:\Windows\System\LWNSfGY.exe
C:\Windows\System\LWNSfGY.exe
2⤵
PID:12348

C:\Windows\System\pKjaxUw.exe
C:\Windows\System\pKjaxUw.exe
2⤵
PID:12364

C:\Windows\System\cTTNptr.exe
C:\Windows\System\cTTNptr.exe
2⤵
PID:12380

C:\Windows\System\gNKTXHC.exe
C:\Windows\System\gNKTXHC.exe
2⤵
PID:12396

C:\Windows\System\beLfajF.exe
C:\Windows\System\beLfajF.exe
2⤵
PID:12412

C:\Windows\System\PiFYwRv.exe
C:\Windows\System\PiFYwRv.exe
2⤵
PID:12432

C:\Windows\System\vBKorRq.exe
C:\Windows\System\vBKorRq.exe
2⤵
PID:12452

C:\Windows\System\EcDUUnq.exe
C:\Windows\System\EcDUUnq.exe
2⤵
PID:12472

C:\Windows\System\OoBubGI.exe
C:\Windows\System\OoBubGI.exe
2⤵
PID:12496

C:\Windows\System\blmPLCf.exe
C:\Windows\System\blmPLCf.exe
2⤵
PID:12520

C:\Windows\System\tkDQmOu.exe
C:\Windows\System\tkDQmOu.exe
2⤵
PID:12552

C:\Windows\System\OWiQsRt.exe
C:\Windows\System\OWiQsRt.exe
2⤵
PID:12572

C:\Windows\System\ORfklde.exe
C:\Windows\System\ORfklde.exe
2⤵
PID:12600

C:\Windows\System\iTniAvi.exe
C:\Windows\System\iTniAvi.exe
2⤵
PID:12620

C:\Windows\System\uuKWxKW.exe
C:\Windows\System\uuKWxKW.exe
2⤵
PID:12644

C:\Windows\System\zFbAsaf.exe
C:\Windows\System\zFbAsaf.exe
2⤵
PID:12664

C:\Windows\System\kUAKvXM.exe
C:\Windows\System\kUAKvXM.exe
2⤵
PID:12684

C:\Windows\System\NsdVhkF.exe
C:\Windows\System\NsdVhkF.exe
2⤵
PID:12704

C:\Windows\System\aRFtULX.exe
C:\Windows\System\aRFtULX.exe
2⤵
PID:12720

C:\Windows\System\zocdSlb.exe
C:\Windows\System\zocdSlb.exe
2⤵
PID:12740

C:\Windows\System\JmwZKem.exe
C:\Windows\System\JmwZKem.exe
2⤵
PID:12768

C:\Windows\System\UllWuAG.exe
C:\Windows\System\UllWuAG.exe
2⤵
PID:12784

C:\Windows\System\tHGFVRB.exe
C:\Windows\System\tHGFVRB.exe
2⤵
PID:12804

C:\Windows\System\pljcWJw.exe
C:\Windows\System\pljcWJw.exe
2⤵
PID:12824

C:\Windows\System\eFXTsZP.exe
C:\Windows\System\eFXTsZP.exe
2⤵
PID:12844

C:\Windows\System\JxaybTk.exe
C:\Windows\System\JxaybTk.exe
2⤵
PID:12864

C:\Windows\System\JJtGRkY.exe
C:\Windows\System\JJtGRkY.exe
2⤵
PID:12880

C:\Windows\System\knIpLen.exe
C:\Windows\System\knIpLen.exe
2⤵
PID:12904

C:\Windows\System\XRluhcK.exe
C:\Windows\System\XRluhcK.exe
2⤵
PID:12928

C:\Windows\System\ZtRrJeI.exe
C:\Windows\System\ZtRrJeI.exe
2⤵
PID:12944

C:\Windows\System\zaHxYwV.exe
C:\Windows\System\zaHxYwV.exe
2⤵
PID:11964

C:\Windows\System\ajIjqYd.exe
C:\Windows\System\ajIjqYd.exe
2⤵
PID:12120

C:\Windows\System\uJQiVxS.exe
C:\Windows\System\uJQiVxS.exe
2⤵
PID:12096

C:\Windows\System\TPPhZDP.exe
C:\Windows\System\TPPhZDP.exe
2⤵
PID:9156

C:\Windows\System\OPNsEQf.exe
C:\Windows\System\OPNsEQf.exe
2⤵
PID:12596

C:\Windows\System\DCVAebC.exe
C:\Windows\System\DCVAebC.exe
2⤵
PID:8832

C:\Windows\System\oFNpShh.exe
C:\Windows\System\oFNpShh.exe
2⤵
PID:12004

C:\Windows\System\tNrpIgu.exe
C:\Windows\System\tNrpIgu.exe
2⤵
PID:13112

C:\Windows\System\bkJEQOf.exe
C:\Windows\System\bkJEQOf.exe
2⤵
PID:12372

C:\Windows\System\OxGEsZl.exe
C:\Windows\System\OxGEsZl.exe
2⤵
PID:11408

C:\Windows\System\GctjOul.exe
C:\Windows\System\GctjOul.exe
2⤵
PID:11652

C:\Windows\System\yGjLKIq.exe
C:\Windows\System\yGjLKIq.exe
2⤵
PID:9564

C:\Windows\System\UlXyJBs.exe
C:\Windows\System\UlXyJBs.exe
2⤵
PID:13140

C:\Windows\System\iJuPNQz.exe
C:\Windows\System\iJuPNQz.exe
2⤵
PID:12876

C:\Windows\System\wGtPwqm.exe
C:\Windows\System\wGtPwqm.exe
2⤵
PID:11596

C:\Windows\System\UlGcZKB.exe
C:\Windows\System\UlGcZKB.exe
2⤵
PID:12736

C:\Windows\System\SvzfXIn.exe
C:\Windows\System\SvzfXIn.exe
2⤵
PID:12512

C:\Windows\System\OLYLnsI.exe
C:\Windows\System\OLYLnsI.exe
2⤵
PID:12800

C:\Windows\System\hQsMWEU.exe
C:\Windows\System\hQsMWEU.exe
2⤵
PID:11604

C:\Windows\System\QcvxFRF.exe
C:\Windows\System\QcvxFRF.exe
2⤵
PID:12976

C:\Windows\System\FmwAfzG.exe
C:\Windows\System\FmwAfzG.exe
2⤵
PID:13016

C:\Windows\System\dVxUgep.exe
C:\Windows\System\dVxUgep.exe
2⤵
PID:13164

C:\Windows\System\PsUKnzE.exe
C:\Windows\System\PsUKnzE.exe
2⤵
PID:13216

C:\Windows\System\Njxrjdv.exe
C:\Windows\System\Njxrjdv.exe
2⤵
PID:5624

C:\Windows\System\uDmCZNE.exe
C:\Windows\System\uDmCZNE.exe
2⤵
PID:13264

C:\Windows\System\ofZGWjI.exe
C:\Windows\System\ofZGWjI.exe
2⤵
PID:11712

C:\Windows\System\AUUCNIH.exe
C:\Windows\System\AUUCNIH.exe
2⤵
PID:6188

C:\Windows\System\cROzDzX.exe
C:\Windows\System\cROzDzX.exe
2⤵
PID:12592

C:\Windows\System\hnmfryy.exe
C:\Windows\System\hnmfryy.exe
2⤵
PID:11536

C:\Windows\System\FwSCHiW.exe
C:\Windows\System\FwSCHiW.exe
2⤵
PID:12900

C:\Windows\System\levmLLM.exe
C:\Windows\System\levmLLM.exe
2⤵
PID:5664

C:\Windows\System\dNPuDNH.exe
C:\Windows\System\dNPuDNH.exe
2⤵
PID:13200

C:\Windows\System\taHIOdK.exe
C:\Windows\System\taHIOdK.exe
2⤵
PID:11552

C:\Windows\System\GxAgFLB.exe
C:\Windows\System\GxAgFLB.exe
2⤵
PID:3132

C:\Windows\System\oTULqyv.exe
C:\Windows\System\oTULqyv.exe
2⤵
PID:12640

C:\Windows\System\DYZzhdv.exe
C:\Windows\System\DYZzhdv.exe
2⤵
PID:1432

C:\Windows\System\VXIhrRq.exe
C:\Windows\System\VXIhrRq.exe
2⤵
PID:13624

C:\Windows\System\uvjybnF.exe
C:\Windows\System\uvjybnF.exe
2⤵
PID:13712

C:\Windows\System\gBnpHzo.exe
C:\Windows\System\gBnpHzo.exe
2⤵
PID:13748

C:\Windows\System\mavoniA.exe
C:\Windows\System\mavoniA.exe
2⤵
PID:13776

C:\Windows\System\pZRvrNT.exe
C:\Windows\System\pZRvrNT.exe
2⤵
PID:13868

C:\Windows\System\EmAidQL.exe
C:\Windows\System\EmAidQL.exe
2⤵
PID:13896

C:\Windows\System\igCtoOl.exe
C:\Windows\System\igCtoOl.exe
2⤵
PID:13924

C:\Windows\System\BVYGDYJ.exe
C:\Windows\System\BVYGDYJ.exe
2⤵
PID:13952

C:\Windows\System\hBxZiNm.exe
C:\Windows\System\hBxZiNm.exe
2⤵
PID:13980

C:\Windows\System\vWcYfQG.exe
C:\Windows\System\vWcYfQG.exe
2⤵
PID:14008

C:\Windows\System\wrQQMfR.exe
C:\Windows\System\wrQQMfR.exe
2⤵
PID:14028

C:\Windows\System\RjIVhxp.exe
C:\Windows\System\RjIVhxp.exe
2⤵
PID:14048

C:\Windows\System\CiyifGO.exe
C:\Windows\System\CiyifGO.exe
2⤵
PID:14080

C:\Windows\System\wBmgeKn.exe
C:\Windows\System\wBmgeKn.exe
2⤵
PID:14104

C:\Windows\System\MPlbeRD.exe
C:\Windows\System\MPlbeRD.exe
2⤵
PID:14124

C:\Windows\System\ZbMpBak.exe
C:\Windows\System\ZbMpBak.exe
2⤵
PID:14144

C:\Windows\System\bwkQEOZ.exe
C:\Windows\System\bwkQEOZ.exe
2⤵
PID:14176

C:\Windows\System\wBEncqu.exe
C:\Windows\System\wBEncqu.exe
2⤵
PID:14284

C:\Windows\System\wGLYArY.exe
C:\Windows\System\wGLYArY.exe
2⤵
PID:14300

C:\Windows\System\lSFjDEB.exe
C:\Windows\System\lSFjDEB.exe
2⤵
PID:14324

C:\Windows\System\zdzdpVT.exe
C:\Windows\System\zdzdpVT.exe
2⤵
PID:12504

C:\Windows\System\DgQANbX.exe
C:\Windows\System\DgQANbX.exe
2⤵
PID:13300

C:\Windows\System\aJlZZam.exe
C:\Windows\System\aJlZZam.exe
2⤵
PID:11624

C:\Windows\System\jvppmVM.exe
C:\Windows\System\jvppmVM.exe
2⤵
PID:5672

C:\Windows\System\QItPLMC.exe
C:\Windows\System\QItPLMC.exe
2⤵
PID:3060

C:\Windows\System\QFAUhxy.exe
C:\Windows\System\QFAUhxy.exe
2⤵
PID:3812

C:\Windows\System\nQinNCM.exe
C:\Windows\System\nQinNCM.exe
2⤵
PID:13396

C:\Windows\System\iaSUETM.exe
C:\Windows\System\iaSUETM.exe
2⤵
PID:1604

C:\Windows\System\klTePYB.exe
C:\Windows\System\klTePYB.exe
2⤵
PID:5000

C:\Windows\System\MCshGAq.exe
C:\Windows\System\MCshGAq.exe
2⤵
PID:12756

C:\Windows\System\OUoZeMQ.exe
C:\Windows\System\OUoZeMQ.exe
2⤵
PID:11048

C:\Windows\System\YykVWZm.exe
C:\Windows\System\YykVWZm.exe
2⤵
PID:3080

C:\Windows\System\lHWLFab.exe
C:\Windows\System\lHWLFab.exe
2⤵
PID:12136

C:\Windows\System\ppavrnz.exe
C:\Windows\System\ppavrnz.exe
2⤵
PID:13084

C:\Windows\System\nGBlVqh.exe
C:\Windows\System\nGBlVqh.exe
2⤵
PID:13544

C:\Windows\System\XsBAadT.exe
C:\Windows\System\XsBAadT.exe
2⤵
PID:4968

C:\Windows\System\czScAvO.exe
C:\Windows\System\czScAvO.exe
2⤵
PID:13596

C:\Windows\System\rpsVaSz.exe
C:\Windows\System\rpsVaSz.exe
2⤵
PID:5572

C:\Windows\System\xmIOENq.exe
C:\Windows\System\xmIOENq.exe
2⤵
PID:768

C:\Windows\System\uFRbDPk.exe
C:\Windows\System\uFRbDPk.exe
2⤵
PID:2728

C:\Windows\System\QwZLcQn.exe
C:\Windows\System\QwZLcQn.exe
2⤵
PID:13148

C:\Windows\System\yzqsksp.exe
C:\Windows\System\yzqsksp.exe
2⤵
PID:11564

C:\Windows\System\lPcunOC.exe
C:\Windows\System\lPcunOC.exe
2⤵
PID:13340

C:\Windows\System\SujLeGr.exe
C:\Windows\System\SujLeGr.exe
2⤵
PID:13356

C:\Windows\System\EpPiPNe.exe
C:\Windows\System\EpPiPNe.exe
2⤵
PID:13372

C:\Windows\System\bMqvavt.exe
C:\Windows\System\bMqvavt.exe
2⤵
PID:3264

C:\Windows\System\kMugHeZ.exe
C:\Windows\System\kMugHeZ.exe
2⤵
PID:13584

C:\Windows\System\daDFmIi.exe
C:\Windows\System\daDFmIi.exe
2⤵
PID:5256

C:\Windows\System\fIaVepX.exe
C:\Windows\System\fIaVepX.exe
2⤵
PID:3744

C:\Windows\System\CRrjQAG.exe
C:\Windows\System\CRrjQAG.exe
2⤵
PID:13668

C:\Windows\System\wATtjUZ.exe
C:\Windows\System\wATtjUZ.exe
2⤵
PID:13800

C:\Windows\System\vDdUgvm.exe
C:\Windows\System\vDdUgvm.exe
2⤵
PID:13812

C:\Windows\System\nardfAB.exe
C:\Windows\System\nardfAB.exe
2⤵
PID:5768

C:\Windows\System\HWOsjyF.exe
C:\Windows\System\HWOsjyF.exe
2⤵
PID:3108

C:\Windows\System\hlKKvYn.exe
C:\Windows\System\hlKKvYn.exe
2⤵
PID:5796

C:\Windows\System\nhBNXrg.exe
C:\Windows\System\nhBNXrg.exe
2⤵
PID:5752

C:\Windows\System\NQKgLuJ.exe
C:\Windows\System\NQKgLuJ.exe
2⤵
PID:13996

C:\Windows\System\JRaAiDN.exe
C:\Windows\System\JRaAiDN.exe
2⤵
PID:5476

C:\Windows\System\qgqCzbm.exe
C:\Windows\System\qgqCzbm.exe
2⤵
PID:2204

C:\Windows\System\yTvSIgi.exe
C:\Windows\System\yTvSIgi.exe
2⤵
PID:2952

C:\Windows\System\JLWTkFd.exe
C:\Windows\System\JLWTkFd.exe
2⤵
PID:14136

C:\Windows\System\mzYrHIc.exe
C:\Windows\System\mzYrHIc.exe
2⤵
PID:13424

C:\Windows\System\SlbeXJD.exe
C:\Windows\System\SlbeXJD.exe
2⤵
PID:10652

C:\Windows\System\OBgiysK.exe
C:\Windows\System\OBgiysK.exe
2⤵
PID:11204

C:\Windows\System\UzXuwdT.exe
C:\Windows\System\UzXuwdT.exe
2⤵
PID:2600

C:\Windows\System\vXqHsbJ.exe
C:\Windows\System\vXqHsbJ.exe
2⤵
PID:13392

C:\Windows\System\BrjpXqC.exe
C:\Windows\System\BrjpXqC.exe
2⤵
PID:14296

C:\Windows\System\mbMVSpu.exe
C:\Windows\System\mbMVSpu.exe
2⤵
PID:11940

C:\Windows\System\xpZOmyS.exe
C:\Windows\System\xpZOmyS.exe
2⤵
PID:14156

C:\Windows\System\rRdsbkx.exe
C:\Windows\System\rRdsbkx.exe
2⤵
PID:4056

C:\Windows\System\MSIyZbV.exe
C:\Windows\System\MSIyZbV.exe
2⤵
PID:5784

C:\Windows\System\kSaXocz.exe
C:\Windows\System\kSaXocz.exe
2⤵
PID:500

C:\Windows\System\rrzoQEx.exe
C:\Windows\System\rrzoQEx.exe
2⤵
PID:13400

C:\Windows\System\IHFIjgv.exe
C:\Windows\System\IHFIjgv.exe
2⤵
PID:13440

C:\Windows\System\joXJeCf.exe
C:\Windows\System\joXJeCf.exe
2⤵
PID:13856

C:\Windows\System\IlEVfhw.exe
C:\Windows\System\IlEVfhw.exe
2⤵
PID:13832

C:\Windows\System\ZkXQZbv.exe
C:\Windows\System\ZkXQZbv.exe
2⤵
PID:4716

C:\Windows\System\NRHuiQM.exe
C:\Windows\System\NRHuiQM.exe
2⤵
PID:4256

C:\Windows\System\XPaynFp.exe
C:\Windows\System\XPaynFp.exe
2⤵
PID:1004

C:\Windows\System\vHexbQn.exe
C:\Windows\System\vHexbQn.exe
2⤵
PID:4296

C:\Windows\System\semOgCV.exe
C:\Windows\System\semOgCV.exe
2⤵
PID:13436

C:\Windows\System\tEHLCNG.exe
C:\Windows\System\tEHLCNG.exe
2⤵
PID:11832

C:\Windows\System\SdHMzOc.exe
C:\Windows\System\SdHMzOc.exe
2⤵
PID:14292

C:\Windows\System\uwXDjhC.exe
C:\Windows\System\uwXDjhC.exe
2⤵
PID:13532

C:\Windows\System\TEaBtbW.exe
C:\Windows\System\TEaBtbW.exe
2⤵
PID:14200

C:\Windows\System\xwXMwDO.exe
C:\Windows\System\xwXMwDO.exe
2⤵
PID:13580

C:\Windows\System\lbBZRKZ.exe
C:\Windows\System\lbBZRKZ.exe
2⤵
PID:14188

C:\Windows\System\UAnEmOE.exe
C:\Windows\System\UAnEmOE.exe
2⤵
PID:13936

C:\Windows\System\AhCHOzg.exe
C:\Windows\System\AhCHOzg.exe
2⤵
PID:13816

C:\Windows\System\HTdQeOo.exe
C:\Windows\System\HTdQeOo.exe
2⤵
PID:12152

C:\Windows\System\nquLeSq.exe
C:\Windows\System\nquLeSq.exe
2⤵
PID:1588

C:\Windows\System\BZuNvJS.exe
C:\Windows\System\BZuNvJS.exe
2⤵
PID:12972

C:\Windows\System\UnLdjAo.exe
C:\Windows\System\UnLdjAo.exe
2⤵
PID:8980

C:\Windows\System\pLsAmBq.exe
C:\Windows\System\pLsAmBq.exe
2⤵
PID:5656

C:\Windows\System\aNsRXLC.exe
C:\Windows\System\aNsRXLC.exe
2⤵
PID:5880

C:\Windows\System\oOMyLVC.exe
C:\Windows\System\oOMyLVC.exe
2⤵
PID:784

C:\Windows\System\vqwyXce.exe
C:\Windows\System\vqwyXce.exe
2⤵
PID:5972

C:\Windows\System\cZUYFjv.exe
C:\Windows\System\cZUYFjv.exe
2⤵
PID:13588

C:\Windows\System\vtlhviA.exe
C:\Windows\System\vtlhviA.exe
2⤵
PID:5892

C:\Windows\System\peODudK.exe
C:\Windows\System\peODudK.exe
2⤵
PID:4012

C:\Windows\System\dTDDOvt.exe
C:\Windows\System\dTDDOvt.exe
2⤵
PID:4952

C:\Windows\System\nfIIqkv.exe
C:\Windows\System\nfIIqkv.exe
2⤵
PID:2308

C:\Windows\System\zQwjCXh.exe
C:\Windows\System\zQwjCXh.exe
2⤵
PID:13592

C:\Windows\System\BxcVfsk.exe
C:\Windows\System\BxcVfsk.exe
2⤵
PID:12588

C:\Windows\System\MdjAwEf.exe
C:\Windows\System\MdjAwEf.exe
2⤵
PID:7060

C:\Windows\System\CwwzEWl.exe
C:\Windows\System\CwwzEWl.exe
2⤵
PID:1420

C:\Windows\System\OrICSSM.exe
C:\Windows\System\OrICSSM.exe
2⤵
PID:14240

C:\Windows\System\zydPsGI.exe
C:\Windows\System\zydPsGI.exe
2⤵
PID:13416

C:\Windows\System\unaZQPL.exe
C:\Windows\System\unaZQPL.exe
2⤵
PID:3924

C:\Windows\System\qrDyxXK.exe
C:\Windows\System\qrDyxXK.exe
2⤵
PID:13480

C:\Windows\System\LfGjtHz.exe
C:\Windows\System\LfGjtHz.exe
2⤵
PID:3884

C:\Windows\System\dfKSMMC.exe
C:\Windows\System\dfKSMMC.exe
2⤵
PID:5668

C:\Windows\System\rQUISxn.exe
C:\Windows\System\rQUISxn.exe
2⤵
PID:4948

C:\Windows\System\mgrgzMG.exe
C:\Windows\System\mgrgzMG.exe
2⤵
PID:13504

C:\Windows\System\oUYDOaa.exe
C:\Windows\System\oUYDOaa.exe
2⤵
PID:10532

C:\Windows\System\xxgTGrN.exe
C:\Windows\System\xxgTGrN.exe
2⤵
PID:14184

C:\Windows\System\JgEyJCd.exe
C:\Windows\System\JgEyJCd.exe
2⤵
PID:5496

C:\Windows\System\IRlsLRk.exe
C:\Windows\System\IRlsLRk.exe
2⤵
PID:3404

C:\Windows\System\vvMDSUH.exe
C:\Windows\System\vvMDSUH.exe
2⤵
PID:4008

C:\Windows\System\cBlpwNb.exe
C:\Windows\System\cBlpwNb.exe
2⤵
PID:4680

C:\Windows\System\nhtGhBf.exe
C:\Windows\System\nhtGhBf.exe
2⤵
PID:4884

C:\Windows\System\NhUjOAD.exe
C:\Windows\System\NhUjOAD.exe
2⤵
PID:1128

C:\Windows\System\rJvEEZM.exe
C:\Windows\System\rJvEEZM.exe
2⤵
PID:6540

C:\Windows\System\JMyWBjc.exe
C:\Windows\System\JMyWBjc.exe
2⤵
PID:224

C:\Windows\System\MGTkbkJ.exe
C:\Windows\System\MGTkbkJ.exe
2⤵
PID:4792

C:\Windows\System\WrYmhFl.exe
C:\Windows\System\WrYmhFl.exe
2⤵
PID:13512

C:\Windows\System\jrgIAwk.exe
C:\Windows\System\jrgIAwk.exe
2⤵
PID:5468

C:\Windows\System\vfdiJXg.exe
C:\Windows\System\vfdiJXg.exe
2⤵
PID:10696

C:\Windows\System\UamSLAu.exe
C:\Windows\System\UamSLAu.exe
2⤵
PID:13608

C:\Windows\System\kMpDqyo.exe
C:\Windows\System\kMpDqyo.exe
2⤵
PID:6420

C:\Windows\System\JwJOmZb.exe
C:\Windows\System\JwJOmZb.exe
2⤵
PID:6388

C:\Windows\System\pYVJrtc.exe
C:\Windows\System\pYVJrtc.exe
2⤵
PID:1992

C:\Windows\System\hITJKmH.exe
C:\Windows\System\hITJKmH.exe
2⤵
PID:7020

C:\Windows\System\aEuEaBR.exe
C:\Windows\System\aEuEaBR.exe
2⤵
PID:216

C:\Windows\System\pHNLKWj.exe
C:\Windows\System\pHNLKWj.exe
2⤵
PID:4496

C:\Windows\System\SRcFjvD.exe
C:\Windows\System\SRcFjvD.exe
2⤵
PID:13912

C:\Windows\System\RsSPtei.exe
C:\Windows\System\RsSPtei.exe
2⤵
PID:14352

C:\Windows\System\tzzhYfb.exe
C:\Windows\System\tzzhYfb.exe
2⤵
PID:14372

C:\Windows\System\dJzyTSQ.exe
C:\Windows\System\dJzyTSQ.exe
2⤵
PID:14388

C:\Windows\System\lPJENit.exe
C:\Windows\System\lPJENit.exe
2⤵
PID:14404

C:\Windows\System\vFXSlbM.exe
C:\Windows\System\vFXSlbM.exe
2⤵
PID:14420

C:\Windows\System\JhJhJDr.exe
C:\Windows\System\JhJhJDr.exe
2⤵
PID:14540

C:\Windows\System\VSigStG.exe
C:\Windows\System\VSigStG.exe
2⤵
PID:14660

C:\Windows\System\tRWhclQ.exe
C:\Windows\System\tRWhclQ.exe
2⤵
PID:14684

C:\Windows\System\zjAsGxk.exe
C:\Windows\System\zjAsGxk.exe
2⤵
PID:14708

C:\Windows\System\CYbKRLO.exe
C:\Windows\System\CYbKRLO.exe
2⤵
PID:14728

C:\Windows\System\foajfaj.exe
C:\Windows\System\foajfaj.exe
2⤵
PID:14748

C:\Windows\System\AKXGQDO.exe
C:\Windows\System\AKXGQDO.exe
2⤵
PID:14764

C:\Windows\System\hndLKPk.exe
C:\Windows\System\hndLKPk.exe
2⤵
PID:14784

C:\Windows\System\rUaoysQ.exe
C:\Windows\System\rUaoysQ.exe
2⤵
PID:14804

C:\Windows\System\OkiTLDU.exe
C:\Windows\System\OkiTLDU.exe
2⤵
PID:14824

C:\Windows\System\oMhudHK.exe
C:\Windows\System\oMhudHK.exe
2⤵
PID:14848

C:\Windows\System\mzgUmjL.exe
C:\Windows\System\mzgUmjL.exe
2⤵
PID:14872

C:\Windows\System\WlidmgM.exe
C:\Windows\System\WlidmgM.exe
2⤵
PID:14908

C:\Windows\System\DaTYAuq.exe
C:\Windows\System\DaTYAuq.exe
2⤵
PID:14928

C:\Windows\System\fxxCRgI.exe
C:\Windows\System\fxxCRgI.exe
2⤵
PID:14952

C:\Windows\System\oZTzJCh.exe
C:\Windows\System\oZTzJCh.exe
2⤵
PID:15132

C:\Windows\System\quCuwAm.exe
C:\Windows\System\quCuwAm.exe
2⤵
PID:15148

C:\Windows\System\WcpujFD.exe
C:\Windows\System\WcpujFD.exe
2⤵
PID:15292

C:\Windows\System\yiszKyl.exe
C:\Windows\System\yiszKyl.exe
2⤵
PID:15312

C:\Windows\System\wUNFdMe.exe
C:\Windows\System\wUNFdMe.exe
2⤵
PID:15336

C:\Windows\System\sjaJnZC.exe
C:\Windows\System\sjaJnZC.exe
2⤵
PID:15352

C:\Windows\System\tuOCITf.exe
C:\Windows\System\tuOCITf.exe
2⤵
PID:6408

C:\Windows\System\SsdyJYh.exe
C:\Windows\System\SsdyJYh.exe
2⤵
PID:4964

C:\Windows\System\YyouErq.exe
C:\Windows\System\YyouErq.exe
2⤵
PID:14020

C:\Windows\System\iyCghhh.exe
C:\Windows\System\iyCghhh.exe
2⤵
PID:13508

C:\Windows\System\gueyuZv.exe
C:\Windows\System\gueyuZv.exe
2⤵
PID:6604

C:\Windows\System\oJWzQIN.exe
C:\Windows\System\oJWzQIN.exe
2⤵
PID:6468

C:\Windows\System\PmPNURY.exe
C:\Windows\System\PmPNURY.exe
2⤵
PID:1376

C:\Windows\System\lWKJVbd.exe
C:\Windows\System\lWKJVbd.exe
2⤵
PID:2832

C:\Windows\System\EPQewBf.exe
C:\Windows\System\EPQewBf.exe
2⤵
PID:14344

C:\Windows\System\CRturfD.exe
C:\Windows\System\CRturfD.exe
2⤵
PID:6364

C:\Windows\System\GKkYZsR.exe
C:\Windows\System\GKkYZsR.exe
2⤵
PID:4628

C:\Windows\System\vTAjVZF.exe
C:\Windows\System\vTAjVZF.exe
2⤵
PID:14444

C:\Windows\System\nIViHQY.exe
C:\Windows\System\nIViHQY.exe
2⤵
PID:11180

C:\Windows\System\FGwHplM.exe
C:\Windows\System\FGwHplM.exe
2⤵
PID:2908

C:\Windows\System\oJPArrg.exe
C:\Windows\System\oJPArrg.exe
2⤵
PID:5388

C:\Windows\System\gqbZJun.exe
C:\Windows\System\gqbZJun.exe
2⤵
PID:6560

C:\Windows\System\wzQKdia.exe
C:\Windows\System\wzQKdia.exe
2⤵
PID:6184

C:\Windows\System\NjGURRP.exe
C:\Windows\System\NjGURRP.exe
2⤵
PID:14492

C:\Windows\System\owGPqNg.exe
C:\Windows\System\owGPqNg.exe
2⤵
PID:14396

C:\Windows\System\OgfFxeh.exe
C:\Windows\System\OgfFxeh.exe
2⤵
PID:3760

C:\Windows\System\kxFocga.exe
C:\Windows\System\kxFocga.exe
2⤵
PID:14600

C:\Windows\System\btZCCqa.exe
C:\Windows\System\btZCCqa.exe
2⤵
PID:14644

C:\Windows\System\gRbGnTY.exe
C:\Windows\System\gRbGnTY.exe
2⤵
PID:14680

C:\Windows\System\extCKpy.exe
C:\Windows\System\extCKpy.exe
2⤵
PID:6532

C:\Windows\System\VQLuPuv.exe
C:\Windows\System\VQLuPuv.exe
2⤵
PID:14796

C:\Windows\System\WAWJXLU.exe
C:\Windows\System\WAWJXLU.exe
2⤵
PID:14940

C:\Windows\System\MIpSDxg.exe
C:\Windows\System\MIpSDxg.exe
2⤵
PID:14980

C:\Windows\System\Poagtbq.exe
C:\Windows\System\Poagtbq.exe
2⤵
PID:6396

C:\Windows\System\XxBkitL.exe
C:\Windows\System\XxBkitL.exe
2⤵
PID:14816

C:\Windows\System\mmPeNdb.exe
C:\Windows\System\mmPeNdb.exe
2⤵
PID:14920

C:\Windows\System\svFeTgT.exe
C:\Windows\System\svFeTgT.exe
2⤵
PID:14656

C:\Windows\System\pRzEhne.exe
C:\Windows\System\pRzEhne.exe
2⤵
PID:6740

C:\Windows\System\whJxevu.exe
C:\Windows\System\whJxevu.exe
2⤵
PID:14792

C:\Windows\System\dTaxCRP.exe
C:\Windows\System\dTaxCRP.exe
2⤵
PID:15160

C:\Windows\System\VQxJCem.exe
C:\Windows\System\VQxJCem.exe
2⤵
PID:6240

C:\Windows\System\lIRpFFJ.exe
C:\Windows\System\lIRpFFJ.exe
2⤵
PID:6880

C:\Windows\System\aAwjXBJ.exe
C:\Windows\System\aAwjXBJ.exe
2⤵
PID:13316

C:\Windows\System\bBaEGyQ.exe
C:\Windows\System\bBaEGyQ.exe
2⤵
PID:6236

C:\Windows\System\QGdSive.exe
C:\Windows\System\QGdSive.exe
2⤵
PID:6940

C:\Windows\System\OIupOQy.exe
C:\Windows\System\OIupOQy.exe
2⤵
PID:6556

C:\Windows\System\yJOPvpX.exe
C:\Windows\System\yJOPvpX.exe
2⤵
PID:5144

C:\Windows\System\ACHvkFm.exe
C:\Windows\System\ACHvkFm.exe
2⤵
PID:14516

C:\Windows\System\GjsNFHU.exe
C:\Windows\System\GjsNFHU.exe
2⤵
PID:8144

C:\Windows\System\aWjmRMi.exe
C:\Windows\System\aWjmRMi.exe
2⤵
PID:15100

C:\Windows\System\rZKgoSy.exe
C:\Windows\System\rZKgoSy.exe
2⤵
PID:14460

C:\Windows\System\XOJnwGw.exe
C:\Windows\System\XOJnwGw.exe
2⤵
PID:6752

C:\Windows\System\AdiSnjF.exe
C:\Windows\System\AdiSnjF.exe
2⤵
PID:14364

C:\Windows\System\URyBGME.exe
C:\Windows\System\URyBGME.exe
2⤵
PID:11080

C:\Windows\System\KluURLi.exe
C:\Windows\System\KluURLi.exe
2⤵
PID:2640

C:\Windows\System\RBzsXQi.exe
C:\Windows\System\RBzsXQi.exe
2⤵
PID:5184

C:\Windows\System\igUToZm.exe
C:\Windows\System\igUToZm.exe
2⤵
PID:7316

C:\Windows\System\meNwadm.exe
C:\Windows\System\meNwadm.exe
2⤵
PID:7068

C:\Windows\System\HEMlhSl.exe
C:\Windows\System\HEMlhSl.exe
2⤵
PID:14740

C:\Windows\System\lYcoNhy.exe
C:\Windows\System\lYcoNhy.exe
2⤵
PID:14780

C:\Windows\System\KGAghdz.exe
C:\Windows\System\KGAghdz.exe
2⤵
PID:6840

C:\Windows\System\mNHjeYz.exe
C:\Windows\System\mNHjeYz.exe
2⤵
PID:6472

C:\Windows\System\FYKRflO.exe
C:\Windows\System\FYKRflO.exe
2⤵
PID:6816

C:\Windows\System\ToSeyEz.exe
C:\Windows\System\ToSeyEz.exe
2⤵
PID:8112

C:\Windows\System\APETgUS.exe
C:\Windows\System\APETgUS.exe
2⤵
PID:8444

C:\Windows\System\laQvDLa.exe
C:\Windows\System\laQvDLa.exe
2⤵
PID:15264

C:\Windows\System\hZcfJBq.exe
C:\Windows\System\hZcfJBq.exe
2⤵
PID:14704

C:\Windows\System\XTJrXVE.exe
C:\Windows\System\XTJrXVE.exe
2⤵
PID:7184

C:\Windows\System\eqQecWJ.exe
C:\Windows\System\eqQecWJ.exe
2⤵
PID:6924

C:\Windows\System\iOQQfoE.exe
C:\Windows\System\iOQQfoE.exe
2⤵
PID:8432

C:\Windows\System\vfrElFc.exe
C:\Windows\System\vfrElFc.exe
2⤵
PID:7252

C:\Windows\System\CwkAxfO.exe
C:\Windows\System\CwkAxfO.exe
2⤵
PID:15028

C:\Windows\System\GpVxzRd.exe
C:\Windows\System\GpVxzRd.exe
2⤵
PID:6776

C:\Windows\System\bTPyKLN.exe
C:\Windows\System\bTPyKLN.exe
2⤵
PID:14508

C:\Windows\System\JtMgqmJ.exe
C:\Windows\System\JtMgqmJ.exe
2⤵
PID:14368

C:\Windows\System\UsgNLZK.exe
C:\Windows\System\UsgNLZK.exe
2⤵
PID:7700

C:\Windows\System\ZrmyGZT.exe
C:\Windows\System\ZrmyGZT.exe
2⤵
PID:6976

C:\Windows\System\ZIXsDWf.exe
C:\Windows\System\ZIXsDWf.exe
2⤵
PID:14964

C:\Windows\System\WkVlihN.exe
C:\Windows\System\WkVlihN.exe
2⤵
PID:7824

C:\Windows\System\WzobTgY.exe
C:\Windows\System\WzobTgY.exe
2⤵
PID:14996

C:\Windows\System\tzmAIpi.exe
C:\Windows\System\tzmAIpi.exe
2⤵
PID:7212

C:\Windows\System\EICOWVd.exe
C:\Windows\System\EICOWVd.exe
2⤵
PID:9616

C:\Windows\System\JSprpBV.exe
C:\Windows\System\JSprpBV.exe
2⤵
PID:6156

C:\Windows\System\qHXcNEa.exe
C:\Windows\System\qHXcNEa.exe
2⤵
PID:15272

C:\Windows\System\iSbAzJY.exe
C:\Windows\System\iSbAzJY.exe
2⤵
PID:9488

C:\Windows\System\JkRtykJ.exe
C:\Windows\System\JkRtykJ.exe
2⤵
PID:14452

C:\Windows\System\sxPXpiN.exe
C:\Windows\System\sxPXpiN.exe
2⤵
PID:7464

C:\Windows\System\qixYzoO.exe
C:\Windows\System\qixYzoO.exe
2⤵
PID:9736

C:\Windows\System\uJFoUjd.exe
C:\Windows\System\uJFoUjd.exe
2⤵
PID:4388

C:\Windows\System\LJJrNjQ.exe
C:\Windows\System\LJJrNjQ.exe
2⤵
PID:9900

C:\Windows\System\FCztczG.exe
C:\Windows\System\FCztczG.exe
2⤵
PID:9684

C:\Windows\System\TSbsSxC.exe
C:\Windows\System\TSbsSxC.exe
2⤵
PID:13044

C:\Windows\System\GTNlrsw.exe
C:\Windows\System\GTNlrsw.exe
2⤵
PID:10748

C:\Windows\System\lezthwt.exe
C:\Windows\System\lezthwt.exe
2⤵
PID:12920

C:\Windows\System\nFMczDv.exe
C:\Windows\System\nFMczDv.exe
2⤵
PID:9300

C:\Windows\System\dcYFKtL.exe
C:\Windows\System\dcYFKtL.exe
2⤵
PID:9072

C:\Windows\System\BGddTxv.exe
C:\Windows\System\BGddTxv.exe
2⤵
PID:2560

C:\Windows\System\XeMydww.exe
C:\Windows\System\XeMydww.exe
2⤵
PID:7412

C:\Windows\System\ByGospn.exe
C:\Windows\System\ByGospn.exe
2⤵
PID:7444

C:\Windows\System\mwHNvhp.exe
C:\Windows\System\mwHNvhp.exe
2⤵
PID:6712

C:\Windows\System\cHNhOWJ.exe
C:\Windows\System\cHNhOWJ.exe
2⤵
PID:9748

C:\Windows\System\tvrQHyD.exe
C:\Windows\System\tvrQHyD.exe
2⤵
PID:9576

C:\Windows\System\evyNMDP.exe
C:\Windows\System\evyNMDP.exe
2⤵
PID:6728

C:\Windows\System\QPbTqJb.exe
C:\Windows\System\QPbTqJb.exe
2⤵
PID:9884

C:\Windows\System\uqpiIMG.exe
C:\Windows\System\uqpiIMG.exe
2⤵
PID:8316

C:\Windows\System\VuvQJzD.exe
C:\Windows\System\VuvQJzD.exe
2⤵
PID:9424

C:\Windows\System\SIyEHoh.exe
C:\Windows\System\SIyEHoh.exe
2⤵
PID:8644

C:\Windows\System\QWfudSR.exe
C:\Windows\System\QWfudSR.exe
2⤵
PID:10108

C:\Windows\System\qBcWLSP.exe
C:\Windows\System\qBcWLSP.exe
2⤵
PID:9972

C:\Windows\System\FYlzrGQ.exe
C:\Windows\System\FYlzrGQ.exe
2⤵
PID:8280

C:\Windows\System\xhrilyQ.exe
C:\Windows\System\xhrilyQ.exe
2⤵
PID:10168

C:\Windows\System\rKXCzTc.exe
C:\Windows\System\rKXCzTc.exe
2⤵
PID:9380

C:\Windows\System\BvuGSRs.exe
C:\Windows\System\BvuGSRs.exe
2⤵
PID:14548

C:\Windows\System\McOCyWb.exe
C:\Windows\System\McOCyWb.exe
2⤵
PID:5948

C:\Windows\System\aZQdDYl.exe
C:\Windows\System\aZQdDYl.exe
2⤵
PID:15348

C:\Windows\System\kuzsRRA.exe
C:\Windows\System\kuzsRRA.exe
2⤵
PID:9348

C:\Windows\System\DDHkvZK.exe
C:\Windows\System\DDHkvZK.exe
2⤵
PID:10136

C:\Windows\System\UTjtZZq.exe
C:\Windows\System\UTjtZZq.exe
2⤵
PID:9904

C:\Windows\System\wefccuq.exe
C:\Windows\System\wefccuq.exe
2⤵
PID:5200

C:\Windows\System\VHnQhIk.exe
C:\Windows\System\VHnQhIk.exe
2⤵
PID:6452

C:\Windows\System\PVsvOuh.exe
C:\Windows\System\PVsvOuh.exe
2⤵
PID:560

C:\Windows\System\VhjyNmM.exe
C:\Windows\System\VhjyNmM.exe
2⤵
PID:8088

C:\Windows\System\LADmzuT.exe
C:\Windows\System\LADmzuT.exe
2⤵
PID:15056

C:\Windows\System\lfmkyOr.exe
C:\Windows\System\lfmkyOr.exe
2⤵
PID:11244

C:\Windows\System\PMaVhpR.exe
C:\Windows\System\PMaVhpR.exe
2⤵
PID:13156

C:\Windows\System\JVqzCEI.exe
C:\Windows\System\JVqzCEI.exe
2⤵
PID:12360

C:\Windows\System\yWlzoTp.exe
C:\Windows\System\yWlzoTp.exe
2⤵
PID:12440

C:\Windows\System\BhdHOEm.exe
C:\Windows\System\BhdHOEm.exe
2⤵
PID:9800

C:\Windows\System\VcxMRvC.exe
C:\Windows\System\VcxMRvC.exe
2⤵
PID:7292

C:\Windows\System\TtIkRBb.exe
C:\Windows\System\TtIkRBb.exe
2⤵
PID:10840

C:\Windows\System\ZpuIzxO.exe
C:\Windows\System\ZpuIzxO.exe
2⤵
PID:12940

C:\Windows\System\VTiSbrJ.exe
C:\Windows\System\VTiSbrJ.exe
2⤵
PID:11524

C:\Windows\System\bQyTTUb.exe
C:\Windows\System\bQyTTUb.exe
2⤵
PID:10432

C:\Windows\System\NOlZgGF.exe
C:\Windows\System\NOlZgGF.exe
2⤵
PID:9624

C:\Windows\System\PZMjJLL.exe
C:\Windows\System\PZMjJLL.exe
2⤵
PID:12780

C:\Windows\System\YuPOehg.exe
C:\Windows\System\YuPOehg.exe
2⤵
PID:13104

C:\Windows\System\IflNvZx.exe
C:\Windows\System\IflNvZx.exe
2⤵
PID:11432

C:\Windows\System\yGMLybC.exe
C:\Windows\System\yGMLybC.exe
2⤵
PID:12776

C:\Windows\System\cXecYhq.exe
C:\Windows\System\cXecYhq.exe
2⤵
PID:9916

C:\Windows\System\ZGRbzhq.exe
C:\Windows\System\ZGRbzhq.exe
2⤵
PID:13272

C:\Windows\System\YonyxnS.exe
C:\Windows\System\YonyxnS.exe
2⤵
PID:10140

C:\Windows\System\HrVuUwa.exe
C:\Windows\System\HrVuUwa.exe
2⤵
PID:11132

C:\Windows\System\DctWuMG.exe
C:\Windows\System\DctWuMG.exe
2⤵
PID:9192

C:\Windows\System\btxvaMw.exe
C:\Windows\System\btxvaMw.exe
2⤵
PID:10156

C:\Windows\System\GMbUFht.exe
C:\Windows\System\GMbUFht.exe
2⤵
PID:10852

C:\Windows\System\mYxbvoO.exe
C:\Windows\System\mYxbvoO.exe
2⤵
PID:8952

C:\Windows\System\LCcexig.exe
C:\Windows\System\LCcexig.exe
2⤵
PID:6432

C:\Windows\System\vOwxrTk.exe
C:\Windows\System\vOwxrTk.exe
2⤵
PID:9376

C:\Windows\System\zKzWtxS.exe
C:\Windows\System\zKzWtxS.exe
2⤵
PID:9968

C:\Windows\System\jcQLsMf.exe
C:\Windows\System\jcQLsMf.exe
2⤵
PID:6304

C:\Windows\System\djKGBmA.exe
C:\Windows\System\djKGBmA.exe
2⤵
PID:9764

C:\Windows\System\WWeHgeF.exe
C:\Windows\System\WWeHgeF.exe
2⤵
PID:9468

C:\Windows\System\MGYkTSR.exe
C:\Windows\System\MGYkTSR.exe
2⤵
PID:7868

C:\Windows\System\SlNkmDt.exe
C:\Windows\System\SlNkmDt.exe
2⤵
PID:7688

C:\Windows\System\vJdURzX.exe
C:\Windows\System\vJdURzX.exe
2⤵
PID:15368

C:\Windows\System\ANDCHMy.exe
C:\Windows\System\ANDCHMy.exe
2⤵
PID:15388

C:\Windows\System\fOmRiwi.exe
C:\Windows\System\fOmRiwi.exe
2⤵
PID:15636

C:\Windows\System\MewdYcr.exe
C:\Windows\System\MewdYcr.exe
2⤵
PID:15656

C:\Windows\System\lgVElgT.exe
C:\Windows\System\lgVElgT.exe
2⤵
PID:15676

C:\Windows\System\stDjweF.exe
C:\Windows\System\stDjweF.exe
2⤵
PID:15692

C:\Windows\System\jVdqdTN.exe
C:\Windows\System\jVdqdTN.exe
2⤵
PID:15716

C:\Windows\System\zUzTUNF.exe
C:\Windows\System\zUzTUNF.exe
2⤵
PID:13064

C:\Windows\System\gVdxtJG.exe
C:\Windows\System\gVdxtJG.exe
2⤵
PID:8976

C:\Windows\System\obDIjtN.exe
C:\Windows\System\obDIjtN.exe
2⤵
PID:8232

C:\Windows\System\QaInuOb.exe
C:\Windows\System\QaInuOb.exe
2⤵
PID:10328

C:\Windows\System\wAWHKok.exe
C:\Windows\System\wAWHKok.exe
2⤵
PID:9588

C:\Windows\System\TcrZYkm.exe
C:\Windows\System\TcrZYkm.exe
2⤵
PID:7928

C:\Windows\System\WTaodxz.exe
C:\Windows\System\WTaodxz.exe
2⤵
PID:7196

C:\Windows\System\NymncRQ.exe
C:\Windows\System\NymncRQ.exe
2⤵
PID:9836

C:\Windows\System\AfVQydT.exe
C:\Windows\System\AfVQydT.exe
2⤵
PID:10084

C:\Windows\System\jJZkLuU.exe
C:\Windows\System\jJZkLuU.exe
2⤵
PID:10120

C:\Windows\System\kBicXxj.exe
C:\Windows\System\kBicXxj.exe
2⤵
PID:12172

C:\Windows\System\yrVVQfQ.exe
C:\Windows\System\yrVVQfQ.exe
2⤵
PID:10180

C:\Windows\System\mwjRNUp.exe
C:\Windows\System\mwjRNUp.exe
2⤵
PID:12336

C:\Windows\System\bSrAnku.exe
C:\Windows\System\bSrAnku.exe
2⤵
PID:12264

C:\Windows\System\nInGpTS.exe
C:\Windows\System\nInGpTS.exe
2⤵
PID:10444

C:\Windows\System\Waglqao.exe
C:\Windows\System\Waglqao.exe
2⤵
PID:10648

C:\Windows\System\KxAGZMC.exe
C:\Windows\System\KxAGZMC.exe
2⤵
PID:10100

C:\Windows\System\VwCTTsS.exe
C:\Windows\System\VwCTTsS.exe
2⤵
PID:9612

C:\Windows\System\yDcREVJ.exe
C:\Windows\System\yDcREVJ.exe
2⤵
PID:9956

C:\Windows\System\GhMkWiD.exe
C:\Windows\System\GhMkWiD.exe
2⤵
PID:9404

C:\Windows\System\DXdMzRJ.exe
C:\Windows\System\DXdMzRJ.exe
2⤵
PID:7080

C:\Windows\System\ZJYmjYz.exe
C:\Windows\System\ZJYmjYz.exe
2⤵
PID:10000

C:\Windows\System\ZsjSnsk.exe
C:\Windows\System\ZsjSnsk.exe
2⤵
PID:11136

C:\Windows\System\ePJGphS.exe
C:\Windows\System\ePJGphS.exe
2⤵
PID:15712

C:\Windows\System\eIpYTmP.exe
C:\Windows\System\eIpYTmP.exe
2⤵
PID:9952

C:\Windows\System\OFFSQoE.exe
C:\Windows\System\OFFSQoE.exe
2⤵
PID:6260

C:\Windows\System\nlcAGwe.exe
C:\Windows\System\nlcAGwe.exe
2⤵
PID:13032

C:\Windows\System\lWSeBYH.exe
C:\Windows\System\lWSeBYH.exe
2⤵
PID:7172

C:\Windows\System\vvJDYiP.exe
C:\Windows\System\vvJDYiP.exe
2⤵
PID:7652

C:\Windows\System\LIsbTsa.exe
C:\Windows\System\LIsbTsa.exe
2⤵
PID:10920

C:\Windows\System\WsAHBTs.exe
C:\Windows\System\WsAHBTs.exe
2⤵
PID:15768

C:\Windows\System\grThmGW.exe
C:\Windows\System\grThmGW.exe
2⤵
PID:12232

C:\Windows\System\aZKDUgG.exe
C:\Windows\System\aZKDUgG.exe
2⤵
PID:6456

C:\Windows\System\ijouydT.exe
C:\Windows\System\ijouydT.exe
2⤵
PID:15464

C:\Windows\System\mrtaPYx.exe
C:\Windows\System\mrtaPYx.exe
2⤵
PID:15908

C:\Windows\System\NMZpJoe.exe
C:\Windows\System\NMZpJoe.exe
2⤵
PID:8020

C:\Windows\System\WvwHHsd.exe
C:\Windows\System\WvwHHsd.exe
2⤵
PID:11464

C:\Windows\System\SYMetXB.exe
C:\Windows\System\SYMetXB.exe
2⤵
PID:11628

C:\Windows\System\aUFzwxU.exe
C:\Windows\System\aUFzwxU.exe
2⤵
PID:15596

C:\Windows\System\axAenAw.exe
C:\Windows\System\axAenAw.exe
2⤵
PID:15620

C:\Windows\System\PQuAuEq.exe
C:\Windows\System\PQuAuEq.exe
2⤵
PID:15672

C:\Windows\System\hyWwIaD.exe
C:\Windows\System\hyWwIaD.exe
2⤵
PID:15444

C:\Windows\System\NaoVMla.exe
C:\Windows\System\NaoVMla.exe
2⤵
PID:15916

C:\Windows\System\WLAaVBZ.exe
C:\Windows\System\WLAaVBZ.exe
2⤵
PID:10264

C:\Windows\System\TiUnpSW.exe
C:\Windows\System\TiUnpSW.exe
2⤵
PID:11488

C:\Windows\System\ZEReswC.exe
C:\Windows\System\ZEReswC.exe
2⤵
PID:11528

C:\Windows\System\eiHxvhZ.exe
C:\Windows\System\eiHxvhZ.exe
2⤵
PID:11468

C:\Windows\System\dkcAVUX.exe
C:\Windows\System\dkcAVUX.exe
2⤵
PID:8320

C:\Windows\System\ZkvpIxk.exe
C:\Windows\System\ZkvpIxk.exe
2⤵
PID:16256

C:\Windows\System\XYxUEMN.exe
C:\Windows\System\XYxUEMN.exe
2⤵
PID:8068

C:\Windows\System\Zdbjkxn.exe
C:\Windows\System\Zdbjkxn.exe
2⤵
PID:16284

C:\Windows\System\sLXmAfJ.exe
C:\Windows\System\sLXmAfJ.exe
2⤵
PID:16288

C:\Windows\System\VTnRTsl.exe
C:\Windows\System\VTnRTsl.exe
2⤵
PID:15860

C:\Windows\System\mOWytfK.exe
C:\Windows\System\mOWytfK.exe
2⤵
PID:9240

C:\Windows\System\RXSUcJy.exe
C:\Windows\System\RXSUcJy.exe
2⤵
PID:10436

C:\Windows\System\txNQhKJ.exe
C:\Windows\System\txNQhKJ.exe
2⤵
PID:11248

C:\Windows\System\KoHEbCs.exe
C:\Windows\System\KoHEbCs.exe
2⤵
PID:12112

C:\Windows\System\neCDgGk.exe
C:\Windows\System\neCDgGk.exe
2⤵
PID:10656

C:\Windows\System\ZjuInSP.exe
C:\Windows\System\ZjuInSP.exe
2⤵
PID:10308

C:\Windows\System\UCcggFM.exe
C:\Windows\System\UCcggFM.exe
2⤵
PID:13196

C:\Windows\System\BwTlJpL.exe
C:\Windows\System\BwTlJpL.exe
2⤵
PID:10336

C:\Windows\System\xymwzTC.exe
C:\Windows\System\xymwzTC.exe
2⤵
PID:11504

C:\Windows\System\GkGNbKm.exe
C:\Windows\System\GkGNbKm.exe
2⤵
PID:6116

C:\Windows\System\CDhtEIt.exe
C:\Windows\System\CDhtEIt.exe
2⤵
PID:11936

C:\Windows\System\Jmvsfuv.exe
C:\Windows\System\Jmvsfuv.exe
2⤵
PID:12832

C:\Windows\System\qJjVoFh.exe
C:\Windows\System\qJjVoFh.exe
2⤵
PID:12672

C:\Windows\System\KfTwrTh.exe
C:\Windows\System\KfTwrTh.exe
2⤵
PID:16220

C:\Windows\System\dpWMDkb.exe
C:\Windows\System\dpWMDkb.exe
2⤵
PID:13132

C:\Windows\System\JmdiTpK.exe
C:\Windows\System\JmdiTpK.exe
2⤵
PID:16316

C:\Windows\System\JUDsYzd.exe
C:\Windows\System\JUDsYzd.exe
2⤵
PID:16356

C:\Windows\System\kZnXnCb.exe
C:\Windows\System\kZnXnCb.exe
2⤵
PID:7648

C:\Windows\System\JHHvTsD.exe
C:\Windows\System\JHHvTsD.exe
2⤵
PID:9608

C:\Windows\System\ABCUpcf.exe
C:\Windows\System\ABCUpcf.exe
2⤵
PID:9444

C:\Windows\System\gOxhJSQ.exe
C:\Windows\System\gOxhJSQ.exe
2⤵
PID:13976

C:\Windows\System\MuSywjM.exe
C:\Windows\System\MuSywjM.exe
2⤵
PID:9856

C:\Windows\System\oQXyaBZ.exe
C:\Windows\System\oQXyaBZ.exe
2⤵
PID:8992

C:\Windows\System\casQUux.exe
C:\Windows\System\casQUux.exe
2⤵
PID:15424

C:\Windows\System\XhhmrwR.exe
C:\Windows\System\XhhmrwR.exe
2⤵
PID:8000

C:\Windows\System\artIMLB.exe
C:\Windows\System\artIMLB.exe
2⤵
PID:8324

C:\Windows\System\rXpFGAP.exe
C:\Windows\System\rXpFGAP.exe
2⤵
PID:10196

C:\Windows\System\SATZAtK.exe
C:\Windows\System\SATZAtK.exe
2⤵
PID:13052

C:\Windows\System\AvCcWUD.exe
C:\Windows\System\AvCcWUD.exe
2⤵
PID:1492

C:\Windows\System\utwsgjs.exe
C:\Windows\System\utwsgjs.exe
2⤵
PID:5268

C:\Windows\System\ZyToUea.exe
C:\Windows\System\ZyToUea.exe
2⤵
PID:13048

C:\Windows\System\VLMBPjE.exe
C:\Windows\System\VLMBPjE.exe
2⤵
PID:13036

C:\Windows\System\xNViQMG.exe
C:\Windows\System\xNViQMG.exe
2⤵
PID:9200

C:\Windows\System\vhmezxd.exe
C:\Windows\System\vhmezxd.exe
2⤵
PID:9096

C:\Windows\System\xRUEJmJ.exe
C:\Windows\System\xRUEJmJ.exe
2⤵
PID:10972

C:\Windows\System\EreicGu.exe
C:\Windows\System\EreicGu.exe
2⤵
PID:15432

C:\Windows\System\LITOInr.exe
C:\Windows\System\LITOInr.exe
2⤵
PID:12168

C:\Windows\System\zoClOhh.exe
C:\Windows\System\zoClOhh.exe
2⤵
PID:4588

C:\Windows\System\WFxTJkb.exe
C:\Windows\System\WFxTJkb.exe
2⤵
PID:12840

C:\Windows\System\aoudcgK.exe
C:\Windows\System\aoudcgK.exe
2⤵
PID:9212

C:\Windows\System\lSfNAAn.exe
C:\Windows\System\lSfNAAn.exe
2⤵
PID:6592

C:\Windows\System\FJEZymP.exe
C:\Windows\System\FJEZymP.exe
2⤵
PID:15376

C:\Windows\System\nSvkyWD.exe
C:\Windows\System\nSvkyWD.exe
2⤵
PID:8072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5296 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
1⤵
PID:11892

C:\Windows\system32\WerFaultSecure.exe
"C:\Windows\system32\WerFaultSecure.exe" -protectedcrash -p 10296 -i 10296 -h 572 -j 564 -s 428 -d 12064
1⤵
PID:5824

C:\Windows\system32\WerFaultSecure.exe
C:\Windows\system32\WerFaultSecure.exe -u -p 10296 -s 596
1⤵
PID:9964

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_blonz4dz.fsi.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\Ajsshjw.exe
Filesize
1.7MB

MD5
196c7e3513f424ea03be8b01b2e21b9d

SHA1
558ce3a90944906b51d7b27804f68522dc227713

SHA256
b0bb421f53950ae59d8565c29f03210b07e0e0386754d906ef02b63978cd613a

SHA512
095ee707c67fc0f5437e0179e1123a87cbaacb4d87a65001218f374a0422a512162d37c06ba2b2dd24c39f71dc2153b210bc4e11bbcca15f8507f219028bf4ac

Download Submit
C:\Windows\System\BDcvcNb.exe
Filesize
1.7MB

MD5
10f41ad611fb46fcab4ef9c1e24cb10e

SHA1
51432e92bdb7f63a62685eabf245c5dd3efb071f

SHA256
b0d85e5074009dc7b0b620a5b837068bb2dc6bb1d3548d4bfcce9a65583d4f63

SHA512
262e1822cbf718a2b05637f9eec42cb745f514ffd3493d65b53d94e07f94b2fec3439837d6824ca4889e0dcd2f20c5e62bf9826c543f950e57b2bd5fbc293163

Download Submit
C:\Windows\System\CFJhyti.exe
Filesize
1.7MB

MD5
ab90a74221dc47617783cf313c8772f0

SHA1
101b2af9b3f28496b350fa051470713ac9bb7c61

SHA256
df34bb54a03926b2851bda6482f0a795f2e2704431f124cdb823a680596a621e

SHA512
c3e521320b2c395fb96626f6b8bdea25b2fc4fddb56fa4f14c6f2b5c47f6b41caca92b6fe405e7ffa14fd3426a8bc0d0642df1e9d036aaaa3d430bd769edefe1

Download Submit
C:\Windows\System\DygsTHF.exe
Filesize
1.7MB

MD5
d718952f849ecafb346cf5ba23872354

SHA1
e2b41e38ede33bddc0c9936258bc90f981cc4ece

SHA256
827f0be2a040e6e1fdfa9543a8145823481ffdc912e17698767da74e3c87eec1

SHA512
d7668d8cacfe8a1d4e58ddd0e476b42e684857c6d734414b8be39124e0743246454f214d37fb6f467958eb88553352c49f143710a13ce8e321bce4e084a72db4

Download Submit
C:\Windows\System\FiZvsLq.exe
Filesize
1.7MB

MD5
71dc65dc5e123c8ec6745430255bf056

SHA1
262cb067b927ca17fc59b76889741133e4da44e8

SHA256
8417f40fc717205edbf27277187c04bbd87879ee9bbc1fb63ded5d3384166ec8

SHA512
a8bb7890757f625a357c8f5272fd89605326c0b3d257fb2d6dfed371843b963ae76dc65db1393bbff9792736edab4cf203cf79fe4c7e458093e089ab777fb7e7

Download Submit
C:\Windows\System\HqynVRK.exe
Filesize
1.7MB

MD5
08eb5949baf962eba712c9a90a71d53c

SHA1
aa51ce97c8d3ef65f9cce10869cdb73aba46fa3e

SHA256
da6d04bf8e9ae846df228b6d7397c77879c78ccfff3bb7590c5d22b873c640a0

SHA512
70eb620cb2414a01f7281238cc633eabbf2bf5774dc0bee5cbabb18dd2862191cd00c98ba8f619549fb4ed602476ef914b796fe92acec3165d6672d8ca14f589

Download Submit
C:\Windows\System\MDelRhP.exe
Filesize
1.7MB

MD5
354fe4e6667e74b4fc687774e41eaac9

SHA1
0d935dd52b9430cbf0dd9998690487665994a1ba

SHA256
6d13a650103f8108e1ecac45784ae590819250de6af5352cb424af6f95893072

SHA512
b40ff4ffd42e23a3c800a0b9290643bebe6d933e39265cae6a52b2faa2eaf3cb8a9c688cb4808675bb5eabb7927465afead7827e762bc786beac4c6e146fd7fc

Download Submit
C:\Windows\System\MmhnPXV.exe
Filesize
1.7MB

MD5
bc9a588919401759c504b5231f2a6791

SHA1
61cfcd24c5a5e52ab769bb8c0cde79768eea523a

SHA256
1abe9f6573ec6f376f6fbe01a3a68e1e98c5965862a46e6bd4495ddb8bfd4270

SHA512
352f4280809a25465e767201afb190f848ca6ffd3862abb583c788813133e23ed86dc6b04264b33d2e8af08c6a79f747bdd65ad3833122a3149f56e0b941b4da

Download Submit
C:\Windows\System\PuvCSsU.exe
Filesize
1.7MB

MD5
3095d5a0c2d37ba6c2b4e58f48f0c998

SHA1
717fc3c6b86a1e3d19ae10434f8074d859b3f85f

SHA256
78a6e7b931cc3426d4196473ef6761918889f1abda623bee8c05cddc15768c74

SHA512
c000db9d30f2a44aa3e180642478166220aa5dd70d36eb200ea130caf9c6e834515962a249a244ed40853e3c534f9f0d1f43310814adda1359887f9d13a3a6a6

Download Submit
C:\Windows\System\QPJAYPL.exe
Filesize
1.7MB

MD5
b43fa9e9e9b561c6b4f25cda9e7d38d2

SHA1
e23545a14df6916d93654b9356d225fec4e052e2

SHA256
2c8dc7bc2f177b48a777c009a52d91200b4815e79dfdd7d4bd1136e393225afa

SHA512
ddf66a51e4019153171e6d0d05873d691e6f49da6d4f9bf2be877baea7ba04fa54f3af6f16852ab3666e9aff4e93ba42622be44b17657b47059a6af30f76ccfa

Download Submit
C:\Windows\System\QwkzTrz.exe
Filesize
1.7MB

MD5
01e761bc5e09841f3754a9a364bf59ee

SHA1
9321cfe6a7881c5a3ab8c2922a11a2d0378e783d

SHA256
2c3838a032c61982fcab4f285d0930b5646a597d9151649fec7c93c97b2b9753

SHA512
f0ea5ee4d9c35f62214d47a2cad802fddd541e52b070c8cb74c8ed1931a667556291dbb261f5d50dad1d9cb18c0636eb83cad5ea235e7186fab263ade8ca34be

Download Submit
C:\Windows\System\RVxrnoC.exe
Filesize
1.7MB

MD5
6f2a86e2dd22c6ef85ffcecb9d712f8e

SHA1
80362d779a708f6e90871c08dab84858ecc3adcc

SHA256
1b285279f0f2b8ceb0d7b292472b0654efee885c8260f8018f0e6e52c11733e7

SHA512
63230552ea3cfc50117015e4323cd0663c807962b47f61253de297263fcb7f1b810f666f7799a30b413f39e64fee6afaaf2102c20c5f08f45be2960acf44ccc1

Download Submit
C:\Windows\System\TYFwmUM.exe
Filesize
1.7MB

MD5
f0b69686398df7ae0264596727a80c28

SHA1
b38bbd6fbfda7109f51e54fd17b5c52bde6c5e6d

SHA256
73fa7637611118f0eaca975cd4be6ca176c6fc92a39d7be7186c58fb7a631404

SHA512
fff8b0044c8a08bb12acd1c9ceadad88cd95e376c10d84c8f46c700b4f504106860cc209524a2e235cce166c520cd8096eb5a2979eadae3f638fb91691c144da

Download Submit
C:\Windows\System\TxHBRVu.exe
Filesize
1.7MB

MD5
0c03c98699fa39e4b7cb4ae5718350dc

SHA1
dfcb9a36f3278c273e59cbd50d14f65e01ba18a3

SHA256
2404221d52fa8f2112ba938df371753c0126ea56f6b25fda3799aa7b1c164840

SHA512
be23dd68d70a76d23f2987e70e8136298060f7c6090e6030ad601352fb30fc6ac109889ebcaa9ba2c9a9a248541bd91aa141fcf5fd196bd999a49395648addfd

Download Submit
C:\Windows\System\URwvArB.exe
Filesize
1.7MB

MD5
194872229581f5df955a5992f6b9d3f8

SHA1
ce7f97b2b717dc0793932902e8436ebf9696d5ab

SHA256
1a4664ffb78a72458e58af2009121d5f194ead85c9a308f51c6d850ad3ed2d0d

SHA512
a91133bbbb938d29ff136f81b64342a42f6e43eec0865537c231f60ea217fb6eef245b758ba3cb06f6db3d431671f356b1a9b2460b757c21468d694ec85dd32b

Download Submit
C:\Windows\System\UnXJqnh.exe
Filesize
1.7MB

MD5
db52dae4de548d6c69985d4861ec2295

SHA1
4da7c77d5c4927d2747ee0a724fddee8a92ea141

SHA256
9bb01079349260538508895f7dbd769599ced0d00fbfd137f0abfe9ca8568712

SHA512
d6002d2488894ac894c4627c574941a5d7e15b51b9e6861c6d8edb3aa0c0c8686344a54e043a412a4134785dd9313889cdd4508a1bfbbd568d968333709ea1c3

Download Submit
C:\Windows\System\Uqdjdda.exe
Filesize
1.7MB

MD5
482dd93f3dd3f3e9b28aae1676860b06

SHA1
75bcf878fc3fb3360c76cd2e4040838807a0c9dd

SHA256
d9c807b323e9e6150e54ee46320a75f411f06dcdd3d75fff1587dddc8786d919

SHA512
4d9fa9e2a51e6238c20345ef8fee013f6c49ab8b5e52443b98f8bbeb570a7505a43a4eb15bce621d733d26ff5d4f7421ee36c649302fc958c6b3b5dc5991664b

Download Submit
C:\Windows\System\VgPGsCn.exe
Filesize
1.7MB

MD5
6feceb0d942b639f1e6b5f994b6f75ad

SHA1
4bcd14b863a8e6f59cd7998d637c5813ffc136a7

SHA256
bfe93f07755ff19dcd37b8cf72121b384f7e58948d809f09406d700541a6c9db

SHA512
4c99fc7ba6209cf289fd2db73b0ecef7db40738fd6fe7dec35e37a8ce919215d755ab580c7d8f420b7fd32d7fcad5d5dcde029b4ff8958deeb8f31ca64fe6613

Download Submit
C:\Windows\System\WLyNlOI.exe
Filesize
1.7MB

MD5
bbd18210d8acbb9a70449bdc2739b9cd

SHA1
49e6c10e163e6d597c5a79517fe2c9bae180510d

SHA256
66927daffe7b757c8c045e96eaea2b0c6dd62bf21476d67553af74508c9e7e30

SHA512
4c7b5a3faba0583ee4cd3e49af1deba881cb604affcb836c972fba4e6c0ecd7a81af95cfe1e67950c5804ae623f8fc13c9bc64671da395c5558ed7093ec9ee13

Download Submit
C:\Windows\System\WeiRNaP.exe
Filesize
1.7MB

MD5
fb5690a699d4cb591863317f0a864db1

SHA1
ddaac11db477a918b869d70527446add54ebf5ba

SHA256
2bd59ae2d6c14973de2b1c84e586e59d90da57fec1a59d78e17a4f3cc74566dc

SHA512
f2cabda99bc799c122d2ec28dfc5970ab262fafa21d0f63746ba62924f67c0a3cd513b54c24554d3ce2e5dbc730514b45fe51ca10c531b4c2d19516597c17572

Download Submit
C:\Windows\System\aibPgJP.exe
Filesize
1.7MB

MD5
cbf7848d582fb63871716cb287deac1d

SHA1
c6f61eb873f91febb5e94995a2aeef64383974f9

SHA256
ca365ac4671bd6b56440fb773ace6d49cbb74663fff8163cfbf64593c9c15464

SHA512
c2d9b34e3d151480e800c1178e03c07116f59f97939b6efae20c671dc5c45c5de259bb9affc157b8e0c0e5035f292ab12b8cce7e9841f61d74fc51c7248963a4

Download Submit
C:\Windows\System\ajrlzUc.exe
Filesize
1.7MB

MD5
98b9cd9a08f0663c86126e494cb3c118

SHA1
183e9169929ffbab3c94370cc18a186dc7d49148

SHA256
2a1510ba4ca6ed695e89aebb348d82970f527c912e50c1b4b92a7130069fd907

SHA512
5671c8244fcce89e4df60b367eb78a0fe91d4d3d118aabe64db0700e5d9e6b616d171a6a4f89fb9ab2b3bdc8d13cbe3d439d86890f651cc4acfea7aff0504c91

Download Submit
C:\Windows\System\iofuoKI.exe
Filesize
1.7MB

MD5
107b8880c26646c6e4a38f053c2a14e3

SHA1
52611e26830eb61019a270b6f48fd5ace68bcf30

SHA256
0f8cd1708d7995a06a00d345cc91c628c2741e7c9fa64435526e877d04f751e7

SHA512
e35193205bd4849b93c3d1c6783ee02f12eb8a9d410be90b5691de918f0c275245795afe2debf957b1796fd861e2492283c517e9591f5779d8203ab277b31fd3

Download Submit
C:\Windows\System\jHHiyJi.exe
Filesize
1.7MB

MD5
a778077f1e727baa20b8805e69a45a35

SHA1
0f16fcbd6797e0189de594dfa409660e0f3cc5cf

SHA256
148ab641f8bd6eadd60ad6f117bb3c0c4e9258fc5731779b420d777f87ae685b

SHA512
97f34fe945d15c739b17006097072cc43b5e638b1aa91b63b858de72d43b0b96b340c938f002a1bdeb53d6078b23cf9d5191c3d79dfa26078f4c724fed9799e6

Download Submit
C:\Windows\System\jqgddeS.exe
Filesize
1.7MB

MD5
0fd8bdcda7f453af2e6c2d3a220f7724

SHA1
82fad0534a408fe699a02aa17a5ff454acccd60d

SHA256
458e8428f16d4be745e438694ac581df453269876a5b9d1eb19bd7c6f8ce2acc

SHA512
1b3b148f84d48ea1dca7ff3dfb00918380711fb9358ba231b6a9f9930959e8009d8522c281d09dbd8767ef32df7a0449780a9d53a4699c9eee3d507fea4b1264

Download Submit
C:\Windows\System\mLZHZeK.exe
Filesize
1.7MB

MD5
840c851ca86d14e81600871e0567f792

SHA1
31371fea0654fb9033bf914f130d7cdbf84ee652

SHA256
9bca2709785234fc14fee32dda6a6ce717ef88fdf989d4157b273c1b4f5a3b64

SHA512
0b5090ba5935004aa984fef21f3059e7d3f9cc6eb73167d790fff054a41f1855dabdc27a22198bcfb573eeab0bc95b52b7eca59d07cdefb00228ff83ef812268

Download Submit
C:\Windows\System\mYaIwnt.exe
Filesize
1.7MB

MD5
13b2461f59711a328cf9fbe8f0db2620

SHA1
199e1ecaf48599829122a1c6e43bc9e790aaa592

SHA256
61e3ff29b6ed132598e975e78037e64205976fb6bf27390a9a1252d4223956aa

SHA512
ad910b6e64a01287ea38d4fada8b00f592f2afbe1e1c13f4ff824dbdaff5612e7e0d41ae9c03ff4714bb93068bc4a00891e02723d7d2a9140e2150694b3afeef

Download Submit
C:\Windows\System\oesYqty.exe
Filesize
1.7MB

MD5
4a09780cc297101b04fd6c0cd64a7a1e

SHA1
52960563c0d69286da6dfeacbfffa07c33712af8

SHA256
d90e8dcc684b39e6606a74f4a9e3ef532922e1c3ee0ba4e98884fec4a247719a

SHA512
3e7f99e4acc3f55b7d802e859bcafab9598bbbe903bdad22c2a852f8f2dd00c46526566d463c29d0beef95c0ac6e7fb22b8ef2cd15474cb6afc4cc590c1d9113

Download Submit
C:\Windows\System\rEXmTQR.exe
Filesize
1.7MB

MD5
49ec113a94a1d26d2cdbf3acb86272d5

SHA1
7034ca71f9f69a1b5cb92909449695ea16971648

SHA256
5a404946dd88e3784c7990a128be5502f6a977dbbc055b84a7e9dd1eb46b9cfb

SHA512
f517281808ac32c324be9e213d2171c0f1f8b64e7447010facf9402a383c4ea3dd90d270c23912b51402898e7b4ae1c46470444c961059d6c9d7c1b7be905b63

Download Submit
C:\Windows\System\tYaUuos.exe
Filesize
1.7MB

MD5
450b92a6f9bcaf81d5e63158055f265d

SHA1
b5c865f7963d70bfc05bf048a5ff8d70984ae0e8

SHA256
1cf2190e4e28027a4623d55ef5eff9ad4530a06a231d28f1aad8c250152802fa

SHA512
1e3d11c74b343d3aed9cae3075d69cddf535edf6ffa1efc4f8b3a58291dd0c99faa3f0fc748fab381f969560a21f47e2e3ac6b6097893c9cefbab38647ab632a

Download Submit
C:\Windows\System\uPWiSit.exe
Filesize
1.7MB

MD5
a75a5c0b74bb4449267515b0f3adc389

SHA1
793a99102c7254d94f66160ab1520e24d7cee598

SHA256
9d462e9e045a7e92529dae12ec6267085494b782322254b8b3298b711f710dca

SHA512
600e93bd42b365b3d15bf5428f8be97f997317fda23ceedccaba4814e7759145a3e23099e265b5ac72374afdb27e12d3c2240c34e081646da6d4da901f03b59a

Download Submit
C:\Windows\System\wXaCHSY.exe
Filesize
1.7MB

MD5
eff7a56cbf47748dae2b44e8a15fe77d

SHA1
2e29fe69cf3dc71f012acd7640dea7662e1df2f5

SHA256
8e59647efe020cbacf3edf81b36c5598d0e6591ced015fb547ed2d1bc5ff3690

SHA512
518c5580c79bcaa43cb92782f61185023e5f714ba483ccc9983f56238ff74a380e819a4dfbf103899781522be0f59ed1b6fc8d64831752966330f16bd93f5621

Download Submit
C:\Windows\System\wasxPwX.exe
Filesize
8B

MD5
bed721f7f8f089f4cae94ba9ba652732

SHA1
1b11e1c44a27ca0e26aaa3ea89c662dd395a783c

SHA256
68118a9d1f411ebe749a82db9096312374ba85186deba158fc4a47943d642535

SHA512
e28af4fe5bf1ef27a37f4ecb38b5e1cde1203074e56e79872f86f269593fc6dd2a0c96c6dbed8e307f0b77edef2058a929099d81898667a11486ce67790b3665

Download Submit
C:\Windows\System\xMGTBBp.exe
Filesize
1.7MB

MD5
4267d71a860a2935b3f8232ee24abd13

SHA1
751ec3246be8d23478e411058caf62e7b4f5f875

SHA256
670cf65051ababd7f799736b9950ada2eb63217078403b4ffc895b9b02aad742

SHA512
55d072ea88f5228ef25d130265d9bc76fbc69b81cc57804f963187e6886ec63ef093c56d91078b24cf7651c9d63c6733f7a1efb1937015b6d010c12f16b9f045

Download Submit
C:\Windows\System\xnFOSFz.exe
Filesize
1.7MB

MD5
205c61569cfb6b4e00d7820ee6c7d68c

SHA1
d3e004881e87fd8a4bfde8b9ece0c7d98c8f8136

SHA256
6f5b766efe2a68704372254b931ddee547fe04763c21304bcbfabb8c11b953ac

SHA512
345748effeb5aabf727472e2f33fac1033a82490a1675ae51aca190281281621a4191e5d026cf6cc29eb925488187178d1291760506206210ca654a7f11b93d1

Download Submit
C:\Windows\System\yAWTQJZ.exe
Filesize
1.7MB

MD5
397a20886bd6f641bff0769fdfdbacfd

SHA1
02a4c0ff5b59313221658ac48d29da3eab73bda7

SHA256
e0572ed9985832b59fd92fc6f5561590d01c66fa2e83aa09c2c700f1adbb8af8

SHA512
909aa7aad7e14e631ee821d5e498ca220ad490d319ba482869934eb3d8a7c740044f8ce92ae6dbd26248a41db7141a512d7b61da516e47f6a76fe101602ffd80

Download Submit
memory/644-2195-0x00007FF6A1360000-0x00007FF6A1752000-memory.dmp

Filesize
3.9MB

Download
memory/644-229-0x00007FF6A1360000-0x00007FF6A1752000-memory.dmp

Filesize
3.9MB

Download
memory/1080-60-0x00007FF6E0810000-0x00007FF6E0C02000-memory.dmp

Filesize
3.9MB

Download
memory/1080-1950-0x00007FF6E0810000-0x00007FF6E0C02000-memory.dmp

Filesize
3.9MB

Download
memory/1428-1894-0x00007FF6F11D0000-0x00007FF6F15C2000-memory.dmp

Filesize
3.9MB

Download
memory/1428-6-0x00007FF6F11D0000-0x00007FF6F15C2000-memory.dmp

Filesize
3.9MB

Download
memory/1644-100-0x00007FF754950000-0x00007FF754D42000-memory.dmp

Filesize
3.9MB

Download
memory/1644-2110-0x00007FF754950000-0x00007FF754D42000-memory.dmp

Filesize
3.9MB

Download
memory/1656-227-0x00007FF6C08C0000-0x00007FF6C0CB2000-memory.dmp

Filesize
3.9MB

Download
memory/1656-2168-0x00007FF6C08C0000-0x00007FF6C0CB2000-memory.dmp

Filesize
3.9MB

Download
memory/1960-157-0x00007FF67A250000-0x00007FF67A642000-memory.dmp

Filesize
3.9MB

Download
memory/1960-2171-0x00007FF67A250000-0x00007FF67A642000-memory.dmp

Filesize
3.9MB

Download
memory/2056-56-0x000002033F370000-0x000002033F380000-memory.dmp

Filesize
64KB

Download
memory/2056-50-0x000002033F310000-0x000002033F332000-memory.dmp

Filesize
136KB

Download
memory/2056-256-0x000002035A030000-0x000002035A7D6000-memory.dmp

Filesize
7.6MB

Download
memory/2056-52-0x00007FFD84570000-0x00007FFD85031000-memory.dmp

Filesize
10.8MB

Download
memory/3040-1-0x0000017EA16D0000-0x0000017EA16E0000-memory.dmp

Filesize
64KB

Download
memory/3040-0-0x00007FF643C40000-0x00007FF644032000-memory.dmp

Filesize
3.9MB

Download
memory/3272-143-0x00007FF71AAA0000-0x00007FF71AE92000-memory.dmp

Filesize
3.9MB

Download
memory/3272-2097-0x00007FF71AAA0000-0x00007FF71AE92000-memory.dmp

Filesize
3.9MB

Download
memory/3376-224-0x00007FF66EDA0000-0x00007FF66F192000-memory.dmp

Filesize
3.9MB

Download
memory/4360-172-0x00007FF613F90000-0x00007FF614382000-memory.dmp

Filesize
3.9MB

Download
memory/4360-2211-0x00007FF613F90000-0x00007FF614382000-memory.dmp

Filesize
3.9MB

Download
memory/4700-14-0x00007FF608770000-0x00007FF608B62000-memory.dmp

Filesize
3.9MB

Download
memory/4700-1885-0x00007FF608770000-0x00007FF608B62000-memory.dmp

Filesize
3.9MB

Download
memory/5048-68-0x00007FF6EF220000-0x00007FF6EF612000-memory.dmp

Filesize
3.9MB

Download
memory/5048-1951-0x00007FF6EF220000-0x00007FF6EF612000-memory.dmp

Filesize
3.9MB

Download
memory/5328-225-0x00007FF7FC320000-0x00007FF7FC712000-memory.dmp

Filesize
3.9MB

Download
memory/5328-2128-0x00007FF7FC320000-0x00007FF7FC712000-memory.dmp

Filesize
3.9MB

Download
memory/5380-226-0x00007FF75C620000-0x00007FF75CA12000-memory.dmp

Filesize
3.9MB

Download
memory/5380-2188-0x00007FF75C620000-0x00007FF75CA12000-memory.dmp

Filesize
3.9MB

Download
memory/5444-83-0x00007FF7AB670000-0x00007FF7ABA62000-memory.dmp

Filesize
3.9MB

Download
memory/5444-2194-0x00007FF7AB670000-0x00007FF7ABA62000-memory.dmp

Filesize
3.9MB

Download
memory/5552-1949-0x00007FF6252D0000-0x00007FF6256C2000-memory.dmp

Filesize
3.9MB

Download
memory/5552-223-0x00007FF6252D0000-0x00007FF6256C2000-memory.dmp

Filesize
3.9MB

Download
memory/5568-142-0x00007FF69E7B0000-0x00007FF69EBA2000-memory.dmp

Filesize
3.9MB

Download
memory/5568-2185-0x00007FF69E7B0000-0x00007FF69EBA2000-memory.dmp

Filesize
3.9MB

Download
memory/5604-1995-0x00007FF6A6A00000-0x00007FF6A6DF2000-memory.dmp

Filesize
3.9MB

Download
memory/5604-78-0x00007FF6A6A00000-0x00007FF6A6DF2000-memory.dmp

Filesize
3.9MB

Download
memory/5924-228-0x00007FF62D5F0000-0x00007FF62D9E2000-memory.dmp

Filesize
3.9MB

Download
memory/5924-2179-0x00007FF62D5F0000-0x00007FF62D9E2000-memory.dmp

Filesize
3.9MB

Download
memory/5928-206-0x00007FF62E7F0000-0x00007FF62EBE2000-memory.dmp

Filesize
3.9MB

Download
memory/5932-216-0x00007FF7C34A0000-0x00007FF7C3892000-memory.dmp

Filesize
3.9MB

Download
memory/5932-2187-0x00007FF7C34A0000-0x00007FF7C3892000-memory.dmp

Filesize
3.9MB

Download
memory/5944-2182-0x00007FF7543B0000-0x00007FF7547A2000-memory.dmp

Filesize
3.9MB

Download
memory/5944-205-0x00007FF7543B0000-0x00007FF7547A2000-memory.dmp

Filesize
3.9MB

Download