xmrig | 6d04b0632e3a341d4a6df2752535cfcb7945170d97a8f6f751bd5c0a6160dcf4

Analysis

max time kernel
21s
max time network
22s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28/04/2024, 03:55

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
Size

1.6MB
MD5

045127c7c12c3ebdfe34eeefb52bc666
SHA1

ef8d805fd8548e21a93a3b227b51d9c79c7b38cc
SHA256

6d04b0632e3a341d4a6df2752535cfcb7945170d97a8f6f751bd5c0a6160dcf4
SHA512

6715bb040a0d4728153fcc0e69c825b1f2b88f8ae61b06637f3a33a48797670be8ddca26e23ea8fe840d4f6c3467a19f1b33789ba49baec7d321dcea2eab495f
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82SOs:NABa

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 17 IoCs

miner

resource	yara_rule
behavioral2/memory/3068-58-0x00007FF72DA90000-0x00007FF72DE82000-memory.dmp	xmrig
behavioral2/memory/4872-367-0x00007FF6B4040000-0x00007FF6B4432000-memory.dmp	xmrig
behavioral2/memory/2568-381-0x00007FF6BA9C0000-0x00007FF6BADB2000-memory.dmp	xmrig
behavioral2/memory/1772-399-0x00007FF7330A0000-0x00007FF733492000-memory.dmp	xmrig
behavioral2/memory/4960-402-0x00007FF7812B0000-0x00007FF7816A2000-memory.dmp	xmrig
behavioral2/memory/4492-394-0x00007FF6FBB20000-0x00007FF6FBF12000-memory.dmp	xmrig
behavioral2/memory/3680-390-0x00007FF674970000-0x00007FF674D62000-memory.dmp	xmrig
behavioral2/memory/5108-389-0x00007FF6F0AC0000-0x00007FF6F0EB2000-memory.dmp	xmrig
behavioral2/memory/3872-370-0x00007FF7F3550000-0x00007FF7F3942000-memory.dmp	xmrig
behavioral2/memory/1984-369-0x00007FF665E00000-0x00007FF6661F2000-memory.dmp	xmrig
behavioral2/memory/1516-368-0x00007FF7A4DB0000-0x00007FF7A51A2000-memory.dmp	xmrig
behavioral2/memory/4660-364-0x00007FF731130000-0x00007FF731522000-memory.dmp	xmrig
behavioral2/memory/3480-361-0x00007FF668B40000-0x00007FF668F32000-memory.dmp	xmrig
behavioral2/memory/3956-349-0x00007FF6769F0000-0x00007FF676DE2000-memory.dmp	xmrig
behavioral2/memory/2116-85-0x00007FF6AB640000-0x00007FF6ABA32000-memory.dmp	xmrig
behavioral2/memory/4980-74-0x00007FF741240000-0x00007FF741632000-memory.dmp	xmrig
behavioral2/memory/216-67-0x00007FF6A0C40000-0x00007FF6A1032000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
3	2612	powershell.exe
5	2612	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2908	VzNVuUq.exe
4744	HCliQgH.exe
744	pNYqJHt.exe
3116	YunVIcS.exe
2568	qoheYYq.exe
3068	hMMnIBv.exe
216	QhkxHqe.exe
4980	mNwPHOe.exe
5108	mAYlZCb.exe
2116	kHnwUIH.exe
3680	SJsPgsy.exe
4492	TmngCVq.exe
1772	isjwyzr.exe
4960	edvaORZ.exe
3956	iIcpMMF.exe
3480	XnaqquC.exe
4660	QiIPNYQ.exe
4872	WmodrfZ.exe
1516	igDQrtL.exe
1984	nyPXZnG.exe
3872	DSNQRHI.exe
1664	xjWvraP.exe
1268	VpJJZIl.exe
4652	PoFCuOb.exe
2268	ZxKnFTf.exe
816	cEYuQRS.exe
1680	egntxMu.exe
2348	jNKAHsf.exe
1600	DUEICfw.exe
3428	CHcmaFI.exe
1824	aNFmRvD.exe
4928	XqPcvYZ.exe
1328	eugLOlG.exe
4212	nTPuImg.exe
2104	lIyNEdq.exe
2680	ZDuCUmW.exe
3664	FRyLECI.exe
4104	sxYYJbz.exe
2888	PkKPOCw.exe
2124	QwEgehD.exe
3044	dvAtkNO.exe
4556	riYtJNW.exe
2024	MltdIkO.exe
1520	qaAcxNd.exe
4372	CfCsNcP.exe
2748	vPGSuyL.exe
3312	VQuXJoM.exe
772	RkiKLfq.exe
4560	wStfueB.exe
3888	HQEVULf.exe
4920	BJYxKwm.exe
208	NUIHXkR.exe
4164	qGufLsG.exe
784	TEPGxYU.exe
1412	YzOTykM.exe
3640	zguYPKw.exe
2068	bZONAkF.exe
1576	rVgMGPQ.exe
2720	ACgQZlt.exe
1792	fGnWMNe.exe
3204	XErkzZU.exe
3964	nYeWTpc.exe
4836	NyEmHwG.exe
1416	eaMzqgl.exe

UPX packed file 55 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2364-0-0x00007FF7A3490000-0x00007FF7A3882000-memory.dmp	upx
behavioral2/files/0x000a00000002342c-5.dat	upx
behavioral2/files/0x0007000000023446-7.dat	upx
behavioral2/files/0x0007000000023448-28.dat	upx
behavioral2/files/0x0007000000023449-33.dat	upx
behavioral2/files/0x000700000002344a-38.dat	upx
behavioral2/files/0x0007000000023447-29.dat	upx
behavioral2/memory/3116-26-0x00007FF7F4790000-0x00007FF7F4B82000-memory.dmp	upx
behavioral2/memory/744-22-0x00007FF635A30000-0x00007FF635E22000-memory.dmp	upx
behavioral2/files/0x0008000000023445-15.dat	upx
behavioral2/memory/4744-12-0x00007FF75C830000-0x00007FF75CC22000-memory.dmp	upx
behavioral2/memory/2908-9-0x00007FF70AFC0000-0x00007FF70B3B2000-memory.dmp	upx
behavioral2/files/0x000700000002344b-48.dat	upx
behavioral2/memory/3068-58-0x00007FF72DA90000-0x00007FF72DE82000-memory.dmp	upx
behavioral2/files/0x000700000002344f-73.dat	upx
behavioral2/files/0x0007000000023453-97.dat	upx
behavioral2/files/0x0007000000023454-104.dat	upx
behavioral2/files/0x0007000000023455-117.dat	upx
behavioral2/files/0x0007000000023457-127.dat	upx
behavioral2/files/0x0007000000023459-137.dat	upx
behavioral2/files/0x000700000002345b-147.dat	upx
behavioral2/files/0x0007000000023464-184.dat	upx
behavioral2/memory/4872-367-0x00007FF6B4040000-0x00007FF6B4432000-memory.dmp	upx
behavioral2/memory/2568-381-0x00007FF6BA9C0000-0x00007FF6BADB2000-memory.dmp	upx
behavioral2/memory/1772-399-0x00007FF7330A0000-0x00007FF733492000-memory.dmp	upx
behavioral2/memory/4960-402-0x00007FF7812B0000-0x00007FF7816A2000-memory.dmp	upx
behavioral2/memory/4492-394-0x00007FF6FBB20000-0x00007FF6FBF12000-memory.dmp	upx
behavioral2/memory/3680-390-0x00007FF674970000-0x00007FF674D62000-memory.dmp	upx
behavioral2/memory/5108-389-0x00007FF6F0AC0000-0x00007FF6F0EB2000-memory.dmp	upx
behavioral2/memory/3872-370-0x00007FF7F3550000-0x00007FF7F3942000-memory.dmp	upx
behavioral2/memory/1984-369-0x00007FF665E00000-0x00007FF6661F2000-memory.dmp	upx
behavioral2/memory/1516-368-0x00007FF7A4DB0000-0x00007FF7A51A2000-memory.dmp	upx
behavioral2/memory/4660-364-0x00007FF731130000-0x00007FF731522000-memory.dmp	upx
behavioral2/memory/3480-361-0x00007FF668B40000-0x00007FF668F32000-memory.dmp	upx
behavioral2/memory/3956-349-0x00007FF6769F0000-0x00007FF676DE2000-memory.dmp	upx
behavioral2/files/0x0007000000023462-182.dat	upx
behavioral2/files/0x0007000000023463-179.dat	upx
behavioral2/files/0x0007000000023461-177.dat	upx
behavioral2/files/0x0007000000023460-172.dat	upx
behavioral2/files/0x000700000002345f-167.dat	upx
behavioral2/files/0x000700000002345e-162.dat	upx
behavioral2/files/0x000700000002345d-157.dat	upx
behavioral2/files/0x000700000002345c-152.dat	upx
behavioral2/files/0x000700000002345a-142.dat	upx
behavioral2/files/0x0007000000023458-132.dat	upx
behavioral2/files/0x0007000000023456-122.dat	upx
behavioral2/files/0x0008000000023450-107.dat	upx
behavioral2/files/0x0008000000023451-102.dat	upx
behavioral2/files/0x0007000000023452-89.dat	upx
behavioral2/memory/2116-85-0x00007FF6AB640000-0x00007FF6ABA32000-memory.dmp	upx
behavioral2/memory/4980-74-0x00007FF741240000-0x00007FF741632000-memory.dmp	upx
behavioral2/files/0x000700000002344e-72.dat	upx
behavioral2/files/0x000700000002344c-70.dat	upx
behavioral2/files/0x000700000002344d-69.dat	upx
behavioral2/memory/216-67-0x00007FF6A0C40000-0x00007FF6A1032000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com
2	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\WxZYTIF.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\uNocMLP.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\TtmaRHo.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\LKsOHLd.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\gXrzHZo.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\ErUzRGK.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\ZxKnFTf.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\XGvUMhR.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\cuVEYnY.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\pTddbUq.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\rjNAeDD.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\tNCRGvg.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\Spkyndw.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\MwKZfDU.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\mAUQtkr.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\WTJQSkY.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\sEAKyKz.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\vRhdyQL.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\fVvryBm.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\IXteNMG.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\JdalUyw.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\nlWJBhF.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\xAVHsJK.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\HSKREGL.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\AUWylus.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\svJqECg.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\JDoPEek.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\LGkvsvf.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\eyBcWAW.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\trSHXdH.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\DSNQRHI.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\mETlRon.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\MTuydxr.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\XOlqQsE.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\ikkvcpv.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\gkmsGHK.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\uvSDCLe.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\dxCSZoa.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\TTLgGmQ.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\AVmvWzi.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\AcjHUhA.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\IGZaAOg.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\uNaAtnF.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\RjkaoRW.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\utHIvey.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\yrUglGE.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\JLUDHIf.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\EkytvsE.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\HwYUPiO.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\ylzFFlH.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\ETMNYRs.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\kladkoh.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\RfCwpQn.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\KekdMga.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\qaAcxNd.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\xgCwGeT.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\WYGuLdQ.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\MUtjmUw.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\xHBxLJw.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\nUcKmvj.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\zgMBpLz.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\fHOzpUo.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\gVsqkGU.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
File created	C:\Windows\System\idWUhaG.exe	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2612	powershell.exe
2612	powershell.exe
2612	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
Token: SeDebugPrivilege	2612	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2612	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	83
PID 2364 wrote to memory of 2612	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	83
PID 2364 wrote to memory of 2908	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	84
PID 2364 wrote to memory of 2908	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	84
PID 2364 wrote to memory of 4744	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	85
PID 2364 wrote to memory of 4744	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	85
PID 2364 wrote to memory of 744	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	86
PID 2364 wrote to memory of 744	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	86
PID 2364 wrote to memory of 3116	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	87
PID 2364 wrote to memory of 3116	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	87
PID 2364 wrote to memory of 2568	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	88
PID 2364 wrote to memory of 2568	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	88
PID 2364 wrote to memory of 3068	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	89
PID 2364 wrote to memory of 3068	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	89
PID 2364 wrote to memory of 216	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	90
PID 2364 wrote to memory of 216	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	90
PID 2364 wrote to memory of 4980	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	91
PID 2364 wrote to memory of 4980	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	91
PID 2364 wrote to memory of 5108	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	92
PID 2364 wrote to memory of 5108	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	92
PID 2364 wrote to memory of 2116	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	93
PID 2364 wrote to memory of 2116	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	93
PID 2364 wrote to memory of 3680	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	94
PID 2364 wrote to memory of 3680	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	94
PID 2364 wrote to memory of 4492	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	95
PID 2364 wrote to memory of 4492	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	95
PID 2364 wrote to memory of 1772	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	96
PID 2364 wrote to memory of 1772	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	96
PID 2364 wrote to memory of 4960	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	97
PID 2364 wrote to memory of 4960	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	97
PID 2364 wrote to memory of 3956	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	98
PID 2364 wrote to memory of 3956	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	98
PID 2364 wrote to memory of 3480	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	99
PID 2364 wrote to memory of 3480	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	99
PID 2364 wrote to memory of 4660	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	100
PID 2364 wrote to memory of 4660	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	100
PID 2364 wrote to memory of 4872	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	101
PID 2364 wrote to memory of 4872	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	101
PID 2364 wrote to memory of 1516	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	102
PID 2364 wrote to memory of 1516	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	102
PID 2364 wrote to memory of 1984	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	103
PID 2364 wrote to memory of 1984	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	103
PID 2364 wrote to memory of 3872	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	104
PID 2364 wrote to memory of 3872	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	104
PID 2364 wrote to memory of 1664	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	105
PID 2364 wrote to memory of 1664	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	105
PID 2364 wrote to memory of 1268	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	106
PID 2364 wrote to memory of 1268	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	106
PID 2364 wrote to memory of 4652	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	107
PID 2364 wrote to memory of 4652	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	107
PID 2364 wrote to memory of 2268	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	108
PID 2364 wrote to memory of 2268	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	108
PID 2364 wrote to memory of 816	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	109
PID 2364 wrote to memory of 816	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	109
PID 2364 wrote to memory of 1680	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	110
PID 2364 wrote to memory of 1680	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	110
PID 2364 wrote to memory of 2348	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	111
PID 2364 wrote to memory of 2348	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	111
PID 2364 wrote to memory of 1600	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	112
PID 2364 wrote to memory of 1600	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	112
PID 2364 wrote to memory of 3428	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	113
PID 2364 wrote to memory of 3428	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	113
PID 2364 wrote to memory of 1824	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	114
PID 2364 wrote to memory of 1824	2364	045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe	114

C:\Users\Admin\AppData\Local\Temp\045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\045127c7c12c3ebdfe34eeefb52bc666_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2612
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "2612" "3016" "2968" "3020" "0" "0" "3024" "0" "0" "0" "0" "0"
    3⤵
    PID:13040
- C:\Windows\System\VzNVuUq.exe
  C:\Windows\System\VzNVuUq.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\HCliQgH.exe
  C:\Windows\System\HCliQgH.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\pNYqJHt.exe
  C:\Windows\System\pNYqJHt.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\YunVIcS.exe
  C:\Windows\System\YunVIcS.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System\qoheYYq.exe
  C:\Windows\System\qoheYYq.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\hMMnIBv.exe
  C:\Windows\System\hMMnIBv.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\QhkxHqe.exe
  C:\Windows\System\QhkxHqe.exe
  2⤵
  - Executes dropped EXE
  PID:216
- C:\Windows\System\mNwPHOe.exe
  C:\Windows\System\mNwPHOe.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\mAYlZCb.exe
  C:\Windows\System\mAYlZCb.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\kHnwUIH.exe
  C:\Windows\System\kHnwUIH.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\SJsPgsy.exe
  C:\Windows\System\SJsPgsy.exe
  2⤵
  - Executes dropped EXE
  PID:3680
- C:\Windows\System\TmngCVq.exe
  C:\Windows\System\TmngCVq.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\isjwyzr.exe
  C:\Windows\System\isjwyzr.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\edvaORZ.exe
  C:\Windows\System\edvaORZ.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\iIcpMMF.exe
  C:\Windows\System\iIcpMMF.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\XnaqquC.exe
  C:\Windows\System\XnaqquC.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\QiIPNYQ.exe
  C:\Windows\System\QiIPNYQ.exe
  2⤵
  - Executes dropped EXE
  PID:4660
- C:\Windows\System\WmodrfZ.exe
  C:\Windows\System\WmodrfZ.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\igDQrtL.exe
  C:\Windows\System\igDQrtL.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\nyPXZnG.exe
  C:\Windows\System\nyPXZnG.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\DSNQRHI.exe
  C:\Windows\System\DSNQRHI.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System\xjWvraP.exe
  C:\Windows\System\xjWvraP.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\VpJJZIl.exe
  C:\Windows\System\VpJJZIl.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\PoFCuOb.exe
  C:\Windows\System\PoFCuOb.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\ZxKnFTf.exe
  C:\Windows\System\ZxKnFTf.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\cEYuQRS.exe
  C:\Windows\System\cEYuQRS.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\egntxMu.exe
  C:\Windows\System\egntxMu.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\jNKAHsf.exe
  C:\Windows\System\jNKAHsf.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\DUEICfw.exe
  C:\Windows\System\DUEICfw.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\CHcmaFI.exe
  C:\Windows\System\CHcmaFI.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System\aNFmRvD.exe
  C:\Windows\System\aNFmRvD.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\XqPcvYZ.exe
  C:\Windows\System\XqPcvYZ.exe
  2⤵
  - Executes dropped EXE
  PID:4928
- C:\Windows\System\eugLOlG.exe
  C:\Windows\System\eugLOlG.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\nTPuImg.exe
  C:\Windows\System\nTPuImg.exe
  2⤵
  - Executes dropped EXE
  PID:4212
- C:\Windows\System\lIyNEdq.exe
  C:\Windows\System\lIyNEdq.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\ZDuCUmW.exe
  C:\Windows\System\ZDuCUmW.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\FRyLECI.exe
  C:\Windows\System\FRyLECI.exe
  2⤵
  - Executes dropped EXE
  PID:3664
- C:\Windows\System\sxYYJbz.exe
  C:\Windows\System\sxYYJbz.exe
  2⤵
  - Executes dropped EXE
  PID:4104
- C:\Windows\System\PkKPOCw.exe
  C:\Windows\System\PkKPOCw.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\QwEgehD.exe
  C:\Windows\System\QwEgehD.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\dvAtkNO.exe
  C:\Windows\System\dvAtkNO.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\riYtJNW.exe
  C:\Windows\System\riYtJNW.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\MltdIkO.exe
  C:\Windows\System\MltdIkO.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\qaAcxNd.exe
  C:\Windows\System\qaAcxNd.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\CfCsNcP.exe
  C:\Windows\System\CfCsNcP.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\vPGSuyL.exe
  C:\Windows\System\vPGSuyL.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\VQuXJoM.exe
  C:\Windows\System\VQuXJoM.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\RkiKLfq.exe
  C:\Windows\System\RkiKLfq.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\wStfueB.exe
  C:\Windows\System\wStfueB.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\HQEVULf.exe
  C:\Windows\System\HQEVULf.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System\BJYxKwm.exe
  C:\Windows\System\BJYxKwm.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\NUIHXkR.exe
  C:\Windows\System\NUIHXkR.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\qGufLsG.exe
  C:\Windows\System\qGufLsG.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\TEPGxYU.exe
  C:\Windows\System\TEPGxYU.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\YzOTykM.exe
  C:\Windows\System\YzOTykM.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\zguYPKw.exe
  C:\Windows\System\zguYPKw.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\bZONAkF.exe
  C:\Windows\System\bZONAkF.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\rVgMGPQ.exe
  C:\Windows\System\rVgMGPQ.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\ACgQZlt.exe
  C:\Windows\System\ACgQZlt.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\fGnWMNe.exe
  C:\Windows\System\fGnWMNe.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\XErkzZU.exe
  C:\Windows\System\XErkzZU.exe
  2⤵
  - Executes dropped EXE
  PID:3204
- C:\Windows\System\nYeWTpc.exe
  C:\Windows\System\nYeWTpc.exe
  2⤵
  - Executes dropped EXE
  PID:3964
- C:\Windows\System\NyEmHwG.exe
  C:\Windows\System\NyEmHwG.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\eaMzqgl.exe
  C:\Windows\System\eaMzqgl.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\rQQeROJ.exe
  C:\Windows\System\rQQeROJ.exe
  2⤵
  PID:2260
- C:\Windows\System\mjxQBMg.exe
  C:\Windows\System\mjxQBMg.exe
  2⤵
  PID:4788
- C:\Windows\System\wdjqAyl.exe
  C:\Windows\System\wdjqAyl.exe
  2⤵
  PID:1608
- C:\Windows\System\WxZYTIF.exe
  C:\Windows\System\WxZYTIF.exe
  2⤵
  PID:4496
- C:\Windows\System\tkFZgqT.exe
  C:\Windows\System\tkFZgqT.exe
  2⤵
  PID:4404
- C:\Windows\System\PMICMzi.exe
  C:\Windows\System\PMICMzi.exe
  2⤵
  PID:5036
- C:\Windows\System\ZEkhAwE.exe
  C:\Windows\System\ZEkhAwE.exe
  2⤵
  PID:5096
- C:\Windows\System\srplkZz.exe
  C:\Windows\System\srplkZz.exe
  2⤵
  PID:3692
- C:\Windows\System\bhivDxl.exe
  C:\Windows\System\bhivDxl.exe
  2⤵
  PID:4816
- C:\Windows\System\GxtlJeB.exe
  C:\Windows\System\GxtlJeB.exe
  2⤵
  PID:224
- C:\Windows\System\xAVHsJK.exe
  C:\Windows\System\xAVHsJK.exe
  2⤵
  PID:4784
- C:\Windows\System\LLAoNjb.exe
  C:\Windows\System\LLAoNjb.exe
  2⤵
  PID:4840
- C:\Windows\System\YFbaubA.exe
  C:\Windows\System\YFbaubA.exe
  2⤵
  PID:848
- C:\Windows\System\mIkcGHt.exe
  C:\Windows\System\mIkcGHt.exe
  2⤵
  PID:2200
- C:\Windows\System\ElafTJb.exe
  C:\Windows\System\ElafTJb.exe
  2⤵
  PID:2724
- C:\Windows\System\PWnWKRu.exe
  C:\Windows\System\PWnWKRu.exe
  2⤵
  PID:4200
- C:\Windows\System\HqQPwiM.exe
  C:\Windows\System\HqQPwiM.exe
  2⤵
  PID:412
- C:\Windows\System\JzYiloQ.exe
  C:\Windows\System\JzYiloQ.exe
  2⤵
  PID:5140
- C:\Windows\System\svJqECg.exe
  C:\Windows\System\svJqECg.exe
  2⤵
  PID:5168
- C:\Windows\System\VjBTaJQ.exe
  C:\Windows\System\VjBTaJQ.exe
  2⤵
  PID:5196
- C:\Windows\System\ZJcRrJG.exe
  C:\Windows\System\ZJcRrJG.exe
  2⤵
  PID:5224
- C:\Windows\System\gSnZwQz.exe
  C:\Windows\System\gSnZwQz.exe
  2⤵
  PID:5252
- C:\Windows\System\lUgwTXA.exe
  C:\Windows\System\lUgwTXA.exe
  2⤵
  PID:5276
- C:\Windows\System\CKbAeVv.exe
  C:\Windows\System\CKbAeVv.exe
  2⤵
  PID:5308
- C:\Windows\System\gCmccud.exe
  C:\Windows\System\gCmccud.exe
  2⤵
  PID:5324
- C:\Windows\System\bvzrBUM.exe
  C:\Windows\System\bvzrBUM.exe
  2⤵
  PID:5380
- C:\Windows\System\yAWRhrK.exe
  C:\Windows\System\yAWRhrK.exe
  2⤵
  PID:5404
- C:\Windows\System\JGpAeXp.exe
  C:\Windows\System\JGpAeXp.exe
  2⤵
  PID:5424
- C:\Windows\System\EBgRAAf.exe
  C:\Windows\System\EBgRAAf.exe
  2⤵
  PID:5444
- C:\Windows\System\APgcLMS.exe
  C:\Windows\System\APgcLMS.exe
  2⤵
  PID:5460
- C:\Windows\System\RFIDBAR.exe
  C:\Windows\System\RFIDBAR.exe
  2⤵
  PID:5500
- C:\Windows\System\qPniJeW.exe
  C:\Windows\System\qPniJeW.exe
  2⤵
  PID:5536
- C:\Windows\System\VjoUDdQ.exe
  C:\Windows\System\VjoUDdQ.exe
  2⤵
  PID:5552
- C:\Windows\System\UuedXqZ.exe
  C:\Windows\System\UuedXqZ.exe
  2⤵
  PID:5584
- C:\Windows\System\fWAxXCe.exe
  C:\Windows\System\fWAxXCe.exe
  2⤵
  PID:5636
- C:\Windows\System\UKqUJQc.exe
  C:\Windows\System\UKqUJQc.exe
  2⤵
  PID:5716
- C:\Windows\System\EtKwxVj.exe
  C:\Windows\System\EtKwxVj.exe
  2⤵
  PID:5732
- C:\Windows\System\HCofQPN.exe
  C:\Windows\System\HCofQPN.exe
  2⤵
  PID:5752
- C:\Windows\System\HlrQsAK.exe
  C:\Windows\System\HlrQsAK.exe
  2⤵
  PID:5772
- C:\Windows\System\VAQCaas.exe
  C:\Windows\System\VAQCaas.exe
  2⤵
  PID:5816
- C:\Windows\System\drhgzIs.exe
  C:\Windows\System\drhgzIs.exe
  2⤵
  PID:5868
- C:\Windows\System\asiArju.exe
  C:\Windows\System\asiArju.exe
  2⤵
  PID:5888
- C:\Windows\System\vsXHhCo.exe
  C:\Windows\System\vsXHhCo.exe
  2⤵
  PID:5908
- C:\Windows\System\VVLazjf.exe
  C:\Windows\System\VVLazjf.exe
  2⤵
  PID:5944
- C:\Windows\System\WyEOEOv.exe
  C:\Windows\System\WyEOEOv.exe
  2⤵
  PID:5976
- C:\Windows\System\uBzimcs.exe
  C:\Windows\System\uBzimcs.exe
  2⤵
  PID:6004
- C:\Windows\System\kONgCzM.exe
  C:\Windows\System\kONgCzM.exe
  2⤵
  PID:6048
- C:\Windows\System\ZbjYsXE.exe
  C:\Windows\System\ZbjYsXE.exe
  2⤵
  PID:6092
- C:\Windows\System\hTHjzuv.exe
  C:\Windows\System\hTHjzuv.exe
  2⤵
  PID:6108
- C:\Windows\System\kvGzqzC.exe
  C:\Windows\System\kvGzqzC.exe
  2⤵
  PID:6124
- C:\Windows\System\YNAjBYW.exe
  C:\Windows\System\YNAjBYW.exe
  2⤵
  PID:4000
- C:\Windows\System\LKsOHLd.exe
  C:\Windows\System\LKsOHLd.exe
  2⤵
  PID:4364
- C:\Windows\System\kRWixye.exe
  C:\Windows\System\kRWixye.exe
  2⤵
  PID:2884
- C:\Windows\System\IYqwoVz.exe
  C:\Windows\System\IYqwoVz.exe
  2⤵
  PID:5152
- C:\Windows\System\Twlosvs.exe
  C:\Windows\System\Twlosvs.exe
  2⤵
  PID:116
- C:\Windows\System\goiBOTb.exe
  C:\Windows\System\goiBOTb.exe
  2⤵
  PID:5184
- C:\Windows\System\FJuYrns.exe
  C:\Windows\System\FJuYrns.exe
  2⤵
  PID:5048
- C:\Windows\System\yrUjcHg.exe
  C:\Windows\System\yrUjcHg.exe
  2⤵
  PID:5296
- C:\Windows\System\cVDWOQL.exe
  C:\Windows\System\cVDWOQL.exe
  2⤵
  PID:5368
- C:\Windows\System\diqUgsR.exe
  C:\Windows\System\diqUgsR.exe
  2⤵
  PID:5400
- C:\Windows\System\PzeGYoL.exe
  C:\Windows\System\PzeGYoL.exe
  2⤵
  PID:5452
- C:\Windows\System\AbqGsxe.exe
  C:\Windows\System\AbqGsxe.exe
  2⤵
  PID:3232
- C:\Windows\System\mLpRRyr.exe
  C:\Windows\System\mLpRRyr.exe
  2⤵
  PID:5648
- C:\Windows\System\JDoPEek.exe
  C:\Windows\System\JDoPEek.exe
  2⤵
  PID:5672
- C:\Windows\System\TCWfwTq.exe
  C:\Windows\System\TCWfwTq.exe
  2⤵
  PID:3268
- C:\Windows\System\FMirvPg.exe
  C:\Windows\System\FMirvPg.exe
  2⤵
  PID:5728
- C:\Windows\System\QhYneik.exe
  C:\Windows\System\QhYneik.exe
  2⤵
  PID:5836
- C:\Windows\System\uyDuGji.exe
  C:\Windows\System\uyDuGji.exe
  2⤵
  PID:4396
- C:\Windows\System\xgCwGeT.exe
  C:\Windows\System\xgCwGeT.exe
  2⤵
  PID:5960
- C:\Windows\System\zyykOyv.exe
  C:\Windows\System\zyykOyv.exe
  2⤵
  PID:1648
- C:\Windows\System\ZgFzeOb.exe
  C:\Windows\System\ZgFzeOb.exe
  2⤵
  PID:2872
- C:\Windows\System\HBgAvks.exe
  C:\Windows\System\HBgAvks.exe
  2⤵
  PID:732
- C:\Windows\System\dUiLqvT.exe
  C:\Windows\System\dUiLqvT.exe
  2⤵
  PID:2848
- C:\Windows\System\RjkaoRW.exe
  C:\Windows\System\RjkaoRW.exe
  2⤵
  PID:4924
- C:\Windows\System\jSLUvIi.exe
  C:\Windows\System\jSLUvIi.exe
  2⤵
  PID:6084
- C:\Windows\System\CJrXTIJ.exe
  C:\Windows\System\CJrXTIJ.exe
  2⤵
  PID:5064
- C:\Windows\System\OGVkbtY.exe
  C:\Windows\System\OGVkbtY.exe
  2⤵
  PID:3996
- C:\Windows\System\vxkNxZr.exe
  C:\Windows\System\vxkNxZr.exe
  2⤵
  PID:5344
- C:\Windows\System\zwnMSiH.exe
  C:\Windows\System\zwnMSiH.exe
  2⤵
  PID:5208
- C:\Windows\System\bkMSkZt.exe
  C:\Windows\System\bkMSkZt.exe
  2⤵
  PID:5340
- C:\Windows\System\JrAeLzM.exe
  C:\Windows\System\JrAeLzM.exe
  2⤵
  PID:5604
- C:\Windows\System\kQVAiLb.exe
  C:\Windows\System\kQVAiLb.exe
  2⤵
  PID:1148
- C:\Windows\System\dcIwGdM.exe
  C:\Windows\System\dcIwGdM.exe
  2⤵
  PID:2092
- C:\Windows\System\URqdwmf.exe
  C:\Windows\System\URqdwmf.exe
  2⤵
  PID:4120
- C:\Windows\System\cAIrSEs.exe
  C:\Windows\System\cAIrSEs.exe
  2⤵
  PID:3684
- C:\Windows\System\iDjmxaM.exe
  C:\Windows\System\iDjmxaM.exe
  2⤵
  PID:5996
- C:\Windows\System\nIbuOiJ.exe
  C:\Windows\System\nIbuOiJ.exe
  2⤵
  PID:2100
- C:\Windows\System\AIltchm.exe
  C:\Windows\System\AIltchm.exe
  2⤵
  PID:1088
- C:\Windows\System\JdesUJN.exe
  C:\Windows\System\JdesUJN.exe
  2⤵
  PID:2768
- C:\Windows\System\XGvUMhR.exe
  C:\Windows\System\XGvUMhR.exe
  2⤵
  PID:5396
- C:\Windows\System\KPhKDni.exe
  C:\Windows\System\KPhKDni.exe
  2⤵
  PID:5616
- C:\Windows\System\SVIyetB.exe
  C:\Windows\System\SVIyetB.exe
  2⤵
  PID:3424
- C:\Windows\System\KuuOoey.exe
  C:\Windows\System\KuuOoey.exe
  2⤵
  PID:5924
- C:\Windows\System\IIzZQTE.exe
  C:\Windows\System\IIzZQTE.exe
  2⤵
  PID:3848
- C:\Windows\System\PTraEYA.exe
  C:\Windows\System\PTraEYA.exe
  2⤵
  PID:5268
- C:\Windows\System\NAgNIhf.exe
  C:\Windows\System\NAgNIhf.exe
  2⤵
  PID:4576
- C:\Windows\System\uKssRgP.exe
  C:\Windows\System\uKssRgP.exe
  2⤵
  PID:692
- C:\Windows\System\JNxQgnV.exe
  C:\Windows\System\JNxQgnV.exe
  2⤵
  PID:6168
- C:\Windows\System\AcjHUhA.exe
  C:\Windows\System\AcjHUhA.exe
  2⤵
  PID:6184
- C:\Windows\System\BIUpCiA.exe
  C:\Windows\System\BIUpCiA.exe
  2⤵
  PID:6204
- C:\Windows\System\gVsqkGU.exe
  C:\Windows\System\gVsqkGU.exe
  2⤵
  PID:6232
- C:\Windows\System\QMRMTbo.exe
  C:\Windows\System\QMRMTbo.exe
  2⤵
  PID:6280
- C:\Windows\System\uwakWmO.exe
  C:\Windows\System\uwakWmO.exe
  2⤵
  PID:6296
- C:\Windows\System\qPttMAn.exe
  C:\Windows\System\qPttMAn.exe
  2⤵
  PID:6320
- C:\Windows\System\DIVWGZj.exe
  C:\Windows\System\DIVWGZj.exe
  2⤵
  PID:6348
- C:\Windows\System\weRQMIt.exe
  C:\Windows\System\weRQMIt.exe
  2⤵
  PID:6372
- C:\Windows\System\qClORpV.exe
  C:\Windows\System\qClORpV.exe
  2⤵
  PID:6400
- C:\Windows\System\GrHyOQa.exe
  C:\Windows\System\GrHyOQa.exe
  2⤵
  PID:6480
- C:\Windows\System\hRchoXu.exe
  C:\Windows\System\hRchoXu.exe
  2⤵
  PID:6512
- C:\Windows\System\idWUhaG.exe
  C:\Windows\System\idWUhaG.exe
  2⤵
  PID:6532
- C:\Windows\System\FFPrPBO.exe
  C:\Windows\System\FFPrPBO.exe
  2⤵
  PID:6564
- C:\Windows\System\BUpLSMZ.exe
  C:\Windows\System\BUpLSMZ.exe
  2⤵
  PID:6592
- C:\Windows\System\fZwpIpL.exe
  C:\Windows\System\fZwpIpL.exe
  2⤵
  PID:6624
- C:\Windows\System\ZWOemJZ.exe
  C:\Windows\System\ZWOemJZ.exe
  2⤵
  PID:6644
- C:\Windows\System\gRJBDWl.exe
  C:\Windows\System\gRJBDWl.exe
  2⤵
  PID:6672
- C:\Windows\System\cFebeSL.exe
  C:\Windows\System\cFebeSL.exe
  2⤵
  PID:6688
- C:\Windows\System\vbvqKXR.exe
  C:\Windows\System\vbvqKXR.exe
  2⤵
  PID:6712
- C:\Windows\System\aaIoEJq.exe
  C:\Windows\System\aaIoEJq.exe
  2⤵
  PID:6732
- C:\Windows\System\YEXHjtB.exe
  C:\Windows\System\YEXHjtB.exe
  2⤵
  PID:6752
- C:\Windows\System\cnDULaa.exe
  C:\Windows\System\cnDULaa.exe
  2⤵
  PID:6776
- C:\Windows\System\FjxezWE.exe
  C:\Windows\System\FjxezWE.exe
  2⤵
  PID:6844
- C:\Windows\System\qSEfklX.exe
  C:\Windows\System\qSEfklX.exe
  2⤵
  PID:6876
- C:\Windows\System\YgPpSmw.exe
  C:\Windows\System\YgPpSmw.exe
  2⤵
  PID:6900
- C:\Windows\System\xcnwEmR.exe
  C:\Windows\System\xcnwEmR.exe
  2⤵
  PID:6916
- C:\Windows\System\bKLfXdJ.exe
  C:\Windows\System\bKLfXdJ.exe
  2⤵
  PID:6944
- C:\Windows\System\zrAodDF.exe
  C:\Windows\System\zrAodDF.exe
  2⤵
  PID:6960
- C:\Windows\System\YCNEycl.exe
  C:\Windows\System\YCNEycl.exe
  2⤵
  PID:6984
- C:\Windows\System\IXGcQHL.exe
  C:\Windows\System\IXGcQHL.exe
  2⤵
  PID:7008
- C:\Windows\System\thfagwY.exe
  C:\Windows\System\thfagwY.exe
  2⤵
  PID:7028
- C:\Windows\System\odQbbTP.exe
  C:\Windows\System\odQbbTP.exe
  2⤵
  PID:7060
- C:\Windows\System\PxKsfMq.exe
  C:\Windows\System\PxKsfMq.exe
  2⤵
  PID:7132
- C:\Windows\System\xQfqGvE.exe
  C:\Windows\System\xQfqGvE.exe
  2⤵
  PID:7160
- C:\Windows\System\hMchqUO.exe
  C:\Windows\System\hMchqUO.exe
  2⤵
  PID:5812
- C:\Windows\System\FpwRnIg.exe
  C:\Windows\System\FpwRnIg.exe
  2⤵
  PID:6164
- C:\Windows\System\yGUELoj.exe
  C:\Windows\System\yGUELoj.exe
  2⤵
  PID:5388
- C:\Windows\System\uCTrhmD.exe
  C:\Windows\System\uCTrhmD.exe
  2⤵
  PID:6252
- C:\Windows\System\yEWzxon.exe
  C:\Windows\System\yEWzxon.exe
  2⤵
  PID:6292
- C:\Windows\System\sAwoqqf.exe
  C:\Windows\System\sAwoqqf.exe
  2⤵
  PID:6316
- C:\Windows\System\mQydwNR.exe
  C:\Windows\System\mQydwNR.exe
  2⤵
  PID:6440
- C:\Windows\System\aGSBqex.exe
  C:\Windows\System\aGSBqex.exe
  2⤵
  PID:6492
- C:\Windows\System\APzzLsb.exe
  C:\Windows\System\APzzLsb.exe
  2⤵
  PID:6560
- C:\Windows\System\PovZZjF.exe
  C:\Windows\System\PovZZjF.exe
  2⤵
  PID:6640
- C:\Windows\System\WoeLmaj.exe
  C:\Windows\System\WoeLmaj.exe
  2⤵
  PID:5712
- C:\Windows\System\nxbHkjT.exe
  C:\Windows\System\nxbHkjT.exe
  2⤵
  PID:6744
- C:\Windows\System\UXnMXAK.exe
  C:\Windows\System\UXnMXAK.exe
  2⤵
  PID:6856
- C:\Windows\System\PQvTpka.exe
  C:\Windows\System\PQvTpka.exe
  2⤵
  PID:6892
- C:\Windows\System\jCIOjhT.exe
  C:\Windows\System\jCIOjhT.exe
  2⤵
  PID:6940
- C:\Windows\System\eJuVtTk.exe
  C:\Windows\System\eJuVtTk.exe
  2⤵
  PID:7044
- C:\Windows\System\eXidUqV.exe
  C:\Windows\System\eXidUqV.exe
  2⤵
  PID:6980
- C:\Windows\System\lmjRPEh.exe
  C:\Windows\System\lmjRPEh.exe
  2⤵
  PID:7128
- C:\Windows\System\PaxLkwS.exe
  C:\Windows\System\PaxLkwS.exe
  2⤵
  PID:7156
- C:\Windows\System\HZtEQXY.exe
  C:\Windows\System\HZtEQXY.exe
  2⤵
  PID:6152
- C:\Windows\System\NOgbUES.exe
  C:\Windows\System\NOgbUES.exe
  2⤵
  PID:6244
- C:\Windows\System\bwEHpbl.exe
  C:\Windows\System\bwEHpbl.exe
  2⤵
  PID:6660
- C:\Windows\System\yxVgXdE.exe
  C:\Windows\System\yxVgXdE.exe
  2⤵
  PID:5468
- C:\Windows\System\lCdzlAx.exe
  C:\Windows\System\lCdzlAx.exe
  2⤵
  PID:6636
- C:\Windows\System\YHBUGRz.exe
  C:\Windows\System\YHBUGRz.exe
  2⤵
  PID:6816
- C:\Windows\System\OIBoVuw.exe
  C:\Windows\System\OIBoVuw.exe
  2⤵
  PID:5512
- C:\Windows\System\azATvQp.exe
  C:\Windows\System\azATvQp.exe
  2⤵
  PID:6976
- C:\Windows\System\glCcVXL.exe
  C:\Windows\System\glCcVXL.exe
  2⤵
  PID:7152
- C:\Windows\System\FnGWefb.exe
  C:\Windows\System\FnGWefb.exe
  2⤵
  PID:6520
- C:\Windows\System\CXiQEeE.exe
  C:\Windows\System\CXiQEeE.exe
  2⤵
  PID:7184
- C:\Windows\System\utHIvey.exe
  C:\Windows\System\utHIvey.exe
  2⤵
  PID:7208
- C:\Windows\System\drfgYPk.exe
  C:\Windows\System\drfgYPk.exe
  2⤵
  PID:7252
- C:\Windows\System\bsPIBYh.exe
  C:\Windows\System\bsPIBYh.exe
  2⤵
  PID:7296
- C:\Windows\System\XRUoinA.exe
  C:\Windows\System\XRUoinA.exe
  2⤵
  PID:7324
- C:\Windows\System\OBNeTbj.exe
  C:\Windows\System\OBNeTbj.exe
  2⤵
  PID:7344
- C:\Windows\System\aKzZdkT.exe
  C:\Windows\System\aKzZdkT.exe
  2⤵
  PID:7364
- C:\Windows\System\LTtuJjv.exe
  C:\Windows\System\LTtuJjv.exe
  2⤵
  PID:7412
- C:\Windows\System\zLKASpD.exe
  C:\Windows\System\zLKASpD.exe
  2⤵
  PID:7428
- C:\Windows\System\dnxyvDa.exe
  C:\Windows\System\dnxyvDa.exe
  2⤵
  PID:7448
- C:\Windows\System\Oihpdli.exe
  C:\Windows\System\Oihpdli.exe
  2⤵
  PID:7484
- C:\Windows\System\hDhwfFJ.exe
  C:\Windows\System\hDhwfFJ.exe
  2⤵
  PID:7500
- C:\Windows\System\JfhhBUt.exe
  C:\Windows\System\JfhhBUt.exe
  2⤵
  PID:7524
- C:\Windows\System\InNyFfV.exe
  C:\Windows\System\InNyFfV.exe
  2⤵
  PID:7544
- C:\Windows\System\pydfjOI.exe
  C:\Windows\System\pydfjOI.exe
  2⤵
  PID:7560
- C:\Windows\System\UltOaLD.exe
  C:\Windows\System\UltOaLD.exe
  2⤵
  PID:7584
- C:\Windows\System\ugnxIwO.exe
  C:\Windows\System\ugnxIwO.exe
  2⤵
  PID:7604
- C:\Windows\System\bQMgzlY.exe
  C:\Windows\System\bQMgzlY.exe
  2⤵
  PID:7648
- C:\Windows\System\fhwblRi.exe
  C:\Windows\System\fhwblRi.exe
  2⤵
  PID:7668
- C:\Windows\System\mmRLxZs.exe
  C:\Windows\System\mmRLxZs.exe
  2⤵
  PID:7688
- C:\Windows\System\PCtazZi.exe
  C:\Windows\System\PCtazZi.exe
  2⤵
  PID:7748
- C:\Windows\System\zNJtGrj.exe
  C:\Windows\System\zNJtGrj.exe
  2⤵
  PID:7800
- C:\Windows\System\NmaWeXE.exe
  C:\Windows\System\NmaWeXE.exe
  2⤵
  PID:7820
- C:\Windows\System\MmvenkW.exe
  C:\Windows\System\MmvenkW.exe
  2⤵
  PID:7856
- C:\Windows\System\OkeXawh.exe
  C:\Windows\System\OkeXawh.exe
  2⤵
  PID:7876
- C:\Windows\System\gDkhzMg.exe
  C:\Windows\System\gDkhzMg.exe
  2⤵
  PID:7920
- C:\Windows\System\vXoOfpm.exe
  C:\Windows\System\vXoOfpm.exe
  2⤵
  PID:7952
- C:\Windows\System\rlUWhfu.exe
  C:\Windows\System\rlUWhfu.exe
  2⤵
  PID:7980
- C:\Windows\System\VxmJaiB.exe
  C:\Windows\System\VxmJaiB.exe
  2⤵
  PID:8000
- C:\Windows\System\hWwdwSY.exe
  C:\Windows\System\hWwdwSY.exe
  2⤵
  PID:8032
- C:\Windows\System\HUJmLhs.exe
  C:\Windows\System\HUJmLhs.exe
  2⤵
  PID:8060
- C:\Windows\System\qfvsDUe.exe
  C:\Windows\System\qfvsDUe.exe
  2⤵
  PID:8080
- C:\Windows\System\fVvryBm.exe
  C:\Windows\System\fVvryBm.exe
  2⤵
  PID:8096
- C:\Windows\System\DYwSZQg.exe
  C:\Windows\System\DYwSZQg.exe
  2⤵
  PID:8136
- C:\Windows\System\NoHsxVz.exe
  C:\Windows\System\NoHsxVz.exe
  2⤵
  PID:8156
- C:\Windows\System\kjHBdzp.exe
  C:\Windows\System\kjHBdzp.exe
  2⤵
  PID:8188
- C:\Windows\System\dWcxgpH.exe
  C:\Windows\System\dWcxgpH.exe
  2⤵
  PID:6952
- C:\Windows\System\iduYJhh.exe
  C:\Windows\System\iduYJhh.exe
  2⤵
  PID:6760
- C:\Windows\System\wfAvctS.exe
  C:\Windows\System\wfAvctS.exe
  2⤵
  PID:7228
- C:\Windows\System\RiRgwSX.exe
  C:\Windows\System\RiRgwSX.exe
  2⤵
  PID:7292
- C:\Windows\System\LJwrRpy.exe
  C:\Windows\System\LJwrRpy.exe
  2⤵
  PID:7336
- C:\Windows\System\BVmXGHP.exe
  C:\Windows\System\BVmXGHP.exe
  2⤵
  PID:7360
- C:\Windows\System\dczZdXd.exe
  C:\Windows\System\dczZdXd.exe
  2⤵
  PID:7472
- C:\Windows\System\GXLvBhd.exe
  C:\Windows\System\GXLvBhd.exe
  2⤵
  PID:7556
- C:\Windows\System\EohIFQh.exe
  C:\Windows\System\EohIFQh.exe
  2⤵
  PID:7552
- C:\Windows\System\uGRAFFU.exe
  C:\Windows\System\uGRAFFU.exe
  2⤵
  PID:7660
- C:\Windows\System\nSvlGaE.exe
  C:\Windows\System\nSvlGaE.exe
  2⤵
  PID:7680
- C:\Windows\System\eQNwOUF.exe
  C:\Windows\System\eQNwOUF.exe
  2⤵
  PID:7796
- C:\Windows\System\mcrLqKr.exe
  C:\Windows\System\mcrLqKr.exe
  2⤵
  PID:7908
- C:\Windows\System\RnBqmHt.exe
  C:\Windows\System\RnBqmHt.exe
  2⤵
  PID:7960
- C:\Windows\System\CmtRvUZ.exe
  C:\Windows\System\CmtRvUZ.exe
  2⤵
  PID:8012
- C:\Windows\System\hlYgEka.exe
  C:\Windows\System\hlYgEka.exe
  2⤵
  PID:8116
- C:\Windows\System\DitfkWA.exe
  C:\Windows\System\DitfkWA.exe
  2⤵
  PID:8092
- C:\Windows\System\pGeiTWN.exe
  C:\Windows\System\pGeiTWN.exe
  2⤵
  PID:6884
- C:\Windows\System\uiubuei.exe
  C:\Windows\System\uiubuei.exe
  2⤵
  PID:7196
- C:\Windows\System\GkSdoyA.exe
  C:\Windows\System\GkSdoyA.exe
  2⤵
  PID:7388
- C:\Windows\System\zZaFAHd.exe
  C:\Windows\System\zZaFAHd.exe
  2⤵
  PID:7520
- C:\Windows\System\Cgrmxce.exe
  C:\Windows\System\Cgrmxce.exe
  2⤵
  PID:7640
- C:\Windows\System\CwCndZz.exe
  C:\Windows\System\CwCndZz.exe
  2⤵
  PID:7744
- C:\Windows\System\GvxDjew.exe
  C:\Windows\System\GvxDjew.exe
  2⤵
  PID:7892
- C:\Windows\System\agummIt.exe
  C:\Windows\System\agummIt.exe
  2⤵
  PID:7992
- C:\Windows\System\IAdoHcT.exe
  C:\Windows\System\IAdoHcT.exe
  2⤵
  PID:7320
- C:\Windows\System\fRFIZJm.exe
  C:\Windows\System\fRFIZJm.exe
  2⤵
  PID:2276
- C:\Windows\System\TZMDrlZ.exe
  C:\Windows\System\TZMDrlZ.exe
  2⤵
  PID:7932
- C:\Windows\System\ftPtSSu.exe
  C:\Windows\System\ftPtSSu.exe
  2⤵
  PID:7200
- C:\Windows\System\YWxPoJb.exe
  C:\Windows\System\YWxPoJb.exe
  2⤵
  PID:7576
- C:\Windows\System\SkQeSXW.exe
  C:\Windows\System\SkQeSXW.exe
  2⤵
  PID:8212
- C:\Windows\System\LfiDplR.exe
  C:\Windows\System\LfiDplR.exe
  2⤵
  PID:8236
- C:\Windows\System\AmeLluF.exe
  C:\Windows\System\AmeLluF.exe
  2⤵
  PID:8256
- C:\Windows\System\ZHTLJUl.exe
  C:\Windows\System\ZHTLJUl.exe
  2⤵
  PID:8276
- C:\Windows\System\rtyVDep.exe
  C:\Windows\System\rtyVDep.exe
  2⤵
  PID:8300
- C:\Windows\System\oknhkgw.exe
  C:\Windows\System\oknhkgw.exe
  2⤵
  PID:8328
- C:\Windows\System\SDPJjNk.exe
  C:\Windows\System\SDPJjNk.exe
  2⤵
  PID:8368
- C:\Windows\System\wNtKDiJ.exe
  C:\Windows\System\wNtKDiJ.exe
  2⤵
  PID:8412
- C:\Windows\System\LjCGbqf.exe
  C:\Windows\System\LjCGbqf.exe
  2⤵
  PID:8440
- C:\Windows\System\CSscUgP.exe
  C:\Windows\System\CSscUgP.exe
  2⤵
  PID:8468
- C:\Windows\System\OyTBqVN.exe
  C:\Windows\System\OyTBqVN.exe
  2⤵
  PID:8488
- C:\Windows\System\OxxnrVt.exe
  C:\Windows\System\OxxnrVt.exe
  2⤵
  PID:8528
- C:\Windows\System\ZPtHKSr.exe
  C:\Windows\System\ZPtHKSr.exe
  2⤵
  PID:8544
- C:\Windows\System\HHUmHCR.exe
  C:\Windows\System\HHUmHCR.exe
  2⤵
  PID:8564
- C:\Windows\System\DiIlMZX.exe
  C:\Windows\System\DiIlMZX.exe
  2⤵
  PID:8588
- C:\Windows\System\XLfDweS.exe
  C:\Windows\System\XLfDweS.exe
  2⤵
  PID:8608
- C:\Windows\System\IXteNMG.exe
  C:\Windows\System\IXteNMG.exe
  2⤵
  PID:8636
- C:\Windows\System\xTYESgS.exe
  C:\Windows\System\xTYESgS.exe
  2⤵
  PID:8664
- C:\Windows\System\OPhweIg.exe
  C:\Windows\System\OPhweIg.exe
  2⤵
  PID:8680
- C:\Windows\System\sjlOxVL.exe
  C:\Windows\System\sjlOxVL.exe
  2⤵
  PID:8712
- C:\Windows\System\SRdyPtN.exe
  C:\Windows\System\SRdyPtN.exe
  2⤵
  PID:8760
- C:\Windows\System\wAVgvSw.exe
  C:\Windows\System\wAVgvSw.exe
  2⤵
  PID:8780
- C:\Windows\System\udNcaRq.exe
  C:\Windows\System\udNcaRq.exe
  2⤵
  PID:8828
- C:\Windows\System\oJKleJj.exe
  C:\Windows\System\oJKleJj.exe
  2⤵
  PID:8860
- C:\Windows\System\DxIzzKQ.exe
  C:\Windows\System\DxIzzKQ.exe
  2⤵
  PID:8876
- C:\Windows\System\HPOpcnu.exe
  C:\Windows\System\HPOpcnu.exe
  2⤵
  PID:8900
- C:\Windows\System\INOknsf.exe
  C:\Windows\System\INOknsf.exe
  2⤵
  PID:8924
- C:\Windows\System\YMnYdsE.exe
  C:\Windows\System\YMnYdsE.exe
  2⤵
  PID:8956
- C:\Windows\System\uQIUQYh.exe
  C:\Windows\System\uQIUQYh.exe
  2⤵
  PID:9012
- C:\Windows\System\sGKIKhi.exe
  C:\Windows\System\sGKIKhi.exe
  2⤵
  PID:9028
- C:\Windows\System\WJrYLkA.exe
  C:\Windows\System\WJrYLkA.exe
  2⤵
  PID:9060
- C:\Windows\System\LbsRJts.exe
  C:\Windows\System\LbsRJts.exe
  2⤵
  PID:9080
- C:\Windows\System\QKBitwQ.exe
  C:\Windows\System\QKBitwQ.exe
  2⤵
  PID:9100
- C:\Windows\System\gOoXtYK.exe
  C:\Windows\System\gOoXtYK.exe
  2⤵
  PID:9136
- C:\Windows\System\bNUrBHv.exe
  C:\Windows\System\bNUrBHv.exe
  2⤵
  PID:9156
- C:\Windows\System\syvefZo.exe
  C:\Windows\System\syvefZo.exe
  2⤵
  PID:9176
- C:\Windows\System\fARAKhX.exe
  C:\Windows\System\fARAKhX.exe
  2⤵
  PID:9208
- C:\Windows\System\mVXxASN.exe
  C:\Windows\System\mVXxASN.exe
  2⤵
  PID:8204
- C:\Windows\System\WCTqLhN.exe
  C:\Windows\System\WCTqLhN.exe
  2⤵
  PID:8308
- C:\Windows\System\gOjGPXQ.exe
  C:\Windows\System\gOjGPXQ.exe
  2⤵
  PID:8320
- C:\Windows\System\djcAIvT.exe
  C:\Windows\System\djcAIvT.exe
  2⤵
  PID:8364
- C:\Windows\System\cfQrxzm.exe
  C:\Windows\System\cfQrxzm.exe
  2⤵
  PID:8432
- C:\Windows\System\MSjFONh.exe
  C:\Windows\System\MSjFONh.exe
  2⤵
  PID:8584
- C:\Windows\System\AhLlpJr.exe
  C:\Windows\System\AhLlpJr.exe
  2⤵
  PID:8756
- C:\Windows\System\HvYUCDF.exe
  C:\Windows\System\HvYUCDF.exe
  2⤵
  PID:8800
- C:\Windows\System\WKmTBop.exe
  C:\Windows\System\WKmTBop.exe
  2⤵
  PID:8884
- C:\Windows\System\dALHSKj.exe
  C:\Windows\System\dALHSKj.exe
  2⤵
  PID:8968
- C:\Windows\System\PIzFfPy.exe
  C:\Windows\System\PIzFfPy.exe
  2⤵
  PID:9024
- C:\Windows\System\hBUPBJk.exe
  C:\Windows\System\hBUPBJk.exe
  2⤵
  PID:9132
- C:\Windows\System\waAbept.exe
  C:\Windows\System\waAbept.exe
  2⤵
  PID:9184
- C:\Windows\System\PQTwJTd.exe
  C:\Windows\System\PQTwJTd.exe
  2⤵
  PID:8348
- C:\Windows\System\ZwmEuch.exe
  C:\Windows\System\ZwmEuch.exe
  2⤵
  PID:8456
- C:\Windows\System\lHETiPe.exe
  C:\Windows\System\lHETiPe.exe
  2⤵
  PID:8772
- C:\Windows\System\mETlRon.exe
  C:\Windows\System\mETlRon.exe
  2⤵
  PID:8920
- C:\Windows\System\bvyVRpb.exe
  C:\Windows\System\bvyVRpb.exe
  2⤵
  PID:9092
- C:\Windows\System\mGxUuiX.exe
  C:\Windows\System\mGxUuiX.exe
  2⤵
  PID:8408
- C:\Windows\System\VwtyVHS.exe
  C:\Windows\System\VwtyVHS.exe
  2⤵
  PID:8872
- C:\Windows\System\UPantpg.exe
  C:\Windows\System\UPantpg.exe
  2⤵
  PID:8740
- C:\Windows\System\djePTWb.exe
  C:\Windows\System\djePTWb.exe
  2⤵
  PID:8420
- C:\Windows\System\sfZbfPl.exe
  C:\Windows\System\sfZbfPl.exe
  2⤵
  PID:9248
- C:\Windows\System\vNqlDmE.exe
  C:\Windows\System\vNqlDmE.exe
  2⤵
  PID:9276
- C:\Windows\System\WRhTZfX.exe
  C:\Windows\System\WRhTZfX.exe
  2⤵
  PID:9292
- C:\Windows\System\MTuydxr.exe
  C:\Windows\System\MTuydxr.exe
  2⤵
  PID:9312
- C:\Windows\System\ePHOohH.exe
  C:\Windows\System\ePHOohH.exe
  2⤵
  PID:9360
- C:\Windows\System\WWIrTPp.exe
  C:\Windows\System\WWIrTPp.exe
  2⤵
  PID:9408
- C:\Windows\System\LCvXSKQ.exe
  C:\Windows\System\LCvXSKQ.exe
  2⤵
  PID:9432
- C:\Windows\System\ziropRI.exe
  C:\Windows\System\ziropRI.exe
  2⤵
  PID:9460
- C:\Windows\System\erYezsI.exe
  C:\Windows\System\erYezsI.exe
  2⤵
  PID:9492
- C:\Windows\System\gQuycqG.exe
  C:\Windows\System\gQuycqG.exe
  2⤵
  PID:9512
- C:\Windows\System\RaRnXRu.exe
  C:\Windows\System\RaRnXRu.exe
  2⤵
  PID:9544
- C:\Windows\System\RcqLiiN.exe
  C:\Windows\System\RcqLiiN.exe
  2⤵
  PID:9560
- C:\Windows\System\XJbrVik.exe
  C:\Windows\System\XJbrVik.exe
  2⤵
  PID:9580
- C:\Windows\System\jVGOzfV.exe
  C:\Windows\System\jVGOzfV.exe
  2⤵
  PID:9624
- C:\Windows\System\OPDcbmH.exe
  C:\Windows\System\OPDcbmH.exe
  2⤵
  PID:9644
- C:\Windows\System\YbUfGhe.exe
  C:\Windows\System\YbUfGhe.exe
  2⤵
  PID:9676
- C:\Windows\System\lJVKUia.exe
  C:\Windows\System\lJVKUia.exe
  2⤵
  PID:9696
- C:\Windows\System\ZvfEcAp.exe
  C:\Windows\System\ZvfEcAp.exe
  2⤵
  PID:9744
- C:\Windows\System\EazMtgr.exe
  C:\Windows\System\EazMtgr.exe
  2⤵
  PID:9772
- C:\Windows\System\grLJfzH.exe
  C:\Windows\System\grLJfzH.exe
  2⤵
  PID:9788
- C:\Windows\System\LaAskhz.exe
  C:\Windows\System\LaAskhz.exe
  2⤵
  PID:9824
- C:\Windows\System\HbxLpSr.exe
  C:\Windows\System\HbxLpSr.exe
  2⤵
  PID:9844
- C:\Windows\System\sFYuVuH.exe
  C:\Windows\System\sFYuVuH.exe
  2⤵
  PID:9880
- C:\Windows\System\figAGXD.exe
  C:\Windows\System\figAGXD.exe
  2⤵
  PID:9904
- C:\Windows\System\UfVdoaP.exe
  C:\Windows\System\UfVdoaP.exe
  2⤵
  PID:9920
- C:\Windows\System\HPhiqdh.exe
  C:\Windows\System\HPhiqdh.exe
  2⤵
  PID:9972
- C:\Windows\System\XOlqQsE.exe
  C:\Windows\System\XOlqQsE.exe
  2⤵
  PID:9988
- C:\Windows\System\SOtedbe.exe
  C:\Windows\System\SOtedbe.exe
  2⤵
  PID:10012
- C:\Windows\System\kDVGcTi.exe
  C:\Windows\System\kDVGcTi.exe
  2⤵
  PID:10036
- C:\Windows\System\VfgbTYE.exe
  C:\Windows\System\VfgbTYE.exe
  2⤵
  PID:10080
- C:\Windows\System\TsOcWlS.exe
  C:\Windows\System\TsOcWlS.exe
  2⤵
  PID:10120
- C:\Windows\System\VqOqFhK.exe
  C:\Windows\System\VqOqFhK.exe
  2⤵
  PID:10140
- C:\Windows\System\BsgHjdm.exe
  C:\Windows\System\BsgHjdm.exe
  2⤵
  PID:10160
- C:\Windows\System\lbdPqSs.exe
  C:\Windows\System\lbdPqSs.exe
  2⤵
  PID:10200
- C:\Windows\System\JHVnesr.exe
  C:\Windows\System\JHVnesr.exe
  2⤵
  PID:10228
- C:\Windows\System\KQkWeZE.exe
  C:\Windows\System\KQkWeZE.exe
  2⤵
  PID:9228
- C:\Windows\System\bqpsgck.exe
  C:\Windows\System\bqpsgck.exe
  2⤵
  PID:9288
- C:\Windows\System\pVzdZah.exe
  C:\Windows\System\pVzdZah.exe
  2⤵
  PID:9392
- C:\Windows\System\sohNIbL.exe
  C:\Windows\System\sohNIbL.exe
  2⤵
  PID:9452
- C:\Windows\System\cZnjrDI.exe
  C:\Windows\System\cZnjrDI.exe
  2⤵
  PID:9424
- C:\Windows\System\AlczZNn.exe
  C:\Windows\System\AlczZNn.exe
  2⤵
  PID:9536
- C:\Windows\System\ecsFOPo.exe
  C:\Windows\System\ecsFOPo.exe
  2⤵
  PID:9608
- C:\Windows\System\RDUgHTo.exe
  C:\Windows\System\RDUgHTo.exe
  2⤵
  PID:9688
- C:\Windows\System\FuKmzTj.exe
  C:\Windows\System\FuKmzTj.exe
  2⤵
  PID:9760
- C:\Windows\System\MPaZGUM.exe
  C:\Windows\System\MPaZGUM.exe
  2⤵
  PID:9864
- C:\Windows\System\IIYRXIa.exe
  C:\Windows\System\IIYRXIa.exe
  2⤵
  PID:9860
- C:\Windows\System\fSKMfjO.exe
  C:\Windows\System\fSKMfjO.exe
  2⤵
  PID:9940
- C:\Windows\System\eaDNGqr.exe
  C:\Windows\System\eaDNGqr.exe
  2⤵
  PID:10004
- C:\Windows\System\xmJfJoy.exe
  C:\Windows\System\xmJfJoy.exe
  2⤵
  PID:10032
- C:\Windows\System\UMazMmw.exe
  C:\Windows\System\UMazMmw.exe
  2⤵
  PID:10168
- C:\Windows\System\ceflNIP.exe
  C:\Windows\System\ceflNIP.exe
  2⤵
  PID:10220
- C:\Windows\System\JLtXHLn.exe
  C:\Windows\System\JLtXHLn.exe
  2⤵
  PID:9240
- C:\Windows\System\JIiKCgH.exe
  C:\Windows\System\JIiKCgH.exe
  2⤵
  PID:9304
- C:\Windows\System\FKKfGgv.exe
  C:\Windows\System\FKKfGgv.exe
  2⤵
  PID:9508
- C:\Windows\System\rjNAeDD.exe
  C:\Windows\System\rjNAeDD.exe
  2⤵
  PID:9672
- C:\Windows\System\VscfXQy.exe
  C:\Windows\System\VscfXQy.exe
  2⤵
  PID:9784
- C:\Windows\System\YXuwNVG.exe
  C:\Windows\System\YXuwNVG.exe
  2⤵
  PID:9964
- C:\Windows\System\wHDzIOi.exe
  C:\Windows\System\wHDzIOi.exe
  2⤵
  PID:10060
- C:\Windows\System\nuroNRH.exe
  C:\Windows\System\nuroNRH.exe
  2⤵
  PID:9268
- C:\Windows\System\zImFJMd.exe
  C:\Windows\System\zImFJMd.exe
  2⤵
  PID:10020
- C:\Windows\System\WDZQcQr.exe
  C:\Windows\System\WDZQcQr.exe
  2⤵
  PID:8536
- C:\Windows\System\zWovhMO.exe
  C:\Windows\System\zWovhMO.exe
  2⤵
  PID:10256
- C:\Windows\System\LCIOCSr.exe
  C:\Windows\System\LCIOCSr.exe
  2⤵
  PID:10272
- C:\Windows\System\JjKOgna.exe
  C:\Windows\System\JjKOgna.exe
  2⤵
  PID:10296
- C:\Windows\System\arEkzOh.exe
  C:\Windows\System\arEkzOh.exe
  2⤵
  PID:10336
- C:\Windows\System\mIvOKoV.exe
  C:\Windows\System\mIvOKoV.exe
  2⤵
  PID:10356
- C:\Windows\System\IDRBSFn.exe
  C:\Windows\System\IDRBSFn.exe
  2⤵
  PID:10388
- C:\Windows\System\qsqIDwL.exe
  C:\Windows\System\qsqIDwL.exe
  2⤵
  PID:10404
- C:\Windows\System\EHLJNrq.exe
  C:\Windows\System\EHLJNrq.exe
  2⤵
  PID:10424
- C:\Windows\System\kOXiRrV.exe
  C:\Windows\System\kOXiRrV.exe
  2⤵
  PID:10476
- C:\Windows\System\vQSfGaa.exe
  C:\Windows\System\vQSfGaa.exe
  2⤵
  PID:10504
- C:\Windows\System\hLkIskL.exe
  C:\Windows\System\hLkIskL.exe
  2⤵
  PID:10532
- C:\Windows\System\hwYQRoh.exe
  C:\Windows\System\hwYQRoh.exe
  2⤵
  PID:10552
- C:\Windows\System\VWDsPHS.exe
  C:\Windows\System\VWDsPHS.exe
  2⤵
  PID:10572
- C:\Windows\System\XyRvrRC.exe
  C:\Windows\System\XyRvrRC.exe
  2⤵
  PID:10608
- C:\Windows\System\kgWtbZc.exe
  C:\Windows\System\kgWtbZc.exe
  2⤵
  PID:10648
- C:\Windows\System\qiOclhq.exe
  C:\Windows\System\qiOclhq.exe
  2⤵
  PID:10676
- C:\Windows\System\tNCRGvg.exe
  C:\Windows\System\tNCRGvg.exe
  2⤵
  PID:10712
- C:\Windows\System\ylzFFlH.exe
  C:\Windows\System\ylzFFlH.exe
  2⤵
  PID:10732
- C:\Windows\System\lpokyKx.exe
  C:\Windows\System\lpokyKx.exe
  2⤵
  PID:10780
- C:\Windows\System\TTLgGmQ.exe
  C:\Windows\System\TTLgGmQ.exe
  2⤵
  PID:10804
- C:\Windows\System\KkulnYG.exe
  C:\Windows\System\KkulnYG.exe
  2⤵
  PID:10824
- C:\Windows\System\DbhRStH.exe
  C:\Windows\System\DbhRStH.exe
  2⤵
  PID:10848
- C:\Windows\System\KAIiXUW.exe
  C:\Windows\System\KAIiXUW.exe
  2⤵
  PID:10868
- C:\Windows\System\zAyMuxz.exe
  C:\Windows\System\zAyMuxz.exe
  2⤵
  PID:10896
- C:\Windows\System\BllrtMl.exe
  C:\Windows\System\BllrtMl.exe
  2⤵
  PID:10940
- C:\Windows\System\vyioGcz.exe
  C:\Windows\System\vyioGcz.exe
  2⤵
  PID:10960
- C:\Windows\System\qKGCdti.exe
  C:\Windows\System\qKGCdti.exe
  2⤵
  PID:10988
- C:\Windows\System\NNsmPfx.exe
  C:\Windows\System\NNsmPfx.exe
  2⤵
  PID:11032
- C:\Windows\System\wtDfXGw.exe
  C:\Windows\System\wtDfXGw.exe
  2⤵
  PID:11064
- C:\Windows\System\UzIusJR.exe
  C:\Windows\System\UzIusJR.exe
  2⤵
  PID:11084
- C:\Windows\System\GTGthvZ.exe
  C:\Windows\System\GTGthvZ.exe
  2⤵
  PID:11104
- C:\Windows\System\wkBQjOr.exe
  C:\Windows\System\wkBQjOr.exe
  2⤵
  PID:11132
- C:\Windows\System\WYGuLdQ.exe
  C:\Windows\System\WYGuLdQ.exe
  2⤵
  PID:11168
- C:\Windows\System\nZTdioY.exe
  C:\Windows\System\nZTdioY.exe
  2⤵
  PID:11184
- C:\Windows\System\tdRDaTF.exe
  C:\Windows\System\tdRDaTF.exe
  2⤵
  PID:11208
- C:\Windows\System\YpNvFZQ.exe
  C:\Windows\System\YpNvFZQ.exe
  2⤵
  PID:11228
- C:\Windows\System\FyfnHdD.exe
  C:\Windows\System\FyfnHdD.exe
  2⤵
  PID:11248
- C:\Windows\System\HNuxasV.exe
  C:\Windows\System\HNuxasV.exe
  2⤵
  PID:10216
- C:\Windows\System\ZLjcjrc.exe
  C:\Windows\System\ZLjcjrc.exe
  2⤵
  PID:9620
- C:\Windows\System\LYkkYdr.exe
  C:\Windows\System\LYkkYdr.exe
  2⤵
  PID:10312
- C:\Windows\System\zucIdgg.exe
  C:\Windows\System\zucIdgg.exe
  2⤵
  PID:10348
- C:\Windows\System\kmMTxzj.exe
  C:\Windows\System\kmMTxzj.exe
  2⤵
  PID:10416
- C:\Windows\System\iTNbFUO.exe
  C:\Windows\System\iTNbFUO.exe
  2⤵
  PID:10436
- C:\Windows\System\Spkyndw.exe
  C:\Windows\System\Spkyndw.exe
  2⤵
  PID:10548
- C:\Windows\System\eIEDIro.exe
  C:\Windows\System\eIEDIro.exe
  2⤵
  PID:10600
- C:\Windows\System\ChMCOnY.exe
  C:\Windows\System\ChMCOnY.exe
  2⤵
  PID:10692
- C:\Windows\System\sdifFaA.exe
  C:\Windows\System\sdifFaA.exe
  2⤵
  PID:10740
- C:\Windows\System\bndBozg.exe
  C:\Windows\System\bndBozg.exe
  2⤵
  PID:10892
- C:\Windows\System\djwWScF.exe
  C:\Windows\System\djwWScF.exe
  2⤵
  PID:11024
- C:\Windows\System\laxFHNC.exe
  C:\Windows\System\laxFHNC.exe
  2⤵
  PID:11040
- C:\Windows\System\qXTruya.exe
  C:\Windows\System\qXTruya.exe
  2⤵
  PID:11112
- C:\Windows\System\LFJhRWz.exe
  C:\Windows\System\LFJhRWz.exe
  2⤵
  PID:11144
- C:\Windows\System\gcpWgab.exe
  C:\Windows\System\gcpWgab.exe
  2⤵
  PID:11220
- C:\Windows\System\ZsulFDp.exe
  C:\Windows\System\ZsulFDp.exe
  2⤵
  PID:11260
- C:\Windows\System\kuYZfeh.exe
  C:\Windows\System\kuYZfeh.exe
  2⤵
  PID:9896
- C:\Windows\System\jwfrHDa.exe
  C:\Windows\System\jwfrHDa.exe
  2⤵
  PID:10524
- C:\Windows\System\rIeCMUc.exe
  C:\Windows\System\rIeCMUc.exe
  2⤵
  PID:10420
- C:\Windows\System\fcfgMyV.exe
  C:\Windows\System\fcfgMyV.exe
  2⤵
  PID:10772
- C:\Windows\System\RVvVNYM.exe
  C:\Windows\System\RVvVNYM.exe
  2⤵
  PID:10984
- C:\Windows\System\IfgvBWE.exe
  C:\Windows\System\IfgvBWE.exe
  2⤵
  PID:11096
- C:\Windows\System\bCbIoSk.exe
  C:\Windows\System\bCbIoSk.exe
  2⤵
  PID:9836
- C:\Windows\System\zNKFVak.exe
  C:\Windows\System\zNKFVak.exe
  2⤵
  PID:10380
- C:\Windows\System\rkkxeRW.exe
  C:\Windows\System\rkkxeRW.exe
  2⤵
  PID:10884
- C:\Windows\System\iBGQRBi.exe
  C:\Windows\System\iBGQRBi.exe
  2⤵
  PID:11124
- C:\Windows\System\GBeLGZr.exe
  C:\Windows\System\GBeLGZr.exe
  2⤵
  PID:11284
- C:\Windows\System\ZlnDRYV.exe
  C:\Windows\System\ZlnDRYV.exe
  2⤵
  PID:11316
- C:\Windows\System\AVYYKEL.exe
  C:\Windows\System\AVYYKEL.exe
  2⤵
  PID:11344
- C:\Windows\System\imysvIu.exe
  C:\Windows\System\imysvIu.exe
  2⤵
  PID:11368
- C:\Windows\System\RTOMQES.exe
  C:\Windows\System\RTOMQES.exe
  2⤵
  PID:11388
- C:\Windows\System\IagWUmL.exe
  C:\Windows\System\IagWUmL.exe
  2⤵
  PID:11404
- C:\Windows\System\XBrWfuz.exe
  C:\Windows\System\XBrWfuz.exe
  2⤵
  PID:11428
- C:\Windows\System\eDsqFyx.exe
  C:\Windows\System\eDsqFyx.exe
  2⤵
  PID:11452
- C:\Windows\System\AsqsDPm.exe
  C:\Windows\System\AsqsDPm.exe
  2⤵
  PID:11472
- C:\Windows\System\cuVEYnY.exe
  C:\Windows\System\cuVEYnY.exe
  2⤵
  PID:11532
- C:\Windows\System\ctrHwCA.exe
  C:\Windows\System\ctrHwCA.exe
  2⤵
  PID:11580
- C:\Windows\System\qzDVski.exe
  C:\Windows\System\qzDVski.exe
  2⤵
  PID:11608
- C:\Windows\System\LzGeghG.exe
  C:\Windows\System\LzGeghG.exe
  2⤵
  PID:11632
- C:\Windows\System\jwVyWVm.exe
  C:\Windows\System\jwVyWVm.exe
  2⤵
  PID:11652
- C:\Windows\System\ETDEqVz.exe
  C:\Windows\System\ETDEqVz.exe
  2⤵
  PID:11692
- C:\Windows\System\uKuKvYb.exe
  C:\Windows\System\uKuKvYb.exe
  2⤵
  PID:11744
- C:\Windows\System\ZrVLVat.exe
  C:\Windows\System\ZrVLVat.exe
  2⤵
  PID:11820
- C:\Windows\System\PitvYBe.exe
  C:\Windows\System\PitvYBe.exe
  2⤵
  PID:11840
- C:\Windows\System\BJkEHGc.exe
  C:\Windows\System\BJkEHGc.exe
  2⤵
  PID:11916
- C:\Windows\System\ObBdcvD.exe
  C:\Windows\System\ObBdcvD.exe
  2⤵
  PID:11932
- C:\Windows\System\ygVvIBy.exe
  C:\Windows\System\ygVvIBy.exe
  2⤵
  PID:11948
- C:\Windows\System\JdalUyw.exe
  C:\Windows\System\JdalUyw.exe
  2⤵
  PID:11964
- C:\Windows\System\shVgCRw.exe
  C:\Windows\System\shVgCRw.exe
  2⤵
  PID:11984
- C:\Windows\System\MKhmvjm.exe
  C:\Windows\System\MKhmvjm.exe
  2⤵
  PID:12000
- C:\Windows\System\kYbNhFs.exe
  C:\Windows\System\kYbNhFs.exe
  2⤵
  PID:12016
- C:\Windows\System\yjkPRNC.exe
  C:\Windows\System\yjkPRNC.exe
  2⤵
  PID:12032
- C:\Windows\System\HIEwhsv.exe
  C:\Windows\System\HIEwhsv.exe
  2⤵
  PID:12052
- C:\Windows\System\VVynmgY.exe
  C:\Windows\System\VVynmgY.exe
  2⤵
  PID:12068
- C:\Windows\System\tnCcjhv.exe
  C:\Windows\System\tnCcjhv.exe
  2⤵
  PID:12084
- C:\Windows\System\adLVxeO.exe
  C:\Windows\System\adLVxeO.exe
  2⤵
  PID:12176
- C:\Windows\System\ikkvcpv.exe
  C:\Windows\System\ikkvcpv.exe
  2⤵
  PID:12216
- C:\Windows\System\tJHCJIM.exe
  C:\Windows\System\tJHCJIM.exe
  2⤵
  PID:12236
- C:\Windows\System\omUHEtm.exe
  C:\Windows\System\omUHEtm.exe
  2⤵
  PID:12280
- C:\Windows\System\oupeHde.exe
  C:\Windows\System\oupeHde.exe
  2⤵
  PID:10756
- C:\Windows\System\fezeMji.exe
  C:\Windows\System\fezeMji.exe
  2⤵
  PID:11308
- C:\Windows\System\BYgzjCw.exe
  C:\Windows\System\BYgzjCw.exe
  2⤵
  PID:11400
- C:\Windows\System\IBWPalV.exe
  C:\Windows\System\IBWPalV.exe
  2⤵
  PID:11488
- C:\Windows\System\olfpZXN.exe
  C:\Windows\System\olfpZXN.exe
  2⤵
  PID:11560
- C:\Windows\System\lCyjWTX.exe
  C:\Windows\System\lCyjWTX.exe
  2⤵
  PID:11604
- C:\Windows\System\slHZfLJ.exe
  C:\Windows\System\slHZfLJ.exe
  2⤵
  PID:11664
- C:\Windows\System\QEwddNL.exe
  C:\Windows\System\QEwddNL.exe
  2⤵
  PID:11688
- C:\Windows\System\BTwGYBy.exe
  C:\Windows\System\BTwGYBy.exe
  2⤵
  PID:11760
- C:\Windows\System\LqiszAx.exe
  C:\Windows\System\LqiszAx.exe
  2⤵
  PID:11772
- C:\Windows\System\qXTgule.exe
  C:\Windows\System\qXTgule.exe
  2⤵
  PID:11804
- C:\Windows\System\FwRRoVb.exe
  C:\Windows\System\FwRRoVb.exe
  2⤵
  PID:11944
- C:\Windows\System\uiYSOrx.exe
  C:\Windows\System\uiYSOrx.exe
  2⤵
  PID:11996
- C:\Windows\System\EdcEJgE.exe
  C:\Windows\System\EdcEJgE.exe
  2⤵
  PID:12024
- C:\Windows\System\rvCRLgK.exe
  C:\Windows\System\rvCRLgK.exe
  2⤵
  PID:11800
- C:\Windows\System\MoKomTC.exe
  C:\Windows\System\MoKomTC.exe
  2⤵
  PID:11904
- C:\Windows\System\MUtjmUw.exe
  C:\Windows\System\MUtjmUw.exe
  2⤵
  PID:12108
- C:\Windows\System\kmWQLer.exe
  C:\Windows\System\kmWQLer.exe
  2⤵
  PID:12064
- C:\Windows\System\opEpVEp.exe
  C:\Windows\System\opEpVEp.exe
  2⤵
  PID:12132
- C:\Windows\System\RDSTrEF.exe
  C:\Windows\System\RDSTrEF.exe
  2⤵
  PID:12160
- C:\Windows\System\TLdIQWt.exe
  C:\Windows\System\TLdIQWt.exe
  2⤵
  PID:10332
- C:\Windows\System\YFTTwir.exe
  C:\Windows\System\YFTTwir.exe
  2⤵
  PID:10976
- C:\Windows\System\RcZtOIJ.exe
  C:\Windows\System\RcZtOIJ.exe
  2⤵
  PID:11524
- C:\Windows\System\gkmsGHK.exe
  C:\Windows\System\gkmsGHK.exe
  2⤵
  PID:11724
- C:\Windows\System\WtmWxYV.exe
  C:\Windows\System\WtmWxYV.exe
  2⤵
  PID:11864
- C:\Windows\System\HIaSDEs.exe
  C:\Windows\System\HIaSDEs.exe
  2⤵
  PID:11816
- C:\Windows\System\HSKREGL.exe
  C:\Windows\System\HSKREGL.exe
  2⤵
  PID:12192
- C:\Windows\System\zeESnAy.exe
  C:\Windows\System\zeESnAy.exe
  2⤵
  PID:12268
- C:\Windows\System\xOYNKvr.exe
  C:\Windows\System\xOYNKvr.exe
  2⤵
  PID:10916
- C:\Windows\System\AVmvWzi.exe
  C:\Windows\System\AVmvWzi.exe
  2⤵
  PID:11628
- C:\Windows\System\HVYoYvl.exe
  C:\Windows\System\HVYoYvl.exe
  2⤵
  PID:11888
- C:\Windows\System\cKzxKpF.exe
  C:\Windows\System\cKzxKpF.exe
  2⤵
  PID:1612
- C:\Windows\System\kIokmAj.exe
  C:\Windows\System\kIokmAj.exe
  2⤵
  PID:11788
- C:\Windows\System\dgylzBs.exe
  C:\Windows\System\dgylzBs.exe
  2⤵
  PID:12304
- C:\Windows\System\klbnbit.exe
  C:\Windows\System\klbnbit.exe
  2⤵
  PID:12344
- C:\Windows\System\NBJfQFd.exe
  C:\Windows\System\NBJfQFd.exe
  2⤵
  PID:12360
- C:\Windows\System\yKTtezB.exe
  C:\Windows\System\yKTtezB.exe
  2⤵
  PID:12376
- C:\Windows\System\RZFReVl.exe
  C:\Windows\System\RZFReVl.exe
  2⤵
  PID:12416
- C:\Windows\System\kXFfHfy.exe
  C:\Windows\System\kXFfHfy.exe
  2⤵
  PID:12436
- C:\Windows\System\yrUglGE.exe
  C:\Windows\System\yrUglGE.exe
  2⤵
  PID:12464
- C:\Windows\System\Abpqgeg.exe
  C:\Windows\System\Abpqgeg.exe
  2⤵
  PID:12488
- C:\Windows\System\mKOUEsS.exe
  C:\Windows\System\mKOUEsS.exe
  2⤵
  PID:12504
- C:\Windows\System\ZMyYyzx.exe
  C:\Windows\System\ZMyYyzx.exe
  2⤵
  PID:12568
- C:\Windows\System\MlJZrlV.exe
  C:\Windows\System\MlJZrlV.exe
  2⤵
  PID:12592
- C:\Windows\System\CfIESlc.exe
  C:\Windows\System\CfIESlc.exe
  2⤵
  PID:12612
- C:\Windows\System\HaZXTvI.exe
  C:\Windows\System\HaZXTvI.exe
  2⤵
  PID:12628
- C:\Windows\System\VmcJbeL.exe
  C:\Windows\System\VmcJbeL.exe
  2⤵
  PID:12652
- C:\Windows\System\PqvnECS.exe
  C:\Windows\System\PqvnECS.exe
  2⤵
  PID:12684
- C:\Windows\System\biwlVfA.exe
  C:\Windows\System\biwlVfA.exe
  2⤵
  PID:12724
- C:\Windows\System\uDimvBF.exe
  C:\Windows\System\uDimvBF.exe
  2⤵
  PID:12752
- C:\Windows\System\MwKZfDU.exe
  C:\Windows\System\MwKZfDU.exe
  2⤵
  PID:12772
- C:\Windows\System\vXamksG.exe
  C:\Windows\System\vXamksG.exe
  2⤵
  PID:12788
- C:\Windows\System\EVebKPe.exe
  C:\Windows\System\EVebKPe.exe
  2⤵
  PID:12816
- C:\Windows\System\VGPmCha.exe
  C:\Windows\System\VGPmCha.exe
  2⤵
  PID:12848
- C:\Windows\System\AHRIVmQ.exe
  C:\Windows\System\AHRIVmQ.exe
  2⤵
  PID:12900
- C:\Windows\System\CUYrJGB.exe
  C:\Windows\System\CUYrJGB.exe
  2⤵
  PID:12916
- C:\Windows\System\avEDXLg.exe
  C:\Windows\System\avEDXLg.exe
  2⤵
  PID:12936
- C:\Windows\System\eIkYNNG.exe
  C:\Windows\System\eIkYNNG.exe
  2⤵
  PID:12960
- C:\Windows\System\HGHeecv.exe
  C:\Windows\System\HGHeecv.exe
  2⤵
  PID:13008
- C:\Windows\System\rwWKZqg.exe
  C:\Windows\System\rwWKZqg.exe
  2⤵
  PID:13024
- C:\Windows\System\HAdSJSF.exe
  C:\Windows\System\HAdSJSF.exe
  2⤵
  PID:13048
- C:\Windows\System\DgLfBUB.exe
  C:\Windows\System\DgLfBUB.exe
  2⤵
  PID:13076
- C:\Windows\System\haJphPM.exe
  C:\Windows\System\haJphPM.exe
  2⤵
  PID:13096
- C:\Windows\System\phEaUJh.exe
  C:\Windows\System\phEaUJh.exe
  2⤵
  PID:13124
- C:\Windows\System\JLUDHIf.exe
  C:\Windows\System\JLUDHIf.exe
  2⤵
  PID:13152
- C:\Windows\System\CgoQBYQ.exe
  C:\Windows\System\CgoQBYQ.exe
  2⤵
  PID:13196
- C:\Windows\System\wFDVtCx.exe
  C:\Windows\System\wFDVtCx.exe
  2⤵
  PID:13220
- C:\Windows\System\EUyIjnG.exe
  C:\Windows\System\EUyIjnG.exe
  2⤵
  PID:13236
- C:\Windows\System\PufcdCJ.exe
  C:\Windows\System\PufcdCJ.exe
  2⤵
  PID:13252
- C:\Windows\System\VsjCLVx.exe
  C:\Windows\System\VsjCLVx.exe
  2⤵
  PID:13272
- C:\Windows\System\cfjqADK.exe
  C:\Windows\System\cfjqADK.exe
  2⤵
  PID:11640
- C:\Windows\System\gUcxxaE.exe
  C:\Windows\System\gUcxxaE.exe
  2⤵
  PID:12352
- C:\Windows\System\NtdChcw.exe
  C:\Windows\System\NtdChcw.exe
  2⤵
  PID:12396
- C:\Windows\System\mnbdgcS.exe
  C:\Windows\System\mnbdgcS.exe
  2⤵
  PID:12444
- C:\Windows\System\lfUEUJk.exe
  C:\Windows\System\lfUEUJk.exe
  2⤵
  PID:12624
- C:\Windows\System\HelxbCa.exe
  C:\Windows\System\HelxbCa.exe
  2⤵
  PID:13120
- C:\Windows\System\epTcQDG.exe
  C:\Windows\System\epTcQDG.exe
  2⤵
  PID:12224
- C:\Windows\System\SEAVNSg.exe
  C:\Windows\System\SEAVNSg.exe
  2⤵
  PID:13216
- C:\Windows\System\itfNSBo.exe
  C:\Windows\System\itfNSBo.exe
  2⤵
  PID:13292
- C:\Windows\System\maeMolb.exe
  C:\Windows\System\maeMolb.exe
  2⤵
  PID:12372
- C:\Windows\System\fFRkuBC.exe
  C:\Windows\System\fFRkuBC.exe
  2⤵
  PID:12452
- C:\Windows\System\QLjjCpF.exe
  C:\Windows\System\QLjjCpF.exe
  2⤵
  PID:2736
- C:\Windows\System\HxdThTw.exe
  C:\Windows\System\HxdThTw.exe
  2⤵
  PID:8836
- C:\Windows\System\FOGSrft.exe
  C:\Windows\System\FOGSrft.exe
  2⤵
  PID:12580
- C:\Windows\System\iKZZBPi.exe
  C:\Windows\System\iKZZBPi.exe
  2⤵
  PID:12500
- C:\Windows\System\PhZvifN.exe
  C:\Windows\System\PhZvifN.exe
  2⤵
  PID:12524
- C:\Windows\System\AFySZJl.exe
  C:\Windows\System\AFySZJl.exe
  2⤵
  PID:12620
- C:\Windows\System\mEChAtY.exe
  C:\Windows\System\mEChAtY.exe
  2⤵
  PID:12720
- C:\Windows\System\uteRFES.exe
  C:\Windows\System\uteRFES.exe
  2⤵
  PID:12764
- C:\Windows\System\KlxKFgn.exe
  C:\Windows\System\KlxKFgn.exe
  2⤵
  PID:12844
- C:\Windows\System\NoviRTt.exe
  C:\Windows\System\NoviRTt.exe
  2⤵
  PID:12932
- C:\Windows\System\JzUesdj.exe
  C:\Windows\System\JzUesdj.exe
  2⤵
  PID:12988
- C:\Windows\System\qnrHLXY.exe
  C:\Windows\System\qnrHLXY.exe
  2⤵
  PID:12976
- C:\Windows\System\NjxFQPk.exe
  C:\Windows\System\NjxFQPk.exe
  2⤵
  PID:13060
- C:\Windows\System\uNocMLP.exe
  C:\Windows\System\uNocMLP.exe
  2⤵
  PID:13036
- C:\Windows\System\xXSLuaE.exe
  C:\Windows\System\xXSLuaE.exe
  2⤵
  PID:12908
- C:\Windows\System\WOkkCjE.exe
  C:\Windows\System\WOkkCjE.exe
  2⤵
  PID:13104
- C:\Windows\System\pHcmtcS.exe
  C:\Windows\System\pHcmtcS.exe
  2⤵
  PID:4112
- C:\Windows\System\SUPfPeb.exe
  C:\Windows\System\SUPfPeb.exe
  2⤵
  PID:13092
- C:\Windows\System\dYwFbQM.exe
  C:\Windows\System\dYwFbQM.exe
  2⤵
  PID:11464
- C:\Windows\System\YyGEKWa.exe
  C:\Windows\System\YyGEKWa.exe
  2⤵
  PID:2148
- C:\Windows\System\xzGciJn.exe
  C:\Windows\System\xzGciJn.exe
  2⤵
  PID:4240
- C:\Windows\System\ZvEMgeL.exe
  C:\Windows\System\ZvEMgeL.exe
  2⤵
  PID:3276
- C:\Windows\System\ieoPzvj.exe
  C:\Windows\System\ieoPzvj.exe
  2⤵
  PID:436
- C:\Windows\System\WTJQSkY.exe
  C:\Windows\System\WTJQSkY.exe
  2⤵
  PID:4380
- C:\Windows\System\dEDaxue.exe
  C:\Windows\System\dEDaxue.exe
  2⤵
  PID:1308
- C:\Windows\System\RXFDKyo.exe
  C:\Windows\System\RXFDKyo.exe
  2⤵
  PID:13284
- C:\Windows\System\ClwchKl.exe
  C:\Windows\System\ClwchKl.exe
  2⤵
  PID:5516
- C:\Windows\System\wYrdrvx.exe
  C:\Windows\System\wYrdrvx.exe
  2⤵
  PID:12608
- C:\Windows\System\kPcuYYx.exe
  C:\Windows\System\kPcuYYx.exe
  2⤵
  PID:12564
- C:\Windows\System\ZIPpIFL.exe
  C:\Windows\System\ZIPpIFL.exe
  2⤵
  PID:12732
- C:\Windows\System\ehvkQzW.exe
  C:\Windows\System\ehvkQzW.exe
  2⤵
  PID:8808
- C:\Windows\System\JijBppL.exe
  C:\Windows\System\JijBppL.exe
  2⤵
  PID:12924
- C:\Windows\System\HGPedgw.exe
  C:\Windows\System\HGPedgw.exe
  2⤵
  PID:13020
- C:\Windows\System\QfPDapu.exe
  C:\Windows\System\QfPDapu.exe
  2⤵
  PID:13088
- C:\Windows\System\vAvZLHx.exe
  C:\Windows\System\vAvZLHx.exe
  2⤵
  PID:2388
- C:\Windows\System\TtmaRHo.exe
  C:\Windows\System\TtmaRHo.exe
  2⤵
  PID:1096
- C:\Windows\System\bOMdQkX.exe
  C:\Windows\System\bOMdQkX.exe
  2⤵
  PID:13192
- C:\Windows\System\RkAXGvt.exe
  C:\Windows\System\RkAXGvt.exe
  2⤵
  PID:2060
- C:\Windows\System\qxSUUij.exe
  C:\Windows\System\qxSUUij.exe
  2⤵
  PID:5068
- C:\Windows\System\rpbPwpl.exe
  C:\Windows\System\rpbPwpl.exe
  2⤵
  PID:12404
- C:\Windows\System\rApDsDl.exe
  C:\Windows\System\rApDsDl.exe
  2⤵
  PID:12520
- C:\Windows\System\NlBpZyg.exe
  C:\Windows\System\NlBpZyg.exe
  2⤵
  PID:12864
- C:\Windows\System\llxtfeB.exe
  C:\Windows\System\llxtfeB.exe
  2⤵
  PID:13040
- C:\Windows\System\JdyXYyQ.exe
  C:\Windows\System\JdyXYyQ.exe
  2⤵
  PID:9484
- C:\Windows\System\szvvcIZ.exe
  C:\Windows\System\szvvcIZ.exe
  2⤵
  PID:13228
- C:\Windows\System\RpDDJVG.exe
  C:\Windows\System\RpDDJVG.exe
  2⤵
  PID:4676
- C:\Windows\System\izJQbfj.exe
  C:\Windows\System\izJQbfj.exe
  2⤵
  PID:12544
- C:\Windows\System\VptaYPe.exe
  C:\Windows\System\VptaYPe.exe
  2⤵
  PID:12972
- C:\Windows\System\PrqBeDP.exe
  C:\Windows\System\PrqBeDP.exe
  2⤵
  PID:13204
- C:\Windows\System\arKOiIa.exe
  C:\Windows\System\arKOiIa.exe
  2⤵
  PID:12472
- C:\Windows\System\MZVRQBa.exe
  C:\Windows\System\MZVRQBa.exe
  2⤵
  PID:4088
- C:\Windows\System\McoApui.exe
  C:\Windows\System\McoApui.exe
  2⤵
  PID:5348
- C:\Windows\System\OhLwgyb.exe
  C:\Windows\System\OhLwgyb.exe
  2⤵
  PID:2332
- C:\Windows\System\ZPoFEHz.exe
  C:\Windows\System\ZPoFEHz.exe
  2⤵
  PID:12680
- C:\Windows\System\FYsciAv.exe
  C:\Windows\System\FYsciAv.exe
  2⤵
  PID:13164
- C:\Windows\System\KGUYvfK.exe
  C:\Windows\System\KGUYvfK.exe
  2⤵
  PID:13328
- C:\Windows\System\HojeccQ.exe
  C:\Windows\System\HojeccQ.exe
  2⤵
  PID:13344
- C:\Windows\System\OHqNVAq.exe
  C:\Windows\System\OHqNVAq.exe
  2⤵
  PID:13360
- C:\Windows\System\TgGnBZq.exe
  C:\Windows\System\TgGnBZq.exe
  2⤵
  PID:13376
- C:\Windows\System\SLevsVz.exe
  C:\Windows\System\SLevsVz.exe
  2⤵
  PID:13392
- C:\Windows\System\XOHkILZ.exe
  C:\Windows\System\XOHkILZ.exe
  2⤵
  PID:13408
- C:\Windows\System\bPndXka.exe
  C:\Windows\System\bPndXka.exe
  2⤵
  PID:13424
- C:\Windows\System\tyhXyUZ.exe
  C:\Windows\System\tyhXyUZ.exe
  2⤵
  PID:13440
- C:\Windows\System\FyYmrwK.exe
  C:\Windows\System\FyYmrwK.exe
  2⤵
  PID:13456
- C:\Windows\System\nChAfRn.exe
  C:\Windows\System\nChAfRn.exe
  2⤵
  PID:13472
- C:\Windows\System\vYdITam.exe
  C:\Windows\System\vYdITam.exe
  2⤵
  PID:13488
- C:\Windows\System\uvSDCLe.exe
  C:\Windows\System\uvSDCLe.exe
  2⤵
  PID:13504
- C:\Windows\System\nfRSHNu.exe
  C:\Windows\System\nfRSHNu.exe
  2⤵
  PID:13520
- C:\Windows\System\IxuLccB.exe
  C:\Windows\System\IxuLccB.exe
  2⤵
  PID:13536
- C:\Windows\System\HtiMngQ.exe
  C:\Windows\System\HtiMngQ.exe
  2⤵
  PID:13552
- C:\Windows\System\ZdwYCbH.exe
  C:\Windows\System\ZdwYCbH.exe
  2⤵
  PID:13568
- C:\Windows\System\nUwaNLs.exe
  C:\Windows\System\nUwaNLs.exe
  2⤵
  PID:13584
- C:\Windows\System\cwzdwDS.exe
  C:\Windows\System\cwzdwDS.exe
  2⤵
  PID:13600
- C:\Windows\System\xlLQjAb.exe
  C:\Windows\System\xlLQjAb.exe
  2⤵
  PID:13616
- C:\Windows\System\xputRRG.exe
  C:\Windows\System\xputRRG.exe
  2⤵
  PID:13632
- C:\Windows\System\MuXfwMx.exe
  C:\Windows\System\MuXfwMx.exe
  2⤵
  PID:13652
- C:\Windows\System\vMuwSYm.exe
  C:\Windows\System\vMuwSYm.exe
  2⤵
  PID:13668
- C:\Windows\System\pmFsddM.exe
  C:\Windows\System\pmFsddM.exe
  2⤵
  PID:13684
- C:\Windows\System\gXrzHZo.exe
  C:\Windows\System\gXrzHZo.exe
  2⤵
  PID:13700
- C:\Windows\System\fmofwhg.exe
  C:\Windows\System\fmofwhg.exe
  2⤵
  PID:13716
- C:\Windows\System\WdTcPIz.exe
  C:\Windows\System\WdTcPIz.exe
  2⤵
  PID:13732
- C:\Windows\System\ptGkkpa.exe
  C:\Windows\System\ptGkkpa.exe
  2⤵
  PID:13748
- C:\Windows\System\nUcKmvj.exe
  C:\Windows\System\nUcKmvj.exe
  2⤵
  PID:13764
- C:\Windows\System\CmdVeXb.exe
  C:\Windows\System\CmdVeXb.exe
  2⤵
  PID:13780
- C:\Windows\System\KZNDyJD.exe
  C:\Windows\System\KZNDyJD.exe
  2⤵
  PID:13796
- C:\Windows\System\toDROnc.exe
  C:\Windows\System\toDROnc.exe
  2⤵
  PID:13812
- C:\Windows\System\GrdPNSf.exe
  C:\Windows\System\GrdPNSf.exe
  2⤵
  PID:13828
- C:\Windows\System\iPBfsMi.exe
  C:\Windows\System\iPBfsMi.exe
  2⤵
  PID:13844
- C:\Windows\System\iyGZBIg.exe
  C:\Windows\System\iyGZBIg.exe
  2⤵
  PID:13860
- C:\Windows\System\AzvVtxX.exe
  C:\Windows\System\AzvVtxX.exe
  2⤵
  PID:13876
- C:\Windows\System\trSHXdH.exe
  C:\Windows\System\trSHXdH.exe
  2⤵
  PID:13892
- C:\Windows\System\XGifFsQ.exe
  C:\Windows\System\XGifFsQ.exe
  2⤵
  PID:13908
- C:\Windows\System\IJljfDm.exe
  C:\Windows\System\IJljfDm.exe
  2⤵
  PID:13924
- C:\Windows\System\EitCDcw.exe
  C:\Windows\System\EitCDcw.exe
  2⤵
  PID:13940
- C:\Windows\System\kCIOWMg.exe
  C:\Windows\System\kCIOWMg.exe
  2⤵
  PID:13956
- C:\Windows\System\nglDOaY.exe
  C:\Windows\System\nglDOaY.exe
  2⤵
  PID:13972
- C:\Windows\System\WyNLnGC.exe
  C:\Windows\System\WyNLnGC.exe
  2⤵
  PID:13988
- C:\Windows\System\SBTSINE.exe
  C:\Windows\System\SBTSINE.exe
  2⤵
  PID:14004
- C:\Windows\System\loFDMEE.exe
  C:\Windows\System\loFDMEE.exe
  2⤵
  PID:14020
- C:\Windows\System\TLmZups.exe
  C:\Windows\System\TLmZups.exe
  2⤵
  PID:14036
- C:\Windows\System\hoChrdV.exe
  C:\Windows\System\hoChrdV.exe
  2⤵
  PID:14052
- C:\Windows\System\jhYgVIh.exe
  C:\Windows\System\jhYgVIh.exe
  2⤵
  PID:14068
- C:\Windows\System\hRosPPs.exe
  C:\Windows\System\hRosPPs.exe
  2⤵
  PID:14084
- C:\Windows\System\VLPyyZS.exe
  C:\Windows\System\VLPyyZS.exe
  2⤵
  PID:14100
- C:\Windows\System\rzCECnz.exe
  C:\Windows\System\rzCECnz.exe
  2⤵
  PID:14120
- C:\Windows\System\CRSQwNg.exe
  C:\Windows\System\CRSQwNg.exe
  2⤵
  PID:14136
- C:\Windows\System\YZeEAfh.exe
  C:\Windows\System\YZeEAfh.exe
  2⤵
  PID:14152
- C:\Windows\System\nxngfSL.exe
  C:\Windows\System\nxngfSL.exe
  2⤵
  PID:14168
- C:\Windows\System\Isbxher.exe
  C:\Windows\System\Isbxher.exe
  2⤵
  PID:14184
- C:\Windows\System\iFekMYa.exe
  C:\Windows\System\iFekMYa.exe
  2⤵
  PID:14200
- C:\Windows\System\wTlXzjj.exe
  C:\Windows\System\wTlXzjj.exe
  2⤵
  PID:14216
- C:\Windows\System\pTddbUq.exe
  C:\Windows\System\pTddbUq.exe
  2⤵
  PID:14232
- C:\Windows\System\oipvJhB.exe
  C:\Windows\System\oipvJhB.exe
  2⤵
  PID:14256
- C:\Windows\System\AtkNHoh.exe
  C:\Windows\System\AtkNHoh.exe
  2⤵
  PID:14272
- C:\Windows\System\ckQMBFU.exe
  C:\Windows\System\ckQMBFU.exe
  2⤵
  PID:14288
- C:\Windows\System\ZgiwsUG.exe
  C:\Windows\System\ZgiwsUG.exe
  2⤵
  PID:14312
- C:\Windows\System\TenwNya.exe
  C:\Windows\System\TenwNya.exe
  2⤵
  PID:14328
- C:\Windows\System\QirWKDp.exe
  C:\Windows\System\QirWKDp.exe
  2⤵
  PID:13336
- C:\Windows\System\CwyYklO.exe
  C:\Windows\System\CwyYklO.exe
  2⤵
  PID:13368
- C:\Windows\System\cVelwwU.exe
  C:\Windows\System\cVelwwU.exe
  2⤵
  PID:13400
- C:\Windows\System\txonSDt.exe
  C:\Windows\System\txonSDt.exe
  2⤵
  PID:13432
- C:\Windows\System\FsQLaTX.exe
  C:\Windows\System\FsQLaTX.exe
  2⤵
  PID:13464
- C:\Windows\System\uXQuYDV.exe
  C:\Windows\System\uXQuYDV.exe
  2⤵
  PID:13496
- C:\Windows\System\bXPymSw.exe
  C:\Windows\System\bXPymSw.exe
  2⤵
  PID:13528
- C:\Windows\System\SpnZurt.exe
  C:\Windows\System\SpnZurt.exe
  2⤵
  PID:13560
- C:\Windows\System\QogMVkq.exe
  C:\Windows\System\QogMVkq.exe
  2⤵
  PID:13596
- C:\Windows\System\NANMoeQ.exe
  C:\Windows\System\NANMoeQ.exe
  2⤵
  PID:13628
- C:\Windows\System\uFWQarY.exe
  C:\Windows\System\uFWQarY.exe
  2⤵
  PID:13664
- C:\Windows\System\ZbrNxte.exe
  C:\Windows\System\ZbrNxte.exe
  2⤵
  PID:13696
- C:\Windows\System\zzYOwMc.exe
  C:\Windows\System\zzYOwMc.exe
  2⤵
  PID:13728
- C:\Windows\System\xDLrhTo.exe
  C:\Windows\System\xDLrhTo.exe
  2⤵
  PID:13760
- C:\Windows\System\OUwgLFx.exe
  C:\Windows\System\OUwgLFx.exe
  2⤵
  PID:13804
- C:\Windows\System\OOBsRAa.exe
  C:\Windows\System\OOBsRAa.exe
  2⤵
  PID:13268
- C:\Windows\System\BbKNnvR.exe
  C:\Windows\System\BbKNnvR.exe
  2⤵
  PID:13856
- C:\Windows\System\mXDMmbK.exe
  C:\Windows\System\mXDMmbK.exe
  2⤵
  PID:13872
- C:\Windows\System\DWfPhfU.exe
  C:\Windows\System\DWfPhfU.exe
  2⤵
  PID:13904
- C:\Windows\System\eOqQdOU.exe
  C:\Windows\System\eOqQdOU.exe
  2⤵
  PID:13936
- C:\Windows\System\DPhMYzC.exe
  C:\Windows\System\DPhMYzC.exe
  2⤵
  PID:13968
- C:\Windows\System\NOfLYRS.exe
  C:\Windows\System\NOfLYRS.exe
  2⤵
  PID:14000
- C:\Windows\System\XBNuVMi.exe
  C:\Windows\System\XBNuVMi.exe
  2⤵
  PID:14032
- C:\Windows\System\xOtxPTU.exe
  C:\Windows\System\xOtxPTU.exe
  2⤵
  PID:14080
- C:\Windows\System\jSubfcr.exe
  C:\Windows\System\jSubfcr.exe
  2⤵
  PID:14116
- C:\Windows\System\lDuAwnA.exe
  C:\Windows\System\lDuAwnA.exe
  2⤵
  PID:14160
- C:\Windows\System\bgfmkwu.exe
  C:\Windows\System\bgfmkwu.exe
  2⤵
  PID:14192
- C:\Windows\System\PRaynMi.exe
  C:\Windows\System\PRaynMi.exe
  2⤵
  PID:14212
- C:\Windows\System\HLnyIjI.exe
  C:\Windows\System\HLnyIjI.exe
  2⤵
  PID:14248
- C:\Windows\System\AnFipTc.exe
  C:\Windows\System\AnFipTc.exe
  2⤵
  PID:14264
- C:\Windows\System\JjOQuDQ.exe
  C:\Windows\System\JjOQuDQ.exe
  2⤵
  PID:14284
- C:\Windows\System\rflUZgD.exe
  C:\Windows\System\rflUZgD.exe
  2⤵
  PID:13320
- C:\Windows\System\kwCxwIq.exe
  C:\Windows\System\kwCxwIq.exe
  2⤵
  PID:13384
- C:\Windows\System\MlAcRDE.exe
  C:\Windows\System\MlAcRDE.exe
  2⤵
  PID:13448
- C:\Windows\System\mhyeDJr.exe
  C:\Windows\System\mhyeDJr.exe
  2⤵
  PID:13516
- C:\Windows\System\dqcsLrs.exe
  C:\Windows\System\dqcsLrs.exe
  2⤵
  PID:13580
- C:\Windows\System\pLCYkip.exe
  C:\Windows\System\pLCYkip.exe
  2⤵
  PID:3944
- C:\Windows\System\bkZuTiH.exe
  C:\Windows\System\bkZuTiH.exe
  2⤵
  PID:13648
- C:\Windows\System\wOkTNwD.exe
  C:\Windows\System\wOkTNwD.exe
  2⤵
  PID:13712
- C:\Windows\System\BYpfZAX.exe
  C:\Windows\System\BYpfZAX.exe
  2⤵
  PID:13788
- C:\Windows\System\qeEbEEQ.exe
  C:\Windows\System\qeEbEEQ.exe
  2⤵
  PID:13840
- C:\Windows\System\PvIiXrb.exe
  C:\Windows\System\PvIiXrb.exe
  2⤵
  PID:13888
- C:\Windows\System\zgMBpLz.exe
  C:\Windows\System\zgMBpLz.exe
  2⤵
  PID:13952
- C:\Windows\System\zMLMddb.exe
  C:\Windows\System\zMLMddb.exe
  2⤵
  PID:14012
- C:\Windows\System\CJQnAAO.exe
  C:\Windows\System\CJQnAAO.exe
  2⤵
  PID:14096
- C:\Windows\System\OowipRC.exe
  C:\Windows\System\OowipRC.exe
  2⤵
  PID:14176
- C:\Windows\System\gtfTKfz.exe
  C:\Windows\System\gtfTKfz.exe
  2⤵
  PID:60
- C:\Windows\System\fHOzpUo.exe
  C:\Windows\System\fHOzpUo.exe
  2⤵
  PID:4824
- C:\Windows\System\pNcNxWv.exe
  C:\Windows\System\pNcNxWv.exe
  2⤵
  PID:13480
- C:\Windows\System\iFFsVrd.exe
  C:\Windows\System\iFFsVrd.exe
  2⤵
  PID:2256
- C:\Windows\System\nYshJVx.exe
  C:\Windows\System\nYshJVx.exe
  2⤵
  PID:13680
- C:\Windows\System\TAHIeWY.exe
  C:\Windows\System\TAHIeWY.exe
  2⤵
  PID:13824
- C:\Windows\System\sZZoaoN.exe
  C:\Windows\System\sZZoaoN.exe
  2⤵
  PID:13932
- C:\Windows\System\XbkqbCO.exe
  C:\Windows\System\XbkqbCO.exe
  2⤵
  PID:14064
- C:\Windows\System\wHCHhNe.exe
  C:\Windows\System\wHCHhNe.exe
  2⤵
  PID:3992
- C:\Windows\System\maNxCnw.exe
  C:\Windows\System\maNxCnw.exe
  2⤵
  PID:13416
- C:\Windows\System\loxxlfU.exe
  C:\Windows\System\loxxlfU.exe
  2⤵
  PID:13624
- C:\Windows\System\nkfzPSD.exe
  C:\Windows\System\nkfzPSD.exe
  2⤵
  PID:13920
- C:\Windows\System\ouAIDaR.exe
  C:\Windows\System\ouAIDaR.exe
  2⤵
  PID:14148
- C:\Windows\System\AYgUJDN.exe
  C:\Windows\System\AYgUJDN.exe
  2⤵
  PID:13544
- C:\Windows\System\sgsbifE.exe
  C:\Windows\System\sgsbifE.exe
  2⤵
  PID:13548
- C:\Windows\System\jqLmztc.exe
  C:\Windows\System\jqLmztc.exe
  2⤵
  PID:1676
- C:\Windows\System\OiWxrRf.exe
  C:\Windows\System\OiWxrRf.exe
  2⤵
  PID:14360
- C:\Windows\System\tWhaREk.exe
  C:\Windows\System\tWhaREk.exe
  2⤵
  PID:14380
- C:\Windows\System\LLKONTE.exe
  C:\Windows\System\LLKONTE.exe
  2⤵
  PID:14400
- C:\Windows\System\IoKbWCp.exe
  C:\Windows\System\IoKbWCp.exe
  2⤵
  PID:14416
- C:\Windows\System\tKNqpRj.exe
  C:\Windows\System\tKNqpRj.exe
  2⤵
  PID:14432
- C:\Windows\System\eNALOiw.exe
  C:\Windows\System\eNALOiw.exe
  2⤵
  PID:14448
- C:\Windows\System\LbxDegT.exe
  C:\Windows\System\LbxDegT.exe
  2⤵
  PID:14464
- C:\Windows\System\wIdvoDw.exe
  C:\Windows\System\wIdvoDw.exe
  2⤵
  PID:14888

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:14908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_oph1mwvn.n0p.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\CHcmaFI.exe

Filesize
1.6MB

MD5
dec5621c972bf4ecbf9d12856da4d42e

SHA1
44cd82ff14588a0926feb3002034f89589421818

SHA256
4d7e9b47491bcb6cb2fcae6da32707a2c86da5a6a43728d22232b7dce3dbaaeb

SHA512
68387ab62986730710b73d8050c722dea74c5ed9c5d358bd23ba6d7762ec40fd99def648c5e8041a731950566b1f5a9b702d8d2ec3fec5328b84e95336e3ba6c

Download Submit
C:\Windows\System\DSNQRHI.exe

Filesize
1.6MB

MD5
5c8be224c8eab4284f3a6ac4ef393048

SHA1
d369bf2e147964e574689a42b5e6d446f6e6412e

SHA256
536d465aaf89455c2bf0ba90697e518ab85c71f471b17046b6f07b325d2debe7

SHA512
8334014a5246e5e799334030cee76f4cb78d92c66b75410adf5d870781e28522c37654b3d858b33971bf4ded833148fa3a4ef14f45034969f47b7777ae0eef14

Download Submit
C:\Windows\System\DUEICfw.exe

Filesize
1.6MB

MD5
45f8945a9e28f35de901c42f05558381

SHA1
dbbc100b088f80a9608b3a39b3ff5a87166896a6

SHA256
da38138a75f9dac7c967f55f4354c03bcbd6bbab3b0912fb38ce932b5ccd1986

SHA512
fe06a8acfd8ae7f1db02f74268e944603205da9eff4605ede3588f4ef367db92dfdff847d2e0ec281b09b88140cf47694bcc0e19f701716d96b5c3fcddfdc9c8

Download Submit
C:\Windows\System\HCliQgH.exe

Filesize
1.6MB

MD5
49028ea8638cd9d5373e138b6146aa20

SHA1
275944ad953d4c38a64f60d0bdb9fd949b0183b4

SHA256
98c2b370475cfb26b2c21fdc8bcfbe7a576309cae58bf617fc2c924163bf51b6

SHA512
a5941238327096dd03a9f32e7b7f6c06cbaf284263cabde24b32e146e9a7d85859ada76a1b769c8eea4564df8ec673c8e493b83460e2e1f84c1f8e650442971d

Download Submit
C:\Windows\System\PoFCuOb.exe

Filesize
1.6MB

MD5
91548fb79257f02d247fcd1f0bcd46cc

SHA1
61c4ce43e0fd265957706c4110d7d41922b9bfff

SHA256
ba824da6d618f8c07c28f61b71491209f3d22c830cad8dd9baeaa6736e1143c2

SHA512
bd223749cce8dc34281e730e035fcc999440a8cd98c74a9fc20a1614dbc194d0188335d16a4cec284ce9505ee52d43e517c73328681c13d375aa7027281d6959

Download Submit
C:\Windows\System\QhkxHqe.exe

Filesize
1.6MB

MD5
b91784080ac37d6b197bd20c1d46245d

SHA1
47342dec40c6fd447d33f011d9494670ca0eabde

SHA256
6c42fb2304bd14d4ebcc35b176ceed0eb34c4fc6ce6cd09f7cd9a529a5c82b5f

SHA512
b8e30855f6b3be6cfdf0d25e3b95028043a7f6d576c8f014cbb3afdad3a60d0fb0af82ae3136c7c24ce4686c5a7a771770102908f013f622dbb6b049b9bd9bf1

Download Submit
C:\Windows\System\QiIPNYQ.exe

Filesize
1.6MB

MD5
a3a6b833dea68ca6cd4843e5918b249a

SHA1
eeb26c58f49c1d4a9d2746d74cee3e0392d91349

SHA256
ce5f303e1c38435b38eaa4ceca7283d904eb3ea3d155bcad8da1193d9fa90431

SHA512
e90d7fd86ab7fbccef624e5af7fe297f44464e95b39a395c671859dd97f4ee3887926a98dba6822ad3decd40b0eb6b3280d2de7654e0122e2eb187978ce5827c

Download Submit
C:\Windows\System\SJsPgsy.exe

Filesize
1.6MB

MD5
d9572f8e4a7241509abad00eb55bf74e

SHA1
ce752cad5cd9dce000f845f66b769603991781ef

SHA256
b45eb3f85af40bff952aee02cc08515031d98b5204e24e3c22dc99043021e4ed

SHA512
e184c720d6908317ece802be69647c337ec31a2e4605140869328af6b3f00425e90571e714a4c48b55621f7c17cbf17d4efb8625166b9df0bc5a1f9c98028ddc

Download Submit
C:\Windows\System\TmngCVq.exe

Filesize
1.6MB

MD5
a9bca6b5b93ae8b8fffac97d3474e7ae

SHA1
cf89ff45baa688129aa47c23c6beafe0fae81d3b

SHA256
8bacc30b65cbdf812db07247032376a554f0e225fc350ad7ad4308e44205f0e3

SHA512
87b256aad948ef41f4f99a89ed471e38cb09bd11663d2a9c8de17be4eb8561156210aedd50204e117f0ecea5078f946097c47d262b11ba1a32b548fffe308a9b

Download Submit
C:\Windows\System\VpJJZIl.exe

Filesize
1.6MB

MD5
f811e149ec8ef970987f971c9dbc3686

SHA1
d9379c59432e9fccb0f00cf4714c5f4addb59754

SHA256
0db0def1a7a3bf273bd2e426f6c062c23128abfd954d3af20f810e72d37eee66

SHA512
a7bc7e842edb2e98b444b6b9e1b9ad4b920b539a5c20d40dc20e41a5f2484b4157556adcd99d2048b7f07e8de090bedba21b6b11955c612282bc0a83de51c2e2

Download Submit
C:\Windows\System\VzNVuUq.exe

Filesize
1.6MB

MD5
ae46342aecaee3fcf6e9ea2e0bd5a681

SHA1
e24fa12ec4897f4385d8bb9ba91f014af82c8ca4

SHA256
31472f5e147cbc0943b25a4d8e38eba369e838ec48fa976b13bf863978c87464

SHA512
fe39f29c1a664c371b489e7bade933efe1af16573119ae6ba44ede68dafef21a343882a3dc62f4c323c333dce679abf8b23d0c3ca86246a8bab32d97a6ea798a

Download Submit
C:\Windows\System\WmodrfZ.exe

Filesize
1.6MB

MD5
d6a247743778ebe8e50060c6f317b6a4

SHA1
b10632bab29e8420b490d59dfb89304710fb40bc

SHA256
d3432a89031dea7433859fca49e7bf3df171367550325ceeeca27118a0986923

SHA512
d069e2db7696bc8824e0c65c84c751dc50121c78a5167f125ef98c9ff225ed755f87a2cbe1b512fd8e4d040ab23a48927c96603ef999e0152b38653eef0b013e

Download Submit
C:\Windows\System\XnaqquC.exe

Filesize
1.6MB

MD5
00613af1d22961346bc710844b8feff7

SHA1
8cfebf5e7a7b7859c582abebeefc7c9c712cfaed

SHA256
9495bfe0060c29b0ccb1d0446f0d0a919d8b3ae5cab866308a4c9ba65a06c312

SHA512
76b3e68f81ccd77b7d824539072f953b520d19b1e95ba2db4db8ac3a4b5663769fa6c257d45995a4e4bb0e52ffa54ff875d444c899300cab309352900f290573

Download Submit
C:\Windows\System\XqPcvYZ.exe

Filesize
1.6MB

MD5
1a8135b97b46ac969b91ef59929e0ebd

SHA1
042b41eaeca249eb6643e1466811e3b050cf1907

SHA256
7b8ac235b5663b88704be98d898ad3092e1370e15418e1ae029ffba134452f7b

SHA512
1c8fe9947bff5885b22481d840b0aca9598348dadd5bd05958e70b08aa467ffecdad139c0bc8d0567337bce7d3e74792cadf05f72cfd6d3bed130bda98e6f5d0

Download Submit
C:\Windows\System\YunVIcS.exe

Filesize
1.6MB

MD5
b6ee97c390ea77f99e6679d60f7bb9d4

SHA1
4d01c92e53c8403d68f1eaca5d6e2cf5f834393c

SHA256
d8ad08d677b7630639be322c7e03368c810ed19c62130bfed816f043d3db1468

SHA512
44d58bc6124824d1510c7768beb05230ca76fbd39991aa75a6f79fc10d1e5bf4dde9811913173861fe4e4f1203da78be84ad141cbfd88129a08873a6f7197670

Download Submit
C:\Windows\System\ZxKnFTf.exe

Filesize
1.6MB

MD5
9feee00cc57ab14367b8a263a7b41beb

SHA1
be6b62d5536f07792af812a71e27f4161a82992b

SHA256
7d7efad5df21637d48568aa64b3008160a221ab3b1b2625339f995310ac8d7f0

SHA512
8081ac8a3516289aaf5e3d8f938469579a01c4b8f0911d035649c7ba48db0cd172b49a728a6da29fb5e9d5aa6545f8568600a494fd35719873f1e732e94d9581

Download Submit
C:\Windows\System\aNFmRvD.exe

Filesize
1.6MB

MD5
168daa004517b29e77ca32267b8d6f85

SHA1
7f1897ff9ace2d2510ebff5d01ceba0f0d226399

SHA256
3f5de3c4157bf4254b14ac1c9a3754aa70114941700055a89317941e4afc1327

SHA512
22d226c4284fe2751c33416fde06d3fe1324cf8f02ab22bf6d78cb3e49c6afe0718203d3a4f69605ae0ff0b9de2e3a39ff54348ff255db1d3d082bcc4db64343

Download Submit
C:\Windows\System\cEYuQRS.exe

Filesize
1.6MB

MD5
48670a34560f7127723d9f62d6150eef

SHA1
fcb3df1c1258d721c4bdcb0f2c361aa62eac446a

SHA256
747c2c2675eb0996cb683804582e6737874da4aa9a1eeb32661d5eacb575c633

SHA512
b0dc4101d44d9419a4cc1fc5d68eb0510d06e390b187e5339a3730e341d487ea6be91f784dbe733595c1cf9f046790fb2846019ff18c2644777423459c56c824

Download Submit
C:\Windows\System\edvaORZ.exe

Filesize
1.6MB

MD5
53caaa7f6db1143964b6015a2d16f8e7

SHA1
c977a82cb23a164b1ef3b641469016cfc3c2dede

SHA256
8e7d43e9119217718a58741bfe6cdf2f04cc76e831aec2ae997fb0a9b904eda4

SHA512
aeda3f64c297df05d385ec880c9c854cad2dcf7710b1e87e3e819a5a7a22bc23844c9a99ec8d1b79d41b71c421b762f20c0066695a8692a5c087406b3993f580

Download Submit
C:\Windows\System\egntxMu.exe

Filesize
1.6MB

MD5
08584e399af458f51cc4526c15b7f03a

SHA1
665aaddae9525884f8c491ddbad8149f3d0ec0f3

SHA256
ee64ad8e2b9c2eee71eca8b43449f4a46edf7540eb4964daa16de9ebdc3566e6

SHA512
15b7431603fdb0228d4c02664e4a52fbe25a3e4da37b4e12faa32cd0545b8f154f6975d9f443a5999a83c7bb92e54110735669695819e307afb6e5fe84e723d7

Download Submit
C:\Windows\System\eugLOlG.exe

Filesize
1.6MB

MD5
b4e2930859dfe25076a794429a2baf9c

SHA1
bf77773b70dbd8e906c9932d5b215cc122a1d7ea

SHA256
a41a4ab1ec1133d05b30a7a104cf1806cc8c7c6e6557b88974c0d67d2d1ae445

SHA512
6018956b9b170e05291d809a3c2045b5ca687d2cc84fca47085d245e46ebd2d40dfbb9850c0086b08aeda81b4364f365fe0deaec9ef0da419d69beaea0d465db

Download Submit
C:\Windows\System\fMvaQZL.exe

Filesize
8B

MD5
f12ac5989378bbf739c22dfa390b131d

SHA1
141d177c540cd8eb837bc2c97680ac3e9a7d27d6

SHA256
6e11dac3c776fb6a097c1a301a512cd71436e255b4a0051e41a7dc082294f4ff

SHA512
7ef52131ab9eb96ac3b625dcd6ef10c67b63a80807fdfa100d51afeceb5abc16f3868858624090c2082887f65697c3f88bc6c86660d9a8d3ac08714bc1886785

Download Submit
C:\Windows\System\hMMnIBv.exe

Filesize
1.6MB

MD5
f043049cc905bded1f1ede94912a8afb

SHA1
1f8b2eb3d2a6203d2f9ac93b59758cd1b3322c48

SHA256
3cbfc44a2c4dcb221f05a59912135c126fb3d0123314794a5b8b744011818b2a

SHA512
4f550110b28648a6f566df4564674544cb7b697d0779f761d25569835770baf042185405cd7ca53d2efa447ab0415e17381693efccdcd3bdcbf633b675126960

Download Submit
C:\Windows\System\iIcpMMF.exe

Filesize
1.6MB

MD5
7d245ae00c8daacd32b0e73a0b34c7b0

SHA1
486f9caca5124ad7d0a618deac52d19b76cc2555

SHA256
4d16e6ea0303de589affb5c6802efbcff4150fe648a43ae91995d645af56d4d7

SHA512
f3ced78d3ca01853ad0ac473059d65c8132e22e75f0107030ce6bfc25ee398599b8473a6b77c7de3716f36a738414d368a99674bfa2223c230b1a4cb1642cd91

Download Submit
C:\Windows\System\igDQrtL.exe

Filesize
1.6MB

MD5
c1baa8b0c238f7fb598cf4846db96684

SHA1
aad92b4695378f2bd3c5cbc840aceeefe45ced21

SHA256
85eb55acf95be6a73aee28f3264475ad92be6f2da579b4521c86e1de8a335e8f

SHA512
4b3a4981d6aee7c008b71b1a52f5d591d7fe27d99bf34a5ec469e687ba70611940ad25d3521dc390ff8fb06d795c925fbff9b40303c9787ad9a224ce3063852b

Download Submit
C:\Windows\System\isjwyzr.exe

Filesize
1.6MB

MD5
94aa7e34f569a1cb5b8224a91f0a899c

SHA1
8fd85f67c57dde02dbff594d4271c0b37fa4beab

SHA256
0c26546b707599bb0bb0e5d2db9d10ac2d53ab5ba896541e9661e055b0fe95f3

SHA512
2aa80aaefcfe48f6a4b4773ea74299551b7af22a3a9fbb3b7c88b656588456e4183ae3d64cd8ca2e22f30ce3fd0a2a7aaa787da015204eb0161125a1771e944a

Download Submit
C:\Windows\System\jNKAHsf.exe

Filesize
1.6MB

MD5
ea5e3038598dc983d75a30118d233390

SHA1
d12325bfd4d9ccbf29c3a98b83d781f6a929cb0a

SHA256
037d803a2f3d2037bf2e115772d7f6ab3811d950a41b40a983571f9406462d71

SHA512
e90ef8edded94f911c6360bead6053ceb2c16f0a820bbd9a0043b81a5a52a22b90cd58b18c714da8cf69871385c8774c3ff4cc3e448226d21bd1d09e52d622b9

Download Submit
C:\Windows\System\kHnwUIH.exe

Filesize
1.6MB

MD5
2a1f73ff507a8a24ceecfcede1146781

SHA1
73a71992fc1297fc2c0bcd0b56f82a14f3016ca1

SHA256
e1705f16964f9e614f52cec427b63885c8c446facc43f5065f964545fa2e5c36

SHA512
c3d33804841782519aeedca25ee7a0ed00544f3f739409c4e6dc299a5c1689aa9f796d41cad72f6bfe39e1b0b6978b565f1307e965204e1eeccaccfe058c82aa

Download Submit
C:\Windows\System\mAYlZCb.exe

Filesize
1.6MB

MD5
fe704b2fa00b9e8e06b9d1c59a41f1c4

SHA1
0e9b79a9dd49c9454c41861f5dcbbbd23505ffce

SHA256
d3245c8f85f98fb003926764d78456a534099fc1809744b97444d9317b0034c4

SHA512
a39de6330b4247fa60a22c167d59855884161026b81c4dd477ae0b7f419d8351ebad564933fede438f2d33c61966a573d84f8d059fd9654fa584cab0771c1884

Download Submit
C:\Windows\System\mNwPHOe.exe

Filesize
1.6MB

MD5
184b52d7c7d38e39dda4a9bcc7785c08

SHA1
2629f12b1e616e9569063b59aecee0379df7acab

SHA256
28fb6c3f06f3431ec4d73c91ea0bc0f684cb79670ff81c2d66a638979e180836

SHA512
ebba57a6216628975eeffb610b1a2c723088294960f592072010fc9cab52ef2e454e28d02991dde1271d598f0dad5dbe3366ad2ff2c54740bb32f22adf45f0df

Download Submit
C:\Windows\System\nyPXZnG.exe

Filesize
1.6MB

MD5
56237f09a41a14f03196c18e67236702

SHA1
6fd33603fb6cdc39f8e6baa949e6607b90e462de

SHA256
352c54dcae95a78a13f6aa64da302e193ae1e33378d6b2f5ea8ee010f601b7a8

SHA512
fa47438b0492cc7c55c4444632dd53bd06f21a5cfed4a4f077d6825465907e90be51e43e021a6ea83d5b2bc46f961579b8989ddffa6e6e8d5bf0f5cfbc440f41

Download Submit
C:\Windows\System\pNYqJHt.exe

Filesize
1.6MB

MD5
cec0aed7ba3190b48979ad43336ef485

SHA1
cee7b09e094e191582b803312ccd609ad47159d0

SHA256
fa4eeca3de63c3df9968bc5a23e80d34ac01ba19e83d8ecdff76509a8602eef8

SHA512
5d21391c8171f9d200484a312bcdc7899f9293422889017f51442f40c34b5200bcf64b5b3a2392258ebd5f65df8b93d83bffc1d44b7c7935892a80b6c9c73300

Download Submit
C:\Windows\System\qoheYYq.exe

Filesize
1.6MB

MD5
c960e8af73b214c889bc1ef9123cc9f3

SHA1
5aa23b53c70921a6c054c62e64fba1c3cdb04d5a

SHA256
e779eac0c39bec14fc5b0a4d0fd8af105068b3a86bdcc9781ec8e6b6a2007652

SHA512
a72d22ecc70d69d108d79c435b86fb7902303edb1748b46232313fe9a73e42ba0cf85d4ad1d6db8850d557c99984c6ae0e38f294fea272f49891b8b1623347cb

Download Submit
C:\Windows\System\xjWvraP.exe

Filesize
1.6MB

MD5
4dffe39fff42ca8a902b28cef106fe28

SHA1
a15dd717cfba6060ead964a9c7b816c30647c525

SHA256
69fba06db6a9fe802b450957cbdedfe7590a54a3b209cd1a68f77a46432988ac

SHA512
a47c40a629c66b24c47f80a8dd827296aa8ab11d1b09ab7c8879bd5be13e1658b6a1ced1481348001dd3397f6c19581596aa89dd16119580d12f8b5936046f82

Download Submit
memory/216-67-0x00007FF6A0C40000-0x00007FF6A1032000-memory.dmp

Filesize
3.9MB

Download
memory/744-22-0x00007FF635A30000-0x00007FF635E22000-memory.dmp

Filesize
3.9MB

Download
memory/1516-368-0x00007FF7A4DB0000-0x00007FF7A51A2000-memory.dmp

Filesize
3.9MB

Download
memory/1772-399-0x00007FF7330A0000-0x00007FF733492000-memory.dmp

Filesize
3.9MB

Download
memory/1984-369-0x00007FF665E00000-0x00007FF6661F2000-memory.dmp

Filesize
3.9MB

Download
memory/2116-85-0x00007FF6AB640000-0x00007FF6ABA32000-memory.dmp

Filesize
3.9MB

Download
memory/2364-0-0x00007FF7A3490000-0x00007FF7A3882000-memory.dmp

Filesize
3.9MB

Download
memory/2364-1-0x000001EAABE30000-0x000001EAABE40000-memory.dmp

Filesize
64KB

Download
memory/2568-381-0x00007FF6BA9C0000-0x00007FF6BADB2000-memory.dmp

Filesize
3.9MB

Download
memory/2612-53-0x0000020A70F40000-0x0000020A70F50000-memory.dmp

Filesize
64KB

Download
memory/2612-393-0x0000020A724A0000-0x0000020A72C46000-memory.dmp

Filesize
7.6MB

Download
memory/2612-52-0x00007FFE778F0000-0x00007FFE783B1000-memory.dmp

Filesize
10.8MB

Download
memory/2612-65-0x0000020A70EF0000-0x0000020A70F12000-memory.dmp

Filesize
136KB

Download
memory/2612-25-0x0000020A70F40000-0x0000020A70F50000-memory.dmp

Filesize
64KB

Download
memory/2908-9-0x00007FF70AFC0000-0x00007FF70B3B2000-memory.dmp

Filesize
3.9MB

Download
memory/3068-58-0x00007FF72DA90000-0x00007FF72DE82000-memory.dmp

Filesize
3.9MB

Download
memory/3116-26-0x00007FF7F4790000-0x00007FF7F4B82000-memory.dmp

Filesize
3.9MB

Download
memory/3480-361-0x00007FF668B40000-0x00007FF668F32000-memory.dmp

Filesize
3.9MB

Download
memory/3680-390-0x00007FF674970000-0x00007FF674D62000-memory.dmp

Filesize
3.9MB

Download
memory/3872-370-0x00007FF7F3550000-0x00007FF7F3942000-memory.dmp

Filesize
3.9MB

Download
memory/3956-349-0x00007FF6769F0000-0x00007FF676DE2000-memory.dmp

Filesize
3.9MB

Download
memory/4492-394-0x00007FF6FBB20000-0x00007FF6FBF12000-memory.dmp

Filesize
3.9MB

Download
memory/4660-364-0x00007FF731130000-0x00007FF731522000-memory.dmp

Filesize
3.9MB

Download
memory/4744-12-0x00007FF75C830000-0x00007FF75CC22000-memory.dmp

Filesize
3.9MB

Download
memory/4872-367-0x00007FF6B4040000-0x00007FF6B4432000-memory.dmp

Filesize
3.9MB

Download
memory/4960-402-0x00007FF7812B0000-0x00007FF7816A2000-memory.dmp

Filesize
3.9MB

Download
memory/4980-74-0x00007FF741240000-0x00007FF741632000-memory.dmp

Filesize
3.9MB

Download
memory/5108-389-0x00007FF6F0AC0000-0x00007FF6F0EB2000-memory.dmp

Filesize
3.9MB

Download