xmrig | 1eabc84b3fb9f181137536447b1da42a52e19e99c69fde53612411c07bd165af

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
27-04-2024 06:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
Size

1.9MB
MD5

02a69c905ff752078b2a447927bcf894
SHA1

307c7f96046c0ab07bc7d42d987ef220385e0ff2
SHA256

1eabc84b3fb9f181137536447b1da42a52e19e99c69fde53612411c07bd165af
SHA512

2688ef4dcbdf9da84cb40810a941c28c5cc03b3318d833fb0d7921d5dd21315d46ba1e3139b288604d84d7f84849f758e5fdf6e744f547f856dc0d5ac472b7e3
SSDEEP

49152:Lz071uv4BPMkibTIA5I4TNrpDGKesKBZ5v:NAB/

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 23 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/2108-53-0x00007FF7204A0000-0x00007FF720892000-memory.dmp	xmrig
behavioral2/memory/1984-78-0x00007FF7258F0000-0x00007FF725CE2000-memory.dmp	xmrig
behavioral2/memory/680-71-0x00007FF638710000-0x00007FF638B02000-memory.dmp	xmrig
behavioral2/memory/700-59-0x00007FF6B65D0000-0x00007FF6B69C2000-memory.dmp	xmrig
behavioral2/memory/1752-47-0x00007FF7BEE10000-0x00007FF7BF202000-memory.dmp	xmrig
behavioral2/memory/1236-44-0x00007FF6A0990000-0x00007FF6A0D82000-memory.dmp	xmrig
behavioral2/memory/1336-39-0x00007FF782FC0000-0x00007FF7833B2000-memory.dmp	xmrig
behavioral2/memory/748-113-0x00007FF706940000-0x00007FF706D32000-memory.dmp	xmrig
behavioral2/memory/2688-159-0x00007FF7FCE20000-0x00007FF7FD212000-memory.dmp	xmrig
behavioral2/memory/2708-155-0x00007FF65BF30000-0x00007FF65C322000-memory.dmp	xmrig
behavioral2/memory/4416-154-0x00007FF730CF0000-0x00007FF7310E2000-memory.dmp	xmrig
behavioral2/memory/4964-96-0x00007FF681A30000-0x00007FF681E22000-memory.dmp	xmrig
behavioral2/memory/1236-2465-0x00007FF6A0990000-0x00007FF6A0D82000-memory.dmp	xmrig
behavioral2/memory/4956-3899-0x00007FF795000000-0x00007FF7953F2000-memory.dmp	xmrig
behavioral2/memory/5008-4467-0x00007FF6F3230000-0x00007FF6F3622000-memory.dmp	xmrig
behavioral2/memory/3944-5211-0x00007FF63AF40000-0x00007FF63B332000-memory.dmp	xmrig
behavioral2/memory/3276-5212-0x00007FF6B24B0000-0x00007FF6B28A2000-memory.dmp	xmrig
behavioral2/memory/4516-5849-0x00007FF6C6B80000-0x00007FF6C6F72000-memory.dmp	xmrig
behavioral2/memory/1680-5854-0x00007FF719570000-0x00007FF719962000-memory.dmp	xmrig
behavioral2/memory/5008-8131-0x00007FF6F3230000-0x00007FF6F3622000-memory.dmp	xmrig
behavioral2/memory/4416-8152-0x00007FF730CF0000-0x00007FF7310E2000-memory.dmp	xmrig
behavioral2/memory/2708-8183-0x00007FF65BF30000-0x00007FF65C322000-memory.dmp	xmrig
behavioral2/memory/2688-8182-0x00007FF7FCE20000-0x00007FF7FD212000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

TyrjEYo.exeppMOOIt.exeJodAddS.exekeugHPs.exeKidvNmQ.exeerEHWrL.exewpgTGjl.exeuryoizp.exeiKRQrku.exegpLMcIK.exefKjrZGd.exeuAOcriT.exeGzoskwU.exejURxhuB.exezPtEEpy.exejqFkUfn.exeQMRasNW.exeOTQNnDM.exeeOidwTN.exeBPFHXVw.exewHUJebl.exejVsayBf.exeKlqBPGm.exejInPCYX.exeWdrtICV.exeGNiSaFW.exesBWElrT.exeKfowJJq.exeOyewHLt.exeizVDrDS.exeDXzEQuA.exeUsrxLTS.exeEZpnREA.exeIqKnCNB.exeUOjyIzt.exesHWQIlS.exeRhpWzOf.exeeebQziy.exeLzlKadh.exeJBOYwSj.exerRpRlwv.exepycylLy.exebhSEwxq.exeuhEnZTL.exeokUjNjX.exepzHUVxV.exeoDdMTFf.exeygeHNNB.exeuYvCuli.exeTOUtQPS.exehFgojzW.exeayGDjno.exeqkGmaCi.exeLpAeyjH.exeDtCMLyp.exeLQfGkiC.exejjcEooC.exeKjohHeb.exeIXkZepD.exeUCiqzcR.exeugPugqg.exeKDxbMhd.exetATdksu.exeeYlKGLH.exe

pid	process
932	TyrjEYo.exe
2108	ppMOOIt.exe
1604	JodAddS.exe
1336	keugHPs.exe
1236	KidvNmQ.exe
700	erEHWrL.exe
1752	wpgTGjl.exe
680	uryoizp.exe
1984	iKRQrku.exe
4224	gpLMcIK.exe
4956	fKjrZGd.exe
5008	uAOcriT.exe
4964	GzoskwU.exe
748	jURxhuB.exe
3944	zPtEEpy.exe
4416	jqFkUfn.exe
2708	QMRasNW.exe
3276	OTQNnDM.exe
2688	eOidwTN.exe
4516	BPFHXVw.exe
1680	wHUJebl.exe
4792	jVsayBf.exe
4348	KlqBPGm.exe
1012	jInPCYX.exe
1608	WdrtICV.exe
4136	GNiSaFW.exe
4984	sBWElrT.exe
4640	KfowJJq.exe
3528	OyewHLt.exe
1020	izVDrDS.exe
3004	DXzEQuA.exe
5048	UsrxLTS.exe
4384	EZpnREA.exe
3152	IqKnCNB.exe
4968	UOjyIzt.exe
3564	sHWQIlS.exe
3548	RhpWzOf.exe
2748	eebQziy.exe
4900	LzlKadh.exe
2956	JBOYwSj.exe
1264	rRpRlwv.exe
5088	pycylLy.exe
4256	bhSEwxq.exe
4244	uhEnZTL.exe
2236	okUjNjX.exe
1100	pzHUVxV.exe
2484	oDdMTFf.exe
3892	ygeHNNB.exe
1632	uYvCuli.exe
4972	TOUtQPS.exe
2736	hFgojzW.exe
4196	ayGDjno.exe
984	qkGmaCi.exe
2060	LpAeyjH.exe
2180	DtCMLyp.exe
4168	LQfGkiC.exe
5028	jjcEooC.exe
1200	KjohHeb.exe
524	IXkZepD.exe
1084	UCiqzcR.exe
5096	ugPugqg.exe
2208	KDxbMhd.exe
1892	tATdksu.exe
5136	eYlKGLH.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2696-0-0x00007FF7C42B0000-0x00007FF7C46A2000-memory.dmp	upx
C:\Windows\System\TyrjEYo.exe	upx
C:\Windows\System\ppMOOIt.exe	upx
C:\Windows\System\JodAddS.exe	upx
behavioral2/memory/2108-53-0x00007FF7204A0000-0x00007FF720892000-memory.dmp	upx
C:\Windows\System\fKjrZGd.exe	upx
behavioral2/memory/1984-78-0x00007FF7258F0000-0x00007FF725CE2000-memory.dmp	upx
behavioral2/memory/5008-83-0x00007FF6F3230000-0x00007FF6F3622000-memory.dmp	upx
behavioral2/memory/4224-82-0x00007FF7AF860000-0x00007FF7AFC52000-memory.dmp	upx
C:\Windows\System\uAOcriT.exe	upx
behavioral2/memory/4956-80-0x00007FF795000000-0x00007FF7953F2000-memory.dmp	upx
C:\Windows\System\gpLMcIK.exe	upx
behavioral2/memory/680-71-0x00007FF638710000-0x00007FF638B02000-memory.dmp	upx
C:\Windows\System\iKRQrku.exe	upx
behavioral2/memory/700-59-0x00007FF6B65D0000-0x00007FF6B69C2000-memory.dmp	upx
C:\Windows\System\uryoizp.exe	upx
behavioral2/memory/1752-47-0x00007FF7BEE10000-0x00007FF7BF202000-memory.dmp	upx
behavioral2/memory/1236-44-0x00007FF6A0990000-0x00007FF6A0D82000-memory.dmp	upx
C:\Windows\System\erEHWrL.exe	upx
behavioral2/memory/1336-39-0x00007FF782FC0000-0x00007FF7833B2000-memory.dmp	upx
behavioral2/memory/1604-38-0x00007FF6A9490000-0x00007FF6A9882000-memory.dmp	upx
C:\Windows\System\wpgTGjl.exe	upx
C:\Windows\System\keugHPs.exe	upx
C:\Windows\System\KidvNmQ.exe	upx
behavioral2/memory/932-8-0x00007FF6BE6E0000-0x00007FF6BEAD2000-memory.dmp	upx
C:\Windows\System\GzoskwU.exe	upx
behavioral2/memory/748-113-0x00007FF706940000-0x00007FF706D32000-memory.dmp	upx
behavioral2/memory/3944-119-0x00007FF63AF40000-0x00007FF63B332000-memory.dmp	upx
C:\Windows\System\KlqBPGm.exe	upx
behavioral2/memory/1680-142-0x00007FF719570000-0x00007FF719962000-memory.dmp	upx
C:\Windows\System\jInPCYX.exe	upx
C:\Windows\System\WdrtICV.exe	upx
C:\Windows\System\UsrxLTS.exe	upx
C:\Windows\System\EZpnREA.exe	upx
C:\Windows\System\KfowJJq.exe	upx
C:\Windows\System\DXzEQuA.exe	upx
C:\Windows\System\izVDrDS.exe	upx
C:\Windows\System\OyewHLt.exe	upx
C:\Windows\System\sBWElrT.exe	upx
C:\Windows\System\GNiSaFW.exe	upx
behavioral2/memory/2688-159-0x00007FF7FCE20000-0x00007FF7FD212000-memory.dmp	upx
behavioral2/memory/2708-155-0x00007FF65BF30000-0x00007FF65C322000-memory.dmp	upx
behavioral2/memory/4416-154-0x00007FF730CF0000-0x00007FF7310E2000-memory.dmp	upx
C:\Windows\System\wHUJebl.exe	upx
C:\Windows\System\jVsayBf.exe	upx
behavioral2/memory/4516-140-0x00007FF6C6B80000-0x00007FF6C6F72000-memory.dmp	upx
C:\Windows\System\OTQNnDM.exe	upx
C:\Windows\System\eOidwTN.exe	upx
C:\Windows\System\QMRasNW.exe	upx
behavioral2/memory/3276-129-0x00007FF6B24B0000-0x00007FF6B28A2000-memory.dmp	upx
C:\Windows\System\BPFHXVw.exe	upx
C:\Windows\System\zPtEEpy.exe	upx
C:\Windows\System\jqFkUfn.exe	upx
C:\Windows\System\jURxhuB.exe	upx
behavioral2/memory/4964-96-0x00007FF681A30000-0x00007FF681E22000-memory.dmp	upx
behavioral2/memory/1236-2465-0x00007FF6A0990000-0x00007FF6A0D82000-memory.dmp	upx
behavioral2/memory/4956-3899-0x00007FF795000000-0x00007FF7953F2000-memory.dmp	upx
behavioral2/memory/5008-4467-0x00007FF6F3230000-0x00007FF6F3622000-memory.dmp	upx
behavioral2/memory/3944-5211-0x00007FF63AF40000-0x00007FF63B332000-memory.dmp	upx
behavioral2/memory/3276-5212-0x00007FF6B24B0000-0x00007FF6B28A2000-memory.dmp	upx
behavioral2/memory/4516-5849-0x00007FF6C6B80000-0x00007FF6C6F72000-memory.dmp	upx
behavioral2/memory/1680-5854-0x00007FF719570000-0x00007FF719962000-memory.dmp	upx
behavioral2/memory/5008-8131-0x00007FF6F3230000-0x00007FF6F3622000-memory.dmp	upx
behavioral2/memory/4416-8152-0x00007FF730CF0000-0x00007FF7310E2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service
T1102

Processes:

flow ioc

3 raw.githubusercontent.com

flow	ioc
3	raw.githubusercontent.com

Drops file in System32 directory 3 IoCs

Processes:

OfficeClickToRun.exe

description	ioc	process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db	OfficeClickToRun.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-wal	OfficeClickToRun.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-shm	OfficeClickToRun.exe

Drops file in Windows directory 64 IoCs

Processes:

02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System\XryfxYW.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\jFfVYBO.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\oAdYARM.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\nhXXxXe.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\maZLsNi.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\NQmRdSs.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\damaJLL.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\TpNxcCH.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\OmoYLwT.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\vRmJcCm.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\yECLLqc.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\UWXCqqP.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\tlGcyQs.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\DfYbGQk.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\zjcHvtN.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\RLIroxF.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\tZdOKiW.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\dtMAzYf.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\yEeXtxe.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\ikXSMEW.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\JNGftrY.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\lWIkzkh.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\MOcrnuN.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\Kboctvq.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\HfVYyCi.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\ZPRseab.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\XrgaMUM.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\jXvkBmM.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\VoxIPYr.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\HJCRONo.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\rOnfVgj.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\WtxhzIw.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\sddzMug.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\TnxNjlB.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\HiQKHvh.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\JxvVMBz.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\ZaWXgwv.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\CriEpIe.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\EOtkUYN.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\bXvZXAp.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\QPPEzLz.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\QsedgOR.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\ecCVDGf.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\DfcVoJr.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\aXDdIdg.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\IeYsDUQ.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\kioNUsc.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\PLmKmDQ.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\wrVtlvI.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\HNjAaso.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\sNGhDIN.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\QXzKrYg.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\FYqNbvy.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\PWULjgl.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\QDtsXzT.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\dSyEHnE.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\jsWQEMp.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\TPWeglH.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\zhQvBQg.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\OumZONG.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\urguKJg.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\UhGmbOl.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\lFKymLz.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
File created	C:\Windows\System\SerkaJn.exe	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

OfficeClickToRun.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	OfficeClickToRun.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	OfficeClickToRun.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	OfficeClickToRun.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

OfficeClickToRun.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	OfficeClickToRun.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	OfficeClickToRun.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	OfficeClickToRun.exe

Modifies data under HKEY_USERS 30 IoCs

Processes:

OfficeClickToRun.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\TrustCenter\Experimentation	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\Overrides	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSCategoriesSeverities = "1329 50,1329 10,1329 15,1329 100,1329 6"	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\all\Overrides	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "2"	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun	OfficeClickToRun.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "5804129,7202269,17110992,41484365,39965824,7153487,17110988,508368333,17962391,17962392,3462423,3702920,3700754,3965062,4297094,7153421,18716193,7153435,7202265,20502174,6308191,18407617"	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\officeclicktorun	OfficeClickToRun.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

powershell.exe

pid process

2732 powershell.exe
2732 powershell.exe

pid	process
2732	powershell.exe
2732	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

02a69c905ff752078b2a447927bcf894_JaffaCakes118.exepowershell.exe

description	pid	process
Token: SeLockMemoryPrivilege	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
Token: SeDebugPrivilege	2732	powershell.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OfficeClickToRun.exe

pid process

7776 OfficeClickToRun.exe

pid	process
7776	OfficeClickToRun.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe

description	pid	process	target process
PID 2696 wrote to memory of 2732	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	powershell.exe
PID 2696 wrote to memory of 2732	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	powershell.exe
PID 2696 wrote to memory of 932	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	TyrjEYo.exe
PID 2696 wrote to memory of 932	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	TyrjEYo.exe
PID 2696 wrote to memory of 2108	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	ppMOOIt.exe
PID 2696 wrote to memory of 2108	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	ppMOOIt.exe
PID 2696 wrote to memory of 1604	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	JodAddS.exe
PID 2696 wrote to memory of 1604	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	JodAddS.exe
PID 2696 wrote to memory of 1336	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	keugHPs.exe
PID 2696 wrote to memory of 1336	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	keugHPs.exe
PID 2696 wrote to memory of 1236	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	KidvNmQ.exe
PID 2696 wrote to memory of 1236	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	KidvNmQ.exe
PID 2696 wrote to memory of 700	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	erEHWrL.exe
PID 2696 wrote to memory of 700	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	erEHWrL.exe
PID 2696 wrote to memory of 1752	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	wpgTGjl.exe
PID 2696 wrote to memory of 1752	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	wpgTGjl.exe
PID 2696 wrote to memory of 680	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	uryoizp.exe
PID 2696 wrote to memory of 680	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	uryoizp.exe
PID 2696 wrote to memory of 1984	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	iKRQrku.exe
PID 2696 wrote to memory of 1984	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	iKRQrku.exe
PID 2696 wrote to memory of 4224	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	gpLMcIK.exe
PID 2696 wrote to memory of 4224	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	gpLMcIK.exe
PID 2696 wrote to memory of 5008	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	uAOcriT.exe
PID 2696 wrote to memory of 5008	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	uAOcriT.exe
PID 2696 wrote to memory of 4956	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	fKjrZGd.exe
PID 2696 wrote to memory of 4956	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	fKjrZGd.exe
PID 2696 wrote to memory of 4964	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	GzoskwU.exe
PID 2696 wrote to memory of 4964	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	GzoskwU.exe
PID 2696 wrote to memory of 748	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	jURxhuB.exe
PID 2696 wrote to memory of 748	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	jURxhuB.exe
PID 2696 wrote to memory of 3944	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	zPtEEpy.exe
PID 2696 wrote to memory of 3944	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	zPtEEpy.exe
PID 2696 wrote to memory of 4416	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	jqFkUfn.exe
PID 2696 wrote to memory of 4416	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	jqFkUfn.exe
PID 2696 wrote to memory of 3276	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	OTQNnDM.exe
PID 2696 wrote to memory of 3276	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	OTQNnDM.exe
PID 2696 wrote to memory of 2688	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	eOidwTN.exe
PID 2696 wrote to memory of 2688	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	eOidwTN.exe
PID 2696 wrote to memory of 2708	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	QMRasNW.exe
PID 2696 wrote to memory of 2708	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	QMRasNW.exe
PID 2696 wrote to memory of 4516	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	BPFHXVw.exe
PID 2696 wrote to memory of 4516	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	BPFHXVw.exe
PID 2696 wrote to memory of 1680	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	wHUJebl.exe
PID 2696 wrote to memory of 1680	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	wHUJebl.exe
PID 2696 wrote to memory of 4792	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	jVsayBf.exe
PID 2696 wrote to memory of 4792	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	jVsayBf.exe
PID 2696 wrote to memory of 4348	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	KlqBPGm.exe
PID 2696 wrote to memory of 4348	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	KlqBPGm.exe
PID 2696 wrote to memory of 1012	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	jInPCYX.exe
PID 2696 wrote to memory of 1012	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	jInPCYX.exe
PID 2696 wrote to memory of 1608	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	WdrtICV.exe
PID 2696 wrote to memory of 1608	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	WdrtICV.exe
PID 2696 wrote to memory of 4136	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	GNiSaFW.exe
PID 2696 wrote to memory of 4136	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	GNiSaFW.exe
PID 2696 wrote to memory of 4984	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	sBWElrT.exe
PID 2696 wrote to memory of 4984	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	sBWElrT.exe
PID 2696 wrote to memory of 4640	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	KfowJJq.exe
PID 2696 wrote to memory of 4640	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	KfowJJq.exe
PID 2696 wrote to memory of 3528	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	OyewHLt.exe
PID 2696 wrote to memory of 3528	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	OyewHLt.exe
PID 2696 wrote to memory of 1020	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	izVDrDS.exe
PID 2696 wrote to memory of 1020	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	izVDrDS.exe
PID 2696 wrote to memory of 3004	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	DXzEQuA.exe
PID 2696 wrote to memory of 3004	2696	02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe	DXzEQuA.exe

C:\Users\Admin\AppData\Local\Temp\02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\02a69c905ff752078b2a447927bcf894_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2696

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2732

C:\Windows\System\TyrjEYo.exe
C:\Windows\System\TyrjEYo.exe
2⤵
- Executes dropped EXE
PID:932

C:\Windows\System\ppMOOIt.exe
C:\Windows\System\ppMOOIt.exe
2⤵
- Executes dropped EXE
PID:2108

C:\Windows\System\JodAddS.exe
C:\Windows\System\JodAddS.exe
2⤵
- Executes dropped EXE
PID:1604

C:\Windows\System\keugHPs.exe
C:\Windows\System\keugHPs.exe
2⤵
- Executes dropped EXE
PID:1336

C:\Windows\System\KidvNmQ.exe
C:\Windows\System\KidvNmQ.exe
2⤵
- Executes dropped EXE
PID:1236

C:\Windows\System\erEHWrL.exe
C:\Windows\System\erEHWrL.exe
2⤵
- Executes dropped EXE
PID:700

C:\Windows\System\wpgTGjl.exe
C:\Windows\System\wpgTGjl.exe
2⤵
- Executes dropped EXE
PID:1752

C:\Windows\System\uryoizp.exe
C:\Windows\System\uryoizp.exe
2⤵
- Executes dropped EXE
PID:680

C:\Windows\System\iKRQrku.exe
C:\Windows\System\iKRQrku.exe
2⤵
- Executes dropped EXE
PID:1984

C:\Windows\System\gpLMcIK.exe
C:\Windows\System\gpLMcIK.exe
2⤵
- Executes dropped EXE
PID:4224

C:\Windows\System\uAOcriT.exe
C:\Windows\System\uAOcriT.exe
2⤵
- Executes dropped EXE
PID:5008

C:\Windows\System\fKjrZGd.exe
C:\Windows\System\fKjrZGd.exe
2⤵
- Executes dropped EXE
PID:4956

C:\Windows\System\GzoskwU.exe
C:\Windows\System\GzoskwU.exe
2⤵
- Executes dropped EXE
PID:4964

C:\Windows\System\jURxhuB.exe
C:\Windows\System\jURxhuB.exe
2⤵
- Executes dropped EXE
PID:748

C:\Windows\System\zPtEEpy.exe
C:\Windows\System\zPtEEpy.exe
2⤵
- Executes dropped EXE
PID:3944

C:\Windows\System\jqFkUfn.exe
C:\Windows\System\jqFkUfn.exe
2⤵
- Executes dropped EXE
PID:4416

C:\Windows\System\OTQNnDM.exe
C:\Windows\System\OTQNnDM.exe
2⤵
- Executes dropped EXE
PID:3276

C:\Windows\System\eOidwTN.exe
C:\Windows\System\eOidwTN.exe
2⤵
- Executes dropped EXE
PID:2688

C:\Windows\System\QMRasNW.exe
C:\Windows\System\QMRasNW.exe
2⤵
- Executes dropped EXE
PID:2708

C:\Windows\System\BPFHXVw.exe
C:\Windows\System\BPFHXVw.exe
2⤵
- Executes dropped EXE
PID:4516

C:\Windows\System\wHUJebl.exe
C:\Windows\System\wHUJebl.exe
2⤵
- Executes dropped EXE
PID:1680

C:\Windows\System\jVsayBf.exe
C:\Windows\System\jVsayBf.exe
2⤵
- Executes dropped EXE
PID:4792

C:\Windows\System\KlqBPGm.exe
C:\Windows\System\KlqBPGm.exe
2⤵
- Executes dropped EXE
PID:4348

C:\Windows\System\jInPCYX.exe
C:\Windows\System\jInPCYX.exe
2⤵
- Executes dropped EXE
PID:1012

C:\Windows\System\WdrtICV.exe
C:\Windows\System\WdrtICV.exe
2⤵
- Executes dropped EXE
PID:1608

C:\Windows\System\GNiSaFW.exe
C:\Windows\System\GNiSaFW.exe
2⤵
- Executes dropped EXE
PID:4136

C:\Windows\System\sBWElrT.exe
C:\Windows\System\sBWElrT.exe
2⤵
- Executes dropped EXE
PID:4984

C:\Windows\System\KfowJJq.exe
C:\Windows\System\KfowJJq.exe
2⤵
- Executes dropped EXE
PID:4640

C:\Windows\System\OyewHLt.exe
C:\Windows\System\OyewHLt.exe
2⤵
- Executes dropped EXE
PID:3528

C:\Windows\System\izVDrDS.exe
C:\Windows\System\izVDrDS.exe
2⤵
- Executes dropped EXE
PID:1020

C:\Windows\System\DXzEQuA.exe
C:\Windows\System\DXzEQuA.exe
2⤵
- Executes dropped EXE
PID:3004

C:\Windows\System\UsrxLTS.exe
C:\Windows\System\UsrxLTS.exe
2⤵
- Executes dropped EXE
PID:5048

C:\Windows\System\EZpnREA.exe
C:\Windows\System\EZpnREA.exe
2⤵
- Executes dropped EXE
PID:4384

C:\Windows\System\IqKnCNB.exe
C:\Windows\System\IqKnCNB.exe
2⤵
- Executes dropped EXE
PID:3152

C:\Windows\System\UOjyIzt.exe
C:\Windows\System\UOjyIzt.exe
2⤵
- Executes dropped EXE
PID:4968

C:\Windows\System\sHWQIlS.exe
C:\Windows\System\sHWQIlS.exe
2⤵
- Executes dropped EXE
PID:3564

C:\Windows\System\RhpWzOf.exe
C:\Windows\System\RhpWzOf.exe
2⤵
- Executes dropped EXE
PID:3548

C:\Windows\System\eebQziy.exe
C:\Windows\System\eebQziy.exe
2⤵
- Executes dropped EXE
PID:2748

C:\Windows\System\LzlKadh.exe
C:\Windows\System\LzlKadh.exe
2⤵
- Executes dropped EXE
PID:4900

C:\Windows\System\JBOYwSj.exe
C:\Windows\System\JBOYwSj.exe
2⤵
- Executes dropped EXE
PID:2956

C:\Windows\System\rRpRlwv.exe
C:\Windows\System\rRpRlwv.exe
2⤵
- Executes dropped EXE
PID:1264

C:\Windows\System\pycylLy.exe
C:\Windows\System\pycylLy.exe
2⤵
- Executes dropped EXE
PID:5088

C:\Windows\System\bhSEwxq.exe
C:\Windows\System\bhSEwxq.exe
2⤵
- Executes dropped EXE
PID:4256

C:\Windows\System\uhEnZTL.exe
C:\Windows\System\uhEnZTL.exe
2⤵
- Executes dropped EXE
PID:4244

C:\Windows\System\okUjNjX.exe
C:\Windows\System\okUjNjX.exe
2⤵
- Executes dropped EXE
PID:2236

C:\Windows\System\pzHUVxV.exe
C:\Windows\System\pzHUVxV.exe
2⤵
- Executes dropped EXE
PID:1100

C:\Windows\System\oDdMTFf.exe
C:\Windows\System\oDdMTFf.exe
2⤵
- Executes dropped EXE
PID:2484

C:\Windows\System\ygeHNNB.exe
C:\Windows\System\ygeHNNB.exe
2⤵
- Executes dropped EXE
PID:3892

C:\Windows\System\uYvCuli.exe
C:\Windows\System\uYvCuli.exe
2⤵
- Executes dropped EXE
PID:1632

C:\Windows\System\TOUtQPS.exe
C:\Windows\System\TOUtQPS.exe
2⤵
- Executes dropped EXE
PID:4972

C:\Windows\System\hFgojzW.exe
C:\Windows\System\hFgojzW.exe
2⤵
- Executes dropped EXE
PID:2736

C:\Windows\System\ayGDjno.exe
C:\Windows\System\ayGDjno.exe
2⤵
- Executes dropped EXE
PID:4196

C:\Windows\System\qkGmaCi.exe
C:\Windows\System\qkGmaCi.exe
2⤵
- Executes dropped EXE
PID:984

C:\Windows\System\LpAeyjH.exe
C:\Windows\System\LpAeyjH.exe
2⤵
- Executes dropped EXE
PID:2060

C:\Windows\System\DtCMLyp.exe
C:\Windows\System\DtCMLyp.exe
2⤵
- Executes dropped EXE
PID:2180

C:\Windows\System\LQfGkiC.exe
C:\Windows\System\LQfGkiC.exe
2⤵
- Executes dropped EXE
PID:4168

C:\Windows\System\jjcEooC.exe
C:\Windows\System\jjcEooC.exe
2⤵
- Executes dropped EXE
PID:5028

C:\Windows\System\KjohHeb.exe
C:\Windows\System\KjohHeb.exe
2⤵
- Executes dropped EXE
PID:1200

C:\Windows\System\IXkZepD.exe
C:\Windows\System\IXkZepD.exe
2⤵
- Executes dropped EXE
PID:524

C:\Windows\System\UCiqzcR.exe
C:\Windows\System\UCiqzcR.exe
2⤵
- Executes dropped EXE
PID:1084

C:\Windows\System\ugPugqg.exe
C:\Windows\System\ugPugqg.exe
2⤵
- Executes dropped EXE
PID:5096

C:\Windows\System\KDxbMhd.exe
C:\Windows\System\KDxbMhd.exe
2⤵
- Executes dropped EXE
PID:2208

C:\Windows\System\tATdksu.exe
C:\Windows\System\tATdksu.exe
2⤵
- Executes dropped EXE
PID:1892

C:\Windows\System\eYlKGLH.exe
C:\Windows\System\eYlKGLH.exe
2⤵
- Executes dropped EXE
PID:5136

C:\Windows\System\ZttQqCT.exe
C:\Windows\System\ZttQqCT.exe
2⤵
PID:5160

C:\Windows\System\RJeijJA.exe
C:\Windows\System\RJeijJA.exe
2⤵
PID:5188

C:\Windows\System\Oqezjhj.exe
C:\Windows\System\Oqezjhj.exe
2⤵
PID:5216

C:\Windows\System\NrvEeaW.exe
C:\Windows\System\NrvEeaW.exe
2⤵
PID:5244

C:\Windows\System\bxfuWBf.exe
C:\Windows\System\bxfuWBf.exe
2⤵
PID:5272

C:\Windows\System\zNXsirH.exe
C:\Windows\System\zNXsirH.exe
2⤵
PID:5300

C:\Windows\System\SgLMNjR.exe
C:\Windows\System\SgLMNjR.exe
2⤵
PID:5328

C:\Windows\System\CzCfePJ.exe
C:\Windows\System\CzCfePJ.exe
2⤵
PID:5360

C:\Windows\System\VNryBsG.exe
C:\Windows\System\VNryBsG.exe
2⤵
PID:5384

C:\Windows\System\bCgXnIi.exe
C:\Windows\System\bCgXnIi.exe
2⤵
PID:5412

C:\Windows\System\oGAKobC.exe
C:\Windows\System\oGAKobC.exe
2⤵
PID:5440

C:\Windows\System\HbSOJmR.exe
C:\Windows\System\HbSOJmR.exe
2⤵
PID:5468

C:\Windows\System\rWyBTfJ.exe
C:\Windows\System\rWyBTfJ.exe
2⤵
PID:5496

C:\Windows\System\kZMsPvN.exe
C:\Windows\System\kZMsPvN.exe
2⤵
PID:5524

C:\Windows\System\kodrIsw.exe
C:\Windows\System\kodrIsw.exe
2⤵
PID:5552

C:\Windows\System\adVUdEP.exe
C:\Windows\System\adVUdEP.exe
2⤵
PID:5584

C:\Windows\System\NfBYLkH.exe
C:\Windows\System\NfBYLkH.exe
2⤵
PID:5608

C:\Windows\System\zBWJrtj.exe
C:\Windows\System\zBWJrtj.exe
2⤵
PID:5636

C:\Windows\System\FvKqmIc.exe
C:\Windows\System\FvKqmIc.exe
2⤵
PID:5664

C:\Windows\System\VDrhuev.exe
C:\Windows\System\VDrhuev.exe
2⤵
PID:5692

C:\Windows\System\hgXWgqv.exe
C:\Windows\System\hgXWgqv.exe
2⤵
PID:5720

C:\Windows\System\hPSgUkb.exe
C:\Windows\System\hPSgUkb.exe
2⤵
PID:5748

C:\Windows\System\CZIoIxu.exe
C:\Windows\System\CZIoIxu.exe
2⤵
PID:5776

C:\Windows\System\wLquUav.exe
C:\Windows\System\wLquUav.exe
2⤵
PID:5808

C:\Windows\System\jZlNcmM.exe
C:\Windows\System\jZlNcmM.exe
2⤵
PID:5832

C:\Windows\System\szXNwXx.exe
C:\Windows\System\szXNwXx.exe
2⤵
PID:5860

C:\Windows\System\tYgOJDj.exe
C:\Windows\System\tYgOJDj.exe
2⤵
PID:5888

C:\Windows\System\zyCtPeu.exe
C:\Windows\System\zyCtPeu.exe
2⤵
PID:5916

C:\Windows\System\EvHcYoh.exe
C:\Windows\System\EvHcYoh.exe
2⤵
PID:5944

C:\Windows\System\FhHRgwx.exe
C:\Windows\System\FhHRgwx.exe
2⤵
PID:5972

C:\Windows\System\ugmRSkJ.exe
C:\Windows\System\ugmRSkJ.exe
2⤵
PID:6000

C:\Windows\System\jdIgFsF.exe
C:\Windows\System\jdIgFsF.exe
2⤵
PID:6028

C:\Windows\System\CrKFMTr.exe
C:\Windows\System\CrKFMTr.exe
2⤵
PID:6056

C:\Windows\System\eyTIpfN.exe
C:\Windows\System\eyTIpfN.exe
2⤵
PID:6088

C:\Windows\System\aAHqwzf.exe
C:\Windows\System\aAHqwzf.exe
2⤵
PID:6112

C:\Windows\System\RPWHApM.exe
C:\Windows\System\RPWHApM.exe
2⤵
PID:6140

C:\Windows\System\ZSNIQHV.exe
C:\Windows\System\ZSNIQHV.exe
2⤵
PID:6172

C:\Windows\System\bzhslKS.exe
C:\Windows\System\bzhslKS.exe
2⤵
PID:6200

C:\Windows\System\snENoWC.exe
C:\Windows\System\snENoWC.exe
2⤵
PID:6228

C:\Windows\System\OlOjers.exe
C:\Windows\System\OlOjers.exe
2⤵
PID:6256

C:\Windows\System\YlgASyc.exe
C:\Windows\System\YlgASyc.exe
2⤵
PID:6284

C:\Windows\System\wpjgIKM.exe
C:\Windows\System\wpjgIKM.exe
2⤵
PID:6312

C:\Windows\System\cVytFpX.exe
C:\Windows\System\cVytFpX.exe
2⤵
PID:6340

C:\Windows\System\DzwkAmp.exe
C:\Windows\System\DzwkAmp.exe
2⤵
PID:6368

C:\Windows\System\uPPtODB.exe
C:\Windows\System\uPPtODB.exe
2⤵
PID:6444

C:\Windows\System\QtPWjAD.exe
C:\Windows\System\QtPWjAD.exe
2⤵
PID:6468

C:\Windows\System\WGYTtsF.exe
C:\Windows\System\WGYTtsF.exe
2⤵
PID:6492

C:\Windows\System\kRDJWEI.exe
C:\Windows\System\kRDJWEI.exe
2⤵
PID:6520

C:\Windows\System\CvPrzrw.exe
C:\Windows\System\CvPrzrw.exe
2⤵
PID:6552

C:\Windows\System\yVoRWeV.exe
C:\Windows\System\yVoRWeV.exe
2⤵
PID:6572

C:\Windows\System\nIxpnTV.exe
C:\Windows\System\nIxpnTV.exe
2⤵
PID:6600

C:\Windows\System\uljBDQz.exe
C:\Windows\System\uljBDQz.exe
2⤵
PID:6616

C:\Windows\System\KPEyAfr.exe
C:\Windows\System\KPEyAfr.exe
2⤵
PID:6652

C:\Windows\System\VLhHcqy.exe
C:\Windows\System\VLhHcqy.exe
2⤵
PID:6684

C:\Windows\System\SycQYLW.exe
C:\Windows\System\SycQYLW.exe
2⤵
PID:6704

C:\Windows\System\CgqtlRK.exe
C:\Windows\System\CgqtlRK.exe
2⤵
PID:6728

C:\Windows\System\XhfZMpb.exe
C:\Windows\System\XhfZMpb.exe
2⤵
PID:6744

C:\Windows\System\PTbHZbZ.exe
C:\Windows\System\PTbHZbZ.exe
2⤵
PID:6768

C:\Windows\System\fTcSOPF.exe
C:\Windows\System\fTcSOPF.exe
2⤵
PID:6812

C:\Windows\System\EStNBKH.exe
C:\Windows\System\EStNBKH.exe
2⤵
PID:6828

C:\Windows\System\COQTXMV.exe
C:\Windows\System\COQTXMV.exe
2⤵
PID:6844

C:\Windows\System\TecGUse.exe
C:\Windows\System\TecGUse.exe
2⤵
PID:6876

C:\Windows\System\nUhgcyK.exe
C:\Windows\System\nUhgcyK.exe
2⤵
PID:6904

C:\Windows\System\EHdjUng.exe
C:\Windows\System\EHdjUng.exe
2⤵
PID:6932

C:\Windows\System\vRNlXxK.exe
C:\Windows\System\vRNlXxK.exe
2⤵
PID:6956

C:\Windows\System\buiUMQE.exe
C:\Windows\System\buiUMQE.exe
2⤵
PID:7012

C:\Windows\System\yMWTSGx.exe
C:\Windows\System\yMWTSGx.exe
2⤵
PID:7036

C:\Windows\System\ezaTvSA.exe
C:\Windows\System\ezaTvSA.exe
2⤵
PID:7056

C:\Windows\System\aEsnPVt.exe
C:\Windows\System\aEsnPVt.exe
2⤵
PID:7080

C:\Windows\System\stxUoTj.exe
C:\Windows\System\stxUoTj.exe
2⤵
PID:7096

C:\Windows\System\YdbcPLl.exe
C:\Windows\System\YdbcPLl.exe
2⤵
PID:7128

C:\Windows\System\MUGUWiH.exe
C:\Windows\System\MUGUWiH.exe
2⤵
PID:7148

C:\Windows\System\BtnnVcx.exe
C:\Windows\System\BtnnVcx.exe
2⤵
PID:3176

C:\Windows\System\hQFcrZb.exe
C:\Windows\System\hQFcrZb.exe
2⤵
PID:6188

C:\Windows\System\YRKJGSW.exe
C:\Windows\System\YRKJGSW.exe
2⤵
PID:6164

C:\Windows\System\rquUvHx.exe
C:\Windows\System\rquUvHx.exe
2⤵
PID:6076

C:\Windows\System\ORtrbED.exe
C:\Windows\System\ORtrbED.exe
2⤵
PID:6020

C:\Windows\System\WNEfwLM.exe
C:\Windows\System\WNEfwLM.exe
2⤵
PID:5988

C:\Windows\System\aDzJzTC.exe
C:\Windows\System\aDzJzTC.exe
2⤵
PID:5964

C:\Windows\System\kUEOeOd.exe
C:\Windows\System\kUEOeOd.exe
2⤵
PID:5880

C:\Windows\System\FIspFCQ.exe
C:\Windows\System\FIspFCQ.exe
2⤵
PID:5824

C:\Windows\System\PxpVPuv.exe
C:\Windows\System\PxpVPuv.exe
2⤵
PID:5760

C:\Windows\System\MeLfohQ.exe
C:\Windows\System\MeLfohQ.exe
2⤵
PID:5704

C:\Windows\System\yhqLSTy.exe
C:\Windows\System\yhqLSTy.exe
2⤵
PID:5656

C:\Windows\System\NhPZefX.exe
C:\Windows\System\NhPZefX.exe
2⤵
PID:5572

C:\Windows\System\fIKMkcO.exe
C:\Windows\System\fIKMkcO.exe
2⤵
PID:5516

C:\Windows\System\nUTKVVp.exe
C:\Windows\System\nUTKVVp.exe
2⤵
PID:5480

C:\Windows\System\cDMaSSc.exe
C:\Windows\System\cDMaSSc.exe
2⤵
PID:5428

C:\Windows\System\tzsnDGv.exe
C:\Windows\System\tzsnDGv.exe
2⤵
PID:5320

C:\Windows\System\lYICWbH.exe
C:\Windows\System\lYICWbH.exe
2⤵
PID:5284

C:\Windows\System\sqCxWNX.exe
C:\Windows\System\sqCxWNX.exe
2⤵
PID:5228

C:\Windows\System\eKKNgSK.exe
C:\Windows\System\eKKNgSK.exe
2⤵
PID:5124

C:\Windows\System\NVcWGrz.exe
C:\Windows\System\NVcWGrz.exe
2⤵
PID:3080

C:\Windows\System\laehMZV.exe
C:\Windows\System\laehMZV.exe
2⤵
PID:3184

C:\Windows\System\hTqwDSG.exe
C:\Windows\System\hTqwDSG.exe
2⤵
PID:2268

C:\Windows\System\VOezcfR.exe
C:\Windows\System\VOezcfR.exe
2⤵
PID:1156

C:\Windows\System\NTRNapG.exe
C:\Windows\System\NTRNapG.exe
2⤵
PID:4660

C:\Windows\System\dXTWRry.exe
C:\Windows\System\dXTWRry.exe
2⤵
PID:1064

C:\Windows\System\WKPGQOa.exe
C:\Windows\System\WKPGQOa.exe
2⤵
PID:4828

C:\Windows\System\TGACLda.exe
C:\Windows\System\TGACLda.exe
2⤵
PID:4412

C:\Windows\System\bXYLiXy.exe
C:\Windows\System\bXYLiXy.exe
2⤵
PID:3972

C:\Windows\System\RqBzUru.exe
C:\Windows\System\RqBzUru.exe
2⤵
PID:2348

C:\Windows\System\sJpKBAY.exe
C:\Windows\System\sJpKBAY.exe
2⤵
PID:5104

C:\Windows\System\ZqNcVTO.exe
C:\Windows\System\ZqNcVTO.exe
2⤵
PID:4644

C:\Windows\System\KjVuuAt.exe
C:\Windows\System\KjVuuAt.exe
2⤵
PID:4940

C:\Windows\System\JtSzTqg.exe
C:\Windows\System\JtSzTqg.exe
2⤵
PID:2872

C:\Windows\System\sGWezXy.exe
C:\Windows\System\sGWezXy.exe
2⤵
PID:2404

C:\Windows\System\uzxIxpu.exe
C:\Windows\System\uzxIxpu.exe
2⤵
PID:6276

C:\Windows\System\jVosEWo.exe
C:\Windows\System\jVosEWo.exe
2⤵
PID:6300

C:\Windows\System\EdkeTGg.exe
C:\Windows\System\EdkeTGg.exe
2⤵
PID:4488

C:\Windows\System\cwNlpPq.exe
C:\Windows\System\cwNlpPq.exe
2⤵
PID:6356

C:\Windows\System\hjUFQah.exe
C:\Windows\System\hjUFQah.exe
2⤵
PID:6388

C:\Windows\System\KPkofUF.exe
C:\Windows\System\KPkofUF.exe
2⤵
PID:6500

C:\Windows\System\DMLazUh.exe
C:\Windows\System\DMLazUh.exe
2⤵
PID:3476

C:\Windows\System\HXOysBK.exe
C:\Windows\System\HXOysBK.exe
2⤵
PID:3492

C:\Windows\System\ruNudlm.exe
C:\Windows\System\ruNudlm.exe
2⤵
PID:6660

C:\Windows\System\ZeFfjTO.exe
C:\Windows\System\ZeFfjTO.exe
2⤵
PID:6624

C:\Windows\System\gqPbqqp.exe
C:\Windows\System\gqPbqqp.exe
2⤵
PID:6712

C:\Windows\System\FGlgjRb.exe
C:\Windows\System\FGlgjRb.exe
2⤵
PID:6784

C:\Windows\System\LEAJJqN.exe
C:\Windows\System\LEAJJqN.exe
2⤵
PID:6852

C:\Windows\System\fwrFyjI.exe
C:\Windows\System\fwrFyjI.exe
2⤵
PID:6840

C:\Windows\System\HbKvYGV.exe
C:\Windows\System\HbKvYGV.exe
2⤵
PID:6912

C:\Windows\System\uQjscwF.exe
C:\Windows\System\uQjscwF.exe
2⤵
PID:7028

C:\Windows\System\FrhrVlw.exe
C:\Windows\System\FrhrVlw.exe
2⤵
PID:7068

C:\Windows\System\kwlJrQk.exe
C:\Windows\System\kwlJrQk.exe
2⤵
PID:7104

C:\Windows\System\JstcbDE.exe
C:\Windows\System\JstcbDE.exe
2⤵
PID:3172

C:\Windows\System\fWwnWAT.exe
C:\Windows\System\fWwnWAT.exe
2⤵
PID:6108

C:\Windows\System\GrMtsJL.exe
C:\Windows\System\GrMtsJL.exe
2⤵
PID:1736

C:\Windows\System\aIjMWwA.exe
C:\Windows\System\aIjMWwA.exe
2⤵
PID:5984

C:\Windows\System\geDqOlr.exe
C:\Windows\System\geDqOlr.exe
2⤵
PID:4444

C:\Windows\System\MeCwRiN.exe
C:\Windows\System\MeCwRiN.exe
2⤵
PID:5564

C:\Windows\System\UlHZnSq.exe
C:\Windows\System\UlHZnSq.exe
2⤵
PID:5488

C:\Windows\System\AnBUBMw.exe
C:\Windows\System\AnBUBMw.exe
2⤵
PID:5376

C:\Windows\System\hXEqJAH.exe
C:\Windows\System\hXEqJAH.exe
2⤵
PID:5236

C:\Windows\System\EAIYzOo.exe
C:\Windows\System\EAIYzOo.exe
2⤵
PID:2504

C:\Windows\System\pMdNLSi.exe
C:\Windows\System\pMdNLSi.exe
2⤵
PID:3724

C:\Windows\System\JQZnQok.exe
C:\Windows\System\JQZnQok.exe
2⤵
PID:4252

C:\Windows\System\SlGOyZd.exe
C:\Windows\System\SlGOyZd.exe
2⤵
PID:704

C:\Windows\System\bkbtwIA.exe
C:\Windows\System\bkbtwIA.exe
2⤵
PID:1528

C:\Windows\System\cfYugzk.exe
C:\Windows\System\cfYugzk.exe
2⤵
PID:3608

C:\Windows\System\sQGfjwX.exe
C:\Windows\System\sQGfjwX.exe
2⤵
PID:4504

C:\Windows\System\EaaZQgr.exe
C:\Windows\System\EaaZQgr.exe
2⤵
PID:3556

C:\Windows\System\wAnjdKX.exe
C:\Windows\System\wAnjdKX.exe
2⤵
PID:6400

C:\Windows\System\cofwRbc.exe
C:\Windows\System\cofwRbc.exe
2⤵
PID:6408

C:\Windows\System\JMgmafm.exe
C:\Windows\System\JMgmafm.exe
2⤵
PID:6544

C:\Windows\System\ukBzPEk.exe
C:\Windows\System\ukBzPEk.exe
2⤵
PID:6608

C:\Windows\System\ZBwybEV.exe
C:\Windows\System\ZBwybEV.exe
2⤵
PID:6740

C:\Windows\System\jBvIikN.exe
C:\Windows\System\jBvIikN.exe
2⤵
PID:6928

C:\Windows\System\rSuhluc.exe
C:\Windows\System\rSuhluc.exe
2⤵
PID:7140

C:\Windows\System\SHDgWQl.exe
C:\Windows\System\SHDgWQl.exe
2⤵
PID:7164

C:\Windows\System\sYsLvdw.exe
C:\Windows\System\sYsLvdw.exe
2⤵
PID:1176

C:\Windows\System\nmXPlEH.exe
C:\Windows\System\nmXPlEH.exe
2⤵
PID:5992

C:\Windows\System\EwBdtSy.exe
C:\Windows\System\EwBdtSy.exe
2⤵
PID:5452

C:\Windows\System\cKctepm.exe
C:\Windows\System\cKctepm.exe
2⤵
PID:5288

C:\Windows\System\qpTCjNC.exe
C:\Windows\System\qpTCjNC.exe
2⤵
PID:5172

C:\Windows\System\lZDNcLF.exe
C:\Windows\System\lZDNcLF.exe
2⤵
PID:1996

C:\Windows\System\VXZwMAS.exe
C:\Windows\System\VXZwMAS.exe
2⤵
PID:1908

C:\Windows\System\pFrpCuT.exe
C:\Windows\System\pFrpCuT.exe
2⤵
PID:7024

C:\Windows\System\JhAGOgC.exe
C:\Windows\System\JhAGOgC.exe
2⤵
PID:6884

C:\Windows\System\OgbcHsn.exe
C:\Windows\System\OgbcHsn.exe
2⤵
PID:6240

C:\Windows\System\cFdMjoU.exe
C:\Windows\System\cFdMjoU.exe
2⤵
PID:3140

C:\Windows\System\YrUVVFx.exe
C:\Windows\System\YrUVVFx.exe
2⤵
PID:4164

C:\Windows\System\WgawymL.exe
C:\Windows\System\WgawymL.exe
2⤵
PID:6836

C:\Windows\System\hHzToRQ.exe
C:\Windows\System\hHzToRQ.exe
2⤵
PID:6156

C:\Windows\System\kAbboIL.exe
C:\Windows\System\kAbboIL.exe
2⤵
PID:5792

C:\Windows\System\jLHluHK.exe
C:\Windows\System\jLHluHK.exe
2⤵
PID:7216

C:\Windows\System\ixYjMqU.exe
C:\Windows\System\ixYjMqU.exe
2⤵
PID:7236

C:\Windows\System\YjVSoAD.exe
C:\Windows\System\YjVSoAD.exe
2⤵
PID:7268

C:\Windows\System\hnbMYut.exe
C:\Windows\System\hnbMYut.exe
2⤵
PID:7292

C:\Windows\System\ZtMAcpa.exe
C:\Windows\System\ZtMAcpa.exe
2⤵
PID:7316

C:\Windows\System\qzphmkz.exe
C:\Windows\System\qzphmkz.exe
2⤵
PID:7336

C:\Windows\System\VRMrODj.exe
C:\Windows\System\VRMrODj.exe
2⤵
PID:7364

C:\Windows\System\mAuQDCB.exe
C:\Windows\System\mAuQDCB.exe
2⤵
PID:7380

C:\Windows\System\xjyKOxB.exe
C:\Windows\System\xjyKOxB.exe
2⤵
PID:7432

C:\Windows\System\DAgewKP.exe
C:\Windows\System\DAgewKP.exe
2⤵
PID:7452

C:\Windows\System\oAxGbKf.exe
C:\Windows\System\oAxGbKf.exe
2⤵
PID:7472

C:\Windows\System\vSzwheC.exe
C:\Windows\System\vSzwheC.exe
2⤵
PID:7532

C:\Windows\System\jkeIKTc.exe
C:\Windows\System\jkeIKTc.exe
2⤵
PID:7552

C:\Windows\System\OreJKZc.exe
C:\Windows\System\OreJKZc.exe
2⤵
PID:7600

C:\Windows\System\hBtLSqg.exe
C:\Windows\System\hBtLSqg.exe
2⤵
PID:7624

C:\Windows\System\npFNSla.exe
C:\Windows\System\npFNSla.exe
2⤵
PID:7664

C:\Windows\System\zQXuGtQ.exe
C:\Windows\System\zQXuGtQ.exe
2⤵
PID:7688

C:\Windows\System\ZzWDJvI.exe
C:\Windows\System\ZzWDJvI.exe
2⤵
PID:7712

C:\Windows\System\PfvyPqs.exe
C:\Windows\System\PfvyPqs.exe
2⤵
PID:7736

C:\Windows\System\kuQgXNt.exe
C:\Windows\System\kuQgXNt.exe
2⤵
PID:7756

C:\Windows\System\OmoYLwT.exe
C:\Windows\System\OmoYLwT.exe
2⤵
PID:7784

C:\Windows\System\PiKXxoi.exe
C:\Windows\System\PiKXxoi.exe
2⤵
PID:7820

C:\Windows\System\OPnccgN.exe
C:\Windows\System\OPnccgN.exe
2⤵
PID:7836

C:\Windows\System\FmtcIWI.exe
C:\Windows\System\FmtcIWI.exe
2⤵
PID:7864

C:\Windows\System\UQzBlqw.exe
C:\Windows\System\UQzBlqw.exe
2⤵
PID:7892

C:\Windows\System\fvxtTqP.exe
C:\Windows\System\fvxtTqP.exe
2⤵
PID:7912

C:\Windows\System\CunkHuM.exe
C:\Windows\System\CunkHuM.exe
2⤵
PID:7956

C:\Windows\System\WuKzUGO.exe
C:\Windows\System\WuKzUGO.exe
2⤵
PID:7996

C:\Windows\System\QqLWdJa.exe
C:\Windows\System\QqLWdJa.exe
2⤵
PID:8020

C:\Windows\System\NIFWcnv.exe
C:\Windows\System\NIFWcnv.exe
2⤵
PID:8044

C:\Windows\System\TohCRGX.exe
C:\Windows\System\TohCRGX.exe
2⤵
PID:8068

C:\Windows\System\UGeLsgh.exe
C:\Windows\System\UGeLsgh.exe
2⤵
PID:8112

C:\Windows\System\gPcMJNz.exe
C:\Windows\System\gPcMJNz.exe
2⤵
PID:8144

C:\Windows\System\zNIKmOi.exe
C:\Windows\System\zNIKmOi.exe
2⤵
PID:8164

C:\Windows\System\NFkMRFn.exe
C:\Windows\System\NFkMRFn.exe
2⤵
PID:8180

C:\Windows\System\uOkStYW.exe
C:\Windows\System\uOkStYW.exe
2⤵
PID:7196

C:\Windows\System\tXuFPCh.exe
C:\Windows\System\tXuFPCh.exe
2⤵
PID:7188

C:\Windows\System\ZPAKXMs.exe
C:\Windows\System\ZPAKXMs.exe
2⤵
PID:7248

C:\Windows\System\puYPTUn.exe
C:\Windows\System\puYPTUn.exe
2⤵
PID:7288

C:\Windows\System\xzULoiJ.exe
C:\Windows\System\xzULoiJ.exe
2⤵
PID:7376

C:\Windows\System\zJpGmxC.exe
C:\Windows\System\zJpGmxC.exe
2⤵
PID:7500

C:\Windows\System\AjwIiBM.exe
C:\Windows\System\AjwIiBM.exe
2⤵
PID:7540

C:\Windows\System\CImwISB.exe
C:\Windows\System\CImwISB.exe
2⤵
PID:7588

C:\Windows\System\CdtNeRb.exe
C:\Windows\System\CdtNeRb.exe
2⤵
PID:7616

C:\Windows\System\zQUeshf.exe
C:\Windows\System\zQUeshf.exe
2⤵
PID:7700

C:\Windows\System\ygMBLRA.exe
C:\Windows\System\ygMBLRA.exe
2⤵
PID:7732

C:\Windows\System\tHSnIBH.exe
C:\Windows\System\tHSnIBH.exe
2⤵
PID:7844

C:\Windows\System\IfUFtvX.exe
C:\Windows\System\IfUFtvX.exe
2⤵
PID:7828

C:\Windows\System\GnayQrr.exe
C:\Windows\System\GnayQrr.exe
2⤵
PID:7880

C:\Windows\System\yDLTlBn.exe
C:\Windows\System\yDLTlBn.exe
2⤵
PID:7984

C:\Windows\System\kmMAtgw.exe
C:\Windows\System\kmMAtgw.exe
2⤵
PID:8064

C:\Windows\System\DmUCBiA.exe
C:\Windows\System\DmUCBiA.exe
2⤵
PID:8124

C:\Windows\System\KwsUNCO.exe
C:\Windows\System\KwsUNCO.exe
2⤵
PID:5432

C:\Windows\System\CFMrRjS.exe
C:\Windows\System\CFMrRjS.exe
2⤵
PID:7260

C:\Windows\System\QeCrmUI.exe
C:\Windows\System\QeCrmUI.exe
2⤵
PID:7276

C:\Windows\System\bRhMnfj.exe
C:\Windows\System\bRhMnfj.exe
2⤵
PID:7572

C:\Windows\System\GiqILbC.exe
C:\Windows\System\GiqILbC.exe
2⤵
PID:7752

C:\Windows\System\xBEEYqe.exe
C:\Windows\System\xBEEYqe.exe
2⤵
PID:8096

C:\Windows\System\pmvabra.exe
C:\Windows\System\pmvabra.exe
2⤵
PID:8036

C:\Windows\System\MNbKWnm.exe
C:\Windows\System\MNbKWnm.exe
2⤵
PID:7256

C:\Windows\System\tMPJSJS.exe
C:\Windows\System\tMPJSJS.exe
2⤵
PID:7524

C:\Windows\System\MaGHoFF.exe
C:\Windows\System\MaGHoFF.exe
2⤵
PID:7404

C:\Windows\System\AaEMHld.exe
C:\Windows\System\AaEMHld.exe
2⤵
PID:8212

C:\Windows\System\MqpMbQD.exe
C:\Windows\System\MqpMbQD.exe
2⤵
PID:8236

C:\Windows\System\RLmbrIN.exe
C:\Windows\System\RLmbrIN.exe
2⤵
PID:8256

C:\Windows\System\cPUwbgF.exe
C:\Windows\System\cPUwbgF.exe
2⤵
PID:8284

C:\Windows\System\pczuoUd.exe
C:\Windows\System\pczuoUd.exe
2⤵
PID:8312

C:\Windows\System\BNLEdoS.exe
C:\Windows\System\BNLEdoS.exe
2⤵
PID:8332

C:\Windows\System\LdGRhyJ.exe
C:\Windows\System\LdGRhyJ.exe
2⤵
PID:8356

C:\Windows\System\AVoZpTa.exe
C:\Windows\System\AVoZpTa.exe
2⤵
PID:8400

C:\Windows\System\digFZeA.exe
C:\Windows\System\digFZeA.exe
2⤵
PID:8428

C:\Windows\System\ocLlaVz.exe
C:\Windows\System\ocLlaVz.exe
2⤵
PID:8452

C:\Windows\System\awXAgAJ.exe
C:\Windows\System\awXAgAJ.exe
2⤵
PID:8472

C:\Windows\System\aGUTKlM.exe
C:\Windows\System\aGUTKlM.exe
2⤵
PID:8504

C:\Windows\System\imKECrz.exe
C:\Windows\System\imKECrz.exe
2⤵
PID:8536

C:\Windows\System\sSvUCYL.exe
C:\Windows\System\sSvUCYL.exe
2⤵
PID:8560

C:\Windows\System\OjRYtts.exe
C:\Windows\System\OjRYtts.exe
2⤵
PID:8576

C:\Windows\System\ceqKQvA.exe
C:\Windows\System\ceqKQvA.exe
2⤵
PID:8616

C:\Windows\System\fPyulTq.exe
C:\Windows\System\fPyulTq.exe
2⤵
PID:8672

C:\Windows\System\XkapiCE.exe
C:\Windows\System\XkapiCE.exe
2⤵
PID:8692

C:\Windows\System\PEltEFK.exe
C:\Windows\System\PEltEFK.exe
2⤵
PID:8708

C:\Windows\System\NjShaVA.exe
C:\Windows\System\NjShaVA.exe
2⤵
PID:8732

C:\Windows\System\SzQlVXq.exe
C:\Windows\System\SzQlVXq.exe
2⤵
PID:8760

C:\Windows\System\SWQuCHN.exe
C:\Windows\System\SWQuCHN.exe
2⤵
PID:8800

C:\Windows\System\bGKZnLL.exe
C:\Windows\System\bGKZnLL.exe
2⤵
PID:8824

C:\Windows\System\zLFzUZR.exe
C:\Windows\System\zLFzUZR.exe
2⤵
PID:8852

C:\Windows\System\wxvUVLu.exe
C:\Windows\System\wxvUVLu.exe
2⤵
PID:8872

C:\Windows\System\AkFsSqy.exe
C:\Windows\System\AkFsSqy.exe
2⤵
PID:9004

C:\Windows\System\LiqyZJx.exe
C:\Windows\System\LiqyZJx.exe
2⤵
PID:9024

C:\Windows\System\nyUmeIC.exe
C:\Windows\System\nyUmeIC.exe
2⤵
PID:9040

C:\Windows\System\ouFBEwq.exe
C:\Windows\System\ouFBEwq.exe
2⤵
PID:9056

C:\Windows\System\zNrBURk.exe
C:\Windows\System\zNrBURk.exe
2⤵
PID:9072

C:\Windows\System\ivavUeM.exe
C:\Windows\System\ivavUeM.exe
2⤵
PID:9088

C:\Windows\System\sHkOwHa.exe
C:\Windows\System\sHkOwHa.exe
2⤵
PID:9104

C:\Windows\System\auVuSuo.exe
C:\Windows\System\auVuSuo.exe
2⤵
PID:9120

C:\Windows\System\XuiqTXz.exe
C:\Windows\System\XuiqTXz.exe
2⤵
PID:9136

C:\Windows\System\vyuRjlK.exe
C:\Windows\System\vyuRjlK.exe
2⤵
PID:9152

C:\Windows\System\AINcPSl.exe
C:\Windows\System\AINcPSl.exe
2⤵
PID:9168

C:\Windows\System\TuzgLCC.exe
C:\Windows\System\TuzgLCC.exe
2⤵
PID:9184

C:\Windows\System\opdgBgE.exe
C:\Windows\System\opdgBgE.exe
2⤵
PID:9200

C:\Windows\System\XxWlAOT.exe
C:\Windows\System\XxWlAOT.exe
2⤵
PID:7832

C:\Windows\System\CjRYDBV.exe
C:\Windows\System\CjRYDBV.exe
2⤵
PID:7968

C:\Windows\System\TwxGWdK.exe
C:\Windows\System\TwxGWdK.exe
2⤵
PID:8204

C:\Windows\System\IiNdyZU.exe
C:\Windows\System\IiNdyZU.exe
2⤵
PID:8208

C:\Windows\System\Svenrmc.exe
C:\Windows\System\Svenrmc.exe
2⤵
PID:8296

C:\Windows\System\LkrfxZM.exe
C:\Windows\System\LkrfxZM.exe
2⤵
PID:8392

C:\Windows\System\XrkszXw.exe
C:\Windows\System\XrkszXw.exe
2⤵
PID:8572

C:\Windows\System\IJEMQfD.exe
C:\Windows\System\IJEMQfD.exe
2⤵
PID:8688

C:\Windows\System\zvqiiIw.exe
C:\Windows\System\zvqiiIw.exe
2⤵
PID:8748

C:\Windows\System\VYUSDsR.exe
C:\Windows\System\VYUSDsR.exe
2⤵
PID:8780

C:\Windows\System\PkmKdWN.exe
C:\Windows\System\PkmKdWN.exe
2⤵
PID:8844

C:\Windows\System\UNWDeKQ.exe
C:\Windows\System\UNWDeKQ.exe
2⤵
PID:9016

C:\Windows\System\iqnAMrJ.exe
C:\Windows\System\iqnAMrJ.exe
2⤵
PID:8888

C:\Windows\System\RILTNhl.exe
C:\Windows\System\RILTNhl.exe
2⤵
PID:8928

C:\Windows\System\UiiLuvW.exe
C:\Windows\System\UiiLuvW.exe
2⤵
PID:8440

C:\Windows\System\jHYCEuC.exe
C:\Windows\System\jHYCEuC.exe
2⤵
PID:9212

C:\Windows\System\LuckWgw.exe
C:\Windows\System\LuckWgw.exe
2⤵
PID:8784

C:\Windows\System\NAJuQAL.exe
C:\Windows\System\NAJuQAL.exe
2⤵
PID:8840

C:\Windows\System\oZnRDdq.exe
C:\Windows\System\oZnRDdq.exe
2⤵
PID:8896

C:\Windows\System\AfhdPoK.exe
C:\Windows\System\AfhdPoK.exe
2⤵
PID:8960

C:\Windows\System\jRXOyAw.exe
C:\Windows\System\jRXOyAw.exe
2⤵
PID:8088

C:\Windows\System\KKZgJox.exe
C:\Windows\System\KKZgJox.exe
2⤵
PID:8752

C:\Windows\System\PvzBExU.exe
C:\Windows\System\PvzBExU.exe
2⤵
PID:8648

C:\Windows\System\FsLIMig.exe
C:\Windows\System\FsLIMig.exe
2⤵
PID:8952

C:\Windows\System\oIraQQQ.exe
C:\Windows\System\oIraQQQ.exe
2⤵
PID:8636

C:\Windows\System\hdJTiKh.exe
C:\Windows\System\hdJTiKh.exe
2⤵
PID:9232

C:\Windows\System\oHbryeB.exe
C:\Windows\System\oHbryeB.exe
2⤵
PID:9252

C:\Windows\System\WnrGfuw.exe
C:\Windows\System\WnrGfuw.exe
2⤵
PID:9280

C:\Windows\System\JszInFU.exe
C:\Windows\System\JszInFU.exe
2⤵
PID:9312

C:\Windows\System\nzmHjmp.exe
C:\Windows\System\nzmHjmp.exe
2⤵
PID:9336

C:\Windows\System\sZiyBOQ.exe
C:\Windows\System\sZiyBOQ.exe
2⤵
PID:9360

C:\Windows\System\BVhcMut.exe
C:\Windows\System\BVhcMut.exe
2⤵
PID:9384

C:\Windows\System\YdUcipl.exe
C:\Windows\System\YdUcipl.exe
2⤵
PID:9408

C:\Windows\System\vCzOBzy.exe
C:\Windows\System\vCzOBzy.exe
2⤵
PID:9440

C:\Windows\System\lYiiqNZ.exe
C:\Windows\System\lYiiqNZ.exe
2⤵
PID:9468

C:\Windows\System\IPcXeiv.exe
C:\Windows\System\IPcXeiv.exe
2⤵
PID:9496

C:\Windows\System\XaUOsTl.exe
C:\Windows\System\XaUOsTl.exe
2⤵
PID:9560

C:\Windows\System\afxquck.exe
C:\Windows\System\afxquck.exe
2⤵
PID:9592

C:\Windows\System\TEywWHA.exe
C:\Windows\System\TEywWHA.exe
2⤵
PID:9612

C:\Windows\System\iVFCBuE.exe
C:\Windows\System\iVFCBuE.exe
2⤵
PID:9632

C:\Windows\System\HnHgdpV.exe
C:\Windows\System\HnHgdpV.exe
2⤵
PID:9652

C:\Windows\System\EaGPGvK.exe
C:\Windows\System\EaGPGvK.exe
2⤵
PID:9684

C:\Windows\System\pCJIvpj.exe
C:\Windows\System\pCJIvpj.exe
2⤵
PID:9700

C:\Windows\System\OEOpvkz.exe
C:\Windows\System\OEOpvkz.exe
2⤵
PID:9720

C:\Windows\System\TWUKpRI.exe
C:\Windows\System\TWUKpRI.exe
2⤵
PID:9776

C:\Windows\System\ehTuiTI.exe
C:\Windows\System\ehTuiTI.exe
2⤵
PID:9804

C:\Windows\System\HjdQPPt.exe
C:\Windows\System\HjdQPPt.exe
2⤵
PID:9824

C:\Windows\System\IbZIJWA.exe
C:\Windows\System\IbZIJWA.exe
2⤵
PID:9872

C:\Windows\System\XuHYwJs.exe
C:\Windows\System\XuHYwJs.exe
2⤵
PID:9904

C:\Windows\System\hgQAzwN.exe
C:\Windows\System\hgQAzwN.exe
2⤵
PID:9924

C:\Windows\System\axpbJmO.exe
C:\Windows\System\axpbJmO.exe
2⤵
PID:9944

C:\Windows\System\WbluclO.exe
C:\Windows\System\WbluclO.exe
2⤵
PID:9988

C:\Windows\System\zyAJQYB.exe
C:\Windows\System\zyAJQYB.exe
2⤵
PID:10008

C:\Windows\System\lywugje.exe
C:\Windows\System\lywugje.exe
2⤵
PID:10060

C:\Windows\System\qmfGNdu.exe
C:\Windows\System\qmfGNdu.exe
2⤵
PID:10084

C:\Windows\System\EadGswJ.exe
C:\Windows\System\EadGswJ.exe
2⤵
PID:10104

C:\Windows\System\vgFoECP.exe
C:\Windows\System\vgFoECP.exe
2⤵
PID:10124

C:\Windows\System\eVDqFhv.exe
C:\Windows\System\eVDqFhv.exe
2⤵
PID:10148

C:\Windows\System\WKKRizR.exe
C:\Windows\System\WKKRizR.exe
2⤵
PID:10168

C:\Windows\System\JtSPfUv.exe
C:\Windows\System\JtSPfUv.exe
2⤵
PID:10224

C:\Windows\System\XKaGAGw.exe
C:\Windows\System\XKaGAGw.exe
2⤵
PID:8776

C:\Windows\System\ZNPJnjK.exe
C:\Windows\System\ZNPJnjK.exe
2⤵
PID:8232

C:\Windows\System\wrZZSdf.exe
C:\Windows\System\wrZZSdf.exe
2⤵
PID:9292

C:\Windows\System\PWjZsUi.exe
C:\Windows\System\PWjZsUi.exe
2⤵
PID:9308

C:\Windows\System\AXpuecX.exe
C:\Windows\System\AXpuecX.exe
2⤵
PID:9356

C:\Windows\System\VqJMjpQ.exe
C:\Windows\System\VqJMjpQ.exe
2⤵
PID:9432

C:\Windows\System\ebopuyg.exe
C:\Windows\System\ebopuyg.exe
2⤵
PID:9460

C:\Windows\System\Bphcwbl.exe
C:\Windows\System\Bphcwbl.exe
2⤵
PID:9568

C:\Windows\System\KqteeoC.exe
C:\Windows\System\KqteeoC.exe
2⤵
PID:9620

C:\Windows\System\YfLSKAc.exe
C:\Windows\System\YfLSKAc.exe
2⤵
PID:9668

C:\Windows\System\Lruirag.exe
C:\Windows\System\Lruirag.exe
2⤵
PID:9716

C:\Windows\System\abNSJdY.exe
C:\Windows\System\abNSJdY.exe
2⤵
PID:9820

C:\Windows\System\qPQTkVL.exe
C:\Windows\System\qPQTkVL.exe
2⤵
PID:9964

C:\Windows\System\esssYND.exe
C:\Windows\System\esssYND.exe
2⤵
PID:10036

C:\Windows\System\uWwQsnm.exe
C:\Windows\System\uWwQsnm.exe
2⤵
PID:10092

C:\Windows\System\uqEnDrG.exe
C:\Windows\System\uqEnDrG.exe
2⤵
PID:10164

C:\Windows\System\voZlCDO.exe
C:\Windows\System\voZlCDO.exe
2⤵
PID:8892

C:\Windows\System\UiZRMpj.exe
C:\Windows\System\UiZRMpj.exe
2⤵
PID:9176

C:\Windows\System\uWPcTTy.exe
C:\Windows\System\uWPcTTy.exe
2⤵
PID:9376

C:\Windows\System\YeCpdGY.exe
C:\Windows\System\YeCpdGY.exe
2⤵
PID:9608

C:\Windows\System\GojGrpM.exe
C:\Windows\System\GojGrpM.exe
2⤵
PID:9856

C:\Windows\System\XrRFkOP.exe
C:\Windows\System\XrRFkOP.exe
2⤵
PID:9916

C:\Windows\System\xiJNOSE.exe
C:\Windows\System\xiJNOSE.exe
2⤵
PID:9936

C:\Windows\System\fOxnzsO.exe
C:\Windows\System\fOxnzsO.exe
2⤵
PID:10144

C:\Windows\System\NyBPAZu.exe
C:\Windows\System\NyBPAZu.exe
2⤵
PID:2064

C:\Windows\System\bWAUkXw.exe
C:\Windows\System\bWAUkXw.exe
2⤵
PID:9116

C:\Windows\System\oZXBtEG.exe
C:\Windows\System\oZXBtEG.exe
2⤵
PID:9648

C:\Windows\System\DoApkxd.exe
C:\Windows\System\DoApkxd.exe
2⤵
PID:9960

C:\Windows\System\SBmNmss.exe
C:\Windows\System\SBmNmss.exe
2⤵
PID:9224

C:\Windows\System\UorIxJv.exe
C:\Windows\System\UorIxJv.exe
2⤵
PID:10268

C:\Windows\System\suPOXiu.exe
C:\Windows\System\suPOXiu.exe
2⤵
PID:10292

C:\Windows\System\PZpuXVn.exe
C:\Windows\System\PZpuXVn.exe
2⤵
PID:10336

C:\Windows\System\RoKrNmX.exe
C:\Windows\System\RoKrNmX.exe
2⤵
PID:10360

C:\Windows\System\Guhtrst.exe
C:\Windows\System\Guhtrst.exe
2⤵
PID:10380

C:\Windows\System\mWgbCea.exe
C:\Windows\System\mWgbCea.exe
2⤵
PID:10408

C:\Windows\System\iMYjuNJ.exe
C:\Windows\System\iMYjuNJ.exe
2⤵
PID:10436

C:\Windows\System\IFhMYeH.exe
C:\Windows\System\IFhMYeH.exe
2⤵
PID:10464

C:\Windows\System\qDFMVmf.exe
C:\Windows\System\qDFMVmf.exe
2⤵
PID:10480

C:\Windows\System\CNWfmMd.exe
C:\Windows\System\CNWfmMd.exe
2⤵
PID:10500

C:\Windows\System\TeMqTxh.exe
C:\Windows\System\TeMqTxh.exe
2⤵
PID:10556

C:\Windows\System\OLsrujN.exe
C:\Windows\System\OLsrujN.exe
2⤵
PID:10572

C:\Windows\System\vhtwNYM.exe
C:\Windows\System\vhtwNYM.exe
2⤵
PID:10616

C:\Windows\System\CGaIXhE.exe
C:\Windows\System\CGaIXhE.exe
2⤵
PID:10640

C:\Windows\System\oiNbPgI.exe
C:\Windows\System\oiNbPgI.exe
2⤵
PID:10660

C:\Windows\System\HvRWODA.exe
C:\Windows\System\HvRWODA.exe
2⤵
PID:10684

C:\Windows\System\XZOBuOh.exe
C:\Windows\System\XZOBuOh.exe
2⤵
PID:10716

C:\Windows\System\hYKqkaJ.exe
C:\Windows\System\hYKqkaJ.exe
2⤵
PID:10748

C:\Windows\System\QcVrgEd.exe
C:\Windows\System\QcVrgEd.exe
2⤵
PID:10772

C:\Windows\System\AahOVNd.exe
C:\Windows\System\AahOVNd.exe
2⤵
PID:10812

C:\Windows\System\vlqWcmk.exe
C:\Windows\System\vlqWcmk.exe
2⤵
PID:10832

C:\Windows\System\TAWpzsF.exe
C:\Windows\System\TAWpzsF.exe
2⤵
PID:10872

C:\Windows\System\vHkwpkU.exe
C:\Windows\System\vHkwpkU.exe
2⤵
PID:10892

C:\Windows\System\VuMkdcG.exe
C:\Windows\System\VuMkdcG.exe
2⤵
PID:10916

C:\Windows\System\yiayeWr.exe
C:\Windows\System\yiayeWr.exe
2⤵
PID:10956

C:\Windows\System\FTsZYZy.exe
C:\Windows\System\FTsZYZy.exe
2⤵
PID:10976

C:\Windows\System\vBgsmJH.exe
C:\Windows\System\vBgsmJH.exe
2⤵
PID:11000

C:\Windows\System\vcHkdrY.exe
C:\Windows\System\vcHkdrY.exe
2⤵
PID:11040

C:\Windows\System\GliBdBQ.exe
C:\Windows\System\GliBdBQ.exe
2⤵
PID:11060

C:\Windows\System\ZaRlCjU.exe
C:\Windows\System\ZaRlCjU.exe
2⤵
PID:11092

C:\Windows\System\xGZvlsK.exe
C:\Windows\System\xGZvlsK.exe
2⤵
PID:11112

C:\Windows\System\zlUbZTX.exe
C:\Windows\System\zlUbZTX.exe
2⤵
PID:11128

C:\Windows\System\OMxUTBt.exe
C:\Windows\System\OMxUTBt.exe
2⤵
PID:11160

C:\Windows\System\CNlDcPV.exe
C:\Windows\System\CNlDcPV.exe
2⤵
PID:11188

C:\Windows\System\FhBxLHI.exe
C:\Windows\System\FhBxLHI.exe
2⤵
PID:11212

C:\Windows\System\TJPBnHD.exe
C:\Windows\System\TJPBnHD.exe
2⤵
PID:11240

C:\Windows\System\LJPwefI.exe
C:\Windows\System\LJPwefI.exe
2⤵
PID:11260

C:\Windows\System\HtXPxSZ.exe
C:\Windows\System\HtXPxSZ.exe
2⤵
PID:10264

C:\Windows\System\qijmtpb.exe
C:\Windows\System\qijmtpb.exe
2⤵
PID:10316

C:\Windows\System\PJAMxcQ.exe
C:\Windows\System\PJAMxcQ.exe
2⤵
PID:1616

C:\Windows\System\qCpkEfk.exe
C:\Windows\System\qCpkEfk.exe
2⤵
PID:10496

C:\Windows\System\hRgjyQC.exe
C:\Windows\System\hRgjyQC.exe
2⤵
PID:10540

C:\Windows\System\OdFrXrv.exe
C:\Windows\System\OdFrXrv.exe
2⤵
PID:10600

C:\Windows\System\XIpZYBD.exe
C:\Windows\System\XIpZYBD.exe
2⤵
PID:440

C:\Windows\System\hhWYjIM.exe
C:\Windows\System\hhWYjIM.exe
2⤵
PID:10708

C:\Windows\System\aPgpUvq.exe
C:\Windows\System\aPgpUvq.exe
2⤵
PID:10768

C:\Windows\System\RHMfMnk.exe
C:\Windows\System\RHMfMnk.exe
2⤵
PID:10808

C:\Windows\System\jTiFLoX.exe
C:\Windows\System\jTiFLoX.exe
2⤵
PID:3196

C:\Windows\System\HnjrChX.exe
C:\Windows\System\HnjrChX.exe
2⤵
PID:10948

C:\Windows\System\avfyapX.exe
C:\Windows\System\avfyapX.exe
2⤵
PID:11016

C:\Windows\System\PsmrILa.exe
C:\Windows\System\PsmrILa.exe
2⤵
PID:11124

C:\Windows\System\AzhtDbc.exe
C:\Windows\System\AzhtDbc.exe
2⤵
PID:11168

C:\Windows\System\MLZnNFg.exe
C:\Windows\System\MLZnNFg.exe
2⤵
PID:11228

C:\Windows\System\svwJAij.exe
C:\Windows\System\svwJAij.exe
2⤵
PID:10372

C:\Windows\System\BzVjhvR.exe
C:\Windows\System\BzVjhvR.exe
2⤵
PID:10332

C:\Windows\System\IWWgMrS.exe
C:\Windows\System\IWWgMrS.exe
2⤵
PID:10392

C:\Windows\System\HrFGULT.exe
C:\Windows\System\HrFGULT.exe
2⤵
PID:3716

C:\Windows\System\HhlZsXC.exe
C:\Windows\System\HhlZsXC.exe
2⤵
PID:10596

C:\Windows\System\RsguEpU.exe
C:\Windows\System\RsguEpU.exe
2⤵
PID:10736

C:\Windows\System\cpZTNaP.exe
C:\Windows\System\cpZTNaP.exe
2⤵
PID:11104

C:\Windows\System\mQhfGVz.exe
C:\Windows\System\mQhfGVz.exe
2⤵
PID:2368

C:\Windows\System\fHXSLCH.exe
C:\Windows\System\fHXSLCH.exe
2⤵
PID:3012

C:\Windows\System\ZfjofUy.exe
C:\Windows\System\ZfjofUy.exe
2⤵
PID:10648

C:\Windows\System\XWdgZjF.exe
C:\Windows\System\XWdgZjF.exe
2⤵
PID:10476

C:\Windows\System\GPBmFqK.exe
C:\Windows\System\GPBmFqK.exe
2⤵
PID:10528

C:\Windows\System\JbNIHaS.exe
C:\Windows\System\JbNIHaS.exe
2⤵
PID:11100

C:\Windows\System\nOGWMgX.exe
C:\Windows\System\nOGWMgX.exe
2⤵
PID:11284

C:\Windows\System\RGiOWDV.exe
C:\Windows\System\RGiOWDV.exe
2⤵
PID:11312

C:\Windows\System\eSGfRDE.exe
C:\Windows\System\eSGfRDE.exe
2⤵
PID:11348

C:\Windows\System\vPFGMZs.exe
C:\Windows\System\vPFGMZs.exe
2⤵
PID:11388

C:\Windows\System\LwpxvnQ.exe
C:\Windows\System\LwpxvnQ.exe
2⤵
PID:11404

C:\Windows\System\DlGdXlb.exe
C:\Windows\System\DlGdXlb.exe
2⤵
PID:11448

C:\Windows\System\vFXHjUC.exe
C:\Windows\System\vFXHjUC.exe
2⤵
PID:11472

C:\Windows\System\cvDWNIw.exe
C:\Windows\System\cvDWNIw.exe
2⤵
PID:11492

C:\Windows\System\VWkvoOA.exe
C:\Windows\System\VWkvoOA.exe
2⤵
PID:11544

C:\Windows\System\BCpbMec.exe
C:\Windows\System\BCpbMec.exe
2⤵
PID:11564

C:\Windows\System\kKaerwo.exe
C:\Windows\System\kKaerwo.exe
2⤵
PID:11588

C:\Windows\System\UoldceI.exe
C:\Windows\System\UoldceI.exe
2⤵
PID:11608

C:\Windows\System\PBOgIbb.exe
C:\Windows\System\PBOgIbb.exe
2⤵
PID:11644

C:\Windows\System\GHHRTMR.exe
C:\Windows\System\GHHRTMR.exe
2⤵
PID:11664

C:\Windows\System\BNphSCZ.exe
C:\Windows\System\BNphSCZ.exe
2⤵
PID:11704

C:\Windows\System\hYwvvgV.exe
C:\Windows\System\hYwvvgV.exe
2⤵
PID:11728

C:\Windows\System\AbdCCzj.exe
C:\Windows\System\AbdCCzj.exe
2⤵
PID:11768

C:\Windows\System\mVgqIhi.exe
C:\Windows\System\mVgqIhi.exe
2⤵
PID:11784

C:\Windows\System\FrOtAob.exe
C:\Windows\System\FrOtAob.exe
2⤵
PID:11800

C:\Windows\System\FcrDHkM.exe
C:\Windows\System\FcrDHkM.exe
2⤵
PID:11816

C:\Windows\System\WpsYNvj.exe
C:\Windows\System\WpsYNvj.exe
2⤵
PID:11836

C:\Windows\System\afJWDeb.exe
C:\Windows\System\afJWDeb.exe
2⤵
PID:11864

C:\Windows\System\qLYJDVn.exe
C:\Windows\System\qLYJDVn.exe
2⤵
PID:11884

C:\Windows\System\FLUGaMt.exe
C:\Windows\System\FLUGaMt.exe
2⤵
PID:11928

C:\Windows\System\CwDUeIh.exe
C:\Windows\System\CwDUeIh.exe
2⤵
PID:11972

C:\Windows\System\IcjWdDv.exe
C:\Windows\System\IcjWdDv.exe
2⤵
PID:12008

C:\Windows\System\xiFIoQv.exe
C:\Windows\System\xiFIoQv.exe
2⤵
PID:12032

C:\Windows\System\wOSokwH.exe
C:\Windows\System\wOSokwH.exe
2⤵
PID:12052

C:\Windows\System\QHvGCzf.exe
C:\Windows\System\QHvGCzf.exe
2⤵
PID:12068

C:\Windows\System\peLzmXm.exe
C:\Windows\System\peLzmXm.exe
2⤵
PID:12092

C:\Windows\System\KznzRvy.exe
C:\Windows\System\KznzRvy.exe
2⤵
PID:12124

C:\Windows\System\fJixZAY.exe
C:\Windows\System\fJixZAY.exe
2⤵
PID:12144

C:\Windows\System\AdEsBMH.exe
C:\Windows\System\AdEsBMH.exe
2⤵
PID:12196

C:\Windows\System\QmibpNd.exe
C:\Windows\System\QmibpNd.exe
2⤵
PID:12224

C:\Windows\System\NeVQjnd.exe
C:\Windows\System\NeVQjnd.exe
2⤵
PID:12248

C:\Windows\System\VWUyFpc.exe
C:\Windows\System\VWUyFpc.exe
2⤵
PID:12264

C:\Windows\System\lrNxppw.exe
C:\Windows\System\lrNxppw.exe
2⤵
PID:12280

C:\Windows\System\MzbgsnK.exe
C:\Windows\System\MzbgsnK.exe
2⤵
PID:11272

C:\Windows\System\bNBSBPK.exe
C:\Windows\System\bNBSBPK.exe
2⤵
PID:11396

C:\Windows\System\FRmsEVr.exe
C:\Windows\System\FRmsEVr.exe
2⤵
PID:11464

C:\Windows\System\JwhxOJT.exe
C:\Windows\System\JwhxOJT.exe
2⤵
PID:11560

C:\Windows\System\oULetKI.exe
C:\Windows\System\oULetKI.exe
2⤵
PID:11636

C:\Windows\System\ekdKqAb.exe
C:\Windows\System\ekdKqAb.exe
2⤵
PID:11696

C:\Windows\System\jDBJdui.exe
C:\Windows\System\jDBJdui.exe
2⤵
PID:2396

C:\Windows\System\cZYbuKn.exe
C:\Windows\System\cZYbuKn.exe
2⤵
PID:11892

C:\Windows\System\LrrFmqk.exe
C:\Windows\System\LrrFmqk.exe
2⤵
PID:11944

C:\Windows\System\azKPsLA.exe
C:\Windows\System\azKPsLA.exe
2⤵
PID:12044

C:\Windows\System\qeUGzSA.exe
C:\Windows\System\qeUGzSA.exe
2⤵
PID:12080

C:\Windows\System\LCvMvNU.exe
C:\Windows\System\LCvMvNU.exe
2⤵
PID:12136

C:\Windows\System\KcGxHDI.exe
C:\Windows\System\KcGxHDI.exe
2⤵
PID:12240

C:\Windows\System\sbqkVet.exe
C:\Windows\System\sbqkVet.exe
2⤵
PID:12276

C:\Windows\System\DjgfCLa.exe
C:\Windows\System\DjgfCLa.exe
2⤵
PID:12256

C:\Windows\System\jqHoorp.exe
C:\Windows\System\jqHoorp.exe
2⤵
PID:11356

C:\Windows\System\UQlIOwJ.exe
C:\Windows\System\UQlIOwJ.exe
2⤵
PID:11584

C:\Windows\System\CLRgsZq.exe
C:\Windows\System\CLRgsZq.exe
2⤵
PID:1784

C:\Windows\System\huOkJJo.exe
C:\Windows\System\huOkJJo.exe
2⤵
PID:11792

C:\Windows\System\mDDiKRb.exe
C:\Windows\System\mDDiKRb.exe
2⤵
PID:3364

C:\Windows\System\kWGfcAk.exe
C:\Windows\System\kWGfcAk.exe
2⤵
PID:11744

C:\Windows\System\EczJXcd.exe
C:\Windows\System\EczJXcd.exe
2⤵
PID:11936

C:\Windows\System\dtOoymF.exe
C:\Windows\System\dtOoymF.exe
2⤵
PID:12064

C:\Windows\System\TDcbhsG.exe
C:\Windows\System\TDcbhsG.exe
2⤵
PID:12220

C:\Windows\System\vbnddEQ.exe
C:\Windows\System\vbnddEQ.exe
2⤵
PID:2648

C:\Windows\System\yBfleBP.exe
C:\Windows\System\yBfleBP.exe
2⤵
PID:4428

C:\Windows\System\GmgFdfB.exe
C:\Windows\System\GmgFdfB.exe
2⤵
PID:4356

C:\Windows\System\VwnAhst.exe
C:\Windows\System\VwnAhst.exe
2⤵
PID:10908

C:\Windows\System\SyUIlQy.exe
C:\Windows\System\SyUIlQy.exe
2⤵
PID:11632

C:\Windows\System\zBtfqZL.exe
C:\Windows\System\zBtfqZL.exe
2⤵
PID:12024

C:\Windows\System\ClHCCdB.exe
C:\Windows\System\ClHCCdB.exe
2⤵
PID:2964

C:\Windows\System\RDLOeOC.exe
C:\Windows\System\RDLOeOC.exe
2⤵
PID:12332

C:\Windows\System\wVqDOWV.exe
C:\Windows\System\wVqDOWV.exe
2⤵
PID:12364

C:\Windows\System\yvUHgbb.exe
C:\Windows\System\yvUHgbb.exe
2⤵
PID:12380

C:\Windows\System\yEOpWbb.exe
C:\Windows\System\yEOpWbb.exe
2⤵
PID:12400

C:\Windows\System\ZFMkaRh.exe
C:\Windows\System\ZFMkaRh.exe
2⤵
PID:12428

C:\Windows\System\QKUaQaX.exe
C:\Windows\System\QKUaQaX.exe
2⤵
PID:12476

C:\Windows\System\OkELbPL.exe
C:\Windows\System\OkELbPL.exe
2⤵
PID:12500

C:\Windows\System\gqIcxIf.exe
C:\Windows\System\gqIcxIf.exe
2⤵
PID:12520

C:\Windows\System\XaxoDtT.exe
C:\Windows\System\XaxoDtT.exe
2⤵
PID:12540

C:\Windows\System\LTAVEys.exe
C:\Windows\System\LTAVEys.exe
2⤵
PID:12564

C:\Windows\System\RZHNWFI.exe
C:\Windows\System\RZHNWFI.exe
2⤵
PID:12584

C:\Windows\System\xmsnVVG.exe
C:\Windows\System\xmsnVVG.exe
2⤵
PID:12608

C:\Windows\System\bTfiJgY.exe
C:\Windows\System\bTfiJgY.exe
2⤵
PID:12652

C:\Windows\System\BtQhlqr.exe
C:\Windows\System\BtQhlqr.exe
2⤵
PID:12684

C:\Windows\System\QvEHATm.exe
C:\Windows\System\QvEHATm.exe
2⤵
PID:12708

C:\Windows\System\OQPibKL.exe
C:\Windows\System\OQPibKL.exe
2⤵
PID:12732

C:\Windows\System\WGGjzJl.exe
C:\Windows\System\WGGjzJl.exe
2⤵
PID:12776

C:\Windows\System\GHGcOid.exe
C:\Windows\System\GHGcOid.exe
2⤵
PID:12808

C:\Windows\System\UtduEHM.exe
C:\Windows\System\UtduEHM.exe
2⤵
PID:12828

C:\Windows\System\KWrzSAZ.exe
C:\Windows\System\KWrzSAZ.exe
2⤵
PID:12856

C:\Windows\System\IWmVidS.exe
C:\Windows\System\IWmVidS.exe
2⤵
PID:12900

C:\Windows\System\avFHcCi.exe
C:\Windows\System\avFHcCi.exe
2⤵
PID:12920

C:\Windows\System\USatmHx.exe
C:\Windows\System\USatmHx.exe
2⤵
PID:12944

C:\Windows\System\dqTtbTk.exe
C:\Windows\System\dqTtbTk.exe
2⤵
PID:12976

C:\Windows\System\zniFVGn.exe
C:\Windows\System\zniFVGn.exe
2⤵
PID:12996

C:\Windows\System\NvRtsBt.exe
C:\Windows\System\NvRtsBt.exe
2⤵
PID:13040

C:\Windows\System\zihqIbP.exe
C:\Windows\System\zihqIbP.exe
2⤵
PID:13060

C:\Windows\System\pDohtso.exe
C:\Windows\System\pDohtso.exe
2⤵
PID:13080

C:\Windows\System\KBjtyLc.exe
C:\Windows\System\KBjtyLc.exe
2⤵
PID:13124

C:\Windows\System\xpTBmmq.exe
C:\Windows\System\xpTBmmq.exe
2⤵
PID:13144

C:\Windows\System\wSJuDIG.exe
C:\Windows\System\wSJuDIG.exe
2⤵
PID:13164

C:\Windows\System\ufRSqPq.exe
C:\Windows\System\ufRSqPq.exe
2⤵
PID:13188

C:\Windows\System\BXgEwqk.exe
C:\Windows\System\BXgEwqk.exe
2⤵
PID:13228

C:\Windows\System\RCBMPnX.exe
C:\Windows\System\RCBMPnX.exe
2⤵
PID:13264

C:\Windows\System\rXIsjyU.exe
C:\Windows\System\rXIsjyU.exe
2⤵
PID:12356

C:\Windows\System\pTyrsfW.exe
C:\Windows\System\pTyrsfW.exe
2⤵
PID:12676

C:\Windows\System\LweTAOH.exe
C:\Windows\System\LweTAOH.exe
2⤵
PID:12784

C:\Windows\System\MhUFKVh.exe
C:\Windows\System\MhUFKVh.exe
2⤵
PID:12816

C:\Windows\System\eZbSYeV.exe
C:\Windows\System\eZbSYeV.exe
2⤵
PID:12872

C:\Windows\System\vgRpLYD.exe
C:\Windows\System\vgRpLYD.exe
2⤵
PID:11916

C:\Windows\System\IXWLVok.exe
C:\Windows\System\IXWLVok.exe
2⤵
PID:12968

C:\Windows\System\VfWIJzz.exe
C:\Windows\System\VfWIJzz.exe
2⤵
PID:13032

C:\Windows\System\LaDOsUf.exe
C:\Windows\System\LaDOsUf.exe
2⤵
PID:13092

C:\Windows\System\pFYDqrU.exe
C:\Windows\System\pFYDqrU.exe
2⤵
PID:13160

C:\Windows\System\wTVLZat.exe
C:\Windows\System\wTVLZat.exe
2⤵
PID:13272

C:\Windows\System\ojhGHKf.exe
C:\Windows\System\ojhGHKf.exe
2⤵
PID:13304

C:\Windows\System\NeTrTQa.exe
C:\Windows\System\NeTrTQa.exe
2⤵
PID:11524

C:\Windows\System\HEOnqZa.exe
C:\Windows\System\HEOnqZa.exe
2⤵
PID:12552

C:\Windows\System\pbRihCh.exe
C:\Windows\System\pbRihCh.exe
2⤵
PID:12648

C:\Windows\System\TiYTYCN.exe
C:\Windows\System\TiYTYCN.exe
2⤵
PID:12456

C:\Windows\System\iTmfKIu.exe
C:\Windows\System\iTmfKIu.exe
2⤵
PID:828

C:\Windows\System\hPgcCVs.exe
C:\Windows\System\hPgcCVs.exe
2⤵
PID:736

C:\Windows\System\KhlXFNs.exe
C:\Windows\System\KhlXFNs.exe
2⤵
PID:12768

C:\Windows\System\IBMCKQk.exe
C:\Windows\System\IBMCKQk.exe
2⤵
PID:12340

C:\Windows\System\hFQtmBa.exe
C:\Windows\System\hFQtmBa.exe
2⤵
PID:2092

C:\Windows\System\hTYHZmU.exe
C:\Windows\System\hTYHZmU.exe
2⤵
PID:4600

C:\Windows\System\eWwRJFi.exe
C:\Windows\System\eWwRJFi.exe
2⤵
PID:12424

C:\Windows\System\GISuptp.exe
C:\Windows\System\GISuptp.exe
2⤵
PID:12088

C:\Windows\System\QyjbEpm.exe
C:\Windows\System\QyjbEpm.exe
2⤵
PID:13208

C:\Windows\System\WoOzJJz.exe
C:\Windows\System\WoOzJJz.exe
2⤵
PID:3216

C:\Windows\System\drHxfJQ.exe
C:\Windows\System\drHxfJQ.exe
2⤵
PID:3748

C:\Windows\System\sREYQze.exe
C:\Windows\System\sREYQze.exe
2⤵
PID:2608

C:\Windows\System\ArRiPXx.exe
C:\Windows\System\ArRiPXx.exe
2⤵
PID:13252

C:\Windows\System\KQzjNid.exe
C:\Windows\System\KQzjNid.exe
2⤵
PID:1232

C:\Windows\System\ycdmDiO.exe
C:\Windows\System\ycdmDiO.exe
2⤵
PID:12936

C:\Windows\System\xHlHsYY.exe
C:\Windows\System\xHlHsYY.exe
2⤵
PID:2272

C:\Windows\System\IVVxFKm.exe
C:\Windows\System\IVVxFKm.exe
2⤵
PID:5032

C:\Windows\System\WXZnOeL.exe
C:\Windows\System\WXZnOeL.exe
2⤵
PID:1988

C:\Windows\System\VlpYSQy.exe
C:\Windows\System\VlpYSQy.exe
2⤵
PID:2336

C:\Windows\System\YbxzoMr.exe
C:\Windows\System\YbxzoMr.exe
2⤵
PID:12912

C:\Windows\System\JYHvWbn.exe
C:\Windows\System\JYHvWbn.exe
2⤵
PID:6776

C:\Windows\System\QhVwQHG.exe
C:\Windows\System\QhVwQHG.exe
2⤵
PID:1596

C:\Windows\System\gLiORBd.exe
C:\Windows\System\gLiORBd.exe
2⤵
PID:7764

C:\Windows\System\tSHXmWH.exe
C:\Windows\System\tSHXmWH.exe
2⤵
PID:7672

C:\Windows\System\TISxPko.exe
C:\Windows\System\TISxPko.exe
2⤵
PID:552

C:\Windows\System\WQXSaut.exe
C:\Windows\System\WQXSaut.exe
2⤵
PID:512

C:\Windows\System\KFdmgXZ.exe
C:\Windows\System\KFdmgXZ.exe
2⤵
PID:6268

C:\Windows\System\UiCqHCh.exe
C:\Windows\System\UiCqHCh.exe
2⤵
PID:5044

C:\Windows\System\zHWbqaq.exe
C:\Windows\System\zHWbqaq.exe
2⤵
PID:7976

C:\Windows\System\UUZAnbE.exe
C:\Windows\System\UUZAnbE.exe
2⤵
PID:8344

C:\Windows\System\iNQaWYf.exe
C:\Windows\System\iNQaWYf.exe
2⤵
PID:7656

C:\Windows\System\QumjPKL.exe
C:\Windows\System\QumjPKL.exe
2⤵
PID:400

C:\Windows\System\erjnBng.exe
C:\Windows\System\erjnBng.exe
2⤵
PID:7708

C:\Windows\System\VNuOyiS.exe
C:\Windows\System\VNuOyiS.exe
2⤵
PID:8032

C:\Windows\System\uWkTmyJ.exe
C:\Windows\System\uWkTmyJ.exe
2⤵
PID:3268

C:\Windows\System\rhepPtq.exe
C:\Windows\System\rhepPtq.exe
2⤵
PID:7224

C:\Windows\System\uZulgoR.exe
C:\Windows\System\uZulgoR.exe
2⤵
PID:6820

C:\Windows\System\GUeenuF.exe
C:\Windows\System\GUeenuF.exe
2⤵
PID:7680

C:\Windows\System\LWOEVXv.exe
C:\Windows\System\LWOEVXv.exe
2⤵
PID:1600

C:\Windows\System\JAwiZYf.exe
C:\Windows\System\JAwiZYf.exe
2⤵
PID:8868

C:\Windows\System\GdrQvdB.exe
C:\Windows\System\GdrQvdB.exe
2⤵
PID:9160

C:\Windows\System\teGldDO.exe
C:\Windows\System\teGldDO.exe
2⤵
PID:7876

C:\Windows\System\CZqVECC.exe
C:\Windows\System\CZqVECC.exe
2⤵
PID:3248

C:\Windows\System\WdqHTMf.exe
C:\Windows\System\WdqHTMf.exe
2⤵
PID:2936

C:\Windows\System\MnRDDSo.exe
C:\Windows\System\MnRDDSo.exe
2⤵
PID:7924

C:\Windows\System\Wnimokc.exe
C:\Windows\System\Wnimokc.exe
2⤵
PID:9520

C:\Windows\System\VIJwQyH.exe
C:\Windows\System\VIJwQyH.exe
2⤵
PID:9576

C:\Windows\System\RaLIyyZ.exe
C:\Windows\System\RaLIyyZ.exe
2⤵
PID:9664

C:\Windows\System\kzuEtLI.exe
C:\Windows\System\kzuEtLI.exe
2⤵
PID:9740

C:\Windows\System\cFtxZas.exe
C:\Windows\System\cFtxZas.exe
2⤵
PID:1884

C:\Windows\System\IKuFkUd.exe
C:\Windows\System\IKuFkUd.exe
2⤵
PID:4172

C:\Windows\System\IqKLrKK.exe
C:\Windows\System\IqKLrKK.exe
2⤵
PID:9900

C:\Windows\System\XmmyvJz.exe
C:\Windows\System\XmmyvJz.exe
2⤵
PID:3816

C:\Windows\System\bBohMVp.exe
C:\Windows\System\bBohMVp.exe
2⤵
PID:9464

C:\Windows\System\JcxUYem.exe
C:\Windows\System\JcxUYem.exe
2⤵
PID:2672

C:\Windows\System\nwflFsM.exe
C:\Windows\System\nwflFsM.exe
2⤵
PID:2544

C:\Windows\System\GcwyPLV.exe
C:\Windows\System\GcwyPLV.exe
2⤵
PID:8132

C:\Windows\System\VaYGOMd.exe
C:\Windows\System\VaYGOMd.exe
2⤵
PID:9396

C:\Windows\System\FSBqeEv.exe
C:\Windows\System\FSBqeEv.exe
2⤵
PID:9420

C:\Windows\System\AUYPxGY.exe
C:\Windows\System\AUYPxGY.exe
2⤵
PID:4556

C:\Windows\System\AkqgSGS.exe
C:\Windows\System\AkqgSGS.exe
2⤵
PID:3680

C:\Windows\System\IIHeXRs.exe
C:\Windows\System\IIHeXRs.exe
2⤵
PID:1008

C:\Windows\System\OGMMYxg.exe
C:\Windows\System\OGMMYxg.exe
2⤵
PID:640

C:\Windows\System\mnNxcWF.exe
C:\Windows\System\mnNxcWF.exe
2⤵
PID:9892

C:\Windows\System\izRmdfn.exe
C:\Windows\System\izRmdfn.exe
2⤵
PID:10256

C:\Windows\System\JzxXJPN.exe
C:\Windows\System\JzxXJPN.exe
2⤵
PID:10304

C:\Windows\System\DWxDbaQ.exe
C:\Windows\System\DWxDbaQ.exe
2⤵
PID:5108

C:\Windows\System\DiDRVTZ.exe
C:\Windows\System\DiDRVTZ.exe
2⤵
PID:9552

C:\Windows\System\jpdBIdG.exe
C:\Windows\System\jpdBIdG.exe
2⤵
PID:4216

C:\Windows\System\nlxxbgD.exe
C:\Windows\System\nlxxbgD.exe
2⤵
PID:10520

C:\Windows\System\HasxOcA.exe
C:\Windows\System\HasxOcA.exe
2⤵
PID:9680

C:\Windows\System\ZCxtuNZ.exe
C:\Windows\System\ZCxtuNZ.exe
2⤵
PID:2444

C:\Windows\System\qNYrRQw.exe
C:\Windows\System\qNYrRQw.exe
2⤵
PID:3636

C:\Windows\System\rQKGWSW.exe
C:\Windows\System\rQKGWSW.exe
2⤵
PID:2904

C:\Windows\System\cjHXYjv.exe
C:\Windows\System\cjHXYjv.exe
2⤵
PID:2032

C:\Windows\System\DZmStVr.exe
C:\Windows\System\DZmStVr.exe
2⤵
PID:452

C:\Windows\System\CJZfwcO.exe
C:\Windows\System\CJZfwcO.exe
2⤵
PID:10984

C:\Windows\System\MdGXrMT.exe
C:\Windows\System\MdGXrMT.exe
2⤵
PID:10368

C:\Windows\System\tFfhntX.exe
C:\Windows\System\tFfhntX.exe
2⤵
PID:10932

C:\Windows\System\IESzrfp.exe
C:\Windows\System\IESzrfp.exe
2⤵
PID:5632

C:\Windows\System\yhkkVZY.exe
C:\Windows\System\yhkkVZY.exe
2⤵
PID:7440

C:\Windows\System\CulwNIC.exe
C:\Windows\System\CulwNIC.exe
2⤵
PID:5768

C:\Windows\System\EBnmsEf.exe
C:\Windows\System\EBnmsEf.exe
2⤵
PID:11552

C:\Windows\System\nCNltGr.exe
C:\Windows\System\nCNltGr.exe
2⤵
PID:2592

C:\Windows\System\GeHXWwJ.exe
C:\Windows\System\GeHXWwJ.exe
2⤵
PID:5372

C:\Windows\System\wFFEDsk.exe
C:\Windows\System\wFFEDsk.exe
2⤵
PID:1320

C:\Windows\System\kuHZyOA.exe
C:\Windows\System\kuHZyOA.exe
2⤵
PID:2620

C:\Windows\System\kwzPBnQ.exe
C:\Windows\System\kwzPBnQ.exe
2⤵
PID:4100

C:\Windows\System\bfLMCjg.exe
C:\Windows\System\bfLMCjg.exe
2⤵
PID:5352

C:\Windows\System\IpSozpp.exe
C:\Windows\System\IpSozpp.exe
2⤵
PID:6168

C:\Windows\System\rFtotbE.exe
C:\Windows\System\rFtotbE.exe
2⤵
PID:5024

C:\Windows\System\zWntYcR.exe
C:\Windows\System\zWntYcR.exe
2⤵
PID:6136

C:\Windows\System\kGPDVmy.exe
C:\Windows\System\kGPDVmy.exe
2⤵
PID:5716

C:\Windows\System\PtjkqFb.exe
C:\Windows\System\PtjkqFb.exe
2⤵
PID:4564

C:\Windows\System\bYUKUnE.exe
C:\Windows\System\bYUKUnE.exe
2⤵
PID:2356

C:\Windows\System\afxAJuX.exe
C:\Windows\System\afxAJuX.exe
2⤵
PID:12212

C:\Windows\System\vKuRPlU.exe
C:\Windows\System\vKuRPlU.exe
2⤵
PID:10116

C:\Windows\System\nyLEsNe.exe
C:\Windows\System\nyLEsNe.exe
2⤵
PID:10120

C:\Windows\System\XHBdSSq.exe
C:\Windows\System\XHBdSSq.exe
2⤵
PID:11332

C:\Windows\System\WRNyQbN.exe
C:\Windows\System\WRNyQbN.exe
2⤵
PID:9528

C:\Windows\System\ridpDaU.exe
C:\Windows\System\ridpDaU.exe
2⤵
PID:9676

C:\Windows\System\hqscjDb.exe
C:\Windows\System\hqscjDb.exe
2⤵
PID:2040

C:\Windows\System\YUNWWuC.exe
C:\Windows\System\YUNWWuC.exe
2⤵
PID:12020

C:\Windows\System\bvVNzxj.exe
C:\Windows\System\bvVNzxj.exe
2⤵
PID:12272

C:\Windows\System\ScbaZXU.exe
C:\Windows\System\ScbaZXU.exe
2⤵
PID:4300

C:\Windows\System\uLhInVh.exe
C:\Windows\System\uLhInVh.exe
2⤵
PID:4452

C:\Windows\System\ZSJHSfD.exe
C:\Windows\System\ZSJHSfD.exe
2⤵
PID:11660

C:\Windows\System\CZsjfMS.exe
C:\Windows\System\CZsjfMS.exe
2⤵
PID:6888

C:\Windows\System\RlodAfh.exe
C:\Windows\System\RlodAfh.exe
2⤵
PID:11964

C:\Windows\System\qkBStYy.exe
C:\Windows\System\qkBStYy.exe
2⤵
PID:6964

C:\Windows\System\SbEgqgq.exe
C:\Windows\System\SbEgqgq.exe
2⤵
PID:6976

C:\Windows\System\iGziVrV.exe
C:\Windows\System\iGziVrV.exe
2⤵
PID:10800

C:\Windows\System\XPhSBcP.exe
C:\Windows\System\XPhSBcP.exe
2⤵
PID:12416

C:\Windows\System\LeYyoiZ.exe
C:\Windows\System\LeYyoiZ.exe
2⤵
PID:6040

C:\Windows\System\TLsLlPI.exe
C:\Windows\System\TLsLlPI.exe
2⤵
PID:10284

C:\Windows\System\LIaJcAU.exe
C:\Windows\System\LIaJcAU.exe
2⤵
PID:5848

C:\Windows\System\GlAmiqc.exe
C:\Windows\System\GlAmiqc.exe
2⤵
PID:11204

C:\Windows\System\LsQTUwp.exe
C:\Windows\System\LsQTUwp.exe
2⤵
PID:12764

C:\Windows\System\fefuGCi.exe
C:\Windows\System\fefuGCi.exe
2⤵
PID:12796

C:\Windows\System\xSZOTGI.exe
C:\Windows\System\xSZOTGI.exe
2⤵
PID:5592

C:\Windows\System\zjzBIBS.exe
C:\Windows\System\zjzBIBS.exe
2⤵
PID:12932

C:\Windows\System\fntRDdF.exe
C:\Windows\System\fntRDdF.exe
2⤵
PID:11576

C:\Windows\System\VGpYgAa.exe
C:\Windows\System\VGpYgAa.exe
2⤵
PID:11716

C:\Windows\System\SFvKxke.exe
C:\Windows\System\SFvKxke.exe
2⤵
PID:11736

C:\Windows\System\KTcBHNJ.exe
C:\Windows\System\KTcBHNJ.exe
2⤵
PID:2428

C:\Windows\System\HFcOdZh.exe
C:\Windows\System\HFcOdZh.exe
2⤵
PID:2028

C:\Windows\System\IoeQNfE.exe
C:\Windows\System\IoeQNfE.exe
2⤵
PID:13212

C:\Windows\System\OojpxgG.exe
C:\Windows\System\OojpxgG.exe
2⤵
PID:13236

C:\Windows\System\PocfyOE.exe
C:\Windows\System\PocfyOE.exe
2⤵
PID:2816

C:\Windows\System\HXZTZle.exe
C:\Windows\System\HXZTZle.exe
2⤵
PID:5576

C:\Windows\System\uEiMnzh.exe
C:\Windows\System\uEiMnzh.exe
2⤵
PID:4228

C:\Windows\System\ZXtrBXX.exe
C:\Windows\System\ZXtrBXX.exe
2⤵
PID:10192

C:\Windows\System\lyLRrsa.exe
C:\Windows\System\lyLRrsa.exe
2⤵
PID:5296

C:\Windows\System\pKxOrmF.exe
C:\Windows\System\pKxOrmF.exe
2⤵
PID:12840

C:\Windows\System\jqwGGGk.exe
C:\Windows\System\jqwGGGk.exe
2⤵
PID:12972

C:\Windows\System\LCSNIBX.exe
C:\Windows\System\LCSNIBX.exe
2⤵
PID:3180

C:\Windows\System\CiFqzhV.exe
C:\Windows\System\CiFqzhV.exe
2⤵
PID:1684

C:\Windows\System\HrLnUtm.exe
C:\Windows\System\HrLnUtm.exe
2⤵
PID:6696

C:\Windows\System\tMtbZAz.exe
C:\Windows\System\tMtbZAz.exe
2⤵
PID:9248

C:\Windows\System\xpLBUbi.exe
C:\Windows\System\xpLBUbi.exe
2⤵
PID:12600

C:\Windows\System\zwspqjZ.exe
C:\Windows\System\zwspqjZ.exe
2⤵
PID:11656

C:\Windows\System\MEuXByp.exe
C:\Windows\System\MEuXByp.exe
2⤵
PID:3372

C:\Windows\System\YIpdhZD.exe
C:\Windows\System\YIpdhZD.exe
2⤵
PID:9896

C:\Windows\System\OcFStwN.exe
C:\Windows\System\OcFStwN.exe
2⤵
PID:6628

C:\Windows\System\QahZMYD.exe
C:\Windows\System\QahZMYD.exe
2⤵
PID:4508

C:\Windows\System\lOpBVjZ.exe
C:\Windows\System\lOpBVjZ.exe
2⤵
PID:7632

C:\Windows\System\XXwgCBr.exe
C:\Windows\System\XXwgCBr.exe
2⤵
PID:12192

C:\Windows\System\uUCAoEX.exe
C:\Windows\System\uUCAoEX.exe
2⤵
PID:11876

C:\Windows\System\TdfZYdZ.exe
C:\Windows\System\TdfZYdZ.exe
2⤵
PID:9756

C:\Windows\System\pzkTObu.exe
C:\Windows\System\pzkTObu.exe
2⤵
PID:6804

C:\Windows\System\uSSrRtm.exe
C:\Windows\System\uSSrRtm.exe
2⤵
PID:7112

C:\Windows\System\dEtDgTp.exe
C:\Windows\System\dEtDgTp.exe
2⤵
PID:12436

C:\Windows\System\lwjdAEH.exe
C:\Windows\System\lwjdAEH.exe
2⤵
PID:6480

C:\Windows\System\xHOhXAN.exe
C:\Windows\System\xHOhXAN.exe
2⤵
PID:5344

C:\Windows\System\VwnvmXO.exe
C:\Windows\System\VwnvmXO.exe
2⤵
PID:2232

C:\Windows\System\IyEPAIT.exe
C:\Windows\System\IyEPAIT.exe
2⤵
PID:7208

C:\Windows\System\iXUHefW.exe
C:\Windows\System\iXUHefW.exe
2⤵
PID:1472

C:\Windows\System\ZvAlVXW.exe
C:\Windows\System\ZvAlVXW.exe
2⤵
PID:7204

C:\Windows\System\TCpGIuB.exe
C:\Windows\System\TCpGIuB.exe
2⤵
PID:7412

C:\Windows\System\wvtxtRX.exe
C:\Windows\System\wvtxtRX.exe
2⤵
PID:4916

C:\Windows\System\XwDRbiN.exe
C:\Windows\System\XwDRbiN.exe
2⤵
PID:12760

C:\Windows\System\agllqvW.exe
C:\Windows\System\agllqvW.exe
2⤵
PID:5828

C:\Windows\System\mWheulI.exe
C:\Windows\System\mWheulI.exe
2⤵
PID:12848

C:\Windows\System\hwLgkjN.exe
C:\Windows\System\hwLgkjN.exe
2⤵
PID:11140

C:\Windows\System\VfxLRSr.exe
C:\Windows\System\VfxLRSr.exe
2⤵
PID:5400

C:\Windows\System\hzKnGut.exe
C:\Windows\System\hzKnGut.exe
2⤵
PID:13008

C:\Windows\System\lSLgboA.exe
C:\Windows\System\lSLgboA.exe
2⤵
PID:1424

C:\Windows\System\lkjICAR.exe
C:\Windows\System\lkjICAR.exe
2⤵
PID:7328

C:\Windows\System\azpGVnD.exe
C:\Windows\System\azpGVnD.exe
2⤵
PID:7400

C:\Windows\System\JOCXsFJ.exe
C:\Windows\System\JOCXsFJ.exe
2⤵
PID:3488

C:\Windows\System\PKBAkJy.exe
C:\Windows\System\PKBAkJy.exe
2⤵
PID:7420

C:\Windows\System\ydYpdLh.exe
C:\Windows\System\ydYpdLh.exe
2⤵
PID:5224

C:\Windows\System\JxuvHMt.exe
C:\Windows\System\JxuvHMt.exe
2⤵
PID:7660

C:\Windows\System\CdZdnYy.exe
C:\Windows\System\CdZdnYy.exe
2⤵
PID:2740

C:\Windows\System\gqtWjOV.exe
C:\Windows\System\gqtWjOV.exe
2⤵
PID:6420

C:\Windows\System\eFPvJVI.exe
C:\Windows\System\eFPvJVI.exe
2⤵
PID:3100

C:\Windows\System\XgZqARG.exe
C:\Windows\System\XgZqARG.exe
2⤵
PID:6560

C:\Windows\System\vhBRpsu.exe
C:\Windows\System\vhBRpsu.exe
2⤵
PID:8532

C:\Windows\System\xeNhjuN.exe
C:\Windows\System\xeNhjuN.exe
2⤵
PID:13224

C:\Windows\System\jIopZFe.exe
C:\Windows\System\jIopZFe.exe
2⤵
PID:8656

C:\Windows\System\lbhOezM.exe
C:\Windows\System\lbhOezM.exe
2⤵
PID:12592

C:\Windows\System\qdEUZLr.exe
C:\Windows\System\qdEUZLr.exe
2⤵
PID:8848

C:\Windows\System\ZwwZfYL.exe
C:\Windows\System\ZwwZfYL.exe
2⤵
PID:1664

C:\Windows\System\FXEWAcC.exe
C:\Windows\System\FXEWAcC.exe
2⤵
PID:7352

C:\Windows\System\hyEqZCr.exe
C:\Windows\System\hyEqZCr.exe
2⤵
PID:408

C:\Windows\System\uAoxite.exe
C:\Windows\System\uAoxite.exe
2⤵
PID:8556

C:\Windows\System\hEZirpj.exe
C:\Windows\System\hEZirpj.exe
2⤵
PID:8604

C:\Windows\System\FenTsRA.exe
C:\Windows\System\FenTsRA.exe
2⤵
PID:6332

C:\Windows\System\LhNeBYi.exe
C:\Windows\System\LhNeBYi.exe
2⤵
PID:8992

C:\Windows\System\RxAbYZx.exe
C:\Windows\System\RxAbYZx.exe
2⤵
PID:8264

C:\Windows\System\WCRvhkt.exe
C:\Windows\System\WCRvhkt.exe
2⤵
PID:12344

C:\Windows\System\ObuhMfG.exe
C:\Windows\System\ObuhMfG.exe
2⤵
PID:9036

C:\Windows\System\aShyaMW.exe
C:\Windows\System\aShyaMW.exe
2⤵
PID:8944

C:\Windows\System\zTslsiw.exe
C:\Windows\System\zTslsiw.exe
2⤵
PID:8972

C:\Windows\System\lFmxsAg.exe
C:\Windows\System\lFmxsAg.exe
2⤵
PID:4952

C:\Windows\System\IRYODHN.exe
C:\Windows\System\IRYODHN.exe
2⤵
PID:9148

C:\Windows\System\RPthvFA.exe
C:\Windows\System\RPthvFA.exe
2⤵
PID:6044

C:\Windows\System\OmKTAQm.exe
C:\Windows\System\OmKTAQm.exe
2⤵
PID:12572

C:\Windows\System\lbmZRzs.exe
C:\Windows\System\lbmZRzs.exe
2⤵
PID:12640

C:\Windows\System\pNrwAxm.exe
C:\Windows\System\pNrwAxm.exe
2⤵
PID:9456

C:\Windows\System\vLAetdS.exe
C:\Windows\System\vLAetdS.exe
2⤵
PID:7584

C:\Windows\System\IejuEfd.exe
C:\Windows\System\IejuEfd.exe
2⤵
PID:9588

C:\Windows\System\EvrHCKo.exe
C:\Windows\System\EvrHCKo.exe
2⤵
PID:5788

C:\Windows\System\ZpWOqMJ.exe
C:\Windows\System\ZpWOqMJ.exe
2⤵
PID:1856

C:\Windows\System\jKTyuCB.exe
C:\Windows\System\jKTyuCB.exe
2⤵
PID:5508

C:\Windows\System\beyWYIK.exe
C:\Windows\System\beyWYIK.exe
2⤵
PID:5924

C:\Windows\System\tAllaHW.exe
C:\Windows\System\tAllaHW.exe
2⤵
PID:1416

C:\Windows\System\QajZfPn.exe
C:\Windows\System\QajZfPn.exe
2⤵
PID:5200

C:\Windows\System\zbZoXuG.exe
C:\Windows\System\zbZoXuG.exe
2⤵
PID:9972

C:\Windows\System\GbQAQxI.exe
C:\Windows\System\GbQAQxI.exe
2⤵
PID:10208

C:\Windows\System\kctaILV.exe
C:\Windows\System\kctaILV.exe
2⤵
PID:12308

C:\Windows\System\ehKJSoT.exe
C:\Windows\System\ehKJSoT.exe
2⤵
PID:4636

C:\Windows\System\bCfybXI.exe
C:\Windows\System\bCfybXI.exe
2⤵
PID:8416

C:\Windows\System\WrSaNbo.exe
C:\Windows\System\WrSaNbo.exe
2⤵
PID:6584

C:\Windows\System\VGgEsXA.exe
C:\Windows\System\VGgEsXA.exe
2⤵
PID:8448

C:\Windows\System\tGAXxbr.exe
C:\Windows\System\tGAXxbr.exe
2⤵
PID:11180

C:\Windows\System\PuWbuVW.exe
C:\Windows\System\PuWbuVW.exe
2⤵
PID:6432

C:\Windows\System\ypMYrVu.exe
C:\Windows\System\ypMYrVu.exe
2⤵
PID:4744

C:\Windows\System\OapfTAG.exe
C:\Windows\System\OapfTAG.exe
2⤵
PID:8984

C:\Windows\System\mgcSTml.exe
C:\Windows\System\mgcSTml.exe
2⤵
PID:3328

C:\Windows\System\CeiUttU.exe
C:\Windows\System\CeiUttU.exe
2⤵
PID:10700

C:\Windows\System\bhBBMue.exe
C:\Windows\System\bhBBMue.exe
2⤵
PID:8600

C:\Windows\System\wJXTMZJ.exe
C:\Windows\System\wJXTMZJ.exe
2⤵
PID:2188

C:\Windows\System\JlCnigy.exe
C:\Windows\System\JlCnigy.exe
2⤵
PID:9064

C:\Windows\System\gjsOCdj.exe
C:\Windows\System\gjsOCdj.exe
2⤵
PID:3852

C:\Windows\System\WLNzzrR.exe
C:\Windows\System\WLNzzrR.exe
2⤵
PID:10780

C:\Windows\System\ghpmsdE.exe
C:\Windows\System\ghpmsdE.exe
2⤵
PID:9096

C:\Windows\System\cksMESh.exe
C:\Windows\System\cksMESh.exe
2⤵
PID:2728

C:\Windows\System\fbBgcLt.exe
C:\Windows\System\fbBgcLt.exe
2⤵
PID:5132

C:\Windows\System\rixaClc.exe
C:\Windows\System\rixaClc.exe
2⤵
PID:10448

C:\Windows\System\TUionAb.exe
C:\Windows\System\TUionAb.exe
2⤵
PID:6924

C:\Windows\System\KEQDSuJ.exe
C:\Windows\System\KEQDSuJ.exe
2⤵
PID:7252

C:\Windows\System\gXtnFaO.exe
C:\Windows\System\gXtnFaO.exe
2⤵
PID:5476

C:\Windows\System\dlVBIIs.exe
C:\Windows\System\dlVBIIs.exe
2⤵
PID:10548

C:\Windows\System\UEFqQvq.exe
C:\Windows\System\UEFqQvq.exe
2⤵
PID:11056

C:\Windows\System\wqnhTtg.exe
C:\Windows\System\wqnhTtg.exe
2⤵
PID:1144

C:\Windows\System\ZspsjiW.exe
C:\Windows\System\ZspsjiW.exe
2⤵
PID:2636

C:\Windows\System\svxYmJA.exe
C:\Windows\System\svxYmJA.exe
2⤵
PID:11328

C:\Windows\System\vikCYiF.exe
C:\Windows\System\vikCYiF.exe
2⤵
PID:9860

C:\Windows\System\NaQIPMh.exe
C:\Windows\System\NaQIPMh.exe
2⤵
PID:7564

C:\Windows\System\oeksazd.exe
C:\Windows\System\oeksazd.exe
2⤵
PID:11456

C:\Windows\System\gAtFmBf.exe
C:\Windows\System\gAtFmBf.exe
2⤵
PID:8056

C:\Windows\System\GImmOuc.exe
C:\Windows\System\GImmOuc.exe
2⤵
PID:536

C:\Windows\System\HQoXVEE.exe
C:\Windows\System\HQoXVEE.exe
2⤵
PID:11852

C:\Windows\System\KHbeDly.exe
C:\Windows\System\KHbeDly.exe
2⤵
PID:1992

C:\Windows\System\kZppHvz.exe
C:\Windows\System\kZppHvz.exe
2⤵
PID:8272

C:\Windows\System\pHDTvhH.exe
C:\Windows\System\pHDTvhH.exe
2⤵
PID:4908

C:\Windows\System\lyiGJvm.exe
C:\Windows\System\lyiGJvm.exe
2⤵
PID:9752

C:\Windows\System\IeQNwdI.exe
C:\Windows\System\IeQNwdI.exe
2⤵
PID:12172

C:\Windows\System\mnKDFkK.exe
C:\Windows\System\mnKDFkK.exe
2⤵
PID:3800

C:\Windows\System\IttrvCe.exe
C:\Windows\System\IttrvCe.exe
2⤵
PID:8796

C:\Windows\System\VQWRflO.exe
C:\Windows\System\VQWRflO.exe
2⤵
PID:10696

C:\Windows\System\vGPyYYd.exe
C:\Windows\System\vGPyYYd.exe
2⤵
PID:8628

C:\Windows\System\CfZvdKK.exe
C:\Windows\System\CfZvdKK.exe
2⤵
PID:12304

C:\Windows\System\BxvfdoJ.exe
C:\Windows\System\BxvfdoJ.exe
2⤵
PID:12040

C:\Windows\System\VdEEHvP.exe
C:\Windows\System\VdEEHvP.exe
2⤵
PID:3864

C:\Windows\System\tlgydNA.exe
C:\Windows\System\tlgydNA.exe
2⤵
PID:8664

C:\Windows\System\rMpkSGx.exe
C:\Windows\System\rMpkSGx.exe
2⤵
PID:12292

C:\Windows\System\zleRbzM.exe
C:\Windows\System\zleRbzM.exe
2⤵
PID:10744

C:\Windows\System\Uzajctn.exe
C:\Windows\System\Uzajctn.exe
2⤵
PID:5928

C:\Windows\System\YODYNyp.exe
C:\Windows\System\YODYNyp.exe
2⤵
PID:7428

C:\Windows\System\RJCczgM.exe
C:\Windows\System\RJCczgM.exe
2⤵
PID:7512

C:\Windows\System\AIGFznY.exe
C:\Windows\System\AIGFznY.exe
2⤵
PID:12532

C:\Windows\System\dyIHwSn.exe
C:\Windows\System\dyIHwSn.exe
2⤵
PID:3444

C:\Windows\System\ixZRLnj.exe
C:\Windows\System\ixZRLnj.exe
2⤵
PID:3616

C:\Windows\System\fFJinjt.exe
C:\Windows\System\fFJinjt.exe
2⤵
PID:7972

C:\Windows\System\jZNWolc.exe
C:\Windows\System\jZNWolc.exe
2⤵
PID:11324

C:\Windows\System\hqHNPrc.exe
C:\Windows\System\hqHNPrc.exe
2⤵
PID:7888

C:\Windows\System\CulsiXE.exe
C:\Windows\System\CulsiXE.exe
2⤵
PID:8724

C:\Windows\System\luaFbPK.exe
C:\Windows\System\luaFbPK.exe
2⤵
PID:13088

C:\Windows\System\mUXkylS.exe
C:\Windows\System\mUXkylS.exe
2⤵
PID:7444

C:\Windows\System\ouSkjdm.exe
C:\Windows\System\ouSkjdm.exe
2⤵
PID:11872

C:\Windows\System\DlGtFiR.exe
C:\Windows\System\DlGtFiR.exe
2⤵
PID:5952

C:\Windows\System\PcINiVs.exe
C:\Windows\System\PcINiVs.exe
2⤵
PID:12168

C:\Windows\System\dfTLAJe.exe
C:\Windows\System\dfTLAJe.exe
2⤵
PID:8744

C:\Windows\System\ToDnwiY.exe
C:\Windows\System\ToDnwiY.exe
2⤵
PID:11292

C:\Windows\System\umXoaxC.exe
C:\Windows\System\umXoaxC.exe
2⤵
PID:11320

C:\Windows\System\yzpVSvv.exe
C:\Windows\System\yzpVSvv.exe
2⤵
PID:8584

C:\Windows\System\xrUGRLP.exe
C:\Windows\System\xrUGRLP.exe
2⤵
PID:1532

C:\Windows\System\tXyqPsM.exe
C:\Windows\System\tXyqPsM.exe
2⤵
PID:9728

C:\Windows\System\DUPmbni.exe
C:\Windows\System\DUPmbni.exe
2⤵
PID:13300

C:\Windows\System\BnVthBj.exe
C:\Windows\System\BnVthBj.exe
2⤵
PID:9052

C:\Windows\System\CiLaOOw.exe
C:\Windows\System\CiLaOOw.exe
2⤵
PID:11032

C:\Windows\System\IGKXFuj.exe
C:\Windows\System\IGKXFuj.exe
2⤵
PID:4604

C:\Windows\System\GcgEwTo.exe
C:\Windows\System\GcgEwTo.exe
2⤵
PID:10260

C:\Windows\System\UlCtSdR.exe
C:\Windows\System\UlCtSdR.exe
2⤵
PID:5624

C:\Windows\System\eYIOPOO.exe
C:\Windows\System\eYIOPOO.exe
2⤵
PID:9372

C:\Windows\System\SXWLwwS.exe
C:\Windows\System\SXWLwwS.exe
2⤵
PID:4180

C:\Windows\System\iimNlrR.exe
C:\Windows\System\iimNlrR.exe
2⤵
PID:12664

C:\Windows\System\Xrbjeec.exe
C:\Windows\System\Xrbjeec.exe
2⤵
PID:9840

C:\Windows\System\mutKHhC.exe
C:\Windows\System\mutKHhC.exe
2⤵
PID:11680

C:\Windows\System\ddvOHTi.exe
C:\Windows\System\ddvOHTi.exe
2⤵
PID:9764

C:\Windows\System\YhZpwcN.exe
C:\Windows\System\YhZpwcN.exe
2⤵
PID:4276

C:\Windows\System\RUPpDkO.exe
C:\Windows\System\RUPpDkO.exe
2⤵
PID:10512

C:\Windows\System\fAvdDTN.exe
C:\Windows\System\fAvdDTN.exe
2⤵
PID:6672

C:\Windows\System\yONarSA.exe
C:\Windows\System\yONarSA.exe
2⤵
PID:11416

C:\Windows\System\PTTOTDa.exe
C:\Windows\System\PTTOTDa.exe
2⤵
PID:12184

C:\Windows\System\KFuMzKc.exe
C:\Windows\System\KFuMzKc.exe
2⤵
PID:6192

C:\Windows\System\gheXNeN.exe
C:\Windows\System\gheXNeN.exe
2⤵
PID:12204

C:\Windows\System\vHrufev.exe
C:\Windows\System\vHrufev.exe
2⤵
PID:824

C:\Windows\System\sFkVopy.exe
C:\Windows\System\sFkVopy.exe
2⤵
PID:12636

C:\Windows\System\mthLHCg.exe
C:\Windows\System\mthLHCg.exe
2⤵
PID:9768

C:\Windows\System\vHaPAkx.exe
C:\Windows\System\vHaPAkx.exe
2⤵
PID:7048

C:\Windows\System\vGANFTg.exe
C:\Windows\System\vGANFTg.exe
2⤵
PID:12116

C:\Windows\System\yAQbrZM.exe
C:\Windows\System\yAQbrZM.exe
2⤵
PID:10580

C:\Windows\System\TDaqFBV.exe
C:\Windows\System\TDaqFBV.exe
2⤵
PID:11832

C:\Windows\System\KtEjarC.exe
C:\Windows\System\KtEjarC.exe
2⤵
PID:11504

C:\Windows\System\VhimXuy.exe
C:\Windows\System\VhimXuy.exe
2⤵
PID:13324

C:\Windows\System\rmqBlfy.exe
C:\Windows\System\rmqBlfy.exe
2⤵
PID:13352

C:\Windows\System\aYOdSkq.exe
C:\Windows\System\aYOdSkq.exe
2⤵
PID:13380

C:\Windows\System\NngtOVP.exe
C:\Windows\System\NngtOVP.exe
2⤵
PID:13408

C:\Windows\System\AokBvLn.exe
C:\Windows\System\AokBvLn.exe
2⤵
PID:13468

C:\Windows\System\cDypzHS.exe
C:\Windows\System\cDypzHS.exe
2⤵
PID:13520

C:\Windows\System\vaxvqZP.exe
C:\Windows\System\vaxvqZP.exe
2⤵
PID:13548

C:\Windows\System\qJxUooc.exe
C:\Windows\System\qJxUooc.exe
2⤵
PID:13576

C:\Windows\System\frTQwTs.exe
C:\Windows\System\frTQwTs.exe
2⤵
PID:13604

C:\Windows\System\bFxaxFG.exe
C:\Windows\System\bFxaxFG.exe
2⤵
PID:13632

C:\Windows\System\rASWXYu.exe
C:\Windows\System\rASWXYu.exe
2⤵
PID:13660

C:\Windows\System\SVXNPym.exe
C:\Windows\System\SVXNPym.exe
2⤵
PID:13688

C:\Windows\System\rqbmUXm.exe
C:\Windows\System\rqbmUXm.exe
2⤵
PID:13708

C:\Windows\System\ahtELQO.exe
C:\Windows\System\ahtELQO.exe
2⤵
PID:13744

C:\Windows\System\tOxFkYn.exe
C:\Windows\System\tOxFkYn.exe
2⤵
PID:13776

C:\Windows\System\YPPtKZD.exe
C:\Windows\System\YPPtKZD.exe
2⤵
PID:13832

C:\Windows\System\ymSeByW.exe
C:\Windows\System\ymSeByW.exe
2⤵
PID:13888

C:\Windows\System\HIhHYjI.exe
C:\Windows\System\HIhHYjI.exe
2⤵
PID:13916

C:\Windows\System\VmnICzF.exe
C:\Windows\System\VmnICzF.exe
2⤵
PID:13944

C:\Windows\System\IllzQBp.exe
C:\Windows\System\IllzQBp.exe
2⤵
PID:13972

C:\Windows\System\dByJigL.exe
C:\Windows\System\dByJigL.exe
2⤵
PID:14000

C:\Windows\System\FooArzV.exe
C:\Windows\System\FooArzV.exe
2⤵
PID:14028

C:\Windows\System\SJuMGix.exe
C:\Windows\System\SJuMGix.exe
2⤵
PID:14056

C:\Windows\System\tFbUDUe.exe
C:\Windows\System\tFbUDUe.exe
2⤵
PID:14084

C:\Windows\System\HwfZLdz.exe
C:\Windows\System\HwfZLdz.exe
2⤵
PID:14112

C:\Windows\System\lRscMMk.exe
C:\Windows\System\lRscMMk.exe
2⤵
PID:14140

C:\Windows\System\qtqvcbP.exe
C:\Windows\System\qtqvcbP.exe
2⤵
PID:14168

C:\Windows\System\hdochJa.exe
C:\Windows\System\hdochJa.exe
2⤵
PID:14196

C:\Windows\System\ICAvgJA.exe
C:\Windows\System\ICAvgJA.exe
2⤵
PID:14216

C:\Windows\System\UIaLmRE.exe
C:\Windows\System\UIaLmRE.exe
2⤵
PID:14240

C:\Windows\System\aSbADsP.exe
C:\Windows\System\aSbADsP.exe
2⤵
PID:14280

C:\Windows\System\xRsoFAw.exe
C:\Windows\System\xRsoFAw.exe
2⤵
PID:14308

C:\Windows\System\yHqPokI.exe
C:\Windows\System\yHqPokI.exe
2⤵
PID:13316

C:\Windows\System\hgnAXPl.exe
C:\Windows\System\hgnAXPl.exe
2⤵
PID:13388

C:\Windows\System\pEPHMFo.exe
C:\Windows\System\pEPHMFo.exe
2⤵
PID:13496

C:\Windows\System\KNuNSWx.exe
C:\Windows\System\KNuNSWx.exe
2⤵
PID:13564

C:\Windows\System\DSgOSuX.exe
C:\Windows\System\DSgOSuX.exe
2⤵
PID:13620

C:\Windows\System\gzZrTxR.exe
C:\Windows\System\gzZrTxR.exe
2⤵
PID:13696

C:\Windows\System\JGksegr.exe
C:\Windows\System\JGksegr.exe
2⤵
PID:13764

C:\Windows\System\OVOEZsl.exe
C:\Windows\System\OVOEZsl.exe
2⤵
PID:14016

C:\Windows\System\YJmRCuB.exe
C:\Windows\System\YJmRCuB.exe
2⤵
PID:14052

C:\Windows\System\xcyPViy.exe
C:\Windows\System\xcyPViy.exe
2⤵
PID:14120

C:\Windows\System\gPbcMBe.exe
C:\Windows\System\gPbcMBe.exe
2⤵
PID:14192

C:\Windows\System\VcXLlhP.exe
C:\Windows\System\VcXLlhP.exe
2⤵
PID:14252

C:\Windows\System\FjLMjFc.exe
C:\Windows\System\FjLMjFc.exe
2⤵
PID:14320

C:\Windows\System\RSiaHDQ.exe
C:\Windows\System\RSiaHDQ.exe
2⤵
PID:13424

C:\Windows\System\NzndZgs.exe
C:\Windows\System\NzndZgs.exe
2⤵
PID:3612

C:\Windows\System\WtqmnfG.exe
C:\Windows\System\WtqmnfG.exe
2⤵
PID:13724

C:\Windows\System\bucutry.exe
C:\Windows\System\bucutry.exe
2⤵
PID:13820

C:\Windows\System\ESZexay.exe
C:\Windows\System\ESZexay.exe
2⤵
PID:14072

C:\Windows\System\xdOvBtW.exe
C:\Windows\System\xdOvBtW.exe
2⤵
PID:13924

C:\Windows\System\fEvoRNs.exe
C:\Windows\System\fEvoRNs.exe
2⤵
PID:14156

C:\Windows\System\RnHoJmM.exe
C:\Windows\System\RnHoJmM.exe
2⤵
PID:14288

C:\Windows\System\XIIrpXV.exe
C:\Windows\System\XIIrpXV.exe
2⤵
PID:13516

C:\Windows\System\sdJBNuI.exe
C:\Windows\System\sdJBNuI.exe
2⤵
PID:13716

C:\Windows\System\YleHLim.exe
C:\Windows\System\YleHLim.exe
2⤵
PID:12844

C:\Windows\System\YRixvpS.exe
C:\Windows\System\YRixvpS.exe
2⤵
PID:14148

C:\Windows\System\dFXRGkj.exe
C:\Windows\System\dFXRGkj.exe
2⤵
PID:6632

C:\Windows\System\TJdlsxu.exe
C:\Windows\System\TJdlsxu.exe
2⤵
PID:944

C:\Windows\System\JghqiaF.exe
C:\Windows\System\JghqiaF.exe
2⤵
PID:13940

C:\Windows\System\UxdBBfd.exe
C:\Windows\System\UxdBBfd.exe
2⤵
PID:13668

C:\Windows\System\mTjEwFz.exe
C:\Windows\System\mTjEwFz.exe
2⤵
PID:14368

C:\Windows\System\mIulsXH.exe
C:\Windows\System\mIulsXH.exe
2⤵
PID:14396

C:\Windows\System\WQtogYN.exe
C:\Windows\System\WQtogYN.exe
2⤵
PID:14424

C:\Windows\System\wevbxfl.exe
C:\Windows\System\wevbxfl.exe
2⤵
PID:14452

C:\Windows\System\TkUXVap.exe
C:\Windows\System\TkUXVap.exe
2⤵
PID:14480

C:\Windows\System\SZGhSBW.exe
C:\Windows\System\SZGhSBW.exe
2⤵
PID:14508

C:\Windows\System\bvPGVzg.exe
C:\Windows\System\bvPGVzg.exe
2⤵
PID:14536

C:\Windows\System\WFvczHc.exe
C:\Windows\System\WFvczHc.exe
2⤵
PID:14564

C:\Windows\System\SECvEwX.exe
C:\Windows\System\SECvEwX.exe
2⤵
PID:14596

C:\Windows\System\xdrkvhs.exe
C:\Windows\System\xdrkvhs.exe
2⤵
PID:14624

C:\Windows\System\jjBciDb.exe
C:\Windows\System\jjBciDb.exe
2⤵
PID:14652

C:\Windows\System\piayZgO.exe
C:\Windows\System\piayZgO.exe
2⤵
PID:14680

C:\Windows\System\ZLzJifl.exe
C:\Windows\System\ZLzJifl.exe
2⤵
PID:14696

C:\Windows\System\uoXeNiU.exe
C:\Windows\System\uoXeNiU.exe
2⤵
PID:14732

C:\Windows\System\HSlwhnP.exe
C:\Windows\System\HSlwhnP.exe
2⤵
PID:14768

C:\Windows\System\olqAeck.exe
C:\Windows\System\olqAeck.exe
2⤵
PID:14804

C:\Windows\System\gFsHYKp.exe
C:\Windows\System\gFsHYKp.exe
2⤵
PID:14844

C:\Windows\System\bQyUINo.exe
C:\Windows\System\bQyUINo.exe
2⤵
PID:14872

C:\Windows\System\IkvZHBE.exe
C:\Windows\System\IkvZHBE.exe
2⤵
PID:14900

C:\Windows\System\YtgmZRY.exe
C:\Windows\System\YtgmZRY.exe
2⤵
PID:14928

C:\Windows\System\JQvCHBk.exe
C:\Windows\System\JQvCHBk.exe
2⤵
PID:14956

C:\Windows\System\TGgEDEc.exe
C:\Windows\System\TGgEDEc.exe
2⤵
PID:14984

C:\Windows\System\pElHEai.exe
C:\Windows\System\pElHEai.exe
2⤵
PID:15012

C:\Windows\System\rcHDlaY.exe
C:\Windows\System\rcHDlaY.exe
2⤵
PID:15040

C:\Windows\System\WUSiCbS.exe
C:\Windows\System\WUSiCbS.exe
2⤵
PID:15068

C:\Windows\System\nSsfHbZ.exe
C:\Windows\System\nSsfHbZ.exe
2⤵
PID:15148

C:\Windows\System\pgmjEQa.exe
C:\Windows\System\pgmjEQa.exe
2⤵
PID:15172

C:\Windows\System\SCcmPZj.exe
C:\Windows\System\SCcmPZj.exe
2⤵
PID:15196

C:\Windows\System\azbYmRr.exe
C:\Windows\System\azbYmRr.exe
2⤵
PID:15240

C:\Windows\System\bSyGqzC.exe
C:\Windows\System\bSyGqzC.exe
2⤵
PID:15268

C:\Windows\System\xDWCzHK.exe
C:\Windows\System\xDWCzHK.exe
2⤵
PID:15296

C:\Windows\System\PgfReZJ.exe
C:\Windows\System\PgfReZJ.exe
2⤵
PID:15324

C:\Windows\System\yzYbCKz.exe
C:\Windows\System\yzYbCKz.exe
2⤵
PID:15352

C:\Windows\System\etEYzuD.exe
C:\Windows\System\etEYzuD.exe
2⤵
PID:14356

C:\Windows\System\UGOoLQN.exe
C:\Windows\System\UGOoLQN.exe
2⤵
PID:6252

C:\Windows\System\tOkNMkZ.exe
C:\Windows\System\tOkNMkZ.exe
2⤵
PID:6864

C:\Windows\System\OVIdRfq.exe
C:\Windows\System\OVIdRfq.exe
2⤵
PID:13176

C:\Windows\System\jJSRqif.exe
C:\Windows\System\jJSRqif.exe
2⤵
PID:14432

C:\Windows\System\sgOuGUI.exe
C:\Windows\System\sgOuGUI.exe
2⤵
PID:14476

C:\Windows\System\MAPFGBw.exe
C:\Windows\System\MAPFGBw.exe
2⤵
PID:14532

C:\Windows\System\KzaOCZM.exe
C:\Windows\System\KzaOCZM.exe
2⤵
PID:14604

C:\Windows\System\hWAMSBA.exe
C:\Windows\System\hWAMSBA.exe
2⤵
PID:14668

C:\Windows\System\xTAzCng.exe
C:\Windows\System\xTAzCng.exe
2⤵
PID:4576

C:\Windows\System\pZwJeon.exe
C:\Windows\System\pZwJeon.exe
2⤵
PID:14788

C:\Windows\System\jAUCXyq.exe
C:\Windows\System\jAUCXyq.exe
2⤵
PID:4524

C:\Windows\System\sYkANYh.exe
C:\Windows\System\sYkANYh.exe
2⤵
PID:12660

C:\Windows\System\AiJHldg.exe
C:\Windows\System\AiJHldg.exe
2⤵
PID:6984

C:\Windows\System\SpfJYig.exe
C:\Windows\System\SpfJYig.exe
2⤵
PID:7724

C:\Windows\System\YSBNYzC.exe
C:\Windows\System\YSBNYzC.exe
2⤵
PID:15048

C:\Windows\System\ucKQpSi.exe
C:\Windows\System\ucKQpSi.exe
2⤵
PID:4816

C:\Windows\System\sVFhrTC.exe
C:\Windows\System\sVFhrTC.exe
2⤵
PID:9712

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
- Drops file in System32 directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:7776

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hrt232xk.pct.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BPFHXVw.exe
Filesize
2.0MB

MD5
d465813b9d82590f3d3f827f03eba63a

SHA1
f82b79a1a80d3c820943b99d3949443a19c3a0bb

SHA256
07c75fadfeee6bca368045df12326a05042773d6a4389f965b3ce029db7a0a64

SHA512
f4003f21a697c127db0921b63637b1fb4da948a05ae9880c7169b51960fa0e3fd208d0eb62f1d1b4ec398aba76143b6acc9375cbacaa154cb3e3a342c6d725d3

Download Submit
C:\Windows\System\DXzEQuA.exe
Filesize
2.0MB

MD5
f0fb489f7da2139cdd7cdedf3dcd90ad

SHA1
933a870acffab57bf6e4b85c2b2af10e2792484d

SHA256
549d09d529152d8f6c18b8f1bd8d3c50c319e9379c8c5c9a598896d9520f2a93

SHA512
2d4d9774f374d3632a5542cc47a288e212c1837ff18801a4f241a2b7429e351511d50c007e5528cf79e459646055d5e3569872e7bc0aece66623a250c1bb17bf

Download Submit
C:\Windows\System\EZpnREA.exe
Filesize
2.0MB

MD5
bc4e943e38cec37d1d17ee66cffdf0dd

SHA1
9a05fbf651b08454eaf84ba45bc3dfa5f53a2b4c

SHA256
97be32fb6615db220c405dc6f3d0dd1ba68baf06d819d2964168550fc5bda336

SHA512
c2cc7b76a5d83a0f47ad1db3a90278f2227cd1ef46eaefd30304ac9584f608fe54a64bbe938a36dd93322cecbb8b6df49d3a00210472d89b571ede3191148c5f

Download Submit
C:\Windows\System\GNiSaFW.exe
Filesize
2.0MB

MD5
0ca88d3ab0a871a65fde7b2b4640c50b

SHA1
7c641754d8ee9419e56d05464a978c4091e6a516

SHA256
9f2a888a813bef84b63e19216db7f9b91a8af83cda1c8fd6f0be7e72f5b50d60

SHA512
9879f3900767210dc27686cb83f84ba0f03f8e5afe3643a907d44f143055ec3a2de02d2311432f915bbaef3f15e7a348b1e1c93996e9600cb29cfd567b7e093a

Download Submit
C:\Windows\System\GzoskwU.exe
Filesize
1.9MB

MD5
f7a44695423366810c2066ad6f31b3a0

SHA1
218a12929f04ad4ddeb88e1228b4860e543ce9b4

SHA256
bfecdc438a670030922d47e130489aa596442d7f083b3c148c9e58c6359c0d12

SHA512
b89e285e3c5e18179c92354ac65b392f2e23656595cd182384d36698484f688bdcf7a40377154ebf3c70b0d2ad75c96b6abc430e08520b6519635392d3cb9a2a

Download Submit
C:\Windows\System\JodAddS.exe
Filesize
1.9MB

MD5
de3083985802c2b7e88acffc70350d4a

SHA1
d95330c03a8d78bef20e88a80b7fe84835d2c4cf

SHA256
2445f046bcca2182edf9b8490af206363603954797c93caeb4562dadd97e801c

SHA512
376cb41217dddb52e12c88fc6d73be3151048c73ba4a6a2e28d862d38faec89430992689a6087f189845c100541bacead37de0806e97ffa84723a9d31030a05e

Download Submit
C:\Windows\System\KfowJJq.exe
Filesize
2.0MB

MD5
f6754ec324568087360dce3ec108ab29

SHA1
b5fbd8ef7b1ecd0c8cb95abbd5480af46f592cfd

SHA256
ac3083c6738c9850a4f3b11e4f9d4729e98e4f59815de10ad842125e43693fb1

SHA512
dfb1dfc2dda9b7f31d6ac58af33b35312f651d4a6671d5f94085a063e7e16c7543737ec22818d706fbb476505fe1cd614fd53cfa8bb52047e8d63b0d05a47720

Download Submit
C:\Windows\System\KidvNmQ.exe
Filesize
1.9MB

MD5
c16b36e2459bc10b9527891ab2674e34

SHA1
84e53b8dd11647176af471b6896a56931732f05a

SHA256
db2d79b91a969a03d6ca21febdd1a09c39b86be40a1f7fc7106971adf06e7e03

SHA512
7edc2ab49be3244b903398f7ef01460754eb6a77dc18a4f9337b52a8a00721fda82673d8ee73ca64e44fc3cfa77041df3e0548689f356c146d285bc7f3ed758f

Download Submit
C:\Windows\System\KlqBPGm.exe
Filesize
2.0MB

MD5
e180441e0f5af67bd05265ed76c1637d

SHA1
8b87c27548e19075b385f3ef29898b96953bb9f4

SHA256
f4ceba73d723a2439831dd2a358c80d5938a0edf517fe3546363e35ffc450554

SHA512
d71abf82d387ca77da72ac8ada1dbc5af3424fa9e01c90fafccfe1e0fd3615a9e3e36f21feccb993f0a125e7caf3fd6af44740116f3c37801b9f2f6503280bab

Download Submit
C:\Windows\System\OTQNnDM.exe
Filesize
1.9MB

MD5
660d73f988fe82966ef2fc6aa1bdd0e6

SHA1
e5f7cf868b929ce10816181eae280078c643e919

SHA256
95df7cbe0341b702706409894a079ccf4655b1c56fd98a2c8315fbbfe49fe4e6

SHA512
59b968541b66b2c326eba09ef561d9d28b943d7808e5aa64af124bbb8fd4981b0747f76e47a44e5a95179849dfe423f30af386546304de3bf1e23676d8ad6958

Download Submit
C:\Windows\System\OyewHLt.exe
Filesize
2.0MB

MD5
753813d3b99fdc919ff3d366fbae00d7

SHA1
b2b71d84d79c63fee305323abb2838039a8b6bdc

SHA256
c65e50c8de57cabfb9a6792065d8817d3e39ee0205704358535a7ee20ce63e2f

SHA512
a3090d44264a6aa1249114bb9d32e86df6efb6d139fce206e3117ba28267e0990e09799bbecbf1757a5e4223c2cc9977c58c180b5bf5d7eb8e8093fa0d37766d

Download Submit
C:\Windows\System\QMRasNW.exe
Filesize
1.9MB

MD5
d4a6908906febc41d2af26fa6cdcaca1

SHA1
699c717d2a97347e91e24ccdc792b274c8a84c2f

SHA256
1a9b7627201e05e646bd971d30d7f1bf3cf0be7c84411e89ed468653dd6c60eb

SHA512
4913b70cf310fe10bd43ccec1221424447cf379b0948ce0be42d0799c6b1e0feb5071456a8ef6fe4ecade8b0b5c1a6cdc7c7253ef465902b252694ccdd56df79

Download Submit
C:\Windows\System\TyrjEYo.exe
Filesize
1.9MB

MD5
c65a35b83d47978ae39673521cb06234

SHA1
e6ea19a18f35f6ad24d23284abd93fb8756c8939

SHA256
11d46d7f499de58cf86fdabbc3955cc08425115ed2e031c94652a942cdb8bdbd

SHA512
4051e9bab29ff840aba78cd88e122c655e64ea7afd91ef2269cac4c720a280630ccfb33e2f8fc18d58634e6376eae0099ff7ec28d59445573bf8b40451d19899

Download Submit
C:\Windows\System\UsrxLTS.exe
Filesize
2.0MB

MD5
a7664efce7b8dbb5aa68298716958149

SHA1
8435d4ac734c1d08e05a34b4584394b0bab18c09

SHA256
b5b0a5226a133f5495df35be63b38cd4c759d51ea3ea6c1205199d0b48013b38

SHA512
bfea2cd87294591dcf77799afb592c164e200705ea12a2e4e604e565246937094dd6faed163888e542ad6de5e8ff5716cb56f6f0709258ef0b9213eaef00711c

Download Submit
C:\Windows\System\WdrtICV.exe
Filesize
2.0MB

MD5
719c63dd22809a6864ad2a59c0a722da

SHA1
e3ef61531276e99e1667e022f3e544caf9f8e170

SHA256
cdfd24a32db6bbe59f036223c1cfbad96477ba7abc0094694e549fe0a91e626b

SHA512
56bd7fde867e0a1ed1de5ef54965d0f5a01ea354a5af9d33e0a26b445f1d3962d45db8cbdd5ed4bcf2b5457cca31f3d728578a7496734f7b88361c83655141f2

Download Submit
C:\Windows\System\eOidwTN.exe
Filesize
1.9MB

MD5
edf9486cbf78fe8e09f88fa6e1b826c6

SHA1
5058903b35089b6f6ef10ce91257a338f5fbdf4a

SHA256
4e173d46a8f02b06412014cfcc5a6a628d33f09a93c1148e5390fcfd58c810c1

SHA512
d6dcbf9a12b2c0ce819ef3820bc35d4b36a9251fcb2ee202580f54658ad4e0fbd9667b2458a7b965dbcb836bd2220904bb94a5d454482c31e2dcf1104938fa26

Download Submit
C:\Windows\System\erEHWrL.exe
Filesize
1.9MB

MD5
facd5716e786080b179ae96175222a8a

SHA1
5103076c6d9a93bafcd2a2c2d45d24894bb9a7f9

SHA256
4cd8fcfb08e540abf81dfddc30695da2ec8b53cefe434fd4b4df1a34f5e0790c

SHA512
6ca42e1de4da6b43502bbac5d5c5fe2d0fd1a0627f74c6daa23f5c80dac555a61d7d804ea2b82b4ff1cd74fb82153cefd86d0c4a42037359c942e2acd11664b6

Download Submit
C:\Windows\System\fKjrZGd.exe
Filesize
1.9MB

MD5
858f31fe8479b35116035f55d70bbf60

SHA1
8185261c609218cc2590a594247f8f0b661dacf3

SHA256
457490cfd443e31b41eb3d23885571bf3bd88619681d45d091f97febba9f2a51

SHA512
4e1e83dd21aed58c88979151ab8d60a82392847371fccc89746cf770771bd15975cd9099bb1bf6eb988761fbdfa295308818dce86ace63476546301b04e0130c

Download Submit
C:\Windows\System\gpLMcIK.exe
Filesize
1.9MB

MD5
2ee9994a904dfdb2f698384a969588e1

SHA1
3c5e085d2eef4e579c4e7e0825b9622fdef7b381

SHA256
a72250589788fb48384eddf7269589256980961fb0ed3749fddbdcb411baa1ca

SHA512
5dfbadb21b22355b4039cf20b53fcf1d11fb00519a8ce24ef84f3dff8fc9650404d9d6a7e41e049d9803945c8ab1129c0c5927411313cf8812b154778e87f068

Download Submit
C:\Windows\System\iKRQrku.exe
Filesize
1.9MB

MD5
3f5c46a4dba6c4bc239b6384e06eb6a7

SHA1
fe771faad97ce76988cf5162f389595ca34a0e01

SHA256
aa7628f662a7abd97cb299ad3a761c6bda1c184c66bdb72210db195bc9c1ef53

SHA512
c9a2a34467dba6c935c52da55f29602411120183a8adda3ee9a7618ce320738dd677df74fab798ddddc756c7f73b12a7d5ebbdfec44d413048c480e6db0d3fa8

Download Submit
C:\Windows\System\izVDrDS.exe
Filesize
2.0MB

MD5
0a3c09bdf64982db56afe4a61a0dfecb

SHA1
4792948cbfdf2d52f55936e99835a3ba17ed7380

SHA256
d4670b22d89cf64b3c6fbec0bde6da90abdf611498e44969f03853b8c7fc901d

SHA512
3016136c29e15acde35e29f320b07621dbbec5b89b66c3a954ae7cfc1ff8747beef76c37b734e499a345f026a40a48f8dff80d4203e30116bf0e40c277e2176d

Download Submit
C:\Windows\System\jInPCYX.exe
Filesize
2.0MB

MD5
aa05d6925ade9a9d6c321fb94632dff1

SHA1
0d51bbccda7994f71a7ba37f6635f4131a9ba932

SHA256
dd1232dc12167a8775dc3e4056a9b672df44e8a3d53e16dc0df7d2b80897186e

SHA512
fff063e3d0ddba756f3e6ed5bd5912e1f5688b80aa21749de716b8d4c0f9029b7f892dd6a84185fcea8f1e88ec4987a8da4d6284ae39b528ab3b79f9251c6b39

Download Submit
C:\Windows\System\jURxhuB.exe
Filesize
1.9MB

MD5
58c7f26acbea5b661d838cf6552d6254

SHA1
87c8dc490a1f094d0a5e1fe6863b8d95ac562924

SHA256
b23f68a17ca039bcebd90167670ce3005f88aa16caaad1f6905877ceb49c402d

SHA512
83f32e8b5f20ac6f35c1ec20200b6a472251aaebe6e32f15c6a7e17194257116bb51b07f400c675c16bcb4b3a5f1877724aa6e4056306ecb66cc3a37a8c2e687

Download Submit
C:\Windows\System\jVsayBf.exe
Filesize
2.0MB

MD5
ffcdad4c38fb7f45b63ce27787ec6733

SHA1
2d5208ae72077a65b2c4b6f8be01ad82cfbfd1fe

SHA256
42be21455d6c8d5436917b09ed0a529035798693175e055aefffcda22ef0801c

SHA512
8598d0a73506178d3569a6b46624f840c5e62828fa9fc505d4a1e63e0f1a58a51d61be9a603ddd21efe9b89ddff86de0825f5836520f7a9270c8cfbe23b0371d

Download Submit
C:\Windows\System\jqFkUfn.exe
Filesize
1.9MB

MD5
d77008481412967c9595fed78f27f50e

SHA1
bf8928352131e628e8d8abbc0e1e6e6aeee00c7e

SHA256
841b1e71959bc74077a541e3af5911dec00e52262b9fdea72e85d78e33cbd4ea

SHA512
c0f89480ad904a5da282f589395e1411cedc1b70d622636caf7ae320ee283bb3b7fb4240fd5c8ed62f40286be693889c247d7ffb5a300fb192446aa500d231b1

Download Submit
C:\Windows\System\kEdrvSc.exe
Filesize
18B

MD5
042db3cca454b08b58bb73257239b438

SHA1
10e1bc7e7aa884031afcaafcefc742038d62d2cd

SHA256
510e41435a3d3cd5a736a89698b55c8a0f6d8d417f5acfd6cfca25146be56e68

SHA512
4790b4c15b8195254f6e315afe9f499a40aa9fc5aedba27229271073ad599e5f02d68cd51a7467384e5f09ff788d983132a63cbca82567af910557bf3b7bd269

Download Submit
C:\Windows\System\keugHPs.exe
Filesize
1.9MB

MD5
9c8c8903f973e02bd8d09c593af08cfd

SHA1
f9b1de4c3d7d0401193951d47805bbcdb851e697

SHA256
03d3ade68e4c32bc5160f111be6c707d335c9ebebf1784d4bf26ce98f8ccc642

SHA512
04350dbe7094222f86f6d1528ddf5f9d58ab658f0d6f19fd2a0d1337715c87240376279178cad28be188f2a5711884211328f8fcfcec1e2a3a9180689b7e7504

Download Submit
C:\Windows\System\ppMOOIt.exe
Filesize
1.9MB

MD5
5d844579092be4ef3b45c5f9f190d408

SHA1
e616e6707c2a6839bdfe87fb60f70a3e268ec3fc

SHA256
c2f5760d0d92bea67a9c87a2b979048dfe4e2faad4ce517d155c2f40de450807

SHA512
abfc46a7a8a10c2d5eed65d032ce7ad49463a9378d41decde41062b603133f109cf3b0baf28e73dad89cfe8fe32fc3fd46e509e7c36556fcbdd86879cc1af1a6

Download Submit
C:\Windows\System\sBWElrT.exe
Filesize
2.0MB

MD5
3935dcb99915766628b7e814491cb9b5

SHA1
69dae1429188d3c3fdf9040c541ba5af20c82839

SHA256
c3fa31f00a3ef111a8488ae8492000c28caabfed6a8c545f4fd714d64772873e

SHA512
a2a73920b49de2e32bf79b3312c1fb1908de931667a5d8c8d09767e57dea26acbecc0bdd237ed2ada0e70073bec6ce6daf74cd1b0d37e8cfa273623476a530e3

Download Submit
C:\Windows\System\uAOcriT.exe
Filesize
1.9MB

MD5
0e839d3b174b84f406eb6f318bd2dda1

SHA1
ccfa9968696f2cbd123732e3c561560671c313a0

SHA256
ea4bf2ca5985b99f694edb5414906eb1c1fdba2ae7e2d31cfb203d6be1840e72

SHA512
10b1bd729d7fa95f8de9e7d737414eb624b66cfcddd9979562dce8fd73a6075b01c5787412e86c72f93150edb12ae6a0ea0073c2d0f7628cb99f12143f067fe0

Download Submit
C:\Windows\System\uryoizp.exe
Filesize
1.9MB

MD5
8a2059eb959aa54f2cae98da8c1f8cfe

SHA1
cecc6c901018d7a45ffc211eac5bf77a3eb10b48

SHA256
51bc78793178fbebd5b5e5c1ad0bb332eee8c70532d65cf2a22c58dfca74e07f

SHA512
10f36260587ec7dc7e5c257748c94848df01e8b1375c495b3e18ce1dd509cab7d21414103b40cd9c6f15fcda09c206a1bc9836525cce0f441892cce6af52610a

Download Submit
C:\Windows\System\wHUJebl.exe
Filesize
2.0MB

MD5
73daa88654476e1ff428f470d7e19fc0

SHA1
ca41f8c9417d9f40a1106c725f9c05ea900b221b

SHA256
d77a8e780ec33ab8a2c314b5334dda32d025cb62cccd74e89027ffbdf6ffeff0

SHA512
14781ff1d7456bd40db01166242a5d87d9f8510eb4bc46b828c608a0d86c35d4484a4fbabc68140ffec82f7f90f724eca24a796cf2bb54248cd32b5b21979489

Download Submit
C:\Windows\System\wpgTGjl.exe
Filesize
1.9MB

MD5
773c3dd1a0f68cc9f15d778a79fd8ad1

SHA1
6cd9d97d9e9510662a74d3ba6aaa6cff83a6e18f

SHA256
5257e188a492ed08b1b71c233850652960bd3c049288910e651c873cafc8afde

SHA512
c7d40d0ecea818550810017911452fb66815315fe7e0ffed78f2cdba0ef72d1348cfad3e965308b86b0a0f2df7e3b4146df68ba964743b9e9e455f0ea84250e9

Download Submit
C:\Windows\System\zPtEEpy.exe
Filesize
1.9MB

MD5
7b3a324de04b38d4b5f1555319a35105

SHA1
54f65fc4ca9caf74351c60ab8cd0f8854fdb9ab8

SHA256
3822acfe94e39079366d09b28c700b0c0a4ae2ee60c499a91e4232ece10460e8

SHA512
8e120e3eeea8c96d5083265057209f7557bef667380a005714686b51df8f349b22e9ef92322a8233823e9a32eb3f8a5677c84309220ed4e8ce76c22c4533bb5d

Download Submit
memory/680-71-0x00007FF638710000-0x00007FF638B02000-memory.dmp

Filesize
3.9MB

Download
memory/700-59-0x00007FF6B65D0000-0x00007FF6B69C2000-memory.dmp

Filesize
3.9MB

Download
memory/748-113-0x00007FF706940000-0x00007FF706D32000-memory.dmp

Filesize
3.9MB

Download
memory/932-8-0x00007FF6BE6E0000-0x00007FF6BEAD2000-memory.dmp

Filesize
3.9MB

Download
memory/1236-44-0x00007FF6A0990000-0x00007FF6A0D82000-memory.dmp

Filesize
3.9MB

Download
memory/1236-2465-0x00007FF6A0990000-0x00007FF6A0D82000-memory.dmp

Filesize
3.9MB

Download
memory/1336-39-0x00007FF782FC0000-0x00007FF7833B2000-memory.dmp

Filesize
3.9MB

Download
memory/1604-38-0x00007FF6A9490000-0x00007FF6A9882000-memory.dmp

Filesize
3.9MB

Download
memory/1680-142-0x00007FF719570000-0x00007FF719962000-memory.dmp

Filesize
3.9MB

Download
memory/1680-5854-0x00007FF719570000-0x00007FF719962000-memory.dmp

Filesize
3.9MB

Download
memory/1752-47-0x00007FF7BEE10000-0x00007FF7BF202000-memory.dmp

Filesize
3.9MB

Download
memory/1984-78-0x00007FF7258F0000-0x00007FF725CE2000-memory.dmp

Filesize
3.9MB

Download
memory/2108-53-0x00007FF7204A0000-0x00007FF720892000-memory.dmp

Filesize
3.9MB

Download
memory/2688-8182-0x00007FF7FCE20000-0x00007FF7FD212000-memory.dmp

Filesize
3.9MB

Download
memory/2688-159-0x00007FF7FCE20000-0x00007FF7FD212000-memory.dmp

Filesize
3.9MB

Download
memory/2696-0-0x00007FF7C42B0000-0x00007FF7C46A2000-memory.dmp

Filesize
3.9MB

Download
memory/2696-1-0x00000290A8E60000-0x00000290A8E70000-memory.dmp

Filesize
64KB

Download
memory/2708-155-0x00007FF65BF30000-0x00007FF65C322000-memory.dmp

Filesize
3.9MB

Download
memory/2708-8183-0x00007FF65BF30000-0x00007FF65C322000-memory.dmp

Filesize
3.9MB

Download
memory/2732-86-0x000001F2D04D0000-0x000001F2D04F2000-memory.dmp

Filesize
136KB

Download
memory/2732-26-0x000001F2E8630000-0x000001F2E8640000-memory.dmp

Filesize
64KB

Download
memory/2732-27-0x000001F2E8630000-0x000001F2E8640000-memory.dmp

Filesize
64KB

Download
memory/2732-25-0x00007FFAFE3C0000-0x00007FFAFEE81000-memory.dmp

Filesize
10.8MB

Download
memory/3276-5212-0x00007FF6B24B0000-0x00007FF6B28A2000-memory.dmp

Filesize
3.9MB

Download
memory/3276-129-0x00007FF6B24B0000-0x00007FF6B28A2000-memory.dmp

Filesize
3.9MB

Download
memory/3944-119-0x00007FF63AF40000-0x00007FF63B332000-memory.dmp

Filesize
3.9MB

Download
memory/3944-5211-0x00007FF63AF40000-0x00007FF63B332000-memory.dmp

Filesize
3.9MB

Download
memory/4224-82-0x00007FF7AF860000-0x00007FF7AFC52000-memory.dmp

Filesize
3.9MB

Download
memory/4416-154-0x00007FF730CF0000-0x00007FF7310E2000-memory.dmp

Filesize
3.9MB

Download
memory/4416-8152-0x00007FF730CF0000-0x00007FF7310E2000-memory.dmp

Filesize
3.9MB

Download
memory/4516-140-0x00007FF6C6B80000-0x00007FF6C6F72000-memory.dmp

Filesize
3.9MB

Download
memory/4516-5849-0x00007FF6C6B80000-0x00007FF6C6F72000-memory.dmp

Filesize
3.9MB

Download
memory/4956-3899-0x00007FF795000000-0x00007FF7953F2000-memory.dmp

Filesize
3.9MB

Download
memory/4956-80-0x00007FF795000000-0x00007FF7953F2000-memory.dmp

Filesize
3.9MB

Download
memory/4964-96-0x00007FF681A30000-0x00007FF681E22000-memory.dmp

Filesize
3.9MB

Download
memory/5008-4467-0x00007FF6F3230000-0x00007FF6F3622000-memory.dmp

Filesize
3.9MB

Download
memory/5008-8131-0x00007FF6F3230000-0x00007FF6F3622000-memory.dmp

Filesize
3.9MB

Download
memory/5008-83-0x00007FF6F3230000-0x00007FF6F3622000-memory.dmp

Filesize
3.9MB

Download